policies: pass direct exception from expression policies

authentik/policies/exceptions.py

@@ -1,6 +1,14 @@
 """policy exceptions"""
+from typing import Optional
+
 from authentik.lib.sentry import SentryIgnoredException
 
 
 class PolicyException(SentryIgnoredException):
     """Exception that should be raised during Policy Evaluation, and can be recovered from."""
+
+    src_exc: Optional[Exception] = None
+
+    def __init__(self, src_exc: Optional[Exception] = None) -> None:
+        super().__init__()
+        self.src_exc = src_exc

authentik/policies/expression/evaluator.py

@@ -55,7 +55,7 @@ class PolicyEvaluator(BaseEvaluator):
 
     def handle_error(self, exc: Exception, expression_source: str):
         """Exception Handler"""
-        raise PolicyException(str(exc)) from exc
+        raise PolicyException(exc)
 
     def evaluate(self, expression_source: str) -> PolicyResult:
         """Parse and evaluate expression. Policy is expected to return a truthy object.

authentik/policies/process.py

@@ -83,8 +83,10 @@ class PolicyProcess(Process):
                     result=policy_result,
                 )
         except PolicyException as exc:
+            # Either use passed original exception or whatever we have
+            src_exc = exc.src_exc if exc.src_exc else exc
+            error_string = "".join(format_tb(src_exc.__traceback__)) + str(src_exc)
             # Create policy exception event
-            error_string = "".join(format_tb(exc.__traceback__)) + str(exc)
             self.create_event(EventAction.POLICY_EXCEPTION, message=error_string)
             LOGGER.debug("P_ENG(proc): error", exc=exc)
             policy_result = PolicyResult(False, str(exc))