First, the default validator is not IS_STRONG -- it is simply CRYPT with min_length set to auth.settings.password_min_length (which defaults to 4).
Second, on the password change form, the validator is not ignored, but the min_length of CRYPT is set to 1 for the "Old Password" field only (this is not a problem, because the only validation that matters for the old password is that it matches the password stored in the database). The "New Password" field is validated with whatever validators have been defined for the password field. Anthony On Friday, August 18, 2017 at 9:09:56 AM UTC-4, tomasz bandura wrote: > > Hello, > > For the user registration I use just default validator (IS_STRONG) which > has defined only minimum lenght (4). > > The problem is during password changing (form=auth() --> > default/user/change_password) - validator is ignored and I can set password > with length=1 > > Should I set a validator separately? > > There is also parameter 'auth.settings.change_password_onvalidation' but > it hasn't any impact on changing pass action. > > > Regards, > Tomasz > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.