Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

User password hash cut short with MongoDB

byMR
April 17, 2022

I am creating a MERN app, with routes restricted based on role authentication. So when the server starts it looks for a superuser after it connects to MongoDB, if it doesn’t find one then it prompts for the creation thereof:

(async () =>
{
    const MONGO_URI = process.env.MONGO_URI;
    await mongoose.connect(MONGO_URI, {
        useNewUrlParser: true,
    }).then(() => console.log("Mongo success")).catch(err => console.log(err));

    const User = require('./models/User');
    const Role = require('./_inc/role');
    const superUser = await User.findOne({ role: Role.Superuser });
    if (!superUser)
    {
        const readline = require('readline');
        const rl = readline.createInterface({
            input: process.stdin,
            output: process.stdout,
        });
        rl._writeToOutput = function(str)
        {
            if (rl.stdoutMuted)
            {
                rl.output.write('*');
            }
            else
            {
                rl.output.write(str);
            }
        }
        const prom = (str, muted = false) => new Promise(resolve => {
            rl.question(str, resolve);
            rl.stdoutMuted = muted;
        });
        const username = await prom('Username: ');
        const email    = await prom('Email: ');
        const password = await prom('Password: ', true);
        rl.history = rl.history.slice(1);
        rl.close();
        const newUser = new User({
            name: username,
            email, password,
            role: Role.Diosito,
            picture: '',
            method: {
                local: true,
            },
        });
        bcrypt.genSalt(10, (err, hash) => {
            if (err) throw err;
            newUser.password = hash;
            newUser
              .save()
               .catch(err => console.log({
                    error: 'se ocurrió un error por intentar crear al usario'
                }));
        });
    }
})();

Unfortunately at some point the password hash is cut short to the first 29 characters.
Here is the User schema:

const userModel = {
    name: {
        type: String,
    },
    email: {
        type: String,
        unique: true,
    },
    picture: {
        type: String,
    },
    password: {
        type: String,
    },
    role: {
       type: String,
       required: true,
    },
    banned: {
        type: Boolean,
        default: false,
    },
    method: {
        google: Boolean,
        local:  Boolean,
    },
};
const UserSchema = new Schema(userModel);

Any help is appreciated, thank you

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel

>Solution :

The problem is that bcrypt.genSalt is only generating the salt value, not the hashed password, so that’s why the password is cut short. You also need to call bcrypt.hash(password, salt)

bcrypt.genSalt(10, function(err, salt) {
  bcrypt.hash(password, salt, function(err, hash) {
    newUser.password = hash;
    newUser
      .save()
        .catch(err => console.log({
           error: 'se ocurrió un error por intentar crear al usario'
        }));
  });
});

You can read more about here https://heynode.com/blog/2020-04/salt-and-hash-passwords-bcrypt/

byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading