Getting bcypt authentication error
HoikanChan opened this issue · 8 comments
The compare-password function using bcrypt always return false.
I have no idea why it return false when comparing the correct password.
I tried use the bcrypt's compare-function to compare the plain password and the correct hash password directly ,but it return false.
I tried to clone the project and run it . But bcrypt's compare-function still return me false all the time.
Can you guys tell me how to do with it ?
I had the same issue and was able to fix it by removing the beforeCreate and beforeUpdate hooks in the User.js model. For me it was hashing the plain text password and then hashing the hash so the compare function would never work. Apparently beforeSave is the same as calling both beforeCreate and beforeUpdate so calling the hashPassword function on beforeSave and beforeCreate caused this issue. Please let me know if this fixed your issue or if you need more detail.
Thank u soooo much ,ihunter.
I fixed this issue by your solution.
But I wanna know what happened in the compare function,that would hook the hooks.
As I think, Firstly the compare function hashed the plain text password and then just read the hashed password from DB. At last , compare them to get the result .
Plz tell me if I am wrong.
@ihunter , I'm still having the same issue despite removing the beforeCreate and beforeUpdate hooks.
I have been trying to figure this out for what feels like days. @ihunter That worked ..... AWESOME !
@MarbilleJuntado Did you try running the 'seed' again to clear your db?
@HoikanChan I got the same problem.
I was digging around, and this is happening because the hashed password is always different in the compare thing.
[nodemon] starting `npm run lint && node src/app.js`
> server@1.0.0 lint C:\Users\User\Downloads\workspace\myapp\server
> eslint src/**/*.js
Executing (default): CREATE TABLE IF NOT EXISTS `Users` (`id` INTEGER PRIMARY KEY AUTOINCREMENT, `email` VARCHAR(255) UNIQUE, `password` VARCHAR(255), `createdAt` DATETIME NOT NULL, `updatedAt` DATETIME NOT NULL);
Executing (default): PRAGMA INDEX_LIST(`Users`)
Executing (default): PRAGMA INDEX_INFO(`sqlite_autoindex_Users_1`)
Server started on port 8081
Executing (default): SELECT `id`, `email`, `password`, `createdAt`, `updatedAt` FROM `Users` AS `User` WHERE `User`.`email` = 'teste@domain.com' LIMIT 1;
password google123
this.password $2a$08$cBSvKfnA/SlwrSlVaZSiD.N8U1bAc2KpVAq4c.p7rR9ygn0gbPGbK
checking if password is valid: undefined
compare result true
::1 - - [16/Feb/2018:23:16:03 +0000] "POST /login HTTP/1.1" 403 47 "-" "PostmanRuntime/7.1.1"
hashed password: $2a$08$.pbWlNWNa3lLmn2/2dE97eZBKhQp8EILncIwcev1cLj68hRO.rQMW
then send the login request again with identical params:
Executing (default): SELECT `id`, `email`, `password`, `createdAt`, `updatedAt` FROM `Users` AS `User` WHERE `User`.`email` = 'teste@domain.com' LIMIT 1;
password google123
this.password $2a$08$cBSvKfnA/SlwrSlVaZSiD.N8U1bAc2KpVAq4c.p7rR9ygn0gbPGbK
checking if password is valid: undefined
compare result true
::1 - - [17/Feb/2018:00:33:33 +0000] "POST /login HTTP/1.1" 403 47 "-" "PostmanRuntime/7.1.1"
hashed password: $2a$08$PkLqIW9Bg4ooVbL7pc/Rbuv4tPJvlHb/GgcB3iu2qpqXRuf3ALbnO
I don't know how to fix this tho.
I don't know how it works, but if it creates a new User object when you do User.findOne..
then it makes sense why it works when you comment it out or remove that line. otherwise, it makes no sense.
@MarbilleJuntado, i try to comment beforeCreate: hashPassword and beforeUpdate: hashPassword, but the return is still false, try to using this code, without comment:
hooks: { beforeSave: hashPassword }
Idk it will fix your problem, but hopefully it can help you.
So the problem arrived from the beforeSave in my case.
Just adding a comment it allows to properly login.
old:
Hello,
I have the same issue.
When I try to login it always returns invalid password.