Quick Links

Re: Problems with new ['webserver'] auth

From:	Khushboo Vashi <khushboo(dot)vashi(at)enterprisedb(dot)com>
To:	Konrad Mattheis <konrad(dot)mattheis(at)vizlib(dot)com>
Cc:	"pgadmin-support(at)lists(dot)postgresql(dot)org" <pgadmin-support(at)lists(dot)postgresql(dot)org>
Subject:	Re: Problems with new ['webserver'] auth
Date:	2021-11-10 09:13:53
Message-ID:	CAFOhELc5-bwfQ8SUwa2WdahXBq8TuvcwKcO+hB2pbhNw0qOBhA@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgadmin-support

Hi,

As per the current behaviour, pgAdmin only considers the *REMOTE_USER*
*environment* variable (set by the webserver).

We have just introduced the *WEBSERVER_REMOTE_USER config variable *(which
will consider environment as well as headers)*,* so users can modify it as
per their environment. So, in your case if you set WEBSERVER_REMOTE_USER =
'REMOTE_USER' or any header variable, it will work. This fix will be
available in an upcoming release.

Also, you can log the ticket for the multiple redirect issue @
https://redmine.postgresql.org/projects/pgadmin4.

Thanks,
Khushboo

On Wed, Nov 10, 2021 at 2:02 PM Konrad Mattheis <konrad(dot)mattheis(at)vizlib(dot)com>
wrote:

> Hi,
>
> I have an issue to get the new webserver auth working. My use case is
> a little bit more complex but I tried to break it down
> so that can be easily debugged from your side:
>
> I just start the dpage/pgadmin4 as docker image, with a changed
> authsource. See:
>
> docker run -p 4444:80 \
> -e 'PGADMIN_DEFAULT_EMAIL=user(at)domain(dot)com' \
> -e 'PGADMIN_DEFAULT_PASSWORD=SuperSecret' \
> -e 'PGADMIN_CONFIG_CONSOLE_LOG_LEVEL=10' \
> -e 'PGADMIN_CONFIG_AUTHENTICATION_SOURCES=["webserver"]' \
> dpage/pgadmin4
>
>
> Now I try to make an request with my local chrome and an installed
> header extension so that I can manipulate the request headers.
> I'm injecting the header: REMOTE_USER=test(at)hallo(dot)de
>
> I get multiple redirects until the browser stop the loop.
>
> **** LOG ************
>
> 2021-11-10 08:08:22,043: DEBUG pgadmin: Authentication
> initiated via source: webserver
> ::ffff:172.17.0.1 - - [10/Nov/2021:08:08:22 +0000] "GET / HTTP/1.1"
> 302 209 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
> 2021-11-10 08:08:22,052: DEBUG pgadmin: Authentication
> initiated via source: webserver
> ::ffff:172.17.0.1 - - [10/Nov/2021:08:08:22 +0000] "GET / HTTP/1.1"
> 302 209 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
>
> **** HAR ** one request
>
> {
> "_initiator": {
> "type": "other"
> },
> "_priority": "VeryHigh",
> "_resourceType": "document",
> "cache": {},
> "connection": "318993",
> "request": {
> "method": "GET",
> "url": "http://localhost:4444/",
> "httpVersion": "HTTP/1.1",
> "headers": [
> {
> "name": "Host",
> "value": "localhost:4444"
> },
> {
> "name": "Connection",
> "value": "keep-alive"
> },
> {
> "name": "Pragma",
> "value": "no-cache"
> },
> {
> "name": "Cache-Control",
> "value": "no-cache"
> },
> {
> "name": "sec-ch-ua",
> "value": "\"Google Chrome\";v=\"95\",
> \"Chromium\";v=\"95\", \";Not A Brand\";v=\"99\""
> },
> {
> "name": "sec-ch-ua-mobile",
> "value": "?0"
> },
> {
> "name": "sec-ch-ua-platform",
> "value": "\"macOS\""
> },
> {
> "name": "Upgrade-Insecure-Requests",
> "value": "1"
> },
> {
> "name": "User-Agent",
> "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X
> 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69
> Safari/537.36"
> },
> {
> "name": "Accept",
> "value":
> "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
> },
> {
> "name": "Sec-Fetch-Site",
> "value": "none"
> },
> {
> "name": "Sec-Fetch-Mode",
> "value": "navigate"
> },
> {
> "name": "Sec-Fetch-User",
> "value": "?1"
> },
> {
> "name": "Sec-Fetch-Dest",
> "value": "document"
> },
> {
> "name": "Accept-Encoding",
> "value": "gzip, deflate, br"
> },
> {
> "name": "Accept-Language",
> "value": "en-US,en;q=0.9,de-DE;q=0.8,de;q=0.7"
> },
> {
> "name": "Cookie",
> "value": "_ga=GA1.1.1548965094.1632077396;
> _pk_id.1.1fff=b2a39c0044a229f7.1632078586.;
> pga4_session=687afec6-df83-432e-9aae-c58c8a0aebb7!5IvAru1Bi1Entgxt96vVwrZqVQw="
> },
> {
> "name": "remote_user",
> "value": "test(at)hallo(dot)de"
> }
> ],
> "queryString": [],
> "cookies": [
> {
> "name": "_ga",
> "value": "GA1.1.1548965094.1632077396",
> "path": "/",
> "domain": "localhost",
> "expires": "2023-09-19T18:58:45.000Z",
> "httpOnly": false,
> "secure": false
> },
> {
> "name": "_pk_id.1.1fff",
> "value": "b2a39c0044a229f7.1632078586.",
> "path": "/",
> "domain": "localhost",
> "expires": "2022-10-17T19:09:46.000Z",
> "httpOnly": false,
> "secure": false,
> "sameSite": "Lax"
> },
> {
> "name": "pga4_session",
> "value":
> "687afec6-df83-432e-9aae-c58c8a0aebb7!5IvAru1Bi1Entgxt96vVwrZqVQw=",
> "path": "/",
> "domain": "localhost",
> "expires": "2021-11-11T08:09:52.877Z",
> "httpOnly": true,
> "secure": false,
> "sameSite": "Lax"
> }
> ],
> "headersSize": 919,
> "bodySize": 0
> },
> "response": {
> "status": 302,
> "statusText": "FOUND",
> "httpVersion": "HTTP/1.1",
> "headers": [
> {
> "name": "Server",
> "value": "gunicorn"
> },
> {
> "name": "Date",
> "value": "Wed, 10 Nov 2021 08:10:42 GMT"
> },
> {
> "name": "Connection",
> "value": "keep-alive"
> },
> {
> "name": "Content-Type",
> "value": "text/html; charset=utf-8"
> },
> {
> "name": "Content-Length",
> "value": "209"
> },
> {
> "name": "Location",
> "value": "http://localhost:4444/"
> },
> {
> "name": "X-Frame-Options",
> "value": "SAMEORIGIN"
> },
> {
> "name": "Content-Security-Policy",
> "value": "default-src ws: http: data: blob:
> 'unsafe-inline' 'unsafe-eval';"
> },
> {
> "name": "X-Content-Type-Options",
> "value": "nosniff"
> },
> {
> "name": "X-XSS-Protection",
> "value": "1; mode=block"
> },
> {
> "name": "Set-Cookie",
> "value":
> "pga4_session=687afec6-df83-432e-9aae-c58c8a0aebb7!5IvAru1Bi1Entgxt96vVwrZqVQw=;
> Expires=Thu, 11-Nov-2021 08:10:42 GMT; HttpOnly; Path=/; SameSite=Lax"
> }
> ],
> "cookies": [
> {
> "name": "pga4_session",
> "value":
> "687afec6-df83-432e-9aae-c58c8a0aebb7!5IvAru1Bi1Entgxt96vVwrZqVQw=",
> "path": "/",
> "domain": "localhost",
> "expires": "2021-11-11T08:10:42.000Z",
> "httpOnly": true,
> "secure": false,
> "sameSite": "Lax"
> }
> ],
> "content": {
> "size": 0,
> "mimeType": "text/html",
> "compression": 0
> },
> "redirectURL": "http://localhost:4444/",
> "headersSize": 545,
> "bodySize": 0,
> "_transferSize": 545,
> "_error": null
> },
> "serverIPAddress": "[::1]",
> "startedDateTime": "2021-11-10T08:10:42.677Z",
> "time": 25.62499999839929,
> "timings": {
> "blocked": 8.999999998515705,
> "dns": -1,
> "ssl": -1,
> "connect": -1,
> "send": 0.125,
> "wait": 14.750000000436557,
> "receive": 1.7499999994470272,
> "_blocked_queueing": 3.8749999985157046
> }
> },
>
> bye
> Konrad
>
>
>
>

In response to

Problems with new ['webserver'] auth at 2021-11-10 08:32:34 from Konrad Mattheis

Browse pgadmin-support by date

	From	Date	Subject
Next Message	Aditya Toshniwal	2021-11-10 09:36:45	Re: pgadmin feature request/feedback
Previous Message	Konrad Mattheis	2021-11-10 08:32:34	Problems with new ['webserver'] auth