2015-02-25 11:06:00 -06:00
|
|
|
# -*- coding: utf-8 -*-
|
|
|
|
|
2014-12-16 09:54:29 -06:00
|
|
|
##########################################################################
|
|
|
|
#
|
|
|
|
# pgAdmin 4 - PostgreSQL Tools
|
|
|
|
#
|
2024-01-01 02:43:48 -06:00
|
|
|
# Copyright (C) 2013 - 2024, The pgAdmin Development Team
|
2014-12-16 09:54:29 -06:00
|
|
|
# This software is released under the PostgreSQL Licence
|
|
|
|
#
|
2015-10-20 02:03:18 -05:00
|
|
|
# config.py - Core application configuration settings
|
2014-12-16 09:54:29 -06:00
|
|
|
#
|
|
|
|
##########################################################################
|
|
|
|
|
2020-04-30 03:47:00 -05:00
|
|
|
import builtins
|
2017-08-25 04:54:28 -05:00
|
|
|
import logging
|
2015-01-22 09:56:23 -06:00
|
|
|
import os
|
2017-03-07 05:40:31 -06:00
|
|
|
import sys
|
2024-02-22 05:09:25 -06:00
|
|
|
from collections import OrderedDict
|
2017-03-07 05:40:31 -06:00
|
|
|
|
|
|
|
# We need to include the root directory in sys.path to ensure that we can
|
|
|
|
# find everything we need when running in the standalone runtime.
|
|
|
|
root = os.path.dirname(os.path.realpath(__file__))
|
|
|
|
if sys.path[0] != root:
|
|
|
|
sys.path.insert(0, root)
|
|
|
|
|
2023-08-16 04:59:11 -05:00
|
|
|
# The config database connection pool size.
|
|
|
|
# Setting this to 0 will remove any limit.
|
|
|
|
CONFIG_DATABASE_CONNECTION_POOL_SIZE = 5
|
|
|
|
# The number of connections allowed to overflow beyond
|
|
|
|
# the connection pool size.
|
|
|
|
CONFIG_DATABASE_CONNECTION_MAX_OVERFLOW = 100
|
|
|
|
|
2022-11-07 23:49:24 -06:00
|
|
|
from pgadmin.utils import env, IS_WIN, fs_short_path
|
2024-02-09 04:55:03 -06:00
|
|
|
from version import APP_VERSION, APP_RELEASE, APP_REVISION, APP_SUFFIX, \
|
|
|
|
APP_VERSION_INT
|
|
|
|
from branding import APP_NAME, APP_ICON, APP_COPYRIGHT, APP_PATH, \
|
|
|
|
APP_WIN_PATH, APP_SHORT_NAME, APP_DEFAULT_EMAIL
|
2015-01-27 10:54:39 -06:00
|
|
|
|
2016-07-22 10:14:57 -05:00
|
|
|
##########################################################################
|
|
|
|
# Misc stuff
|
|
|
|
##########################################################################
|
|
|
|
|
2015-10-20 02:03:18 -05:00
|
|
|
# Path to the online help.
|
2015-02-23 04:51:47 -06:00
|
|
|
HELP_PATH = '../../../docs/en_US/_build/html/'
|
|
|
|
|
2015-02-25 11:06:00 -06:00
|
|
|
# Languages we support in the UI
|
|
|
|
LANGUAGES = {
|
2016-11-16 03:40:56 -06:00
|
|
|
'en': 'English',
|
2017-04-05 08:02:46 -05:00
|
|
|
'zh': 'Chinese (Simplified)',
|
2020-02-10 00:57:36 -06:00
|
|
|
'cs': 'Czech',
|
2018-03-15 05:58:39 -05:00
|
|
|
'fr': 'French',
|
2018-08-08 11:17:26 -05:00
|
|
|
'de': 'German',
|
2023-05-01 01:24:40 -05:00
|
|
|
'id': 'Indonesian',
|
2019-09-02 07:35:32 -05:00
|
|
|
'it': 'Italian',
|
2017-10-31 04:09:00 -05:00
|
|
|
'ja': 'Japanese',
|
2018-08-08 11:17:26 -05:00
|
|
|
'ko': 'Korean',
|
2017-10-27 07:00:09 -05:00
|
|
|
'pl': 'Polish',
|
2022-09-12 04:21:18 -05:00
|
|
|
'pt_BR': 'Portuguese (Brazilian)',
|
2018-08-08 11:17:26 -05:00
|
|
|
'ru': 'Russian',
|
|
|
|
'es': 'Spanish',
|
2015-02-25 11:06:00 -06:00
|
|
|
}
|
|
|
|
|
2015-01-20 06:32:06 -06:00
|
|
|
# DO NOT CHANGE UNLESS YOU KNOW WHAT YOU ARE DOING!
|
|
|
|
# List of modules to skip when dynamically loading
|
2015-10-20 02:03:18 -05:00
|
|
|
MODULE_BLACKLIST = ['test']
|
2014-12-18 11:49:09 -06:00
|
|
|
|
2015-02-15 16:10:53 -06:00
|
|
|
# DO NOT CHANGE UNLESS YOU KNOW WHAT YOU ARE DOING!
|
|
|
|
# List of treeview browser nodes to skip when dynamically loading
|
2015-10-20 02:03:18 -05:00
|
|
|
NODE_BLACKLIST = []
|
2015-02-15 16:10:53 -06:00
|
|
|
|
2014-12-16 11:14:48 -06:00
|
|
|
##########################################################################
|
|
|
|
# Server settings
|
|
|
|
##########################################################################
|
|
|
|
|
2015-01-26 09:20:28 -06:00
|
|
|
# The server mode determines whether or not we're running on a web server
|
|
|
|
# requiring user authentication, or desktop mode which uses an automatic
|
|
|
|
# default login.
|
|
|
|
#
|
|
|
|
# DO NOT DISABLE SERVER MODE IF RUNNING ON A WEBSERVER!!
|
2017-08-25 04:54:28 -05:00
|
|
|
#
|
|
|
|
# We only set SERVER_MODE if it's not already set. That's to allow the
|
|
|
|
# runtime to force it to False.
|
|
|
|
#
|
2022-08-01 11:36:34 -05:00
|
|
|
# NOTE: If you change the value of SERVER_MODE or DATA_DIR in an included
|
|
|
|
# config file, you may also need to redefine any values below that are
|
|
|
|
# derived from it, notably various paths such as LOG_FILE, SQLITE_PATH,
|
2022-08-01 10:17:49 -05:00
|
|
|
# SESSION_DB_PATH, STORAGE_DIR, KERBEROS_CCACHE_DIR, and
|
|
|
|
# AZURE_CREDENTIAL_CACHE_DIR
|
2017-08-25 04:54:28 -05:00
|
|
|
|
2018-11-05 07:39:43 -06:00
|
|
|
if (not hasattr(builtins, 'SERVER_MODE')) or builtins.SERVER_MODE is None:
|
2017-08-25 04:54:28 -05:00
|
|
|
SERVER_MODE = True
|
|
|
|
else:
|
|
|
|
SERVER_MODE = builtins.SERVER_MODE
|
2015-01-26 09:20:28 -06:00
|
|
|
|
2019-05-28 00:29:51 -05:00
|
|
|
# HTTP headers to search for CSRF token when it is not provided in the form.
|
|
|
|
# Default is ['X-CSRFToken', 'X-CSRF-Token']
|
|
|
|
WTF_CSRF_HEADERS = ['X-pgA-CSRFToken']
|
|
|
|
|
2015-01-26 09:20:28 -06:00
|
|
|
# User ID (email address) to use for the default user in desktop mode.
|
|
|
|
# The default should be fine here, as it's not exposed in the app.
|
2024-02-09 04:55:03 -06:00
|
|
|
DESKTOP_USER = APP_DEFAULT_EMAIL
|
2015-01-26 09:20:28 -06:00
|
|
|
|
2017-06-15 09:18:59 -05:00
|
|
|
# This option allows the user to host the application on a LAN
|
2016-05-06 09:25:52 -05:00
|
|
|
# Default hosting is on localhost (DEFAULT_SERVER='localhost').
|
|
|
|
# To host pgAdmin4 over LAN set DEFAULT_SERVER='0.0.0.0' (or a specific
|
|
|
|
# adaptor address.
|
|
|
|
#
|
|
|
|
# NOTE: This is NOT recommended for production use, only for debugging
|
|
|
|
# or testing. Production installations should be run as a WSGI application
|
|
|
|
# behind Apache HTTPD.
|
2017-06-11 07:56:49 -05:00
|
|
|
DEFAULT_SERVER = '127.0.0.1'
|
2016-05-06 09:25:52 -05:00
|
|
|
|
2014-12-16 11:14:48 -06:00
|
|
|
# The default port on which the app server will listen if not set in the
|
|
|
|
# environment by the runtime
|
|
|
|
DEFAULT_SERVER_PORT = 5050
|
2014-12-16 09:54:29 -06:00
|
|
|
|
2020-10-20 06:44:45 -05:00
|
|
|
# This param is used to override the default web server information about
|
|
|
|
# the web technology and the frameworks being used in the application
|
|
|
|
# An attacker could use this information to fingerprint underlying operating
|
|
|
|
# system and research known exploits for the specific version of
|
|
|
|
# software in use
|
|
|
|
WEB_SERVER = 'Python'
|
|
|
|
|
2019-02-12 10:17:14 -06:00
|
|
|
# Enable X-Frame-Option protection.
|
|
|
|
# Set to one of "SAMEORIGIN", "ALLOW-FROM origin" or "" to disable.
|
|
|
|
# Note that "DENY" is NOT supported (and will be silently ignored).
|
|
|
|
# See https://tools.ietf.org/html/rfc7034 for more info.
|
|
|
|
X_FRAME_OPTIONS = "SAMEORIGIN"
|
|
|
|
|
2020-10-20 06:44:45 -05:00
|
|
|
# The Content-Security-Policy header allows you to restrict how resources
|
|
|
|
# such as JavaScript, CSS, or pretty much anything that the browser loads.
|
|
|
|
# see https://content-security-policy.com/#source_list for more info
|
|
|
|
# e.g. "default-src https: data: 'unsafe-inline' 'unsafe-eval';"
|
2021-05-25 09:42:57 -05:00
|
|
|
CONTENT_SECURITY_POLICY = "default-src ws: http: data: blob: 'unsafe-inline'" \
|
|
|
|
" 'unsafe-eval';"
|
2020-10-20 06:44:45 -05:00
|
|
|
|
|
|
|
# STRICT_TRANSPORT_SECURITY_ENABLED when set to True will set the
|
|
|
|
# Strict-Transport-Security header
|
|
|
|
STRICT_TRANSPORT_SECURITY_ENABLED = False
|
|
|
|
|
|
|
|
# The Strict-Transport-Security header tells the browser to convert all HTTP
|
|
|
|
# requests to HTTPS, preventing man-in-the-middle (MITM) attacks.
|
|
|
|
# e.g. 'max-age=31536000; includeSubDomains'
|
|
|
|
STRICT_TRANSPORT_SECURITY = "max-age=31536000; includeSubDomains"
|
|
|
|
|
|
|
|
# The X-Content-Type-Options header forces the browser to honor the response
|
|
|
|
# content type instead of trying to detect it, which can be abused to
|
|
|
|
# generate a cross-site scripting (XSS) attack.
|
|
|
|
# e.g. nosniff
|
|
|
|
X_CONTENT_TYPE_OPTIONS = "nosniff"
|
|
|
|
|
|
|
|
# The browser will try to prevent reflected XSS attacks by not loading the
|
|
|
|
# page if the request contains something that looks like JavaScript and the
|
|
|
|
# response contains the same data. e.g. '1; mode=block'
|
|
|
|
X_XSS_PROTECTION = "1; mode=block"
|
|
|
|
|
2020-11-09 01:05:19 -06:00
|
|
|
# This param is used to validate ALLOWED_HOSTS for the application
|
|
|
|
# This will be used to avoid Host Header Injection attack
|
|
|
|
# ALLOWED_HOSTS = ['225.0.0.0/8', '226.0.0.0/7', '228.0.0.0/6']
|
|
|
|
# ALLOWED_HOSTS = ['127.0.0.1', '192.168.0.1']
|
|
|
|
# if ALLOWED_HOSTS= [] then it will accept all ips (and application will be
|
|
|
|
# vulnerable to Host Header Injection attack)
|
|
|
|
ALLOWED_HOSTS = []
|
|
|
|
|
2015-01-22 09:56:23 -06:00
|
|
|
# Hashing algorithm used for password storage
|
|
|
|
SECURITY_PASSWORD_HASH = 'pbkdf2_sha512'
|
|
|
|
|
2023-01-17 05:50:32 -06:00
|
|
|
# Minimum password length
|
2023-02-01 02:54:49 -06:00
|
|
|
PASSWORD_LENGTH_MIN = 6
|
2023-01-17 05:50:32 -06:00
|
|
|
|
2019-09-27 02:54:35 -05:00
|
|
|
# Reverse Proxy parameters
|
|
|
|
# You must tell the middleware how many proxies set each header
|
|
|
|
# so it knows what values to trust.
|
2019-09-27 05:16:08 -05:00
|
|
|
# See https://tinyurl.com/yyg7r9av
|
2019-09-27 04:51:18 -05:00
|
|
|
# for more information.
|
|
|
|
|
2019-09-27 02:54:35 -05:00
|
|
|
# Number of values to trust for X-Forwarded-For
|
|
|
|
PROXY_X_FOR_COUNT = 1
|
2019-09-27 04:51:18 -05:00
|
|
|
|
2019-09-27 02:54:35 -05:00
|
|
|
# Number of values to trust for X-Forwarded-Proto.
|
2019-10-04 06:34:59 -05:00
|
|
|
PROXY_X_PROTO_COUNT = 1
|
2019-09-27 04:51:18 -05:00
|
|
|
|
2019-09-27 02:54:35 -05:00
|
|
|
# Number of values to trust for X-Forwarded-Host.
|
|
|
|
PROXY_X_HOST_COUNT = 0
|
2019-09-27 04:51:18 -05:00
|
|
|
|
2019-09-27 02:54:35 -05:00
|
|
|
# Number of values to trust for X-Forwarded-Port.
|
|
|
|
PROXY_X_PORT_COUNT = 1
|
2019-09-27 04:51:18 -05:00
|
|
|
|
2019-09-27 02:54:35 -05:00
|
|
|
# Number of values to trust for X-Forwarded-Prefix.
|
|
|
|
PROXY_X_PREFIX_COUNT = 0
|
|
|
|
|
2016-10-19 03:22:38 -05:00
|
|
|
# NOTE: CSRF_SESSION_KEY, SECRET_KEY and SECURITY_PASSWORD_SALT are no
|
|
|
|
# longer part of the main configuration, but are stored in the
|
|
|
|
# configuration databases 'keys' table and are auto-generated.
|
|
|
|
|
2019-10-10 01:35:28 -05:00
|
|
|
# COMPRESSION
|
|
|
|
COMPRESS_MIMETYPES = [
|
2023-10-27 05:21:45 -05:00
|
|
|
'text/html', 'text/css', 'text/xml', 'text/javascript',
|
|
|
|
'application/json', 'application/javascript'
|
2019-10-10 01:35:28 -05:00
|
|
|
]
|
|
|
|
COMPRESS_LEVEL = 9
|
|
|
|
COMPRESS_MIN_SIZE = 500
|
2015-02-12 04:28:15 -06:00
|
|
|
|
2019-09-02 01:47:43 -05:00
|
|
|
# Set the cache control max age for static files in flask to 1 year
|
|
|
|
SEND_FILE_MAX_AGE_DEFAULT = 31556952
|
|
|
|
|
2018-08-06 04:51:10 -05:00
|
|
|
# This will be added to static urls as url parameter with value as
|
|
|
|
# APP_VERSION_INT for cache busting on version upgrade. If the value is set as
|
|
|
|
# None or empty string then it will not be added.
|
|
|
|
# eg - http:localhost:5050/pgadmin.css?intver=3.13
|
|
|
|
APP_VERSION_PARAM = 'ver'
|
|
|
|
|
|
|
|
# Add the internal version param to below extensions only
|
|
|
|
APP_VERSION_EXTN = ('.css', '.js', '.html', '.svg', '.png', '.gif', '.ico')
|
|
|
|
|
2017-08-25 04:54:28 -05:00
|
|
|
# Data directory for storage of config settings etc. This shouldn't normally
|
|
|
|
# need to be changed - it's here as various other settings depend on it.
|
2024-02-09 04:55:03 -06:00
|
|
|
# On Windows, we always store data in %APPDATA%\$(APP_WIN_PATH). On other
|
|
|
|
# platforms, if we're in server mode we use /var/lib/$(APP_PATH),
|
|
|
|
# otherwise ~/.$(APP_PATH)
|
2017-08-25 04:54:28 -05:00
|
|
|
if IS_WIN:
|
|
|
|
# Use the short path on windows
|
|
|
|
DATA_DIR = os.path.realpath(
|
2024-02-09 04:55:03 -06:00
|
|
|
os.path.join(fs_short_path(env('APPDATA')), APP_WIN_PATH)
|
2017-08-25 04:54:28 -05:00
|
|
|
)
|
|
|
|
else:
|
|
|
|
if SERVER_MODE:
|
2024-02-09 04:55:03 -06:00
|
|
|
DATA_DIR = os.path.join('/var/lib/', APP_PATH)
|
2017-08-25 04:54:28 -05:00
|
|
|
else:
|
2024-02-09 04:55:03 -06:00
|
|
|
DATA_DIR = os.path.realpath(
|
|
|
|
os.path.expanduser('~/' + '.' + APP_PATH + '/')
|
|
|
|
)
|
2017-08-25 04:54:28 -05:00
|
|
|
|
2019-08-01 05:39:33 -05:00
|
|
|
# An optional login banner to show security warnings/disclaimers etc. at
|
|
|
|
# login and password recovery etc. HTML may be included for basic formatting,
|
|
|
|
# For example:
|
|
|
|
# LOGIN_BANNER = "<h4>Authorised Users Only!</h4>" \
|
|
|
|
# "Unauthorised use is strictly forbidden."
|
|
|
|
LOGIN_BANNER = ""
|
|
|
|
|
2017-08-25 04:54:28 -05:00
|
|
|
##########################################################################
|
|
|
|
# Log settings
|
|
|
|
##########################################################################
|
|
|
|
|
|
|
|
# Debug mode?
|
|
|
|
DEBUG = False
|
|
|
|
|
|
|
|
# Application log level - one of:
|
|
|
|
# CRITICAL 50
|
|
|
|
# ERROR 40
|
|
|
|
# WARNING 30
|
|
|
|
# SQL 25
|
|
|
|
# INFO 20
|
|
|
|
# DEBUG 10
|
|
|
|
# NOTSET 0
|
|
|
|
CONSOLE_LOG_LEVEL = logging.WARNING
|
|
|
|
FILE_LOG_LEVEL = logging.WARNING
|
|
|
|
|
|
|
|
# Log format.
|
2024-02-22 05:09:25 -06:00
|
|
|
JSON_LOGGER = False
|
|
|
|
CONSOLE_LOG_FORMAT_JSON = OrderedDict([
|
|
|
|
("time", "asctime"),
|
|
|
|
("message", "message"),
|
|
|
|
("level", "levelname")
|
|
|
|
])
|
|
|
|
|
|
|
|
FILE_LOG_FORMAT_JSON = OrderedDict([
|
|
|
|
("time", "asctime"),
|
|
|
|
("message", "message"),
|
|
|
|
("level", "levelname")
|
|
|
|
])
|
|
|
|
|
|
|
|
|
2017-08-25 04:54:28 -05:00
|
|
|
CONSOLE_LOG_FORMAT = '%(asctime)s: %(levelname)s\t%(name)s:\t%(message)s'
|
|
|
|
FILE_LOG_FORMAT = '%(asctime)s: %(levelname)s\t%(name)s:\t%(message)s'
|
|
|
|
|
|
|
|
# Log file name. This goes in the data directory, except on non-Windows
|
|
|
|
# platforms in server mode.
|
|
|
|
if SERVER_MODE and not IS_WIN:
|
2024-02-09 04:55:03 -06:00
|
|
|
LOG_FILE = os.path.join('/var/log', APP_PATH, APP_SHORT_NAME + '.log')
|
2017-08-25 04:54:28 -05:00
|
|
|
else:
|
2024-02-09 04:55:03 -06:00
|
|
|
LOG_FILE = os.path.join(DATA_DIR, APP_SHORT_NAME + '.log')
|
2017-08-25 04:54:28 -05:00
|
|
|
|
2021-05-25 09:48:46 -05:00
|
|
|
# Log rotation setting
|
|
|
|
# Log file will be rotated considering values for LOG_ROTATION_SIZE
|
|
|
|
# & LOG_ROTATION_AGE. Rotated file will be named in format
|
|
|
|
# - LOG_FILE.Y-m-d_H-M-S
|
|
|
|
LOG_ROTATION_SIZE = 10 # In MBs
|
|
|
|
LOG_ROTATION_AGE = 1440 # In minutes
|
|
|
|
LOG_ROTATION_MAX_LOG_FILES = 90 # Maximum number of backups to retain
|
2015-10-22 01:19:53 -05:00
|
|
|
##########################################################################
|
|
|
|
# Server Connection Driver Settings
|
|
|
|
##########################################################################
|
|
|
|
|
|
|
|
# The default driver used for making connection with PostgreSQL
|
2023-03-20 06:27:30 -05:00
|
|
|
PG_DEFAULT_DRIVER = 'psycopg3'
|
2015-10-22 01:19:53 -05:00
|
|
|
|
|
|
|
# Maximum allowed idle time in minutes before which releasing the connection
|
|
|
|
# for the particular session. (in minutes)
|
|
|
|
MAX_SESSION_IDLE_TIME = 60
|
|
|
|
|
2022-10-20 05:48:41 -05:00
|
|
|
##########################################################################
|
|
|
|
# External Database Settings
|
|
|
|
#
|
|
|
|
# All configuration settings are stored by default in the SQLite database.
|
|
|
|
# In order to use external databases like PostgreSQL sets the value of
|
|
|
|
# CONFIG_DATABASE_URI like below:
|
|
|
|
# dialect+driver://username:password@host:port/database
|
|
|
|
#
|
|
|
|
# PostgreSQL:
|
|
|
|
# postgresql://username:password@host:port/database
|
|
|
|
# Specify Schema Name
|
|
|
|
# postgresql://username:password@host:port/database?options=-csearch_path=pgadmin
|
|
|
|
# Using PGPASS file
|
|
|
|
# postgresql://username@host:port?options=-csearch_path=pgadmin
|
|
|
|
##########################################################################
|
|
|
|
CONFIG_DATABASE_URI = ''
|
|
|
|
|
2015-01-22 09:56:23 -06:00
|
|
|
##########################################################################
|
|
|
|
# User account and settings storage
|
|
|
|
##########################################################################
|
|
|
|
|
|
|
|
# The default path to the SQLite database used to store user accounts and
|
|
|
|
# settings. This default places the file in the same directory as this
|
|
|
|
# config file, but generates an absolute path for use througout the app.
|
2024-02-09 04:55:03 -06:00
|
|
|
SQLITE_PATH = env('SQLITE_PATH') or \
|
|
|
|
os.path.join(DATA_DIR, APP_SHORT_NAME + '.db')
|
Resolved quite a few file-system encoding/decoding related cases.
In order to resolve the non-ascii characters in path (in user directory,
storage path, etc) on windows, we have converted the path into the
short-path, so that - we don't need to deal with the encoding issues
(specially with Python 2).
We've resolved majority of the issues with this patch.
We still need couple issues to resolve after this in the same area.
TODO
* Add better support for non-ascii characters in the database name on
windows with Python 3
* Improve the messages created after the background processes by
different modules (such as Backup, Restore, Import/Export, etc.),
which does not show short-paths, and xml representable characters for
non-ascii characters, when found in the database objects, and the file
PATH.
Fixes #2174, #1797, #2166, #1940
Initial patch by: Surinder Kumar
Reviewed by: Murtuza Zabuawala
2017-03-07 04:00:57 -06:00
|
|
|
|
2016-05-10 05:28:59 -05:00
|
|
|
# SQLITE_TIMEOUT will define how long to wait before throwing the error -
|
2016-06-20 05:23:24 -05:00
|
|
|
# OperationError due to database lock. On slower system, you may need to change
|
|
|
|
# this to some higher value.
|
2016-05-10 05:28:59 -05:00
|
|
|
# (Default: 500 milliseconds)
|
|
|
|
SQLITE_TIMEOUT = 500
|
2016-03-22 10:05:43 -05:00
|
|
|
|
2017-03-31 19:14:37 -05:00
|
|
|
# Allow database connection passwords to be saved if the user chooses.
|
|
|
|
# Set to False to disable password saving.
|
|
|
|
ALLOW_SAVE_PASSWORD = True
|
|
|
|
|
2019-03-13 08:37:34 -05:00
|
|
|
# Maximum number of history queries stored per user/server/database
|
|
|
|
MAX_QUERY_HIST_STORED = 20
|
|
|
|
|
2016-03-22 10:05:43 -05:00
|
|
|
##########################################################################
|
|
|
|
# Server-side session storage path
|
|
|
|
#
|
|
|
|
# SESSION_DB_PATH (Default: $HOME/.pgadmin4/sessions)
|
|
|
|
##########################################################################
|
|
|
|
#
|
|
|
|
# We use SQLite for server-side session storage. There will be one
|
|
|
|
# SQLite database object per session created.
|
|
|
|
#
|
|
|
|
# Specify the path used to store your session objects.
|
|
|
|
#
|
|
|
|
# If the specified directory does not exist, the setup script will create
|
|
|
|
# it with permission mode 700 to keep the session database secure.
|
|
|
|
#
|
|
|
|
# On certain systems, you can use shared memory (tmpfs) for maximum
|
|
|
|
# scalability, for example, on Ubuntu:
|
|
|
|
#
|
|
|
|
# SESSION_DB_PATH = '/run/shm/pgAdmin4_session'
|
|
|
|
#
|
|
|
|
##########################################################################
|
Resolved quite a few file-system encoding/decoding related cases.
In order to resolve the non-ascii characters in path (in user directory,
storage path, etc) on windows, we have converted the path into the
short-path, so that - we don't need to deal with the encoding issues
(specially with Python 2).
We've resolved majority of the issues with this patch.
We still need couple issues to resolve after this in the same area.
TODO
* Add better support for non-ascii characters in the database name on
windows with Python 3
* Improve the messages created after the background processes by
different modules (such as Backup, Restore, Import/Export, etc.),
which does not show short-paths, and xml representable characters for
non-ascii characters, when found in the database objects, and the file
PATH.
Fixes #2174, #1797, #2166, #1940
Initial patch by: Surinder Kumar
Reviewed by: Murtuza Zabuawala
2017-03-07 04:00:57 -06:00
|
|
|
SESSION_DB_PATH = os.path.join(DATA_DIR, 'sessions')
|
2015-01-22 09:56:23 -06:00
|
|
|
|
2016-05-08 13:34:25 -05:00
|
|
|
SESSION_COOKIE_NAME = 'pga4_session'
|
|
|
|
|
2015-01-22 09:56:23 -06:00
|
|
|
##########################################################################
|
|
|
|
# Mail server settings
|
|
|
|
##########################################################################
|
|
|
|
|
|
|
|
# These settings are used when running in web server mode for confirming
|
|
|
|
# and resetting passwords etc.
|
2016-08-23 05:41:31 -05:00
|
|
|
# See: http://pythonhosted.org/Flask-Mail/ for more info
|
|
|
|
MAIL_SERVER = 'localhost'
|
|
|
|
MAIL_PORT = 25
|
|
|
|
MAIL_USE_SSL = False
|
|
|
|
MAIL_USE_TLS = False
|
|
|
|
MAIL_USERNAME = ''
|
|
|
|
MAIL_PASSWORD = ''
|
|
|
|
MAIL_DEBUG = False
|
2015-01-22 09:56:23 -06:00
|
|
|
|
2017-11-28 03:29:31 -06:00
|
|
|
# Flask-Security overrides Flask-Mail's MAIL_DEFAULT_SENDER setting, so
|
|
|
|
# that should be set as such:
|
|
|
|
SECURITY_EMAIL_SENDER = 'no-reply@localhost'
|
|
|
|
|
2015-01-22 09:56:23 -06:00
|
|
|
##########################################################################
|
|
|
|
# Mail content settings
|
|
|
|
##########################################################################
|
|
|
|
|
|
|
|
# These settings define the content of password reset emails
|
2015-10-20 02:03:18 -05:00
|
|
|
SECURITY_EMAIL_SUBJECT_PASSWORD_RESET = "Password reset instructions for %s" \
|
2016-06-21 08:21:06 -05:00
|
|
|
% APP_NAME
|
2015-10-20 02:03:18 -05:00
|
|
|
SECURITY_EMAIL_SUBJECT_PASSWORD_NOTICE = "Your %s password has been reset" \
|
2016-06-21 08:21:06 -05:00
|
|
|
% APP_NAME
|
2015-10-20 02:03:18 -05:00
|
|
|
SECURITY_EMAIL_SUBJECT_PASSWORD_CHANGE_NOTICE = \
|
2016-06-21 08:21:06 -05:00
|
|
|
"Your password for %s has been changed" % APP_NAME
|
2014-12-16 11:37:53 -06:00
|
|
|
|
2021-06-30 04:46:32 -05:00
|
|
|
##########################################################################
|
|
|
|
# Email address validation
|
|
|
|
##########################################################################
|
2021-07-05 02:25:40 -05:00
|
|
|
CHECK_EMAIL_DELIVERABILITY = False
|
2023-11-08 06:37:32 -06:00
|
|
|
SECURITY_EMAIL_VALIDATOR_ARGS = \
|
|
|
|
{"check_deliverability": CHECK_EMAIL_DELIVERABILITY}
|
2021-06-30 04:46:32 -05:00
|
|
|
|
2016-02-08 10:28:20 -06:00
|
|
|
##########################################################################
|
|
|
|
# Upgrade checks
|
|
|
|
##########################################################################
|
|
|
|
|
|
|
|
# Check for new versions of the application?
|
|
|
|
UPGRADE_CHECK_ENABLED = True
|
|
|
|
|
|
|
|
# Where should we get the data from?
|
2016-05-21 12:54:12 -05:00
|
|
|
UPGRADE_CHECK_URL = 'https://www.pgadmin.org/versions.json'
|
2016-02-08 10:28:20 -06:00
|
|
|
|
2019-01-02 06:56:39 -06:00
|
|
|
# What key should we look at in the upgrade data file?
|
|
|
|
UPGRADE_CHECK_KEY = 'pgadmin4'
|
|
|
|
|
2018-07-23 10:15:58 -05:00
|
|
|
# Which CA file should we use?
|
|
|
|
# Default to cacert.pem in the same directory as config.py et al.
|
|
|
|
CA_FILE = os.path.join(os.path.dirname(os.path.realpath(__file__)),
|
|
|
|
"cacert.pem")
|
|
|
|
|
2020-04-14 10:45:02 -05:00
|
|
|
# Check if the detected browser is supported
|
|
|
|
CHECK_SUPPORTED_BROWSER = True
|
|
|
|
|
2016-05-12 13:34:28 -05:00
|
|
|
##########################################################################
|
|
|
|
# Storage Manager storage url config settings
|
|
|
|
# If user sets STORAGE_DIR to empty it will show all volumes if platform
|
|
|
|
# is Windows, '/' if it is Linux, Mac or any other unix type system.
|
|
|
|
|
|
|
|
# For example:
|
|
|
|
# 1. STORAGE_DIR = get_drive("C") or get_drive() # return C:/ by default
|
|
|
|
# where C can be any drive character such as "D", "E", "G" etc
|
|
|
|
# 2. Set path manually like
|
|
|
|
# STORAGE_DIR = "/path/to/directory/"
|
|
|
|
##########################################################################
|
Resolved quite a few file-system encoding/decoding related cases.
In order to resolve the non-ascii characters in path (in user directory,
storage path, etc) on windows, we have converted the path into the
short-path, so that - we don't need to deal with the encoding issues
(specially with Python 2).
We've resolved majority of the issues with this patch.
We still need couple issues to resolve after this in the same area.
TODO
* Add better support for non-ascii characters in the database name on
windows with Python 3
* Improve the messages created after the background processes by
different modules (such as Backup, Restore, Import/Export, etc.),
which does not show short-paths, and xml representable characters for
non-ascii characters, when found in the database objects, and the file
PATH.
Fixes #2174, #1797, #2166, #1940
Initial patch by: Surinder Kumar
Reviewed by: Murtuza Zabuawala
2017-03-07 04:00:57 -06:00
|
|
|
STORAGE_DIR = os.path.join(DATA_DIR, 'storage')
|
|
|
|
|
2016-11-23 06:44:13 -06:00
|
|
|
##########################################################################
|
|
|
|
# Default locations for binary utilities (pg_dump, pg_restore etc)
|
|
|
|
#
|
|
|
|
# These are intentionally left empty in the main config file, but are
|
|
|
|
# expected to be overridden by packagers in config_distro.py.
|
|
|
|
#
|
|
|
|
# A default location can be specified for each database driver ID, in
|
2016-11-23 07:35:27 -06:00
|
|
|
# a dictionary. Either an absolute or relative path can be specified.
|
2021-06-15 08:32:05 -05:00
|
|
|
#
|
|
|
|
# Version-specific defaults can also be specified, which will take priority
|
|
|
|
# over un-versioned paths.
|
|
|
|
#
|
2016-11-23 07:35:27 -06:00
|
|
|
# In cases where it may be difficult to know what the working directory
|
|
|
|
# is, "$DIR" can be specified. This will be replaced with the path to the
|
|
|
|
# top-level pgAdmin4.py file. For example, on macOS we might use:
|
|
|
|
#
|
|
|
|
# $DIR/../../SharedSupport
|
|
|
|
#
|
2016-11-23 06:44:13 -06:00
|
|
|
##########################################################################
|
|
|
|
DEFAULT_BINARY_PATHS = {
|
2018-03-08 03:33:43 -06:00
|
|
|
"pg": "",
|
2021-06-15 08:32:05 -05:00
|
|
|
"pg-12": "",
|
|
|
|
"pg-13": "",
|
2021-09-20 04:29:05 -05:00
|
|
|
"pg-14": "",
|
2022-05-25 07:13:48 -05:00
|
|
|
"pg-15": "",
|
2023-07-27 07:04:25 -05:00
|
|
|
"pg-16": "",
|
2024-06-27 02:48:26 -05:00
|
|
|
"pg-17": "",
|
2021-06-15 08:32:05 -05:00
|
|
|
"ppas": "",
|
|
|
|
"ppas-12": "",
|
2021-09-20 04:29:05 -05:00
|
|
|
"ppas-13": "",
|
2022-05-25 07:13:48 -05:00
|
|
|
"ppas-14": "",
|
2023-07-27 07:04:25 -05:00
|
|
|
"ppas-15": "",
|
2024-06-27 02:48:26 -05:00
|
|
|
"ppas-16": "",
|
|
|
|
"ppas-17": ""
|
2016-11-23 06:44:13 -06:00
|
|
|
}
|
|
|
|
|
2024-04-01 01:04:01 -05:00
|
|
|
##########################################################################
|
|
|
|
|
|
|
|
# Admin can specify fixed binary paths to prevent users from changing.
|
|
|
|
# It will take precedence over DEFAULT_BINARY_PATHS.
|
|
|
|
|
|
|
|
FIXED_BINARY_PATHS = {
|
|
|
|
"pg": "",
|
|
|
|
"pg-12": "",
|
|
|
|
"pg-13": "",
|
|
|
|
"pg-14": "",
|
|
|
|
"pg-15": "",
|
|
|
|
"pg-16": "",
|
2024-06-27 02:48:26 -05:00
|
|
|
"pg-17": "",
|
2024-04-01 01:04:01 -05:00
|
|
|
"ppas": "",
|
|
|
|
"ppas-12": "",
|
|
|
|
"ppas-13": "",
|
|
|
|
"ppas-14": "",
|
|
|
|
"ppas-15": "",
|
2024-06-27 02:48:26 -05:00
|
|
|
"ppas-16": "",
|
|
|
|
"ppas-17": ""
|
2024-04-01 01:04:01 -05:00
|
|
|
}
|
|
|
|
|
2016-09-14 10:26:12 -05:00
|
|
|
##########################################################################
|
|
|
|
# Test settings - used primarily by the regression suite, not for users
|
|
|
|
##########################################################################
|
|
|
|
|
|
|
|
# The default path for SQLite database for testing
|
|
|
|
TEST_SQLITE_PATH = os.path.join(DATA_DIR, 'test_pgadmin4.db')
|
|
|
|
|
2016-06-02 04:21:32 -05:00
|
|
|
##########################################################################
|
|
|
|
# Allows flask application to response to the each request asynchronously
|
|
|
|
##########################################################################
|
|
|
|
THREADED_MODE = True
|
|
|
|
|
2016-07-26 07:01:56 -05:00
|
|
|
##########################################################################
|
|
|
|
# Do not allow SQLALCHEMY to track modification as it is going to be
|
|
|
|
# deprecated in future
|
|
|
|
##########################################################################
|
|
|
|
SQLALCHEMY_TRACK_MODIFICATIONS = False
|
|
|
|
|
2017-06-27 08:03:04 -05:00
|
|
|
##########################################################################
|
|
|
|
# Number of records to fetch in one batch in query tool when query result
|
|
|
|
# set is large.
|
|
|
|
##########################################################################
|
|
|
|
ON_DEMAND_RECORD_COUNT = 1000
|
|
|
|
|
2018-03-07 10:35:33 -06:00
|
|
|
##########################################################################
|
|
|
|
# Allow users to display Gravatar image for their username in Server mode
|
|
|
|
##########################################################################
|
|
|
|
SHOW_GRAVATAR_IMAGE = True
|
|
|
|
|
2018-03-19 12:09:19 -05:00
|
|
|
##########################################################################
|
2020-10-20 06:44:45 -05:00
|
|
|
# Set cookie path and options
|
2018-03-19 12:09:19 -05:00
|
|
|
##########################################################################
|
|
|
|
COOKIE_DEFAULT_PATH = '/'
|
2018-03-23 05:14:02 -05:00
|
|
|
COOKIE_DEFAULT_DOMAIN = None
|
|
|
|
SESSION_COOKIE_DOMAIN = None
|
2018-05-09 08:04:50 -05:00
|
|
|
SESSION_COOKIE_SAMESITE = 'Lax'
|
2020-10-20 06:44:45 -05:00
|
|
|
SESSION_COOKIE_SECURE = False
|
|
|
|
SESSION_COOKIE_HTTPONLY = True
|
2018-03-19 12:09:19 -05:00
|
|
|
|
2018-07-23 09:44:54 -05:00
|
|
|
#########################################################################
|
|
|
|
# Skip storing session in files and cache for specific paths
|
|
|
|
#########################################################################
|
|
|
|
SESSION_SKIP_PATHS = [
|
|
|
|
'/misc/ping'
|
|
|
|
]
|
|
|
|
|
2018-10-09 05:34:13 -05:00
|
|
|
##########################################################################
|
|
|
|
# Session expiration support
|
|
|
|
##########################################################################
|
|
|
|
# SESSION_EXPIRATION_TIME is the interval in Days. Session will be
|
|
|
|
# expire after the specified number of *days*.
|
|
|
|
SESSION_EXPIRATION_TIME = 1
|
|
|
|
|
2021-07-15 07:19:42 -05:00
|
|
|
# Make SESSION_EXPIRATION_TIME to 1 week in DESKTOP mode
|
|
|
|
if not SERVER_MODE:
|
|
|
|
SESSION_EXPIRATION_TIME = 7
|
|
|
|
|
2018-10-09 05:34:13 -05:00
|
|
|
# CHECK_SESSION_FILES_INTERVAL is interval in Hours. Application will check
|
|
|
|
# the session files for cleanup after specified number of *hours*.
|
|
|
|
CHECK_SESSION_FILES_INTERVAL = 24
|
|
|
|
|
2020-01-15 06:37:46 -06:00
|
|
|
# USER_INACTIVITY_TIMEOUT is interval in Seconds. If the pgAdmin screen is left
|
|
|
|
# unattended for <USER_INACTIVITY_TIMEOUT> seconds then the user will
|
|
|
|
# be logged out. When set to 0, the timeout will be disabled.
|
|
|
|
# If pgAdmin doesn't detect any activity in the time specified (in seconds),
|
|
|
|
# the user will be forcibly logged out from pgAdmin. Set to zero to disable
|
|
|
|
# the timeout.
|
|
|
|
# Note: This is applicable only for SERVER_MODE=True.
|
|
|
|
USER_INACTIVITY_TIMEOUT = 0
|
|
|
|
|
|
|
|
# OVERRIDE_USER_INACTIVITY_TIMEOUT when set to True will override
|
|
|
|
# USER_INACTIVITY_TIMEOUT when long running queries in the Query Tool
|
|
|
|
# or Debugger are running. When the queries complete, the inactivity timer
|
|
|
|
# will restart in this case. If set to False, user inactivity may cause
|
|
|
|
# transactions or in-process debugging sessions to be aborted.
|
|
|
|
OVERRIDE_USER_INACTIVITY_TIMEOUT = True
|
|
|
|
|
2018-05-18 00:56:11 -05:00
|
|
|
##########################################################################
|
|
|
|
# SSH Tunneling supports only for Python 2.7 and 3.4+
|
|
|
|
##########################################################################
|
|
|
|
SUPPORT_SSH_TUNNEL = True
|
2018-08-06 05:26:46 -05:00
|
|
|
# Allow SSH Tunnel passwords to be saved if the user chooses.
|
|
|
|
# Set to False to disable password saving.
|
|
|
|
ALLOW_SAVE_TUNNEL_PASSWORD = False
|
2018-05-18 00:56:11 -05:00
|
|
|
|
2019-05-28 01:30:18 -05:00
|
|
|
##########################################################################
|
|
|
|
# Master password is used to encrypt/decrypt saved server passwords
|
|
|
|
# Applicable for desktop mode only
|
|
|
|
##########################################################################
|
|
|
|
MASTER_PASSWORD_REQUIRED = True
|
2024-08-22 06:14:57 -05:00
|
|
|
USE_OS_SECRET_STORAGE = True
|
2019-08-06 03:21:31 -05:00
|
|
|
##########################################################################
|
2023-05-25 03:19:08 -05:00
|
|
|
|
|
|
|
# pgAdmin encrypts the database connection and ssh tunnel password using a
|
|
|
|
# master password or pgAdmin login password (for other authentication sources)
|
|
|
|
# before storing it in the pgAdmin configuration database.
|
|
|
|
#
|
|
|
|
# Below setting is used to allow the user to specify the path to a script
|
|
|
|
# or program that will return an encryption key which will be used to
|
|
|
|
# encrypt the passwords. This setting is used only in server mode when
|
|
|
|
# auth sources are oauth, Kerberos, and webserver.
|
|
|
|
#
|
|
|
|
# You can pass the current username as an argument to the external script
|
|
|
|
# by specifying %u in config value.
|
|
|
|
# E.g. - MASTER_PASSWORD_HOOK = '<PATH>/passwdgen_script.sh %u'
|
|
|
|
##########################################################################
|
|
|
|
MASTER_PASSWORD_HOOK = None
|
|
|
|
|
|
|
|
##########################################################################
|
|
|
|
|
2019-08-06 03:21:31 -05:00
|
|
|
# Allows pgAdmin4 to create session cookies based on IP address, so even
|
|
|
|
# if a cookie is stolen, the attacker will not be able to connect to the
|
|
|
|
# server using that stolen cookie.
|
|
|
|
# Note: This can cause problems when the server is deployed in dynamic IP
|
|
|
|
# address hosting environments, such as Kubernetes or behind load
|
|
|
|
# balancers. In such cases, this option should be set to False.
|
|
|
|
##########################################################################
|
|
|
|
ENHANCED_COOKIE_PROTECTION = True
|
|
|
|
|
2020-04-06 05:27:05 -05:00
|
|
|
##########################################################################
|
|
|
|
# External Authentication Sources
|
|
|
|
##########################################################################
|
|
|
|
|
|
|
|
# Default setting is internal
|
2021-07-06 02:52:58 -05:00
|
|
|
# External Supported Sources: ldap, kerberos, oauth2
|
2020-04-06 05:27:05 -05:00
|
|
|
# Multiple authentication can be achieved by setting this parameter to
|
2021-10-12 04:22:30 -05:00
|
|
|
# ['ldap', 'internal'] or ['oauth2', 'internal'] or
|
|
|
|
# ['webserver', 'internal'] etc.
|
2021-07-06 02:52:58 -05:00
|
|
|
# pgAdmin will authenticate the user with ldap/oauth2 whatever first in the
|
|
|
|
# list, in case of failure the second authentication option will be considered.
|
2020-04-06 05:27:05 -05:00
|
|
|
|
|
|
|
AUTHENTICATION_SOURCES = ['internal']
|
|
|
|
|
2021-07-22 01:54:43 -05:00
|
|
|
##########################################################################
|
|
|
|
# MAX_LOGIN_ATTEMPTS which sets the number of failed login attempts that
|
|
|
|
# are allowed. If this value is exceeded the account is locked and can be
|
|
|
|
# reset by an administrator. By setting the variable to the value zero
|
|
|
|
# this feature is deactivated.
|
|
|
|
##########################################################################
|
|
|
|
MAX_LOGIN_ATTEMPTS = 3
|
|
|
|
|
2021-08-09 10:25:06 -05:00
|
|
|
##########################################################################
|
|
|
|
# Only consider password to check the failed login attempts, email is
|
|
|
|
# excluded from this check
|
|
|
|
LOGIN_ATTEMPT_FIELDS = ['password']
|
2020-04-06 05:27:05 -05:00
|
|
|
##########################################################################
|
|
|
|
# LDAP Configuration
|
|
|
|
##########################################################################
|
|
|
|
|
|
|
|
# After ldap authentication, user will be added into the SQLite database
|
|
|
|
# automatically, if set to True.
|
|
|
|
# Set it to False, if user should not be added automatically,
|
|
|
|
# in this case Admin has to add the user manually in the SQLite database.
|
|
|
|
LDAP_AUTO_CREATE_USER = True
|
|
|
|
|
|
|
|
# Connection timeout
|
|
|
|
LDAP_CONNECTION_TIMEOUT = 10
|
|
|
|
|
|
|
|
# Server connection details (REQUIRED)
|
|
|
|
# example: ldap://<ip-address>:<port> or ldap://<hostname>:<port>
|
|
|
|
LDAP_SERVER_URI = 'ldap://<ip-address>:<port>'
|
|
|
|
|
|
|
|
# The LDAP attribute containing user names. In OpenLDAP, this may be 'uid'
|
|
|
|
# whilst in AD, 'sAMAccountName' might be appropriate. (REQUIRED)
|
|
|
|
LDAP_USERNAME_ATTRIBUTE = '<User-id>'
|
|
|
|
|
2020-07-20 05:00:06 -05:00
|
|
|
##########################################################################
|
|
|
|
# 3 ways to configure LDAP as follows (Choose anyone):
|
|
|
|
|
|
|
|
# 1. Dedicated User binding
|
|
|
|
|
|
|
|
# LDAP Bind User DN Example: cn=username,dc=example,dc=com
|
2020-07-06 09:05:55 -05:00
|
|
|
# Set this parameter to allow the connection to bind using a dedicated user.
|
|
|
|
# After the connection is made, the pgadmin login user will be further
|
|
|
|
# authenticated by the username and password provided
|
2020-07-20 05:00:06 -05:00
|
|
|
# at the login screen.
|
2020-07-06 09:05:55 -05:00
|
|
|
LDAP_BIND_USER = None
|
|
|
|
|
2020-07-20 05:00:06 -05:00
|
|
|
# LDAP Bind User Password
|
2020-07-06 09:05:55 -05:00
|
|
|
LDAP_BIND_PASSWORD = None
|
|
|
|
|
2020-07-20 05:00:06 -05:00
|
|
|
# OR ####################
|
|
|
|
# 2. Anonymous Binding
|
|
|
|
|
|
|
|
# Set this parameter to allow the anonymous bind.
|
|
|
|
# After the connection is made, the pgadmin login user will be further
|
|
|
|
# authenticated by the username and password provided
|
|
|
|
|
|
|
|
LDAP_ANONYMOUS_BIND = False
|
|
|
|
|
|
|
|
# OR ####################
|
|
|
|
# 3. Bind as pgAdmin user
|
|
|
|
|
|
|
|
# BaseDN (REQUIRED)
|
|
|
|
# AD example:
|
|
|
|
# (&(objectClass=user)(memberof=CN=MYGROUP,CN=Users,dc=example,dc=com))
|
|
|
|
# OpenLDAP example: CN=Users,dc=example,dc=com
|
|
|
|
LDAP_BASE_DN = '<Base-DN>'
|
|
|
|
|
2022-09-28 00:17:56 -05:00
|
|
|
# Configure the bind format string
|
|
|
|
# Default: LDAP_BIND_FORMAT="
|
|
|
|
# {LDAP_USERNAME_ATTRIBUTE}={LDAP_USERNAME},{LDAP_BASE_DN}"
|
|
|
|
# The current available options are:
|
|
|
|
# LDAP_USERNAME_ATTRIBUTE, LDAP_USERNAME, LDAP_BASE_DN
|
|
|
|
# Example: LDAP_BIND_FORMAT="myldapuser@sales.example.com"
|
|
|
|
# LDAP_BIND_FORMAT="NET\\myldapuser"
|
|
|
|
LDAP_BIND_FORMAT = '{LDAP_USERNAME_ATTRIBUTE}={LDAP_USERNAME},{LDAP_BASE_DN}'
|
|
|
|
|
2020-07-20 05:00:06 -05:00
|
|
|
##########################################################################
|
|
|
|
|
|
|
|
# Search ldap for further authentication (REQUIRED)
|
|
|
|
# It can be optional while bind as pgAdmin user
|
2020-04-06 05:27:05 -05:00
|
|
|
LDAP_SEARCH_BASE_DN = '<Search-Base-DN>'
|
|
|
|
|
2022-03-29 04:16:57 -05:00
|
|
|
# The LDAP attribute indicates whether the DN (Distinguished Names)
|
|
|
|
# are case sensitive or not
|
|
|
|
LDAP_DN_CASE_SENSITIVE = False
|
|
|
|
|
2020-04-06 05:27:05 -05:00
|
|
|
# Filter string for the user search.
|
|
|
|
# For OpenLDAP, '(cn=*)' may well be enough.
|
|
|
|
# For AD, you might use '(objectClass=user)' (REQUIRED)
|
|
|
|
LDAP_SEARCH_FILTER = '(objectclass=*)'
|
|
|
|
|
|
|
|
# Search scope for users (one of BASE, LEVEL or SUBTREE)
|
|
|
|
LDAP_SEARCH_SCOPE = 'SUBTREE'
|
|
|
|
|
|
|
|
# Use TLS? If the URI scheme is ldaps://, this is ignored.
|
|
|
|
LDAP_USE_STARTTLS = False
|
|
|
|
|
|
|
|
# TLS/SSL certificates. Specify if required, otherwise leave empty
|
|
|
|
LDAP_CA_CERT_FILE = ''
|
|
|
|
LDAP_CERT_FILE = ''
|
|
|
|
LDAP_KEY_FILE = ''
|
|
|
|
|
2021-01-18 05:02:10 -06:00
|
|
|
##########################################################################
|
2023-12-31 23:34:57 -06:00
|
|
|
|
|
|
|
# Some flaky LDAP servers returns malformed schema. If True, no exception
|
|
|
|
# will be raised and schema is thrown away but authentication will be done.
|
|
|
|
# This parameter should remain False, as recommended.
|
|
|
|
LDAP_IGNORE_MALFORMED_SCHEMA = False
|
|
|
|
|
|
|
|
##########################################################################
|
2021-01-18 05:02:10 -06:00
|
|
|
# Kerberos Configuration
|
|
|
|
##########################################################################
|
|
|
|
|
|
|
|
KRB_APP_HOST_NAME = DEFAULT_SERVER
|
|
|
|
|
|
|
|
# If the default_keytab_name is not set in krb5.conf or
|
|
|
|
# the KRB_KTNAME environment variable is not set then, explicitly set
|
|
|
|
# the Keytab file
|
|
|
|
|
|
|
|
KRB_KTNAME = '<KRB5_KEYTAB_FILE>'
|
|
|
|
|
|
|
|
# After kerberos authentication, user will be added into the SQLite database
|
|
|
|
# automatically, if set to True.
|
|
|
|
# Set it to False, if user should not be added automatically,
|
|
|
|
# in this case Admin has to add the user manually in the SQLite database.
|
|
|
|
|
|
|
|
KRB_AUTO_CREATE_USER = True
|
|
|
|
|
2021-05-03 05:40:45 -05:00
|
|
|
KERBEROS_CCACHE_DIR = os.path.join(DATA_DIR, 'krbccache')
|
|
|
|
|
2022-06-27 09:06:20 -05:00
|
|
|
#############################################################################
|
|
|
|
# Create local directory to store azure credential cache
|
|
|
|
#############################################################################
|
|
|
|
|
|
|
|
AZURE_CREDENTIAL_CACHE_DIR = os.path.join(DATA_DIR, 'azurecredentialcache')
|
|
|
|
|
2021-07-06 02:52:58 -05:00
|
|
|
##########################################################################
|
|
|
|
# OAuth2 Configuration
|
|
|
|
##########################################################################
|
|
|
|
|
|
|
|
# Multiple OAUTH2 providers can be added in the list like [{...},{...}]
|
|
|
|
# All parameters are required
|
|
|
|
|
|
|
|
OAUTH2_CONFIG = [
|
|
|
|
{
|
|
|
|
# The name of the of the oauth provider, ex: github, google
|
|
|
|
'OAUTH2_NAME': None,
|
|
|
|
# The display name, ex: Google
|
|
|
|
'OAUTH2_DISPLAY_NAME': '<Oauth2 Display Name>',
|
|
|
|
# Oauth client id
|
|
|
|
'OAUTH2_CLIENT_ID': None,
|
|
|
|
# Oauth secret
|
|
|
|
'OAUTH2_CLIENT_SECRET': None,
|
|
|
|
# URL to generate a token,
|
|
|
|
# Ex: https://github.com/login/oauth/access_token
|
|
|
|
'OAUTH2_TOKEN_URL': None,
|
|
|
|
# URL is used for authentication,
|
|
|
|
# Ex: https://github.com/login/oauth/authorize
|
|
|
|
'OAUTH2_AUTHORIZATION_URL': None,
|
2022-12-22 05:24:13 -06:00
|
|
|
# server metadata url might optional for your provider
|
|
|
|
'OAUTH2_SERVER_METADATA_URL': None,
|
2021-07-06 02:52:58 -05:00
|
|
|
# Oauth base url, ex: https://api.github.com/
|
|
|
|
'OAUTH2_API_BASE_URL': None,
|
|
|
|
# Name of the Endpoint, ex: user
|
|
|
|
'OAUTH2_USERINFO_ENDPOINT': None,
|
2021-08-31 04:06:14 -05:00
|
|
|
# Oauth scope, ex: 'openid email profile'
|
|
|
|
# Note that an 'email' claim is required in the resulting profile
|
|
|
|
'OAUTH2_SCOPE': None,
|
2022-11-07 02:28:23 -06:00
|
|
|
# The claim which is used for the username. If the value is empty the
|
|
|
|
# email is used as username, but if a value is provided,
|
|
|
|
# the claim has to exist.
|
|
|
|
'OAUTH2_USERNAME_CLAIM': None,
|
2021-07-06 02:52:58 -05:00
|
|
|
# Font-awesome icon, ex: fa-github
|
|
|
|
'OAUTH2_ICON': None,
|
|
|
|
# UI button colour, ex: #0000ff
|
|
|
|
'OAUTH2_BUTTON_COLOR': None,
|
2023-11-20 00:03:39 -06:00
|
|
|
# The additional claims to check on user ID Token or Userinfo response.
|
|
|
|
# This is useful to provide additional authorization checks
|
|
|
|
# before allowing access.
|
2023-09-05 00:58:18 -05:00
|
|
|
# Example for GitLab: allowing all maintainers teams, and a specific
|
|
|
|
# developers group to access pgadmin:
|
|
|
|
# 'OAUTH2_ADDITIONAL_CLAIMS': {
|
|
|
|
# 'https://gitlab.org/claims/groups/maintainer': [
|
|
|
|
# 'kuberheads/applications',
|
|
|
|
# 'kuberheads/dba',
|
|
|
|
# 'kuberheads/support'
|
|
|
|
# ],
|
|
|
|
# 'https://gitlab.org/claims/groups/developer': [
|
|
|
|
# 'kuberheads/applications/team01'
|
|
|
|
# ],
|
|
|
|
# }
|
|
|
|
# Example for AzureAD:
|
|
|
|
# 'OAUTH2_ADDITIONAL_CLAIMS': {
|
|
|
|
# 'groups': ["0760b6cf-170e-4a14-91b3-4b78e0739963"],
|
|
|
|
# 'wids': ["cf1c38e5-3621-4004-a7cb-879624dced7c"],
|
|
|
|
# }
|
|
|
|
'OAUTH2_ADDITIONAL_CLAIMS': None,
|
2023-12-03 23:49:14 -06:00
|
|
|
# Set this variable to False to disable SSL certificate verification
|
|
|
|
# for OAuth2 provider.
|
|
|
|
# This may need to set False, in case of self-signed certificates.
|
|
|
|
# Ref: https://github.com/psf/requests/issues/6071
|
2024-03-01 00:39:01 -06:00
|
|
|
'OAUTH2_SSL_CERT_VERIFICATION': True,
|
|
|
|
# set this variable to invalidate the session of the oauth2 provider
|
|
|
|
# Example for keycloak:
|
|
|
|
# 'OAUTH2_LOGOUT_URL':
|
|
|
|
# 'https://example.com/realms/master/protocol/openid-connect/logout?post_logout_redirect_uri={redirect_uri}&id_token_hint={id_token}'
|
|
|
|
'OAUTH2_LOGOUT_URL': None
|
2021-07-06 02:52:58 -05:00
|
|
|
}
|
|
|
|
]
|
|
|
|
|
|
|
|
# After Oauth authentication, user will be added into the SQLite database
|
|
|
|
# automatically, if set to True.
|
|
|
|
# Set it to False, if user should not be added automatically,
|
|
|
|
# in this case Admin has to add the user manually in the SQLite database.
|
|
|
|
|
|
|
|
OAUTH2_AUTO_CREATE_USER = True
|
|
|
|
|
2021-10-12 04:22:30 -05:00
|
|
|
##########################################################################
|
|
|
|
# Webserver Configuration
|
|
|
|
##########################################################################
|
|
|
|
|
|
|
|
WEBSERVER_AUTO_CREATE_USER = True
|
|
|
|
|
2021-11-10 04:08:41 -06:00
|
|
|
# REMOTE_USER variable will be used to check the environment variable
|
|
|
|
# is set or not first, if not available,
|
|
|
|
# request header will be checked for the same.
|
|
|
|
# Possible values: REMOTE_USER, HTTP_X_FORWARDED_USER, X-Forwarded-User
|
|
|
|
|
|
|
|
WEBSERVER_REMOTE_USER = 'REMOTE_USER'
|
|
|
|
|
2021-12-02 05:17:18 -06:00
|
|
|
##########################################################################
|
|
|
|
# Two-factor Authentication Configuration
|
|
|
|
##########################################################################
|
|
|
|
|
|
|
|
# Set it to True, to enable the two-factor authentication
|
|
|
|
MFA_ENABLED = True
|
|
|
|
|
|
|
|
# Set it to True, to ask the users to register forcefully for the
|
|
|
|
# two-authentication methods on logged-in.
|
|
|
|
MFA_FORCE_REGISTRATION = False
|
|
|
|
|
|
|
|
# pgAdmin supports Two-factor authentication by either sending an one-time code
|
|
|
|
# to an email, or using the TOTP based application like Google Authenticator.
|
|
|
|
MFA_SUPPORTED_METHODS = ["email", "authenticator"]
|
|
|
|
|
|
|
|
# NOTE: Please set the 'Mail server settings' to use 'email' as two-factor
|
|
|
|
# authentication method.
|
|
|
|
|
|
|
|
# Subject for the email verification code
|
|
|
|
# Default: <APP_NAME> - Verification Code
|
|
|
|
# e.g. pgAdmin 4 - Verification Code
|
|
|
|
MFA_EMAIL_SUBJECT = None
|
|
|
|
|
2021-05-25 09:42:57 -05:00
|
|
|
##########################################################################
|
|
|
|
# PSQL tool settings
|
|
|
|
##########################################################################
|
2021-06-14 10:23:11 -05:00
|
|
|
# This will enable PSQL tool in pgAdmin when running in server mode.
|
|
|
|
# PSQL is always enabled in Desktop mode, however in server mode it is
|
|
|
|
# disabled by default because users can run arbitrary commands on the
|
|
|
|
# server through it.
|
|
|
|
ENABLE_PSQL = False
|
2021-05-25 09:42:57 -05:00
|
|
|
|
2021-06-04 07:25:35 -05:00
|
|
|
##########################################################################
|
|
|
|
# ENABLE_BINARY_PATH_BROWSING setting is used to enable the browse button
|
|
|
|
# while selecting binary path for the database server in server mode.
|
|
|
|
# In Desktop mode it is always enabled and setting is of no use.
|
|
|
|
##########################################################################
|
|
|
|
ENABLE_BINARY_PATH_BROWSING = False
|
2021-06-30 04:46:32 -05:00
|
|
|
|
2023-03-06 05:33:47 -06:00
|
|
|
##########################################################################
|
|
|
|
# In server mode, the SHARED_STORAGE setting is used to enable shared storage.
|
|
|
|
# Specify the name, path, and restricted_access values that should be shared
|
|
|
|
# between users. When restricted_access is set to True, non-admin users cannot
|
|
|
|
# upload/add, delete, or rename files/folders in shared storage, only admins
|
|
|
|
# can do that. Users must provide the absolute path to the folder, and the name
|
|
|
|
# can be anything they see on the user interface.
|
|
|
|
# [{ 'name': 'Shared 1', 'path': '/shared_folder',
|
|
|
|
# 'restricted_access': True/False}]
|
|
|
|
##########################################################################
|
|
|
|
SHARED_STORAGE = []
|
|
|
|
|
2021-12-13 01:37:37 -06:00
|
|
|
#############################################################################
|
|
|
|
# AUTO_DISCOVER_SERVERS setting is used to enable the pgAdmin to discover the
|
|
|
|
# database server automatically on the local machine.
|
|
|
|
# When it is set to False, pgAdmin will not discover servers installed on
|
|
|
|
# the local machine.
|
|
|
|
#############################################################################
|
|
|
|
AUTO_DISCOVER_SERVERS = True
|
|
|
|
|
2023-01-19 04:27:02 -06:00
|
|
|
#############################################################################
|
|
|
|
# SERVER_HEARTBEAT_TIMEOUT is used to send the server heartbeat to server
|
|
|
|
# from the client. This will resolve the orphan database issue once
|
|
|
|
# browser tab is closed.
|
|
|
|
#############################################################################
|
|
|
|
SERVER_HEARTBEAT_TIMEOUT = 30 # In seconds
|
|
|
|
|
2024-01-12 06:04:40 -06:00
|
|
|
#############################################################################
|
|
|
|
# ENABLE_SERVER_PASS_EXEC_CMD is used to enable/disable Password exec command
|
|
|
|
# field in server properties. This is used to specify a shell command to be
|
|
|
|
# executed to retrieve a password to be used for server authentication.
|
|
|
|
# This setting is applicable only for server mode.
|
|
|
|
#############################################################################
|
|
|
|
ENABLE_SERVER_PASS_EXEC_CMD = False
|
|
|
|
|
2024-07-03 05:47:29 -05:00
|
|
|
#############################################################################
|
|
|
|
# Number of records to fetch in one batch for server logs.
|
|
|
|
##############################################################################
|
|
|
|
|
|
|
|
ON_DEMAND_LOG_COUNT = 10000
|
|
|
|
|
Update SQLAlchemy, Flask, Flask-SQLAlchemy, and other packages to current versions. #5901
- Update Flask, Flask-SQLAlchemy, Flask-Babel, Flask-Security-Too, Flask-SocketIO, pytz, psutil, SQLAlchemy, bcrypt, cryptography, eventlet, Authlib, requests python packages
- Remove pinned dnspython, Werkzeug packages from requirements.txt
2023-03-15 01:27:16 -05:00
|
|
|
#############################################################################
|
|
|
|
# Patch the default config with custom config and other manipulations
|
|
|
|
#############################################################################
|
|
|
|
from pgadmin.evaluate_config import evaluate_and_patch_config
|
|
|
|
locals().update(evaluate_and_patch_config(locals()))
|