On Tue, Nov 22, 2011 at 9:21 AM, Massimo Di Pierro <massimo.dipie...@gmail.com> wrote: > must be hashed Hmm I can't seem to get this working. I should probably have mentioned that we are using basic auth to use this user on the client side. When I hash the password and insert it into the database it is not hashing the password passed in from basic login. Does this mean that we should be changing the "basic" method to hash the password that it finds there also? like this:
(username, password) = base64.b64decode(basic[6:]).split(':') password = db.auth_user.password.validate(str(uuid.uuid4()))[0] return self.login_bare(username, password) Just to be clear, I'll reiterate what we're trying to do here. A temporary user is created in the system with a uuid username and uuid password like this: settings["serverUser"] = str(uuid.uuid4()) settings["serverPassword"] = db.auth_user.password.validate(str(uuid.uuid4()))[0] user = auth.get_or_create_user(dict(username=settings["serverUser"], password=settings["serverPassword"])) then, on the client side, we are using curl to call a restful action on the server using this login info, like this: curl https://localhost:2345/some/rest/verb -u "<serverUser from above>:<serverPassword from above>" and its still redirecting. I can confirm that the passwords passed in to login_bare are the same until this is called: password = table_user[passfield].validate(password)[0] > > settings["serverPassword"] = > db.auth_user.password.validate(str(uuid.uuid4()))[0] > > On Nov 22, 8:19 am, Matt Broadstone <mbroa...@gmail.com> wrote: >> Hello, >> In our project we need to create a temporary user for the web2py app >> so that a remote system can send back a singe status update. In order >> to do this, when the command is sent out we create a temporary user >> like this: >> >> settings["serverUser"] = str(uuid.uuid4()) >> settings["serverPassword"] = str(uuid.uuid4()) >> user = auth.get_or_create_user(dict(username=settings["serverUser"], >> password=settings["serverPassword"])) >> >> This adds the user/password to the database just fine, however, login >> fails because of this line in login_bare: >> password = table_user[passfield].validate(password)[0] >> >> if I remove this line, the password is as expected, which leads me to >> think that we are not adding the password in the first case properly. >> Does it need to be hashed some way? >> >> Matt >