♻️ refactor(auth): remove bcrypt password length limitation

- switch from bcrypt to bcrypt_sha256 to allow longer passwords
- remove password_too_long function and related checks

📦 build(requirements): update bcrypt package version

- add bcrypt==4.0.1 to requirements.txt for compatibility with bcrypt_sha256

app/auth.py

@@ -7,8 +7,8 @@ from sqlmodel import Session, select
 from .db import get_session
 from .models import User
 
-BCRYPT_MAX_BYTES = 72
-pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+# bcrypt_sha256 erlaubt auch längere Passwörter (hashing von SHA-256 vor bcrypt)
+pwd_context = CryptContext(schemes=["bcrypt_sha256"], deprecated="auto")
 
 
 def hash_password(password: str) -> str:
@@ -21,14 +21,6 @@ def verify_password(plain_password: str, hashed_password: str) -> bool:
     return pwd_context.verify(plain_password, hashed_password)
 
 
-def password_too_long(password: str) -> bool:
-    """Return True if password exceeds bcrypt's 72-byte limit."""
-    try:
-        return len(password.encode("utf-8")) > BCRYPT_MAX_BYTES
-    except Exception:
-        return True
-
-
 def get_current_user(
     request: Request,
     session: Session = Depends(get_session),