parth-develops
commented
4 months ago @s-pl yes i have been facing this issue as well with both bcryptjs and bcrypt
Open s-pl opened 4 months ago
parth-develops
commented
4 months ago @s-pl yes i have been facing this issue as well with both bcryptjs and bcrypt
wiryonolau
commented
4 months ago any update, I got similar problem. Check using php password_verify return true, but in js always false
Talhaayubkhan
commented
4 months ago Hello, I'm working on an authentication system in MongoDB. When storing passwords, everything seems fine:
{"_id":{"$oid":"66408f417315a786f0d1d279"},"username":"test","email":"test@mail.com","password":"$2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG","role":"user","createdAt":{"$date":{"$numberLong":"1715507009424"}},"updatedAt":{"$date":{"$numberLong":"1715507009424"}},"__v":{"$numberInt":"0"}}But then, when comparing the hash with the password, it always returns incorrect (even when it's correct). This is the method I'm using:userSchema.pre('save', async function (next) { const user = this; if (!user.isModified('password')) return next(); try { const salt = await bcrypt.genSalt(); user.password = await bcrypt.hash(user.password, salt); next(); } catch (error) { return next(error); } }); userSchema.methods.comparePassword = async function (password) { console.log(password,this.password) return bcrypt.compare(password, this.password); };And this is the comparison log: test $2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG
I think there's an error in the
bcrypt.comparefunction, but I'm very lost
//my solution!! ok guys! i have find the bug!! if you set select:false in password (user model), try to remove select("-password") or ("+password") in user auth model (loginUser)
Talhaayubkhan
commented
4 months ago @s-pl yes i have been facing this issue as well with both bcryptjs and bcrypt
// my solution can u try this, if you set select:false in password (user model), try to remove select("-password") or ("+password") in user auth model (loginUser)
M00N15
commented
3 months ago I am using postgresSQL. But its not a concern here i guess. facing the same issue as above. will it help if i am using a saltRound of lower value? it obviously means reducing security. but i think the length of the hashed password generated is the problem here. what do you guys think?
s-pl
commented
3 months ago the common solution is to extend the maximum lenght of characters that your db can handle. But if that doesn’t work try to install the previous version of Bcrypt.
El El lun, 24 jun 2024 a las 13:11, Moonis Ahmed @.***> escribió:
I am using postgresSQL. But its not a concern here i guess. facing the same issue as above. will it help if i am using a saltRound of lower value? it obviously means reducing security. but i think the length of the hashed password generated is the problem here. what do you guys think?
— Reply to this email directly, view it on GitHub https://github.com/kelektiv/node.bcrypt.js/issues/1037#issuecomment-2186431743, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQNX64EOA4SG3JLTK4UR7QDZJAEG7AVCNFSM6AAAAABHSZDI2KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOBWGQZTCNZUGM . You are receiving this because you were mentioned.Message ID: @.***>
Hello, I'm working on an authentication system in MongoDB. When storing passwords, everything seems fine:
{"_id":{"$oid":"66408f417315a786f0d1d279"},"username":"test","email":"test@mail.com","password":"$2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG","role":"user","createdAt":{"$date":{"$numberLong":"1715507009424"}},"updatedAt":{"$date":{"$numberLong":"1715507009424"}},"__v":{"$numberInt":"0"}}But then, when comparing the hash with the password, it always returns incorrect (even when it's correct). This is the method I'm using:And this is the comparison log: test $2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG
I think there's an error in the
bcrypt.comparefunction, but I'm very lost