policies: raise sentry-ignored error for invalid PolicyEngine parameters

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-13 13:23:07 +01:00 · 2023-02-13 13:23:07 +01:00 · 925477b3a2
parent cefc1a57ee
commit 925477b3a2
3 changed files with 10 additions and 6 deletions
--- a/authentik/events/tasks.py
+++ b/authentik/events/tasks.py
@ -37,11 +37,10 @@ def event_notification_handler(event_uuid: str):
@CELERY_APP.task()
 def event_trigger_handler(event_uuid: str, trigger_name: str):
    """Check if policies attached to NotificationRule match event"""
-    events = Event.objects.filter(event_uuid=event_uuid)
-    if not events.exists():
+    event: Event = Event.objects.filter(event_uuid=event_uuid).first()
+    if not event:
        LOGGER.warning("event doesn't exist yet or anymore", event_uuid=event_uuid)
        return
-    event: Event = events.first()
    trigger: Optional[NotificationRule] = NotificationRule.objects.filter(name=trigger_name).first()
    if not trigger:
        return
--- a/authentik/policies/engine.py
+++ b/authentik/policies/engine.py
@ -11,6 +11,7 @@ from structlog.stdlib import BoundLogger, get_logger

 from authentik.core.models import User
 from authentik.policies.apps import HIST_POLICIES_BUILD_TIME
+from authentik.policies.exceptions import PolicyEngineException
 from authentik.policies.models import Policy, PolicyBinding, PolicyBindingModel, PolicyEngineMode
 from authentik.policies.process import PolicyProcess, cache_key
 from authentik.policies.types import PolicyRequest, PolicyResult
@ -51,9 +52,9 @@ class PolicyEngine:
        # objects with no policies attached will pass.
        self.empty_result = True
        if not isinstance(pbm, PolicyBindingModel):  # pragma: no cover
-            raise ValueError(f"{pbm} is not instance of PolicyBindingModel")
+            raise PolicyEngineException(f"{pbm} is not instance of PolicyBindingModel")
        if not user:
-            raise ValueError("User must be set")
+            raise PolicyEngineException("User must be set")
        self.__pbm = pbm
        self.request = PolicyRequest(user)
        self.request.obj = pbm
@ -76,7 +77,7 @@ class PolicyEngine:
        """Check policy type, make sure it's not the root class as that has no logic implemented"""
        # pyright: reportGeneralTypeIssues=false
        if binding.policy is not None and binding.policy.__class__ == Policy:
-            raise TypeError(f"Policy '{binding.policy}' is root type")
+            raise PolicyEngineException(f"Policy '{binding.policy}' is root type")

    def build(self) -> "PolicyEngine":
        """Build wrapper which monitors performance"""
--- a/authentik/policies/exceptions.py
+++ b/authentik/policies/exceptions.py
@ -4,6 +4,10 @@ from typing import Optional
 from authentik.lib.sentry import SentryIgnoredException


+class PolicyEngineException(SentryIgnoredException):
+    """Error raised when a policy engine is configured incorrectly"""
+
+
 class PolicyException(SentryIgnoredException):
    """Exception that should be raised during Policy Evaluation, and can be recovered from."""