I've got this (where the key is a text string): from gluon.tools import * auth=Auth(globals(),db) # authentication/authorization auth.settings.hmac_key = vpepm_hmac_key auth.define_tables() # creates all needed tables
# invoke IS_STRONG only for password creation, not password checking if "login" not in request.args: auth.settings.table_user.password.requires += [IS_STRONG(min=8, max=0, upper=1, lower=1, number=1, special=1)] All my logins are failing with a bad password. I've got a sha512 hash in my user database (manually initialized), but the login form is returning an md5 hash, presumably because digest_alg is set to md5. The manual says, "If a key is specified it uses the HMAC+SHA512 with the provided key," but I don't see where digest_alg is ever set to sha512. Is there a bug, or am I doing something wrong? -- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web...@googlegroups.com. To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.