IntenseWebs/pgadmin4
3
0
Fork 0
mirror of https://github.com/pgadmin-org/pgadmin4.git synced 2025-02-25 18:55:31 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fixed a security issue where the OAuth2 client ID and secret exposed through the web browser (CVE-2024-9014). #7945

Browse Source
This commit is contained in:
Khushboo Vashi
2024-09-20 08:44:38 +05:30
committed by Akshay Joshi
parent 1f53baee8f
commit a0aa185518
2 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
web/pgadmin/templates/security/login_user.html
View File

@@ -4,6 +4,15 @@
{% for key, lang in config.LANGUAGES.items() %}
{% set _ = ns.langOptions.append({'value': key, 'label': lang}) %}
{% endfor %}
{% set oauth2_config = [] %}
{% for i in config.OAUTH2_CONFIG %}
{% set _tmp = oauth2_config.append({'OAUTH2_NAME': config.OAUTH2_CONFIG[loop.index-1]['OAUTH2_NAME'],
'OAUTH2_BUTTON_COLOR': config.OAUTH2_CONFIG[loop.index-1]['OAUTH2_BUTTON_COLOR'],
'OAUTH2_DISPLAY_NAME': config.OAUTH2_CONFIG[loop.index-1]['OAUTH2_DISPLAY_NAME'],
'OAUTH2_ICON': config.OAUTH2_CONFIG[loop.index-1]['OAUTH2_ICON']
}) %}
{% endfor %}
{% set page_props = {
'userLanguage': user_language,
'langOptions': ns.langOptions,
@@ -15,7 +24,7 @@
'OAUTH2': config.OAUTH2,
'KERBEROS': config.KERBEROS,
},
'oauth2Config': config.OAUTH2_CONFIG,
'oauth2Config': oauth2_config,
'loginBanner': config.LOGIN_BANNER|safe
} %}
{% extends "security/render_page.html" %}