Home/ Questions/Q 6689505
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T05:31:37+00:00

In web2py I’d like to change password via xml-rpc call. How can I do

  • 0

In web2py I’d like to change password via xml-rpc call. How can I do that?

@auth.requires_login()
def call():
    return service()

@service.xmlrpc
def change_password(old_pass, new_pass, confirm_pass):
    #Validate args and then does the following
    #Borrowed from web2py tools.py source
    table_user = auth.settings.table_user 
    passfield = auth.settings.password_field
    s = db(table_user.id == auth.user_id) 
    d = {passfield: new_pass}
    s.update(**d) #this saves new password in plain text; why?? 
    return
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    By default, the password field uses the CRYPT() validator to hash the password. However, validators are applied with form submissions (when the form.accepts() method is called), not during regular .insert() and .update() operations. Before inserting the new password, you can pass it through the CRYPT validator of the auth_user.password field yourself:

    d = {passfield: table_user[passfield].validate(new_pass)[0]}
s.update(**d)

    Update: Changed requires[-1] to validate.

    Update: This won’t work in the current stable version (1.99.3), but as of the next release, you will instead be able to do:

    d = {passfield: new_pass}
s.validate_and_update(**d)

    The validate_and_update method already exists, but previously it only ran the validators to check for errors without transforming the submitted values (so didn’t work with validators like CRYPT, which transform the submitted values). The updated version now transforms the values as well, so should work with CRYPT.

    • 0