[SalesForce] encrypt the Password in jQuery and decrypt in Apex class

I'm creating the custom login page for customer community. Login page has functionality like, Save Username Password, Remember me.

When I check the Save Username Password while login, then at the time of next login, Username and password field are auto-populate. This implemented by using jQuery and cookies.

When I click remember me then it will skip the login page while next login. this implemented by calling action in <apex:page> which called the controller method while VF page load. controller method check cookies available and login.

I'm storing cookies in jQuery and for remember me functionality login, I'm getting that cookies(Username, Password) in apex class.

Presently In cookies, password is not in encrypt form. Now I've store the password in encrypt form.
How to encrypt the password in jQuery and decrypt the password in apex class.

Calling action in page like : 

<apex:page sidebar="false" controller="demo2Controller" action="{!directlogin}" showheader="false" standardStylesheets="false">

script of Vf Page: 

function submitbtn(){
      var username = $("[id$='username']").val(); 
      var password = $("[id$='password']").val(); 
      if($("[id$='UserPass']").is(":checked")){
            $.cookie('apex__username', username, { expires: 14 });
            $.cookie('apex__password', password, { expires: 14 });
            $.cookie('apex__remember', true, { expires: 14 });
        }
        else  if($("[id$='directlogin']").is(":checked"))
        { 

            $.cookie('apex__username', username, { expires: 14 });
            $.cookie('apex__password', password, { expires: 14 });
            $.cookie('apex__directlogin', true, { expires: 14 });
        }
      console.log($.cookie("apex__password"));
      console.log(CryptoJS.MD5(password));
     //here we have to encrypt the password. 
      $.cookie('apex__encryptpassword', CryptoJS.MD5(password), { expires: 14 });

     controllerMethod();
}

controller part:

public PageReference directlogin(){
Cookie getPass = ApexPages.currentPage().getCookies().get('encryptpassword');
          password =  getPass.getValue();
//here we have to decrypt the password. 
}

Best Answer

It’s probably not the answer you want to hear but this approach sounds everything but safe to be honest. In order to encrypt it you will need a secret. You would need to store this key in sf and then expose it to jquery (NOT SAFE). I would recommend using a password browser extension like LastPass if needed but would never store the password on the client side.

Also, I have never seen the option on any portal/website that allows me to store the password.

Related Topic