Sure, Niphlod. I didn't see your post before i posted my comment about my local ubuntu machine which seems to behave like my local windows machine.
1. can we see how auth is istantiated in your app ? In db.py from gluon.tools import Auth, Crud, Service, PluginManager, prettydate auth = Auth(db, hmac_key=Auth.get_or_create_key()) 2. can you pass us the database (or just one of the auth_user records along with the "unencrypted password") Here's part of the csv export from webfaction. This is the entry that is awaiting approval. I have no problem giving this out because it is a dummy that i created to test approval. auth_user.id,auth_user.first_name,auth_user.last_name,auth_user.email,auth_user.password,auth_user.registration_key,auth_user.reset_password_key,auth_user.registration_id 5,New,Person,[email protected],"pbkdf2(1000,20,sha512)$a94f2bd3a071cfa8$69e71be8683802edbb83dfc2cb97dfea97ab76c0",pending,, Here's the unencrypted pw: NewFish04pw Thanks for the help, Niphlod. Love and peace, Joe On Saturday, December 8, 2012 11:54:09 AM UTC-8, Niphlod wrote: > > Thanks Joe... > 1. can we see how auth is istantiated in your app ? > 2. can you pass us the database (or just one of the auth_user records > along with the "unencrypted password") > > With those, we could easily reproduce the behaviour (i.e. trying to login > in the app with the password with exactly your auth_user records) and see > what is going on.... > > On Saturday, December 8, 2012 8:18:58 PM UTC+1, JoeCodeswell wrote: >> >> Hi Niphlod, >> >> Here is my report on your suggestion: >> >>> BTW3: to pass around an app just log into admin and hit "create package" >>> (or tar.gz the entire applications/myapp folder and load it locally with >>> "upload package") >> >> On webfaction-web2py-admin: >> for myapp clicked the "Pack all" button & downloaded >> "web2py.app.myapp.w2p" to myLocalMachine >> On myLocalMachine in web2py-admin : >> >> 1. deleted myapp >> 2. in Upload and install packed application: >> 1. Application name: myapp >> 2. Upload a package: path-to/ web2py.app.myapp.w2p >> 3. Or Get from URL: <LEFT BLANK> >> 4. [ ] Overwrite installed app # left this checkbox >> UNCHECKED >> 5. Clicked "Install" >> 6. Flash said: application myapp installed with md5sum: >> 7632e93e985802371a0071a4daca49c7 >> >> TO TEST >> 1. Tried logging in with all 4 {email, pw} sets that work on webfaction: >> RESULT: >> myLocalMachine COULD NOT LOGIN - returning to the login page without >> comment. >> webfaction LOGINS JUST FINE >> 2. There is one user on webfaction waiting registration approval. Testing >> that {email,pw} RESULT >> myLocalMachine COULD NOT LOGIN - returning to the login page without >> comment. >> webfaction FLASH RESPONSE - "Registration is pending >> approval" >> 3. Inspecting myLocalMachine in Database Administration RESULT: >> a. all 5 of the users on webfaction are also on myLocalMachine >> b. all 5 of the users on myLocalMachine have passwords that begin >> with "pbkdf2(1000,20,sha512)$" >> 4. On myLocalMachine in Database Administration, >> a. I click [ insert new auth_user ] and insert >> First name: local >> Last name: user >> E-mail: [email protected] >> Password: localuserpw >> Registration key: none >> Reset Password key: none >> Registration identifier: none >> b. RESULTS: >> 1. flash response: new record inserted >> 2. Password for [email protected] begins with >> "pbkdf2(1000,20,sha512)$" NOT "sha512" as in my original post. >> 3. On myLocalMachine, when i try to login with { [email protected], >> localuserpw} - COULD NOT LOGIN >> - it returned to the login page without comment. >> >> OK so I think I still need some help with "fix"ing CRYPT differences >> between Windows and Linux. >> >> Thanks in advance. >> >> Love and peace, >> >> Joe >> >> On Thursday, December 6, 2012 4:34:23 PM UTC-8, JoeCodeswell wrote: >>> >>> Dear Niphlod, >>> >>> Thanks for the reply. >>> >>> appadmin.py ships with the application, so if you really copied the >>>> "controllers" folder you'd have the same file. >>> >>> Of course you are right. I only copied the files i [thought i] had >>> changed. That's why i was surprised to find that >>> appadmin.py.windows != appadmin.py.linux >>> >>> BTW, pbkdf2 was introduced ~2 months ago >>>> >>> I created myapp on the Linux [webfaction] machine yesterday. I tried to >>> copy it to my Windows [home] machine today. >>> >>> BTW2: if you copied an app that used the sha512 algo an tried to load it >>>> into a *newer* web2py release... >>> >>> I am trying to copy myapp FROM the Linux [webfaction] machine TO my >>> Windows [home] machine. When I created myapp on the Linux machine, I >>> created a myapp using the "New simple application create" function. I never >>> [to my knowledge] altered anything related to CRYPT. So i believe the >>> pbkdf2 algo was generated at app creation time on the Linux [webfaction] >>> machine. >>> >>> BTW3: to pass around an app just ... >>> >>> Thanks BIG TIME for this. I will try these suggestions. >>> >>> BTW4: I seem to recall that very old python calculated hashes >>>> differently. >>> >>> I am using python 2.7 on BOTH the Windows and Linux machines. >>> >>> Thanks for the responses, Niphlod. I'll report back after trying BTW3. >>> >>> Thanks again, Niphlod. >>> >>> Love and peace, >>> >>> Joe >>> >>> >>> On Thursday, December 6, 2012 12:19:40 PM UTC-8, Niphlod wrote: >>>> >>>> appadmin.py ships with the application, so if you really copied the >>>> "controllers" folder you'd have the same file. >>>> BTW, pbkdf2 was introduced ~2 months ago. >>>> BTW2: if you copied an app that used the sha512 algo an tried to load >>>> it into a *newer* web2py release, as soon as the user entered the >>>> password would be updated to the pbkdf2 algo (unless you were using some >>>> explicit IS_CRYPT() validator or the auth_key param on auth, I think). >>>> BTW3: to pass around an app just log into admin and hit "create >>>> package" (or tar.gz the entire applications/myapp folder and load it >>>> locally with "upload package") >>>> BTW4: I seem to recall that very old python calculated hashes >>>> differently. However, it would not be the case unless BTW2 (some fixed >>>> auth_key in auth instantiation or explicit IS_CRYPT() validator) >>>> >>>> --
