Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Gary Cheetham 20 posts 144 karma points
    Mar 31, 2017 @ 09:33
    Gary Cheetham
    0

    How come I can do member.RawPasswordValue and get a plain text password?

    I'm creating members in a SurfaceController like this:

    private readonly Umbraco.Core.Services.IMemberService _memberService;
    
    // .....
    
    public IMember CreateMember(Models.Member member)
    {
        return _memberService.CreateWithIdentity(member.Username, member.EmailAddress, member.Password, "member");
    }
    

    Having created members like this, the following code:

    IMember member = _memberService.FindByEmail(email, 0, 1, out totalRecords).Single();
    
    return member.RawPasswordValue
    

    And get a plaintext password out of Umbraco!

    I think there could be a couple of things going on here.

    • Umbraco expects me to hash the password before creating the member. In this case, how can I use the same API to hash passwords that the backoffice is using, so that members created from the backoffice and my endpoint will be using the same hashing function?

    • Umbraco isn't hashing the passwords because I'm running locally in debug mode?

    Thanks in advance 👍

    Gary

  • Steven Harland 78 posts 518 karma points c-trib
    Mar 31, 2017 @ 11:03
    Steven Harland
    101

    Hi Gary,

    If you look at the documentation for the CreateWithIdentity method you'll see that it expects you to pass it the already encrypted/hashed password: https://github.com/umbraco/Umbraco-CMS/blob/db414e8045d0a455dae568a4f67675eab6c3ccef/src/Umbraco.Core/Services/MemberService.cs#L850

    Have a look at this article: http://24days.in/umbraco-cms/2015/membership-apis-investigation/

    It seems that when using the MemberService you need to set the password after the member has been persisted:

    newMember = service.CreateWithIdentity("[email protected]", "[email protected]", "Mike Bowen", "MyMemberType");
    service.Save(newMember);
    service.SavePassword(newMember, "24DaysInUmbraco");
    

    Another option would be to use MembershipHelper.RegisterMember (see the article above for details).

    Hope this helps.

    Steven

  • Gary Cheetham 20 posts 144 karma points
    Mar 31, 2017 @ 11:04
    Gary Cheetham
    0

    Thanks Steven,

    I'll take a look at this.

    Best Regards, Gary

  • Sebastiaan Janssen 5052 posts 15505 karma points MVP admin hq
    Mar 31, 2017 @ 14:09
    Sebastiaan Janssen
    0

    To set the password use MemberService.SavePassword after creating the member.

  • Biagio Paruolo 1599 posts 1830 karma points c-trib
    Dec 07, 2022 @ 17:39
    Biagio Paruolo
    0

    And today?

Please Sign in or register to post replies

Write your reply to:

Draft