trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

policies: fix missing negate flag of policy bindings 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-05-31 11:50:29 +02:00
parent 264a170a7e
commit e24a9e3119
6 changed files with 90 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
authentik/policies/api/bindings.py
View File

@ -75,6 +75,7 @@ class PolicyBindingSerializer(ModelSerializer):
"group_obj", "group_obj",
"user_obj", "user_obj",
"target", "target",
"negate",
"enabled", "enabled",
"order", "order",
"timeout", "timeout",

6
authentik/policies/process.py
View File

@ -93,6 +93,9 @@ class PolicyProcess(PROCESS_CLASS):
) )
try: try:
policy_result = self.binding.passes(self.request) policy_result = self.binding.passes(self.request)
# Invert result if policy.negate is set
if self.binding.negate:
policy_result.passing = not policy_result.passing
if self.binding.policy and not self.request.debug: if self.binding.policy and not self.request.debug:
if self.binding.policy.execution_logging: if self.binding.policy.execution_logging:
self.create_event( self.create_event(
@ -114,9 +117,6 @@ class PolicyProcess(PROCESS_CLASS):
LOGGER.debug("P_ENG(proc): error", exc=src_exc) LOGGER.debug("P_ENG(proc): error", exc=src_exc)
policy_result = PolicyResult(False, str(src_exc)) policy_result = PolicyResult(False, str(src_exc))
policy_result.source_binding = self.binding policy_result.source_binding = self.binding
# Invert result if policy.negate is set
if self.binding.negate:
policy_result.passing = not policy_result.passing
if not self.request.debug: if not self.request.debug:
key = cache_key(self.binding, self.request) key = cache_key(self.binding, self.request)
cache.set(key, policy_result) cache.set(key, policy_result)

9
schema.yml
View File

@ -22802,6 +22802,9 @@ components:
target: target:
type: string type: string
format: uuid format: uuid
negate:
type: boolean
description: Negates the outcome of the policy. Messages are unaffected.
enabled: enabled:
type: boolean type: boolean
order: order:
@ -23524,6 +23527,9 @@ components:
target: target:
type: string type: string
format: uuid format: uuid
negate:
type: boolean
description: Negates the outcome of the policy. Messages are unaffected.
enabled: enabled:
type: boolean type: boolean
order: order:
@ -23560,6 +23566,9 @@ components:
target: target:
type: string type: string
format: uuid format: uuid
negate:
type: boolean
description: Negates the outcome of the policy. Messages are unaffected.
enabled: enabled:
type: boolean type: boolean
order: order:

33
web/src/locales/en.po
View File

@ -431,6 +431,10 @@ msgstr "Branding settings"
msgid "Branding shown in page title and several other places." msgid "Branding shown in page title and several other places."
msgstr "Branding shown in page title and several other places." msgstr "Branding shown in page title and several other places."
#: src/elements/user/SessionList.ts
msgid "Browser"
msgstr "Browser"
#: src/pages/admin-overview/cards/VersionStatusCard.ts #: src/pages/admin-overview/cards/VersionStatusCard.ts
msgid "Build hash: {0}" msgid "Build hash: {0}"
msgstr "Build hash: {0}" msgstr "Build hash: {0}"
@ -1018,6 +1022,10 @@ msgstr "Delete Consent"
msgid "Delete Refresh Code" msgid "Delete Refresh Code"
msgstr "Delete Refresh Code" msgstr "Delete Refresh Code"
#: src/elements/user/SessionList.ts
msgid "Delete Session"
msgstr "Delete Session"
#: src/pages/user-settings/UserDetailsPage.ts #: src/pages/user-settings/UserDetailsPage.ts
msgid "Delete account" msgid "Delete account"
msgstr "Delete account" msgstr "Delete account"
@ -1070,6 +1078,10 @@ msgstr "Determines how authentik sends the response back to the Service Provider
msgid "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed." msgid "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed."
msgstr "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed." msgstr "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed."
#: src/elements/user/SessionList.ts
msgid "Device"
msgstr "Device"
#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts #: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
msgid "Device classes" msgid "Device classes"
msgstr "Device classes" msgstr "Device classes"
@ -1369,6 +1381,7 @@ msgstr "Execution logging"
#: src/elements/oauth/UserCodeList.ts #: src/elements/oauth/UserCodeList.ts
#: src/elements/oauth/UserRefreshList.ts #: src/elements/oauth/UserRefreshList.ts
#: src/elements/user/SessionList.ts
#: src/elements/user/UserConsentList.ts #: src/elements/user/UserConsentList.ts
#: src/pages/stages/invitation/InvitationForm.ts #: src/pages/stages/invitation/InvitationForm.ts
msgid "Expires" msgid "Expires"
@ -1872,6 +1885,10 @@ msgstr "Label"
msgid "Label shown next to/above the prompt." msgid "Label shown next to/above the prompt."
msgstr "Label shown next to/above the prompt." msgstr "Label shown next to/above the prompt."
#: src/elements/user/SessionList.ts
msgid "Last IP"
msgstr "Last IP"
#: src/pages/groups/MemberSelectModal.ts #: src/pages/groups/MemberSelectModal.ts
#: src/pages/users/UserListPage.ts #: src/pages/users/UserListPage.ts
#: src/pages/users/UserViewPage.ts #: src/pages/users/UserViewPage.ts
@ -2223,6 +2240,14 @@ msgstr "NameID Property Mapping"
msgid "Need an account?" msgid "Need an account?"
msgstr "Need an account?" msgstr "Need an account?"
#: src/pages/policies/PolicyBindingForm.ts
msgid "Negate result"
msgstr "Negate result"
#: src/pages/policies/PolicyBindingForm.ts
msgid "Negates the outcome of the binding. Messages are unaffected."
msgstr "Negates the outcome of the binding. Messages are unaffected."
#: src/pages/events/EventInfo.ts #: src/pages/events/EventInfo.ts
msgid "New version available!" msgid "New version available!"
msgstr "New version available!" msgstr "New version available!"
@ -3085,6 +3110,10 @@ msgstr "Service Provider Binding"
msgid "Service connection" msgid "Service connection"
msgstr "Service connection" msgstr "Service connection"
#: src/elements/user/SessionList.ts
msgid "Session"
msgstr "Session"
#: src/pages/stages/user_login/UserLoginStageForm.ts #: src/pages/stages/user_login/UserLoginStageForm.ts
msgid "Session duration" msgid "Session duration"
msgstr "Session duration" msgstr "Session duration"
@ -3097,6 +3126,10 @@ msgstr "Session not valid on or after current time + this value (Format: hours=1
msgid "Session valid not on or after" msgid "Session valid not on or after"
msgstr "Session valid not on or after" msgstr "Session valid not on or after"
#: src/pages/users/UserViewPage.ts
msgid "Sessions"
msgstr "Sessions"
#: src/pages/providers/proxy/ProxyProviderForm.ts #: src/pages/providers/proxy/ProxyProviderForm.ts
msgid "Set HTTP-Basic Authentication" msgid "Set HTTP-Basic Authentication"
msgstr "Set HTTP-Basic Authentication" msgstr "Set HTTP-Basic Authentication"

33
web/src/locales/pseudo-LOCALE.po
View File

@ -427,6 +427,10 @@ msgstr ""
msgid "Branding shown in page title and several other places." msgid "Branding shown in page title and several other places."
msgstr "" msgstr ""
#:
msgid "Browser"
msgstr ""
#: #:
msgid "Build hash: {0}" msgid "Build hash: {0}"
msgstr "" msgstr ""
@ -1012,6 +1016,10 @@ msgstr ""
msgid "Delete Refresh Code" msgid "Delete Refresh Code"
msgstr "" msgstr ""
#:
msgid "Delete Session"
msgstr ""
#: #:
msgid "Delete account" msgid "Delete account"
msgstr "" msgstr ""
@ -1062,6 +1070,10 @@ msgstr ""
msgid "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed." msgid "Determines how long a session lasts. Default of 0 seconds means that the sessions lasts until the browser is closed."
msgstr "" msgstr ""
#:
msgid "Device"
msgstr ""
#: #:
msgid "Device classes" msgid "Device classes"
msgstr "" msgstr ""
@ -1363,6 +1375,7 @@ msgstr ""
#: #:
#: #:
#: #:
#:
msgid "Expires" msgid "Expires"
msgstr "" msgstr ""
@ -1864,6 +1877,10 @@ msgstr ""
msgid "Label shown next to/above the prompt." msgid "Label shown next to/above the prompt."
msgstr "" msgstr ""
#:
msgid "Last IP"
msgstr ""
#: #:
#: #:
#: #:
@ -2215,6 +2232,14 @@ msgstr ""
msgid "Need an account?" msgid "Need an account?"
msgstr "" msgstr ""
#:
msgid "Negate result"
msgstr ""
#:
msgid "Negates the outcome of the binding. Messages are unaffected."
msgstr ""
#: #:
msgid "New version available!" msgid "New version available!"
msgstr "" msgstr ""
@ -3077,6 +3102,10 @@ msgstr ""
msgid "Service connection" msgid "Service connection"
msgstr "" msgstr ""
#:
msgid "Session"
msgstr ""
#: #:
msgid "Session duration" msgid "Session duration"
msgstr "" msgstr ""
@ -3089,6 +3118,10 @@ msgstr ""
msgid "Session valid not on or after" msgid "Session valid not on or after"
msgstr "" msgstr ""
#:
msgid "Sessions"
msgstr ""
#: #:
msgid "Set HTTP-Basic Authentication" msgid "Set HTTP-Basic Authentication"
msgstr "" msgstr ""

11
web/src/pages/policies/PolicyBindingForm.ts
View File

@ -200,6 +200,17 @@ export class PolicyBindingForm extends ModelForm<PolicyBinding, string> {
</label> </label>
</div> </div>
</ak-form-element-horizontal> </ak-form-element-horizontal>
<ak-form-element-horizontal name="negate">
<div class="pf-c-check">
<input type="checkbox" class="pf-c-check__input" ?checked=${first(this.instance?.negate, true)}>
<label class="pf-c-check__label">
${t`Negate result`}
</label>
</div>
<p class="pf-c-form__helper-text">
${t`Negates the outcome of the binding. Messages are unaffected.`}
</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal <ak-form-element-horizontal
label=${t`Order`} label=${t`Order`}
?required=${true} ?required=${true}