kelektiv
bcrypt.compare() always return false even when it´s supposed to be true
Hello, I'm working on an authentication system in MongoDB. When storing passwords, everything seems fine:
{"_id":{"$oid":"66408f417315a786f0d1d279"},"username":"test","email":"[email protected]","password":"$2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG","role":"user","createdAt":{"$date":{"$numberLong":"1715507009424"}},"updatedAt":{"$date":{"$numberLong":"1715507009424"}},"__v":{"$numberInt":"0"}}
But then, when comparing the hash with the password, it always returns incorrect (even when it's correct). This is the method I'm using:
userSchema.pre('save', async function (next) {
const user = this;
if (!user.isModified('password')) return next();
try {
const salt = await bcrypt.genSalt();
user.password = await bcrypt.hash(user.password, salt);
next();
} catch (error) {
return next(error);
}
});
userSchema.methods.comparePassword = async function (password) {
console.log(password,this.password)
return bcrypt.compare(password, this.password);
};
And this is the comparison log: test $2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG
I think there's an error in the bcrypt.compare function, but I'm very lost
@s-pl yes i have been facing this issue as well with both bcryptjs and bcrypt
any update, I got similar problem. Check using php password_verify return true, but in js always false
Hello, I'm working on an authentication system in MongoDB. When storing passwords, everything seems fine:
{"_id":{"$oid":"66408f417315a786f0d1d279"},"username":"test","email":"[email protected]","password":"$2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG","role":"user","createdAt":{"$date":{"$numberLong":"1715507009424"}},"updatedAt":{"$date":{"$numberLong":"1715507009424"}},"__v":{"$numberInt":"0"}}But then, when comparing the hash with the password, it always returns incorrect (even when it's correct). This is the method I'm using:userSchema.pre('save', async function (next) { const user = this; if (!user.isModified('password')) return next(); try { const salt = await bcrypt.genSalt(); user.password = await bcrypt.hash(user.password, salt); next(); } catch (error) { return next(error); } }); userSchema.methods.comparePassword = async function (password) { console.log(password,this.password) return bcrypt.compare(password, this.password); };And this is the comparison log: test $2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG
I think there's an error in the
bcrypt.comparefunction, but I'm very lost
//my solution!! ok guys! i have find the bug!! if you set select:false in password (user model), try to remove select("-password") or ("+password") in user auth model (loginUser)
@s-pl yes i have been facing this issue as well with both bcryptjs and bcrypt
// my solution can u try this, if you set select:false in password (user model), try to remove select("-password") or ("+password") in user auth model (loginUser)
I am using postgresSQL. But its not a concern here i guess. facing the same issue as above. will it help if i am using a saltRound of lower value? it obviously means reducing security. but i think the length of the hashed password generated is the problem here. what do you guys think?
the common solution is to extend the maximum lenght of characters that your db can handle. But if that doesn’t work try to install the previous version of Bcrypt.
El El lun, 24 jun 2024 a las 13:11, Moonis Ahmed @.***> escribió:
I am using postgresSQL. But its not a concern here i guess. facing the same issue as above. will it help if i am using a saltRound of lower value? it obviously means reducing security. but i think the length of the hashed password generated is the problem here. what do you guys think?
— Reply to this email directly, view it on GitHub https://github.com/kelektiv/node.bcrypt.js/issues/1037#issuecomment-2186431743, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQNX64EOA4SG3JLTK4UR7QDZJAEG7AVCNFSM6AAAAABHSZDI2KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOBWGQZTCNZUGM . You are receiving this because you were mentioned.Message ID: @.***>
Use this await user.updateOne({ $set: { password: hashedPassword } });
@s-pl yes i have been facing this issue as well with both bcryptjs and bcrypt
// my solution can u try this, if you set select:false in password (user model), try to remove select("-password") or ("+password") in user auth model (loginUser)
For me it was a logical error which is fixed now, bcrypt is working fine.
Yeah, dealing with the same issue as well. Tried regressing the package version to 5.1.0, adjusting variable data types and lengths with no luck. Checked my logs whenever creating a fake user account ensuring the hash was the same both putting and pulling out from the database.
Yeah, dealing with the same issue as well. Tried regressing the package version to 5.1.0, adjusting variable data types and lengths with no luck. Checked my logs whenever creating a fake user account ensuring the hash was the same both putting and pulling out from the database.
I don't know why, but sometimes is normal in other projects.
Yeah, dealing with the same issue as well. Tried regressing the package version to 5.1.0, adjusting variable data types and lengths with no luck. Checked my logs whenever creating a fake user account ensuring the hash was the same both putting and pulling out from the database.
I don't know why, but sometimes is normal in other projects.
Any correlations or ideas that allow it to work for some projects, but not others?
In my case, the code works, but it fails anytime and I have to reset the password. So it works again, then after sometimes it fails again. What solution is there to this, is there something specific we need to do?
Same issue here, it always return true
const isPasswordValid = bcrypt.compareSync( password as string, encryptPWD, );
