Thanks Joe...
1. can we see how auth is istantiated in your app ?
2. can you pass us the database (or just one of the auth_user records along
with the "unencrypted password")
With those, we could easily reproduce the behaviour (i.e. trying to login
in the app with the password with exactly your auth_user records) and see
what is going on....
On Saturday, December 8, 2012 8:18:58 PM UTC+1, JoeCodeswell wrote:
>
> Hi Niphlod,
>
> Here is my report on your suggestion:
>
>> BTW3: to pass around an app just log into admin and hit "create package"
>> (or tar.gz the entire applications/myapp folder and load it locally with
>> "upload package")
>
> On webfaction-web2py-admin:
> for myapp clicked the "Pack all" button & downloaded
> "web2py.app.myapp.w2p" to myLocalMachine
> On myLocalMachine in web2py-admin :
>
> 1. deleted myapp
> 2. in Upload and install packed application:
> 1. Application name: myapp
> 2. Upload a package: path-to/ web2py.app.myapp.w2p
> 3. Or Get from URL: <LEFT BLANK>
> 4. [ ] Overwrite installed app # left this checkbox UNCHECKED
> 5. Clicked "Install"
> 6. Flash said: application myapp installed with md5sum:
> 7632e93e985802371a0071a4daca49c7
>
> TO TEST
> 1. Tried logging in with all 4 {email, pw} sets that work on webfaction:
> RESULT:
> myLocalMachine COULD NOT LOGIN - returning to the login page without
> comment.
> webfaction LOGINS JUST FINE
> 2. There is one user on webfaction waiting registration approval. Testing
> that {email,pw} RESULT
> myLocalMachine COULD NOT LOGIN - returning to the login page without
> comment.
> webfaction FLASH RESPONSE - "Registration is pending approval"
> 3. Inspecting myLocalMachine in Database Administration RESULT:
> a. all 5 of the users on webfaction are also on myLocalMachine
> b. all 5 of the users on myLocalMachine have passwords that begin with
> "pbkdf2(1000,20,sha512)$"
> 4. On myLocalMachine in Database Administration,
> a. I click [ insert new auth_user ] and insert
> First name: local
> Last name: user
> E-mail: [email protected] <javascript:>
> Password: localuserpw
> Registration key: none
> Reset Password key: none
> Registration identifier: none
> b. RESULTS:
> 1. flash response: new record inserted
> 2. Password for [email protected] <javascript:> begins with
> "pbkdf2(1000,20,sha512)$" NOT "sha512" as in my original post.
> 3. On myLocalMachine, when i try to login with {
> [email protected]<javascript:>,
> localuserpw} - COULD NOT LOGIN
> - it returned to the login page without comment.
>
> OK so I think I still need some help with "fix"ing CRYPT differences
> between Windows and Linux.
>
> Thanks in advance.
>
> Love and peace,
>
> Joe
>
> On Thursday, December 6, 2012 4:34:23 PM UTC-8, JoeCodeswell wrote:
>>
>> Dear Niphlod,
>>
>> Thanks for the reply.
>>
>> appadmin.py ships with the application, so if you really copied the
>>> "controllers" folder you'd have the same file.
>>
>> Of course you are right. I only copied the files i [thought i] had
>> changed. That's why i was surprised to find that
>> appadmin.py.windows != appadmin.py.linux
>>
>> BTW, pbkdf2 was introduced ~2 months ago
>>>
>> I created myapp on the Linux [webfaction] machine yesterday. I tried to
>> copy it to my Windows [home] machine today.
>>
>> BTW2: if you copied an app that used the sha512 algo an tried to load it
>>> into a *newer* web2py release...
>>
>> I am trying to copy myapp FROM the Linux [webfaction] machine TO my
>> Windows [home] machine. When I created myapp on the Linux machine, I
>> created a myapp using the "New simple application create" function. I never
>> [to my knowledge] altered anything related to CRYPT. So i believe the
>> pbkdf2 algo was generated at app creation time on the Linux [webfaction]
>> machine.
>>
>> BTW3: to pass around an app just ...
>>
>> Thanks BIG TIME for this. I will try these suggestions.
>>
>> BTW4: I seem to recall that very old python calculated hashes differently.
>>
>> I am using python 2.7 on BOTH the Windows and Linux machines.
>>
>> Thanks for the responses, Niphlod. I'll report back after trying BTW3.
>>
>> Thanks again, Niphlod.
>>
>> Love and peace,
>>
>> Joe
>>
>>
>> On Thursday, December 6, 2012 12:19:40 PM UTC-8, Niphlod wrote:
>>>
>>> appadmin.py ships with the application, so if you really copied the
>>> "controllers" folder you'd have the same file.
>>> BTW, pbkdf2 was introduced ~2 months ago.
>>> BTW2: if you copied an app that used the sha512 algo an tried to load it
>>> into a *newer* web2py release, as soon as the user entered the password
>>> would be updated to the pbkdf2 algo (unless you were using some explicit
>>> IS_CRYPT() validator or the auth_key param on auth, I think).
>>> BTW3: to pass around an app just log into admin and hit "create package"
>>> (or tar.gz the entire applications/myapp folder and load it locally with
>>> "upload package")
>>> BTW4: I seem to recall that very old python calculated hashes
>>> differently. However, it would not be the case unless BTW2 (some fixed
>>> auth_key in auth instantiation or explicit IS_CRYPT() validator)
>>>
>>>
--
