fix: allow dots in usernames; BCrypt fallback in password verifier for v1 migrations

2026-05-15 02:56:18 +02:00
parent 555bcea307
commit f7350847c5
3 changed files with 10 additions and 2 deletions
--- a/crates/adapters/auth/Cargo.toml
+++ b/crates/adapters/auth/Cargo.toml
@@ -13,4 +13,5 @@ tokio        = { workspace = true }
 serde        = { workspace = true }
 jsonwebtoken = "9"
 argon2       = "0.5"
+bcrypt        = "0.15"
 rand          = "0.8"
--- a/crates/adapters/auth/src/lib.rs
+++ b/crates/adapters/auth/src/lib.rs
@@ -76,6 +76,10 @@ impl PasswordHasher for Argon2PasswordHasher {
    }

    async fn verify(&self, plain: &str, hash: &PasswordHash) -> Result<bool, DomainError> {
+        if hash.0.starts_with("$2") {
+            return bcrypt::verify(plain, &hash.0)
+                .map_err(|e| DomainError::Internal(e.to_string()));
+        }
        use argon2::{password_hash::PasswordHash as ArgonHash, Argon2, PasswordVerifier};
        let parsed = ArgonHash::new(&hash.0).map_err(|e| DomainError::Internal(e.to_string()))?;
        Ok(Argon2::default()