refactor: Remove passlib and use bcrypt directly

argilla-io · Nov 6, 2024 · 49f4215 · 49f4215
1 parent c0c62a5
commit 49f4215
Showing 1 changed file with 22 additions and 10 deletions.
diff --git a/argilla-server/src/argilla_server/contexts/accounts.py b/argilla-server/src/argilla_server/contexts/accounts.py
@@ -15,7 +15,7 @@
 from typing import Iterable, List, Sequence, Union
 from uuid import UUID
 
-from passlib.context import CryptContext
+import bcrypt
 from sqlalchemy import exists, select
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.orm import selectinload
@@ -27,8 +27,6 @@
 from argilla_server.security.authentication.jwt import JWT
 from argilla_server.security.authentication.userinfo import UserInfo
 
-_CRYPT_CONTEXT = CryptContext(schemes=["bcrypt"], deprecated="auto")
-
 
 async def create_workspace_user(db: AsyncSession, workspace_user_attrs: dict) -> WorkspaceUser:
     workspace_id = workspace_user_attrs["workspace_id"]
@@ -168,19 +166,21 @@ async def authenticate_user(db: AsyncSession, username: str, password: str):
     elif user:
         return
     else:
-        _CRYPT_CONTEXT.dummy_verify()
+        _dummy_verify()
 
 
 def hash_password(password: str) -> str:
-    return _CRYPT_CONTEXT.hash(password)
+    return bcrypt.hashpw(
+        bytes(password, encoding="utf-8"),
+        bcrypt.gensalt(),
+    ).decode("utf-8")
 
 
 def verify_password(password: str, password_hash: str) -> bool:
-    return _CRYPT_CONTEXT.verify(password, password_hash)
-
-
-def _generate_random_password() -> str:
-    return secrets.token_urlsafe()
+    return bcrypt.checkpw(
+        bytes(password, encoding="utf-8"),
+        bytes(password_hash, encoding="utf-8"),
+    )
 
 
 def generate_user_token(user: User) -> str:
@@ -192,3 +192,15 @@ def generate_user_token(user: User) -> str:
             role=user.role,
         ),
     )
+
+
+_dummy_secret = "dummy_secret"
+_dummy_hash = hash_password(_dummy_secret)
+
+
+def _dummy_verify():
+    verify_password(_dummy_secret, _dummy_hash)
+
+
+def _generate_random_password() -> str:
+    return secrets.token_urlsafe()