I read chapter 8 of the web2py manual and some post on authentication
to get started (again) implementing a cms.
I read about MD5 and SHA-512, and understand I have to provide a
secret key for this setting: auth.settings.hmac_key='<your secret
key>' Does this key have a specific format, e.g. 448a98e0-00fd-46b2-
ac4f-a14d2315b189? Or can I use any key? At the moment I am working in
web2py 1.76.5 does this version already use hmac + sha-512?
Furthermore I would like to customize the auth_user table. In the
manual the proper way to define a user table is:
auth_table = db.define_table(auth.settings.table_user_name,
Field('first_name', length=128, default=''),
Field('last_name', length=128, default=''),
Field('email', length=128, default='', unique=True),
Field('password', 'password', length=256, readable=False,
label='Password'),
Field('registration_key', length=128, default= '', writable=False,
readable=False))
auth_table.first_name.requires =
IS_NOT_EMPTY(error_message=auth.messages.is_empty)
auth_table.last_name.requires =
IS_NOT_EMPTY(error_message=auth.messages.is_empty)
auth_table.password.requires = [IS_STRONG(), CRYPT()]
auth_table.email.requires =
[IS_EMAIL(error_message=auth.messages.invalid_email), IS_NOT_IN_DB(db,
auth_table.email)]
auth.settings.table_user = auth_table
In a workgroup post of 8 February I read this definition:
auth.settings.table_user = db.define_table('auth_user',
Field('first_name', length=512,default=''),
Field('last_name', length=512,default=''),
Field('email', length=512,default='', requires =
[IS_EMAIL(),IS_NOT_IN_DB(db,'auth_user.email')]),
Field('password', 'password', readable=False, label='Password',
requires=CRYPT(auth.settings.hmac_key)),
Field('registration_key', length=512, writable=False,
readable=False,default=''),
Field('reset_password_key', length=512, writable=False,
readable=False, default=''))
What is the reset_password_key for? I guess I'd better use the latter
table definition, don't I need any validators?
Kind regards,
Annet.
