Tryton - Issues



Title Allow trusted client to bypass the wait period when entering the wrong password
Priority feature Status chatting
Superseder Nosy List nicoe, reviewbot
Type Components
Assigned To Keywords review
Reviews 321511002
View: 321511002

Created on 2020-06-03.11:15:23 by nicoe, last changed by reviewbot.

review321511002 updated at
New review321511002 at
msg58437 (view) Author: [hidden] (nicoe) (Tryton committer) Date: 2020-06-03.11:15:22
We get sometimes the remark that the exponential wait in the get_login function when the user enters is useless or should be changed in order to reduce the delay (see issue5375 and other discussions about that on the opensuse bugtracker or in live).

Getting some idea from we think that we could use a random token store on the client side and on the server side in order to reduce the wait for users trying to connect from a client that has already been trusted.

This token would be sent alongside the credentials information and if it matches the one store on the server then the user wouldn't have to wait in order to make another attempt. Of course if the number of attempts reach a defined limit then we will sent a 429 - Too Many Requests.
Date User Action Args
2020-06-24 15:47:55reviewbotsetmessages: + msg58857
2020-06-03 11:30:27reviewbotsetstatus: unread -> chatting
nosy: + reviewbot
messages: + msg58438
2020-06-03 11:30:27reviewbotsetreviews: 321511002
keyword: + review
2020-06-03 11:15:23nicoecreate

Showing 10 items. Show all history (warning: this could be VERY long)