Looks like a bug in the wizard: db.auth_user.password.requires = CRYPT(key=auth.settings.hmac_key)
should be: db.auth_user.password.requires = CRYPT(key=auth.settings.hmac_key,min_length =4) Actually, maybe the wizard should simply use auth.define_tables() instead of manually creating the auth_user table -- would be easier to keep the wizard consistent with standard apps. Anthony On Saturday, August 11, 2012 8:40:12 PM UTC-4, Yarin wrote: > > Anthony- I'm on 1.99.7 stable. Just tried it it with a fresh basic app and > there the problem doesn't exist. However, if you use the *app wizard*, > and just click through accepting all the defaults, it will recreate the > issue. Note also that it DOES allow logging in with no password subsequent > to the registration. Adding the requires.insert(0,IS_LENGTH(minsize=5)) has > no effect. > > I've attached the app I just generated with the wizard on all default > settings. > > > On Saturday, August 11, 2012 7:10:29 PM UTC-4, Anthony wrote: >> >> Anthony's correct- this is in Auth, but is not being respected: >>> settings.password_min_length = 4 >>> >> >> I just created a fresh app using trunk, and when I try to register >> without a password, I get a "too short" error message on the password >> field. What version of web2py are you using? Can we see your Auth related >> code? Or maybe you can pack and attach a simple app that exhibits the >> behavior. >> >> >>> Massimo - "For security reason it will not be accepted for logging >>> anyway." - Not sure what you meant but it registered me and logged me in >>> with an empty pass. >>> >> >> By default, when you first register, you are automatically logged in upon >> registration (this can be disabled). I think Massimo meant that >> subsequently you will not be able to continue to login with an empty >> password. >> >> >>> I also tried inserting: >>> db.auth_user.password.requires.insert(0,IS_LENGTH(minsize=5)) >>> >> >> What happens whey you try that -- does it generate an error, or simply >> allow you to register without a password? >> >> Anthony >> >> --
