From 83da175749f5c6daa471e6186ae794bdb846b1ec Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sat, 22 Feb 2020 19:26:16 +0100
Subject: [PATCH] policies/expression: add pb_client_ip field

---
 docs/policies/expression/index.md                             | 2 ++
 passbook/policies/expression/evaluator.py                     | 4 ++++
 .../policies/expression/templates/policy/expression/form.html | 2 ++
 3 files changed, 8 insertions(+)

diff --git a/docs/policies/expression/index.md b/docs/policies/expression/index.md
index fea268056..418c4b9eb 100644
--- a/docs/policies/expression/index.md
+++ b/docs/policies/expression/index.md
@@ -12,6 +12,8 @@ The following objects are passed into the variable:
     - `request.obj`: A Django Model instance. This is only set if the Policy is ran against an object.
 - `pb_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external Provider.
 - `pb_is_group_member(user, group_name)`: Function which checks if `user` is member of a Group with Name `gorup_name`.
+- `pb_logger`: Standard Python Logger Object, which can be used to debug expressions.
+- `pb_client_ip`: Client's IP Address.
 
 There are also the following custom filters available:
 
diff --git a/passbook/policies/expression/evaluator.py b/passbook/policies/expression/evaluator.py
index baa22e278..39943202d 100644
--- a/passbook/policies/expression/evaluator.py
+++ b/passbook/policies/expression/evaluator.py
@@ -9,6 +9,7 @@ from jinja2.nativetypes import NativeEnvironment
 from structlog import get_logger
 
 from passbook.factors.view import AuthenticationView
+from passbook.lib.utils.http import get_client_ip
 from passbook.policies.types import PolicyRequest, PolicyResult
 
 if TYPE_CHECKING:
@@ -55,6 +56,9 @@ class Evaluator:
         )
         kwargs["pb_is_group_member"] = Evaluator.jinja2_func_is_group_member
         kwargs["pb_logger"] = get_logger()
+        kwargs["pb_client_ip"] = (
+            get_client_ip(request.http_request) or "255.255.255.255"
+        )
         return kwargs
 
     def evaluate(self, expression_source: str, request: PolicyRequest) -> PolicyResult:
diff --git a/passbook/policies/expression/templates/policy/expression/form.html b/passbook/policies/expression/templates/policy/expression/form.html
index 65274b195..58cf832b0 100644
--- a/passbook/policies/expression/templates/policy/expression/form.html
+++ b/passbook/policies/expression/templates/policy/expression/form.html
@@ -15,6 +15,8 @@
             <li><code>request.obj</code>: Model the Policy is run against. </li>
             <li><code>pb_is_sso_flow</code>: Boolean which is true if request was initiated by authenticating through an external Provider.</li>
             <li><code>pb_is_group_member(user, group_name)</code>: Function which checks if <code>user</code> is member of a Group with Name <code>group_name</code>.</li>
+            <li><code>pb_logger</code>: Standard Python Logger Object, which can be used to debug expressions.</li>
+            <li><code>pb_client_ip</code>: Client's IP Address.</li>
         </ul>
         <p>Custom Filters:</p>
         <ul>