From e24a9e31195dd30a1e369defe7eac748f40fcded Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 31 May 2021 11:50:29 +0200 Subject: [PATCH] policies: fix missing negate flag of policy bindings Signed-off-by: Jens Langhammer --- authentik/policies/api/bindings.py | 1 + authentik/policies/process.py | 6 ++-- schema.yml | 9 ++++++ web/src/locales/en.po | 33 +++++++++++++++++++++ web/src/locales/pseudo-LOCALE.po | 33 +++++++++++++++++++++ web/src/pages/policies/PolicyBindingForm.ts | 11 +++++++ 6 files changed, 90 insertions(+), 3 deletions(-) diff --git a/authentik/policies/api/bindings.py b/authentik/policies/api/bindings.py index 00e29ba77..3a4ad831e 100644 --- a/authentik/policies/api/bindings.py +++ b/authentik/policies/api/bindings.py @@ -75,6 +75,7 @@ class PolicyBindingSerializer(ModelSerializer): "group_obj", "user_obj", "target", + "negate", "enabled", "order", "timeout", diff --git a/authentik/policies/process.py b/authentik/policies/process.py index cdf859c7f..36a6a3cf7 100644 --- a/authentik/policies/process.py +++ b/authentik/policies/process.py @@ -93,6 +93,9 @@ class PolicyProcess(PROCESS_CLASS): ) try: policy_result = self.binding.passes(self.request) + # Invert result if policy.negate is set + if self.binding.negate: + policy_result.passing = not policy_result.passing if self.binding.policy and not self.request.debug: if self.binding.policy.execution_logging: self.create_event( @@ -114,9 +117,6 @@ class PolicyProcess(PROCESS_CLASS): LOGGER.debug("P_ENG(proc): error", exc=src_exc) policy_result = PolicyResult(False, str(src_exc)) policy_result.source_binding = self.binding - # Invert result if policy.negate is set - if self.binding.negate: - policy_result.passing = not policy_result.passing if not self.request.debug: key = cache_key(self.binding, self.request) cache.set(key, policy_result) diff --git a/schema.yml b/schema.yml index 19842facc..ab6a3d798 100644 --- a/schema.yml +++ b/schema.yml @@ -22802,6 +22802,9 @@ components: target: type: string format: uuid + negate: + type: boolean + description: Negates the outcome of the policy. Messages are unaffected. enabled: type: boolean order: @@ -23524,6 +23527,9 @@ components: target: type: string format: uuid + negate: + type: boolean + description: Negates the outcome of the policy. Messages are unaffected. enabled: type: boolean order: @@ -23560,6 +23566,9 @@ components: target: type: string format: uuid + negate: + type: boolean + description: Negates the outcome of the policy. Messages are unaffected. enabled: type: boolean order: diff --git a/web/src/locales/en.po b/web/src/locales/en.po index 3b6c448e6..9a4fb765d 100644 --- a/web/src/locales/en.po +++ b/web/src/locales/en.po @@ -431,6 +431,10 @@ msgstr "Branding settings" msgid "Branding shown in page title and several other places." msgstr "Branding shown in page title and several other places." +#: src/elements/user/SessionList.ts +msgid "Browser" +msgstr "Browser" + #: src/pages/admin-overview/cards/VersionStatusCard.ts msgid "Build hash: {0}" msgstr "Build hash: {0}" @@ -1018,6 +1022,10 @@ msgstr "Delete Consent" msgid "Delete Refresh Code" msgstr "Delete Refresh Code" +#: src/elements/user/SessionList.ts +msgid "Delete Session" +msgstr "Delete Session" + #: src/pages/user-settings/UserDetailsPage.ts msgid "Delete account" msgstr "Delete account" @@ -1070,6 +1078,10 @@ msgstr "Determines how authentik sends the response back to the Service Provider msgid "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed." msgstr "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed." +#: src/elements/user/SessionList.ts +msgid "Device" +msgstr "Device" + #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts msgid "Device classes" msgstr "Device classes" @@ -1369,6 +1381,7 @@ msgstr "Execution logging" #: src/elements/oauth/UserCodeList.ts #: src/elements/oauth/UserRefreshList.ts +#: src/elements/user/SessionList.ts #: src/elements/user/UserConsentList.ts #: src/pages/stages/invitation/InvitationForm.ts msgid "Expires" @@ -1872,6 +1885,10 @@ msgstr "Label" msgid "Label shown next to/above the prompt." msgstr "Label shown next to/above the prompt." +#: src/elements/user/SessionList.ts +msgid "Last IP" +msgstr "Last IP" + #: src/pages/groups/MemberSelectModal.ts #: src/pages/users/UserListPage.ts #: src/pages/users/UserViewPage.ts @@ -2223,6 +2240,14 @@ msgstr "NameID Property Mapping" msgid "Need an account?" msgstr "Need an account?" +#: src/pages/policies/PolicyBindingForm.ts +msgid "Negate result" +msgstr "Negate result" + +#: src/pages/policies/PolicyBindingForm.ts +msgid "Negates the outcome of the binding. Messages are unaffected." +msgstr "Negates the outcome of the binding. Messages are unaffected." + #: src/pages/events/EventInfo.ts msgid "New version available!" msgstr "New version available!" @@ -3085,6 +3110,10 @@ msgstr "Service Provider Binding" msgid "Service connection" msgstr "Service connection" +#: src/elements/user/SessionList.ts +msgid "Session" +msgstr "Session" + #: src/pages/stages/user_login/UserLoginStageForm.ts msgid "Session duration" msgstr "Session duration" @@ -3097,6 +3126,10 @@ msgstr "Session not valid on or after current time + this value (Format: hours=1 msgid "Session valid not on or after" msgstr "Session valid not on or after" +#: src/pages/users/UserViewPage.ts +msgid "Sessions" +msgstr "Sessions" + #: src/pages/providers/proxy/ProxyProviderForm.ts msgid "Set HTTP-Basic Authentication" msgstr "Set HTTP-Basic Authentication" diff --git a/web/src/locales/pseudo-LOCALE.po b/web/src/locales/pseudo-LOCALE.po index b7c4710d6..9d4819b5a 100644 --- a/web/src/locales/pseudo-LOCALE.po +++ b/web/src/locales/pseudo-LOCALE.po @@ -427,6 +427,10 @@ msgstr "" msgid "Branding shown in page title and several other places." msgstr "" +#: +msgid "Browser" +msgstr "" + #: msgid "Build hash: {0}" msgstr "" @@ -1012,6 +1016,10 @@ msgstr "" msgid "Delete Refresh Code" msgstr "" +#: +msgid "Delete Session" +msgstr "" + #: msgid "Delete account" msgstr "" @@ -1062,6 +1070,10 @@ msgstr "" msgid "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed." msgstr "" +#: +msgid "Device" +msgstr "" + #: msgid "Device classes" msgstr "" @@ -1363,6 +1375,7 @@ msgstr "" #: #: #: +#: msgid "Expires" msgstr "" @@ -1864,6 +1877,10 @@ msgstr "" msgid "Label shown next to/above the prompt." msgstr "" +#: +msgid "Last IP" +msgstr "" + #: #: #: @@ -2215,6 +2232,14 @@ msgstr "" msgid "Need an account?" msgstr "" +#: +msgid "Negate result" +msgstr "" + +#: +msgid "Negates the outcome of the binding. Messages are unaffected." +msgstr "" + #: msgid "New version available!" msgstr "" @@ -3077,6 +3102,10 @@ msgstr "" msgid "Service connection" msgstr "" +#: +msgid "Session" +msgstr "" + #: msgid "Session duration" msgstr "" @@ -3089,6 +3118,10 @@ msgstr "" msgid "Session valid not on or after" msgstr "" +#: +msgid "Sessions" +msgstr "" + #: msgid "Set HTTP-Basic Authentication" msgstr "" diff --git a/web/src/pages/policies/PolicyBindingForm.ts b/web/src/pages/policies/PolicyBindingForm.ts index 7fc95eb87..bdca4985d 100644 --- a/web/src/pages/policies/PolicyBindingForm.ts +++ b/web/src/pages/policies/PolicyBindingForm.ts @@ -200,6 +200,17 @@ export class PolicyBindingForm extends ModelForm { + +
+ + +
+

+ ${t`Negates the outcome of the binding. Messages are unaffected.`} +

+