堆栈内存溢出
  简体   繁体   English

BCRYPTJS:为不同的密码返回相同的哈希值

[英]BCRYPTJS: returning same hash for different passwords

 原文  2020-01-03 16:11:24       javascript/ node.js/ bcrypt

问题描述

I didn't find anyone with similar problem on google, what happens is no matter the password user inputs it returns hash as if that is correct password, but you can input anything and it will still return same hashed password of that mail when it's found in database.我没有在谷歌上找到任何有类似问题的人,无论用户输入密码,它都会返回哈希值,就好像那是正确的密码一样,但是你可以输入任何内容,它仍然会在找到时返回与该邮件相同的哈希密码数据库中。

For example:例如:

Password input: asd密码输入: asd

bcrypt: $2a$12$EkucFAxlupmAzec1CDnBmuYugwAO4cXj.5bt/thg8l/dG0JDhMScm bcrypt: $2a$12$EkucFAxlupmAzec1CDnBmuYugwAO4cXj.5bt/thg8l/dG0JDhMScm

Password input: astastas密码输入: astastas

bcrypt: $2a$12$EkucFAxlupmAzec1CDnBmuYugwAO4cXj.5bt/thg8l/dG0JDhMScm bcrypt: $2a$12$EkucFAxlupmAzec1CDnBmuYugwAO4cXj.5bt/thg8l/dG0JDhMScm

code:代码:

    exports.login = (req, res, next) => {
        const email = req.body.email;
        const password = req.body.password;

        Users.findOne({ email: email }).then(result => {
            if (!result) {
                throw new Error('No user with that email');
            }
            else if (crypt.compare(password, result.password)) {
                const token = jwebtoken.sign({ email: result.email },
                    'thisisatokenyoucantfake', { expiresIn: '1h' });

                res.status(200).json({ token: token });
                console.log(password);
                console.log(result.password);
            } else {
                throw new Error('No user');
            }
        }).catch(err => console.log(err));
    };

mongodb atlas is used for storing hashed passwords, encrypt length is 12 . mongodb atlas 用于存储散列密码,加密长度为12

if anyone needs solution:如果有人需要解决方案:

exports.login = (req, res, next) => {
    const email = req.body.email;
    const password = req.body.password;

    Users.findOne({ email: email }).then(result => {
        if (!result) {
            throw new Error('No user with that email');
        } else {
            return crypt.compare(password, result.password);
        }
    }).then(result => {
        if (result) {
            const token = jwebtoken.sign({ email: result.email },
                'thisisatokenyoucantfake', { expiresIn: '1h' });

            res.status(200).json({ token: token });
        } else {
            throw new Error('Wrong password');
        }
    }).catch(err => console.log(err));
};

1 个解决方案

解决方案1
 4 已采纳  2020-01-03 16:18:30

bcrypt.compare is asynchronous - it returns a promise. bcrypt.compare异步的——它返回一个承诺。 Your if statement will always return true because a promise is a truthy value.您的 if 语句将始终返回 true,因为 promise 是一个真实值。 You need to resolve the promise using either await or .then() to get the resulting boolean.您需要使用await.then()来解析 promise 以获得结果布尔值。

Also you're logging the input plaintext password and the stored hash - the stored hash should always be the same as that's the point.此外,您正在记录输入的明文密码和存储的散列 - 存储的散列始终与重点相同。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 比较密码 BcryptJS - Compare passwords BcryptJS Bcryptjs无法比较密码Nodejs - Bcryptjs unable to compare passwords Nodejs 如何在节点中使用 bcryptjs 散列密码? - How to hash password with bcryptjs in node? 当密码包含数字时,bcryptjs 比较 function 返回 false - bcryptjs compare function returns false when passwords contain numbers 在javaScript中如何导出工作。 哈希未定义的bcryptjs - how doe export work in javaScript wold. hash undefined bcryptjs iPhone为(hash和3)和(Asterisk和8)返回相同的keydown事件 - iPhone returning same keydown event for (hash and 3) and (Asterisk and 8) Javascript HMAC 和 Python HMAC 不返回相同 hash - Javascript HMAC and Python HMAC not returning same hash JavaScript比较返回相同和不同 - JavaScript Comparison returning same and different Android和Javascript中相同字符串的哈希值不同 - Hash value of same string is different in Android and Javascript CryptoJS 为不同的文件创建相同的哈希值 - CryptoJS creates the same hash value for different files
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM