Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

firebase auth:import do not use the right password

See original GitHub issue

firebase auth:import appear to be broken?

With MD5:

firebase auth:import users.json --hash-algo=MD5 --rounds=0

{  
   "users":[  
      {  
         "localId":"uid1",
         "email":"fedtest@gmail.com",
         "emailVerified":true,
         "displayName":"Test Foo Bar",
         "passwordHash":"NzJkNGE1YTViNjA1YzUzYWUxYWM0NzhkOWE0OTc3ZDc=",
         "salt":null
      }
   ]
}

This works fine.

But, with SHA1, SHA256, etc.:

firebase auth:import users.json --hash-algo=SHA1 --rounds=0

{  
   "users":[  
      {  
         "localId":"uid1",
         "email":"fedtest@gmail.com",
         "emailVerified":true,
         "displayName":"Test Foo Bar",
         "passwordHash":"NDM3MDkxZjMxYmY1OTgwOWJkMzRjZDBjYzVlNGM3ZGE2ODIwZmU3Nw==",
         "salt":null
      }
   ]
}

this don’t allow me to login with the password that I choosed. The account is created, but I cannot login. On login I get error is:

Error: The password is invalid or the user does not have a password.

The plain password for those tests of mine is: tester5. I tried with both the latest version of firebase-tools ( 7.2.4 ), and the previous major version as well - same behaviour. Am I missing something?

Issue Analytics

State:
Created 4 years ago
Reactions:1
Comments:8 (4 by maintainers)

Top GitHub Comments

4reactions

wiessoncommented, Aug 21, 2020

@cfofiu - you have to specify the hash-key of your old project while importing

firebase auth:import account_file --project=<NEW_PROJECT_ID> --hash-algo=scrypt --hash-key=<LONG_HASH_KEY_HERE> --salt-separator=Bw== --rounds=8 --mem-cost=14

The hash key is located in Authentication -> Users Table -> three dots menu on the upper right

1reaction

rcoppinger-tboxcommented, Oct 22, 2019

Hi @samtstern ,

I was hoping to get a bit of direction for a problem we’re having with the import users method. Our application has ± 2,000 weekly active users and we’re moving to firebase from our legacy system, which uses PHP SHA1 password hashing with rounds 0 to encrypt users’ passwords, like so:

$hashed = sha1($salt . $current_password);

Since rounds=0 is rejected for SHA1, we’ve tried importing using rounds=1 and rounds=80. Neither of them work. When trying to log in with that account, an incorrect password error is thrown:

Error: The password is invalid or the user does not have a password.

Any advice as to what number of rounds we should try? Is there any alternative solution to this problem, or are we out of luck with this one?

Top Results From Across the Web

Authenticate with Firebase using Password-Based Accounts ...

In the Firebase console, open the Auth section. On the Sign in method tab, enable the Email/password sign-in method and click Save. Create...

Firebase auth:import doesn't import password SHA256

i'm trying to migrate users to firebase using the cli command auth:import. My passwordHash is a SHA256 without salt from PHP hash function...

Firebase: Importing Users - Medium

But a problem arises when we imported our existing user using SHA1 encrypted password (yeah, we know this kind of encryption is not...

Using Firebase Authentication - FlutterFire

The method is a two-step operation; it will first create the new account (if it does not already exist and the password is...

Authentication with Vue 3 and Firebase - LogRocket Blog

To integrate Firebase Authentication into your application, you can use either the Firebase UI, which handles the UI flows for signing users in ......