From 3f8dc7e6c5a99fc4dca3e117c502a17894417a83 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C9=A7=CF=83=E2=84=93=CF=83?=
 <paulin.segura@etudiant.univ-lr.fr>
Date: Tue, 2 Dec 2025 19:42:59 +0100
Subject: [PATCH] fix: update password handling and constraints

---
 .gitignore       |  1 +
 auth.py          | 15 +++++++++++++--
 main.py          |  1 +
 models.py        |  1 +
 requirements.txt |  1 +
 schemas.py       |  2 +-
 6 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/.gitignore b/.gitignore
index 8732df9..94b6c05 100644
--- a/.gitignore
+++ b/.gitignore
@@ -54,3 +54,4 @@ Thumbs.db
 # Docker
 .dockerignore
 
+
diff --git a/auth.py b/auth.py
index 4c16221..efee70d 100644
--- a/auth.py
+++ b/auth.py
@@ -28,12 +28,23 @@ security = HTTPBearer()
 
 
 def verify_password(plain_password: str, hashed_password: str) -> bool:
-    """Vérifier un mot de passe"""
+    """Vérifier un mot de passe (bcrypt limite à 72 bytes)"""
+    # Tronquer le mot de passe à 72 bytes pour éviter l'erreur bcrypt
+    password_bytes = plain_password.encode('utf-8')
+    if len(password_bytes) > 72:
+        password_bytes = password_bytes[:72]
+        plain_password = password_bytes.decode('utf-8', errors='ignore')
     return pwd_context.verify(plain_password, hashed_password)
 
 
 def get_password_hash(password: str) -> str:
-    """Hacher un mot de passe"""
+    """Hacher un mot de passe (bcrypt limite à 72 bytes)"""
+    # Tronquer le mot de passe à 72 bytes pour éviter l'erreur bcrypt
+    # Encoder en UTF-8 pour obtenir les bytes
+    password_bytes = password.encode('utf-8')
+    if len(password_bytes) > 72:
+        password_bytes = password_bytes[:72]
+        password = password_bytes.decode('utf-8', errors='ignore')
     return pwd_context.hash(password)
 
 
diff --git a/main.py b/main.py
index d48db97..279cc40 100644
--- a/main.py
+++ b/main.py
@@ -262,3 +262,4 @@ async def health_check():
     """Vérification de l'état de l'API"""
     return {"status": "ok", "message": "API Anime Tracker is running"}
 
+
diff --git a/models.py b/models.py
index 95a0cd9..7c57afb 100644
--- a/models.py
+++ b/models.py
@@ -40,3 +40,4 @@ class Anime(Base):
     
     user = relationship("User", back_populates="animes")
 
+
diff --git a/requirements.txt b/requirements.txt
index 24ddcfa..f9816f9 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -7,6 +7,7 @@ pydantic[email]
 pydantic-settings==2.1.0
 python-jose[cryptography]==3.3.0
 passlib[bcrypt]==1.7.4
+bcrypt==4.0.1
 python-multipart==0.0.6
 python-dotenv==1.0.0
 
diff --git a/schemas.py b/schemas.py
index 8912ce3..67c3ec2 100644
--- a/schemas.py
+++ b/schemas.py
@@ -11,7 +11,7 @@ from datetime import datetime
 class UserCreate(BaseModel):
     username: str = Field(..., min_length=3, max_length=50)
     email: EmailStr
-    password: str = Field(..., min_length=6)
+    password: str = Field(..., min_length=6, max_length=72)
 
 
 class UserLogin(BaseModel):