Docs / Raw

Login 500 Fix 2025 11 25

Sourced from docs/LOGIN_500_FIX_2025-11-25.md

Edit on GitHub

Login 500 Error Fix - November 25, 2025

Problem

Users were experiencing HTTP 500 errors when attempting to login at dev.asimo.io.

Symptoms

  • Browser console showed: Login failed: AxiosError 500 (Request failed with status code 500)
  • Backend logs showed stack trace with:
    • AttributeError: module 'bcrypt' has no attribute '__about__'
    • ValueError: password cannot be longer than 72 bytes

Root Cause

passlib 1.7.4 + bcrypt 5.0.0 incompatibility

The requirements.txt had bcrypt==5.0.0 (comment incorrectly said "Pinned to 4.1.3 for passlib compatibility").

When passlib tried to verify passwords, it performed a "wrap bug" detection test using a 72+ byte password. bcrypt 5.x raises a ValueError for passwords over 72 bytes instead of silently truncating them (like bcrypt 4.x did). This caused:

  1. passlib to fail during its internal bcrypt backend initialization
  2. The error to bubble up as a 500 Internal Server Error

Solution

Downgraded bcrypt from 5.0.0 to 4.0.1 in services/api-gateway/requirements.txt:

- bcrypt==5.0.0  # Pinned to 4.1.3 for passlib compatibility
+ bcrypt==4.0.1  # Pinned to 4.0.x for passlib 1.7.4 compatibility (4.1+/5.x have version detection issues)

Also updated redis version (from previous session fix):

- redis==7.1.0
+ redis==4.6.0  # for arq compatibility

Verification

  1. Login endpoint returns correct status codes:

    • Invalid credentials: 401 Unauthorized
    • Missing fields: 422 Validation Error
    • No more 500 errors

  2. Tests added:

    • tests/integration/test_bcrypt_passlib_compatibility.py - 8 tests verifying password hashing works correctly

  3. Container rebuilt:

    • Docker image rebuilt with correct bcrypt version
    • Container shows bcrypt==4.0.1 and passlib==1.7.4

Files Changed

  • services/api-gateway/requirements.txt - Fixed bcrypt and redis versions
  • services/api-gateway/tests/integration/test_bcrypt_passlib_compatibility.py - New test file

Branch

claude/login-500-dev-fix-20251125182245

Future Considerations

  • Consider upgrading to a newer version of passlib when one becomes available with bcrypt 5.x support
  • Monitor for deprecation warnings related to crypt module in Python 3.13+

Last updated: 2025-11-25 by Claude

← All documentationHome
Beginning of guide
End of guide