From 4f28a89e636e6f83a64929a581f1db277520e6d9 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 16 Jan 2021 16:38:57 +0100 Subject: [PATCH] policies: improve recording of error messages during policy process --- authentik/policies/expression/evaluator.py | 4 ++++ authentik/policies/process.py | 7 ++++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/authentik/policies/expression/evaluator.py b/authentik/policies/expression/evaluator.py index d30be1e06..ccd457ac3 100644 --- a/authentik/policies/expression/evaluator.py +++ b/authentik/policies/expression/evaluator.py @@ -55,6 +55,10 @@ class PolicyEvaluator(BaseEvaluator): def handle_error(self, exc: Exception, expression_source: str): """Exception Handler""" + # So, this is a bit questionable. Essentially, we are edit the stacktrace + # so the user only sees information relevant to them + # and none of our surrounding error handling + exc.__traceback__ = exc.__traceback__.tb_next raise PolicyException(exc) def evaluate(self, expression_source: str) -> PolicyResult: diff --git a/authentik/policies/process.py b/authentik/policies/process.py index 86b59e1fc..cb9558d9c 100644 --- a/authentik/policies/process.py +++ b/authentik/policies/process.py @@ -15,6 +15,7 @@ from authentik.policies.models import PolicyBinding from authentik.policies.types import PolicyRequest, PolicyResult LOGGER = get_logger() +TRACEBACK_HEADER = "Traceback (most recent call last):\n" def cache_key(binding: PolicyBinding, request: PolicyRequest) -> str: @@ -85,7 +86,11 @@ class PolicyProcess(Process): except PolicyException as exc: # Either use passed original exception or whatever we have src_exc = exc.src_exc if exc.src_exc else exc - error_string = "".join(format_tb(src_exc.__traceback__)) + str(src_exc) + error_string = ( + TRACEBACK_HEADER + + "".join(format_tb(src_exc.__traceback__)) + + str(src_exc) + ) # Create policy exception event self.create_event(EventAction.POLICY_EXCEPTION, message=error_string) LOGGER.debug("P_ENG(proc): error", exc=exc)