fix: Truncate Long Passwords (>72 bytes) (#6335)

This commit is contained in:
Michael Genson
2025-10-09 18:46:06 -05:00
committed by GitHub
parent 5620370ade
commit b7b191a5ee
2 changed files with 36 additions and 11 deletions

View File

@@ -21,13 +21,16 @@ class FakeHasher:
class BcryptHasher:
def _get_password_bytes(self, password: str) -> bytes:
return password.encode("utf-8")[:72]
def hash(self, password: str) -> str:
password_bytes = password.encode("utf-8")
password_bytes = self._get_password_bytes(password)
hashed = bcrypt.hashpw(password_bytes, bcrypt.gensalt())
return hashed.decode("utf-8")
def verify(self, password: str, hashed: str) -> bool:
password_bytes = password.encode("utf-8")
password_bytes = self._get_password_bytes(password)
hashed_bytes = hashed.encode("utf-8")
return bcrypt.checkpw(password_bytes, hashed_bytes)