MODX modUser rehashing passwords - My Forums

MODX modUser rehashing passwords

pyrographics — Oct 04, 2018, 10:14 PM

I am writing a single sign on script and have it working for the most part however the passwords coming in are already pbkdf2 hashed. Using modUser ->set('password', 'hashed-password') appears to be automatically applying another hash to the password which breaks it. Is there any simple way to stay within xPDO and avoid a raw mysql query to insert the user's password?

Re: MODX modUser rehashing passwords

BobRay — Oct 06, 2018, 03:45 AM

I'm glad I could help. Thanks for reporting back.

Re: MODX modUser rehashing passwords

pyrographics — Oct 05, 2018, 01:19 PM

Quote from: BobRay at Oct 04, 2018, 11:02 PM

Try this:
$user->_setRaw('password', $value);
You may have to mess around with the salt to get it to validate correctly. Worst case, you can use a plugin to bypass the normal validation and validate the user yourself.

Bob, that worked perfectly. Both the salt and the hashed password are provided so it is a drop-in situation. Thank you so much for your assistance.

Re: MODX modUser rehashing passwords (Best Answer)

BobRay — Oct 04, 2018, 11:02 PM

Try this:

$user->_setRaw('password', $value);

You may have to mess around with the salt to get it to validate correctly. Worst case, you can use a plugin to bypass the normal validation and validate the user yourself.

Re: MODX modUser rehashing passwords

nuan88 — Oct 04, 2018, 10:49 PM

Would it be possible to un-hash the passwords before feeding them in? Because Modx is going to hash those for security