Skip to content

refactor: remove duplicate password hashing logic

Rajuldev Vandana requested to merge fix/remove-duplicate into develop

Overview

This MR refactors the authentication service by removing duplicate password hashing logic and reusing the centralized implementation from password_utils.py.

What does this MR do and why?

This change removes redundant implementations of:

  • pwd_context
  • verify_password()
  • get_password_hash()

from app/services/auth_service.py and replaces them with imports from app/utils/password_utils.py.

Why:

  • Avoids code duplication
  • Ensures a single source of truth for password hashing
  • Reduces risk of inconsistency in authentication logic
  • Improves maintainability and code quality

Changes Made

  • Modified: app/services/auth_service.py
  • Removed duplicate password hashing logic
  • Imported shared functions from password_utils.py
  • Cleaned unused imports

Technical Details

Root Cause: Duplicate bcrypt-based password hashing logic existed in multiple places.

Fix:

  • Removed local implementations from auth_service.py
  • Reused centralized functions from password_utils.py

Type of Change

  • 🐛 Bug fix
  • New feature
  • 💥 Breaking change
  • 📝 Documentation update
  • ️ Refactor (no functional changes)
  • Performance improvement
  • 🧪 Test update
  • 🔧 Configuration change
  • 🚨 Security fix
  • 🗑️ Deprecation

Related Issues / References

Screenshots or Screen Recordings

N/A

How to Validate Locally

  1. Start the backend:

    uvicorn main:app --reload

  2. Test:

    • User login
    • User registration
    • Password reset

  3. Run tests:

    pytest

Testing Done

  • Unit tests added/updated
  • API endpoint tests passing

Test Cases Covered:

Scenario Expected Result Status
User Login Successful authentication
User Registration Password hashed correctly
Password Reset Password updated securely

Test Commands Run:

pytest
pytest --cov=app

Code Quality Checklist

Code Standards

  • Code follows project conventions
  • No unused imports or functions
  • No duplicate code (DRY principle followed)

Security

  • Password hashing handled via shared utility
  • No sensitive data exposed

Documentation

  • README.md updated (not required)
  • API documentation updated (not required)

Known Limitations / Technical Debt

None.

Additional Notes

This is a pure refactor with no functional changes.

MR Acceptance Checklist

Quality & Correctness

  • Code works as intended
  • No functionality broken

Maintainability

  • Code is clean and centralized
  • Follows project conventions

Merge request reports