From 464b47fb9c60cf836abb4199686246a26bfea415 Mon Sep 17 00:00:00 2001
From: Audiolib <audiolib@setup>
Date: Tue, 26 May 2026 13:49:23 +0200
Subject: [PATCH] Replace passlib with bcrypt directly to fix Python 3.12
 compatibility

passlib 1.7.4 runs an internal bcrypt wrap-bug test on startup that
fails with bcrypt 4.x because it uses a >72 byte test password.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 backend/app/services/auth.py | 8 +++-----
 backend/requirements.txt     | 2 +-
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/backend/app/services/auth.py b/backend/app/services/auth.py
index 2cd1ec4..01bfee5 100644
--- a/backend/app/services/auth.py
+++ b/backend/app/services/auth.py
@@ -1,18 +1,16 @@
 from datetime import datetime, timedelta
 from typing import Optional
+import bcrypt
 from jose import JWTError, jwt
-from passlib.context import CryptContext
 from ..config import get_settings
 
-pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
-
 
 def hash_password(password: str) -> str:
-    return pwd_context.hash(password)
+    return bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()
 
 
 def verify_password(plain: str, hashed: str) -> bool:
-    return pwd_context.verify(plain, hashed)
+    return bcrypt.checkpw(plain.encode(), hashed.encode())
 
 
 def create_token(user_id: str) -> str:
diff --git a/backend/requirements.txt b/backend/requirements.txt
index 1771db3..97de8b7 100644
--- a/backend/requirements.txt
+++ b/backend/requirements.txt
@@ -5,7 +5,7 @@ aiosqlite==0.20.0
 pydantic==2.9.2
 pydantic-settings==2.5.2
 python-jose[cryptography]==3.3.0
-passlib[bcrypt]==1.7.4
+bcrypt==4.2.0
 python-multipart==0.0.12
 httpx==0.27.2
 watchdog==5.0.3