root: correctly use correct schema for install_id (#13018)

* root: correctly use correct schema for install_id Signed-off-by: Jens Langhammer <jens@goauthentik.io> #13006 * format Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2025-02-13 16:45:06 +01:00
parent 6f9479a085
commit 5904fae80b
1 changed files with 8 additions and 3 deletions
--- a/authentik/root/install_id.py
+++ b/authentik/root/install_id.py
@ -7,7 +7,12 @@ from psycopg import connect

 from authentik.lib.config import CONFIG

-QUERY = """SELECT id FROM %s.authentik_install_id ORDER BY id LIMIT 1;"""
+# We need to string format the query as tables and schemas can't be set by parameters
+# not a security issue as the config value is set by the person installing authentik
+# which also has postgres credentials etc
+QUERY = """SELECT id FROM {}.authentik_install_id ORDER BY id LIMIT 1;""".format(  # nosec
+    CONFIG.get("postgresql.default_schema")
+)


@lru_cache
@ -20,7 +25,7 @@ def get_install_id() -> str:
    if settings.TEST:
        return str(uuid4())
    with connection.cursor() as cursor:
-        cursor.execute(QUERY, (CONFIG.get("postgresql.default_schema")))
+        cursor.execute(QUERY)
        return cursor.fetchone()[0]


@ -40,5 +45,5 @@ def get_install_id_raw():
        sslkey=CONFIG.get("postgresql.sslkey"),
    )
    cursor = conn.cursor()
-    cursor.execute(QUERY, params=(CONFIG.get("postgresql.default_schema")))
+    cursor.execute(QUERY)
    return cursor.fetchone()[0]