Ensure that users should be able to modify the REMOTE_USER environment

variable as per their environment by introducing the new config parameter WEBSERVER_REMOTE_USER. Fixes #6953
2025-02-25 18:55:31 -06:00 · 2021-11-10 15:38:41 +05:30 · 2021-11-10 15:38:41 +05:30 · d4697e8f1c
commit d4697e8f1c
parent 9479f0e632
4 changed files with 16 additions and 1 deletions
--- a/docs/en_US/release_notes_6_2.rst
+++ b/docs/en_US/release_notes_6_2.rst
@ -26,5 +26,6 @@ Bug fixes
 | `Issue #6939 <https://redmine.postgresql.org/issues/6939>`_ -  Fixed an issue where older server group name displayed in the confirmation pop-up when the user removes server group.
 | `Issue #6940 <https://redmine.postgresql.org/issues/6940>`_ -  Fixed an issue where user details are not shown when the non-admin user tries to connect to the shared server.
 | `Issue #6949 <https://redmine.postgresql.org/issues/6949>`_ -  Ensure that dialog should be opened when clicking on Reassign/Drop owned menu.
+| `Issue #6953 <https://redmine.postgresql.org/issues/6953>`_ -  Ensure that users should be able to modify the REMOTE_USER environment variable as per their environment by introducing the new config parameter WEBSERVER_REMOTE_USER.
 | `Issue #6954 <https://redmine.postgresql.org/issues/6954>`_ -  Ensure that changing themes should work on Windows when system high contrast mode is enabled.
 | `Issue #6976 <https://redmine.postgresql.org/issues/6976>`_ -  Fixed an issue where textarea should be allowed to resize and have more than 255 chars.
--- a/docs/en_US/webserver.rst
+++ b/docs/en_US/webserver.rst
@ -32,6 +32,9 @@ and modify the values for the following parameters:
    "WEBSERVER_AUTO_CREATE_USER", "Set the value to *True* if you want to automatically
    create a pgAdmin user corresponding to a successfully authenticated Webserver user.
    Please note that password is not stored in the pgAdmin database."
+    "WEBSERVER_REMOTE_USER", "The default value is REMOTE_USER, set this variable to any header
+    or environemnt variable to get the webserver remote user details. Possible values: REMOTE_USER,
+    HTTP_X_FORWARDED_USER, X-Forwarded-User."


 Master Password
--- a/web/config.py
+++ b/web/config.py
@ -736,6 +736,13 @@ OAUTH2_AUTO_CREATE_USER = True

 WEBSERVER_AUTO_CREATE_USER = True

+# REMOTE_USER variable will be used to check the environment variable
+# is set or not first, if not available,
+# request header will be checked for the same.
+# Possible values: REMOTE_USER, HTTP_X_FORWARDED_USER, X-Forwarded-User
+
+WEBSERVER_REMOTE_USER = 'REMOTE_USER'
+
 ##########################################################################
 # PSQL tool settings
 ##########################################################################
--- a/web/pgadmin/authenticate/webserver.py
+++ b/web/pgadmin/authenticate/webserver.py
@ -77,7 +77,11 @@ class WebserverAuthentication(BaseAuthentication):
        return True

    def get_user(self):
-        return request.environ.get('REMOTE_USER')
+        username = request.environ.get(config.WEBSERVER_REMOTE_USER)
+        if not username:
+            # One more try to get the Remote User from the hearders
+            username = request.headers.get(config.WEBSERVER_REMOTE_USER)
+        return username

    def authenticate(self, form):
        username = self.get_user()