I followed this tutorial to create dynamic email settings stored on db.
https://kayike.medium.com/enable-unique-and-dynamic-smtp-mail-settings-for-each-user-laravel-48e320d381ec
The only problem is that the password is not encrypted. I would like to encrypt it before storing on db and decrypt it before using on MailServiceProvider.
I tried to use bcrypt but it can't be de-crypted. Any suggestions?
Thanks
see the docs for encryption: https://laravel.com/docs/8.x/encryption
encrypting password:
$encrypted = crypt::encryptString($password);
//store this to database
decrypting password:
$decrypted_password = crypt::decryptString($encrypted);
//use this for mailer settings
Note: don't forget to use namespace Illuminate\Support\Facades\Crypt;
in the controller
Additional Note for bcrypt:
encryption-decryption is different than hashing, bcrypt is a hashing formula which can't be decrypted (one way process).
I want to simulate the password reset service for service now users from an external application and I have installed Password Reset - Orchestration Add-on plugin on my servicenow developer instance. Along with this I can see a list of Pwd Reset APIs on my REST explorer (e.g pwd_init, pwd_verify, etc). I went through the documentation available on this documentation page but I'm at a loss to understand what the request payload would be like if I'm trying to call these APIs from an external service like Postman. I wanted something similar this api documentation.
Can anyone help me with this?
Use the Table APIs to do this.
In order to reset a user's password, you basically want to update the user_password field of the user record from sys_user table.
Method: PUT/PATCH
http://<instance>/api/now/table/{tableName}/{sys_id}
here tableName will be sys_user and sys_id will be the sys_id of the user's record in sys_user table.
The body of the API request should be something like this:
{
"user_password": "resetpasswordtext"
}
Bear in mind that this will reset the user's password but the new password will not be "resetpasswordtext". So the user will not be able to login using "resetpasswordtext".
To actually set the password for a user via API, same table API as above can be used. But in order to store the password properly encrypted in the database, below query parameter should be added in the request URL to set the password.
sysparm_input_display_value=true
So the API call will be
Method: PUT/PATCH
http://<instance>/api/now/table/{tableName}/{sys_id}?sysparm_input_display_value=true
BODY: {
"user_password": "newpassword"
}
Now the text "newpassword" can be used by the user to login to the instance.
hope it helps in your use case.
so, my use case did not involve using the Password reset API, but for those of you interested in generating a new password externally, then making an api call to set that as the new password for that user, then here is acode sample that is based on Milind's answer above:
Python3
def change_password_snow(user, pwd, new_pwd, snow_url, sys_id):
# Set the request parameters
url = snow_url + sys_id
# Set proper headers
headers = {"Content-Type":"application/xml","Accept":"application/json"}
# Set query params
params = {"sysparm_input_display_value": "true", "sysparm_fields": "user_password"}
# Do the HTTP request
response = requests.patch(url, auth=(user, pwd), headers=headers, params=params, data=f"<request><entry><user_password>{new_pwd}</user_password></entry></request>")
return response
Setup on ServiceNow
For this to work, the user you are authenticating with in ServiceNow needs to have Admin privileges.
Either that, or modify the sys_user.user_password ACLs to allow non admin users to read and write to that field if they have a role that you select. For my use case, I created a custom role and attached it to that user.
I am using PHP 5.5.27 and Codeigniter3 to developed my code.
I used password_hash() to encrypt my password and store it in database. Also password varchar(255) is column size.
When I entered plain (unhashed) password then codeigniter validation run properly. But If I used hashed password (in text format) then form validation fails. Also If I used wrong password then also it works properly.
How can I solve this problem and make it work for hashed password also?
Laravel 5.0
I want to encrypt some data in the database using not only the application key but also the users password or any other string that HE will provide.
The reason is that i want only him to be able to decrypt the data.
How would i go about it?
-Use Javascript and encrypt the password locally and then send it to the server?
or
-Send the text that user enters directly to the server?
All traffic will be upon HTTPS
// Encrypt
$key = md5(Config::get('app.key') . $userString);
Crypt::setKey($key);
$encypted = Crypt::encrypt($input);
// decrypt
$key = md5(Config::get('app.key') . $userString);
Crypt::setKey($key);
$decypted = Crypt::decrypt($encypted);
I am using authlogic for authentication through API
I want to implement if user forgot his password then api send an autogenerated password to user's email account , I don't want to send instructions for password resetting to user email
I am not getting how to update password in database for that user record.
I have tried to reset password this way
#user.password = Params[:password]
#user.password_confirmation = params[:password_confirmation]
I searched alot not getting what exactly it needs to set password this way and I search in authlogic documentation but not getting whether these will be helpful for me.
thanks