bcrypt.compare() always return false even when it´s supposed to be true
s-pl opened this issue · comments
Hello, I'm working on an authentication system in MongoDB. When storing passwords, everything seems fine:
{"_id":{"$oid":"66408f417315a786f0d1d279"},"username":"test","email":"test@mail.com","password":"$2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG","role":"user","createdAt":{"$date":{"$numberLong":"1715507009424"}},"updatedAt":{"$date":{"$numberLong":"1715507009424"}},"__v":{"$numberInt":"0"}}
But then, when comparing the hash with the password, it always returns incorrect (even when it's correct). This is the method I'm using:
userSchema.pre('save', async function (next) {
const user = this;
if (!user.isModified('password')) return next();
try {
const salt = await bcrypt.genSalt();
user.password = await bcrypt.hash(user.password, salt);
next();
} catch (error) {
return next(error);
}
});
userSchema.methods.comparePassword = async function (password) {
console.log(password,this.password)
return bcrypt.compare(password, this.password);
};
And this is the comparison log:
test $2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG
I think there's an error in the bcrypt.compare
function, but I'm very lost
@s-pl yes i have been facing this issue as well with both bcryptjs and bcrypt
any update, I got similar problem.
Check using php password_verify return true, but in js always false
Hello, I'm working on an authentication system in MongoDB. When storing passwords, everything seems fine:
{"_id":{"$oid":"66408f417315a786f0d1d279"},"username":"test","email":"test@mail.com","password":"$2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG","role":"user","createdAt":{"$date":{"$numberLong":"1715507009424"}},"updatedAt":{"$date":{"$numberLong":"1715507009424"}},"__v":{"$numberInt":"0"}}
But then, when comparing the hash with the password, it always returns incorrect (even when it's correct). This is the method I'm using:userSchema.pre('save', async function (next) { const user = this; if (!user.isModified('password')) return next(); try { const salt = await bcrypt.genSalt(); user.password = await bcrypt.hash(user.password, salt); next(); } catch (error) { return next(error); } }); userSchema.methods.comparePassword = async function (password) { console.log(password,this.password) return bcrypt.compare(password, this.password); };
And this is the comparison log: test $2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG
I think there's an error in the
bcrypt.compare
function, but I'm very lost
//my solution!!
ok guys! i have find the bug!!
if you set select:false in password (user model),
try to remove select("-password") or ("+password") in user auth model (loginUser)
@s-pl yes i have been facing this issue as well with both bcryptjs and bcrypt
// my solution
can u try this, if you set select:false in password (user model),
try to remove select("-password") or ("+password") in user auth model (loginUser)
I am using postgresSQL. But its not a concern here i guess. facing the same issue as above. will it help if i am using a saltRound of lower value? it obviously means reducing security. but i think the length of the hashed password generated is the problem here. what do you guys think?