Question

How to make a custom password check

0

Is it possible to compare the password of a User to an input string? I know you can't compare a string to a hashedstring in a microflow, but is this possible using a java action or something like that?

asked 2015-06-19

Jan Goessens

3 answers

Roeland Salij · Answer 1 · 2015-06-19

Yes, you can do this using Java.

MendixHashString password = (MendixHashString ) __account.getMember(this.getContext(), "Password");
return password.verifyValue(this.getContext(), this.unhashedPassword);

this.unhashedPassword could be a parameter of a custom java action and take the value of an input box.

from https://forum.mendix.com/questions/3720/HashString-comparison-with-SSHA256-hash-algorithm

Sebastiaan van den Broek · Answer 2 · 2015-06-19

I'm not sure what exactly you want to check for in the passwords, just always a fixed string? Coming from where? If you don't need to compare against a password history then you can relatively safely write your own password setting microflow that just puts the initial password into a non-hashed string, run some checks and then puts it in the hashed string and empties the old contents. This is also what Herbert suggests in the answer that Roeland linked (though not in so many words)

A feature could be that Mendix allows you to register a microflow as a pre-hashing hook so it's a little more automated, but right now that's not a feature that exists.

If you do want to compare password history then you'll have to store copies of the password in a special history table when the user changes a password. Then you can verify against those with the code that is in that answer.

Ronald Catersels · Answer 3 · 2015-06-19

Take a look at this app https://appstore.home.mendix.com/link/app/1011/Mendix/Encryption With this module you can encrypt or decrypt the password and then to the compare.

Regards,

Ronald