1) Pin Flask version 2.1.*

2) Fixed API test cases that failed due to a change in the Werkzeug version.
3) Change password issue is fixed.

requirements.txt

@@ -8,7 +8,7 @@
 #
 ###############################################################################
 
-Flask==2.*
+Flask==2.1.*
 Flask-Gravatar==0.*
 Flask-Login==0.*
 Flask-Mail==0.*
@@ -50,7 +50,7 @@ boto3==1.20.*
 botocore==1.23.*
 urllib3==1.26.*
 Werkzeug==2.0.3; python_version <= '3.6'
-Werkzeug==2.1.1; python_version >= '3.7'
+Werkzeug==2.1.2; python_version >= '3.7'
 azure-mgmt-rdbms==10.1.0
 azure-mgmt-resource==21.0.0
 azure-mgmt-subscription==3.0.0

web/pgadmin/authenticate/kerberos.py

@@ -178,9 +178,10 @@ class KerberosAuthentication(BaseAuthentication):
         headers = Headers()
         authorization = request.headers.get("Authorization", None)
         form_class = _security.login_form
+        req_json = request.get_json(force=True)
 
-        if request.json:
-            form = form_class(MultiDict(request.json))
+        if req_json:
+            form = form_class(MultiDict(req_json))
         else:
             form = form_class()
 

web/pgadmin/browser/__init__.py

@@ -931,9 +931,10 @@ if hasattr(config, 'SECURITY_CHANGEABLE') and config.SECURITY_CHANGEABLE:
 
         has_error = False
         form_class = _security.change_password_form
+        req_json = request.get_json(force=True)
 
-        if request.json:
-            form = form_class(MultiDict(request.json))
+        if req_json:
+            form = form_class(MultiDict(req_json))
         else:
             form = form_class()
 
@@ -965,7 +966,7 @@ if hasattr(config, 'SECURITY_CHANGEABLE') and config.SECURITY_CHANGEABLE:
                 )
                 has_error = True
 
-            if request.json is None and not has_error:
+            if request.get_json(force=True) is None and not has_error:
                 after_this_request(view_commit)
                 do_flash(*get_message('PASSWORD_CHANGE'))
 
@@ -980,7 +981,7 @@ if hasattr(config, 'SECURITY_CHANGEABLE') and config.SECURITY_CHANGEABLE:
                 return redirect(get_url(_security.post_change_view) or
                                 get_url(_security.post_login_view))
 
-        if request.json and not has_error:
+        if request.get_json(force=True) and not has_error:
             form.user = current_user
             return default_render_json(form)
 
@@ -1017,9 +1018,10 @@ if hasattr(config, 'SECURITY_RECOVERABLE') and config.SECURITY_RECOVERABLE:
         """View function that handles a forgotten password request."""
         has_error = False
         form_class = _security.forgot_password_form
+        req_json = request.get_json(force=True)
 
-        if request.json:
-            form = form_class(MultiDict(request.json))
+        if req_json:
+            form = form_class(MultiDict(req_json))
         else:
             form = form_class()
 
@@ -1066,11 +1068,11 @@ if hasattr(config, 'SECURITY_RECOVERABLE') and config.SECURITY_RECOVERABLE:
                           'danger')
                     has_error = True
 
-            if request.json is None and not has_error:
+            if request.get_json(force=True) is None and not has_error:
                 do_flash(*get_message('PASSWORD_RESET_REQUEST',
                                       email=form.user.email))
 
-        if request.json and not has_error:
+        if request.get_json(force=True) and not has_error:
             return default_render_json(form, include_user=False)
 
         return _security.render_template(

web/pgadmin/tools/sqleditor/__init__.py

@@ -1896,7 +1896,7 @@ def start_query_download_tool(trans_id):
             errormsg=TRANSACTION_STATUS_CHECK_FAILED
         )
 
-    data = request.values if request.values else request.json
+    data = request.values if request.values else request.get_json(force=True)
     if data is None:
         return make_json_response(
             status=410,
@@ -2435,7 +2435,7 @@ def clear_query_history(trans_id):
     status, error_msg, conn, trans_obj, session_ob = \
         check_transaction_status(trans_id)
 
-    filter = request.json
+    filter = request.get_json(force=True)
     return QueryHistory.clear(current_user.id, trans_obj.sid, conn.db, filter)