I'm creating the custom login page for customer community. Login page has functionality like, Save Username Password, Remember me.
When I check the Save Username Password
while login, then at the time of next login, Username
and password
field are auto-populate. This implemented by using jQuery and cookies.
When I click remember me then it will skip the login page while next login. this implemented by calling action
in <apex:page>
which called the controller method while VF page load. controller method check cookies available and login.
I'm storing cookies in jQuery and for remember me functionality login, I'm getting that cookies(Username, Password) in apex class.
Presently In cookies, password is not in encrypt form. Now I've store the password in encrypt form.
How to encrypt the password in jQuery and decrypt the password in apex class.
Calling action in page like :
<apex:page sidebar="false" controller="demo2Controller" action="{!directlogin}" showheader="false" standardStylesheets="false">
script of Vf Page:
function submitbtn(){
var username = $("[id$='username']").val();
var password = $("[id$='password']").val();
if($("[id$='UserPass']").is(":checked")){
$.cookie('apex__username', username, { expires: 14 });
$.cookie('apex__password', password, { expires: 14 });
$.cookie('apex__remember', true, { expires: 14 });
}
else if($("[id$='directlogin']").is(":checked"))
{
$.cookie('apex__username', username, { expires: 14 });
$.cookie('apex__password', password, { expires: 14 });
$.cookie('apex__directlogin', true, { expires: 14 });
}
console.log($.cookie("apex__password"));
console.log(CryptoJS.MD5(password));
//here we have to encrypt the password.
$.cookie('apex__encryptpassword', CryptoJS.MD5(password), { expires: 14 });
controllerMethod();
}
controller part:
public PageReference directlogin(){
Cookie getPass = ApexPages.currentPage().getCookies().get('encryptpassword');
password = getPass.getValue();
//here we have to decrypt the password.
}
Best Answer
It’s probably not the answer you want to hear but this approach sounds everything but safe to be honest. In order to encrypt it you will need a secret. You would need to store this key in sf and then expose it to jquery (NOT SAFE). I would recommend using a password browser extension like LastPass if needed but would never store the password on the client side.
Also, I have never seen the option on any portal/website that allows me to store the password.