Added support to connect PostgreSQL servers via Kerberos authentication. Fixes #6158

2025-02-25 18:55:31 -06:00 · 2021-05-03 16:10:45 +05:30
parent aa9a4c30d3
commit 72f3730c34
28 changed files with 509 additions and 90 deletions
--- a/web/pgadmin/tools/user_management/init.py
+++ b/web/pgadmin/tools/user_management/init.py
@@ -25,7 +25,7 @@ from pgadmin.utils.ajax import make_response as ajax_response, \
    make_json_response, bad_request, internal_server_error, forbidden
 from pgadmin.utils.csrf import pgCSRFProtect
 from pgadmin.utils.constants import MIMETYPE_APP_JS, INTERNAL,\
-    SUPPORTED_AUTH_SOURCES, KERBEROS
+    SUPPORTED_AUTH_SOURCES, KERBEROS, LDAP
 from pgadmin.utils.validation_utils import validate_email
 from pgadmin.model import db, Role, User, UserPreference, Server, \
    ServerGroup, Process, Setting, roles_users, SharedServer
@@ -157,7 +157,6 @@ def script():
@pgCSRFProtect.exempt
@login_required
 def current_user_info():
-
    return Response(
        response=render_template(
            "user_management/js/current_user.js",
@@ -176,7 +175,9 @@ def current_user_info():
            allow_save_tunnel_password='true' if
            config.ALLOW_SAVE_TUNNEL_PASSWORD and session[
                'allow_save_password'] else 'false',
-            auth_sources=config.AUTHENTICATION_SOURCES
+            auth_sources=config.AUTHENTICATION_SOURCES,
+            current_auth_source=session['_auth_source_manager_obj'][
+                'current_source'] if config.SERVER_MODE is True else INTERNAL
        ),
        status=200,
        mimetype=MIMETYPE_APP_JS
--- a/web/pgadmin/tools/user_management/static/js/user_management.js
+++ b/web/pgadmin/tools/user_management/static/js/user_management.js
@@ -10,11 +10,11 @@
 define([
  'sources/gettext', 'sources/url_for', 'jquery', 'underscore', 'pgadmin.alertifyjs',
  'pgadmin.browser', 'backbone', 'backgrid', 'backform', 'pgadmin.browser.node', 'pgadmin.backform',
-  'pgadmin.user_management.current_user', 'sources/utils',
+  'pgadmin.user_management.current_user', 'sources/utils', 'pgadmin.browser.constants',
  'backgrid.select.all', 'backgrid.filter',
 ], function(
  gettext, url_for, $, _, alertify, pgBrowser, Backbone, Backgrid, Backform,
-  pgNode, pgBackform, userInfo, commonUtils,
+  pgNode, pgBackform, userInfo, commonUtils, pgConst,
 ) {

  // if module is already initialized, refer to that.
@@ -25,7 +25,9 @@ define([
  var USERURL = url_for('user_management.users'),
    ROLEURL = url_for('user_management.roles'),
    SOURCEURL = url_for('user_management.auth_sources'),
-    DEFAULT_AUTH_SOURCE = 'internal',
+    DEFAULT_AUTH_SOURCE = pgConst['INTERNAL'],
+    LDAP = pgConst['LDAP'],
+    KERBEROS = pgConst['KERBEROS'],
    AUTH_ONLY_INTERNAL = (userInfo['auth_sources'].length  == 1 && userInfo['auth_sources'].includes(DEFAULT_AUTH_SOURCE)) ? true : false,
    userFilter = function(collection) {
      return (new Backgrid.Extension.ClientSideFilter({
@@ -589,7 +591,17 @@ define([
              }
            } else {
              if (!!this.get('username') && this.collection.nonFilter.where({
-                'username': this.get('username'), 'auth_source': 'ldap',
+                'username': this.get('username'), 'auth_source': LDAP,
+              }).length > 1) {
+                errmsg = gettext('The username %s already exists.',
+                  this.get('username')
+                );
+
+                this.errorModel.set('username', errmsg);
+                return errmsg;
+              }
+              else if (!!this.get('username') && this.collection.nonFilter.where({
+                'username': this.get('username'), 'auth_source': KERBEROS,
              }).length > 1) {
                errmsg = gettext('The username %s already exists.',
                  this.get('username')
@@ -1041,7 +1053,7 @@ define([
                  saveUser: function(m) {
                    var d = m.toJSON(true);

-                    if((m.isNew() && m.get('auth_source') == 'ldap' && (!m.get('username') || !m.get('auth_source') || !m.get('role')))
+                    if((m.isNew() && (m.get('auth_source') == LDAP || m.get('auth_source') == KERBEROS) && (!m.get('username') || !m.get('auth_source') || !m.get('role')))
                      || (m.isNew() && m.get('auth_source') == DEFAULT_AUTH_SOURCE &&  (!m.get('email') || !m.get('role') ||
                          !m.get('newPassword') || !m.get('confirmPassword') || m.get('newPassword') != m.get('confirmPassword')))
                      || (!m.isNew() && m.get('newPassword') != m.get('confirmPassword'))) {
--- a/web/pgadmin/tools/user_management/templates/user_management/js/current_user.js
+++ b/web/pgadmin/tools/user_management/templates/user_management/js/current_user.js
@@ -15,6 +15,7 @@ define('pgadmin.user_management.current_user', [], function() {
        'name': '{{ name }}',
        'allow_save_password': {{ allow_save_password }},
        'allow_save_tunnel_password': {{ allow_save_tunnel_password }},
-        'auth_sources': {{ auth_sources }}
+        'auth_sources': {{ auth_sources }},
+        'current_auth_source': '{{ current_auth_source }}'
    }
 });