1

I create a user on the login page and hash this password with Argon2 but when I compare it, it does not match the password. The hashed password is shown in the database and I can also see the plain text. When I compare the two, it returns false. I have been trying for a day. I was using normal bcryptjs but when it did not work, I switched to argon2. I guess I was making the same mistake in both

exports.register = async (req, res) => {
  try {
    const { fullname, username, email, password } = req.body;
    const existingUser = await User.findOne({ email });
    if (existingUser)
      return res.status(400).json({ message: "User already exists!" });
    const trimmedPassword = password.trim();
    const hashedPassword = await argon2.hash(trimmedPassword);
    const newUser = new User({
      fullname,
      username,
      email,
      password: hashedPassword,
    });
    await newUser.save();
    console.log(newUser);
    res
      .status(201)
      .json({ message: "User created successfully. Welcome to InkSpace..." });
  } catch (error) {
    res.status(500).json({ message: "Error creating user", error });
  }
};
exports.login = async (req, res) => {
  try {
    const { email, password } = req.body;
    const plainPassword = password.trim();
    console.log("plain password",plainPassword);
    const user = await User.findOne({ email });
    const hashPassword = user.password;
    console.log(user);
    if (!user) {
      return res.status(400).json({ message: "Invalid email or password" });
    }
    console.log(hashPassword);
    const isMatch = await argon2.verify(hashPassword, plainPassword);
    console.log(isMatch)
    if (isMatch) {
      req.session.user = {
        userId: user._id,
        username: user.username,
      };
      console.log("Session data after login:", req.session.user);
      return res.status(200).json({ message: "Login successful" });
    } else {
      console.log("did not match")
      return res.status(400).json({ message: "Invalid email or password" });
    }
  } catch (error) {
    console.log("verify argon2 ", error);
    res.status(500).json({ message: "Error logging in", error });
  }
};
Improve this question
2
  • 1
    I see no fundamental problem with the way the passwords are handled that could explain this. user.password occurs before if (!user), but if this were a problem, the error would reflect this. The question needs stackoverflow.com/help/mcve . You need to narrow it down to specific constant strings which you can verify to be === equal and the way they work with argon2 or other method, currently this can be done on your side Commented Mar 22 at 12:29
  • Do you have any post or pre hooks in your Schema? Please share your User Schema. Commented Mar 22 at 14:18
Related questions
3269
event.preventDefault() vs. return false
0
Node request shows jwt token in console log but can't set in cookie
1310
Format number to always show 2 decimal places
Load 2 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.