bcrypt doesn't support $2b$ prefix

[anthonmanix]

I have an existing user table with bcrypt hashed passwords. When I try auth.atempt I get an error incompatible 2b identifier found in the hash. I tried comparing with the bcrypt package directly and it validates.

I saw you have this issue open at @phc/bcrypt. Maybe it's related?

Package version

"@adonisjs/auth": "^4.1.4",
"@adonisjs/core": "^5.0.0-preview-rc-1.5",

Node.js and npm version

node v14.0.0
npm 6.14.4

Sample Code (to reproduce the issue)

auth.atempt(email, password)

[thetutlage]

Does it mean, you want to verify the password hashed by another library using the Hash module of AdonisJS?

We use PHC String formatting and hence password must be hashed in the same format

[anthonmanix]

I guess. I was using bcrypt directly before. I forgo the attempt method and use login, but it doesn't feel clean to have a separate bycript import.

Maybe there could be a flag for checking other formats, while using PHC for new users?

[thetutlage]

Were you using the Adonis hash module earlier or is it a seperate project that you are planning to migrate over to AdonisJS?

[anthonmanix]

A separate project I want to migrate to adonis. I really like the framework and docs. Good job. And thank you for the quick replies.

[anthonmanix]

I checked my Adonis 4 project and the passwords there have $2a$ prefix. Maybe there could be an issue when migrating from 4 to 5 also.

[thetutlage]

Yeah, we will have a migration process for migration v4 passwords. But, I don't think, an option for all sort of migration can be supported. For example: Someone may have an app that is using a different algorithm all together.

What you can do instead is setup your own driver. Here is a gist showing how to do it https://gist.github.com/thetutlage/cf32e18d66408fd96fc8b7d3591c7a1a

• You create a new file start/hashDriver.ts and define your driver inside it and then register the driver using Hash.extend method.
• Next register this file inside .adonisrc.json under preloads array. So that AdonisJS loads it automatically for you.
• The above steps takes care of runtime, but we need to satisfy Typescript compiler as well. So open contracts/auth.ts file and replace its contents from the one inside the gist.
• Finally, open the config/hash.ts and now define the config for your driver.

Once done, you can test your driver as follows

import Route from '@ioc:Adonis/Core/Route'
import Hash from '@ioc:Adonis/Core/Hash'

Route.get('/', async () => {
  return Hash.use('custom').hash('hello world')
})

[thetutlage]

Closing since not actionable

[omidamraei]

@thetutlage Where can I find any guides about migrating passwords from Adonis v4 to v5?

[danegigi]

I'm creating a new system that is linked to an old database that was used by an old webiste built on laravel 5.8. The hashed password starts with $2y and $2a and when I try to login using bcrypt I'm getting Incompatible 2a identifier found in the hash or Incompatible 2y identifyer found in the hash. Is there a way for Adonis 5 to authenticate user using the password saved in the database?

[thetutlage]

Just create a custom driver for the same. Here are the docs for the same https://docs.adonisjs.com/guides/security/hashing#adding-a-custom-driver