lib: fix regex_match result being inverted, add tests

closes #1073

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-06-23 20:06:43 +02:00
parent e3f7185564
commit 2b98637ca5
3 changed files with 50 additions and 14 deletions

View file

@ -3,6 +3,7 @@ import re
from textwrap import indent from textwrap import indent
from typing import Any, Iterable, Optional from typing import Any, Iterable, Optional
from django.core.exceptions import FieldError
from requests import Session from requests import Session
from rest_framework.serializers import ValidationError from rest_framework.serializers import ValidationError
from sentry_sdk.hub import Hub from sentry_sdk.hub import Hub
@ -29,10 +30,10 @@ class BaseEvaluator:
# update website/docs/expressions/_objects.md # update website/docs/expressions/_objects.md
# update website/docs/expressions/_functions.md # update website/docs/expressions/_functions.md
self._globals = { self._globals = {
"regex_match": BaseEvaluator.expr_filter_regex_match, "regex_match": BaseEvaluator.expr_regex_match,
"regex_replace": BaseEvaluator.expr_filter_regex_replace, "regex_replace": BaseEvaluator.expr_regex_replace,
"ak_is_group_member": BaseEvaluator.expr_func_is_group_member, "ak_is_group_member": BaseEvaluator.expr_is_group_member,
"ak_user_by": BaseEvaluator.expr_func_user_by, "ak_user_by": BaseEvaluator.expr_user_by,
"ak_logger": get_logger(), "ak_logger": get_logger(),
"requests": Session(), "requests": Session(),
} }
@ -40,25 +41,28 @@ class BaseEvaluator:
self._filename = "BaseEvalautor" self._filename = "BaseEvalautor"
@staticmethod @staticmethod
def expr_filter_regex_match(value: Any, regex: str) -> bool: def expr_regex_match(value: Any, regex: str) -> bool:
"""Expression Filter to run re.search""" """Expression Filter to run re.search"""
return re.search(regex, value) is None return re.search(regex, value) is not None
@staticmethod @staticmethod
def expr_filter_regex_replace(value: Any, regex: str, repl: str) -> str: def expr_regex_replace(value: Any, regex: str, repl: str) -> str:
"""Expression Filter to run re.sub""" """Expression Filter to run re.sub"""
return re.sub(regex, repl, value) return re.sub(regex, repl, value)
@staticmethod @staticmethod
def expr_func_user_by(**filters) -> Optional[User]: def expr_user_by(**filters) -> Optional[User]:
"""Get user by filters""" """Get user by filters"""
users = User.objects.filter(**filters) try:
if users: users = User.objects.filter(**filters)
return users.first() if users:
return None return users.first()
return None
except FieldError:
return None
@staticmethod @staticmethod
def expr_func_is_group_member(user: User, **group_filters) -> bool: def expr_is_group_member(user: User, **group_filters) -> bool:
"""Check if `user` is member of group with name `group_name`""" """Check if `user` is member of group with name `group_name`"""
return user.ak_groups.filter(**group_filters).exists() return user.ak_groups.filter(**group_filters).exists()

View file

@ -0,0 +1,32 @@
"""Test Evaluator base functions"""
from django.test import TestCase
from authentik.core.models import User
from authentik.lib.expression.evaluator import BaseEvaluator
class TestEvaluator(TestCase):
"""Test Evaluator base functions"""
def test_regex_match(self):
"""Test expr_regex_match"""
self.assertFalse(BaseEvaluator.expr_regex_match("foo", "bar"))
self.assertTrue(BaseEvaluator.expr_regex_match("foo", "foo"))
def test_regex_replace(self):
"""Test expr_regex_replace"""
self.assertEqual(BaseEvaluator.expr_regex_replace("foo", "o", "a"), "faa")
def test_user_by(self):
"""Test expr_user_by"""
self.assertIsNotNone(BaseEvaluator.expr_user_by(username="akadmin"))
self.assertIsNone(BaseEvaluator.expr_user_by(username="bar"))
self.assertIsNone(BaseEvaluator.expr_user_by(foo="bar"))
def test_is_group_member(self):
"""Test expr_is_group_member"""
self.assertFalse(
BaseEvaluator.expr_is_group_member(
User.objects.get(username="akadmin"), name="test"
)
)

View file

@ -1,7 +1,7 @@
openapi: 3.0.3 openapi: 3.0.3
info: info:
title: authentik title: authentik
version: 2021.6.1 version: 2021.6.2
description: Making authentication simple. description: Making authentication simple.
contact: contact:
email: hello@beryju.org email: hello@beryju.org