From bf5ec0d7cfb83a1a39dc254905c46db4eea7b319 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Leonel=20C=C3=A2mara?= <leonelcamara@gmail.com>
Date: Sun, 20 Nov 2016 19:38:21 +0000
Subject: [PATCH] Fixed a long standing bug in login_user which was using
 'password' instead of settings.password_field Fixes #636

---
 gluon/authapi.py | 17 ++++++++++-------
 gluon/tools.py   |  9 ++++++++-
 2 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/gluon/authapi.py b/gluon/authapi.py
index c4507931..6ff67ab3 100644
--- a/gluon/authapi.py
+++ b/gluon/authapi.py
@@ -688,19 +688,22 @@ class AuthAPI(object):
             return True
         return False
 
-    def login_user(self, user):
-        """
-        Logins the `user = db.auth_user(id)`
-        """
+    def _update_session_user(self, user):
         if global_settings.web2py_runtime_gae:
             user = Row(self.table_user()._filter_fields(user, id=True))
-            delattr(user, 'password')
+            delattr(user, self.settings.password_field)
         else:
             user = Row(user)
             for key in list(user.keys()):
                 value = user[key]
-                if callable(value) or key == 'password':
+                if callable(value) or key == self.settings.password_field:
                     delattr(user, key)
+
+    def login_user(self, user):
+        """
+        Logins the `user = db.auth_user(id)`
+        """
+        self._update_session_user(user)
         if self.settings.renew_session_onlogin:
             current.session.renew(clear_session=not self.settings.keep_session_onlogin)
         current.session.auth = Storage(user=user,
@@ -924,7 +927,7 @@ class AuthAPI(object):
             log = self.messages['profile_log']
 
         self.log_event(log, user)
-        self.user.update(**kwargs)
+        self._update_session_user(user)
         return {'errors': None, 'message': self.messages.profile_updated, 'user': {k: user[k] for k in table_user.fields if table_user[k].readable}}
 
     def change_password(self, log=DEFAULT, **kwargs):
diff --git a/gluon/tools.py b/gluon/tools.py
index 471f0166..f002bfd4 100644
--- a/gluon/tools.py
+++ b/gluon/tools.py
@@ -3734,7 +3734,14 @@ class Auth(AuthAPI):
                         formname='profile',
                         onvalidation=onvalidation,
                         hideerror=self.settings.hideerror):
-            self.user.update(table_user._filter_fields(form.vars))
+            extra_fields = self.settings.extra_fields.get(self.settings.table_user_name, [])
+            if any(f.compute for f in extra_fields):
+                user = table_user[self.user.id]
+                self._update_session_user(user) 
+            else:
+                self.user.update(table_user._filter_fields(form.vars))
+
+            
             session.flash = self.messages.profile_updated
             self.log_event(log, self.user)
             callback(onaccept, form)