Grazie On Sun, Aug 12, 2012 at 12:09 PM, Anthony <abasta...@gmail.com> wrote:
> Note, this has now been fixed in trunk: > http://code.google.com/p/web2py/source/detail?r=73b2137eb3bbbb2e61abc47b491786643d46c199 > > > On Saturday, August 11, 2012 11:21:12 PM UTC-4, Anthony wrote: >> >> Looks like a bug in the wizard: >> >> db.auth_user.password.requires = CRYPT(key=auth.settings.hmac_**key) >> >> should be: >> >> db.auth_user.password.requires = >> CRYPT(key=auth.settings.hmac_**key,min_length >> =4) >> >> Actually, maybe the wizard should simply use auth.define_tables() instead >> of manually creating the auth_user table -- would be easier to keep the >> wizard consistent with standard apps. >> >> Anthony >> >> On Saturday, August 11, 2012 8:40:12 PM UTC-4, Yarin wrote: >>> >>> Anthony- I'm on 1.99.7 stable. Just tried it it with a fresh basic app >>> and there the problem doesn't exist. However, if you use the *app wizard >>> *, and just click through accepting all the defaults, it will recreate >>> the issue. Note also that it DOES allow logging in with no password >>> subsequent to the registration. Adding the requires.insert(0,IS_**LENGTH >>> (minsize=5)) has no effect. >>> >>> I've attached the app I just generated with the wizard on all default >>> settings. >>> >>> >>> On Saturday, August 11, 2012 7:10:29 PM UTC-4, Anthony wrote: >>>> >>>> Anthony's correct- this is in Auth, but is not being respected: >>>>> settings.password_min_length = 4 >>>>> >>>> >>>> I just created a fresh app using trunk, and when I try to register >>>> without a password, I get a "too short" error message on the password >>>> field. What version of web2py are you using? Can we see your Auth related >>>> code? Or maybe you can pack and attach a simple app that exhibits the >>>> behavior. >>>> >>>> >>>>> Massimo - "For security reason it will not be accepted for logging >>>>> anyway." - Not sure what you meant but it registered me and logged me in >>>>> with an empty pass. >>>>> >>>> >>>> By default, when you first register, you are automatically logged in >>>> upon registration (this can be disabled). I think Massimo meant that >>>> subsequently you will not be able to continue to login with an empty >>>> password. >>>> >>>> >>>>> I also tried inserting: >>>>> db.auth_user.password.requires**.insert(0,IS_LENGTH(minsize=5)**) >>>>> >>>> >>>> What happens whey you try that -- does it generate an error, or simply >>>> allow you to register without a password? >>>> >>>> Anthony >>>> >>>> -- > > > > --
