Hokzaap/VoxPopuli
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

another change

Browse Source 
Co-authored-by: Copilot <copilot@github.com>
This commit is contained in:
Juan M. Ley
2026-04-26 16:42:47 -06:00
parent af56f852e1
commit 498a1c8335
1 changed files with 23 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
src/infrastructure/api/users/auth_service.py
View File

@@ -1,4 +1,5 @@
import jwt import jwt
import hashlib
from datetime import datetime, timedelta from datetime import datetime, timedelta
from passlib.context import CryptContext from passlib.context import CryptContext
from typing import Optional, Dict from typing import Optional, Dict
@@ -16,19 +17,32 @@ class AuthService:
self.algorithm = ConfSettings.jwt_algorithm self.algorithm = ConfSettings.jwt_algorithm
self.expiration_hours = ConfSettings.jwt_expiration_hours self.expiration_hours = ConfSettings.jwt_expiration_hours
def hash_password(self, password: str) -> str: def _hash_password_sha256(self, password: str) -> str:
""" """
Hashea una contraseña usando bcrypt Hashea una contraseña con SHA256 para reducir su tamaño
Args: Args:
password: Contraseña en texto plano password: Contraseña en texto plano
Returns: Returns:
Hash bcrypt de la contraseña Hash SHA256 en hexadecimal (64 caracteres, siempre < 72 bytes)
""" """
# Bcrypt tiene límite de 72 bytes return hashlib.sha256(password.encode()).hexdigest()
password_truncated = password[:72]
return pwd_context.hash(password_truncated) def hash_password(self, password: str) -> str:
"""
Hashea una contraseña usando SHA256 + bcrypt
Args:
password: Contraseña en texto plano
Returns:
Hash bcrypt de la contraseña (SHA256 + bcrypt)
"""
# Primero hash SHA256 (64 chars hex, nunca > 72 bytes)
# Luego bcrypt para mayor seguridad
sha256_hash = self._hash_password_sha256(password)
return pwd_context.hash(sha256_hash)
def verify_password(self, plain_password: str, hashed_password: str) -> bool: def verify_password(self, plain_password: str, hashed_password: str) -> bool:
""" """
@@ -41,9 +55,9 @@ class AuthService:
Returns: Returns:
True si la contraseña es correcta, False en caso contrario True si la contraseña es correcta, False en caso contrario
""" """
# Bcrypt tiene límite de 72 bytes # Aplicar mismo proceso: SHA256 primero, luego verificar con bcrypt
plain_password_truncated = plain_password[:72] sha256_hash = self._hash_password_sha256(plain_password)
return pwd_context.verify(plain_password_truncated, hashed_password) return pwd_context.verify(sha256_hash, hashed_password)
def create_access_token(self, user_id: int, email: str) -> str: def create_access_token(self, user_id: int, email: str) -> str:
""" """