tronosfera/backup_service
1
0
Fork 0
mirror of https://github.com/TronoSfera/backup_service.git synced 2026-05-18 10:03:32 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #10 from TronoSfera/codex/fix-bcrypt-version-reading-error

Browse source 
Avoid bcrypt 72-byte errors by SHA-256 hashing long passwords
This commit is contained in:
TronoSfera 2026-01-19 11:54:17 +03:00 committed by GitHub
commit dc228618c5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
server/auth.py
View file

@ -15,6 +15,7 @@ from __future__ import annotations
import os import os
import datetime import datetime
import hashlib
from typing import Optional from typing import Optional
from jose import JWTError, jwt from jose import JWTError, jwt
@ -45,16 +46,17 @@ except Exception:
pwd_context = CryptContext(schemes=["bcrypt_sha256", "bcrypt"], deprecated="auto") pwd_context = CryptContext(schemes=["bcrypt_sha256", "bcrypt"], deprecated="auto")
def _normalize_bcrypt_password(password: str) -> str | bytes: def _normalize_bcrypt_password(password: str) -> str:
"""Normalize passwords to avoid bcrypt's 72-byte length limit. """Normalize passwords to avoid bcrypt's 72-byte length limit.
Some bcrypt backends raise a ValueError for passwords longer than 72 bytes. Some bcrypt backends raise a ValueError for passwords longer than 72 bytes.
Truncate to 72 bytes to match typical bcrypt behavior instead of crashing. Instead of truncating, hash the original bytes with SHA-256 to preserve
entropy while ensuring the input length stays within bcrypt limits.
""" """
encoded = password.encode("utf-8") encoded = password.encode("utf-8")
if len(encoded) <= 72: if len(encoded) <= 72:
return password return password
return encoded[:72] return hashlib.sha256(encoded).hexdigest()
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/login", auto_error=False) oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/login", auto_error=False)