[REFACTOR] argilla server: Remove passlib dependency (#5674)

# Description
<!-- Please include a summary of the changes and the related issue.
Please also include relevant motivation and context. List any
dependencies that are required for this change. -->

Closes #5664

**Type of change**
<!-- Please delete options that are not relevant. Remember to title the
PR according to the type of change -->

- Improvement (change adding some improvement to an existing
functionality)

**How Has This Been Tested**
<!-- Please add some reference about how your feature has been tested.
-->

**Checklist**
<!-- Please go over the list and make sure you've taken everything into
account -->

- I added relevant documentation
- I followed the style guidelines of this project
- I did a self-review of my code
- I made corresponding changes to the documentation
- I confirm My changes generate no new warnings
- I have added tests that prove my fix is effective or that my feature
works
- I have added relevant notes to the CHANGELOG.md file (See
https://keepachangelog.com/)

---------

Co-authored-by: José Francisco Calvo <[email protected]>
Co-authored-by: José Francisco Calvo <[email protected]>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>

Author: 3 people

argilla-server/pdm.lock

@@ -39,7 +39,7 @@ dependencies = [
     "PyYAML >= 5.4.1,< 6.1.0",
     # security dependencies
     "python-jose[cryptography] ~= 3.3.0",
-    "passlib[bcrypt] ~= 1.7.4",
+    "bcrypt ~= 4.2.0",
     # required by fastapi
     "python-multipart ~= 0.0.16",
     # OAuth2 integration

argilla-server/pyproject.toml

@@ -15,7 +15,7 @@
 from typing import Iterable, List, Sequence, Union
 from uuid import UUID
 
-from passlib.context import CryptContext
+import bcrypt
 from sqlalchemy import exists, select
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.orm import selectinload
@@ -27,8 +27,6 @@
 from argilla_server.security.authentication.jwt import JWT
 from argilla_server.security.authentication.userinfo import UserInfo
 
-_CRYPT_CONTEXT = CryptContext(schemes=["bcrypt"], deprecated="auto")
-
 
 async def create_workspace_user(db: AsyncSession, workspace_user_attrs: dict) -> WorkspaceUser:
     workspace_id = workspace_user_attrs["workspace_id"]
@@ -168,19 +166,21 @@ async def authenticate_user(db: AsyncSession, username: str, password: str):
     elif user:
         return
     else:
-        _CRYPT_CONTEXT.dummy_verify()
+        _dummy_verify()
 
 
 def hash_password(password: str) -> str:
-    return _CRYPT_CONTEXT.hash(password)
+    return bcrypt.hashpw(
+        bytes(password, encoding="utf-8"),
+        bcrypt.gensalt(),
+    ).decode("utf-8")
 
 
 def verify_password(password: str, password_hash: str) -> bool:
-    return _CRYPT_CONTEXT.verify(password, password_hash)
-
-
-def _generate_random_password() -> str:
-    return secrets.token_urlsafe()
+    return bcrypt.checkpw(
+        bytes(password, encoding="utf-8"),
+        bytes(password_hash, encoding="utf-8"),
+    )
 
 
 def generate_user_token(user: User) -> str:
@@ -192,3 +192,15 @@ def generate_user_token(user: User) -> str:
             role=user.role,
         ),
     )
+
+
+_DUMMY_SECRET = "dummy_secret"
+_DUMMY_HASH = hash_password(_DUMMY_SECRET)
+
+
+def _dummy_verify():
+    verify_password(_DUMMY_SECRET, _DUMMY_HASH)
+
+
+def _generate_random_password() -> str:
+    return secrets.token_urlsafe()