File get_login_trytond-46.patch of Package trytond

diff -ruN a/trytond/res/user.py b/trytond/res/user.py
- --- a/trytond/res/user.py	2018-11-22 09:21:59.077931014 +0000
+++ b/trytond/res/user.py	2018-11-22 09:21:04.423129737 +0000
@@ -20,6 +20,7 @@
 from sql.conditionals import Coalesce
 from sql.aggregate import Count
 from sql.operators import Concat
+from random import randint
 
 try:
     import bcrypt
@@ -542,12 +543,15 @@
         '''
         Return user id if password matches
         '''
- -        LoginAttempt = Pool().get('res.user.login.attempt')
- -        count = LoginAttempt.count(login)
- -        if count > config.getint('session', 'max_attempt', default=5):
- -            LoginAttempt.add(login)
- -            raise RateLimitException()
- -        Transaction().atexit(time.sleep, 2 ** count - 1)
+        login_max_delay = config.getint('session', 'login_max_delay')
+
+        #Use a random delay (default between 1 and login_max_delay)
+        #If the param is not set, it defaults to 3
+
+        if (not login_max_delay) or (login_max_delay < 1):
+            login_max_delay = 3
+            delay = randint(1,login_max_delay)
+
         for method in config.get(
                 'session', 'authentications', default='password').split(','):
             try:
@@ -557,10 +561,11 @@
                 continue
             user_id = func(login, parameters)
             if user_id:
- -                LoginAttempt.remove(login)
                 return user_id
- -        LoginAttempt.add(login)
- -
+            else:
+                logger.warning('Invalid login from : %s', login)
+                time.sleep(delay)
+    
     @classmethod
     def _login_password(cls, login, parameters):
         if 'password' not in parameters: