The CreatorCon Call for Content is officially open! Get started here.

Previous Password Validation

Go to solution
vamsisai
Tera Guru

‎12-04-2017 10:19 AM

Hi All,

We are trying to use the Password Reset Application, when user resetting their password is there any way can we validate the new password with previously used six passwords.

find_real_file.png find_real_file.png

we want to validate the new password with previously used six passwords in password reset page as well as in password change page, it looks like we don't have access to login_cpw page in instance. Can any one please let me know your inputs to achieve this functionality.

Regards,

Vamsi.

Preview file
24 KB
Preview file
41 KB
0 Helpfuls
  • 4,086 Views
1 ACCEPTED SOLUTION

Go to solution
SD29
Tera Expert

‎12-04-2017 10:48 AM

Hi Vamsi,



we have recently used the same on our client instance.


we have created a new list field as password history on the user table to store the password history and hidden it from the form.



To achieve this we need to update the script of installation exists:



gs.include("PrototypeServer");




var ValidatePasswordStronger = Class.create();


ValidatePasswordStronger.prototype = {



process : function() {


var user_password = request.getParameter("user_password");


var min_len = 8;



//minimum 1 day validation


var gr = new GlideRecord("sys_user");


if (gr.get(gs.getUserID())) {



var gdt = new GlideDateTime(gr.u_password_last_reset);


gdt.getDisplayValue();



var diff = gs.dateDiff(gdt.getDisplayValue(),gs.nowDateTime(),true);



//var diff = gs.dateDiff(gr.u_password_last_reset,gs.nowDateTime(),true);


//gs.addInfoMessage('gr.u_password_last_reset ' + gr.u_password_last_reset + 'the diff ' + diff);


if(diff < 86400)//1 day


{


gs.addErrorMessage('Password reset is allowed only after One day that the password was last changed');


return false;


}


}



var rules = gs.getMessage("Password must be at least {0} characters long and contain a digit, an uppercase letter, and a lowercase letter.", min_len);



if (user_password.length() < min_len) {


gs.addErrorMessage(gs.getMessage("TOO SHORT") + ": " + rules);


return false;


}



var digit_pattern = new RegExp("[0-9]", "g");


if (!digit_pattern.test(user_password)) {


gs.addErrorMessage(gs.getMessage("DIGIT MISSING") + ": " + rules);


return false;


}



var upper_pattern = new RegExp("[A-Z]", "g");


if (!upper_pattern.test(user_password)) {


gs.addErrorMessage(gs.getMessage("UPPERCASE MISSING") + ": " + rules);


return false;


}



var lower_pattern = new RegExp("[a-z]", "g");


if (!lower_pattern.test(user_password)) {


gs.addErrorMessage(gs.getMessage("LOWERCASE MISSING") + ": " + rules);


return false;


}



//password history validation


var gr1 = new GlideRecord("sys_user");


if (gr1.get(gs.getUserID())){


var _gaChkSum = new GlideChecksum(user_password + gs.getUserID()); /// Generate MD5 Password


var arr = [];


var first = false;


arr = gr1.u_password_history.split(',');


if(arr.length == undefined ){     ////// If there is no previous password then add fist password


arr = [];


arr.push(_gaChkSum.getMD5());


first = true;


}



if(arr.length >= 1 && first == false){ /// check for previous password


var list = arr.toString();



if(list.indexOf(_gaChkSum.getMD5()) != -1){


gs.addErrorMessage('The Password You Have Entered Matches With One of the Previous Eight Passwords');


return false;               /// if this matches with previous password.


}else{


if(arr.length == 8){   /////// Here you can decide the lenght of the previous password


delete arr[0];


}


arr.push(_gaChkSum.getMD5());


}


}


gr1.u_password_history = arr.toString();


gr1.setWorkflow(false);


gr1.autoSysFields(false);


gr1.update();


}


return true; // password is OK


},


};



Thanks,


SD


View solution in original post

7 REPLIES 7

Go to solution
Community Alums
Not applicable
In response to SD29

‎02-05-2018 07:29 AM

Hello snow123@,



Unfortunately it doesn't look that secure, as you store your user's passwords as checksum and not as encrypted value. MD5 is not safe way to do it.



Best regards,


Lukasz Pilch


0 Helpfuls

Go to solution
Mario Preciado
Tera Contributor
In response to SD29

‎07-28-2020 07:21 PM 

good night.

Would you be so kind as to indicate all the steps to follow for the implementation of this process since you do not mention how the passwords are stored in the field that you create for the history or if this history is created every time the password is updated, another question but what happens if the field that is created is encrypted by service or you can continue accessing it
Regards.
0 Helpfuls

Go to solution
vamsisai
Tera Guru

‎12-06-2017 09:01 AM

Hi,



i tried to implement the same functionality for password change inside the toll and it's not working as expected, could you please let me know where i need to make changes to achieve the correct functionality, right now before changing the password itself above code is adding password to the list and in validation it is throwing error that password is already used. Please let me know where i'm doing wrong.



Regards,


Vamsi.


0 Helpfuls