Right, this is a bug. Reported here: https://github.com/web2py/web2py/issues/1800
Anthony On Tuesday, November 7, 2017 at 2:41:12 PM UTC-5, [email protected] wrote: > > I just encountered the same problem that was described above. > I use the "auth.settings.password_min_length" variable in db.py and have > set it to 8 in my case. > > For the initial login everything works like expected and all shorter > passwords are dismissed. However, when changing the password using the > change_password form, one is able to set a new password with a short length > down to length 1. > > Since I was not sure whether I changed something in my application that > may have caused this problem, I just tested it with the an unchanged web2py > version and was able to reproduce it. > > Philipp > > Am Sonntag, 27. August 2017 18:09:25 UTC+2 schrieb Anthony: >> >> First, the default validator is not IS_STRONG -- it is simply CRYPT with >> min_length set to auth.settings.password_min_length (which defaults to 4). >> >> Second, on the password change form, the validator is not ignored, but >> the min_length of CRYPT is set to 1 for the "Old Password" field only (this >> is not a problem, because the only validation that matters for the old >> password is that it matches the password stored in the database). The "New >> Password" field is validated with whatever validators have been defined for >> the password field. >> >> Anthony >> >> On Friday, August 18, 2017 at 9:09:56 AM UTC-4, tomasz bandura wrote: >>> >>> Hello, >>> >>> For the user registration I use just default validator (IS_STRONG) which >>> has defined only minimum lenght (4). >>> >>> The problem is during password changing (form=auth() --> >>> default/user/change_password) - validator is ignored and I can set password >>> with length=1 >>> >>> Should I set a validator separately? >>> >>> There is also parameter 'auth.settings.change_password_onvalidation' but >>> it hasn't any impact on changing pass action. >>> >>> >>> Regards, >>> Tomasz >>> >> > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
