why bcryptjs compare gives null value even though hash used is generated one?

Question

FOr authentication purpose, I'm storing the hashed password in MongoDB when I try to compare this password for the same string bcryptjs throws a null value.

where it stores hashed password in Binary form for string '123'. here is my generating code

import bcrypt
salt = bcrypt.gensalt()    
password = bcrypt.hashpw(request.form['password'].encode('utf-8'), salt)

When I try to compare this with user entered password '123' I get a null value.

123 $2b$12$URN6pyD4SsOgIXALvr.jIuy2hvxlxva.ioamDNtMhAwvWb9/nLdhO null

here is my nodejs code with bcryptjs to compare user password with hashed database password

userSchema.methods.comparePassword = function (passw, cb) {
    var user = this;
    console.log((passw === user.password) ? 'passwords match' : 'passwords dont match' );
    console.log(passw +" "+ user.password )
    bcrypt.compare(passw, user.password, function (err, isMatch) {
        console.log(passw +" "+ user.password +" " +isMatch )
        if(err) {
            return cb(err)
        }
        cb(null, isMatch)
    })
}

I get a null value even though I enter the same string '123' also If I try checking with this online bcryptchecker website https://bcryptgenerator.com/ I get a match.What am I doing wrong exactly here?can someone point out my mistake?

Answer 1

I think you are making the mistake in sending data to 'bcrypt.compare' method. You should make changes:

bcrypt.compare(user.password, 'password from database')
    .then(status => console.log(status))
    .catch (e) {
        console.log(`Error: ${e}`);
     }

For more details check this .