Re: Question regarding mail server

Hi Aditya,

You're right it indeed solves the problem as described. I will report it in
the github.

I am facing *another* problem with the new version 7.5 that was not
existent in the 7.3 version.

I am running pgadmin as an apache virtual host based on the official
example from the documentation. My config is as follows
/etc/apache2/sites-available/pgadmin.conf
<VirtualHost *:5050>
ServerName pgadmin.example.com

WSGIDaemonProcess pgadmin processes=1 threads=25 python-home
=/usr/pgadmin4/venv/
WSGIScriptAlias / /usr/pgadmin4/web/pgAdmin4.wsgi

DocumentRoot /usr/pgadmin4/web
<Directory /usr/pgadmin4/web>
WSGIProcessGroup pgadmin
WSGIApplicationGroup %{GLOBAL}
Options -Indexes -MultiViews
AllowOverride none
Require all granted
</Directory>
</VirtualHost>

In version 7.5 I am accessing pgadmin in http://localhost:5050 and I get
the credentials page. When I enter the credentials the page that I am being
redirected to is http://localhost/pgadmin4 which doesn't work in the
application so there is something wrong behind the scenes redirecting the
page which was introduced now. The same exact config was working with
version 7.3

I changed the above configuration to the line below. Now everything works
as expected but I have to access the page with
http://localhost:5050/pgadmin4 which is not the desired behavior.
WSGIScriptAlias /pgadmin4 /usr/pgadmin4/web/pgAdmin4.wsgi

There is an old issue describing the exact same problem
https://github.com/pgadmin-org/pgadmin4/issues/5454. This behavior was not
existent in version 7.3 even though the line that you suggested to remove
is there.

Thank you in advance,

Kind regards,
Christos

On Thu, Jul 27, 2023 at 1:18 PM Aditya Toshniwal <
aditya(dot)toshniwal(at)enterprisedb(dot)com> wrote:

> Hi Christos,
>
> I found the issue. I was using the default config, but it is reproducible
> with MFA_SUPPORTED_METHODS = ["authenticator"].
> As a workaround, you can remove MFA_SUPPORTED_METHODS from your
> config_system. It will show up the email option in 2FA setup but 2FA will
> work fine.
> Do you mind reporting the issue here for tracking -
> https://github.com/pgadmin-org/pgadmin4/issues?
>
> On Thu, Jul 27, 2023 at 4:27 PM Christos Roussidis <
> xristos(dot)roussidis(at)gmail(dot)com> wrote:
>
>> This is the log dump I am getting. I have setup the 2FA already with an
>> authenticator and when I log in using my credentials I get the below error.
>>
>> 2023-07-27 12:53:14,574: ERROR pgadmin: 'mfa.send_email_code'
>> Traceback (most recent call last):
>> File "/usr/pgadmin4/venv/lib/python3.10/site-packages/flask/app.py",
>> line 1823, in full_dispatch_request
>> rv = self.dispatch_request()
>> File "/usr/pgadmin4/venv/lib/python3.10/site-packages/flask/app.py",
>> line 1799, in dispatch_request
>> return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
>> File
>> "/usr/pgadmin4/venv/lib/python3.10/site-packages/flask_login/utils.py",
>> line 290, in decorated_view
>> return current_app.ensure_sync(func)(*args, **kwargs)
>> File "/usr/pgadmin4/web/pgadmin/authenticate/mfa/views.py", line 137, in
>> validate_view
>> return Response(render_template(
>> File
>> "/usr/pgadmin4/venv/lib/python3.10/site-packages/flask/templating.py",
>> line 147, in render_template
>> return _render(app, template, context)
>> File
>> "/usr/pgadmin4/venv/lib/python3.10/site-packages/flask/templating.py",
>> line 130, in _render
>> rv = template.render(context)
>> File
>> "/usr/pgadmin4/venv/lib/python3.10/site-packages/jinja2/environment.py",
>> line 1301, in render
>> self.environment.handle_exception()
>> File
>> "/usr/pgadmin4/venv/lib/python3.10/site-packages/jinja2/environment.py",
>> line 936, in handle_exception
>> raise rewrite_traceback_stack(source=source)
>> File
>> "/usr/pgadmin4/web/pgadmin/authenticate/mfa/templates/mfa/validate.html",
>> line 2, in top-level template code
>> {% set page_props = {
>> File "/usr/pgadmin4/venv/lib/python3.10/site-packages/flask/app.py",
>> line 2020, in url_for
>> self.inject_url_defaults(endpoint, values)
>> File "/usr/pgadmin4/venv/lib/python3.10/site-packages/flask/app.py",
>> line 2257, in inject_url_defaults
>> func(endpoint, values)
>> File "/usr/pgadmin4/web/pgadmin/__init__.py", line 883, in
>> add_internal_version
>> urls = [url for url in app.url_map.iter_rules(endpoint)]
>> File
>> "/usr/pgadmin4/venv/lib/python3.10/site-packages/werkzeug/routing/map.py",
>> line 164, in iter_rules
>> return iter(self._rules_by_endpoint[endpoint])
>> KeyError: 'mfa.send_email_code'
>>
>>
>> On Thu, Jul 27, 2023 at 12:50 PM Aditya Toshniwal <
>> aditya(dot)toshniwal(at)enterprisedb(dot)com> wrote:
>>
>>> Hi Christos,
>>>
>>> 2FA is applicable for server mode only. And I tested in server mode. I
>>> used pgAdmin default config.
>>> Can you please share the screenshot and logs for v7.5?
>>>
>>> On Thu, Jul 27, 2023 at 4:05 PM Christos Roussidis <
>>> xristos(dot)roussidis(at)gmail(dot)com> wrote:
>>>
>>>> Hello Aditya,
>>>>
>>>> Thank you for your prompt response,
>>>>
>>>> Did it work on the desktop mode or in server mode? I face that problem
>>>> in the server mode.
>>>>
>>>> I will send you the configuration I have set
>>>>
>>>> OS: debian 11
>>>> pgadmin4 version :7.3 (working, but error is being printed in logs),
>>>> 7.5 (not working)
>>>> config file location: /etc/pgadmin/config_system.py
>>>>
>>>> Contents of config file
>>>>
>>>> ##########################################################################
>>>> # Two-factor Authentication Configuration
>>>>
>>>> ##########################################################################
>>>>
>>>> # Set it to True, to enable the two-factor authentication
>>>> MFA_ENABLED = True
>>>>
>>>> # Set it to True, to ask the users to register forcefully for the
>>>> # two-authentication methods on logged-in.
>>>> MFA_FORCE_REGISTRATION = False
>>>>
>>>> # pgAdmin supports Two-factor authentication by either sending an
>>>> one-time code
>>>> # to an email, or using the TOTP based application like Google
>>>> Authenticator.
>>>> MFA_SUPPORTED_METHODS = ["authenticator"]
>>>>
>>>> # NOTE: Please set the 'Mail server settings' to use 'email' as
>>>> two-factor
>>>> # authentication method.
>>>>
>>>> # Subject for the email verification code
>>>> # Default: <APP_NAME> - Verification Code
>>>> # e.g. pgAdmin 4 - Verification Code
>>>> MFA_EMAIL_SUBJECT = None
>>>>
>>>>
>>>> These are all the settings that I have and experiencing the issue
>>>> (also, having postfix installed or not doesn't change anything as the issue
>>>> persists on two different machines)
>>>>
>>>> Thank you in advance.
>>>> Kind Regards,
>>>> Christos
>>>>
>>>> On Thu, Jul 27, 2023 at 12:27 PM Aditya Toshniwal <
>>>> aditya(dot)toshniwal(at)enterprisedb(dot)com> wrote:
>>>>
>>>>> Hi Christos,
>>>>>
>>>>> I tried simply setting up 2FA without SMTP config and things worked
>>>>> fine. No email required and no errors.
>>>>> The password reset is required to send email as pgAdmin needs to send
>>>>> the reset link for the first "email with password" authentication.
>>>>>
>>>>> On Thu, Jul 27, 2023 at 3:34 PM Christos Roussidis <
>>>>> xristos(dot)roussidis(at)gmail(dot)com> wrote:
>>>>>
>>>>>> Hello,
>>>>>>
>>>>>> I would like to ask you a question regarding the mail server. So when
>>>>>> running pgadmin4 in server mode it requires a mail server to send emails
>>>>>> for things like 2FA and password reset.
>>>>>>
>>>>>> It seems impossible though to disable that function. Our setup
>>>>>> doesn't need a mail server at all as we only use authenticator for the 2FA
>>>>>> and admins are able to configure passwords and change them for the rare
>>>>>> case that the user needs a reset on them.
>>>>>>
>>>>>> On version 7.3 I am getting in logs the error
>>>>>> > 2023-07-27 11:37:09,086: ERROR pgadmin: 'mfa.send_email_code'
>>>>>>
>>>>>> The above error on version 7.5 is not silent anymore and even breaks
>>>>>> our running pgadmin4 instance. It would really help if we had a toggle
>>>>>> switch in the settings where we could completely disable the mail server
>>>>>> functionality.
>>>>>>
>>>>>> Thank you in advance
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Thanks,
>>>>> Aditya Toshniwal
>>>>> pgAdmin Hacker | Sr. Software Architect | *enterprisedb.com*
>>>>> <https://www.enterprisedb.com/>
>>>>> "Don't Complain about Heat, Plant a TREE"
>>>>>
>>>>
>>>
>>> --
>>> Thanks,
>>> Aditya Toshniwal
>>> pgAdmin Hacker | Sr. Software Architect | *enterprisedb.com*
>>> <https://www.enterprisedb.com/>
>>> "Don't Complain about Heat, Plant a TREE"
>>>
>>
>
> --
> Thanks,
> Aditya Toshniwal
> pgAdmin Hacker | Sr. Software Architect | *enterprisedb.com*
> <https://www.enterprisedb.com/>
> "Don't Complain about Heat, Plant a TREE"
>