Hi. I installed native meteor bcrypt package and created a user using Accounts package:
let pass = '123123';
Accounts.createUser({
username: user.username,
password: pass,
});
In my database I saw that new account exist and the password was encrypted:
"services": {
"password": {
"bcrypt": "$2a$10$z2y4Y3j8QhQtgKHCGBu6/eKg5/z9FnPAria2KD5o5aC3zvAKYfFZu"
},
Than I created an external script (not connected with meteor) and I tried to compare plain password with bcrypt hash.
const bcrypt = require('bcrypt-nodejs');
const hash = '$2a$10$z2y4Y3j8QhQtgKHCGBu6/eKg5/z9FnPAria2KD5o5aC3zvAKYfFZu';
bcrypt.compare('123123', hash, function (err, res) {
console.log(res);
});
Compare method returned FALSE and I don’t know why.
I tried also generate new bcrypt hash in external script and update the user entity in database.
const bcrypt = require('bcrypt-nodejs');
const saltRounds = 10;
let newPlainPassword = '123123';
bcrypt.genSalt(saltRounds, function(err, salt) {
bcrypt.hash(newPlainPassword, salt, null, function(err, hash) {
MongoClient.connect(url, function (error, db) {
db.collection('users').updateOne(
{ username: 'userName' },
{
$set: { 'services.password.bcrypt': hash },
}, function(error) {
});
});
});
});
But after this operation I can’t login to this account. Meteor.loginWithPassword returns an error that the password is incorrect.
To sum up, I have two questions:
- Why bcrypt.compare method retured false?
- Why Meteor.loginWithPassword returns an error after I update bcrypt hash?
Thanks