Generate random User Password in onAfter transform script (Helsinki)

Brian Bush · ‎06-18-2016

As per standard practice, once SSO is enabled, you should probably randomize all local passwords with few exceptions.

I added a sys_tag called "Local Account Exception" for that purpose. So, when I create/update a user from an Import Set, I want to check for that tag first and then generate a secure password, if necessary.

(function runTransformScript(source, map, log, target /*undefined onStart*/ ) {
         labent = new GlideRecord('label_entry');
         labent.addQuery('label', '=', 'Local Account Exception');
         labent.addQuery('table_key', '=', target.sys_id);
         labent.query();
         if (!labent.getRowCount()) {
                 user = new GlideRecord('sys_user');
                 user.get(target.sys_id);
                 user.query();
                 if (user.next()) {
                         user.user_password.setDisplayValue(new passwordGenerator().getPassword());
                         user.update();
                 }
         }
})(source, map, log, target);

Before you lose your mind about how inefficient it is to call another glide query, rather than using target, I can't get that working. This works.

This does not appear to work:

target.user_password.setDisplayValue(new passwordGenerator().getPassword());

This does not appear to work:

target.user_password = new passwordGenerator().getPassword();

This does not appear to work:

target.password = new passwordGenerator().getPassword();

What else can I do?

For completeness, this is my code for the passwordGenerator. I made it an object in a script include, because it has been and may become more complex.

gs.include('PrototypeServer');
var passwordGenerator = Class.create();
passwordGenerator.prototype = {
       getPassword: function() {
               var output = "";
                 // vary the password length for better protection against brute force attacks
               var strength = Math.floor(Math.random() * 48) + 24;
               var input = "1234567890abcdefghijklmnopqrstuvwxyz!#~()-+=_{}[]|><ABCDEFGHIJKLMNOPQRSTUVWXYZ";
               for (var x = 0; x < strength; x++) {
                     output += input.charAt(Math.floor(Math.random() * input.length));
               }
               return output;
       },
       type: 'passwordGenerator'
};

bernyalvarado · ‎06-18-2016

Hi Brian,

Is there a strong reason on why you need to have this logic on an onAfter script? That may be reason of the problem you're facing. Try adding the logic in an script where target is still available for update (for instance: onBefore Transform Script or within the Transfor Map main script).

Thanks,

Berny

View solution in original post

bernyalvarado · ‎06-19-2016

Here goes the link to the best practice on this subject:

https://wiki.servicenow.com/index.php?title=Coding_Best_Practices#Use_GlideAggregate_for_Simple_Reco...

I hope this helpful

Thanks,

Berny

Brian Bush · ‎06-20-2016

This script has a minor mistake in it. The query for the label should reference the sys_id, not the name.

I thought I could query it by the name, but it doesn't seem to like it. Often safer to use the sys_id anyway, as long as they are in sync across environments.