Note, this has now been fixed in trunk: http://code.google.com/p/web2py/source/detail?r=73b2137eb3bbbb2e61abc47b491786643d46c199
On Saturday, August 11, 2012 11:21:12 PM UTC-4, Anthony wrote: > > Looks like a bug in the wizard: > > db.auth_user.password.requires = CRYPT(key=auth.settings.hmac_key) > > should be: > > db.auth_user.password.requires = CRYPT(key=auth.settings.hmac_key,min_length > =4) > > Actually, maybe the wizard should simply use auth.define_tables() instead > of manually creating the auth_user table -- would be easier to keep the > wizard consistent with standard apps. > > Anthony > > On Saturday, August 11, 2012 8:40:12 PM UTC-4, Yarin wrote: >> >> Anthony- I'm on 1.99.7 stable. Just tried it it with a fresh basic app >> and there the problem doesn't exist. However, if you use the *app wizard*, >> and just click through accepting all the defaults, it will recreate the >> issue. Note also that it DOES allow logging in with no password subsequent >> to the registration. Adding the requires.insert(0,IS_LENGTH(minsize=5)) has >> no effect. >> >> I've attached the app I just generated with the wizard on all default >> settings. >> >> >> On Saturday, August 11, 2012 7:10:29 PM UTC-4, Anthony wrote: >>> >>> Anthony's correct- this is in Auth, but is not being respected: >>>> settings.password_min_length = 4 >>>> >>> >>> I just created a fresh app using trunk, and when I try to register >>> without a password, I get a "too short" error message on the password >>> field. What version of web2py are you using? Can we see your Auth related >>> code? Or maybe you can pack and attach a simple app that exhibits the >>> behavior. >>> >>> >>>> Massimo - "For security reason it will not be accepted for logging >>>> anyway." - Not sure what you meant but it registered me and logged me in >>>> with an empty pass. >>>> >>> >>> By default, when you first register, you are automatically logged in >>> upon registration (this can be disabled). I think Massimo meant that >>> subsequently you will not be able to continue to login with an empty >>> password. >>> >>> >>>> I also tried inserting: >>>> db.auth_user.password.requires.insert(0,IS_LENGTH(minsize=5)) >>>> >>> >>> What happens whey you try that -- does it generate an error, or simply >>> allow you to register without a password? >>> >>> Anthony >>> >>> --
