From 7dcda4b5efab22d6061b5140974bf05a44883b0b Mon Sep 17 00:00:00 2001
From: cosmo <cptncosmo@gmail.com>
Date: Sat, 18 Apr 2026 17:03:09 +0200
Subject: [PATCH] truncate passwords to 72 bytes to prevent bcrypt hashing
 errors

---
 main.py          | 5 +++--
 requirements.txt | 3 ++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/main.py b/main.py
index d9cd49c..277f289 100644
--- a/main.py
+++ b/main.py
@@ -37,10 +37,11 @@ app = FastAPI()
 app.add_middleware(SessionMiddleware, secret_key=ENCRYPTION_KEY)
 
 def get_password_hash(password):
-    return pwd_context.hash(password)
+    # bcrypt has a 72-byte limit
+    return pwd_context.hash(password[:72])
 
 def verify_password(plain_password, hashed_password):
-    return pwd_context.verify(plain_password, hashed_password)
+    return pwd_context.verify(plain_password[:72], hashed_password)
 
 def init_db():
     conn = sqlite3.connect(DB_PATH)
diff --git a/requirements.txt b/requirements.txt
index bec8007..88090ad 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -5,4 +5,5 @@ pyotp==2.9.0
 httpx==0.25.1
 pydantic==2.4.2
 itsdangerous==2.1.2
-passlib[bcrypt]==1.7.4
+passlib==1.7.4
+bcrypt==3.2.2