Retrieving a users password in Cloud Code

Question

Is it possible to retrieve a users password in Cloud Code by using myUser.get("password")? I'm even using the master key and I still can't retrieve it.

Update:

 PFCloud.callFunctionInBackground("updateUser", withParameters: ["username" : username, "newPassword" : newPasswordText.text, "currentPassword" : currentPasswordText.text, "operation" : 2]) {
            (positions: AnyObject!, error: NSError!) -> Void in
            if error == nil {

                    self.navigationController?.popToRootViewControllerAnimated(true)
            }

            else {

                let errorAlert = UIAlertController (title: "Error", message: "Invalid current password", preferredStyle: UIAlertControllerStyle.Alert)

                let actionCancel = UIAlertAction (title: "Dismiss", style: .Cancel, handler: nil)

                errorAlert.addAction(actionCancel)

                self.presentViewController(errorAlert, animated: true, completion: nil)

            }
        }

Parse.Cloud.define("updateUser", function(request, response) {
// Set up to modify user data
Parse.Cloud.useMasterKey();
var query = new Parse.Query(Parse.User);
query.equalTo("username", request.params.username);
query.first({

        success: function(myUser) {

      var password = myUser.get("password");

        if (request.params.operation == 1) {

            myUser.set("password", request.params.newPassword);

        }

        else if (request.params.operation == 2 && password == request.params.currentPassword) { 

          myUser.set("password", request.params.newPassword);

        }

        else {

            response.error(password);
        }

            myUser.save(null, {

                success: function(myUser) {
                    // The user was saved successfully.
                    response.success("Successfully updated user.");
                },

                error: function(myUser, error) {
                    // The save failed.
                    // error is a Parse.Error with an error code and description.
                    response.error("Could not save changes to user.");
                }
            });

    },

    error: function(error) {
            alert("Error: " + error.code + " " + error.message);
    }
});
});

@DanFromGermany It's something I'm doing in cloud code...I never send the password back to any devices. I have a "change password" feature in my app and I ask the user to enter their current password before saving. I send that to the cloud and want to check that the password is valid so the password can be changed. — nick9999, Mar 03 '15 at 20:02
Hey nick, please update your question with the information from the comment. Question gets more clear then :-) — Daniel W., Mar 03 '15 at 20:11
@DanFromGermany I have updated the code. First section is my Swift code, section part is the Cloud Code. — nick9999, Mar 03 '15 at 20:16

score 1 · Answer 1 · answered Mar 03 '15 at 20:27

The password is stored as a one-way hashed value in Parse and is not retrievable no matter what permissions are set. It can only be compared with the hashed value of another potential password, but you can still never get back to the original password.

If the user has put in their email address, you can request the password reset process.

Parse.User.requestPasswordReset("email@example.com", {
  success: function() {
    // Password reset request was sent successfully
  },
  error: function(error) {
    // Show the error message somewhere
    alert("Error: " + error.code + " " + error.message);
  }
});

I know this is a possibility...I was trying to avoid it just because in the context of my app, this isn't the best way to go but I guess I have no choice! — nick9999, Mar 03 '15 at 20:35

Retrieving a users password in Cloud Code

1 Answers1