On Tue, Nov 22, 2011 at 1:32 PM, Massimo Di Pierro
<massimo.dipie...@gmail.com> wrote:
> If the password is a UUID how are the users supposed to know what it
> and use it to login. I am missing something here.
its a temporary password, for a one time callback.
> On Nov 22, 12:08 pm, Matt Broadstone <mbroa...@gmail.com> wrote:
>> On Tue, Nov 22, 2011 at 9:21 AM, Massimo Di
>> Pierro<massimo.dipie...@gmail.com> wrote:
>> > must be hashed
>>
>> Hmm I can't seem to get this working. I should probably have mentioned
>> that we are using basic auth to use this user on the client side. When
>> I hash the password and insert it into the database it is not hashing
>> the password passed in from basic login. Does this mean that we should
>> be changing the "basic" method to hash the password that it finds
>> there also? like this:
>>
>> (username, password) = base64.b64decode(basic[6:]).split(':')
>> password = db.auth_user.password.validate(str(uuid.uuid4()))[0]
>> return self.login_bare(username, password)
>>
>> Just to be clear, I'll reiterate what we're trying to do here.
>>
>> A temporary user is created in the system with a uuid username and
>> uuid password like this:
>> settings["serverUser"] = str(uuid.uuid4())
>> settings["serverPassword"] =
>> db.auth_user.password.validate(str(uuid.uuid4()))[0]
>> user = auth.get_or_create_user(dict(username=settings["serverUser"],
>> password=settings["serverPassword"]))
>>
>> then, on the client side, we are using curl to call a restful action
>> on the server using this login info, like this:
>> curlhttps://localhost:2345/some/rest/verb-u "<serverUser
>> from above>:<serverPassword from above>"
>>
>> and its still redirecting. I can confirm that the passwords passed in
>> to login_bare are the same until this is called:
>> password = table_user[passfield].validate(password)[0]
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> > settings["serverPassword"] =
>> > db.auth_user.password.validate(str(uuid.uuid4()))[0]
>>
>> > On Nov 22, 8:19 am, Matt Broadstone <mbroa...@gmail.com> wrote:
>> >> Hello,
>> >> In our project we need to create a temporary user for the web2py app
>> >> so that a remote system can send back a singe status update. In order
>> >> to do this, when the command is sent out we create a temporary user
>> >> like this:
>>
>> >> settings["serverUser"] = str(uuid.uuid4())
>> >> settings["serverPassword"] = str(uuid.uuid4())
>> >> user =
>> >> auth.get_or_create_user(dict(username=settings["serverUser"],
>> >> password=settings["serverPassword"]))
>>
>> >> This adds the user/password to the database just fine, however, login
>> >> fails because of this line in login_bare:
>> >> password = table_user[passfield].validate(password)[0]
>>
>> >> if I remove this line, the password is as expected, which leads me to
>> >> think that we are not adding the password in the first case properly.
>> >> Does it need to be hashed some way?
>>
>> >> Matt
>
