Fixed sonaqube security smells and bugs

1. Delete unreachable code or refactor the code to make it reachable. 2. Unexpected var, use let or const instead. 3. Remove useless assignment to variable. 4. Define a constant instead of duplicating the literal 5. Remove commented out code
2025-02-25 18:55:31 -06:00 · 2023-07-10 10:36:15 +05:30
parent 9aa116bf3f
commit 62056cab14
14 changed files with 27 additions and 60 deletions
--- a/web/pgadmin/authenticate/mfa/authenticator.py
+++ b/web/pgadmin/authenticate/mfa/authenticator.py
@@ -29,6 +29,7 @@ from pgadmin.utils.constants import MessageType

 _TOTP_AUTH_METHOD = "authenticator"
 _TOTP_AUTHENTICATOR = _("Authenticator App")
+_OTP_PLACEHOLDER = _("Enter code")


 class TOTPAuthenticator(BaseMFAuth):
@@ -113,7 +114,7 @@ class TOTPAuthenticator(BaseMFAuth):
        if totp.verify(code) is False:
            raise ValidationException("Invalid Code")

-    def validation_view(self) -> str:
+    def validation_view(self) -> dict:
        """
        Generate the portion of the view to render on the authentication page

@@ -125,10 +126,10 @@ class TOTPAuthenticator(BaseMFAuth):
                "Enter the code shown in your authenticator application for "
                "TOTP (Time-based One-Time Password)"
            ),
-            otp_placeholder=_("Enter code"),
+            otp_placeholder=_OTP_PLACEHOLDER,
        )

-    def _registration_view(self) -> str:
+    def _registration_view(self) -> dict:
        """
        Internal function to generate a view for the registration page.

@@ -164,31 +165,7 @@ class TOTPAuthenticator(BaseMFAuth):
            auth_description=_(
                "Scan the QR code and the enter the code from the "
                "TOTP Authenticator application"
-            ), otp_placeholder=_("Enter code")
-        )
-
-        return "".join([
-            "<h5 class='form-group text-center'>{auth_title}</h5>",
-            "<input type='hidden' name='{auth_method}' value='SETUP'/>",
-            "<input type='hidden' name='VALIDATE' value='validate'/>",
-            "<img src='data:image/jpeg;base64,{image}'" +
-            " alt='{qrcode_alt_text}' class='w-100'/>",
-            "<div class='form-group pt-3'>{auth_description}</div>",
-            "<div class='form-group'>",
-            "<input class='form-control' " +
-            " placeholder='{otp_placeholder}' name='code'" +
-            " type='password' autofocus='' autocomplete='one-time-code'" +
-            " pattern='\\d*' require>",
-            "</div>",
-        ]).format(
-            auth_title=_(_TOTP_AUTHENTICATOR),
-            auth_method=_TOTP_AUTH_METHOD,
-            image=img_base64.decode("utf-8"),
-            qrcode_alt_text=_("TOTP Authenticator QRCode"),
-            auth_description=_(
-                "Scan the QR code and the enter the code from the "
-                "TOTP Authenticator application"
-            ), otp_placeholder=_("Enter code")
+            ), otp_placeholder=_OTP_PLACEHOLDER
        )

    def registration_view(self, form_data) -> Union[str, None]: