Hi all,
I’m working on a project where I have a DataShape that includes a field with the base type PASSWORD.
In my implementation, I use the following logic to hash and encrypt the password:
Add User Service (loginPassword basetype is PASSWORD in datashape)
result = Things[userDataTable].CreateValues();
result.AddRow({
loginName: loginName.toUpperCase(),
firstName: firstName,
lastName: lastName,
language: language,
emailAddress: emailAddress.toLowerCase(),
hashedLoginName: me.SHA256({
toHash: loginName.toUpperCase()
}),
groups: groups,
loginPassword: Resources["EncryptionServices"].EncryptPropertyValue({
data: me.SHA256({
toHash: loginPassword
})
})
});
//me.UserDataBase
Things[userDataTable].AddDataTableEntry({ values: result });
User Login Service
const serviceName = "userLogin";
const LOG_PREFIX = me.name + " :: " + serviceName + " :: ";
const userDataTable = "Project_" + Location + "_Users.DT";
logger.info(LOG_PREFIX + "Start Service");
let returnToken = {};
let hashedLoginName = me.SHA256({ toHash: loginName.toUpperCase() });
let hashedLoginPassword = true ? loginPassword : me.SHA256({ toHash: loginPassword });
returnToken.result = false;
let dateNow = Date.now();
let loginTokenExpireDate = dateNow +(me.tokenExpireTime*1000);
let hashedToken = me.SHA256({ toHash: dateNow + loginName.toUpperCase() });
try{
let EntryExists = Things[userDataTable].GetDataTableEntryByKey({ key: hashedLoginName });
logger.info("tip"+ EntryExists.rows[0]);
if(EntryExists && EntryExists.rows[0].hashedLoginName == hashedLoginName && EntryExists.rows[0].loginPassword == hashedLoginPassword){ //EntryExists.rows[0].loginPassword
returnToken.loginToken = hashedToken;
returnToken.result = true;
returnToken.loginTokenExpireDate = loginTokenExpireDate;
returnToken.groups = EntryExists[0].groups.ToJSON().rows;
returnToken.firstName = EntryExists[0].firstName;
returnToken.lastName = EntryExists[0].lastName;
returnToken.permission = EntryExists[0].permission;
EntryExists[0].loginToken = hashedToken;
EntryExists[0].loginTokenExpireDate = loginTokenExpireDate;
Things[userDataTable].UpdateDataTableEntry({ values: EntryExists });
}
}catch(e){}
//result = "this Token : '" + hashedToken + "' is created at this time: " + new Date(dateNow) + " and will expires at " + new Date(expireDateToken);
result = returnToken;
logger.info(LOG_PREFIX + "End Service");
SHA 256
The following SHA-256 algorithm has been implemented in the Experience app.
https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/digest
UserLogout
const serviceName = "userLogout";
const LOG_PREFIX = me.name + " :: " + serviceName + " :: ";
const userDataTable = "Project_" + Location + "_Users.DT";
logger.info(LOG_PREFIX + "Start Service");
let returnToken = {};
returnToken.result = false;
returnToken.loginTokenExpireDate = "Token already expired!";
try{
//me.UserDataBase
let EntryExists = Things[userDataTable].QueryDataTableEntries({
query: {
"filters": {
"type": "EQ",
"fieldName": "loginToken",
"value": loginToken
}
} /* QUERY */
});
if(EntryExists && EntryExists.rows[0].loginToken == loginToken && new Date(Date.now()) < EntryExists.loginTokenExpireDate){
EntryExists.loginTokenExpireDate = '';
EntryExists.loginToken = '';
//me.UserDataBase
Things[userDataTable].UpdateDataTableEntry({
values: EntryExists /* INFOTABLE */
});
returnToken.result = true;
returnToken.loginTokenExpireDate = "Token got deleted!";
}
}catch(e){}
result = returnToken;
logger.info(LOG_PREFIX + "End Service");
Problem
Now, I’m trying to migrate this data to another ThingWorx server, using an import/export mechanism (e.g., DataTable export).
However, on the new server, the encrypted password doesn’t seem to work or decrypt properly. Even when I change the base type to STRING instead of PASSWORD, it still doesn't work.
I suspect the issue might be:
Something related to how encrypted properties (especially PASSWORD fields) are tied to a specific platform instance or keystore?
Or maybe EncryptPropertyValue() doesn’t produce a transferable string between servers?
🧩 What I’ve Tried
My Questions
Is it possible to export a PASSWORD-typed value from one server to another in a usable form?
What is the best way to securely transfer hashed or encrypted credentials between servers without breaking the structure?
Any insights or official guidance would be much appreciated
Thanks in advance!
