policies/expression: remove pb_flow_plan, save flow context directly in context
This commit is contained in:
parent
502e43085f
commit
2b9705b33c
|
@ -27,4 +27,11 @@ return False
|
||||||
- `request.context`: A dictionary with dynamic data. This depends on the origin of the execution.
|
- `request.context`: A dictionary with dynamic data. This depends on the origin of the execution.
|
||||||
- `pb_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external provider.
|
- `pb_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external provider.
|
||||||
- `pb_client_ip`: Client's IP Address or '255.255.255.255' if no IP Address could be extracted. Can be [compared](../expressions/index.md#comparing-ip-addresses)
|
- `pb_client_ip`: Client's IP Address or '255.255.255.255' if no IP Address could be extracted. Can be [compared](../expressions/index.md#comparing-ip-addresses)
|
||||||
- `pb_flow_plan`: Current Plan if Policy is called from the Flow Planner.
|
|
||||||
|
Additionally, when the policy is executed from a flow, every variable from the flow's current context is accessible under the `context` object.
|
||||||
|
|
||||||
|
This includes the following:
|
||||||
|
|
||||||
|
- `prompt_data`: Data which has been saved from a prompt stage or an external source.
|
||||||
|
- `application`: The application the user is in the process of authorizing.
|
||||||
|
- `pending_user`: The currently pending user
|
||||||
|
|
|
@ -12,7 +12,7 @@ FLOW_POLICY_EXPRESSION = """# This policy ensures that this flow can only be use
|
||||||
return pb_is_sso_flow"""
|
return pb_is_sso_flow"""
|
||||||
PROMPT_POLICY_EXPRESSION = """# Check if we've not been given a username by the external IdP
|
PROMPT_POLICY_EXPRESSION = """# Check if we've not been given a username by the external IdP
|
||||||
# and trigger the enrollment flow
|
# and trigger the enrollment flow
|
||||||
return 'username' not in pb_flow_plan.context.get('prompt_data', {})"""
|
return 'username' not in context.get('prompt_data', {})"""
|
||||||
|
|
||||||
|
|
||||||
def create_default_source_enrollment_flow(
|
def create_default_source_enrollment_flow(
|
||||||
|
|
|
@ -6,7 +6,6 @@ from django.http import HttpRequest
|
||||||
from structlog import get_logger
|
from structlog import get_logger
|
||||||
|
|
||||||
from passbook.flows.planner import PLAN_CONTEXT_SSO
|
from passbook.flows.planner import PLAN_CONTEXT_SSO
|
||||||
from passbook.flows.views import SESSION_KEY_PLAN
|
|
||||||
from passbook.lib.expression.evaluator import BaseEvaluator
|
from passbook.lib.expression.evaluator import BaseEvaluator
|
||||||
from passbook.lib.utils.http import get_client_ip
|
from passbook.lib.utils.http import get_client_ip
|
||||||
from passbook.policies.types import PolicyRequest, PolicyResult
|
from passbook.policies.types import PolicyRequest, PolicyResult
|
||||||
|
@ -31,23 +30,20 @@ class PolicyEvaluator(BaseEvaluator):
|
||||||
|
|
||||||
def set_policy_request(self, request: PolicyRequest):
|
def set_policy_request(self, request: PolicyRequest):
|
||||||
"""Update context based on policy request (if http request is given, update that too)"""
|
"""Update context based on policy request (if http request is given, update that too)"""
|
||||||
# update passbook/policies/expression/templates/policy/expression/form.html
|
|
||||||
# update docs/policies/expression/index.md
|
# update docs/policies/expression/index.md
|
||||||
self._context["pb_is_sso_flow"] = request.context.get(PLAN_CONTEXT_SSO, False)
|
self._context["pb_is_sso_flow"] = request.context.get(PLAN_CONTEXT_SSO, False)
|
||||||
if request.http_request:
|
if request.http_request:
|
||||||
self.set_http_request(request.http_request)
|
self.set_http_request(request.http_request)
|
||||||
self._context["request"] = request
|
self._context["request"] = request
|
||||||
|
self._context["context"] = request.context
|
||||||
|
|
||||||
def set_http_request(self, request: HttpRequest):
|
def set_http_request(self, request: HttpRequest):
|
||||||
"""Update context based on http request"""
|
"""Update context based on http request"""
|
||||||
# update passbook/policies/expression/templates/policy/expression/form.html
|
|
||||||
# update docs/policies/expression/index.md
|
# update docs/policies/expression/index.md
|
||||||
self._context["pb_client_ip"] = ip_address(
|
self._context["pb_client_ip"] = ip_address(
|
||||||
get_client_ip(request) or "255.255.255.255"
|
get_client_ip(request) or "255.255.255.255"
|
||||||
)
|
)
|
||||||
self._context["request"] = request
|
self._context["request"] = request
|
||||||
if SESSION_KEY_PLAN in request.session:
|
|
||||||
self._context["pb_flow_plan"] = request.session[SESSION_KEY_PLAN]
|
|
||||||
|
|
||||||
def evaluate(self, expression_source: str) -> PolicyResult:
|
def evaluate(self, expression_source: str) -> PolicyResult:
|
||||||
"""Parse and evaluate expression. Policy is expected to return a truthy object.
|
"""Parse and evaluate expression. Policy is expected to return a truthy object.
|
||||||
|
|
|
@ -0,0 +1,28 @@
|
||||||
|
# Generated by Django 3.1.1 on 2020-09-26 11:56
|
||||||
|
|
||||||
|
from django.apps.registry import Apps
|
||||||
|
from django.db import migrations
|
||||||
|
from django.db.backends.base.schema import BaseDatabaseSchemaEditor
|
||||||
|
|
||||||
|
|
||||||
|
def remove_pb_flow_plan(apps: Apps, schema_editor: BaseDatabaseSchemaEditor):
|
||||||
|
ExpressionPolicy = apps.get_model(
|
||||||
|
"passbook_policies_expression", "ExpressionPolicy"
|
||||||
|
)
|
||||||
|
|
||||||
|
db_alias = schema_editor.connection.alias
|
||||||
|
|
||||||
|
for policy in ExpressionPolicy.objects.using(db_alias).all():
|
||||||
|
policy.expression.replace("pb_flow_plan.", "context.")
|
||||||
|
policy.save()
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
("passbook_policies_expression", "0001_initial"),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.RunPython(remove_pb_flow_plan),
|
||||||
|
]
|
Reference in a new issue