Community Spring Cleaning week is here! Join your fellow Maveryx in digging through your old posts and marking comments on them as solved. Learn more here!

Dev Space

Customize and extend the power of Alteryx with SDKs, APIs, custom tools, and more.
SOLVED

Decrypting Passwords using Python SDK

chrisha
11 - Bolide

In my plugin GUI created with the HTML GUI SDK, I have a field for passwords:

 

 

// --- main.js ---
// ...

function setupItem(manager, AlteryxDataItems, name, element, password = false) {
    // Create a new DataItem for Alteryx
    var dataItem = new AlteryxDataItems.SimpleString(name)
    dataItem.setValue("")
    dataItem.setPassword(password)

    // Add DataItem to Alteryx Manager
    manager.addDataItem(dataItem)

    // Connect input to DataItem
    element.change((event) => dataItem.setValue(element.val()))

    // If we have a password, we need to asynchronous get the password
    dataItem.registerPropertyListener('value', function(propertyChangeEvent) {
        element.val(propertyChangeEvent.value)
    })
}

Alteryx.Gui.BeforeLoad = (manager, AlteryxDataItems, json) => {
    setupItem(manager, AlteryxDataItems, "userPassword", $("#password"), true)
}
Alteryx.Gui.AfterLoad = (manager) => {}

The password is stored, persistent and I can easily use it in the HTML frontend for connecting to an API.

 

 

My backend, however, is supposed to rely on the Python SDK in which I cannot get the decrypted password:

 

 

    def pi_init(self, str_xml: str):
        """
        Called when the Alteryx engine is ready to provide the tool configuration from the GUI.
        :param str_xml: The raw XML from the GUI.
        """
        setting_tree = Et.fromstring(str_xml)

        # Getting the user-entered settings from the GUI
        self.username = setting_tree.find("userEmail").text
        self.password = self.alteryx_engine.decrypt_password(setting_tree.find("userPassword").text, 0)

        self.alteryx_engine.output_message(self.n_tool_id, Sdk.EngineMessageType.error,
                                            'Password: {}'.format(self.password))

Sending the decrypted password through the output message is certainly wrong, but used here only for testing purposes. The documentation (https://help.alteryx.com/developer/current/Python/use/AlteryxEngineClass.htm) gives me three options for the decryption. Value 0 as above does not work, yielding the error

 

Spoiler
Error: Data Hub Import (v1.0) (2): Traceback (most recent call last):
File "SKOPOSDataHubImport_v1.0Engine.py", line 43, in pi_init
RuntimeError: DecryptPassword only works with User and Machine encrypted passwords.

For values 2 and 3 I get no error, but still an encrypted password.

 

If I read @TashaA's post here correctly, the API method for decrypting passwords should be available in 2018.2 - am I missing something?

 

25 REPLIES 25
RuchikaMangla
8 - Asteroid

Hi @TashaA 

 

Can I pass this decrypted password to the connection string to connect to the database in python? If not, then could you please suggest how can I do that?

 

Any help would be appreciable!! Thanks in advance

 

RuchikaMangla
8 - Asteroid

Hi @chrisha 

 

to me also, it is giving me only encoded string, How can I retrieve the same string which I entered in the textbox?

I need to use it to connect to the database.

 

Thanks!

TashaA
Alteryx Alumni (Retired)

Hi there @RuchikaMangla !

 

You need to use the decrypt password method. It is documented here:

https://help.alteryx.com/current/developer-help/alteryxengine-python-class

 

 

Best,

Tasha

NicolasSz
11 - Bolide

Hi @chrisha ,

 

Did you find a workaround for it ? 

It's really bad that server does not handle all features that designer does. We have to leave password as free text for now which is really not ok...

 

Thanks,

chrisha
11 - Bolide

Nope, still not working. We have written our own obfuscation function to have at least some protection, but - I agree - this is not very good.

NicolasSz
11 - Bolide

I did the same in fact ! But the password is still visible in the XML which is really not great. 

I hope the alteryx Server team will look at it soon because this is a big defect. 

And technically, with macro you can have password encrypted in a text box and it works in both designer and server...

 

Thanks,