website/docs: add docs for auth_method and auth_method_args fields

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-08-23 17:23:55 +02:00
parent 244dc671db
commit 07a4f474f4
5 changed files with 41 additions and 13 deletions

View file

@ -47,11 +47,11 @@ def on_user_logged_in(sender, request: HttpRequest, user: User, **_):
flow_plan: FlowPlan = request.session[SESSION_KEY_PLAN]
if PLAN_CONTEXT_SOURCE in flow_plan.context:
# Login request came from an external source, save it in the context
thread.kwargs["using_source"] = flow_plan.context[PLAN_CONTEXT_SOURCE]
thread.kwargs[PLAN_CONTEXT_SOURCE] = flow_plan.context[PLAN_CONTEXT_SOURCE]
if PLAN_CONTEXT_METHOD in flow_plan.context:
thread.kwargs["method"] = flow_plan.context[PLAN_CONTEXT_METHOD]
thread.kwargs[PLAN_CONTEXT_METHOD] = flow_plan.context[PLAN_CONTEXT_METHOD]
# Save the login method used
thread.kwargs["method_args"] = flow_plan.context.get(PLAN_CONTEXT_METHOD_ARGS, {})
thread.kwargs[PLAN_CONTEXT_METHOD_ARGS] = flow_plan.context.get(PLAN_CONTEXT_METHOD_ARGS, {})
thread.user = user
thread.run()

View file

@ -27,8 +27,8 @@ from authentik.stages.password.models import PasswordStage
LOGGER = get_logger()
PLAN_CONTEXT_AUTHENTICATION_BACKEND = "user_backend"
PLAN_CONTEXT_METHOD = "method"
PLAN_CONTEXT_METHOD_ARGS = "method_args"
PLAN_CONTEXT_METHOD = "auth_method"
PLAN_CONTEXT_METHOD_ARGS = "auth_method_args"
SESSION_INVALID_TRIES = "user_invalid_tries"

View file

@ -20382,8 +20382,8 @@ components:
- url
BackendsEnum:
enum:
- django.contrib.auth.backends.ModelBackend
- authentik.core.token_auth.TokenBackend
- authentik.core.auth.InbuiltBackend
- authentik.core.auth.TokenBackend
- authentik.sources.ldap.auth.LDAPBackend
type: string
BindingTypeEnum:

View file

@ -76,25 +76,25 @@ export class PasswordStageForm extends ModelForm<PasswordStage, string> {
>
<select name="users" class="pf-c-form-control" multiple>
<option
value=${BackendsEnum.DjangoContribAuthBackendsModelBackend}
value=${BackendsEnum.CoreAuthInbuiltBackend}
?selected=${this.isBackendSelected(
BackendsEnum.DjangoContribAuthBackendsModelBackend,
BackendsEnum.CoreAuthInbuiltBackend,
)}
>
${t`User database + standard password`}
</option>
<option
value=${BackendsEnum.AuthentikCoreTokenAuthTokenBackend}
value=${BackendsEnum.CoreAuthTokenBackend}
?selected=${this.isBackendSelected(
BackendsEnum.AuthentikCoreTokenAuthTokenBackend,
BackendsEnum.CoreAuthTokenBackend,
)}
>
${t`User database + app passwords`}
</option>
<option
value=${BackendsEnum.AuthentikSourcesLdapAuthLdapBackend}
value=${BackendsEnum.SourcesLdapAuthLdapBackend}
?selected=${this.isBackendSelected(
BackendsEnum.AuthentikSourcesLdapAuthLdapBackend,
BackendsEnum.SourcesLdapAuthLdapBackend,
)}
>
${t`User database + LDAP password`}

View file

@ -59,3 +59,31 @@ This includes the following:
- `prompt_data`: Data which has been saved from a prompt stage or an external source.
- `application`: The application the user is in the process of authorizing.
- `pending_user`: The currently pending user, see [User](/docs/expressions/reference/user-object)
- `auth_method`: Authentication method set (this value is set by password stages)
Depending on method, `auth_method_args` is also set.
Can be any of:
- `password`: Standard password login
- `app_password`: App passowrd (token)
Sets `auth_method_args` to
```json
{
"token": {
"pk": "f6d639aac81940f38dcfdc6e0fe2a786",
"app": "authentik_core",
"name": "test (expires=2021-08-23 15:45:54.725880+00:00)",
"model_name": "token"
}
}
```
- `ldap`: LDAP bind authentication
Sets `auth_method_args` to
```json
{
"source": {} // Information about the source used
}
```