Unverified Commit 62faf6cd authored by Florian Brandes's avatar Florian Brandes
Browse files

pgadmin4: fix CSRF issue 



Without the downgrade of flask-security-too to 5.4.1
pgadmin4 is unusable, because one cannot login.

Alternatively one could disable CSRF altogether with the
module. This would still make the desktop version unusable
and impact security. Therefore flask-security-too is being
downgraded.

Signed-off-by: default avatarFlorian Brandes <florian.brandes@posteo.de>
parent c81c2414

pkgs/tools/admin/pgadmin/default.nix

+12 −1
Original line number Diff line number Diff line
@@ -26,7 +26,18 @@ let 


  # keep the scope, as it is used throughout the derivation and tests

  # this also makes potential future overrides easier

  pythonPackages = python3.pkgs.overrideScope (final: prev: rec { });

  pythonPackages = python3.pkgs.overrideScope (final: prev: rec {

    # Flask 5.4.3 introduces an CSRF error which makes it impossible to login

    # So either we downgrade flask here or use "WTF_CSRF_ENABLED = false" in the

    # module config to disable CSRF.

    flask-security-too = prev.flask-security-too.overridePythonAttrs (oldAttrs: rec {

      version = "5.4.1";

      src = oldAttrs.src.override {

        inherit version;

        hash = "sha256-Ay7+gk+zuUlXtw0LDdsnvSa22z+yE6VR1guu9QmiFvw=";

      };

    });

  });



  offlineCache = fetchYarnDeps {

    yarnLock = ./yarn.lock;