Home > Software design >  User password hash cut short with MongoDB
User password hash cut short with MongoDB

Time:04-18

I am creating a MERN app, with routes restricted based on role authentication. So when the server starts it looks for a superuser after it connects to MongoDB, if it doesn't find one then it prompts for the creation thereof:

(async () =>
{
    const MONGO_URI = process.env.MONGO_URI;
    await mongoose.connect(MONGO_URI, {
        useNewUrlParser: true,
    }).then(() => console.log("Mongo success")).catch(err => console.log(err));

    const User = require('./models/User');
    const Role = require('./_inc/role');
    const superUser = await User.findOne({ role: Role.Superuser });
    if (!superUser)
    {
        const readline = require('readline');
        const rl = readline.createInterface({
            input: process.stdin,
            output: process.stdout,
        });
        rl._writeToOutput = function(str)
        {
            if (rl.stdoutMuted)
            {
                rl.output.write('*');
            }
            else
            {
                rl.output.write(str);
            }
        }
        const prom = (str, muted = false) => new Promise(resolve => {
            rl.question(str, resolve);
            rl.stdoutMuted = muted;
        });
        const username = await prom('Username: ');
        const email    = await prom('Email: ');
        const password = await prom('Password: ', true);
        rl.history = rl.history.slice(1);
        rl.close();
        const newUser = new User({
            name: username,
            email, password,
            role: Role.Diosito,
            picture: '',
            method: {
                local: true,
            },
        });
        bcrypt.genSalt(10, (err, hash) => {
            if (err) throw err;
            newUser.password = hash;
            newUser
              .save()
               .catch(err => console.log({
                    error: 'se ocurrió un error por intentar crear al usario'
                }));
        });
    }
})();

Unfortunately at some point the password hash is cut short to the first 29 characters. Here is the User schema:

const userModel = {
    name: {
        type: String,
    },
    email: {
        type: String,
        unique: true,
    },
    picture: {
        type: String,
    },
    password: {
        type: String,
    },
    role: {
       type: String,
       required: true,
    },
    banned: {
        type: Boolean,
        default: false,
    },
    method: {
        google: Boolean,
        local:  Boolean,
    },
};
const UserSchema = new Schema(userModel);

Any help is appreciated, thank you

CodePudding user response:

You need to call the bcrypt.hash method inside the bcrypt.genSalt callback

bcrypt.genSalt(10, function(err, salt) {
    bcrypt.hash(password, salt, function(err, hash) {
        if (err) throw err;
            newUser.password = hash;
            newUser
              .save()
               .catch(err => console.log({
                    error: 'se ocurrió un error por intentar crear al usario'
                }));
    });
});

CodePudding user response:

The problem is that bcrypt.genSalt is only generating the salt value, not the hashed password, so that's why the password is cut short. You also need to call bcrypt.hash(password, salt)

bcrypt.genSalt(10, function(err, salt) {
  bcrypt.hash(password, salt, function(err, hash) {
    newUser.password = hash;
    newUser
      .save()
        .catch(err => console.log({
           error: 'se ocurrió un error por intentar crear al usario'
        }));
  });
});

You can read more about here https://heynode.com/blog/2020-04/salt-and-hash-passwords-bcrypt/

  • Related