0

below is my code for encrpyt / create password = 

encrypt: function(values, callback) {
const saltRounds = 10;
var salt = bcrypt.genSaltSync(saltRounds);
var hash = bcrypt.hashSync(values.pass, salt);
bcrypt.compare(values.pass, hash, function(err, match) {
  console.log('cocok encrypt ?', match);
});
values[tab.user.f.password] = "'"+hash+"'";
delete values.pass;
callback(null,values);   },

and below is my code for compare my password =

bcrypt.compare(password, user.password, function(err, match) {            
            if (err) return res.json(403, {err: 'forbidden'});
            if (match) {
              query=format("select {role} as role_id from {table} where {username}='"+ email +"'",
                 {table:tabuser.name,
                  username:tabuser.f.username,
                  role:tabuser.f.role});

              ora.runQuery(query,function(err,cb) {
                roleuser=cb[0];

                console.log(user.username, err,roleuser,user);
                if (err||!roleuser){
                  return res.json(403, {err: 'forbidden, no user role.'});
                }else{                  
                  user['role_id']=roleuser.role_id;
                  res.json({user: user, token: sailsTokenAuth.issueToken({sid: user.username,sroleid:roleuser['role_id']})});
                }  
              });
            } else {
                console.log("not match", match);
              return res.json(401, {err: 'invalid password'});
            };
          });

when inserted to database , this is my console log (query):

insert into AHMSDICC_MSTUSERS (vusername,vfullname,vemail,vphone,vaddress,vparen
t,vmdid,iroleid,vpass,dcrea,dmodi,vcrea,vmodi) VALUES ('ahm2','ahm2','ahm2','394
834','a','andi@mail','I01','1','$2a$10$5R27vVmSdkf/D3X0AuMTne5x/suiTiWW6LF2f9ZEz
eW4FZ7.8bBom',TO_DATE('07/03/2017 08:33:36','dd/mm/yyyy HH24:mi:ss'),TO_DATE('07
/03/2017 08:33:36','dd/mm/yyyy HH24:mi:ss'),'admin','admin')

this is my console for compare =

user=> { md: 'I01',
  address: 'a',
  phone: '394834',
  name: 'ahm2',
  email: 'ahm2',
  password: '$2a$10$5R27vVmSdkf/D3X0AuMTne5x/suiTiWW6LF2f9ZEzeW4FZ7.8bBom',
  username: 'ahm2' }
not match false

but the result always not match , for information im using oracledb for insert and get query

rpltuggal
  • 49
  • 5
  • You cannot create a new random salt, you have to take the salt that was used when the password was set. – Thilo Mar 07 '17 at 01:54
  • when encrypted right? sorry , i dont understand, im new for this – rpltuggal Mar 07 '17 at 01:59
  • Look at this for a working example: http://stackoverflow.com/questions/13023361/how-does-node-bcrypt-js-compare-hashed-and-plaintext-passwords-without-the-salt?rq=1 – Thilo Mar 07 '17 at 02:05
  • He is not using any salt at all in the comparation as far as I can see. The password is generated with a salt, how the parameters for the comparation are set up, is not shown anywhere – Psi Mar 07 '17 at 02:22
  • so, when the compare have to use salt? – rpltuggal Mar 07 '17 at 03:28
  • i've modified compare scripts, but the result is not match : console.log('password',password); var bcrypt = require('bcrypt'); const saltRounds = 10; const myPlaintextPassword = password; var salt = bcrypt.genSaltSync(saltRounds); var hash = bcrypt.hashSync(myPlaintextPassword, salt); console.log('testhash',hash); console.log('user.password',user.password); var banding = bcrypt.compareSync(user.password, hash); // true console.log('compareSync banding',banding); – rpltuggal Mar 07 '17 at 04:05

0 Answers0