github.com/TechSquidTV/Hermes/blob/…/security.py

Well I think you lied. Only password hashes are stored and verified using bcrypt. I want to see the issue you claim to have found. So, where did you see this security issue you claim I have a responsibility to fix?

Here’s the test that proves user’s are registered with a hash. github.com/TechSquidTV/Hermes/blob/…/conftest.py#…

the user model in the database doesn’t even have a password field: github.com/TechSquidTV/Hermes/blob/…/models.py#L2…

So please, what am I missing?