Update src/utils/security.py

src/utils/security.py

@@ -25,13 +25,24 @@ except Exception as e:
 
 
 def hash_password(password: str) -> str:
-    """Hash a password using bcrypt."""
+    """Hash a password using bcrypt or fallback method."""
     try:
         # Truncate password to 72 bytes to avoid bcrypt limitation
         if len(password.encode('utf-8')) > 72:
             logger.warning("Password exceeds 72 bytes, truncating")
-            password = password.encode('utf-8')[:72].decode('utf-8', errors='ignore')
+            # Properly truncate UTF-8 bytes
+            password_bytes = password.encode('utf-8')[:72]
+            password = password_bytes.decode('utf-8', errors='ignore')
         return pwd_context.hash(password)
+    except ValueError as ve:
+        if "72 bytes" in str(ve):
+            logger.error(f"Password too long even after truncation: {str(ve)}")
+            # Force truncate to exactly 72 bytes and try again
+            password = password.encode('utf-8')[:72].decode('utf-8', errors='ignore')
+            return pwd_context.hash(password)
+        else:
+            logger.error(f"ValueError hashing password: {str(ve)}")
+            raise
     except Exception as e:
         logger.error(f"Error hashing password: {str(e)}")
         raise
@@ -40,6 +51,10 @@ def hash_password(password: str) -> str:
 def verify_password(plain_password: str, hashed_password: str) -> bool:
     """Verify a plain password against its hash."""
     try:
+        # Truncate password to 72 bytes to match hashing behavior
+        if len(plain_password.encode('utf-8')) > 72:
+            logger.warning("Password exceeds 72 bytes during verification, truncating")
+            plain_password = plain_password.encode('utf-8')[:72].decode('utf-8', errors='ignore')
         return pwd_context.verify(plain_password, hashed_password)
     except Exception as e:
         logger.error(f"Error verifying password: {str(e)}")