Spaces:
Sleeping
Sleeping
suhail commited on
Commit ·
87238f5
1
Parent(s): 12ccf36
cahnges
Browse files- requirements.txt +3 -0
- src/core/security.py +6 -8
requirements.txt
CHANGED
|
@@ -11,3 +11,6 @@ httpx==0.25.2
|
|
| 11 |
PyJWT==2.8.0
|
| 12 |
passlib[bcrypt]==1.7.4
|
| 13 |
python-multipart==0.0.6
|
|
|
|
|
|
|
|
|
|
|
|
| 11 |
PyJWT==2.8.0
|
| 12 |
passlib[bcrypt]==1.7.4
|
| 13 |
python-multipart==0.0.6
|
| 14 |
+
|
| 15 |
+
# Add this line (or replace if bcrypt is already listed)
|
| 16 |
+
bcrypt==4.3.0 # Last stable version before the 5.0 break
|
src/core/security.py
CHANGED
|
@@ -114,7 +114,7 @@ from passlib.context import CryptContext
|
|
| 114 |
from fastapi import HTTPException, status
|
| 115 |
|
| 116 |
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
| 117 |
-
|
| 118 |
MAX_BCRYPT_BYTES = 72
|
| 119 |
|
| 120 |
|
|
@@ -130,15 +130,13 @@ def _normalize_password(password: str) -> bytes:
|
|
| 130 |
|
| 131 |
|
| 132 |
def hash_password(password: str) -> str:
|
| 133 |
-
|
| 134 |
-
|
|
|
|
| 135 |
|
| 136 |
def verify_password(plain_password: str, hashed_password: str) -> bool:
|
| 137 |
-
|
| 138 |
-
|
| 139 |
-
hashed_password,
|
| 140 |
-
)
|
| 141 |
-
|
| 142 |
|
| 143 |
def create_jwt_token(user_id: int, email: str, secret: str, expiration_days: int = 7) -> str:
|
| 144 |
now = datetime.utcnow()
|
|
|
|
| 114 |
from fastapi import HTTPException, status
|
| 115 |
|
| 116 |
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
| 117 |
+
import hashlib
|
| 118 |
MAX_BCRYPT_BYTES = 72
|
| 119 |
|
| 120 |
|
|
|
|
| 130 |
|
| 131 |
|
| 132 |
def hash_password(password: str) -> str:
|
| 133 |
+
# SHA-256 produces 64 hex chars = 64 bytes < 72-byte limit
|
| 134 |
+
pre_hashed = hashlib.sha256(password.encode("utf-8")).hexdigest()
|
| 135 |
+
return pwd_context.hash(pre_hashed)
|
| 136 |
|
| 137 |
def verify_password(plain_password: str, hashed_password: str) -> bool:
|
| 138 |
+
pre_hashed = hashlib.sha256(plain_password.encode("utf-8")).hexdigest()
|
| 139 |
+
return pwd_context.verify(pre_hashed, hashed_password)
|
|
|
|
|
|
|
|
|
|
| 140 |
|
| 141 |
def create_jwt_token(user_id: int, email: str, secret: str, expiration_days: int = 7) -> str:
|
| 142 |
now = datetime.utcnow()
|