From f8b4b92e8d965ab2191112ebb0baa01e128d7fe3 Mon Sep 17 00:00:00 2001
From: Jens Langhammer <jens.langhammer@beryju.org>
Date: Sat, 16 Jan 2021 15:41:19 +0100
Subject: [PATCH] policies: pass direct exception from expression policies

---
 authentik/policies/exceptions.py           | 8 ++++++++
 authentik/policies/expression/evaluator.py | 2 +-
 authentik/policies/process.py              | 4 +++-
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/authentik/policies/exceptions.py b/authentik/policies/exceptions.py
index 994095ff4..d08206800 100644
--- a/authentik/policies/exceptions.py
+++ b/authentik/policies/exceptions.py
@@ -1,6 +1,14 @@
 """policy exceptions"""
+from typing import Optional
+
 from authentik.lib.sentry import SentryIgnoredException
 
 
 class PolicyException(SentryIgnoredException):
     """Exception that should be raised during Policy Evaluation, and can be recovered from."""
+
+    src_exc: Optional[Exception] = None
+
+    def __init__(self, src_exc: Optional[Exception] = None) -> None:
+        super().__init__()
+        self.src_exc = src_exc
diff --git a/authentik/policies/expression/evaluator.py b/authentik/policies/expression/evaluator.py
index 236c98c20..d30be1e06 100644
--- a/authentik/policies/expression/evaluator.py
+++ b/authentik/policies/expression/evaluator.py
@@ -55,7 +55,7 @@ class PolicyEvaluator(BaseEvaluator):
 
     def handle_error(self, exc: Exception, expression_source: str):
         """Exception Handler"""
-        raise PolicyException(str(exc)) from exc
+        raise PolicyException(exc)
 
     def evaluate(self, expression_source: str) -> PolicyResult:
         """Parse and evaluate expression. Policy is expected to return a truthy object.
diff --git a/authentik/policies/process.py b/authentik/policies/process.py
index 0f2f2e798..86b59e1fc 100644
--- a/authentik/policies/process.py
+++ b/authentik/policies/process.py
@@ -83,8 +83,10 @@ class PolicyProcess(Process):
                     result=policy_result,
                 )
         except PolicyException as exc:
+            # Either use passed original exception or whatever we have
+            src_exc = exc.src_exc if exc.src_exc else exc
+            error_string = "".join(format_tb(src_exc.__traceback__)) + str(src_exc)
             # Create policy exception event
-            error_string = "".join(format_tb(exc.__traceback__)) + str(exc)
             self.create_event(EventAction.POLICY_EXCEPTION, message=error_string)
             LOGGER.debug("P_ENG(proc): error", exc=exc)
             policy_result = PolicyResult(False, str(exc))