Spaces:

sk3078
/

taskflow-api

Sleeping

suhail commited on Jan 10

Commit

87238f5

1 Parent(s): 12ccf36

cahnges

Files changed (2) hide show

requirements.txt CHANGED Viewed

@@ -11,3 +11,6 @@ httpx==0.25.2
 PyJWT==2.8.0
 passlib[bcrypt]==1.7.4
 python-multipart==0.0.6

 PyJWT==2.8.0
 passlib[bcrypt]==1.7.4
 python-multipart==0.0.6
+# Add this line (or replace if bcrypt is already listed)
+bcrypt==4.3.0   # Last stable version before the 5.0 break

src/core/security.py CHANGED Viewed

@@ -114,7 +114,7 @@ from passlib.context import CryptContext
 from fastapi import HTTPException, status
 pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
 MAX_BCRYPT_BYTES = 72
@@ -130,15 +130,13 @@ def _normalize_password(password: str) -> bytes:
 def hash_password(password: str) -> str:
-    return pwd_context.hash(_normalize_password(password))
 def verify_password(plain_password: str, hashed_password: str) -> bool:
-    return pwd_context.verify(
-        _normalize_password(plain_password),
-        hashed_password,
-    )
 def create_jwt_token(user_id: int, email: str, secret: str, expiration_days: int = 7) -> str:
     now = datetime.utcnow()

 from fastapi import HTTPException, status
 pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+import hashlib
 MAX_BCRYPT_BYTES = 72
 def hash_password(password: str) -> str:
+    # SHA-256 produces 64 hex chars = 64 bytes < 72-byte limit
+    pre_hashed = hashlib.sha256(password.encode("utf-8")).hexdigest()
+    return pwd_context.hash(pre_hashed)
 def verify_password(plain_password: str, hashed_password: str) -> bool:
+    pre_hashed = hashlib.sha256(plain_password.encode("utf-8")).hexdigest()
+    return pwd_context.verify(pre_hashed, hashed_password)
 def create_jwt_token(user_id: int, email: str, secret: str, expiration_days: int = 7) -> str:
     now = datetime.utcnow()