Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/bcrypt comparing hash with string password always return error #43393

Closed
itzmanish opened this issue Dec 27, 2020 · 1 comment
Closed

x/crypto/bcrypt comparing hash with string password always return error #43393

itzmanish opened this issue Dec 27, 2020 · 1 comment
Labels
FrozenDueToAge
Milestone
Unreleased

Comments

@itzmanish
Copy link

itzmanish commented Dec 27, 2020
edited

What version of Go are you using (go version)?

$ go version
go version go1.15.3 linux/amd64

Does this issue reproduce with the latest release?

What operating system and processor architecture are you using (go env)?

go env Output
$ go env
GO111MODULE="on"
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/manish/.cache/go-build"
GOENV="/home/manish/.config/go/env"
GOEXE=""
GOFLAGS=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOINSECURE=""
GOMODCACHE="/home/manish/go/pkg/mod"
GOOS="linux"
GOPATH="/home/manish/go"
GOPROXY="https://proxy.golang.org,direct"
GOROOT="/usr/local/go"
GOSUMDB="sum.golang.org"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
AR="ar"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
GOMOD=""
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build480999861=/tmp/go-build -gno-record-gcc-switches"

What did you do?

Hashing password and storing it in postgresql DB

hashedByte, err := bcrypt.GenerateFromPassword([]byte(user.Password), 14)
if err != nil {
	return errors.InternalServerError("UNKNOWN", fmt.Sprintf("Error during password hashing %v", err))
}
user.Password = string(hashedByte)
u, err := h.db.CreateUser(user)
if err != nil {
	return err
}
log.Info(u)

DB modal

// User defines modal for user
type User struct {
	UUID              uuid.UUID `json:"uuid" gorm:"primary_key; unique; type:uuid; default:uuid_generate_v4()"`
	Name              string    `json:"name" gorm:"type:varchar(100)"`
	Email             string    `json:"email" gorm:"type:varchar(100)"`
	Password          string    `json:"password" gorm:"type:varchar(200)"`
	Gender            string    `json:"gender"`
	DoB               string    `json:"dob" gorm:"type:varchar(100)"`
	ProfilePictureURL url.URL   `json:"profile_picture"`
	Spaces            []Space   `json:"spaces" gorm:"foreignKey:UserID; constraint:OnDelete:CASCADE;"`
	Flag              string    `json:"flag" gorm:"type:varchar(50)"`
	EmailVerified     bool      `json:"email_verified" gorm:"type:boolean;DEFAULT=FALSE"`
	Issuer            string    `json:"issuer"`
	Metadata          string    `json:"metadata"`
	CreatedAt         time.Time
	UpdatedAt         time.Time
	LastLogin         time.Time
}

verify User method

u, err := h.db.FindUser(store.User{Email: req.Email})
log.Info(u, err)
if err != nil {
	fmt.Println(err)
}
err = bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(req.Password))
if err != nil {
	fmt.Println(err)
}

What did you expect to see?

nil

What did you see instead?

"crypto/bcrypt: hashedPassword is not the hash of the given password"

example hashed string $2a$14$W2ZIn/a17IRXZ0MHwYbAe.yzJFQC2omQzfPL/p0Oejd5uZ6/RMbAW
example string of hashed string password

I spent my whole day trying to fix this. Even rebooted my system.
There is one thing if I generate hash and compare after that in one file within main function It works without error but above I am creating user with hashed password and saving it to remote postgresql db. Then I call for login and verify hash after retrieving user from db then It gives me error.

Thought there maybe problem with bcrypt and used argon2 but Argon2 gave me same result as it was for bcrypt.

I need serious help please.
@gopherbot gopherbot added this to the Unreleased milestone Dec 27, 2020
@mvdan
Copy link
Member

mvdan commented Dec 27, 2020

The Go project doesn't use the issue tracker for questions. See https://golang.org/wiki/Questions.

@mvdan mvdan closed this as completed Dec 27, 2020
@golang golang locked and limited conversation to collaborators Dec 27, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
3 participants
@mvdan @gopherbot @itzmanish