NODE.JS - How to check a Laravel hashed password with bcrypt?
Question
I'm developing a Node.js application that needs to log in using the same database information from a Laravel aplication.
I've read about BCrypt and trying to use it to make a comparison of the hashed password it generates with the Laravel one stored in the database.
So, by the documentation of BCrypt , I need to do something like that:
var salt = bcrypt.genSaltSync(saltRounds);
var hash = bcrypt.hashSync(myPlaintextPassword, salt);
But I have no idead on how to use the exact same salt from Laravel to hash my password. I need to use the APP_KEY to do this?
2 answers
solution1
1 2019-06-18 21:02:46
To my understanding, the salt is stored as part of the hash.
So why not just compare a plain text against the stored hash.
Try the following (from bcrypt docs) :
bcrypt.compare(myPlaintextPassword, hash, function(err, res) {
// res == true
});
hash would be the users password hash value in the Laravel database.
for example :
var pass_hash = '$2y$12$Z3Dk1YAzNsdXxq8EKNQxluqGglI6dvncfJxDj0mZHh7zceX2XoX/W'
var pass_string = '1234'
bcrypt.compare(pass_string, pass_hash,(err,valid)=>{
if(valid){console.log("valid password match")}
else{console.log("wrong credentials")}
});
solution2
1 ACCPTED 2019-06-26 15:04:10
I fond the answer here . It's way easier than I thought.
var hash = '$2y$08$9TTThrthZhTOcoHELRjuN.3mJd2iKYIeNlV/CYJUWWRnDfRRw6fD2';
var bcrypt = require('bcrypt');
hash = hash.replace(/^\$2y(.+)$/i, '$2a$1');
bcrypt.compare("secret", hash, function(err, res) {
console.log(res);
});
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.