remove passlib-specific hack and update TODO

Signed-off-by: Grant Ramsay <seapagan@gmail.com>

Author: seapagan

TODO.md

@@ -36,10 +36,7 @@
 
 - If a user is deleted while logged in, the API returns a 500 (Internal Server
    Error).
-- `passlib`, used to hash passwords, is pretty much abandoned, we should
-  probably just use `bcrypt` directly. This would allow us to upgrade to the
-  latest `bcrypt` package too. [NOTE: There is also a fork `libpass` that fixes
-  this and continues the project.]
+
 
 ## Auth
 

app/commands/user.py

@@ -2,7 +2,6 @@
 
 from __future__ import annotations
 
-import logging
 from asyncio import run as aiorun
 from typing import TYPE_CHECKING, Optional
 
@@ -105,8 +104,6 @@ def create(
     Values are either taken from the command line options, or interactively for
     any that are missing.
     """
-    # disable passlib logging, due to issues with latest bcrypt.
-    logging.getLogger("passlib").setLevel(logging.ERROR)
 
     async def _create_user(user_data: dict[str, str | RoleType]) -> None:
         """Async function to create a new user."""