trevor/chat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bcrypt pwd legth decreased <70
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Andrew K. Choi
2025-09-26 06:58:07 +09:00
parent 24c1a0c85c
commit 31c1644ec2
3 changed files with 42 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
services/user_service/main.py
View File

@@ -82,7 +82,18 @@ async def register_user(user_data: UserCreate, db: AsyncSession = Depends(get_db
) )
# Create new user # Create new user
hashed_password = get_password_hash(user_data.password) try:
hashed_password = get_password_hash(user_data.password)
except ValueError as e:
if "password cannot be longer than 72 bytes" in str(e):
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail="Password is too long. Please use a shorter password (max 70 characters)."
)
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail=f"Password validation error: {str(e)}"
)
# Используем phone_number как запасной вариант для phone # Используем phone_number как запасной вариант для phone
phone = user_data.phone or user_data.phone_number phone = user_data.phone or user_data.phone_number

22
services/user_service/schemas.py
View File

@@ -41,7 +41,16 @@ class UserBase(BaseModel):
class UserCreate(UserBase): class UserCreate(UserBase):
password: str = Field(..., min_length=8, max_length=100) password: str = Field(..., min_length=8, max_length=70, description="Password (will be truncated to 72 bytes for bcrypt compatibility)")
@field_validator("password")
@classmethod
def validate_password_bytes(cls, v):
"""Ensure password doesn't exceed bcrypt's 72-byte limit."""
password_bytes = v.encode('utf-8')
if len(password_bytes) > 72:
raise ValueError("Password is too long when encoded as UTF-8 (max 72 bytes for bcrypt)")
return v
class UserUpdate(BaseModel): class UserUpdate(BaseModel):
@@ -93,7 +102,16 @@ class UserResponse(UserBase):
class UserLogin(BaseModel): class UserLogin(BaseModel):
email: Optional[EmailStr] = None email: Optional[EmailStr] = None
username: Optional[str] = None username: Optional[str] = None
password: str password: str = Field(..., max_length=70, description="Password (will be truncated to 72 bytes for bcrypt compatibility)")
@field_validator("password")
@classmethod
def validate_password_bytes(cls, v):
"""Ensure password doesn't exceed bcrypt's 72-byte limit."""
password_bytes = v.encode('utf-8')
if len(password_bytes) > 72:
raise ValueError("Password is too long when encoded as UTF-8 (max 72 bytes for bcrypt)")
return v
class Token(BaseModel): class Token(BaseModel):

12
shared/auth.py
View File

@@ -22,12 +22,20 @@ security = HTTPBearer()
def verify_password(plain_password: str, hashed_password: str) -> bool: def verify_password(plain_password: str, hashed_password: str) -> bool:
"""Verify password against hash.""" """Verify password against hash. Apply same truncation as used during hashing."""
# Apply same truncation logic as during hashing
password_bytes = plain_password.encode('utf-8')
if len(password_bytes) > 72:
plain_password = password_bytes[:72].decode('utf-8', errors='ignore')
return pwd_context.verify(plain_password, hashed_password) return pwd_context.verify(plain_password, hashed_password)
def get_password_hash(password: str) -> str: def get_password_hash(password: str) -> str:
"""Get password hash.""" """Get password hash. Truncate password to 72 bytes if necessary for bcrypt compatibility."""
# bcrypt has a 72-byte limit, so truncate if necessary
password_bytes = password.encode('utf-8')
if len(password_bytes) > 72:
password = password_bytes[:72].decode('utf-8', errors='ignore')
return pwd_context.hash(password) return pwd_context.hash(password)