From ead954f535fbfff6b72a676c70320afa7f46a084 Mon Sep 17 00:00:00 2001
From: Ralf Peschke <rpeschke@peschke-it.de>
Date: Wed, 29 Nov 2023 17:44:49 +0100
Subject: [PATCH 1/2] hash with argon2

---
 auth/libraries/pip-auth/authlib/hashing_handler.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/auth/libraries/pip-auth/authlib/hashing_handler.py b/auth/libraries/pip-auth/authlib/hashing_handler.py
index f64c2667..98101534 100644
--- a/auth/libraries/pip-auth/authlib/hashing_handler.py
+++ b/auth/libraries/pip-auth/authlib/hashing_handler.py
@@ -3,9 +3,6 @@
 import argon2
 
 
-HASH_WITH_SALT_LENGTH = 152
-
-
 class HashingHandler:
     def hash(self, to_hash: str, hash_reference: Optional[str] = None) -> str:
         ph = argon2.PasswordHasher()

From 1727053b9db142f42d98fadbe81a4be087d18595 Mon Sep 17 00:00:00 2001
From: Ralf Peschke <rpeschke@peschke-it.de>
Date: Thu, 30 Nov 2023 11:29:56 +0100
Subject: [PATCH 2/2] wrap argon2 verify with exception catcher

---
 auth/libraries/pip-auth/authlib/hashing_handler.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/auth/libraries/pip-auth/authlib/hashing_handler.py b/auth/libraries/pip-auth/authlib/hashing_handler.py
index 98101534..586a5c4c 100644
--- a/auth/libraries/pip-auth/authlib/hashing_handler.py
+++ b/auth/libraries/pip-auth/authlib/hashing_handler.py
@@ -10,4 +10,11 @@ def hash(self, to_hash: str, hash_reference: Optional[str] = None) -> str:
 
     def verify(self, hash: str, password: str) -> bool:
         ph = argon2.PasswordHasher()
-        return ph.verify(hash, password)
+        try:
+            return ph.verify(hash, password)
+        except (
+            argon2.exceptions.VerifyMismatchError,
+            argon2.exceptions.VerificationError,
+            argon2.exceptions.InvalidHashError,
+        ):
+            return False