Bug report #13550
Add missing authentication system support to QGIS Server and master password setting
|Affected QGIS version:||master||Regression?:||No|
|Operating System:||Easy fix?:||No|
|Pull Request or Patch supplied:||No||Resolution:|
|Crashes QGIS or corrupts data:||No||Copied to github as #:||21592|
QGIS Server is missing authentication system support (add it), also when launching there is no means of defining the authentication system master password.
Approach to a fix for master password setting:
Add support for passing the master password as an environment variable to a password file, like is done with Postgres and other setups. For example, an env var like QGIS_AUTH_PASSWORD_PATH could be set to a filepath. In QgsAuthManager::instance()->init() the variable could be read, password loaded, then the variable unset in the env. This would also make a great way to allow using Desktop without having to enter your master password every session.
Similarly, the master password could be in an OS's keychain or keyring and be auto-input in the background on launch if that user's OS key cache is unlocked. See Matthias's suggestion for that.
Currently, the master password auto-set can be set via Python, or by way of a custom C++ plugin, on launch setups using a call to QgsAuthManager::instance()->setMasterPassword( "mypassword", true ). However, I think many of the Python bindings should be blocked for the initial release. So, setting an env variable to a password file path seems like a good start, especially for QGIS Server.
Note: for Server, you can already use QGIS_AUTH_DB_DIR_PATH to set the path to a qgis-auth.db dir on the server.