try this: class MyCrypt(CRYPT): def __call__(self,value): return (str(CRYPT(digest_alg='sha256',salt="web2$#py")(value)[0]).split('$')[-1],None) db.auth_user.password.requires = MyCrypt()
On Thursday, 17 April 2014 11:00:57 UTC-5, Louis Amon wrote: > > The 'framework' used was based on ZOPE but very customized. > The encryption procedure was pretty much like this : > > def hash_password(password) >> salt = u"web2$#py" >> password = password + salt >> password = password.encode('utf-8') >> return hashlib.sha256(password).hexdigest() > > > So what I got in DB are strings made with the above function and I'm > trying to migrate these to web2py. > > I tried : > db.auth_user.password.requires = CRYPT(digest_alg='sha256', > salt='web2$#py') > > But it doesn't work. > Same goes if I try to create a new auth_user with the above crypt > validator : the salted password gets properly recorded but CRYPT() doesn't > validate if I input the right password (I used the shell). > That's why I guessed there may be something wrong with '$' in the salt. > > > On Sunday, April 13, 2014 5:52:06 PM UTC+2, Massimo Di Pierro wrote: >> >> The problem is not really that you use $ in salt. The probably is that >> web2py and the framework you moved from must have different conventions for >> storing the salt. We use 'alg$salt$pwd'. What do they use? What is the >> framework? If we know we can convert it. >> >> >> On Friday, 11 April 2014 08:38:38 UTC-5, Louis Amon wrote: >>> >>> I'm trying to migrate from another framework to web2py but can't make >>> any of the previous user accounts work : passwords don't match even tho I >>> have the correct salt and algorithm. >>> >>> After much research, I think the issue is in the way web2py stores >>> passwords : 'alg$salt$pwd' >>> >>> >>> My salt uses the character '$' so I guess the regex goes wrong because >>> of that. >>> >>> It's a big issue for me because not being able to seamlessly plug to my >>> database means I'd have to ask all my users to enter a new password. >>> >>> >>> Any solution/advice ? >>> >> -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.