When I look into database I can see the password in a readable form.
No hash there.
I tested registration on a standard cookbook application and the hash
there works for password field.
So I started thinking what am I doing wrong. And then it stuck me and
I think I found the problem.
When I was sending my form NOTHING was stored into database. I only
got a confirmation message: "Form accepted!".
So I thought about a work around and put all my code responsible for
storing data into database just below this part of my form:
if form.accepts(request.vars,session):
response.flash="Form accepted!"
db.auth_user.insert(username=request.vars.username,
password=request.vars.password,
first_name=request.vars.first_name,
last_name=request.vars.last_name)
So my question is where should I place this part of code to have my
data stored in DB and have CRYPT() method working?
Or maybe there is some other method to save form data into database?
For now only this worked for me. But it looks like my way of saving
form data into database backfired on me.
On 14 Sie, 10:15, mdipierro <[email protected]> wrote:
> this confirms that crypt is working. somehow it is not being called
> for you. I am very puzzled by this.
> How do you check the passwords are not hashed?
> Can you make a minimalist app to reproduce the problem and and email
> it to me?
>
> On Aug 13, 6:39 pm, elfuego1 <[email protected]> wrote:
>
> > Requirements for password field in db.py file are as follows:
>
> > db.auth_user.password.requires =
> > [IS_STRONG(min=8,max=None,upper=None,lower=None,special=None,number=None,error_message='Too
> > short'),
> > CRYPT(auth.settings.hmac_key)]
>
> > there are aslo defined these parameters:
>
> > auth.settings.controller = 'default'
> > auth.settings.hmac_key='sha512:phraseforthepass'
>
> > I was not sure if I import enough modules so beside the obvious:
>
> > from gluon.tools import *
>
> > I aslo imported these two:
>
> > from gluon.utils import *
> > from gluon.validators import *
>
> > Massimo, after I added the part of code you suggested in my
> > registration page (register.html):
> > {{=CRYPT(auth.settings.hmac_key)('hello world')}}
>
> > I got this on the page in web browser:
>
> > ('ae0bd13943b9f20d94ee01dd121d26bbee315f269d309de6aacbfeeeefe6e1c9d75c3d1549dbf9cf2db8c0ecf9094c72cca33baac3944256815e6969fbc97830',
> > None)
>
> > On 14 Sie, 00:16, mdipierro <[email protected]> wrote:
>
> > > can you try
>
> > > print CRYPT(auth.settings.hmac_key)('hello world')
>
> > > what do you get? Did you set
>
> > > auth.settings.hmac_key='sha512:somerandompasphrase'
>
> > > On Aug 13, 12:39 pm, elfuego1 <[email protected]> wrote:
>
> > > > I did as mr.freeze suggested and I added values for all parameters:
>
> > > > db.auth_user.password.requires =
> > > > [IS_STRONG(min=8,max=None,upper=None,lower=None,special=None,number=None,error_message='Too
> > > > short'),
> > > > CRYPT(auth.settings.hmac_key)]
>
> > > > It helped with my first problem. I don't get error_message any more.
> > > > Form is processed smoothly now.
>
> > > > BUT the password still isn't hashed...
>
> > > > I had found information about additonal parameter
> > > > auth.settings.controller = 'default'
>
> > > > and had added it in my db.py file. To no avail though :-(
>
> > > > On 13 Sie, 11:19, mdipierro <[email protected]> wrote:
>
> > > > > @elfuogo1, let us know if the problems are solved.
>
> > > > > On Aug 12, 10:36 pm, "mr.freeze" <[email protected]> wrote:
>
> > > > > > IS_STRONG is failing for a different reason but displaying your
> > > > > > error
> > > > > > message. The defaults are:
> > > > > > min=8, max=20, upper=1, lower=1, number=1, special=1
>
> > > > > > If you remove your error message, you will get a descriptive message
> > > > > > for each failure. You can set each parameter to 0 to disallow and to
> > > > > > None to not check.
> > > > > > db.auth_user.password.requires =
> > > > > > [IS_STRONG(min=8,max=None,upper=None,
>
> > > > > > lower=None,special=None,number=None,error_message='Too short'),
> > > > > > CRYPT(auth.settings.hmac_key)]
>
> > > > > > Perhaps the defaults should be less aggressive. Not sure on the
> > > > > > CRYPT, it hashes the password for me.
>
> > > > > > On Aug 12, 9:53 pm, elfuego1 <[email protected]> wrote:
>
> > > > > > > Hi,
>
> > > > > > > I have a problem with two things in registration form.
>
> > > > > > > 1. Definition for password field in database looks as follows:
>
> > > > > > > db.auth_user.password.requires = [IS_STRONG(min=8
> > > > > > > ,error_message='Your
> > > > > > > password is too short!'), CRYPT(auth.settings.hmac_key)]
>
> > > > > > > But the form is not accepting passwords. Each time I want to send
> > > > > > > a
> > > > > > > form it shows me error message: 'Your password is too short',
> > > > > > > even if
> > > > > > > the password is much longer than required 8 signs.
> > > > > > > After removing 'min=8' parameter I'm able to save my form in
> > > > > > > database.
>
> > > > > > > 2. Although I have provided an encryption setting:
>
> > > > > > > auth.settings.hmac_key='sha512:something
>
> > > > > > > password is not encrypted in the database.
>
> > > > > > > Can you help me and tell me what I'm doing wrong? Am I missing
> > > > > > > some
> > > > > > > parameters?
