Bulk Import tool with hashed password

AmyP · July 10, 2019, 7:21pm

Hello,
I am trying to import users using webtask - auth0-user-import-export/import which accepts json file.
below is json i am uploading:

[
	{
	"email":"ap53@test.com",
	"password_hash":"$2y$10$sD5PHl4o5.UcTRT2X11kUuV3GIKrgdaY7nQ8n0uf3GgR8MdBe/PYa",
	"email_verified":true,
	"user_metadata":
		{"first_name":"fname53","last_name":"lname53"},
	"upsert":true
	}
]

but it gives error like

Unable to import user "ap53@test.com":
            	Error in passwordHash property - String does not match pattern ^\$2[ab].........

when i generated hash using below script it says “Password is valid” using bcrypt algo.

$options = [
    'cost' => 10,
];

$hash=password_hash("ABC123", PASSWORD_BCRYPT, $options);
echo $hash;

Without “password_hash” script works fine.

please guide in this how can i make it work.
Thank you in advance!

jmangelo · July 12, 2019, 10:37am

Your hashes have a $2y prefix which suggest they originate from the crypt_blowfish (PHP) implementation which is the one I believe that uses those prefixes in order to distinguish between hashes generated by a previous version of the same implementation which had a bug. (see php - Where 2x prefix are used in BCrypt? - Stack Overflow)

It should be doable for you to just replace $2y with $2a and try again; this should meet the format requirement and still allow to verify the passwords correctly.

AmyP · July 15, 2019, 11:45am

Thank you sou much
this prefix update works fine.

system · July 30, 2019, 11:45am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.