authentik/passbook/policies/engine.py

98 lines
3.5 KiB
Python
Raw Normal View History

"""passbook policy engine"""
from multiprocessing import Pipe
from multiprocessing.connection import Connection
from typing import List, Optional, Tuple
from django.core.cache import cache
from django.http import HttpRequest
from structlog import get_logger
from passbook.core.models import Policy, User
2019-10-07 15:33:48 +01:00
from passbook.policies.process import PolicyProcess, cache_key
from passbook.policies.struct import PolicyRequest, PolicyResult
LOGGER = get_logger()
2019-10-04 12:44:26 +01:00
class PolicyProcessInfo:
2019-10-04 12:49:27 +01:00
"""Dataclass to hold all information and communication channels to a process"""
2019-10-04 12:44:26 +01:00
process: PolicyProcess
connection: Connection
result: Optional[PolicyResult]
2019-10-04 12:44:26 +01:00
policy: Policy
def __init__(self, process: PolicyProcess, connection: Connection, policy: Policy):
self.process = process
self.connection = connection
self.policy = policy
self.result = None
2019-10-04 12:44:26 +01:00
class PolicyEngine:
"""Orchestrate policy checking, launch tasks and return result"""
use_cache: bool = True
policies: List[Policy] = []
__request: HttpRequest
__user: User
2019-10-04 12:44:26 +01:00
__processes: List[PolicyProcessInfo] = []
def __init__(self, policies, user: User = None, request: HttpRequest = None):
self.policies = policies
self.__request = request
self.__user = user
2019-10-04 12:44:26 +01:00
self.__processes = []
def _select_subclasses(self) -> List[Policy]:
"""Make sure all Policies are their respective classes"""
return Policy.objects \
.filter(pk__in=[x.pk for x in self.policies]) \
.select_subclasses() \
.order_by('order')
def build(self) -> 'PolicyEngine':
"""Build task group"""
if not self.__user:
raise ValueError("User not set.")
cached_policies = []
request = PolicyRequest(self.__user)
request.http_request = self.__request
for policy in self._select_subclasses():
2019-10-07 15:33:48 +01:00
cached_policy = cache.get(cache_key(policy, self.__user), None)
if cached_policy and self.use_cache:
2019-10-04 12:44:26 +01:00
LOGGER.debug("Taking result from cache", policy=policy)
cached_policies.append(cached_policy)
else:
2019-10-04 12:44:26 +01:00
LOGGER.debug("Evaluating policy", policy=policy)
our_end, task_end = Pipe(False)
2019-10-04 12:44:26 +01:00
task = PolicyProcess(policy, request, task_end)
LOGGER.debug("Starting Process", policy=policy)
task.start()
2019-10-04 12:44:26 +01:00
self.__processes.append(PolicyProcessInfo(process=task,
2019-10-04 12:49:27 +01:00
connection=our_end, policy=policy))
# If all policies are cached, we have an empty list here.
2019-10-04 12:44:26 +01:00
for proc_info in self.__processes:
proc_info.process.join(proc_info.policy.timeout)
# Only call .recv() if no result is saved, otherwise we just deadlock here
if not proc_info.result:
proc_info.result = proc_info.connection.recv()
return self
@property
def result(self) -> Tuple[bool, List[str]]:
"""Get policy-checking result"""
messages: List[str] = []
2019-10-04 12:44:26 +01:00
for proc_info in self.__processes:
LOGGER.debug("Result", policy=proc_info.policy, passing=proc_info.result.passing)
2019-10-04 12:44:26 +01:00
if proc_info.result.messages:
messages += proc_info.result.messages
if not proc_info.result.passing:
return False, messages
return True, messages
@property
def passing(self) -> bool:
"""Only get true/false if user passes"""
return self.result[0]