On Apr 21, 2010, at 7:09 PM, mdipierro wrote:
> NO. You cannot use
>
> password=IS_CRYPT()(passwd)[0])
>
> You must use
>
> password=db.auth_user.password.requires[0](passwd)[0])
>
> the reason is that IS_CRYPT() by default uses MD5 while if you pass a
> key IS_CRYPT(key='sha521:blabla') is uses better algorithms (for
> example hmac+sha512). So to encrypt the password you have to use the
> same IS_CRYPT(key='...') that you used when defining the model.
>
> When you create a new app from admin, auth uses hmac+sha512.
FWIW (and I'm not sure it's responsive to the original question), I use
something like this:
uid = auth.get_or_create_user(dict(username='xxx', first_name='fff',
last_name='lll',
email='whate...@localhost', password=hmac.new(my_hmac_key, 'hey!',
sha512).hexdigest(), registration_key=""))
auth.add_membership(gid_admin, uid)
--
Subscription settings: http://groups.google.com/group/web2py/subscribe?hl=en
