oops. yes. On Feb 7, 2:35 pm, Jonathan Lundell <jlund...@pobox.com> wrote: > On Feb 7, 2010, at 12:07 PM, mdipierro wrote: > > > remember that validators are filters. You need to check that a > > password is strong BEFORE it is hashed. > > So instead of this: > > > auth.settings.table_user.password.requires += [IS_STRONG(min=8, max=0, > > upper=1, lower=1, number=1, special=1)] > > > Do this > > > auth.settings.table_user.password.insert(0,IS_STRONG(min=8, max=0, > > upper=1, lower=1, number=1, special=1)) > > > Not sure this is your problem but try again after this fix. > > Shouldn't that be > auth.settings.table_user.password.requires.insert(0,IS_STRONG(min=8, max=0, > upper=1, lower=1, number=1, special=1)) ? > > > > > On Feb 7, 1:44 pm, Jonathan Lundell <jlund...@pobox.com> wrote: > >> I've got this (where the key is a text string): > > >> from gluon.tools import * > >> auth=Auth(globals(),db) # authentication/authorization > >> auth.settings.hmac_key = vpepm_hmac_key > >> auth.define_tables() # creates all needed tables > > >> # invoke IS_STRONG only for password creation, not password checking > >> if "login" not in request.args: > >> auth.settings.table_user.password.requires += [IS_STRONG(min=8, max=0, > >> upper=1, lower=1, number=1, special=1)] > > >> All my logins are failing with a bad password. I've got a sha512 hash in > >> my user database (manually initialized), but the login form is returning > >> an md5 hash, presumably because digest_alg is set to md5. The manual says, > >> "If a key is specified it uses the HMAC+SHA512 with the provided key," but > >> I don't see where digest_alg is ever set to sha512. > > >> Is there a bug, or am I doing something wrong? > > > -- > > You received this message because you are subscribed to the Google Groups > > "web2py-users" group. > > To post to this group, send email to web...@googlegroups.com. > > To unsubscribe from this group, send email to > > web2py+unsubscr...@googlegroups.com. > > For more options, visit this group > > athttp://groups.google.com/group/web2py?hl=en. > >
-- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web...@googlegroups.com. To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
