Password Auth enabling itself (and then not allowing admin to disable it)


I’ve a self-hosted Redash v5 instance that I’ve upgraded to v7. It uses LDAP for auth and so has REDASH_PASSWORD_LOGIN_ENABLED=false set in the environment.

After upgrading to v7 I note that I’m unable to change this setting in the Settings page (checkbox is greyed out), but that if I enable ‘Enable experimental multiple owners support’ then ‘Password Login Enabled’ also gets ticked. After that there’s no way to untick it in the UI as the checkbox is still greyed out (but now ticked!).

Only way I can find to then disable password auth is to manually alter the settings field in the organizations table within the Redash postgreSQL DB.



This seems to be due to ./client/app/pages/settings/organization.js containing:

this.disablePasswordLoginToggle = () => (clientConfig.googleLoginEnabled || this.settings.auth_saml_enabled) === false;

… it doesn’t have any reference to LDAP.

/me digs through the python, although at present I’m not sure I understand what’s in settings.init vs settings.organization