CODEWITHSUNDEEP
javascriptswiftparse-platformparse-cloud-code
nick9999
nick9999

Reputation: 601

Retrieving a users password in Cloud Code

Is it possible to retrieve a users password in Cloud Code by using myUser.get("password")? I'm even using the master key and I still can't retrieve it.

Update:

 PFCloud.callFunctionInBackground("updateUser", withParameters: ["username" : username, "newPassword" : newPasswordText.text, "currentPassword" : currentPasswordText.text, "operation" : 2]) {
            (positions: AnyObject!, error: NSError!) -> Void in
            if error == nil {

                    self.navigationController?.popToRootViewControllerAnimated(true)
            }

            else {

                let errorAlert = UIAlertController (title: "Error", message: "Invalid current password", preferredStyle: UIAlertControllerStyle.Alert)

                let actionCancel = UIAlertAction (title: "Dismiss", style: .Cancel, handler: nil)

                errorAlert.addAction(actionCancel)

                self.presentViewController(errorAlert, animated: true, completion: nil)

            }
        }

Parse.Cloud.define("updateUser", function(request, response) {
// Set up to modify user data
Parse.Cloud.useMasterKey();
var query = new Parse.Query(Parse.User);
query.equalTo("username", request.params.username);
query.first({

        success: function(myUser) {

      var password = myUser.get("password");

        if (request.params.operation == 1) {

            myUser.set("password", request.params.newPassword);

        }

        else if (request.params.operation == 2 && password == request.params.currentPassword) { 

          myUser.set("password", request.params.newPassword);

        }

        else {

            response.error(password);
        }

            myUser.save(null, {

                success: function(myUser) {
                    // The user was saved successfully.
                    response.success("Successfully updated user.");
                },

                error: function(myUser, error) {
                    // The save failed.
                    // error is a Parse.Error with an error code and description.
                    response.error("Could not save changes to user.");
                }
            });

    },

    error: function(error) {
            alert("Error: " + error.code + " " + error.message);
    }
});
});

Upvotes: 3

Views: 892

Answers (1)

picciano
picciano

Reputation: 22701

The password is stored as a one-way hashed value in Parse and is not retrievable no matter what permissions are set. It can only be compared with the hashed value of another potential password, but you can still never get back to the original password.

If the user has put in their email address, you can request the password reset process.

Parse.User.requestPasswordReset("[email protected]", {
  success: function() {
    // Password reset request was sent successfully
  },
  error: function(error) {
    // Show the error message somewhere
    alert("Error: " + error.code + " " + error.message);
  }
});

Upvotes: 1

Related Questions