test: Fix rate limiting reset password test

frappe/core/doctype/user/test_user.py

@@ -11,6 +11,7 @@ from frappe.utils import get_url
 from frappe.core.doctype.user.user import get_total_users
 from frappe.core.doctype.user.user import MaxUsersReachedError, test_password_strength
 from frappe.core.doctype.user.user import extract_mentions
+from frappe.frappeclient import FrappeClient
 
 test_records = frappe.get_test_records('User')
 
@@ -229,16 +230,22 @@ class TestUser(unittest.TestCase):
 		self.assertEqual(extract_mentions(comment)[1], "test.again@example1.com")
 
 	def test_rate_limiting_for_reset_password(self):
-		from frappe.utils.password import delete_password_reset_cache
-		delete_password_reset_cache()
-
+		# Allow only one reset request for a day
 		frappe.db.set_value("System Settings", "System Settings", "password_reset_limit", 1)
+		frappe.db.commit()
 
-		user = frappe.get_doc("User", "testperm@example.com")
-		link = user.reset_password()
-		self.assertRegex(link, "\/update-password\?key=[A-Za-z0-9]*")
+		url = get_url()
+		data={'cmd': 'frappe.core.doctype.user.user.reset_password', 'user': 'test@test.com'}
 
-		self.assertRaises(frappe.ValidationError, user.reset_password, False)
+		# Clear rate limit tracker to start fresh
+		key = f"rl:{data['cmd']}:{data['user']}"
+		frappe.cache().delete(key)
+
+		c = FrappeClient(url)
+		res1 = c.session.post(url, data=data, verify=c.verify, headers=c.headers)
+		res2 = c.session.post(url, data=data, verify=c.verify, headers=c.headers)
+		self.assertEqual(res1.status_code, 200)
+		self.assertEqual(res2.status_code, 417)
 
 	def test_user_rollback(self):
 		""" """

frappe/core/doctype/user/user.py

@@ -6,6 +6,9 @@ from __future__ import unicode_literals, print_function
 from bs4 import BeautifulSoup
 
 import frappe
+import frappe.share
+import frappe.defaults
+import frappe.permissions
 from frappe.model.document import Document
 from frappe.utils import cint, flt, has_gravatar, escape_html, format_datetime, now_datetime, get_formatted_email, today
 from frappe import throw, msgprint, _
@@ -1170,10 +1173,3 @@ def generate_keys(user):
 def switch_theme(theme):
 	if theme in ["Dark", "Light"]:
 		frappe.db.set_value("User", frappe.session.user, "desk_theme", theme)
-
-@frappe.whitelist(allow_guest=True)
-@rate_limit(key='user', limit=2, seconds = 60*60)
-def test_ratelimit(user):
-	"""This endpoint is used by testcases to check the ratelimit is functioning as expected.
-	"""
-	return

frappe/tests/test_rate_limiter.py

@@ -13,8 +13,6 @@ import frappe
 import frappe.rate_limiter
 from frappe.rate_limiter import RateLimiter
 from frappe.utils import cint
-from frappe.frappeclient import FrappeClient
-from frappe.utils.data import get_url
 
 
 class TestRateLimiter(unittest.TestCase):
@@ -118,23 +116,3 @@ class TestRateLimiter(unittest.TestCase):
 		self.assertEqual(limiter.duration, cint(frappe.cache().get(limiter.key)))
 
 		frappe.cache().delete(limiter.key)
-
-	def test_rate_limit_decorator(self):
-		"""Check that rate limit decorator raises 417 when limit is crossed.
-		"""
-		url = get_url()
-		data={'cmd': 'frappe.core.doctype.user.user.test_ratelimit', 'user': 'test@test.com'}
-
-		# Clear rate limit tracker to start fresh
-		key = f"rl:{data['cmd']}:{data['user']}"
-		frappe.cache().delete(key)
-
-		c = FrappeClient(url)
-		res1 = c.session.post(url, data=data, verify=c.verify, headers=c.headers)
-		res2 = c.session.post(url, data=data, verify=c.verify, headers=c.headers)
-		res3 = c.session.post(url, data=data, verify=c.verify, headers=c.headers)
-
-		self.assertEqual(res1.status_code, 200)
-		self.assertEqual(res2.status_code, 200)
-		self.assertEqual(res3.status_code, 417)
-