Jump to content

Clear password before encryption


AndZyk
 Share

Recommended Posts

Hello,

can somebody tell me, if it is possible to get the clear password of an InputfieldPassword inside a module, before it is encrypted?

I have made a custom module which sets the password of an Auth0User after the hook publishReady with a random generated password. When I try to get a clear password from a InputfieldPassword in this hook, it is of course already encrypted (which is of course good). But is there a hook before the encryption, so I could get it one time to send it to Auth0?

If there is not such thing, could be another possibility to add a jQuery script to get the value directly from the DOM and save it somewhere temporarily?

I know this might be an unusual question, but I would appreciate any feedback. :)

Regards, Andreas

Link to comment
Share on other sites

Hook before/after Password::setPass() method instead? Keep in mind that this hook is called before page publish (while setting value for a password field)

/**
 * Set the 'pass' to the given value
 * 
 * @param string $value
 * @throws WireException if given invalid $value
 *
 */
protected function ___setPass($value) {

    // if nothing supplied, then don't continue
    if(!strlen($value)) return;
    if(!is_string($value)) throw new WireException("Password must be a string"); 

    // first check to see if it actually changed
    if($this->data['salt'] && $this->data['hash']) {
        $hash = $this->hash($value);
        if($this->isBlowfish($hash)) $hash = substr($hash, 29);
        // if no change then return now
        if($hash === $this->data['hash']) return; 
    }

    // password has changed
    $this->trackChange('pass');

    // force reset by clearing out the salt, hash() will gen a new salt
    $this->data['salt'] = ''; 

    // generate the new hash
    $hash = $this->hash($value);

    // if it's a blowfish hash, separate the salt from the hash
    if($this->isBlowfish($hash)) {
        $this->data['salt'] = substr($hash, 0, 29); // previously 28
        $this->data['hash'] = substr($hash, 29);
    } else {
        $this->data['hash'] = $hash;
    }
}

 

  • Like 2
  • Thanks 1
Link to comment
Share on other sites

1 minute ago, AndZyk said:

and saved it into a session variable to pass it between my module functions

Why not use a variable defined in the module class, eg:

protected $clearPassword

and populated via:

$this->clearPassword

in the hook's function. This will be available throughout the module's functions.

This is what I did in my EmailNewUser that I linked to above.

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...