[web2py] Re: Authentication

Fri, 21 May 2010 11:07:23 -0700 

I think the first table definition is more actual and cleaner than
second and it's how I am actually doing it

On 21 mayo, 16:49, annet <annet.verm...@gmail.com> wrote:
> I read chapter 8 of the web2py manual and some post on authentication
> to get started (again) implementing a cms.
>
> I read about MD5 and SHA-512, and understand I have to provide a
> secret key for this setting: auth.settings.hmac_key='<your secret
> key>' Does this key have a specific format, e.g. 448a98e0-00fd-46b2-
> ac4f-a14d2315b189? Or can I use any key? At the moment I am working in
> web2py 1.76.5 does this version already use hmac + sha-512?
>
> Furthermore I would like to customize the auth_user table. In the
> manual the proper way to define a user table is:
>
> auth_table = db.define_table(auth.settings.table_user_name,
>     Field('first_name', length=128, default=''),
>     Field('last_name', length=128, default=''),
>     Field('email', length=128, default='', unique=True),
>     Field('password', 'password', length=256, readable=False,
> label='Password'),
>     Field('registration_key', length=128, default= '', writable=False,
> readable=False))
>
> auth_table.first_name.requires =
> IS_NOT_EMPTY(error_message=auth.messages.is_empty)
> auth_table.last_name.requires =
> IS_NOT_EMPTY(error_message=auth.messages.is_empty)
> auth_table.password.requires = [IS_STRONG(), CRYPT()]
> auth_table.email.requires =
> [IS_EMAIL(error_message=auth.messages.invalid_email), IS_NOT_IN_DB(db,
> auth_table.email)]
> auth.settings.table_user = auth_table
>
> In a workgroup post of 8 February I read this definition:
>
> auth.settings.table_user = db.define_table('auth_user',
>     Field('first_name', length=512,default=''),
>     Field('last_name', length=512,default=''),
>     Field('email', length=512,default='', requires =
> [IS_EMAIL(),IS_NOT_IN_DB(db,'auth_user.email')]),
>     Field('password', 'password', readable=False, label='Password',
> requires=CRYPT(auth.settings.hmac_key)),
>     Field('registration_key', length=512, writable=False,
> readable=False,default=''),
>     Field('reset_password_key', length=512, writable=False,
> readable=False, default=''))
>
> What is the reset_password_key for? I guess I'd better use the latter
> table definition, don't I need any validators?
>
> Kind regards,
>
> Annet.

Reply via email to