Merge pull request #25602 from frappe/mergify/bp/version-14-hotfix/pr…

…-25599 feat: allow setting a custom rate limit for `login via email link` feature (backport #25599)
frappe · Mar 22, 2024 · 7699f12 · 7699f12
2 parents 0bf0cb8 + b7a1da5
commit 7699f12
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 8 deletions.
diff --git a/frappe/core/doctype/system_settings/system_settings.json b/frappe/core/doctype/system_settings/system_settings.json
@@ -45,6 +45,7 @@
   "disable_user_pass_login",
   "login_with_email_link",
   "login_with_email_link_expiry",
+  "rate_limit_email_link_login",
   "allow_error_traceback",
   "strip_exif_metadata_from_uploaded_images",
   "allow_older_web_view_links",
@@ -437,11 +438,11 @@
    "label": "Include Web View Link in Email"
   },
   {
-    "collapsible": 1,
-    "fieldname": "prepared_report_section",
-    "fieldtype": "Section Break",
-    "label": "Reports"
-   },
+   "collapsible": 1,
+   "fieldname": "prepared_report_section",
+   "fieldtype": "Section Break",
+   "label": "Reports"
+  },
   {
    "default": "Frappe",
    "description": "The application name will be used in the Login page.",
@@ -600,12 +601,19 @@
    "fieldname": "store_attached_pdf_document",
    "fieldtype": "Check",
    "label": "Store Attached PDF Document"
+  },
+  {
+   "depends_on": "login_with_email_link",
+   "description": "You can set a high value here if multiple users will be logging in from the same network.",
+   "fieldname": "rate_limit_email_link_login",
+   "fieldtype": "Int",
+   "label": "Rate limit for email link login"
   }
  ],
  "icon": "fa fa-cog",
  "issingle": 1,
  "links": [],
- "modified": "2024-03-14 15:18:01.465057",
+ "modified": "2024-03-22 16:35:52.338727",
  "modified_by": "Administrator",
  "module": "Core",
  "name": "System Settings",
@@ -624,4 +632,4 @@
  "sort_order": "ASC",
  "states": [],
  "track_changes": 1
-}
+}
diff --git a/frappe/www/login.py b/frappe/www/login.py
@@ -150,8 +150,12 @@ def _generate_temporary_login_link(email: str, expiry: int):
 	return get_url(f"/api/method/frappe.www.login.login_via_key?key={key}")
 
 
+def get_login_with_email_link_ratelimit() -> int:
+	return frappe.get_system_settings("rate_limit_email_link_login") or 5
+
+
 @frappe.whitelist(allow_guest=True, methods=["GET"])
-@rate_limit(limit=5, seconds=60 * 60)
+@rate_limit(limit=get_login_with_email_link_ratelimit, seconds=60 * 60)
 def login_via_key(key: str):
 	cache_key = f"one_time_login_key:{key}"
 	email = frappe.cache().get_value(cache_key)