changed CRYPT, Auth, welcome digest_alg default

2012-07-20 10:31:07 -05:00
parent 6072fa2962
commit 8ba850fc3f
4 changed files with 6 additions and 7 deletions
@@ -1 +1 @@
-Version 2.00.0 (2012-07-20 10:17:51) dev
+Version 2.00.0 (2012-07-20 10:31:02) dev
@@ -40,7 +40,7 @@ response.generic_patterns = ['*'] if request.is_local else []
 #########################################################################

 from gluon.tools import Auth, Crud, Service, PluginManager, prettydate
-auth = Auth(db, hmac_key=Auth.get_or_create_key(), salt=True)
+auth = Auth(db)
 crud, service, plugins = Crud(db), Service(), PluginManager()

 ## create all tables needed by auth if not custom tables
@@ -880,7 +880,7 @@ class Auth(object):
    def here(self):
        return URL(args=current.request.args,vars=current.request.vars)

-    def __init__(self, environment=None, db=None, mailer=True, salt = False,
+    def __init__(self, environment=None, db=None, mailer=True,
                 hmac_key=None, controller='default', function='user', cas_provider=None):
        """
        auth=Auth(db)
@@ -922,7 +922,6 @@ class Auth(object):

        settings.hideerror = False
        settings.password_min_length = 4
-        settings.salt = salt
        settings.cas_domains = [request.env.http_host]
        settings.cas_provider = cas_provider
        settings.cas_actions = {'login':'login',
@@ -1410,7 +1409,7 @@ class Auth(object):
            table.last_name.requires = \
                IS_NOT_EMPTY(error_message=self.messages.is_empty)
            table[passfield].requires = [
-                CRYPT(key=settings.hmac_key,salt=settings.salt,
+                CRYPT(key=settings.hmac_key,
                      min_length=settings.password_min_length)]
            table.email.requires = \
                [IS_EMAIL(error_message=self.messages.invalid_email),
@@ -2681,9 +2681,9 @@ class CRYPT(object):

    def __init__(self, 
                 key=None, 
-                 digest_alg='md5',
+                 digest_alg='pbkdf2(1000,20,sh512)',
                 min_length=0, 
-                 error_message='too short', salt=None):
+                 error_message='too short', salt=True):
        """
        important, digest_alg='md5' is not the default hashing algorithm for
        web2py. This is only an example of usage of this function.