Slowed down code checking to prevent brute forcing (#12)
This commit is contained in:
Christiaan Goossens
committed by
GitHub
GitHub
parent
db4c6bcade
commit
72dbc49c6f
@@ -16,7 +16,8 @@
|
||||
"requirements": [
|
||||
"python-jose>=3.3.0",
|
||||
"aiofiles>=24.1.0",
|
||||
"jinja2>=3.1.4"
|
||||
"jinja2>=3.1.4",
|
||||
"bcrypt>=4.2.0"
|
||||
],
|
||||
"version": "0.4.0"
|
||||
"version": "0.4.1"
|
||||
}
|
||||
@@ -6,6 +6,7 @@ import logging
|
||||
|
||||
from typing import Dict, Optional
|
||||
import asyncio
|
||||
import bcrypt
|
||||
from homeassistant.auth import EVENT_USER_ADDED
|
||||
from homeassistant.auth.providers import (
|
||||
AUTH_PROVIDERS,
|
||||
@@ -274,6 +275,14 @@ class OpenIdLoginFlow(LoginFlow):
|
||||
"""Handler for the login flow."""
|
||||
|
||||
async def _finalize_user(self, code: str) -> AuthFlowResult:
|
||||
# Verify a dummy hash to make it last a bit longer
|
||||
# as security measure (limits the amount of attempts you have in 5 min)
|
||||
# Similar to what the HomeAssistant auth provider does
|
||||
dummy = b"$2b$12$CiuFGszHx9eNHxPuQcwBWez4CwDTOcLTX5CbOpV6gef2nYuXkY7BO"
|
||||
bcrypt.checkpw(b"foo", dummy)
|
||||
|
||||
# Actually look up the auth provider after,
|
||||
# this doesn't take a lot of time (regardless of it's in there or not)
|
||||
sub = await self._auth_provider.async_get_subject(code)
|
||||
if sub:
|
||||
return await self.async_finish(
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
[project]
|
||||
name = "hass-oidc-auth"
|
||||
version = "0.4.0"
|
||||
version = "0.4.1"
|
||||
description = "OIDC component for Home Assistant"
|
||||
authors = [
|
||||
{ name = "Christiaan Goossens", email = "contact@christiaangoossens.nl" }
|
||||
@@ -10,6 +10,7 @@ dependencies = [
|
||||
"python-jose>=3.3.0",
|
||||
"aiofiles>=24.1.0",
|
||||
"jinja2>=3.1.4",
|
||||
"bcrypt>=4.2.0",
|
||||
]
|
||||
readme = "README.md"
|
||||
requires-python = ">= 3.13"
|
||||
|
||||
@@ -62,6 +62,7 @@ audioop-lts==0.2.1
|
||||
awesomeversion==24.6.0
|
||||
# via homeassistant
|
||||
bcrypt==4.2.0
|
||||
# via hass-oidc-auth
|
||||
# via homeassistant
|
||||
bleak==0.22.3
|
||||
# via bleak-retry-connector
|
||||
|
||||
@@ -12,6 +12,8 @@
|
||||
-e file:.
|
||||
aiofiles==24.1.0
|
||||
# via hass-oidc-auth
|
||||
bcrypt==4.2.1
|
||||
# via hass-oidc-auth
|
||||
ecdsa==0.19.0
|
||||
# via python-jose
|
||||
jinja2==3.1.5
|
||||
|
||||
Reference in New Issue
Block a user