Ticket #20760: 20760_fix.diff

django/contrib/auth/backends.py

@@ -10 +10 @@
 
     def authenticate(self, username=None, password=None, **kwargs):
         UserModel = get_user_model()
+
+        user = UserModel()
+        user.set_password("if user doesn't exist we still want to be slow")
+
         if username is None:
             username = kwargs.get(UserModel.USERNAME_FIELD)
         try:
@@ -17 +21 @@
             if user.check_password(password):
                 return user
         except UserModel.DoesNotExist:
+            user.check_password("this won't match that!")
             return None
 
     def get_group_permissions(self, user_obj, obj=None):