crypto/bcrypt: hashedPassword不是给定密码的哈希值。

huangapple go评论105阅读模式
英文:

crypto/bcrypt: hashedPassword is not the hash of the given password

问题

我加密用户的密码并保存到数据库中。然后在用户登录时,我比较哈希密码和明文密码,但是我得到了crypto/bcrypt: hashedPassword is not the hash of the given password错误。有什么问题吗?

func encryptPassword(password string) (string, error) {
    bytePass := []byte(password)
    hashedPassword, err := bcrypt.GenerateFromPassword(bytePass, bcrypt.DefaultCost)
    if err != nil {
        log.Printf("ERROR:EncryptPassword: %s", err.Error())
    }
    return string(hashedPassword), err
}

func (i *Impl) Register(user User) bool {
    hashedPass, err := encryptPassword(user.Password)
    if err != nil {
        return false
    }
    
    user.Password = hashedPass

    if err := i.DB.Create(&user).Error; err != nil {
        log.Printf("ERROR:Register: %s", err.Error())
        return false
    }
    return true
}

func (i *Impl) Login(email string, password string) (User, error) {
    var user User
    i.DB.Where("email = ?", email).First(&user)   

    err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))
    if err != nil {
        log.Printf("ERROR:Login: %s", err.Error())
        return User{}, err
    }

    return user, err
}

这段代码看起来没有明显的错误。可能的问题是在注册时密码没有正确加密,或者在登录时密码没有正确比较。你可以检查一下这两个函数的调用是否正确,并确保密码在传递过程中没有被修改。另外,你还可以尝试打印出密码的哈希值,以便进一步调试。

英文:

I encrypt user's password and save to db. Then to user login, compare hashed password and plain password, I'm getting crypto/bcrypt: hashedPassword is not the hash of the given password error. Whats wrong ?

func encryptPassword(password string) (string, error) {
	bytePass := []byte(password)
	hashedPassword, err := bcrypt.GenerateFromPassword(bytePass, bcrypt.DefaultCost)
	if err != nil {
		log.Printf("ERROR:EncryptPassword: %s", err.Error())
	}
	return string(hashedPassword), err
}

func (i *Impl) Register(user User) bool {
	hashedPass, err := encryptPassword(user.Password)
	if err != nil {
		return false
	}
	
	user.Password = hashedPass

	if err := i.DB.Create(&user).Error; err != nil {
		log.Printf("ERROR:Register: %s", err.Error())
		return false
	}
	return true
}

func (i *Impl) Login(email string, password string) (User, error) {
	var user User
	i.DB.Where("email = ?", email).First(&user)   

	err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))
	if err != nil {
		log.Printf("ERROR:Login: %s", err.Error())
		return User{}, err
	}

	return user, err
}

答案1

得分: 9

我打赌你的 user.Password 在你传递给 encryptPassword 函数之前是空的,这导致了对空密码进行哈希处理,就像你提供的那个 ($2a$10$rqHJJTHsxMbtX/5ZjG1mFuWyYbUDW1PLbfwQRN0uChwes38c/0m3e)。

英文:

My bet is that user.Password is empty in your Register function before you pass it to encryptPassword thus leading to hashes on empty passwords like the one you provided ($2a$10$rqHJJTHsxMbtX/5ZjG1mFuWyYbUDW1PLbfwQRN0uChwes38c/0m3e).

答案2

得分: 3

我无法区分哪个是哪个,但在你的比较函数中,请确保变量放置正确。

bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))
           必须是已经哈希过的密码 ^              ^ 要比较的明文密码

同时确保你确实有要哈希的内容,你可能得到一个空密码,但没有意识到,因为哈希后看起来仍然是完整的。

英文:

I cannot tell which is which, but in your compare function, ensure that you have the variables in the right place.

bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))
           Must be the already hashed PW ^              ^ Plain Text Password to compare

Also ensure you're actually getting something to hash, you could be getting a blank password but not realizing it because the hash will still look full.

答案3

得分: 1

我的错误是认为它比较了两个bcrypt哈希密码,而不是一个哈希密码和你的未加密密码转换为二进制的结果 - 希望这对某个人有所帮助!

英文:

My mistake was thinking that it compared two bcrypt hashedpasswords, rather than a hashedpassword and your unencrypted password converted to binary -- hope that helps someone out there!

huangapple
  • 本文由 发表于 2016年2月22日 22:32:03
  • 转载请务必保留本文链接:https://go.coder-hub.com/35556253.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定