File trytond_get_login.patch of Package trytond

--- trytond/res/user.py	2018-02-15 13:09:37.735716404 +0000
+++ trytond/res/user.py	2018-02-15 22:08:51.966998130 +0000
@@ -18,6 +18,7 @@
 from sql.conditionals import Coalesce
 from sql.aggregate import Count
 from sql.operators import Concat
+from random import randint
 
 try:
     import bcrypt
@@ -495,7 +496,16 @@
         Return user id if password matches
         '''
         LoginAttempt = Pool().get('res.user.login.attempt')
-        time.sleep(2 ** LoginAttempt.count(login) - 1)
+        
+        login_max_delay = config.getint('session', 'login_max_delay')
+        
+        if (not login_max_delay) or (login_max_delay < 1):
+            login_max_delay = 3
+
+        #Use a random delay (default between 1 and login_max_delay) in login
+        #if the param is not set, it defaults to 3
+        delay = randint(1,login_max_delay)
+        time.sleep(delay)
         for method in config.get(
                 'session', 'authentications', default='password').split(','):
             try:
@@ -505,9 +515,9 @@
                 continue
             user_id = func(login, parameters)
             if user_id:
-                LoginAttempt.remove(login)
                 return user_id
-        LoginAttempt.add(login)
+            else:
+                logger.info('Invalid login from : %s', login)
 
     @classmethod
     def _login_password(cls, login, parameters):