trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

policies/expression: add pb_client_ip field

This commit is contained in:
Jens Langhammer 2020-02-22 19:26:16 +01:00
parent 995c87938f
commit 83da175749
3 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/policies/expression/index.md
View File

@ -12,6 +12,8 @@ The following objects are passed into the variable:
- `request.obj`: A Django Model instance. This is only set if the Policy is ran against an object.
- `pb_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external Provider.
- `pb_is_group_member(user, group_name)`: Function which checks if `user` is member of a Group with Name `gorup_name`.
- `pb_logger`: Standard Python Logger Object, which can be used to debug expressions.
- `pb_client_ip`: Client's IP Address.
There are also the following custom filters available:

4
passbook/policies/expression/evaluator.py
View File

@ -9,6 +9,7 @@ from jinja2.nativetypes import NativeEnvironment
from structlog import get_logger
from passbook.factors.view import AuthenticationView
from passbook.lib.utils.http import get_client_ip
from passbook.policies.types import PolicyRequest, PolicyResult
if TYPE_CHECKING:
@ -55,6 +56,9 @@ class Evaluator:
)
kwargs["pb_is_group_member"] = Evaluator.jinja2_func_is_group_member
kwargs["pb_logger"] = get_logger()
kwargs["pb_client_ip"] = (
get_client_ip(request.http_request) or "255.255.255.255"
)
return kwargs
def evaluate(self, expression_source: str, request: PolicyRequest) -> PolicyResult:

2
passbook/policies/expression/templates/policy/expression/form.html
View File

@ -15,6 +15,8 @@
<li><code>request.obj</code>: Model the Policy is run against. </li>
<li><code>pb_is_sso_flow</code>: Boolean which is true if request was initiated by authenticating through an external Provider.</li>
<li><code>pb_is_group_member(user, group_name)</code>: Function which checks if <code>user</code> is member of a Group with Name <code>group_name</code>.</li>
<li><code>pb_logger</code>: Standard Python Logger Object, which can be used to debug expressions.</li>
<li><code>pb_client_ip</code>: Client's IP Address.</li>
</ul>
<p>Custom Filters:</p>
<ul>