domain.protocols.password_hashing_protocol¶
Password hashing protocol for domain layer.
This protocol defines the interface for password hashing and verification. Infrastructure layer provides concrete implementations (bcrypt, argon2, etc.).
Architecture
- Domain defines protocol (port)
- Infrastructure implements adapter (BcryptPasswordService)
- No framework dependencies in domain
Classes¶
Bases: Protocol
Password hashing and verification interface.
Implementations
- BcryptPasswordService: bcrypt with cost factor 12 (production)
- Argon2PasswordService: argon2 (future alternative)
Usage
Domain/Application layer depends on protocol¶
def init(self, password_service: PasswordHashingProtocol): self.password_service = password_service
Hash password¶
password_hash = self.password_service.hash_password("SecurePass123!")
Verify password¶
is_valid = self.password_service.verify_password("SecurePass123!", password_hash)
Source code in src/domain/protocols/password_hashing_protocol.py
Functions¶
Hash a plaintext password.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
password
|
str
|
Plaintext password to hash. |
required |
Returns:
| Type | Description |
|---|---|
str
|
Hashed password string (bcrypt format: $2b$12$...). |
Note
- NEVER store plaintext passwords
- Hash is one-way (cannot be reversed)
- Same password produces different hashes (random salt)
Source code in src/domain/protocols/password_hashing_protocol.py
Verify a plaintext password against a hash.
Parameters:
| Name | Type | Description | Default |
|---|---|---|---|
password
|
str
|
Plaintext password to verify. |
required |
password_hash
|
str
|
Hashed password from database. |
required |
Returns:
| Type | Description |
|---|---|
bool
|
True if password matches hash, False otherwise. |
Note
- Constant-time comparison (prevents timing attacks)
- Returns False for invalid hash format (no exceptions)