skip to Main Content

I am creating a MERN app, with routes restricted based on role authentication. So when the server starts it looks for a superuser after it connects to MongoDB, if it doesn’t find one then it prompts for the creation thereof:

(async () =>
{
    const MONGO_URI = process.env.MONGO_URI;
    await mongoose.connect(MONGO_URI, {
        useNewUrlParser: true,
    }).then(() => console.log("Mongo success")).catch(err => console.log(err));

    const User = require('./models/User');
    const Role = require('./_inc/role');
    const superUser = await User.findOne({ role: Role.Superuser });
    if (!superUser)
    {
        const readline = require('readline');
        const rl = readline.createInterface({
            input: process.stdin,
            output: process.stdout,
        });
        rl._writeToOutput = function(str)
        {
            if (rl.stdoutMuted)
            {
                rl.output.write('*');
            }
            else
            {
                rl.output.write(str);
            }
        }
        const prom = (str, muted = false) => new Promise(resolve => {
            rl.question(str, resolve);
            rl.stdoutMuted = muted;
        });
        const username = await prom('Username: ');
        const email    = await prom('Email: ');
        const password = await prom('Password: ', true);
        rl.history = rl.history.slice(1);
        rl.close();
        const newUser = new User({
            name: username,
            email, password,
            role: Role.Diosito,
            picture: '',
            method: {
                local: true,
            },
        });
        bcrypt.genSalt(10, (err, hash) => {
            if (err) throw err;
            newUser.password = hash;
            newUser
              .save()
               .catch(err => console.log({
                    error: 'se ocurrió un error por intentar crear al usario'
                }));
        });
    }
})();

Unfortunately at some point the password hash is cut short to the first 29 characters.
Here is the User schema:

const userModel = {
    name: {
        type: String,
    },
    email: {
        type: String,
        unique: true,
    },
    picture: {
        type: String,
    },
    password: {
        type: String,
    },
    role: {
       type: String,
       required: true,
    },
    banned: {
        type: Boolean,
        default: false,
    },
    method: {
        google: Boolean,
        local:  Boolean,
    },
};
const UserSchema = new Schema(userModel);

Any help is appreciated, thank you

2

Answers


  1. You need to call the bcrypt.hash method inside the bcrypt.genSalt callback

    bcrypt.genSalt(10, function(err, salt) {
        bcrypt.hash(password, salt, function(err, hash) {
            if (err) throw err;
                newUser.password = hash;
                newUser
                  .save()
                   .catch(err => console.log({
                        error: 'se ocurrió un error por intentar crear al usario'
                    }));
        });
    });
    
    Login or Signup to reply.
  2. The problem is that bcrypt.genSalt is only generating the salt value, not the hashed password, so that’s why the password is cut short. You also need to call bcrypt.hash(password, salt)

    bcrypt.genSalt(10, function(err, salt) {
      bcrypt.hash(password, salt, function(err, hash) {
        newUser.password = hash;
        newUser
          .save()
            .catch(err => console.log({
               error: 'se ocurrió un error por intentar crear al usario'
            }));
      });
    });
    

    You can read more about here https://heynode.com/blog/2020-04/salt-and-hash-passwords-bcrypt/

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search