policies: add debug flag to PolicyRequest to prevent alerts from testing policies

2021-02-06 21:45:38 +01:00 · 2021-02-06 21:45:38 +01:00 · ec42869e00
parent 45963c2ffc
commit ec42869e00
4 changed files with 7 additions and 4 deletions
--- a/authentik/admin/views/policies.py
+++ b/authentik/admin/views/policies.py
@ -115,6 +115,7 @@ class PolicyTestView(LoginRequiredMixin, DetailView, PermissionRequiredMixin, Fo
        user = form.cleaned_data.get("user")

        p_request = PolicyRequest(user)
+        p_request.debug = True
        p_request.http_request = self.request
        p_request.context = form.cleaned_data.get("context", {})

--- a/authentik/events/tasks.py
+++ b/authentik/events/tasks.py
@ -67,7 +67,7 @@ def event_trigger_handler(event_uuid: str, trigger_name: str):
    # Create the notification objects
    for transport in trigger.transports.all():
        for user in trigger.group.users.all():
-            LOGGER.debug("created notif")
+            LOGGER.debug("created notification")
            notification = Notification.objects.create(
                severity=trigger.severity, body=event.summary, event=event, user=user
            )
--- a/authentik/policies/process.py
+++ b/authentik/policies/process.py
@ -80,7 +80,7 @@ class PolicyProcess(PROCESS_CLASS):
        )
        try:
            policy_result = self.binding.policy.passes(self.request)
-            if self.binding.policy.execution_logging:
+            if self.binding.policy.execution_logging and not self.request.debug:
                self.create_event(
                    EventAction.POLICY_EXECUTION,
                    message="Policy Execution",
@ -94,8 +94,9 @@ class PolicyProcess(PROCESS_CLASS):
                + "".join(format_tb(src_exc.__traceback__))
                + str(src_exc)
            )
-            # Create policy exception event
-            self.create_event(EventAction.POLICY_EXCEPTION, message=error_string)
+            # Create policy exception event, only when we're not debugging
+            if not self.request.debug:
+                self.create_event(EventAction.POLICY_EXCEPTION, message=error_string)
            LOGGER.debug("P_ENG(proc): error", exc=src_exc)
            policy_result = PolicyResult(False, str(src_exc))
        policy_result.source_policy = self.binding.policy
--- a/authentik/policies/types.py
+++ b/authentik/policies/types.py
@ -20,6 +20,7 @@ class PolicyRequest:
    http_request: Optional[HttpRequest]
    obj: Optional[Model]
    context: dict[str, Any]
+    debug: bool = False

    def __init__(self, user: User):
        super().__init__()