Re: Problems with new ['webserver'] auth
| От | Khushboo Vashi |
|---|---|
| Тема | Re: Problems with new ['webserver'] auth |
| Дата | |
| Msg-id | CAFOhELc5-bwfQ8SUwa2WdahXBq8TuvcwKcO+hB2pbhNw0qOBhA@mail.gmail.com обсуждение исходный текст |
| Ответ на | Problems with new ['webserver'] auth (Konrad Mattheis <konrad.mattheis@vizlib.com>) |
| Список | pgadmin-support |
Hi,
As per the current behaviour, pgAdmin only considers the REMOTE_USER environment variable (set by the webserver).
We have just introduced the WEBSERVER_REMOTE_USER config variable (which will consider environment as well as headers), so users can modify it as per their environment. So, in your case if you set WEBSERVER_REMOTE_USER = 'REMOTE_USER' or any header variable, it will work. This fix will be available in an upcoming release.
Also, you can log the ticket for the multiple redirect issue @ https://redmine.postgresql.org/projects/pgadmin4.
Thanks,
Khushboo
On Wed, Nov 10, 2021 at 2:02 PM Konrad Mattheis <konrad.mattheis@vizlib.com> wrote:
Hi,
I have an issue to get the new webserver auth working. My use case is a little bit more complex but I tried to break it down
so that can be easily debugged from your side:
I just start the dpage/pgadmin4 as docker image, with a changed authsource. See:
docker run -p 4444:80 \
-e 'PGADMIN_DEFAULT_EMAIL=user@domain.com' \
-e 'PGADMIN_DEFAULT_PASSWORD=SuperSecret' \
-e 'PGADMIN_CONFIG_CONSOLE_LOG_LEVEL=10' \
-e 'PGADMIN_CONFIG_AUTHENTICATION_SOURCES=["webserver"]' \
dpage/pgadmin4
Now I try to make an request with my local chrome and an installed header extension so that I can manipulate the request headers.
I'm injecting the header: REMOTE_USER=test@hallo.de
I get multiple redirects until the browser stop the loop.
**** LOG ************
2021-11-10 08:08:22,043: DEBUG pgadmin: Authentication initiated via source: webserver
::ffff:172.17.0.1 - - [10/Nov/2021:08:08:22 +0000] "GET / HTTP/1.1" 302 209 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
2021-11-10 08:08:22,052: DEBUG pgadmin: Authentication initiated via source: webserver
::ffff:172.17.0.1 - - [10/Nov/2021:08:08:22 +0000] "GET / HTTP/1.1" 302 209 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
**** HAR ** one request
{
"_initiator": {
"type": "other"
},
"_priority": "VeryHigh",
"_resourceType": "document",
"cache": {},
"connection": "318993",
"request": {
"method": "GET",
"url": "http://localhost:4444/",
"httpVersion": "HTTP/1.1",
"headers": [
{
"name": "Host",
"value": "localhost:4444"
},
{
"name": "Connection",
"value": "keep-alive"
},
{
"name": "Pragma",
"value": "no-cache"
},
{
"name": "Cache-Control",
"value": "no-cache"
},
{
"name": "sec-ch-ua",
"value": "\"Google Chrome\";v=\"95\", \"Chromium\";v=\"95\", \";Not A Brand\";v=\"99\""
},
{
"name": "sec-ch-ua-mobile",
"value": "?0"
},
{
"name": "sec-ch-ua-platform",
"value": "\"macOS\""
},
{
"name": "Upgrade-Insecure-Requests",
"value": "1"
},
{
"name": "User-Agent",
"value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
},
{
"name": "Accept",
"value": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
},
{
"name": "Sec-Fetch-Site",
"value": "none"
},
{
"name": "Sec-Fetch-Mode",
"value": "navigate"
},
{
"name": "Sec-Fetch-User",
"value": "?1"
},
{
"name": "Sec-Fetch-Dest",
"value": "document"
},
{
"name": "Accept-Encoding",
"value": "gzip, deflate, br"
},
{
"name": "Accept-Language",
"value": "en-US,en;q=0.9,de-DE;q=0.8,de;q=0.7"
},
{
"name": "Cookie",
"value": "_ga=GA1.1.1548965094.1632077396; _pk_id.1.1fff=b2a39c0044a229f7.1632078586.; pga4_session=687afec6-df83-432e-9aae-c58c8a0aebb7!5IvAru1Bi1Entgxt96vVwrZqVQw="
},
{
"name": "remote_user",
"value": "test@hallo.de"
}
],
"queryString": [],
"cookies": [
{
"name": "_ga",
"value": "GA1.1.1548965094.1632077396",
"path": "/",
"domain": "localhost",
"expires": "2023-09-19T18:58:45.000Z",
"httpOnly": false,
"secure": false
},
{
"name": "_pk_id.1.1fff",
"value": "b2a39c0044a229f7.1632078586.",
"path": "/",
"domain": "localhost",
"expires": "2022-10-17T19:09:46.000Z",
"httpOnly": false,
"secure": false,
"sameSite": "Lax"
},
{
"name": "pga4_session",
"value": "687afec6-df83-432e-9aae-c58c8a0aebb7!5IvAru1Bi1Entgxt96vVwrZqVQw=",
"path": "/",
"domain": "localhost",
"expires": "2021-11-11T08:09:52.877Z",
"httpOnly": true,
"secure": false,
"sameSite": "Lax"
}
],
"headersSize": 919,
"bodySize": 0
},
"response": {
"status": 302,
"statusText": "FOUND",
"httpVersion": "HTTP/1.1",
"headers": [
{
"name": "Server",
"value": "gunicorn"
},
{
"name": "Date",
"value": "Wed, 10 Nov 2021 08:10:42 GMT"
},
{
"name": "Connection",
"value": "keep-alive"
},
{
"name": "Content-Type",
"value": "text/html; charset=utf-8"
},
{
"name": "Content-Length",
"value": "209"
},
{
"name": "Location",
"value": "http://localhost:4444/"
},
{
"name": "X-Frame-Options",
"value": "SAMEORIGIN"
},
{
"name": "Content-Security-Policy",
"value": "default-src ws: http: data: blob: 'unsafe-inline' 'unsafe-eval';"
},
{
"name": "X-Content-Type-Options",
"value": "nosniff"
},
{
"name": "X-XSS-Protection",
"value": "1; mode=block"
},
{
"name": "Set-Cookie",
"value": "pga4_session=687afec6-df83-432e-9aae-c58c8a0aebb7!5IvAru1Bi1Entgxt96vVwrZqVQw=; Expires=Thu, 11-Nov-2021 08:10:42 GMT; HttpOnly; Path=/; SameSite=Lax"
}
],
"cookies": [
{
"name": "pga4_session",
"value": "687afec6-df83-432e-9aae-c58c8a0aebb7!5IvAru1Bi1Entgxt96vVwrZqVQw=",
"path": "/",
"domain": "localhost",
"expires": "2021-11-11T08:10:42.000Z",
"httpOnly": true,
"secure": false,
"sameSite": "Lax"
}
],
"content": {
"size": 0,
"mimeType": "text/html",
"compression": 0
},
"redirectURL": "http://localhost:4444/",
"headersSize": 545,
"bodySize": 0,
"_transferSize": 545,
"_error": null
},
"serverIPAddress": "[::1]",
"startedDateTime": "2021-11-10T08:10:42.677Z",
"time": 25.62499999839929,
"timings": {
"blocked": 8.999999998515705,
"dns": -1,
"ssl": -1,
"connect": -1,
"send": 0.125,
"wait": 14.750000000436557,
"receive": 1.7499999994470272,
"_blocked_queueing": 3.8749999985157046
}
},
bye
Konrad
В списке pgadmin-support по дате отправления: