User password hash cut short with MongoDB

KRussellSmith
April 17, 2022
246 views
0 votes
2 Answers

I am creating a MERN app, with routes restricted based on role authentication. So when the server starts it looks for a superuser after it connects to MongoDB, if it doesn’t find one then it prompts for the creation thereof:

(async () =>
{
    const MONGO_URI = process.env.MONGO_URI;
    await mongoose.connect(MONGO_URI, {
        useNewUrlParser: true,
    }).then(() => console.log("Mongo success")).catch(err => console.log(err));

    const User = require('./models/User');
    const Role = require('./_inc/role');
    const superUser = await User.findOne({ role: Role.Superuser });
    if (!superUser)
    {
        const readline = require('readline');
        const rl = readline.createInterface({
            input: process.stdin,
            output: process.stdout,
        });
        rl._writeToOutput = function(str)
        {
            if (rl.stdoutMuted)
            {
                rl.output.write('*');
            }
            else
            {
                rl.output.write(str);
            }
        }
        const prom = (str, muted = false) => new Promise(resolve => {
            rl.question(str, resolve);
            rl.stdoutMuted = muted;
        });
        const username = await prom('Username: ');
        const email    = await prom('Email: ');
        const password = await prom('Password: ', true);
        rl.history = rl.history.slice(1);
        rl.close();
        const newUser = new User({
            name: username,
            email, password,
            role: Role.Diosito,
            picture: '',
            method: {
                local: true,
            },
        });
        bcrypt.genSalt(10, (err, hash) => {
            if (err) throw err;
            newUser.password = hash;
            newUser
              .save()
               .catch(err => console.log({
                    error: 'se ocurrió un error por intentar crear al usario'
                }));
        });
    }
})();

Unfortunately at some point the password hash is cut short to the first 29 characters.
Here is the User schema:

const userModel = {
    name: {
        type: String,
    },
    email: {
        type: String,
        unique: true,
    },
    picture: {
        type: String,
    },
    password: {
        type: String,
    },
    role: {
       type: String,
       required: true,
    },
    banned: {
        type: Boolean,
        default: false,
    },
    method: {
        google: Boolean,
        local:  Boolean,
    },
};
const UserSchema = new Schema(userModel);

Any help is appreciated, thank you

Answers

- Pranavan
- April 17, 2022 at 8:13 pm
- 0 votes
0
You need to call the bcrypt.hash method inside the bcrypt.genSalt callback
```
bcrypt.genSalt(10, function(err, salt) {
    bcrypt.hash(password, salt, function(err, hash) {
        if (err) throw err;
            newUser.password = hash;
            newUser
              .save()
               .catch(err => console.log({
                    error: 'se ocurrió un error por intentar crear al usario'
                }));
    });
});
```
Login or Signup to reply.

- AndreiStoica
- April 17, 2022 at 8:13 pm
- 0 votes
0
The problem is that bcrypt.genSalt is only generating the salt value, not the hashed password, so that’s why the password is cut short. You also need to call bcrypt.hash(password, salt)
```
bcrypt.genSalt(10, function(err, salt) {
  bcrypt.hash(password, salt, function(err, hash) {
    newUser.password = hash;
    newUser
      .save()
        .catch(err => console.log({
           error: 'se ocurrió un error por intentar crear al usario'
        }));
  });
});
```
You can read more about here https://heynode.com/blog/2020-04/salt-and-hash-passwords-bcrypt/
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.