1. The book, in chapter 9, describes many methods accessible as part of the authorization system.
Thus: The controller above exposes multiple actions: http://.../[app]/default/user/register http://.../[app]/default/user/login http://.../[app]/default/user/logout http://.../[app]/default/user/profile http://.../[app]/default/user/change_password http://.../[app]/default/user/verify_email http://.../[app]/default/user/retrieve_username http://.../[app]/default/user/request_reset http://.../[app]/default/user/reset_password http://.../[app]/default/user/impersonate http://.../[app]/default/user/groups http://.../[app]/default/user/not_authorized_password This is all really useful. But, in the text there is no mention of "the controller above." Which controller is it? Indeed, the scaffolding app only appears to contain a very simple user() function in default.py. The auth menu that is enabled in the scaffolding app only offers access to: login register lost password? These are the essentials. But, how do I get to the rest of the functions? 2. The book describes a specific way to invoke auth in a model for the application: from gluon.tools import Auth auth = Auth(db, hmac_key=Auth.get_or_create_key()) auth.define_tables() The welcome app and scaffolding app do indeed provide this. Somewhere along the line, I was following some documentation (can't remember where now...) and I created an app which invokes auth in the model as: from gluon.tools import * auth = Auth(jodb) auth.define_tables() So, I don't have the hmac key. How bad is this? Let me guess: the passwords in the auth database are not being encrypted because there is no encryption key. When I go look at the raw table, the password has certainly been hashed. What key or salt is used when I have specified (mis-specified, as the case may be) auth as I have? Thanks. Trying to use the manual and source code reference as much as possible but sometimes asking is easier. - Lewis
