From c72397c2289ab9371d962355508505fe151cb279 Mon Sep 17 00:00:00 2001 From: "Juan M. Ley" Date: Sun, 26 Apr 2026 16:49:57 -0600 Subject: [PATCH] changed more stuff Co-authored-by: Copilot --- requirements.txt | 2 +- src/infrastructure/api/users/auth_service.py | 35 ++++++-------------- 2 files changed, 12 insertions(+), 25 deletions(-) diff --git a/requirements.txt b/requirements.txt index 9cc49ab..fe456d9 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9,5 +9,5 @@ python-dotenv pika Pillow PyJWT -passlib[bcrypt] +passlib[argon2] python-multipart diff --git a/src/infrastructure/api/users/auth_service.py b/src/infrastructure/api/users/auth_service.py index 2e0b5be..581802c 100644 --- a/src/infrastructure/api/users/auth_service.py +++ b/src/infrastructure/api/users/auth_service.py @@ -1,12 +1,16 @@ import jwt -import hashlib from datetime import datetime, timedelta from passlib.context import CryptContext from typing import Optional, Dict from core.config import ConfSettings # Configurar contexto para hashing de contraseñas -pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto") +# Soporta argon2 (nuevo) y bcrypt (antiguo) para compatibilidad hacia atrás +pwd_context = CryptContext( + schemes=["argon2"], + deprecated=["bcrypt"], + argon2__rounds=3 +) class AuthService: @@ -17,32 +21,17 @@ class AuthService: self.algorithm = ConfSettings.jwt_algorithm self.expiration_hours = ConfSettings.jwt_expiration_hours - def _hash_password_sha256(self, password: str) -> str: - """ - Hashea una contraseña con SHA256 para reducir su tamaño - - Args: - password: Contraseña en texto plano - - Returns: - Hash SHA256 en hexadecimal (64 caracteres, siempre < 72 bytes) - """ - return hashlib.sha256(password.encode()).hexdigest() - def hash_password(self, password: str) -> str: """ - Hashea una contraseña usando SHA256 + bcrypt + Hashea una contraseña usando argon2 Args: password: Contraseña en texto plano Returns: - Hash bcrypt de la contraseña (SHA256 + bcrypt) + Hash argon2 de la contraseña """ - # Primero hash SHA256 (64 chars hex, nunca > 72 bytes) - # Luego bcrypt para mayor seguridad - sha256_hash = self._hash_password_sha256(password) - return pwd_context.hash(sha256_hash) + return pwd_context.hash(password) def verify_password(self, plain_password: str, hashed_password: str) -> bool: """ @@ -50,14 +39,12 @@ class AuthService: Args: plain_password: Contraseña en texto plano - hashed_password: Hash bcrypt para verificar + hashed_password: Hash argon2 para verificar Returns: True si la contraseña es correcta, False en caso contrario """ - # Aplicar mismo proceso: SHA256 primero, luego verificar con bcrypt - sha256_hash = self._hash_password_sha256(plain_password) - return pwd_context.verify(sha256_hash, hashed_password) + return pwd_context.verify(plain_password, hashed_password) def create_access_token(self, user_id: int, email: str) -> str: """