Merge branch 'main' of https://github.com/Promptly-Technologies-LLC/fastapi-jinja2-postgres-webapp

Author: chriscarrollsmith

README.md

@@ -1,5 +1,7 @@
 # FastAPI, Jinja2, PostgreSQL Webapp
 
+![Screenshot of homepage](static/Screenshot.png)
+
 This project is still under development.
 
 ## Installation

poetry.lock

@@ -11,7 +11,6 @@ python = "^3.12"
 sqlmodel = "^0.0.22"
 mypy = "^1.11.2"
 fastapi = "^0.114.1"
-passlib = {extras = ["bcrypt"], version = "^1.7.4"}
 pyjwt = "^2.9.0"
 jinja2 = "^3.1.4"
 uvicorn = "^0.30.6"
@@ -20,6 +19,7 @@ pydantic = {extras = ["email"], version = "^2.9.1"}
 python-multipart = "^0.0.9"
 python-dotenv = "^1.0.1"
 resend = "^2.4.0"
+bcrypt = "^4.2.0"
 
 
 [build-system]

pyproject.toml

@@ -23,7 +23,7 @@
         <div class="mb-3">
             <label for="password" class="form-label">Password</label>
             <input type="password" class="form-control" id="password" name="password" 
-                   pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}" 
+                   pattern="(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@$!%*?&\{\}\<\>\.\,\\\\'#\-_=\+\(\)\[\]:;\|~])[A-Za-z\d@$!%*?&\{\}\<\>\.\,\\\\'#\-_=\+\(\)\[\]:;\|~]{8,}"
                    title="Must contain at least one number, one uppercase and lowercase letter, one special character, and at least 8 or more characters" 
                    placeholder="Enter your password" required>
             <div class="invalid-feedback">

static/Screenshot.png

@@ -7,7 +7,7 @@
 import resend
 from dotenv import load_dotenv
 from sqlmodel import Session, select
-from passlib.context import CryptContext
+from bcrypt import gensalt, hashpw, checkpw
 from datetime import UTC, datetime, timedelta
 from typing import Optional
 from fastapi import Depends, Cookie, HTTPException, status
@@ -19,7 +19,6 @@
 
 # --- AUTH ---
 
-pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
 SECRET_KEY = os.getenv("SECRET_KEY")
 ALGORITHM = "HS256"
 ACCESS_TOKEN_EXPIRE_MINUTES = 30
@@ -43,16 +42,27 @@ def validate_password_strength(password: str) -> bool:
     - At least 8 characters long
     """
     pattern = re.compile(
-        r"(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]{8,}")
+        r"(?=.*\d)(?=.*[a-z])(?=.*[A-Z])(?=.*[@$!%*?&{}<>.,\\'#\-_=+\(\)\[\]:;|~])[A-Za-z\d@$!%*?&{}<>.,\\'#\-_=+\(\)\[\]:;|~]{8,}")
     return bool(pattern.match(password))
 
 
 def get_password_hash(password: str) -> str:
-    return pwd_context.hash(password)
+    """
+    Hash a password using bcrypt with a random salt
+    """
+    # Convert the password to bytes and generate the hash
+    password_bytes = password.encode('utf-8')
+    salt = gensalt()
+    return hashpw(password_bytes, salt).decode('utf-8')
 
 
 def verify_password(plain_password: str, hashed_password: str) -> bool:
-    return pwd_context.verify(plain_password, hashed_password)
+    """
+    Verify a password against a bcrypt hash
+    """
+    password_bytes = plain_password.encode('utf-8')
+    hashed_bytes = hashed_password.encode('utf-8')
+    return checkpw(password_bytes, hashed_bytes)
 
 
 def create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -> str: