Autologin using javascript

Questions and discussion about using ProcessMaker 2: user interface, running cases and functionality
Forum rules: Please search to see if a question has already been asked before posting. Please don't ask the same question in multiple forums.
 Reply

Autologin using javascript

By Devashree
 Fri Sep 21, 2018 4:36 pm #816222
I am using React to create an application and I require to implement single sign on in it. I went through the processmaker documentation and found a method to get access_token for autologin .However, I want to use a password from my database for the specific user who is currently logged in . Since the passwords are hashed and saved in the database, my response is incorrect. Is there a way to pass the hashed password and get the response appropriately.

here is my code

var req = new XMLHttpRequest()

var data = JSON.stringify({
"grant_type": "password",
"scope": "*",
"client_id": "GVCTZYMGEURRYPNYWCKNBLELCKDECFDP",
"client_secret": "5919799805ba10487e631f5001254717",
"username":username,
"password":password
})
req.open('POST', 'http://192.168.0.198/workflow/oauth2/token');


req.setRequestHeader('Content-type', 'application/json');

req.onreadystatechange = function () {
if (req.readyState == 4 && req.status == 200) {
console.log(req.responseText);
var response = JSON.parse(req.responseText);
console.log(response.access_token)
}
}
req.send(data);


It works fine when I use unhashed password, but it does not work if I use the hashed one from the database
User avatar

Re: Autologin using javascript

By amosbatto
 Fri Sep 21, 2018 8:40 pm #816224
Unfortunately, ProcessMaker doesn't provide a way to login using the hashed password from the database. You have to use the unhashed password. If you are using ProcessMaker 3.2.1 or earlier, you can login with the hashed password using web services. See:
https://wiki.processmaker.com/3.0/Proce ... e_Database

Of course that limits you to using just WSDL web services.
By the way, the ability to login with the hashed password in web services was removed in PM 3.2.2 for security reasons. (I frankly don't think that there was really a security issue, but I couldn't convince the dev team.)

Here are 3 possible solutions:
1. Login to ProcessMaker using oAuth2 with the unhashed password at the same time that your user logs into your Native React app, so you have a double login.
2. Write your own AJAX code to login to the database and verify the login using the hashed password in the database.
3. You can edit the source code of the RbacUsers::verifyLogin() function defined in rbac/engine/classes/model/RbacUsers.php to verify the login using the hashed password.
 Reply
 Return to “Using ProcessMaker 2”
Want to create your own meme coin?

In the world of cryptocurrencies, a unique and exc[…]

READ MORE
Make Your Cryptocurrency Exchange Business A Successful One!

The market for cryptocurrencies is demonstrating a[…]

READ MORE
What's SAP FICO?

Embarking on a dissertation can be one of the most[…]

READ MORE
How to optimize your rental software?

Hello. For rental housing, there are software solu[…]

READ MORE
VIEW MORE TOPICS