On Tue, Nov 22, 2011 at 2:31 PM, Matt Broadstone <mbroa...@gmail.com> wrote: > On Tue, Nov 22, 2011 at 1:32 PM, Massimo Di Pierro > <massimo.dipie...@gmail.com> wrote: >> If the password is a UUID how are the users supposed to know what it >> and use it to login. I am missing something here. > its a temporary password, for a one time callback. > Aren't passwords always hashed when entered in the database? If so, why aren't they hashed in the basic method before they are sent to login_bare?
Matt >> On Nov 22, 12:08 pm, Matt Broadstone <mbroa...@gmail.com> wrote: >>> On Tue, Nov 22, 2011 at 9:21 AM, Massimo Di >>> Pierro<massimo.dipie...@gmail.com> wrote: >>> > must be hashed >>> >>> Hmm I can't seem to get this working. I should probably have mentioned >>> that we are using basic auth to use this user on the client side. When >>> I hash the password and insert it into the database it is not hashing >>> the password passed in from basic login. Does this mean that we should >>> be changing the "basic" method to hash the password that it finds >>> there also? like this: >>> >>> (username, password) = base64.b64decode(basic[6:]).split(':') >>> password = db.auth_user.password.validate(str(uuid.uuid4()))[0] >>> return self.login_bare(username, password) >>> >>> Just to be clear, I'll reiterate what we're trying to do here. >>> >>> A temporary user is created in the system with a uuid username and >>> uuid password like this: >>> settings["serverUser"] = str(uuid.uuid4()) >>> settings["serverPassword"] = >>> db.auth_user.password.validate(str(uuid.uuid4()))[0] >>> user = auth.get_or_create_user(dict(username=settings["serverUser"], >>> password=settings["serverPassword"])) >>> >>> then, on the client side, we are using curl to call a restful action >>> on the server using this login info, like this: >>> curlhttps://localhost:2345/some/rest/verb-u "<serverUser >>> from above>:<serverPassword from above>" >>> >>> and its still redirecting. I can confirm that the passwords passed in >>> to login_bare are the same until this is called: >>> password = table_user[passfield].validate(password)[0] >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> > settings["serverPassword"] = >>> > db.auth_user.password.validate(str(uuid.uuid4()))[0] >>> >>> > On Nov 22, 8:19 am, Matt Broadstone <mbroa...@gmail.com> wrote: >>> >> Hello, >>> >> In our project we need to create a temporary user for the web2py app >>> >> so that a remote system can send back a singe status update. In order >>> >> to do this, when the command is sent out we create a temporary user >>> >> like this: >>> >>> >> settings["serverUser"] = str(uuid.uuid4()) >>> >> settings["serverPassword"] = str(uuid.uuid4()) >>> >> user = >>> >> auth.get_or_create_user(dict(username=settings["serverUser"], >>> >> password=settings["serverPassword"])) >>> >>> >> This adds the user/password to the database just fine, however, login >>> >> fails because of this line in login_bare: >>> >> password = table_user[passfield].validate(password)[0] >>> >>> >> if I remove this line, the password is as expected, which leads me to >>> >> think that we are not adding the password in the first case properly. >>> >> Does it need to be hashed some way? >>> >>> >> Matt >> >