'User password hash cut short with MongoDB
I am creating a MERN app, with routes restricted based on role authentication. So when the server starts it looks for a superuser after it connects to MongoDB, if it doesn't find one then it prompts for the creation thereof:
(async () =>
{
const MONGO_URI = process.env.MONGO_URI;
await mongoose.connect(MONGO_URI, {
useNewUrlParser: true,
}).then(() => console.log("Mongo success")).catch(err => console.log(err));
const User = require('./models/User');
const Role = require('./_inc/role');
const superUser = await User.findOne({ role: Role.Superuser });
if (!superUser)
{
const readline = require('readline');
const rl = readline.createInterface({
input: process.stdin,
output: process.stdout,
});
rl._writeToOutput = function(str)
{
if (rl.stdoutMuted)
{
rl.output.write('*');
}
else
{
rl.output.write(str);
}
}
const prom = (str, muted = false) => new Promise(resolve => {
rl.question(str, resolve);
rl.stdoutMuted = muted;
});
const username = await prom('Username: ');
const email = await prom('Email: ');
const password = await prom('Password: ', true);
rl.history = rl.history.slice(1);
rl.close();
const newUser = new User({
name: username,
email, password,
role: Role.Diosito,
picture: '',
method: {
local: true,
},
});
bcrypt.genSalt(10, (err, hash) => {
if (err) throw err;
newUser.password = hash;
newUser
.save()
.catch(err => console.log({
error: 'se ocurrió un error por intentar crear al usario'
}));
});
}
})();
Unfortunately at some point the password hash is cut short to the first 29 characters. Here is the User schema:
const userModel = {
name: {
type: String,
},
email: {
type: String,
unique: true,
},
picture: {
type: String,
},
password: {
type: String,
},
role: {
type: String,
required: true,
},
banned: {
type: Boolean,
default: false,
},
method: {
google: Boolean,
local: Boolean,
},
};
const UserSchema = new Schema(userModel);
Any help is appreciated, thank you
Solution 1:[1]
The problem is that bcrypt.genSalt is only generating the salt value, not the hashed password, so that's why the password is cut short. You also need to call bcrypt.hash(password, salt)
bcrypt.genSalt(10, function(err, salt) {
bcrypt.hash(password, salt, function(err, hash) {
newUser.password = hash;
newUser
.save()
.catch(err => console.log({
error: 'se ocurriĆ³ un error por intentar crear al usario'
}));
});
});
You can read more about here https://heynode.com/blog/2020-04/salt-and-hash-passwords-bcrypt/
Solution 2:[2]
You need to call the bcrypt.hash method inside the bcrypt.genSalt callback
bcrypt.genSalt(10, function(err, salt) {
bcrypt.hash(password, salt, function(err, hash) {
if (err) throw err;
newUser.password = hash;
newUser
.save()
.catch(err => console.log({
error: 'se ocurriĆ³ un error por intentar crear al usario'
}));
});
});
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Andrei Stoica |
| Solution 2 | Prana |