Revert "Disable the master password requirement when using alternative authentication sources. Fixes #7012"

This reverts commit 0c823455a0.

docs/en_US/alternate_encryption_key.rst

@@ -1,33 +0,0 @@
-.. _alternate_encryption_key:
-
-**********************************
-`Alternate Encryption Key`:index:
-**********************************
-
-pgAdmin would use the alternate encryption key to secure and later unlock the saved server
-passwords if the master password is disabled AND there is NO suitable key/password available
-from the authentication module for the user in server mode.
-
-When pgAdmin stores a connection password,
-it encrypts it using a key that is formed either from the master password, or
-from the pgAdmin login password for the user. In the case of authentication methods
-such as OAuth, Kerberos or Webserver, pgAdmin doesn't have access to anything long-lived to
-form the encryption key from, hence it uses the master password and if master password
-is disabled pgAdmin would use the alternate encryption key, if it is set.
-
-
-.. note:: You can set the alternate encryption key by setting the configuration
-  parameter *ALTERNATE_ENCRYPTION_KEY=<Key>*.
-  See :ref:`config_py` for more information on configuration parameters and how
-  they can be changed or enforced across an organisation.
-
-.. note:: If the master password and the alternate encryption key is disabled,
-  then all the saved passwords will be removed.
-
-
-.. warning:: By setting this option, you should be fully aware of the potential security
-    risk of using the same encryption key for multiple users, that may be accessible to
-    sysadmins who would not normally be able to use pgAdmin.
-
-    It is **not recommended** that you use the alternate encryption key instead of master password
-    if you use the *Save Password* option.

docs/en_US/connecting.rst

@@ -38,13 +38,6 @@ It is set by the user and can be disabled using config.
 
     master_password
 
-The Alternate Encryption Key is used to secure and later unlock saved server passwords.
-It is **not recommended** to use the alternate encryption key.
-
-.. toctree::
-
-    alternate_encryption_key
-
 After defining a server connection, right-click on the server name, and select
 *Connect to server* to authenticate with the server, and start using pgAdmin to
 manage objects that reside on the server.

docs/en_US/master_password.rst

@@ -5,9 +5,7 @@
 ************************
 
 A master password is required to secure and later unlock the saved server
-passwords. This is applicable for desktop mode users and for the auth methods
-such as OAuth, Kerberos or Webserver where pgAdmin doesn't have access to anything
-long-lived to form the encryption key.
+passwords. This is applicable only for desktop mode users.
 
 * You are prompted to enter the master password when you open the window for
   the first time after starting the application.
@@ -25,15 +23,15 @@ long-lived to form the encryption key.
   See :ref:`config_py` for more information on configuration parameters and how
   they can be changed or enforced across an organisation.
 
-.. note:: If the master password and :ref:`alternate_encryption_key` is disabled,
-  then all the saved passwords will be removed.
+.. note:: If the master password is disabled, then all the saved passwords will
+    be removed.
 
 .. warning:: If the master password is disabled, then the saved passwords will
-    be encrypted using the :ref:`alternate_encryption_key` or a key which is derived
-    from information within the configuration database. Use of a master password
-    ensures that the encryption key does not need to be stored anywhere, and thus
-    prevents possible access to server credentials if the configuration database
-    becomes available to an attacker.
+    be encrypted using a key which is derived from information within the
+    configuration database. Use of a master password ensures that the encryption
+    key does not need to be stored anywhere, and thus prevents possible access
+    to server credentials if the configuration database becomes available to an
+    attacker.
 
     It is **strongly** recommended that you use the master password if you use
     the *Save Password* option.

docs/en_US/release_notes_6_9.rst

@@ -12,7 +12,6 @@ New features
   | `Issue #3253 <https://redmine.postgresql.org/issues/3253>`_ -  Added status bar to the Query Tool.
   | `Issue #3989 <https://redmine.postgresql.org/issues/3989>`_ -  Ensure that row numbers should be visible in view when scrolling horizontally.
   | `Issue #6830 <https://redmine.postgresql.org/issues/6830>`_ -  Relocate GIS Viewer Button to the Left Side of the Results Table.
-  | `Issue #7012 <https://redmine.postgresql.org/issues/7012>`_ -  Disable the master password requirement when using alternative authentication sources.
   | `Issue #7282 <https://redmine.postgresql.org/issues/7282>`_ -  Added options 'Ignore owner' and 'Ignore whitespace' to the schema diff panel.
   | `Issue #7325 <https://redmine.postgresql.org/issues/7325>`_ -  Added support for Azure AD OAUTH2 authentication.
 

web/config.py

@@ -553,27 +553,6 @@ ALLOW_SAVE_TUNNEL_PASSWORD = False
 ##########################################################################
 MASTER_PASSWORD_REQUIRED = True
 
-##########################################################################
-# When pgAdmin stores a connection password,
-# it encrypts it using a key that is formed either from the master password, or
-# from the pgAdmin login password for the user.
-#
-# In the case of auth methods such as OAuth or Kerberos, pgAdmin
-# doesn't have access to anything long-lived to form the encryption key from,
-# hence it uses the master password.
-
-# So, pgAdmin would use this alternate encryption key  if
-# a) the master password is disabled
-# AND
-# b) there is NO suitable key/pass available from the auth module for the user.
-
-# By setting this option, you should fully aware of the potential security
-# risk of using the same encryption key for multiple users,
-# that may be accessible to sysadmins who would not normally
-# be able to use pgAdmin.
-##########################################################################
-ALTERNATE_ENCRYPTION_KEY = None
-
 ##########################################################################
 # Allows pgAdmin4 to create session cookies based on IP address, so even
 # if a cookie is stolen, the attacker will not be able to connect to the

web/pgadmin/browser/__init__.py

@@ -706,8 +706,7 @@ def index():
         auth_source = session['auth_source_manager'][
             'source_friendly_name']
 
-        if not config.MASTER_PASSWORD_REQUIRED and 'pass_enc_key' in session\
-                and not config.ALTERNATE_ENCRYPTION_KEY:
+        if not config.MASTER_PASSWORD_REQUIRED and 'pass_enc_key' in session:
             session['allow_save_password'] = False
 
     response = Response(render_template(

web/pgadmin/utils/master_password.py

@@ -33,9 +33,6 @@ def get_crypt_key():
     elif config.MASTER_PASSWORD_REQUIRED \
             and enc_key is None:
         return False, None
-    elif not config.MASTER_PASSWORD_REQUIRED and config.SERVER_MODE and \
-            config.ALTERNATE_ENCRYPTION_KEY:
-        return True, config.ALTERNATE_ENCRYPTION_KEY
     elif not config.MASTER_PASSWORD_REQUIRED and config.SERVER_MODE and \
             'pass_enc_key' in session:
         return True, session['pass_enc_key']