On Tue, Nov 22, 2011 at 2:31 PM, Matt Broadstone <mbroa...@gmail.com> wrote:
> On Tue, Nov 22, 2011 at 1:32 PM, Massimo Di Pierro
> <massimo.dipie...@gmail.com> wrote:
>> If the password is a UUID how are the users supposed to know what it
>> and use it to login. I am missing something here.
> its a temporary password, for a one time callback.
>
Aren't passwords always hashed when entered in the database? If so,
why aren't they hashed in the basic method before they are sent to
login_bare?
Matt
>> On Nov 22, 12:08 pm, Matt Broadstone <mbroa...@gmail.com> wrote:
>>> On Tue, Nov 22, 2011 at 9:21 AM, Massimo Di
>>> Pierro<massimo.dipie...@gmail.com> wrote:
>>> > must be hashed
>>>
>>> Hmm I can't seem to get this working. I should probably have mentioned
>>> that we are using basic auth to use this user on the client side. When
>>> I hash the password and insert it into the database it is not hashing
>>> the password passed in from basic login. Does this mean that we should
>>> be changing the "basic" method to hash the password that it finds
>>> there also? like this:
>>>
>>> (username, password) = base64.b64decode(basic[6:]).split(':')
>>> password = db.auth_user.password.validate(str(uuid.uuid4()))[0]
>>> return self.login_bare(username, password)
>>>
>>> Just to be clear, I'll reiterate what we're trying to do here.
>>>
>>> A temporary user is created in the system with a uuid username and
>>> uuid password like this:
>>> settings["serverUser"] = str(uuid.uuid4())
>>> settings["serverPassword"] =
>>> db.auth_user.password.validate(str(uuid.uuid4()))[0]
>>> user = auth.get_or_create_user(dict(username=settings["serverUser"],
>>> password=settings["serverPassword"]))
>>>
>>> then, on the client side, we are using curl to call a restful action
>>> on the server using this login info, like this:
>>> curlhttps://localhost:2345/some/rest/verb-u "<serverUser
>>> from above>:<serverPassword from above>"
>>>
>>> and its still redirecting. I can confirm that the passwords passed in
>>> to login_bare are the same until this is called:
>>> password = table_user[passfield].validate(password)[0]
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> > settings["serverPassword"] =
>>> > db.auth_user.password.validate(str(uuid.uuid4()))[0]
>>>
>>> > On Nov 22, 8:19 am, Matt Broadstone <mbroa...@gmail.com> wrote:
>>> >> Hello,
>>> >> In our project we need to create a temporary user for the web2py app
>>> >> so that a remote system can send back a singe status update. In order
>>> >> to do this, when the command is sent out we create a temporary user
>>> >> like this:
>>>
>>> >> settings["serverUser"] = str(uuid.uuid4())
>>> >> settings["serverPassword"] = str(uuid.uuid4())
>>> >> user =
>>> >> auth.get_or_create_user(dict(username=settings["serverUser"],
>>> >> password=settings["serverPassword"]))
>>>
>>> >> This adds the user/password to the database just fine, however, login
>>> >> fails because of this line in login_bare:
>>> >> password = table_user[passfield].validate(password)[0]
>>>
>>> >> if I remove this line, the password is as expected, which leads me to
>>> >> think that we are not adding the password in the first case properly.
>>> >> Does it need to be hashed some way?
>>>
>>> >> Matt
>>
>
