Limit the keyring calls based on save_password flag of server config.

2025-01-07 22:53:45 -06:00 · 2024-01-08 14:04:38 +05:30 · 2024-01-08 14:04:38 +05:30 · 26ec59ab5f
commit 26ec59ab5f
parent 30509d1bc1
3 changed files with 22 additions and 13 deletions
--- a/web/pgadmin/browser/init.py
+++ b/web/pgadmin/browser/init.py
@ -724,18 +724,19 @@ def set_master_password():

        try:
            all_server = Server.query.all()
+            saved_password_servers = [server for server in all_server if
+                                      server.save_password]
            # pgAdmin will use the OS password manager to store the server
            # password, here migrating the existing saved server password to
            # OS password manager
-            if keyring.get_password(
+            if len(saved_password_servers) > 0 and (keyring.get_password(
                    KEY_RING_SERVICE_NAME, KEY_RING_DESKTOP_USER.format(
-                        desktop_user.username)) or enc_key:
+                        desktop_user.username)) or enc_key):
                is_migrated = False

-                for server in all_server:
+                for server in saved_password_servers:
                    if enc_key:
-                        if server.password and config.ALLOW_SAVE_PASSWORD \
-                                and server.save_password:
+                        if server.password and config.ALLOW_SAVE_PASSWORD:
                            name = KEY_RING_USERNAME_FORMAT.format(server.name,
                                                                   server.id)
                            password = decrypt(server.password,
--- a/web/pgadmin/browser/server_groups/servers/init.py
+++ b/web/pgadmin/browser/server_groups/servers/init.py
@ -1519,14 +1519,21 @@ class ServerNode(PGChildNodeView):
        conn = manager.connection()

        crypt_key = None
-        if config.DISABLED_LOCAL_PASSWORD_STORAGE or \
-                not keyring.get_password(KEY_RING_SERVICE_NAME,
-                                         KEY_RING_DESKTOP_USER.format(
-                                             current_user.username)):
-            # Get enc key
-            crypt_key_present, crypt_key = get_crypt_key()
-            if not crypt_key_present:
-                raise CryptKeyMissing
+        if server.save_password:
+            if config.DISABLED_LOCAL_PASSWORD_STORAGE or \
+                not keyring.get_password(
+                    KEY_RING_SERVICE_NAME,
+                    KEY_RING_DESKTOP_USER.format(current_user.username)):
+                crypt_key_present, crypt_key = get_crypt_key()
+                if not crypt_key_present:
+                    raise CryptKeyMissing
+
+        else:
+            if config.DISABLED_LOCAL_PASSWORD_STORAGE:
+                # Get enc key
+                crypt_key_present, crypt_key = get_crypt_key()
+                if not crypt_key_present:
+                    raise CryptKeyMissing

        # If server using SSH Tunnel
        if server.use_ssh_tunnel:
--- a/web/pgadmin/browser/server_groups/servers/tests/test_check_ssh_mock_connect.py
+++ b/web/pgadmin/browser/server_groups/servers/tests/test_check_ssh_mock_connect.py
@ -74,6 +74,7 @@ class ServersSSHConnectTestCase(BaseTestGenerator):
                    self.tunnel_password = tunnel_password
                    self.tunnel_keep_alive = tunnel_keep_alive
                    self.service = service
+                    self.save_password = 0
                    self.shared = None

            mock_server_obj = TestMockServer(