pgadmin4 icon indicating copy to clipboard operation
pgadmin4 copied to clipboard

Published 20 hours ago verified publisher icon pgadmin-org

Email Validation in pkg/docker/entrypoint.sh is too limited

Open spthiel opened this issue 11 months ago • 9 comments

Please note that security bugs or issues should be reported to [email protected].

Describe the bug

The Email-Validation for the docker image assumes a very basic level of emails. This limits out a large amount of possible emails. I.e. admin@localhost, [email protected], etc.

To Reproduce

Steps to reproduce the behavior:

  1. Create a docker compose
  2. Set PGADMIN_DEFAULT_EMAIL to admin@localhost
  3. See the error

Expected behavior

Any email by RFC standards should be accepted

Error message

'admin@localhost' does not appear to be a valid email address. Please reset the PGADMIN_DEFAULT_EMAIL environment variable and try again.

Screenshots

Desktop (please complete the following information):

  • OS: linux mint 21
  • Version: dpage/pgadmin4:latest
  • Mode: any
  • Browser (if running in server mode): any
  • Package type: container

Additional context

Add any other context about the problem here.

spthiel avatar Mar 19 '24 10:03 spthiel

Hi @spthiel, please set PGADMIN_CONFIG_CHECK_EMAIL_DELIVERABILITY to False in the environment variable while creating the docker container and try.

khushboovashi avatar Mar 22 '24 11:03 khushboovashi

Hi @khushboovashi that does not change anything. Even if it did it is likely to be desired to check email deliverability with non standard (but rfc compliant) email formats

spthiel avatar Mar 22 '24 11:03 spthiel

Hi @spthiel, This duplicates #6222, and check my comment here - https://github.com/pgadmin-org/pgadmin4/issues/6222#issuecomment-1530899862. Email deliverability check is disabled by default.

adityatoshniwal avatar Mar 23 '24 05:03 adityatoshniwal

Hi @adityatoshniwal sorry for the delay in response.

I do not believe this duplicates #6222 as that issue deals with user accounts whereas this deals with the administrator email for the docker image. The workaround you supplied is also not possible to use here. As such I do not believe this ticket should be marked as done until at least a workaround for this exists

spthiel avatar Mar 27 '24 14:03 spthiel

Hi @adityatoshniwal sorry for the delay in response.

I do not believe this duplicates #6222 as that issue deals with user accounts whereas this deals with the administrator email for the docker image. The workaround you supplied is also not possible to use here. As such I do not believe this ticket should be marked as done until at least a workaround for this exists

Administrator account is no different from other user accounts.

adityatoshniwal avatar Mar 27 '24 16:03 adityatoshniwal

Administrator account is no different from other user accounts.

It is different as the email address for the administrator is evaluated at https://github.com/pgadmin-org/pgadmin4/blob/master/pkg/docker/entrypoint.sh#L46

spthiel avatar Mar 27 '24 16:03 spthiel

Administrator account is no different from other user accounts.

It is different as the email address for the administrator is evaluated at https://github.com/pgadmin-org/pgadmin4/blob/master/pkg/docker/entrypoint.sh#L46

Yes that eventually is passed on to create a user account where all the validations will be done.

adityatoshniwal avatar Mar 27 '24 16:03 adityatoshniwal

We are stuck in a loop here. To reiterate:

  • I want to use admin@localhost as the default admin for my docker container
  • I can allow this email via the link you posted to #6222
  • I still cannot use admin@localhost as the admin email because the entrypoint denies me to specify this as email and exists the creation of the docker container

spthiel avatar Mar 27 '24 16:03 spthiel

OK now I see what you're trying to say. I will re-open the issue for now. Even if we allow in entrypoint.sh, it might fail in email-validator package we use for email validation. This makes me think that we should somehow use email-validator directly in entrypoint instead of 2 logics to test valid email.

adityatoshniwal avatar Mar 28 '24 04:03 adityatoshniwal

Instead of using two different email validations, we are now employing the email-validator package, which is already used in other parts of pgAdmin4. Therefore, the entrypoint.sh file will only allow emails that comply with the email-validator package.

pravesh-sharma avatar Jul 22 '24 03:07 pravesh-sharma

Tested with docker release candidate. Works fine.

adityatoshniwal avatar Jul 24 '24 05:07 adityatoshniwal

@adityatoshniwal was able to try it today. The solution provided does not resolve the issue at hand, config_local.py does not appear to be read during the entrypoint. As such it is still impossible to allow additional domains in accordance with #6222

spthiel avatar Aug 01 '24 14:08 spthiel

Reopening case for allowing the additional domains from config.py.

khushboovashi avatar Aug 02 '24 04:08 khushboovashi

@adityatoshniwal was able to try it today. The solution provided does not resolve the issue at hand, config_local.py does not appear to be read during the entrypoint. As such it is still impossible to allow additional domains in accordance with #6222

I agree we missed this. I'm thinking we should introduce a new config var ALLOW_SPECIAL_EMAIL_DOMAINS = [] as an array so that users do not need to add a code snippet and would work directly using env var. I've reopened #6222

adityatoshniwal avatar Aug 02 '24 04:08 adityatoshniwal