policies: provider raw result for better policy reusability (#5189)

* policies: include raw_result in PolicyResult Signed-off-by: Jens Langhammer <jens@goauthentik.io> * move ak_call_policy to base evaluator Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-04-06 09:42:29 +02:00
parent c117d98e27
commit 977757f561
6 changed files with 81 additions and 48 deletions
--- a/authentik/core/tests/test_property_mapping.py
+++ b/authentik/core/tests/test_property_mapping.py
@ -4,7 +4,10 @@ from guardian.shortcuts import get_anonymous_user

 from authentik.core.exceptions import PropertyMappingExpressionException
 from authentik.core.models import PropertyMapping
+from authentik.core.tests.utils import create_test_admin_user
 from authentik.events.models import Event, EventAction
+from authentik.lib.generators import generate_id
+from authentik.policies.expression.models import ExpressionPolicy


 class TestPropertyMappings(TestCase):
@ -12,23 +15,24 @@ class TestPropertyMappings(TestCase):

    def setUp(self) -> None:
        super().setUp()
+        self.user = create_test_admin_user()
        self.factory = RequestFactory()

    def test_expression(self):
        """Test expression"""
-        mapping = PropertyMapping.objects.create(name="test", expression="return 'test'")
+        mapping = PropertyMapping.objects.create(name=generate_id(), expression="return 'test'")
        self.assertEqual(mapping.evaluate(None, None), "test")

    def test_expression_syntax(self):
        """Test expression syntax error"""
-        mapping = PropertyMapping.objects.create(name="test", expression="-")
+        mapping = PropertyMapping.objects.create(name=generate_id(), expression="-")
        with self.assertRaises(PropertyMappingExpressionException):
            mapping.evaluate(None, None)

    def test_expression_error_general(self):
        """Test expression error"""
        expr = "return aaa"
-        mapping = PropertyMapping.objects.create(name="test", expression=expr)
+        mapping = PropertyMapping.objects.create(name=generate_id(), expression=expr)
        with self.assertRaises(PropertyMappingExpressionException):
            mapping.evaluate(None, None)
        events = Event.objects.filter(
@ -41,7 +45,7 @@ class TestPropertyMappings(TestCase):
        """Test expression error (with user and http request"""
        expr = "return aaa"
        request = self.factory.get("/")
-        mapping = PropertyMapping.objects.create(name="test", expression=expr)
+        mapping = PropertyMapping.objects.create(name=generate_id(), expression=expr)
        with self.assertRaises(PropertyMappingExpressionException):
            mapping.evaluate(get_anonymous_user(), request)
        events = Event.objects.filter(
@ -52,3 +56,23 @@ class TestPropertyMappings(TestCase):
        event = events.first()
        self.assertEqual(event.user["username"], "AnonymousUser")
        self.assertEqual(event.client_ip, "127.0.0.1")
+
+    def test_call_policy(self):
+        """test ak_call_policy"""
+        expr = ExpressionPolicy.objects.create(
+            name=generate_id(),
+            execution_logging=True,
+            expression="return request.http_request.path",
+        )
+        http_request = self.factory.get("/")
+        tmpl = (
+            """
+        res = ak_call_policy('%s')
+        result = [request.http_request.path, res.raw_result]
+        return result
+        """
+            % expr.name
+        )
+        evaluator = PropertyMapping(expression=tmpl, name=generate_id())
+        res = evaluator.evaluate(self.user, http_request)
+        self.assertEqual(res, ["/", "/"])