stages/email: add activate_user_on_success flag, add for all example flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-10-04 18:47:51 +02:00
parent b5649bdcc4
commit 0692663537
12 changed files with 836 additions and 1154 deletions

View file

@ -43,6 +43,7 @@ class EmailStageSerializer(StageSerializer):
"token_expiry", "token_expiry",
"subject", "subject",
"template", "template",
"activate_user_on_success",
] ]
extra_kwargs = {"password": {"write_only": True}} extra_kwargs = {"password": {"write_only": True}}
@ -65,6 +66,7 @@ class EmailStageViewSet(UsedByMixin, ModelViewSet):
"token_expiry", "token_expiry",
"subject", "subject",
"template", "template",
"activate_user_on_success",
] ]
ordering = ["name"] ordering = ["name"]

View file

@ -0,0 +1,20 @@
# Generated by Django 3.2.7 on 2021-10-04 16:38
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("authentik_stages_email", "0003_auto_20210404_1054"),
]
operations = [
migrations.AddField(
model_name="emailstage",
name="activate_user_on_success",
field=models.BooleanField(
default=False, help_text="Activate users upon completion of stage."
),
),
]

View file

@ -71,6 +71,10 @@ class EmailStage(Stage):
timeout = models.IntegerField(default=10) timeout = models.IntegerField(default=10)
from_address = models.EmailField(default="system@authentik.local") from_address = models.EmailField(default="system@authentik.local")
activate_user_on_success = models.BooleanField(
default=False, help_text=_("Activate users upon completion of stage.")
)
token_expiry = models.IntegerField( token_expiry = models.IntegerField(
default=30, help_text=_("Time in minutes the token sent is valid.") default=30, help_text=_("Time in minutes the token sent is valid.")
) )

View file

@ -106,6 +106,9 @@ class EmailStageView(ChallengeStageView):
self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = token.user self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = token.user
token.delete() token.delete()
messages.success(request, _("Successfully verified Email.")) messages.success(request, _("Successfully verified Email."))
if self.executor.current_stage.activate_user_on_success:
self.executor.plan.context[PLAN_CONTEXT_PENDING_USER].is_active = True
self.executor.plan.context[PLAN_CONTEXT_PENDING_USER].save()
return self.executor.stage_ok() return self.executor.stage_ok()
if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context: if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context:
LOGGER.debug("No pending user") LOGGER.debug("No pending user")

View file

@ -31,6 +31,7 @@ class TestEmailStage(APITestCase):
) )
self.stage = EmailStage.objects.create( self.stage = EmailStage.objects.create(
name="email", name="email",
activate_user_on_success=True,
) )
self.binding = FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2) self.binding = FlowStageBinding.objects.create(target=self.flow, stage=self.stage, order=2)
@ -84,6 +85,8 @@ class TestEmailStage(APITestCase):
"""Test with token""" """Test with token"""
# Make sure token exists # Make sure token exists
self.test_pending_user() self.test_pending_user()
self.user.is_active = False
self.user.save()
plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()]) plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
session = self.client.session session = self.client.session
session[SESSION_KEY_PLAN] = plan session[SESSION_KEY_PLAN] = plan
@ -125,3 +128,4 @@ class TestEmailStage(APITestCase):
session = self.client.session session = self.client.session
plan: FlowPlan = session[SESSION_KEY_PLAN] plan: FlowPlan = session[SESSION_KEY_PLAN]
self.assertEqual(plan.context[PLAN_CONTEXT_PENDING_USER], self.user) self.assertEqual(plan.context[PLAN_CONTEXT_PENDING_USER], self.user)
self.assertTrue(plan.context[PLAN_CONTEXT_PENDING_USER].is_active)

View file

@ -15663,6 +15663,10 @@ paths:
operationId: stages_email_list operationId: stages_email_list
description: EmailStage Viewset description: EmailStage Viewset
parameters: parameters:
- in: query
name: activate_user_on_success
schema:
type: boolean
- in: query - in: query
name: from_address name: from_address
schema: schema:
@ -19836,6 +19840,9 @@ components:
type: string type: string
template: template:
type: string type: string
activate_user_on_success:
type: boolean
description: Activate users upon completion of stage.
required: required:
- component - component
- name - name
@ -19888,6 +19895,9 @@ components:
type: string type: string
template: template:
type: string type: string
activate_user_on_success:
type: boolean
description: Activate users upon completion of stage.
required: required:
- name - name
ErrorDetail: ErrorDetail:
@ -25434,6 +25444,9 @@ components:
type: string type: string
template: template:
type: string type: string
activate_user_on_success:
type: boolean
description: Activate users upon completion of stage.
PatchedEventMatcherPolicyRequest: PatchedEventMatcherPolicyRequest:
type: object type: object
description: Event Matcher Policy Serializer description: Event Matcher Policy Serializer

View file

@ -159,6 +159,10 @@ msgstr "Actions over the last 24 hours"
msgid "Activate" msgid "Activate"
msgstr "Activate" msgstr "Activate"
#: src/pages/stages/email/EmailStageForm.ts
msgid "Activate pending user on success"
msgstr "Activate pending user on success"
#: src/pages/groups/MemberSelectModal.ts #: src/pages/groups/MemberSelectModal.ts
#: src/pages/users/UserListPage.ts #: src/pages/users/UserListPage.ts
#: src/pages/users/UserListPage.ts #: src/pages/users/UserListPage.ts
@ -294,6 +298,10 @@ msgstr "Application"
msgid "Application Icon" msgid "Application Icon"
msgstr "Application Icon" msgstr "Application Icon"
#: src/elements/charts/UserChart.ts
msgid "Application authorizations"
msgstr "Application authorizations"
#: src/pages/events/utils.ts #: src/pages/events/utils.ts
msgid "Application authorized" msgid "Application authorized"
msgstr "Application authorized" msgstr "Application authorized"
@ -439,6 +447,10 @@ msgstr "Authorization URL"
msgid "Authorization flow" msgid "Authorization flow"
msgstr "Authorization flow" msgstr "Authorization flow"
#: src/elements/charts/ApplicationAuthorizeChart.ts
msgid "Authorizations"
msgstr "Authorizations"
#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
msgid "Authorize URL" msgid "Authorize URL"
msgstr "Authorize URL" msgstr "Authorize URL"
@ -1732,6 +1744,11 @@ msgstr "External Host"
msgid "External host" msgid "External host"
msgstr "External host" msgstr "External host"
#: src/elements/charts/AdminLoginsChart.ts
#: src/elements/charts/UserChart.ts
msgid "Failed Logins"
msgstr "Failed Logins"
#: src/pages/stages/password/PasswordStageForm.ts #: src/pages/stages/password/PasswordStageForm.ts
msgid "Failed attempts before cancel" msgid "Failed attempts before cancel"
msgstr "Failed attempts before cancel" msgstr "Failed attempts before cancel"
@ -1786,9 +1803,13 @@ msgstr "Field of the user object this value is written to."
msgid "Field which contains a unique Identifier." msgid "Field which contains a unique Identifier."
msgstr "Field which contains a unique Identifier." msgstr "Field which contains a unique Identifier."
#:
#~ msgid "Field which contains members of a group."
#~ msgstr "Field which contains members of a group."
#: src/pages/sources/ldap/LDAPSourceForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts
msgid "Field which contains members of a group." msgid "Field which contains members of a group. Note that if using the \"memberUid\" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'"
msgstr "Field which contains members of a group." msgstr "Field which contains members of a group. Note that if using the \"memberUid\" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'"
#: src/pages/stages/prompt/PromptStageForm.ts #: src/pages/stages/prompt/PromptStageForm.ts
msgid "Fields" msgid "Fields"
@ -3634,6 +3655,10 @@ msgstr "Scopes"
msgid "Score" msgid "Score"
msgstr "Score" msgstr "Score"
#: src/pages/providers/ldap/LDAPProviderForm.ts
msgid "Search group"
msgstr "Search group"
#: src/elements/table/TableSearch.ts #: src/elements/table/TableSearch.ts
#: src/user/LibraryPage.ts #: src/user/LibraryPage.ts
msgid "Search..." msgid "Search..."
@ -4078,6 +4103,11 @@ msgstr "Subject-alt name"
msgid "Successful" msgid "Successful"
msgstr "Successful" msgstr "Successful"
#: src/elements/charts/AdminLoginsChart.ts
#: src/elements/charts/UserChart.ts
msgid "Successful Logins"
msgstr "Successful Logins"
#: src/pages/flows/FlowListPage.ts #: src/pages/flows/FlowListPage.ts
msgid "Successfully cleared flow cache" msgid "Successfully cleared flow cache"
msgstr "Successfully cleared flow cache" msgstr "Successfully cleared flow cache"
@ -4405,9 +4435,9 @@ msgstr "Sync"
msgid "Sync groups" msgid "Sync groups"
msgstr "Sync groups" msgstr "Sync groups"
#: src/pages/providers/ldap/LDAPProviderForm.ts #:
msgid "Sync parent group" #~ msgid "Sync parent group"
msgstr "Sync parent group" #~ msgstr "Sync parent group"
#: src/pages/sources/ldap/LDAPSourceViewPage.ts #: src/pages/sources/ldap/LDAPSourceViewPage.ts
msgid "Sync status" msgid "Sync status"
@ -5267,6 +5297,10 @@ msgstr "Webhook Mapping"
msgid "Webhook URL" msgid "Webhook URL"
msgstr "Webhook URL" msgstr "Webhook URL"
#: src/pages/stages/email/EmailStageForm.ts
msgid "When a user returns from the email successfully, their account will be activated."
msgstr "When a user returns from the email successfully, their account will be activated."
#: src/pages/stages/identification/IdentificationStageForm.ts #: src/pages/stages/identification/IdentificationStageForm.ts
msgid "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown." msgid "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown."
msgstr "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown." msgstr "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown."

File diff suppressed because it is too large Load diff

View file

@ -159,6 +159,10 @@ msgstr ""
msgid "Activate" msgid "Activate"
msgstr "" msgstr ""
#: src/pages/stages/email/EmailStageForm.ts
msgid "Activate pending user on success"
msgstr ""
#: src/pages/groups/MemberSelectModal.ts #: src/pages/groups/MemberSelectModal.ts
#: src/pages/users/UserListPage.ts #: src/pages/users/UserListPage.ts
#: src/pages/users/UserListPage.ts #: src/pages/users/UserListPage.ts
@ -294,6 +298,10 @@ msgstr ""
msgid "Application Icon" msgid "Application Icon"
msgstr "" msgstr ""
#: src/elements/charts/UserChart.ts
msgid "Application authorizations"
msgstr ""
#: src/pages/events/utils.ts #: src/pages/events/utils.ts
msgid "Application authorized" msgid "Application authorized"
msgstr "" msgstr ""
@ -435,6 +443,10 @@ msgstr ""
msgid "Authorization flow" msgid "Authorization flow"
msgstr "" msgstr ""
#: src/elements/charts/ApplicationAuthorizeChart.ts
msgid "Authorizations"
msgstr ""
#: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts #: src/pages/providers/oauth2/OAuth2ProviderViewPage.ts
msgid "Authorize URL" msgid "Authorize URL"
msgstr "" msgstr ""
@ -1724,6 +1736,11 @@ msgstr ""
msgid "External host" msgid "External host"
msgstr "" msgstr ""
#: src/elements/charts/AdminLoginsChart.ts
#: src/elements/charts/UserChart.ts
msgid "Failed Logins"
msgstr ""
#: src/pages/stages/password/PasswordStageForm.ts #: src/pages/stages/password/PasswordStageForm.ts
msgid "Failed attempts before cancel" msgid "Failed attempts before cancel"
msgstr "" msgstr ""
@ -1778,8 +1795,12 @@ msgstr ""
msgid "Field which contains a unique Identifier." msgid "Field which contains a unique Identifier."
msgstr "" msgstr ""
#:
#~ msgid "Field which contains members of a group."
#~ msgstr ""
#: src/pages/sources/ldap/LDAPSourceForm.ts #: src/pages/sources/ldap/LDAPSourceForm.ts
msgid "Field which contains members of a group." msgid "Field which contains members of a group. Note that if using the \"memberUid\" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'"
msgstr "" msgstr ""
#: src/pages/stages/prompt/PromptStageForm.ts #: src/pages/stages/prompt/PromptStageForm.ts
@ -3626,6 +3647,10 @@ msgstr ""
msgid "Score" msgid "Score"
msgstr "" msgstr ""
#: src/pages/providers/ldap/LDAPProviderForm.ts
msgid "Search group"
msgstr ""
#: src/elements/table/TableSearch.ts #: src/elements/table/TableSearch.ts
#: src/user/LibraryPage.ts #: src/user/LibraryPage.ts
msgid "Search..." msgid "Search..."
@ -4070,6 +4095,11 @@ msgstr ""
msgid "Successful" msgid "Successful"
msgstr "" msgstr ""
#: src/elements/charts/AdminLoginsChart.ts
#: src/elements/charts/UserChart.ts
msgid "Successful Logins"
msgstr ""
#: src/pages/flows/FlowListPage.ts #: src/pages/flows/FlowListPage.ts
msgid "Successfully cleared flow cache" msgid "Successfully cleared flow cache"
msgstr "" msgstr ""
@ -4397,9 +4427,9 @@ msgstr ""
msgid "Sync groups" msgid "Sync groups"
msgstr "" msgstr ""
#: src/pages/providers/ldap/LDAPProviderForm.ts #:
msgid "Sync parent group" #~ msgid "Sync parent group"
msgstr "" #~ msgstr ""
#: src/pages/sources/ldap/LDAPSourceViewPage.ts #: src/pages/sources/ldap/LDAPSourceViewPage.ts
msgid "Sync status" msgid "Sync status"
@ -5252,6 +5282,10 @@ msgstr ""
msgid "Webhook URL" msgid "Webhook URL"
msgstr "" msgstr ""
#: src/pages/stages/email/EmailStageForm.ts
msgid "When a user returns from the email successfully, their account will be activated."
msgstr ""
#: src/pages/stages/identification/IdentificationStageForm.ts #: src/pages/stages/identification/IdentificationStageForm.ts
msgid "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown." msgid "When a valid username/email has been entered, and this option is enabled, the user's username and avatar will be shown. Otherwise, the text that the user entered will be shown."
msgstr "" msgstr ""

View file

@ -147,6 +147,21 @@ export class EmailStageForm extends ModelForm<EmailStage, string> {
<ak-form-group .expanded=${true}> <ak-form-group .expanded=${true}>
<span slot="header"> ${t`Stage-specific settings`} </span> <span slot="header"> ${t`Stage-specific settings`} </span>
<div slot="body" class="pf-c-form"> <div slot="body" class="pf-c-form">
<ak-form-element-horizontal name="activateUserOnSuccess">
<div class="pf-c-check">
<input
type="checkbox"
class="pf-c-check__input"
?checked=${first(this.instance?.activateUserOnSuccess, true)}
/>
<label class="pf-c-check__label">
${t`Activate pending user on success`}
</label>
</div>
<p class="pf-c-form__helper-text">
${t`When a user returns from the email successfully, their account will be activated.`}
</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal name="useGlobalSettings"> <ak-form-element-horizontal name="useGlobalSettings">
<div class="pf-c-check"> <div class="pf-c-check">
<input <input

View file

@ -100,7 +100,8 @@
"from_address": "system@authentik.local", "from_address": "system@authentik.local",
"token_expiry": 30, "token_expiry": 30,
"subject": "authentik", "subject": "authentik",
"template": "email/account_confirmation.html" "template": "email/account_confirmation.html",
"activate_user_on_success": true
} }
}, },
{ {

View file

@ -93,7 +93,8 @@
"from_address": "system@authentik.local", "from_address": "system@authentik.local",
"token_expiry": 30, "token_expiry": 30,
"subject": "authentik", "subject": "authentik",
"template": "email/password_reset.html" "template": "email/password_reset.html",
"activate_user_on_success": true
} }
}, },
{ {