Re: [web2py] SQLFORM Validation and Password Hashes
On 10 March 2015 at 06:53, horridohobbyist horrido.hobb...@gmail.com wrote: I use SQLFORM to add records to a table. However, one of the fields is a password which requires=[IS_STRONG(upper=2),CRYPT(salt=False)]. I would like to use SQLFORM to update records in the table, but I run into a problem: the password field contains the hash of the password, which will not pass validation. So even if I don't change the password field, SQLFORM insists that I enter something that can be validated. If I can't use SQLFORM, then I will have to build my own form and do everything from scratch, essentially mimicking SQLFORM. That seems to me to be a lot of unnecessary work. Is there an easy workaround? (Yeah, I'm still a web2py newbie.) Showing your code will help people on this list to help you. Regards Johann -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] SQLFORM Validation and Password Hashes
The table definition is:
db.define_table('teams',
Field('team_email',requires=[IS_EMAIL(),IS_NOT_IN_DB(db,'teams.team_email')]),
Field('password',requires=[IS_STRONG(upper=2),CRYPT(salt=False)]),
Field('team_name',requires=[IS_TEAM_NAME(),IS_NOT_IN_DB(db,'teams.team_name')]),
Field('reg_date','datetime',readable=False,writable=False,default=datetime.datetime.today()),
Field('reg_key',readable=False,writable=False),
Field('team_size',requires=IS_IN_SET([1,2,3,4])),
Field('team_captain',requires=IS_NOT_EMPTY()),
Field('second_member',requires=IS_CONDENSED()),
Field('third_member',requires=IS_CONDENSED()),
Field('fourth_member',requires=IS_CONDENSED()),
Field('school',requires=IS_NOT_EMPTY()),
Field('teachers_email',requires=IS_EMAIL()))
The call to SQLFORM in the default controller is:
record = db.teams(id)
form = SQLFORM(db.teams, record)
if form.process().accepted:
response.flash = 'profile updated'
What other code would be helpful??
On Tuesday, 10 March 2015 02:13:26 UTC-4, Johann Spies wrote:
On 10 March 2015 at 06:53, horridohobbyist horrido...@gmail.com
javascript: wrote:
I use SQLFORM to add records to a table. However, one of the fields is a
password which requires=[IS_STRONG(upper=2),CRYPT(salt=False)].
I would like to use SQLFORM to update records in the table, but I run
into a problem: the password field contains the hash of the password,
which will not pass validation. So even if I don't change the password
field, SQLFORM insists that I enter something that can be validated.
If I can't use SQLFORM, then I will have to build my own form and do
everything from scratch, essentially mimicking SQLFORM. That seems to me to
be a lot of unnecessary work.
Is there an easy workaround?
(Yeah, I'm still a web2py newbie.)
Showing your code will help people on this list to help you.
Regards
Johann
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [web2py] SQLFORM Validation and Password Hashes
Nobody has any ideas?? Surely, this is a common use case...
On Tuesday, 10 March 2015 07:41:45 UTC-4, horridohobbyist wrote:
The table definition is:
db.define_table('teams',
Field('team_email',requires=[IS_EMAIL(),IS_NOT_IN_DB(db,'teams.team_email')]),
Field('password',requires=[IS_STRONG(upper=2),CRYPT(salt=False)]),
Field('team_name',requires=[IS_TEAM_NAME(),IS_NOT_IN_DB(db,'teams.team_name')]),
Field('reg_date','datetime',readable=False,writable=False,default=datetime.datetime.today()),
Field('reg_key',readable=False,writable=False),
Field('team_size',requires=IS_IN_SET([1,2,3,4])),
Field('team_captain',requires=IS_NOT_EMPTY()),
Field('second_member',requires=IS_CONDENSED()),
Field('third_member',requires=IS_CONDENSED()),
Field('fourth_member',requires=IS_CONDENSED()),
Field('school',requires=IS_NOT_EMPTY()),
Field('teachers_email',requires=IS_EMAIL()))
The call to SQLFORM in the default controller is:
record = db.teams(id)
form = SQLFORM(db.teams, record)
if form.process().accepted:
response.flash = 'profile updated'
What other code would be helpful??
On Tuesday, 10 March 2015 02:13:26 UTC-4, Johann Spies wrote:
On 10 March 2015 at 06:53, horridohobbyist horrido...@gmail.com wrote:
I use SQLFORM to add records to a table. However, one of the fields is a
password which requires=[IS_STRONG(upper=2),CRYPT(salt=False)].
I would like to use SQLFORM to update records in the table, but I run
into a problem: the password field contains the hash of the password,
which will not pass validation. So even if I don't change the password
field, SQLFORM insists that I enter something that can be validated.
If I can't use SQLFORM, then I will have to build my own form and do
everything from scratch, essentially mimicking SQLFORM. That seems to me to
be a lot of unnecessary work.
Is there an easy workaround?
(Yeah, I'm still a web2py newbie.)
Showing your code will help people on this list to help you.
Regards
Johann
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: [web2py] SQLFORM Validation and Password Hashes
On Tuesday, March 10, 2015 at 10:44:36 AM UTC-7, horridohobbyist wrote:
Nobody has any ideas?? Surely, this is a common use case...
Does it work to make the password field readable=writable=False in the
form? If it does, you can probably add a button for change password to
toggle those on.
/dps
On Tuesday, 10 March 2015 07:41:45 UTC-4, horridohobbyist wrote:
The table definition is:
db.define_table('teams',
Field('team_email',requires=[IS_EMAIL(),IS_NOT_IN_DB(db,'teams.team_email')]),
Field('password',requires=[IS_STRONG(upper=2),CRYPT(salt=False)]),
Field('team_name',requires=[IS_TEAM_NAME(),IS_NOT_IN_DB(db,'teams.team_name')]),
Field('reg_date','datetime',readable=False,writable=False,default=datetime.datetime.today()),
Field('reg_key',readable=False,writable=False),
Field('team_size',requires=IS_IN_SET([1,2,3,4])),
Field('team_captain',requires=IS_NOT_EMPTY()),
Field('second_member',requires=IS_CONDENSED()),
Field('third_member',requires=IS_CONDENSED()),
Field('fourth_member',requires=IS_CONDENSED()),
Field('school',requires=IS_NOT_EMPTY()),
Field('teachers_email',requires=IS_EMAIL()))
The call to SQLFORM in the default controller is:
record = db.teams(id)
form = SQLFORM(db.teams, record)
if form.process().accepted:
response.flash = 'profile updated'
What other code would be helpful??
On Tuesday, 10 March 2015 02:13:26 UTC-4, Johann Spies wrote:
On 10 March 2015 at 06:53, horridohobbyist horrido...@gmail.com wrote:
I use SQLFORM to add records to a table. However, one of the fields is a
password which requires=[IS_STRONG(upper=2),CRYPT(salt=False)].
I would like to use SQLFORM to update records in the table, but I run
into a problem: the password field contains the hash of the password,
which will not pass validation. So even if I don't change the password
field, SQLFORM insists that I enter something that can be validated.
If I can't use SQLFORM, then I will have to build my own form and do
everything from scratch, essentially mimicking SQLFORM. That seems to me
to
be a lot of unnecessary work.
Is there an easy workaround?
(Yeah, I'm still a web2py newbie.)
Showing your code will help people on this list to help you.
Regards
Johann
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups
web2py-users group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
[web2py] SQLFORM Validation and Password Hashes
I use SQLFORM to add records to a table. However, one of the fields is a password which requires=[IS_STRONG(upper=2),CRYPT(salt=False)]. I would like to use SQLFORM to update records in the table, but I run into a problem: the password field contains the hash of the password, which will not pass validation. So even if I don't change the password field, SQLFORM insists that I enter something that can be validated. If I can't use SQLFORM, then I will have to build my own form and do everything from scratch, essentially mimicking SQLFORM. That seems to me to be a lot of unnecessary work. Is there an easy workaround? (Yeah, I'm still a web2py newbie.) -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
