mirror of
https://github.com/pgadmin-org/pgadmin4.git
synced 2025-02-25 18:55:31 -06:00
Fixed Multi-Factor Authentication bypass vulnerability (CVE-2024-4215). #7425
This commit is contained in:
Khushboo Vashi
committed by
Akshay Joshi
Akshay Joshi
parent
e18a8bf620
commit
f4761f55f7
@@ -16,7 +16,8 @@ import operator
|
||||
from flask import render_template, request, current_app, \
|
||||
url_for, Response
|
||||
from flask_babel import gettext
|
||||
from flask_security import login_required, current_user
|
||||
from flask_security import current_user
|
||||
from pgadmin.user_login_check import pga_login_required
|
||||
from pgadmin.misc.bgprocess.processes import BatchProcess, IProcessDesc
|
||||
from pgadmin.utils import PgAdminModule, get_storage_directory, html, \
|
||||
fs_short_path, document_dir, does_utility_exist, get_server, \
|
||||
@@ -177,13 +178,13 @@ class BackupMessage(IProcessDesc):
|
||||
|
||||
|
||||
@blueprint.route("/")
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def index():
|
||||
return bad_request(errormsg=gettext("This URL cannot be called directly."))
|
||||
|
||||
|
||||
@blueprint.route("/backup.js")
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def script():
|
||||
"""render own javascript"""
|
||||
return Response(
|
||||
@@ -391,7 +392,7 @@ def _get_args_params_values(data, conn, backup_obj_type, backup_file, server,
|
||||
@blueprint.route(
|
||||
'/job/<int:sid>/object', methods=['POST'], endpoint='create_object_job'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def create_backup_objects_job(sid):
|
||||
"""
|
||||
Args:
|
||||
@@ -498,7 +499,7 @@ def create_backup_objects_job(sid):
|
||||
@blueprint.route(
|
||||
'/utility_exists/<int:sid>/<backup_obj_type>', endpoint='utility_exists'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def check_utility_exists(sid, backup_obj_type):
|
||||
"""
|
||||
This function checks the utility file exist on the given path.
|
||||
@@ -540,7 +541,7 @@ def check_utility_exists(sid, backup_obj_type):
|
||||
@blueprint.route(
|
||||
'/objects/<int:sid>/<int:did>/<int:scid>', endpoint='schema_objects'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def objects(sid, did, scid=None):
|
||||
"""
|
||||
This function returns backup objects
|
||||
|
||||
@@ -16,7 +16,7 @@ import copy
|
||||
|
||||
from flask import render_template, request, current_app
|
||||
from flask_babel import gettext
|
||||
from flask_security import login_required
|
||||
from pgadmin.user_login_check import pga_login_required
|
||||
from werkzeug.user_agent import UserAgent
|
||||
|
||||
from pgadmin.utils import PgAdminModule, \
|
||||
@@ -237,7 +237,7 @@ blueprint = DebuggerModule(MODULE_NAME, __name__)
|
||||
|
||||
|
||||
@blueprint.route("/", endpoint='index')
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def index():
|
||||
return bad_request(
|
||||
errormsg=gettext("This URL cannot be called directly.")
|
||||
@@ -350,7 +350,7 @@ def check_node_type(node_type, fid, trid, conn, ppas_server,
|
||||
'/init/<node_type>/<int:sid>/<int:did>/<int:scid>/<int:fid>/<int:trid>',
|
||||
methods=['GET'], endpoint='init_for_trigger'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def init_function(node_type, sid, did, scid, fid, trid=None):
|
||||
"""
|
||||
init_function(node_type, sid, did, scid, fid, trid)
|
||||
@@ -557,7 +557,7 @@ def check_user_ip_req(r_set, data):
|
||||
|
||||
|
||||
@blueprint.route('/direct/<int:trans_id>', methods=['GET'], endpoint='direct')
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def direct_new(trans_id):
|
||||
de_inst = DebuggerInstance(trans_id)
|
||||
|
||||
@@ -769,7 +769,7 @@ def get_search_path(conn):
|
||||
methods=['POST'],
|
||||
endpoint='initialize_target_for_trigger'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def initialize_target(debug_type, trans_id, sid, did,
|
||||
scid, func_id, tri_id=None):
|
||||
"""
|
||||
@@ -894,7 +894,7 @@ def close(trans_id):
|
||||
@blueprint.route(
|
||||
'/restart/<int:trans_id>', methods=['GET'], endpoint='restart'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def restart_debugging(trans_id):
|
||||
"""
|
||||
restart_debugging(trans_id)
|
||||
@@ -959,7 +959,7 @@ def restart_debugging(trans_id):
|
||||
'/start_listener/<int:trans_id>', methods=['POST'],
|
||||
endpoint='start_listener'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def start_debugger_listener(trans_id):
|
||||
"""
|
||||
start_debugger_listener(trans_id)
|
||||
@@ -1203,7 +1203,7 @@ def get_debugger_arg_val(val_list):
|
||||
'/execute_query/<int:trans_id>/<query_type>', methods=['GET'],
|
||||
endpoint='execute_query'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def execute_debugger_query(trans_id, query_type):
|
||||
"""
|
||||
execute_debugger_query(trans_id, query_type)
|
||||
@@ -1290,7 +1290,7 @@ def execute_debugger_query(trans_id, query_type):
|
||||
@blueprint.route(
|
||||
'/messages/<int:trans_id>/', methods=["GET"], endpoint='messages'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def messages(trans_id):
|
||||
"""
|
||||
messages(trans_id)
|
||||
@@ -1348,7 +1348,7 @@ def messages(trans_id):
|
||||
'/start_execution/<int:trans_id>/<int:port_num>', methods=['GET'],
|
||||
endpoint='start_execution'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def start_execution(trans_id, port_num):
|
||||
"""
|
||||
start_execution(trans_id, port_num)
|
||||
@@ -1424,7 +1424,7 @@ def start_execution(trans_id, port_num):
|
||||
'/set_breakpoint/<int:trans_id>/<int:line_no>/<int:set_type>',
|
||||
methods=['GET'], endpoint='set_breakpoint'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def set_clear_breakpoint(trans_id, line_no, set_type):
|
||||
"""
|
||||
set_clear_breakpoint(trans_id, line_no, set_type)
|
||||
@@ -1525,7 +1525,7 @@ def get_debugger_template_path(de_inst):
|
||||
'/clear_all_breakpoint/<int:trans_id>', methods=['POST'],
|
||||
endpoint='clear_all_breakpoint'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def clear_all_breakpoint(trans_id):
|
||||
"""
|
||||
clear_all_breakpoint(trans_id)
|
||||
@@ -1597,7 +1597,7 @@ def clear_all_breakpoint(trans_id):
|
||||
'/deposit_value/<int:trans_id>', methods=['POST'],
|
||||
endpoint='deposit_value'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def deposit_parameter_value(trans_id):
|
||||
"""
|
||||
deposit_parameter_value(trans_id)
|
||||
@@ -1671,7 +1671,7 @@ def deposit_parameter_value(trans_id):
|
||||
'/select_frame/<int:trans_id>/<int:frame_id>', methods=['GET'],
|
||||
endpoint='select_frame'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def select_frame(trans_id, frame_id):
|
||||
"""
|
||||
select_frame(trans_id, frame_id)
|
||||
@@ -1733,7 +1733,7 @@ def select_frame(trans_id, frame_id):
|
||||
'/get_arguments/<int:sid>/<int:did>/<int:scid>/<int:func_id>',
|
||||
methods=['GET'], endpoint='get_arguments'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def get_arguments_sqlite(sid, did, scid, func_id):
|
||||
"""
|
||||
get_arguments_sqlite(sid, did, scid, func_id)
|
||||
@@ -1818,7 +1818,7 @@ def get_array_string(data, i):
|
||||
'/set_arguments/<int:sid>/<int:did>/<int:scid>/<int:func_id>',
|
||||
methods=['POST'], endpoint='set_arguments'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def set_arguments_sqlite(sid, did, scid, func_id):
|
||||
"""
|
||||
set_arguments_sqlite(sid, did, scid, func_id)
|
||||
@@ -1907,7 +1907,7 @@ def set_arguments_sqlite(sid, did, scid, func_id):
|
||||
'/clear_arguments/<int:sid>/<int:did>/<int:scid>/<int:func_id>',
|
||||
methods=['POST'], endpoint='clear_arguments'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def clear_arguments_sqlite(sid, did, scid, func_id):
|
||||
"""
|
||||
clear_arguments_sqlite(sid, did, scid, func_id)
|
||||
@@ -2052,7 +2052,7 @@ def check_result(result, conn, statusmsg):
|
||||
'/poll_end_execution_result/<int:trans_id>/',
|
||||
methods=["GET"], endpoint='poll_end_execution_result'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def poll_end_execution_result(trans_id):
|
||||
"""
|
||||
poll_end_execution_result(trans_id)
|
||||
@@ -2128,7 +2128,7 @@ def poll_end_execution_result(trans_id):
|
||||
@blueprint.route(
|
||||
'/poll_result/<int:trans_id>/', methods=["GET"], endpoint='poll_result'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def poll_result(trans_id):
|
||||
"""
|
||||
poll_result(trans_id)
|
||||
|
||||
@@ -12,7 +12,7 @@ import json
|
||||
|
||||
from flask import url_for, request, Response
|
||||
from flask import render_template, current_app as app
|
||||
from flask_security import login_required
|
||||
from pgadmin.user_login_check import pga_login_required
|
||||
from flask_babel import gettext
|
||||
from werkzeug.user_agent import UserAgent
|
||||
from pgadmin.utils import PgAdminModule, \
|
||||
@@ -431,7 +431,7 @@ blueprint = ERDModule(MODULE_NAME, __name__, static_url_path='/static')
|
||||
methods=["POST"],
|
||||
endpoint='panel'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def panel(trans_id):
|
||||
"""
|
||||
This method calls index.html to render the erd tool.
|
||||
@@ -496,7 +496,7 @@ def panel(trans_id):
|
||||
'/initialize/<int:trans_id>/<int:sgid>/<int:sid>/<int:did>',
|
||||
methods=["POST"], endpoint='initialize'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def initialize_erd(trans_id, sgid, sid, did):
|
||||
"""
|
||||
This method is responsible for instantiating and initializing
|
||||
@@ -551,7 +551,7 @@ def _get_connection(sid, did, trans_id):
|
||||
@blueprint.route('/prequisite/<int:trans_id>/<int:sgid>/<int:sid>/<int:did>',
|
||||
methods=["GET"],
|
||||
endpoint='prequisite')
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def prequisite(trans_id, sgid, sid, did):
|
||||
conn = _get_connection(sid, did, trans_id)
|
||||
helper = ERDHelper(trans_id, sid, did)
|
||||
@@ -608,7 +608,7 @@ def translate_foreign_keys(tab_fks, tab_data, all_nodes):
|
||||
@blueprint.route('/sql/<int:trans_id>/<int:sgid>/<int:sid>/<int:did>',
|
||||
methods=["POST"],
|
||||
endpoint='sql')
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def sql(trans_id, sgid, sid, did):
|
||||
data = json.loads(request.data)
|
||||
with_drop = False
|
||||
@@ -687,7 +687,7 @@ def tables(params):
|
||||
@blueprint.route('/close/<int:trans_id>/<int:sgid>/<int:sid>/<int:did>',
|
||||
methods=["DELETE"],
|
||||
endpoint='close')
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def close(trans_id, sgid, sid, did):
|
||||
manager = get_driver(
|
||||
PG_DEFAULT_DRIVER).connection_manager(sid)
|
||||
|
||||
@@ -13,7 +13,7 @@ import json
|
||||
from flask import Response, url_for
|
||||
from flask import render_template, request, current_app
|
||||
from flask_babel import gettext
|
||||
from flask_security import login_required
|
||||
from pgadmin.user_login_check import pga_login_required
|
||||
from urllib.parse import unquote
|
||||
|
||||
from pgadmin.browser.server_groups.servers.utils import parse_priv_to_db
|
||||
@@ -115,7 +115,7 @@ def check_precondition(f):
|
||||
|
||||
|
||||
@blueprint.route("/")
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def index():
|
||||
return bad_request(
|
||||
errormsg=gettext("This URL cannot be called directly.")
|
||||
@@ -123,7 +123,7 @@ def index():
|
||||
|
||||
|
||||
@blueprint.route("/grant_wizard.js")
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def script():
|
||||
"""render own javascript"""
|
||||
return Response(response=render_template(
|
||||
@@ -135,7 +135,7 @@ def script():
|
||||
@blueprint.route(
|
||||
'/acl/<int:sid>/<int:did>/', methods=['GET'], endpoint='acl'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
@check_precondition
|
||||
def acl_list(sid, did):
|
||||
"""render list of acls"""
|
||||
@@ -255,7 +255,7 @@ def get_node_sql_with_type(node_id, node_type, server_prop,
|
||||
'/<int:sid>/<int:did>/<int:node_id>/<node_type>/',
|
||||
methods=['GET'], endpoint='objects'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
@check_precondition
|
||||
def properties(sid, did, node_id, node_type):
|
||||
"""It fetches the properties of object types
|
||||
@@ -411,7 +411,7 @@ def set_priv_for_package(server_prop, data, acls):
|
||||
'/sql/<int:sid>/<int:did>/',
|
||||
methods=['POST'], endpoint='modified_sql'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
@check_precondition
|
||||
def msql(sid, did):
|
||||
"""
|
||||
@@ -545,7 +545,7 @@ def parse_priv(data, acls, server_prop):
|
||||
@blueprint.route(
|
||||
'/<int:sid>/<int:did>/', methods=['POST'], endpoint='apply'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
@check_precondition
|
||||
def save(sid, did):
|
||||
"""
|
||||
|
||||
@@ -14,7 +14,8 @@ import copy
|
||||
|
||||
from flask import Response, render_template, request, current_app
|
||||
from flask_babel import gettext as _
|
||||
from flask_security import login_required, current_user
|
||||
from flask_security import current_user
|
||||
from pgadmin.user_login_check import pga_login_required
|
||||
from pgadmin.misc.bgprocess.processes import BatchProcess, IProcessDesc
|
||||
from pgadmin.utils import PgAdminModule, get_storage_directory, IS_WIN, \
|
||||
does_utility_exist, get_server, filename_with_file_manager_path
|
||||
@@ -135,13 +136,13 @@ class IEMessage(IProcessDesc):
|
||||
|
||||
|
||||
@blueprint.route("/")
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def index():
|
||||
return bad_request(errormsg=_("This URL cannot be called directly."))
|
||||
|
||||
|
||||
@blueprint.route("/js/import_export.js")
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def script():
|
||||
"""render the import/export javascript file"""
|
||||
return Response(
|
||||
@@ -226,7 +227,7 @@ def _save_import_export_settings(settings):
|
||||
|
||||
|
||||
@blueprint.route('/job/<int:sid>', methods=['POST'], endpoint="create_job")
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def create_import_export_job(sid):
|
||||
"""
|
||||
Args:
|
||||
@@ -358,7 +359,7 @@ def create_import_export_job(sid):
|
||||
|
||||
|
||||
@blueprint.route('/get_settings/', methods=['GET'], endpoint='get_settings')
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def get_import_export_settings():
|
||||
settings = get_setting('import_export_setting', None)
|
||||
if settings is None:
|
||||
@@ -371,7 +372,7 @@ def get_import_export_settings():
|
||||
@blueprint.route(
|
||||
'/utility_exists/<int:sid>', endpoint='utility_exists'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def check_utility_exists(sid):
|
||||
"""
|
||||
This function checks the utility file exist on the given path.
|
||||
|
||||
@@ -16,7 +16,8 @@ import secrets
|
||||
|
||||
from flask import Response, render_template, request
|
||||
from flask_babel import gettext as _
|
||||
from flask_security import login_required, current_user
|
||||
from flask_security import current_user
|
||||
from pgadmin.user_login_check import pga_login_required
|
||||
from pgadmin.utils import PgAdminModule
|
||||
from pgadmin.utils.ajax import bad_request
|
||||
from pgadmin.utils.constants import MIMETYPE_APP_JS
|
||||
@@ -54,13 +55,13 @@ blueprint = ImportExportServersModule(MODULE_NAME, __name__)
|
||||
|
||||
|
||||
@blueprint.route("/")
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def index():
|
||||
return bad_request(errormsg=_("This URL cannot be called directly."))
|
||||
|
||||
|
||||
@blueprint.route("/js/import_export_servers.js")
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def script():
|
||||
"""render the import/export javascript file"""
|
||||
return Response(
|
||||
@@ -72,7 +73,7 @@ def script():
|
||||
|
||||
|
||||
@blueprint.route('/get_servers', methods=['GET'], endpoint='get_servers')
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def get_servers():
|
||||
"""
|
||||
This function is used to get the servers with server groups
|
||||
@@ -102,7 +103,7 @@ def get_servers():
|
||||
|
||||
|
||||
@blueprint.route('/load_servers', methods=['POST'], endpoint='load_servers')
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def load_servers():
|
||||
"""
|
||||
This function is used to load the servers from the json file.
|
||||
@@ -167,7 +168,7 @@ def load_servers():
|
||||
|
||||
|
||||
@blueprint.route('/save', methods=['POST'], endpoint='save')
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def save():
|
||||
"""
|
||||
This function is used to import or export based on the data
|
||||
|
||||
@@ -13,7 +13,8 @@ import json
|
||||
|
||||
from flask import url_for, Response, render_template, request, current_app
|
||||
from flask_babel import gettext as _
|
||||
from flask_security import login_required, current_user
|
||||
from flask_security import current_user
|
||||
from pgadmin.user_login_check import pga_login_required
|
||||
from pgadmin.misc.bgprocess.processes import BatchProcess, IProcessDesc
|
||||
from pgadmin.utils import PgAdminModule, html, does_utility_exist, get_server
|
||||
from pgadmin.utils.ajax import bad_request, make_json_response
|
||||
@@ -122,7 +123,7 @@ class Message(IProcessDesc):
|
||||
|
||||
|
||||
@blueprint.route("/")
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def index():
|
||||
return bad_request(
|
||||
errormsg=_("This URL cannot be called directly.")
|
||||
@@ -130,7 +131,7 @@ def index():
|
||||
|
||||
|
||||
@blueprint.route("/js/maintenance.js")
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def script():
|
||||
"""render the maintenance tool of vacuum javascript file"""
|
||||
return Response(
|
||||
@@ -160,7 +161,7 @@ def get_index_name(data):
|
||||
@blueprint.route(
|
||||
'/job/<int:sid>/<int:did>', methods=['POST'], endpoint='create_job'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def create_maintenance_job(sid, did):
|
||||
"""
|
||||
Args:
|
||||
@@ -252,7 +253,7 @@ def create_maintenance_job(sid, did):
|
||||
@blueprint.route(
|
||||
'/utility_exists/<int:sid>', endpoint='utility_exists'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def check_utility_exists(sid):
|
||||
"""
|
||||
This function checks the utility file exist on the given path.
|
||||
|
||||
@@ -19,7 +19,8 @@ from flask import Response, request
|
||||
from flask import render_template, copy_current_request_context, \
|
||||
current_app as app
|
||||
from flask_babel import gettext
|
||||
from flask_security import login_required, current_user
|
||||
from flask_security import current_user
|
||||
from pgadmin.user_login_check import pga_login_required
|
||||
from pgadmin.browser.utils import underscore_unescape, underscore_escape
|
||||
from pgadmin.utils import PgAdminModule
|
||||
from pgadmin.utils.constants import MIMETYPE_APP_JS
|
||||
@@ -71,7 +72,7 @@ blueprint = PSQLModule('psql', __name__, static_url_path='/static')
|
||||
|
||||
|
||||
@blueprint.route("/psql.js")
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def script():
|
||||
"""render the required javascript"""
|
||||
return Response(
|
||||
@@ -84,7 +85,7 @@ def script():
|
||||
@blueprint.route('/panel/<int:trans_id>',
|
||||
methods=["POST"],
|
||||
endpoint="panel")
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def panel(trans_id):
|
||||
"""
|
||||
Return panel template for PSQL tools.
|
||||
|
||||
@@ -13,7 +13,8 @@ import json
|
||||
|
||||
from flask import render_template, request, current_app, Response
|
||||
from flask_babel import gettext as _
|
||||
from flask_security import login_required, current_user
|
||||
from flask_security import current_user
|
||||
from pgadmin.user_login_check import pga_login_required
|
||||
from pgadmin.misc.bgprocess.processes import BatchProcess, IProcessDesc
|
||||
from pgadmin.utils import PgAdminModule, fs_short_path, does_utility_exist, \
|
||||
get_server, filename_with_file_manager_path
|
||||
@@ -109,13 +110,13 @@ class RestoreMessage(IProcessDesc):
|
||||
|
||||
|
||||
@blueprint.route("/")
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def index():
|
||||
return bad_request(errormsg=_("This URL cannot be called directly."))
|
||||
|
||||
|
||||
@blueprint.route("/restore.js")
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def script():
|
||||
"""render own javascript"""
|
||||
return Response(
|
||||
@@ -350,7 +351,7 @@ def _set_args_param_values(data, manager, server, driver, conn, _file):
|
||||
|
||||
|
||||
@blueprint.route('/job/<int:sid>', methods=['POST'], endpoint='create_job')
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def create_restore_job(sid):
|
||||
"""
|
||||
Args:
|
||||
@@ -410,7 +411,7 @@ def create_restore_job(sid):
|
||||
@blueprint.route(
|
||||
'/utility_exists/<int:sid>', endpoint='utility_exists'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def check_utility_exists(sid):
|
||||
"""
|
||||
This function checks the utility file exist on the given path.
|
||||
|
||||
@@ -15,7 +15,8 @@ import copy
|
||||
|
||||
from flask import Response, session, url_for, request
|
||||
from flask import render_template, current_app as app
|
||||
from flask_security import current_user, login_required
|
||||
from flask_security import current_user
|
||||
from pgadmin.user_login_check import pga_login_required
|
||||
from flask_babel import gettext
|
||||
from pgadmin.utils import PgAdminModule
|
||||
from pgadmin.utils.ajax import make_json_response, bad_request, \
|
||||
@@ -109,7 +110,7 @@ blueprint = SchemaDiffModule(MODULE_NAME, __name__, static_url_path='/static')
|
||||
|
||||
|
||||
@blueprint.route("/")
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def index():
|
||||
return bad_request(
|
||||
errormsg=gettext('This URL cannot be requested directly.')
|
||||
@@ -193,7 +194,7 @@ def update_session_diff_transaction(trans_id, session_obj, diff_model_obj):
|
||||
methods=["GET"],
|
||||
endpoint="initialize"
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def initialize():
|
||||
"""
|
||||
This function will initialize the schema diff and return the list
|
||||
@@ -261,7 +262,7 @@ def close(trans_id):
|
||||
methods=["GET"],
|
||||
endpoint="servers"
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def servers():
|
||||
"""
|
||||
This function will return the list of servers for the specified
|
||||
@@ -317,7 +318,7 @@ def servers():
|
||||
methods=["GET"],
|
||||
endpoint="get_server"
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def get_server(sid, did):
|
||||
"""
|
||||
This function will return the server details for the specified
|
||||
@@ -354,7 +355,7 @@ def get_server(sid, did):
|
||||
methods=["POST"],
|
||||
endpoint="connect_server"
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def connect_server(sid):
|
||||
# Check if server is already connected then no need to reconnect again.
|
||||
driver = get_driver(PG_DEFAULT_DRIVER)
|
||||
@@ -377,7 +378,7 @@ def connect_server(sid):
|
||||
methods=["POST"],
|
||||
endpoint="connect_database"
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def connect_database(sid, did):
|
||||
server = Server.query.filter_by(id=sid).first()
|
||||
view = SchemaDiffRegistry.get_node_view('database')
|
||||
@@ -389,7 +390,7 @@ def connect_database(sid, did):
|
||||
methods=["GET"],
|
||||
endpoint="databases"
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def databases(sid):
|
||||
"""
|
||||
This function will return the list of databases for the specified
|
||||
@@ -426,7 +427,7 @@ def databases(sid):
|
||||
methods=["GET"],
|
||||
endpoint="schemas"
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def schemas(sid, did):
|
||||
"""
|
||||
This function will return the list of schemas for the specified
|
||||
@@ -668,7 +669,7 @@ def compare_schema(params):
|
||||
methods=["GET"],
|
||||
endpoint="ddl_compare"
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def ddl_compare(trans_id, source_sid, source_did, source_scid,
|
||||
target_sid, target_did, target_scid, source_oid,
|
||||
target_oid, node_type, comp_status):
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
|
||||
from flask import request
|
||||
from flask_babel import gettext
|
||||
from flask_security import login_required
|
||||
from pgadmin.user_login_check import pga_login_required
|
||||
|
||||
from pgadmin.utils import PgAdminModule
|
||||
from pgadmin.utils.ajax import make_json_response, bad_request,\
|
||||
@@ -54,20 +54,20 @@ blueprint = SearchObjectsModule(
|
||||
|
||||
|
||||
@blueprint.route("/", endpoint='index')
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def index():
|
||||
return bad_request(errormsg=gettext("This URL cannot be called directly."))
|
||||
|
||||
|
||||
@blueprint.route("types/<int:sid>/<int:did>", endpoint='types')
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def types(sid, did):
|
||||
so_obj = SearchObjectsHelper(sid, did, blueprint.show_system_objects())
|
||||
return make_json_response(data=so_obj.get_supported_types())
|
||||
|
||||
|
||||
@blueprint.route("search/<int:sid>/<int:did>", endpoint='search')
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def search(sid, did):
|
||||
"""
|
||||
URL args:
|
||||
|
||||
@@ -22,7 +22,8 @@ from werkzeug.user_agent import UserAgent
|
||||
from flask import Response, url_for, render_template, session, current_app
|
||||
from flask import request
|
||||
from flask_babel import gettext
|
||||
from flask_security import login_required, current_user
|
||||
from pgadmin.user_login_check import pga_login_required
|
||||
from flask_security import current_user
|
||||
from pgadmin.misc.file_manager import Filemanager
|
||||
from pgadmin.tools.sqleditor.command import QueryToolCommand, ObjectRegistry, \
|
||||
SQLFilter
|
||||
@@ -161,7 +162,7 @@ blueprint = SqlEditorModule(MODULE_NAME, __name__, static_url_path='/static')
|
||||
|
||||
|
||||
@blueprint.route('/')
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def index():
|
||||
return bad_request(
|
||||
errormsg=gettext('This URL cannot be requested directly.')
|
||||
@@ -169,7 +170,7 @@ def index():
|
||||
|
||||
|
||||
@blueprint.route("/filter", endpoint='filter')
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def show_filter():
|
||||
return render_template(MODULE_NAME + '/filter.html')
|
||||
|
||||
@@ -180,7 +181,7 @@ def show_filter():
|
||||
methods=["PUT", "POST"],
|
||||
endpoint="initialize_viewdata"
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def initialize_viewdata(trans_id, cmd_type, obj_type, sgid, sid, did, obj_id):
|
||||
"""
|
||||
This method is responsible for creating an asynchronous connection.
|
||||
@@ -346,7 +347,7 @@ def panel(trans_id):
|
||||
'/initialize/sqleditor/<int:trans_id>/<int:sgid>/<int:sid>',
|
||||
methods=["POST"], endpoint='initialize_sqleditor'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def initialize_sqleditor(trans_id, sgid, sid, did=None):
|
||||
"""
|
||||
This method is responsible for instantiating and initializing
|
||||
@@ -632,7 +633,7 @@ def close(trans_id):
|
||||
'/filter/validate/<int:sid>/<int:did>/<int:obj_id>',
|
||||
methods=["PUT", "POST"], endpoint='filter_validate'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def validate_filter(sid, did, obj_id):
|
||||
"""
|
||||
This method is used to validate the sql filter.
|
||||
@@ -765,7 +766,7 @@ def check_transaction_status(trans_id, auto_comp=False):
|
||||
'/view_data/start/<int:trans_id>',
|
||||
methods=["GET"], endpoint='view_data_start'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def start_view_data(trans_id):
|
||||
"""
|
||||
This method is used to execute query using asynchronous connection.
|
||||
@@ -864,7 +865,7 @@ def start_view_data(trans_id):
|
||||
'/query_tool/start/<int:trans_id>',
|
||||
methods=["PUT", "POST"], endpoint='query_tool_start'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def start_query_tool(trans_id):
|
||||
"""
|
||||
This method is used to execute query using asynchronous connection.
|
||||
@@ -902,7 +903,7 @@ def extract_sql_from_network_parameters(request_data, request_arguments,
|
||||
|
||||
|
||||
@blueprint.route('/poll/<int:trans_id>', methods=["GET"], endpoint='poll')
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def poll(trans_id):
|
||||
"""
|
||||
This method polls the result of the asynchronous query and returns
|
||||
@@ -1144,7 +1145,7 @@ def poll(trans_id):
|
||||
'/fetch/<int:trans_id>/<int:fetch_all>', methods=["GET"],
|
||||
endpoint='fetch_all'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def fetch(trans_id, fetch_all=None):
|
||||
result = None
|
||||
has_more_rows = False
|
||||
@@ -1199,7 +1200,7 @@ def fetch(trans_id, fetch_all=None):
|
||||
'/fetch_all_from_start/<int:trans_id>/<int:limit>', methods=["GET"],
|
||||
endpoint='fetch_all_from_start'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def fetch_all_from_start(trans_id, limit=-1):
|
||||
"""
|
||||
This function is used to fetch all the records from start and reset
|
||||
@@ -1330,7 +1331,7 @@ def _check_and_connect(trans_obj):
|
||||
@blueprint.route(
|
||||
'/save/<int:trans_id>', methods=["PUT", "POST"], endpoint='save'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def save(trans_id):
|
||||
"""
|
||||
This method is used to save the data changes to the server
|
||||
@@ -1401,7 +1402,7 @@ def save(trans_id):
|
||||
'/filter/inclusive/<int:trans_id>',
|
||||
methods=["PUT", "POST"], endpoint='inclusive_filter'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def append_filter_inclusive(trans_id):
|
||||
"""
|
||||
This method is used to append and apply the filter.
|
||||
@@ -1456,7 +1457,7 @@ def append_filter_inclusive(trans_id):
|
||||
'/filter/exclusive/<int:trans_id>',
|
||||
methods=["PUT", "POST"], endpoint='exclusive_filter'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def append_filter_exclusive(trans_id):
|
||||
"""
|
||||
This method is used to append and apply the filter.
|
||||
@@ -1512,7 +1513,7 @@ def append_filter_exclusive(trans_id):
|
||||
'/filter/remove/<int:trans_id>',
|
||||
methods=["PUT", "POST"], endpoint='remove_filter'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def remove_filter(trans_id):
|
||||
"""
|
||||
This method is used to remove the filter.
|
||||
@@ -1552,7 +1553,7 @@ def remove_filter(trans_id):
|
||||
@blueprint.route(
|
||||
'/limit/<int:trans_id>', methods=["PUT", "POST"], endpoint='set_limit'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def set_limit(trans_id):
|
||||
"""
|
||||
This method is used to set the limit for the SQL.
|
||||
@@ -1640,7 +1641,7 @@ def _check_and_cancel_transaction(trans_obj, delete_connection, conn, manager):
|
||||
'/cancel/<int:trans_id>',
|
||||
methods=["PUT", "POST"], endpoint='cancel_transaction'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def cancel_transaction(trans_id):
|
||||
"""
|
||||
This method is used to cancel the running transaction
|
||||
@@ -1701,7 +1702,7 @@ def cancel_transaction(trans_id):
|
||||
'/object/get/<int:trans_id>',
|
||||
methods=["GET"], endpoint='get_object_name'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def get_object_name(trans_id):
|
||||
"""
|
||||
This method is used to get the object name
|
||||
@@ -1757,7 +1758,7 @@ def check_and_upgrade_to_qt(trans_id, connect):
|
||||
'/auto_commit/<int:trans_id>',
|
||||
methods=["PUT", "POST"], endpoint='auto_commit'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def set_auto_commit(trans_id):
|
||||
"""
|
||||
This method is used to set the value for auto commit .
|
||||
@@ -1810,7 +1811,7 @@ def set_auto_commit(trans_id):
|
||||
'/auto_rollback/<int:trans_id>',
|
||||
methods=["PUT", "POST"], endpoint='auto_rollback'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def set_auto_rollback(trans_id):
|
||||
"""
|
||||
This method is used to set the value for auto commit .
|
||||
@@ -1863,7 +1864,7 @@ def set_auto_rollback(trans_id):
|
||||
'/autocomplete/<int:trans_id>',
|
||||
methods=["PUT", "POST"], endpoint='autocomplete'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def auto_complete(trans_id):
|
||||
"""
|
||||
This method implements the autocomplete feature.
|
||||
@@ -1923,7 +1924,7 @@ def auto_complete(trans_id):
|
||||
|
||||
|
||||
@blueprint.route("/sqleditor.js")
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def script():
|
||||
"""render the required javascript"""
|
||||
return Response(
|
||||
@@ -1939,7 +1940,7 @@ def script():
|
||||
|
||||
|
||||
@blueprint.route('/load_file/', methods=["PUT", "POST"], endpoint='load_file')
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def load_file():
|
||||
"""
|
||||
This function gets name of file from request data
|
||||
@@ -1993,7 +1994,7 @@ def load_file():
|
||||
|
||||
|
||||
@blueprint.route('/save_file/', methods=["PUT", "POST"], endpoint='save_file')
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def save_file():
|
||||
"""
|
||||
This function retrieves file_name and data from request.
|
||||
@@ -2072,7 +2073,7 @@ def save_file():
|
||||
methods=["POST"],
|
||||
endpoint='query_tool_download'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def start_query_download_tool(trans_id):
|
||||
(status, error_msg, sync_conn, trans_obj,
|
||||
session_obj) = check_transaction_status(trans_id)
|
||||
@@ -2151,7 +2152,7 @@ def start_query_download_tool(trans_id):
|
||||
methods=["GET"],
|
||||
endpoint='connection_status'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def query_tool_status(trans_id):
|
||||
"""
|
||||
The task of this function to return the status of the current connection
|
||||
@@ -2208,7 +2209,7 @@ def query_tool_status(trans_id):
|
||||
'/filter_dialog/<int:trans_id>',
|
||||
methods=["GET"], endpoint='get_filter_data'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def get_filter_data(trans_id):
|
||||
"""
|
||||
This method is used to get all the columns for data sorting dialog.
|
||||
@@ -2227,7 +2228,7 @@ def get_filter_data(trans_id):
|
||||
'/get_server_connection/<int:sgid>/<int:sid>',
|
||||
methods=["GET"], endpoint='_check_server_connection_status'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def _check_server_connection_status(sgid, sid=None):
|
||||
"""
|
||||
This function returns the server connection details
|
||||
@@ -2275,7 +2276,7 @@ def _check_server_connection_status(sgid, sid=None):
|
||||
'/new_connection_dialog',
|
||||
methods=["GET"], endpoint='get_new_connection_servers'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def get_new_connection_data(sgid=None, sid=None):
|
||||
"""
|
||||
This method is used to get required data for get new connection.
|
||||
@@ -2331,7 +2332,7 @@ def get_new_connection_data(sgid=None, sid=None):
|
||||
'/new_connection_database/<int:sgid>/<int:sid>',
|
||||
methods=["GET"], endpoint='get_new_connection_database'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def get_new_connection_database(sgid, sid=None):
|
||||
"""
|
||||
This method is used to get required data for get new connection.
|
||||
@@ -2412,7 +2413,7 @@ def get_new_connection_database(sgid, sid=None):
|
||||
'/new_connection_user/<int:sgid>/<int:sid>',
|
||||
methods=["GET"], endpoint='get_new_connection_user'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def get_new_connection_user(sgid, sid=None):
|
||||
"""
|
||||
This method is used to get required data for get new connection.
|
||||
@@ -2478,7 +2479,7 @@ def get_new_connection_user(sgid, sid=None):
|
||||
'/new_connection_role/<int:sgid>/<int:sid>',
|
||||
methods=["GET"], endpoint='get_new_connection_role'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def get_new_connection_role(sgid, sid=None):
|
||||
"""
|
||||
This method is used to get required data for get new connection.
|
||||
@@ -2543,7 +2544,7 @@ def get_new_connection_role(sgid, sid=None):
|
||||
methods=["POST"],
|
||||
endpoint="connect_server"
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def connect_server(sid):
|
||||
# Check if server is already connected then no need to reconnect again.
|
||||
server = Server.query.filter_by(id=sid).first()
|
||||
@@ -2568,7 +2569,7 @@ def connect_server(sid):
|
||||
'/filter_dialog/<int:trans_id>',
|
||||
methods=["PUT"], endpoint='set_filter_data'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def set_filter_data(trans_id):
|
||||
"""
|
||||
This method is used to update the columns for data sorting dialog.
|
||||
@@ -2591,7 +2592,7 @@ def set_filter_data(trans_id):
|
||||
'/query_history/<int:trans_id>',
|
||||
methods=["POST"], endpoint='add_query_history'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def add_query_history(trans_id):
|
||||
"""
|
||||
This method adds to query history for user/server/database
|
||||
@@ -2617,7 +2618,7 @@ def add_query_history(trans_id):
|
||||
'/query_history/<int:trans_id>',
|
||||
methods=["DELETE"], endpoint='clear_query_history'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def clear_query_history(trans_id):
|
||||
"""
|
||||
This method returns clears history for user/server/database
|
||||
@@ -2637,7 +2638,7 @@ def clear_query_history(trans_id):
|
||||
'/query_history/<int:trans_id>',
|
||||
methods=["GET"], endpoint='get_query_history'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def get_query_history(trans_id):
|
||||
"""
|
||||
This method returns query history for user/server/database
|
||||
@@ -2660,7 +2661,7 @@ def get_query_history(trans_id):
|
||||
'/get_macros/<int:macro_id>/<int:trans_id>',
|
||||
methods=["GET"], endpoint='get_macro'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def macros(trans_id, macro_id=None, json_resp=True):
|
||||
"""
|
||||
This method is used to get all the columns for data sorting dialog.
|
||||
@@ -2679,7 +2680,7 @@ def macros(trans_id, macro_id=None, json_resp=True):
|
||||
'/set_macros/<int:trans_id>',
|
||||
methods=["PUT"], endpoint='set_macros'
|
||||
)
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def update_macros(trans_id):
|
||||
"""
|
||||
This method is used to get all the columns for data sorting dialog.
|
||||
|
||||
@@ -12,7 +12,8 @@
|
||||
import json
|
||||
from flask_babel import gettext
|
||||
from flask import current_app, request
|
||||
from flask_security import login_required, current_user
|
||||
from pgadmin.user_login_check import pga_login_required
|
||||
from flask_security import current_user
|
||||
from pgadmin.utils.ajax import make_response as ajax_response,\
|
||||
make_json_response
|
||||
from pgadmin.model import db, Macros, UserMacros
|
||||
|
||||
@@ -13,7 +13,8 @@ import json
|
||||
from flask import render_template, request, \
|
||||
Response, abort, current_app, session
|
||||
from flask_babel import gettext as _
|
||||
from flask_security import login_required, roles_required, current_user
|
||||
from flask_security import roles_required, current_user
|
||||
from pgadmin.user_login_check import pga_login_required
|
||||
from flask_security.utils import hash_password
|
||||
from werkzeug.exceptions import InternalServerError
|
||||
|
||||
@@ -73,13 +74,13 @@ blueprint = UserManagementModule(
|
||||
|
||||
|
||||
@blueprint.route("/")
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def index():
|
||||
return bad_request(errormsg=_("This URL cannot be called directly."))
|
||||
|
||||
|
||||
@blueprint.route("/user_management.js")
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def script():
|
||||
"""render own javascript"""
|
||||
return Response(
|
||||
@@ -95,7 +96,7 @@ def script():
|
||||
|
||||
@blueprint.route("/current_user.js")
|
||||
@pgCSRFProtect.exempt
|
||||
@login_required
|
||||
@pga_login_required
|
||||
def current_user_info():
|
||||
return Response(
|
||||
response=render_template(
|
||||
|
||||
Reference in New Issue
Block a user