diff --git a/authentik/policies/exceptions.py b/authentik/policies/exceptions.py index 994095ff4..d08206800 100644 --- a/authentik/policies/exceptions.py +++ b/authentik/policies/exceptions.py @@ -1,6 +1,14 @@ """policy exceptions""" +from typing import Optional + from authentik.lib.sentry import SentryIgnoredException class PolicyException(SentryIgnoredException): """Exception that should be raised during Policy Evaluation, and can be recovered from.""" + + src_exc: Optional[Exception] = None + + def __init__(self, src_exc: Optional[Exception] = None) -> None: + super().__init__() + self.src_exc = src_exc diff --git a/authentik/policies/expression/evaluator.py b/authentik/policies/expression/evaluator.py index 236c98c20..d30be1e06 100644 --- a/authentik/policies/expression/evaluator.py +++ b/authentik/policies/expression/evaluator.py @@ -55,7 +55,7 @@ class PolicyEvaluator(BaseEvaluator): def handle_error(self, exc: Exception, expression_source: str): """Exception Handler""" - raise PolicyException(str(exc)) from exc + raise PolicyException(exc) def evaluate(self, expression_source: str) -> PolicyResult: """Parse and evaluate expression. Policy is expected to return a truthy object. diff --git a/authentik/policies/process.py b/authentik/policies/process.py index 0f2f2e798..86b59e1fc 100644 --- a/authentik/policies/process.py +++ b/authentik/policies/process.py @@ -83,8 +83,10 @@ class PolicyProcess(Process): result=policy_result, ) except PolicyException as exc: + # Either use passed original exception or whatever we have + src_exc = exc.src_exc if exc.src_exc else exc + error_string = "".join(format_tb(src_exc.__traceback__)) + str(src_exc) # Create policy exception event - error_string = "".join(format_tb(exc.__traceback__)) + str(exc) self.create_event(EventAction.POLICY_EXCEPTION, message=error_string) LOGGER.debug("P_ENG(proc): error", exc=exc) policy_result = PolicyResult(False, str(exc))