Generating Passwords


Searching for an OOB* feature to generate User passwords, I have found the example below.

var username = 'itil';

var password = SNC.PasswordPolicyEvaluator.generateUserPassword(username);
gs.info(password); // to view the password

If we try to access the SNC API in a Scoped Application it will not work because it is designed for System Administrators. They can run scripts within the Global scope. 

Last month while participating as a Hacktoberfest maintainer I had the chance to evaluate a contribution regarding password generation:


var PasswordGenerator = Class.create();
PasswordGenerator.prototype = {
    initialize: function() {},

    //
    // Input: Minimum password length that is required
    // Returns a random password for the min length specified
    //
    generate: function(givenPasswordLength) {
        var specials = '!@#$%&*()_+<>[].~';
        var lowercase = 'abcdefghijklmnopqrstuvwxyz';
        var uppercase = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ';
        var numbers = '0123456789';
        var all = specials + lowercase + uppercase + numbers;

        String.prototype.pick = function(min, max) {
            var n, chars = '';
            if (typeof max === 'undefined') {
                n = min;
            } else {
                n = min + Math.floor(Math.random() * (max - min));
            }
            for (var i = 0; i < n; i++) {
                chars += this.charAt(Math.floor(Math.random() * this.length));
            }
            return chars;
        };


        String.prototype.shuffle = function() {
            var array = this.split('');
            var tmp, current, top = array.length;

            if (top)
                while (--top) {
                    current = Math.floor(Math.random() * (top + 1));
                    tmp = array[current];
                    array[current] = array[top];
                    array[top] = tmp;
                }
            return array.join('');
        };

        //adjust the pick numbers here to increase or decrease password strength
        var ent = givenPasswordLength - 4;
        if (ent < 0) {
            ent = 0;
        }

        var password = (specials.pick(1) + lowercase.pick(1) + uppercase.pick(1) +
                        numbers.pick(1) + all.pick(ent)).shuffle();
        return (password + '');
    },


    type: 'PasswordGenerator'
};

You can create the Script Include above in a Scoped Application. 

Let's test it from the Scripts - Background in our PDI**:

var helper = new PasswordGenerator(); 
var result = helper.generate(20); // password length
gs.info("Password: " + result);

I approved the contribution because despite the fact there is an OOB feature to generate User passwords, this one is specially useful because: 

1) We can specify the password length to be generated;
2) It runs on Scoped Applications;
3) We have many websites on the Internet capable of generating passwords but it is not a good idea to rely on unknown websites to generate your password, right?
4) GlideEncrypter API is deprecated and should not be used


Thank you.


____
*OOB means already developed functionality by ServiceNow developers
**PDI stands for Personal Developer Instance
Hacktoberfest contribution Generates a random password with a specified length
There is a plugin called ServiceNow Vault which is not in this article scope

Comments

Post a Comment

Popular posts from this blog

Hacktoberfest

Image
I just completed the #ServiceNowHacktoberfest by having 4 contributions accepted! - Service Portal is a single place for everyone to access information, services and different applications. For my first contribution   (1068)  I shared a use case to get a parameter from the URL and use it into an Ajax call, recovering information from the database to show within the User Interface. - For my second pull request   (1069) I talked about best practices, explaining how to safely update a record. If we're not cautious with this kind of programming we can accidentally insert records instead of updating them. - For my third contribution   (1085)  I explained how to validate a field provided within a Catalog Item/Record Producer so that the date can't be in the past.  - The last one   (1093) was about fixing a direct reference to the Choice table. This is an internal table and it is not best practice to reference that table directly when you are crea...
Read more

When the student is ready the teacher will appear

Image
It is been an exciting adventure working as a ServiceNow professional for the past four years.  I was studying about Cloud Computing long ago and when the chance to work with the platform emerged in 2021, I grabbed it with both hands. My previous experience as a software developer was good and bad at the same time. I'll try to explain what happened about my coding skills when applied to the development process. 2021 -  The 1st year : At first I started coding everything. Record Producer logic & validation was in Client Scripts and all back-end logic in Script Includes. After many NowLearning courses and navigating the community I understood how to use UI Policies to do things (Mandatory, Read-Only, Show/Hide fields) instead of putting everything on Client Scripts. Besides that my understanding of Business Rules reached a decent level. 2022 -  The 2nd year : I invested time learning about ITIL and it was a game changer.  Before every deployment to the test instanc...
Read more

VIDEO How to fix a reference to the Choice [sys_choice] table

Image
        The Choice table is used internally by the platform and depending on the payload of an operation, for performance reasons the platform can decide that it is better to drop the table and insert all the values instead of perform updates on specific records.       When we insert a new record in a table, a new sys_id is generated. If we have the Choice table as a reference to provide choices for a particular field in our table, these choices will be lost every time the platform decides to recreate the Choice table.       A simple way to avoid this problem is to create a field of  type Choice  which indirectly uses the Choice table but it is the right way, or we can create our own table to maintain the Application choices.       Recently I received the mission to do exactly this: create a private choice table for an Application.    ...
Read more