CakePHP 2.4 Login Failing using bcrypt

Question

I'm trying to implement a login system using bcrypt. I have this code on the beforeSave() method of the User's model:

public function beforeSave($options = array()) {



    if (!$this->id && !isset($this->data[$this->alias][$this->primaryKey])) { // insert
        /*Hash the password*/
        $this->data['User']['password'] = Security::hash($this->data[$this->alias]['password'], 'blowfish');

        /*Set the username the same as the email*/
        $this->data['User']['username'] = $this->data['User']['email'];

    }
    parent::beforeSave($options);
}

This code successfully hashes the password before storing it in the DB.

For the login procedure, I have this form in the view:

echo $this->Form->create('User', array('action' => 'login'));

    echo $this->Form->input('username', array(
        'class' => 'login-input',
        'placeholder' => $input_username_default_text,
        'id' => 'username',
        'label' => false,
        'div' => false,
        'type' => 'text'
    ));
    echo $this->Form->input('password', array(
        'class' => 'login-input',
        'placeholder' => $input_password_default_text,
        'id' => 'password',
        'label' => false,
        'div' => false,
        'type' => 'text'
    ));
    echo $this->Form->submit(__('SIGN IN'), array(
        'class' => 'login-input',
        'type' => 'submit'
    ));

... And then in the UsersController login() method:

public function login() {
    $this->set('body_class', 'login-page');
    if ($this->request->is('post')) {
        if ($this->Auth->login()) { //Always fails...

            debug('HELLO '.$this->session->read('Auth.User'));
        } else {

        }
    }
}

My AppController.php

class AppController extends Controller {

public $components = array(
    'Auth' => array(
        'authenticate' => array(
            'Form' => array(
                'passwordHasher' => 'Blowfish'
            )
        )
    )
);

}

The login, using this code, always fails. Any guess on what I'm doing wrong?

EDIT 1:

Ok, I've been digging in the framework trying to understand where the procedure is failing. And in this method:

// class BlowfishPasswordHasher
public function check($password, $hashedPassword) {
        return $hashedPassword === Security::hash($password, 'blowfish', $hashedPassword);
    }

... the $hashedPassword (what is stored in the DB) is different from what is being returned from Security::hash($password, 'blowfish', $hashedPassword). So basically the login is failing here. However I have no idea of why this is happening.

in my debugging this results were retrieved:

$hashedPassword - $2a$10$f39m7NJBx3fIBrqq/9TZEueNJICJiO1dq1LZKlneF7Y (Matches what is stored in the password column of the users table)

result of the Security::hash() method: $2a$10$f39m7NJBx3fIBrqq/9TZEueNJICJiO1dq1LZKlneF7Ykvm35emcPm

If you notice they are the same except that the result of the method has 10 extra chars.

Answer 1

If you notice they are the same except that the result of the method has 10 extra chars.

Sounds like you didn't set your password field length in db long enough to store the full hash.