Giters

kelektiv / node.bcrypt.js

bcrypt for NodeJs

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

bcrypt.compare() always return false even when it´s supposed to be true

s-pl opened this issue · comments

commented

Hello, I'm working on an authentication system in MongoDB. When storing passwords, everything seems fine:
{"_id":{"$oid":"66408f417315a786f0d1d279"},"username":"test","email":"test@mail.com","password":"$2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG","role":"user","createdAt":{"$date":{"$numberLong":"1715507009424"}},"updatedAt":{"$date":{"$numberLong":"1715507009424"}},"__v":{"$numberInt":"0"}}
But then, when comparing the hash with the password, it always returns incorrect (even when it's correct). This is the method I'm using:

userSchema.pre('save', async function (next) {
  const user = this;
  if (!user.isModified('password')) return next();

  try {
    const salt = await bcrypt.genSalt();
    user.password = await bcrypt.hash(user.password, salt);
    next();
  } catch (error) {
    return next(error);
  }
});

userSchema.methods.comparePassword = async function (password) {
    
    console.log(password,this.password)
    return bcrypt.compare(password, this.password);
  
};

And this is the comparison log:
test $2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG

I think there's an error in the bcrypt.compare function, but I'm very lost

commented

@s-pl yes i have been facing this issue as well with both bcryptjs and bcrypt

commented

any update, I got similar problem.
Check using php password_verify return true, but in js always false

commented

Hello, I'm working on an authentication system in MongoDB. When storing passwords, everything seems fine: {"_id":{"$oid":"66408f417315a786f0d1d279"},"username":"test","email":"test@mail.com","password":"$2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG","role":"user","createdAt":{"$date":{"$numberLong":"1715507009424"}},"updatedAt":{"$date":{"$numberLong":"1715507009424"}},"__v":{"$numberInt":"0"}} But then, when comparing the hash with the password, it always returns incorrect (even when it's correct). This is the method I'm using:

userSchema.pre('save', async function (next) {
  const user = this;
  if (!user.isModified('password')) return next();

  try {
    const salt = await bcrypt.genSalt();
    user.password = await bcrypt.hash(user.password, salt);
    next();
  } catch (error) {
    return next(error);
  }
});

userSchema.methods.comparePassword = async function (password) {
    
    console.log(password,this.password)
    return bcrypt.compare(password, this.password);
  
};

And this is the comparison log: test $2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG

I think there's an error in the bcrypt.compare function, but I'm very lost

//my solution!!
ok guys! i have find the bug!!
if you set select:false in password (user model),
try to remove select("-password") or ("+password") in user auth model (loginUser)

commented

@s-pl yes i have been facing this issue as well with both bcryptjs and bcrypt

// my solution
can u try this, if you set select:false in password (user model),
try to remove select("-password") or ("+password") in user auth model (loginUser)

commented

I am using postgresSQL. But its not a concern here i guess. facing the same issue as above. will it help if i am using a saltRound of lower value? it obviously means reducing security. but i think the length of the hashed password generated is the problem here. what do you guys think?

commented