Clarified documentation on fake_login_attempt and restored bcrypt import

2011-04-03 16:37:15 -05:00 · 2011-04-03 16:37:15 -05:00 · 51479a1d22
commit 51479a1d22
parent 692fd1c981
1 changed files with 5 additions and 2 deletions
--- a/mediagoblin/auth/lib.py
+++ b/mediagoblin/auth/lib.py
@ -15,9 +15,10 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.

 import os
-
 import random

+import bcrypt
+

 def bcrypt_check_password(raw_pass, stored_hash, extra_salt=None):
    """
@ -71,7 +72,9 @@ def fake_login_attempt():
    Pretend we're trying to login.

    Nothing actually happens here, we're just trying to take up some
-    time.
+    time, approximately the same amount of time as
+    bcrypt_check_password, so as to avoid figuring out what users are
+    on the system by intentionally faking logins a bunch of times.
    """
    rand_salt = bcrypt.gensalt(5)