BCrypt error Illegal arguments: string, object

Question

I am developing a NodeJS and ReactJS based web application in which I am trying to hash the passwords in multiple routes, one for registration and other for changing password.

For this purpose, I am generating the salt outside both routes so they both utilize the same salt like this:

const salt = bcrypt.genSalt(10);

Now inside the routes, the has is being generated like this:

user.password = await bcrypt.hash(newPassword, salt);

But when I run this, it gives the following console error:

Illegal arguments: string, object

The hashing operation was working fine when I was generating the salt inside the individual routes. What could be the reason?

Answer 1

In case anyone else runs into this.

Don't forget to await the genSalt function like so:

const salt = await bcrypt.genSalt(10);

The error: Illegal arguments: string, object tries to explain that one of the arguments passed to the hash function is invalid, since it's type is invalid.

In this case it's the second argument (salt) which expects a string/number but receives an object (the promise object that's returned if you don't await ) .

Hope that helps

Answer 2

I'm guessing you're calling bcrypt.hash like this

await bcrypt.hash(newPassword, 10);

This means that you're passing the number of rounds, not a salt. If you want to generate the salt outside of the call you can do something like this

const salt = bcrypt.genSaltSync(10);

And then use it in bcrypt.hash .

Answer 3

looking at the docs, i believe the error is caused by the call back function missing in your genSalt().. genSaltSync() works well without the call back..

Answer 4

If it helps anyone out there, I've had the same issue but my genSalt code was fine.

My problem was that I had some users whose passwords were uninitialized, so no salt had been generated and it was the bcrypt.compare function that was failing because it was trying to compare to NULL