[web2py:26351] duplicate users

[Jonathan Lundell]

In Auth.define_tables we define the user table thus:

         if not self.settings.table_user:
             passfield = self.settings.password_field
             self.settings.table_user = db.define_table(
                 self.settings.table_user_name,
                 db.Field('first_name', length=128, default=''),
                 db.Field('last_name', length=128, default=''),
                 # db.Field('username', length=128, default=''),
                 db.Field('email', length=128, default=''),
                 db.Field(passfield, 'password', readable=False,
                          label='Password'),
                 db.Field('registration_key', length=128,
                          writable=False, readable=False, default=''),
                  
migrate=self.__get_migrate(self.settings.table_user_name, migrate))
             table = self.settings.table_user
             table.first_name.requires =  
IS_NOT_EMPTY(error_message=self.messages.is_empty)
             table.last_name.requires =  
IS_NOT_EMPTY(error_message=self.messages.is_empty)
             table[passfield].requires = [CRYPT()]
             table.email.requires =  
[IS_EMAIL(error_message=self.messages.invalid_email),
                                     IS_NOT_IN_DB(db, '%s.email'
                                  %  
self.settings.table_user._tablename)]
             table.registration_key.default = ''

In Auth.register, we have the following auto-login sequence; there's  
similar logic in Auth.login, but it's clearer here:

             else:
                 user[form.vars.id] = dict(registration_key='')
                 session.flash = self.messages.registration_successful
                 table_user = self.settings.table_user
                 if 'username' in table_user.fields:
                     username = 'username'
                 else:
                     username = 'email'
                 users = self.db(table_user[username] ==  
form.vars[username])\
                     .select()
                 user = users[0]
                 user = Storage(table_user._filter_fields(user,  
id=True))
                 session.auth = Storage(user=user,  
last_visit=request.now,
                                    expiration=self.settings.expiration)
                 self.user = user
                 session.flash = self.messages.logged_in

Finally, the manual "Customizing auth_user" says, 'If you add a field  
called "username", it will be used in place of the "email" for login.'  
We see the username/email logic in Auth.register.

The problem is that the username field needs (like email) to be  
IS_NOT_EMPTY and IS_NOT_IN_DB, or the obvious bad thing can happen.

Is it enough to mention the need for the validations (maybe a complete  
sample line) in the manual?

Finally, shouldn't both email and username require unique=True?

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"web2py Web Framework" group.
To post to this group, send email to web2py@googlegroups.com
To unsubscribe from this group, send email to 
web2py+unsubscr...@googlegroups.com
For more options, visit this group at 
http://groups.google.com/group/web2py?hl=en
-~----------~----~----~----~------~----~------~--~---