For user authentication, I'm storing passwords by hashing using bcrypt which is stored in MongoDB cluster but when I try to authenticate the user using the same string I get the wrong comparison with bcrypt.compare says mismatch. Here is the code I'm trying to run both for saving and authenticating
import bcrypt
salt = bcrypt.gensalt()
password = bcrypt.hashpw(request.form['password'].encode('utf-8'), salt)
here is nodejs code for authenticating based on user entry
userSchema.methods.comparePassword = function (passw, cb) {
var user = this;
console.log((passw === user.password) ? 'passwords match' : 'passwords dont match' );
console.log(passw +" "+ user.password )
bcrypt.compare(passw, user.password, function (err, isMatch) {
console.log(passw +" "+ user.password +" " +isMatch )
if(err) {
return cb(err)
}
cb(null, isMatch)
})
}
here is the print of generated hashed password for string '123'
hashed password b'$2b$12$URN6pyD4SsOgIXALvr.jIuy2hvxlxva.ioamDNtMhAwvWb9/nLdhO'
in mongo db it stores it as binary
password:Binary('JDJiJDEyJFVSTjZweUQ0U3NPZ0lYQUx2ci5qSXV5Mmh2eGx4dmEuaW9hbUROdE1oQXd2V2I5L25MZGhP', 0)
when I try to authenticate with the user-entered password I get a mismatch even though I entered the same string while hashing
123 $2b$12$URN6pyD4SsOgIXALvr.jIuy2hvxlxva.ioamDNtMhAwvWb9/nLdhO null
it throws null even though both are the same for the user which got saved in a database
user found{ _id: 60479960c20181a14badf6e0,
Name: 'boolbool',
phoneno: '2828',
uploadid: 'dilshan',
password: '$2b$12$URN6pyD4SsOgIXALvr.jIuy2hvxlxva.ioamDNtMhAwvWb9/nLdhO' }
I tried encoding & checking password
bcrypt.compare(utf8.encode(passw), utf8.encode(user.password), function (err, isMatch)
but still, it says null what am I doing wrong? can someone point out my mistake? that will be very helpful
