trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

policies: add debug flag to PolicyRequest to prevent alerts from testing policies

Browse source
This commit is contained in:
Jens Langhammer 2021-02-06 21:45:38 +01:00
parent 45963c2ffc
commit ec42869e00
4 changed files with 7 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
authentik/admin/views/policies.py
View file

@ -115,6 +115,7 @@ class PolicyTestView(LoginRequiredMixin, DetailView, PermissionRequiredMixin, Fo
user = form.cleaned_data.get("user") user = form.cleaned_data.get("user")
p_request = PolicyRequest(user) p_request = PolicyRequest(user)
p_request.debug = True
p_request.http_request = self.request p_request.http_request = self.request
p_request.context = form.cleaned_data.get("context", {}) p_request.context = form.cleaned_data.get("context", {})

2
authentik/events/tasks.py
View file

@ -67,7 +67,7 @@ def event_trigger_handler(event_uuid: str, trigger_name: str):
# Create the notification objects # Create the notification objects
for transport in trigger.transports.all(): for transport in trigger.transports.all():
for user in trigger.group.users.all(): for user in trigger.group.users.all():
LOGGER.debug("created notif") LOGGER.debug("created notification")
notification = Notification.objects.create( notification = Notification.objects.create(
severity=trigger.severity, body=event.summary, event=event, user=user severity=trigger.severity, body=event.summary, event=event, user=user
) )

7
authentik/policies/process.py
View file

@ -80,7 +80,7 @@ class PolicyProcess(PROCESS_CLASS):
) )
try: try:
policy_result = self.binding.policy.passes(self.request) policy_result = self.binding.policy.passes(self.request)
if self.binding.policy.execution_logging: if self.binding.policy.execution_logging and not self.request.debug:
self.create_event( self.create_event(
EventAction.POLICY_EXECUTION, EventAction.POLICY_EXECUTION,
message="Policy Execution", message="Policy Execution",
@ -94,8 +94,9 @@ class PolicyProcess(PROCESS_CLASS):
+ "".join(format_tb(src_exc.__traceback__)) + "".join(format_tb(src_exc.__traceback__))
+ str(src_exc) + str(src_exc)
) )
# Create policy exception event # Create policy exception event, only when we're not debugging
self.create_event(EventAction.POLICY_EXCEPTION, message=error_string) if not self.request.debug:
self.create_event(EventAction.POLICY_EXCEPTION, message=error_string)
LOGGER.debug("P_ENG(proc): error", exc=src_exc) LOGGER.debug("P_ENG(proc): error", exc=src_exc)
policy_result = PolicyResult(False, str(src_exc)) policy_result = PolicyResult(False, str(src_exc))
policy_result.source_policy = self.binding.policy policy_result.source_policy = self.binding.policy

1
authentik/policies/types.py
View file

@ -20,6 +20,7 @@ class PolicyRequest:
http_request: Optional[HttpRequest] http_request: Optional[HttpRequest]
obj: Optional[Model] obj: Optional[Model]
context: dict[str, Any] context: dict[str, Any]
debug: bool = False
def __init__(self, user: User): def __init__(self, user: User):
super().__init__() super().__init__()