def user(): return dict(form=auth())
Controller can exposes multiple action witch handles user registration, login, logout, change password and more, see below. Note, the auth object and the user action are already defined in the scaffolding application.
Allows users to register. It is integrated with CAPTCHA, although this is disabled by default. This is also integrated with a client-side entropy calculator defined in "web2py.js". The calculator indicates the strength of the new password. You can use the IS_STRONG validator to prevent web2py from accepting weak passwords.
http://.../[app]/default/user/register
Allows users who are registered to log in (if the registration is verified or does not require verification, if it has been approved or does not require approval, and if it has not been blocked).
http://.../[app]/default/user/login
http://.../[app]/default/user/logout
Allows users to change their password in a fail-safe way.
http://.../[app]/default/user/change_password
http://.../[app]/default/user/verify_email
By default, Auth uses email and password for login, but it can, optionally, use username instead of email. In this latter case, if a user forgets his/her username, the retrieve_username method allows the user to type the email address and retrieve the username by email.
http://.../[app]/default/user/retrieve_username
Allows users who forgot their password to request a new password. They will get a confirmation email pointing to reset_password.
http://.../[app]/default/user/retrieve_username
Allows a user to "impersonate" another user. This is important for debugging and for support purposes. request.args[0] is the id of the user to be impersonated. This is only allowed if the logged in user has_permission('impersonate', db.auth_user, user_id). You can use auth.is_impersonating() to check is the current user is impersonating somebody else.
http://.../[app]/default/user/impersonate
Lists the groups of which the current logged in user is a member.
http://.../[app]/default/user/groups