fix: replace passlib with bcrypt directly (passlib+bcrypt 5.0 incompatible)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-02 14:00:43 +09:00
parent e63d2971a9
commit 23ee055357
2 changed files with 4 additions and 5 deletions
--- a/app/core/auth.py
+++ b/app/core/auth.py
@@ -3,18 +3,17 @@
 from datetime import datetime, timedelta, timezone
 from typing import Annotated

+import bcrypt
 import pyotp
 from fastapi import Depends, HTTPException, status
 from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
 from jose import JWTError, jwt
-from passlib.context import CryptContext
 from sqlalchemy import select
 from sqlalchemy.ext.asyncio import AsyncSession

 from core.config import settings
 from core.database import get_session

-pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
 security = HTTPBearer()

 # JWT 설정
@@ -24,11 +23,11 @@ REFRESH_TOKEN_EXPIRE_DAYS = 7


 def verify_password(plain: str, hashed: str) -> bool:
-    return pwd_context.verify(plain, hashed)
+    return bcrypt.checkpw(plain.encode(), hashed.encode())


 def hash_password(password: str) -> str:
-    return pwd_context.hash(password)
+    return bcrypt.hashpw(password.encode(), bcrypt.gensalt()).decode()


 def create_access_token(subject: str) -> str:
--- a/app/requirements.txt
+++ b/app/requirements.txt
@@ -7,7 +7,7 @@ python-dotenv>=1.0.0
 pyyaml>=6.0
 httpx>=0.27.0
 python-jose[cryptography]>=3.3.0
-passlib[bcrypt]>=1.7.4
+bcrypt>=4.0.0
 pyotp>=2.9.0
 caldav>=1.3.0
 apscheduler>=3.10.0