From 7f3d0113c2d7619e254406d4499d15adb65e5c4b Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 19 Feb 2020 09:51:15 +0100 Subject: [PATCH] policies: remove redundant policies which can be easily implemented with expressions --- passbook/api/v2/urls.py | 6 -- passbook/policies/group/__init__.py | 0 passbook/policies/group/admin.py | 4 - passbook/policies/group/api.py | 21 ----- passbook/policies/group/apps.py | 11 --- passbook/policies/group/forms.py | 21 ----- .../policies/group/migrations/0001_initial.py | 44 ---------- .../policies/group/migrations/__init__.py | 0 passbook/policies/group/models.py | 22 ----- passbook/policies/matcher/__init__.py | 0 passbook/policies/matcher/admin.py | 4 - passbook/policies/matcher/api.py | 25 ------ passbook/policies/matcher/apps.py | 11 --- passbook/policies/matcher/forms.py | 23 ----- .../matcher/migrations/0001_initial.py | 64 -------------- .../policies/matcher/migrations/__init__.py | 0 passbook/policies/matcher/models.py | 83 ------------------- passbook/policies/sso/__init__.py | 0 passbook/policies/sso/admin.py | 4 - passbook/policies/sso/api.py | 21 ----- passbook/policies/sso/apps.py | 11 --- passbook/policies/sso/forms.py | 19 ----- .../policies/sso/migrations/0001_initial.py | 37 --------- passbook/policies/sso/migrations/__init__.py | 0 passbook/policies/sso/models.py | 25 ------ passbook/root/settings.py | 3 - 26 files changed, 459 deletions(-) delete mode 100644 passbook/policies/group/__init__.py delete mode 100644 passbook/policies/group/admin.py delete mode 100644 passbook/policies/group/api.py delete mode 100644 passbook/policies/group/apps.py delete mode 100644 passbook/policies/group/forms.py delete mode 100644 passbook/policies/group/migrations/0001_initial.py delete mode 100644 passbook/policies/group/migrations/__init__.py delete mode 100644 passbook/policies/group/models.py delete mode 100644 passbook/policies/matcher/__init__.py delete mode 100644 passbook/policies/matcher/admin.py delete mode 100644 passbook/policies/matcher/api.py delete mode 100644 passbook/policies/matcher/apps.py delete mode 100644 passbook/policies/matcher/forms.py delete mode 100644 passbook/policies/matcher/migrations/0001_initial.py delete mode 100644 passbook/policies/matcher/migrations/__init__.py delete mode 100644 passbook/policies/matcher/models.py delete mode 100644 passbook/policies/sso/__init__.py delete mode 100644 passbook/policies/sso/admin.py delete mode 100644 passbook/policies/sso/api.py delete mode 100644 passbook/policies/sso/apps.py delete mode 100644 passbook/policies/sso/forms.py delete mode 100644 passbook/policies/sso/migrations/0001_initial.py delete mode 100644 passbook/policies/sso/migrations/__init__.py delete mode 100644 passbook/policies/sso/models.py diff --git a/passbook/api/v2/urls.py b/passbook/api/v2/urls.py index 3494893ce..c30e4a379 100644 --- a/passbook/api/v2/urls.py +++ b/passbook/api/v2/urls.py @@ -24,13 +24,10 @@ from passbook.factors.otp.api import OTPFactorViewSet from passbook.factors.password.api import PasswordFactorViewSet from passbook.lib.utils.reflection import get_apps from passbook.policies.expiry.api import PasswordExpiryPolicyViewSet -from passbook.policies.group.api import GroupMembershipPolicyViewSet from passbook.policies.expression.api import ExpressionPolicyViewSet from passbook.policies.hibp.api import HaveIBeenPwendPolicyViewSet -from passbook.policies.matcher.api import FieldMatcherPolicyViewSet from passbook.policies.password.api import PasswordPolicyViewSet from passbook.policies.reputation.api import ReputationPolicyViewSet -from passbook.policies.sso.api import SSOLoginPolicyViewSet from passbook.policies.webhook.api import WebhookPolicyViewSet from passbook.providers.app_gw.api import ApplicationGatewayProviderViewSet from passbook.providers.oauth.api import OAuth2ProviderViewSet @@ -58,12 +55,9 @@ router.register("sources/ldap", LDAPSourceViewSet) router.register("sources/oauth", OAuthSourceViewSet) router.register("policies/all", PolicyViewSet) router.register("policies/passwordexpiry", PasswordExpiryPolicyViewSet) -router.register("policies/groupmembership", GroupMembershipPolicyViewSet) router.register("policies/haveibeenpwned", HaveIBeenPwendPolicyViewSet) -router.register("policies/fieldmatcher", FieldMatcherPolicyViewSet) router.register("policies/password", PasswordPolicyViewSet) router.register("policies/reputation", ReputationPolicyViewSet) -router.register("policies/ssologin", SSOLoginPolicyViewSet) router.register("policies/webhook", WebhookPolicyViewSet) router.register("policies/expression", ExpressionPolicyViewSet) router.register("providers/all", ProviderViewSet) diff --git a/passbook/policies/group/__init__.py b/passbook/policies/group/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/passbook/policies/group/admin.py b/passbook/policies/group/admin.py deleted file mode 100644 index b62aa9be1..000000000 --- a/passbook/policies/group/admin.py +++ /dev/null @@ -1,4 +0,0 @@ -"""autodiscover admin""" -from passbook.lib.admin import admin_autoregister - -admin_autoregister("passbook_policies_group") diff --git a/passbook/policies/group/api.py b/passbook/policies/group/api.py deleted file mode 100644 index ae71a8551..000000000 --- a/passbook/policies/group/api.py +++ /dev/null @@ -1,21 +0,0 @@ -"""Source API Views""" -from rest_framework.serializers import ModelSerializer -from rest_framework.viewsets import ModelViewSet - -from passbook.policies.forms import GENERAL_SERIALIZER_FIELDS -from passbook.policies.group.models import GroupMembershipPolicy - - -class GroupMembershipPolicySerializer(ModelSerializer): - """Group Membership Policy Serializer""" - - class Meta: - model = GroupMembershipPolicy - fields = GENERAL_SERIALIZER_FIELDS + ["group"] - - -class GroupMembershipPolicyViewSet(ModelViewSet): - """Source Viewset""" - - queryset = GroupMembershipPolicy.objects.all() - serializer_class = GroupMembershipPolicySerializer diff --git a/passbook/policies/group/apps.py b/passbook/policies/group/apps.py deleted file mode 100644 index 0529c5d09..000000000 --- a/passbook/policies/group/apps.py +++ /dev/null @@ -1,11 +0,0 @@ -"""passbook Group policy app config""" - -from django.apps import AppConfig - - -class PassbookPoliciesGroupConfig(AppConfig): - """passbook Group policy app config""" - - name = "passbook.policies.group" - label = "passbook_policies_group" - verbose_name = "passbook Policies.Group" diff --git a/passbook/policies/group/forms.py b/passbook/policies/group/forms.py deleted file mode 100644 index 46c57a264..000000000 --- a/passbook/policies/group/forms.py +++ /dev/null @@ -1,21 +0,0 @@ -"""passbook Policy forms""" - -from django import forms - -from passbook.policies.forms import GENERAL_FIELDS -from passbook.policies.group.models import GroupMembershipPolicy - - -class GroupMembershipPolicyForm(forms.ModelForm): - """GroupMembershipPolicy Form""" - - class Meta: - - model = GroupMembershipPolicy - fields = GENERAL_FIELDS + [ - "group", - ] - widgets = { - "name": forms.TextInput(), - "order": forms.NumberInput(), - } diff --git a/passbook/policies/group/migrations/0001_initial.py b/passbook/policies/group/migrations/0001_initial.py deleted file mode 100644 index 569dffc04..000000000 --- a/passbook/policies/group/migrations/0001_initial.py +++ /dev/null @@ -1,44 +0,0 @@ -# Generated by Django 2.2.6 on 2019-10-07 14:07 - -import django.db.models.deletion -from django.db import migrations, models - - -class Migration(migrations.Migration): - - initial = True - - dependencies = [ - ("passbook_core", "0001_initial"), - ] - - operations = [ - migrations.CreateModel( - name="GroupMembershipPolicy", - fields=[ - ( - "policy_ptr", - models.OneToOneField( - auto_created=True, - on_delete=django.db.models.deletion.CASCADE, - parent_link=True, - primary_key=True, - serialize=False, - to="passbook_core.Policy", - ), - ), - ( - "group", - models.ForeignKey( - on_delete=django.db.models.deletion.CASCADE, - to="passbook_core.Group", - ), - ), - ], - options={ - "verbose_name": "Group Membership Policy", - "verbose_name_plural": "Group Membership Policies", - }, - bases=("passbook_core.policy",), - ), - ] diff --git a/passbook/policies/group/migrations/__init__.py b/passbook/policies/group/migrations/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/passbook/policies/group/models.py b/passbook/policies/group/models.py deleted file mode 100644 index 40a0d3b21..000000000 --- a/passbook/policies/group/models.py +++ /dev/null @@ -1,22 +0,0 @@ -"""passbook group models models""" -from django.db import models -from django.utils.translation import gettext as _ - -from passbook.core.models import Group, Policy -from passbook.policies.struct import PolicyRequest, PolicyResult - - -class GroupMembershipPolicy(Policy): - """Policy to check if the user is member in a certain group""" - - group = models.ForeignKey(Group, on_delete=models.CASCADE) - - form = "passbook.policies.group.forms.GroupMembershipPolicyForm" - - def passes(self, request: PolicyRequest) -> PolicyResult: - return PolicyResult(self.group.user_set.filter(pk=request.user.pk).exists()) - - class Meta: - - verbose_name = _("Group Membership Policy") - verbose_name_plural = _("Group Membership Policies") diff --git a/passbook/policies/matcher/__init__.py b/passbook/policies/matcher/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/passbook/policies/matcher/admin.py b/passbook/policies/matcher/admin.py deleted file mode 100644 index 793013085..000000000 --- a/passbook/policies/matcher/admin.py +++ /dev/null @@ -1,4 +0,0 @@ -"""autodiscover admin""" -from passbook.lib.admin import admin_autoregister - -admin_autoregister("passbook_policies_matcher") diff --git a/passbook/policies/matcher/api.py b/passbook/policies/matcher/api.py deleted file mode 100644 index b8cc2904c..000000000 --- a/passbook/policies/matcher/api.py +++ /dev/null @@ -1,25 +0,0 @@ -"""Source API Views""" -from rest_framework.serializers import ModelSerializer -from rest_framework.viewsets import ModelViewSet - -from passbook.policies.forms import GENERAL_SERIALIZER_FIELDS -from passbook.policies.matcher.models import FieldMatcherPolicy - - -class FieldMatcherPolicySerializer(ModelSerializer): - """Field Matcher Policy Serializer""" - - class Meta: - model = FieldMatcherPolicy - fields = GENERAL_SERIALIZER_FIELDS + [ - "user_field", - "match_action", - "value", - ] - - -class FieldMatcherPolicyViewSet(ModelViewSet): - """Source Viewset""" - - queryset = FieldMatcherPolicy.objects.all() - serializer_class = FieldMatcherPolicySerializer diff --git a/passbook/policies/matcher/apps.py b/passbook/policies/matcher/apps.py deleted file mode 100644 index e78dfae0e..000000000 --- a/passbook/policies/matcher/apps.py +++ /dev/null @@ -1,11 +0,0 @@ -"""passbook Matcher policy app config""" - -from django.apps import AppConfig - - -class PassbookPoliciesMatcherConfig(AppConfig): - """passbook Matcher policy app config""" - - name = "passbook.policies.matcher" - label = "passbook_policies_matcher" - verbose_name = "passbook Policies.Matcher" diff --git a/passbook/policies/matcher/forms.py b/passbook/policies/matcher/forms.py deleted file mode 100644 index beaccf193..000000000 --- a/passbook/policies/matcher/forms.py +++ /dev/null @@ -1,23 +0,0 @@ -"""passbook Policy forms""" - -from django import forms - -from passbook.policies.forms import GENERAL_FIELDS -from passbook.policies.matcher.models import FieldMatcherPolicy - - -class FieldMatcherPolicyForm(forms.ModelForm): - """FieldMatcherPolicy Form""" - - class Meta: - - model = FieldMatcherPolicy - fields = GENERAL_FIELDS + [ - "user_field", - "match_action", - "value", - ] - widgets = { - "name": forms.TextInput(), - "value": forms.TextInput(), - } diff --git a/passbook/policies/matcher/migrations/0001_initial.py b/passbook/policies/matcher/migrations/0001_initial.py deleted file mode 100644 index 2834199c8..000000000 --- a/passbook/policies/matcher/migrations/0001_initial.py +++ /dev/null @@ -1,64 +0,0 @@ -# Generated by Django 2.2.6 on 2019-10-07 14:07 - -import django.db.models.deletion -from django.db import migrations, models - - -class Migration(migrations.Migration): - - initial = True - - dependencies = [ - ("passbook_core", "0001_initial"), - ] - - operations = [ - migrations.CreateModel( - name="FieldMatcherPolicy", - fields=[ - ( - "policy_ptr", - models.OneToOneField( - auto_created=True, - on_delete=django.db.models.deletion.CASCADE, - parent_link=True, - primary_key=True, - serialize=False, - to="passbook_core.Policy", - ), - ), - ( - "user_field", - models.TextField( - choices=[ - ("username", "Username"), - ("name", "Name"), - ("email", "E-Mail"), - ("is_staff", "Is staff"), - ("is_active", "Is active"), - ("data_joined", "Date joined"), - ] - ), - ), - ( - "match_action", - models.CharField( - choices=[ - ("startswith", "Starts with"), - ("endswith", "Ends with"), - ("contains", "Contains"), - ("regexp", "Regexp"), - ("exact", "Exact"), - ], - max_length=50, - ), - ), - ("value", models.TextField()), - ], - options={ - "verbose_name": "Field matcher Policy", - "verbose_name_plural": "Field matcher Policies", - }, - bases=("passbook_core.policy",), - ), - ] diff --git a/passbook/policies/matcher/migrations/__init__.py b/passbook/policies/matcher/migrations/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/passbook/policies/matcher/models.py b/passbook/policies/matcher/models.py deleted file mode 100644 index 63469481e..000000000 --- a/passbook/policies/matcher/models.py +++ /dev/null @@ -1,83 +0,0 @@ -"""user field matcher models""" -import re - -from django.db import models -from django.utils.translation import gettext as _ -from structlog import get_logger - -from passbook.core.models import Policy -from passbook.policies.struct import PolicyRequest, PolicyResult - -LOGGER = get_logger() - - -class FieldMatcherPolicy(Policy): - """Policy which checks if a field of the User model matches/doesn't match a - certain pattern""" - - MATCH_STARTSWITH = "startswith" - MATCH_ENDSWITH = "endswith" - MATCH_CONTAINS = "contains" - MATCH_REGEXP = "regexp" - MATCH_EXACT = "exact" - - MATCHES = ( - (MATCH_STARTSWITH, _("Starts with")), - (MATCH_ENDSWITH, _("Ends with")), - (MATCH_CONTAINS, _("Contains")), - (MATCH_REGEXP, _("Regexp")), - (MATCH_EXACT, _("Exact")), - ) - - USER_FIELDS = ( - ("username", _("Username"),), - ("name", _("Name"),), - ("email", _("E-Mail"),), - ("is_staff", _("Is staff"),), - ("is_active", _("Is active"),), - ("data_joined", _("Date joined"),), - ) - - user_field = models.TextField(choices=USER_FIELDS) - match_action = models.CharField(max_length=50, choices=MATCHES) - value = models.TextField() - - form = "passbook.policies.matcher.forms.FieldMatcherPolicyForm" - - def __str__(self): - description = ( - f"{self.name}, user.{self.user_field} {self.match_action} '{self.value}'" - ) - if self.name: - description = f"{self.name}: {description}" - return description - - def passes(self, request: PolicyRequest) -> PolicyResult: - """Check if user instance passes this role""" - if not hasattr(request.user, self.user_field): - raise ValueError("Field does not exist") - user_field_value = getattr(request.user, self.user_field, None) - LOGGER.debug( - "Checking field", - value=user_field_value, - action=self.match_action, - should_be=self.value, - ) - passes = False - if self.match_action == FieldMatcherPolicy.MATCH_STARTSWITH: - passes = user_field_value.startswith(self.value) - if self.match_action == FieldMatcherPolicy.MATCH_ENDSWITH: - passes = user_field_value.endswith(self.value) - if self.match_action == FieldMatcherPolicy.MATCH_CONTAINS: - passes = self.value in user_field_value - if self.match_action == FieldMatcherPolicy.MATCH_REGEXP: - pattern = re.compile(self.value) - passes = bool(pattern.match(user_field_value)) - if self.match_action == FieldMatcherPolicy.MATCH_EXACT: - passes = user_field_value == self.value - return PolicyResult(passes) - - class Meta: - - verbose_name = _("Field matcher Policy") - verbose_name_plural = _("Field matcher Policies") diff --git a/passbook/policies/sso/__init__.py b/passbook/policies/sso/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/passbook/policies/sso/admin.py b/passbook/policies/sso/admin.py deleted file mode 100644 index b76e6afcf..000000000 --- a/passbook/policies/sso/admin.py +++ /dev/null @@ -1,4 +0,0 @@ -"""autodiscover admin""" -from passbook.lib.admin import admin_autoregister - -admin_autoregister("passbook_policies_sso") diff --git a/passbook/policies/sso/api.py b/passbook/policies/sso/api.py deleted file mode 100644 index 4089e2313..000000000 --- a/passbook/policies/sso/api.py +++ /dev/null @@ -1,21 +0,0 @@ -"""Source API Views""" -from rest_framework.serializers import ModelSerializer -from rest_framework.viewsets import ModelViewSet - -from passbook.policies.forms import GENERAL_SERIALIZER_FIELDS -from passbook.policies.sso.models import SSOLoginPolicy - - -class SSOLoginPolicySerializer(ModelSerializer): - """SSO Login Policy Serializer""" - - class Meta: - model = SSOLoginPolicy - fields = GENERAL_SERIALIZER_FIELDS - - -class SSOLoginPolicyViewSet(ModelViewSet): - """Source Viewset""" - - queryset = SSOLoginPolicy.objects.all() - serializer_class = SSOLoginPolicySerializer diff --git a/passbook/policies/sso/apps.py b/passbook/policies/sso/apps.py deleted file mode 100644 index 60773e5a6..000000000 --- a/passbook/policies/sso/apps.py +++ /dev/null @@ -1,11 +0,0 @@ -"""passbook sso policy app config""" - -from django.apps import AppConfig - - -class PassbookPoliciesSSOConfig(AppConfig): - """passbook sso policy app config""" - - name = "passbook.policies.sso" - label = "passbook_policies_sso" - verbose_name = "passbook Policies.SSO" diff --git a/passbook/policies/sso/forms.py b/passbook/policies/sso/forms.py deleted file mode 100644 index 0503b6a97..000000000 --- a/passbook/policies/sso/forms.py +++ /dev/null @@ -1,19 +0,0 @@ -"""passbook Policy forms""" - -from django import forms - -from passbook.policies.forms import GENERAL_FIELDS -from passbook.policies.sso.models import SSOLoginPolicy - - -class SSOLoginPolicyForm(forms.ModelForm): - """Edit SSOLoginPolicy instances""" - - class Meta: - - model = SSOLoginPolicy - fields = GENERAL_FIELDS - widgets = { - "name": forms.TextInput(), - "order": forms.NumberInput(), - } diff --git a/passbook/policies/sso/migrations/0001_initial.py b/passbook/policies/sso/migrations/0001_initial.py deleted file mode 100644 index 4b31f32b0..000000000 --- a/passbook/policies/sso/migrations/0001_initial.py +++ /dev/null @@ -1,37 +0,0 @@ -# Generated by Django 2.2.6 on 2019-10-07 14:07 - -import django.db.models.deletion -from django.db import migrations, models - - -class Migration(migrations.Migration): - - initial = True - - dependencies = [ - ("passbook_core", "0001_initial"), - ] - - operations = [ - migrations.CreateModel( - name="SSOLoginPolicy", - fields=[ - ( - "policy_ptr", - models.OneToOneField( - auto_created=True, - on_delete=django.db.models.deletion.CASCADE, - parent_link=True, - primary_key=True, - serialize=False, - to="passbook_core.Policy", - ), - ), - ], - options={ - "verbose_name": "SSO Login Policy", - "verbose_name_plural": "SSO Login Policies", - }, - bases=("passbook_core.policy",), - ), - ] diff --git a/passbook/policies/sso/migrations/__init__.py b/passbook/policies/sso/migrations/__init__.py deleted file mode 100644 index e69de29bb..000000000 diff --git a/passbook/policies/sso/models.py b/passbook/policies/sso/models.py deleted file mode 100644 index 1f45fa085..000000000 --- a/passbook/policies/sso/models.py +++ /dev/null @@ -1,25 +0,0 @@ -"""sso models""" -from django.utils.translation import gettext as _ - -from passbook.core.models import Policy -from passbook.policies.struct import PolicyRequest, PolicyResult - - -class SSOLoginPolicy(Policy): - """Policy that applies to users that have authenticated themselves through SSO""" - - form = "passbook.policies.sso.forms.SSOLoginPolicyForm" - - def passes(self, request: PolicyRequest) -> PolicyResult: - """Check if user instance passes this policy""" - from passbook.factors.view import AuthenticationView - - is_sso_login = request.user.session.get( - AuthenticationView.SESSION_IS_SSO_LOGIN, False - ) - return PolicyResult(is_sso_login) - - class Meta: - - verbose_name = _("SSO Login Policy") - verbose_name_plural = _("SSO Login Policies") diff --git a/passbook/root/settings.py b/passbook/root/settings.py index a6428742a..493d1291e 100644 --- a/passbook/root/settings.py +++ b/passbook/root/settings.py @@ -93,10 +93,7 @@ INSTALLED_APPS = [ "passbook.policies.expiry.apps.PassbookPolicyExpiryConfig", "passbook.policies.reputation.apps.PassbookPolicyReputationConfig", "passbook.policies.hibp.apps.PassbookPolicyHIBPConfig", - "passbook.policies.group.apps.PassbookPoliciesGroupConfig", - "passbook.policies.matcher.apps.PassbookPoliciesMatcherConfig", "passbook.policies.password.apps.PassbookPoliciesPasswordConfig", - "passbook.policies.sso.apps.PassbookPoliciesSSOConfig", "passbook.policies.webhook.apps.PassbookPoliciesWebhookConfig", "passbook.policies.expression.apps.PassbookPolicyExpressionConfig", ]