Commit Graph

110 Commits

Author SHA1 Message Date
Akshay Joshi
964d211260 Copyright updated for 2025 2025-01-01 11:26:42 +05:30
Yogesh Mahajan
dd6f6cf1af
Support OIDC in OAuth2 authentication. #7839 2024-09-16 08:36:54 +05:30
Khushboo Vashi
e5012ea9c6 Add debug logs to observe the OpenID token response. 2024-09-04 19:46:40 +05:30
Yogesh Mahajan
c4dc839d7c
Fix issue found while testing keyring related changes. #7076 2024-08-28 11:46:04 +05:30
Yogesh Mahajan
1257ec9969
Revamp the current password saving implementation to keyring and reducing repeated OS user password prompts. #7076
The new implementation will store the master password in the keyring instead of storing each and every server password separately. The master password will be used to encrypt/decrypt server password when storing in the pgAdmin config DB.
2024-08-22 16:44:57 +05:30
Akshay Joshi
df2f3460f0 Fix the following SonarQube code smells:
1) Use the "RegExp.exec()" method instead.
2) Remove parameter form or provide default value.
3) Extract this nested ternary operation into an independent statement.
4) Replace this character class by the character itself.
5) Unnecessary use of conditional expression for default assignment.
6) Prefer using an optional chain expression instead, as it's more concise and easier to read.
2024-06-11 18:07:22 +05:30
Ahmad
5c30695d66
Fixed Typos 2024-05-23 12:52:41 +05:30
Khushboo Vashi
f4761f55f7 Fixed Multi-Factor Authentication bypass vulnerability (CVE-2024-4215). #7425 2024-04-29 13:41:02 +05:30
Neville Li
5a3fa59741
Fix id_token KeyError on OAuth2 logout. 2024-04-16 12:19:06 +05:30
Akshay Joshi
30d2d1b23e Fixed the following code smells:
1) useState call is not destructured into value + setter pair.
2) A fragment with only one child is redundant.
3) Unnecessary '.apply()' and '.call()'.
4) Expected the Promise rejection reason to be an Error.
2024-04-09 19:18:56 +05:30
Yogesh Mahajan
102e0a9839
- Update MUI v4 to v5
- Remove the SCSS dependency completely and use MUI for theming.
- Update - date-fns, @date-io, notistack. Remove - popper.js, sass-loader.
- Cleanup webpack config.
- Port PSQL tool to use MUI themes instead of SCSS theme.
- Theme change will reflect realtime without refreshing pgAdmin.
2024-04-09 08:21:14 +05:30
Anil Sahoo
e99fc02f9e
Fixed issue related to email authentication of Two-factor authentication. #7308 2024-03-26 11:27:35 +05:30
Florian
3425bc0349
Ensure that the OAuth2 session is logged out when users log out from pgAdmin. #7193 2024-03-01 12:09:01 +05:30
Akshay Joshi
0e0cbc40b8 Fixed SonarQube code smell Replace the unused local variable with '_'. 2024-01-24 18:33:43 +05:30
Akshay Joshi
740ce15bd7 Update copyright notices for 2024 2024-01-01 14:13:48 +05:30
Khushboo Vashi
3fa4e82af9
Introduce LDAP configuration parameter LDAP_IGNORE_MALFORMED_SCHEMA to ignore fetching schema from the LDAP server. #7062 2024-01-01 11:04:57 +05:30
Yogesh Mahajan
4e2aa82ddd
Provide a way to bypass the SSL cert verification for OAuth2 provider. #6095 2023-12-04 11:19:14 +05:30
Everton Seiei Arakaki
682d6597e4
Fix an issue where OAUTH_ADDITIONAL_CLAIMS does not recognise AzureAD with > 150 groups. #6835 2023-11-20 11:33:39 +05:30
Martin Tietz
23c618e1c9
Fix more data type mismatch when checking OAUTH2 claims 2023-11-17 16:30:04 +05:30
Martin Tietz
5bdccb6e63
Fix a data type mismatch when checking OAUTH2 claims 2023-11-17 15:18:07 +05:30
Yogesh Mahajan
1bfd8d7f3c
Fix foreign table api test failures for EPAS. 2023-10-27 12:58:47 +05:30
Aditya Toshniwal
862f101772
Significant changes to use ReactJS extensively.
1. Replace the current layout library wcDocker with ReactJS based rc-dock. #6479
2. Have close buttons on individual panel tabs instead of common. #2821
3. Changes in the context menu on panel tabs - Add close, close all and close others menu items. #5394
4. Allow closing all the tabs, including SQL and Properties. #4733
5. Changes in docking behaviour of different tabs based on user requests and remove lock layout menu.
6. Fix an issue where the scroll position of panels was not remembered on Firefox. #2986
7. Reset layout now will not require page refresh and is done spontaneously.
8. Use the zustand store for storing preferences instead of plain JS objects. This will help reflecting preferences immediately.
9. The above fix incorrect format (no indent) of SQL stored functions/procedures. #6720
10. New version check is moved to an async request now instead of app start to improve startup performance.
11. Remove jQuery and Bootstrap completely.
12. Replace jasmine and karma test runner with jest. Migrate all the JS test cases to jest. This will save time in writing and debugging JS tests.
13. Other important code improvements and cleanup.
2023-10-23 17:43:17 +05:30
Aditya Toshniwal
078a959e3d Remove the Pillow dependency completely. 2023-10-05 12:40:29 +05:30
Everton Seiei Arakaki
02eaf787e9
Add support for additional ID token claim checks for OAuth 2 authentication. #6736 2023-09-05 11:28:18 +05:30
Yogesh Mahajan
cd613ded0a
Ensure user is redirected to login page after failed login. #6704 2023-08-25 10:38:50 +05:30
Aditya Toshniwal
a1c7265c41
Fix PEP8 issues with latest pycodestyle (#6636) 2023-07-31 18:14:39 +05:30
Aditya Toshniwal
2aea5b41ad Fix an issue where changing MFA_SUPPORTED_METHODS breaks the MFA validation. #6624 2023-07-31 15:02:30 +05:30
Aditya Toshniwal
ac5be70c60
Fix issues found while testing login pages. #6295 2023-07-11 18:12:06 +05:30
Pravesh Sharma
62056cab14
Fixed sonaqube security smells and bugs
1. Delete unreachable code or refactor the code to make it reachable.
2. Unexpected var, use let or const instead.
3. Remove useless assignment to variable.
4. Define a constant instead of duplicating the literal
5. Remove commented out code
2023-07-10 10:36:15 +05:30
Aditya Toshniwal
d6cddd8c29
Remove Bootstrap and jQuery from authentication pages and rewrite them in ReactJS. #6295 2023-06-30 16:08:33 +05:30
Yogesh Mahajan
0431cf7fc1
Ensure the user is able to log in if the specified OAUTH2_USERNAME_CLAIM is present in the OAuth2 profile. #6267 2023-05-10 14:39:35 +05:30
Yogesh Mahajan
39a0f46159
Ensure that internal users are able to login when auth sources are [ldap, internal]. #6151 2023-04-24 11:54:02 +05:30
Khushboo Vashi
fa29ba9163 Fixed the LDAP authentication issue for the simultaneous login attempts. 2023-04-04 18:47:13 +05:30
Aditya Toshniwal
292d76b39e
Update SQLAlchemy, Flask, Flask-SQLAlchemy, and other packages to current versions. #5901
- Update Flask, Flask-SQLAlchemy, Flask-Babel, Flask-Security-Too, Flask-SocketIO, pytz, psutil, SQLAlchemy, bcrypt, cryptography, eventlet, Authlib, requests python packages
- Remove pinned dnspython, Werkzeug packages from requirements.txt
2023-03-15 11:57:16 +05:30
Akshay Joshi
3c56c0e4b7 Revert "Update SQLAlchemy, Flask, Flask-SQLAlchemy, and other packages to current versions. #5901"
This reverts commit 31818bb67a.
2023-03-09 16:53:43 +05:30
Aditya Toshniwal
31818bb67a
Update SQLAlchemy, Flask, Flask-SQLAlchemy, and other packages to current versions. #5901
Remove the python version check from the requirements.txt.
2023-03-08 18:26:51 +05:30
Paul Milbank
83ec0f3d90
Add additional logging for successful logins and user creation. #5842 2023-02-13 11:11:05 +05:30
Akshay Joshi
98184e5835 Update copyright notices for 2023 2023-01-02 11:53:55 +05:30
Yogesh Mahajan
acc26744e3
Fixed a missing "jwks_uri" in metadata error that occurred when logging in with an oAuth2 provider like Azure or Google. #5666 2022-12-22 16:54:13 +05:30
Khushboo Vashi
213c9d683f
Fix the webserver and internal authentication setup issue. #5586 2022-12-20 11:26:47 +05:30
Mark Mayo
41508f7f67
python 3 updates
- Fix super() calls for python 3
- No need to inherit objects.
- No need for u at the start of strings
- Tidied up some brackets and f-strings too
2022-11-19 10:13:41 +05:30
Leon Maraite
6bc5808c53
Add the possibility to configure the OAuth2 claim which is used for the pgAdmin username. #5468
This feature provides the possibility to configure the Oauth2 claim
which should be used as a username. The key in the config.py is called
'OAUTH2_USERNAME_CLAIM'. If you don't provide a custom key, the email
is used as the username, like before. So it is completely backward
compatible.
2022-11-07 13:58:23 +05:30
Akshay Joshi
e17c50d304
Added support for storing configurations of pgAdmin in an external database. #1832 2022-10-20 16:18:41 +05:30
Aditya Toshniwal
4fc0f288c7
Use SocketIO instead of REST for fetching database tables data in ERD. #5065 2022-10-17 15:24:22 +05:30
Bruno Almeida
e3e0e3db19
Add support for multiple ways to bind to the LDAP server. #3541 2022-09-28 10:47:56 +05:30
Yogesh Mahajan
5fbb8b6204
Fixed error occurring while LDAP authentication for a user with multiple email attributes. #5352 2022-09-27 15:38:48 +05:30
Akshay Joshi
0b6b2e733a 1) Remove Python's 'Six' package completely. #5357
2) Replace deprecated @abstractproperty with @property, @abstractmethod.
2022-09-26 12:47:31 +05:30
Yogesh Mahajan
f052ecffc0
Fixed intermittent error shown while OAuth2 login 2022-09-23 13:58:02 +05:30
Aditya Toshniwal
e2b00dda1b Fixes a redirect vulnerability when the user opens the pgAdmin URL. Fixes #5343 2022-09-19 15:36:10 +05:30
Aditya Toshniwal
04b1e26041 Fixed an issue where server names with special characters are not displayed correctly in the process tab. Fixes #7695 2022-09-15 16:43:37 +05:30