来自 bcryptjs 的 bcrypt.compare 总是返回 false
[英]bcrypt.compare from bcryptjs always returns false
问题描述
I am using bcryptjs on a React and Node js project but can't seem to get it to return true.
我在 React 和 Node js 项目上使用 bcryptjs,但似乎无法让它返回 true。 On all online verifiers it returns as valid using the password and hash.在所有在线验证器上,它使用密码和哈希返回为有效。 I've already verified that the length is correct but can't get it to work.我已经验证长度是正确的,但无法让它工作。
My HandleSubmit function:我的 HandleSubmit 函数:
event.preventDefault();
const self = this;
const data = `username=${encodeURIComponent(this.state['username'])}&`;
axios.post(`/test/do_login/${data}`)
.then(function (response) {
console.log("RESPONSE");
console.log(response);
bcrypt.compare(self.state.password, response.data).then(function (result) {
console.log(`PW: ${self.state.password}\nDATA:${response.data}\nRES:${result}`);
if (result) self.setState({ loginSuccess: true });
});
});
}
On the server:在服务器上:
const express = require('express');
const bcrypt = require('bcryptjs');
const router = express.Router();
const regexp = /=(.+?)&/g
router.post('/do_login/:data', (req, res) => {
var con = req.app.get('con');
var args = [...(req.params.data).matchAll(regexp)];
console.log(args);
var username = args[0][1];
query = `SELECT * FROM users WHERE username="${username}";`
con.query(query, (err, result) => {
if (err) throw err;
console.log(result);
if (result.length < 1) res.send("USERNAME_INV")
else {
res.send(String(result[0].pw).slice(0,59));
};
});
});
module.exports = router;
I am using slice to remove the \\u000 at the end of database entry.我正在使用 slice 删除数据库条目末尾的 \\u000 。 It is stored in a BINARY(60)它存储在 BINARY(60) 中
1 个解决方案
解决方案1
0 2021-07-22 07:59:35
I think you are trying to resolve this problem in the wrong way.我认为你试图以错误的方式解决这个问题。
In your react app, just post a request with a body payload (username and password) to your server.在您的 React 应用程序中,只需将带有正文负载(用户名和密码)的请求发布到您的服务器。 That's it.而已。 Don't send credentials as query parameters, it is not safe.不要将凭据作为查询参数发送,这是不安全的。
In your nodejs app, you have to handle this call doing:在您的 nodejs 应用程序中,您必须处理此调用:
- Comparison with the password which will be hash (from your body) and the password stored in your database (hashed too)与将散列的密码(来自您的身体)和存储在您的数据库中的密码(也经过散列)进行比较
- Send a cookie or an access_token to your react app which will be sent each time you will call your server for next requests.将 cookie 或 access_token 发送到您的 React 应用程序,每次您为下一个请求调用服务器时都会发送这些信息。 You have to create a middleware so as to check the cookie or the access_token.您必须创建一个中间件以检查 cookie 或 access_token。
Moreover, check your username field to avoid sql injection.此外,请检查您的用户名字段以避免 sql 注入。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.