search

pgadmin-org / pgadmin4

pgAdmin is the most popular and feature rich Open Source administration and development platform for PostgreSQL, the most advanced Open Source database in the world.
https://www.pgadmin.org
Other
2.42k stars 634 forks source link

Can't use accounts with .local emails #6222

Open countessellis opened 1 year ago

countessellis commented 1 year ago

Good Morning,

I have an air gapped environment I'm trying to run PgAdmin4 in. I'm currently running 4.7, with the 4.7 docker image. When my users attempt to log in with LDAP, or if I try to create an account for someone, I get the following error:

The domain name is a special-use or reserved name that cannot be used with email

In this environment all emails are in a domain ending with .local. Is there any way to make PgAdmin4 allow email addressed with that naming? If not, is there a way to prevent it from populating the email field on successful LDAP login? If there isn't a way, can a way be added?

I'm having troubles tracking down where the error message comes from in the source, so I'm not sure how I could modify it.

Thanks, ~Bethany

adityatoshniwal commented 1 year ago

Hi @countessellis, pgAdmin internally uses https://pypi.org/project/email-validator/ package which do not allow special use domain names listed here - https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml. A workaround suggested is to remove the special domain using the below code:

import email_validator
email_validator.SPECIAL_USE_DOMAIN_NAMES.remove("local")

You can put this code in custom config_local.py or config_system.py file. Please read https://www.pgadmin.org/docs/pgadmin4/7.0/config_py.html#the-config-py-file for more details.

Thanks.

countessellis commented 1 year ago

Thanks, that worked!

immanuel-h commented 1 year ago

Having run into the same issue, I do not think pgadmin should validate an email address on login, exactly because of changes like this. An address that was valid in the past during registration might not be "valid" any more after an update and then users are locked out.

adityatoshniwal commented 1 month ago

It would be wise to introduce a new config var ALLOW_SPECIAL_EMAIL_DOMAINS = [] as an array so that users do not need to add a code snippet and would work directly using env var. I'm reopening this issue.

AlexWinder commented 3 days ago

Hi @countessellis, pgAdmin internally uses https://pypi.org/project/email-validator/ package which do not allow special use domain names listed here - https://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml. A workaround suggested is to remove the special domain using the below code:

import email_validator
email_validator.SPECIAL_USE_DOMAIN_NAMES.remove("local")

You can put this code in custom config_local.py or config_system.py file. Please read https://www.pgadmin.org/docs/pgadmin4/7.0/config_py.html#the-config-py-file for more details.

Thanks.

This no longer works as of 8.11, or at least in my Docker environment I am getting a repetitive spam of:

'admin@test.local' does not appear to be a valid email address. Please reset the PGADMIN_DEFAULT_EMAIL environment variable and try again.

I'm not sure why this decision has been made because some systems don't sit on a server with an FQDN, and I don't feel particularly comfortable with exposing something easily guessable such as example.com, or worst, to make use of a genuine registered FQDN.

How is this solved in 8.11 please so that we can continue to use pgAdmin?