Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bcrypt.compare() always return false even when it´s supposed to be true #1037

Open
s-pl opened this issue May 12, 2024 · 8 comments
Open

bcrypt.compare() always return false even when it´s supposed to be true #1037

s-pl opened this issue May 12, 2024 · 8 comments

Comments

@s-pl
Copy link

s-pl commented May 12, 2024
edited
Loading

Hello, I'm working on an authentication system in MongoDB. When storing passwords, everything seems fine:
{"_id":{"$oid":"66408f417315a786f0d1d279"},"username":"test","email":"[email protected]","password":"$2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG","role":"user","createdAt":{"$date":{"$numberLong":"1715507009424"}},"updatedAt":{"$date":{"$numberLong":"1715507009424"}},"__v":{"$numberInt":"0"}}
But then, when comparing the hash with the password, it always returns incorrect (even when it's correct). This is the method I'm using:

userSchema.pre('save', async function (next) {
  const user = this;
  if (!user.isModified('password')) return next();

  try {
    const salt = await bcrypt.genSalt();
    user.password = await bcrypt.hash(user.password, salt);
    next();
  } catch (error) {
    return next(error);
  }
});

userSchema.methods.comparePassword = async function (password) {
    
    console.log(password,this.password)
    return bcrypt.compare(password, this.password);
  
};

And this is the comparison log:
test $2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG

I think there's an error in the bcrypt.compare function, but I'm very lost
@parth-develops
Copy link

@s-pl yes i have been facing this issue as well with both bcryptjs and bcrypt

@wiryonolau
Copy link

any update, I got similar problem.
Check using php password_verify return true, but in js always false

@Talhaayubkhan
Copy link

Hello, I'm working on an authentication system in MongoDB. When storing passwords, everything seems fine: {"_id":{"$oid":"66408f417315a786f0d1d279"},"username":"test","email":"[email protected]","password":"$2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG","role":"user","createdAt":{"$date":{"$numberLong":"1715507009424"}},"updatedAt":{"$date":{"$numberLong":"1715507009424"}},"__v":{"$numberInt":"0"}} But then, when comparing the hash with the password, it always returns incorrect (even when it's correct). This is the method I'm using:

userSchema.pre('save', async function (next) {
  const user = this;
  if (!user.isModified('password')) return next();

  try {
    const salt = await bcrypt.genSalt();
    user.password = await bcrypt.hash(user.password, salt);
    next();
  } catch (error) {
    return next(error);
  }
});

userSchema.methods.comparePassword = async function (password) {
    
    console.log(password,this.password)
    return bcrypt.compare(password, this.password);
  
};

And this is the comparison log: test $2b$10$e2KuxFiAq4oVl7DaL80TX.9udp65K9uoiVOSfXZNmzHP8rVqIR5bG

I think there's an error in the bcrypt.compare function, but I'm very lost

//my solution!!
ok guys! i have find the bug!!
if you set select:false in password (user model),
try to remove select("-password") or ("+password") in user auth model (loginUser)

@Talhaayubkhan
Copy link

@s-pl yes i have been facing this issue as well with both bcryptjs and bcrypt

// my solution
can u try this, if you set select:false in password (user model),
try to remove select("-password") or ("+password") in user auth model (loginUser)

@M00N15
Copy link

M00N15 commented Jun 24, 2024

I am using postgresSQL. But its not a concern here i guess. facing the same issue as above. will it help if i am using a saltRound of lower value? it obviously means reducing security. but i think the length of the hashed password generated is the problem here. what do you guys think?

@s-pl
Copy link
Author

s-pl commented Jun 24, 2024 via email

@M00N15 M00N15 mentioned this issue Jul 15, 2024
Open
@Nana-Dilan-kenye
Copy link

Use this await user.updateOne({ $set: { password: hashedPassword } });

@parth-develops
Copy link

@s-pl yes i have been facing this issue as well with both bcryptjs and bcrypt

// my solution can u try this, if you set select:false in password (user model), try to remove select("-password") or ("+password") in user auth model (loginUser)

For me it was a logical error which is fixed now, bcrypt is working fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@wiryonolau @M00N15 @s-pl @parth-develops @Nana-Dilan-kenye @Talhaayubkhan