From 228d3c41b6ea713192b883009089e78aec3cb592 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonel=20C=C3=A2mara?= Date: Tue, 7 Nov 2017 23:34:35 +0000 Subject: [PATCH 1/2] Fixes #1800 --- gluon/authapi.py | 2 +- gluon/tests/test_authapi.py | 3 +++ gluon/tools.py | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/gluon/authapi.py b/gluon/authapi.py index faef8c1e..ddae855a 100644 --- a/gluon/authapi.py +++ b/gluon/authapi.py @@ -988,7 +988,7 @@ class AuthAPI(object): requires = [requires] requires = list(filter(lambda t: isinstance(t, CRYPT), requires)) if requires: - requires[0].min_length = 0 + requires[0] = CRYPT(key=settings.hmac_key, min_length=0) old_password = kwargs.get('old_password', '') new_password = kwargs.get('new_password', '') diff --git a/gluon/tests/test_authapi.py b/gluon/tests/test_authapi.py index cd00afb6..cc92778e 100644 --- a/gluon/tests/test_authapi.py +++ b/gluon/tests/test_authapi.py @@ -138,6 +138,9 @@ class TestAuthAPI(unittest.TestCase): self.assertTrue('new_password2' in result['errors']) result = self.auth.change_password(old_password='bart_password', new_password='1234', new_password2='1234') self.assertTrue('old_password' in result['errors']) + # Test the default 4 min_length is enforced on change password + result = self.auth.change_password(old_password='1234', new_password='123', new_password2='123') + self.assertTrue('new_password' in result['errors']) def test_verify_key(self): self.auth.settings.registration_requires_verification = True diff --git a/gluon/tools.py b/gluon/tools.py index 0cf9b205..80b905ac 100644 --- a/gluon/tools.py +++ b/gluon/tools.py @@ -3693,7 +3693,7 @@ class Auth(AuthAPI): requires = [requires] requires = list(filter(lambda t: isinstance(t, CRYPT), requires)) if requires: - requires[0].min_length = 0 + requires[0] = CRYPT(key=self.settings.hmac_key, min_length=0) form = SQLFORM.factory( Field('old_password', 'password', requires=requires, label=self.messages.old_password), From 925f92884399183f512cf8d5a9f46b202ec86a23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonel=20C=C3=A2mara?= Date: Wed, 8 Nov 2017 11:53:29 +0000 Subject: [PATCH 2/2] Copy all CRYPT attributes thanks @abastardi --- gluon/authapi.py | 3 ++- gluon/tools.py | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/gluon/authapi.py b/gluon/authapi.py index ddae855a..db2ae13f 100644 --- a/gluon/authapi.py +++ b/gluon/authapi.py @@ -988,7 +988,8 @@ class AuthAPI(object): requires = [requires] requires = list(filter(lambda t: isinstance(t, CRYPT), requires)) if requires: - requires[0] = CRYPT(key=settings.hmac_key, min_length=0) + requires[0] = CRYPT(**requires[0].__dict__) # Copy the existing CRYPT attributes + requires[0].min_length = 0 # But do not enforce minimum length for the old password old_password = kwargs.get('old_password', '') new_password = kwargs.get('new_password', '') diff --git a/gluon/tools.py b/gluon/tools.py index 80b905ac..b063b6ea 100644 --- a/gluon/tools.py +++ b/gluon/tools.py @@ -3693,7 +3693,8 @@ class Auth(AuthAPI): requires = [requires] requires = list(filter(lambda t: isinstance(t, CRYPT), requires)) if requires: - requires[0] = CRYPT(key=self.settings.hmac_key, min_length=0) + requires[0] = CRYPT(**requires[0].__dict__) # Copy the existing CRYPT attributes + requires[0].min_length = 0 # But do not enforce minimum length for the old password form = SQLFORM.factory( Field('old_password', 'password', requires=requires, label=self.messages.old_password),