mirror of
https://github.com/TronoSfera/backup_service.git
synced 2026-05-18 10:03:32 +03:00
Handle long passwords for bcrypt
This commit is contained in:
TronoSfera
parent
d92aac0715
commit
e87ffbd60d
1 changed files with 5 additions and 3 deletions
|
|
@ -15,6 +15,7 @@ from __future__ import annotations
|
||||||
|
|
||||||
import os
|
import os
|
||||||
import datetime
|
import datetime
|
||||||
|
import hashlib
|
||||||
from typing import Optional
|
from typing import Optional
|
||||||
|
|
||||||
from jose import JWTError, jwt
|
from jose import JWTError, jwt
|
||||||
|
|
@ -45,16 +46,17 @@ except Exception:
|
||||||
pwd_context = CryptContext(schemes=["bcrypt_sha256", "bcrypt"], deprecated="auto")
|
pwd_context = CryptContext(schemes=["bcrypt_sha256", "bcrypt"], deprecated="auto")
|
||||||
|
|
||||||
|
|
||||||
def _normalize_bcrypt_password(password: str) -> str | bytes:
|
def _normalize_bcrypt_password(password: str) -> str:
|
||||||
"""Normalize passwords to avoid bcrypt's 72-byte length limit.
|
"""Normalize passwords to avoid bcrypt's 72-byte length limit.
|
||||||
|
|
||||||
Some bcrypt backends raise a ValueError for passwords longer than 72 bytes.
|
Some bcrypt backends raise a ValueError for passwords longer than 72 bytes.
|
||||||
Truncate to 72 bytes to match typical bcrypt behavior instead of crashing.
|
Instead of truncating, hash the original bytes with SHA-256 to preserve
|
||||||
|
entropy while ensuring the input length stays within bcrypt limits.
|
||||||
"""
|
"""
|
||||||
encoded = password.encode("utf-8")
|
encoded = password.encode("utf-8")
|
||||||
if len(encoded) <= 72:
|
if len(encoded) <= 72:
|
||||||
return password
|
return password
|
||||||
return encoded[:72]
|
return hashlib.sha256(encoded).hexdigest()
|
||||||
|
|
||||||
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/login", auto_error=False)
|
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/login", auto_error=False)
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue