I have to rebuild a project from Ruby on Rails to Node.js. Bcrypt was used to hash passwords in the Ruby project and I'm trying to rebuild the same hash so I can copy the hashed password and users can login with the same credentials on the node version.
This hash $2a$11$j2IA8cPRFFC4YOXTl5kb9eF02fwNdLyFAPOvflQ3h/QdX8mE1SNK2 is used for the password Test1234. I've checked the Ruby on Rails code and I saw the following function to hash a password
General info
COST = 11
SALT = 1234567890
Create hash
def password_hash(password)
pwd = "#{password}#{SALT}"
::BCrypt::Password.create(pwd, cost: COST)
end
Does passwords match?
def password_match?(password = nil)
password ||= @params[:password]
encrypted_password = get_encrypted_password
return false if !encrypted_password || encrypted_password.size < 8
pwd = "#{password}#{SALT}"
BCrypt::Password.new(encrypted_password) == pwd
end
def get_encrypted_password
return unless @account
@account.encrypted_password
end
As far as I know something about Ruby this means that in the password_match function, pwd would be Test12341234567890 and BCrypt::Password.new($2a$11$j2IA8cPRFFC4YOXTl5kb9eF02fwNdLyFAPOvflQ3h/QdX8mE1SNK2) checks if Test12341234567890 (pwd) matches the hash.
When I use an online Bcrypt verifier like https://bcrypt.online/ and enter the hash together with the pwd value I don't get a match.
I also tried to use the bcrypt.compare method in the Javascript package but this didn't work either.
What am I missing?
from Rebuild/Verify Ruby on Rails Bcrypt password hash in Javascript
No comments:
Post a Comment