From 925477b3a2ae5ce3bc8dc04b7957b888ab652a8c Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 13 Feb 2023 13:23:07 +0100 Subject: [PATCH] policies: raise sentry-ignored error for invalid PolicyEngine parameters Signed-off-by: Jens Langhammer --- authentik/events/tasks.py | 5 ++--- authentik/policies/engine.py | 7 ++++--- authentik/policies/exceptions.py | 4 ++++ 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/authentik/events/tasks.py b/authentik/events/tasks.py index cbeac7a50..2918efc73 100644 --- a/authentik/events/tasks.py +++ b/authentik/events/tasks.py @@ -37,11 +37,10 @@ def event_notification_handler(event_uuid: str): @CELERY_APP.task() def event_trigger_handler(event_uuid: str, trigger_name: str): """Check if policies attached to NotificationRule match event""" - events = Event.objects.filter(event_uuid=event_uuid) - if not events.exists(): + event: Event = Event.objects.filter(event_uuid=event_uuid).first() + if not event: LOGGER.warning("event doesn't exist yet or anymore", event_uuid=event_uuid) return - event: Event = events.first() trigger: Optional[NotificationRule] = NotificationRule.objects.filter(name=trigger_name).first() if not trigger: return diff --git a/authentik/policies/engine.py b/authentik/policies/engine.py index 539910793..fba6a6536 100644 --- a/authentik/policies/engine.py +++ b/authentik/policies/engine.py @@ -11,6 +11,7 @@ from structlog.stdlib import BoundLogger, get_logger from authentik.core.models import User from authentik.policies.apps import HIST_POLICIES_BUILD_TIME +from authentik.policies.exceptions import PolicyEngineException from authentik.policies.models import Policy, PolicyBinding, PolicyBindingModel, PolicyEngineMode from authentik.policies.process import PolicyProcess, cache_key from authentik.policies.types import PolicyRequest, PolicyResult @@ -51,9 +52,9 @@ class PolicyEngine: # objects with no policies attached will pass. self.empty_result = True if not isinstance(pbm, PolicyBindingModel): # pragma: no cover - raise ValueError(f"{pbm} is not instance of PolicyBindingModel") + raise PolicyEngineException(f"{pbm} is not instance of PolicyBindingModel") if not user: - raise ValueError("User must be set") + raise PolicyEngineException("User must be set") self.__pbm = pbm self.request = PolicyRequest(user) self.request.obj = pbm @@ -76,7 +77,7 @@ class PolicyEngine: """Check policy type, make sure it's not the root class as that has no logic implemented""" # pyright: reportGeneralTypeIssues=false if binding.policy is not None and binding.policy.__class__ == Policy: - raise TypeError(f"Policy '{binding.policy}' is root type") + raise PolicyEngineException(f"Policy '{binding.policy}' is root type") def build(self) -> "PolicyEngine": """Build wrapper which monitors performance""" diff --git a/authentik/policies/exceptions.py b/authentik/policies/exceptions.py index d08206800..b6848fd41 100644 --- a/authentik/policies/exceptions.py +++ b/authentik/policies/exceptions.py @@ -4,6 +4,10 @@ from typing import Optional from authentik.lib.sentry import SentryIgnoredException +class PolicyEngineException(SentryIgnoredException): + """Error raised when a policy engine is configured incorrectly""" + + class PolicyException(SentryIgnoredException): """Exception that should be raised during Policy Evaluation, and can be recovered from."""