fix: rate limit for all HTTP methods (#21929)

(cherry picked from commit 2b96324) # Conflicts: # frappe/core/doctype/user/user.py
frappe · Aug 5, 2023 · 04cf5a6 · 04cf5a6
1 parent 5b42259
commit 04cf5a6
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/frappe/core/doctype/user/user.py b/frappe/core/doctype/user/user.py
@@ -909,8 +909,13 @@ def sign_up(email, full_name, redirect_to):
 
 
 @frappe.whitelist(allow_guest=True)
+<<<<<<< HEAD
 @rate_limit(limit=get_password_reset_limit, seconds=24 * 60 * 60, methods=["POST"])
 def reset_password(user):
+=======
+@rate_limit(limit=get_password_reset_limit, seconds=24 * 60 * 60)
+def reset_password(user: str) -> str:
+>>>>>>> 2b96324c31 (fix: rate limit for all HTTP methods (#21929))
 	if user == "Administrator":
 		return "not allowed"
 

diff --git a/frappe/website/doctype/web_form/web_form.py b/frappe/website/doctype/web_form/web_form.py
@@ -383,7 +383,7 @@ def get_web_form_module(doc):
 
 
 @frappe.whitelist(allow_guest=True)
-@rate_limit(key="web_form", limit=5, seconds=60, methods=["POST"])
+@rate_limit(key="web_form", limit=5, seconds=60)
 def accept(web_form, data):
 	"""Save the web form"""
 	data = frappe._dict(json.loads(data))