Fix password reset to use argon2 hasher

Was using werkzeug's generate_password_hash which creates incompatible hashes. Now uses the same argon2 password_hasher as registration/login. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-14 00:07:21 -04:00 · 2026-01-14 00:07:21 -04:00 · 155905b61e
parent eacfd0d74a
commit 155905b61e
1 changed files with 1 additions and 2 deletions
--- a/src/cmdforge/registry/app.py
+++ b/src/cmdforge/registry/app.py
@ -2531,7 +2531,6 @@ def create_app() -> Flask:
    def admin_reset_password(publisher_id: int) -> Response:
        """Generate a temporary password for a publisher."""
        import secrets
-        from werkzeug.security import generate_password_hash

        publisher = query_one(g.db, "SELECT * FROM publishers WHERE id = ?", [publisher_id])
        if not publisher:
@ -2539,7 +2538,7 @@ def create_app() -> Flask:

        # Generate a temporary password
        temp_password = secrets.token_urlsafe(12)
-        password_hash = generate_password_hash(temp_password)
+        password_hash = password_hasher.hash(temp_password)

        g.db.execute(
            "UPDATE publishers SET password_hash = ? WHERE id = ?",