The CreatorCon Call for Content is officially open! Get started here.

Previous Password Validation

Go to solution
vamsisai
Tera Guru

‎12-04-2017 10:19 AM

Hi All,

We are trying to use the Password Reset Application, when user resetting their password is there any way can we validate the new password with previously used six passwords.

find_real_file.png find_real_file.png

we want to validate the new password with previously used six passwords in password reset page as well as in password change page, it looks like we don't have access to login_cpw page in instance. Can any one please let me know your inputs to achieve this functionality.

Regards,

Vamsi.

Preview file
24 KB
Preview file
41 KB
0 Helpfuls
  • 4,086 Views
1 ACCEPTED SOLUTION

Go to solution
SD29
Tera Expert

‎12-04-2017 10:48 AM

Hi Vamsi,



we have recently used the same on our client instance.


we have created a new list field as password history on the user table to store the password history and hidden it from the form.



To achieve this we need to update the script of installation exists:



gs.include("PrototypeServer");




var ValidatePasswordStronger = Class.create();


ValidatePasswordStronger.prototype = {



process : function() {


var user_password = request.getParameter("user_password");


var min_len = 8;



//minimum 1 day validation


var gr = new GlideRecord("sys_user");


if (gr.get(gs.getUserID())) {



var gdt = new GlideDateTime(gr.u_password_last_reset);


gdt.getDisplayValue();



var diff = gs.dateDiff(gdt.getDisplayValue(),gs.nowDateTime(),true);



//var diff = gs.dateDiff(gr.u_password_last_reset,gs.nowDateTime(),true);


//gs.addInfoMessage('gr.u_password_last_reset ' + gr.u_password_last_reset + 'the diff ' + diff);


if(diff < 86400)//1 day


{


gs.addErrorMessage('Password reset is allowed only after One day that the password was last changed');


return false;


}


}



var rules = gs.getMessage("Password must be at least {0} characters long and contain a digit, an uppercase letter, and a lowercase letter.", min_len);



if (user_password.length() < min_len) {


gs.addErrorMessage(gs.getMessage("TOO SHORT") + ": " + rules);


return false;


}



var digit_pattern = new RegExp("[0-9]", "g");


if (!digit_pattern.test(user_password)) {


gs.addErrorMessage(gs.getMessage("DIGIT MISSING") + ": " + rules);


return false;


}



var upper_pattern = new RegExp("[A-Z]", "g");


if (!upper_pattern.test(user_password)) {


gs.addErrorMessage(gs.getMessage("UPPERCASE MISSING") + ": " + rules);


return false;


}



var lower_pattern = new RegExp("[a-z]", "g");


if (!lower_pattern.test(user_password)) {


gs.addErrorMessage(gs.getMessage("LOWERCASE MISSING") + ": " + rules);


return false;


}



//password history validation


var gr1 = new GlideRecord("sys_user");


if (gr1.get(gs.getUserID())){


var _gaChkSum = new GlideChecksum(user_password + gs.getUserID()); /// Generate MD5 Password


var arr = [];


var first = false;


arr = gr1.u_password_history.split(',');


if(arr.length == undefined ){     ////// If there is no previous password then add fist password


arr = [];


arr.push(_gaChkSum.getMD5());


first = true;


}



if(arr.length >= 1 && first == false){ /// check for previous password


var list = arr.toString();



if(list.indexOf(_gaChkSum.getMD5()) != -1){


gs.addErrorMessage('The Password You Have Entered Matches With One of the Previous Eight Passwords');


return false;               /// if this matches with previous password.


}else{


if(arr.length == 8){   /////// Here you can decide the lenght of the previous password


delete arr[0];


}


arr.push(_gaChkSum.getMD5());


}


}


gr1.u_password_history = arr.toString();


gr1.setWorkflow(false);


gr1.autoSysFields(false);


gr1.update();


}


return true; // password is OK


},


};



Thanks,


SD


View solution in original post

7 REPLIES 7

Go to solution
dvp
Mega Sage

‎12-04-2017 10:22 AM

I think password validations are being done in ValidatePasswordStronger installation exits file..


Go to solution
DrewW
Mega Sage
In response to dvp

‎12-04-2017 10:33 AM

Was not thinking of this from the point of view of a local ServiceNow account....   You are correct in your statement.


0 Helpfuls

Go to solution
DrewW
Mega Sage

‎12-04-2017 10:29 AM

So if you are using AD then a password change honors password history and that is all set in AD and there is nothing you can do to look at those values that I am aware of.   As for doing it before the user clicks the button you will have to use the Password rule script on the Credential Store to check it.   But that means you are going to have to store each users last 6 passwords that they have used and I do not think thats going to work out because there are many ways a user can change a password for Windows.   Its also going to give you a point of vulnerability to have a users password history stored in ServiceNow.


0 Helpfuls

Go to solution
SD29
Tera Expert

‎12-04-2017 10:48 AM

Hi Vamsi,



we have recently used the same on our client instance.


we have created a new list field as password history on the user table to store the password history and hidden it from the form.



To achieve this we need to update the script of installation exists:



gs.include("PrototypeServer");




var ValidatePasswordStronger = Class.create();


ValidatePasswordStronger.prototype = {



process : function() {


var user_password = request.getParameter("user_password");


var min_len = 8;



//minimum 1 day validation


var gr = new GlideRecord("sys_user");


if (gr.get(gs.getUserID())) {



var gdt = new GlideDateTime(gr.u_password_last_reset);


gdt.getDisplayValue();



var diff = gs.dateDiff(gdt.getDisplayValue(),gs.nowDateTime(),true);



//var diff = gs.dateDiff(gr.u_password_last_reset,gs.nowDateTime(),true);


//gs.addInfoMessage('gr.u_password_last_reset ' + gr.u_password_last_reset + 'the diff ' + diff);


if(diff < 86400)//1 day


{


gs.addErrorMessage('Password reset is allowed only after One day that the password was last changed');


return false;


}


}



var rules = gs.getMessage("Password must be at least {0} characters long and contain a digit, an uppercase letter, and a lowercase letter.", min_len);



if (user_password.length() < min_len) {


gs.addErrorMessage(gs.getMessage("TOO SHORT") + ": " + rules);


return false;


}



var digit_pattern = new RegExp("[0-9]", "g");


if (!digit_pattern.test(user_password)) {


gs.addErrorMessage(gs.getMessage("DIGIT MISSING") + ": " + rules);


return false;


}



var upper_pattern = new RegExp("[A-Z]", "g");


if (!upper_pattern.test(user_password)) {


gs.addErrorMessage(gs.getMessage("UPPERCASE MISSING") + ": " + rules);


return false;


}



var lower_pattern = new RegExp("[a-z]", "g");


if (!lower_pattern.test(user_password)) {


gs.addErrorMessage(gs.getMessage("LOWERCASE MISSING") + ": " + rules);


return false;


}



//password history validation


var gr1 = new GlideRecord("sys_user");


if (gr1.get(gs.getUserID())){


var _gaChkSum = new GlideChecksum(user_password + gs.getUserID()); /// Generate MD5 Password


var arr = [];


var first = false;


arr = gr1.u_password_history.split(',');


if(arr.length == undefined ){     ////// If there is no previous password then add fist password


arr = [];


arr.push(_gaChkSum.getMD5());


first = true;


}



if(arr.length >= 1 && first == false){ /// check for previous password


var list = arr.toString();



if(list.indexOf(_gaChkSum.getMD5()) != -1){


gs.addErrorMessage('The Password You Have Entered Matches With One of the Previous Eight Passwords');


return false;               /// if this matches with previous password.


}else{


if(arr.length == 8){   /////// Here you can decide the lenght of the previous password


delete arr[0];


}


arr.push(_gaChkSum.getMD5());


}


}


gr1.u_password_history = arr.toString();


gr1.setWorkflow(false);


gr1.autoSysFields(false);


gr1.update();


}


return true; // password is OK


},


};



Thanks,


SD