policies: only cache policies for authenticated users

closes #4033 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-11-18 21:06:53 +01:00 · 2022-11-18 21:06:53 +01:00 · cc3ab141e5
parent c158ef80db
commit cc3ab141e5
2 changed files with 10 additions and 1 deletions
--- a/authentik/policies/process.py
+++ b/authentik/policies/process.py
@ -103,7 +103,7 @@ class PolicyProcess(PROCESS_CLASS):
            LOGGER.debug("P_ENG(proc): error", exc=src_exc)
            policy_result = PolicyResult(False, str(src_exc))
        policy_result.source_binding = self.binding
-        if not self.request.debug:
+        if self.request.should_cache:
            key = cache_key(self.binding, self.request)
            cache.set(key, policy_result, CACHE_TIMEOUT)
        LOGGER.debug(
--- a/authentik/policies/types.py
+++ b/authentik/policies/types.py
@ -46,6 +46,15 @@ class PolicyRequest:
            return
        self.context["geoip"] = GEOIP_READER.city(client_ip)

+    @property
+    def should_cache(self) -> bool:
+        """Check if this request's result should be cached"""
+        if not self.user.is_authenticated:
+            return False
+        if self.debug:
+            return False
+        return True
+
    def __repr__(self) -> str:
        return self.__str__()