Node bcrypt compare always returns false
I am stumped trying to get my passwords to successfully compare against bcrypt using node. I may have missed something, but when creating an account, I do the following in the registration method (with some shorthand code):
bcrypt.genSalt(10, function(err, salt) {
if(err) {
}
bcrypt.hash(user.Password, salt, function(err, hash) {
console.log('hashing and saving');
db.query(db insert code, function (error, rows, fields) {
if(error) {
console.log(error);
res.setHeader('500', { 'Content-Type': 'x-application/json'});
res.send({UserId: 0, ErrorMessage: 'Something terrible happened.'});
} else {
console.log('User created : ' + rows.insertId);
res.setHeader('200', { 'Content-Type': 'x-application/json'});
res.send({UserId: rows.insertId});
}
});
});
});
return next();
This all works great. My db has an encrypted password. But when the user comes in, I cannot get a successful result from bcrypt.compare:
db.query(get account code, function(error, rows, fields) {
if(rows.length == 1) {
bcrypt.compare(request.params.password, rows[0].Password, function(err,res) {
if(err) { console.log(err.toString()); }
if(res == true)
{
response.setHeader('200', { 'Content-Type': 'x-application/json' });
response.send({result: true});
} else {
response.setHeader('401', { 'Content-Type': 'x-application/json' });
console.log('invalid password');
response.send({result:false});
}
});
}
});
return next();
And I always get the wrong password. Should I take the cleartext password and re-encrypt it before comparing with what I pull from the database?
source to share
you can skip the execution bcrypt.genSalt
and usebcrypt.hash(password, 10, function(err, hash) {..});
Your comparison function seems useful to me.
this works fine for me:
var bcrypt = require('bcrypt');
bcrypt.hash('mypassword', 10, function(err, hash) {
if (err) { throw (err); }
bcrypt.compare('mypassword', hash, function(err, result) {
if (err) { throw (err); }
console.log(result);
});
});
source to share
I had the same problem, but I'm pretty sure I am not encrypting my password twice. That's what. bcrypt-nodejs npm package is at v0.0.3 and I am using this version. I am writing an algorithm to store a user password for registration and read the user password when logging in. The interface is simple with an input text for the email field and a password input password for the password field. When I submit the request, I will submit the request to https: // localhost ... on my local node server. I can register the received data and I can see that the registered password is the same as the password inserted into the frontend.
Password storage code:
//var user.bcrypt = bcrypt.genSaltSync(10);;
var clearPwd = user.password;
user.password = bcrypt.hashSync(clearPwd);//, user.bcrypt);
log4.debug("hashSyncked: "+ user.password);
db.userSave(user, cb);
Code for reading and comparing password:
log4.debug('compare '+pwd+' with saved on db for user %j', userDoc.password);
var okPwd = bcrypt.compareSync(pwd, userDoc.password);
So, I see the hashed password, it is written as a string like $ ert3435tF.02ri etc.
But every time I login with the same password that I registered, okPwd is always false. Why?
Even if I don't comment on the commented code!
UPDATE The solution I found was about methods. The password should not be stored and read like that, it's too ... rude !! The correct method is mentioned here Beware! There is a bug in this tutorial. The bcrypt.hash (...) functions require 2 object parameters and 2 callbacks! The latter is the one called at the end of the hashing process, the first is called to keep track of the hashing processes. I added that it is null and everything works well. I admit I made another mistake: I used the bcrypt-nodejs package instead of brcrypt.
source to share