♻️ refactor(auth): remove bcrypt password length limitation
- switch from bcrypt to bcrypt_sha256 to allow longer passwords
- remove password_too_long function and related checks
📦 build(requirements): update bcrypt package version
- add bcrypt==4.0.1 to requirements.txt for compatibility with bcrypt_sha256
This commit is contained in:
nocci
parent
1b673f2cdf
commit
9512d6cb46
3 changed files with 3 additions and 26 deletions
12
app/auth.py
12
app/auth.py
|
|
@ -7,8 +7,8 @@ from sqlmodel import Session, select
|
||||||
from .db import get_session
|
from .db import get_session
|
||||||
from .models import User
|
from .models import User
|
||||||
|
|
||||||
BCRYPT_MAX_BYTES = 72
|
# bcrypt_sha256 erlaubt auch längere Passwörter (hashing von SHA-256 vor bcrypt)
|
||||||
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
pwd_context = CryptContext(schemes=["bcrypt_sha256"], deprecated="auto")
|
||||||
|
|
||||||
|
|
||||||
def hash_password(password: str) -> str:
|
def hash_password(password: str) -> str:
|
||||||
|
|
@ -21,14 +21,6 @@ def verify_password(plain_password: str, hashed_password: str) -> bool:
|
||||||
return pwd_context.verify(plain_password, hashed_password)
|
return pwd_context.verify(plain_password, hashed_password)
|
||||||
|
|
||||||
|
|
||||||
def password_too_long(password: str) -> bool:
|
|
||||||
"""Return True if password exceeds bcrypt's 72-byte limit."""
|
|
||||||
try:
|
|
||||||
return len(password.encode("utf-8")) > BCRYPT_MAX_BYTES
|
|
||||||
except Exception:
|
|
||||||
return True
|
|
||||||
|
|
||||||
|
|
||||||
def get_current_user(
|
def get_current_user(
|
||||||
request: Request,
|
request: Request,
|
||||||
session: Session = Depends(get_session),
|
session: Session = Depends(get_session),
|
||||||
|
|
|
||||||
16
app/main.py
16
app/main.py
|
|
@ -21,7 +21,6 @@ from .utils import (
|
||||||
from .auth import (
|
from .auth import (
|
||||||
hash_password,
|
hash_password,
|
||||||
verify_password,
|
verify_password,
|
||||||
password_too_long,
|
|
||||||
get_current_user,
|
get_current_user,
|
||||||
require_current_user,
|
require_current_user,
|
||||||
require_admin,
|
require_admin,
|
||||||
|
|
@ -143,8 +142,6 @@ def register(
|
||||||
error = None
|
error = None
|
||||||
if password != password_confirm:
|
if password != password_confirm:
|
||||||
error = "Passwords do not match."
|
error = "Passwords do not match."
|
||||||
elif password_too_long(password):
|
|
||||||
error = "Passwort ist zu lang (max. 72 Bytes). Bitte kürzer wählen."
|
|
||||||
else:
|
else:
|
||||||
existing = session.exec(
|
existing = session.exec(
|
||||||
select(User).where(User.username == username)
|
select(User).where(User.username == username)
|
||||||
|
|
@ -224,19 +221,6 @@ def login(
|
||||||
status_code=400,
|
status_code=400,
|
||||||
)
|
)
|
||||||
|
|
||||||
if password_too_long(password):
|
|
||||||
token = ensure_csrf_token(request)
|
|
||||||
return templates.TemplateResponse(
|
|
||||||
"login.html",
|
|
||||||
{
|
|
||||||
"request": request,
|
|
||||||
"error": "Passwort ist zu lang (max. 72 Bytes).",
|
|
||||||
"current_user": None,
|
|
||||||
"csrf_token": token,
|
|
||||||
},
|
|
||||||
status_code=400,
|
|
||||||
)
|
|
||||||
|
|
||||||
user = session.exec(select(User).where(User.username == username)).first()
|
user = session.exec(select(User).where(User.username == username)).first()
|
||||||
error = None
|
error = None
|
||||||
if not user or not verify_password(password, user.password_hash):
|
if not user or not verify_password(password, user.password_hash):
|
||||||
|
|
|
||||||
|
|
@ -6,3 +6,4 @@ python-multipart
|
||||||
cryptography
|
cryptography
|
||||||
passlib[bcrypt]
|
passlib[bcrypt]
|
||||||
itsdangerous
|
itsdangerous
|
||||||
|
bcrypt==4.0.1
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue