By default, CRYPT generates a hashed value even if you submit an empty string, so if you put IS_NOT_EMPTY after CRYPT, it will pass validation. However, there's no reason to use IS_NOT_EMPTY because CRYPT itself takes a min_length argument, which defaults to 0. Note, there is also an Auth setting called auth.settings.password_min_length, which defaults to 4. The default auth_user table created by Auth sets a CRYPT validator with min_length=auth.settings.password_min_length. So, just change your field definition to:
Field('password', 'password', requires=CRYPT(min_length=auth.settings.password_min_length), ...) Anthony On Wednesday, February 22, 2012 11:16:56 AM UTC-5, Richard wrote: > > Hello, > > User are allow to enter noting when they change their password in > application/user/change_password form, I can also create user without > password in appadmin even if I set requires=is_not_empty() in the > model of auth_user table. > > # Here my model definition : > auth_table = db.define_table( > auth.settings.table_user_name, > Field('first_name', length=128, default=None, > required=True, > notnull=True, > requires = > IS_NOT_EMPTY(error_message=T(auth.messages.is_empty)), > ), > Field('last_name', length=128, default=None, > requires = > IS_NOT_EMPTY(error_message=T(auth.messages.is_empty)), > ), > Field('email', length=128, default=None, unique=True, > label=T('Email'), > requires = > [IS_EMAIL(error_message=T(auth.messages.invalid_email)), > IS_NOT_IN_DB(db, 'auth_user.email')], > ), > Field('password', 'password', length=256, > readable=False, label=T('Password'), > required=True, > notnull=True, > requires = [CRYPT(), > IS_NOT_EMPTY(error_message=T(auth.messages.is_empty))] > ), > Field('registration_key', length=128, default=None, > writable=False, readable=False), > Field('reset_password_key', length=512, > writable=False, readable=False, default=None > ), > migrate=False, > format='%(first_name)s %(last_name)s (%(id)s)') > > OK, just find that IS_NOT_EMPTY() not works except if it is before the > CRYPT() : > > requires = [IS_NOT_EMPTY(error_message=T(auth.messages.is_empty)), > CRYPT()] > > I think this is a bug... > > I use web2py 1.99.4 > > Richard > >