Thanks for the hint! The following expression works for me:
db.auth_user.password.validate(plain_password) == (db(db.auth_user.id==auth.user_id).select ().first ().password, None) Thanks again, Pearu On Saturday, December 22, 2012 3:25:00 AM UTC+2, Jonathan Lundell wrote: > > On 21 Dec 2012, at 5:12 PM, Pearu Peterson > <pearu.p...@gmail.com<javascript:>> > wrote: > > Hi, > > > > I have a password in plain text and I want to check if it matches with > the crypted password in auth_user.password field. > > > > I have tried comparing auth_user.password with > str(db.auth_user.password.validate(plain_password)[0]) with no success even > when I know that the passwords match exactly. > > > > The problem seems to boil down to the fact that encryption of the same > string results different encrypted strings. For example, > > >>> from gluon.validators import CRYPT, LazyCrypt > > >>> crypt = CRYPT() > > >>> str(LazyCrypt(crypt, 'mysecret')) > > > 'pbkdf2(1000,20,sha512)$a2a2ca127df6bc19$77bb5a3d129e2ce710daaefeefef8356c4c827ff' > > > > >>> str(LazyCrypt(crypt, 'mysecret')) > > > 'pbkdf2(1000,20,sha512)$a555a267249876fb$bc18f82b72a3a5ebce617f32d6abaa5c48734ab9' > > > > > > What would be the correct way to check if passwords match when they are > given in encrypted form? > > You have to compare using the equality test in CRYPT, so compare > CRYPT()(plaintext) == store_password (or something like that). You can't > compare the resulting strings, because they have different (random) salt, > at least by default they do. > > > > > Any hints are appreciated, > > Pearu > > > > > > -- > > > > > > > > > --
