OnChange client script - How to prevent the use of the Save and/or Update button until field value passes validation

Go to solution
cynlink1
Tera Expert

‎10-23-2018 03:48 PM

Hello,

I am trying to craft an onChange client script to validate the password strength of password entered directly on the user records (sys_user) by admins (not via the Password Reset functionality). My client script is partially functional as the alert is being presented when the validation condition is not met. However, the client script is not preventing the record from being saved or updated.

The script seems to work when tested using only the Save button OR only the Update button. However, if you click Save, receive the alert that the password is too weak, click OK, then click Update, you can bypass the validation. Same applies if you use the Update button first, fail the validation, then immediate click the Save button.

Table: sys_user

UI type: desktop

Type: onChange

Field name: Password

function onChange(control, oldValue, newValue, isLoading, isTemplate) {
if (isLoading || newValue ==='') {
return;
}

//AVB script to require strong passwords
var user_password = g_form.getValue('user_password');
var digit_pattern = new RegExp('[0-9]', 'g');
var upper_pattern = new RegExp('[A-Z]', 'g');
var lower_pattern = new RegExp('[a-z]', 'g');
var special_pattern = new RegExp("[,!@#\$%\^&\*\(\);\\\/\|<>'\"\.\:]", "g");
var rules = 'Password must be at least 8 characters long and contain a digit, an uppercase letter, a lowercase letter, and a special character.';

//check password strength
if((user_password.length<8) || (!digit_pattern.test(user_password)) || (!upper_pattern.test(user_password)) || (!lower_pattern.test(user_password)) ||(!special_pattern.test(user_password))) {
alert(getMessage('PASSWORD IS TOO WEAK: ' + rules));
return false;
}
alert(getMessage('Password is strong enough'));
}

Labels:
0 Helpfuls
  • 7,583 Views
1 ACCEPTED SOLUTION

Go to solution
Goran WitchDoc
ServiceNow Employee
ServiceNow Employee

‎10-30-2018 01:06 PM

As we talked, try this:

 

function onSubmit() {
	
	//AVB script to require strong passwords
	
	var rules = 'Password must be at least 8 characters long and contain a digit, an uppercase letter, a lowercase letter, and a special character.';
	var user_password = g_form.getValue('user_password');
	if(g_form.isNewRecord()||user_password != '')
		{
		//check password length
		if(user_password.length<8){
			alert(getMessage('TOO SHORT:  ') + rules);
			return false;
		}
		//check password for digit
		var digit_pattern = new RegExp('[0-9]', 'g');
		if (!digit_pattern.test(user_password)) {
			alert(getMessage('DIGIT MISSING: ' + rules));
			return false;
		}
		//check password for uppercase
		var upper_pattern = new RegExp('[A-Z]', 'g');
		if (!upper_pattern.test(user_password)) {
			alert(getMessage('UPPERCASE MISSING: ' + rules));
			return false;
		}
		//check password lowercase
		var lower_pattern = new RegExp('[a-z]', 'g');
		if (!lower_pattern.test(user_password)) {
			alert(getMessage('LOWERCASE MISSING: ' + rules));
			return false;
		}
		//check password for special
		var special_pattern = new RegExp("[,!@#\$%\^&\*\(\);\\\/\|<>'\"\.\:]", "g");
		if (!special_pattern.test(user_password)) {
			alert(getMessage('SPECIAL CHARACTER MISSING: ' + rules));
			return false;
		}
		else {
			alert(getMessage('Password saved'));
		}
	}
}

 

//Göran
 
Feel free to connect with me:
 

View solution in original post

0 Helpfuls
14 REPLIES 14

Go to solution
Goran WitchDoc
ServiceNow Employee
ServiceNow Employee
In response to cynlink1

‎10-23-2018 10:26 PM

You should be able to use the onChange, but instead of returning false, you clear the value in the field. When doing that, the user can't save the new weak password.

 

//Göran

0 Helpfuls

Go to solution
cynlink1
Tera Expert

‎10-24-2018 08:36 AM

Hi,

 

I updated the script to include a line to clear the value. However, it is still not working as desired. I receive the alert message indicating the password is weak. However, I am still able to save it using the Update or Save button.

Client Script details:

Table: sys_user

UI type: desktop

Type: onChange

Field name: Password

function onChange(control, oldValue, newValue, isLoading, isTemplate) {
if (isLoading || newValue ==='') {
return;
}

//AVB script to require strong passwords
//variables
var user_password = g_form.getValue('user_password');
var digit_pattern = new RegExp('[0-9]', 'g');
var upper_pattern = new RegExp('[A-Z]', 'g');
var lower_pattern = new RegExp('[a-z]', 'g');
var special_pattern = new RegExp("[,!@#\$%\^&\*\(\);\\\/\|<>'\"\.\:]", "g");
var rules = 'Password must be at least 8 characters long and contain a digit, an uppercase letter, a lowercase letter, and a special character.';

//If condition that checks password strength
if((user_password.length<8) || (!digit_pattern.test(user_password)) || (!upper_pattern.test(user_password)) || (!lower_pattern.test(user_password)) ||(!special_pattern.test(user_password)))
//When condition evaluates to true, an alert is displayed and the weak value in the user_password field is cleared
{
alert(getMessage('PASSWORD IS TOO WEAK: ' + rules + 'Password value did not meet complexity requirements. The value will be cleared when the from is saved or updated. Please try again.'));
g_form.clearValue(user_password);

//If condition is false then alert the user that the password will be saved
} else {
alert(getMessage('Password was strong enough and will be saved'));
}
}

----------------------------------------------------------------

In the user form history, I can see that the user_password field is being updated. See screenshot. Is there a problem with my syntax or logic? All feedback is welcomed!

Thanks,

Cyndi

 

 

Preview file
70 KB
0 Helpfuls

Go to solution
Goran WitchDoc
ServiceNow Employee
ServiceNow Employee

‎10-30-2018 01:06 PM

As we talked, try this:

 

function onSubmit() {
	
	//AVB script to require strong passwords
	
	var rules = 'Password must be at least 8 characters long and contain a digit, an uppercase letter, a lowercase letter, and a special character.';
	var user_password = g_form.getValue('user_password');
	if(g_form.isNewRecord()||user_password != '')
		{
		//check password length
		if(user_password.length<8){
			alert(getMessage('TOO SHORT:  ') + rules);
			return false;
		}
		//check password for digit
		var digit_pattern = new RegExp('[0-9]', 'g');
		if (!digit_pattern.test(user_password)) {
			alert(getMessage('DIGIT MISSING: ' + rules));
			return false;
		}
		//check password for uppercase
		var upper_pattern = new RegExp('[A-Z]', 'g');
		if (!upper_pattern.test(user_password)) {
			alert(getMessage('UPPERCASE MISSING: ' + rules));
			return false;
		}
		//check password lowercase
		var lower_pattern = new RegExp('[a-z]', 'g');
		if (!lower_pattern.test(user_password)) {
			alert(getMessage('LOWERCASE MISSING: ' + rules));
			return false;
		}
		//check password for special
		var special_pattern = new RegExp("[,!@#\$%\^&\*\(\);\\\/\|<>'\"\.\:]", "g");
		if (!special_pattern.test(user_password)) {
			alert(getMessage('SPECIAL CHARACTER MISSING: ' + rules));
			return false;
		}
		else {
			alert(getMessage('Password saved'));
		}
	}
}

 

//Göran
 
Feel free to connect with me:
 
0 Helpfuls

Go to solution
cynlink1
Tera Expert
In response to Goran WitchDoc

‎11-01-2018 12:08 PM

It worked. Many thanks!

0 Helpfuls

Go to solution
Jim Coyne
Kilo Patron

‎11-01-2018 04:16 PM

You will probably want to add an Access Control to prevent users from modifying the password from a list view, bypassing the Client Script.

Configuring contextual security for the list editor

find_real_file.png

find_real_file.png

 

Preview file
20 KB
Preview file
99 KB