Prevent the "Please login to access this page" message displaying multiple times. Fixes #4306

docs/en_US/release_notes_4_9.rst

@@ -23,6 +23,7 @@ Bug fixes
 | `Bug #4288 <https://redmine.postgresql.org/issues/4288>`_ - Initial support for PostgreSQL 12.
 | `Bug #4290 <https://redmine.postgresql.org/issues/4290>`_ - Initial support for PostgreSQL 12.
 | `Bug #4255 <https://redmine.postgresql.org/issues/4255>`_ - Prevent the geometry viewer grabbing key presses when not in focus under Firefox, IE and Edge.
+| `Bug #4306 <https://redmine.postgresql.org/issues/4306>`_ - Prevent the "Please login to access this page" message displaying multiple times.
 | `Bug #4310 <https://redmine.postgresql.org/issues/4310>`_ - Ensure that the Return key can be used to submit the Master Password dialogue.
 | `Bug #4317 <https://redmine.postgresql.org/issues/4317>`_ - Ensure that browser auto-fill doesn't cause Help pages to be opened unexpectedly.
 | `Bug #4320 <https://redmine.postgresql.org/issues/4320>`_ - Fix issue where SSH tunnel connection using password is failing, it's regression of Master Password.

web/pgadmin/__init__.py

@@ -646,8 +646,11 @@ def create_app(app_name=None):
         # if the server is restarted the in memory key will be lost
         # but the user session may still be active. Logout the user
         # to get the key again when login
-        if config.SERVER_MODE and current_app.keyManager.get() is None:
-            logout_user()
+        if config.SERVER_MODE and current_user.is_authenticated:
+            if current_app.keyManager.get() is None and \
+                    request.endpoint not in ('security.login',
+                                             'security.logout'):
+                logout_user()
 
     @app.after_request
     def after_request(response):

web/pgadmin/browser/templates/browser/index.html

@@ -78,7 +78,6 @@ require.onResourceLoad = function (context, map, depMaps) {
 window.onload = function(e){
  setTimeout(function() {
    var gravatarImg = {{ IMG.PREPARE_HTML()|safe }}
-   //$('#navbar-menu .navbar-right > li > a').html(gravatarImg);
    var navbarUser = document.getElementById("navbar-user");
    if (navbarUser) {
      navbarUser.innerHTML = gravatarImg;
@@ -88,6 +87,10 @@ window.onload = function(e){
 {% endif %}
 {% endblock %}
 
+{% block css_link %}
+<link type="text/css" rel="stylesheet" href="{{ url_for('browser.browser_css')}}"/>
+{% endblock %}
+
 {% block body %}
 <div id="pg-spinner" class="pg-sp-container">
   <div class="pg-sp-content">

web/pgadmin/templates/base.html

@@ -20,7 +20,6 @@
 
     <!-- Base template stylesheets -->
     <link type="text/css" rel="stylesheet" href="{{ url_for('static', filename='vendor/backgrid/backgrid.css')}}"/>
-    <link type="text/css" rel="stylesheet" href="{{ url_for('browser.browser_css')}}"/>
     <link type="text/css" rel="stylesheet" href="{{ url_for('static', filename='js/generated/style.css')}}"/>
     <link type="text/css" rel="stylesheet" href="{{ url_for('static', filename='js/generated/pgadmin.css')}}"/>
     <link type="text/css" rel="stylesheet" href="{{ url_for('static', filename='css/alertify.noanimation.css')}}" id="alertify-no-animation"/>

web/pgadmin/utils/session.py

@@ -364,7 +364,10 @@ def pga_unauthorised():
             info='PGADMIN_LOGIN_REQUIRED'
         )
 
-    if login_message:
+    # flash messages are only required if the request was from a
+    # security page, otherwise it will be redirected to login page
+    # anyway
+    if login_message and 'security' in request.endpoint:
         flash(login_message, category=lm.login_message_category)
 
     return redirect(login_url(lm.login_view, request.url))