Click here to Skip to main content
15,064,293 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
I am new to node js, I am trying to validate a password that is encrypted, and I have given the below code which I have tried.

What I have tried:

async function passCheck(event){ // in event i am passing user enterd password and email
var EnteredPassword = bcrypt.hashSync(event.password,10); //10 saltrounds

var fromDB = await pool.query('SELECT password from User WHERE email =
?',event.emailID );
if(EnteredPassword == fromDB){ //Here i am comparing
console.log("valid");
}
else{
console.log("invalid")
}
}
Posted
Updated 27-Jan-21 4:21am

1 solution

Hopefully the password hash you're storing has been salted with a random salt per record. That salt should either be stored in a separate column, or combined into the stored password hash somehow.

If you hash the same password again, but use a different salt, then you will get a different result.

The documentation suggests that you need to use the bcrypt.compare function to compare the plaintext password to the stored hash:
JavaScript
// Load hash from your password DB.
bcrypt.compare(myPlaintextPassword, hash, function(err, result) {
    // result === true
});

Also, why are you calling the Sync methods in an async function?
JavaScript
async function passCheck(event){
    var fromDB = await pool.query('SELECT password FROM user WHERE email = ?', event.emailID);
    var passwordMatch = await bcrypt.compare(event.password, fromDB);
    if (passwordMatch) {
        console.log("valid");
    }
    else {
        console.log("invalid");
    }
}
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900