trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

policies/expression: expose python requests via expression, remove webhook policy

This commit is contained in:
Jens Langhammer 2020-05-15 12:02:41 +02:00
parent 023423c6e7
commit b907105f4a
11 changed files with 2 additions and 364 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
passbook/api/v2/urls.py
View File

@ -24,7 +24,6 @@ from passbook.policies.expression.api import ExpressionPolicyViewSet
from passbook.policies.hibp.api import HaveIBeenPwendPolicyViewSet
from passbook.policies.password.api import PasswordPolicyViewSet
from passbook.policies.reputation.api import ReputationPolicyViewSet
from passbook.policies.webhook.api import WebhookPolicyViewSet
from passbook.providers.app_gw.api import ApplicationGatewayProviderViewSet
from passbook.providers.oauth.api import OAuth2ProviderViewSet
from passbook.providers.oidc.api import OpenIDProviderViewSet
@ -69,7 +68,6 @@ router.register("policies/haveibeenpwned", HaveIBeenPwendPolicyViewSet)
router.register("policies/password", PasswordPolicyViewSet)
router.register("policies/passwordexpiry", PasswordExpiryPolicyViewSet)
router.register("policies/reputation", ReputationPolicyViewSet)
router.register("policies/webhook", WebhookPolicyViewSet)
router.register("providers/all", ProviderViewSet)
router.register("providers/applicationgateway", ApplicationGatewayProviderViewSet)

8
passbook/policies/expression/evaluator.py
View File

@ -6,6 +6,7 @@ from django.core.exceptions import ValidationError
from jinja2 import Undefined
from jinja2.exceptions import TemplateSyntaxError, UndefinedError
from jinja2.nativetypes import NativeEnvironment
from requests import Session
from structlog import get_logger
from passbook.flows.planner import PLAN_CONTEXT_SSO
@ -46,11 +47,6 @@ class Evaluator:
"""Check if `user` is member of group with name `group_name`"""
return user.groups.filter(name=group_name).exists()
@staticmethod
def jinja2_log(message, **kwargs):
"""Output debug log to console"""
return LOGGER.debug("Expression log", _m=message, **kwargs)
def _get_expression_context(
self, request: PolicyRequest, **kwargs
) -> Dict[str, Any]:
@ -58,8 +54,8 @@ class Evaluator:
# update passbook/policies/expression/templates/policy/expression/form.html
# update docs/policies/expression/index.md
kwargs["pb_is_group_member"] = Evaluator.jinja2_func_is_group_member
kwargs["pb_log"] = Evaluator.jinja2_log
kwargs["pb_logger"] = get_logger()
kwargs["requests"] = Session()
if request.http_request:
kwargs["pb_is_sso_flow"] = request.http_request.session.get(
PLAN_CONTEXT_SSO, False

0
passbook/policies/webhook/__init__.py
View File

28
passbook/policies/webhook/api.py
View File

@ -1,28 +0,0 @@
"""Source API Views"""
from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet
from passbook.policies.forms import GENERAL_SERIALIZER_FIELDS
from passbook.policies.webhook.models import WebhookPolicy
class WebhookPolicySerializer(ModelSerializer):
"""Webhook Policy Serializer"""
class Meta:
model = WebhookPolicy
fields = GENERAL_SERIALIZER_FIELDS + [
"url",
"method",
"json_body",
"json_headers",
"result_jsonpath",
"result_json_value",
]
class WebhookPolicyViewSet(ModelViewSet):
"""Source Viewset"""
queryset = WebhookPolicy.objects.all()
serializer_class = WebhookPolicySerializer

11
passbook/policies/webhook/apps.py
View File

@ -1,11 +0,0 @@
"""passbook Webhook policy app config"""
from django.apps import AppConfig
class PassbookPoliciesWebhookConfig(AppConfig):
"""passbook Webhook policy app config"""
name = "passbook.policies.webhook"
label = "passbook_policies_webhook"
verbose_name = "passbook Policies.Webhook"

29
passbook/policies/webhook/forms.py
View File

@ -1,29 +0,0 @@
"""passbook Policy forms"""
from django import forms
from passbook.policies.forms import GENERAL_FIELDS
from passbook.policies.webhook.models import WebhookPolicy
class WebhookPolicyForm(forms.ModelForm):
"""WebhookPolicyForm Form"""
class Meta:
model = WebhookPolicy
fields = GENERAL_FIELDS + [
"url",
"method",
"json_body",
"json_headers",
"result_jsonpath",
"result_json_value",
]
widgets = {
"name": forms.TextInput(),
"json_body": forms.TextInput(),
"json_headers": forms.TextInput(),
"result_jsonpath": forms.TextInput(),
"result_json_value": forms.TextInput(),
}

55
passbook/policies/webhook/migrations/0001_initial.py
View File

@ -1,55 +0,0 @@
# Generated by Django 2.2.6 on 2019-10-07 14:07
import django.db.models.deletion
from django.db import migrations, models
class Migration(migrations.Migration):
initial = True
dependencies = [
("passbook_core", "0001_initial"),
]
operations = [
migrations.CreateModel(
name="WebhookPolicy",
fields=[
(
"policy_ptr",
models.OneToOneField(
auto_created=True,
on_delete=django.db.models.deletion.CASCADE,
parent_link=True,
primary_key=True,
serialize=False,
to="passbook_core.Policy",
),
),
("url", models.URLField()),
(
"method",
models.CharField(
choices=[
("GET", "GET"),
("POST", "POST"),
("PATCH", "PATCH"),
("DELETE", "DELETE"),
("PUT", "PUT"),
],
max_length=10,
),
),
("json_body", models.TextField()),
("json_headers", models.TextField()),
("result_jsonpath", models.TextField()),
("result_json_value", models.TextField()),
],
options={
"verbose_name": "Webhook Policy",
"verbose_name_plural": "Webhook Policies",
},
bases=("passbook_core.policy",),
),
]

0
passbook/policies/webhook/migrations/__init__.py
View File

42
passbook/policies/webhook/models.py
View File

@ -1,42 +0,0 @@
"""webhook models"""
from django.db import models
from django.utils.translation import gettext as _
from passbook.core.models import Policy
from passbook.policies.types import PolicyRequest, PolicyResult
class WebhookPolicy(Policy):
"""Policy that asks webhook"""
METHOD_GET = "GET"
METHOD_POST = "POST"
METHOD_PATCH = "PATCH"
METHOD_DELETE = "DELETE"
METHOD_PUT = "PUT"
METHODS = (
(METHOD_GET, METHOD_GET),
(METHOD_POST, METHOD_POST),
(METHOD_PATCH, METHOD_PATCH),
(METHOD_DELETE, METHOD_DELETE),
(METHOD_PUT, METHOD_PUT),
)
url = models.URLField()
method = models.CharField(max_length=10, choices=METHODS)
json_body = models.TextField()
json_headers = models.TextField()
result_jsonpath = models.TextField()
result_json_value = models.TextField()
form = "passbook.policies.webhook.forms.WebhookPolicyForm"
def passes(self, request: PolicyRequest) -> PolicyResult:
"""Call webhook asynchronously and report back"""
raise NotImplementedError()
class Meta:
verbose_name = _("Webhook Policy")
verbose_name_plural = _("Webhook Policies")

1
passbook/root/settings.py
View File

@ -89,7 +89,6 @@ INSTALLED_APPS = [
"passbook.policies.hibp.apps.PassbookPolicyHIBPConfig",
"passbook.policies.password.apps.PassbookPoliciesPasswordConfig",
"passbook.policies.reputation.apps.PassbookPolicyReputationConfig",
"passbook.policies.webhook.apps.PassbookPoliciesWebhookConfig",
"passbook.providers.app_gw.apps.PassbookApplicationApplicationGatewayConfig",
"passbook.providers.oauth.apps.PassbookProviderOAuthConfig",
"passbook.providers.oidc.apps.PassbookProviderOIDCConfig",

190
swagger.yaml
View File

@ -1710,133 +1710,6 @@ paths:
required: true
type: string
format: uuid
/policies/webhook/:
get:
operationId: policies_webhook_list
description: Source Viewset
parameters:
- name: ordering
in: query
description: Which field to use when ordering the results.
required: false
type: string
- name: search
in: query
description: A search term.
required: false
type: string
- name: limit
in: query
description: Number of results to return per page.
required: false
type: integer
- name: offset
in: query
description: The initial index from which to return the results.
required: false
type: integer
responses:
'200':
description: ''
schema:
required:
- count
- results
type: object
properties:
count:
type: integer
next:
type: string
format: uri
x-nullable: true
previous:
type: string
format: uri
x-nullable: true
results:
type: array
items:
$ref: '#/definitions/WebhookPolicy'
tags:
- policies
post:
operationId: policies_webhook_create
description: Source Viewset
parameters:
- name: data
in: body
required: true
schema:
$ref: '#/definitions/WebhookPolicy'
responses:
'201':
description: ''
schema:
$ref: '#/definitions/WebhookPolicy'
tags:
- policies
parameters: []
/policies/webhook/{uuid}/:
get:
operationId: policies_webhook_read
description: Source Viewset
parameters: []
responses:
'200':
description: ''
schema:
$ref: '#/definitions/WebhookPolicy'
tags:
- policies
put:
operationId: policies_webhook_update
description: Source Viewset
parameters:
- name: data
in: body
required: true
schema:
$ref: '#/definitions/WebhookPolicy'
responses:
'200':
description: ''
schema:
$ref: '#/definitions/WebhookPolicy'
tags:
- policies
patch:
operationId: policies_webhook_partial_update
description: Source Viewset
parameters:
- name: data
in: body
required: true
schema:
$ref: '#/definitions/WebhookPolicy'
responses:
'200':
description: ''
schema:
$ref: '#/definitions/WebhookPolicy'
tags:
- policies
delete:
operationId: policies_webhook_delete
description: Source Viewset
parameters: []
responses:
'204':
description: ''
tags:
- policies
parameters:
- name: uuid
in: path
description: A UUID string identifying this Webhook Policy.
required: true
type: string
format: uuid
/propertymappings/all/:
get:
operationId: propertymappings_all_list
@ -5422,69 +5295,6 @@ definitions:
type: integer
maximum: 2147483647
minimum: -2147483648
WebhookPolicy:
required:
- url
- method
- json_body
- json_headers
- result_jsonpath
- result_json_value
type: object
properties:
pk:
title: Uuid
type: string
format: uuid
readOnly: true
name:
title: Name
type: string
x-nullable: true
negate:
title: Negate
type: boolean
order:
title: Order
type: integer
maximum: 2147483647
minimum: -2147483648
timeout:
title: Timeout
type: integer
maximum: 2147483647
minimum: -2147483648
url:
title: Url
type: string
format: uri
maxLength: 200
minLength: 1
method:
title: Method
type: string
enum:
- GET
- POST
- PATCH
- DELETE
- PUT
json_body:
title: Json body
type: string
minLength: 1
json_headers:
title: Json headers
type: string
minLength: 1
result_jsonpath:
title: Result jsonpath
type: string
minLength: 1
result_json_value:
title: Result json value
type: string
minLength: 1
PropertyMapping:
required:
- name