DiegoUreno

DiegoUreno

Bcrypt elixir can´t verify the password if this was hashed in Yii2

I’m trying to migrate an old sistem that was made in the Php framework Yii2 to Phoenix, it has a long database of users registered, so i need to migrate the data user like the username and the password, and there it is the problem, the password from the old sistem is already hashed using Bcrypt from a function of Yii2, I’ve tried to test the login inserting a test user with his username and an yii2 hashed password in the new sistem database, but I can’t login in the new sistem and here it is the funny/strange thing:


The Bcrypt function throw me False, that’s why I can’t log in, but if I check in some other place if the password and the hash match the result is this:

Everywhere I check the password, it matches.
Even if I put a hashed password from phoenix in the old sistem and try to login, it works!

I got to say that im using “mix phx.gen.auth Accounts User users”

Yii2 hashing password code:

public function actionSignup()
        {
            $model = new User();
            if ($model->load(Yii::$app->request->post())) {
                if ($model->validate()) {
                    $login = new LoginForm();
                    $login->password = $model->password;
                    $login->username = $model->username;
                    $model->username = strtoupper($model->username);
                    $model->password = Yii::$app->getSecurity()->generatePasswordHash($model->password);

                    if($model->save() && $login->login()){
                        return $this->redirect(['login']);
                    }
                }
            }

            return $this->render('signup', [
                'model' => $model,
            ]);
        }

Phoenix password validation code:

def valid_password?(%Convocatorias.Accounts.User{hashed_password: hashed_password}, password)
      when is_binary(hashed_password) and byte_size(password) > 0 do
        Bcrypt.verify_pass(password, hashed_password)
  end

  def valid_password?(_, _) do
    Bcrypt.no_user_verify()
    false
  end

  @doc """
  Validates the current password otherwise adds an error to the changeset.
  """
  def validate_current_password(changeset, password) do
    if valid_password?(changeset.data, password) do
      changeset
    else
      add_error(changeset, :current_password, "is not valid")
    end
  end

Marked As Solved

t0t0

t0t0

Hi,

as stated in its documentation, bcrypt_elixir does not support “$2y$” prefixed hashes:

The $2y$ prefix is not supported. For advice on how to use hashes with the $2y$ prefix, see this issue.

But replacing “$2y$” by “$2b$” should work (you can easily use pattern matching to rewrite it with an intermediate function as shown in the issue above, which should be safer than running a bulk UPDATE of user hashes)

Where Next?

Popular in Questions Top

chokchit
** (DBConnection.ConnectionError) connection not available and request was dropped from queue after 2733ms. You can configure how long re...
New
nobody
How to bind a phoenix app to a specific ip address? could not find anything about that, nowhere, unfortunately, but for me this is quite...
New
WestKeys
Currently suffering from paralysis by [HTTP client] analysis. This is rather unusual in Elixirland as there tends to be consensus on the ...
New
marius95
Hello everyone, I try to use an Javascript Event Handler in my root.html.leex file. Therefore I created a function in the app.js file: ...
New
stefanchrobot
What’s the safe way to decode a JSON string into a struct? I want to avoid calling String.to_atom. Jason.decode can give me a map with st...
New
Emily
I have VueJS GUIs with the project generated using Webpack. I have Elixir modules that will need to be used by the VueJS GUIs. I forese...
New
RisingFromAshes
I’ve read in another post that it may be possible with a router helper - but I couldn’t find an appropriate one, and tbh, I’m still just ...
New
script
If I have a string “1000 cfu/ml” . I want to remove the characters and / and space . So the string is like this "1000" What is the ...
New
yawaramin
In the Dialyzer docs ( dialyzer — OTP 29.0.2 (dialyzer 6.0.1) ), there is a way to turn off a specific warning for a function: -dialyzer...
New
vegabook
I’m brand new to Phoenix and I have stripped one of the demo applications to the bone. I just want to get an svg up on the screen. Here i...
New

Other popular topics Top

senggen
Erlang/OTP 25 [erts-13.2.2] [source] [64-bit] [smp:8:8] [ds:8:8:10] [async-threads:1] 15:22:35.803 [error] gen_event {lager_file_backend...
New
minhajuddin
I have seen a lot of code which picks the first element from a list using Enum.at(0) instead of List.first. Is there a reason why people ...
New
freewebwithme
Using vs code and installed ElixirLS: support and debugger. And I got an error popped up on start up says Failed to run ‘elixir’ comma...
New
aesmail
Hello guys, I have finally made it. I created an admin interface for a framework. It’s been on my todo list for years and with the curre...
New
alice
Hey, Just curious what are the main benefits of Elixir compared to Clojure? When is Elixir more useful than Clojure and vice versa? Th...
New
ashish173
I am using Ecto timestamps with postgres, I can see the timestamps() use the :naive_dateime but for my use case I wanted to store the ti...
New
rms.mrcs
Hi, I need to transform a list of numbers into a map where the keys are the indexes and the values are the original values of the list. ...
New
komlanvi
Hi everyone, I was playing with phoenix liveView but I run into an issue. I have a form and want to validate each input text when the te...
New
PeterCarter
There are pre-rolled solutions for other frameworks that do work. However, Phoenix does not seem to have these. Have people had good expe...
New
svb
Hi! Currently I want to submit a form by pressing the Enter key. However, since my input field is of type “textarea” this is just adds a...
New

Latest on Elixir Forum

Elixir Forum

We're in Beta

About us Mission Statement