Fixed in trunk, thanks Rowdy and Nathan. On Feb 18, 9:01 pm, "mr.freeze" <nat...@freezable.com> wrote: > Yes, there are two bugs: > > 1) line 72 of admin/controllers/default.py should be > if not verify_password(request.vars.current_admin_password): > instead of > if verify_password(request.vars.current_admin_password): > > 2) line 54 of admin/models/access.py should be > return _config['password'] == CRYPT()(password)[0] > instead of > return _config['password'] == CRYPT()(request.vars.password)[0] > > On Feb 18, 6:22 pm, Rowdy <da...@fielden.com.au> wrote: > > > Greetings, > > > Since upgrading 1.75.2 to 1.75.4, I have noticed some oddness with > > changing the admin password. > > > When I try to change the admin password, I get: > > > Traceback (most recent call last): > > File "/home/rowdy/web2py/gluon/restricted.py", line 173, in restricted > > exec ccode in environment > > File "/home/rowdy/web2py/applications/admin/controllers/default.py", > > line 1046, in <module> > > File "/home/rowdy/web2py/gluon/globals.py", line 96, in <lambda> > > self._caller = lambda f: f() > > File "/home/rowdy/web2py/applications/admin/controllers/default.py", > > line 72, in change_password > > if verify_password(request.vars.current_admin_password): > > File "/home/rowdy/web2py/applications/admin/models/access.py", line > > 54, in verify_password > > return _config['password'] == CRYPT()(request.vars.password)[0] > > File "/home/rowdy/web2py/gluon/validators.py", line 2267, in __call__ > > return (hash(value, self.digest_alg), None) > > File "/home/rowdy/web2py/gluon/utils.py", line 32, in hash > > h.update(text) > > TypeError: update() argument 1 must be string or read-only buffer, not None > > > There might be a typo in admin/models/access.py in function > > verify_password(). The line near the end (line 54 from the above stack > > trace): > > > return _config['password'] == CRYPT()(request.vars.password)[0] > > > should probably be: > > > return _config['password'] == CRYPT()(password)[0] > > > as password is passed as a parameter to this function. > > > However, after changing this line, when I try to change the admin > > password it does not matter what I type as the old password, even a > > random string of characters. As long as the new passwords match and are > > strong, the admin password is changed. > > > Rowdy
-- You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web...@googlegroups.com. To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/web2py?hl=en.
