Worked like a charm !
Thanks a lot
On Friday, April 18, 2014 10:05:37 PM UTC+2, Massimo Di Pierro wrote:
>
> try this:
>
> class MyCrypt(CRYPT):
> def __call__(self,value):
> return
> (str(CRYPT(digest_alg='sha256',salt="web2$#py")(value)[0]).split('$')[-1],None)
> db.auth_user.password.requires = MyCrypt()
>
>
>
> On Thursday, 17 April 2014 11:00:57 UTC-5, Louis Amon wrote:
>>
>> The 'framework' used was based on ZOPE but very customized.
>> The encryption procedure was pretty much like this :
>>
>> def hash_password(password)
>>> salt = u"web2$#py"
>>> password = password + salt
>>> password = password.encode('utf-8')
>>> return hashlib.sha256(password).hexdigest()
>>
>>
>> So what I got in DB are strings made with the above function and I'm
>> trying to migrate these to web2py.
>>
>> I tried :
>> db.auth_user.password.requires = CRYPT(digest_alg='sha256',
>> salt='web2$#py')
>>
>> But it doesn't work.
>> Same goes if I try to create a new auth_user with the above crypt
>> validator : the salted password gets properly recorded but CRYPT() doesn't
>> validate if I input the right password (I used the shell).
>> That's why I guessed there may be something wrong with '$' in the salt.
>>
>>
>> On Sunday, April 13, 2014 5:52:06 PM UTC+2, Massimo Di Pierro wrote:
>>>
>>> The problem is not really that you use $ in salt. The probably is that
>>> web2py and the framework you moved from must have different conventions for
>>> storing the salt. We use 'alg$salt$pwd'. What do they use? What is the
>>> framework? If we know we can convert it.
>>>
>>>
>>> On Friday, 11 April 2014 08:38:38 UTC-5, Louis Amon wrote:
>>>>
>>>> I'm trying to migrate from another framework to web2py but can't make
>>>> any of the previous user accounts work : passwords don't match even tho I
>>>> have the correct salt and algorithm.
>>>>
>>>> After much research, I think the issue is in the way web2py stores
>>>> passwords : 'alg$salt$pwd'
>>>>
>>>>
>>>> My salt uses the character '$' so I guess the regex goes wrong because
>>>> of that.
>>>>
>>>> It's a big issue for me because not being able to seamlessly plug to my
>>>> database means I'd have to ask all my users to enter a new password.
>>>>
>>>>
>>>> Any solution/advice ?
>>>>
>>>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
