Password reset extension script includes

Password reset scripts allow you to extend password reset functionality by creating your own credential store, verification, and identification types, and by adding operations to password reset processes.

A script include is associated with a specific category, which is available in the appropriate field of a password reset form. For information on how to use the password reset script includes, see Create an extension script.

The ServiceNowplatform installs several scripts in each category. You can use them as-is or as a template for creating custom scripts. For a description of these scripts, see Script includes installed with Password Reset.
Note: You should create new extension scripts only from the Password Reset Extension Script form (Password Reset > Extensions > New extension script). Extension scripts are special purpose script includes that should not be created in the System Definition > Script Includes interface.

Use these script includes for customizing a password reset process.

Table 1. Password reset script includes
Script include Description Method signature Input fields Outputifields Example
Enrollment Check Checks whether a user is enrolled for a given verification. process(params) Parameters:
  • params.userId - The sys_id of the user to check (table: sys_user).
  • params.verificationId - The sys_id of the verification to check (table: pwd_verification).
Returns: (boolean) true, if the user is enrolled in the specified verification; otherwise, false. This example signals that the user is enrolled if both expected parameters are supplied. The code would be contained in the Script field of an extension script named SampleEnrollmentCheck:
var SampleEnrollmentCheck  = Class. create ( ) ;
SampleEnrollmentCheck. prototype = {
  category : 'password_reset.extension.enrollment_check' , // DO NOT REMOVE THIS LINE!
 
   /**********
   * Returns boolean telling whether the user is enrolled.
   * This sample returns true if both parameters are supplied, false otherwise 
   *
   * @param params.userId         The sys-id of the user being checked (table: sys_user)
   * @param params.verificationId The sys-id of the verification being checked (table: pwd_verification)
   * @return Boolean indicating whether the user is enrolled into the specified verification
   **********/
  process : function (params ) { return (params. userId && params. verificationId ) ? true : false ; } ,
 
  type : 'SampleEnrollmentCheck' } ;
Enrollment Form Processor Checks whether all necessary information has been collected from the user. Stores the information so it can be used for verification when the user resets his or her password. process(params) Parameters:
  • params.resetRequestId - The sys_id of the current password reset request (table: pwd_reset_request).
  • params.userId - The sys_id of the user to be verified (table: sys_user).
  • params.verificationId - The sys_id of the verification to be processed (table: pwd_verification).
  • request - The form request object. Fields in the form can be accessed with request.getParameter('<element-id>').
The following information should be added to the state of the enrollment process:
  • gs.getSession().putProperty("result.status",status) - Whether the user was successfully enrolled.
  • gs.getSession().putProperty("result.message",message) - An associated message to be returned to the UI, such as a detailed error message.
  • gs.getSession().putProperty("result.value",value) - A custom value associated with the enrollment.
Returns: (boolean) true, if the user is enrolled in the specified verification; otherwise, false. This example processes an enrollment form submission successfully if the user-submitted response was success. The code would be contained in the Script field of an extension script named SampleEnrollmentProcessor:
var SampleEnrollmentProcessor  = Class. create ( ) ;
SampleEnrollmentProcessor. prototype = {
    category : 'password_reset.extension.enrollment_form_processor' , // DO NOT REMOVE THIS LINE!
 
     /**********
    * Process the enrollment form request, and return whether the user was successfully enrolled.
    * 
    * @param params.userId         The sys_id of the user trying to enroll (table: sys_user)
    * @param params.verificationId The sys_id of the verification to be enrolled into (table: pwd_verification)
    * @param params.enrollmentId   The sys_id of this enrollment process
    * @param request               The form request object. Felds in the form can be accessed with
    *                                           request.getParameter('<element-id>')
    * @return boolean telling whether the user was successfully enrolled
    * The following information should be added to the state of the enrollment process
    *     gs.getSession().putProperty("result.status",status) - whether the user was successfully enrolled
    *     gs.getSession().putProperty("result.message",message) - an associated message to be returned 
    *             to the UI. Eg. a detailed error message
    *     gs.getSession().putProperty("result.value",value) - custom value associated with the enrollment
    **********/
    processForm : function (params , request ) { var verificationId  = params. verificationId ; var sampleInput  = request. getParameter ( 'sample_input' ) ;
 
	 if (gs. nil (verificationId ) || (sampleInput  != 'success' ) ) { return false ; }
 
	 var gr  = new GlideRecord ( 'sys_user' ) ;
	gr. get (params. userId ) ;
	gs. print ( 'User: ' +  gr. getValue ( 'user_name' ) + ' successfully enrolled' ) ; return true ; } ,
    type : 'SampleEnrollmentProcessor' } ;
Identification Form Processor Processes an identification form request. processForm(params, request) Parameters:
  • params.processId - The sys_id of the calling password reset process (table: pwd_process).
  • request - The form request object. Fields in the form can be accessed with request.getParameter('<element-id>'). Use request.getParameter('sysparm_user_id') to get the user ID that was entered into the form.
Returns: the sys_id of the user that corresponds to the requested input; if no user was found, returns null. This example attempts to identify the user within the sys_user table given a user name submitted from the identification form. The code would be contained in the Script field of an extension script named PwdIdentifyViaUsername:
var PwdIdentifyViaUsername  = Class. create ( ) ;
PwdIdentifyViaUsername. prototype = {
    category : 'password_reset.extension.identification_form_processor' , // DO NOT REMOVE THIS LINE!
 
    initialize : function ( ) { } ,
 
   /**********
   * Process the identification form request, and returns the user's sys_id. If user was not identified return null.
   *
   * @param params.processId   The sys_id of the calling password reset process (table: pwd_process)
   * @param request            The form request object. fields in the form can be accessed with
   *  request.getParameter('<element-id>')
   *  Supported request parameters: sysparm_user_id - the user identifier value entered in the form                       
   * @return The sys_id of the user that corresponds to the requested input; 
   *  if no user was found, null should be returned
   **********/
   processForm : function (params , request ) { var processId  = params. processId ; var sysparm_user_id  = request. getParameter ( 'sysparm_user_id' ) ;
      gr  = new GlideRecord ( 'sys_user' ) ;
      gr. addQuery ( 'user_name' , sysparm_user_id ) ;
      gr. query ( ) ; if ( !gr. next ( ) ) { return null ; } return gr. sys_id ; } ,
 
    type : 'PwdIdentifyViaUsername' }
Password Generator Returns an auto-generated password. process(params) Parameters:
  • params.processId - The sys_id of the calling password reset process (table: pwd_process).
Returns: (String) an auto-generated password.
This example randomly generates a password from a base word and numbers. The base word is selected depending on the credential store. The code would be contained in the Script field of an extension script named SamplePasswordGenerator:
var SamplePasswordGenerator  = Class. create ( ) ;
SamplePasswordGenerator. prototype = {
  category : 'password_reset.extension.password_generator' , // DO NOT REMOVE THIS LINE!
 
   /**********
   * Returns an auto-generated string password.
   * This sample randomly generates 4 digits to add to the password.
   * 
   * @param params.credentialStoreId The sys_id of the target password reset credential store to generate 
   *  a password for (table: pwd_cred_store)
   * @return An auto-generated string password
   **********/
  process : function (params ) { var basePassword ;
 
	 var gr  = new GlideRecord ( 'pwd_cred_store' ) ;
	gr. addQuery ( 'name' , 'Local ServiceNow Instance' ) ;
	gr. query ( ) ; if (gr. next ( ) ) { if (params. credentialStoreId == gr. getValue ( 'sys_id' ) )
			basePassword  = "Password" ; else
			basePassword  = "Dorwssap" ; } return this. generateSimple (basePassword ) ; } ,
 
  generateSimple  : function (base ) { var pwd  = base ; var numbers  = '0123456789' ; var length  = 4 ;
 
     for ( var i  = 0 , n  = numbers. length ; i  < length ; i ++ ) {
        pwd  += numbers. charAt (Math. floor (Math. random ( ) * n ) + 1 ) ; } return pwd ; } ,
 
  type : 'SamplePasswordGenerator' } ;
Post Reset Performs additional operations after the completion of the password reset process. process(params) Parameters:
  • params.resetRequestId - The sys_id of the calling password reset process (table: pwd_process).
  • params.wfSuccess - A flag indicating whether the workflow completed successfully. True if, and only if, successful.
Returns: void This example adds failed reset requests to the system log. The code would be contained in the Script field for an extension script named PwdPostProcessor':
var PwdPostProcessor  = Class. create ( ) ;
 
PwdPostProcessor. prototype = {
    category : 'password_reset.extension.post_reset_script' , // DO NOT REMOVE THIS LINE!
 
    initialize : function ( ) { } ,
 
     /**********
    * Execute custom actions after the password reset process has completed.
    * 
    * @param params.resetRequestId The sys_id of the current password reset request (table: pwd_reset_request)
    * @param params.wfSuccess      A flag indicating if the workflow completed sucessfully. 
    *  True if (and only if) successful.
    * @return no return value
    **********/
    process : function (params ) { if ( !params. wfSuccess ) {
           gs. log ( '[PwdPostProcessor.process] failure post processing for request [' + params. resetRequestId + ']' ) ; }
 
         // We could place actions here that we always want executed return ; } ,
 
    type : 'PwdPostProcessor' }
User Account Lookup Gets the credential store account ID for a given user. process(params) Parameters:
  • params.userId - The sys_id of the user being checked (table: sys_user).
Returns: (String) the credential store account ID for the given user. This example gets the credential store account for a user. This code would be contained in the Script field of an extension script named SampleUserAccountLookupExtension:
var SampleUserAccountLookupExtension  = Class. create ( ) ;
SampleUserAccountLookupExtension. prototype = {
  category : 'password_reset.extension.user_account_lookup' , // DO NOT REMOVE THIS LINE!
 
   /**********
  * Returns the credential store account id for a given user.
  * This sample echoes the user_id supplied as the credential store account id for that user.
  * 
  * @param params.userId  The sys_id of the user being checked (table: sys_user)
  * @return               The credential store account id (string) for a given user
  **********/
  process : function (params ) { return params. userId ; } ,
 
  type : 'SampleUserAccountLookupExtension' }
Verification Form Processor Processes a verification form request and indicates whether the user was verified or not. processForm(params, request) Parameters:
  • params.resetRequestId - The sys_id of the current password reset request (table: pwd_reset_request).
  • params.userId - The sys_id of the user to be verified (table: sys_user).
  • params.verificationId - The sys_id of the verification to be processed (table: pwd_verification).
  • request - The form request object. Fields in the form can be accessed with request.getParameter('<element-id>').
Returns: (boolean) true, if the user is verified; otherwise, false. This example shows a verification processor that returns true only if the user sent ok in the input field; otherwise, it returns false. The code would be contained in the Script field of an extension script named SampleVerificationFormProcessor:
var SampleVerificationFormProcessor  = Class. create ( ) ;
SampleVerificationFormProcessor. prototype = {
  category : 'password_reset.extension.verification_form_processor' , // DO NOT REMOVE THIS LINE!
 
   /**********
   * Process the verification form request, and return whether the user was successfully verified.
   * This is a sample verification processor returns true only if the user sent "ok" in the input field; 
   *  otherwise, it returns false.
   * 
   * @param params.resetRequestId The sys_id of the current password reset request (table: pwd_reset_request)
   * @param params.userId         The sys_id of the user trying to be verified (table: sys_user)
   * @param params.verificationId The sys_id of the verification to be processed (table: pwd_verification)
   * @param request               The form request object. Fields in the form can be accessed with
   *  request.getParameter('<element-id>')
   * @return Boolean indicating whether the user is successfully verified
   **********/
  processForm : function (params , request ) { if (request. getParameter ( "sysparm_simple_input" ) == "ok" ) return true ; else return false ; } ,
 
  type : 'SampleVerificationFormProcessor' } ;