On Feb 7, 2010, at 12:07 PM, mdipierro wrote: > remember that validators are filters. You need to check that a > password is strong BEFORE it is hashed. > So instead of this: > > auth.settings.table_user.password.requires += [IS_STRONG(min=8, max=0, > upper=1, lower=1, number=1, special=1)] > > Do this > > auth.settings.table_user.password.insert(0,IS_STRONG(min=8, max=0, > upper=1, lower=1, number=1, special=1)) > > Not sure this is your problem but try again after this fix.
Shouldn't that be auth.settings.table_user.password.requires.insert(0,IS_STRONG(min=8, max=0, upper=1, lower=1, number=1, special=1)) ? > > On Feb 7, 1:44 pm, Jonathan Lundell <jlund...@pobox.com> wrote: >> I've got this (where the key is a text string): >> >> from gluon.tools import * >> auth=Auth(globals(),db) # authentication/authorization >> auth.settings.hmac_key = vpepm_hmac_key >> auth.define_tables() # creates all needed tables >> >> # invoke IS_STRONG only for password creation, not password checking >> if "login" not in request.args: >> auth.settings.table_user.password.requires += [IS_STRONG(min=8, max=0, >> upper=1, lower=1, number=1, special=1)] >> >> All my logins are failing with a bad password. I've got a sha512 hash in my >> user database (manually initialized), but the login form is returning an md5 >> hash, presumably because digest_alg is set to md5. The manual says, "If a >> key is specified it uses the HMAC+SHA512 with the provided key," but I don't >> see where digest_alg is ever set to sha512. >> >> Is there a bug, or am I doing something wrong? > > -- > You received this message because you are subscribed to the Google Groups > "web2py-users" group. > To post to this group, send email to web...@googlegroups.com. > To unsubscribe from this group, send email to > web2py+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/web2py?hl=en. > -- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web...@googlegroups.com. To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
