I’m trying to follow the “Automatic User Migration with Custom Database Connections” procedure. Our database is a PostgresSQL, the password was encrypted using python passlib.hash.bcrypt_sha256.encrypt function. How should I modify bcrypt.compare(password, user.password) line in the Login template?
Thanks in advance.
I’ve figured out this problem.
In case someone else has the same problem, here is the Js code to verify the password encrypted by passlib.hash.bcrypt_sha256.encrypt function:
// find salt and checksum from the sha256-encrypted password:
// example: password = 'password', the hashed password would be:
// $bcrypt-sha256$2a,12$LrmaIX5x4TRtAwEfwJZa1.$2ehnw6LvuIUTM0iz4iz9hTxv21B6KFO
var parts = user.password.split('$');
var variant = parts[2].split(',')[0]; // variant = ''2a'
var rounds = parts[2].split(',')[1]; // rounds = 12
var salt = parts[3]; // salt = 'LrmaIX5x4TRtAwEfwJZa1.'
var checksum = parts[4]; // checksum = '2ehnw6LvuIUTM0iz4iz9hTxv21B6KFO'
var pass256 = crypto.createHash('sha256').update(password).digest('base64');
// use the same salt to get the hash
var hash = bcrypt.hashSync(pass256, '$'+ variant + '$' + rounds + '$' + salt);
var newparts = hash.split('$');
// Find the new checksum from the hash
var checksum1 = newparts[3].substr(22,31);
// Compare the 2 checksums, they should match
if(checksum === checksum1) {
console.log('Valid Password');
}
else{
console.log('Invalid Password');
}
Thanks a lot for sharing it with the rest of community!
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.