[web2py] web2pyslices password hash method

Fri, 14 May 2010 21:05:29 -0700 

thank you freeze for your slices code,

now I try hash my password like you did in slices, copy clienttools.py to
cd/modules folder,I use the code in "def user" in default.py and "def
clientcrypt_auth" in db.py like below,but fail, I can register user but password
was not hashed in database and still plain text. when I log out, I can not login
again with the register one. what I missed in this? 

please advise. Frank

def user():
    if maint_mode and not 'logout' in request.args:
        session.flash = "Site is read-only for maintenance."
        redirect(URL(r=request,f='index'))
    if request.args: 
        response.statusbar = request.args(0).replace("_"," ").capitalize()    
    form = handler = None
    if not session.token:
        import uuid
        session.token=str(uuid.uuid4())    
    auth.settings.login_methods = [clientcrypt_auth(db,session.token)]
    page.include("http://plugins.jquery.com/files/jquery.sha256.min.js.txt";,
                     download=True,filename="jquery.sha256.min.js")
    if request.args(0) == 'register':
        setpass = jq("#auth_user_password").val(jq().sha256hmac(
                      jq("#auth_user_username"),
                      jq("#auth_user_password"))
                    )()
        setverify = jq("input[name='password_two']").val(jq().sha256hmac(
                      jq("#auth_user_username"),
                      jq("input[name='password_two']")) 
                    )()
        handler = setpass + setverify
        
    if request.args(0) == 'login':
        auth.settings.captcha = None
        form=auth()       
        hdn = INPUT(_type="hidden",_name="token",_value=session.token)
        form.components.append(hdn) 
        setpass = jq("#auth_user_password").val(jq().sha256hmac(
                      jq("#auth_user_username").val().toLowerCase(),
                      jq("#auth_user_password")) 
                    )() 
        setagain = jq("#auth_user_password").val(jq().sha256hmac(jq(hdn),
                     jq("#auth_user_password")) 
                     )()  
        handler = setpass + setagain    
         
    if request.args(0)== "retrieve_password" and request.vars.email:
        user = db(db.auth_user.email== request.vars.email).select()
        if user: 
            user=user[0]
            t = auth.settings.table_user
            t.password.requires = CRYPT(key=user.username,digest_alg="sha256")
            
    if request.args(0)=="change_password" and auth.is_logged_in(): 
        form=auth()       
        hdn = INPUT(_type="hidden",_name="username",_value=auth.user.username)
        form.components.append(hdn)        
        setold = jq("#no_table_old_password").val(jq().sha256hmac(
                      jq(hdn),
                      jq("#no_table_old_password")) 
                    )()
        setnew = jq("#no_table_new_password").val(jq().sha256hmac(
                      jq(hdn),
                      jq("#no_table_new_password")) )()
        setverify = jq("#no_table_new_password2").val(jq().sha256hmac(
                        jq(hdn),
                        jq("#no_table_new_password2")) 
                      )()
        handler = setold + setnew + setverify   
             
    if not form: form=auth()
    if handler:  event.listen("submit","form", handler )
    return dict(form=form)


from applications.cd.modules.clienttools import *
page = PageManager(globals())
event = EventManager(page)
js = ScriptManager(page) 
jq = JQuery 

def clientcrypt_auth(db, key):
    def clientcrypt_login_aux(username, password, db=db, key=key):       
        user = db(db.auth_user.username == username).select()
        if user: 
            user=user[0]
            userpass_crypt, error =
CRYPT(key=key,digest_alg="sha256")(user.password)
            if request.vars.password==userpass_crypt: return True     
        return False        
    return clientcrypt_login_aux

Reply via email to