Add the config option ALLOW_SAVE_PASSWORD to allow admins to disable saving of passwords. Fixes #2232

web/config.py

@@ -202,6 +202,10 @@ SQLITE_PATH = env('SQLITE_PATH') or os.path.join(DATA_DIR, 'pgadmin4.db')
 # (Default: 500 milliseconds)
 SQLITE_TIMEOUT = 500
 
+# Allow database connection passwords to be saved if the user chooses.
+# Set to False to disable password saving.
+ALLOW_SAVE_PASSWORD = True
+
 ##########################################################################
 # Server-side session storage path
 #
@@ -333,3 +337,4 @@ try:
     from config_local import *
 except ImportError:
     pass
+

web/pgadmin/browser/server_groups/servers/__init__.py

@@ -595,7 +595,8 @@ class ServerNode(PGChildNodeView):
                         errormsg=gettext(u"Unable to connect to server:\n\n%s" % errmsg)
                     )
                 else:
-                    if 'save_password' in data and data['save_password'] and have_password:
+                    if 'save_password' in data and data['save_password'] and \
+                            have_password and config.ALLOW_SAVE_PASSWORD:
                         setattr(server, 'password', password)
                         db.session.commit()
 
@@ -809,7 +810,7 @@ class ServerNode(PGChildNodeView):
                 )
             )
         else:
-            if save_password:
+            if save_password and config.ALLOW_SAVE_PASSWORD:
                 try:
                     # Save the encrypted password using the user's login
                     # password key.
@@ -1012,7 +1013,7 @@ class ServerNode(PGChildNodeView):
             password = encrypt(data['newPassword'], user.password)
             # Check if old password was stored in pgadmin4 sqlite database.
             # If yes then update that password.
-            if server.password is not None:
+            if server.password is not None and config.ALLOW_SAVE_PASSWORD:
                 setattr(server, 'password', password)
                 db.session.commit()
             # Also update password in connection manager.

web/pgadmin/browser/server_groups/servers/templates/servers/password.html

@@ -13,7 +13,9 @@
                 <input style="width:100%" id="password" class="form-control" name="password" type="password">
             </span>
             <span style="margin-left: 25%; padding-top: 15px;width: 45%;display: inline-block;">
-                <input id="save_password" name="save_password" type="checkbox">&nbsp;&nbsp;Save Password
+                <input id="save_password" name="save_password" type="checkbox"
+                       {% if not config.ALLOW_SAVE_PASSWORD  %}disabled{% endif %}
+                >&nbsp;&nbsp;Save Password
             </span>
         </div>
         <div style="padding: 5px; height: 1px;"></div>

web/pgadmin/browser/server_groups/servers/templates/servers/servers.js

@@ -676,6 +676,9 @@ function($, _, S, pgAdmin, pgBrowser, alertify) {
           group: "{{ 'Connection' }}", mode: ['create'], deps: ['connect_now'],
           visible: function(m) {
             return m.get('connect_now') && m.isNew();
+          },
+          disabled: function(m) {
+            return {% if config.ALLOW_SAVE_PASSWORD %}false{% else %}true{% endif %};
           }
         },{
           id: 'role', label:'{{ _('Role') }}', type: 'text', group: "{{ 'Connection' }}",