0

FOr authentication purpose, I'm storing the hashed password in MongoDB when I try to compare this password for the same string bcryptjs throws a null value. database image

where it stores hashed password in Binary form for string '123'. here is my generating code

import bcrypt
salt = bcrypt.gensalt()    
password = bcrypt.hashpw(request.form['password'].encode('utf-8'), salt)

When I try to compare this with user entered password '123' I get a null value.

123 $2b$12$URN6pyD4SsOgIXALvr.jIuy2hvxlxva.ioamDNtMhAwvWb9/nLdhO null

here is my nodejs code with bcryptjs to compare user password with hashed database password

userSchema.methods.comparePassword = function (passw, cb) {
    var user = this;
    console.log((passw === user.password) ? 'passwords match' : 'passwords dont match' );
    console.log(passw +" "+ user.password )
    bcrypt.compare(passw, user.password, function (err, isMatch) {
        console.log(passw +" "+ user.password +" " +isMatch )
        if(err) {
            return cb(err)
        }
        cb(null, isMatch)
    })
}

I get a null value even though I enter the same string '123' also If I try checking with this online bcryptchecker website https://bcryptgenerator.com/ I get a match. What am I doing wrong exactly here?can someone point out my mistake ?

Nikhil R
  • 95
  • 4
  • 13
  • for generating I'm using python bcrypt and saving it in the database and for checking I'm using bcrypt compare. Check edited question – Nikhil R Mar 10 '21 at 15:12

1 Answers1

0

I think you are making the mistake in sending data to 'bcrypt.compare' method. You should make changes:

bcrypt.compare(user.password, 'password from database')
    .then(status => console.log(status))
    .catch (e) {
        console.log(`Error: ${e}`);
     }

For more details check this.

Apoorva Chikara
  • 8,277
  • 3
  • 20
  • 35
  • nope, I''m sending in right order which is user entered password followed by hashed password from databse – Nikhil R Mar 10 '21 at 15:11