Fixed an issue where even if the user is locked, he can reset the password and can login into pgAdmin. Fixes #6664

2025-02-25 18:55:31 -06:00 · 2021-08-09 14:24:26 +05:30
parent 5e3aa305fd
commit 78b041465e
3 changed files with 13 additions and 3 deletions
--- a/web/pgadmin/authenticate/init.py
+++ b/web/pgadmin/authenticate/init.py
@@ -53,7 +53,8 @@ def login():
    session['auth_source_manager'] = None

    username = form.data['email']
-    user = User.query.filter_by(username=username).first()
+    user = User.query.filter_by(username=username,
+                                auth_source=INTERNAL).first()

    if user:
        if user.login_attempts >= config.MAX_LOGIN_ATTEMPTS > 0:
@@ -108,7 +109,8 @@ def login():

        session['auth_source_manager'] = current_auth_obj

-        user.login_attempts = 0
+        if user:
+            user.login_attempts = 0
        db.session.commit()

        if 'auth_obj' in session: