I'm using bcrypt to hash and pare user passwords, however after i register a new user and then attempt to login, the bcrypt pare function returns false even though the password is correct.
1) Creating a new user
function NewUser(request, reply) {
let e = decodeURIComponent(request.params.q_email)
let p = decodeURIComponent(request.params.q_password)
dbCheckUserExists(e,
(yes) => {
return reply("User already exists")
},
(no) => {
bcrypt.hash(p, 3, (err, hash) => {
if (err) {
return reply("Error creating new user")
} else {
dbCreateUser(request, reply, e, hash)
}
});
});
}
function dbCreateUser(request, reply, email, pwdHash) {
var sql = "INSERT INTO Users(Version, Email, Password, Balance) VALUES (?,?,?,?)"
var args = [1, email, pwdHash, 0]
sql = mysql.format(sql, args)
executeSql(sql,
(err, rows, fields) => {
if (err) {
return reply("Error creating new user")
} else {
return reply("Successfully created new user")
}
}
);
}
2) Logging in
function dbLogin(request, reply, yes, no) {
let e = decodeURIComponent(request.payload.q_email)
let p = decodeURIComponent(request.payload.q_password)
//reply('email: ' + e + ' password: ' + p)
var sql = "SELECT Password FROM Users WHERE Email = ? LIMIT 1"
sql = mysql.format(sql, e)
executeSql(sql,
(err, rows, fields) => {
if (err) {
throw err
} else {
if (rows.length == 0) {
//no()
reply("email not found")
} else {
bcryptpare(p, rows[0].Password, (err, res) => {
if (res == true) {
reply("correct password")
//dbCreateSession(request, reply, yes, no)
} else if (res == false){
reply("incorrect password: " + p + " " + rows[0].Password)
}
else {
//no()
reply("neither true nor false")
}
});
}
}
}
);
}
I have created a user with email "hello" and password "world" and running the following query
SELECT Email, Password FROM `Users` WHERE Email = 'hello'
returns the following
hello $2a$04$JwaMtM577eqLRNd0m5tbTewP1IxBMSAwyW9kczPjOPjDgu9I
however when i attempt to login i get the following (custom response)
incorrect password: world $2a$04$JwaMtM577eqLRNd0m5tbTewP1IxBMSAwyW9kczPjOPjDgu9I
Can anyone see where i am going wrong?
I'm using bcrypt to hash and pare user passwords, however after i register a new user and then attempt to login, the bcrypt pare function returns false even though the password is correct.
1) Creating a new user
function NewUser(request, reply) {
let e = decodeURIComponent(request.params.q_email)
let p = decodeURIComponent(request.params.q_password)
dbCheckUserExists(e,
(yes) => {
return reply("User already exists")
},
(no) => {
bcrypt.hash(p, 3, (err, hash) => {
if (err) {
return reply("Error creating new user")
} else {
dbCreateUser(request, reply, e, hash)
}
});
});
}
function dbCreateUser(request, reply, email, pwdHash) {
var sql = "INSERT INTO Users(Version, Email, Password, Balance) VALUES (?,?,?,?)"
var args = [1, email, pwdHash, 0]
sql = mysql.format(sql, args)
executeSql(sql,
(err, rows, fields) => {
if (err) {
return reply("Error creating new user")
} else {
return reply("Successfully created new user")
}
}
);
}
2) Logging in
function dbLogin(request, reply, yes, no) {
let e = decodeURIComponent(request.payload.q_email)
let p = decodeURIComponent(request.payload.q_password)
//reply('email: ' + e + ' password: ' + p)
var sql = "SELECT Password FROM Users WHERE Email = ? LIMIT 1"
sql = mysql.format(sql, e)
executeSql(sql,
(err, rows, fields) => {
if (err) {
throw err
} else {
if (rows.length == 0) {
//no()
reply("email not found")
} else {
bcrypt.pare(p, rows[0].Password, (err, res) => {
if (res == true) {
reply("correct password")
//dbCreateSession(request, reply, yes, no)
} else if (res == false){
reply("incorrect password: " + p + " " + rows[0].Password)
}
else {
//no()
reply("neither true nor false")
}
});
}
}
}
);
}
I have created a user with email "hello" and password "world" and running the following query
SELECT Email, Password FROM `Users` WHERE Email = 'hello'
returns the following
hello $2a$04$JwaMtM577eqLRNd0m5tbTewP1IxBMSAwyW9kczPjOPjDgu9I
however when i attempt to login i get the following (custom response)
incorrect password: world $2a$04$JwaMtM577eqLRNd0m5tbTewP1IxBMSAwyW9kczPjOPjDgu9I
Can anyone see where i am going wrong?
Share Improve this question asked Aug 23, 2017 at 13:47 MichaelMichael 1774 silver badges11 bronze badges3 Answers
Reset to default 3I've been staring at the screen for too long!
The problem was the Password field in the database was being truncated (55 chars instead of 60)
Increase the size of password field in database i.e
varchar(125)
Maybe you ended up with an invalid hash, try to generate the hash with bcrypt also :
bcrypt.hash(myPlaintextPassword, saltRounds, function(err, hash) {
// Store hash in your password DB.
});
You can then try to check in a simple manner if the hash you have in the db matches a hardcoded version of the input you will be using ( password variable: p as a string 'world' )
bcrypt.pare('world', hash, function(err, result) {
if (err) { throw (err); }
console.log(result);
});
If it works (it probably will), then try to do the same with the input from the request.
You should get more insight in what is going wrong.