Announcing the Global SNUG Board of Directors. Learn more here

Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Decrypting a value to set as password not working

Go to solution
ahaz86
Mega Guru

‎02-27-2015 09:04 AM

Hello,

As part of a requirement for creating certain users we have a form which asks for a password that upon submission is encrypted using GlideEncrypter().

The problem is when I try to decrypt the value and set it as the password it is not working correctly as the decrypted value does not work as the password.

Below is the code I use to decrypt and set the password.

var Encrypter = new GlideEncrypter();


var decrypted = Encrypter.decrypt(current.variables.password);






var gu = new GlideRecord('sys_user');


gu.initialize();


gu.user_name = current.variables.headless_id;


gu.first_name = current.variables.headless_id;


gu.last_name = current.variables.headless_id;


gu.email = current.variables.email_address;


gu.user_password.setDisplayValue(decrypted.toString());


//gu.user_password.setDisplayValue(decrypted);


//gu.user_password.setValue(decrypted);


gu.user_password.setDisplayValue(decrypted.toString());


gu.insert();

If I do not encrypt the password this script works fine though.

Any thoughts on this?

0 Helpfuls
  • 13,091 Views
1 ACCEPTED SOLUTION

Go to solution
tltoulson
Tera Guru
Tera Guru

‎02-27-2015 07:28 PM

Hi Alexander,



The problem is that line 2 above sets the decrypted variable as what I am assuming is a Java string.   Calling toString on that object, likewise, returns another string.   If you do a typeof decrypted it will return "object" and not 'string'.   The setDisplayValue function expects a string and apparently has no idea how to handle the object it is given.   The solution is to add + '' which forces a type conversion to a javascript string that setDisplayValue can use.   Thus, the following function should work for you:



var Encrypter = new GlideEncrypter(); 



var decrypted = Encrypter.decrypt(current.variables.password); 






var gu = new GlideRecord('sys_user'); 



gu.initialize(); 



gu.user_name = current.variables.headless_id; 



gu.first_name = current.variables.headless_id; 



gu.last_name = current.variables.headless_id; 



gu.email = current.variables.email_address; 



gu.user_password.setDisplayValue(decrypted + ''); 



gu.insert();


I hope this helps.



Kind regards,



Travis


View solution in original post

7 REPLIES 7

Go to solution
tltoulson
Tera Guru
Tera Guru

‎02-27-2015 07:28 PM

Hi Alexander,



The problem is that line 2 above sets the decrypted variable as what I am assuming is a Java string.   Calling toString on that object, likewise, returns another string.   If you do a typeof decrypted it will return "object" and not 'string'.   The setDisplayValue function expects a string and apparently has no idea how to handle the object it is given.   The solution is to add + '' which forces a type conversion to a javascript string that setDisplayValue can use.   Thus, the following function should work for you:



var Encrypter = new GlideEncrypter(); 



var decrypted = Encrypter.decrypt(current.variables.password); 






var gu = new GlideRecord('sys_user'); 



gu.initialize(); 



gu.user_name = current.variables.headless_id; 



gu.first_name = current.variables.headless_id; 



gu.last_name = current.variables.headless_id; 



gu.email = current.variables.email_address; 



gu.user_password.setDisplayValue(decrypted + ''); 



gu.insert();


I hope this helps.



Kind regards,



Travis


Go to solution
ahaz86
Mega Guru
In response to tltoulson

‎02-28-2015 04:39 AM

The way I solved this was in my script include I made sure to convert to a string prior to passing back to the workflow script.


0 Helpfuls

Go to solution
pavanw3b
Giga Contributor

‎07-21-2015 08:35 AM

This works only if the Password field is "Password (2 way encrypted)". The password1 is one way and the Encrypter().decrypt() won't work on it.



Also, GlideEncrypt() is not accessible in Scoped applications on Fuji and later. Please use gr.field.getDecryptedValue() instead. While testing on Scripts - Background, make sure you choose scope to the custom application scope. It returns undefined on global if you query a custom scope table.



Thanks,


Pavan,


Security Engineer, ServiceNow


pavanw3b | A w3b Security Guy


Go to solution
will_smith
Mega Guru
In response to pavanw3b

‎12-23-2015 09:30 AM

Hi Pravan, I am having some troubles getting my business rule to decrypt a Password2 field I am testing on my demo instance. I have added a Password2 (256-bit) field to the Incident table and set a basic password. Now, how do I go about decrypting it? I have read through this wiki Encryption Support - ServiceNow Wiki   which talks about Encryption, but I don't see a section on decryption.



Then I went to the field level material and found the following on the Introduction to Fields - ServiceNow Wiki   page.


Password (2 Way Encrypted)Text field that stores passwords with two-way encryption. Two-way encryption stores the password as a secure encrypted value that can be decrypted programmatically within the instance.

I have attempted to put your script into a BR (before) but it's not decrypting, I think it just needs some tweaking.


Thanks for all your help!


0 Helpfuls