GENERATE_PWD is not working properly

If you think that something doesn't work in Aware IM post your message here
Post Reply
JonP
Posts: 287
Joined: Thu Feb 16, 2017 9:49 pm
Location: United States

GENERATE_PWD is not working properly

Post by JonP »

I'm trying to implement forgot password functionality. My code looks like this (encryption removed for testing purposes):

Code: Select all

ThisPerson.Password=GENERATE_PWD(8,15,2,2,2)
ThisPerson.TempURL='https://cm.plantain.io/app/logonOp.aw?domain=Plantain&userName='+ThisPerson.LoginName+'&password='+ThisPerson.Password+'&testingMode=false'
SEND ResetPassword TO ThisPerson
But the passwords that get created look like this: b1ae1a8e8a23e524093a4bb535fa4584

Waaaay too long (in this case 32 characters) and no caps or special characters.
v8.1 on Windows 10 / MySQL 5.6 (local), v8.1 on Windows Server 2016 / MySQL 5.6 (server)
Top
customaware
Posts: 2399
Joined: Mon Jul 02, 2012 12:24 am
Location: Ulaanbaatar, Mongolia

Re: GENERATE_PWD is not working properly

Post by customaware »

Jon,

Have a look at the Password attribute in the Database and tell me what you see.

I suspect your issue is to do with URL Encoding .... but I could be wrong.
Cheers,
Mark
_________________
AwareIM 6.0, 8.7, 8.8, 9.0 , MariaDB, Windows 10, Ubuntu Linux. Theme: Default, Browser: Arc
Upcloud, Obsidian....
Image
Top
idpSteve
Posts: 201
Joined: Thu Jul 27, 2017 6:13 am
Location: Johannesburg, South Africa
Contact:
Contact idpSteve

Re: GENERATE_PWD is not working properly

Post by idpSteve »

Hi Jon.

In case this happens to you - I've had issues in the past with symbols in passwords, I think ones with & or ; if I recall. They sometimes give delimiter errors (I may be remembering incorrectly, or this may have been mobile exclusive, just something to keep in mind..)

For the issue you posted, if you're not too concerned with security why not add another plain text attribute (pwdTxt) and then user.pwdTxt=GENERATE_PWD(10,10,0,10,0) and then user.password=user.pwdTxt. That way you can use pwdTxt in the url perhaps..

Regards,

Steve
Top
himanshu
Posts: 723
Joined: Thu Jun 19, 2008 6:24 am
Location: India
Contact:
Contact himanshu

Re: GENERATE_PWD is not working properly

Post by himanshu »

Hi Jon,

First whenever if we assign any value to Password attribute, AwareIM automatically convert text password to encrypted md5 value. So what you are seeing long value is correct.

Second what Steve had suggested above is another way of doing which will sure work in your scenario. It is better to encrypt the whole url parameters which also contains the actual password value.

something like this
From,
Himanshu Jain


AwareIM Consultant (since version 4.0)
OS: Windows 10.0, Mac
DB: MYSQL, MSSQL
Top
JonP
Posts: 287
Joined: Thu Feb 16, 2017 9:49 pm
Location: United States

Re: GENERATE_PWD is not working properly

Post by JonP »

Thanks guys! I think the mystery is solved. I didn't realize that the password was already encrypted in md5 and the special characters could cause a problem. I'll add an attribute to also save the temp password unencrypted as you suggested. That's not a major security issue since it's only a temp password and the user-defined password will not be exposed.

Code: Select all

ThisPerson.TempURL='https://cm.plantain.io/app/logonOp.aw?e='+ENCRYPT_B64('domain=Plantain&userName='+ThisPerson.LoginName+'&password='+ThisPerson.PasswordTemp+'&testingMode=false&firstCommand=editObject,Person,'+Person.ID)
v8.1 on Windows 10 / MySQL 5.6 (local), v8.1 on Windows Server 2016 / MySQL 5.6 (server)
Top
Post Reply

Return to “Problem reports”