Re: [pgAdmin4][Patch]: Do not render security URL in templates if running in Desktop mode

Thu, 14 Dec 2017 08:01:02 -0800 

Yes Harshal, you are right but due to RM#2922 changes now runtime is
rendering the Login page.

@Dave,
Please find updated patch, which will also fix the issue of user login on
each request in runtime.
RM#2952
RM#2922

--
​ ​
Murtuza

On Thu, Dec 14, 2017 at 2:25 PM, Harshal Dhumal <
harshal.dhu...@enterprisedb.com> wrote:

> Hi Murtuza,
>
> Moving login related code from under  decorator @app.before_first_request
> to @app.before_request
> will cause runtime user to login on each request. I think we need to find
> some better way.
>
> --
> *Harshal Dhumal*
> *Sr. Software Engineer*
>
> EnterpriseDB India: http://www.enterprisedb.com
> The Enterprise PostgreSQL Company
>
> On Thu, Dec 14, 2017 at 2:02 PM, Murtuza Zabuawala <
> murtuza.zabuaw...@enterprisedb.com> wrote:
>
>> Hi,
>>
>> PFA patch to fix the issue where we were rendering Security URL's like
>> change password, reset password in HTML templates while running in Desktop
>> mode, we only register these security blueprints in Server mode hence it
>> was failing with BuildError.
>> RM#2952
>>
>> Also reverted RM#2922 because it not working as expected and causing
>> runtime to render login screen.
>>
>>
>> Thanks to Neel for helping me in testing the patch with latest runtime
>> code.
>>
>>
>> --
>> Regards,
>> Murtuza Zabuawala
>> EnterpriseDB: http://www.enterprisedb.com
>> The Enterprise PostgreSQL Company
>>
>>
>

diff --git a/web/pgadmin/__init__.py b/web/pgadmin/__init__.py
index b21d530..db676c5 100644
--- a/web/pgadmin/__init__.py
+++ b/web/pgadmin/__init__.py
@@ -540,11 +540,8 @@ def create_app(app_name=None):
             ):
                 abort(401)
 
-    if not config.SERVER_MODE:
-        @app.before_first_request
-        def before_first_request():
+        if not config.SERVER_MODE and not current_user.is_authenticated:
             user = user_datastore.get_user(config.DESKTOP_USER)
-
             # Throw an error if we failed to find the desktop user, to give
             # the sysadmin a hint. We'll continue to try to login anyway as
             # that'll through a nice 500 error for us.
@@ -554,7 +551,6 @@ def create_app(app_name=None):
                     % config.DESKTOP_USER
                 )
                 abort(401)
-
             login_user(user)
 
     @app.after_request
diff --git a/web/pgadmin/templates/security/change_password.html 
b/web/pgadmin/templates/security/change_password.html
index 33bb834..48cb8cd 100644
--- a/web/pgadmin/templates/security/change_password.html
+++ b/web/pgadmin/templates/security/change_password.html
@@ -1,6 +1,7 @@
 {% extends "security/panel.html" %}
 {% block panel_title %}{{ _('%(appname)s Password Change', 
appname=config.APP_NAME) }}{% endblock %}
 {% block panel_body %}
+{% if config.SERVER_MODE %}
 <form action="{{ url_for('browser.change_password') }}" method="POST" 
name="change_password_form">
     {{ change_password_form.hidden_tag() }}
     <fieldset>
@@ -10,4 +11,5 @@
         <input class="btn btn-lg btn-success btn-block" type="submit" 
value="{{ _('Change Password') }}">
     </fieldset>
 </form>
+{% endif %}
 {% endblock %}
diff --git a/web/pgadmin/templates/security/forgot_password.html 
b/web/pgadmin/templates/security/forgot_password.html
index 3b90b3c..4b9d4c8 100644
--- a/web/pgadmin/templates/security/forgot_password.html
+++ b/web/pgadmin/templates/security/forgot_password.html
@@ -1,6 +1,7 @@
 {% extends "security/panel.html" %}
 {% block panel_title %}{{ _('Recover %(appname)s Password', 
appname=config.APP_NAME) }}{% endblock %}
 {% block panel_body %}
+{% if config.SERVER_MODE %}
 <p>{{ _('Enter the email address for the user account you wish to recover the 
password for:') }}</p>
 <form action="{{ url_for('browser.forgot_password') }}" method="POST" 
name="forgot_password_form">
     {{ forgot_password_form.hidden_tag() }}
@@ -9,4 +10,5 @@
         <input class="btn btn-lg btn-success btn-block" type="submit" 
value="{{ _('Recover Password') }}">
     </fieldset>
 </form>
+{% endif %}
 {% endblock %}
diff --git a/web/pgadmin/templates/security/login_user.html 
b/web/pgadmin/templates/security/login_user.html
index 8c14a5b..cae4398 100644
--- a/web/pgadmin/templates/security/login_user.html
+++ b/web/pgadmin/templates/security/login_user.html
@@ -1,6 +1,7 @@
 {% extends "security/panel.html" %}
 {% block panel_title %}{{ _('%(appname)s Login', appname=config.APP_NAME) }}{% 
endblock %}
 {% block panel_body %}
+{% if config.SERVER_MODE %}
 <form action="{{ url_for_security('login') }}" method="POST" 
name="login_user_form">
     {{ login_user_form.hidden_tag() }}
     {% set user_language = request.cookies.get('PGADMIN_LANGUAGE') or 'en' %}
@@ -21,4 +22,5 @@
     </fieldset>
 </form>
 <span class="help-block">{{ _('Forgotten your <a 
href="%(url)s">password</a>?', url=url_for('browser.forgot_password')) }}</span>
+{% endif %}
 {% endblock %}
diff --git a/web/pgadmin/templates/security/reset_password.html 
b/web/pgadmin/templates/security/reset_password.html
index 67dfff6..7bd8113 100644
--- a/web/pgadmin/templates/security/reset_password.html
+++ b/web/pgadmin/templates/security/reset_password.html
@@ -1,6 +1,7 @@
 {% extends "security/panel.html" %}
 {% block panel_title %}{{ _('%(appname)s Password Reset', 
appname=config.APP_NAME) }}{% endblock %}
 {% block panel_body %}
+{% if config.SERVER_MODE %}
 <form action="{{ url_for('browser.reset_password', token=reset_password_token) 
}}" method="POST"
       name="reset_password_form">
     {{ reset_password_form.hidden_tag() }}
@@ -10,4 +11,5 @@
         <input class="btn btn-lg btn-success btn-block" type="submit" 
value="{{ _('Reset Password') }}">
     </fieldset>
 </form>
+{% endif %}
 {% endblock %}

Reply via email to