Merge pull request #37 from asacristani/use_bcrypt_directly

Use bcrypt directly
asacristani · Apr 12, 2024 · 4954adf · 4954adf
2 parents 1179984 + 395c1f1
commit 4954adf
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 34 deletions.
diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml
@@ -18,19 +18,19 @@ runtimes:
 # This is the section where you manage your linters. (https://docs.trunk.io/check/configuration)
 lint:
   disabled:
+    - pylint
   enabled:
-    - [email protected]
     - [email protected]
-    - [email protected]
     - [email protected]
     - [email protected]
     - [email protected]
-    - [email protected].53
+    - [email protected].60
     - [email protected]
     - git-diff-check
     - [email protected]
     - [email protected]
     - [email protected]
+    - [email protected]
     - [email protected]
     - [email protected]
     - [email protected]

diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -0,0 +1,4 @@
+{
+  "python.analysis.autoImportCompletions": true,
+  "python.analysis.typeCheckingMode": "basic"
+}
diff --git a/app/core/auth/functions.py b/app/core/auth/functions.py
@@ -1,21 +1,31 @@
 from datetime import datetime, timedelta
 
+import bcrypt
 from fastapi import Depends, HTTPException
 from fastapi.security import OAuth2PasswordBearer
 from jose import jwt
-from passlib.context import CryptContext
 
 from app.settings import settings
 
-pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
 
+def hash_password(password: str) -> bytes:
+    pwd_bytes = password.encode("utf-8")
+    salt = bcrypt.gensalt()
+    hashed_password = bcrypt.hashpw(password=pwd_bytes, salt=salt)
+    return hashed_password
 
-def hash_password(password: str) -> str:
-    return pwd_context.hash(password)
 
-
-def verify_password(plain_password: str, hashed_password: str) -> bool:
-    return pwd_context.verify(plain_password, hashed_password)
+def verify_password(plain_password: str, hashed_password: str | bytes) -> bool:
+    password_byte_enc = plain_password.encode("utf-8")
+    hashed_password = (
+        hashed_password.encode("utf-8")
+        if isinstance(hashed_password, str)
+        else hashed_password
+    )
+    return bcrypt.checkpw(
+        password=password_byte_enc,
+        hashed_password=hashed_password,
+    )
 
 
 def create_jwt_token(data: dict, expiration_delta: timedelta) -> str:

diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -11,7 +11,6 @@ python = "^3.11"
 fastapi = "^0.110.1"
 uvicorn = "^0.23.1"
 psycopg2 = "^2.9.6"
-passlib = { extras = ["bcrypt"], version = "^1.7.4" }
 python-jose = "^3.3.0"
 python-multipart = "^0.0.6"
 sqladmin = "^0.14.0"
@@ -25,6 +24,7 @@ asyncio = "^3.4.3"
 celery = { extras = ["redis"], version = "^5.3.4" }
 pytz = "^2023.3.post1"
 pika = "^1.3.2"
+bcrypt = "^4.1.2"
 
 
 [tool.poetry.group.dev.dependencies]