core: fix saving of policy not correctly clearing it's cache

passbook/core/signals.py

@@ -18,9 +18,11 @@ password_changed = Signal(providing_args=["user", "password"])
 def invalidate_policy_cache(sender, instance, **_):
     """Invalidate Policy cache when policy is updated"""
     from passbook.core.models import Policy
+    from passbook.policies.process import cache_key
 
     if isinstance(instance, Policy):
         LOGGER.debug("Invalidating policy cache", policy=instance)
-        keys = cache.keys("%s#*" % instance.pk)
+        prefix = cache_key(instance) + "*"
+        keys = cache.keys(prefix)
         cache.delete_many(keys)
         LOGGER.debug("Deleted %d keys", len(keys))

passbook/policies/process.py

@@ -5,16 +5,19 @@ from multiprocessing.connection import Connection
 from django.core.cache import cache
 from structlog import get_logger
 
-from passbook.core.models import Policy
+from passbook.core.models import Policy, User
 from passbook.policies.exceptions import PolicyException
 from passbook.policies.types import PolicyRequest, PolicyResult
 
 LOGGER = get_logger()
 
 
-def cache_key(policy, user):
+def cache_key(policy: Policy, user: User = None) -> str:
     """Generate Cache key for policy"""
-    return f"policy_{policy.pk}#{user.pk}"
+    prefix = f"policy_{policy.pk}"
+    if user:
+        prefix += f"#{user.pk}"
+    return prefix
 
 
 class PolicyProcess(Process):
@@ -33,7 +36,7 @@ class PolicyProcess(Process):
     def run(self):
         """Task wrapper to run policy checking"""
         LOGGER.debug(
-            "Running policy",
+            "P_ENG(proc): Running policy",
             policy=self.policy,
             user=self.request.user,
             process="PolicyProcess",
@@ -41,13 +44,13 @@ class PolicyProcess(Process):
         try:
             policy_result = self.policy.passes(self.request)
         except PolicyException as exc:
-            LOGGER.debug(exc)
+            LOGGER.debug("P_ENG(proc): error", exc=exc)
             policy_result = PolicyResult(False, str(exc))
         # Invert result if policy.negate is set
         if self.policy.negate:
             policy_result.passing = not policy_result.passing
         LOGGER.debug(
-            "Got result",
+            "P_ENG(proc): Finished",
             policy=self.policy,
             result=policy_result,
             process="PolicyProcess",
@@ -56,5 +59,5 @@ class PolicyProcess(Process):
         )
         key = cache_key(self.policy, self.request.user)
         cache.set(key, policy_result)
-        LOGGER.debug("Cached policy evaluation", key=key)
+        LOGGER.debug("P_ENG(proc): Cached policy evaluation", key=key)
         self.connection.send(policy_result)

passbook/providers/oidc/forms.py

@@ -19,6 +19,8 @@ class OIDCProviderForm(forms.ModelForm):
         self.fields["client_secret"].initial = generate_client_secret()
 
     def save(self, *args, **kwargs):
+        self.instance.reuse_consent = False  # This is managed by passbook
+        self.instance.require_consent = True  # This is managed by passbook
         response = super().save(*args, **kwargs)
         # Check if openidprovider class instance exists
         if not OpenIDProvider.objects.filter(oidc_client=self.instance).exists():