remember that validators are filters. You need to check that a password is strong BEFORE it is hashed. So instead of this:
auth.settings.table_user.password.requires += [IS_STRONG(min=8, max=0, upper=1, lower=1, number=1, special=1)] Do this auth.settings.table_user.password.insert(0,IS_STRONG(min=8, max=0, upper=1, lower=1, number=1, special=1)) Not sure this is your problem but try again after this fix. On Feb 7, 1:44 pm, Jonathan Lundell <jlund...@pobox.com> wrote: > I've got this (where the key is a text string): > > from gluon.tools import * > auth=Auth(globals(),db) # authentication/authorization > auth.settings.hmac_key = vpepm_hmac_key > auth.define_tables() # creates all needed tables > > # invoke IS_STRONG only for password creation, not password checking > if "login" not in request.args: > auth.settings.table_user.password.requires += [IS_STRONG(min=8, max=0, > upper=1, lower=1, number=1, special=1)] > > All my logins are failing with a bad password. I've got a sha512 hash in my > user database (manually initialized), but the login form is returning an md5 > hash, presumably because digest_alg is set to md5. The manual says, "If a key > is specified it uses the HMAC+SHA512 with the provided key," but I don't see > where digest_alg is ever set to sha512. > > Is there a bug, or am I doing something wrong? -- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web...@googlegroups.com. To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
