Aside from forking the framework, I suppose you could take one of these approaches:
1. Monkey patch gluon.utils.simple_hash. 2. Subclass validators.CRYPT and validators.LazyCrypt, and in LazyCrypt, replace the __str__ method with one that calls a custom simple_hash function. 3. Create an entirely new custom hashing validator that replicates the algorithm used by the other app. Anthony On Thursday, May 26, 2016 at 1:19:35 PM UTC-4, David Orme wrote: > > Hello, > > I've got an application where I'm sharing a database with a second (non > web2py) framework. I want my web2py application to handle user registration > and would like to avoid users having two passwords (partly so that only > web2py ever writes to the auth_user table). > > Inevitably, the hashed password storage formats differ, but I can match > the hash algorithm between the two frameworks: > > db.auth_user.password.requires = CRYPT(digest_alg='sha512') > > Then I can just calculate the value of a second hashed password field in > the foreign format - it involves recoding the string as base64, not hex, > but that can be achieved using a computed field. > > def alt_password(r): > passwd = r.password.split('$') > alt = base64.b64encode(passwd[1].decode('hex')) + \ > '*' + base64.b64encode(passwd[2].decode('hex')) > return alt > > > auth.settings.extra_fields['auth_user']= [ > Field('alt_password', compute=lambda r: alt_password(r)) > ] > > > > *Except...* the simple_hash function in web2py uses (password + salt) as > an input and the second framework uses (salt + password), which means there > is no way to reproduce the second format from the stored hashed password. I > can hack the web2py utils.py file on my installation to reverse this but I > wanted to check if there was a more elegant way of overloading the > simple_hash function without having to change the codebase, which makes my > application unstable to upgrade. > > I did wonder about extending the settings to include a salt order, but I > think that would mean you'd have to extend the password string to record > the order: alg$order$salt$hash. That seems like a bit of a big change for a > fairly fringe use case! > > > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.