Added check to avoid keyring call to get server password if save_pass…

…word flag is not set
nikhil-mohite · Jan 5, 2024 · f3a811c · f3a811c
1 parent fdaedac
commit f3a811c
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 13 deletions.
diff --git a/web/pgadmin/browser/__init__.py b/web/pgadmin/browser/__init__.py
@@ -724,18 +724,19 @@ def set_master_password():
 
         try:
             all_server = Server.query.all()
+            saved_password_servers = [server for server in all_server if
+                                      server.save_password]
             # pgAdmin will use the OS password manager to store the server
             # password, here migrating the existing saved server password to
             # OS password manager
-            if keyring.get_password(
+            if len(saved_password_servers) > 0 and (keyring.get_password(
                     KEY_RING_SERVICE_NAME, KEY_RING_DESKTOP_USER.format(
-                        desktop_user.username)) or enc_key:
+                        desktop_user.username)) or enc_key):
                 is_migrated = False
 
-                for server in all_server:
+                for server in saved_password_servers:
                     if enc_key:
-                        if server.password and config.ALLOW_SAVE_PASSWORD \
-                                and server.save_password:
+                        if server.password and config.ALLOW_SAVE_PASSWORD:
                             name = KEY_RING_USERNAME_FORMAT.format(server.name,
                                                                    server.id)
                             password = decrypt(server.password,

diff --git a/web/pgadmin/browser/server_groups/servers/__init__.py b/web/pgadmin/browser/server_groups/servers/__init__.py
@@ -1519,14 +1519,21 @@ def connect(self, gid, sid):
         conn = manager.connection()
 
         crypt_key = None
-        if config.DISABLED_LOCAL_PASSWORD_STORAGE or \
-                not keyring.get_password(KEY_RING_SERVICE_NAME,
-                                         KEY_RING_DESKTOP_USER.format(
-                                             current_user.username)):
-            # Get enc key
-            crypt_key_present, crypt_key = get_crypt_key()
-            if not crypt_key_present:
-                raise CryptKeyMissing
+        if server.save_password:
+            if config.DISABLED_LOCAL_PASSWORD_STORAGE or \
+                not keyring.get_password(
+                    KEY_RING_SERVICE_NAME,
+                    KEY_RING_DESKTOP_USER.format(current_user.username)):
+                crypt_key_present, crypt_key = get_crypt_key()
+                if not crypt_key_present:
+                    raise CryptKeyMissing
+
+        else:
+            if config.DISABLED_LOCAL_PASSWORD_STORAGE:
+                # Get enc key
+                crypt_key_present, crypt_key = get_crypt_key()
+                if not crypt_key_present:
+                    raise CryptKeyMissing
 
         # If server using SSH Tunnel
         if server.use_ssh_tunnel:

diff --git a/web/pgadmin/browser/server_groups/servers/tests/test_check_ssh_mock_connect.py b/web/pgadmin/browser/server_groups/servers/tests/test_check_ssh_mock_connect.py
@@ -74,6 +74,7 @@ def __init__(self, name, id, username, use_ssh_tunnel,
                     self.tunnel_password = tunnel_password
                     self.tunnel_keep_alive = tunnel_keep_alive
                     self.service = service
+                    self.save_password = 0
                     self.shared = None
 
             mock_server_obj = TestMockServer(