This is an issue with the SQLAlchemy hybrid_property.expression use in the user ref, where .expression is returning Password.password.
This appears to be an incorrect use of hybrid_property.expression.
The net result is that in some cases we store the un-hashed password (in memory only) on the Password.password which is 128 character max. The unhashed password is overwritten before persisting to the DB by the logic in the .settr.
This is an issue with the SQLAlchemy hybrid_ property. expression use in the user ref, where .expression is returning Password.password.
This appears to be an incorrect use of hybrid_ property. expression.
The net result is that in some cases we store the un-hashed password (in memory only) on the Password.password which is 128 character max. The unhashed password is overwritten before persisting to the DB by the logic in the .settr.