Skip to content

Commit 02e2adf

Browse files
committed
Fix bcrypt 72-byte password limit on Python 3.14
passlib + newer bcrypt backends strictly enforce the 72-byte limit, causing ValueError on login. Truncate password input to 72 bytes before hashing/verifying.
1 parent 07690cb commit 02e2adf

1 file changed

Lines changed: 3 additions & 2 deletions

File tree

app/auth.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,11 +21,12 @@
2121

2222

2323
def hash_password(password: str) -> str:
24-
return bcrypt.hash(password)
24+
# bcrypt enforces a 72-byte limit; truncate to avoid ValueError on strict backends
25+
return bcrypt.hash(password[:72])
2526

2627

2728
def verify_password(password: str, hashed: str) -> bool:
28-
return bcrypt.verify(password, hashed)
29+
return bcrypt.verify(password[:72], hashed)
2930

3031

3132
def create_session_token(user_id: int, username: str, role: str) -> str:

0 commit comments

Comments
 (0)