Password Recovery Not Sending (lazyT object being passed to GAE?)

[webm...@trytha.com]

I just uploaded an updated version of web2py to my server, replacing a much older version (likely 2.12.2), and now it won't send password recovery emails.  The error in the logs is: 

Mail.send failure:coercing to Unicode: need string or buffer, lazyT found

This suggests to me that somehow a string is not properly being passed.  I gather that lazyT has something to do with the built-in translation capabilities of web2py?  Probably don't need to be translating email addresses (though I guess it could be trying to translate the recovery message).  Either way, GAE wants nothing to do with it.

How can I fix this?

[Massimo Di Pierro]

This may have been fixed already. Can you upgrade and try it?

[webm...@trytha.com]

Nope, same error in:  2.14.6-stable+timestamp.2016.05.10.00.21.47 (the source code off the web2py site).

If you want me to try a nightly or something, let me know.

The only semi-unique thing about my app is that I allow usernames for login as well.  Here is my default/user():

def user():

db.auth_user.first_name.writable = False

db.auth_user.last_name.writable = False

# NOTE: This is an addition I found that enables using usernames (default is email as login).

if 'login' in request.args:

db.auth_user.username.label   = T('Username or Email')

auth.settings.login_userfield = 'username'

if request.vars.username and not IS_EMAIL()(request.vars.username)[1]:

auth.settings.login_userfield = 'email'

request.vars.email            = request.vars.username

request.post_vars.email       = request.vars.email

request.vars.username         = None

request.post_vars.username    = None

return dict(form = auth())

Everything was working fine in 2.12.2, but I can't say for certain it was working in my 2.13 deployment.

[Massimo Di Pierro]

OK. will check this today.

[webm...@trytha.com]

Thanks.  I'll run a couple more tests tomorrow if I haven't heard back.

[Jacinto Parga]

I have the same problem

20:30:08.307Mail.send failure:coercing to Unicode: need string or buffer, lazyT found (/base/data/home/apps/e~canal-etico-marcafranca/0.395432313309680422/gluon/tools.py:808)

[webm...@trytha.com]

I've been working on a lot of other little things and haven't had a chance to test yet.  Is yours also on Google App Engine?

One thing to try would be to use version 2.12.2 of web2py to see if that fixes it.  Diagnosing the issue is on my very short list of things to do.

[Jacinto Parga]

Yes, It is also in Google App engine. 

I could find several differences between files gluon/tools.py

I guess it has something to do with it as the GAE warning said, but I can't solve it.

This is what I get when I try to request reset password 

Help would be appreciated!

[Jacinto Parga]

The same error when I try to register an user: Unable to send email.

Mail.send failure:coercing to Unicode: need string or buffer, lazyT found

I don't know what to do

El domingo, 31 de julio de 2016, 8:36:02 (UTC+2), Massimo Di Pierro escribió:

[Mathieu Clabaut]

I had a probably similar problem that I solved by patching pydal.

See https://github.com/web2py/pydal/issues/403 and https://github.com/web2py/pydal/pull/404.

However, as mention in the issue thread,  the change shall be done in web2py.

Alas, I did not have time to try to reproduce with a more recent web2py.

If you use a recent web2py and the dal PR#404 solves the problem for you, then I propose that you open a new bug in web2py.

Best regards,

-Mathieu

--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to the Google Groups "web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Jacinto Parga]

Unfortunatly it didn't work for me.

Is it a translation issue? Can it be solved changing the auth_user messages?

I think it is an important bug!! I can send mails with my application form GAE, there is no problem at all. But when someone is singing up it is "Unable to send mail!" Same happens width reset_request_password.

Expecting for solution.

[webm...@trytha.com]

So has this and the DAL issue with GAE been addressed?  Should I try the latest version of web2py or is it a waste of time?  I'd really prefer to use a later version because 2.12.2 (the latest version of web2py that fully works with GAE) has a bug that logs users out randomly.

Could we just have ONE version of web2py that works completely with GAE?  Right now it's like Frankenstein's monster.

[Jacinto Parga]

I just did a workaround with my own password reset function.

[Karoly Kantor]

This issue still seems to be unsolved. I have a fresh installation on GAE, reset password emails fail due to "need string or buffer, lazyT found"

Is there something I can do?

Thanks.

[Karoly Kantor]

As the issue is still unresolved, i have unchecked the "no action needed" flag on this topic. Any help would be appreciated. Thank you.

[Jacinto Parga]

Yes, still unresolved.

I did a workaround for the request_reset_password: 

def user(): 

    if request.args(0)=='request_reset_password':

        redirect(URL('default','myrequestpass'))

    return dict(form=auth())

def myrequestpass():

    form = SQLFORM.factory(

        Field('u_email', requires =[IS_EMAIL(error_message='Wrong email'), IS_IN_DB(db, 'auth_user.email', error_message='Address not in DB')]),

              table_name='solicitar_pass')

    if form.process().accepted:

        user = db(db.auth_user.email==form.vars.u_email).select().first()

        session.flash = 'Comprueba tu correo '+str(user.first_name)

        u_passwd = str(hex(int(time.time())))[2:]

        user.update_record(password=CRYPT()(u_passwd.encode('utf8'))[0])

        mensaje='<html> <h4>Retrieve your password</h4> Temporal password : <strong> '+ u_passwd   +' </strong> <p> Login with the temporal password and set your new password in this link :</p><p><a href="https://yoursite.com/user/login?_next=/user/change_password">Change Password</a></p><br></html>''

        mail.send(to=[form.vars.u_email],

        subject='Change your password, follow this link',

        message=mensaje)

        redirect(URL('default','index'))

    elif form.errors:

        response.flash = 'Wrong Email address'

    return dict(form=form)

But anyway the lazyT found is an annoying error width, for instance: auth.settings.auth_two_factor_enabled = True

[Karoly Kantor]

Thanks very much, Jacinto. I will try and report back.

I still consider this significant issue, this is something that probably impacts everyone on GAE, and not only under some special and rare circumstances. I am hoping it will be eventually resolved in the core web2py code.

[Karoly Kantor]

Thanks, this helped, i am now using my own function to send the password reset email.

On Friday, March 31, 2017 at 2:51:03 PM UTC+2, Jacinto Parga wrote:

[webm...@trytha.com]

Thanks for bringing this issue back up and posting a workaround.  

The worst part is the way to fix this is probably about as easy as wrapping something in "str()", just need to know how the web2py internals all link together.

[webm...@trytha.com]

Can we not get a real solution to this?  I was gonna try the posted hack, but it can be too easily abused (it changes the user's password instead of using a password_reset token, so anyone could change your password just by knowing your email address).

[Jacinto Parga]

Yes it is easy to change anyone password, but you still have to access to his/hers email to set the final password. Anyway it is not the right solution. There was no problem with 2.13 versions.

[webm...@trytha.com]

This is the "Best Answer".  It uses web2py's internal password reset mechanism.  Just gave it a fairly thorough testing.  I really appreciate the people who gave help in this thread and a couple others about resetting passwords.  This should mostly suffice until we get a real solution (though I make no strong statement about security).

views/default/reset_password.html

{{=form}}

default.py [Include this somewhere under def user()]

if request.args[0] == 'request_reset_password':

redirect(URL('default','reset_password'))

default.py

def reset_password():

# EXP: Import UUID module from gluon.

from gluon.utils import web2py_uuid

# EXP: Define variables.

# NOTE: No idea how long this is... and any shorter number breaks it, I think...

max_time = 100000000000

# EXP: Create a form that will return "E-mail Address Unknown" if the email can't be found.

form = SQLFORM.factory(

Field('email', requires = [IS_EMAIL(error_message='Email Address Unknown'),

IS_IN_DB(db, 'auth_user.email', error_message='Email Address Unknown')]))

# EXP: If the email address is valid, process a password reset email.

if form.process().accepted:

# EXP: Find the user whose email matches the request.

user = db(db.auth_user.email == form.vars.email).select().first()

# EXP: Generate a one-time key to allow password reset. Web2py's uuid method allows duplication across instances.

reset_password_key = str(int(max_time)) + '-' + web2py_uuid()

# TODO: Find a way to encrypt the key before uploading it to DB that works with web2py's internal password reset system.

user.update_record(reset_password_key = reset_password_key)

# EXP: Send an email with a password reset link to the entered email address.

message = '<html> <h3>Retrieve your password for XXXXXXXX.com</h3> <p>Please use the link below to reset your password.</p> <p> <a href="' + str(URL('user', 'reset_password', vars=dict(key=reset_password_key), scheme='https', host=True)) + '">Reset Password</a></p> <p>If you did not initiate this password reset, please ignore this email.</p> </html>'

mail.send(to = [user.email],

subject = 'Reset your password at XXXXXXXX.com',

message = message)

session.flash = 'Email sent'

# # TODO: Forward to login page with forward_page variable.

redirect(URL('default','index'))

elif form.errors:

response.flash = 'Wrong E-mail Address'

return dict(form=form)