From 32a2b4d85108cbb701b4a3068142edc9312e91d2 Mon Sep 17 00:00:00 2001
From: einhornimmond <dario.rekowski@gmx.de>
Date: Thu, 4 Mar 2021 18:00:19 +0100
Subject: [PATCH] using password validation in login only for saving cpu time
 (fake sleep by invalid passwords instead of make hash calculation with
 argon2)

---
 src/cpp/model/Session.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/cpp/model/Session.cpp b/src/cpp/model/Session.cpp
index 934d3bc9a..0aa1ae08b 100644
--- a/src/cpp/model/Session.cpp
+++ b/src/cpp/model/Session.cpp
@@ -736,6 +736,8 @@ UserState Session::loadUser(const std::string& email, const std::string& passwor
 {
 	static const char* functionName = "Session::loadUser";
 	auto observer = SingletonTaskObserver::getInstance();
+	auto sm = SessionManager::getInstance();
+
 	if (email != "") {
 		if (observer->getTaskCount(email, TASK_OBSERVER_PASSWORD_CREATION) > 0) {
 			return USER_PASSWORD_ENCRYPTION_IN_PROCESS;
@@ -765,6 +767,14 @@ UserState Session::loadUser(const std::string& email, const std::string& passwor
 		return USER_DISABLED;
 	}
 	if (mNewUser->getUserState() >= USER_LOADED_FROM_DB) {
+		
+		NotificationList pwd_errors;
+		if (!sm->checkPwdValidation(password, &pwd_errors))
+		{
+			Poco::Thread::sleep(ServerConfig::g_FakeLoginSleepTime);
+			return USER_PASSWORD_INCORRECT;
+		}
+
 		int loginResult = mNewUser->login(password);
 		int exitCount = 0;
 		if (loginResult == -3)