Re: [pgAdmin4][Patch]- Feature #7012 - disable master password requirement when using alternative auth source

Hi,

Please find the attached patch to implement the feature #7012 - Disable master password requirement when using alternative auth source

When pgAdmin stores a connection password, it encrypts it using a key that is formed either from the master password, or from the pgAdmin login password for the user. In the case of auth methods such as OAuth, Kerberos or Webserver, pgAdmin doesn't have access to anything long-lived to form the encryption key from, hence it uses the master password. And if the master is disabled, there is no way to store the connection password.

To resolve this, we have added an option to config.py (which defaults to None) for an alternate encryption key. pgAdmin would use this if a) the master password is disabled AND b) there is no suitable key/password available from the auth module for the user. If the option is set to None, pgAdmin works as it does now. 

Thanks,

Khushboo