1) Added ALLOWED_HOSTS list to limit the host address.
2) Added CSP and HSTS security header.
3) Hide the webserver/ development framework version.
Fixes#5919
pgAdmin4 launch issue on Windows.
Cryptography's new version may be creating a problem. This is a temporary
fix and will have to investigate the proper fix.
1) Upgraded passlib==1.7.1 to passlib==1.7.2
2) Replace unmaintained Flask-Security with maintained Flask-Security-Too package, which is also compatible with python 3.8
3) Other compatibility code changes.
Changes include:
1) Remove underscore-string and sprintf-js packages as we were using only %s. Instead, added a function to do the same. Also changed gettext to behave like sprintf directly.
2) backgrid.sizeable.columns was not used anywhere, removed. @babel/polyfill is deprecated, replaced it with core-js.
3) Moved few css to make sure they get minified and bundled.
4) Added Flask-Compress to send static files as compressed gzip. This will reduce network traffic and improve initial load time for pgAdmin.
5) Split few JS files to make code reusable.
6) Lazy load few modules like leaflet, wkx is required only if geometry viewer is opened. snapsvg loaded only when explain plan is executed. This will improve sqleditor initial opening time.
Reviewed By: Khushboo Vashi
Fixes#4701
It was required for the commit:
1208206bc0
Also, do not fetch the scenario-name, when it is not avaiable (but - use
default vaule as the stringified test-case itself).
Right now psycopg2 is required to be exactly version 2.6.2, which makes it mostly impossible to install pgadmin4 without having the postgresql C development packages installed (since you need to rebuild psycopg2 from source to make that work, given that few platforms ship *exactly* that version).
1) To handle non-ascii filenames which we set from table name. Fixes#2314
2) To handle non-ascii query data. Fixes#2253
3) To dump JSON type columns properly in csv. Fixes#2360
server connection.
The BaseDriver and BaseConnection are two abstract classes, which allows
us to replace the existing driver with the currently used. The current
implementation supports to connect the PostgreSQL and Postgres Plus
Advanced Server using the psycopg2 driver.
A user authentication module based on flask-security is added, which
allows users to login and change/recover passwords etc. Custom templates
are included for the user/password UIs.
A new setup script will initialise the user (and later settings) DB,
adding the first user and granting them an Administrator role.
A redirects blueprint module is added to handle simple URL redirects.
A browser module is added and currently renders a skeleton page with
a menu bar, gravatar and jumbotron.
NOTE FOR LATER: Currently this code might make the nice basis for any
web app that needs user management and plugins. Hmmm....
instead. Add support to the runtime to allow the user to specify the
Python path. This needs to be more automated for release, but will be
useful for debugging and development.