2026-06-16 14:59:58 -04:00
2 changed files with 1 additions and 3 deletions
@@ -4,7 +4,6 @@ Kept separate from portal_auth (cookie signing) so the future operator auth can
 reuse the same hasher. Never store or log raw passwords."""
 import secrets
 from argon2 import PasswordHasher
-from argon2.exceptions import VerifyMismatchError, VerificationError, InvalidHashError

 _ph = PasswordHasher()

@@ -18,7 +17,7 @@ def verify_password(raw: str, hashed: str) -> bool:
    """True iff raw matches the stored hash. Never raises."""
    try:
        return _ph.verify(hashed, raw)
-    except (VerifyMismatchError, VerificationError, InvalidHashError, Exception):
+    except Exception:  # argon2 raises on mismatch/garbage; treat all as "no match"
        return False


@@ -1,4 +1,3 @@
-import pytest
 from backend.auth_passwords import hash_password, verify_password, generate_password