Login issues in 8.12

[dasunsrule32]

Describe the bug

Upgrading the docker version from 8.11 > 8.12 causes the following issue when attempting to access pgAdmin.

{"success":0,"errormsg":"Object of type Undefined is not JSON serializable","info":"","result":null,"data":null}

I'm using authentik to login via oauth2. Downgrading to 8.11 restores functionality. If I'm already authenticated into pgAdmin and upgrade to 8.12, it will still login in until my session expires, then it will fallback to this error. I tried force setting OAUTH2_USERNAME_CLAIM to email to no avail.

To Reproduce

Steps to reproduce the behavior:

1. Upgrade from 8.11 to 8.12 with oauth2 login enabled.
2. Attempt to access /login
3. See the error

Expected behavior

Login to the webapp without issue.

Error message

{"success":0,"errormsg":"Object of type Undefined is not JSON serializable","info":"","result":null,"data":null}

Additional context

I have the feeling #7839 or #7945 might have something to do with the issue.

Configuration in use:

WTF_CSRF_CHECK_DEFAULT = False
SERVER_MODE = True
MASTER_PASSWORD_REQUIRED = True
AUTHENTICATION_SOURCES = ['oauth2', 'internal']
OAUTH2_AUTO_CREATE_USER = True
OAUTH2_CONFIG = [{
    'OAUTH2_NAME': 'oidc',
    'OAUTH2_DISPLAY_NAME': 'Home ID',
    'OAUTH2_CLIENT_ID': 'pgadmin',
    'OAUTH2_CLIENT_SECRET': 'some-secret',
    'OAUTH2_TOKEN_URL': 'https://auth.domain.com/application/o/token/',
    'OAUTH2_AUTHORIZATION_URL': 'https://auth.domain.com/application/o/authorize/',
    'OAUTH2_API_BASE_URL': 'https://auth.domain.com/application/o/pgadmin/',
    'OAUTH2_USERINFO_ENDPOINT': 'https://auth.domain.com/application/o/userinfo/',
    'OAUTH2_SCOPE': 'openid email profile',
    'OAUTH2_ICON' : 'fa-houzz',
    'OAUTH2_SERVER_METADATA_URL': 'https://auth.domain.com/application/o/pgadmin/.well-known/openid-configuration',
    'OAUTH2_USERNAME_CLAIM': 'email',
    'OAUTH2_ADDITIONAL_CLAIMS': {
      'groups': ["pgAdmin Admins"],
    }
}]

[mrskizzex]

Same issue on 3 different docker hosts where i have similar setup with authentik and Oauth.

[yogeshmahajan-1903]

@dasunsrule32 , @mrskizzex
Can you please share pgadmin logs with log level debug. You can set below variable to set log level to debug

PGADMIN_CONFIG_CONSOLE_LOG_LEVEL: 10

[yogeshmahajan-1903]

@dasunsrule32 , @mrskizzex
Please add below parameter in the OAuth2 config -

'OAUTH2_BUTTON_COLOR': '<value e.g. - #3253a8>',

And try once. Let me know if its working.

[mrskizzex]

Doesn't work unfortunately.

postfix/postlog: starting the Postfix mail system
[2024-09-24 08:18:20 +0000] [1] [INFO] Starting gunicorn 22.0.0
[2024-09-24 08:18:20 +0000] [1] [INFO] Listening at: http://[::]:80 (1)
[2024-09-24 08:18:20 +0000] [1] [INFO] Using worker: gthread
[2024-09-24 08:18:20 +0000] [88] [INFO] Booting worker with pid: 88
2024-09-24 08:18:23,377: INFO	pgadmin:	########################################################
2024-09-24 08:18:23,377: INFO	pgadmin:	Starting pgAdmin 4 v8.12...
2024-09-24 08:18:23,377: INFO	pgadmin:	########################################################
2024-09-24 08:18:23,377: DEBUG	pgadmin:	Python syspath: ['/pgadmin4', '/venv/bin', '/pgadmin4', '/usr/lib/python312.zip', '/usr/lib/python3.12', '/usr/lib/python3.12/lib-dynload', '/venv/lib/python3.12/site-packages', '/usr/lib/python3.12/site-packages', '/venv/lib/python3.12/site-packages/setuptools/_vendor']
2024-09-24 08:18:24,158: INFO	pgadmin:	Registering blueprint module: <AboutModule 'about'>
2024-09-24 08:18:24,159: INFO	pgadmin:	Registering blueprint module: <AuthenticateModule 'authenticate'>
2024-09-24 08:18:24,160: INFO	pgadmin:	Registering blueprint module: <BrowserModule 'browser'>
2024-09-24 08:18:25,200: INFO	pgadmin:	Registering blueprint module: <DashboardModule 'dashboard'>
2024-09-24 08:18:25,211: INFO	pgadmin:	Registering blueprint module: <HelpModule 'help'>
2024-09-24 08:18:25,211: INFO	pgadmin:	Registering blueprint module: <MiscModule 'misc'>
2024-09-24 08:18:26,097: INFO	pgadmin:	Registering blueprint module: <PreferencesModule 'preferences'>
2024-09-24 08:18:26,099: INFO	pgadmin:	Registering blueprint module: <PgAdminModule 'redirects'>
2024-09-24 08:18:26,099: INFO	pgadmin:	Registering blueprint module: <SettingsModule 'settings'>
2024-09-24 08:18:26,101: INFO	pgadmin:	Registering blueprint module: <ToolsModule 'tools'>
2024-09-24 08:18:26,715: DEBUG	pgadmin:	Config server mode: True
2024-09-24 08:18:26,715: DEBUG	pgadmin:	Not running under the desktop runtime, port: 5050
192.168.1.100 - - [24/Sep/2024:08:19:40 +0000] "GET / HTTP/1.1" 302 213 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
2024-09-24 08:19:40,687: ERROR	pgadmin:	Object of type Undefined is not JSON serializable
Traceback (most recent call last):
  File "/venv/lib/python3.12/site-packages/flask/app.py", line 880, in full_dispatch_request
    rv = self.dispatch_request()
         ^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.12/site-packages/flask/app.py", line 865, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)  # type: ignore[no-any-return]
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.12/site-packages/flask_security/decorators.py", line 486, in decorated
    return current_app.ensure_sync(fn)(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.12/site-packages/flask_security/views.py", line 229, in login
    return _security.render_template(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.12/site-packages/flask_security/utils.py", line 1189, in default_render_template
    return render_template(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.12/site-packages/flask/templating.py", line 150, in render_template
    return _render(app, template, context)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.12/site-packages/flask/templating.py", line 131, in _render
    rv = template.render(context)
         ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.12/site-packages/jinja2/environment.py", line 1304, in render
    self.environment.handle_exception()
  File "/venv/lib/python3.12/site-packages/jinja2/environment.py", line 939, in handle_exception
    raise rewrite_traceback_stack(source=source)
  File "/pgadmin4/pgadmin/templates/security/login_user.html", line 30, in top-level template code
    {% extends "security/render_page.html" %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/pgadmin4/pgadmin/templates/security/render_page.html", line 3, in top-level template code
    {% set other_props = {
  File "/pgadmin4/pgadmin/templates/base.html", line 104, in top-level template code
    {% block init_script %}{% endblock %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/pgadmin4/pgadmin/templates/security/render_page.html", line 24, in block 'init_script'
    window.renderSecurityPage('{{page_name}}', {{page_props|tojson|safe}},
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.12/site-packages/jinja2/filters.py", line 1714, in do_tojson
    return htmlsafe_json_dumps(value, dumps=dumps, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.12/site-packages/jinja2/utils.py", line 658, in htmlsafe_json_dumps
    dumps(obj, **kwargs)
  File "/venv/lib/python3.12/site-packages/flask/json/provider.py", line 179, in dumps
    return json.dumps(obj, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/json/__init__.py", line 238, in dumps
    **kw).encode(obj)
          ^^^^^^^^^^^
  File "/usr/lib/python3.12/json/encoder.py", line 200, in encode
    chunks = self.iterencode(o, _one_shot=True)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/json/encoder.py", line 258, in iterencode
    return _iterencode(o, 0)
           ^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.12/site-packages/flask/json/provider.py", line 121, in _default
    raise TypeError(f"Object of type {type(o).__name__} is not JSON serializable")
TypeError: Object of type Undefined is not JSON serializable
192.168.1.100 - - [24/Sep/2024:08:19:40 +0000] "GET /login?next=/ HTTP/1.1" 500 112 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"

config_local.py

AUTHENTICATION_SOURCES = ['oauth2']
OAUTH2_AUTO_CREATE_USER = True
OAUTH2_CONFIG = [{
        'OAUTH2_NAME' : 'authentik',
        'OAUTH2_DISPLAY_NAME' : 'Authentik',
        'OAUTH2_CLIENT_ID' : 'xxx',
        'OAUTH2_CLIENT_SECRET' : 'xxx',
        'OAUTH2_TOKEN_URL' : 'https://auth.xxx.xxx/application/o/token/',
        'OAUTH2_AUTHORIZATION_URL' : 'https://auth.xxx.xxx/application/o/authorize/',
        'OAUTH2_API_BASE_URL' : 'https://auth.xxx.xxx/',
        'OAUTH2_USERINFO_ENDPOINT' : 'https://auth.xxx.xxx/application/o/userinfo/',
        'OAUTH2_SERVER_METADATA_URL' : 'https://auth.xxx.xxx/application/o/pgadmin/.well-known/openid-configuration',
        'OAUTH2_SCOPE' : 'openid email profile',
        #'OAUTH2_ICON' : 'fa-fingerprint',
        'OAUTH2_BUTTON_COLOR' : '#10b8c4'
}]
CONSOLE_LOG_LEVEL = 10

[Farkie]

Seeing this too - had to revert back to 8.11 (dpage/pgadmin4:8.11 rather than dpage/pgadmin4) and it works again

[yogeshmahajan-1903]

Doesn't work unfortunately.

postfix/postlog: starting the Postfix mail system
[2024-09-24 08:18:20 +0000] [1] [INFO] Starting gunicorn 22.0.0
[2024-09-24 08:18:20 +0000] [1] [INFO] Listening at: http://[::]:80 (1)
[2024-09-24 08:18:20 +0000] [1] [INFO] Using worker: gthread
[2024-09-24 08:18:20 +0000] [88] [INFO] Booting worker with pid: 88
2024-09-24 08:18:23,377: INFO	pgadmin:	########################################################
2024-09-24 08:18:23,377: INFO	pgadmin:	Starting pgAdmin 4 v8.12...
2024-09-24 08:18:23,377: INFO	pgadmin:	########################################################
2024-09-24 08:18:23,377: DEBUG	pgadmin:	Python syspath: ['/pgadmin4', '/venv/bin', '/pgadmin4', '/usr/lib/python312.zip', '/usr/lib/python3.12', '/usr/lib/python3.12/lib-dynload', '/venv/lib/python3.12/site-packages', '/usr/lib/python3.12/site-packages', '/venv/lib/python3.12/site-packages/setuptools/_vendor']
2024-09-24 08:18:24,158: INFO	pgadmin:	Registering blueprint module: <AboutModule 'about'>
2024-09-24 08:18:24,159: INFO	pgadmin:	Registering blueprint module: <AuthenticateModule 'authenticate'>
2024-09-24 08:18:24,160: INFO	pgadmin:	Registering blueprint module: <BrowserModule 'browser'>
2024-09-24 08:18:25,200: INFO	pgadmin:	Registering blueprint module: <DashboardModule 'dashboard'>
2024-09-24 08:18:25,211: INFO	pgadmin:	Registering blueprint module: <HelpModule 'help'>
2024-09-24 08:18:25,211: INFO	pgadmin:	Registering blueprint module: <MiscModule 'misc'>
2024-09-24 08:18:26,097: INFO	pgadmin:	Registering blueprint module: <PreferencesModule 'preferences'>
2024-09-24 08:18:26,099: INFO	pgadmin:	Registering blueprint module: <PgAdminModule 'redirects'>
2024-09-24 08:18:26,099: INFO	pgadmin:	Registering blueprint module: <SettingsModule 'settings'>
2024-09-24 08:18:26,101: INFO	pgadmin:	Registering blueprint module: <ToolsModule 'tools'>
2024-09-24 08:18:26,715: DEBUG	pgadmin:	Config server mode: True
2024-09-24 08:18:26,715: DEBUG	pgadmin:	Not running under the desktop runtime, port: 5050
192.168.1.100 - - [24/Sep/2024:08:19:40 +0000] "GET / HTTP/1.1" 302 213 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
2024-09-24 08:19:40,687: ERROR	pgadmin:	Object of type Undefined is not JSON serializable
Traceback (most recent call last):
  File "/venv/lib/python3.12/site-packages/flask/app.py", line 880, in full_dispatch_request
    rv = self.dispatch_request()
         ^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.12/site-packages/flask/app.py", line 865, in dispatch_request
    return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)  # type: ignore[no-any-return]
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.12/site-packages/flask_security/decorators.py", line 486, in decorated
    return current_app.ensure_sync(fn)(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.12/site-packages/flask_security/views.py", line 229, in login
    return _security.render_template(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.12/site-packages/flask_security/utils.py", line 1189, in default_render_template
    return render_template(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.12/site-packages/flask/templating.py", line 150, in render_template
    return _render(app, template, context)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.12/site-packages/flask/templating.py", line 131, in _render
    rv = template.render(context)
         ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.12/site-packages/jinja2/environment.py", line 1304, in render
    self.environment.handle_exception()
  File "/venv/lib/python3.12/site-packages/jinja2/environment.py", line 939, in handle_exception
    raise rewrite_traceback_stack(source=source)
  File "/pgadmin4/pgadmin/templates/security/login_user.html", line 30, in top-level template code
    {% extends "security/render_page.html" %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/pgadmin4/pgadmin/templates/security/render_page.html", line 3, in top-level template code
    {% set other_props = {
  File "/pgadmin4/pgadmin/templates/base.html", line 104, in top-level template code
    {% block init_script %}{% endblock %}
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/pgadmin4/pgadmin/templates/security/render_page.html", line 24, in block 'init_script'
    window.renderSecurityPage('{{page_name}}', {{page_props|tojson|safe}},
    ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.12/site-packages/jinja2/filters.py", line 1714, in do_tojson
    return htmlsafe_json_dumps(value, dumps=dumps, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.12/site-packages/jinja2/utils.py", line 658, in htmlsafe_json_dumps
    dumps(obj, **kwargs)
  File "/venv/lib/python3.12/site-packages/flask/json/provider.py", line 179, in dumps
    return json.dumps(obj, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/json/__init__.py", line 238, in dumps
    **kw).encode(obj)
          ^^^^^^^^^^^
  File "/usr/lib/python3.12/json/encoder.py", line 200, in encode
    chunks = self.iterencode(o, _one_shot=True)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.12/json/encoder.py", line 258, in iterencode
    return _iterencode(o, 0)
           ^^^^^^^^^^^^^^^^^
  File "/venv/lib/python3.12/site-packages/flask/json/provider.py", line 121, in _default
    raise TypeError(f"Object of type {type(o).__name__} is not JSON serializable")
TypeError: Object of type Undefined is not JSON serializable
192.168.1.100 - - [24/Sep/2024:08:19:40 +0000] "GET /login?next=/ HTTP/1.1" 500 112 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"

config_local.py

AUTHENTICATION_SOURCES = ['oauth2']
OAUTH2_AUTO_CREATE_USER = True
OAUTH2_CONFIG = [{
        'OAUTH2_NAME' : 'authentik',
        'OAUTH2_DISPLAY_NAME' : 'Authentik',
        'OAUTH2_CLIENT_ID' : 'xxx',
        'OAUTH2_CLIENT_SECRET' : 'xxx',
        'OAUTH2_TOKEN_URL' : 'https://auth.xxx.xxx/application/o/token/',
        'OAUTH2_AUTHORIZATION_URL' : 'https://auth.xxx.xxx/application/o/authorize/',
        'OAUTH2_API_BASE_URL' : 'https://auth.xxx.xxx/',
        'OAUTH2_USERINFO_ENDPOINT' : 'https://auth.xxx.xxx/application/o/userinfo/',
        'OAUTH2_SERVER_METADATA_URL' : 'https://auth.xxx.xxx/application/o/pgadmin/.well-known/openid-configuration',
        'OAUTH2_SCOPE' : 'openid email profile',
        #'OAUTH2_ICON' : 'fa-fingerprint',
        'OAUTH2_BUTTON_COLOR' : '#10b8c4'
}]
CONSOLE_LOG_LEVEL = 10

Hi,

Please remove comment from OAUTH2_ICON line. Please make sure you have OAUTH2_NAME, OAUTH2_BUTTON_COLOR, OAUTH2_DISPLAY_NAME, OAUTH2_ICON specified in OAuth2 config.

I am able to reproduce the issue only if any one of the key missing from
OAUTH2_NAME, OAUTH2_BUTTON_COLOR, OAUTH2_DISPLAY_NAME, OAUTH2_ICON OAuth2 config.

[mrskizzex]

Thanks it works now but it's quite stupid that icon is required now. It's been working just fine without it for a looong time.

Is there any list what icons can be used? I tried using 'fa-lock' instead of github but it doesn't work.

fa-github

fa-lock

I also tried multiple other free ones i found on https://fontawesome.com/search?o=r&m=free but none work.

[nerdlich]

Same here for any free fa icons.
These settings work for me to keep the old look (default color, no icon):
"OAUTH2_BUTTON_COLOR": "None", "OAUTH2_ICON": "None"

I agree, these keys should not be mandatory, their absence should imply 'None'.

[khushboovashi]

This will be fixed in the upcoming release.

[radiochild577]

'OAUTH2_BUTTON_COLOR': '<value e.g. - #3253a8>',

This worked for me. Thanks!

[dasunsrule32]

Adding OAUTH2_BUTTON_COLOR got it up and running on 8.12.0 for me as well. Sorry I wasn't able to reply earlier with logs, I've been a bit busy.