CODEWITHSUNDEEP
node.jslaravelhashbcrypt
Bruno Albuquerque
Bruno Albuquerque

Reputation: 687

NODE.JS - How to check a Laravel hashed password with bcrypt?

I'm developing a Node.js application that needs to log in using the same database information from a Laravel aplication.

I've read about BCrypt and trying to use it to make a comparison of the hashed password it generates with the Laravel one stored in the database.

So, by the documentation of BCrypt, I need to do something like that:

var salt = bcrypt.genSaltSync(saltRounds);
var hash = bcrypt.hashSync(myPlaintextPassword, salt);

But I have no idead on how to use the exact same salt from Laravel to hash my password. I need to use the APP_KEY to do this?

Upvotes: 7

Views: 7365

Answers (2)

Bruno Albuquerque
Bruno Albuquerque

Reputation: 687

I fond the answer here. It's way easier than I thought.

var hash = '$2y$08$9TTThrthZhTOcoHELRjuN.3mJd2iKYIeNlV/CYJUWWRnDfRRw6fD2';
var bcrypt = require('bcrypt');
hash = hash.replace(/^\$2y(.+)$/i, '$2a$1');
bcrypt.compare("secret", hash, function(err, res) {
    console.log(res);
});

Upvotes: 24

EMX
EMX

Reputation: 6211

To my understanding, the salt is stored as part of the hash.

So why not just compare a plain text against the stored hash.

Try the following (from bcrypt docs) :

bcrypt.compare(myPlaintextPassword, hash, function(err, res) {
    // res == true
});

hash would be the users password hash value in the Laravel database.

for example :

var pass_hash = '$2y$12$Z3Dk1YAzNsdXxq8EKNQxluqGglI6dvncfJxDj0mZHh7zceX2XoX/W'
var pass_string = '1234'
bcrypt.compare(pass_string, pass_hash,(err,valid)=>{
 if(valid){console.log("valid password match")}
 else{console.log("wrong credentials")}
});

Upvotes: 2

Related Questions