If the password is a UUID how are the users supposed to know what it
and use it to login. I am missing something here.
On Nov 22, 12:08 pm, Matt Broadstone <mbroa...@gmail.com> wrote:
> On Tue, Nov 22, 2011 at 9:21 AM, Massimo Di
> Pierro<massimo.dipie...@gmail.com> wrote:
> > must be hashed
>
> Hmm I can't seem to get this working. I should probably have mentioned
> that we are using basic auth to use this user on the client side. When
> I hash the password and insert it into the database it is not hashing
> the password passed in from basic login. Does this mean that we should
> be changing the "basic" method to hash the password that it finds
> there also? like this:
>
> (username, password) = base64.b64decode(basic[6:]).split(':')
> password = db.auth_user.password.validate(str(uuid.uuid4()))[0]
> return self.login_bare(username, password)
>
> Just to be clear, I'll reiterate what we're trying to do here.
>
> A temporary user is created in the system with a uuid username and
> uuid password like this:
> settings["serverUser"] = str(uuid.uuid4())
> settings["serverPassword"] =
> db.auth_user.password.validate(str(uuid.uuid4()))[0]
> user = auth.get_or_create_user(dict(username=settings["serverUser"],
> password=settings["serverPassword"]))
>
> then, on the client side, we are using curl to call a restful action
> on the server using this login info, like this:
> curlhttps://localhost:2345/some/rest/verb-u "<serverUser
> from above>:<serverPassword from above>"
>
> and its still redirecting. I can confirm that the passwords passed in
> to login_bare are the same until this is called:
> password = table_user[passfield].validate(password)[0]
>
>
>
>
>
>
>
>
>
> > settings["serverPassword"] =
> > db.auth_user.password.validate(str(uuid.uuid4()))[0]
>
> > On Nov 22, 8:19 am, Matt Broadstone <mbroa...@gmail.com> wrote:
> >> Hello,
> >> In our project we need to create a temporary user for the web2py app
> >> so that a remote system can send back a singe status update. In order
> >> to do this, when the command is sent out we create a temporary user
> >> like this:
>
> >> settings["serverUser"] = str(uuid.uuid4())
> >> settings["serverPassword"] = str(uuid.uuid4())
> >> user =
> >> auth.get_or_create_user(dict(username=settings["serverUser"],
> >> password=settings["serverPassword"]))
>
> >> This adds the user/password to the database just fine, however, login
> >> fails because of this line in login_bare:
> >> password = table_user[passfield].validate(password)[0]
>
> >> if I remove this line, the password is as expected, which leads me to
> >> think that we are not adding the password in the first case properly.
> >> Does it need to be hashed some way?
>
> >> Matt
