Jump to content

Creating User with already hashed password


blackeye1987
 Share

Recommended Posts

Hi everyone,

i want to create a user on the fly with sso,

i recieve the password already hashed and want to save the user without having the password hashed by processwire afterwards.

so far i could leave it rehashed in the database as long as the customer does not want to allow the users to use the direct loginmask.

but if that changes, i would be in trouble.

so is there a processwire way to do this or do i have to put the user in manually.

i know we will have someone intelligent helping me out here :D

Link to comment
Share on other sites

@blackeye1987

Thanks for posting. Like adrian, I'm not sure I understand what you want to do. When you say "I receive the password already hashed" do you mean that this sso system does its own hashing on account creation and at login and passes those password hashes through to the app (PW in this case) and that you just want to do a compare of their login hash with whatever you stored as the hash verbatim?

Link to comment
Share on other sites

One approach might be to add an extra field to the user template, something like "sso_hash" and have your sso login handler compare against that field. You'd also need it to take similar actions to the ProcessLogin.mondule ___execute() routine in order to setup the session if successful.

If your customer ever wants to allow direct login via PW's login form then they'll have to (at some point) provide you with the un-hashed, raw, passwords for users so that you can set PWs password field with its correctly hashed version of the password. You may want to ask if they will ever be willing to do this because, if they aren't, you may as well use the sso hash as the user password and just live with the double hashing.

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...