firebase auth:import do not use the right password

[TherapyBox]

firebase auth:import appear to be broken?

With MD5:

firebase auth:import users.json --hash-algo=MD5 --rounds=0

{  
   "users":[  
      {  
         "localId":"uid1",
         "email":"fedtest@gmail.com",
         "emailVerified":true,
         "displayName":"Test Foo Bar",
         "passwordHash":"NzJkNGE1YTViNjA1YzUzYWUxYWM0NzhkOWE0OTc3ZDc=",
         "salt":null
      }
   ]
}

This works fine.

But, with SHA1, SHA256, etc.:

firebase auth:import users.json --hash-algo=SHA1 --rounds=0

{  
   "users":[  
      {  
         "localId":"uid1",
         "email":"fedtest@gmail.com",
         "emailVerified":true,
         "displayName":"Test Foo Bar",
         "passwordHash":"NDM3MDkxZjMxYmY1OTgwOWJkMzRjZDBjYzVlNGM3ZGE2ODIwZmU3Nw==",
         "salt":null
      }
   ]
}

this don't allow me to login with the password that I choosed. The account is created, but I cannot login. On login I get error is:

Error: The password is invalid or the user does not have a password.

The plain password for those tests of mine is: tester5. I tried with both the latest version of firebase-tools ( 7.2.4 ), and the previous major version as well - same behaviour.
Am I missing something?

[google-oss-bot]

This issue does not seem to follow the issue template. Make sure you provide all the required information.

[mbleigh]

Internal tracking id: 140201224

[rcoppinger-tbox]

Hi, does anyone have an update to the status of this issue?

[samtstern]

I asked the engineering team and we currently don't support 0-round hashing for SHA1 passwords. I will add a warning to reflect this.

[rcoppinger-tbox]

Hi @samtstern ,

I was hoping to get a bit of direction for a problem we're having with the import users method.
Our application has +- 2,000 weekly active users and we're moving to firebase from our legacy system, which uses PHP SHA1 password hashing with rounds 0 to encrypt users' passwords, like so:

$hashed = sha1($salt . $current_password);

Since rounds=0 is rejected for SHA1, we've tried importing using rounds=1 and rounds=80. Neither of them work. When trying to log in with that account, an incorrect password error is thrown:

Error: The password is invalid or the user does not have a password.

Any advice as to what number of rounds we should try? Is there any alternative solution to this problem, or are we out of luck with this one?

[erickentry]

I think the problem is in the Base64 encoding. You should generate Base64 from un-hex-ed SHA1 hash.

Refer to this SO post: https://stackoverflow.com/questions/27838177/convert-string-to-sha1-and-to-base64

And we basically import our data using this command:

firebase auth:import some_file.json --hash-algo=SHA1 --rounds=1

--
We've spent some time figuring this out too 😄

[fofiu]

Anyone else having this issue? I can't get the export/import to work properly. Going from one database to another.

Basically running firebase auth:export account_file and firebase auth:import account_file. When I try to log in I get "The password is invalid or the user does not have a password."

[wiesson]

@cfofiu - you have to specify the hash-key of your old project while importing

firebase auth:import account_file --project=<NEW_PROJECT_ID> --hash-algo=scrypt --hash-key=<LONG_HASH_KEY_HERE> --salt-separator=Bw== --rounds=8 --mem-cost=14

The hash key is located in Authentication -> Users Table -> three dots menu on the upper right