Reputation: 21
web2py I need to programmatically update a password field when it's in CRYPT
I am designing my Law_firm management app using web2py but for some reason I wanna be able to programmatically update the password in the controller but when I do, it shows up as a normal un-encrypted string which you can be read. so how do I apply the CRYPT validator to my update since I can't login with the new un-encrypted password, here is my code spinet in the controller.
record = db.auth_user(confirm.id)
if record:
new_password = password_generator(12, UPPER_ALPHANUM)
record.update_record(password=new_password)
Note: password_generator(a,b) is a global function I built some where in one of the models that generates a random password that I have to use in updating the existing password. but it turns out when I check the database instead of getting something like this
pbkdf2(1000,20,sha512)$aee0b78b97611f11$56e6595198b550ef26b7d2b5ef6a507c0a3cf858
I end up with this
D4SO0GSIK98W
and I just can't login besides it's not safe so how do I apply the CRYPT validator and I believe that way I can login and also I can be safe, please I don't wanna use the inbuilt reset password because this is different am trying to do something of to accomplish something even way far from that context.
Upvotes: 0
Views: 346
Answers (1)
Reputation: 25536
The password is transformed via the password field's validator (i.e., its requires property), so the simplest way to apply the validator on update is to use the .validate_and_update method:
db(db.auth_user.id == record.id).validate_and_update(password=new_password)
Alternatively, you can apply the validator directly:
crypt_validator = db.auth_user.password.requires[0] # The validator is in a list.
hash_password = lambda password: crypt_validator(password)[0]
record.update_record(password=hash_password(new_password))
Note, each validator returns a tuple, which includes the (possibly transformed) value and either None or an error message. So, the above hash_password function extracts the transformed value, which is the first element of the returned tuple.
Upvotes: 0
Related Questions
- UPDATE encrypted column with SQLAlchemy
- Is there a simple way to handle SECRET_KEY update for encrypted fields?
- Custom bcrypt validation with Web2py
- web2py check password in form
- Adding password change field to form created by auth.profile()?
- How do I recompute web2py's password hash?
- Password submission in Python
- Return string from web2py CRYPT() function
- Python Enter Password And Compare to Shadowed Password Database
- Updating web2py auth_user custom fields programmatically