idp oidc: use min() to cap login retry timeout (#87442)

2024-02-25 19:18:58 +01:00 · 2024-02-25 19:18:58 +01:00 · 7d6601c870
parent 0c77d67608
commit 7d6601c870
1 changed files with 1 additions and 2 deletions
--- a/src/authentic2_idp_oidc/views.py
+++ b/src/authentic2_idp_oidc/views.py
@ -697,8 +697,7 @@ def idtoken_from_user_credential(request):
    backoff_keys = (username, client.client_id)

    seconds_to_wait = exponential_backoff.seconds_to_wait(*backoff_keys)
-    if seconds_to_wait > a2_app_settings.A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_MAX_DURATION:
-        seconds_to_wait = a2_app_settings.A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_MAX_DURATION
+    seconds_to_wait = min(seconds_to_wait, a2_app_settings.A2_LOGIN_EXPONENTIAL_RETRY_TIMEOUT_MAX_DURATION)
    if seconds_to_wait:
        raise InvalidRequest(
            _('Too many attempts with erroneous RO password, you must wait %s seconds to try again.')