New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bcrypt.compare always returns false #906
Comments
Ensure you aren't hashing more than once. Are you hashing in an ORM model update? |
This might be happened because of character length in your DB. Check this |
In my case, happened using windows, but the same project using a mac, works Any solution? |
I'm also experiencing the same issue. The problem is neither due to rehashing nor using different character sets. |
I am having the same issue, anyone got the around it? |
Personally I'd to create a REST API in Java to hash and compare passwords. |
For me the solution was to hashing the password and then compare it. It seems that the bycrypt.compare only works with the original password and the hashed pasword:
|
The code above takes the plaintext password and hashes it and then uses bcrypt compare method over it. So every password is a valid password because you are not testing it against the stored password in database but rather with user own password. |
Something is up with my MongoDB idk, tried argon2 npm as well and even that package is unable to verify password from MongoDB, below is my password field schema, am i doing something wrong here before storing data in MongoDB
|
Sorry that I didn't copy the full code so it the can be tricky. In my case "user.password" was the equivalent to my database user (as you can see, I've declared and array with users), and not the received through body (I also checked with postman). Here you can find the full code:
I've tested with both correct and incorrect password and username and works in every case |
@borjamunozvw your code here is incorrect; bcrypt expects
For others with this issue, unless someone provides me with a sample repository and some DB dump, I'll not be able to work on this case. I'm unable to reproduce this at my side. |
@borjamunozvw Yes you are right the 'user' is from database, however the bcrypt.compare() require plaintext and hash password from database.
and i also tried your code but it's still giving me false every time. |
@recrsn I am using node@16.14.2 along with mongoose@6.9.1 with mongoDB compass. I have no idea why compare method is not working. I tried argon2 npm as well. The verify method in that package is also not working with my setup. I think something is wrong with my database, I have increased the limit to 2048 char for password but still it's not working |
I had also same problem and finally I realised that we first have to save the one user and password will be encrypted and then compare will work properly. I did it and my problem was solved. If you have users in the db whose passwords aren't encrypted then compare will always return false. |
For avoidance of doubt, am comparing user's encrypted password stored in db against the user's provided password. |
Same issue. Seems to always returns false. Database column is enough large, tried to change Any workaround? |
for me same issue how to solve |
Thank's a lot, you saved my day |
Of course many have had the challenge but I've looked at most solutions and I still can't find the reason why my case has refused.
I've checked everything thoroughly, the characters saved in the DB are the exact Hash character length, the passwords are the same, I just cannot understand why It refuses to work
The text was updated successfully, but these errors were encountered: