You have two problems:
1)
insert(....request.vars.password...)
should be
insert(...form.vars.password...)
request.vars contains the raw data sent from user, form.vars contains
the same data filtered by validators.
2)
you are bypassing a lot of login that is normally performed by auth.
For example you do not get default groups for new users. Eventually
this will bite you.
Massimo
On Aug 14, 4:43 am, elfuego1 <elfue...@gmail.com> wrote:
> When I look into database I can see the password in a readable form.
> No hash there.
> I tested registration on a standard cookbook application and the hash
> there works for password field.
>
> So I started thinking what am I doing wrong. And then it stuck me and
> I think I found the problem.
> When I was sending my form NOTHING was stored into database. I only
> got a confirmation message: "Form accepted!".
> So I thought about a work around and put all my code responsible for
> storing data into database just below this part of my form:
>
> if form.accepts(request.vars,session):
> response.flash="Form accepted!"
> db.auth_user.insert(username=request.vars.username,
>
> password=request.vars.password,
>
> first_name=request.vars.first_name,
>
> last_name=request.vars.last_name)
>
> So my question is where should I place this part of code to have my
> data stored in DB and have CRYPT() method working?
> Or maybe there is some other method to save form data into database?
> For now only this worked for me. But it looks like my way of saving
> form data into database backfired on me.
>
> On 14 Sie, 10:15, mdipierro <mdipie...@cs.depaul.edu> wrote:
>
> > this confirms that crypt is working. somehow it is not being called
> > for you. I am very puzzled by this.
> > How do you check the passwords are not hashed?
> > Can you make a minimalist app to reproduce the problem and and email
> > it to me?
>
> > On Aug 13, 6:39 pm, elfuego1 <elfue...@gmail.com> wrote:
>
> > > Requirements for password field in db.py file are as follows:
>
> > > db.auth_user.password.requires =
> > > [IS_STRONG(min=8,max=None,upper=None,lower=None,special=None,number=None,error_message='Too
> > > short'),
> > > CRYPT(auth.settings.hmac_key)]
>
> > > there are aslo defined these parameters:
>
> > > auth.settings.controller = 'default'
> > > auth.settings.hmac_key='sha512:phraseforthepass'
>
> > > I was not sure if I import enough modules so beside the obvious:
>
> > > from gluon.tools import *
>
> > > I aslo imported these two:
>
> > > from gluon.utils import *
> > > from gluon.validators import *
>
> > > Massimo, after I added the part of code you suggested in my
> > > registration page (register.html):
> > > {{=CRYPT(auth.settings.hmac_key)('hello world')}}
>
> > > I got this on the page in web browser:
>
> > > ('ae0bd13943b9f20d94ee01dd121d26bbee315f269d309de6aacbfeeeefe6e1c9d75c3d1549dbf9cf2db8c0ecf9094c72cca33baac3944256815e6969fbc97830',
> > > None)
>
> > > On 14 Sie, 00:16, mdipierro <mdipie...@cs.depaul.edu> wrote:
>
> > > > can you try
>
> > > > print CRYPT(auth.settings.hmac_key)('hello world')
>
> > > > what do you get? Did you set
>
> > > > auth.settings.hmac_key='sha512:somerandompasphrase'
>
> > > > On Aug 13, 12:39 pm, elfuego1 <elfue...@gmail.com> wrote:
>
> > > > > I did as mr.freeze suggested and I added values for all parameters:
>
> > > > > db.auth_user.password.requires =
> > > > > [IS_STRONG(min=8,max=None,upper=None,lower=None,special=None,number=None,error_message='Too
> > > > > short'),
> > > > > CRYPT(auth.settings.hmac_key)]
>
> > > > > It helped with my first problem. I don't get error_message any more.
> > > > > Form is processed smoothly now.
>
> > > > > BUT the password still isn't hashed...
>
> > > > > I had found information about additonal parameter
> > > > > auth.settings.controller = 'default'
>
> > > > > and had added it in my db.py file. To no avail though :-(
>
> > > > > On 13 Sie, 11:19, mdipierro <mdipie...@cs.depaul.edu> wrote:
>
> > > > > > @elfuogo1, let us know if the problems are solved.
>
> > > > > > On Aug 12, 10:36 pm, "mr.freeze" <nat...@freezable.com> wrote:
>
> > > > > > > IS_STRONG is failing for a different reason but displaying your
> > > > > > > error
> > > > > > > message. The defaults are:
> > > > > > > min=8, max=20, upper=1, lower=1, number=1, special=1
>
> > > > > > > If you remove your error message, you will get a descriptive
> > > > > > > message
> > > > > > > for each failure. You can set each parameter to 0 to disallow and
> > > > > > > to
> > > > > > > None to not check.
> > > > > > > db.auth_user.password.requires =
> > > > > > > [IS_STRONG(min=8,max=None,upper=None,
>
> > > > > > > lower=None,special=None,number=None,error_message='Too short'),
> > > > > > > CRYPT(auth.settings.hmac_key)]
>
> > > > > > > Perhaps the defaults should be less aggressive. Not sure on the
> > > > > > > CRYPT, it hashes the password for me.
>
> > > > > > > On Aug 12, 9:53 pm, elfuego1 <elfue...@gmail.com> wrote:
>
> > > > > > > > Hi,
>
> > > > > > > > I have a problem with two things in registration form.
>
> > > > > > > > 1. Definition for password field in database looks as follows:
>
> > > > > > > > db.auth_user.password.requires = [IS_STRONG(min=8
> > > > > > > > ,error_message='Your
> > > > > > > > password is too short!'), CRYPT(auth.settings.hmac_key)]
>
> > > > > > > > But the form is not accepting passwords. Each time I want to
> > > > > > > > send a
> > > > > > > > form it shows me error message: 'Your password is too short',
> > > > > > > > even if
> > > > > > > > the password is much longer than required 8 signs.
> > > > > > > > After removing 'min=8' parameter I'm able to save my form in
> > > > > > > > database.
>
> > > > > > > > 2. Although I have provided an encryption setting:
>
> > > > > > > > auth.settings.hmac_key='sha512:something
>
> > > > > > > > password is not encrypted in the database.
>
> > > > > > > > Can you help me and tell me what I'm doing wrong? Am I missing
> > > > > > > > some
> > > > > > > > parameters?
