I have a legacy database, which we have created the tables to use Auth. We have inserted in auth_user all users through a process, for most know the email, so we have set an empty string, and we validate the user by username.
In those days we had a situation where I've gone literally mad. I find that all passwords are the same for all users. After much spin, I found that this situation occurs when a user changes the password. Viewing Note Auth.change_password code based on the user email changes, to identify the record, instead of the id, so for all users who do not have a defined email will be changed. It seems better to base the criterion of identification in the id and not in the email. chage line: s = db (table_user.email == self.user.email) by: s = db (table_user.id == self.user.id) Regards Jose
