truncate passwords to 72 bytes to prevent bcrypt hashing errors

2026-04-18 17:03:09 +02:00 · 2026-04-18 17:03:09 +02:00 · 7dcda4b5ef
commit 7dcda4b5ef
parent bb7053b01e
2 changed files with 5 additions and 3 deletions
--- a/main.py
+++ b/main.py
@ -37,10 +37,11 @@ app = FastAPI()
 app.add_middleware(SessionMiddleware, secret_key=ENCRYPTION_KEY)

 def get_password_hash(password):
-    return pwd_context.hash(password)
+    # bcrypt has a 72-byte limit
+    return pwd_context.hash(password[:72])

 def verify_password(plain_password, hashed_password):
-    return pwd_context.verify(plain_password, hashed_password)
+    return pwd_context.verify(plain_password[:72], hashed_password)

 def init_db():
    conn = sqlite3.connect(DB_PATH)
--- a/requirements.txt
+++ b/requirements.txt
@ -5,4 +5,5 @@ pyotp==2.9.0
 httpx==0.25.1
 pydantic==2.4.2
 itsdangerous==2.1.2
-passlib[bcrypt]==1.7.4
+passlib==1.7.4
+bcrypt==3.2.2