core: fix saving of policy not correctly clearing it's cache

2020-02-24 13:15:27 +01:00
parent f8599438df
commit 4daa70c894
3 changed files with 15 additions and 8 deletions
--- a/passbook/core/signals.py
+++ b/passbook/core/signals.py
@ -18,9 +18,11 @@ password_changed = Signal(providing_args=["user", "password"])
 def invalidate_policy_cache(sender, instance, **_):
    """Invalidate Policy cache when policy is updated"""
    from passbook.core.models import Policy
+    from passbook.policies.process import cache_key

    if isinstance(instance, Policy):
        LOGGER.debug("Invalidating policy cache", policy=instance)
-        keys = cache.keys("%s#*" % instance.pk)
+        prefix = cache_key(instance) + "*"
+        keys = cache.keys(prefix)
        cache.delete_many(keys)
        LOGGER.debug("Deleted %d keys", len(keys))
--- a/passbook/policies/process.py
+++ b/passbook/policies/process.py
@ -5,16 +5,19 @@ from multiprocessing.connection import Connection
 from django.core.cache import cache
 from structlog import get_logger

-from passbook.core.models import Policy
+from passbook.core.models import Policy, User
 from passbook.policies.exceptions import PolicyException
 from passbook.policies.types import PolicyRequest, PolicyResult

 LOGGER = get_logger()


-def cache_key(policy, user):
+def cache_key(policy: Policy, user: User = None) -> str:
    """Generate Cache key for policy"""
-    return f"policy_{policy.pk}#{user.pk}"
+    prefix = f"policy_{policy.pk}"
+    if user:
+        prefix += f"#{user.pk}"
+    return prefix


 class PolicyProcess(Process):
@ -33,7 +36,7 @@ class PolicyProcess(Process):
    def run(self):
        """Task wrapper to run policy checking"""
        LOGGER.debug(
-            "Running policy",
+            "P_ENG(proc): Running policy",
            policy=self.policy,
            user=self.request.user,
            process="PolicyProcess",
@ -41,13 +44,13 @@ class PolicyProcess(Process):
        try:
            policy_result = self.policy.passes(self.request)
        except PolicyException as exc:
-            LOGGER.debug(exc)
+            LOGGER.debug("P_ENG(proc): error", exc=exc)
            policy_result = PolicyResult(False, str(exc))
        # Invert result if policy.negate is set
        if self.policy.negate:
            policy_result.passing = not policy_result.passing
        LOGGER.debug(
-            "Got result",
+            "P_ENG(proc): Finished",
            policy=self.policy,
            result=policy_result,
            process="PolicyProcess",
@ -56,5 +59,5 @@ class PolicyProcess(Process):
        )
        key = cache_key(self.policy, self.request.user)
        cache.set(key, policy_result)
-        LOGGER.debug("Cached policy evaluation", key=key)
+        LOGGER.debug("P_ENG(proc): Cached policy evaluation", key=key)
        self.connection.send(policy_result)
--- a/passbook/providers/oidc/forms.py
+++ b/passbook/providers/oidc/forms.py
@ -19,6 +19,8 @@ class OIDCProviderForm(forms.ModelForm):
        self.fields["client_secret"].initial = generate_client_secret()

    def save(self, *args, **kwargs):
+        self.instance.reuse_consent = False  # This is managed by passbook
+        self.instance.require_consent = True  # This is managed by passbook
        response = super().save(*args, **kwargs)
        # Check if openidprovider class instance exists
        if not OpenIDProvider.objects.filter(oidc_client=self.instance).exists():