UI page custom login and redirect

Bernie · ‎05-28-2022

Hi, i am working on configuring a ui page as a custom login into our application and am struggling for results. My ui page loads ,accepts data, and then only refreshes. I grab the input data and store it with my client script, then call a script include in order to decrypt the password and then id like to just check that decrypted pass is the same as input pass and finally redirect to our page if it is confirmed, however i seem to be having trouble with the script include. I cannot even verify that the script include is being called or run as no matter what i try i do not have access to anything within the class at any point it seems. html is onclick=validate()

most of the elements work, im just running into problems with the script include and I have tried a wide variety of random solutions to try to get it to work and none of them have even been consistently failing right

not yet concerned about the redirect, just struggling mostly on getting pass decrypted through include

script include

client script

Markus Kraus · ‎05-29-2022

I am not 100% sure what you are trying to achieve, but if you want to make this page public (accessible by not-logged-in users) you have to make the following adjustments:

Add the UI Page to the public pages (sys_public.list)

Add the following to your script include

isPublic: function (} {
  return true;
},

The GlideRecord calls in the Client Script will afaik not work if you try this for an unauthenticated (not logged in) user.

Instead, consider doing the whole authentication check inside your script include (adjust credentialTable/userNameField/passwordField in the initialize according to your needs):

var passwordDecryptor = Class.create();
passwordDecryptor.prototype = Object.extendsObject(global.AbstractAjaxProcessor, {
	
	initialize: function(request, responseXML, gc) {
		global.AbstractAjaxProcessor.prototype.initialize.apply(this, arguments);

		this.credentialTable = 'x_772220_mcp_porta_sla_user';
		this.userNameField = 'username';
		this.passwordField = 'password';
	},
	
	validate: function () {
		var credGr = new GlideRecord(this.credentialTable);
		credGr.addQuery(this.userNameField, this.getParameter('user_name'));
		credGr.setLimit(1);
		credGr.query();
		if (credGr.next()) {
			var password = this.getParameter('password') || '';
			if (credGr[this.passwordField].getDecryptedValue() == password) {
				return JSON.stringify({ success: true });
			}
			
			return JSON.stringify({
				success: false,
				message: 'Invalid password'
			});
		}
		
		return JSON.stringify({
			success: false,
			message: 'Unknown user'
		});
	},
	
	isPublic: function () {
		return true;
	},

    type: 'passwordDecryptor'
});

And this is the client script in the UI Page (replace user_name and password with user/pass - just according to your needs):

function validate() {
	var ga = new GlideAjax('passwordDecryptor');
	ga.addParam('sysparm_name', 'validate');
	ga.addParam('user_name', gel('user').value);
	ga.addParam('password', gel('pass').value);
	ga.getXMLAnswer(function (response) {
		response = JSON.parse(response);
		if (response.success) {
			alert('User name and password are valid!');
		} else {
			alert(response.message);
		}
	});
}

Im not a crypto expert, but please consider this Challenge-response-authentication to safely transmit passwords (and this only requires you to store a hash of the password).

View solution in original post

Bernie · ‎06-10-2022

thank you so much for your assistance. the problem ended up being in gliderecord. For whatever reason, all the glide record functions ran, but no matter where they were, they were preventing the script include from running "addparam". I do not know how or why, but removing the ".addQuery" and ".next" and instead substituting then for ".get" fixed the issue. again not sure what was cauding the hangup, but that was the fix. Thank you for the very efficient code, I am planning on sampling a lot of it in the production instance!!!

Markus Kraus · ‎06-11-2022

You're welcome! Please make sure to not use the GlideRecord API in Client Scripts though.

If the script examples helped you, feel free to mark them as the solution to this thread so if another community member faces the same problem, he can see it faster.

Walker King · ‎06-11-2022

Hey there,

I was about to say the same. I want to make Custom UI login page for my website visitor or customer through they can direct login to website. Review my website Custom battery Pack Manufacturer

legendupdates · ‎08-18-2022

I have seen your post now I would like you to please visit this stuff and I am sure your all queries will be sorted. Thank you

SDas217 · ‎09-22-2023

Hi, were you able to resolve your issue? if so, how?