vassili/seitime-frappe
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4

fix: restrict method for security critical endpoints (#25105)

Browse source
This commit is contained in:
Ankush Menat 2024-02-27 21:40:33 +05:30 committed by GitHub
parent c66d35fe5b
commit 01d29283f1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 4 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
frappe/core/doctype/user/user.py
View file

@ -841,7 +841,7 @@ def get_perm_info(role):
return get_all_perms(role)
@frappe.whitelist(allow_guest=True)
@frappe.whitelist(allow_guest=True, methods=["POST"])
def update_password(
new_password: str, logout_all_sessions: int = 0, key: str | None = None, old_password: str | None = None
):
@ -989,7 +989,7 @@ def reset_user_data(user):
return user_doc, redirect_url
@frappe.whitelist()
@frappe.whitelist(methods=["POST"])
def verify_password(password):
frappe.local.login_manager.check_password(frappe.session.user, password)
@ -1045,7 +1045,7 @@ def sign_up(email: str, full_name: str, redirect_to: str) -> tuple[int, str]:
return 2, _("Please ask your administrator to verify your sign-up")
@frappe.whitelist(allow_guest=True)
@frappe.whitelist(allow_guest=True, methods=["POST"])
@rate_limit(limit=get_password_reset_limit, seconds=60 * 60)
def reset_password(user: str) -> str:
try:
@ -1311,7 +1311,7 @@ def get_restricted_ip_list(user):
return [i.strip() for i in user.restrict_ip.split(",")]
@frappe.whitelist()
@frappe.whitelist(methods=["POST"])
def generate_keys(user: str):
"""
generate api key and api secret