Node.js bcrypt compare 返回 false 以获得正确的密码
[英]Node.js bcrypt compare returns false for correct password
问题描述
I'm using bcrypt to hash and compare user passwords, however after i register a new user and then attempt to login, the bcrypt compare function returns false even though the password is correct.
我正在使用 bcrypt 来散列和比较用户密码,但是在我注册一个新用户然后尝试登录后,即使密码正确,bcrypt 比较函数也会返回 false。
1) Creating a new user 1)创建一个新用户
function NewUser(request, reply) {
let e = decodeURIComponent(request.params.q_email)
let p = decodeURIComponent(request.params.q_password)
dbCheckUserExists(e,
(yes) => {
return reply("User already exists")
},
(no) => {
bcrypt.hash(p, 3, (err, hash) => {
if (err) {
return reply("Error creating new user")
} else {
dbCreateUser(request, reply, e, hash)
}
});
});
}
function dbCreateUser(request, reply, email, pwdHash) {
var sql = "INSERT INTO Users(Version, Email, Password, Balance) VALUES (?,?,?,?)"
var args = [1, email, pwdHash, 0]
sql = mysql.format(sql, args)
executeSql(sql,
(err, rows, fields) => {
if (err) {
return reply("Error creating new user")
} else {
return reply("Successfully created new user")
}
}
);
}
2) Logging in 2) 登录
function dbLogin(request, reply, yes, no) {
let e = decodeURIComponent(request.payload.q_email)
let p = decodeURIComponent(request.payload.q_password)
//reply('email: ' + e + ' password: ' + p)
var sql = "SELECT Password FROM Users WHERE Email = ? LIMIT 1"
sql = mysql.format(sql, e)
executeSql(sql,
(err, rows, fields) => {
if (err) {
throw err
} else {
if (rows.length == 0) {
//no()
reply("email not found")
} else {
bcrypt.compare(p, rows[0].Password, (err, res) => {
if (res == true) {
reply("correct password")
//dbCreateSession(request, reply, yes, no)
} else if (res == false){
reply("incorrect password: " + p + " " + rows[0].Password)
}
else {
//no()
reply("neither true nor false")
}
});
}
}
}
);
}
I have created a user with email "hello" and password "world" and running the following query我用电子邮件“hello”和密码“world”创建了一个用户并运行以下查询
SELECT Email, Password FROM `Users` WHERE Email = 'hello'
returns the following返回以下内容
hello $2a$04$JwaMtM577eqLRNd0m5tbTewP1IxBMSAwyW9kczPjOPjDgu9I
however when i attempt to login i get the following (custom response)但是,当我尝试登录时,我得到以下信息(自定义响应)
incorrect password: world $2a$04$JwaMtM577eqLRNd0m5tbTewP1IxBMSAwyW9kczPjOPjDgu9I
Can anyone see where i am going wrong?谁能看到我哪里出错了?
3 个解决方案
解决方案1
3 2017-08-23 14:02:26
I've been staring at the screen for too long!我盯着屏幕太久了!
The problem was the Password field in the database was being truncated (55 chars instead of 60)问题是数据库中的密码字段被截断(55 个字符而不是 60 个字符)
解决方案2
3 2020-03-14 10:01:24
增加数据库中密码字段的大小,即
varchar(125)
解决方案3
2 2017-08-23 14:03:09
Maybe you ended up with an invalid hash, try to generate the hash with bcrypt also :也许你最终得到了一个无效的散列,尝试用 bcrypt 生成散列:
bcrypt.hash(myPlaintextPassword, saltRounds, function(err, hash) {
// Store hash in your password DB.
});
You can then try to check in a simple manner if the hash you have in the db matches a hardcoded version of the input you will be using ( password variable: p as a string 'world' )然后,您可以尝试以简单的方式检查您在数据库中的哈希值是否与您将使用的输入的硬编码版本匹配(密码变量: p作为字符串'world' )
bcrypt.compare('world', hash, function(err, result) {
if (err) { throw (err); }
console.log(result);
});
If it works (it probably will), then try to do the same with the input from the request.如果它有效(它可能会),然后尝试对来自请求的输入执行相同的操作。
You should get more insight in what is going wrong.您应该更深入地了解出了什么问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.