Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bcrypt generating different hash when assigning same hash #1027

Open
Sameerthe-Big-O opened this issue Mar 13, 2024 · 4 comments
Open

bcrypt generating different hash when assigning same hash #1027

Sameerthe-Big-O opened this issue Mar 13, 2024 · 4 comments

Comments

@Sameerthe-Big-O
Copy link

Sameerthe-Big-O commented Mar 13, 2024
edited

I've run into the same problem which's like compare always returns false but with some strange behaviour.

so I've tried every solution which in previous closed (bcrypt returning false) were mentioned(mostly regarding the length issue)

But here's strange thing behavior I found

const hashpassword = await bcrypt.hash(password, salt)
        console.log(hashpassword)

        user.password = hashpassword

the thing is here hashpassword is

$2b$10$8UMFhEZrwc85vytIGyE2v.mX3CYU/ANojK8ZeaO2bXPs5Lttis7sq
but after storing this hash in a variable and storing into the db I found the hash was different

$2b$10$ELPnmKkLLvrPW7QCVSrIp.c3Jn5VuoTsEL7OKnJ5QnJe6ZC2jYb6q
why is that assigning to the variable and storing in database making different hash

i've also tried this

 user.password = await bcrypt.hash(password, salt)

where I'm storing the hash directly and literally I've manually compared the hash and hash is same but it doesn't seem to work at this point, I've given up

I'm using MongoDB and Mongoose and here's my schema constraint(length tries)

  password: {
            type: String,
        },
    I have also  tried
      password: {
            type: String,
            maxlength:60
},
    password: {
            type: String,
            maxlength:1000
},

The interesting part here is that it works on the simple register/login user fine for example

userSchema.pre('save', async function () {
    const salt = await bcrypt.genSalt(10)
    if (!this.password) return
    this.password = await bcrypt.hash(this.password, salt)
})

when I try to log in it'll actually work fine and compare doesn't return false
package version

   "bcrypt": "^5.1.1",

OS Version

   10.0.22621 Build 22621
@EdzonBolivar11
Copy link

same issue

@Sameerthe-Big-O
Copy link
Author

Sameerthe-Big-O commented Mar 18, 2024
edited

same issue

Hy i just found the bug what went wrong after spinning my head all day
uf you're using the
userSchema.pre('save', async function () { const salt = await bcrypt.genSalt(10) if (!this.password) return this.password = await bcrypt.hash(this.password, salt) })

this the behaviour you've encounter is expected lemme tell you why is that
so the thing is that whenever we save the user.save() what mongo db does is actually re run this middleware

so you're something like that user.name='sameer'
and then
user.password = await bcrypt.hash(password, salt)
this won't work because we're directly assigning the

@H-57
Copy link

H-57 commented Apr 6, 2024

same issue

@ashwin1005
Copy link

The issue arises from pre-save hooks, which are middleware functions invoked before the document is saved, being called before the document is saved. This results in the generation of different hashed passwords.

pls check your schema.
@H-57 @EdzonBolivar11

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ashwin1005 @EdzonBolivar11 @H-57 @Sameerthe-Big-O