search

Theodo-UK / nestjs-admin

A generic administration interface for TypeORM entities
https://nestjs-admin.com
MIT License
536 stars 59 forks source link

Hash that is being generated from createAdminUser does not match the input #219

Open bonkboykz opened 3 years ago

bonkboykz commented 3 years ago

Reproduction steps:

  1. Create user using cli npx nestjs-admin createAdminUser (ex. user: test, password: test)
  2. Take the hash from the database (ex. $2a$12$jjckji7plcEhIuG2sUuYjeeei2LqgdFmGruPJWzQELI7bo36FhC9.)
  3. Compare it in node using bcryptjs 
    > const { hashSync, compareSync } = require('bcryptjs');
undefined
> origHash = '$2a$12$jjckji7plcEhIuG2sUuYjeeei2LqgdFmGruPJWzQELI7bo36FhC9.'
'$2a$12$jjckji7plcEhIuG2sUuYjeeei2LqgdFmGruPJWzQELI7bo36FhC9.'
> compareSync('test', origHash);
false

I think the issue is related to the #215, #213, and #221

hudzenko commented 3 years ago

Can confirm this happens and this is weird. This happens not only when doing npx nestjs-admin createAdminUser but when creating admin user from admin panel as well.

LeoAnesi commented 2 years ago

After some debugging I found out that the problem is with the entity listener that is being triggered at least two times, the hashed password is hashed again. So when you try to compare with bcrypt the password and the hash it fails