Only User(internal administrator) Can be deleted from pgadmin4-web #7616
Description
Describe the bug
The only user (internal administrator) that will be used to login to the pgadmin4 panel can be deleted, and no consequences have been shown. (I was just experimenting.)
Later I uninstalled and then reinstalled the pgadmin4-web again. but it didn't ask for email and password later.
I was able to fix it by adding user from command line and then updating its password from
sudo /usr/pgadmin4/venv/bin/python3 /usr/pgadmin4/web/setup.py add-user user1@gmail.com password --admin --activethen
sudo /usr/pgadmin4/venv/bin/python3 /usr/pgadmin4/web/setup.py update-user user1@gmail.com --password new-passwordTo Reproduce
Steps to reproduce the behavior:
- Login to the panel with pgadmin4-web (with administrator account)
- Click on your email (top-right) -> users
- A dialog box for
User Managementwill be shown. - Suppose I have only 1 account (internal administrator) and that is in the list.
- I can delete the only account.
- Now I cannot login with that account and cannot reset the password for that account.
Expected behavior
- Prevent user from deleting the only account.
- At least show consequences so that the user will not be able to proceed further.
Error message
"Incorrect username or password"
Screenshots
Desktop (please complete the following information):
- OS: Kubuntu
- Version: 24.04
- Mode: Server
- Browser (if running in server mode): Brave Browser, Version 1.67.119 Chromium: 126.0.6478.114 (Official Build) (64-bit)
- Package type: Python
- Postgres: psql (PostgreSQL) 16.3 (Ubuntu 16.3-1.pgdg24.04+1)
Additional context
The user should not be able to delete the account without being informed about consequences.
Server Configuration:
ALLOW_SAVE_PASSWORD = True
ALLOW_SAVE_TUNNEL_PASSWORD = False
APP_COPYRIGHT = "Copyright (C) 2013 - 2024, The pgAdmin Development Team"
APP_DEFAULT_EMAIL = "pgadmin4@pgadmin.org"
APP_ICON = "pg-icon"
APP_NAME = "pgAdmin 4"
APP_PATH = "pgadmin"
APP_RELEASE = 8
APP_REVISION = 8
APP_SHORT_NAME = "pgadmin4"
APP_SUFFIX = ""
APP_VERSION = "8.8"
APP_VERSION_EXTN = ('.css', '.js', '.html', '.svg', '.png', '.gif', '.ico')
APP_VERSION_INT = 80800
APP_VERSION_PARAM = "ver"
APP_WIN_PATH = "pgAdmin"
AUTHENTICATION_SOURCES = ['internal']
AUTO_DISCOVER_SERVERS = True
AZURE_CREDENTIAL_CACHE_DIR = "/var/lib/pgadmin/azurecredentialcache"
CA_FILE = "/usr/pgadmin4/web/cacert.pem"
CHECK_EMAIL_DELIVERABILITY = False
CHECK_SESSION_FILES_INTERVAL = 24
CHECK_SUPPORTED_BROWSER = True
COMPRESS_LEVEL = 9
COMPRESS_MIMETYPES = ['text/html', 'text/css', 'text/xml', 'text/javascript', 'application/json', 'application/javascript']
COMPRESS_MIN_SIZE = 500
CONFIG_DATABASE_CONNECTION_MAX_OVERFLOW = 100
CONFIG_DATABASE_CONNECTION_POOL_SIZE = 5
CONFIG_DATABASE_URI = ""
CONSOLE_LOG_FORMAT = "%(asctime)s: %(levelname)s %(name)s: %(message)s"
CONSOLE_LOG_FORMAT_JSON = OrderedDict({'time': 'asctime', 'message': 'message', 'level': 'levelname'})
CONSOLE_LOG_LEVEL = 30
CONTENT_SECURITY_POLICY = "default-src ws: http: data: blob: 'unsafe-inline' 'unsafe-eval';"
COOKIE_DEFAULT_DOMAIN = None
COOKIE_DEFAULT_PATH = "/"
DATA_DIR = "/var/lib/pgadmin"
DEBUG = False
DEFAULT_BINARY_PATHS = {'pg': '/usr/bin', 'ppas': ''}
DEFAULT_SERVER = "127.0.0.1"
DEFAULT_SERVER_PORT = 5050
DESKTOP_USER = "pgadmin4@pgadmin.org"
DISABLED_LOCAL_PASSWORD_STORAGE = True
EFFECTIVE_SERVER_PORT = 5050
ENABLE_BINARY_PATH_BROWSING = False
ENABLE_PSQL = False
ENABLE_SERVER_PASS_EXEC_CMD = False
ENHANCED_COOKIE_PROTECTION = True
FILE_LOG_FORMAT = "%(asctime)s: %(levelname)s %(name)s: %(message)s"
FILE_LOG_FORMAT_JSON = OrderedDict({'time': 'asctime', 'message': 'message', 'level': 'levelname'})
FILE_LOG_LEVEL = 30
FIXED_BINARY_PATHS = {'pg': '', 'pg-12': '', 'pg-13': '', 'pg-14': '', 'pg-15': '', 'pg-16': '', 'ppas': '', 'ppas-12': '', 'ppas-13': '', 'ppas-14': '', 'ppas-15': '', 'ppas-16': ''}
HELP_PATH = "../../../share/docs/en_US/html/"
IS_WIN = False
JSON_LOGGER = False
KERBEROS_CCACHE_DIR = "/var/lib/pgadmin/krbccache"
KEYRING_NAME = ""
KRB_APP_HOST_NAME = "127.0.0.1"
KRB_AUTO_CREATE_USER = True
KRB_KTNAME = "<KRB5_KEYTAB_FILE>"
LANGUAGES = {'en': 'English', 'zh': 'Chinese (Simplified)', 'cs': 'Czech', 'fr': 'French', 'de': 'German', 'id': 'Indonesian', 'it': 'Italian', 'ja': 'Japanese', 'ko': 'Korean', 'pl': 'Polish', 'pt_BR': 'Portuguese (Brazilian)', 'ru': 'Russian', 'es': 'Spanish'}
LDAP_ANONYMOUS_BIND = False
LDAP_AUTO_CREATE_USER = True
LDAP_BASE_DN = "<Base-DN>"
LDAP_BIND_FORMAT = "{LDAP_USERNAME_ATTRIBUTE}={LDAP_USERNAME},{LDAP_BASE_DN}"
LDAP_BIND_USER = None
LDAP_CA_CERT_FILE = ""
LDAP_CERT_FILE = ""
LDAP_CONNECTION_TIMEOUT = 10
LDAP_DN_CASE_SENSITIVE = False
LDAP_IGNORE_MALFORMED_SCHEMA = False
LDAP_KEY_FILE = ""
LDAP_SEARCH_BASE_DN = "<Search-Base-DN>"
LDAP_SEARCH_FILTER = "(objectclass=*)"
LDAP_SEARCH_SCOPE = "SUBTREE"
LDAP_SERVER_URI = "ldap://<ip-address>:<port>"
LDAP_USERNAME_ATTRIBUTE = "<User-id>"
LDAP_USE_STARTTLS = False
LOGIN_ATTEMPT_FIELDS = ['password']
LOGIN_BANNER = ""
LOG_FILE = "/var/log/pgadmin/pgadmin4.log"
LOG_ROTATION_AGE = 1440
LOG_ROTATION_MAX_LOG_FILES = 90
LOG_ROTATION_SIZE = 10
MAIL_DEBUG = False
MAIL_PORT = 25
MAIL_SERVER = "localhost"
MAIL_USERNAME = ""
MAIL_USE_SSL = False
MAIL_USE_TLS = False
MASTER_PASSWORD_HOOK = None
MASTER_PASSWORD_REQUIRED = True
MAX_LOGIN_ATTEMPTS = 3
MAX_QUERY_HIST_STORED = 20
MAX_SESSION_IDLE_TIME = 60
MFA_EMAIL_SUBJECT = None
MFA_ENABLED = True
MFA_FORCE_REGISTRATION = False
MFA_SUPPORTED_METHODS = ['email', 'authenticator']
MODULE_BLACKLIST = ['test']
NODE_BLACKLIST = []
OAUTH2_AUTO_CREATE_USER = True
OAUTH2_CONFIG = [{'OAUTH2_NAME': None, 'OAUTH2_DISPLAY_NAME': '<Oauth2 Display Name>', 'OAUTH2_CLIENT_ID': None, 'OAUTH2_CLIENT_SECRET': None, 'OAUTH2_TOKEN_URL': None, 'OAUTH2_AUTHORIZATION_URL': None, 'OAUTH2_SERVER_METADATA_URL': None, 'OAUTH2_API_BASE_URL': None, 'OAUTH2_USERINFO_ENDPOINT': None, 'OAUTH2_SCOPE': None, 'OAUTH2_USERNAME_CLAIM': None, 'OAUTH2_ICON': None, 'OAUTH2_BUTTON_COLOR': None, 'OAUTH2_ADDITIONAL_CLAIMS': None, 'OAUTH2_SSL_CERT_VERIFICATION': True, 'OAUTH2_LOGOUT_URL': None}]
ON_DEMAND_RECORD_COUNT = 1000
OVERRIDE_USER_INACTIVITY_TIMEOUT = True
PASSWORD_LENGTH_MIN = 6
PG_DEFAULT_DRIVER = "psycopg3"
PROXY_X_FOR_COUNT = 1
PROXY_X_HOST_COUNT = 0
PROXY_X_PORT_COUNT = 1
PROXY_X_PREFIX_COUNT = 0
PROXY_X_PROTO_COUNT = 1
SECURITY_CHANGEABLE = True
SECURITY_EMAIL_SENDER = "no-reply@localhost"
SECURITY_EMAIL_SUBJECT_PASSWORD_CHANGE_NOTICE = "Your password for pgAdmin 4 has been changed"
SECURITY_EMAIL_SUBJECT_PASSWORD_NOTICE = "Your pgAdmin 4 password has been reset"
SECURITY_EMAIL_SUBJECT_PASSWORD_RESET = "Password reset instructions for pgAdmin 4"
SECURITY_EMAIL_VALIDATOR_ARGS = {'check_deliverability': False}
SECURITY_POST_CHANGE_VIEW = "browser.change_password"
SECURITY_RECOVERABLE = True
SEND_FILE_MAX_AGE_DEFAULT = 31556952
SERVER_HEARTBEAT_TIMEOUT = 30
SERVER_MODE = True
SESSION_COOKIE_DOMAIN = None
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_NAME = "pga4_session"
SESSION_COOKIE_PATH = "/"
SESSION_COOKIE_SAMESITE = "Lax"
SESSION_COOKIE_SECURE = False
SESSION_DB_PATH = "/var/lib/pgadmin/sessions"
SESSION_EXPIRATION_TIME = 1
SESSION_SKIP_PATHS = ['/misc/ping']
SETTINGS_SCHEMA_VERSION = 40
SHARED_STORAGE = []
SHOW_GRAVATAR_IMAGE = True
SQLALCHEMY_TRACK_MODIFICATIONS = False
SQLITE_PATH = "/var/lib/pgadmin/pgadmin4.db"
SQLITE_TIMEOUT = 500
STORAGE_DIR = "/var/lib/pgadmin/storage"
STRICT_TRANSPORT_SECURITY = "max-age=31536000; includeSubDomains"
STRICT_TRANSPORT_SECURITY_ENABLED = False
SUPPORT_SSH_TUNNEL = True
TEST_SQLITE_PATH = "/var/lib/pgadmin/test_pgadmin4.db"
THREADED_MODE = True
UPGRADE_CHECK_ENABLED = True
UPGRADE_CHECK_KEY = "pgadmin4"
UPGRADE_CHECK_URL = "https://www.pgadmin.org/versions.json"
USER_INACTIVITY_TIMEOUT = 0
WEBSERVER_AUTO_CREATE_USER = True
WEBSERVER_REMOTE_USER = "REMOTE_USER"
WEB_SERVER = "Python"
WTF_CSRF_HEADERS = ['X-pgA-CSRFToken']
X_CONTENT_TYPE_OPTIONS = "nosniff"
X_FRAME_OPTIONS = "SAMEORIGIN"
X_XSS_PROTECTION = "1; mode=block"