Replace passlib with direct bcrypt calls, drop passlib dependency
passlib is unmaintained and incompatible with bcrypt 5.0.0 due to its internal wrap-bug detection test exceeding bcrypt's 72-byte password limit. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
+3
-6
@@ -2,8 +2,8 @@ import os
|
|||||||
from datetime import datetime, timedelta, timezone
|
from datetime import datetime, timedelta, timezone
|
||||||
from typing import Optional
|
from typing import Optional
|
||||||
|
|
||||||
|
import bcrypt
|
||||||
from jose import JWTError, jwt
|
from jose import JWTError, jwt
|
||||||
from passlib.context import CryptContext
|
|
||||||
from fastapi import Cookie, Depends, HTTPException, Response, status
|
from fastapi import Cookie, Depends, HTTPException, Response, status
|
||||||
from sqlalchemy.orm import Session
|
from sqlalchemy.orm import Session
|
||||||
|
|
||||||
@@ -16,15 +16,12 @@ ACCESS_TOKEN_EXPIRE_DAYS = 30
|
|||||||
COOKIE_NAME = "token"
|
COOKIE_NAME = "token"
|
||||||
SECURE_COOKIES = os.environ.get("SECURE_COOKIES", "true").lower() == "true"
|
SECURE_COOKIES = os.environ.get("SECURE_COOKIES", "true").lower() == "true"
|
||||||
|
|
||||||
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
|
||||||
|
|
||||||
|
|
||||||
def verify_password(plain_password: str, hashed_password: str) -> bool:
|
def verify_password(plain_password: str, hashed_password: str) -> bool:
|
||||||
return pwd_context.verify(plain_password, hashed_password)
|
return bcrypt.checkpw(plain_password.encode(), hashed_password.encode())
|
||||||
|
|
||||||
|
|
||||||
def hash_password(password: str) -> str:
|
def hash_password(password: str) -> str:
|
||||||
return pwd_context.hash(password)
|
return bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
|
||||||
|
|
||||||
|
|
||||||
def create_access_token(user_id: int, username: str, is_admin: bool, user_timezone: str = "UTC", admin_id: Optional[int] = None) -> str:
|
def create_access_token(user_id: int, username: str, is_admin: bool, user_timezone: str = "UTC", admin_id: Optional[int] = None) -> str:
|
||||||
|
|||||||
@@ -5,6 +5,5 @@ pymysql==1.2.0
|
|||||||
cryptography==48.0.0
|
cryptography==48.0.0
|
||||||
pydantic==2.13.4
|
pydantic==2.13.4
|
||||||
python-jose[cryptography]==3.5.0
|
python-jose[cryptography]==3.5.0
|
||||||
passlib[bcrypt]==1.7.4
|
|
||||||
bcrypt==5.0.0
|
bcrypt==5.0.0
|
||||||
httpx==0.28.1
|
httpx==0.28.1
|
||||||
|
|||||||
Reference in New Issue
Block a user