Open s-pl opened 4 months ago
@s-pl yes i have been facing this issue as well with both bcryptjs and bcrypt
any update, I got similar problem. Check using php password_verify return true, but in js always false
Hello, I'm working on an authentication system in MongoDB. When storing passwords, everything seems fine:
{"_id":{"$oid":"66408f417315a786f0d1d279"},"username":"test","email":"test@mail.com","password":"$2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG","role":"user","createdAt":{"$date":{"$numberLong":"1715507009424"}},"updatedAt":{"$date":{"$numberLong":"1715507009424"}},"__v":{"$numberInt":"0"}}
But then, when comparing the hash with the password, it always returns incorrect (even when it's correct). This is the method I'm using:userSchema.pre('save', async function (next) { const user = this; if (!user.isModified('password')) return next(); try { const salt = await bcrypt.genSalt(); user.password = await bcrypt.hash(user.password, salt); next(); } catch (error) { return next(error); } }); userSchema.methods.comparePassword = async function (password) { console.log(password,this.password) return bcrypt.compare(password, this.password); };
And this is the comparison log: test $2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG
I think there's an error in the
bcrypt.compare
function, but I'm very lost
//my solution!! ok guys! i have find the bug!! if you set select:false in password (user model), try to remove select("-password") or ("+password") in user auth model (loginUser)
@s-pl yes i have been facing this issue as well with both bcryptjs and bcrypt
// my solution can u try this, if you set select:false in password (user model), try to remove select("-password") or ("+password") in user auth model (loginUser)
I am using postgresSQL. But its not a concern here i guess. facing the same issue as above. will it help if i am using a saltRound of lower value? it obviously means reducing security. but i think the length of the hashed password generated is the problem here. what do you guys think?
the common solution is to extend the maximum lenght of characters that your db can handle. But if that doesn’t work try to install the previous version of Bcrypt.
El El lun, 24 jun 2024 a las 13:11, Moonis Ahmed @.***> escribió:
I am using postgresSQL. But its not a concern here i guess. facing the same issue as above. will it help if i am using a saltRound of lower value? it obviously means reducing security. but i think the length of the hashed password generated is the problem here. what do you guys think?
— Reply to this email directly, view it on GitHub https://github.com/kelektiv/node.bcrypt.js/issues/1037#issuecomment-2186431743, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQNX64EOA4SG3JLTK4UR7QDZJAEG7AVCNFSM6AAAAABHSZDI2KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOBWGQZTCNZUGM . You are receiving this because you were mentioned.Message ID: @.***>
Hello, I'm working on an authentication system in MongoDB. When storing passwords, everything seems fine:
{"_id":{"$oid":"66408f417315a786f0d1d279"},"username":"test","email":"test@mail.com","password":"$2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG","role":"user","createdAt":{"$date":{"$numberLong":"1715507009424"}},"updatedAt":{"$date":{"$numberLong":"1715507009424"}},"__v":{"$numberInt":"0"}}
But then, when comparing the hash with the password, it always returns incorrect (even when it's correct). This is the method I'm using:And this is the comparison log: test $2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG
I think there's an error in the
bcrypt.compare
function, but I'm very lost