Get User Password for Validation

How to retrieve the user password for some validation like password should not same as old password?

I tried this way but got an error:

image934×626 64.3 KB

In SQL i got the response as :

image1285×625 45.2 KB

This is the Sql of above report

SELECT doctype, `name`, fieldname, `password`, encrypted
FROM `__Auth`
WHERE doctype = 'User'
AND fieldname = 'password'

If password not stored in encrypted as shown in report as encrypted = 0 then that function get_decrypted_password will throws an error:

@brian_pond ?? Can you help me out?

For the User table specifically, I believe it’s impossible to discover the original, plain text password. This appears to be intentional. The framework is storing the passwords hashed (not encrypted). And the hashing cannot be undone.

Instead, login works like this:

• You enter a plain-text password in the browser.
• Frappe Framework hashes the value you just entered.
• Next, it queries the __Auth table and fetches password column. Which itself is a hashed value.
• It compares the two hashed strings. Are they identical? If so, then the original un-hashed passwords are assumed to match. And you’re allowed to login.

I’m not a cryptography expert. But my understanding is it’s impossible to reverse a hash.

If you want to solve “New Password Cannot Be Same As Old”, you’ll have the compare the 2 hashes. Not the plain text passwords.

Thanks @brian_pond for the response, understood and i will try the way you suggest , by comparing hashes.