From d5d9f5b46cf9cea6e4770d22396c28e82ebb3b2b Mon Sep 17 00:00:00 2001 From: ThomasV Date: Sun, 8 Sep 2019 12:06:21 +0200 Subject: [PATCH] fix #5618 --- electrum/daemon.py | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/electrum/daemon.py b/electrum/daemon.py index c7b18e007..3f8cb4c11 100644 --- a/electrum/daemon.py +++ b/electrum/daemon.py @@ -271,6 +271,7 @@ class Daemon(Logger): @profiler def __init__(self, config: SimpleConfig, fd=None, *, listen_jsonrpc=True): Logger.__init__(self) + self.auth_lock = asyncio.Lock() self.running = False self.running_lock = threading.Lock() self.config = config @@ -302,7 +303,7 @@ class Daemon(Logger): if self.network: self.network.start(jobs) - def authenticate(self, headers): + async def authenticate(self, headers): if self.rpc_password == '': # RPC authentication is disabled return @@ -317,14 +318,15 @@ class Daemon(Logger): username, _, password = credentials.partition(':') if not (constant_time_compare(username, self.rpc_user) and constant_time_compare(password, self.rpc_password)): - time.sleep(0.050) + await asyncio.sleep(0.050) raise AuthenticationError('Invalid Credentials') async def handle(self, request): - try: - self.authenticate(request.headers) - except AuthenticationError: - return web.Response(text='Forbidden', status=403) + async with self.auth_lock: + try: + await self.authenticate(request.headers) + except AuthenticationError: + return web.Response(text='Forbidden', status=403) request = await request.text() response = await jsonrpcserver.async_dispatch(request, methods=self.methods) if isinstance(response, jsonrpcserver.response.ExceptionResponse):