Problem statement
I am doing migration tests from an LDAP database to Auth0 and after I import users I try to test the account in my database it gives me the error that the password is incorrect. Here is an example of a test user profile:
{
"family_name": "John",
"given_name": "Doe",
"name": "John Doe",
"email_verified": true,
"email": "john@example.com",
"custom_password_hash": {
"algorithm": "ldap",
"hash": {
"encoding":"utf8",
"value": "{SSHA512}fTX2qFJr2HonObKe3Upycji16KHQCx9E1AC3rkhKN6pXC7F29dWU2x3Z9OALxrzqWEfB+R229k5boY5cKjt9YDTnP4uIzLaQ"
}
}
}
Solution
The following script outputs the correct SHA512 password hash. You can use it to test the passwords and debug:
const crypto = require('crypto')
const password = '12345'
const digestMethod = 'sha512'
const run = async () => {
const rawHash = crypto.createHash(digestMethod)
.update(Buffer.from(password))
.digest()
const hash = rawHash.toString('base64')
console.log(`{SHA512}${hash}`)
}
run()
Result:
“{SHA512}NieQminDE4Ggcewn98nKl3Jhgq7Smn3dLlQ1MyLPswq7njpt8qwsIP4jQ2MR1nhWTQyNMFkwV19g4tPQSBhNeQ==”
If you have the salt, this is the updated script to obtain an SSHA hash:
const crypto = require('crypto')
const password = '12345'
const salt = 'keyboardcat'
const digestMethod = 'sha512'
const run = async () => {
const saltBuf = Buffer.from(salt)
const rawHash = crypto.createHash(digestMethod)
.update(Buffer.from(password))
.update(saltBuf)
.digest()
const hash = Buffer.concat([rawHash, saltBuf]).toString('base64')
console.log(`{SSHA512}${hash}`)
}
run()
Result:
“{SSHA512}/QjFCr4JlH6s9UZ7ptgtbdhBVDq2hv9bcS5yxbckt4XHcd8q2Fbi8EN/fOXRDgT9EtWt91RfGoz/2uxUe/ZEKGtleWJvYXJkY2F0”