Fix auth datetime comparison and bcrypt dependency

- Use timezone-aware datetimes (datetime.now(timezone.utc)) for session expiry comparison - Add explicit bcrypt==4.0.1 dependency for passlib bcrypt backend
2026-01-08 15:14:54 -06:00
parent 2a68708a79
commit 696793c84f
2 changed files with 9 additions and 8 deletions
--- a/backend/app/auth.py
+++ b/backend/app/auth.py
@@ -5,7 +5,7 @@ Handles password hashing, session management, and API key operations.

 import hashlib
 import secrets
-from datetime import datetime, timedelta
+from datetime import datetime, timedelta, timezone
 from typing import Optional
 from passlib.context import CryptContext
 from sqlalchemy.orm import Session
@@ -113,7 +113,7 @@ class AuthService:

    def update_last_login(self, user: User) -> None:
        """Update the user's last login timestamp."""
-        user.last_login = datetime.utcnow()
+        user.last_login = datetime.now(timezone.utc)
        self.db.commit()

    def list_users(self, include_inactive: bool = False) -> list[User]:
@@ -159,7 +159,7 @@ class AuthService:
        session = UserSession(
            user_id=user.id,
            token_hash=token_hash,
-            expires_at=datetime.utcnow() + timedelta(hours=SESSION_DURATION_HOURS),
+            expires_at=datetime.now(timezone.utc) + timedelta(hours=SESSION_DURATION_HOURS),
            user_agent=user_agent,
            ip_address=ip_address,
        )
@@ -184,14 +184,14 @@ class AuthService:
        if not session:
            return None

-        if session.expires_at < datetime.utcnow():
+        if session.expires_at < datetime.now(timezone.utc):
            # Session has expired, delete it
            self.db.delete(session)
            self.db.commit()
            return None

        # Update last accessed time
-        session.last_accessed = datetime.utcnow()
+        session.last_accessed = datetime.now(timezone.utc)
        self.db.commit()

        return session
@@ -213,7 +213,7 @@ class AuthService:
        """Delete all expired sessions. Returns count of deleted sessions."""
        count = (
            self.db.query(UserSession)
-            .filter(UserSession.expires_at < datetime.utcnow())
+            .filter(UserSession.expires_at < datetime.now(timezone.utc))
            .delete()
        )
        self.db.commit()
@@ -268,11 +268,11 @@ class AuthService:
            return None

        # Check expiration
-        if api_key.expires_at and api_key.expires_at < datetime.utcnow():
+        if api_key.expires_at and api_key.expires_at < datetime.now(timezone.utc):
            return None

        # Update last used time
-        api_key.last_used = datetime.utcnow()
+        api_key.last_used = datetime.now(timezone.utc)
        self.db.commit()

        return api_key