Node bCrypt.compareSync
Solution 1
compareSync method takes only 2 arguments and returns a boolean value true or false.
You should perform the check like this:
var result = bcrypt.compareSync(password, user.password);
if (result) {
console.log("Password correct");
} else {
console.log("Password wrong");
}
Solution 2
Really late to the party, however I just had this same problem and the reason it wasn't working for me was that I had encrypted the input password before trying to compare with the already encrypted 'user.password'.
Once I realised there was no need to encrypt the input password, the compareSync worked perfectly.
From bcrypt - npm:
To check a password:
// Load hash from your password DB.
bcrypt.compareSync(myPlaintextPassword, hash); // true
bcrypt.compareSync(someOtherPlaintextPassword, hash); // false
The "compareSync" function counters timing attacks (using a so-called 'constant-time' algorithm). In general, don't use the normal JavaScript string comparison functions to compare passwords, cryptographic keys, or cryptographic hashes if they are relevant to security.
Solution 3
I had a similar problem, when executing bcrypt.compareSync, it did not hash the password of the user who was without bcrypt, the problem was the order in which I had them, which was the following:
bcrypt.compareSync (passwordHash, password)
I solved it by organizing it, first the password and then the passwordHash, which would look like this:
bcrypt.compareSync (password, student.password)
I hope it helps someone, good code! <3 @sebasrestrepom
Suji
I'm a developer living in Toronto. I have experience writing code in: C#, Python, SQL, JavaScript, and Java.
Updated on June 25, 2021Comments
-
Suji almost 3 years
I am creating a user login. I am able to have the user sign up and when the user sings up his password is encrypted before it is saved in the database.
When that same user tries to log in, I am getting an "invalid password".
This is because it is comparing the user input to an encrypted password in the database. Example if password is 1234, then in database it is saved as "$2a$104$0301". When the user tries to log in, the user input which is "1234" is compared to "2a$104$0301". How would I fix?
Here is my code for login:
var LocalStrategy = require('passport-local').Strategy; var User = require('../Models/users.js'); var bcrypt = require('bcrypt-nodejs'); module.exports = function(passport){ passport.use('login', new LocalStrategy({ passReqToCallback : true }, function(req, username, password, done){ User.findOne({'username' : username}, function(err, user){ if(err) return done(err); if(!user){ console.log('User Not Found with username: '+username); return done(null, false, req.flash('message', 'User Not Found.')); } if (!isValidPassword(user, password)){ console.log('Invalid Password'); return done (null, false, req.flash('message', 'Invalid Password')); } return done(null, user); } ); }) ); var isValidPassword = function(user, password){ var result = bcrypt.compareSync(password, user.password); if (result) { console.log("Password correct"); } else { console.log("Password wrong"); } return result; } } -
Vsevolod Goloviznin over 9 yearsDo you return the result from the function as your code doesn't have any return value
-
Suji over 9 yearsdo you mean like this:
var isValidPassword = function(user, password){ var result = bcrypt.compareSync(password, user.password); if (result) { console.log("Password correct"); } else { console.log("Password wrong"); } return result; -
Vsevolod Goloviznin over 9 yearsYes, can you just update your question with the updated code?
-
Suji over 9 yearsJust upated my code. I should mention the database i am using is Mongolab. I am not sure if that will affect the code
