IntenseWebs/pgadmin4
3
0
Fork 0
mirror of https://github.com/pgadmin-org/pgadmin4.git synced 2025-02-25 18:55:31 -06:00
Code Issues Packages Projects Releases Wiki Activity

Ensure CSRF errors handled to return unauthorized response. #8065

Browse Source
This commit is contained in:
Yogesh Mahajan 2024-12-05 16:54:35 +05:30 committed by GitHub
parent e2c20b5022
commit 22b89265d6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
web/pgadmin/__init__.py
View File

@ -36,6 +36,7 @@ from werkzeug.datastructures import ImmutableDict
from werkzeug.local import LocalProxy from werkzeug.local import LocalProxy
from werkzeug.utils import find_modules from werkzeug.utils import find_modules
from jinja2 import select_autoescape from jinja2 import select_autoescape
from flask_wtf.csrf import CSRFError
from pgadmin.model import db, Role, Server, SharedServer, ServerGroup, \ from pgadmin.model import db, Role, Server, SharedServer, ServerGroup, \
User, Keys, Version, SCHEMA_VERSION as CURRENT_SCHEMA_VERSION User, Keys, Version, SCHEMA_VERSION as CURRENT_SCHEMA_VERSION
@ -45,7 +46,8 @@ from pgadmin.utils.session import create_session_interface, pga_unauthorised
from pgadmin.utils.versioned_template_loader import VersionedTemplateLoader from pgadmin.utils.versioned_template_loader import VersionedTemplateLoader
from datetime import timedelta, datetime from datetime import timedelta, datetime
from pgadmin.setup import get_version, set_version, check_db_tables from pgadmin.setup import get_version, set_version, check_db_tables
from pgadmin.utils.ajax import internal_server_error, make_json_response from pgadmin.utils.ajax import internal_server_error, make_json_response, \
unauthorized
from pgadmin.utils.csrf import pgCSRFProtect from pgadmin.utils.csrf import pgCSRFProtect
from pgadmin import authenticate from pgadmin import authenticate
from pgadmin.utils.security_headers import SecurityHeaders from pgadmin.utils.security_headers import SecurityHeaders
@ -915,13 +917,16 @@ def create_app(app_name=None):
@app.errorhandler(HTTPException) @app.errorhandler(HTTPException)
def http_exception_handler(e): def http_exception_handler(e):
current_app.logger.error(e, exc_info=True) current_app.logger.error(e, exc_info=True)
if e.code == 400 and\
e.description == 'The CSRF session token is missing.':
error = str(e.description) + 'Please refresh the page.'
return internal_server_error(errormsg=gettext(error))
return e return e
# Intialize the key manager # Send unauthorized response if CSRF errors occurs.
@app.errorhandler(CSRFError)
def handle_csrf_error(error):
err_msg = str(error.description) + \
gettext(' You need to refresh the page.')
return unauthorized(errormsg=err_msg)
# Initialize the key manager
app.keyManager = KeyManager() app.keyManager = KeyManager()
########################################################################## ##########################################################################