Spaces:
Running
Running
suhail
commited on
Commit
·
0ff84fe
1
Parent(s):
dcd08d5
good
Browse files
src/core/__pycache__/security.cpython-313.pyc
CHANGED
|
Binary files a/src/core/__pycache__/security.cpython-313.pyc and b/src/core/__pycache__/security.cpython-313.pyc differ
|
|
|
src/core/security.py
CHANGED
|
@@ -104,7 +104,6 @@
|
|
| 104 |
# detail="Invalid token",
|
| 105 |
# headers={"WWW-Authenticate": "Bearer"}
|
| 106 |
# )
|
| 107 |
-
|
| 108 |
"""
|
| 109 |
Security utilities for authentication and authorization.
|
| 110 |
"""
|
|
@@ -123,7 +122,11 @@ from src.core.config import settings
|
|
| 123 |
# Password hashing (bcrypt-safe)
|
| 124 |
# =========================
|
| 125 |
|
| 126 |
-
pwd_context = CryptContext(
|
|
|
|
|
|
|
|
|
|
|
|
|
| 127 |
security = HTTPBearer()
|
| 128 |
|
| 129 |
MAX_BCRYPT_BYTES = 72
|
|
@@ -131,34 +134,31 @@ MAX_BCRYPT_BYTES = 72
|
|
| 131 |
|
| 132 |
def _bcrypt_safe(password: str) -> bytes:
|
| 133 |
"""
|
| 134 |
-
|
| 135 |
-
Truncate safely to avoid runtime crashes.
|
| 136 |
"""
|
| 137 |
return password.encode("utf-8")[:MAX_BCRYPT_BYTES]
|
| 138 |
|
| 139 |
|
| 140 |
def hash_password(password: str) -> str:
|
| 141 |
"""
|
| 142 |
-
Hash
|
| 143 |
"""
|
| 144 |
return pwd_context.hash(_bcrypt_safe(password))
|
| 145 |
|
| 146 |
|
| 147 |
def verify_password(plain_password: str, hashed_password: str) -> bool:
|
| 148 |
"""
|
| 149 |
-
Verify password
|
|
|
|
| 150 |
"""
|
| 151 |
try:
|
| 152 |
-
# New bcrypt-safe method
|
| 153 |
return pwd_context.verify(
|
| 154 |
-
plain_password
|
| 155 |
hashed_password
|
| 156 |
)
|
| 157 |
-
except
|
| 158 |
-
|
| 159 |
-
|
| 160 |
-
legacy = hashlib.sha256(plain_password.encode("utf-8")).hexdigest()
|
| 161 |
-
return pwd_context.verify(legacy, hashed_password)
|
| 162 |
|
| 163 |
# =========================
|
| 164 |
# JWT utilities
|
|
@@ -209,6 +209,7 @@ def verify_jwt_token(token: str, secret: str) -> dict:
|
|
| 209 |
detail="Invalid token"
|
| 210 |
)
|
| 211 |
|
|
|
|
| 212 |
# =========================
|
| 213 |
# FastAPI dependency
|
| 214 |
# =========================
|
|
|
|
| 104 |
# detail="Invalid token",
|
| 105 |
# headers={"WWW-Authenticate": "Bearer"}
|
| 106 |
# )
|
|
|
|
| 107 |
"""
|
| 108 |
Security utilities for authentication and authorization.
|
| 109 |
"""
|
|
|
|
| 122 |
# Password hashing (bcrypt-safe)
|
| 123 |
# =========================
|
| 124 |
|
| 125 |
+
pwd_context = CryptContext(
|
| 126 |
+
schemes=["bcrypt"],
|
| 127 |
+
deprecated="auto"
|
| 128 |
+
)
|
| 129 |
+
|
| 130 |
security = HTTPBearer()
|
| 131 |
|
| 132 |
MAX_BCRYPT_BYTES = 72
|
|
|
|
| 134 |
|
| 135 |
def _bcrypt_safe(password: str) -> bytes:
|
| 136 |
"""
|
| 137 |
+
Ensure password never exceeds bcrypt 72-byte limit.
|
|
|
|
| 138 |
"""
|
| 139 |
return password.encode("utf-8")[:MAX_BCRYPT_BYTES]
|
| 140 |
|
| 141 |
|
| 142 |
def hash_password(password: str) -> str:
|
| 143 |
"""
|
| 144 |
+
Hash password safely using bcrypt.
|
| 145 |
"""
|
| 146 |
return pwd_context.hash(_bcrypt_safe(password))
|
| 147 |
|
| 148 |
|
| 149 |
def verify_password(plain_password: str, hashed_password: str) -> bool:
|
| 150 |
"""
|
| 151 |
+
Verify password safely.
|
| 152 |
+
Never throws bcrypt length errors.
|
| 153 |
"""
|
| 154 |
try:
|
|
|
|
| 155 |
return pwd_context.verify(
|
| 156 |
+
_bcrypt_safe(plain_password),
|
| 157 |
hashed_password
|
| 158 |
)
|
| 159 |
+
except Exception:
|
| 160 |
+
return False
|
| 161 |
+
|
|
|
|
|
|
|
| 162 |
|
| 163 |
# =========================
|
| 164 |
# JWT utilities
|
|
|
|
| 209 |
detail="Invalid token"
|
| 210 |
)
|
| 211 |
|
| 212 |
+
|
| 213 |
# =========================
|
| 214 |
# FastAPI dependency
|
| 215 |
# =========================
|