Ticket #20760: 20760_fix_w_delay.diff

File 20760_fix_w_delay.diff, 1.2 KB (added by jpaglier, 22 months ago)

Patch with delay to further hide how long the check was taking

  • django/contrib/auth/backends.py

    diff --git a/django/contrib/auth/backends.py b/django/contrib/auth/backends.py
    index 6b31f72..2eaf6c8 100644
    a b from __future__ import unicode_literals 
    22from django.contrib.auth import get_user_model
    33from django.contrib.auth.models import Permission
    44
     5from time import sleep
     6from random import random
    57
    68class ModelBackend(object):
    79    """
    class ModelBackend(object): 
    1012
    1113    def authenticate(self, username=None, password=None, **kwargs):
    1214        UserModel = get_user_model()
     15
     16        user = UserModel()
     17        user.set_password("if user doesn't exist we still want to be slow")
     18
     19        #sleep for random amount of time to add some secret sauce
     20        #to the time it takes for authentication
     21        sleep( (random() + .25) % .5)
     22
    1323        if username is None:
    1424            username = kwargs.get(UserModel.USERNAME_FIELD)
    1525        try:
    class ModelBackend(object): 
    1727            if user.check_password(password):
    1828                return user
    1929        except UserModel.DoesNotExist:
     30            user.check_password("this won't match that!")
    2031            return None
    2132
    2233    def get_group_permissions(self, user_obj, obj=None):
Back to Top