Bug report #13550

Add missing authentication system support to QGIS Server and master password setting

Added by Larry Shaffer almost 4 years ago. Updated almost 4 years ago.

Status:Closed
Priority:High
Assignee:Larry Shaffer
Category:Authentication system
Affected QGIS version:master Regression?:No
Operating System: Easy fix?:No
Pull Request or Patch supplied:No Resolution:
Crashes QGIS or corrupts data:No Copied to github as #:21592

Description

QGIS Server is missing authentication system support (add it), also when launching there is no means of defining the authentication system master password.

Approach to a fix for master password setting:

Add support for passing the master password as an environment variable to a password file, like is done with Postgres and other setups. For example, an env var like QGIS_AUTH_PASSWORD_PATH could be set to a filepath. In QgsAuthManager::instance()->init() the variable could be read, password loaded, then the variable unset in the env. This would also make a great way to allow using Desktop without having to enter your master password every session.

Similarly, the master password could be in an OS's keychain or keyring and be auto-input in the background on launch if that user's OS key cache is unlocked. See Matthias's suggestion for that.

Currently, the master password auto-set can be set via Python, or by way of a custom C++ plugin, on launch setups using a call to QgsAuthManager::instance()->setMasterPassword( "mypassword", true ). However, I think many of the Python bindings should be blocked for the initial release. So, setting an env variable to a password file path seems like a good start, especially for QGIS Server.

Note: for Server, you can already use QGIS_AUTH_DB_DIR_PATH to set the path to a qgis-auth.db dir on the server.

Associated revisions

Revision 0164b09d
Added by Larry Shaffer almost 4 years ago

[auth] Fix #13550; add auth support to Server; read master password file

History

#1 Updated by Larry Shaffer almost 4 years ago

  • Subject changed from QGIS Server can not auto-set authentication system master password to Add missing authentication system support to QGIS Server and master password setting

#2 Updated by Larry Shaffer almost 4 years ago

  • Status changed from Open to Closed

Also available in: Atom PDF