nodejs - bcrypt: compare hash with password always return not match

Question

i'm trying to use the npm package 'bcrypt' for insert crypted password during signup on my PSQL db and login a user.

The operations that i do:

1) Signup: Insert username and crypted password on my PostgreSQL db

createUser: function(username, password) {
        bcrypt.genSalt(saltCount, function(err, salt) {
            bcrypt.hash(password, salt, function(err, hash) {
                query = "insert query with generated crypt password";
                pool.query(query, (err, res) => {
                    console.log(err, res);
                })
            });
        });
    }

2) Login user: get inserted password and compare with crypted password on PostgreSQL db

login: function(username, password) {
        const query = "select query for get crypt passowrd on db";
        pool.query(query, (err, res) => {
            const dbPsw = res.rows[0].hash_psw; // db password
            bcrypt.compare(password, dbPsw, function(err, result) {
                if (err)
                    console.log(err);
                else if (result)
                    console.log("password match");
                else
                    console.log("not match");
            });
        })
    }

The result of second function is always "not match".

I saw on my PSQL db that the inserted password by the first function is always different event i always insert the same password to be crypted.

So my question is: How can i get always the same crypted password? I'm probably doing something wrong but i follow the guide on npm site.

Thanks for your help.

Yes the hash generated will always be different because of the jumps. I do not see a problem with bcrypt, do the following test created a file using the bcrypt package and use bcrypt.compare and copy the hash of the database and enter the compare next to the password and see the result. One more detail what type of hash field in the database? String? — Chance, Dec 08 '18 at 12:01
I made this example online. This is the code of your method.. [Example](https://repl.it/@andersonmendesd/DarkRequiredDistributionsoftware). We have to check in the bank how this hash is stored and how it is retrieved. — Chance, Dec 08 '18 at 12:21
Copy the hash of your database manually and enter bcrypt compare along with the password and see if the result is true. — Chance, Dec 08 '18 at 12:23
I've understand you example, but when i use on my code this write on my db on password field [object Promise] and not the hash password. So when i compare the inserted password with hash always show 'Promise { }'. Do you know why? Thanks — act-studio, Dec 08 '18 at 12:45
This is because the promise has not yet been resolved, but was this my example? The repl.it console is returning a pending promise, but I do not understand why. This example is fully functional. — Chance, Dec 08 '18 at 12:49
Ok i worked with your example on my code but returned false on my project. I think because my steps are: 1) click signup button -> crypt psw and save on db 2) click login button -> get hash previous save on db -> compare. I think your example is correct but on my code doesn't working because i don't compare immediatly. right? — act-studio, Dec 08 '18 at 13:00
I believe my example will not fit for your code, my example is using for synchronous encoding without the use of callback. The hash that comes in this same line `const dbPsw = res.rows[0].hash_psw;` is generated? — Chance, Dec 08 '18 at 13:17
For you to use my example with the separate methods in async functions, the invoking function also has to be async, otherwise you will get pending promise. In my example initial function is the invocator so it should also be async. — Chance, Dec 08 '18 at 13:22
const dbPsw = res.rows[0].hash_psw; is the result of my query, where i found the user by username, so on dbPsw i have the hash password stored on my Psql db. But when i compare this with user inserted password returned me false. I tried your example in this method: normal function call the async function, and the async function (your initial) call with the 'await' the other async function, and with your initial function before i stored on db and with a different async function (example your initial2) i compare the password, but the result is always false. i don't know why.. — act-studio, Dec 08 '18 at 13:46
i've see a tutorial with mongo and bcrypt and work like my code but the returned is true... :O — act-studio, Dec 08 '18 at 13:46
I was looking for a code from when I was integrating postgre with nodejs, at a glance. I added bcrypt to the project. [Examples PSQL](https://bitbucket.org/andersonmendesdev/rest-crudpostgresql/src/master/) — Chance, Dec 08 '18 at 14:56

SanSolo · Accepted Answer · 2018-12-08T15:28:03.757

0

 query = "insert query with generated crypt password";

That should be query = "insert query with generated hash" because bcrypt.hash() gives a hash as seen in the method parameter : function(err, hash) so this callback receives either an error or a hash

There's an interesting question on how bcrypt compare works

edited Dec 08 '18 at 15:28

answered Dec 08 '18 at 15:04

SanSolo

2,267
2
24
32

Thanks you help me a lot!! – act-studio Dec 09 '18 at 15:11

nodejs - bcrypt: compare hash with password always return not match

1 Answers1