Fixed CSRF security vulnerability issue. per Alvin Lindstam. Fixes #4217

Initial patch by: Khushboo Vashi Modified by: Ashesh Vashi and Murtuza Zabuawala
2025-02-25 18:55:31 -06:00 · 2019-05-28 10:59:51 +05:30
parent 90a45557b9
commit 6f0eafb223
36 changed files with 387 additions and 124 deletions
--- a/web/pgadmin/browser/tests/utils.py
+++ b/web/pgadmin/browser/tests/utils.py
@@ -13,15 +13,18 @@ def change_password(self):
        '/browser/change_password', follow_redirects=True
    )
    self.assertTrue(
-        'pgAdmin 4 Password Change' in response.data.decode('utf-8')
+        'Password Change' in response.data.decode('utf-8')
    )

+    csrf_token = self.tester.fetch_csrf(response)
+
    response = self.tester.post(
        '/browser/change_password',
        data=dict(
            password=self.password,
            new_password=self.new_password,
-            new_password_confirm=self.new_password_confirm
+            new_password_confirm=self.new_password_confirm,
+            csrf_token=csrf_token,
        ),
        follow_redirects=True
    )