From 30e96733752ab5168a84c29c8616c70c74b29563 Mon Sep 17 00:00:00 2001 From: Richard Yen Date: Fri, 25 Oct 2019 13:55:07 +0100 Subject: [PATCH] Give appropriate error messages when the user tries to use an blank master password. Fixes #4341 --- docs/en_US/release_notes_4_15.rst | 1 + web/pgadmin/browser/__init__.py | 22 ++++++++++++++-------- web/pgadmin/browser/static/js/browser.js | 5 +++-- 3 files changed, 18 insertions(+), 10 deletions(-) diff --git a/docs/en_US/release_notes_4_15.rst b/docs/en_US/release_notes_4_15.rst index c8026e8d0..649386fb4 100644 --- a/docs/en_US/release_notes_4_15.rst +++ b/docs/en_US/release_notes_4_15.rst @@ -20,6 +20,7 @@ Bug fixes | `Issue #3789 `_ - Ensure context menus never get hidden below the menu bar. | `Issue #3913 `_ - Ensure the correct "running at" agent is shown when a pgAgent job is executing. +| `Issue #4341 `_ - Give appropriate error messages when the user tries to use an blank master password. | `Issue #4459 `_ - Don't quote bigints when copying them from the Query Tool results grid. | `Issue #4482 `_ - Ensure compression level is passed to pg_dump when backing up in directory format. | `Issue #4483 `_ - Ensure the number of jobs can be specified when backing up in directory format. diff --git a/web/pgadmin/browser/__init__.py b/web/pgadmin/browser/__init__.py index 3b20f2460..c5b339048 100644 --- a/web/pgadmin/browser/__init__.py +++ b/web/pgadmin/browser/__init__.py @@ -792,15 +792,16 @@ def set_master_password(): # Master password is not applicable for server mode if not config.SERVER_MODE and config.MASTER_PASSWORD_REQUIRED: + # if master pass is set previously + if current_user.masterpass_check is not None: + if data.get('button_click') and not validate_master_password(data.get('password')): + return form_master_password_response( + existing=True, + present=False, + errmsg=gettext("Incorrect master password") + ) + if data != '' and data.get('password', '') != '': - # if master pass is set previously - if current_user.masterpass_check is not None: - if not validate_master_password(data.get('password')): - return form_master_password_response( - existing=True, - present=False, - errmsg=gettext("Incorrect master password") - ) # store the master pass in the memory set_crypt_key(data.get('password')) @@ -827,9 +828,14 @@ def set_master_password(): present=False, ) elif not get_crypt_key()[0]: + error_message = None + if data.get('button_click') and data.get('password') == '': + # If user attempted to enter a blank password, then throw error + error_message = gettext("Master password cannot be empty") return form_master_password_response( existing=False, present=False, + errmsg=error_message ) # if master password is disabled now, but was used once then diff --git a/web/pgadmin/browser/static/js/browser.js b/web/pgadmin/browser/static/js/browser.js index 7cedd1ca9..8a258478e 100644 --- a/web/pgadmin/browser/static/js/browser.js +++ b/web/pgadmin/browser/static/js/browser.js @@ -605,7 +605,7 @@ define('pgadmin.browser', [ /* OK Button */ self.set_master_password( $('#frmMasterPassword #password').val(), - parentDialog.set_callback, + true,parentDialog.set_callback, ); } else if(event.index == 2) { /* Cancel button */ @@ -677,12 +677,13 @@ define('pgadmin.browser', [ }); }, - set_master_password: function(password='', set_callback=()=>{}) { + set_master_password: function(password='', button_click=false, set_callback=()=>{}) { let data=null, self = this; if(password != null || password!='') { data = JSON.stringify({ 'password': password, + 'button_click': button_click, }); }