[pgAdmin4][Patch] - RM #6953 - Webserver Authentication enhancement

public inbox for [email protected]  
help / color / mirror / Atom feed

[pgAdmin4][Patch] - RM #6953 - Webserver Authentication enhancement
2+ messages / 2 participants
[nested] [flat]

* [pgAdmin4][Patch] - RM #6953 - Webserver Authentication enhancement
@ 2021-11-10 09:01  Khushboo Vashi <[email protected]>
  0 siblings, 1 reply; 2+ messages in thread

From: Khushboo Vashi @ 2021-11-10 09:01 UTC (permalink / raw)
  To: pgadmin-hackers

Hi,

Please find the attached patch for the RM # 6953 - Webserver
Authentication: Include headers coming from servers.

In the RM, 2 users have provided the solution, I have merged them.

As per the current behaviour, pgAdmin only considers the REMOTE_USER
environment variable (set by the webserver). In this patch, we have
introduced the WEBSERVER_REMOTE_USER config variable, so users can modify
it as per their environment. Also, we check for the environment as well as
request headers for the remote user details.

Thanks,
Khushboo


Attachments:

  [application/octet-stream] RM_6953.patch (2.1K, 3-RM_6953.patch)
  download | inline diff:
diff --git a/docs/en_US/webserver.rst b/docs/en_US/webserver.rst
index abd0cf6c4..c54c14164 100644
--- a/docs/en_US/webserver.rst
+++ b/docs/en_US/webserver.rst
@@ -32,6 +32,9 @@ and modify the values for the following parameters:
     "WEBSERVER_AUTO_CREATE_USER", "Set the value to *True* if you want to automatically
     create a pgAdmin user corresponding to a successfully authenticated Webserver user.
     Please note that password is not stored in the pgAdmin database."
+    "WEBSERVER_REMOTE_USER", "The default value is REMOTE_USER, set this variable to any header
+    or environemnt variable to get the webserver remote user details. Possible values: REMOTE_USER,
+    HTTP_X_FORWARDED_USER, X-Forwarded-User."
 
 
 Master Password
diff --git a/web/config.py b/web/config.py
index c77d92f92..33b26fed5 100644
--- a/web/config.py
+++ b/web/config.py
@@ -736,6 +736,13 @@ OAUTH2_AUTO_CREATE_USER = True
 
 WEBSERVER_AUTO_CREATE_USER = True
 
+# REMOTE_USER variable will be used to check the environment variable
+# is set or not first, if not available,
+# request header will be checked for the same.
+# Possible values: REMOTE_USER, HTTP_X_FORWARDED_USER, X-Forwarded-User
+
+WEBSERVER_REMOTE_USER = 'REMOTE_USER'
+
 ##########################################################################
 # PSQL tool settings
 ##########################################################################
diff --git a/web/pgadmin/authenticate/webserver.py b/web/pgadmin/authenticate/webserver.py
index 47af8becd..4c84f79a4 100644
--- a/web/pgadmin/authenticate/webserver.py
+++ b/web/pgadmin/authenticate/webserver.py
@@ -77,7 +77,11 @@ class WebserverAuthentication(BaseAuthentication):
         return True
 
     def get_user(self):
-        return request.environ.get('REMOTE_USER')
+        username = request.environ.get(config.WEBSERVER_REMOTE_USER)
+        if not username:
+            # One more try to get the Remote User from the hearders
+            username = request.headers.get(config.WEBSERVER_REMOTE_USER)
+        return username
 
     def authenticate(self, form):
         username = self.get_user()


^ permalink  raw  reply  [nested|flat] 2+ messages in thread

* Re: [pgAdmin4][Patch] - RM #6953 - Webserver Authentication enhancement
@ 2021-11-10 10:09  Akshay Joshi <[email protected]>
  parent: Khushboo Vashi <[email protected]>
  0 siblings, 0 replies; 2+ messages in thread

From: Akshay Joshi @ 2021-11-10 10:09 UTC (permalink / raw)
  To: Khushboo Vashi <[email protected]>; +Cc: pgadmin-hackers

Thanks, the patch applied.

On Wed, Nov 10, 2021 at 2:31 PM Khushboo Vashi <
[email protected]> wrote:

> Hi,
>
> Please find the attached patch for the RM # 6953 - Webserver
> Authentication: Include headers coming from servers.
>
> In the RM, 2 users have provided the solution, I have merged them.
>
> As per the current behaviour, pgAdmin only considers the REMOTE_USER
> environment variable (set by the webserver). In this patch, we have
> introduced the WEBSERVER_REMOTE_USER config variable, so users can modify
> it as per their environment. Also, we check for the environment as well as
> request headers for the remote user details.
>
> Thanks,
> Khushboo
>


-- 
*Thanks & Regards*
*Akshay Joshi*
*pgAdmin Hacker | Principal Software Architect*
*EDB Postgres <http://edbpostgres.com>*

*Mobile: +91 976-788-8246*


^ permalink  raw  reply  [nested|flat] 2+ messages in thread

end of thread, other threads:[~2021-11-10 10:09 UTC | newest]

Thread overview: 2+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2021-11-10 09:01 [pgAdmin4][Patch] - RM #6953 - Webserver Authentication enhancement Khushboo Vashi <[email protected]>
2021-11-10 10:09 ` Akshay Joshi <[email protected]>

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox