stages/email: add activate_user_on_success flag, add for all example flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

authentik/stages/email/api.py

@@ -43,6 +43,7 @@ class EmailStageSerializer(StageSerializer):
             "token_expiry",
             "subject",
             "template",
+            "activate_user_on_success",
         ]
         extra_kwargs = {"password": {"write_only": True}}
 
@@ -65,6 +66,7 @@ class EmailStageViewSet(UsedByMixin, ModelViewSet):
         "token_expiry",
         "subject",
         "template",
+        "activate_user_on_success",
     ]
     ordering = ["name"]
 

authentik/stages/email/migrations/0004_emailstage_activate_user_on_success.py

@@ -0,0 +1,20 @@
+# Generated by Django 3.2.7 on 2021-10-04 16:38
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("authentik_stages_email", "0003_auto_20210404_1054"),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name="emailstage",
+            name="activate_user_on_success",
+            field=models.BooleanField(
+                default=False, help_text="Activate users upon completion of stage."
+            ),
+        ),
+    ]

authentik/stages/email/models.py

@@ -71,6 +71,10 @@ class EmailStage(Stage):
     timeout = models.IntegerField(default=10)
     from_address = models.EmailField(default="system@authentik.local")
 
+    activate_user_on_success = models.BooleanField(
+        default=False, help_text=_("Activate users upon completion of stage.")
+    )
+
     token_expiry = models.IntegerField(
         default=30, help_text=_("Time in minutes the token sent is valid.")
     )

authentik/stages/email/stage.py

@@ -106,6 +106,9 @@ class EmailStageView(ChallengeStageView):
             self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = token.user
             token.delete()
             messages.success(request, _("Successfully verified Email."))
+            if self.executor.current_stage.activate_user_on_success:
+                self.executor.plan.context[PLAN_CONTEXT_PENDING_USER].is_active = True
+                self.executor.plan.context[PLAN_CONTEXT_PENDING_USER].save()
             return self.executor.stage_ok()
         if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context:
             LOGGER.debug("No pending user")

authentik/stages/email/tests/test_stage.py

@@ -31,6 +31,7 @@ class TestEmailStage(APITestCase):
         )
         self.stage = EmailStage.objects.create(
             name="email",
+            activate_user_on_success=True,
         )
         self.binding = FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2)
 
@@ -84,6 +85,8 @@ class TestEmailStage(APITestCase):
         """Test with token"""
         # Make sure token exists
         self.test_pending_user()
+        self.user.is_active = False
+        self.user.save()
         plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
         session = self.client.session
         session[SESSION_KEY_PLAN] = plan
@@ -125,3 +128,4 @@ class TestEmailStage(APITestCase):
             session = self.client.session
             plan: FlowPlan = session[SESSION_KEY_PLAN]
             self.assertEqual(plan.context[PLAN_CONTEXT_PENDING_USER], self.user)
+            self.assertTrue(plan.context[PLAN_CONTEXT_PENDING_USER].is_active)

schema.yml

@@ -15663,6 +15663,10 @@ paths:
       operationId: stages_email_list
       description: EmailStage Viewset
       parameters:
+      - in: query
+        name: activate_user_on_success
+        schema:
+          type: boolean
       - in: query
         name: from_address
         schema:
@@ -19836,6 +19840,9 @@ components:
           type: string
         template:
           type: string
+        activate_user_on_success:
+          type: boolean
+          description: Activate users upon completion of stage.
       required:
       - component
       - name
@@ -19888,6 +19895,9 @@ components:
           type: string
         template:
           type: string
+        activate_user_on_success:
+          type: boolean
+          description: Activate users upon completion of stage.
       required:
       - name
     ErrorDetail:
@@ -25434,6 +25444,9 @@ components:
           type: string
         template:
           type: string
+        activate_user_on_success:
+          type: boolean
+          description: Activate users upon completion of stage.
     PatchedEventMatcherPolicyRequest:
       type: object
       description: Event Matcher Policy Serializer

web/src/locales/en.po

@@ -159,6 +159,10 @@ msgstr "Actions over the last 24 hours"
 msgid "Activate"
 msgstr "Activate"
 
+#: src/pages/stages/email/EmailStageForm.ts
+msgid "Activate pending user on success"
+msgstr "Activate pending user on success"
+
 #: src/pages/groups/MemberSelectModal.ts
 #: src/pages/users/UserListPage.ts
 #: src/pages/users/UserListPage.ts
@@ -294,6 +298,10 @@ msgstr "Application"
 msgid "Application Icon"
 msgstr "Application Icon"
 
+#: src/elements/charts/UserChart.ts
+msgid "Application authorizations"
+msgstr "Application authorizations"
+
 #: src/pages/events/utils.ts
 msgid "Application authorized"
 msgstr "Application authorized"
@@ -439,6 +447,10 @@ msgstr "Authorization URL"
 msgid "Authorization flow"
 msgstr "Authorization flow"
 
+#: src/elements/charts/ApplicationAuthorizeChart.ts
+msgid "Authorizations"
+msgstr "Authorizations"
+
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 msgid "Authorize URL"
 msgstr "Authorize URL"
@@ -1732,6 +1744,11 @@ msgstr "External Host"
 msgid "External host"
 msgstr "External host"
 
+#: src/elements/charts/AdminLoginsChart.ts
+#: src/elements/charts/UserChart.ts
+msgid "Failed Logins"
+msgstr "Failed Logins"
+
 #: src/pages/stages/password/PasswordStageForm.ts
 msgid "Failed attempts before cancel"
 msgstr "Failed attempts before cancel"
@@ -1786,9 +1803,13 @@ msgstr "Field of the user object this value is written to."
 msgid "Field which contains a unique Identifier."
 msgstr "Field which contains a unique Identifier."
 
+#: 
+#~ msgid "Field which contains members of a group."
+#~ msgstr "Field which contains members of a group."
+
 #: src/pages/sources/ldap/LDAPSourceForm.ts
-msgid "Field which contains members of a group."
-msgstr "Field which contains members of a group."
+msgid "Field which contains members of a group. Note that if using the \"memberUid\" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'"
+msgstr "Field which contains members of a group. Note that if using the \"memberUid\" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'"
 
 #: src/pages/stages/prompt/PromptStageForm.ts
 msgid "Fields"
@@ -3634,6 +3655,10 @@ msgstr "Scopes"
 msgid "Score"
 msgstr "Score"
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Search group"
+msgstr "Search group"
+
 #: src/elements/table/TableSearch.ts
 #: src/user/LibraryPage.ts
 msgid "Search..."
@@ -4078,6 +4103,11 @@ msgstr "Subject-alt name"
 msgid "Successful"
 msgstr "Successful"
 
+#: src/elements/charts/AdminLoginsChart.ts
+#: src/elements/charts/UserChart.ts
+msgid "Successful Logins"
+msgstr "Successful Logins"
+
 #: src/pages/flows/FlowListPage.ts
 msgid "Successfully cleared flow cache"
 msgstr "Successfully cleared flow cache"
@@ -4405,9 +4435,9 @@ msgstr "Sync"
 msgid "Sync groups"
 msgstr "Sync groups"
 
-#: src/pages/providers/ldap/LDAPProviderForm.ts
-msgid "Sync parent group"
-msgstr "Sync parent group"
+#: 
+#~ msgid "Sync parent group"
+#~ msgstr "Sync parent group"
 
 #: src/pages/sources/ldap/LDAPSourceViewPage.ts
 msgid "Sync status"
@@ -5267,6 +5297,10 @@ msgstr "Webhook Mapping"
 msgid "Webhook URL"
 msgstr "Webhook URL"
 
+#: src/pages/stages/email/EmailStageForm.ts
+msgid "When a user returns from the email successfully, their account will be activated."
+msgstr "When a user returns from the email successfully, their account will be activated."
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown."
 msgstr "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown."

web/src/locales/pseudo-LOCALE.po

@@ -159,6 +159,10 @@ msgstr ""
 msgid "Activate"
 msgstr ""
 
+#: src/pages/stages/email/EmailStageForm.ts
+msgid "Activate pending user on success"
+msgstr ""
+
 #: src/pages/groups/MemberSelectModal.ts
 #: src/pages/users/UserListPage.ts
 #: src/pages/users/UserListPage.ts
@@ -294,6 +298,10 @@ msgstr ""
 msgid "Application Icon"
 msgstr ""
 
+#: src/elements/charts/UserChart.ts
+msgid "Application authorizations"
+msgstr ""
+
 #: src/pages/events/utils.ts
 msgid "Application authorized"
 msgstr ""
@@ -435,6 +443,10 @@ msgstr ""
 msgid "Authorization flow"
 msgstr ""
 
+#: src/elements/charts/ApplicationAuthorizeChart.ts
+msgid "Authorizations"
+msgstr ""
+
 #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
 msgid "Authorize URL"
 msgstr ""
@@ -1724,6 +1736,11 @@ msgstr ""
 msgid "External host"
 msgstr ""
 
+#: src/elements/charts/AdminLoginsChart.ts
+#: src/elements/charts/UserChart.ts
+msgid "Failed Logins"
+msgstr ""
+
 #: src/pages/stages/password/PasswordStageForm.ts
 msgid "Failed attempts before cancel"
 msgstr ""
@@ -1778,8 +1795,12 @@ msgstr ""
 msgid "Field which contains a unique Identifier."
 msgstr ""
 
+#: 
+#~ msgid "Field which contains members of a group."
+#~ msgstr ""
+
 #: src/pages/sources/ldap/LDAPSourceForm.ts
-msgid "Field which contains members of a group."
+msgid "Field which contains members of a group. Note that if using the \"memberUid\" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'"
 msgstr ""
 
 #: src/pages/stages/prompt/PromptStageForm.ts
@@ -3626,6 +3647,10 @@ msgstr ""
 msgid "Score"
 msgstr ""
 
+#: src/pages/providers/ldap/LDAPProviderForm.ts
+msgid "Search group"
+msgstr ""
+
 #: src/elements/table/TableSearch.ts
 #: src/user/LibraryPage.ts
 msgid "Search..."
@@ -4070,6 +4095,11 @@ msgstr ""
 msgid "Successful"
 msgstr ""
 
+#: src/elements/charts/AdminLoginsChart.ts
+#: src/elements/charts/UserChart.ts
+msgid "Successful Logins"
+msgstr ""
+
 #: src/pages/flows/FlowListPage.ts
 msgid "Successfully cleared flow cache"
 msgstr ""
@@ -4397,9 +4427,9 @@ msgstr ""
 msgid "Sync groups"
 msgstr ""
 
-#: src/pages/providers/ldap/LDAPProviderForm.ts
-msgid "Sync parent group"
-msgstr ""
+#: 
+#~ msgid "Sync parent group"
+#~ msgstr ""
 
 #: src/pages/sources/ldap/LDAPSourceViewPage.ts
 msgid "Sync status"
@@ -5252,6 +5282,10 @@ msgstr ""
 msgid "Webhook URL"
 msgstr ""
 
+#: src/pages/stages/email/EmailStageForm.ts
+msgid "When a user returns from the email successfully, their account will be activated."
+msgstr ""
+
 #: src/pages/stages/identification/IdentificationStageForm.ts
 msgid "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown."
 msgstr ""

web/src/pages/stages/email/EmailStageForm.ts

@@ -147,6 +147,21 @@ export class EmailStageForm extends ModelForm<EmailStage, string> {
             <ak-form-group .expanded=${true}>
                 <span slot="header"> ${t`Stage-specific settings`} </span>
                 <div slot="body" class="pf-c-form">
+                    <ak-form-element-horizontal name="activateUserOnSuccess">
+                        <div class="pf-c-check">
+                            <input
+                                type="checkbox"
+                                class="pf-c-check__input"
+                                ?checked=${first(this.instance?.activateUserOnSuccess, true)}
+                            />
+                            <label class="pf-c-check__label">
+                                ${t`Activate pending user on success`}
+                            </label>
+                        </div>
+                        <p class="pf-c-form__helper-text">
+                            ${t`When a user returns from the email successfully, their account will be activated.`}
+                        </p>
+                    </ak-form-element-horizontal>
                     <ak-form-element-horizontal name="useGlobalSettings">
                         <div class="pf-c-check">
                             <input

website/static/flows/enrollment-email-verification.akflow

@@ -100,7 +100,8 @@
                 "from_address": "system@authentik.local",
                 "token_expiry": 30,
                 "subject": "authentik",
-                "template": "email/account_confirmation.html"
+                "template": "email/account_confirmation.html",
+                "activate_user_on_success": true
             }
         },
         {

website/static/flows/recovery-email-verification.akflow

@@ -93,7 +93,8 @@
                 "from_address": "system@authentik.local",
                 "token_expiry": 30,
                 "subject": "authentik",
-                "template": "email/password_reset.html"
+                "template": "email/password_reset.html",
+                "activate_user_on_success": true
             }
         },
         {