Commit b30d4fe5 authored by Juliusz Chroboczek's avatar Juliusz Chroboczek

Add delay after login failure.

parent 2f6c710f
...@@ -7,6 +7,7 @@ package group ...@@ -7,6 +7,7 @@ package group
import ( import (
"encoding/json" "encoding/json"
"errors"
"log" "log"
"os" "os"
"path" "path"
...@@ -23,6 +24,8 @@ import ( ...@@ -23,6 +24,8 @@ import (
var Directory string var Directory string
var UseMDNS bool var UseMDNS bool
var ErrNotAuthorised = errors.New("not authorised")
type UserError string type UserError string
func (err UserError) Error() string { func (err UserError) Error() string {
...@@ -268,7 +271,7 @@ func Delete(name string) bool { ...@@ -268,7 +271,7 @@ func Delete(name string) bool {
defer groups.mu.Unlock() defer groups.mu.Unlock()
g := groups.groups[name] g := groups.groups[name]
if g == nil { if g == nil {
return false; return false
} }
g.mu.Lock() g.mu.Lock()
...@@ -642,22 +645,22 @@ func (desc *description) GetPermission(group string, c Challengeable) (ClientPer ...@@ -642,22 +645,22 @@ func (desc *description) GetPermission(group string, c Challengeable) (ClientPer
} }
return p, nil return p, nil
} }
return p, UserError("not authorised") return p, ErrNotAuthorised
} }
if found, good := matchClient(group, c, desc.Presenter); found { if found, good := matchClient(group, c, desc.Presenter); found {
if good { if good {
p.Present = true p.Present = true
return p, nil return p, nil
} }
return p, UserError("not authorised") return p, ErrNotAuthorised
} }
if found, good := matchClient(group, c, desc.Other); found { if found, good := matchClient(group, c, desc.Other); found {
if good { if good {
return p, nil return p, nil
} }
return p, UserError("not authorised") return p, ErrNotAuthorised
} }
return p, UserError("not authorised") return p, ErrNotAuthorised
} }
type Public struct { type Public struct {
......
...@@ -707,6 +707,9 @@ func StartClient(conn *websocket.Conn) (err error) { ...@@ -707,6 +707,9 @@ func StartClient(conn *websocket.Conn) (err error) {
if err != nil { if err != nil {
if os.IsNotExist(err) { if os.IsNotExist(err) {
err = group.UserError("group does not exist") err = group.UserError("group does not exist")
} else if err == group.ErrNotAuthorised {
err = group.UserError("not authorised")
time.Sleep(200 * time.Millisecond)
} }
return return
} }
......
...@@ -559,8 +559,10 @@ func checkGroupPermissions(w http.ResponseWriter, r *http.Request, groupname str ...@@ -559,8 +559,10 @@ func checkGroupPermissions(w http.ResponseWriter, r *http.Request, groupname str
} }
p, err := desc.GetPermission(groupname, httpClient{user, pass}) p, err := desc.GetPermission(groupname, httpClient{user, pass})
if err != nil || !p.Record { if err != nil || !p.Record {
if err == group.ErrNotAuthorised {
time.Sleep(200 * time.Millisecond)
}
return false return false
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment