7

I'm developing a Node.js application that needs to log in using the same database information from a Laravel aplication.

I've read about BCrypt and trying to use it to make a comparison of the hashed password it generates with the Laravel one stored in the database.

So, by the documentation of BCrypt, I need to do something like that:

var salt = bcrypt.genSaltSync(saltRounds);
var hash = bcrypt.hashSync(myPlaintextPassword, salt);

But I have no idead on how to use the exact same salt from Laravel to hash my password. I need to use the APP_KEY to do this?

Improve this question

2 Answers 2

Reset to default
24

I fond the answer here. It's way easier than I thought.

var hash = '$2y$08$9TTThrthZhTOcoHELRjuN.3mJd2iKYIeNlV/CYJUWWRnDfRRw6fD2';
var bcrypt = require('bcrypt');
hash = hash.replace(/^\$2y(.+)$/i, '$2a$1');
bcrypt.compare("secret", hash, function(err, res) {
    console.log(res);
});
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you for solving a problem, coming back, and sharing it!
2

To my understanding, the salt is stored as part of the hash.

So why not just compare a plain text against the stored hash.

Try the following (from bcrypt docs) :

bcrypt.compare(myPlaintextPassword, hash, function(err, res) {
    // res == true
});

hash would be the users password hash value in the Laravel database.

for example :

var pass_hash = '$2y$12$Z3Dk1YAzNsdXxq8EKNQxluqGglI6dvncfJxDj0mZHh7zceX2XoX/W'
var pass_string = '1234'
bcrypt.compare(pass_string, pass_hash,(err,valid)=>{
 if(valid){console.log("valid password match")}
 else{console.log("wrong credentials")}
});
Improve this answer

4 Comments

It doesn't work. The comparealways return "wrong credentials".
Are you sure you have the valid match for the specific hash?
Yes. I've made the password using Hash::make from Laravel and I know for sure what the password without hash is.
if you console.log the pass_hash before comparing does it show the one from the database? (just making sure you are not comparing something wrong or an undefined value)... If you test my example, hard-coding the pass_hash and the pass_string, does it work?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.