Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bcrypt.compare return false always. #685

Closed
edgarcheverier opened this issue Dec 7, 2018 · 8 comments
Closed

bcrypt.compare return false always. #685

edgarcheverier opened this issue Dec 7, 2018 · 8 comments

Comments

@edgarcheverier
Copy link

node v: v10.13.0
"bcrypt": "^3.0.2"

I console log the passwords and the hash to check if I was doing something wrong, also tried to create the hash with '${req.body.password}' but nothings seems to be working.
thanks !

the bcrypt.compare returns false always, when tries to compare hash from the db with the string password.

router.post('/', function (req, res) {
  bcrypt.hash(req.body.password, saltRounds, function(err, hash) {
    client.query(
      `INSERT INTO public."user"(name, last_name, email, password,  phone, photo)
      VALUES($1, $2, $3, $4, $5, $6)`,
    [req.body.name,
      req.body.last_name,
      req.body.email,
      hash,
      req.body.phone,
      req.body.photo])
  })
})

router.post('/login', function(req, res) {
  client.query(
    `SELECT email, password FROM public."user" WHERE email = '${req.body.email}'`,
    function(err, res) {
      if (err) {
        console.log(err)
      } else {
        bcrypt.compare(req.body.password, res.rows[0].password).then(function(res) {
          console.log(res)
        })
      }
    })
})
@recrsn
Copy link
Collaborator

recrsn commented Dec 8, 2018

Character encoding? Could that be an issue?

@edgarcheverier
Copy link
Author

Thank you for the response, the problem seems to be related to the amount of characters, the length must be 60 in order to work.

@SaqrWare
Copy link

i've the same issue with v10.13.0, on v8 works like normal

@heavyrick
Copy link

and how can we resolve that? 61 it's not a pattern ?

when we use the bcrypt-generator it generates the sameu number

@joshuaanthonydeleon
Copy link

This seems to be a continuing issue are there any updates to specific issue?

@recrsn
Copy link
Collaborator

recrsn commented Jan 11, 2019

In all cases the issue has been with the user input, character encoding, or supplying invalid hashes.

We do not throw an error for a malformed bcrypt hash. This is something what I think we should be revisiting.

@recrsn recrsn closed this as completed Mar 19, 2019
@irkhamissimo irkhamissimo mentioned this issue Jan 8, 2022
Open
@nachiket-sazinga
Copy link

My Character length is 255 in DB, Also before data stored in DB it returns true but at the time of checking again after store (i..e. value from DB) it returns false I checked both strings plain and hash from both sides (i.e. from request and from DB)

@ybelenko
Copy link

ybelenko commented Mar 2, 2022

Solved to me with the hack from #849 (comment)
Need to replace $2y$ with $2a$ manually:

const hashPass = /^\$2y\$/.test(user.password) ? '$2a$' + user.password.slice(4) : user.password;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@ybelenko @SaqrWare @heavyrick @recrsn @edgarcheverier @joshuaanthonydeleon @nachiket-sazinga