javascript - Bcrypt compare always returns false

Question

bcrypt.compare() always comes back false with this code in the user model. This is with bcrypt-nodejs.

User.pre('save', function (callback) {
  this.password = bcrypt.hashSync(this.password, bcrypt.genSaltSync(10))
  this.token = jwt.sign(this.email, process.env.JWT_SECRET)
  callback()
})

User.methods.verifyPassword = function ( password ) {
  const self = this

  return Q.Promise( (resolve, reject) => {
    bcrypt.compare( password, self.password, (error, isMatch) => {
      if (error) reject( new Error("Error checking user password."))
      resolve(isMatch)
    })
  })
}

I can see that a hash appears in the database. I can see the that right password comes into the verifyPassword function.

---

EDIT: The issue seems to be that .pre('save', ... occurs twice in a row. So the newly hashed password gets hashed again.

Answer 1

Here's a working version of your code. I am not sure what all is happening behind the scenes with your methods so I made that part up.

To prove it works add this to a file called index.js and run it with "node index.js".

It will output this:

We got a match! true or false? true

Here's the code.

var bcrypt = require('bcrypt');
var Q = require('Q');
var salt = bcrypt.genSaltSync(10);


process.env.JWT_SECRET = 'Much_Secretive,_Such_Obscure';

function SuperUser () {
  this.pre = function (password, callback) {
    this.password = bcrypt.hashSync(password, salt);
    callback.call(this, password);
  };
  this.methods = {};
}

var User = new SuperUser();

User.methods.verifyPassword = function ( password ) {
  const self = this;

  return Q.Promise( (resolve, reject) => {
    bcrypt.compare( password, self.password, (error, isMatch) => {
      if (error) reject( new Error("Error checking user password."));
      console.log("We got a match! true or false? " + isMatch);
      resolve(isMatch);
    });
  });
};

User.pre('save', function (password) {
  this.methods.verifyPassword.call(this,password);
});

Without seeing your full implementation it's hard to know for sure, but there is probably a reference to 'this' that is not the 'this' you would expect it to be.

I use function.call a couple times to get around that.