bcrypt compare is always returning false

[anantnema]

I am storing the hashed password in the mongodb and then trying to compare the password in db with the user input password but this function is always returning false no matter whatever be the case.

  var mongoose = require('mongoose');
  var bcrypt = require('bcryptjs');
  var express = require('express');
  var router = express.Router();
  var passport = require('passport');
  var LocalStrategy = require('passport-local').Strategy;

  module.exports.comparePassword = function(candidatePassword, hash, callback){
   // Load hash from your password DB.

   bcrypt.compare(candidatePassword, hash, function(err, isMatch) {
    // res === true
       if(err) throw err;
       else return callback(null, isMatch);
   });
   }

getUserByUsername is working fine but the compare password is returning always "Invalid password"

   passport.use(new LocalStrategy(
      function(username, password, done) {
      User.getUserByUsername(username, function(err, user){
         if(err) throw err;
         if(!user){
         return done(null, false, {message: 'Unknown User'});
      }

      User.comparePassword(password, user.password, function(err, isMatch){
         if(err) throw err;
         //(this isMatch is always false)
         if(!isMatch) {

             return done(null, false, {message: 'Invalid password'});
          }
        return done(null, user);
        });
      });
    }));

[Badmuts]

Currently having the same problem with compareSync will try out a different version

[abhinayar]

Also having this issue.

[gideaoms]

Also having this issue

[dcodeIO]

Btw. my guess is that everyone who has this issue is either using invalid hashes or hashes that do not match the password for another obviously non-obvious reason - and this makes returning false the correct behavior here.

If anyone is able to create a reproducible test case that does not depend on any other 3rd party library and shows both the hashing and comparison operations including some actual test inputs, please do so to prove me wrong.

[Badmuts]

Update from my side: This was completely my fault. Somehow I ended up rehashing an already existing hash and that caused the problem for me.

Sorry for any inconvenience this may have caused. Have a nice day!

[Ruffio]

It looks like this 'issue' can be closed...

[Diferno]

Hi, I'm stuck in a problem with bcryptjs, maybe you could share some light in this dark tunnel...
My post with the issue: #75

Thx in advance!!

[SamiHK]

have the same issue.Created new user and then do bcrypt.compare and still getting false in response.

[SamiHK]

Anyone find the solution ?

[Ruffio]

@SamiHK please open a new issue and provide a JSBin or similar that demonstrates your issue. Commenting on a closed and old issue is not the way forward :-)