Fieldtype password

Hi forum, I’m using the collection to store some configuration which includes a password. So I tried to use the password fieldtype and I notice it get encrypted when I get the response via API.

Although there is no documentation that explains how the client is supposed to decrypt the value in order to be able to use it. Can you please help?

Thanks,
Danilo

1 Like

I’ve stumbled on your same issue and I’m stuck. I’ve tried to take a look to the source code, maybe it’s hashed here: cockpit/App.php at 83a00d52ff722f8c227e30ef0323f462e6cbafb2 · agentejo/cockpit · GitHub (functions hash and encode).
I’m no PHP/js expert so my knownledge ends here. Maybe you can figure it out…

Thanks @IvanMazzoli

Bad news :frowning: looks like PASSWORD_BCRYPT is hashing and not really encrypting. This means that once hashed the value can’t be de-hashed.
Basically this fieldtype is not fit to purpose. It can only be used for authentication using Cockpit as ISP. Scenario:

  • you save the password and it gets stored hashed
  • customer send password, the same gets first hashed and then verified against what stored (comparing the 2 hashed values and not the real password)

This because hashing is a one-way operation.

In my scenario I need to store external ISP values and what I want to retrive is either the real password value in plain text or the hashed value which i can’t use. I think I need to use a text field and store an custom encrypted value.

Thanks,
Danilo

You could then use GitHub - owldesign/Encrypt: FieldType addon for Cockpit CMS

Thanks a lot, I look into it!