def test_expired_confirmation_token(self): u = User(password='******') db.session.add(u) db.session.commit() token = u.generate_confirmation_token(1) time.sleep(2) self.assertFalse(u.confirm(token))
def register(): form = RegistrationForm(request.form) if request.method == 'GET': return render_template('register.html', form=form) elif request.method == 'POST': username = form.username.data password = form.password.data.encode('utf-8') user = User.query.filter_by(username=username) if user.count() == 0: user = User(username=username, password=hashlib.sha512(password + password_salt).hexdigest()) db.session.add(user) db.session.commit() flash('Welcome {0}. Thank you for registering'.format(username)) user = User.query.filter_by(username=username).filter_by(password=hashlib.sha512(password + password_salt).hexdigest()) login_user(user.one()) try: next = request.form['next'] return redirect(next) except: return redirect(url_for('index')) else: flash('The username {0} is already in use. Please try a new username.'.format(username)) return redirect(url_for('register')) else: abort(405)
def test_user_is_confirmed(self): u = User(password='******') db.session.add(u) db.session.commit() token = u.generate_confirmation_token() self.assertTrue(u.confirm(token)) self.assertTrue(u.confirmed)
def test_valid_reset_token(self): u = User(password='******') db.session.add(u) db.session.commit() token = u.generate_reset_token() self.assertTrue(u.reset_password(token, 'dog')) self.assertTrue(u.verify_password('dog'))
def create(self): data = json.loads(request.data) if "mail" not in data: abort(400) u = users.User(data["mail"]) a = User(role="editor", user=u) a.save() return Response(a.as_json(), mimetype="application/json")
def test_invalid_confirmation_token(self): u1 = User(password='******') u2 = User(password='******') db.session.add(u1) db.session.add(u2) db.session.commit() token = u1.generate_confirmation_token() self.assertFalse(u2.confirm(token))
def user(db): password = '******' user = User(username='******', password=password) user.plaintext_password = password db.session.add(user) db.session.commit() return user
def create(self): data = json.loads(request.data) if 'mail' not in data: abort(400) u = users.User(data['mail']) a = User(role='editor', user=u) a.save(); return Response(a.as_json(), mimetype='application/json')
def test_invalid_reset_token(self): u1 = User(password='******') u2 = User(password='******') db.session.add(u1) db.session.add(u2) db.session.commit() token = u1.generate_reset_token() self.assertFalse(u2.reset_password(token, 'horse')) self.assertTrue(u2.verify_password('dog'))
def _create_user(username, password, is_admin, groups=None): if not groups: groups = [] u = User(username=username, email='*****@*****.**', first_name='first_name', last_name='last_name', is_admin=is_admin, groups=groups) u.hash_password(password) db.session.add(u) db.session.commit() return u
def post(self): args = user_parser.parse_args(strict=True) if User.query.filter_by(username=args.username).first() is not None: abort(400, message="User already exists") # TODO / FIXME: email validation ... user = User(username=args.username, first_name=args.first_name, last_name=args.last_name, email=args.email) user.hash_password(args.password) db.session.add(user) db.session.commit() return 201
def add_user(profile, friends): user = User( id=profile['id'].decode('utf-8'), name=profile['name'].decode('utf-8') ) for friend in friends['data']: entry = User.get_or_insert( friend['id'].decode('utf-8'), name=friend['name'].decode('utf-8') ) user.friends.append(entry.key) user.put()
def testAuth(self): resp = self.app.get('/api/feeds/1') assert resp.status_code == 401 mock_user_response = json.dumps(self.buildMockUserResponse()) self.set_response("https://alpha-api.app.net/stream/0/token", content=mock_user_response, status_code=200) resp = self.app.get('/api/feeds', headers=self.authHeaders()) assert resp.status_code == 200 assert User.query().count() == 1 resp = self.app.get('/api/feeds', headers=self.authHeaders()) assert User.query().count() == 1
def setUp(self): self.app = application.app bcrypt = Bcrypt(self.app) # forcibly reconnect to testing db connection.disconnect() self.app.config['MONGO_CONFIG']['db_name'] = 'pipeline_testing' self.connection = connect( self.app.config['MONGO_CONFIG']['db_name'] , host=self.app.config['MONGO_CONFIG']['host'] , port=int(self.app.config['MONGO_CONFIG']['port']) ) # drop any lingering test dbs self.connection.drop_database( self.app.config['MONGO_CONFIG']['db_name']) member_user = User( admin_rights = False , email = '*****@*****.**' , email_confirmation_code = 'goodday' , email_confirmed = True , last_login_time = datetime.datetime.utcnow() , password_hash = bcrypt.generate_password_hash('hola!') , registration_time = datetime.datetime.utcnow() , verified = True) member_user.save() ''' create a test org ''' test_org = Organization( label = 'best-org' , name = 'best org') test_org.save() # save membership member_user.update(push__organizations = test_org) ''' create a test project ''' test_project = Project( creation_time = datetime.datetime.utcnow() , label = 'best-project' , name = 'best project' , organization = test_org) test_project.save() test_org.update(push__projects=test_project) ''' create a data-less upload ''' '''
def test_get_list(self): user_a = User(id='42', name='Foo Bar') user_b = User.get_or_insert('43', name='Knuth Donald') user_c = User.get_or_insert('44', name='Lovelace Ada') user_a.friends.append(user_b.key) user_a.friends.append(user_c.key) user_a.put() rv = self.app.get('/api/friends?profile_id=42') self.assertEqual(rv.status, '200 OK') data = json.loads(rv.data) self.assertEqual(data['count'], 2) self.assertItemsEqual({'Knuth Donald', 'Lovelace Ada'}, {f['name'] for f in data['friends']})
def register(request): if request.method == "POST": uf = UserForm(request.POST) if uf.is_valid(): #获取表单信息 username = uf.cleaned_data['address'] #headImg = uf.cleaned_data['headImg'] #写入数据库 user = User() user.username = username #user.headImg = headImg user.save() return HttpResponse('upload ok!') else: uf = UserForm() return render_to_response('register.html',{'uf':uf})
def facebook_authorized(resp): next_url = request.args.get('next') or url_for('index') if resp is None or 'access_token' not in resp: return redirect(next_url) session['logged_in'] = True session['facebook_token'] = (resp['access_token'], '') # Make use of the connection to retrieves the user's info profile = facebook.get('/me').data profile_id = profile['id'].decode('utf-8') user_entry = ndb.Key('User', profile_id).get() if not user_entry: friends = facebook.get('/me/friends').data add_user(profile, friends) # Add new token to the user entry user = User.get_by_id(profile_id) user.token = resp['access_token'] user.put() session['profile_id'] = profile['id'].decode('utf-8') return redirect('/#/friends')
def decorated_function(*args, **kwargs): try: if User.by_token(request.headers.get('X-Auth-Token', '')): return f(*args, **kwargs) except DecodeError: pass raise Forbidden()
def load_user_from_token(http_request): token = http_request.headers.get('Authorization') user = None if token is not None: token = token.replace('Basic ', '', 1) user = User.verify_auth_token(token) g.user = user return user
def setUp(self): for x in models.CELL_BLACK_LIST[:]: models.CELL_BLACK_LIST.pop() app.config['TESTING'] = True self.login('*****@*****.**', 'testuser') self.app = app.test_client() self.user = User(user=users.get_current_user()) self.user.put()
def update_friendlists(user): graph = facebook.GraphAPI(user.token) profile = graph.get_object("me") friends = graph.get_connections("me", "friends") for friend in friends["data"]: entry = User.get_or_insert(friend["id"].decode("utf-8"), name=friend["name"].decode("utf-8")) entry.friends.append(user.key) entry.put()
class UserApiTest(unittest.TestCase, GoogleAuthMixin): def setUp(self): for x in models.CELL_BLACK_LIST[:]: models.CELL_BLACK_LIST.pop() app.config['TESTING'] = True self.login('*****@*****.**', 'testuser') self.app = app.test_client() self.user = User(user=users.get_current_user()) self.user.put() def test_update(self): rv = self.app.put('/api/v0/user/' + str(self.user.key()), data=json.dumps({'current_cells': 2})) self.assertEquals(200, rv.status_code) js = json.loads(rv.data) self.assertEquals(2, js['current_cells'])
def run(self): username = prompt('Input username') password = prompt_pass('Input password') email = '' while '@' not in email: email = prompt('Email (requires "@")') first_name = prompt('First name (default: "")', default='') last_name = prompt('Last name (default: "")', default='') u = User(username=username, first_name=first_name, last_name=last_name, email=email, is_admin=True) u.hash_password(password) db.session.add(u) db.session.commit() print("User {} successfully added.".format(username))
def save(self, User): User.country = self.cleaned_data["country"] User.postal_code = self.cleaned_data["postal_code"] User.user_type = self.cleaned_data["user_type"] User.save() if User.user_type == "Teacher": teacher_instance = teacher() teacher_instance.most_recent_job_title = self.cleaned_data["most_recent_job_title"] teacher_instance.subjects = self.cleaned_data["subjects"] teacher_instance.user_id = User teacher_instance.save() elif User.user_type == "Student": student_instance = student() student_instance.user_id = User student_instance.School_University = self.cleaned_data["institution"] student_instance.save()
def test_friends_updated(self, mocked_graph): mocked_graph.return_value.get_object.return_value = {'id': '42'} mocked_graph.return_value.get_connections.return_value = {'data': []} user = User(id='42', name='Foo Bar', token='101010') user.put() User(id='43', name='Knuth Donald', token='101010').put() update_friendlists(user) knuth = User.get_by_id('43') self.assertEqual(len(knuth.friends), 0) mocked_graph.return_value.get_connections.return_value = {'data': [{ 'id': '43', 'name': 'Knuth Donald' }]} update_friendlists(user) knuth = User.get_by_id('43') self.assertEqual(len(knuth.friends), 1) self.assertEqual(knuth.friends[0], user.key)
class UserTestCase(unittest.TestCase): def setUp(self): self.user = User('mock-name', 'mock-pass') def test_is_authenticated(self): self.assertTrue(self.user.is_authenticated()) def test_is_active(self): self.user.active = False self.assertFalse(self.user.is_active()) self.user.active = True self.assertTrue(self.user.is_active()) def test_is_anonymous(self): self.assertFalse(self.user.is_anonymous()) def test_get_id(self): self.user.id = 123 self.assertEqual(self.user.id, self.user.get_id())
def login(): if request.method == 'POST': user, authenticated = User.authenticate(db.session.query, request.form['email'], request.form['password']) if authenticated: session['user_id'] = user.id flash('You were logged in') return redirect(url_for('show_entries')) else: flash('Invalid email or password') return render_template('login.html')
def get_register_page(): register_form = SignUpForm(request.form) if request.method == 'POST': if register_form.validate_on_submit(): new_user = User(register_form.username.data,register_form.firstname.data,register_form.lastname.data, register_form.useremail.data) #register_form.password.data new_user.set_password(register_form.password.data) db.session.add(new_user) db.session.commit() session['username'] = new_user.user_name session['password'] = new_user.user_pwd session['logged_in'] = True return redirect(url_for('get_user_page',username = session.get("username",None))) else: return render_template('register_page.html',form=register_form) elif request.method == 'GET': return render_template('register_page.html',form=register_form)
def update(self, id): data = json.loads(request.data) u = User.get(Key(id)) if 'current_cells' in data: u.current_cells = data['current_cells'] if 'is_admin' in data: if data['is_admin']: u.role = "admin" else: u.role = "editor" u.put() return Response(u.as_json(), mimetype='application/json')
def register(): # Check if user is already logged in if current_user.is_authenticated: return redirect(url_for('account')) form = RegistrationForm() # Check if a request is both a POST request and a valid request if form.validate_on_submit(): username = form.username.data email = form.email.data first_name = form.first_name.data last_name = form.last_name.data password = form.password.data gdpr_check = form.gdpr_check.data # Create new instance of user user = User(username = username, email = email, first_name = first_name, last_name = last_name, gdpr_check = gdpr_check) # Hash password user.set_password(password) # Insert record to the DB user.save() flash(f'Welcome, we\'re glad to have you here {form.first_name.data}! Please login with your e-mail and password.', 'success') return redirect("/login") # Getting latest 5 recipes for footer footer_recipes = Recipe.objects[:5].order_by('-recipe_id') # Render html, giving its title, passing in the form and footer recipes return render_template("register.html", title = "Register", form = form, footer_recipes = footer_recipes)
def register(): if session.get('username'): return redirect(url_for("index")) registerform = RegisterForm() if registerform.validate_on_submit(): user_id = User.objects.count() user_id += 1 first_name = registerform.first_name.data last_name = registerform.last_name.data email = registerform.email.data password = registerform.password.data new_user = User(userid=user_id, email=email, first_name=first_name, last_name=last_name) new_user.set_password(password) new_user.save() # flash("You Are Successfully Registered","success") return redirect(url_for("index")) return render_template("register.html", registerformtitle="New User Registration", registerform=registerform, register=True)
def register(): if session.get('username'): return redirect(url_for('index')) form = RegisterForm() if form.validate_on_submit(): user_id = User.objects.count() user_id += 1 email = form.email.data password = form.password.data first_name = form.first_name.data last_name = form.last_name.data user = User(user_id=user_id, email=email, first_name=first_name, last_name=last_name) user.set_password(password) user.save() flash("You are successfully registered!", "success") return redirect(url_for('index')) return render_template("register.html", title="Register", form=form, register=True)
def register(): if session.get('username'): return redirect(url_for('index')) form=RegisterForm() print("hello") if form.validate_on_submit(): print("on submit") user_id = User.objects.count() user_id += 1 email = form.email.data password = form.password.data name = form.name.data role_id = form.role_id.data user=User(ws_user_id=user_id,ws_email=email,ws_name=name,ws_role_id=role_id) user.set_password(password) user.save() flash("You are registered","success") return redirect('/index') return render_template("register.html",title="Register",form=form)
def register(): if current_user.is_authenticated: return redirect(url_for('home')) form = RegisterForm() if form.validate_on_submit(): user = User(name=form.username.data, email=form.email.data, password=form.password.data) db.session.add(user) db.session.commit() flash('Congratulations, you are now a registered user!') return redirect(url_for('users.login')) return render_template('register.html', title='Register', form=form)
def init_database(): db.drop_all() db.create_all() for i in xrange(100): db.session.add(User('User'+str(i+1), 'password'+str(i))) for j in xrange(10): db.session.add(Image(get_image_url(), i+1)) for k in xrange(3): db.session.add(Comment("This is a comment"+str(k+1), 1+10*i+j, i+1)) db.session.commit() image = Image.query.get(3) print image.user
def register(): if current_user.is_authenticated: return redirect(url_for('home')) form = RegistrationForm() if form.validate_on_submit(): hashed_password = bcrypt.generate_password_hash( form.password.data).decode('utf-8') user = User(username=form.username.data, password=hashed_password) db.session.add(user) db.session.commit() flash('Your account has been made. You can now Log In!', 'success') return redirect(url_for('login')) return render_template("register.html", form=form)
def create(): form = UserForm() if request.method=='POST': if form.validate_on_submit(): user = User( first_name = form.first_name.data, last_name = form.last_name.data, age = form.age.data ) db.session.add(user) db.session.commit() return redirect(url_for('home')) return render_template('create.html', subheading= "Create User :)", form=form)
def verify_password(username_or_token, password): # first try to authenticate by token user = User.verify_auth_token(username_or_token) if not user: # try to authenticate with username/password unicodeUsername = username_or_token.decode('utf-8') user = User.query.filter_by(username=unicodeUsername).first() if not user or not user.verify_password(password): app.logger.info('user authorize error') return False g.user = user app.logger.info('user authorized successfully') return True
def _page_recovery_by_answered_to_questions(user: User, question_answring: json) -> dict: if question_answring == user.question_answring_1: pass elif question_answring == user.question_answring_2: pass elif question_answring == user.question_answring_3: pass elif question_answring == user.question_answring_4: pass elif question_answring == user.question_answring_5: pass else: raise Exception(ANSWER_WRONG_MESSAGE) import string import random res = ''.join(random.choices(string.ascii_uppercase + string.digits, k=20)) user.last_password_hash = user.password user.password = res db.session.commit() return {'user_name': user.phone_number, 'temporary_password': res}
def login(): form = LoginForm() if form.validate_on_submit(): user = User.authenticate(form.username.data, form.password.data) if user is None: return render_template('login.haml', form=form, error='Invalid login') login_user(user, force=True) return redirect(url_for('home')) return render_template('login.haml', form=form)
def test_create_user(database): email = "*****@*****.**" password = "******" salt = "banana" user = User(email=email, password=password, salt=salt) database.session.add(user) database.session.commit() user = User.query.first() assert user.email == email assert user.salt == "banana" assert user.password == "test_password"
def load_VP_entity_profile(): if check_user() == True: user = User(session["username"]) Profile = request.form.to_dict(flat=False) TS = datetime.fromtimestamp(time.time()).strftime('%Y-%m-%d %H:%M:%S') print("[%s_APP-View-load_VP_entity_profile]: Received: %s %s" % (TS, type(Profile), Profile)) if 'LOW' in Profile.keys(): result = user.get_VP_entity_profile(int(Profile['GUID'][0]), Profile['TYPE'][0], Profile['LOW'][0], Profile['HIGH'][0]) else: result = user.get_VP_entity_profile(int(Profile['GUID'][0]), Profile['TYPE'][0], 0, 0) print("[%s_APP-View-load_VP_entity_profile]: Complete with: %s" % (TS, type(result))) return jsonify(result) else: return redirect(url_for("login"))
def etl_file(): TS = datetime.fromtimestamp(time.time()).strftime('%Y-%m-%d %H:%M:%S') if request.method == "POST": iObj = request.form.to_dict(flat=False) user = User(session["username"]) file = request.files['file'] fileType = request.form['fileType'] filename = secure_filename(file.filename) cwd = os.getcwd() photos = ['jpg', 'png', 'bmp', 'gif', 'pdf'] documents = ['doc', 'xls', 'lsx'] if filename[-3:] in photos: ftype = 'photos' elif filename[-3:] in documents: ftype = 'documents' if '\\' in cwd: path = os.path.join( app.config['UPLOAD_FOLDER'], '%s\\application\\services\\data\\%s' % (cwd, filename)) else: path = os.path.join( app.config['UPLOAD_FOLDER'], '%s/application/services/data/%s' % (cwd, filename)) file.save(path) user.from_file(filename, fileType, path, user.GUID) message = { 'response': 200, 'text': "%s loaded to %s at %s" % (filename, path, TS) } return render_template("etl_file.html") else: return render_template("etl_file.html")
def register(): if current_user.is_authenticated: return redirect(url_for('home')) form = RegistrationForm() if form.validate_on_submit(): hashed_pw = bcrypt.generate_password_hash(form.password.data) user = User( first_name=form.first_name.data, last_name=form.last_name.data, email=form.email.data, password=hashed_pw) db.session.add(user) db.session.commit() return redirect(url_for('post')) return render_template('register.html', title='Register', form=form)
def test_administrator_role(self): """ Administrator should be allowed to do all tasks """ r = Role.query.filter_by(role_name='Administrator').first() u = User(email='*****@*****.**', password='******', role=r) self.assertTrue(u.can(Permission.ADMIN)) self.assertTrue(u.can(Permission.CREATE_GROUPS)) self.assertTrue(u.can(Permission.CREATE_GROUP_TASKS)) self.assertTrue(u.can(Permission.CREATE_TASKS)) self.assertTrue(u.can(Permission.MODERATE_GROUP))
def register(): form = RegistrationForm() if form.validate_on_submit(): hashed_password = bcrypt.generate_password_hash(form.password.data) user = User(username=form.username.data, email=form.email.data, password=hashed_password) db.session.add(user) db.session.commit() flash('your account has been created, you are now able to log in', 'success') return redirect(url_for('login')) return render_template('register.html', title='Register', form=form)
def login(): form = LoginForm() if form.validate_on_submit(): id = form.user_id.data password = form.password.data user = User.objects(user_id=id).first() if user and password == user.password and user.work == "executive": return redirect("/executive") elif user and password == user.password and user.work == "cashier": return redirect("/cashier") else: flash("Sorry, something went wrong") return render_template("login.html", title="Login", form=form, login=True)
def reset_password(token): if current_user.is_authenticated: return redirect(url_for('index')) the_user = User.verify_reset_password_token(token) if not the_user: return redirect(url_for('index')) form = ResetPasswordForm() if form.validate_on_submit(): the_user.set_password(form.password.data) db.session.commit() flash('Your password has been reset.') return redirect(url_for('login')) return render_template('auth/reset_password.html', form=form)
def register(): if current_user.is_authenticated: return redirect(url_for('home')) form = RegistrationForm() if form.validate_on_submit(): hashed_password = bcrypt.generate_password_hash( form.password.data).decode('utf-8') user = User(username=form.username.data, email=form.email.data, password=hashed_password).save() flash(f'Account created for {user.username}!', 'success') return redirect(url_for('login')) return render_template('register.html', title='Register', form=form)
def post(self): """ Try to post the user to the database otherwise return a negative response """ try: """ Takes in a payload, encrypts the password using the bycrypt library and saves it to the database """ test = False if api.payload is None: test = True userdata = request.form.to_dict() else: userdata = api.payload password = bcrypt.generate_password_hash(userdata["password"]) User(password=password, username=userdata["username"]).save() if test: User.objects(username=userdata["username"]).delete() hashed_password = password.decode() return make_response( jsonify({ 'response': 'The post has worked successfully', 'hashed_password': hashed_password }), 200) return make_response( jsonify({'response': 'The post has worked successfully'}), 200) except (AttributeError, TypeError): # raise AssertionError('Input variables should be strings') return make_response( jsonify( {'response': 'The post request has encountered an error'}), 406)
def post(self): data = api.payload user = User(user_id=data['user_id'], email=data['email'], first_name=data['first_name'], last_name=data['last_name']) user.set_password(data['password']) user.save() return jsonify(User.objects(user_id=data['user_id']))
def post(self): data = api.payload user = User( user_id=data["user_id"], email=data["email"], first_name=data["first_name"], last_name=data["last_name"], ) user.set_password(data["password"]) user.save() return jsonify(User.objects(user_id=data["user_id"]))
def reset_password(token): if current_user.is_authenticated: return redirect(url_for("main.home")) user = User.verify_reset_password_token(token) if not user: return redirect(url_for("main.home")) form = ResetPasswordForm() if form.validate_on_submit(): user.password = pbkdf2_sha512.hash(form.password.data) db.session.commit() flash("Your password has been reset.") return redirect(url_for("auth.signin")) return render_template("reset-password.html", form=form)
def create_user(self, username, password, nickname, document_number, mobile, email): try: pw = encrypt_password(str(password)) now = datetime.datetime.now() u = User(username=username, password=pw, nickname=nickname, document_number=document_number, mobile=mobile, email=email, created=now, updated=now) db.session.add(u) db.session.commit() return True except Exception as e: print(e) return False
def insert_users(n_clicks, un, pw, em): hashed_password = generate_password_hash(pw, method='sha256') if un is not None and pw is not None and em is not None: u = User(username=un, password=hashed_password, email=em) db.session.add(u) db.session.commit() return [login] else: return [html.Div([html.H2('Already have a user account?'), dcc.Link('Click here to Log In', href='/login') ] ) ]
def setUp(self): """Creates tables before test cases""" from application.models import User api.app.config['SQLALCHEMY_DATABASE_URI'] = "sqlite://" api.app.config['TESTING'] = True self.app = api.app.test_client() db.create_all() self.user = User(username="******", password="******") db.session.add(self.user) db.session.commit() data = {"name": "funny"} self.headers = self.get_token_header(self.user) self.app.post('/subreddits', data=data, headers=self.headers)
def populate_user_db(create_db): """ A test fixture for populating the user database with test data. Will only run once per test class. """ for e in test_users: user = User( username = e['username'], password = e['password'], admin = e['admin'] ) create_db.session.add(user) create_db.session.commit()
def testCascadeDeleteDB(self): u = User(username=u'FirstUser', password='******') db.session.add(u) db.session.commit() m = Match(initiator=u) db.session.add(m) db.session.commit() # assert models.Match.query.filter(Match.users.contains(u)).all().__len__() == 1 app.logger.debug('Match %s' % m) models.User.query.filter(User.username == u'FirstUser').delete() db.session.commit() # assert models.User.query.filter(User.username==u'FirstUser').all().__len__() == 0 app.logger.debug('testCascadeDeleteDB - OK')
def login(): if session.get('username'): return redirect(url_for('home')) form = LoginForm() if form.validate_on_submit(): user = User.objects(email=form.email.data).first() if user and user.get_password(form.password.data): flash('You are successfully logged in!', 'success') session['user_id'] = user.user_id session['username'] = user.username return redirect(url_for('home')) flash('Login unsuccessful, check email and password.', 'danger') return render_template('login.html', title='Login', form=form, login=True)
def get(self): profile_id = request.args.get("profile_id") if not profile_id and not session.get("profile_id"): return Response("No profile specified. Please specify profile_id", status=400) profile_id = profile_id or session.get("profile_id") user = User.get_by_id(profile_id) if not user: return Response("No profile '{}' found. Please specify profile_id".format(profile_id), status=400) data = {"friends": [{"name": f.name} for f in ndb.get_multi(user.friends)]} data["count"] = len(data["friends"]) return Response(json.dumps(data), status=200)