From 2e42da11ead9af74745f55d95c161c960c00903d Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Fri, 15 Jan 2021 11:26:55 +0100 Subject: [PATCH] policies/event_matcher: simplify validity checking --- authentik/policies/event_matcher/models.py | 12 ++--- authentik/policies/event_matcher/tests.py | 60 +++++++++++----------- swagger.yaml | 1 + 3 files changed, 37 insertions(+), 36 deletions(-) diff --git a/authentik/policies/event_matcher/models.py b/authentik/policies/event_matcher/models.py index 9dd824b77..3d381bc46 100644 --- a/authentik/policies/event_matcher/models.py +++ b/authentik/policies/event_matcher/models.py @@ -74,12 +74,12 @@ class EventMatcherPolicy(Policy): if "event" not in request.context: return PolicyResult(False) event: Event = request.context["event"] - if event.action != self.action: - return PolicyResult(True, "Action matchede.") - if event.client_ip != self.client_ip: - return PolicyResult(True, "Client IP matchede.") - if event.app != self.app: - return PolicyResult(True, "App matchede.") + if event.action == self.action: + return PolicyResult(True, "Action matched.") + if event.client_ip == self.client_ip: + return PolicyResult(True, "Client IP matched.") + if event.app == self.app: + return PolicyResult(True, "App matched.") return PolicyResult(False) class Meta: diff --git a/authentik/policies/event_matcher/tests.py b/authentik/policies/event_matcher/tests.py index 504285d35..156dcf86b 100644 --- a/authentik/policies/event_matcher/tests.py +++ b/authentik/policies/event_matcher/tests.py @@ -10,19 +10,43 @@ from authentik.policies.types import PolicyRequest class TestEventMatcherPolicy(TestCase): """EventMatcherPolicy tests""" - def test_drop_action(self): - """Test drop event""" + def test_match_action(self): + """Test match action""" event = Event.new(EventAction.LOGIN) request = PolicyRequest(get_anonymous_user()) request.context["event"] = event policy: EventMatcherPolicy = EventMatcherPolicy.objects.create( - action=EventAction.LOGIN_FAILED + action=EventAction.LOGIN ) response = policy.passes(request) - self.assertFalse(response.passing) - self.assertTupleEqual(response.messages, ("Action did not match.",)) + self.assertTrue(response.passing) + self.assertTupleEqual(response.messages, ("Action matched.",)) - def test_drop_client_ip(self): + def test_match_client_ip(self): + """Test match client_ip""" + event = Event.new(EventAction.LOGIN) + event.client_ip = "1.2.3.4" + request = PolicyRequest(get_anonymous_user()) + request.context["event"] = event + policy: EventMatcherPolicy = EventMatcherPolicy.objects.create( + client_ip="1.2.3.4" + ) + response = policy.passes(request) + self.assertTrue(response.passing) + self.assertTupleEqual(response.messages, ("Client IP matched.",)) + + def test_match_app(self): + """Test match app""" + event = Event.new(EventAction.LOGIN) + event.app = "foo" + request = PolicyRequest(get_anonymous_user()) + request.context["event"] = event + policy: EventMatcherPolicy = EventMatcherPolicy.objects.create(app="foo") + response = policy.passes(request) + self.assertTrue(response.passing) + self.assertTupleEqual(response.messages, ("App matched.",)) + + def test_drop(self): """Test drop event""" event = Event.new(EventAction.LOGIN) event.client_ip = "1.2.3.4" @@ -33,30 +57,6 @@ class TestEventMatcherPolicy(TestCase): ) response = policy.passes(request) self.assertFalse(response.passing) - self.assertTupleEqual(response.messages, ("Client IP did not match.",)) - - def test_drop_app(self): - """Test drop event""" - event = Event.new(EventAction.LOGIN) - event.app = "foo" - request = PolicyRequest(get_anonymous_user()) - request.context["event"] = event - policy: EventMatcherPolicy = EventMatcherPolicy.objects.create(app="bar") - response = policy.passes(request) - self.assertFalse(response.passing) - self.assertTupleEqual(response.messages, ("App did not match.",)) - - def test_passing(self): - """Test passing event""" - event = Event.new(EventAction.LOGIN) - event.client_ip = "1.2.3.4" - request = PolicyRequest(get_anonymous_user()) - request.context["event"] = event - policy: EventMatcherPolicy = EventMatcherPolicy.objects.create( - client_ip="1.2.3.4" - ) - response = policy.passes(request) - self.assertTrue(response.passing) def test_invalid(self): """Test passing event""" diff --git a/swagger.yaml b/swagger.yaml index db93d3103..044141ba4 100755 --- a/swagger.yaml +++ b/swagger.yaml @@ -7623,6 +7623,7 @@ definitions: created: title: Created type: string + format: date-time readOnly: true event: $ref: '#/definitions/Event'