Browse Source

fix #5618

dependabot/pip/contrib/deterministic-build/ecdsa-0.13.3
ThomasV 5 years ago
parent
commit
d5d9f5b46c
  1. 8
      electrum/daemon.py

8
electrum/daemon.py

@ -271,6 +271,7 @@ class Daemon(Logger):
@profiler
def __init__(self, config: SimpleConfig, fd=None, *, listen_jsonrpc=True):
Logger.__init__(self)
self.auth_lock = asyncio.Lock()
self.running = False
self.running_lock = threading.Lock()
self.config = config
@ -302,7 +303,7 @@ class Daemon(Logger):
if self.network:
self.network.start(jobs)
def authenticate(self, headers):
async def authenticate(self, headers):
if self.rpc_password == '':
# RPC authentication is disabled
return
@ -317,12 +318,13 @@ class Daemon(Logger):
username, _, password = credentials.partition(':')
if not (constant_time_compare(username, self.rpc_user)
and constant_time_compare(password, self.rpc_password)):
time.sleep(0.050)
await asyncio.sleep(0.050)
raise AuthenticationError('Invalid Credentials')
async def handle(self, request):
async with self.auth_lock:
try:
self.authenticate(request.headers)
await self.authenticate(request.headers)
except AuthenticationError:
return web.Response(text='Forbidden', status=403)
request = await request.text()

Loading…
Cancel
Save