On Friday, August 10, 2012 2:12:54 PM UTC-4, Rob_McC wrote: > > Anthony: > > You're correct about log gin out and back in, but I did gain access to > jsmith's account upon registration, > and* I could (and did)* > * change his password in profile, and now I control his account *- > locking smith out. > > I did assume that the "old validator" *would still fire,* and not be > replaced > with just my validator.- but used WITH my validator. >
db.auth_user.username.requires = [list, of, validators] db.auth_user.username.requires = IS_MATCH(...) The above replaces a list with a single validator. In Python, if you assign a new value to an object that was a list, it does not get appended to the list -- it replaces the list (as it would replace any other type of object). If you want to mutate an existing list, you have to use .insert(), .append(), .extend(), +, etc., which is what Massimo originally instructed. Also, the book section on customizing Auth says the following: If you add a field called "username", it will be used in place of "email" for login. If you do, you will need to add a validator as well: 1. auth_table.username.requires = IS_NOT_IN_DB(db, auth_table.username) I suppose we could add a sterner warning, though. Perhaps we should force an IS_NOT_IN_DB validator on username/email when registration is processed in case there isn't one. Anthony --
