function getEntityByCustomDataFieldValue(entityType,fieldName,fieldValue) {
var qry = “SELECT e.[Name] FROM [Entities] e JOIN [EntityTypes] et on et.[Id] = e.[EntityTypeId] JOIN [EntityCustomFields] cf on cf.[EntityTypeId] = e.[EntityTypeId] CROSS APPLY OPENJSON(e.[CustomData]) WITH (jsonName varchar(50) ‘$.Name’, jsonValue varchar(50) ‘$.Value’) jsonData WHERE et.[Name] = '”+entityType+"’ AND cf.[Name] = ‘"+fieldName+"’ AND jsonName = ‘FOB’ AND jsonValue=’"+fieldValue+"’";
var userName = sql.Query(qry).First;
return userName || ‘NOTFOUND’;
}
I also have the entity list Employees and the custom field FOB
Can you show the entity tag screen showing the field names, entity type?
Do you get any errors?
Id sugest trying the sql code in sql manager replacing the “+entityType+”, “+fieldName+” and “+fieldValue+” with string values that would be used in samba.
Type shouldn’t matter for a simple where =
There is defiantly a entity with that fob value?
What do you get back? Maybe remove the || NOTFOUND and put call in a show message or ask question to see what your getting back.
Where are you using the call?
I believe the problem is that the script isnt working, so when a FOB is entered it doesnt find it and return a wrong pin number message. Users can log in with their normal user numbers (the 4 digit pin).
Yes but your presumably catching invalid default user pins entered, the normal user pins should always work else you could messup automation and not be able to login…
So if you enter an invalid pin which isnt normal user pin or a ‘second’ pin it gives an error message?
But a pin configured in entity for FOB returns nothing?
If it returns message for invalid pin this is not default setup so is part of your automation.
If entering invalid pin/fob number gives message the script is doing something.
This is why I said add a show message or ask question action to show the value returned by the script call so you can validate it.
What does the message say? if its anything other than ‘NOTFOUND’ the message is part of your automation and your triggering based on that response.
So the problem (without seeing what the script is returning) could be your automation to login using the returned value.
Without seeing your setup its not possible to say for sure.
SELECT e.[Name] FROM [Entities] e JOIN [EntityTypes] et on et.[Id] = e.[EntityTypeId] JOIN [EntityCustomFields] cf on cf.[EntityTypeId] = e.[EntityTypeId] CROSS APPLY OPENJSON(e.[CustomData]) WITH (jsonName varchar(50) '$.Name', jsonValue varchar(50) '$.Value') jsonData WHERE et.[Name] = 'Employees' AND cf.[Name] = 'FOB' AND jsonName = 'FOB' AND jsonValue='123456789'
Q is wiz and SQL and have tried script with different fields on database on this machine and works.
So check the script directly that your getting what you expect then check with message in samba that its working and returning as expected in samba.
Hi…as per my experience adding dual pins may solve your issue but we shouldn’t add a specific feature for every case we encounter. Maybe we should execute a script when a pin entry does not match to allow custom logins. I am not saying this will be a better solution but such approach will also be useful for user-entity method.
@BilHonan not sure if you missed the beginning of the topic but this is what was done. Emre added a rule event to allow us to catch invalid pin entry and abolility to login with an action allowing a bypass for default pin with a second pin.
Finally got round to trying to improve my idea for dual pin.
Was thinking I could use the new password field in user however it looks to be hashed in database. @emre can I ask what hash type you have used so I can hash the incorrect pin and check against password?
The values in the column look to be prefixed with some stings separated by $
See V1 so guessing you have left open for adaption to alternative hash methods in the future?
Looking at what I guess is the hashed password it looks more complex than md5 etc, guessing they are salted too?
I understand password field is not set to require being unique so plan to only return first result to prevent issue or maybe call via a script and make it not login if returns more than one.
I may change to sha256 in the future but his is how we verify passwords atm.
public static bool Verify(string password, string hashedPassword)
{
//check hash
if (!IsHashSupported(hashedPassword))
{
throw new NotSupportedException("The hashtype is not supported");
}
//extract iteration and Base64 string
var splittedHashString = hashedPassword.Replace("$SPHASH$V1$", "").Split('$');
var iterations = int.Parse(splittedHashString[0]);
var base64Hash = splittedHashString[1];
//get hashbytes
var hashBytes = Convert.FromBase64String(base64Hash);
//get salt
var salt = new byte[SaltSize];
Array.Copy(hashBytes, 0, salt, 0, SaltSize);
//create hash with given salt
var pbkdf2 = new Rfc2898DeriveBytes(password, salt, iterations);
byte[] hash = pbkdf2.GetBytes(HashSize);
//get result
for (var i = 0; i < HashSize; i++)
{
if (hashBytes[i + SaltSize] != hash[i])
{
return false;
}
}
return true;
}
Thanks for the info, going to need to research some of those functions LOL.
Unless you perhaps might happen to have a snippet of Jscript to just create the hashed value given original user entered password by chance?
