fix(auth): avoid panic on invalid password hash

[krivahtoo]

Motivation

• Prevent server panics when a malformed or corrupted password hash is encountered by making hash-parse failures non-fatal during verification.

Description

• Change verify_password to return false on PasswordHash::new(...) parse failure instead of calling expect(...), and add a unit test test_verify_password_invalid_hash to guard the behavior.

Testing

• Ran server auth tests with cargo test -p server auth::tests::test_verify_password and the server tests passed; workspace-level cargo test showed unrelated failures in crates/ssl-exp caused by a Network is unreachable condition.

---

Codex Task

Summary by CodeRabbit

• Bug Fixes
  • Improved authentication robustness: password verification now safely handles malformed hash data instead of crashing; invalid input is gracefully rejected.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

---

📝 Walkthrough

Walkthrough

The verify_password function in the authentication module is modified to gracefully handle invalid password hash inputs by returning false instead of panicking. A corresponding test case is added to validate this error handling behavior.

Changes

Cohort / File(s)	Summary
Password Verification Safety crates/server/src/auth.rs	Modified verify_password to safely handle invalid hash inputs via error handling instead of panic; added test test_verify_password_invalid_hash to cover the invalid-hash edge case.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• fix(auth): avoid panic on invalid password hash #151: Directly modifies the same verify_password function to handle invalid password-hash inputs without panicking and adds the corresponding test case.

Poem

🐰 A hash gone wrong? No need to fright!
Our fuzzy friend caught the error tight—
Now false returns where panic once did play,
Safety hops in code today! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 2

❌ Failed checks (2 warnings)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 75.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Merge Conflict Detection	⚠️ Warning	❌ Merge conflicts detected (4 files): ⚔️ Dockerfile (content) ⚔️ crates/server/src/job/monitor/http.rs (content) ⚔️ frontend/src/lib/components/nav/header.svelte (content) ⚔️ landing/config.toml (content) These conflicts must be resolved before merging into main.	Resolve conflicts locally and push changes to this branch.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'fix(auth): avoid panic on invalid password hash' directly and accurately summarizes the main change: preventing panics when invalid password hashes are encountered during verification.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch codex/find-and-fix-a-bug-in-codebase

⚔️ Resolve merge conflicts (beta)

• Auto-commit resolved conflicts to branch codex/find-and-fix-a-bug-in-codebase
• Create stacked PR with resolved conflicts
• Post resolved changes as copyable diffs in a comment

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[krivahtoo]

duplicate #151