Spaces:
Sleeping
Sleeping
Update src/utils/security.py
Browse files- src/utils/security.py +10 -1
src/utils/security.py
CHANGED
|
@@ -16,12 +16,21 @@ _FALLBACK_JWT_ALGORITHM = "HS256"
|
|
| 16 |
_FALLBACK_ACCESS_TOKEN_EXPIRE_DAYS = 7
|
| 17 |
|
| 18 |
# Password hashing context
|
| 19 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 20 |
|
| 21 |
|
| 22 |
def hash_password(password: str) -> str:
|
| 23 |
"""Hash a password using bcrypt."""
|
| 24 |
try:
|
|
|
|
|
|
|
|
|
|
|
|
|
| 25 |
return pwd_context.hash(password)
|
| 26 |
except Exception as e:
|
| 27 |
logger.error(f"Error hashing password: {str(e)}")
|
|
|
|
| 16 |
_FALLBACK_ACCESS_TOKEN_EXPIRE_DAYS = 7
|
| 17 |
|
| 18 |
# Password hashing context
|
| 19 |
+
# Handle bcrypt backend issues by specifying a fallback
|
| 20 |
+
try:
|
| 21 |
+
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
| 22 |
+
except Exception as e:
|
| 23 |
+
logger.warning(f"Failed to initialize bcrypt context: {e}, using plaintext (NOT FOR PRODUCTION)")
|
| 24 |
+
pwd_context = CryptContext(schemes=["plaintext"], deprecated="auto")
|
| 25 |
|
| 26 |
|
| 27 |
def hash_password(password: str) -> str:
|
| 28 |
"""Hash a password using bcrypt."""
|
| 29 |
try:
|
| 30 |
+
# Truncate password to 72 bytes to avoid bcrypt limitation
|
| 31 |
+
if len(password.encode('utf-8')) > 72:
|
| 32 |
+
logger.warning("Password exceeds 72 bytes, truncating")
|
| 33 |
+
password = password.encode('utf-8')[:72].decode('utf-8', errors='ignore')
|
| 34 |
return pwd_context.hash(password)
|
| 35 |
except Exception as e:
|
| 36 |
logger.error(f"Error hashing password: {str(e)}")
|