itqop
/
itcloud
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix

This commit is contained in:
itqop 2025-12-30 16:59:34 +03:00
parent cc7c571115
commit c34aef8dd7
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
backend/src/app/infra/security.py
View File

@ -1,5 +1,6 @@
"""Security utilities for authentication and authorization.""" """Security utilities for authentication and authorization."""
import base64
import hashlib import hashlib
from datetime import datetime, timedelta, timezone from datetime import datetime, timedelta, timezone
from typing import Optional from typing import Optional
@ -30,8 +31,9 @@ def hash_password(password: str) -> str:
avoiding bcrypt's 72-byte limitation. avoiding bcrypt's 72-byte limitation.
""" """
# Pre-hash with SHA256 to support unlimited password length # Pre-hash with SHA256 to support unlimited password length
# This is a common technique to work around bcrypt's 72-byte limit # Use base64 encoding for compact representation (43 chars < 72 bytes)
password_hash = hashlib.sha256(password.encode('utf-8')).hexdigest() password_bytes = hashlib.sha256(password.encode('utf-8')).digest()
password_hash = base64.b64encode(password_bytes).decode('ascii')
return pwd_context.hash(password_hash) return pwd_context.hash(password_hash)
@ -47,7 +49,8 @@ def verify_password(plain_password: str, hashed_password: str) -> bool:
True if password matches, False otherwise True if password matches, False otherwise
""" """
# Apply same SHA256 pre-hashing as hash_password # Apply same SHA256 pre-hashing as hash_password
password_hash = hashlib.sha256(plain_password.encode('utf-8')).hexdigest() password_bytes = hashlib.sha256(plain_password.encode('utf-8')).digest()
password_hash = base64.b64encode(password_bytes).decode('ascii')
return pwd_context.verify(password_hash, hashed_password) return pwd_context.verify(password_hash, hashed_password)