anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: handle bcrypt 72-byte limit and increase JWT secret length

Browse Source
This commit is contained in:
anti
2026-04-09 01:11:32 -04:00
parent 0123e1c69e
commit 8c7ec2953e
25 changed files with 32 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
decnet/web/auth.py
View File

@@ -12,7 +12,7 @@ ACCESS_TOKEN_EXPIRE_MINUTES: int = 1440
def verify_password(plain_password: str, hashed_password: str) -> bool:
return bcrypt.checkpw(
plain_password.encode("utf-8"),
plain_password.encode("utf-8")[:72],
hashed_password.encode("utf-8")
)
@@ -20,7 +20,7 @@ def verify_password(plain_password: str, hashed_password: str) -> bool:
def get_password_hash(password: str) -> str:
# Use a cost factor of 12 (default for passlib/bcrypt)
_salt: bytes = bcrypt.gensalt(rounds=12)
_hashed: bytes = bcrypt.hashpw(password.encode("utf-8"), _salt)
_hashed: bytes = bcrypt.hashpw(password.encode("utf-8")[:72], _salt)
return _hashed.decode("utf-8")