trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

policies/expression: add pb_flow_plan variable

This commit is contained in:
Jens Langhammer 2020-05-13 18:44:36 +02:00
parent 461fed5567
commit 80c3246333
6 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/policies/expression/index.md
View File

@ -10,6 +10,7 @@ The following objects are passed into the variable:
- `request.user`: The current User, which the Policy is applied against. ([ref](../../property-mappings/reference/user-object.md)) - `request.user`: The current User, which the Policy is applied against. ([ref](../../property-mappings/reference/user-object.md))
- `request.http_request`: The Django HTTP Request, as documented [here](https://docs.djangoproject.com/en/3.0/ref/request-response/#httprequest-objects). - `request.http_request`: The Django HTTP Request, as documented [here](https://docs.djangoproject.com/en/3.0/ref/request-response/#httprequest-objects).
- `request.obj`: A Django Model instance. This is only set if the Policy is ran against an object. - `request.obj`: A Django Model instance. This is only set if the Policy is ran against an object.
- `pb_flow_plan`: Current Plan if Policy is called while a flow is active.
- `pb_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external Provider. - `pb_is_sso_flow`: Boolean which is true if request was initiated by authenticating through an external Provider.
- `pb_is_group_member(user, group_name)`: Function which checks if `user` is member of a Group with Name `gorup_name`. - `pb_is_group_member(user, group_name)`: Function which checks if `user` is member of a Group with Name `gorup_name`.
- `pb_logger`: Standard Python Logger Object, which can be used to debug expressions. - `pb_logger`: Standard Python Logger Object, which can be used to debug expressions.

1
passbook/core/templatetags/passbook_user_settings.py
View File

@ -23,7 +23,6 @@ def user_stages(context: RequestContext) -> List[UIUserSettings]:
if not user_settings: if not user_settings:
continue continue
matching_stages.append(user_settings) matching_stages.append(user_settings)
print(matching_stages)
return matching_stages return matching_stages

1
passbook/flows/tests/test_misc.py
View File

@ -17,6 +17,7 @@ class TestFlowsMisc(TestCase):
"""Test that stage serializer returns the correct type""" """Test that stage serializer returns the correct type"""
obj = DummyStage() obj = DummyStage()
self.assertEqual(StageSerializer().get_type(obj), "dummy") self.assertEqual(StageSerializer().get_type(obj), "dummy")
self.assertEqual(StageSerializer().get_verbose_name(obj), "Dummy Stage")
def test_api_viewset(self): def test_api_viewset(self):
"""Test that stage serializer returns the correct type""" """Test that stage serializer returns the correct type"""

4
passbook/policies/expression/evaluator.py
View File

@ -9,6 +9,7 @@ from jinja2.nativetypes import NativeEnvironment
from structlog import get_logger from structlog import get_logger
from passbook.flows.planner import PLAN_CONTEXT_SSO from passbook.flows.planner import PLAN_CONTEXT_SSO
from passbook.flows.views import SESSION_KEY_PLAN
from passbook.lib.utils.http import get_client_ip from passbook.lib.utils.http import get_client_ip
from passbook.policies.types import PolicyRequest, PolicyResult from passbook.policies.types import PolicyRequest, PolicyResult
@ -54,13 +55,14 @@ class Evaluator:
kwargs["pb_is_group_member"] = Evaluator.jinja2_func_is_group_member kwargs["pb_is_group_member"] = Evaluator.jinja2_func_is_group_member
kwargs["pb_logger"] = get_logger() kwargs["pb_logger"] = get_logger()
if request.http_request: if request.http_request:
# TODO: Get access to current plan
kwargs["pb_is_sso_flow"] = request.http_request.session.get( kwargs["pb_is_sso_flow"] = request.http_request.session.get(
PLAN_CONTEXT_SSO, False PLAN_CONTEXT_SSO, False
) )
kwargs["pb_client_ip"] = ( kwargs["pb_client_ip"] = (
get_client_ip(request.http_request) or "255.255.255.255" get_client_ip(request.http_request) or "255.255.255.255"
) )
if SESSION_KEY_PLAN in request.http_request.session:
kwargs["pb_flow_plan"] = request.http_request.session[SESSION_KEY_PLAN]
return kwargs return kwargs
def evaluate(self, expression_source: str, request: PolicyRequest) -> PolicyResult: def evaluate(self, expression_source: str, request: PolicyRequest) -> PolicyResult:

1
passbook/policies/expression/templates/policy/expression/form.html
View File

@ -13,6 +13,7 @@
<li><code>request.user</code>: Passbook User Object (<a href="https://beryju.github.io/passbook/property-mappings/reference/user-object/">Reference</a>)</li> <li><code>request.user</code>: Passbook User Object (<a href="https://beryju.github.io/passbook/property-mappings/reference/user-object/">Reference</a>)</li>
<li><code>request.http_request</code>: Django HTTP Request Object (<a href="https://docs.djangoproject.com/en/3.0/ref/request-response/#httprequest-objects">Reference</a>) </li> <li><code>request.http_request</code>: Django HTTP Request Object (<a href="https://docs.djangoproject.com/en/3.0/ref/request-response/#httprequest-objects">Reference</a>) </li>
<li><code>request.obj</code>: Model the Policy is run against. </li> <li><code>request.obj</code>: Model the Policy is run against. </li>
<li><code>pb_flow_plan</code>: Current Plan if Policy is called while a flow is active.</li>
<li><code>pb_is_sso_flow</code>: Boolean which is true if request was initiated by authenticating through an external Provider.</li> <li><code>pb_is_sso_flow</code>: Boolean which is true if request was initiated by authenticating through an external Provider.</li>
<li><code>pb_is_group_member(user, group_name)</code>: Function which checks if <code>user</code> is member of a Group with Name <code>group_name</code>.</li> <li><code>pb_is_group_member(user, group_name)</code>: Function which checks if <code>user</code> is member of a Group with Name <code>group_name</code>.</li>
<li><code>pb_logger</code>: Standard Python Logger Object, which can be used to debug expressions.</li> <li><code>pb_logger</code>: Standard Python Logger Object, which can be used to debug expressions.</li>

1
passbook/providers/oidc/signals.py
View File

@ -13,4 +13,3 @@ def on_application_save(sender, instance: Application, **_):
if isinstance(instance.provider, OpenIDProvider): if isinstance(instance.provider, OpenIDProvider):
instance.provider.oidc_client.require_consent = not instance.skip_authorization instance.provider.oidc_client.require_consent = not instance.skip_authorization
instance.provider.oidc_client.save() instance.provider.oidc_client.save()
print("updating skip_authz")