From 1be792fbd84b5d3055abcc6235ed2433633662c1 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Wed, 8 Feb 2023 23:29:59 +0100 Subject: [PATCH] policies/event_matcher: fix empty app label not being allowed, require at least 1 criteria closes #4643 Signed-off-by: Jens Langhammer --- authentik/policies/event_matcher/api.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/authentik/policies/event_matcher/api.py b/authentik/policies/event_matcher/api.py index ea865f26d..7a5ded3e3 100644 --- a/authentik/policies/event_matcher/api.py +++ b/authentik/policies/event_matcher/api.py @@ -1,5 +1,6 @@ """Event Matcher Policy API""" from django.utils.translation import gettext as _ +from rest_framework.exceptions import ValidationError from rest_framework.fields import ChoiceField from rest_framework.viewsets import ModelViewSet @@ -14,12 +15,18 @@ class EventMatcherPolicySerializer(PolicySerializer): app = ChoiceField( choices=app_choices(), required=False, + allow_blank=True, help_text=_( "Match events created by selected application. When left empty, " "all applications are matched." ), ) + def validate(self, attrs: dict) -> dict: + if attrs["action"] == "" and attrs["client_ip"] == "" and attrs["app"] == "": + raise ValidationError(_("At least one criteria must be set.")) + return super().validate(attrs) + class Meta: model = EventMatcherPolicy fields = PolicySerializer.Meta.fields + [