Ensure saved shared server passwords are re-encrypted on password change.#9258

[yogeshmahajan-1903]

Summary by CodeRabbit

Release Notes

• Bug Fixes
  • Password re-encryption process now includes shared server entries, ensuring tunnel passwords and server credentials are properly updated for all shared connections alongside standard server entries.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

The reencrpyt_server_passwords function in utils.py now extends password re-encryption to include SharedServer entries in addition to standard Server entries. For each SharedServer belonging to the current user, the function initializes a driver connection manager and re-encrypts both the server password and tunnel password using the same existing logic applied to standard servers.

Changes

Cohort / File(s)	Summary
Password re-encryption extension for shared servers web/pgadmin/browser/server_groups/servers/utils.py	Added SharedServer import. Extended reencrpyt_server_passwords function to iterate over SharedServer entries and re-encrypt their passwords and tunnel passwords using parallel logic to standard Server entries. Handles driver manager initialization, conditional tunnel password decryption/re-encryption (with bytes-to-string conversion), database commits, and manager session updates.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~15–25 minutes

• Password/encryption logic: Verify re-encryption logic for tunnel passwords is consistent with Server handling and correctly handles bytes-to-string conversion edge cases
• State management: Confirm database session commits and manager session updates occur correctly for each SharedServer entry
• Conditional branches: Review the logic for tunnel password handling across all three scenarios (server password present, manager password present, mixed states)

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the main change: re-encrypting shared server passwords when the master password changes.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

web/pgadmin/browser/server_groups/servers/utils.py (1)

475-499: Consider extracting shared re-encryption logic to reduce duplication.

The password and tunnel password re-encryption logic (lines 480-495) is nearly identical to the Server handling code (lines 455-470). Consider extracting this into a helper function to improve maintainability.

🔎 Suggested refactoring approach:

Create a helper function to handle the tunnel password re-encryption:

def _reencrpyt_tunnel_password(server, manager, old_key, new_key):
    """Re-encrypt tunnel password for a server or shared server."""
    if server.tunnel_password is not None:
        tunnel_password = decrypt(server.tunnel_password, old_key)
        if isinstance(tunnel_password, bytes):
            tunnel_password = tunnel_password.decode()
        
        tunnel_password = encrypt(tunnel_password, new_key)
        setattr(server, 'tunnel_password', tunnel_password)
        manager.tunnel_password = tunnel_password
    elif manager.tunnel_password is not None:
        tunnel_password = decrypt(manager.tunnel_password, old_key)
        
        if isinstance(tunnel_password, bytes):
            tunnel_password = tunnel_password.decode()
        
        tunnel_password = encrypt(tunnel_password, new_key)
        manager.tunnel_password = tunnel_password

Then use it for both Server and SharedServer:

     for server in Server.query.filter_by(user_id=user_id).all():
         manager = driver.connection_manager(server.id)
         _password_check(server, manager, old_key, new_key)
-
-        if server.tunnel_password is not None:
-            tunnel_password = decrypt(server.tunnel_password, old_key)
-            if isinstance(tunnel_password, bytes):
-                tunnel_password = tunnel_password.decode()
-
-            tunnel_password = encrypt(tunnel_password, new_key)
-            setattr(server, 'tunnel_password', tunnel_password)
-            manager.tunnel_password = tunnel_password
-        elif manager.tunnel_password is not None:
-            tunnel_password = decrypt(manager.tunnel_password, old_key)
-
-            if isinstance(tunnel_password, bytes):
-                tunnel_password = tunnel_password.decode()
-
-            tunnel_password = encrypt(tunnel_password, new_key)
-            manager.tunnel_password = tunnel_password
+        _reencrpyt_tunnel_password(server, manager, old_key, new_key)
 
         db.session.commit()
         manager.update_session()
 
     # Ensure saved shared server passwords are re-encrypted.
     for server in SharedServer.query.filter_by(user_id=user_id).all():
         manager = driver.connection_manager(server.id)
         _password_check(server, manager, old_key, new_key)
-
-        if server.tunnel_password is not None:
-            tunnel_password = decrypt(server.tunnel_password, old_key)
-            if isinstance(tunnel_password, bytes):
-                tunnel_password = tunnel_password.decode()
-
-            tunnel_password = encrypt(tunnel_password, new_key)
-            setattr(server, 'tunnel_password', tunnel_password)
-            manager.tunnel_password = tunnel_password
-        elif manager.tunnel_password is not None:
-            tunnel_password = decrypt(manager.tunnel_password, old_key)
-
-            if isinstance(tunnel_password, bytes):
-                tunnel_password = tunnel_password.decode()
-
-            tunnel_password = encrypt(tunnel_password, new_key)
-            manager.tunnel_password = tunnel_password
+        _reencrpyt_tunnel_password(server, manager, old_key, new_key)
 
         db.session.commit()
         manager.update_session()

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4443494 and 202d2bb.

📒 Files selected for processing (1)

• web/pgadmin/browser/server_groups/servers/utils.py (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (1)

web/pgadmin/browser/server_groups/servers/utils.py (2)

web/pgadmin/model/__init__.py (2)

• Server (188-275)
• SharedServer (425-500)

web/pgadmin/utils/crypto.py (2)

• decrypt (47-61)
• encrypt (25-44)

🪛 Ruff (0.14.8)

web/pgadmin/browser/server_groups/servers/utils.py

486-486: Do not call setattr with a constant attribute value. It is not any safer than normal property access.

Replace setattr with assignment

(B010)

⏰ Context from checks skipped due to timeout of 900000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (6)

• GitHub Check: run-feature-tests-pg (16)
• GitHub Check: run-feature-tests-pg (17)
• GitHub Check: run-feature-tests-pg (14)
• GitHub Check: run-feature-tests-pg (13)
• GitHub Check: run-feature-tests-pg (18)
• GitHub Check: run-feature-tests-pg (15)

🔇 Additional comments (1)

web/pgadmin/browser/server_groups/servers/utils.py (1)

22-22: LGTM!

The import of SharedServer is necessary and correct for the new functionality.

[khushboovashi]

The same logic is used for the server. Please make one common function for servers as well as Shared servers.