From b4b2a4ff677b2d1ae30383ab010ad8b46f6bb122 Mon Sep 17 00:00:00 2001
From: Khushboo Vashi <khushboo.vashi@enterprisedb.com>
Date: Tue, 17 Oct 2023 13:49:18 +0530
Subject: [PATCH] Fix an issue where user login is not working if
 username/email contains single quote in server mode. #6865

---
 docs/en_US/release_notes_7_8.rst              | 3 ++-
 web/pgadmin/browser/__init__.py               | 2 +-
 web/pgadmin/tools/user_management/__init__.py | 4 ++--
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/docs/en_US/release_notes_7_8.rst b/docs/en_US/release_notes_7_8.rst
index b20205ada..66d395764 100644
--- a/docs/en_US/release_notes_7_8.rst
+++ b/docs/en_US/release_notes_7_8.rst
@@ -46,4 +46,5 @@ Bug fixes
   | `Issue #6799 <https://github.com/pgadmin-org/pgadmin4/issues/6799>`_ -  Fixed an issue where the user is unable to select objects on the backup dialog due to tree flickering.
   | `Issue #6836 <https://github.com/pgadmin-org/pgadmin4/issues/6836>`_ -  Fixed an issue where non-super PostgreSQL users are not able to terminate their own connections from dashboard.
   | `Issue #6851 <https://github.com/pgadmin-org/pgadmin4/issues/6851>`_ -  Fix an issue where scale in columns is not allowed to have value as 0 or below.
-  | `Issue #6858 <https://github.com/pgadmin-org/pgadmin4/issues/6858>`_ -  Fix an issue in graphical explain plan where query tool crashes when the plan has parallel workers details and sort node is clicked for details.
\ No newline at end of file
+  | `Issue #6858 <https://github.com/pgadmin-org/pgadmin4/issues/6858>`_ -  Fix an issue in graphical explain plan where query tool crashes when the plan has parallel workers details and sort node is clicked for details.
+  | `Issue #6865 <https://github.com/pgadmin-org/pgadmin4/issues/6865>`_ -  Fix an issue where user login is not working if username/email contains single quote in server mode.
diff --git a/web/pgadmin/browser/__init__.py b/web/pgadmin/browser/__init__.py
index 9cf0f3434..36f24990d 100644
--- a/web/pgadmin/browser/__init__.py
+++ b/web/pgadmin/browser/__init__.py
@@ -668,7 +668,7 @@ def utils():
             mfa_enabled=is_mfa_enabled(),
             is_admin=current_user.has_role("Administrator"),
             login_url=login_url,
-            username=current_user.username,
+            username=current_user.username.replace("'","\\'"),
             auth_source=auth_source,
             heartbeat_timeout=config.SERVER_HEARTBEAT_TIMEOUT,
             password_length_min=config.PASSWORD_LENGTH_MIN,
diff --git a/web/pgadmin/tools/user_management/__init__.py b/web/pgadmin/tools/user_management/__init__.py
index c08b9cdf2..3b9de1d75 100644
--- a/web/pgadmin/tools/user_management/__init__.py
+++ b/web/pgadmin/tools/user_management/__init__.py
@@ -103,9 +103,9 @@ def current_user_info():
             is_admin='true' if current_user.has_role(
                 "Administrator") else 'false',
             user_id=current_user.id,
-            email=current_user.email,
+            email=current_user.email.replace("'","\\'"),
             name=(
-                current_user.username.split('@')[0] if
+                current_user.username.split('@')[0].replace("'","\\'") if
                 config.SERVER_MODE is True
                 else 'postgres'
             ),