x/crypto/bcrypt comparing hash with string password always return error #43393
Description
What version of Go are you using (go version)?
$ go version go version go1.15.3 linux/amd64
Does this issue reproduce with the latest release?
What operating system and processor architecture are you using (go env)?
go env Output
$ go env GO111MODULE="on" GOARCH="amd64" GOBIN="" GOCACHE="/home/manish/.cache/go-build" GOENV="/home/manish/.config/go/env" GOEXE="" GOFLAGS="" GOHOSTARCH="amd64" GOHOSTOS="linux" GOINSECURE="" GOMODCACHE="/home/manish/go/pkg/mod" GOOS="linux" GOPATH="/home/manish/go" GOPROXY="https://proxy.golang.org,direct" GOROOT="/usr/local/go" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64" GCCGO="gccgo" AR="ar" CC="gcc" CXX="g++" CGO_ENABLED="1" GOMOD="" CGO_CFLAGS="-g -O2" CGO_CPPFLAGS="" CGO_CXXFLAGS="-g -O2" CGO_FFLAGS="-g -O2" CGO_LDFLAGS="-g -O2" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build480999861=/tmp/go-build -gno-record-gcc-switches"
What did you do?
Hashing password and storing it in postgresql DB
hashedByte, err := bcrypt.GenerateFromPassword([]byte(user.Password), 14)
if err != nil {
return errors.InternalServerError("UNKNOWN", fmt.Sprintf("Error during password hashing %v", err))
}
user.Password = string(hashedByte)
u, err := h.db.CreateUser(user)
if err != nil {
return err
}
log.Info(u)
DB modal
// User defines modal for user
type User struct {
UUID uuid.UUID `json:"uuid" gorm:"primary_key; unique; type:uuid; default:uuid_generate_v4()"`
Name string `json:"name" gorm:"type:varchar(100)"`
Email string `json:"email" gorm:"type:varchar(100)"`
Password string `json:"password" gorm:"type:varchar(200)"`
Gender string `json:"gender"`
DoB string `json:"dob" gorm:"type:varchar(100)"`
ProfilePictureURL url.URL `json:"profile_picture"`
Spaces []Space `json:"spaces" gorm:"foreignKey:UserID; constraint:OnDelete:CASCADE;"`
Flag string `json:"flag" gorm:"type:varchar(50)"`
EmailVerified bool `json:"email_verified" gorm:"type:boolean;DEFAULT=FALSE"`
Issuer string `json:"issuer"`
Metadata string `json:"metadata"`
CreatedAt time.Time
UpdatedAt time.Time
LastLogin time.Time
}
verify User method
u, err := h.db.FindUser(store.User{Email: req.Email})
log.Info(u, err)
if err != nil {
fmt.Println(err)
}
err = bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(req.Password))
if err != nil {
fmt.Println(err)
}
What did you expect to see?
nil
What did you see instead?
"crypto/bcrypt: hashedPassword is not the hash of the given password"
example hashed string $2a$14$W2ZIn/a17IRXZ0MHwYbAe.yzJFQC2omQzfPL/p0Oejd5uZ6/RMbAW
example string of hashed string password
I spent my whole day trying to fix this. Even rebooted my system.
There is one thing if I generate hash and compare after that in one file within main function It works without error but above I am creating user with hashed password and saving it to remote postgresql db. Then I call for login and verify hash after retrieving user from db then It gives me error.
Thought there maybe problem with bcrypt and used argon2 but Argon2 gave me same result as it was for bcrypt.
I need serious help please.