From ad6de946b59461c30d11b82d756ed2f91d6e2dee Mon Sep 17 00:00:00 2001
From: serversdown <brian@serversdown.net>
Date: Mon, 15 Jun 2026 23:31:14 +0000
Subject: [PATCH] refactor: simplify verify_password except clause; drop unused
 import

---
 backend/auth_passwords.py    | 3 +--
 tests/test_auth_passwords.py | 1 -
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/backend/auth_passwords.py b/backend/auth_passwords.py
index befa92b..39839a6 100644
--- a/backend/auth_passwords.py
+++ b/backend/auth_passwords.py
@@ -4,7 +4,6 @@ Kept separate from portal_auth (cookie signing) so the future operator auth can
 reuse the same hasher. Never store or log raw passwords."""
 import secrets
 from argon2 import PasswordHasher
-from argon2.exceptions import VerifyMismatchError, VerificationError, InvalidHashError
 
 _ph = PasswordHasher()
 
@@ -18,7 +17,7 @@ def verify_password(raw: str, hashed: str) -> bool:
     """True iff raw matches the stored hash. Never raises."""
     try:
         return _ph.verify(hashed, raw)
-    except (VerifyMismatchError, VerificationError, InvalidHashError, Exception):
+    except Exception:  # argon2 raises on mismatch/garbage; treat all as "no match"
         return False
 
 
diff --git a/tests/test_auth_passwords.py b/tests/test_auth_passwords.py
index 2575a79..e2786d8 100644
--- a/tests/test_auth_passwords.py
+++ b/tests/test_auth_passwords.py
@@ -1,4 +1,3 @@
-import pytest
 from backend.auth_passwords import hash_password, verify_password, generate_password