IT4Change/gradido
3
0
Fork 0
mirror of https://github.com/IT4Change/gradido.git synced 2026-02-06 09:56:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

using password validation in login only for saving cpu time (fake sleep by invalid passwords instead of make hash calculation with argon2)

Browse Source
This commit is contained in:
einhornimmond 2021-03-04 18:00:19 +01:00 committed by Ulf Gebhardt
parent d6b59d5dfd
commit 32a2b4d851
No known key found for this signature in database
GPG Key ID: 81308EFE29ABFEBD
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/cpp/model/Session.cpp
View File

@ -736,6 +736,8 @@ UserState Session::loadUser(const std::string& email, const std::string& passwor
{
static const char* functionName = "Session::loadUser";
auto observer = SingletonTaskObserver::getInstance();
auto sm = SessionManager::getInstance();
if (email != "") {
if (observer->getTaskCount(email, TASK_OBSERVER_PASSWORD_CREATION) > 0) {
return USER_PASSWORD_ENCRYPTION_IN_PROCESS;
@ -765,6 +767,14 @@ UserState Session::loadUser(const std::string& email, const std::string& passwor
return USER_DISABLED;
}
if (mNewUser->getUserState() >= USER_LOADED_FROM_DB) {
NotificationList pwd_errors;
if (!sm->checkPwdValidation(password, &pwd_errors))
{
Poco::Thread::sleep(ServerConfig::g_FakeLoginSleepTime);
return USER_PASSWORD_INCORRECT;
}
int loginResult = mNewUser->login(password);
int exitCount = 0;
if (loginResult == -3)