Added support for OAuth 2 authentication. Fixes #5940

Initial patch sent by: Florian Sabonchi
2025-02-25 18:55:31 -06:00 · 2021-07-06 13:22:58 +05:30
parent fff4060b31
commit 48ca83f31d
35 changed files with 750 additions and 227 deletions
--- a/web/pgadmin/tools/user_management/init.py
+++ b/web/pgadmin/tools/user_management/init.py
@@ -176,7 +176,7 @@ def current_user_info():
            config.ALLOW_SAVE_TUNNEL_PASSWORD and session[
                'allow_save_password'] else 'false',
            auth_sources=config.AUTHENTICATION_SOURCES,
-            current_auth_source=session['_auth_source_manager_obj'][
+            current_auth_source=session['auth_source_manager'][
                'current_source'] if config.SERVER_MODE is True else INTERNAL
        ),
        status=200,
--- a/web/pgadmin/tools/user_management/static/js/user_management.js
+++ b/web/pgadmin/tools/user_management/static/js/user_management.js
@@ -28,6 +28,7 @@ define([
    DEFAULT_AUTH_SOURCE = pgConst['INTERNAL'],
    LDAP = pgConst['LDAP'],
    KERBEROS = pgConst['KERBEROS'],
+    OAUTH2 = pgConst['OAUTH2'],
    AUTH_ONLY_INTERNAL = (userInfo['auth_sources'].length  == 1 && userInfo['auth_sources'].includes(DEFAULT_AUTH_SOURCE)) ? true : false,
    userFilter = function(collection) {
      return (new Backgrid.Extension.ClientSideFilter({
@@ -607,6 +608,16 @@ define([
                  this.get('username')
                );

+                this.errorModel.set('username', errmsg);
+                return errmsg;
+              }
+              else if (!!this.get('username') && this.collection.nonFilter.where({
+                'username': this.get('username'), 'auth_source': OAUTH2,
+              }).length > 1) {
+                errmsg = gettext('The username %s already exists.',
+                  this.get('username')
+                );
+
                this.errorModel.set('username', errmsg);
                return errmsg;
              }
@@ -1053,7 +1064,7 @@ define([
                  saveUser: function(m) {
                    var d = m.toJSON(true);

-                    if((m.isNew() && (m.get('auth_source') == LDAP || m.get('auth_source') == KERBEROS) && (!m.get('username') || !m.get('auth_source') || !m.get('role')))
+                    if((m.isNew() && (m.get('auth_source') == LDAP || m.get('auth_source') == KERBEROS || m.get('auth_source') == OAUTH2) && (!m.get('username') || !m.get('auth_source') || !m.get('role')))
                      || (m.isNew() && m.get('auth_source') == DEFAULT_AUTH_SOURCE &&  (!m.get('email') || !m.get('role') ||
                          !m.get('newPassword') || !m.get('confirmPassword') || m.get('newPassword') != m.get('confirmPassword')))
                      || (!m.isNew() && m.get('newPassword') != m.get('confirmPassword'))) {