javascript 节点 bCrypt.compareSync
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/27749596/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Node bCrypt.compareSync
提问by Suji
I am creating a user login. I am able to have the user sign up and when the user sings up his password is encrypted before it is saved in the database.
我正在创建一个用户登录。我可以让用户注册,当用户注册时,他的密码在保存到数据库之前被加密。
When that same user tries to log in, I am getting an "invalid password".
当同一用户尝试登录时,我收到“无效密码”。
This is because it is comparing the user input to an encrypted password in the database. Example if password is 1234, then in database it is saved as "$2a$104$0301". When the user tries to log in, the user input which is "1234" is compared to "2a$104$0301". How would I fix?
这是因为它将用户输入与数据库中的加密密码进行比较。例如,如果密码是 1234,那么在数据库中它被保存为“$2a$104$0301”。当用户尝试登录时,将用户输入“1234”与“2a$104$0301”进行比较。我该如何解决?
Here is my code for login:
这是我的登录代码:
var LocalStrategy = require('passport-local').Strategy;
var User = require('../Models/users.js');
var bcrypt = require('bcrypt-nodejs');
module.exports = function(passport){
passport.use('login', new LocalStrategy({
passReqToCallback : true
},
function(req, username, password, done){
User.findOne({'username' : username},
function(err, user){
if(err)
return done(err);
if(!user){
console.log('User Not Found with username: '+username);
return done(null, false,
req.flash('message', 'User Not Found.'));
}
if (!isValidPassword(user, password)){
console.log('Invalid Password');
return done (null, false,
req.flash('message', 'Invalid Password'));
}
return done(null, user);
}
);
})
);
var isValidPassword = function(user, password){
var result = bcrypt.compareSync(password, user.password);
if (result) {
console.log("Password correct");
} else {
console.log("Password wrong");
}
return result;
}
}
回答by Vsevolod Goloviznin
compareSyncmethod takes only 2 arguments and returns a boolean value trueor false.
compareSync方法只接受 2 个参数并返回一个布尔值trueor false。
You should perform the check like this:
您应该像这样执行检查:
var result = bcrypt.compareSync(password, user.password);
if (result) {
console.log("Password correct");
} else {
console.log("Password wrong");
}
回答by Andrew Kwintowski
Really late to the party, however I just had this same problem and the reason it wasn't working for me was that I had encrypted the input password before trying to compare with the already encrypted 'user.password'.
聚会真的很晚了,但是我遇到了同样的问题,它对我不起作用的原因是我在尝试与已经加密的“user.password”进行比较之前已经加密了输入密码。
Once I realised there was no need to encrypt the input password, the compareSync worked perfectly.
一旦我意识到不需要加密输入密码,compareSync 就完美地工作了。
From bcrypt - npm:
To check a password:
要检查密码:
// Load hash from your password DB.
bcrypt.compareSync(myPlaintextPassword, hash); // true
bcrypt.compareSync(someOtherPlaintextPassword, hash); // false
The "compareSync" function counters timing attacks (using a so-called 'constant-time' algorithm). In general, don't use the normal JavaScript string comparison functions to compare passwords, cryptographic keys, or cryptographic hashes if they are relevant to security.
“compareSync”函数可以对抗计时攻击(使用所谓的“恒定时间”算法)。一般来说,不要使用普通的 JavaScript 字符串比较函数来比较密码、加密密钥或加密哈希,如果它们与安全相关的话。
