policies/expression: remove pb_flow_plan, save flow context directly in context

docs/policies/expression.md

@@ -27,4 +27,11 @@ return False
     - `request.context`: A dictionary with dynamic data. This depends on the origin of the execution.
 - `pb_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external provider.
 - `pb_client_ip`: Client's IP Address or '255.255.255.255' if no IP Address could be extracted. Can be [compared](../expressions/index.md#comparing-ip-addresses)
-- `pb_flow_plan`: Current Plan if Policy is called from the Flow Planner.
+
+Additionally, when the policy is executed from a flow, every variable from the flow's current context is accessible under the `context` object.
+
+This includes the following:
+
+- `prompt_data`: Data which has been saved from a prompt stage or an external source.
+- `application`: The application the user is in the process of authorizing.
+- `pending_user`: The currently pending user

passbook/flows/migrations/0009_source_flows.py

@@ -12,7 +12,7 @@ FLOW_POLICY_EXPRESSION = """# This policy ensures that this flow can only be use
 return pb_is_sso_flow"""
 PROMPT_POLICY_EXPRESSION = """# Check if we've not been given a username by the external IdP
 # and trigger the enrollment flow
-return 'username' not in pb_flow_plan.context.get('prompt_data', {})"""
+return 'username' not in context.get('prompt_data', {})"""
 
 
 def create_default_source_enrollment_flow(

passbook/policies/expression/evaluator.py

@@ -6,7 +6,6 @@ from django.http import HttpRequest
 from structlog import get_logger
 
 from passbook.flows.planner import PLAN_CONTEXT_SSO
-from passbook.flows.views import SESSION_KEY_PLAN
 from passbook.lib.expression.evaluator import BaseEvaluator
 from passbook.lib.utils.http import get_client_ip
 from passbook.policies.types import PolicyRequest, PolicyResult
@@ -31,23 +30,20 @@ class PolicyEvaluator(BaseEvaluator):
 
     def set_policy_request(self, request: PolicyRequest):
         """Update context based on policy request (if http request is given, update that too)"""
-        # update passbook/policies/expression/templates/policy/expression/form.html
         # update docs/policies/expression/index.md
         self._context["pb_is_sso_flow"] = request.context.get(PLAN_CONTEXT_SSO, False)
         if request.http_request:
             self.set_http_request(request.http_request)
         self._context["request"] = request
+        self._context["context"] = request.context
 
     def set_http_request(self, request: HttpRequest):
         """Update context based on http request"""
-        # update passbook/policies/expression/templates/policy/expression/form.html
         # update docs/policies/expression/index.md
         self._context["pb_client_ip"] = ip_address(
             get_client_ip(request) or "255.255.255.255"
         )
         self._context["request"] = request
-        if SESSION_KEY_PLAN in request.session:
-            self._context["pb_flow_plan"] = request.session[SESSION_KEY_PLAN]
 
     def evaluate(self, expression_source: str) -> PolicyResult:
         """Parse and evaluate expression. Policy is expected to return a truthy object.

passbook/policies/expression/migrations/0002_auto_20200926_1156.py

@@ -0,0 +1,28 @@
+# Generated by Django 3.1.1 on 2020-09-26 11:56
+
+from django.apps.registry import Apps
+from django.db import migrations
+from django.db.backends.base.schema import BaseDatabaseSchemaEditor
+
+
+def remove_pb_flow_plan(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
+    ExpressionPolicy = apps.get_model(
+        "passbook_policies_expression", "ExpressionPolicy"
+    )
+
+    db_alias = schema_editor.connection.alias
+
+    for policy in ExpressionPolicy.objects.using(db_alias).all():
+        policy.expression.replace("pb_flow_plan.", "context.")
+        policy.save()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("passbook_policies_expression", "0001_initial"),
+    ]
+
+    operations = [
+        migrations.RunPython(remove_pb_flow_plan),
+    ]