Right, this is a bug. Reported here:
https://github.com/web2py/web2py/issues/1800
Anthony
On Tuesday, November 7, 2017 at 2:41:12 PM UTC-5, mark.phi...@gmail.com
wrote:
>
> I just encountered the same problem that was described above.
> I use the "auth.settings.password_min_length" variable in db.py and have
> set it to 8 in my case.
>
> For the initial login everything works like expected and all shorter
> passwords are dismissed. However, when changing the password using the
> change_password form, one is able to set a new password with a short length
> down to length 1.
>
> Since I was not sure whether I changed something in my application that
> may have caused this problem, I just tested it with the an unchanged web2py
> version and was able to reproduce it.
>
> Philipp
>
> Am Sonntag, 27. August 2017 18:09:25 UTC+2 schrieb Anthony:
>>
>> First, the default validator is not IS_STRONG -- it is simply CRYPT with
>> min_length set to auth.settings.password_min_length (which defaults to 4).
>>
>> Second, on the password change form, the validator is not ignored, but
>> the min_length of CRYPT is set to 1 for the "Old Password" field only (this
>> is not a problem, because the only validation that matters for the old
>> password is that it matches the password stored in the database). The "New
>> Password" field is validated with whatever validators have been defined for
>> the password field.
>>
>> Anthony
>>
>> On Friday, August 18, 2017 at 9:09:56 AM UTC-4, tomasz bandura wrote:
>>>
>>> Hello,
>>>
>>> For the user registration I use just default validator (IS_STRONG) which
>>> has defined only minimum lenght (4).
>>>
>>> The problem is during password changing (form=auth() -->
>>> default/user/change_password) - validator is ignored and I can set password
>>> with length=1
>>>
>>> Should I set a validator separately?
>>>
>>> There is also parameter 'auth.settings.change_password_onvalidation' but
>>> it hasn't any impact on changing pass action.
>>>
>>>
>>> Regards,
>>> Tomasz
>>>
>>
>
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.