Elixir's comeonin does not seem to be checking hashes correctly

Question

So I recently decided I wanted to learn Elixir for the new year, and have been going through the Phoenix framework's book on how web development works in Elixir.

So far I am really enjoying it, and am already starting to love the language. I've come across a few issues with the Come-on-in package though.

One was compiling it, which is fine. But I am wondering if it is causing problems, the issue is I am having trouble figuring out how to debug this issue.

defmodule Rumbl.Auth do
  import Plug.Conn

  def init(opts) do
    Keyword.fetch!(opts, :repo)
  end

  def call(conn, repo) do
    user_id = get_session(conn, :user_id)
    user    = user_id && repo.get(Rumbl.User, user_id)
    assign(conn, :current_user, user)
  end

  def login(conn, user) do
    conn
    |> assign(:current_user, user)
    |> put_session(:user_id, user.id)
    |> configure_session(renew: true)
  end

  def logout(conn) do
    configure_session(conn, drop: true)
  end

  import Comeonin.Bcrypt, only: [checkpw: 2, dummy_checkpw: 0]

  def login_by_username_and_pass(conn, username, given_pass, opts) do
    repo = Keyword.fetch!(opts, :repo)
    user = repo.get_by(Rumbl.User, username: username)

    cond do
      user && checkpw(given_pass, user.password_hash) ->
        {:ok, login(conn, user)}
      user ->
        {:error, :unauthorized, conn}
      true ->
        dummy_checkpw()
        {:error, :not_found, conn}
    end
  end
end

That is the code, and everything is compiling and I can see it's being sent through correctly. But for some reason the password is never being resolved. I made another user with the password "password" and even did something like this:

checkpw("password", "$2b$12$aa4dos3r4YwX7HKgj.JiL.bEzg42QjxBvWwm5M")

Just to see if it was how I was passing the information, obviously that is the hash in my database, and that also does not work. I am at a loss to what I am doing wrong, or since this is my first time using Bcrypt and am not 100% sure how the salting works if it's how I am using the library itself.

I am hashing the passwords with this:

defp put_pass_hash(changeset) do
    case changeset do
      %Ecto.Changeset{valid?: true, changes: %{password: pass}} ->
        put_change(changeset, :password_hash, Comeonin.Bcrypt.hashpwsalt(pass))
      _ ->
        changeset
    end
  end

I've looked over everything I can think of, and it all looks correct, but for some reason Comeonin is not comparing the passwords correctly. Any help would be much appreciated, thanks!

Answer 1

The issue I was having was not anything to do with Elixir or the Comeonin library!

I had only allowed a Varchar of 45 for my passwords, and it was truncating the response. I am just going to leave this here in case anyone does something as silly as this in the future!