Move authentication delay into __init__.py and add config

Use the delay for all backends (not only htpasswd). Add configuration option to configure the delay.
2017-05-23 03:11:41 +02:00
parent fb970246e0
commit f2fb07fa84
5 changed files with 18 additions and 5 deletions
--- a/radicale/auth.py
+++ b/radicale/auth.py
@ -58,8 +58,6 @@ import functools
 import hashlib
 import hmac
 import os
-import random
-import time
 from importlib import import_module


@ -198,6 +196,4 @@ class Auth(BaseAuth):
                    login, hash_value = line.split(":")
                    if login == user and self.verify(hash_value, password):
                        return True
-        # Random timer to avoid timing oracles and simple bruteforce attacks
-        time.sleep(1 + random.random())
        return False