fix: truncate password to 72 bytes for bcrypt

2026-01-07 15:45:50 +00:00
parent bee3f0372b
commit bfb94764e6
1 changed files with 3 additions and 3 deletions
--- a/auth.py
+++ b/auth.py
@@ -94,13 +94,13 @@ def save_users(data_dir: Path, users: dict[str, dict]):


 def hash_password(password: str) -> str:
-    """Hash a password."""
-    return pwd_context.hash(password)
+    """Hash a password (truncate to 72 bytes for bcrypt)."""
+    return pwd_context.hash(password[:72])


 def verify_password(plain_password: str, hashed_password: str) -> bool:
    """Verify a password against its hash."""
-    return pwd_context.verify(plain_password, hashed_password)
+    return pwd_context.verify(plain_password[:72], hashed_password)


 def create_user(data_dir: Path, username: str, password: str, email: Optional[str] = None) -> User: