bcrypt pwd legth decreased <70
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
@@ -22,12 +22,20 @@ security = HTTPBearer()
|
||||
|
||||
|
||||
def verify_password(plain_password: str, hashed_password: str) -> bool:
|
||||
"""Verify password against hash."""
|
||||
"""Verify password against hash. Apply same truncation as used during hashing."""
|
||||
# Apply same truncation logic as during hashing
|
||||
password_bytes = plain_password.encode('utf-8')
|
||||
if len(password_bytes) > 72:
|
||||
plain_password = password_bytes[:72].decode('utf-8', errors='ignore')
|
||||
return pwd_context.verify(plain_password, hashed_password)
|
||||
|
||||
|
||||
def get_password_hash(password: str) -> str:
|
||||
"""Get password hash."""
|
||||
"""Get password hash. Truncate password to 72 bytes if necessary for bcrypt compatibility."""
|
||||
# bcrypt has a 72-byte limit, so truncate if necessary
|
||||
password_bytes = password.encode('utf-8')
|
||||
if len(password_bytes) > 72:
|
||||
password = password_bytes[:72].decode('utf-8', errors='ignore')
|
||||
return pwd_context.hash(password)
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user