def get_login(cls, login, parameters): ''' Return user id if password matches ''' LoginAttempt = Pool().get('res.user.login.attempt') count_ip = LoginAttempt.count_ip() if count_ip > config.getint( 'session', 'max_attempt_ip_network', default=300): # Do not add attempt as the goal is to prevent flooding raise RateLimitException() count = LoginAttempt.count(login) if count > config.getint('session', 'max_attempt', default=5): LoginAttempt.add(login) raise RateLimitException() Transaction().atexit(time.sleep, random.randint(0, 2 ** count - 1)) for methods in config.get( 'session', 'authentications', default='password').split(','): user_ids = set() for method in methods.split('+'): try: func = getattr(cls, '_login_%s' % method) except AttributeError: logger.info('Missing login method: %s', method) break user_ids.add(func(login, parameters)) if len(user_ids) != 1 or not all(user_ids): break if len(user_ids) == 1 and all(user_ids): LoginAttempt.remove(login) return user_ids.pop() LoginAttempt.add(login)