♻️ refactor(auth): remove bcrypt password length limitation
- switch from bcrypt to bcrypt_sha256 to allow longer passwords
- remove password_too_long function and related checks
📦 build(requirements): update bcrypt package version
- add bcrypt==4.0.1 to requirements.txt for compatibility with bcrypt_sha256
This commit is contained in:
nocci
parent
1b673f2cdf
commit
9512d6cb46
3 changed files with 3 additions and 26 deletions
12
app/auth.py
12
app/auth.py
|
|
@ -7,8 +7,8 @@ from sqlmodel import Session, select
|
|||
from .db import get_session
|
||||
from .models import User
|
||||
|
||||
BCRYPT_MAX_BYTES = 72
|
||||
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
||||
# bcrypt_sha256 erlaubt auch längere Passwörter (hashing von SHA-256 vor bcrypt)
|
||||
pwd_context = CryptContext(schemes=["bcrypt_sha256"], deprecated="auto")
|
||||
|
||||
|
||||
def hash_password(password: str) -> str:
|
||||
|
|
@ -21,14 +21,6 @@ def verify_password(plain_password: str, hashed_password: str) -> bool:
|
|||
return pwd_context.verify(plain_password, hashed_password)
|
||||
|
||||
|
||||
def password_too_long(password: str) -> bool:
|
||||
"""Return True if password exceeds bcrypt's 72-byte limit."""
|
||||
try:
|
||||
return len(password.encode("utf-8")) > BCRYPT_MAX_BYTES
|
||||
except Exception:
|
||||
return True
|
||||
|
||||
|
||||
def get_current_user(
|
||||
request: Request,
|
||||
session: Session = Depends(get_session),
|
||||
|
|
|
|||
16
app/main.py
16
app/main.py
|
|
@ -21,7 +21,6 @@ from .utils import (
|
|||
from .auth import (
|
||||
hash_password,
|
||||
verify_password,
|
||||
password_too_long,
|
||||
get_current_user,
|
||||
require_current_user,
|
||||
require_admin,
|
||||
|
|
@ -143,8 +142,6 @@ def register(
|
|||
error = None
|
||||
if password != password_confirm:
|
||||
error = "Passwords do not match."
|
||||
elif password_too_long(password):
|
||||
error = "Passwort ist zu lang (max. 72 Bytes). Bitte kürzer wählen."
|
||||
else:
|
||||
existing = session.exec(
|
||||
select(User).where(User.username == username)
|
||||
|
|
@ -224,19 +221,6 @@ def login(
|
|||
status_code=400,
|
||||
)
|
||||
|
||||
if password_too_long(password):
|
||||
token = ensure_csrf_token(request)
|
||||
return templates.TemplateResponse(
|
||||
"login.html",
|
||||
{
|
||||
"request": request,
|
||||
"error": "Passwort ist zu lang (max. 72 Bytes).",
|
||||
"current_user": None,
|
||||
"csrf_token": token,
|
||||
},
|
||||
status_code=400,
|
||||
)
|
||||
|
||||
user = session.exec(select(User).where(User.username == username)).first()
|
||||
error = None
|
||||
if not user or not verify_password(password, user.password_hash):
|
||||
|
|
|
|||
|
|
@ -6,3 +6,4 @@ python-multipart
|
|||
cryptography
|
||||
passlib[bcrypt]
|
||||
itsdangerous
|
||||
bcrypt==4.0.1
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue