Generate random User Password in onAfter transform script (Helsinki)

Go to solution
Brian Bush
Giga Guru

‎06-18-2016 02:50 PM

As per standard practice, once SSO is enabled, you should probably randomize all local passwords with few exceptions.

I added a sys_tag called "Local Account Exception" for that purpose. So, when I create/update a user from an Import Set, I want to check for that tag first and then generate a secure password, if necessary.

(function runTransformScript(source, map, log, target /*undefined onStart*/ ) {
         labent = new GlideRecord('label_entry');
         labent.addQuery('label', '=', 'Local Account Exception');
         labent.addQuery('table_key', '=', target.sys_id);
         labent.query();
         if (!labent.getRowCount()) {
                 user = new GlideRecord('sys_user');
                 user.get(target.sys_id);
                 user.query();
                 if (user.next()) {
                         user.user_password.setDisplayValue(new passwordGenerator().getPassword());
                         user.update();
                 }
         }
})(source, map, log, target);

Before you lose your mind about how inefficient it is to call another glide query, rather than using target, I can't get that working. This works.

This does not appear to work:

target.user_password.setDisplayValue(new passwordGenerator().getPassword());

This does not appear to work:

target.user_password = new passwordGenerator().getPassword();

This does not appear to work:

target.password = new passwordGenerator().getPassword();

What else can I do?

For completeness, this is my code for the passwordGenerator. I made it an object in a script include, because it has been and may become more complex.

gs.include('PrototypeServer');
var passwordGenerator = Class.create();
passwordGenerator.prototype = {
       getPassword: function() {
               var output = "";
                 // vary the password length for better protection against brute force attacks
               var strength = Math.floor(Math.random() * 48) + 24;
               var input = "1234567890abcdefghijklmnopqrstuvwxyz!#~()-+=_{}[]|><ABCDEFGHIJKLMNOPQRSTUVWXYZ";
               for (var x = 0; x < strength; x++) {
                     output += input.charAt(Math.floor(Math.random() * input.length));
               }
               return output;
       },
       type: 'passwordGenerator'
};
0 Helpfuls
  • 2,013 Views
1 ACCEPTED SOLUTION

Go to solution
bernyalvarado
Mega Sage

‎06-18-2016 10:25 PM

Hi Brian,



Is there a strong reason on why you need to have this logic on an onAfter script? That may be reason of the problem you're facing. Try adding the logic in an script where target is still available for update (for instance: onBefore Transform Script or within the Transfor Map main script).



Thanks,


Berny


View solution in original post

6 REPLIES 6

Go to solution
bernyalvarado
Mega Sage

‎06-18-2016 10:25 PM

Hi Brian,



Is there a strong reason on why you need to have this logic on an onAfter script? That may be reason of the problem you're facing. Try adding the logic in an script where target is still available for update (for instance: onBefore Transform Script or within the Transfor Map main script).



Thanks,


Berny


Go to solution
Brian Bush
Giga Guru
In response to bernyalvarado

‎06-19-2016 11:44 AM

Yup. I was avoiding onBefore, because I thought it might not have access to the sys_id of a new record. After thinking about it, it doesn't really matter. I use the sys_id to see if the record has a Tag, which it couldn't, if the record didn't even exist, yet. In any case, the code below works great. Thanks for the prodding.



(function runTransformScript(source, map, log, target /*undefined onStart*/ ) {


       // Randomize local password, unless user has Local Account Exception tag

       labent = new GlideRecord('label_entry');

       labent.addQuery('label', '=', 'Local Account Exception');

       labent.addQuery('table_key', '=', target.sys_id);

       labent.query();


       if (!labent.getRowCount()) {

               target.user_password.setDisplayValue(new passwordGenerator().getPassword());

       }


})(source, map, log, target);


0 Helpfuls

Go to solution
bernyalvarado
Mega Sage
In response to Brian Bush

‎06-19-2016 10:48 PM

"prodding"!! lol!!



You're welcome Brian.



Thanks,


Berny


0 Helpfuls

Go to solution
bernyalvarado
Mega Sage
In response to Brian Bush

‎06-19-2016 11:04 PM

Hi Brian, one additional advice. In line 9 you may want to use



!labent.hasNext()


instead of .getRowCount(). Although this does not have an immediate impact on your code, it's always a good practice to apply.



The explanation of why:


The reason why this is a good practice is because .getRowCount retrieves all the records to later perform a count on these. This could represent scalability and performance issues if the table is too big.



Instead... .hasNext()   will only lookup if there's at least one record, so it will perform that line a lot more faster and it will not represent any risk if your query result is a large set of records.



Thanks,


Berny