Incorrect password with bcrypt


#1

Hi. I installed native meteor bcrypt package and created a user using Accounts package:

let pass = '123123';
Accounts.createUser({
      username: user.username,
      password: pass,
    });

In my database I saw that new account exist and the password was encrypted:

    "services": {
        "password": {
            "bcrypt": "$2a$10$z2y4Y3j8QhQtgKHCGBu6/eKg5/z9FnPAria2KD5o5aC3zvAKYfFZu"
        },

Than I created an external script (not connected with meteor) and I tried to compare plain password with bcrypt hash.

const bcrypt = require('bcrypt-nodejs');
const hash = '$2a$10$z2y4Y3j8QhQtgKHCGBu6/eKg5/z9FnPAria2KD5o5aC3zvAKYfFZu';
bcrypt.compare('123123', hash, function (err, res) {
          console.log(res);
        });

Compare method returned FALSE and I don’t know why.

I tried also generate new bcrypt hash in external script and update the user entity in database.

const bcrypt = require('bcrypt-nodejs');

const saltRounds = 10;
let newPlainPassword = '123123';
bcrypt.genSalt(saltRounds, function(err, salt) {
  bcrypt.hash(newPlainPassword, salt, null, function(err, hash) {
    MongoClient.connect(url, function (error, db) {
      db.collection('users').updateOne(
        { username: 'userName' },
        {
          $set: { 'services.password.bcrypt': hash },
        }, function(error) {
          
        });
    });
  });
});

But after this operation I can’t login to this account. Meteor.loginWithPassword returns an error that the password is incorrect.
To sum up, I have two questions:

  1. Why bcrypt.compare method retured false?
  2. Why Meteor.loginWithPassword returns an error after I update bcrypt hash?

Thanks


#2

Did you find an answer to this one?