root: correctly use correct schema for install_id

authentik/root/install_id.py

@@ -7,7 +7,12 @@
 
 from authentik.lib.config import CONFIG
 
-QUERY = """SELECT id FROM %s.authentik_install_id ORDER BY id LIMIT 1;"""
+# We need to string format the query as tables and schemas can't be set by parameters
+# not a security issue as the config value is set by the person installing authentik
+# which also has postgres credentials etc
+QUERY = """SELECT id FROM {}.authentik_install_id ORDER BY id LIMIT 1;""".format(  # nosec
+    CONFIG.get("postgresql.default_schema")
+)
 
 
 @lru_cache
@@ -20,7 +25,7 @@ def get_install_id() -> str:
     if settings.TEST:
         return str(uuid4())
     with connection.cursor() as cursor:
-        cursor.execute(QUERY, (CONFIG.get("postgresql.default_schema")))
+        cursor.execute(QUERY)
         return cursor.fetchone()[0]
 
 
@@ -40,5 +45,5 @@ def get_install_id_raw():
         sslkey=CONFIG.get("postgresql.sslkey"),
     )
     cursor = conn.cursor()
-    cursor.execute(QUERY, params=(CONFIG.get("postgresql.default_schema")))
+    cursor.execute(QUERY)
     return cursor.fetchone()[0]