Skip to content

Prevent multi-login due to slow password hashing#2826

Merged
DL6ER merged 1 commit into
development-v6from
new/freeze_login
Nov 13, 2023
Merged

Prevent multi-login due to slow password hashing#2826
DL6ER merged 1 commit into
development-v6from
new/freeze_login

Conversation

@DL6ER

@DL6ER DL6ER commented Nov 13, 2023

Copy link
Copy Markdown
Member

What does this implement/fix?

There is currently no limit on how often you can submit the password until you are finally logged in. This is most noticeable on very low-end hardware, such as an emulated armv7 target in the following example:
ezgif-4-dc8726674d

After this PR, multiple logins during password validation are prevented:
ezgif-4-94b945a31e

Related issue or feature (if applicable): N/A

Pull request in docs with documentation (if applicable): N/A

By submitting this pull request, I confirm the following:

  1. I have read and understood the contributors guide, as well as this entire template. I understand which branch to base my commits and Pull Requests against.
  2. I have commented my proposed changes within the code.
  3. I am willing to help maintain this change if there are issues with it later.
  4. It is compatible with the EUPL 1.2 license
  5. I have squashed any insignificant commits. (git rebase)

Checklist:

  • The code change is tested and works locally.
  • I based my code and PRs against the repositories developmental branch.
  • I signed off all commits. Pi-hole enforces the DCO for all contributions
  • I signed all my commits. Pi-hole requires signatures to verify authorship
  • I have read the above and my PR is ready for review.

@DL6ER DL6ER changed the title Disable all inputs on login submission, re-enable them on error Prevent multi-login Nov 13, 2023
@DL6ER DL6ER requested a review from a team November 13, 2023 08:38
DL6ER
DL6ER commented Nov 13, 2023
View reviewed changes
Comment thread scripts/pi-hole/js/login.js
* This file is copyright under the latest version of the EUPL.
* Please see LICENSE file for your rights under this license. */

/* global utils:false */

@DL6ER DL6ER Nov 13, 2023

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utils.js is included from header.lp

@DL6ER DL6ER changed the title Prevent multi-login Prevent multi-login due to slow password hashing 🔑 Nov 13, 2023
@DL6ER DL6ER changed the title Prevent multi-login due to slow password hashing 🔑 Prevent multi-login due to slow password hashing Nov 13, 2023
@DL6ER DL6ER merged commit 707d2e0 into development-v6 Nov 13, 2023
@DL6ER DL6ER deleted the new/freeze_login branch November 13, 2023 22:21
@PromoFaux PromoFaux mentioned this pull request Feb 18, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yubiuser yubiuser yubiuser approved these changes

Assignees

No one assigned

Labels

Pi-hole v6.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@DL6ER @yubiuser