From 80161c317b52f5bf6052bf23450bfa95811a6216 Mon Sep 17 00:00:00 2001
From: yogeshmahajan-1903 <yogesh.mahajan@enterprisedb.com>
Date: Wed, 4 Dec 2024 13:35:31 +0530
Subject: [PATCH] Ensure correct custom SSL certificate passed in connection
 string.#8215

---
 web/pgadmin/__init__.py                             | 6 +++++-
 web/pgadmin/utils/driver/psycopg3/server_manager.py | 6 ++----
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/web/pgadmin/__init__.py b/web/pgadmin/__init__.py
index 8582a0828b4..80ed5c44b03 100644
--- a/web/pgadmin/__init__.py
+++ b/web/pgadmin/__init__.py
@@ -829,7 +829,7 @@ def before_request():
         # but the user session may still be active. Logout the user
         # to get the key again when login
         if config.SERVER_MODE and current_user.is_authenticated and \
-            app.PGADMIN_EXTERNAL_AUTH_SOURCE not in [
+            session['auth_source_manager']['current_source'] not in [
                 KERBEROS, OAUTH2, WEBSERVER] and \
                 current_app.keyManager.get() is None and \
                 request.endpoint not in ('security.login', 'security.logout'):
@@ -915,6 +915,10 @@ def all_exception_handler(e):
     @app.errorhandler(HTTPException)
     def http_exception_handler(e):
         current_app.logger.error(e, exc_info=True)
+        if e.code == 400 and\
+                e.description == 'The CSRF session token is missing.':
+            error = str(e.description) + 'Please refresh the page.'
+            return internal_server_error(errormsg=gettext(error))
         return e
 
     # Intialize the key manager
diff --git a/web/pgadmin/utils/driver/psycopg3/server_manager.py b/web/pgadmin/utils/driver/psycopg3/server_manager.py
index dc451fc7eaa..2378aec0968 100644
--- a/web/pgadmin/utils/driver/psycopg3/server_manager.py
+++ b/web/pgadmin/utils/driver/psycopg3/server_manager.py
@@ -673,13 +673,11 @@ def create_connection_string(self, database, user, password=None):
                 orig_value = value
                 # Getting complete file path if the key is one of the below.
                 if key in ['passfile', 'sslcert', 'sslkey','sslcrl',
-                           'sslcrldir']:
+                           'sslcrldir'] or \
+                        (key == 'sslrootcert' and value != 'system'):
                     with_complete_path = True
                     value = get_complete_file_path(value)
 
-                if key == 'sslrootcert' and value != 'system':
-                    dsn_args[key] = get_complete_file_path(value)
-
                 # If key is hostaddr and ssh tunnel is in use don't overwrite.
                 if key == 'hostaddr' and self.use_ssh_tunnel:
                     continue