Ensure that master password is validated before migrating the passwords to OS secret storage and stopped. #5123

2025-02-10 07:26:01 -06:00 · 2023-05-22 14:06:50 +05:30 · 2023-05-22 14:06:50 +05:30 · 48dd32f0e4
commit 48dd32f0e4
parent 87c1023c4f
3 changed files with 24 additions and 7 deletions
--- a/web/pgadmin/browser/init.py
+++ b/web/pgadmin/browser/init.py
@ -55,7 +55,7 @@ from pgadmin.browser.register_browser_preferences import \
 from pgadmin.utils.master_password import validate_master_password, \
    set_masterpass_check_text, cleanup_master_password, get_crypt_key, \
    set_crypt_key, process_masterpass_disabled
-from pgadmin.model import User
+from pgadmin.model import User, db
 from pgadmin.utils.constants import MIMETYPE_APP_JS, PGADMIN_NODE,\
    INTERNAL, KERBEROS, LDAP, QT_DEFAULT_PLACEHOLDER, OAUTH2, WEBSERVER,\
    VW_EDT_DEFAULT_PLACEHOLDER
@ -786,6 +786,12 @@ def reset_master_password():
    Removes the master password and remove all saved passwords
    This password will be used to encrypt/decrypt saved server passwords
    """
+    if not config.DISABLED_LOCAL_PASSWORD_STORAGE:
+        # This is to set the Desktop user password so it will not ask for
+        # migrate exiting passwords as those are getting cleared
+        keyring.set_password(KEY_RING_SERVICE_NAME,
+                             KEY_RING_DESKTOP_USER.format(
+                                 current_user.username), 'test')
    cleanup_master_password()
    return make_json_response(data=get_crypt_key()[0])

@ -811,6 +817,13 @@ def set_master_password():
            data = json.loads(data)

    if not config.DISABLED_LOCAL_PASSWORD_STORAGE:
+        if data.get('password') and \
+                not validate_master_password(data.get('password')):
+            return form_master_password_response(
+                present=False,
+                is_keyring=True,
+                errmsg=gettext("Incorrect master password")
+            )
        from pgadmin.model import Server
        from pgadmin.utils.crypto import decrypt
        desktop_user = current_user
@ -832,7 +845,9 @@ def set_master_password():
                        # Store the password using OS password manager
                        keyring.set_password(KEY_RING_SERVICE_NAME, name,
                                             password)
-                        setattr(server, 'password', password)
+                        setattr(server, 'password', None)
+
+                db.session.commit()

                # Store the password using OS password manager
                keyring.set_password(KEY_RING_SERVICE_NAME,
--- a/web/pgadmin/static/js/Dialogs/MasterPasswordContent.jsx
+++ b/web/pgadmin/static/js/Dialogs/MasterPasswordContent.jsx
@ -67,7 +67,7 @@ export default function MasterPasswordContent({ closeModal, onResetPassowrd, onO
            </span>
            <br />
            <span style={{ fontWeight: 'bold' }}>
-              {gettext('This is required to migrate the existing saved Server password and SSH tunnel password to OS password manager, as pgAdmin 4 will now use the OS password manager in Desktop mode from version 7.2')}
+              {gettext('This is required to migrate the existing saved Server password and SSH tunnel password to OS password manager, as pgAdmin 4 will now use the OS password manager in Desktop mode.')}
            </span>
          </Box>
          <Box marginTop='12px'>
@ -106,9 +106,9 @@ export default function MasterPasswordContent({ closeModal, onResetPassowrd, onO
            window.open(_url, 'pgadmin_help');
          }} >
          </PgIconButton>
-          {isPWDPresent && !isKeyring &&
+          {isPWDPresent &&
            <DefaultButton data-test="reset-masterpassword" style={{ marginLeft: '0.5rem' }} startIcon={<DeleteForeverIcon />}
-              onClick={() => {onResetPassowrd?.();}} >
+              onClick={() => {onResetPassowrd?.(isKeyring);}} >
              {gettext('Reset Master Password')}
            </DefaultButton>
          }
--- a/web/pgadmin/static/js/Dialogs/index.jsx
+++ b/web/pgadmin/static/js/Dialogs/index.jsx
@ -186,7 +186,7 @@ export function showMasterPassword(isPWDPresent, errmsg, masterpass_callback_que
        closeModal={() => {
          onClose();
        }}
-        onResetPassowrd={()=>{
+        onResetPassowrd={(isKeyRing=false)=>{
          Notify.confirm(gettext('Reset Master Password'),
            gettext('This will remove all the saved passwords. This will also remove established connections to '
            + 'the server and you may need to reconnect again. Do you wish to continue?'),
@ -196,7 +196,9 @@ export function showMasterPassword(isPWDPresent, errmsg, masterpass_callback_que
              api.delete(_url)
                .then(() => {
                  onClose();
-                  showMasterPassword(false, null, masterpass_callback_queue, cancel_callback);
+                  if(!isKeyRing) {
+                    showMasterPassword(false, null, masterpass_callback_queue, cancel_callback);
+                  }
                })
                .catch((err) => {
                  Notify.error(err.message);