fix: Truncate Long Passwords (>72 bytes) (#6335)

tests/unit_tests/core/test_security.py

@@ -2,21 +2,43 @@ from pytest import MonkeyPatch
 
 from mealie.core.config import get_app_settings
 from mealie.core.security.hasher import BcryptHasher, FakeHasher, get_hasher
+from tests.utils.factories import random_string
+
+
+def clear_hasher_cache():
+    get_hasher.cache_clear()
+    get_app_settings.cache_clear()
 
 
 def test_get_hasher(monkeypatch: MonkeyPatch):
-    hasher = get_hasher()
+    try:
+        hasher = get_hasher()
+        assert isinstance(hasher, FakeHasher)
 
-    assert isinstance(hasher, FakeHasher)
+        monkeypatch.setenv("TESTING", "0")
+        clear_hasher_cache()
 
-    monkeypatch.setenv("TESTING", "0")
+        hasher = get_hasher()
+        assert isinstance(hasher, BcryptHasher)
+    finally:
+        clear_hasher_cache()
 
-    get_hasher.cache_clear()
-    get_app_settings.cache_clear()
 
-    hasher = get_hasher()
+def test_hasher_long_password(monkeypatch: MonkeyPatch):
+    try:
+        monkeypatch.setenv("TESTING", "0")
+        clear_hasher_cache()
 
-    assert isinstance(hasher, BcryptHasher)
+        hasher = get_hasher()
+        assert isinstance(hasher, BcryptHasher)
 
-    get_app_settings.cache_clear()
-    get_hasher.cache_clear()
+        # Create a very long password which bcrypt doesn't support
+        password = random_string(256)
+        assert len(password) > 72
+
+        # Make sure our hasher still works even though the password is too long
+        hashed_password = hasher.hash(password)
+        assert hashed_password
+        assert hasher.verify(password, hashed_password)
+    finally:
+        clear_hasher_cache()