Looks like I made it. Not really a patch for kernel, just my dirty hack as a workaround.
In db.py, change this line:
auth = Auth(db, hmac_key=Auth.get_or_create_key())
into:
class MyAuth(Auth):
# auto-record-new-password feature did not work when auth.settings.login_methods.append(basic_auth(...))
def login_bare(self, username, password):
ret = Auth.login_bare(self, username, password) # Unless user exists and contains password, this calls 3rd authen method and returns a string
if ret and isinstance(ret, str): # Gonna fix it otherwise future auth.user_id results in error ticket
ret = self.user = self.get_or_create_user({ # This function updates current record too
"username": username,
"password": self.settings.table_user[self.settings.password_field].validate(password)[0], # hash it
}, update_fields=['password']) # A dirty hack, for web2py 2.5.1
return ret
auth = MyAuth(db, hmac_key=Auth.get_or_create_key())