policies/event_matcher: fix inconsistent behaviour (#11724)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
goauthentik · Oct 18, 2024 · 4888d51 · 4888d51
1 parent 8a2ba1c
commit 4888d51
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 2 deletions.
diff --git a/authentik/policies/event_matcher/models.py b/authentik/policies/event_matcher/models.py
@@ -108,7 +108,7 @@ def passes(self, request: PolicyRequest) -> PolicyResult:
                 result=result,
             )
             matches.append(result)
-        passing = any(x.passing for x in matches)
+        passing = all(x.passing for x in matches)
         messages = chain(*[x.messages for x in matches])
         result = PolicyResult(passing, *messages)
         result.source_results = matches

diff --git a/authentik/policies/event_matcher/tests.py b/authentik/policies/event_matcher/tests.py
@@ -77,11 +77,24 @@ def test_drop_multiple(self):
         request = PolicyRequest(get_anonymous_user())
         request.context["event"] = event
         policy: EventMatcherPolicy = EventMatcherPolicy.objects.create(
-            client_ip="1.2.3.5", app="bar"
+            client_ip="1.2.3.5", app="foo"
         )
         response = policy.passes(request)
         self.assertFalse(response.passing)
 
+    def test_multiple(self):
+        """Test multiple"""
+        event = Event.new(EventAction.LOGIN)
+        event.app = "foo"
+        event.client_ip = "1.2.3.4"
+        request = PolicyRequest(get_anonymous_user())
+        request.context["event"] = event
+        policy: EventMatcherPolicy = EventMatcherPolicy.objects.create(
+            client_ip="1.2.3.4", app="foo"
+        )
+        response = policy.passes(request)
+        self.assertTrue(response.passing)
+
     def test_invalid(self):
         """Test passing event"""
         request = PolicyRequest(get_anonymous_user())