nocci/server-verwaltung
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(auth): add password length validation

Browse source 
- introduce password_too_long function to check bcrypt's 72-byte limit
- update registration and login to handle passwords exceeding limit
This commit is contained in:
nocci 2025-12-06 13:20:06 +00:00
parent 8f17f9bf8d
commit 1b673f2cdf
2 changed files with 25 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
app/auth.py
View file

@ -7,6 +7,7 @@ from sqlmodel import Session, select
from .db import get_session
from .models import User
BCRYPT_MAX_BYTES = 72
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
@ -20,6 +21,14 @@ def verify_password(plain_password: str, hashed_password: str) -> bool:
return pwd_context.verify(plain_password, hashed_password)
def password_too_long(password: str) -> bool:
"""Return True if password exceeds bcrypt's 72-byte limit."""
try:
return len(password.encode("utf-8")) > BCRYPT_MAX_BYTES
except Exception:
return True
def get_current_user(
request: Request,
session: Session = Depends(get_session),