trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

policies: raise sentry-ignored error for invalid PolicyEngine parameters 

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens Langhammer 2023-02-13 13:23:07 +01:00
parent cefc1a57ee
commit 925477b3a2
No known key found for this signature in database
3 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
authentik/events/tasks.py
View File

@ -37,11 +37,10 @@ def event_notification_handler(event_uuid: str):
@CELERY_APP.task() @CELERY_APP.task()
def event_trigger_handler(event_uuid: str, trigger_name: str): def event_trigger_handler(event_uuid: str, trigger_name: str):
"""Check if policies attached to NotificationRule match event""" """Check if policies attached to NotificationRule match event"""
events = Event.objects.filter(event_uuid=event_uuid) event: Event = Event.objects.filter(event_uuid=event_uuid).first()
if not events.exists(): if not event:
LOGGER.warning("event doesn't exist yet or anymore", event_uuid=event_uuid) LOGGER.warning("event doesn't exist yet or anymore", event_uuid=event_uuid)
return return
event: Event = events.first()
trigger: Optional[NotificationRule] = NotificationRule.objects.filter(name=trigger_name).first() trigger: Optional[NotificationRule] = NotificationRule.objects.filter(name=trigger_name).first()
if not trigger: if not trigger:
return return

7
authentik/policies/engine.py
View File

@ -11,6 +11,7 @@ from structlog.stdlib import BoundLogger, get_logger
from authentik.core.models import User from authentik.core.models import User
from authentik.policies.apps import HIST_POLICIES_BUILD_TIME from authentik.policies.apps import HIST_POLICIES_BUILD_TIME
from authentik.policies.exceptions import PolicyEngineException
from authentik.policies.models import Policy, PolicyBinding, PolicyBindingModel, PolicyEngineMode from authentik.policies.models import Policy, PolicyBinding, PolicyBindingModel, PolicyEngineMode
from authentik.policies.process import PolicyProcess, cache_key from authentik.policies.process import PolicyProcess, cache_key
from authentik.policies.types import PolicyRequest, PolicyResult from authentik.policies.types import PolicyRequest, PolicyResult
@ -51,9 +52,9 @@ class PolicyEngine:
# objects with no policies attached will pass. # objects with no policies attached will pass.
self.empty_result = True self.empty_result = True
if not isinstance(pbm, PolicyBindingModel): # pragma: no cover if not isinstance(pbm, PolicyBindingModel): # pragma: no cover
raise ValueError(f"{pbm} is not instance of PolicyBindingModel") raise PolicyEngineException(f"{pbm} is not instance of PolicyBindingModel")
if not user: if not user:
raise ValueError("User must be set") raise PolicyEngineException("User must be set")
self.__pbm = pbm self.__pbm = pbm
self.request = PolicyRequest(user) self.request = PolicyRequest(user)
self.request.obj = pbm self.request.obj = pbm
@ -76,7 +77,7 @@ class PolicyEngine:
"""Check policy type, make sure it's not the root class as that has no logic implemented""" """Check policy type, make sure it's not the root class as that has no logic implemented"""
# pyright: reportGeneralTypeIssues=false # pyright: reportGeneralTypeIssues=false
if binding.policy is not None and binding.policy.__class__ == Policy: if binding.policy is not None and binding.policy.__class__ == Policy:
raise TypeError(f"Policy '{binding.policy}' is root type") raise PolicyEngineException(f"Policy '{binding.policy}' is root type")
def build(self) -> "PolicyEngine": def build(self) -> "PolicyEngine":
"""Build wrapper which monitors performance""" """Build wrapper which monitors performance"""

4
authentik/policies/exceptions.py
View File

@ -4,6 +4,10 @@ from typing import Optional
from authentik.lib.sentry import SentryIgnoredException from authentik.lib.sentry import SentryIgnoredException
class PolicyEngineException(SentryIgnoredException):
"""Error raised when a policy engine is configured incorrectly"""
class PolicyException(SentryIgnoredException): class PolicyException(SentryIgnoredException):
"""Exception that should be raised during Policy Evaluation, and can be recovered from.""" """Exception that should be raised during Policy Evaluation, and can be recovered from."""