Add support for SCRAM password changes (requires psycopg2 >= 2.8). Fixes #2214

docs/en_US/release_notes_3_2.rst

@@ -10,10 +10,12 @@ This release contains a number of features and fixes reported since the release
 Features
 ********
 
+| `Feature #2214 <https://redmine.postgresql.org/issues/2214>`_ - Add support for SCRAM password changes (requires psycopg2 >= 2.8).
 | `Feature #3397 <https://redmine.postgresql.org/issues/3397>`_ - Add support for Trigger and JIT stats in the graphical query plan viewer.
 | `Feature #3506 <https://redmine.postgresql.org/issues/3506>`_ - Allow the user to specify a fixed port number in the runtime to aid cookie whitelisting etc.
 | `Feature #3510 <https://redmine.postgresql.org/issues/3510>`_ - Add a menu option to the runtime to copy the appserver URL to the clipboard.
 
+
 Bug fixes
 *********
 

web/pgadmin/browser/server_groups/servers/__init__.py

@@ -1245,7 +1245,16 @@ class ServerNode(PGChildNodeView):
                     return unauthorized(gettext("Incorrect password."))
 
             # Hash new password before saving it.
-            password = pqencryptpassword(data['newPassword'], manager.user)
+            if manager.sversion >= 100000:
+                password = conn.pq_encrypt_password_conn(data['newPassword'],
+                                                         manager.user)
+                if password is None:
+                    # Unable to encrypt the password so used the
+                    # old method of encryption
+                    password = pqencryptpassword(data['newPassword'],
+                                                 manager.user)
+            else:
+                password = pqencryptpassword(data['newPassword'], manager.user)
 
             SQL = render_template(
                 "/servers/sql/#{0}#/change_password.sql".format(

web/pgadmin/utils/driver/psycopg2/connection.py

@@ -143,6 +143,10 @@ class Connection(BaseConnection):
     * get_notifies()
       - This function will returns list of notifies received from database
         server.
+
+    * pq_encrypt_password_conn()
+      - This function will return the encrypted password for database server
+      - greater than or equal to 10.
     """
 
     def __init__(self, manager, conn_id, db, auto_reconnect=True, async=0,
@@ -1814,3 +1818,38 @@ Failed to reset the connection to the server due to following error:
                          } for notify in self.__notifies
                         ]
         return notifies
+
+    def pq_encrypt_password_conn(self, password, user):
+        """
+        This function will return the encrypted password for database server
+        greater than or equal to 10
+        :param password: password to be encrypted
+        :param user: user of the database server
+        :return:
+        """
+        enc_password = None
+        if psycopg2.__libpq_version__ >= 100000 and \
+                hasattr(psycopg2.extensions, 'encrypt_password'):
+            if self.connected():
+                status, enc_algorithm = \
+                    self.execute_scalar("SHOW password_encryption")
+                if status:
+                    enc_password = psycopg2.extensions.encrypt_password(
+                        password=password, user=user, scope=self.conn,
+                        algorithm=enc_algorithm
+                    )
+        elif psycopg2.__libpq_version__ < 100000:
+            current_app.logger.warning(
+                u"To encrypt passwords the required libpq version is "
+                u"greater than or equal to 100000. Current libpq version "
+                u"is {curr_ver}".format(
+                    curr_ver=psycopg2.__libpq_version__
+                )
+            )
+        elif not hasattr(psycopg2.extensions, 'encrypt_password'):
+            current_app.logger.warning(
+                u"The psycopg2.extensions module does not have the"
+                u"'encrypt_password' method."
+            )
+
+        return enc_password