stages/identification: use random sleep
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
74382c6287
commit
7751be284e
|
@ -1,5 +1,6 @@
|
||||||
"""Identification stage logic"""
|
"""Identification stage logic"""
|
||||||
from dataclasses import asdict
|
from dataclasses import asdict
|
||||||
|
from random import SystemRandom
|
||||||
from time import sleep
|
from time import sleep
|
||||||
from typing import Any, Optional
|
from typing import Any, Optional
|
||||||
|
|
||||||
|
@ -78,7 +79,8 @@ class IdentificationChallengeResponse(ChallengeResponse):
|
||||||
|
|
||||||
pre_user = self.stage.get_user(uid_field)
|
pre_user = self.stage.get_user(uid_field)
|
||||||
if not pre_user:
|
if not pre_user:
|
||||||
sleep(0.150)
|
# Sleep a random time (between 90 and 210ms) to "prevent" user enumeration attacks
|
||||||
|
sleep(0.30 * SystemRandom().randint(3, 7))
|
||||||
LOGGER.debug("invalid_login", identifier=uid_field)
|
LOGGER.debug("invalid_login", identifier=uid_field)
|
||||||
identification_failed.send(sender=self, request=self.stage.request, uid_field=uid_field)
|
identification_failed.send(sender=self, request=self.stage.request, uid_field=uid_field)
|
||||||
# We set the pending_user even on failure so it's part of the context, even
|
# We set the pending_user even on failure so it's part of the context, even
|
||||||
|
|
Reference in a new issue