Note, you shouldn't need: db.auth_user.password.requires.insert(0,IS_LENGTH(minsize=8))
given that you specify min_length in the CRYPT validator. You might consider the IS_STRONG validator as well. Anthony On Tuesday, August 14, 2012 11:11:42 AM UTC-4, Rob_McC wrote: > > Hey Jon: > > *Q: > * > BTW, are you deliberately *forbidding* upper-case letters? > > *A: > *. *Yes*, just like Google does, usernames are lowercase, > although if your gmail username is > *johnsmith* > you can log in with > *JohnSmith*, or > *JOHNSMITH*, or > *Johnsmith* > etc. but there is ONLY ONE user. > > At least for my app, Just case lowercase names are best... > user's have enough trouble remembering names without burden of > case-sensitivity. > > ------- > So, with the of this forum, I think I have nearly completed > my Google-like Registration policy in web2py. I'll continue to test. > > Here is code, entire file (based on simple app, is attached db.py) > > *Concern:* > I *hope* I'm restricting the length of password correctly? > I just followed discussion on this forum. > Note: > Curiously, in version 1.99, the .insert works, > where id didn't with username. > -- > > thanks all, > ~ Rob > > ----------------------- > > db.py.... > > from gluon.tools import Auth, Crud, Service, PluginManager, prettydate > auth = Auth(db, hmac_key=Auth.get_or_create_key()) > crud, service, plugins = Crud(db), Service(), PluginManager() > > ## - START CUSTOMIZATION - - - - - - - - - - - - - - - - - - - - - - ## > > # | Summary: > # | Modify web2py to allow user registrations similar to > # | Google registrations. > # | i.e. > # | - lower case only [a-z] > # | - numbers [0-9] and period are OK > # | - can't end in a period > # | - can't start with a period > # | - can't have consecutive periods > # | - min 8 letter password > # | - username can't be changed once registered > # | > # | Note: Messages are nearly same as Google displays > > > ## create all tables needed by auth if not custom tables > # use usernames rather than email addresses to register > auth.define_tables(username=True) > > # allow username only on registration, but can only > # be viewed (readable) in Profile > # user can't change username once registered. > > if auth.is_logged_in(): > db.auth_user.username.writable = False > db.auth_user.username.readable = True > > > #custom message for password length - like Google > # ref: > """ > > https://groups.google.com/forum/?fromgroups#!searchin/web2py/$20default$20length$20for$20password/web2py/k5os3bMz228/vG-UOLbhcBUJ[1-25] > """ > db.auth_user.password.requires.insert(0,IS_LENGTH(minsize=8)) > db.auth_user.password.requires = CRYPT(key=auth.settings.hmac_key,min_length > =8) > > #add a comments to exlain policy > db.auth_user.password.comment='minimum 8 letters' > db.auth_user.username.comment='min. 6 letters (a-z), you may use numbers, > and periods.' > > # apply nearly identical username policy and message that Google Accounts > use. > # this OVERWRITES web2py's default username validation > # reference and thanks to web2py community for help: > # > https://groups.google.com/forum/?fromgroups#!starred/web2py/HBODB00HMfU[1-25] > > auth.settings.table_user.username.requires = [IS_LENGTH(30,6,'Please use > between 6 and 30 characters.'), > IS_MATCH('^[a-z0-9.]*$', error_message='Please use only letters (a-z) > and numbers (0-9), and periods.'), > IS_NOT_EMPTY(error_message='You can\'t leave this empty. '), > IS_EXPR("value[0]<>'.'", error_message='The FIRST character of your > username should be a letter (a-z) or number.'), > IS_EXPR("value[-1]<>'.'", error_message='The LAST character of your > username should be a letter (a-z) or number.'), > IS_EXPR("str(value).find('..')==-1",error_message='A fan of > punctuation! Alas, usernames can\'t have consecutive periods.'), > IS_NOT_IN_DB(db, auth.settings.table_user.username, 'Someone already > has that username. ') > ] > > ## - END CUSTOMIZATION - - - - - - - - - - - - - - - - - - - - - - ## > > > --
