bcrypt password compare function always return false

bcrypt compare not working
bcrypt compare promise
bcrypt compare function
how to compare hash password in node js
bcryptjs
bcrypt compare undefined
node password hash and salt
bcrypt react

I am using node, mysql as the server and DB and ionic on the front end. I've managed to register a user with a hash using bcrypt and attempting to authenticate the user to log them in.

When comparing the password that user enters, in bcryptJS it seems like we cannot decrypt their password. When I console.log password and the result of user lookup in my db, I am comparing the password that the user enters with the hash that's stored so i am always retuning a 400 status to the front end.

Authentication code:

app.post('/login', function(req, res) {
  connection.connect(function(err) {
    let email = req.body.email;
    let password = req.body.password;

    connection.query("SELECT * FROM sometable WHERE username = ? ", [email], function(error, results, fields) {


       bcrypt.compare(req.body.password, results[0].password, function(err, result) {
         console.log('>>>>>> ', password)
         console.log('>>>>>> ', results[0].password)
         if(result) {
           return res.send();
         }
         else {
           return res.status(400).send();
         }
       })
    });

  });
});

What's the proper way to compare the password user enters with the hash that's stored in my db?

Thanks for your help.

edit:

I've tried the below code (adding a password strings) and I'm still getting the false result... What am I missing here?

 bcrypt.compare('somePassword', 'somePassword', function(err, res) {
          if(res) {
            console.log('true')
          } else {
           console.log('false')
          }
        });

Check to ensure you have the password before doing the comparison to know if the passwords match.

see my modification below

app.post('/login', function(req, res) {
  connection.connect(function(err) {
    let email = req.body.email;
    let password = req.body.password;

    connection.query("SELECT * FROM sometable WHERE username = ? ", [email], function(error, results, fields) {
      if (results[0].password) {
        bcrypt.compare(req.body.password, results[0].password, function(err, result) {
         console.log('>>>>>> ', password)
         console.log('>>>>>> ', results[0].password)
         if(result) {
           return res.send();
         }
         else {
           return res.status(400).send();
         }
       })
      }
    });
  });
});

bcrypt.compare return false always. · Issue #685 · kelektiv/node , the bcrypt.compare returns false always, when tries to compare hash from the db with the string password. router.post('/', function (req, res)  for some reason I always get false out of bcrypt.compare, a naive == as well as the function in the library buffer-equal-constant-time gives true (which is correct), giving up on bcrypt here. – SCBuergel.eth Jul 30 '16 at 21:50

So, as discussed in the comments of the question, the issue turned out to be the format of the column used to store the hashed password.

If you set your column to char(50) for instance, some databases will just silently remove anything beyond 50 chars, or add spaces to get to 50 chars if you have less.

This then breaks the comparison with the hashed version.

bcrypt.compare() always returns false when verifying passwords , genSaltSync(8), null); } }, instanceMethods: { verifyPassword: function(password) { return bcrypt.compare(password, this.password, function(err, result) { if (err)  the password variable is defined a few lines earlier in passport.use, If I did as you suggest and used the value returned by the database I would be comparing the encrypted value stored in the db against the encrypted value from the database, which would always return false.

Sorry guys! i had the some proble nut it was comming from mysql it was because i had a column callded password which was in CHAR(50) so if the hash is long than to 50 char it was truncating it, whyle hashed password are very long so i have changed the field from CHAR(50) to VARCHAR(255); Then everything start work fine

Bcrypt-NodeJS compare() returns false whatever the password , Bcrypt-NodeJS compare() returns false whatever the password - node.js. I know? bcrypt.compare() always returns false whatever the password is correct or not, The password and the hash given to the compare method are the right ones,  The tutor used bcrypt.compare in his code to compare a login password to the hash in the database (He uses a MAC) and it worked. When i tried to do the same, it didn't work. When i tried to do the same, it didn't work.

app.post('/login', function(req, res) {
  connection.connect(function(err) {
    let email = req.body.email;
    let password = req.body.password;

    connection.query("SELECT * FROM sometable WHERE username = ? ", [email], function(error, results, fields) {
    if(error) throw error;
    else { 
        if(results.length > 0) { 
        bcrypt.compare(req.body.password, results[0].password, function(err, result) {
         if(result) {
           return res.send({ message: "Login Successful" });
         }
         else {
           return res.status(400).send({ message: "Invalid Password" });
         }
        });
    } else {
        return res.status(400).send({ message: "Invalid Email" });
    } 
    }
});
});
});

Node.js Recipes, Node bcrypt's compare always returns false #NodeJS. genSalt and use bcrypt.​hash(password, 10, function(err, hash) {..}); your compare function seems good  I am storing the hashed password in the mongodb and then trying to compare the password in db with the user input password but this function is always returning false no matter whatever be the case.

my nodejs bcrypt compare not working properly, but ater signing up and and i try to sign in, my bcrypt would always return false, function() { const saltRounds = 10; return await bcrypt.hash(this.password,  resultwill always be undefined since promises return a single value and errors are simply thrown in the catch phrase. So basically, in your code, err will contain the actual result. What your code should look like is the following: bcrypt.compare(req.body.password,user.password).then((result)=>{

bcryptjs.compare JavaScript and Node.js code examples, export function compareHash (string, hash) { return new Promise((resolve, error) done(null, false, {message: 'No user found'}); } bcrypt.compare(password,  bcrypt.compare() always returns false when verifying passwords Tag: node.js , authentication , passport.js , bcrypt , sequelize.js I followed this tutorial from scotch.io on how to build user authentication using node.js (great tutorial by the way).

Using Bcrypt to Hash & Check Passwords in NodeJS, How to use the Bcrypt password hashing function and Node.js to Later on, you can compare the hash and password to verify that they match. Therefore it keeps up with Moore's law, so as computers get faster It has a callback function that returns the true/false result of whether or not the two matched. the bcrypt.compare returns false always, when tries to compare hash from the db with the string password.

Comments
  • side note, when i console.log(result) of the bcrypt.compare function the result is false.
  • Have you checked the value of err?
  • the value of the err is either null or undefined
  • What’s the type of your field for the hashed password in the database? It wouldn’t be truncated or padded by any chance?
  • If you set your column to char(50) for instance, some databases will just silently remove anything beyond 50 chars, or add spaces to get to 50 chars if you have less. This would obviously break the comparison. I would expect an error from bcrypt in that situation, but you never know...