From 26ec59ab5f34d6b9bbcc5fa78a92157b3fc1647e Mon Sep 17 00:00:00 2001 From: Nikhil Mohite Date: Mon, 8 Jan 2024 14:04:38 +0530 Subject: [PATCH] Limit the keyring calls based on save_password flag of server config. --- web/pgadmin/browser/__init__.py | 11 +++++---- .../browser/server_groups/servers/__init__.py | 23 ++++++++++++------- .../tests/test_check_ssh_mock_connect.py | 1 + 3 files changed, 22 insertions(+), 13 deletions(-) diff --git a/web/pgadmin/browser/__init__.py b/web/pgadmin/browser/__init__.py index eb25b7f57..8c5bd777d 100644 --- a/web/pgadmin/browser/__init__.py +++ b/web/pgadmin/browser/__init__.py @@ -724,18 +724,19 @@ def set_master_password(): try: all_server = Server.query.all() + saved_password_servers = [server for server in all_server if + server.save_password] # pgAdmin will use the OS password manager to store the server # password, here migrating the existing saved server password to # OS password manager - if keyring.get_password( + if len(saved_password_servers) > 0 and (keyring.get_password( KEY_RING_SERVICE_NAME, KEY_RING_DESKTOP_USER.format( - desktop_user.username)) or enc_key: + desktop_user.username)) or enc_key): is_migrated = False - for server in all_server: + for server in saved_password_servers: if enc_key: - if server.password and config.ALLOW_SAVE_PASSWORD \ - and server.save_password: + if server.password and config.ALLOW_SAVE_PASSWORD: name = KEY_RING_USERNAME_FORMAT.format(server.name, server.id) password = decrypt(server.password, diff --git a/web/pgadmin/browser/server_groups/servers/__init__.py b/web/pgadmin/browser/server_groups/servers/__init__.py index 03905352a..904a3134f 100644 --- a/web/pgadmin/browser/server_groups/servers/__init__.py +++ b/web/pgadmin/browser/server_groups/servers/__init__.py @@ -1519,14 +1519,21 @@ class ServerNode(PGChildNodeView): conn = manager.connection() crypt_key = None - if config.DISABLED_LOCAL_PASSWORD_STORAGE or \ - not keyring.get_password(KEY_RING_SERVICE_NAME, - KEY_RING_DESKTOP_USER.format( - current_user.username)): - # Get enc key - crypt_key_present, crypt_key = get_crypt_key() - if not crypt_key_present: - raise CryptKeyMissing + if server.save_password: + if config.DISABLED_LOCAL_PASSWORD_STORAGE or \ + not keyring.get_password( + KEY_RING_SERVICE_NAME, + KEY_RING_DESKTOP_USER.format(current_user.username)): + crypt_key_present, crypt_key = get_crypt_key() + if not crypt_key_present: + raise CryptKeyMissing + + else: + if config.DISABLED_LOCAL_PASSWORD_STORAGE: + # Get enc key + crypt_key_present, crypt_key = get_crypt_key() + if not crypt_key_present: + raise CryptKeyMissing # If server using SSH Tunnel if server.use_ssh_tunnel: diff --git a/web/pgadmin/browser/server_groups/servers/tests/test_check_ssh_mock_connect.py b/web/pgadmin/browser/server_groups/servers/tests/test_check_ssh_mock_connect.py index 07d173dce..16a13b674 100644 --- a/web/pgadmin/browser/server_groups/servers/tests/test_check_ssh_mock_connect.py +++ b/web/pgadmin/browser/server_groups/servers/tests/test_check_ssh_mock_connect.py @@ -74,6 +74,7 @@ class ServersSSHConnectTestCase(BaseTestGenerator): self.tunnel_password = tunnel_password self.tunnel_keep_alive = tunnel_keep_alive self.service = service + self.save_password = 0 self.shared = None mock_server_obj = TestMockServer(