try this:
class MyCrypt(CRYPT):
def __call__(self,value):
return
(str(CRYPT(digest_alg='sha256',salt="web2$#py")(value)[0]).split('$')[-1],None)
db.auth_user.password.requires = MyCrypt()
On Thursday, 17 April 2014 11:00:57 UTC-5, Louis Amon wrote:
>
> The 'framework' used was based on ZOPE but very customized.
> The encryption procedure was pretty much like this :
>
> def hash_password(password)
>> salt = u"web2$#py"
>> password = password + salt
>> password = password.encode('utf-8')
>> return hashlib.sha256(password).hexdigest()
>
>
> So what I got in DB are strings made with the above function and I'm
> trying to migrate these to web2py.
>
> I tried :
> db.auth_user.password.requires = CRYPT(digest_alg='sha256',
> salt='web2$#py')
>
> But it doesn't work.
> Same goes if I try to create a new auth_user with the above crypt
> validator : the salted password gets properly recorded but CRYPT() doesn't
> validate if I input the right password (I used the shell).
> That's why I guessed there may be something wrong with '$' in the salt.
>
>
> On Sunday, April 13, 2014 5:52:06 PM UTC+2, Massimo Di Pierro wrote:
>>
>> The problem is not really that you use $ in salt. The probably is that
>> web2py and the framework you moved from must have different conventions for
>> storing the salt. We use 'alg$salt$pwd'. What do they use? What is the
>> framework? If we know we can convert it.
>>
>>
>> On Friday, 11 April 2014 08:38:38 UTC-5, Louis Amon wrote:
>>>
>>> I'm trying to migrate from another framework to web2py but can't make
>>> any of the previous user accounts work : passwords don't match even tho I
>>> have the correct salt and algorithm.
>>>
>>> After much research, I think the issue is in the way web2py stores
>>> passwords : 'alg$salt$pwd'
>>>
>>>
>>> My salt uses the character '$' so I guess the regex goes wrong because
>>> of that.
>>>
>>> It's a big issue for me because not being able to seamlessly plug to my
>>> database means I'd have to ask all my users to enter a new password.
>>>
>>>
>>> Any solution/advice ?
>>>
>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
