public inbox for [email protected]
help / color / mirror / Atom feedFrom: Khushboo Vashi <[email protected]>
To: pgadmin-hackers <[email protected]>
Subject: [pgAdmin4][Patch] - RM #6953 - Webserver Authentication enhancement
Date: Wed, 10 Nov 2021 14:31:15 +0530
Message-ID: <CAFOhELda-+YpXUBTGqd9PWROSuxYMsKJC2bGz+tPcONrxUA63g@mail.gmail.com> (raw)
Hi,
Please find the attached patch for the RM # 6953 - Webserver
Authentication: Include headers coming from servers.
In the RM, 2 users have provided the solution, I have merged them.
As per the current behaviour, pgAdmin only considers the REMOTE_USER
environment variable (set by the webserver). In this patch, we have
introduced the WEBSERVER_REMOTE_USER config variable, so users can modify
it as per their environment. Also, we check for the environment as well as
request headers for the remote user details.
Thanks,
Khushboo
Attachments:
[application/octet-stream] RM_6953.patch (2.1K, 3-RM_6953.patch)
download | inline diff:
diff --git a/docs/en_US/webserver.rst b/docs/en_US/webserver.rst
index abd0cf6c4..c54c14164 100644
--- a/docs/en_US/webserver.rst
+++ b/docs/en_US/webserver.rst
@@ -32,6 +32,9 @@ and modify the values for the following parameters:
"WEBSERVER_AUTO_CREATE_USER", "Set the value to *True* if you want to automatically
create a pgAdmin user corresponding to a successfully authenticated Webserver user.
Please note that password is not stored in the pgAdmin database."
+ "WEBSERVER_REMOTE_USER", "The default value is REMOTE_USER, set this variable to any header
+ or environemnt variable to get the webserver remote user details. Possible values: REMOTE_USER,
+ HTTP_X_FORWARDED_USER, X-Forwarded-User."
Master Password
diff --git a/web/config.py b/web/config.py
index c77d92f92..33b26fed5 100644
--- a/web/config.py
+++ b/web/config.py
@@ -736,6 +736,13 @@ OAUTH2_AUTO_CREATE_USER = True
WEBSERVER_AUTO_CREATE_USER = True
+# REMOTE_USER variable will be used to check the environment variable
+# is set or not first, if not available,
+# request header will be checked for the same.
+# Possible values: REMOTE_USER, HTTP_X_FORWARDED_USER, X-Forwarded-User
+
+WEBSERVER_REMOTE_USER = 'REMOTE_USER'
+
##########################################################################
# PSQL tool settings
##########################################################################
diff --git a/web/pgadmin/authenticate/webserver.py b/web/pgadmin/authenticate/webserver.py
index 47af8becd..4c84f79a4 100644
--- a/web/pgadmin/authenticate/webserver.py
+++ b/web/pgadmin/authenticate/webserver.py
@@ -77,7 +77,11 @@ class WebserverAuthentication(BaseAuthentication):
return True
def get_user(self):
- return request.environ.get('REMOTE_USER')
+ username = request.environ.get(config.WEBSERVER_REMOTE_USER)
+ if not username:
+ # One more try to get the Remote User from the hearders
+ username = request.headers.get(config.WEBSERVER_REMOTE_USER)
+ return username
def authenticate(self, form):
username = self.get_user()
view thread (2+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: [pgAdmin4][Patch] - RM #6953 - Webserver Authentication enhancement
In-Reply-To: <CAFOhELda-+YpXUBTGqd9PWROSuxYMsKJC2bGz+tPcONrxUA63g@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox