Skip to content

chore(innkeeper): upgrade bcrypt to 5.x and add 72-byte compat#1852

Merged
esune merged 2 commits intomainfrom
bcrypt-update
Feb 25, 2026
Merged

chore(innkeeper): upgrade bcrypt to 5.x and add 72-byte compat#1852
esune merged 2 commits intomainfrom
bcrypt-update

Conversation

@PatStLouis
Copy link
Contributor

@PatStLouis PatStLouis commented Feb 25, 2026

Summary

Upgrades bcrypt from 4.2.1 to 5.x in the traction-innkeeper plugin and keeps the app working under bcrypt 5’s 72-byte password limit.

Changes

  • bcrypt: Bumped to ^5.0.0 in plugins/traction_innkeeper/pyproject.toml.
  • Bcrypt 5.x compatibility: Added bcrypt_compat.py with limit_for_bcrypt() and use it in utils.py and tenant_manager.py so all inputs to hashpw/checkpw are capped at 72 bytes (bcrypt 5.x raises ValueError for longer inputs; 4.x truncated silently).
  • Plugin refs: multitenant-provider and connections (acapy-plugins) are set to rev = "main" because 1.4.0 pins bcrypt 4.x and would conflict with bcrypt 5.x. Only these two plugins are on main; no other acapy-plugins were changed.
  • Tests: New test test_limit_for_bcrypt_long_password; all 249 innkeeper tests pass with ruff lint/format and coverage.

Note on rev = "main"

Using main is temporary until the acapy-plugins repo has a release that uses bcrypt ^5.0.0 for multitenant_provider and connections. Once that release exists, we should switch these dependencies back to a tag (e.g. rev = "1.5.1") instead of main, so the innkeeper depends on a stable release instead of the current main branch.

@PatStLouis
chore(innkeeper): upgrade bcrypt to 5.x and add 72-byte compat; pin m…
083025e 
…ultitenant/connections to main

Signed-off-by: Patrick St-Louis <patrick.st-louis@opsecid.ca>
@github-actions
Copy link

github-actions bot commented Feb 25, 2026

Deployment Resource Location
Traction
Tenant UI https://pr-1852-traction-tenant-ui-dev.apps.silver.devops.gov.bc.ca
Innkeeper UI https://pr-1852-traction-tenant-ui-dev.apps.silver.devops.gov.bc.ca/innkeeper
Aca-Py
Admin Swagger https://pr-1852-traction-acapy-admin-dev.apps.silver.devops.gov.bc.ca/api/doc
Tenant Proxy Swagger https://pr-1852-traction-tenant-proxy-dev.apps.silver.devops.gov.bc.ca/api/doc

Deployment URLs ready for review.

@PatStLouis PatStLouis requested review from esune and loneil and removed request for esune and loneil February 25, 2026 16:13
@PatStLouis PatStLouis mentioned this pull request Feb 25, 2026
Closed
loneil
loneil previously approved these changes Feb 25, 2026
View reviewed changes
Copy link
Collaborator

@loneil loneil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I switched the PR over to manual reservation approval and confirmed the generated password works all good. Tenant creation, Login and API keys work

esune
esune requested changes Feb 25, 2026
View reviewed changes
@PatStLouis
address pr comments
ca1fe1e 
Signed-off-by: Patrick St-Louis <patrick.st-louis@opsecid.ca>
@PatStLouis
Copy link
Contributor Author

PatStLouis commented Feb 25, 2026

@esune I've addressed your 2 comments, lets wait for the tests to complete then I'm happy to merge this

@esune esune merged commit b03d1c2 into main Feb 25, 2026
12 checks passed
@esune esune deleted the bcrypt-update branch February 25, 2026 23:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@esune esune esune approved these changes

@loneil loneil loneil approved these changes

Assignees

No one assigned

Labels

None yet

Projects

CDT Enterprise Apps
Status: In Review

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@PatStLouis @esune @loneil