Re: [web2py] SQLFORM Validation and Password Hashes
On 10 March 2015 at 06:53, horridohobbyist horrido.hobb...@gmail.com wrote: I use SQLFORM to add records to a table. However, one of the fields is a password which requires=[IS_STRONG(upper=2),CRYPT(salt=False)]. I would like to use SQLFORM to update records in the table, but I run into a problem: the password field contains the hash of the password, which will not pass validation. So even if I don't change the password field, SQLFORM insists that I enter something that can be validated. If I can't use SQLFORM, then I will have to build my own form and do everything from scratch, essentially mimicking SQLFORM. That seems to me to be a lot of unnecessary work. Is there an easy workaround? (Yeah, I'm still a web2py newbie.) Showing your code will help people on this list to help you. Regards Johann -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] SQLFORM Validation and Password Hashes
The table definition is: db.define_table('teams', Field('team_email',requires=[IS_EMAIL(),IS_NOT_IN_DB(db,'teams.team_email')]), Field('password',requires=[IS_STRONG(upper=2),CRYPT(salt=False)]), Field('team_name',requires=[IS_TEAM_NAME(),IS_NOT_IN_DB(db,'teams.team_name')]), Field('reg_date','datetime',readable=False,writable=False,default=datetime.datetime.today()), Field('reg_key',readable=False,writable=False), Field('team_size',requires=IS_IN_SET([1,2,3,4])), Field('team_captain',requires=IS_NOT_EMPTY()), Field('second_member',requires=IS_CONDENSED()), Field('third_member',requires=IS_CONDENSED()), Field('fourth_member',requires=IS_CONDENSED()), Field('school',requires=IS_NOT_EMPTY()), Field('teachers_email',requires=IS_EMAIL())) The call to SQLFORM in the default controller is: record = db.teams(id) form = SQLFORM(db.teams, record) if form.process().accepted: response.flash = 'profile updated' What other code would be helpful?? On Tuesday, 10 March 2015 02:13:26 UTC-4, Johann Spies wrote: On 10 March 2015 at 06:53, horridohobbyist horrido...@gmail.com javascript: wrote: I use SQLFORM to add records to a table. However, one of the fields is a password which requires=[IS_STRONG(upper=2),CRYPT(salt=False)]. I would like to use SQLFORM to update records in the table, but I run into a problem: the password field contains the hash of the password, which will not pass validation. So even if I don't change the password field, SQLFORM insists that I enter something that can be validated. If I can't use SQLFORM, then I will have to build my own form and do everything from scratch, essentially mimicking SQLFORM. That seems to me to be a lot of unnecessary work. Is there an easy workaround? (Yeah, I'm still a web2py newbie.) Showing your code will help people on this list to help you. Regards Johann -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] SQLFORM Validation and Password Hashes
Nobody has any ideas?? Surely, this is a common use case... On Tuesday, 10 March 2015 07:41:45 UTC-4, horridohobbyist wrote: The table definition is: db.define_table('teams', Field('team_email',requires=[IS_EMAIL(),IS_NOT_IN_DB(db,'teams.team_email')]), Field('password',requires=[IS_STRONG(upper=2),CRYPT(salt=False)]), Field('team_name',requires=[IS_TEAM_NAME(),IS_NOT_IN_DB(db,'teams.team_name')]), Field('reg_date','datetime',readable=False,writable=False,default=datetime.datetime.today()), Field('reg_key',readable=False,writable=False), Field('team_size',requires=IS_IN_SET([1,2,3,4])), Field('team_captain',requires=IS_NOT_EMPTY()), Field('second_member',requires=IS_CONDENSED()), Field('third_member',requires=IS_CONDENSED()), Field('fourth_member',requires=IS_CONDENSED()), Field('school',requires=IS_NOT_EMPTY()), Field('teachers_email',requires=IS_EMAIL())) The call to SQLFORM in the default controller is: record = db.teams(id) form = SQLFORM(db.teams, record) if form.process().accepted: response.flash = 'profile updated' What other code would be helpful?? On Tuesday, 10 March 2015 02:13:26 UTC-4, Johann Spies wrote: On 10 March 2015 at 06:53, horridohobbyist horrido...@gmail.com wrote: I use SQLFORM to add records to a table. However, one of the fields is a password which requires=[IS_STRONG(upper=2),CRYPT(salt=False)]. I would like to use SQLFORM to update records in the table, but I run into a problem: the password field contains the hash of the password, which will not pass validation. So even if I don't change the password field, SQLFORM insists that I enter something that can be validated. If I can't use SQLFORM, then I will have to build my own form and do everything from scratch, essentially mimicking SQLFORM. That seems to me to be a lot of unnecessary work. Is there an easy workaround? (Yeah, I'm still a web2py newbie.) Showing your code will help people on this list to help you. Regards Johann -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [web2py] SQLFORM Validation and Password Hashes
On Tuesday, March 10, 2015 at 10:44:36 AM UTC-7, horridohobbyist wrote: Nobody has any ideas?? Surely, this is a common use case... Does it work to make the password field readable=writable=False in the form? If it does, you can probably add a button for change password to toggle those on. /dps On Tuesday, 10 March 2015 07:41:45 UTC-4, horridohobbyist wrote: The table definition is: db.define_table('teams', Field('team_email',requires=[IS_EMAIL(),IS_NOT_IN_DB(db,'teams.team_email')]), Field('password',requires=[IS_STRONG(upper=2),CRYPT(salt=False)]), Field('team_name',requires=[IS_TEAM_NAME(),IS_NOT_IN_DB(db,'teams.team_name')]), Field('reg_date','datetime',readable=False,writable=False,default=datetime.datetime.today()), Field('reg_key',readable=False,writable=False), Field('team_size',requires=IS_IN_SET([1,2,3,4])), Field('team_captain',requires=IS_NOT_EMPTY()), Field('second_member',requires=IS_CONDENSED()), Field('third_member',requires=IS_CONDENSED()), Field('fourth_member',requires=IS_CONDENSED()), Field('school',requires=IS_NOT_EMPTY()), Field('teachers_email',requires=IS_EMAIL())) The call to SQLFORM in the default controller is: record = db.teams(id) form = SQLFORM(db.teams, record) if form.process().accepted: response.flash = 'profile updated' What other code would be helpful?? On Tuesday, 10 March 2015 02:13:26 UTC-4, Johann Spies wrote: On 10 March 2015 at 06:53, horridohobbyist horrido...@gmail.com wrote: I use SQLFORM to add records to a table. However, one of the fields is a password which requires=[IS_STRONG(upper=2),CRYPT(salt=False)]. I would like to use SQLFORM to update records in the table, but I run into a problem: the password field contains the hash of the password, which will not pass validation. So even if I don't change the password field, SQLFORM insists that I enter something that can be validated. If I can't use SQLFORM, then I will have to build my own form and do everything from scratch, essentially mimicking SQLFORM. That seems to me to be a lot of unnecessary work. Is there an easy workaround? (Yeah, I'm still a web2py newbie.) Showing your code will help people on this list to help you. Regards Johann -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups web2py-users group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.