I'm trying to get identity working and am hitting a bit of a glitch.
I've got a user stored in my database, associated with a group, and I
can log in as him, but I've got the password in the clear in the
database. I can't figure out how to pass in an encrypted password. I
have this decorator decorating the desired method:
@identity.require(group="user")
I have a standard form getting username/password and POSTing back to the
desired resource that's decorated above. From what I can tell from the
source to identity, I'm apparently not the one handing the
username/password: validate_identity in soprovider.py is.
So, what is my best option for taking a password from a user, MD5ing it,
and matching it up against what is in the database? Am I going to have
to MD5 the password using a javascript library before I pass it in? Or
is there a better way?
- jmj
