fix: group creation (#1126)

* fix: unify group creation - closes #1100 * tests: disable password hashing during testing * tests: fix email config tests
2026-02-09 09:23:12 -05:00 · 2022-04-02 19:33:15 -08:00
parent e9bb39c744
commit c988de1921
11 changed files with 113 additions and 33 deletions
--- a/mealie/core/security/init.py
+++ b/mealie/core/security/init.py
@@ -0,0 +1 @@
+from .security import *
--- a/mealie/core/security/hasher.py
+++ b/mealie/core/security/hasher.py
@@ -0,0 +1,43 @@
+from functools import lru_cache
+from typing import Protocol
+
+from passlib.context import CryptContext
+
+from mealie.core.config import get_app_settings
+
+
+class Hasher(Protocol):
+    def hash(self, password: str) -> str:
+        ...
+
+    def verify(self, password: str, hashed: str) -> bool:
+        ...
+
+
+class FakeHasher:
+    def hash(self, password: str) -> str:
+        return password
+
+    def verify(self, password: str, hashed: str) -> bool:
+        return password == hashed
+
+
+class PasslibHasher:
+    def __init__(self) -> None:
+        self.ctx = CryptContext(schemes=["bcrypt"], deprecated="auto")
+
+    def hash(self, password: str) -> str:
+        return self.ctx.hash(password)
+
+    def verify(self, password: str, hashed: str) -> bool:
+        return self.ctx.verify(password, hashed)
+
+
+@lru_cache(maxsize=1)
+def get_hasher() -> Hasher:
+    settings = get_app_settings()
+
+    if settings.TESTING:
+        return FakeHasher()
+
+    return PasslibHasher()
--- a/mealie/core/security/security.py
+++ b/mealie/core/security/security.py
@@ -1,16 +1,15 @@
 import secrets
-from datetime import datetime, timedelta
+from datetime import datetime, timedelta, timezone
 from pathlib import Path

 from jose import jwt
-from passlib.context import CryptContext

 from mealie.core.config import get_app_settings
+from mealie.core.security.hasher import get_hasher
 from mealie.repos.all_repositories import get_repositories
 from mealie.repos.repository_factory import AllRepositories
 from mealie.schema.user import PrivateUser

-pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
 ALGORITHM = "HS256"


@@ -20,7 +19,7 @@ def create_access_token(data: dict, expires_delta: timedelta = None) -> str:
    to_encode = data.copy()
    expires_delta = expires_delta or timedelta(hours=settings.TOKEN_TIME)

-    expire = datetime.utcnow() + expires_delta
+    expire = datetime.now(timezone.utc) + expires_delta

    to_encode["exp"] = expire
    return jwt.encode(to_encode, settings.SECRET, algorithm=ALGORITHM)
@@ -31,7 +30,7 @@ def create_file_token(file_path: Path) -> str:
    return create_access_token(token_data, expires_delta=timedelta(minutes=30))


-def create_recipe_slug_token(file_path: str) -> str:
+def create_recipe_slug_token(file_path: str | Path) -> str:
    token_data = {"slug": str(file_path)}
    return create_access_token(token_data, expires_delta=timedelta(minutes=30))

@@ -96,12 +95,12 @@ def authenticate_user(session, email: str, password: str) -> PrivateUser | bool:

 def verify_password(plain_password: str, hashed_password: str) -> bool:
    """Compares a plain string to a hashed password"""
-    return pwd_context.verify(plain_password, hashed_password)
+    return get_hasher().verify(plain_password, hashed_password)


 def hash_password(password: str) -> str:
    """Takes in a raw password and hashes it. Used prior to saving a new password to the database."""
-    return pwd_context.hash(password)
+    return get_hasher().hash(password)


 def url_safe_token() -> str: