From ec42869e00f68d2b3f9c75e00318b4927b17298d Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 6 Feb 2021 21:45:38 +0100 Subject: [PATCH] policies: add debug flag to PolicyRequest to prevent alerts from testing policies --- authentik/admin/views/policies.py | 1 + authentik/events/tasks.py | 2 +- authentik/policies/process.py | 7 ++++--- authentik/policies/types.py | 1 + 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/authentik/admin/views/policies.py b/authentik/admin/views/policies.py index fd25167bf..8a5441686 100644 --- a/authentik/admin/views/policies.py +++ b/authentik/admin/views/policies.py @@ -115,6 +115,7 @@ class PolicyTestView(LoginRequiredMixin, DetailView, PermissionRequiredMixin, Fo user = form.cleaned_data.get("user") p_request = PolicyRequest(user) + p_request.debug = True p_request.http_request = self.request p_request.context = form.cleaned_data.get("context", {}) diff --git a/authentik/events/tasks.py b/authentik/events/tasks.py index 43505b8e5..68b46f92b 100644 --- a/authentik/events/tasks.py +++ b/authentik/events/tasks.py @@ -67,7 +67,7 @@ def event_trigger_handler(event_uuid: str, trigger_name: str): # Create the notification objects for transport in trigger.transports.all(): for user in trigger.group.users.all(): - LOGGER.debug("created notif") + LOGGER.debug("created notification") notification = Notification.objects.create( severity=trigger.severity, body=event.summary, event=event, user=user ) diff --git a/authentik/policies/process.py b/authentik/policies/process.py index 900614558..4eee182a2 100644 --- a/authentik/policies/process.py +++ b/authentik/policies/process.py @@ -80,7 +80,7 @@ class PolicyProcess(PROCESS_CLASS): ) try: policy_result = self.binding.policy.passes(self.request) - if self.binding.policy.execution_logging: + if self.binding.policy.execution_logging and not self.request.debug: self.create_event( EventAction.POLICY_EXECUTION, message="Policy Execution", @@ -94,8 +94,9 @@ class PolicyProcess(PROCESS_CLASS): + "".join(format_tb(src_exc.__traceback__)) + str(src_exc) ) - # Create policy exception event - self.create_event(EventAction.POLICY_EXCEPTION, message=error_string) + # Create policy exception event, only when we're not debugging + if not self.request.debug: + self.create_event(EventAction.POLICY_EXCEPTION, message=error_string) LOGGER.debug("P_ENG(proc): error", exc=src_exc) policy_result = PolicyResult(False, str(src_exc)) policy_result.source_policy = self.binding.policy diff --git a/authentik/policies/types.py b/authentik/policies/types.py index df2ad1951..4ffa7a8a1 100644 --- a/authentik/policies/types.py +++ b/authentik/policies/types.py @@ -20,6 +20,7 @@ class PolicyRequest: http_request: Optional[HttpRequest] obj: Optional[Model] context: dict[str, Any] + debug: bool = False def __init__(self, user: User): super().__init__()