Re: [web2py] auth_user table password requires=is_not_empty() get overrided

Wed, 22 Feb 2012 09:32:49 -0800 

By default, CRYPT generates a hashed value even if you submit an empty 
string, so if you put IS_NOT_EMPTY after CRYPT, it will pass validation. 
However, there's no reason to use IS_NOT_EMPTY because CRYPT itself takes a 
min_length argument, which defaults to 0. Note, there is also an Auth 
setting called auth.settings.password_min_length, which defaults to 4. The 
default auth_user table created by Auth sets a CRYPT validator with 
min_length=auth.settings.password_min_length. So, just change your field 
definition to:

Field('password', 'password',
    requires=CRYPT(min_length=auth.settings.password_min_length), ...)

Anthony

On Wednesday, February 22, 2012 11:16:56 AM UTC-5, Richard wrote:
>
> Hello, 
>
> User are allow to enter noting when they change their password in 
> application/user/change_password form, I can also create user without 
> password in appadmin even if I set requires=is_not_empty() in the 
> model of auth_user table. 
>
> # Here my model definition : 
> auth_table = db.define_table( 
>     auth.settings.table_user_name, 
>     Field('first_name', length=128, default=None, 
>         required=True, 
>         notnull=True, 
>         requires = 
> IS_NOT_EMPTY(error_message=T(auth.messages.is_empty)), 
>         ), 
>     Field('last_name', length=128, default=None, 
>         requires = 
> IS_NOT_EMPTY(error_message=T(auth.messages.is_empty)), 
>         ), 
>     Field('email', length=128, default=None, unique=True, 
> label=T('Email'), 
>         requires = 
> [IS_EMAIL(error_message=T(auth.messages.invalid_email)), 
>             IS_NOT_IN_DB(db, 'auth_user.email')], 
>         ), 
>     Field('password', 'password', length=256, 
>           readable=False, label=T('Password'), 
>           required=True, 
>           notnull=True, 
>           requires = [CRYPT(), 
> IS_NOT_EMPTY(error_message=T(auth.messages.is_empty))] 
>           ), 
>     Field('registration_key', length=128, default=None, 
>           writable=False, readable=False), 
>     Field('reset_password_key', length=512, 
>         writable=False, readable=False, default=None 
>         ), 
>     migrate=False, 
>     format='%(first_name)s %(last_name)s (%(id)s)') 
>
> OK, just find that IS_NOT_EMPTY() not works except if it is before the 
> CRYPT() : 
>
> requires = [IS_NOT_EMPTY(error_message=T(auth.messages.is_empty)), 
> CRYPT()] 
>
> I think this is a bug... 
>
> I use web2py 1.99.4 
>
> Richard 
>
>

Reply via email to