On Apr 21, 10:09 pm, Jonathan Lundell <[email protected]> wrote: > On Apr 21, 2010, at 7:09 PM, mdipierro wrote: > > > NO. You cannot use > > > password=IS_CRYPT()(passwd)[0]) > > > You must use > > > password=db.auth_user.password.requires[0](passwd)[0]) > > > the reason is that IS_CRYPT() by default uses MD5 while if you pass a > > key IS_CRYPT(key='sha521:blabla') is uses better algorithms (for > > example hmac+sha512). So to encrypt the password you have to use the > > same IS_CRYPT(key='...') that you used when defining the model. > > > When you create a new app from admin, auth uses hmac+sha512. > > FWIW (and I'm not sure it's responsive to the original question), I use > something like this: > > uid = auth.get_or_create_user(dict(username='xxx', first_name='fff', > last_name='lll', > email='whate...@localhost', password=hmac.new(my_hmac_key, 'hey!', > sha512).hexdigest(), registration_key="")) > auth.add_membership(gid_admin, uid) > > --
I've attempted to use your example but I get an error saying 'hmac' is not defined. Aside from that it works if I remove the hmac.new altogether but then I'm stuck with it setting the password but not being able to log in due to it not being hashed properly. Thanks, for showing me a simpler way with auth.get_or_create_user. -- Subscription settings: http://groups.google.com/group/web2py/subscribe?hl=en
