From 570442865b308b38b6f431264f590c43ac2037c7 Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Tue, 20 Dec 2022 11:57:20 +0530
Subject: [PATCH 01/41] feat: Login without password (through link sent on
 email)

---
 .../system_settings/system_settings.json      | 20 ++++--
 frappe/public/scss/login.bundle.scss          |  2 +
 .../emails/login_without_password.html        | 66 +++++++++++++++++++
 frappe/templates/includes/login/login.js      | 34 +++++++++-
 frappe/www/login.html                         | 43 +++++++++++-
 frappe/www/login.py                           | 49 +++++++++++++-
 6 files changed, 205 insertions(+), 9 deletions(-)
 create mode 100644 frappe/templates/emails/login_without_password.html

diff --git a/frappe/core/doctype/system_settings/system_settings.json b/frappe/core/doctype/system_settings/system_settings.json
index f9d7adceef..6f2454813c 100644
--- a/frappe/core/doctype/system_settings/system_settings.json
+++ b/frappe/core/doctype/system_settings/system_settings.json
@@ -39,6 +39,7 @@
   "allow_login_using_mobile_number",
   "allow_login_using_user_name",
   "disable_user_pass_login",
+  "login_without_password",
   "allow_error_traceback",
   "strip_exif_metadata_from_uploaded_images",
   "allow_older_web_view_links",
@@ -416,11 +417,11 @@
    "label": "Send document Web View link in email"
   },
   {
-    "collapsible": 1,
-    "fieldname": "prepared_report_section",
-    "fieldtype": "Section Break",
-    "label": "Reports"
-   },
+   "collapsible": 1,
+   "fieldname": "prepared_report_section",
+   "fieldtype": "Section Break",
+   "label": "Reports"
+  },
   {
    "default": "Frappe",
    "description": "The application name will be used in the Login page.",
@@ -504,12 +505,19 @@
    "fieldname": "disable_user_pass_login",
    "fieldtype": "Check",
    "label": "Disable Username/Password Login"
+  },
+  {
+   "default": "0",
+   "description": "User will be able to login using the link sent on the email",
+   "fieldname": "login_without_password",
+   "fieldtype": "Check",
+   "label": "Login Without Password"
   }
  ],
  "icon": "fa fa-cog",
  "issingle": 1,
  "links": [],
- "modified": "2022-11-28 17:57:05.099512",
+ "modified": "2022-12-20 11:20:40.735668",
  "modified_by": "Administrator",
  "module": "Core",
  "name": "System Settings",
diff --git a/frappe/public/scss/login.bundle.scss b/frappe/public/scss/login.bundle.scss
index 488dd4106e..9f94cde8f2 100644
--- a/frappe/public/scss/login.bundle.scss
+++ b/frappe/public/scss/login.bundle.scss
@@ -7,6 +7,7 @@ body {
 }
 
 .for-forgot,
+.for-login-without-password,
 .for-signup,
 .for-email-login {
 	display: none;
@@ -14,6 +15,7 @@ body {
 
 .for-login,
 .for-forgot,
+.for-login-without-password,
 .for-signup,
 .for-email-login {
 	padding: max(10vh, 60px) 0;
diff --git a/frappe/templates/emails/login_without_password.html b/frappe/templates/emails/login_without_password.html
new file mode 100644
index 0000000000..9fb3d87413
--- /dev/null
+++ b/frappe/templates/emails/login_without_password.html
@@ -0,0 +1,66 @@
+{% macro table(content, td_align, tb_color, tb_width) %}
+<table cellpadding="0" cellspacing="0" width="{{ tb_width or '100%' }}" bgcolor="{{ tb_color or '' }}">
+	<tbody>
+		<tr>
+			<td align="{{ td_align or 'center' }}">
+				{{ content }}
+			</td>
+		</tr>
+	</tbody>
+</table>
+{% endmacro %}
+
+{% macro body() %}
+<table width="100%" cellspacing="0" cellpadding="0">
+	<tbody>
+		<tr>
+			<td align="center">
+				<div class="email-header-title">Click on the below button to login to {{ app_name }}</div>
+				<div>The link will expire in {{ minutes }} minutes</div>
+			</td>
+		</tr>
+		<tr>
+			<td align="center">
+				<div class="btn btn-primary" style="margin-top: 30px;">
+					<a href="{{ link or '#'}}" style="color: #fff; text-decoration: none;">LOG IN TO {{ app_name.upper() }}</a>
+				</div>
+			</td>
+		</tr>
+	</tbody>
+</table>
+{% endmacro %}
+
+{% macro image() %}
+{% if logo %}
+<a href><img class="standard-image" src="{{ logo }}" height="40" alt="{{ app_name }}"/></a>
+{% endif %}
+{% endmacro %}
+
+{% macro footer() %}
+<div class="email-footer">
+	<div>Thanks!</div>
+	<div style="font-size: 17px;"><strong>{{ app_name }}</strong></div>
+</div>
+{% endmacro %}
+
+<div class="body-table with-container">
+	<div class="body-content">
+		<table class="email-container" align="center" cellspacing="0" cellpadding="0">
+			<tbody>
+				<tr>
+					<td style="padding: 20px 40px;">
+						<div class="email-header">
+							{{ table(table(image()), "left") }}
+						</div>
+						<div class="email-body">
+							{{ table(body()) }}
+						</div>
+						<div class="email-footer-container">
+							{{ table(footer()) }}
+						</div>
+					</td>
+				</tr>
+			</tbody>
+		</table>
+	</div>
+</div>
\ No newline at end of file
diff --git a/frappe/templates/includes/login/login.js b/frappe/templates/includes/login/login.js
index defbbc2975..7ef388abcc 100644
--- a/frappe/templates/includes/login/login.js
+++ b/frappe/templates/includes/login/login.js
@@ -55,6 +55,25 @@ login.bind_events = function () {
 		return false;
 	});
 
+	$(".form-login-without-password").on("submit", function (event) {
+		event.preventDefault();
+		var args = {};
+		args.cmd = "frappe.www.login.send_login_link";
+		args.email = ($("#login_without_password_email").val() || "").trim();
+		if (!args.email) {
+			login.set_status('{{ _("Valid Login id required.") }}', 'red');
+			return false;
+		}
+		login.call(args).then(() => {
+			login.set_status('{{ _("Login link sent to your email.") }}', 'blue');
+			$("#login_without_password_email").val("");
+		}).catch(() => {
+			login.set_status('{{ _("Send login link") }}', 'blue');
+		});
+
+		return false;
+	});
+
 	$(".toggle-password").click(function () {
 		var input = $($(this).attr("toggle"));
 		if (input.attr("type") == "password") {
@@ -94,6 +113,7 @@ login.reset_sections = function (hide) {
 		$("section.for-login").toggle(false);
 		$("section.for-email-login").toggle(false);
 		$("section.for-forgot").toggle(false);
+		$("section.for-login-without-password").toggle(false);
 		$("section.for-signup").toggle(false);
 	}
 	$('section:not(.signup-disabled) .indicator').each(function () {
@@ -121,10 +141,22 @@ login.steptwo = function () {
 
 login.forgot = function () {
 	login.reset_sections();
+	if ($("#login_email").val()) {
+		$("#forgot_email").val($("#login_email").val());
+	}
 	$(".for-forgot").toggle(true);
 	$("#forgot_email").focus();
 }
 
+login.loginWithoutPassword = function () {
+	login.reset_sections();
+	if ($("#login_email").val()) {
+		$("#login_without_password_email").val($("#login_email").val());
+	}
+	$(".for-login-without-password").toggle(true);
+	$("#login_without_password_email").focus();
+}
+
 login.signup = function () {
 	login.reset_sections();
 	$(".for-signup").toggle(true);
@@ -270,7 +302,7 @@ frappe.ready(function () {
 		$(window).trigger("hashchange");
 	}
 
-	$(".form-signup, .form-forgot").removeClass("hide");
+	$(".form-signup, .form-forgot, .form-login-without-password").removeClass("hide");
 	$(document).trigger('login_rendered');
 });
 
diff --git a/frappe/www/login.html b/frappe/www/login.html
index e9f2b9103a..e5a714315e 100644
--- a/frappe/www/login.html
+++ b/frappe/www/login.html
@@ -80,7 +80,7 @@
 		<div class="login-content page-card">
 			{{ logo_section() }}
 			<form class="form-signin form-login" role="form">
-				{%- if social_login -%}
+				{%- if social_login or login_without_password -%}
 				<div class="page-card-body">
 					<form class="form-signin form-login" role="form">
 						{{ email_login_body() }}
@@ -101,6 +101,15 @@
 							</div>
 							{% endfor %}
 						</div>
+						<div class="login-without-password">
+							{% if login_without_password %}
+							<div class="login-button-wrapper">
+								<a href="#loginWithoutPassword"
+									class="btn btn-block btn-default btn-sm btn-login-option btn-login-without-password">
+									{{ _("Login without password") }}</a>
+							</div>
+							{% endif %}
+						</div>
 					</div>
 				</div>
 				{% else %}
@@ -181,6 +190,38 @@
 			</form>
 		</div>
 	</section>
+
+	<section class='for-login-without-password'>
+		<div class="login-content page-card">
+			<form class="form-signin form-login-without-password hide" role="form">
+				<div class="page-card-head">
+					<h4>{{ _('Login Without Password') }}</h4>
+				</div>
+				<div class="page-card-body">
+					<div class="email-field">
+						<input type="email" id="login_without_password_email" class="form-control"
+							placeholder="{{ _('Email Address') }}" required autofocus autocomplete="username">
+						<svg class="field-icon email-icon" width="20" height="20" viewBox="0 0 20 20" fill="none"
+							xmlns="http://www.w3.org/2000/svg">
+							<path
+								d="M2.5 7.65149V15.0757C2.5 15.4374 2.64367 15.7842 2.8994 16.04C3.15513 16.2957 3.50198 16.4394 3.86364 16.4394H16.1364C16.498 16.4394 16.8449 16.2957 17.1006 16.04C17.3563 15.7842 17.5 15.4374 17.5 15.0757V7.65149"
+								stroke="#74808B" stroke-miterlimit="10" stroke-linecap="square" />
+							<path
+								d="M17.5 7.57572V5.53026C17.5 5.1686 17.3563 4.82176 17.1006 4.56603C16.8449 4.31029 16.498 4.16663 16.1364 4.16663H3.86364C3.50198 4.16663 3.15513 4.31029 2.8994 4.56603C2.64367 4.82176 2.5 5.1686 2.5 5.53026V7.57572L10 10.8333L17.5 7.57572Z"
+								stroke="#74808B" stroke-miterlimit="10" stroke-linecap="square" />
+						</svg>
+					</div>
+				</div>
+				<div class="page-card-actions">
+					<button class="btn btn-sm btn-primary btn-block btn-login-without-password"
+						type="submit">{{ _("Send login link") }}</button>
+					<p class="text-center sign-up-message">
+						<a href="#login">{{ _("Back to Login") }}</a>
+					</p>
+				</div>
+			</form>
+		</div>
+	</section>
 </div>
 {% endblock %}
 
diff --git a/frappe/www/login.py b/frappe/www/login.py
index 32e4bb4344..44daa87a64 100644
--- a/frappe/www/login.py
+++ b/frappe/www/login.py
@@ -7,7 +7,7 @@ from frappe import _
 from frappe.auth import LoginManager
 from frappe.integrations.doctype.ldap_settings.ldap_settings import LDAPSettings
 from frappe.integrations.oauth2_logins import decoder_compat
-from frappe.utils import cint
+from frappe.utils import cint, get_url
 from frappe.utils.html_utils import get_icon_html
 from frappe.utils.jinja import guess_is_path
 from frappe.utils.oauth import (
@@ -102,6 +102,8 @@ def get_context(context):
 
 	context["login_label"] = f" {_('or')} ".join(login_label)
 
+	context["login_without_password"] = frappe.get_system_settings("login_without_password")
+
 	return context
 
 
@@ -143,3 +145,48 @@ def login_via_token(login_token):
 	redirect_post_login(
 		desk_user=frappe.db.get_value("User", frappe.session.user, "user_type") == "System User"
 	)
+
+
+@frappe.whitelist(allow_guest=True)
+def send_login_link(email, subject=None, message=None):
+	if not frappe.db.exists("User", email):
+		frappe.throw("No registered account with this email address")
+
+	key = frappe.generate_hash("Login Link", 20)
+	minutes = 10
+	frappe.cache().set_value(f"one_time_login_key:{key}", email, expires_in_sec=minutes * 60)
+
+	link = get_url(f"/api/method/frappe.www.login.login_via_key?key={key}")
+
+	logo = frappe.get_website_settings("app_logo") or frappe.get_hooks("app_logo_url")[-1]
+	app_name = (
+		frappe.get_website_settings("app_name") or frappe.get_system_settings("app_name") or _("Frappe")
+	)
+
+	subject = subject or _("Login To {0}").format(app_name)
+
+	frappe.sendmail(
+		subject=subject,
+		recipients=email,
+		template="login_without_password",
+		args={"link": link, "minutes": minutes, "app_name": app_name, "logo": logo},
+	)
+
+
+@frappe.whitelist(allow_guest=True)
+def login_via_key(key):
+	cache_key = f"one_time_login_key:{key}"
+	email = frappe.cache().get_value(cache_key)
+
+	if email:
+		frappe.cache().delete_value(cache_key)
+		frappe.local.login_manager.login_as(email)
+		frappe.response.type = "redirect"
+		frappe.response.location = "/app"
+	else:
+		frappe.respond_as_web_page(
+			_("Not Permitted"),
+			_("The link you trying to login is invalid or expired."),
+			http_status_code=403,
+			indicator_color="red",
+		)

From 60c29b69390f6ad5e041cc1ef9fe51148f21a351 Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Tue, 20 Dec 2022 13:54:40 +0530
Subject: [PATCH 02/41] fix: removed logo implementation

---
 frappe/templates/emails/login_without_password.html | 11 +----------
 frappe/www/login.py                                 |  5 ++---
 2 files changed, 3 insertions(+), 13 deletions(-)

diff --git a/frappe/templates/emails/login_without_password.html b/frappe/templates/emails/login_without_password.html
index 9fb3d87413..44e521d18f 100644
--- a/frappe/templates/emails/login_without_password.html
+++ b/frappe/templates/emails/login_without_password.html
@@ -30,12 +30,6 @@
 </table>
 {% endmacro %}
 
-{% macro image() %}
-{% if logo %}
-<a href><img class="standard-image" src="{{ logo }}" height="40" alt="{{ app_name }}"/></a>
-{% endif %}
-{% endmacro %}
-
 {% macro footer() %}
 <div class="email-footer">
 	<div>Thanks!</div>
@@ -48,10 +42,7 @@
 		<table class="email-container" align="center" cellspacing="0" cellpadding="0">
 			<tbody>
 				<tr>
-					<td style="padding: 20px 40px;">
-						<div class="email-header">
-							{{ table(table(image()), "left") }}
-						</div>
+					<td>
 						<div class="email-body">
 							{{ table(body()) }}
 						</div>
diff --git a/frappe/www/login.py b/frappe/www/login.py
index 44daa87a64..758093fdc1 100644
--- a/frappe/www/login.py
+++ b/frappe/www/login.py
@@ -148,7 +148,7 @@ def login_via_token(login_token):
 
 
 @frappe.whitelist(allow_guest=True)
-def send_login_link(email, subject=None, message=None):
+def send_login_link(email, subject=None):
 	if not frappe.db.exists("User", email):
 		frappe.throw("No registered account with this email address")
 
@@ -158,7 +158,6 @@ def send_login_link(email, subject=None, message=None):
 
 	link = get_url(f"/api/method/frappe.www.login.login_via_key?key={key}")
 
-	logo = frappe.get_website_settings("app_logo") or frappe.get_hooks("app_logo_url")[-1]
 	app_name = (
 		frappe.get_website_settings("app_name") or frappe.get_system_settings("app_name") or _("Frappe")
 	)
@@ -169,7 +168,7 @@ def send_login_link(email, subject=None, message=None):
 		subject=subject,
 		recipients=email,
 		template="login_without_password",
-		args={"link": link, "minutes": minutes, "app_name": app_name, "logo": logo},
+		args={"link": link, "minutes": minutes, "app_name": app_name},
 	)
 
 

From 55ac13082308c68de2c5a040225eeba216e228b8 Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Tue, 20 Dec 2022 14:28:14 +0530
Subject: [PATCH 03/41] chore: linter fix

---
 frappe/contacts/doctype/contact/contact.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/frappe/contacts/doctype/contact/contact.py b/frappe/contacts/doctype/contact/contact.py
index 8540e1cfb8..925dd5aa7f 100644
--- a/frappe/contacts/doctype/contact/contact.py
+++ b/frappe/contacts/doctype/contact/contact.py
@@ -133,7 +133,7 @@ class Contact(Document):
 def get_default_contact(doctype, name):
 	"""Returns default contact for the given doctype, name"""
 	out = frappe.db.sql(
-		'''select parent,
+		"""select parent,
 			IFNULL((select is_primary_contact from tabContact c where c.name = dl.parent), 0)
 				as is_primary_contact
 		from
@@ -141,7 +141,7 @@ def get_default_contact(doctype, name):
 		where
 			dl.link_doctype=%s and
 			dl.link_name=%s and
-			dl.parenttype = "Contact"''',
+			dl.parenttype = 'Contact'""",
 		(doctype, name),
 		as_dict=True,
 	)

From 68baa81f3f944483125b1dd3d59e7e6dfbb063c3 Mon Sep 17 00:00:00 2001
From: Shariq Ansari <30859809+shariquerik@users.noreply.github.com>
Date: Tue, 20 Dec 2022 15:33:03 +0530
Subject: [PATCH 04/41] fix: type checking

Co-authored-by: Ankush Menat <ankushmenat@gmail.com>
---
 frappe/www/login.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/frappe/www/login.py b/frappe/www/login.py
index 758093fdc1..bb70ec844b 100644
--- a/frappe/www/login.py
+++ b/frappe/www/login.py
@@ -148,7 +148,7 @@ def login_via_token(login_token):
 
 
 @frappe.whitelist(allow_guest=True)
-def send_login_link(email, subject=None):
+def send_login_link(email: str, subject: str | None =None):
 	if not frappe.db.exists("User", email):
 		frappe.throw("No registered account with this email address")
 
@@ -173,7 +173,7 @@ def send_login_link(email, subject=None):
 
 
 @frappe.whitelist(allow_guest=True)
-def login_via_key(key):
+def login_via_key(key: str):
 	cache_key = f"one_time_login_key:{key}"
 	email = frappe.cache().get_value(cache_key)
 

From 83bf33c1fc0785d4d7b2cac682f12e919064aae4 Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Tue, 20 Dec 2022 16:05:54 +0530
Subject: [PATCH 05/41] fix: renamed login without password to passwordless
 login

made text translatable in email template
---
 .../system_settings/system_settings.json      |  8 +++----
 frappe/public/scss/login.bundle.scss          |  4 ++--
 ..._password.html => passwordless_login.html} | 16 +++++++++-----
 frappe/templates/includes/login/login.js      | 18 +++++++--------
 frappe/www/login.html                         | 22 +++++++++----------
 frappe/www/login.py                           | 10 +++++----
 6 files changed, 42 insertions(+), 36 deletions(-)
 rename frappe/templates/emails/{login_without_password.html => passwordless_login.html} (72%)

diff --git a/frappe/core/doctype/system_settings/system_settings.json b/frappe/core/doctype/system_settings/system_settings.json
index 6f2454813c..bd4051cba4 100644
--- a/frappe/core/doctype/system_settings/system_settings.json
+++ b/frappe/core/doctype/system_settings/system_settings.json
@@ -39,7 +39,7 @@
   "allow_login_using_mobile_number",
   "allow_login_using_user_name",
   "disable_user_pass_login",
-  "login_without_password",
+  "passwordless_login",
   "allow_error_traceback",
   "strip_exif_metadata_from_uploaded_images",
   "allow_older_web_view_links",
@@ -509,15 +509,15 @@
   {
    "default": "0",
    "description": "User will be able to login using the link sent on the email",
-   "fieldname": "login_without_password",
+   "fieldname": "passwordless_login",
    "fieldtype": "Check",
-   "label": "Login Without Password"
+   "label": "Passwordless Login"
   }
  ],
  "icon": "fa fa-cog",
  "issingle": 1,
  "links": [],
- "modified": "2022-12-20 11:20:40.735668",
+ "modified": "2022-12-20 15:39:31.751704",
  "modified_by": "Administrator",
  "module": "Core",
  "name": "System Settings",
diff --git a/frappe/public/scss/login.bundle.scss b/frappe/public/scss/login.bundle.scss
index 9f94cde8f2..95de4f596b 100644
--- a/frappe/public/scss/login.bundle.scss
+++ b/frappe/public/scss/login.bundle.scss
@@ -7,7 +7,7 @@ body {
 }
 
 .for-forgot,
-.for-login-without-password,
+.for-passwordless-login,
 .for-signup,
 .for-email-login {
 	display: none;
@@ -15,7 +15,7 @@ body {
 
 .for-login,
 .for-forgot,
-.for-login-without-password,
+.for-passwordless-login,
 .for-signup,
 .for-email-login {
 	padding: max(10vh, 60px) 0;
diff --git a/frappe/templates/emails/login_without_password.html b/frappe/templates/emails/passwordless_login.html
similarity index 72%
rename from frappe/templates/emails/login_without_password.html
rename to frappe/templates/emails/passwordless_login.html
index 44e521d18f..0c7533ac8f 100644
--- a/frappe/templates/emails/login_without_password.html
+++ b/frappe/templates/emails/passwordless_login.html
@@ -1,8 +1,8 @@
 {% macro table(content, td_align, tb_color, tb_width) %}
-<table cellpadding="0" cellspacing="0" width="{{ tb_width or '100%' }}" bgcolor="{{ tb_color or '' }}">
+<table cellpadding="0" cellspacing="0" width="100%">
 	<tbody>
 		<tr>
-			<td align="{{ td_align or 'center' }}">
+			<td align="center">
 				{{ content }}
 			</td>
 		</tr>
@@ -15,14 +15,18 @@
 	<tbody>
 		<tr>
 			<td align="center">
-				<div class="email-header-title">Click on the below button to login to {{ app_name }}</div>
-				<div>The link will expire in {{ minutes }} minutes</div>
+				<div class="email-header-title">
+					{{ _('Click on the button to log in to {0}').format(app_name) }}
+				</div>
+				<div>{{ _('The link will expire in {0} minutes').format(minutes) }}</div>
 			</td>
 		</tr>
 		<tr>
 			<td align="center">
 				<div class="btn btn-primary" style="margin-top: 30px;">
-					<a href="{{ link or '#'}}" style="color: #fff; text-decoration: none;">LOG IN TO {{ app_name.upper() }}</a>
+					<a href="{{ link or '#'}}" style="color: #fff; text-decoration: none;">
+						{{ _('LOG IN TO {0}').format(app_name.upper()) }}
+					</a>
 				</div>
 			</td>
 		</tr>
@@ -32,7 +36,7 @@
 
 {% macro footer() %}
 <div class="email-footer">
-	<div>Thanks!</div>
+	<div>{{ _('Thanks!') }}</div>
 	<div style="font-size: 17px;"><strong>{{ app_name }}</strong></div>
 </div>
 {% endmacro %}
diff --git a/frappe/templates/includes/login/login.js b/frappe/templates/includes/login/login.js
index 7ef388abcc..3f49453b67 100644
--- a/frappe/templates/includes/login/login.js
+++ b/frappe/templates/includes/login/login.js
@@ -55,18 +55,18 @@ login.bind_events = function () {
 		return false;
 	});
 
-	$(".form-login-without-password").on("submit", function (event) {
+	$(".form-passwordless-login").on("submit", function (event) {
 		event.preventDefault();
 		var args = {};
 		args.cmd = "frappe.www.login.send_login_link";
-		args.email = ($("#login_without_password_email").val() || "").trim();
+		args.email = ($("#passwordless_login_email").val() || "").trim();
 		if (!args.email) {
 			login.set_status('{{ _("Valid Login id required.") }}', 'red');
 			return false;
 		}
 		login.call(args).then(() => {
 			login.set_status('{{ _("Login link sent to your email.") }}', 'blue');
-			$("#login_without_password_email").val("");
+			$("#passwordless_login_email").val("");
 		}).catch(() => {
 			login.set_status('{{ _("Send login link") }}', 'blue');
 		});
@@ -113,7 +113,7 @@ login.reset_sections = function (hide) {
 		$("section.for-login").toggle(false);
 		$("section.for-email-login").toggle(false);
 		$("section.for-forgot").toggle(false);
-		$("section.for-login-without-password").toggle(false);
+		$("section.for-passwordless-login").toggle(false);
 		$("section.for-signup").toggle(false);
 	}
 	$('section:not(.signup-disabled) .indicator').each(function () {
@@ -148,13 +148,13 @@ login.forgot = function () {
 	$("#forgot_email").focus();
 }
 
-login.loginWithoutPassword = function () {
+login.passwordlessLogin = function () {
 	login.reset_sections();
 	if ($("#login_email").val()) {
-		$("#login_without_password_email").val($("#login_email").val());
+		$("#passwordless_login_email").val($("#login_email").val());
 	}
-	$(".for-login-without-password").toggle(true);
-	$("#login_without_password_email").focus();
+	$(".for-passwordless-login").toggle(true);
+	$("#passwordless_login_email").focus();
 }
 
 login.signup = function () {
@@ -302,7 +302,7 @@ frappe.ready(function () {
 		$(window).trigger("hashchange");
 	}
 
-	$(".form-signup, .form-forgot, .form-login-without-password").removeClass("hide");
+	$(".form-signup, .form-forgot, .form-passwordless-login").removeClass("hide");
 	$(document).trigger('login_rendered');
 });
 
diff --git a/frappe/www/login.html b/frappe/www/login.html
index e5a714315e..a239a5abdc 100644
--- a/frappe/www/login.html
+++ b/frappe/www/login.html
@@ -80,7 +80,7 @@
 		<div class="login-content page-card">
 			{{ logo_section() }}
 			<form class="form-signin form-login" role="form">
-				{%- if social_login or login_without_password -%}
+				{%- if social_login or passwordless_login -%}
 				<div class="page-card-body">
 					<form class="form-signin form-login" role="form">
 						{{ email_login_body() }}
@@ -101,12 +101,12 @@
 							</div>
 							{% endfor %}
 						</div>
-						<div class="login-without-password">
-							{% if login_without_password %}
+						<div class="passwordless_login">
+							{% if passwordless_login %}
 							<div class="login-button-wrapper">
-								<a href="#loginWithoutPassword"
-									class="btn btn-block btn-default btn-sm btn-login-option btn-login-without-password">
-									{{ _("Login without password") }}</a>
+								<a href="#passwordlessLogin"
+									class="btn btn-block btn-default btn-sm btn-login-option btn-passwordless_login">
+									{{ _("Passwordless Login") }}</a>
 							</div>
 							{% endif %}
 						</div>
@@ -191,15 +191,15 @@
 		</div>
 	</section>
 
-	<section class='for-login-without-password'>
+	<section class='for-passwordless-login'>
 		<div class="login-content page-card">
-			<form class="form-signin form-login-without-password hide" role="form">
+			<form class="form-signin form-passwordless-login hide" role="form">
 				<div class="page-card-head">
-					<h4>{{ _('Login Without Password') }}</h4>
+					<h4>{{ _('Passwordless Login') }}</h4>
 				</div>
 				<div class="page-card-body">
 					<div class="email-field">
-						<input type="email" id="login_without_password_email" class="form-control"
+						<input type="email" id="passwordless_login_email" class="form-control"
 							placeholder="{{ _('Email Address') }}" required autofocus autocomplete="username">
 						<svg class="field-icon email-icon" width="20" height="20" viewBox="0 0 20 20" fill="none"
 							xmlns="http://www.w3.org/2000/svg">
@@ -213,7 +213,7 @@
 					</div>
 				</div>
 				<div class="page-card-actions">
-					<button class="btn btn-sm btn-primary btn-block btn-login-without-password"
+					<button class="btn btn-sm btn-primary btn-block btn-passwordless-login"
 						type="submit">{{ _("Send login link") }}</button>
 					<p class="text-center sign-up-message">
 						<a href="#login">{{ _("Back to Login") }}</a>
diff --git a/frappe/www/login.py b/frappe/www/login.py
index bb70ec844b..037f89438d 100644
--- a/frappe/www/login.py
+++ b/frappe/www/login.py
@@ -102,7 +102,7 @@ def get_context(context):
 
 	context["login_label"] = f" {_('or')} ".join(login_label)
 
-	context["login_without_password"] = frappe.get_system_settings("login_without_password")
+	context["passwordless_login"] = frappe.get_system_settings("passwordless_login")
 
 	return context
 
@@ -148,9 +148,11 @@ def login_via_token(login_token):
 
 
 @frappe.whitelist(allow_guest=True)
-def send_login_link(email: str, subject: str | None =None):
+def send_login_link(email: str, subject: str | None = None):
 	if not frappe.db.exists("User", email):
-		frappe.throw("No registered account with this email address")
+		frappe.throw(
+			_("User with email address {0} does not exist").format(email), frappe.DoesNotExistError
+		)
 
 	key = frappe.generate_hash("Login Link", 20)
 	minutes = 10
@@ -167,7 +169,7 @@ def send_login_link(email: str, subject: str | None =None):
 	frappe.sendmail(
 		subject=subject,
 		recipients=email,
-		template="login_without_password",
+		template="passwordless_login",
 		args={"link": link, "minutes": minutes, "app_name": app_name},
 	)
 

From eb7293c1d254e491086310f68b3201761ca3e91f Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Tue, 20 Dec 2022 18:21:22 +0530
Subject: [PATCH 06/41] fix: suggested changes and added
 passwordless_login_expiry option

rate limit, better description, redirect_post_login, removed subject
---
 .../doctype/system_settings/system_settings.json  | 12 ++++++++++--
 frappe/www/login.py                               | 15 ++++++++++-----
 2 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/frappe/core/doctype/system_settings/system_settings.json b/frappe/core/doctype/system_settings/system_settings.json
index bd4051cba4..0765bb4333 100644
--- a/frappe/core/doctype/system_settings/system_settings.json
+++ b/frappe/core/doctype/system_settings/system_settings.json
@@ -40,6 +40,7 @@
   "allow_login_using_user_name",
   "disable_user_pass_login",
   "passwordless_login",
+  "passwordless_login_expiry",
   "allow_error_traceback",
   "strip_exif_metadata_from_uploaded_images",
   "allow_older_web_view_links",
@@ -508,16 +509,23 @@
   },
   {
    "default": "0",
-   "description": "User will be able to login using the link sent on the email",
+   "description": "Allow users to log in without a password, using a login link sent to their email",
    "fieldname": "passwordless_login",
    "fieldtype": "Check",
    "label": "Passwordless Login"
+  },
+  {
+   "default": "10",
+   "depends_on": "passwordless_login",
+   "fieldname": "passwordless_login_expiry",
+   "fieldtype": "Int",
+   "label": "Passwordless Login Link Expiry (in minutes)"
   }
  ],
  "icon": "fa fa-cog",
  "issingle": 1,
  "links": [],
- "modified": "2022-12-20 15:39:31.751704",
+ "modified": "2022-12-20 18:17:31.759701",
  "modified_by": "Administrator",
  "module": "Core",
  "name": "System Settings",
diff --git a/frappe/www/login.py b/frappe/www/login.py
index 037f89438d..763028e567 100644
--- a/frappe/www/login.py
+++ b/frappe/www/login.py
@@ -7,6 +7,7 @@ from frappe import _
 from frappe.auth import LoginManager
 from frappe.integrations.doctype.ldap_settings.ldap_settings import LDAPSettings
 from frappe.integrations.oauth2_logins import decoder_compat
+from frappe.rate_limiter import rate_limit
 from frappe.utils import cint, get_url
 from frappe.utils.html_utils import get_icon_html
 from frappe.utils.jinja import guess_is_path
@@ -148,14 +149,15 @@ def login_via_token(login_token):
 
 
 @frappe.whitelist(allow_guest=True)
-def send_login_link(email: str, subject: str | None = None):
+@rate_limit(limit=5, seconds=60 * 60)
+def send_login_link(email: str):
 	if not frappe.db.exists("User", email):
 		frappe.throw(
 			_("User with email address {0} does not exist").format(email), frappe.DoesNotExistError
 		)
 
 	key = frappe.generate_hash("Login Link", 20)
-	minutes = 10
+	minutes = frappe.get_system_settings("passwordless_login_expiry") or 10
 	frappe.cache().set_value(f"one_time_login_key:{key}", email, expires_in_sec=minutes * 60)
 
 	link = get_url(f"/api/method/frappe.www.login.login_via_key?key={key}")
@@ -164,13 +166,14 @@ def send_login_link(email: str, subject: str | None = None):
 		frappe.get_website_settings("app_name") or frappe.get_system_settings("app_name") or _("Frappe")
 	)
 
-	subject = subject or _("Login To {0}").format(app_name)
+	subject = _("Login To {0}").format(app_name)
 
 	frappe.sendmail(
 		subject=subject,
 		recipients=email,
 		template="passwordless_login",
 		args={"link": link, "minutes": minutes, "app_name": app_name},
+		now=True,
 	)
 
 
@@ -182,8 +185,10 @@ def login_via_key(key: str):
 	if email:
 		frappe.cache().delete_value(cache_key)
 		frappe.local.login_manager.login_as(email)
-		frappe.response.type = "redirect"
-		frappe.response.location = "/app"
+
+		redirect_post_login(
+			desk_user=frappe.db.get_value("User", frappe.session.user, "user_type") == "System User"
+		)
 	else:
 		frappe.respond_as_web_page(
 			_("Not Permitted"),

From 8dad07949aab6f65390515cf33f60d7edfa0abb6 Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Tue, 20 Dec 2022 21:53:13 +0530
Subject: [PATCH 07/41] chore: again renaming to Login with email link

---
 .../system_settings/system_settings.json      | 16 ++++++-------
 frappe/public/scss/login.bundle.scss          |  4 ++--
 ..._login.html => login_with_email_link.html} |  0
 frappe/templates/includes/login/login.js      | 21 ++++++++--------
 frappe/www/login.html                         | 24 +++++++++----------
 frappe/www/login.py                           |  6 ++---
 6 files changed, 36 insertions(+), 35 deletions(-)
 rename frappe/templates/emails/{passwordless_login.html => login_with_email_link.html} (100%)

diff --git a/frappe/core/doctype/system_settings/system_settings.json b/frappe/core/doctype/system_settings/system_settings.json
index 0765bb4333..ddafd0e9fd 100644
--- a/frappe/core/doctype/system_settings/system_settings.json
+++ b/frappe/core/doctype/system_settings/system_settings.json
@@ -39,8 +39,8 @@
   "allow_login_using_mobile_number",
   "allow_login_using_user_name",
   "disable_user_pass_login",
-  "passwordless_login",
-  "passwordless_login_expiry",
+  "login_with_email_link",
+  "login_with_email_link_expiry",
   "allow_error_traceback",
   "strip_exif_metadata_from_uploaded_images",
   "allow_older_web_view_links",
@@ -510,22 +510,22 @@
   {
    "default": "0",
    "description": "Allow users to log in without a password, using a login link sent to their email",
-   "fieldname": "passwordless_login",
+   "fieldname": "login_with_email_link",
    "fieldtype": "Check",
-   "label": "Passwordless Login"
+   "label": "Login with email link"
   },
   {
    "default": "10",
-   "depends_on": "passwordless_login",
-   "fieldname": "passwordless_login_expiry",
+   "depends_on": "login_with_email_link",
+   "fieldname": "login_with_email_link_expiry",
    "fieldtype": "Int",
-   "label": "Passwordless Login Link Expiry (in minutes)"
+   "label": "Login with email link expiry (in minutes)"
   }
  ],
  "icon": "fa fa-cog",
  "issingle": 1,
  "links": [],
- "modified": "2022-12-20 18:17:31.759701",
+ "modified": "2022-12-20 21:45:37.651668",
  "modified_by": "Administrator",
  "module": "Core",
  "name": "System Settings",
diff --git a/frappe/public/scss/login.bundle.scss b/frappe/public/scss/login.bundle.scss
index 95de4f596b..b491e49a50 100644
--- a/frappe/public/scss/login.bundle.scss
+++ b/frappe/public/scss/login.bundle.scss
@@ -7,7 +7,7 @@ body {
 }
 
 .for-forgot,
-.for-passwordless-login,
+.for-login-with-email-link,
 .for-signup,
 .for-email-login {
 	display: none;
@@ -15,7 +15,7 @@ body {
 
 .for-login,
 .for-forgot,
-.for-passwordless-login,
+.for-login-with-email-link,
 .for-signup,
 .for-email-login {
 	padding: max(10vh, 60px) 0;
diff --git a/frappe/templates/emails/passwordless_login.html b/frappe/templates/emails/login_with_email_link.html
similarity index 100%
rename from frappe/templates/emails/passwordless_login.html
rename to frappe/templates/emails/login_with_email_link.html
diff --git a/frappe/templates/includes/login/login.js b/frappe/templates/includes/login/login.js
index 3f49453b67..16f78ea0c9 100644
--- a/frappe/templates/includes/login/login.js
+++ b/frappe/templates/includes/login/login.js
@@ -55,18 +55,18 @@ login.bind_events = function () {
 		return false;
 	});
 
-	$(".form-passwordless-login").on("submit", function (event) {
+	$(".form-login-with-email-link").on("submit", function (event) {
 		event.preventDefault();
 		var args = {};
 		args.cmd = "frappe.www.login.send_login_link";
-		args.email = ($("#passwordless_login_email").val() || "").trim();
+		args.email = ($("#login_with_email_link_email").val() || "").trim();
 		if (!args.email) {
 			login.set_status('{{ _("Valid Login id required.") }}', 'red');
 			return false;
 		}
 		login.call(args).then(() => {
-			login.set_status('{{ _("Login link sent to your email.") }}', 'blue');
-			$("#passwordless_login_email").val("");
+			login.set_status('{{ _("Login link sent to your email") }}', 'blue');
+			$("#login_with_email_link_email").val("");
 		}).catch(() => {
 			login.set_status('{{ _("Send login link") }}', 'blue');
 		});
@@ -105,6 +105,7 @@ login.bind_events = function () {
 login.route = function () {
 	var route = window.location.hash.slice(1);
 	if (!route) route = "login";
+	route = route.replaceAll("-", "_");
 	login[route]();
 }
 
@@ -113,7 +114,7 @@ login.reset_sections = function (hide) {
 		$("section.for-login").toggle(false);
 		$("section.for-email-login").toggle(false);
 		$("section.for-forgot").toggle(false);
-		$("section.for-passwordless-login").toggle(false);
+		$("section.for-login-with-email-link").toggle(false);
 		$("section.for-signup").toggle(false);
 	}
 	$('section:not(.signup-disabled) .indicator').each(function () {
@@ -148,13 +149,13 @@ login.forgot = function () {
 	$("#forgot_email").focus();
 }
 
-login.passwordlessLogin = function () {
+login.login_with_email_link = function () {
 	login.reset_sections();
 	if ($("#login_email").val()) {
-		$("#passwordless_login_email").val($("#login_email").val());
+		$("#login_with_email_link_email").val($("#login_email").val());
 	}
-	$(".for-passwordless-login").toggle(true);
-	$("#passwordless_login_email").focus();
+	$(".for-login-with-email-link").toggle(true);
+	$("#login_with_email_link_email").focus();
 }
 
 login.signup = function () {
@@ -302,7 +303,7 @@ frappe.ready(function () {
 		$(window).trigger("hashchange");
 	}
 
-	$(".form-signup, .form-forgot, .form-passwordless-login").removeClass("hide");
+	$(".form-signup, .form-forgot, .form-login-with-email-link").removeClass("hide");
 	$(document).trigger('login_rendered');
 });
 
diff --git a/frappe/www/login.html b/frappe/www/login.html
index a239a5abdc..1ac80bbee5 100644
--- a/frappe/www/login.html
+++ b/frappe/www/login.html
@@ -80,7 +80,7 @@
 		<div class="login-content page-card">
 			{{ logo_section() }}
 			<form class="form-signin form-login" role="form">
-				{%- if social_login or passwordless_login -%}
+				{%- if social_login or login_with_email_link -%}
 				<div class="page-card-body">
 					<form class="form-signin form-login" role="form">
 						{{ email_login_body() }}
@@ -101,15 +101,15 @@
 							</div>
 							{% endfor %}
 						</div>
-						<div class="passwordless_login">
-							{% if passwordless_login %}
+						{% if login_with_email_link %}
+						<div class="login-with-email-link">
 							<div class="login-button-wrapper">
-								<a href="#passwordlessLogin"
-									class="btn btn-block btn-default btn-sm btn-login-option btn-passwordless_login">
-									{{ _("Passwordless Login") }}</a>
+								<a href="#login-with-email-link"
+									class="btn btn-block btn-default btn-sm btn-login-option btn-login-with-email-link">
+									{{ _("Login with Email Link") }}</a>
 							</div>
-							{% endif %}
 						</div>
+						{% endif %}
 					</div>
 				</div>
 				{% else %}
@@ -191,15 +191,15 @@
 		</div>
 	</section>
 
-	<section class='for-passwordless-login'>
+	<section class='for-login-with-email-link'>
 		<div class="login-content page-card">
-			<form class="form-signin form-passwordless-login hide" role="form">
+			<form class="form-signin form-login-with-email-link hide" role="form">
 				<div class="page-card-head">
-					<h4>{{ _('Passwordless Login') }}</h4>
+					<h4>{{ _('Login With Email Link') }}</h4>
 				</div>
 				<div class="page-card-body">
 					<div class="email-field">
-						<input type="email" id="passwordless_login_email" class="form-control"
+						<input type="email" id="login_with_email_link_email" class="form-control"
 							placeholder="{{ _('Email Address') }}" required autofocus autocomplete="username">
 						<svg class="field-icon email-icon" width="20" height="20" viewBox="0 0 20 20" fill="none"
 							xmlns="http://www.w3.org/2000/svg">
@@ -213,7 +213,7 @@
 					</div>
 				</div>
 				<div class="page-card-actions">
-					<button class="btn btn-sm btn-primary btn-block btn-passwordless-login"
+					<button class="btn btn-sm btn-primary btn-block btn-login-with-email-link"
 						type="submit">{{ _("Send login link") }}</button>
 					<p class="text-center sign-up-message">
 						<a href="#login">{{ _("Back to Login") }}</a>
diff --git a/frappe/www/login.py b/frappe/www/login.py
index 763028e567..4cd62276ee 100644
--- a/frappe/www/login.py
+++ b/frappe/www/login.py
@@ -103,7 +103,7 @@ def get_context(context):
 
 	context["login_label"] = f" {_('or')} ".join(login_label)
 
-	context["passwordless_login"] = frappe.get_system_settings("passwordless_login")
+	context["login_with_email_link"] = frappe.get_system_settings("login_with_email_link")
 
 	return context
 
@@ -157,7 +157,7 @@ def send_login_link(email: str):
 		)
 
 	key = frappe.generate_hash("Login Link", 20)
-	minutes = frappe.get_system_settings("passwordless_login_expiry") or 10
+	minutes = frappe.get_system_settings("login_with_email_link_expiry") or 10
 	frappe.cache().set_value(f"one_time_login_key:{key}", email, expires_in_sec=minutes * 60)
 
 	link = get_url(f"/api/method/frappe.www.login.login_via_key?key={key}")
@@ -171,7 +171,7 @@ def send_login_link(email: str):
 	frappe.sendmail(
 		subject=subject,
 		recipients=email,
-		template="passwordless_login",
+		template="login_with_email_link",
 		args={"link": link, "minutes": minutes, "app_name": app_name},
 		now=True,
 	)

From 289aa9a13b8fc0b356d670fc9eb5ba21a6567e5e Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Wed, 21 Dec 2022 14:43:10 +0530
Subject: [PATCH 08/41] test: test valid & invalid key

---
 frappe/tests/test_auth.py | 16 ++++++++++++++++
 frappe/www/login.py       |  9 ++++++++-
 2 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/frappe/tests/test_auth.py b/frappe/tests/test_auth.py
index 403d0cf34c..7e21cbe73b 100644
--- a/frappe/tests/test_auth.py
+++ b/frappe/tests/test_auth.py
@@ -7,6 +7,7 @@ import frappe.utils
 from frappe.auth import LoginAttemptTracker
 from frappe.frappeclient import AuthError, FrappeClient
 from frappe.tests.utils import FrappeTestCase
+from frappe.www.login import login_via_key, send_login_link
 
 
 def add_user(email, password, username=None, mobile_no=None):
@@ -42,6 +43,9 @@ class TestAuth(FrappeTestCase):
 	@classmethod
 	def tearDownClass(cls):
 		frappe.delete_doc("User", cls.test_user_email, force=True)
+		frappe.local.request_ip = None
+		frappe.form_dict.email = None
+		frappe.local.response["http_status_code"] = None
 
 	def set_system_settings(self, k, v):
 		frappe.db.set_value("System Settings", "System Settings", k, v)
@@ -123,6 +127,18 @@ class TestAuth(FrappeTestCase):
 		with self.assertRaises(Exception):
 			FrappeClient(self.HOST_NAME, self.test_user_email, self.test_user_password).get_list("ToDo")
 
+	def test_login_with_email_link(self):
+		frappe.form_dict.email = self.test_user_email
+		frappe.local.request_ip = "127.0.0.1"
+
+		# test with valid key
+		key = send_login_link()
+		self.assertEqual(login_via_key(key), self.test_user_email)
+
+		# test with invalid key
+		login_via_key("invalid_key")
+		self.assertEqual(frappe.local.response["http_status_code"], 403)
+
 
 class TestLoginAttemptTracker(FrappeTestCase):
 	def test_account_lock(self):
diff --git a/frappe/www/login.py b/frappe/www/login.py
index 4cd62276ee..f2cc6bccd8 100644
--- a/frappe/www/login.py
+++ b/frappe/www/login.py
@@ -149,7 +149,7 @@ def login_via_token(login_token):
 
 
 @frappe.whitelist(allow_guest=True)
-@rate_limit(limit=5, seconds=60 * 60)
+@rate_limit(key="email", limit=5, seconds=60 * 60)
 def send_login_link(email: str):
 	if not frappe.db.exists("User", email):
 		frappe.throw(
@@ -162,6 +162,9 @@ def send_login_link(email: str):
 
 	link = get_url(f"/api/method/frappe.www.login.login_via_key?key={key}")
 
+	if frappe.flags.in_test:
+		return key
+
 	app_name = (
 		frappe.get_website_settings("app_name") or frappe.get_system_settings("app_name") or _("Frappe")
 	)
@@ -184,6 +187,10 @@ def login_via_key(key: str):
 
 	if email:
 		frappe.cache().delete_value(cache_key)
+
+		if frappe.flags.in_test:
+			return email
+
 		frappe.local.login_manager.login_as(email)
 
 		redirect_post_login(

From 7fdcafddce00e95b5aa742a8f304aef56638a658 Mon Sep 17 00:00:00 2001
From: Sagar Vora <sagar@resilient.tech>
Date: Fri, 23 Dec 2022 11:04:38 +0530
Subject: [PATCH 09/41] chore: remove code for handling old dict cache

---
 frappe/model/meta.py | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/frappe/model/meta.py b/frappe/model/meta.py
index 1fa1340024..c9477f5b02 100644
--- a/frappe/model/meta.py
+++ b/frappe/model/meta.py
@@ -111,12 +111,6 @@ class Meta(Document):
 	]
 
 	def __init__(self, doctype):
-		# from cache
-		if isinstance(doctype, dict):
-			super().__init__(doctype)
-			self.init_field_caches()
-			return
-
 		if isinstance(doctype, Document):
 			super().__init__(doctype.as_dict())
 		else:

From d072e20cbd7796a275953dad33d49c3f5e94cd32 Mon Sep 17 00:00:00 2001
From: Sagar Vora <sagar@resilient.tech>
Date: Fri, 23 Dec 2022 11:04:51 +0530
Subject: [PATCH 10/41] chore: fix typo

---
 frappe/model/meta.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frappe/model/meta.py b/frappe/model/meta.py
index c9477f5b02..69a2cbd11e 100644
--- a/frappe/model/meta.py
+++ b/frappe/model/meta.py
@@ -129,7 +129,7 @@ class Meta(Document):
 
 	def process(self):
 		# don't process for special doctypes
-		# prevent's circular dependency
+		# prevents circular dependency
 		if self.name in self.special_doctypes:
 			self.init_field_caches()
 			return

From 5c7b5835829c51b89d967cd1a93c794b80dfc10d Mon Sep 17 00:00:00 2001
From: Hussain Nagaria <hussainbhaitech@gmail.com>
Date: Sat, 24 Dec 2022 12:32:51 +0530
Subject: [PATCH 11/41] fix(commands): require ngrok auth token in
 `site_config.json` to use ngrok command

* ngrok authtoken is now required to use the host_header feature
---
 frappe/commands/site.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/frappe/commands/site.py b/frappe/commands/site.py
index 1c0207ce4b..191be60c31 100644
--- a/frappe/commands/site.py
+++ b/frappe/commands/site.py
@@ -1128,6 +1128,14 @@ def start_ngrok(context, bind_tls):
 	site = get_site(context)
 	frappe.init(site=site)
 
+	ngrok_auth_token = frappe.conf.ngrok_auth_token
+	if not ngrok_auth_token:
+		frappe.errprint(
+			"'ngrok_auth_token' not found in site config. Please register for a free ngrok account at: https://dashboard.ngrok.com/signup and place the obtained authtoken in site_config.json file."
+		)
+		exit(0)
+	ngrok.set_auth_token(ngrok_auth_token)
+
 	port = frappe.conf.http_port or frappe.conf.webserver_port
 	tunnel = ngrok.connect(addr=str(port), host_header=site, bind_tls=bind_tls)
 	print(f"Public URL: {tunnel.public_url}")

From b9a6db3c08645a813e1fb44246fba73104b9aa40 Mon Sep 17 00:00:00 2001
From: Hussain Nagaria <hussainbhaitech@gmail.com>
Date: Sat, 24 Dec 2022 12:45:24 +0530
Subject: [PATCH 12/41] refactor: `ngrok_auth_token` -> `ngrok_authtoken`

* to be consistent with ngrok's naming convention
---
 frappe/commands/site.py | 96 +++++++++++++++++++++++++++++------------
 1 file changed, 69 insertions(+), 27 deletions(-)

diff --git a/frappe/commands/site.py b/frappe/commands/site.py
index 191be60c31..91e439dfeb 100644
--- a/frappe/commands/site.py
+++ b/frappe/commands/site.py
@@ -109,7 +109,8 @@ def new_site(
 	"--with-public-files", help="Restores the public files of the site, given path to its tar file"
 )
 @click.option(
-	"--with-private-files", help="Restores the private files of the site, given path to its tar file"
+	"--with-private-files",
+	help="Restores the private files of the site, given path to its tar file",
 )
 @click.option(
 	"--force",
@@ -191,7 +192,8 @@ def _restore(
 				fg="red",
 			)
 			click.secho(
-				"Use `bench partial-restore` to restore a partial backup to an existing site.", fg="yellow"
+				"Use `bench partial-restore` to restore a partial backup to an existing site.",
+				fg="yellow",
 			)
 			_backup.decryption_rollback()
 			sys.exit(1)
@@ -199,11 +201,15 @@ def _restore(
 	except UnicodeDecodeError:
 		_backup.decryption_rollback()
 		if encryption_key:
-			click.secho("Encrypted backup file detected. Decrypting using provided key.", fg="yellow")
+			click.secho(
+				"Encrypted backup file detected. Decrypting using provided key.", fg="yellow"
+			)
 			_backup.backup_decryption(encryption_key)
 
 		else:
-			click.secho("Encrypted backup file detected. Decrypting using site config.", fg="yellow")
+			click.secho(
+				"Encrypted backup file detected. Decrypting using site config.", fg="yellow"
+			)
 			encryption_key = get_or_generate_backup_encryption_key()
 			_backup.backup_decryption(encryption_key)
 
@@ -222,7 +228,8 @@ def _restore(
 				fg="red",
 			)
 			click.secho(
-				"Use `bench partial-restore` to restore a partial backup to an existing site.", fg="yellow"
+				"Use `bench partial-restore` to restore a partial backup to an existing site.",
+				fg="yellow",
 			)
 			_backup.decryption_rollback()
 			sys.exit(1)
@@ -324,7 +331,8 @@ def partial_restore(context, sql_file_path, verbose, encryption_key=None):
 			# Check for full backup file
 			if "Partial Backup" not in header:
 				click.secho(
-					"Full backup file detected.Use `bench restore` to restore a Frappe Site.", fg="red"
+					"Full backup file detected.Use `bench restore` to restore a Frappe Site.",
+					fg="red",
 				)
 				_backup.decryption_rollback()
 				sys.exit(1)
@@ -332,11 +340,15 @@ def partial_restore(context, sql_file_path, verbose, encryption_key=None):
 	except UnicodeDecodeError:
 		_backup.decryption_rollback()
 		if encryption_key:
-			click.secho("Encrypted backup file detected. Decrypting using provided key.", fg="yellow")
+			click.secho(
+				"Encrypted backup file detected. Decrypting using provided key.", fg="yellow"
+			)
 			key = encryption_key
 
 		else:
-			click.secho("Encrypted backup file detected. Decrypting using site config.", fg="yellow")
+			click.secho(
+				"Encrypted backup file detected. Decrypting using site config.", fg="yellow"
+			)
 			key = get_or_generate_backup_encryption_key()
 
 		_backup.backup_decryption(key)
@@ -355,7 +367,8 @@ def partial_restore(context, sql_file_path, verbose, encryption_key=None):
 			# Check for Full backup file.
 			if "Partial Backup" not in header:
 				click.secho(
-					"Full Backup file detected.Use `bench restore` to restore a Frappe Site.", fg="red"
+					"Full Backup file detected.Use `bench restore` to restore a Frappe Site.",
+					fg="red",
 				)
 				_backup.decryption_rollback()
 				sys.exit(1)
@@ -387,17 +400,26 @@ def reinstall(
 ):
 	"Reinstall site ie. wipe all data and start over"
 	site = get_site(context)
-	_reinstall(site, admin_password, db_root_username, db_root_password, yes, verbose=context.verbose)
+	_reinstall(
+		site, admin_password, db_root_username, db_root_password, yes, verbose=context.verbose
+	)
 
 
 def _reinstall(
-	site, admin_password=None, db_root_username=None, db_root_password=None, yes=False, verbose=False
+	site,
+	admin_password=None,
+	db_root_username=None,
+	db_root_password=None,
+	yes=False,
+	verbose=False,
 ):
 	from frappe.installer import _new_site
 	from frappe.utils.synchronization import filelock
 
 	if not yes:
-		click.confirm("This will wipe your database. Are you sure you want to reinstall?", abort=True)
+		click.confirm(
+			"This will wipe your database. Are you sure you want to reinstall?", abort=True
+		)
 	try:
 		frappe.init(site=site)
 		frappe.connect()
@@ -487,7 +509,9 @@ def list_apps(context, format):
 		apps = frappe.get_single("Installed Applications").installed_applications
 
 		if apps:
-			name_len, ver_len = (max(len(x.get(y)) for x in apps) for y in ["app_name", "app_version"])
+			name_len, ver_len = (
+				max(len(x.get(y)) for x in apps) for y in ["app_name", "app_version"]
+			)
 			template = f"{{0:{name_len}}} {{1:{ver_len}}} {{2}}"
 
 			installed_applications = [
@@ -528,7 +552,9 @@ def add_system_manager(context, email, first_name, last_name, send_welcome_email
 	for site in context.sites:
 		frappe.connect(site=site)
 		try:
-			frappe.utils.user.add_system_manager(email, first_name, last_name, send_welcome_email, password)
+			frappe.utils.user.add_system_manager(
+				email, first_name, last_name, send_welcome_email, password
+			)
 			frappe.db.commit()
 		finally:
 			frappe.destroy()
@@ -554,7 +580,9 @@ def add_user_for_sites(
 	for site in context.sites:
 		frappe.connect(site=site)
 		try:
-			add_new_user(email, first_name, last_name, user_type, send_welcome_email, password, add_role)
+			add_new_user(
+				email, first_name, last_name, user_type, send_welcome_email, password, add_role
+			)
 			frappe.db.commit()
 		finally:
 			frappe.destroy()
@@ -719,7 +747,10 @@ def use(site, sites_path="."):
 @click.option("--backup-path-private-files", default=None, help="Set path for saving private file")
 @click.option("--backup-path-conf", default=None, help="Set path for saving config file")
 @click.option(
-	"--ignore-backup-conf", default=False, is_flag=True, help="Ignore excludes/includes set in config"
+	"--ignore-backup-conf",
+	default=False,
+	is_flag=True,
+	help="Ignore excludes/includes set in config",
 )
 @click.option("--verbose", default=False, is_flag=True, help="Add verbosity")
 @click.option("--compress", default=False, is_flag=True, help="Compress private and public files")
@@ -772,9 +803,13 @@ def backup(
 				print(frappe.get_traceback())
 			exit_code = 1
 			continue
-		if frappe.get_system_settings("encrypt_backup") and frappe.get_site_config().encryption_key:
+		if (
+			frappe.get_system_settings("encrypt_backup")
+			and frappe.get_site_config().encryption_key
+		):
 			click.secho(
-				"Backup encryption is turned on. Please note the backup encryption key.", fg="yellow"
+				"Backup encryption is turned on. Please note the backup encryption key.",
+				fg="yellow",
 			)
 
 		odb.print_summary()
@@ -835,7 +870,9 @@ def uninstall(context, app, dry_run, yes, no_backup, force):
 			frappe.init(site=site)
 			frappe.connect()
 			with filelock("uninstall_app"):
-				remove_app(app_name=app, dry_run=dry_run, yes=yes, no_backup=no_backup, force=force)
+				remove_app(
+					app_name=app, dry_run=dry_run, yes=yes, no_backup=no_backup, force=force
+				)
 		finally:
 			frappe.destroy()
 	if not context.sites:
@@ -1128,13 +1165,14 @@ def start_ngrok(context, bind_tls):
 	site = get_site(context)
 	frappe.init(site=site)
 
-	ngrok_auth_token = frappe.conf.ngrok_auth_token
-	if not ngrok_auth_token:
-		frappe.errprint(
-			"'ngrok_auth_token' not found in site config. Please register for a free ngrok account at: https://dashboard.ngrok.com/signup and place the obtained authtoken in site_config.json file."
+	ngrok_authtoken = frappe.conf.ngrok_authtoken
+	if not ngrok_authtoken:
+		click.echo(
+			f"{click.style('ngrok_authtoken', bold=True)} not found in site config. Please register for a free ngrok account at: https://dashboard.ngrok.com/signup and place the obtained authtoken in site_config.json file.\n",
+			err=True,
 		)
-		exit(0)
-	ngrok.set_auth_token(ngrok_auth_token)
+		sys.exit(1)
+	ngrok.set_auth_token(ngrok_authtoken)
 
 	port = frappe.conf.http_port or frappe.conf.webserver_port
 	tunnel = ngrok.connect(addr=str(port), host_header=site, bind_tls=bind_tls)
@@ -1354,7 +1392,9 @@ def trim_tables(context, dry_run, format, no_backup):
 			trimmed_data = trim_tables(dry_run=dry_run, quiet=format == "json")
 
 			if format == "table" and not dry_run:
-				click.secho(f"The following data have been removed from {frappe.local.site}", fg="green")
+				click.secho(
+					f"The following data have been removed from {frappe.local.site}", fg="green"
+				)
 
 			handle_data(trimmed_data, format=format)
 		finally:
@@ -1369,7 +1409,9 @@ def handle_data(data: dict, format="json"):
 	else:
 		from frappe.utils.commands import render_table
 
-		data = [["DocType", "Fields"]] + [[table, ", ".join(columns)] for table, columns in data.items()]
+		data = [["DocType", "Fields"]] + [
+			[table, ", ".join(columns)] for table, columns in data.items()
+		]
 		render_table(data)
 
 

From a6db8ab5bc02d9c8b7bb5825cb01877e3741e09b Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Mon, 26 Dec 2022 12:19:55 +0530
Subject: [PATCH 13/41] fix: removed footer

Capitalized log in to frappe button
---
 .../emails/login_with_email_link.html         | 28 +++----------------
 1 file changed, 4 insertions(+), 24 deletions(-)

diff --git a/frappe/templates/emails/login_with_email_link.html b/frappe/templates/emails/login_with_email_link.html
index 0c7533ac8f..144869e2e6 100644
--- a/frappe/templates/emails/login_with_email_link.html
+++ b/frappe/templates/emails/login_with_email_link.html
@@ -1,5 +1,5 @@
-{% macro table(content, td_align, tb_color, tb_width) %}
-<table cellpadding="0" cellspacing="0" width="100%">
+{% macro table(content, table_class) %}
+<table class="{{ table_class or '' }}" cellpadding="0" cellspacing="0" width="100%" align="center">
 	<tbody>
 		<tr>
 			<td align="center">
@@ -25,7 +25,7 @@
 			<td align="center">
 				<div class="btn btn-primary" style="margin-top: 30px;">
 					<a href="{{ link or '#'}}" style="color: #fff; text-decoration: none;">
-						{{ _('LOG IN TO {0}').format(app_name.upper()) }}
+						{{ _('Log In To {0}').format(app_name) }}
 					</a>
 				</div>
 			</td>
@@ -34,28 +34,8 @@
 </table>
 {% endmacro %}
 
-{% macro footer() %}
-<div class="email-footer">
-	<div>{{ _('Thanks!') }}</div>
-	<div style="font-size: 17px;"><strong>{{ app_name }}</strong></div>
-</div>
-{% endmacro %}
-
 <div class="body-table with-container">
 	<div class="body-content">
-		<table class="email-container" align="center" cellspacing="0" cellpadding="0">
-			<tbody>
-				<tr>
-					<td>
-						<div class="email-body">
-							{{ table(body()) }}
-						</div>
-						<div class="email-footer-container">
-							{{ table(footer()) }}
-						</div>
-					</td>
-				</tr>
-			</tbody>
-		</table>
+		{{ table(table(body(), 'email-body'), 'email-container') }}
 	</div>
 </div>
\ No newline at end of file

From ef82ef944e82ec51b903b651db384e6b24e6c121 Mon Sep 17 00:00:00 2001
From: Gavin D'souza <gavin18d@gmail.com>
Date: Tue, 27 Dec 2022 14:17:09 +0530
Subject: [PATCH 14/41] fix: build_response for re.Match

---
 frappe/utils/response.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/frappe/utils/response.py b/frappe/utils/response.py
index 7b04b702e9..8ff5acdff0 100644
--- a/frappe/utils/response.py
+++ b/frappe/utils/response.py
@@ -159,6 +159,7 @@ def make_logs(response=None):
 def json_handler(obj):
 	"""serialize non-serializable data for json"""
 	from collections.abc import Iterable
+	from re import Match
 
 	if isinstance(obj, (datetime.date, datetime.datetime, datetime.time)):
 		return str(obj)
@@ -179,6 +180,9 @@ def json_handler(obj):
 	elif isinstance(obj, Iterable):
 		return list(obj)
 
+	elif isinstance(obj, Match):
+		return obj.string
+
 	elif type(obj) == type or isinstance(obj, Exception):
 		return repr(obj)
 

From 048de262fd665a49b27d9a7202d1ff0d3fbb345b Mon Sep 17 00:00:00 2001
From: Hussain Nagaria <hussainbhaitech@gmail.com>
Date: Thu, 29 Dec 2022 11:05:46 +0530
Subject: [PATCH 15/41] fix: don't set default in list view for fields not
 allowed

---
 frappe/core/doctype/doctype/doctype.py | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/frappe/core/doctype/doctype/doctype.py b/frappe/core/doctype/doctype/doctype.py
index e3f8ffd503..e1bb23b388 100644
--- a/frappe/core/doctype/doctype/doctype.py
+++ b/frappe/core/doctype/doctype/doctype.py
@@ -195,10 +195,12 @@ class DocType(Document):
 
 	def set_default_in_list_view(self):
 		"""Set default in-list-view for first 4 mandatory fields"""
+		not_allowed_in_list_view = get_fields_not_allowed_in_list_view(self.meta)
+
 		if not [d.fieldname for d in self.fields if d.in_list_view]:
 			cnt = 0
 			for d in self.fields:
-				if d.reqd and not d.hidden and not d.fieldtype in table_fields:
+				if d.reqd and not d.hidden and not d.fieldtype in not_allowed_in_list_view:
 					d.in_list_view = 1
 					cnt += 1
 					if cnt == 4:
@@ -1446,10 +1448,7 @@ def validate_fields(meta):
 	fields = meta.get("fields")
 	fieldname_list = [d.fieldname for d in fields]
 
-	not_allowed_in_list_view = list(copy.copy(no_value_fields))
-	not_allowed_in_list_view.append("Attach Image")
-	if meta.istable:
-		not_allowed_in_list_view.remove("Button")
+	not_allowed_in_list_view = get_fields_not_allowed_in_list_view(meta)
 
 	for d in fields:
 		if not d.permlevel:
@@ -1490,6 +1489,14 @@ def validate_fields(meta):
 	check_image_field(meta)
 
 
+def get_fields_not_allowed_in_list_view(meta) -> list[str]:
+	not_allowed_in_list_view = list(copy.copy(no_value_fields))
+	not_allowed_in_list_view.append("Attach Image")
+	if meta.istable:
+		not_allowed_in_list_view.remove("Button")
+	return not_allowed_in_list_view
+
+
 def validate_permissions_for_doctype(doctype, for_remove=False, alert=False):
 	"""Validates if permissions are set correctly."""
 	doctype = frappe.get_doc("DocType", doctype)

From f1553c479c9a98fa8a91f9f8f1eca773312892a4 Mon Sep 17 00:00:00 2001
From: Hussain Nagaria <hussainbhaitech@gmail.com>
Date: Thu, 29 Dec 2022 16:20:07 +0530
Subject: [PATCH 16/41] fix(test): override fields of test doctype if passed

---
 frappe/core/doctype/doctype/test_doctype.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/frappe/core/doctype/doctype/test_doctype.py b/frappe/core/doctype/doctype/test_doctype.py
index 2e74fd3a6a..916c29ebff 100644
--- a/frappe/core/doctype/doctype/test_doctype.py
+++ b/frappe/core/doctype/doctype/test_doctype.py
@@ -759,8 +759,7 @@ def new_doctype(
 		}
 	)
 
-	if fields:
-		for f in fields:
-			doc.append("fields", f)
+	if fields and len(fields) > 0:
+		doc.set("fields", fields)
 
 	return doc

From e96ce833439d559bdd741398aae804d03562f31d Mon Sep 17 00:00:00 2001
From: Hussain Nagaria <hussainbhaitech@gmail.com>
Date: Thu, 29 Dec 2022 16:22:06 +0530
Subject: [PATCH 17/41] test: not in list view by default for not allowed
 mandatory field types

---
 frappe/core/doctype/doctype/test_doctype.py | 22 +++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/frappe/core/doctype/doctype/test_doctype.py b/frappe/core/doctype/doctype/test_doctype.py
index 916c29ebff..e8226d4f9d 100644
--- a/frappe/core/doctype/doctype/test_doctype.py
+++ b/frappe/core/doctype/doctype/test_doctype.py
@@ -722,6 +722,28 @@ class TestDocType(FrappeTestCase):
 		self.assertEqual(frappe.get_meta(doctype).get_field(field).default, "DELETETHIS")
 		frappe.delete_doc("DocType", doctype)
 
+	def test_not_in_list_view_for_not_allowed_mandatory_field(self):
+		doctype = new_doctype(
+			fields=[
+				{
+					"fieldname": "cover_image",
+					"fieldtype": "Attach Image",
+					"label": "Cover Image",
+					"reqd": 1,  # mandatory
+				},
+				{
+					"fieldname": "book_name",
+					"fieldtype": "Data",
+					"label": "Book Name",
+					"reqd": 1,  # mandatory
+				},
+			],
+		).insert()
+
+		self.assertFalse(doctype.fields[0].in_list_view)
+		self.assertTrue(doctype.fields[1].in_list_view)
+		frappe.delete_doc("DocType", doctype.name)
+
 
 def new_doctype(
 	name: str | None = None,

From a43a0149eb25b4dc9692e33d106d51c65e42c7e3 Mon Sep 17 00:00:00 2001
From: Ankush Menat <ankush@frappe.io>
Date: Fri, 30 Dec 2022 13:38:41 +0530
Subject: [PATCH 18/41] refactor: improve test, rate limiting

---
 frappe/tests/test_auth.py         | 34 ++++++++++++++++++++--------
 frappe/tests/test_rate_limiter.py |  3 ---
 frappe/www/login.py               | 37 ++++++++++++++++---------------
 3 files changed, 44 insertions(+), 30 deletions(-)

diff --git a/frappe/tests/test_auth.py b/frappe/tests/test_auth.py
index 7e21cbe73b..fe8a290a04 100644
--- a/frappe/tests/test_auth.py
+++ b/frappe/tests/test_auth.py
@@ -2,12 +2,14 @@
 # License: MIT. See LICENSE
 import time
 
+import requests
+
 import frappe
 import frappe.utils
 from frappe.auth import LoginAttemptTracker
 from frappe.frappeclient import AuthError, FrappeClient
 from frappe.tests.utils import FrappeTestCase
-from frappe.www.login import login_via_key, send_login_link
+from frappe.www.login import _generate_temporary_login_link
 
 
 def add_user(email, password, username=None, mobile_no=None):
@@ -128,16 +130,30 @@ class TestAuth(FrappeTestCase):
 			FrappeClient(self.HOST_NAME, self.test_user_email, self.test_user_password).get_list("ToDo")
 
 	def test_login_with_email_link(self):
-		frappe.form_dict.email = self.test_user_email
-		frappe.local.request_ip = "127.0.0.1"
 
-		# test with valid key
-		key = send_login_link()
-		self.assertEqual(login_via_key(key), self.test_user_email)
+		user = self.test_user_email
 
-		# test with invalid key
-		login_via_key("invalid_key")
-		self.assertEqual(frappe.local.response["http_status_code"], 403)
+		# Logs in
+		res = requests.get(_generate_temporary_login_link(user, 10))
+		self.assertEqual(res.status_code, 200)
+		self.assertTrue(res.cookies.get("sid"))
+		self.assertNotEqual(res.cookies.get("sid"), "Guest")
+
+		# Random incorrect URL
+		res = requests.get(_generate_temporary_login_link(user, 10) + "aa")
+		self.assertEqual(res.cookies.get("sid"), "Guest")
+
+		# POST doesn't work
+		res = requests.post(_generate_temporary_login_link(user, 10))
+		self.assertEqual(res.status_code, 403)
+
+		# Rate limiting
+		for _ in range(6):
+			res = requests.get(_generate_temporary_login_link(user, 10))
+			if res.status_code == 417:
+				break
+		else:
+			self.fail("Rate limting not working")
 
 
 class TestLoginAttemptTracker(FrappeTestCase):
diff --git a/frappe/tests/test_rate_limiter.py b/frappe/tests/test_rate_limiter.py
index e93bf98875..c8485d6c69 100644
--- a/frappe/tests/test_rate_limiter.py
+++ b/frappe/tests/test_rate_limiter.py
@@ -13,9 +13,6 @@ from frappe.utils import cint
 
 
 class TestRateLimiter(FrappeTestCase):
-	def setUp(self):
-		pass
-
 	def test_apply_with_limit(self):
 		frappe.conf.rate_limit = {"window": 86400, "limit": 1}
 		frappe.rate_limiter.apply()
diff --git a/frappe/www/login.py b/frappe/www/login.py
index f2cc6bccd8..ce65390f3c 100644
--- a/frappe/www/login.py
+++ b/frappe/www/login.py
@@ -149,21 +149,11 @@ def login_via_token(login_token):
 
 
 @frappe.whitelist(allow_guest=True)
-@rate_limit(key="email", limit=5, seconds=60 * 60)
+@rate_limit(limit=5, seconds=60 * 60)
 def send_login_link(email: str):
-	if not frappe.db.exists("User", email):
-		frappe.throw(
-			_("User with email address {0} does not exist").format(email), frappe.DoesNotExistError
-		)
 
-	key = frappe.generate_hash("Login Link", 20)
-	minutes = frappe.get_system_settings("login_with_email_link_expiry") or 10
-	frappe.cache().set_value(f"one_time_login_key:{key}", email, expires_in_sec=minutes * 60)
-
-	link = get_url(f"/api/method/frappe.www.login.login_via_key?key={key}")
-
-	if frappe.flags.in_test:
-		return key
+	expiry = frappe.get_system_settings("login_with_email_link_expiry") or 10
+	link = _generate_temporary_login_link(email, expiry)
 
 	app_name = (
 		frappe.get_website_settings("app_name") or frappe.get_system_settings("app_name") or _("Frappe")
@@ -175,12 +165,26 @@ def send_login_link(email: str):
 		subject=subject,
 		recipients=email,
 		template="login_with_email_link",
-		args={"link": link, "minutes": minutes, "app_name": app_name},
+		args={"link": link, "minutes": expiry, "app_name": app_name},
 		now=True,
 	)
 
 
-@frappe.whitelist(allow_guest=True)
+def _generate_temporary_login_link(email: str, expiry: int):
+	assert isinstance(email, str)
+
+	if not frappe.db.exists("User", email):
+		frappe.throw(
+			_("User with email address {0} does not exist").format(email), frappe.DoesNotExistError
+		)
+	key = frappe.generate_hash()
+	frappe.cache().set_value(f"one_time_login_key:{key}", email, expires_in_sec=expiry * 60)
+
+	return get_url(f"/api/method/frappe.www.login.login_via_key?key={key}")
+
+
+@frappe.whitelist(allow_guest=True, methods=["GET"])
+@rate_limit(limit=5, seconds=60 * 60)
 def login_via_key(key: str):
 	cache_key = f"one_time_login_key:{key}"
 	email = frappe.cache().get_value(cache_key)
@@ -188,9 +192,6 @@ def login_via_key(key: str):
 	if email:
 		frappe.cache().delete_value(cache_key)
 
-		if frappe.flags.in_test:
-			return email
-
 		frappe.local.login_manager.login_as(email)
 
 		redirect_post_login(

From 1ddbb9d7a468e1f0de59f6d17ec0eddb705daf7f Mon Sep 17 00:00:00 2001
From: aliX40 <55487948+aliX40@users.noreply.github.com>
Date: Fri, 30 Dec 2022 13:20:24 +0100
Subject: [PATCH 19/41] chore: make min read string translatable in blog post
 (#19410)

* Make min read translatable

min read doesn't get translated, which can be a little bit annoying when writing blog posts in other languages other than english


Co-authored-by: phot0n <ritwikpuri5678@gmail.com>
---
 frappe/website/doctype/blog_post/templates/blog_post.html     | 2 +-
 frappe/website/doctype/blog_post/templates/blog_post_row.html | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/frappe/website/doctype/blog_post/templates/blog_post.html b/frappe/website/doctype/blog_post/templates/blog_post.html
index 67236fb26d..b5e2f8d4f8 100644
--- a/frappe/website/doctype/blog_post/templates/blog_post.html
+++ b/frappe/website/doctype/blog_post/templates/blog_post.html
@@ -22,7 +22,7 @@
 				<time datetime="{{ published_on }}">{{ frappe.format_date(published_on) }}</time>
 				{%- if read_time -%}
 				&nbsp;&middot;
-				<span>{{ read_time }} min read</span>
+				<span>{{ read_time }} {{ _('min read') }} </span>
 				{%- endif -%}
 			</div>
 		</div>
diff --git a/frappe/website/doctype/blog_post/templates/blog_post_row.html b/frappe/website/doctype/blog_post/templates/blog_post_row.html
index f8494d12b0..91beeb12e9 100644
--- a/frappe/website/doctype/blog_post/templates/blog_post_row.html
+++ b/frappe/website/doctype/blog_post/templates/blog_post_row.html
@@ -33,7 +33,7 @@
 					<a href="/blog?blogger={{ post.blogger }}">{{ post.full_name }}</a>
 					<div class="small">
 						{{ frappe.format_date(post.published_on) }}
-						{% if post.read_time %} &middot; {{ post.read_time }} min read {% endif %}
+						{% if post.read_time %} &middot; {{ post.read_time }} {{ _('min read') }} {% endif %}
 					</div>
 				</div>
 			</div>

From 31d1bd6cc767aa670871f9fb20b292ea7aaeeef1 Mon Sep 17 00:00:00 2001
From: phot0n <ritwikpuri5678@gmail.com>
Date: Fri, 30 Dec 2022 19:27:17 +0530
Subject: [PATCH 20/41] chore: linter

---
 frappe/commands/site.py | 53 ++++++++++-------------------------------
 1 file changed, 13 insertions(+), 40 deletions(-)

diff --git a/frappe/commands/site.py b/frappe/commands/site.py
index 91e439dfeb..2f111200e5 100644
--- a/frappe/commands/site.py
+++ b/frappe/commands/site.py
@@ -201,15 +201,11 @@ def _restore(
 	except UnicodeDecodeError:
 		_backup.decryption_rollback()
 		if encryption_key:
-			click.secho(
-				"Encrypted backup file detected. Decrypting using provided key.", fg="yellow"
-			)
+			click.secho("Encrypted backup file detected. Decrypting using provided key.", fg="yellow")
 			_backup.backup_decryption(encryption_key)
 
 		else:
-			click.secho(
-				"Encrypted backup file detected. Decrypting using site config.", fg="yellow"
-			)
+			click.secho("Encrypted backup file detected. Decrypting using site config.", fg="yellow")
 			encryption_key = get_or_generate_backup_encryption_key()
 			_backup.backup_decryption(encryption_key)
 
@@ -340,15 +336,11 @@ def partial_restore(context, sql_file_path, verbose, encryption_key=None):
 	except UnicodeDecodeError:
 		_backup.decryption_rollback()
 		if encryption_key:
-			click.secho(
-				"Encrypted backup file detected. Decrypting using provided key.", fg="yellow"
-			)
+			click.secho("Encrypted backup file detected. Decrypting using provided key.", fg="yellow")
 			key = encryption_key
 
 		else:
-			click.secho(
-				"Encrypted backup file detected. Decrypting using site config.", fg="yellow"
-			)
+			click.secho("Encrypted backup file detected. Decrypting using site config.", fg="yellow")
 			key = get_or_generate_backup_encryption_key()
 
 		_backup.backup_decryption(key)
@@ -400,9 +392,7 @@ def reinstall(
 ):
 	"Reinstall site ie. wipe all data and start over"
 	site = get_site(context)
-	_reinstall(
-		site, admin_password, db_root_username, db_root_password, yes, verbose=context.verbose
-	)
+	_reinstall(site, admin_password, db_root_username, db_root_password, yes, verbose=context.verbose)
 
 
 def _reinstall(
@@ -417,9 +407,7 @@ def _reinstall(
 	from frappe.utils.synchronization import filelock
 
 	if not yes:
-		click.confirm(
-			"This will wipe your database. Are you sure you want to reinstall?", abort=True
-		)
+		click.confirm("This will wipe your database. Are you sure you want to reinstall?", abort=True)
 	try:
 		frappe.init(site=site)
 		frappe.connect()
@@ -509,9 +497,7 @@ def list_apps(context, format):
 		apps = frappe.get_single("Installed Applications").installed_applications
 
 		if apps:
-			name_len, ver_len = (
-				max(len(x.get(y)) for x in apps) for y in ["app_name", "app_version"]
-			)
+			name_len, ver_len = (max(len(x.get(y)) for x in apps) for y in ["app_name", "app_version"])
 			template = f"{{0:{name_len}}} {{1:{ver_len}}} {{2}}"
 
 			installed_applications = [
@@ -552,9 +538,7 @@ def add_system_manager(context, email, first_name, last_name, send_welcome_email
 	for site in context.sites:
 		frappe.connect(site=site)
 		try:
-			frappe.utils.user.add_system_manager(
-				email, first_name, last_name, send_welcome_email, password
-			)
+			frappe.utils.user.add_system_manager(email, first_name, last_name, send_welcome_email, password)
 			frappe.db.commit()
 		finally:
 			frappe.destroy()
@@ -580,9 +564,7 @@ def add_user_for_sites(
 	for site in context.sites:
 		frappe.connect(site=site)
 		try:
-			add_new_user(
-				email, first_name, last_name, user_type, send_welcome_email, password, add_role
-			)
+			add_new_user(email, first_name, last_name, user_type, send_welcome_email, password, add_role)
 			frappe.db.commit()
 		finally:
 			frappe.destroy()
@@ -803,10 +785,7 @@ def backup(
 				print(frappe.get_traceback())
 			exit_code = 1
 			continue
-		if (
-			frappe.get_system_settings("encrypt_backup")
-			and frappe.get_site_config().encryption_key
-		):
+		if frappe.get_system_settings("encrypt_backup") and frappe.get_site_config().encryption_key:
 			click.secho(
 				"Backup encryption is turned on. Please note the backup encryption key.",
 				fg="yellow",
@@ -870,9 +849,7 @@ def uninstall(context, app, dry_run, yes, no_backup, force):
 			frappe.init(site=site)
 			frappe.connect()
 			with filelock("uninstall_app"):
-				remove_app(
-					app_name=app, dry_run=dry_run, yes=yes, no_backup=no_backup, force=force
-				)
+				remove_app(app_name=app, dry_run=dry_run, yes=yes, no_backup=no_backup, force=force)
 		finally:
 			frappe.destroy()
 	if not context.sites:
@@ -1392,9 +1369,7 @@ def trim_tables(context, dry_run, format, no_backup):
 			trimmed_data = trim_tables(dry_run=dry_run, quiet=format == "json")
 
 			if format == "table" and not dry_run:
-				click.secho(
-					f"The following data have been removed from {frappe.local.site}", fg="green"
-				)
+				click.secho(f"The following data have been removed from {frappe.local.site}", fg="green")
 
 			handle_data(trimmed_data, format=format)
 		finally:
@@ -1409,9 +1384,7 @@ def handle_data(data: dict, format="json"):
 	else:
 		from frappe.utils.commands import render_table
 
-		data = [["DocType", "Fields"]] + [
-			[table, ", ".join(columns)] for table, columns in data.items()
-		]
+		data = [["DocType", "Fields"]] + [[table, ", ".join(columns)] for table, columns in data.items()]
 		render_table(data)
 
 

From 384c01b92f815d29602699c645e66ee8e6d92b7a Mon Sep 17 00:00:00 2001
From: Hussain Nagaria <hussainbhaitech@gmail.com>
Date: Sat, 31 Dec 2022 20:01:50 +0530
Subject: [PATCH 21/41] fix: show document title instead of name in like
 notification email subject

---
 frappe/templates/includes/likes/likes.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/frappe/templates/includes/likes/likes.py b/frappe/templates/includes/likes/likes.py
index ae9b88ba07..aadce4a0cb 100644
--- a/frappe/templates/includes/likes/likes.py
+++ b/frappe/templates/includes/likes/likes.py
@@ -26,7 +26,8 @@ def like(reference_doctype, reference_name, like, route=""):
 		clear_cache(route)
 
 	if like and ref_doc.enable_email_notification:
-		subject = _("Like on {0}: {1}").format(reference_doctype, reference_name)
+		ref_doc_title = ref_doc.get_title()
+		subject = _("Like on {0}: {1}").format(reference_doctype, ref_doc_title)
 		content = _("You have received a ❤️ like on your blog post")
 		message = f"<p>{content} <b>{reference_name}</b></p>"
 		message = message + "<p><a href='{}/{}#likes' style='font-size: 80%'>{}</a></p>".format(

From 7eb31f1fa5028c7cca36b46248f1f45b9d8ae4ab Mon Sep 17 00:00:00 2001
From: Hussain Nagaria <hussainbhaitech@gmail.com>
Date: Sat, 31 Dec 2022 20:04:59 +0530
Subject: [PATCH 22/41] fix: use title instead of name in message body too

---
 frappe/templates/includes/likes/likes.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frappe/templates/includes/likes/likes.py b/frappe/templates/includes/likes/likes.py
index aadce4a0cb..884835c056 100644
--- a/frappe/templates/includes/likes/likes.py
+++ b/frappe/templates/includes/likes/likes.py
@@ -29,7 +29,7 @@ def like(reference_doctype, reference_name, like, route=""):
 		ref_doc_title = ref_doc.get_title()
 		subject = _("Like on {0}: {1}").format(reference_doctype, ref_doc_title)
 		content = _("You have received a ❤️ like on your blog post")
-		message = f"<p>{content} <b>{reference_name}</b></p>"
+		message = f"<p>{content} <b>{ref_doc_title}</b></p>"
 		message = message + "<p><a href='{}/{}#likes' style='font-size: 80%'>{}</a></p>".format(
 			frappe.utils.get_request_site_address(), ref_doc.route, _("View Blog Post")
 		)

From 9ca2826f33c772a55be981c408a93e2155196f4e Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Sun, 1 Jan 2023 13:50:15 +0530
Subject: [PATCH 23/41] fix: alt/option key to see fieldname instead of
 cmd/ctrl key

---
 frappe/public/js/frappe/form/layout.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/frappe/public/js/frappe/form/layout.js b/frappe/public/js/frappe/form/layout.js
index b425bfd475..0b10d13548 100644
--- a/frappe/public/js/frappe/form/layout.js
+++ b/frappe/public/js/frappe/form/layout.js
@@ -532,12 +532,12 @@ frappe.ui.form.Layout = class Layout {
 
 	setup_tooltip_events() {
 		$(document).on("keydown", (e) => {
-			if (e.metaKey || e.ctrlKey) {
+			if (e.altKey) {
 				this.wrapper.addClass("show-tooltip");
 			}
 		});
 		$(document).on("keyup", (e) => {
-			if (!e.metaKey || !e.ctrlKey) {
+			if (!e.altKey) {
 				this.wrapper.removeClass("show-tooltip");
 			}
 		});

From 538a5be99fc888995e9ddf3324f221d9f9cda28f Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Sun, 1 Jan 2023 13:51:10 +0530
Subject: [PATCH 24/41] feat: copy fieldname to clipboard on click

minor dark mode color fix
---
 frappe/public/js/frappe/form/controls/base_control.js | 9 ++++++++-
 frappe/public/scss/common/css_variables.scss          | 1 +
 frappe/public/scss/desk/dark.scss                     | 1 +
 frappe/public/scss/desk/form.scss                     | 6 +++---
 4 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/frappe/public/js/frappe/form/controls/base_control.js b/frappe/public/js/frappe/form/controls/base_control.js
index 37cb977fdc..2188f29e94 100644
--- a/frappe/public/js/frappe/form/controls/base_control.js
+++ b/frappe/public/js/frappe/form/controls/base_control.js
@@ -13,7 +13,14 @@ frappe.ui.form.Control = class BaseControl {
 			.attr("data-fieldname", this.df.fieldname);
 		this.wrapper = this.$wrapper.get(0);
 		this.wrapper.fieldobj = this; // reference for event handlers
-		this.$wrapper.append(`<span class="tooltip-content">${__(this.df.fieldname)}</span>`);
+
+		this.tooltip = $(`<span class="tooltip-content">${__(this.df.fieldname)}</span>`);
+		this.$wrapper.append(this.tooltip);
+
+		this.tooltip.on("click", (e) => {
+			let text = $(e.target).text();
+			frappe.utils.copy_to_clipboard(text);
+		});
 	}
 
 	make_wrapper() {
diff --git a/frappe/public/scss/common/css_variables.scss b/frappe/public/scss/common/css_variables.scss
index d4a09beab1..1914e7479b 100644
--- a/frappe/public/scss/common/css_variables.scss
+++ b/frappe/public/scss/common/css_variables.scss
@@ -166,6 +166,7 @@ $input-height: 28px !default;
 	--bg-red: var(--red-50);
 	--bg-gray: var(--gray-200);
 	--bg-light-gray: var(--gray-100);
+	--bg-dark-gray: var(--gray-900);
 	--bg-purple: var(--purple-100);
 	--bg-pink: var(--pink-50);
 	--bg-cyan: var(--cyan-50);
diff --git a/frappe/public/scss/desk/dark.scss b/frappe/public/scss/desk/dark.scss
index b299c042d3..aad3e4b597 100644
--- a/frappe/public/scss/desk/dark.scss
+++ b/frappe/public/scss/desk/dark.scss
@@ -55,6 +55,7 @@
 	--bg-red: var(--red-500);
 	--bg-gray: var(--gray-600);
 	--bg-light-gray: var(--gray-700);
+	--bg-dark-gray: var(--gray-300);
 	--bg-purple: var(--purple-600);
 
 	--text-on-blue: var(--blue-50);
diff --git a/frappe/public/scss/desk/form.scss b/frappe/public/scss/desk/form.scss
index b2cb19baf7..80121db3cf 100644
--- a/frappe/public/scss/desk/form.scss
+++ b/frappe/public/scss/desk/form.scss
@@ -3,16 +3,16 @@
 
 .tooltip-content {
 	position: absolute;
-	bottom: 104%;
+	bottom: 100%;
 	left: 0;
 	z-index: 9999;
 	padding: 2px 6px;
 	border-radius: var(--border-radius-sm);
-	background: var(--gray-dark);
+	background-color: var(--bg-dark-gray);
 	color: var(--text-dark);
 	font-size: var(--text-xs);
 	opacity: 0;
-	cursor: default;
+	cursor: copy;
 	transition: opacity 0.3s, transform 3s;
 	pointer-events: none;
 }

From d3b020cf23347f7ebc789fdcb3d478a7c15613d0 Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Sun, 1 Jan 2023 14:31:31 +0530
Subject: [PATCH 25/41] docs: updated Keyboard Shortcut List

---
 frappe/public/js/frappe/form/layout.js | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/frappe/public/js/frappe/form/layout.js b/frappe/public/js/frappe/form/layout.js
index 0b10d13548..2f400c8313 100644
--- a/frappe/public/js/frappe/form/layout.js
+++ b/frappe/public/js/frappe/form/layout.js
@@ -35,7 +35,7 @@ frappe.ui.form.Layout = class Layout {
 		}
 
 		this.setup_tab_events();
-		this.setup_tooltip_events();
+		this.frm && this.setup_tooltip_events();
 		this.render();
 	}
 
@@ -541,6 +541,12 @@ frappe.ui.form.Layout = class Layout {
 				this.wrapper.removeClass("show-tooltip");
 			}
 		});
+		this.frm.page &&
+			frappe.ui.keys.add_shortcut({
+				shortcut: "alt+hover",
+				page: this.frm.page,
+				description: __("Show Fieldname (click to copy on clipboard)"),
+			});
 	}
 
 	handle_tab(doctype, fieldname, shift) {

From 0e40dff4d71e6c0fd637f7bc03fd0e5a83ec476c Mon Sep 17 00:00:00 2001
From: Sagar Vora <sagar@resilient.tech>
Date: Sun, 1 Jan 2023 10:30:11 +0000
Subject: [PATCH 26/41] chore: bump gitpython to `3.1.30` (#19446)

---
 .github/workflows/linters.yml | 2 +-
 pyproject.toml                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/linters.yml b/.github/workflows/linters.yml
index 9c0a1f4ce2..01b5407489 100644
--- a/.github/workflows/linters.yml
+++ b/.github/workflows/linters.yml
@@ -83,4 +83,4 @@ jobs:
       - uses: actions/checkout@v3
       - run: |
           pip install pip-audit
-          pip-audit ${GITHUB_WORKSPACE} --ignore-vuln GHSA-hcpj-qp55-gfph
+          pip-audit ${GITHUB_WORKSPACE}
diff --git a/pyproject.toml b/pyproject.toml
index ec649f231c..484fd13d1b 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -12,7 +12,7 @@ dependencies = [
     "Babel~=2.9.0",
     "Click~=8.1.3",
     "filelock~=3.8.0",
-    "GitPython~=3.1.14",
+    "GitPython~=3.1.30",
     "Jinja2~=3.1.2",
     "Pillow~=9.3.0",
     "PyJWT~=2.4.0",

From 324c3e24c4085d13650aa2075e2a0e02166fd433 Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Mon, 2 Jan 2023 10:20:16 +0530
Subject: [PATCH 27/41] fix: replace all spaces with _ to generate fieldname

---
 frappe/public/js/form_builder/utils.js                      | 4 ++--
 frappe/website/doctype/web_form/templates/web_form_row.html | 4 ++++
 frappe/website/doctype/web_form/web_form.json               | 2 +-
 3 files changed, 7 insertions(+), 3 deletions(-)
 create mode 100644 frappe/website/doctype/web_form/templates/web_form_row.html

diff --git a/frappe/public/js/form_builder/utils.js b/frappe/public/js/form_builder/utils.js
index d149a48c16..4c2887e4e7 100644
--- a/frappe/public/js/form_builder/utils.js
+++ b/frappe/public/js/form_builder/utils.js
@@ -279,7 +279,7 @@ export function scrub_field_names(fields) {
 		if (d.fieldtype) {
 			if (!d.fieldname) {
 				if (d.label) {
-					d.fieldname = d.label.trim().toLowerCase().replace(" ", "_");
+					d.fieldname = d.label.trim().toLowerCase().replaceAll(" ", "_");
 					if (d.fieldname.endsWith("?")) {
 						d.fieldname = d.fieldname.slice(0, -1);
 					}
@@ -295,7 +295,7 @@ export function scrub_field_names(fields) {
 					}
 				} else {
 					d.fieldname =
-						d.fieldtype.toLowerCase().replace(" ", "_") +
+						d.fieldtype.toLowerCase().replaceAll(" ", "_") +
 						"_" +
 						frappe.utils.get_random(4);
 				}
diff --git a/frappe/website/doctype/web_form/templates/web_form_row.html b/frappe/website/doctype/web_form/templates/web_form_row.html
new file mode 100644
index 0000000000..d7014b453a
--- /dev/null
+++ b/frappe/website/doctype/web_form/templates/web_form_row.html
@@ -0,0 +1,4 @@
+<div>
+	<a href="{{ doc.route }}">{{ doc.title or doc.name }}</a>
+</div>
+<!-- this is a sample default list template -->
diff --git a/frappe/website/doctype/web_form/web_form.json b/frappe/website/doctype/web_form/web_form.json
index 0c2e416696..21e501481b 100644
--- a/frappe/website/doctype/web_form/web_form.json
+++ b/frappe/website/doctype/web_form/web_form.json
@@ -364,7 +364,7 @@
  "icon": "icon-edit",
  "is_published_field": "published",
  "links": [],
- "modified": "2022-12-15 17:14:44.939645",
+ "modified": "2023-01-02 10:19:15.680960",
  "modified_by": "Administrator",
  "module": "Website",
  "name": "Web Form",

From f39c6e18f65eb6040f6201f531f74e250709f50d Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Mon, 2 Jan 2023 10:24:26 +0530
Subject: [PATCH 28/41] fix: do not allow to make check field mandatory

---
 frappe/public/js/form_builder/components/FieldProperties.vue | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/frappe/public/js/form_builder/components/FieldProperties.vue b/frappe/public/js/form_builder/components/FieldProperties.vue
index 23945554a7..b5597d20c5 100644
--- a/frappe/public/js/form_builder/components/FieldProperties.vue
+++ b/frappe/public/js/form_builder/components/FieldProperties.vue
@@ -25,6 +25,10 @@ let docfield_df = computed(() => {
 			return false;
 		}
 
+		if (df.fieldname === "reqd" && store.selected_field.fieldtype === "Check") {
+			return false;
+		}
+
 		if (df.fieldname === "options") {
 			df.fieldtype = "Small Text";
 			df.options = "";

From 0e9d16820b6342294559fb6c9c8acffc05001109 Mon Sep 17 00:00:00 2001
From: rohitwaghchaure <rohitw1991@gmail.com>
Date: Mon, 2 Jan 2023 11:35:21 +0530
Subject: [PATCH 29/41] fix: For Update for child table (#19436)

---
 frappe/model/document.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/frappe/model/document.py b/frappe/model/document.py
index 773ee4a764..7222cf4ad6 100644
--- a/frappe/model/document.py
+++ b/frappe/model/document.py
@@ -178,6 +178,7 @@ class Document(BaseDocument):
 					"*",
 					as_dict=True,
 					order_by="idx asc",
+					for_update=self.flags.for_update,
 				)
 				or []
 			)

From 4d048cd651b2250031918e706e327124a3fa681e Mon Sep 17 00:00:00 2001
From: Ankush Menat <ankush@frappe.io>
Date: Mon, 2 Jan 2023 11:50:25 +0530
Subject: [PATCH 30/41] fix: type hint for image view

closes https://github.com/frappe/frappe/issues/19426
---
 frappe/core/api/file.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frappe/core/api/file.py b/frappe/core/api/file.py
index c2354516a8..e3e6a9de08 100644
--- a/frappe/core/api/file.py
+++ b/frappe/core/api/file.py
@@ -13,7 +13,7 @@ def unzip_file(name: str):
 
 
 @frappe.whitelist()
-def get_attached_images(doctype: str, names: list[str]) -> frappe._dict:
+def get_attached_images(doctype: str, names: list[str] | str) -> frappe._dict:
 	"""get list of image urls attached in form
 	returns {name: ['image.jpg', 'image.png']}"""
 

From 5ece1d7c394a80f2d63828601afe517c08cc676c Mon Sep 17 00:00:00 2001
From: Ankush Menat <ankush@frappe.io>
Date: Mon, 2 Jan 2023 12:01:32 +0530
Subject: [PATCH 31/41] fix: Allow everyone to read geo data (#19451)

This is static data present in code, no need to apply permissions.

closes https://github.com/frappe/frappe/issues/19394
---
 frappe/geo/country_info.py | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/frappe/geo/country_info.py b/frappe/geo/country_info.py
index 2aefa27170..3267149d4c 100644
--- a/frappe/geo/country_info.py
+++ b/frappe/geo/country_info.py
@@ -5,6 +5,7 @@ import json
 
 # all country info
 import os
+from functools import lru_cache
 
 import frappe
 from frappe.utils.momentjs import get_all_timezones
@@ -27,8 +28,13 @@ def get_all():
 	return all_data
 
 
-@frappe.whitelist()
+@frappe.whitelist(allow_guest=True)
 def get_country_timezone_info():
+	return _get_country_timezone_info()
+
+
+@lru_cache(maxsize=2)
+def _get_country_timezone_info():
 	return {"country_info": get_all(), "all_timezones": get_all_timezones()}
 
 

From c29f6892b3f5f4ccd7ecc48a45936986aeae9552 Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Mon, 2 Jan 2023 12:03:13 +0530
Subject: [PATCH 32/41] fix: repositioned action buttons

---
 .../js/form_builder/form_builder.bundle.js    | 26 ++++++++++++-------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/frappe/public/js/form_builder/form_builder.bundle.js b/frappe/public/js/form_builder/form_builder.bundle.js
index 0b4a1a7cc2..ae19edbfc6 100644
--- a/frappe/public/js/form_builder/form_builder.bundle.js
+++ b/frappe/public/js/form_builder/form_builder.bundle.js
@@ -45,18 +45,26 @@ class FormBuilder {
 			this.store.read_only = this.store.preview;
 			this.read_only = true;
 		});
-		this.customize_form_btn = this.page.add_button(__("For Customize Form"), () => {
-			frappe.set_route("form-builder", this.doctype, "customize");
-		});
-		this.doctype_form_btn = this.page.add_button(__("For DocType Form"), () => {
-			frappe.set_route("form-builder", this.doctype);
-		});
 
 		this.reset_changes_btn = this.page.add_button(__("Reset Changes"), () => {
 			this.store.reset_changes();
 		});
 
-		this.go_to_doctype_btn = this.page.add_menu_item(__("Go to Doctype"), () =>
+		this.go_to_doctype_list_btn = this.page.add_button(
+			__("Go to {0} List", [__(this.doctype)]),
+			() => {
+				window.open(`/app/${frappe.router.slug(this.doctype)}`);
+			}
+		);
+
+		this.customize_form_btn = this.page.add_menu_item(__("Switch to Customize Form"), () => {
+			frappe.set_route("form-builder", this.doctype, "customize");
+		});
+		this.doctype_form_btn = this.page.add_menu_item(__("Switch to DocType Form"), () => {
+			frappe.set_route("form-builder", this.doctype);
+		});
+
+		this.go_to_doctype_btn = this.page.add_menu_item(__("Go to DocType"), () =>
 			frappe.set_route("Form", "DocType", this.doctype)
 		);
 		this.go_to_customize_form_btn = this.page.add_menu_item(__("Go to Customize Form"), () =>
@@ -121,9 +129,7 @@ class FormBuilder {
 					? __("Go to {0}", [__(this.doctype)])
 					: __("Go to {0} List", [__(this.doctype)]);
 
-				this.page.add_menu_item(label, () => {
-					window.open(`/app/${frappe.router.slug(this.doctype)}`);
-				});
+				this.go_to_doctype_list_btn.text(label);
 			}
 
 			// toggle preview btn text

From 69af3e883bc33eadf4055e100cb8e82c97f3ddd5 Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Mon, 2 Jan 2023 12:03:50 +0530
Subject: [PATCH 33/41] fix: added description for section

---
 frappe/public/js/form_builder/components/FormBuilder.vue | 4 ++++
 frappe/public/js/form_builder/components/Section.vue     | 7 +++++++
 2 files changed, 11 insertions(+)

diff --git a/frappe/public/js/form_builder/components/FormBuilder.vue b/frappe/public/js/form_builder/components/FormBuilder.vue
index d1bebb2210..a81632c8c1 100644
--- a/frappe/public/js/form_builder/components/FormBuilder.vue
+++ b/frappe/public/js/form_builder/components/FormBuilder.vue
@@ -210,6 +210,10 @@ onMounted(() => {
 				}
 			}
 
+			.section-description {
+				padding-left: 15px;
+			}
+
 			.section-columns {
 				margin-top: 8px;
 
diff --git a/frappe/public/js/form_builder/components/Section.vue b/frappe/public/js/form_builder/components/Section.vue
index cbf848c10a..2cb24a8d4c 100644
--- a/frappe/public/js/form_builder/components/Section.vue
+++ b/frappe/public/js/form_builder/components/Section.vue
@@ -128,6 +128,7 @@ function move_sections_to_tab() {
 					</button>
 				</div>
 			</div>
+			<div v-if="section.df.description" class="section-description">{{ section.df.description }}</div>
 			<div class="section-columns" :class="{ hidden: section.df.collapsible && collapsed }">
 				<draggable
 					class="section-columns-container"
@@ -228,6 +229,12 @@ function move_sections_to_tab() {
 			}
 		}
 
+		.section-description {
+			margin-bottom: 10px;
+			font-size: var(--text-xs);
+			color: var(--text-muted);
+		}
+
 		.section-columns-container {
 			display: flex;
 			min-height: 2rem;

From 16eeedc28c1a070be87ac9278d5f24d44413e15b Mon Sep 17 00:00:00 2001
From: phot0n <ritwikpuri5678@gmail.com>
Date: Mon, 2 Jan 2023 16:12:21 +0530
Subject: [PATCH 34/41] feat(minor): add use-default-authtoken to ngrok command

---
 frappe/commands/site.py | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/frappe/commands/site.py b/frappe/commands/site.py
index 2f111200e5..fbbdde8e03 100644
--- a/frappe/commands/site.py
+++ b/frappe/commands/site.py
@@ -1134,8 +1134,14 @@ def stop_recording(context):
 @click.option(
 	"--bind-tls", is_flag=True, default=False, help="Returns a reference to the https tunnel."
 )
+@click.option(
+	"--use-default-authtoken",
+	is_flag=True,
+	default=False,
+	help="Use the auth token present in ngrok's config.",
+)
 @pass_context
-def start_ngrok(context, bind_tls):
+def start_ngrok(context, bind_tls, use_default_authtoken):
 	"""Start a ngrok tunnel to your local development server."""
 	from pyngrok import ngrok
 
@@ -1143,13 +1149,15 @@ def start_ngrok(context, bind_tls):
 	frappe.init(site=site)
 
 	ngrok_authtoken = frappe.conf.ngrok_authtoken
-	if not ngrok_authtoken:
-		click.echo(
-			f"{click.style('ngrok_authtoken', bold=True)} not found in site config. Please register for a free ngrok account at: https://dashboard.ngrok.com/signup and place the obtained authtoken in site_config.json file.\n",
-			err=True,
-		)
-		sys.exit(1)
-	ngrok.set_auth_token(ngrok_authtoken)
+	if not use_default_authtoken:
+		if not ngrok_authtoken:
+			click.echo(
+				f"\n{click.style('ngrok_authtoken', fg='yellow')} not found in site config.\n"
+				"Please register for a free ngrok account at: https://dashboard.ngrok.com/signup and place the obtained authtoken in the site config.",
+			)
+			sys.exit(1)
+
+		ngrok.set_auth_token(ngrok_authtoken)
 
 	port = frappe.conf.http_port or frappe.conf.webserver_port
 	tunnel = ngrok.connect(addr=str(port), host_header=site, bind_tls=bind_tls)

From 2937b09a220cb2f061a396083cddc8e23a0186a0 Mon Sep 17 00:00:00 2001
From: Shariq Ansari <30859809+shariquerik@users.noreply.github.com>
Date: Mon, 2 Jan 2023 16:32:27 +0530
Subject: [PATCH 35/41] fix: hide tooltip content on webform

---
 frappe/public/scss/website/web_form.scss | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/frappe/public/scss/website/web_form.scss b/frappe/public/scss/website/web_form.scss
index 8ecf753384..e1ca8b8f58 100644
--- a/frappe/public/scss/website/web_form.scss
+++ b/frappe/public/scss/website/web_form.scss
@@ -18,6 +18,10 @@
 			.page_content {
 				max-width: 800px;
 				margin: auto;
+				
+				.tooltip-content {
+					display: none;
+				}
 
 				h1 {
 					font-size: 2.25rem;

From 81066d7562e54d71831497a57aa24a84a3d2b0c3 Mon Sep 17 00:00:00 2001
From: Sagar Vora <sagar@resilient.tech>
Date: Mon, 2 Jan 2023 15:30:09 +0530
Subject: [PATCH 36/41] fix: only allow system manager to create email
 templates

---
 frappe/email/doctype/email_template/email_template.json | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/frappe/email/doctype/email_template/email_template.json b/frappe/email/doctype/email_template/email_template.json
index c6ec971da4..00f1428475 100644
--- a/frappe/email/doctype/email_template/email_template.json
+++ b/frappe/email/doctype/email_template/email_template.json
@@ -57,18 +57,16 @@
  ],
  "icon": "fa fa-comment",
  "links": [],
- "modified": "2022-01-04 14:12:50.321633",
+ "modified": "2023-01-02 03:56:48.437280",
  "modified_by": "Administrator",
  "module": "Email",
  "name": "Email Template",
+ "naming_rule": "Set by user",
  "owner": "Administrator",
  "permissions": [
   {
-   "create": 1,
    "read": 1,
-   "role": "All",
-   "share": 1,
-   "write": 1
+   "role": "All"
   },
   {
    "create": 1,
@@ -85,5 +83,6 @@
  ],
  "sort_field": "modified",
  "sort_order": "DESC",
+ "states": [],
  "track_changes": 1
 }
\ No newline at end of file

From eac4f2a58c1fa306d4c2c42d950ec0d1ea0e9bcc Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Mon, 2 Jan 2023 20:30:25 +0530
Subject: [PATCH 37/41] fix: added label & description to column

---
 .../js/form_builder/components/Column.vue     | 118 ++++++++++++------
 .../form_builder/components/FormBuilder.vue   |   8 ++
 .../js/form_builder/components/Section.vue    |   1 +
 frappe/public/js/frappe/form/column.js        |  12 +-
 frappe/public/scss/desk/form.scss             |  15 +++
 5 files changed, 115 insertions(+), 39 deletions(-)

diff --git a/frappe/public/js/form_builder/components/Column.vue b/frappe/public/js/form_builder/components/Column.vue
index 3f108c06ba..dab1ec4c5e 100644
--- a/frappe/public/js/form_builder/components/Column.vue
+++ b/frappe/public/js/form_builder/components/Column.vue
@@ -1,6 +1,7 @@
 <script setup>
 import draggable from "vuedraggable";
 import Field from "./Field.vue";
+import EditableInput from "./EditableInput.vue";
 import { ref } from "vue";
 import { useStore } from "../store";
 import { move_children_to_parent } from "../utils";
@@ -74,25 +75,43 @@ function move_columns_to_section() {
 		@mouseover.stop="hovered = true"
 		@mouseout.stop="hovered = false"
 	>
-		<div class="column-actions" :hidden="store.read_only">
-			<button
-				v-if="section.columns.indexOf(column)"
-				class="btn btn-xs btn-icon"
-				:title="__('Move the current column & the following columns to a new section')"
-				@click="move_columns_to_section"
-			>
-				<div v-html="frappe.utils.icon('move', 'sm')"></div>
-			</button>
-			<button class="btn btn-xs btn-icon" :title="__('Add Column')" @click="add_column">
-				<div v-html="frappe.utils.icon('add', 'sm')"></div>
-			</button>
-			<button
-				class="btn btn-xs btn-icon"
-				:title="__('Remove Column')"
-				@click="remove_column"
-			>
-				<div v-html="frappe.utils.icon('remove', 'sm')"></div>
-			</button>
+		<div
+			:class="[
+				'column-header',
+				column.df.label ? 'has-label' : '',
+			]"
+			:hidden="!column.df.label && store.read_only"
+		>
+			<div class="column-label">
+				<EditableInput
+					:text="column.df.label"
+					:placeholder="__('Column Title')"
+					v-model="column.df.label"
+				/>
+			</div>
+			<div class="column-actions">
+				<button
+					v-if="section.columns.indexOf(column)"
+					class="btn btn-xs btn-icon"
+					:title="__('Move the current column & the following columns to a new section')"
+					@click="move_columns_to_section"
+				>
+					<div v-html="frappe.utils.icon('move', 'sm')"></div>
+				</button>
+				<button class="btn btn-xs btn-icon" :title="__('Add Column')" @click="add_column">
+					<div v-html="frappe.utils.icon('add', 'sm')"></div>
+				</button>
+				<button
+					class="btn btn-xs btn-icon"
+					:title="__('Remove Column')"
+					@click="remove_column"
+				>
+					<div v-html="frappe.utils.icon('remove', 'sm')"></div>
+				</button>
+			</div>
+		</div>
+		<div v-if="column.df.description" class="column-description">
+			{{ column.df.description }}
 		</div>
 		<draggable
 			class="column-container"
@@ -140,7 +159,7 @@ function move_columns_to_section() {
 	}
 
 	&.selected {
-		.column-actions {
+		.column-header {
 			display: flex;
 		}
 
@@ -149,6 +168,48 @@ function move_columns_to_section() {
 		}
 	}
 
+	.column-header {
+		display: none;
+		align-items: center;
+		justify-content: space-between;
+		padding-bottom: 0.5rem;
+		padding-left: 0.3rem;
+
+		&.has-label {
+			display: flex;
+		}
+
+		.column-label {
+			:deep(span) {
+				font-weight: 600;
+				color: var(--heading-color);
+			}
+		}
+
+		.column-actions {
+			display: flex;
+			justify-content: flex-end;
+
+			.btn.btn-icon {
+				padding: 2px;
+				box-shadow: none;
+				opacity: 0;
+
+				&:hover {
+					opacity: 1;
+					background-color: var(--fg-color);
+				}
+			}
+		}
+	}
+
+	.column-description {
+		margin-bottom: 10px;
+		margin-left: 0.3rem;
+		font-size: var(--text-xs);
+		color: var(--text-muted);
+	}
+
 	&:first-child {
 		margin-left: 0px;
 	}
@@ -162,22 +223,5 @@ function move_columns_to_section() {
 		min-height: 2rem;
 		border-radius: var(--border-radius);
 	}
-
-	.column-actions {
-		display: none;
-		justify-content: flex-end;
-		padding-bottom: 0.5rem;
-
-		.btn.btn-icon {
-			padding: 2px;
-			box-shadow: none;
-			opacity: 0;
-
-			&:hover {
-				opacity: 1;
-				background-color: var(--fg-color);
-			}
-		}
-	}
 }
 </style>
diff --git a/frappe/public/js/form_builder/components/FormBuilder.vue b/frappe/public/js/form_builder/components/FormBuilder.vue
index a81632c8c1..b4657066e8 100644
--- a/frappe/public/js/form_builder/components/FormBuilder.vue
+++ b/frappe/public/js/form_builder/components/FormBuilder.vue
@@ -223,6 +223,14 @@ onMounted(() => {
 						padding-right: 15px;
 						margin: 0;
 
+						.column-header {
+							padding-left: 0;
+						}
+
+						.column-description {
+							margin-left: 0;
+						}
+
 						.field {
 							margin: 0;
 							margin-bottom: 1rem;
diff --git a/frappe/public/js/form_builder/components/Section.vue b/frappe/public/js/form_builder/components/Section.vue
index 2cb24a8d4c..0f9da211e0 100644
--- a/frappe/public/js/form_builder/components/Section.vue
+++ b/frappe/public/js/form_builder/components/Section.vue
@@ -207,6 +207,7 @@ function move_sections_to_tab() {
 
 				:deep(span) {
 					font-weight: 600;
+					color: var(--heading-color);
 				}
 
 				.collapse-indicator {
diff --git a/frappe/public/js/frappe/form/column.js b/frappe/public/js/frappe/form/column.js
index bd1ff1a9eb..3ea4296a94 100644
--- a/frappe/public/js/frappe/form/column.js
+++ b/frappe/public/js/frappe/form/column.js
@@ -19,12 +19,20 @@ export default class Column {
 
 		this.form = this.wrapper.find("form").on("submit", () => false);
 
+		if (this.df.description) {
+			$(`
+				<p class="col-sm-12 form-column-description">
+					${__(this.df.description)}
+				</p>
+			`).prependTo(this.wrapper);
+		}
+
 		if (this.df.label) {
 			$(`
-				<label class="control-label">
+				<label class="column-label">
 					${__(this.df.label)}
 				</label>
-			`).appendTo(this.wrapper);
+			`).prependTo(this.wrapper);
 		}
 	}
 
diff --git a/frappe/public/scss/desk/form.scss b/frappe/public/scss/desk/form.scss
index 80121db3cf..516bc699c6 100644
--- a/frappe/public/scss/desk/form.scss
+++ b/frappe/public/scss/desk/form.scss
@@ -70,6 +70,21 @@
 	}
 }
 
+.form-column {
+	.form-column-description {
+		margin-bottom: 10px;
+		font-size: var(--text-xs);
+		color: var(--text-muted);
+		padding-left: 0;
+	}
+
+	.column-label {
+		font-weight: 600;
+		color: var(--heading-color);
+		cursor: pointer;
+	}
+}
+
 .empty-section {
 	display: none !important;
 	border: 0 !important;

From 37b246dfad4832320da5fdecaf9d9961a9d9f0f4 Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Mon, 2 Jan 2023 20:40:27 +0530
Subject: [PATCH 38/41] chore: linter fix

not related to form builder
---
 frappe/public/scss/website/web_form.scss | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frappe/public/scss/website/web_form.scss b/frappe/public/scss/website/web_form.scss
index e1ca8b8f58..f1889a7b8e 100644
--- a/frappe/public/scss/website/web_form.scss
+++ b/frappe/public/scss/website/web_form.scss
@@ -18,7 +18,7 @@
 			.page_content {
 				max-width: 800px;
 				margin: auto;
-				
+
 				.tooltip-content {
 					display: none;
 				}

From 6587d4b16eec6b6b1392b74fa58a26ad1087b91e Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Mon, 2 Jan 2023 20:58:37 +0530
Subject: [PATCH 39/41] fix: do not consider first column if label is not set

---
 frappe/public/js/form_builder/store.js | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/frappe/public/js/form_builder/store.js b/frappe/public/js/form_builder/store.js
index 80754c1162..314e8f5ed7 100644
--- a/frappe/public/js/form_builder/store.js
+++ b/frappe/public/js/form_builder/store.js
@@ -226,8 +226,13 @@ export const useStore = defineStore("form-builder-store", {
 					}
 
 					section.columns.forEach((column, k) => {
-						// do not consider first column
-						if (k > 0 || column.fields.length == 0) {
+						// do not consider first column if label is not set
+						if (
+							(k == 0 &&
+								this.is_df_updated(column.df, this.get_df("Column Break"))) ||
+							k > 0 ||
+							column.fields.length == 0
+						) {
 							idx++;
 							column.df.idx = idx;
 							fields.push(column.df);

From 4ba05b8ac381ccf46e2466ecedf593b2a6b41e4d Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Mon, 2 Jan 2023 21:34:29 +0530
Subject: [PATCH 40/41] fix: clear selected_field if field is removed

---
 frappe/public/js/form_builder/components/Column.vue  | 3 ++-
 frappe/public/js/form_builder/components/Field.vue   | 3 ++-
 frappe/public/js/form_builder/components/Section.vue | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/frappe/public/js/form_builder/components/Column.vue b/frappe/public/js/form_builder/components/Column.vue
index dab1ec4c5e..a8f1f84118 100644
--- a/frappe/public/js/form_builder/components/Column.vue
+++ b/frappe/public/js/form_builder/components/Column.vue
@@ -56,6 +56,7 @@ function remove_column() {
 
 	// remove column
 	columns.splice(index, 1);
+	store.selected_field = null;
 }
 
 function move_columns_to_section() {
@@ -104,7 +105,7 @@ function move_columns_to_section() {
 				<button
 					class="btn btn-xs btn-icon"
 					:title="__('Remove Column')"
-					@click="remove_column"
+					@click.stop="remove_column"
 				>
 					<div v-html="frappe.utils.icon('remove', 'sm')"></div>
 				</button>
diff --git a/frappe/public/js/form_builder/components/Field.vue b/frappe/public/js/form_builder/components/Field.vue
index e1938f4d1e..b6301352a3 100644
--- a/frappe/public/js/form_builder/components/Field.vue
+++ b/frappe/public/js/form_builder/components/Field.vue
@@ -19,6 +19,7 @@ function remove_field() {
 	}
 	let index = props.column.fields.indexOf(props.field);
 	props.column.fields.splice(index, 1);
+	store.selected_field = null;
 }
 
 function move_fields_to_column() {
@@ -75,7 +76,7 @@ function move_fields_to_column() {
 					>
 						<div v-html="frappe.utils.icon('move', 'sm')"></div>
 					</button>
-					<button class="btn btn-xs btn-icon" @click="remove_field">
+					<button class="btn btn-xs btn-icon" @click.stop="remove_field">
 						<div v-html="frappe.utils.icon('remove', 'sm')"></div>
 					</button>
 				</div>
diff --git a/frappe/public/js/form_builder/components/Section.vue b/frappe/public/js/form_builder/components/Section.vue
index 0f9da211e0..d23a599fa6 100644
--- a/frappe/public/js/form_builder/components/Section.vue
+++ b/frappe/public/js/form_builder/components/Section.vue
@@ -50,6 +50,7 @@ function remove_section() {
 
 	// remove section
 	sections.splice(index, 1);
+	store.selected_field = null;
 }
 
 function select_section() {
@@ -122,7 +123,7 @@ function move_sections_to_tab() {
 					<button
 						class="btn btn-xs btn-section"
 						:title="__('Remove section')"
-						@click="remove_section"
+						@click.stop="remove_section"
 					>
 						<div v-html="frappe.utils.icon('remove', 'sm')"></div>
 					</button>

From 4022a5c5f4ca133d55057a5a6bbb015b5a34c097 Mon Sep 17 00:00:00 2001
From: Shariq Ansari <sharique.rik@gmail.com>
Date: Mon, 2 Jan 2023 21:53:23 +0530
Subject: [PATCH 41/41] test: fixed failing UI test

---
 cypress/integration/form_builder.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cypress/integration/form_builder.js b/cypress/integration/form_builder.js
index 46e62b2697..84494ddebf 100644
--- a/cypress/integration/form_builder.js
+++ b/cypress/integration/form_builder.js
@@ -244,7 +244,7 @@ context("Form Builder", () => {
 		let first_field =
 			".tab-content.active .section-columns-container:first .column:first .field:first";
 
-		cy.get(".fields-container .field[title='Check']").drag(first_field, {
+		cy.get(".fields-container .field[title='Data']").drag(first_field, {
 			target: { x: 100, y: 10 },
 		});