Function verify_password 

pub fn verify_password(password: &str, hash: &str) -> Result<bool>

Verifies a plaintext password against a bcrypt hash.

This function uses bcrypt to verify that a plaintext password matches a previously generated hash. The verification is performed in constant time to prevent timing attacks.

Arguments

• password - The plaintext password to verify
• hash - The bcrypt hash to verify against

Returns

• Ok(true) if the password matches the hash
• Ok(false) if the password does not match the hash
• Err(AuthError) if verification fails due to an invalid hash format

Security Notes

• Verification is performed in constant time
• The hash must be a valid bcrypt hash including salt and cost parameters
• Invalid hash formats will result in an error rather than false

Example

use auth_framework::secure_utils::{hash_password, verify_password};

let password = "user_password_123";
let hash = hash_password(password).unwrap();

assert!(verify_password(password, &hash).unwrap());
assert!(!verify_password("wrong_password", &hash).unwrap());