From 51479a1d22a15744fecb8eddb367ab1a8dce8328 Mon Sep 17 00:00:00 2001
From: Christopher Allan Webber <cwebber@dustycloud.org>
Date: Sun, 3 Apr 2011 16:37:15 -0500
Subject: [PATCH] Clarified documentation on fake_login_attempt and restored
 bcrypt import

---
 mediagoblin/auth/lib.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/mediagoblin/auth/lib.py b/mediagoblin/auth/lib.py
index 5db4982b..907ba200 100644
--- a/mediagoblin/auth/lib.py
+++ b/mediagoblin/auth/lib.py
@@ -15,9 +15,10 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 import os
-
 import random
 
+import bcrypt
+
 
 def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None):
     """
@@ -71,7 +72,9 @@ def fake_login_attempt():
     Pretend we're trying to login.
 
     Nothing actually happens here, we're just trying to take up some
-    time.
+    time, approximately the same amount of time as
+    bcrypt_check_password, so as to avoid figuring out what users are
+    on the system by intentionally faking logins a bunch of times.
     """
     rand_salt = bcrypt.gensalt(5)