[NLj015]

Hello, i have a problem using pm3 oauth2/token when i call the login with password encrypted with MD5, we worked a lot of process and clients with PM3.1.X, PM3.2.1 for a lot of time but, we upgraded to PM323 y the services return error.

usually we called correctly to the services PM3.2.1 with the parameters :
//key //Value
grat_typo3 : password
scope : *
client_id : HY.........
client_secret : 67.........
username : admin
password : md5:049a6..........

but with PM323 return error:
{
"error": "invalid_grant",
"error_description": "Invalid username and password combination"
}

now in Pm323 if we use the password without MD5 like "12345asdf" it's worked, but we need that PM323 acept the password with MD5.

plis, you can help about this.


Saludos

[NLj015]

Hello, as additional information

In the verifyHashPassword method of class class.bootstrap.php, the call to $ RBAC is always returning NULL, which prevents login with Hash.


Saludos

[NLj015]

Has there been any news of this ????

[amosbatto]

Unfortunately, the Dev team decided that allowing login with the MD5 hash was a security hole and it is not allowed in version 3.2.2 and later. I was unable to convince the Dev team that ProcessMaker users need this feature.

Please explain why you need to be able to login with the MD5 hash. Maybe hearing from actual users of ProcessMaker will convince them that removing this feature is a mistake.

[NLj015]

Unfortunately, the Dev team decided that allowing login with the MD5 hash was a security hole and it is not allowed in version 3.2.2 and later. I was unable to convince the Dev team that ProcessMaker users need this feature.

Please explain why you need to be able to login with the MD5 hash. Maybe hearing from actual users of ProcessMaker will convince them that removing this feature is a mistake.

Thanks, we adapted