Replace "passlib" with direct calls to bcrypt

[LilDojd]

Description:

It has come to my attention that passlib is no longer actively maintained, with the last release dating back to 2020. This raises concerns about potential CVE and long-term compatibility.

Furthermore, when using bcrypt versions higher than 4.0.1, I encountered an issue similar to pyca/bcrypt#684. This suggests that passlib may not be compatible with the latest versions of bcrypt that is installed with conda in your environments.

Pinning bcrypt to version 4.0.1 is not a sustainable solution, as it could expose users to future security vulnerabilities that are addressed in newer releases.

Proposal:

I recommend replacing the usage of passlib with the bcrypt library directly. I will draft a PR shortly. This is not a high priority issue, so feel free to triage as you please

References:

• Passlib release history

[dotsdl]

Thanks for raising this @LilDojd! Really appreciate your help with this. 🙏

Will review your PR #306 as part of our next sprint cycle.