IntenseWebs/pgadmin4
3
0
Fork 0
mirror of https://github.com/pgadmin-org/pgadmin4.git synced 2025-02-10 23:45:58 -06:00
Code Issues Packages Projects Releases Wiki Activity

Ensure that master password is validated before migrating the passwords to OS secret storage and stopped. #5123

Browse Source
This commit is contained in:
Nikhil Mohite 2023-05-22 14:06:50 +05:30 committed by GitHub
parent 87c1023c4f
commit 48dd32f0e4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 24 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
web/pgadmin/browser/__init__.py
View File

@ -55,7 +55,7 @@ from pgadmin.browser.register_browser_preferences import \
from pgadmin.utils.master_password import validate_master_password, \ from pgadmin.utils.master_password import validate_master_password, \
set_masterpass_check_text, cleanup_master_password, get_crypt_key, \ set_masterpass_check_text, cleanup_master_password, get_crypt_key, \
set_crypt_key, process_masterpass_disabled set_crypt_key, process_masterpass_disabled
from pgadmin.model import User from pgadmin.model import User, db
from pgadmin.utils.constants import MIMETYPE_APP_JS, PGADMIN_NODE,\ from pgadmin.utils.constants import MIMETYPE_APP_JS, PGADMIN_NODE,\
INTERNAL, KERBEROS, LDAP, QT_DEFAULT_PLACEHOLDER, OAUTH2, WEBSERVER,\ INTERNAL, KERBEROS, LDAP, QT_DEFAULT_PLACEHOLDER, OAUTH2, WEBSERVER,\
VW_EDT_DEFAULT_PLACEHOLDER VW_EDT_DEFAULT_PLACEHOLDER
@ -786,6 +786,12 @@ def reset_master_password():
Removes the master password and remove all saved passwords Removes the master password and remove all saved passwords
This password will be used to encrypt/decrypt saved server passwords This password will be used to encrypt/decrypt saved server passwords
""" """
if not config.DISABLED_LOCAL_PASSWORD_STORAGE:
# This is to set the Desktop user password so it will not ask for
# migrate exiting passwords as those are getting cleared
keyring.set_password(KEY_RING_SERVICE_NAME,
KEY_RING_DESKTOP_USER.format(
current_user.username), 'test')
cleanup_master_password() cleanup_master_password()
return make_json_response(data=get_crypt_key()[0]) return make_json_response(data=get_crypt_key()[0])
@ -811,6 +817,13 @@ def set_master_password():
data = json.loads(data) data = json.loads(data)
if not config.DISABLED_LOCAL_PASSWORD_STORAGE: if not config.DISABLED_LOCAL_PASSWORD_STORAGE:
if data.get('password') and \
not validate_master_password(data.get('password')):
return form_master_password_response(
present=False,
is_keyring=True,
errmsg=gettext("Incorrect master password")
)
from pgadmin.model import Server from pgadmin.model import Server
from pgadmin.utils.crypto import decrypt from pgadmin.utils.crypto import decrypt
desktop_user = current_user desktop_user = current_user
@ -832,7 +845,9 @@ def set_master_password():
# Store the password using OS password manager # Store the password using OS password manager
keyring.set_password(KEY_RING_SERVICE_NAME, name, keyring.set_password(KEY_RING_SERVICE_NAME, name,
password) password)
setattr(server, 'password', password) setattr(server, 'password', None)
db.session.commit()
# Store the password using OS password manager # Store the password using OS password manager
keyring.set_password(KEY_RING_SERVICE_NAME, keyring.set_password(KEY_RING_SERVICE_NAME,

6
web/pgadmin/static/js/Dialogs/MasterPasswordContent.jsx
View File

@ -67,7 +67,7 @@ export default function MasterPasswordContent({ closeModal, onResetPassowrd, onO
</span> </span>
<br /> <br />
<span style={{ fontWeight: 'bold' }}> <span style={{ fontWeight: 'bold' }}>
{gettext('This is required to migrate the existing saved Server password and SSH tunnel password to OS password manager, as pgAdmin 4 will now use the OS password manager in Desktop mode from version 7.2')} {gettext('This is required to migrate the existing saved Server password and SSH tunnel password to OS password manager, as pgAdmin 4 will now use the OS password manager in Desktop mode.')}
</span> </span>
</Box> </Box>
<Box marginTop='12px'> <Box marginTop='12px'>
@ -106,9 +106,9 @@ export default function MasterPasswordContent({ closeModal, onResetPassowrd, onO
window.open(_url, 'pgadmin_help'); window.open(_url, 'pgadmin_help');
}} > }} >
</PgIconButton> </PgIconButton>
{isPWDPresent && !isKeyring && {isPWDPresent &&
<DefaultButton data-test="reset-masterpassword" style={{ marginLeft: '0.5rem' }} startIcon={<DeleteForeverIcon />} <DefaultButton data-test="reset-masterpassword" style={{ marginLeft: '0.5rem' }} startIcon={<DeleteForeverIcon />}
onClick={() => {onResetPassowrd?.();}} > onClick={() => {onResetPassowrd?.(isKeyring);}} >
{gettext('Reset Master Password')} {gettext('Reset Master Password')}
</DefaultButton> </DefaultButton>
} }

6
web/pgadmin/static/js/Dialogs/index.jsx
View File

@ -186,7 +186,7 @@ export function showMasterPassword(isPWDPresent, errmsg, masterpass_callback_que
closeModal={() => { closeModal={() => {
onClose(); onClose();
}} }}
onResetPassowrd={()=>{ onResetPassowrd={(isKeyRing=false)=>{
Notify.confirm(gettext('Reset Master Password'), Notify.confirm(gettext('Reset Master Password'),
gettext('This will remove all the saved passwords. This will also remove established connections to ' gettext('This will remove all the saved passwords. This will also remove established connections to '
+ 'the server and you may need to reconnect again. Do you wish to continue?'), + 'the server and you may need to reconnect again. Do you wish to continue?'),
@ -196,7 +196,9 @@ export function showMasterPassword(isPWDPresent, errmsg, masterpass_callback_que
api.delete(_url) api.delete(_url)
.then(() => { .then(() => {
onClose(); onClose();
showMasterPassword(false, null, masterpass_callback_queue, cancel_callback); if(!isKeyRing) {
showMasterPassword(false, null, masterpass_callback_queue, cancel_callback);
}
}) })
.catch((err) => { .catch((err) => {
Notify.error(err.message); Notify.error(err.message);