From 03e73a2c4cd74b48492f021ef7fbbc7c6288f82c Mon Sep 17 00:00:00 2001
From: Niranjan <niranjan@yakpanel.com>
Date: Tue, 7 Apr 2026 03:40:06 +0530
Subject: [PATCH] new changes

---
 YakPanel-server/backend/app/core/security.py | 5 +++--
 YakPanel-server/backend/requirements.txt     | 2 ++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/YakPanel-server/backend/app/core/security.py b/YakPanel-server/backend/app/core/security.py
index 75a48b05..fc4b56f6 100644
--- a/YakPanel-server/backend/app/core/security.py
+++ b/YakPanel-server/backend/app/core/security.py
@@ -6,7 +6,8 @@ from passlib.context import CryptContext
 from app.core.config import get_settings
 
 settings = get_settings()
-pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+# bcrypt_sha256: SHA-256 pre-hash then bcrypt (no 72-byte limit); bcrypt: verify legacy hashes
+pwd_context = CryptContext(schemes=["bcrypt_sha256", "bcrypt"], deprecated="auto")
 
 
 def verify_password(plain_password: str, hashed_password: str) -> bool:
@@ -15,7 +16,7 @@ def verify_password(plain_password: str, hashed_password: str) -> bool:
 
 
 def get_password_hash(password: str) -> str:
-    """Hash a password"""
+    """Hash a password (uses bcrypt_sha256; bcrypt only supports 72 raw bytes)."""
     return pwd_context.hash(password)
 
 
diff --git a/YakPanel-server/backend/requirements.txt b/YakPanel-server/backend/requirements.txt
index c7c9cd2c..793f3d7e 100644
--- a/YakPanel-server/backend/requirements.txt
+++ b/YakPanel-server/backend/requirements.txt
@@ -12,6 +12,8 @@ asyncpg>=0.29.0
 # Auth
 python-jose[cryptography]>=3.3.0
 passlib[bcrypt]>=1.7.4
+# passlib 1.7.4 breaks against bcrypt>=4.1 (ValueError in bcrypt self-test / 72-byte rules)
+bcrypt>=4.0.1,<4.1
 python-dotenv>=1.0.0
 
 # Redis & Celery