fix: Rate limiter on blog feedback (#14322)

* fix: Added rate limiter on blog feedback

* test: Updated test to support rate limiter

frappe/core/doctype/feedback/test_feedback.py

@@ -5,6 +5,13 @@ import frappe
 import unittest
 
 class TestFeedback(unittest.TestCase):
+	def tearDown(self):
+		frappe.form_dict.reference_doctype = None
+		frappe.form_dict.reference_name = None
+		frappe.form_dict.rating = None
+		frappe.form_dict.feedback = None
+		frappe.local.request_ip = None
+
 	def test_feedback_creation_updation(self):
 		from frappe.website.doctype.blog_post.test_blog_post import make_test_blog
 		test_blog = make_test_blog()
@@ -12,7 +19,14 @@ class TestFeedback(unittest.TestCase):
 		frappe.db.delete("Feedback", {"reference_doctype": "Blog Post"})
 
 		from frappe.templates.includes.feedback.feedback import add_feedback, update_feedback
-		feedback = add_feedback('Blog Post', test_blog.name, 5, 'New feedback')
+
+		frappe.form_dict.reference_doctype = 'Blog Post'
+		frappe.form_dict.reference_name = test_blog.name
+		frappe.form_dict.rating = 5
+		frappe.form_dict.feedback = 'New feedback'
+		frappe.local.request_ip = '127.0.0.1'
+
+		feedback = add_feedback()
 
 		self.assertEqual(feedback.feedback, 'New feedback')
 		self.assertEqual(feedback.rating, 5)

frappe/templates/includes/feedback/feedback.py

@@ -3,27 +3,18 @@
 from __future__ import unicode_literals
 
 import frappe
-from frappe.utils import add_to_date, now
 
 from frappe import _
+from frappe.rate_limiter import rate_limit
+from frappe.website.doctype.blog_settings.blog_settings import get_feedback_limit
 
 @frappe.whitelist(allow_guest=True)
+@rate_limit(key='reference_name', limit=get_feedback_limit, seconds=60*60)
 def add_feedback(reference_doctype, reference_name, rating, feedback):
 	doc = frappe.get_doc(reference_doctype, reference_name)
 	if doc.disable_feedback == 1:
 		return
 
-	feedback_count = frappe.db.count("Feedback", {
-		"reference_doctype": reference_doctype,
-		"reference_name": reference_name,
-		"ip_address": frappe.local.request_ip,
-		"creation": (">", add_to_date(now(), hours=-1))
-	})
-
-	if feedback_count > 20:
-		frappe.msgprint(_('Hourly feedback limit reached'))
-		return
-
 	doc = frappe.new_doc('Feedback')
 	doc.reference_doctype = reference_doctype
 	doc.reference_name = reference_name

frappe/website/doctype/blog_post/blog_post.json

@@ -130,7 +130,6 @@
   },
   {
    "default": "0",
-   "description": "Comments on this blog post will be disabled if checked.",
    "fieldname": "disable_comments",
    "fieldtype": "Check",
    "label": "Disable Comments"
@@ -195,7 +194,6 @@
   },
   {
    "default": "0",
-   "description": "Feedback on this blog post will be disabled if checked.",
    "fieldname": "disable_feedback",
    "fieldtype": "Check",
    "label": "Disable Feedback"
@@ -208,7 +206,7 @@
  "is_published_field": "published",
  "links": [],
  "max_attachments": 5,
- "modified": "2021-06-14 13:50:02.109719",
+ "modified": "2021-09-13 17:19:35.436045",
  "modified_by": "Administrator",
  "module": "Website",
  "name": "Blog Post",

frappe/website/doctype/blog_settings/blog_settings.json

@@ -15,7 +15,9 @@
   "subtitle",
   "column_break_11",
   "cta_label",
-  "cta_url"
+  "cta_url",
+  "section_break_12",
+  "feedback_limit"
  ],
  "fields": [
   {
@@ -78,13 +80,24 @@
   {
    "fieldname": "column_break_11",
    "fieldtype": "Column Break"
+  },
+  {
+   "fieldname": "section_break_12",
+   "fieldtype": "Section Break"
+  },
+  {
+   "default": "1",
+   "description": "Feedback limit per hour",
+   "fieldname": "feedback_limit",
+   "fieldtype": "Int",
+   "label": "Feedback limit"
   }
  ],
  "icon": "fa fa-cog",
  "idx": 1,
  "issingle": 1,
  "links": [],
- "modified": "2020-06-01 15:57:21.564652",
+ "modified": "2021-09-30 13:00:18.887103",
  "modified_by": "Administrator",
  "module": "Website",
  "name": "Blog Settings",

frappe/website/doctype/blog_settings/blog_settings.py

@@ -12,4 +12,7 @@ class BlogSettings(Document):
 	def on_update(self):
 		from frappe.website.utils import clear_cache
 		clear_cache("blog")
-		clear_cache("writers")
+		clear_cache("writers")
+
+def get_feedback_limit():
+	return frappe.db.get_single_value("Blog Settings", "feedback_limit") or 0