0

refreshToken is a string that is checked to see if it is in line with encoding.

currentHashedRefreshToken is currently an encoded token.

isRefreshTokenMatching is a boolean variable that compares if the encoded string matches bcrypt.

{
  refreshToken: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1dWlkIjoiOWRiMTcwMmMtNDkyYy00MTJmLTkyM2QtM2Y5MWQyYzk0NTNjIiwicm9sZSI6IkNVU1RPTUVSX1JPTEUiLCJpYXQiOjE2MDU0NzM4NTcsImV4cCI6MTYwNTQ3NzQ1N30.o9nEeH4V7PZ61jWRG7-7epH79Vi9HJQWorvx5A37q4o'
}
{
  currentHashedRefreshToken: '$2b$10$ZYsrh1xu3icprkvRI0OksuBx6hrfOs9lmO7oZ2qqM6pFCLDiVaQrq'
}
{ isRefreshTokenMatching: true }

secound:

{
  refreshToken: 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1dWlkIjoiOWRiMTcwMmMtNDkyYy00MTJmLTkyM2QtM2Y5MWQyYzk0NTNjIiwicm9sZSI6IkNVU1RPTUVSX1JPTEUiLCJpYXQiOjE2MDU0NzUzOTgsImV4cCI6MTYwNTQ3ODk5OH0.iHRhFmtgRbsgTv9uC7VDaT_bU1tHxdlCjHDCjfmxeKA'
}
{
  currentHashedRefreshToken: '$2b$10$ZYsrh1xu3icprkvRI0OksuBx6hrfOs9lmO7oZ2qqM6pFCLDiVaQrq'
}
{ isRefreshTokenMatching: true }

why both refresh tokens detect that they match if they are different and different?

Here are my methods for hashing and decoding:

  /**
   * generate hash from password or string
   * @param {string} password
   * @returns {Promise<string>}
   */
  static async generateHash(password: string): Promise<string> {
    return bcrypt.hash(password, 10);
  }

  /**
   * validate text with hash
   * @param {string} password
   * @param {string} hash
   * @returns {Promise<boolean>}
   */
  static async validateHash(password: string, hash?: string): Promise<boolean> {
    return bcrypt.compare(password, hash || '');
  }
regexjS2
  • 41
  • 4
  • the code you posted isn't doing anything with the data that you listed that is supposedly related to it. can you post a more complete example of what you are trying to do here? – Claies Nov 15 '20 at 21:52
  • `currentHashedRefreshToken` is the hashed password used in creating the `refreshToken` - of course they will be the same, and the tokens will be different since they have a different issued at and expiry time – Jaromanda X Nov 15 '20 at 22:12
  • @JaromandaX so I have two different refreshToken and one currentHashedRefreshToken - so this is okay, that two other string has the same for bcrypt? – regexjS2 Nov 15 '20 at 22:15
  • none of the code you've shown has anything to do with `refreshToken` ... other than the fact that the `currentHashedRefreshToken` is actually (I'm guessing since I can't decrypt it) the hashed password used for creating the `refreshToken` - the value of `refreshToken` has nothing to do with `isRefreshTokenMatching` based on the code you've shown - again, you'll have to show how `isRefreshTokenMatching` is calculated if you want more information – Jaromanda X Nov 15 '20 at 22:19
  • Also, this looks like TypeScript, not JavaScript, although I don't think the difference is relevant to the question. – Barmar Nov 15 '20 at 22:38
  • See my answer in your previous question - https://stackoverflow.com/questions/64847747/bcrypt-compare-two-other-strings-and-returns-true – Bravo Nov 16 '20 at 00:38

0 Answers0