From 8557cff2bb45b1c20a6beb4b36f6ff83e73fbc03 Mon Sep 17 00:00:00 2001
From: Ankush Menat <ankush@frappe.io>
Date: Sun, 22 May 2022 22:30:29 +0530
Subject: [PATCH] perf: faster auth ~ validate_ip_address from redis

---
 frappe/auth.py                   | 14 ++++++++++----
 frappe/core/doctype/user/user.py | 12 ++++++++----
 2 files changed, 18 insertions(+), 8 deletions(-)

diff --git a/frappe/auth.py b/frappe/auth.py
index dc53c20f28..9bab8b8bf3 100644
--- a/frappe/auth.py
+++ b/frappe/auth.py
@@ -412,10 +412,16 @@ def clear_cookies():
 
 def validate_ip_address(user):
 	"""check if IP Address is valid"""
-	user = (
-		frappe.get_cached_doc("User", user) if not frappe.flags.in_test else frappe.get_doc("User", user)
+	from frappe.core.doctype.user.user import get_restricted_ip_list
+
+	# Only fetch required fields - for perf
+	user_fields = ["restrict_ip", "bypass_restrict_ip_check_if_2fa_enabled"]
+	user_info = (
+		frappe.get_cached_value("User", user, user_fields, as_dict=True)
+		if not frappe.flags.in_test
+		else frappe.db.get_value("User", user, user_fields, as_dict=True)
 	)
-	ip_list = user.get_restricted_ip_list()
+	ip_list = get_restricted_ip_list(user_info)
 	if not ip_list:
 		return
 
@@ -430,7 +436,7 @@ def validate_ip_address(user):
 	# check if two factor auth is enabled
 	if system_settings.enable_two_factor_auth and not bypass_restrict_ip_check:
 		# check if bypass restrict ip is enabled for login user
-		bypass_restrict_ip_check = user.bypass_restrict_ip_check_if_2fa_enabled
+		bypass_restrict_ip_check = user_info.bypass_restrict_ip_check_if_2fa_enabled
 
 	for ip in ip_list:
 		if frappe.local.request_ip.startswith(ip) or bypass_restrict_ip_check:
diff --git a/frappe/core/doctype/user/user.py b/frappe/core/doctype/user/user.py
index 1ff5c98a91..d9c67aaaaf 100644
--- a/frappe/core/doctype/user/user.py
+++ b/frappe/core/doctype/user/user.py
@@ -586,10 +586,7 @@ class User(Document):
 		self.append("social_logins", social_logins)
 
 	def get_restricted_ip_list(self):
-		if not self.restrict_ip:
-			return
-
-		return [i.strip() for i in self.restrict_ip.split(",")]
+		return get_restricted_ip_list(self)
 
 	@classmethod
 	def find_by_credentials(cls, user_name: str, password: str, validate_password: bool = True):
@@ -1156,6 +1153,13 @@ def create_contact(user, ignore_links=False, ignore_mandatory=False):
 		contact.save(ignore_permissions=True)
 
 
+def get_restricted_ip_list(user):
+	if not user.restrict_ip:
+		return
+
+	return [i.strip() for i in user.restrict_ip.split(",")]
+
+
 @frappe.whitelist()
 def generate_keys(user):
 	"""