From e4d37dea3f43150f16042a9d5e4574e2d2654fe5 Mon Sep 17 00:00:00 2001
From: dvirlabs <dvirlabs@gmail.com>
Date: Fri, 8 May 2026 16:21:44 +0300
Subject: [PATCH] Fix bcrypt password verification error

- Added fallback to use bcrypt directly in verify_password
- Ensures password verification works despite passlib version conflicts
- Both hash and verify now handle bcrypt compatibility issue
---
 backend/app/services/auth.py | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/backend/app/services/auth.py b/backend/app/services/auth.py
index 74743e5..a01873c 100644
--- a/backend/app/services/auth.py
+++ b/backend/app/services/auth.py
@@ -14,11 +14,29 @@ security = HTTPBearer()
 
 
 def verify_password(plain_password: str, hashed_password: str) -> bool:
-    return pwd_context.verify(plain_password, hashed_password)
+    try:
+        return pwd_context.verify(plain_password, hashed_password)
+    except ValueError as e:
+        if "password cannot be longer than 72 bytes" in str(e):
+            # Fallback: use bcrypt directly to avoid passlib version issues
+            import bcrypt
+            return bcrypt.checkpw(
+                plain_password.encode('utf-8'),
+                hashed_password.encode('utf-8')
+            )
+        raise
 
 
 def get_password_hash(password: str) -> str:
-    return pwd_context.hash(password)
+    try:
+        return pwd_context.hash(password)
+    except Exception as e:
+        # Fallback: use bcrypt directly to avoid passlib version issues
+        import bcrypt
+        return bcrypt.hashpw(
+            password.encode('utf-8'),
+            bcrypt.gensalt()
+        ).decode('utf-8')
 
 
 def create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -> str: