DiegoUreno
Bcrypt elixir can´t verify the password if this was hashed in Yii2
I’m trying to migrate an old sistem that was made in the Php framework Yii2 to Phoenix, it has a long database of users registered, so i need to migrate the data user like the username and the password, and there it is the problem, the password from the old sistem is already hashed using Bcrypt from a function of Yii2, I’ve tried to test the login inserting a test user with his username and an yii2 hashed password in the new sistem database, but I can’t login in the new sistem and here it is the funny/strange thing:
The Bcrypt function throw me False, that’s why I can’t log in, but if I check in some other place if the password and the hash match the result is this:
Everywhere I check the password, it matches.
Even if I put a hashed password from phoenix in the old sistem and try to login, it works!
I got to say that im using “mix phx.gen.auth Accounts User users”
Yii2 hashing password code:
public function actionSignup()
{
$model = new User();
if ($model->load(Yii::$app->request->post())) {
if ($model->validate()) {
$login = new LoginForm();
$login->password = $model->password;
$login->username = $model->username;
$model->username = strtoupper($model->username);
$model->password = Yii::$app->getSecurity()->generatePasswordHash($model->password);
if($model->save() && $login->login()){
return $this->redirect(['login']);
}
}
}
return $this->render('signup', [
'model' => $model,
]);
}
Phoenix password validation code:
def valid_password?(%Convocatorias.Accounts.User{hashed_password: hashed_password}, password)
when is_binary(hashed_password) and byte_size(password) > 0 do
Bcrypt.verify_pass(password, hashed_password)
end
def valid_password?(_, _) do
Bcrypt.no_user_verify()
false
end
@doc """
Validates the current password otherwise adds an error to the changeset.
"""
def validate_current_password(changeset, password) do
if valid_password?(changeset.data, password) do
changeset
else
add_error(changeset, :current_password, "is not valid")
end
end
Marked As Solved
t0t0
Hi,
as stated in its documentation, bcrypt_elixir does not support “$2y$” prefixed hashes:
The
$2y$prefix is not supported. For advice on how to use hashes with the$2y$prefix, see this issue.
But replacing “$2y$” by “$2b$” should work (you can easily use pattern matching to rewrite it with an intermediate function as shown in the issue above, which should be safer than running a bulk UPDATE of user hashes)
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance











