tronosfera/backup_service
1
0
Fork 0
mirror of https://github.com/TronoSfera/backup_service.git synced 2026-05-18 10:03:32 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Harden password hashing backend selection

Browse source
This commit is contained in:
TronoSfera 2026-01-19 12:05:28 +03:00
parent dc228618c5
commit 0c6df7949e
1 changed files with 12 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
server/auth.py
View file

@ -35,15 +35,19 @@ ALGORITHM = "HS256"
ACCESS_TOKEN_EXPIRE_MINUTES = int(os.getenv("ACCESS_TOKEN_EXPIRE_MINUTES", "60"))
# Password hashing context
try:
def _build_password_context() -> CryptContext:
"""Create a password hashing context with a safe backend fallback."""
try:
passlib_bcrypt.bcrypt.set_backend("builtin")
passlib_bcrypt.bcrypt_sha256.set_backend("builtin")
except Exception:
# If the builtin backend is unavailable, fall back to the default backend.
pass
passlib_bcrypt.bcrypt_sha256.hash("passlib-backend-check")
return CryptContext(schemes=["bcrypt_sha256", "bcrypt"], deprecated="auto")
except Exception:
# bcrypt backends can fail with newer bcrypt releases; fall back to pbkdf2.
return CryptContext(schemes=["pbkdf2_sha256"], deprecated="auto")
pwd_context = CryptContext(schemes=["bcrypt_sha256", "bcrypt"], deprecated="auto")
pwd_context = _build_password_context()
def _normalize_bcrypt_password(password: str) -> str: