fix: update to use pwdlib with argon2 instead of passlib

CarlosAndreo · CarlosAndreo · commit e0f1d9e5b04e · 2025-10-02T17:14:51.000Z
diff --git a/README.md b/README.md
@@ -86,7 +86,7 @@ The mongo-express UI will be available at `http://localhost:8081`.
 [license-url]: https://github.com/CarlosAndreo/fastapi-mongodb/blob/main/LICENSE
 [python-badge]: https://img.shields.io/badge/Python-3.13.7-blue?style=for-the-badge&logo=python&logoColor=white&labelColor=3776AB
 [python-url]: https://www.python.org/downloads/release/python-3137/
-[fastapi-badge]: https://img.shields.io/badge/FastAPI-0.117.1-blue?style=for-the-badge&logo=fastapi&logoColor=white&labelColor=009688
+[fastapi-badge]: https://img.shields.io/badge/FastAPI-0.118.0-blue?style=for-the-badge&logo=fastapi&logoColor=white&labelColor=009688
 [fastapi-url]: https://fastapi.tiangolo.com/
 [mongodb-badge]: https://img.shields.io/badge/MongoDB-8.0-green?style=for-the-badge&logo=mongodb&logoColor=white&labelColor=47A248
 [mongodb-url]: https://www.mongodb.com/
diff --git a/app/core/security.py b/app/core/security.py
@@ -1,17 +1,17 @@
-from passlib.context import CryptContext
+from pwdlib import PasswordHash
 
-pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+password_hash = PasswordHash.recommended()
 
 
-def hash_password(password: str) -> str:
+def get_password_hash(password: str) -> str:
     """
     Hash a password using bcrypt
     """
-    return pwd_context.hash(secret=password)
+    return password_hash.hash(password=password)
 
 
 def verify_password(plain_password, hashed_password):
     """
     Verify a password against a hashed password
     """
-    return pwd_context.verify(secret=plain_password, hash=hashed_password)
+    return password_hash.verify(password=plain_password, hash=hashed_password)
diff --git a/app/services/user.py b/app/services/user.py
@@ -1,4 +1,4 @@
-from core.security import hash_password
+from core.security import get_password_hash
 from repositories.user import find_user_by_username, insert_user, update_user
 from schemas.user import User, UserCreate, UserInDB
 
@@ -22,7 +22,7 @@ async def create_user(user: UserCreate) -> User | None:
     """
     Create user in the database
     """
-    hashed_password = hash_password(password=user.password)
+    hashed_password = get_password_hash(password=user.password)
     user_in_db = UserInDB(
         **user.model_dump(exclude={"password"}), hashed_password=hashed_password
     )
@@ -34,7 +34,7 @@ async def change_password(user: User, new_password: str) -> User | None:
     """
     Change user password
     """
-    hashed_password = hash_password(password=new_password)
+    hashed_password = get_password_hash(password=new_password)
     user_in_db = UserInDB(
         **user.model_dump(exclude={"password"}), hashed_password=hashed_password
     )
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -1,7 +1,7 @@
 services:
 
   mongodb:
-    image: mongo:8.0.13-noble
+    image: mongo:8.0.14-noble
     container_name: ${MONGO_INITDB_DATABASE}
     restart: always
     ports:
diff --git a/pyproject.toml b/pyproject.toml
@@ -9,14 +9,14 @@ authors = [{ name = "Carlos Andreo", email = "c.andreo@uma.es" }]
 
 [dependency-groups]
 prod = [
-  "fastapi[standard]==0.117.1",
+  "fastapi[standard]==0.118.0",
   "motor==3.7.1",
-  "passlib[bcrypt]==1.7.4",
+  "pwdlib[argon2]==0.2.1",
   "pydantic-settings==2.11.0",
   "pyjwt==2.10.1",
 ]
 lint = [
-  "ruff==0.13.1",
+  "ruff==0.13.2",
 ]
 
 [tool.uv]
diff --git a/uv.lock b/uv.lock
