Bcrypt + passport - /login not working

I’m building an auth structure for my web app - I’m testing it out on a clone of https://github.com/passport/express-4.x-local-example
If you want to try running it yourself, you can get my edits at https://github.com/CarlyRaeJepsenStan/abc-bcrypt

To save you the hassle of cloning the whole repo, these are the lines in question:

passport.use(
  new Strategy((username, password, done) => {
    db.users.findByUsername({ username: username }, (err, user) => {
      if (err) {
        return done(err);
      }
      if (!user) {
        return done(null, false);
      }

      bcrypt.compare(password, user.password, (err, result) => {
        if (err) {
          return done(null, false);
        }

        return done(null, user);
      });
      //col.findOne() consumes two arguments: an object query and then a callback function
    });
  })
);

specifically

      bcrypt.compare(password, user.password, (err, result) => {
        if (err) {
          return done(null, false);
        }

When I run the app, and go to /login and enter “jack” and “password”, nothing happens. The encrypted password is exposed in ./db/users.js - I compared them with the same function and it returned true. What am I missing?

bump - If anyone has experience with authentication with bcrypt, passport and mongodb, please take a look!

Can you try to explain what’s wrong a bit clearer?

Ok, the original app functions like this -
the Passport.use function starts a strategy that the browser checks when passport is used to compare the given username and password and stored username and password.

It also has these passport.serialize and deserialize functions - I’m not quite sure what that does. Anyway, because I wanted to encrypt the stored passwords, I replaced the
if user.password != password line with a bcrypt compare function that returns an error.

Hopefully this helps…

@CarlyRaeJepsenStan
This is my bcrypt compare code for passport

bcrypt.compare(password, user.password, (err, isMatch) => {
                        if (err) throw err;

                        if (isMatch) {
                            return done(null, user);
                        } else {
                            return done(null, false, { message: "Wrong password" });
                        }
                    }); 

Let me know if it works for you! :slight_smile:

1 Like

Ok thanks! I’ll try putting the callback function inside the compare.

While the code looks right, the login system is still failing - it just redirects to /login. How can I debug it? I tried putting console.log in the use Strategy() function, but they don’t do anything.

@CarlyRaeJepsenStan
I use

passport.use(
    new LocalStrategy({ usernameField: "email" }, (email, password, done) => {
        // Match User
        User.findOne({ email: email })
            .then(user => {
                // Create new User
                if (!user) {
                    return done(null, false, { message: "No such user" });
                    // Return other user
                } else {
                    // Match password
                    bcrypt.compare(password, user.password, (err, isMatch) => {
                        if (err) throw err;

                        if (isMatch) {
                            return done(null, user);
                        } else {
                            return done(null, false, { message: "Wrong password" });
                        }
                    });
                }
            })
            .catch(err => {
                return done(null, false, { message: err });
            });
    })
);
1 Like

Hmmm, ok - I’ll be reading the docs and looking at it this snippet. Thanks for trying to help!