Skip to content

refactor: remove duplicate password hashing logic and use password_utils

Rajuldev Vandana requested to merge fix/remove-duplicate-password into develop

Merge Request

Overview

This MR refactors the authentication service by removing duplicate password hashing logic and reusing the centralized implementation from password_utils.py.

What does this MR do and why?

This change removes redundant implementations of:

  • pwd_context
  • verify_password()
  • get_password_hash()

from app/services/auth_service.py and replaces them with imports from app/utils/password_utils.py.

Why:

  • Avoids code duplication
  • Ensures a single source of truth for password hashing
  • Reduces risk of inconsistency in authentication logic
  • Improves maintainability and code quality

Changes Made

Files Modified:

  • app/services/auth_service.py

Key Changes:

  • Removed duplicate password hashing logic

  • Added import:

    from app.utils.password_utils import get_password_hash, verify_password

  • Updated existing usages to rely on shared utility functions

Technical Details

Root Cause:

Duplicate bcrypt wrapper implementations existed in both:

  • auth_service.py
  • password_utils.py

This could lead to divergence and confusion about the canonical implementation.

Fix:

  • Removed duplicate definitions from auth_service.py
  • Reused functions from password_utils.py

Type of Change

  • 🐛 Bug fix
  • New feature
  • 💥 Breaking change
  • 📝 Documentation update
  • ️ Refactor (no functional changes)
  • Performance improvement
  • 🧪 Test update
  • 🔧 Configuration change
  • 🚨 Security fix
  • 🗑️ Deprecation

Related Issues / References

How to Validate Locally

  1. Start the backend server:

    uvicorn main:app --reload

  2. Test authentication flows:

    • User login
    • User registration
    • Password reset (if applicable)

  3. Run test suite:

    pytest

Testing Done

  • Unit tests added/updated
  • API endpoint tests passing

Test Cases Covered:

Scenario Expected Result Status
User Login Successful authentication
User Registration Password hashed correctly
Password Reset New password stored securely

Test Commands Run:

pytest
pytest --cov=app

Code Quality Checklist

Code Standards

  • No duplicate code (DRY principle followed)
  • No unused imports or functions
  • Code follows project conventions

Security

  • Password hashing handled securely via shared utility
  • No sensitive data exposed

Documentation

  • README.md updated (not required)
  • API documentation updated (not required)

Known Limitations / Technical Debt

None.

Additional Notes

This is a pure refactor with no functional changes. Authentication behavior remains unchanged.

MR Acceptance Checklist

Quality & Correctness

  • Code works as intended
  • No functionality broken

Maintainability

  • Code is cleaner and centralized
  • Easier to maintain going forward

Merge request reports