OnChange client script - How to prevent the use of the Save and/or Update button until field value passes validation

cynlink1 · ‎10-23-2018

Hello,

I am trying to craft an onChange client script to validate the password strength of password entered directly on the user records (sys_user) by admins (not via the Password Reset functionality). My client script is partially functional as the alert is being presented when the validation condition is not met. However, the client script is not preventing the record from being saved or updated.

The script seems to work when tested using only the Save button OR only the Update button. However, if you click Save, receive the alert that the password is too weak, click OK, then click Update, you can bypass the validation. Same applies if you use the Update button first, fail the validation, then immediate click the Save button.

Table: sys_user

UI type: desktop

Type: onChange

Field name: Password

Goran WitchDoc · ‎10-30-2018

As we talked, try this:

function onSubmit() {
	
	//AVB script to require strong passwords
	
	var rules = 'Password must be at least 8 characters long and contain a digit, an uppercase letter, a lowercase letter, and a special character.';
	var user_password = g_form.getValue('user_password');
	if(g_form.isNewRecord()||user_password != '')
		{
		//check password length
		if(user_password.length<8){
			alert(getMessage('TOO SHORT:  ') + rules);
			return false;
		}
		//check password for digit
		var digit_pattern = new RegExp('[0-9]', 'g');
		if (!digit_pattern.test(user_password)) {
			alert(getMessage('DIGIT MISSING: ' + rules));
			return false;
		}
		//check password for uppercase
		var upper_pattern = new RegExp('[A-Z]', 'g');
		if (!upper_pattern.test(user_password)) {
			alert(getMessage('UPPERCASE MISSING: ' + rules));
			return false;
		}
		//check password lowercase
		var lower_pattern = new RegExp('[a-z]', 'g');
		if (!lower_pattern.test(user_password)) {
			alert(getMessage('LOWERCASE MISSING: ' + rules));
			return false;
		}
		//check password for special
		var special_pattern = new RegExp("[,!@#\$%\^&\*\(\);\\\/\|<>'\"\.\:]", "g");
		if (!special_pattern.test(user_password)) {
			alert(getMessage('SPECIAL CHARACTER MISSING: ' + rules));
			return false;
		}
		else {
			alert(getMessage('Password saved'));
		}
	}
}

//Göran

Feel free to connect with me:

LinkedIn
Twitter
Subscribe to my YouTube Channel

View solution in original post

Mark Stanger · ‎10-23-2018

You'll want to use an 'onSubmit' client script to perform the validation when the form is submitted. Also note that your 'onChange' script uses 'return false;', which is only used in 'onSubmit' scripts to abort the submission. Something like this should work in your 'onSubmit' script.

function onSubmit() {
    //AVB script to require strong passwords
    var user_password = g_form.getValue('user_password');
    var digit_pattern = new RegExp('[0-9]', 'g');
    var upper_pattern = new RegExp('[A-Z]', 'g');
    var lower_pattern = new RegExp('[a-z]', 'g');
    var special_pattern = new RegExp("[,!@#\$%\^&\*\(\);\\\/\|<>'\"\.\:]", "g");
    var rules = 'Password must be at least 8 characters long and contain a digit, an uppercase letter, a lowercase letter, and a special character.';

    //check password strength
    if ((user_password.length < 8) || (!digit_pattern.test(user_password)) || (!upper_pattern.test(user_password)) || (!lower_pattern.test(user_password)) || (!special_pattern.test(user_password))) {
        alert(getMessage('PASSWORD IS TOO WEAK: ' + rules));
        return false;
    }
    alert(getMessage('Password is strong enough'));
}

cynlink1 · ‎10-23-2018

Hi Mark,

Thanks for the super prompt response. I was not aware that 'return false' could only be used in 'onSubmit' scripts.

I was trying to use 'onChange' client script because the requirement is to require validation on the password field in two specific scenarios:

1.) Upon new user creation in the client user form

2.) When the password field is updated for an existing user

I do not want to force the password to be updated when other fields on the user form are updated OR during nightly data imports.

Can you help me incorporate this logic?

Thanks,

Cyndi

Mark Stanger · ‎10-23-2018

You can use the 'onChange' script you have currently. There's nothing wrong with that. All I'm suggesting is that if you want to do validation in addition to that to prevent the record from being saved you need to add the 'onSubmit' script as well. If the 'onChange' script was working for everything but the submission just leave it as-is but remove the 'return false;' line.

cynlink1 · ‎10-24-2018

Hi Mark,

Initially, I tried to create an onSubmit script to handle both requirements.

1.) Upon new user creation in the client user form

2.) When the password field is updated for an existing user

It seemed to be working well until I noticed that my using .changed caused errors/problems on other pages (for instance when I was viewing my user profile and attempted to change the view). To work around the error, I decided to create two different client scripts: one for new users and one for existing users.

Here are the details for my original client script which included the problematic .changed:

Table: sys_user

UI Type: Desktop

Type: onSubmit

---------------------------------

---------------------------------