From bfb94764e64df2c3673e4fe9b86c44c73a54a534 Mon Sep 17 00:00:00 2001 From: gilesb Date: Wed, 7 Jan 2026 15:45:50 +0000 Subject: [PATCH] fix: truncate password to 72 bytes for bcrypt --- auth.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/auth.py b/auth.py index 0bdacc5..f7a294d 100644 --- a/auth.py +++ b/auth.py @@ -94,13 +94,13 @@ def save_users(data_dir: Path, users: dict[str, dict]): def hash_password(password: str) -> str: - """Hash a password.""" - return pwd_context.hash(password) + """Hash a password (truncate to 72 bytes for bcrypt).""" + return pwd_context.hash(password[:72]) def verify_password(plain_password: str, hashed_password: str) -> bool: """Verify a password against its hash.""" - return pwd_context.verify(plain_password, hashed_password) + return pwd_context.verify(plain_password[:72], hashed_password) def create_user(data_dir: Path, username: str, password: str, email: Optional[str] = None) -> User: