def change_password(): """View function which handles a change password request.""" has_error = False form_class = _security.change_password_form if request.json: form = form_class(MultiDict(request.json)) else: form = form_class() if form.validate_on_submit(): try: change_user_password(current_user._get_current_object(), form.new_password.data) except SOCKETErrorException as e: # Handle socket errors which are not covered by SMTPExceptions. logging.exception(str(e), exc_info=True) flash(gettext(SMTP_SOCKET_ERROR).format(e), 'danger') has_error = True except (SMTPConnectError, SMTPResponseException, SMTPServerDisconnected, SMTPDataError, SMTPHeloError, SMTPException, SMTPAuthenticationError, SMTPSenderRefused, SMTPRecipientsRefused) as e: # Handle smtp specific exceptions. logging.exception(str(e), exc_info=True) flash(gettext(SMTP_ERROR).format(e), 'danger') has_error = True except Exception as e: # Handle other exceptions. logging.exception(str(e), exc_info=True) flash(gettext(PASS_ERROR).format(e), 'danger') has_error = True if request.json is None and not has_error: after_this_request(view_commit) do_flash(*get_message('PASSWORD_CHANGE')) old_key = get_crypt_key()[1] set_crypt_key(form.new_password.data, False) from pgadmin.browser.server_groups.servers.utils \ import reencrpyt_server_passwords reencrpyt_server_passwords(current_user.id, old_key, form.new_password.data) return redirect( get_url(_security.post_change_view) or get_url(_security.post_login_view)) if request.json and not has_error: form.user = current_user return default_render_json(form) return _security.render_template( config_value('CHANGE_PASSWORD_TEMPLATE'), change_password_form=form, **_ctx('change_password'))
def set_master_password(): """ Set the master password and store in the memory This password will be used to encrypt/decrypt saved server passwords """ data = None if hasattr(request.data, 'decode'): data = request.data.decode('utf-8') if data != '': data = json.loads(data) # Master password is not applicable for server mode if not config.SERVER_MODE and config.MASTER_PASSWORD_REQUIRED: # if master pass is set previously if current_user.masterpass_check is not None and \ data.get('button_click') and \ not validate_master_password(data.get('password')): return form_master_password_response( existing=True, present=False, errmsg=gettext("Incorrect master password")) if data != '' and data.get('password', '') != '': # store the master pass in the memory set_crypt_key(data.get('password')) if current_user.masterpass_check is None: # master check is not set, which means the server password # data is old and is encrypted with old key # Re-encrypt with new key from pgadmin.browser.server_groups.servers.utils \ import reencrpyt_server_passwords reencrpyt_server_passwords(current_user.id, current_user.password, data.get('password')) # set the encrypted sample text with the new # master pass set_masterpass_check_text(data.get('password')) elif not get_crypt_key()[0] and \ current_user.masterpass_check is not None: return form_master_password_response( existing=True, present=False, ) elif not get_crypt_key()[0]: error_message = None if data.get('button_click') and data.get('password') == '': # If user attempted to enter a blank password, then throw error error_message = gettext("Master password cannot be empty") return form_master_password_response(existing=False, present=False, errmsg=error_message) # if master password is disabled now, but was used once then # remove all the saved passwords process_masterpass_disabled() if config.SERVER_MODE and current_user.masterpass_check is None: crypt_key = get_crypt_key()[1] from pgadmin.browser.server_groups.servers.utils \ import reencrpyt_server_passwords reencrpyt_server_passwords(current_user.id, current_user.password, crypt_key) set_masterpass_check_text(crypt_key) return form_master_password_response(present=True, )