core: only show `Reset password` link when recovery flow is configured

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-07-04 12:44:57 +02:00 · 2021-07-04 12:44:57 +02:00 · 320dab3425
parent ca44f8bd60
commit 320dab3425
3 changed files with 37 additions and 27 deletions
--- a/authentik/core/api/users.py
+++ b/authentik/core/api/users.py
@ -2,12 +2,11 @@
 from json import loads

 from django.db.models.query import QuerySet
-from django.http.response import Http404
 from django.urls import reverse_lazy
 from django.utils.http import urlencode
 from django_filters.filters import BooleanFilter, CharFilter
 from django_filters.filterset import FilterSet
-from drf_spectacular.utils import OpenApiResponse, extend_schema, extend_schema_field
+from drf_spectacular.utils import extend_schema, extend_schema_field
 from guardian.utils import get_anonymous_user
 from rest_framework.decorators import action
 from rest_framework.fields import CharField, JSONField, SerializerMethodField
@ -173,7 +172,7 @@ class UserViewSet(UsedByMixin, ModelViewSet):
    @extend_schema(
        responses={
            "200": LinkSerializer(many=False),
-            "404": OpenApiResponse(description="No recovery flow found."),
+            "404": LinkSerializer(many=False),
        },
    )
    @action(detail=True, pagination_class=None, filter_backends=[])
@ -184,7 +183,7 @@ class UserViewSet(UsedByMixin, ModelViewSet):
        # Check that there is a recovery flow, if not return an error
        flow = tenant.flow_recovery
        if not flow:
-            raise Http404
+            return Response({"link": ""}, status=404)
        user: User = self.get_object()
        token, __ = Token.objects.get_or_create(
            identifier=f"{user.uid}-password-reset",
--- a/schema.yml
+++ b/schema.yml
@ -3096,7 +3096,11 @@ paths:
                $ref: '#/components/schemas/Link'
          description: ''
        '404':
-          description: No recovery flow found.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Link'
+          description: ''
        '400':
          $ref: '#/components/schemas/ValidationError'
        '403':
--- a/web/src/pages/users/UserListPage.ts
+++ b/web/src/pages/users/UserListPage.ts
@ -9,13 +9,14 @@ import "../../elements/buttons/ActionButton";
 import { TableColumn } from "../../elements/table/Table";
 import { PAGE_SIZE } from "../../constants";
 import { CoreApi, User } from "authentik-api";
-import { DEFAULT_CONFIG } from "../../api/Config";
+import { DEFAULT_CONFIG, tenant } from "../../api/Config";
 import "../../elements/forms/DeleteForm";
 import "./UserActiveForm";
 import "./UserForm";
 import { showMessage } from "../../elements/messages/MessageContainer";
 import { MessageLevel } from "../../elements/messages/Message";
 import { first } from "../../utils";
+import { until } from "lit-html/directives/until";

@customElement("ak-user-list")
 export class UserListPage extends TablePage<User> {
@ -128,27 +129,33 @@ export class UserListPage extends TablePage<User> {
                    </li>
                </ul>
            </ak-dropdown>
-            <ak-action-button
-                .apiRequest=${() => {
-                    return new CoreApi(DEFAULT_CONFIG).coreUsersRecoveryRetrieve({
-                        id: item.pk || 0,
-                    }).then(rec => {
-                        showMessage({
-                            level: MessageLevel.success,
-                            message: t`Successfully generated recovery link`,
-                            description: rec.link
-                        });
-                    }).catch((ex: Response) => {
-                        ex.json().then(() => {
-                            showMessage({
-                                level: MessageLevel.error,
-                                message: t`No recovery flow is configured.`,
-                            });
-                        });
-                    });
-                }}>
-                ${t`Reset Password`}
-            </ak-action-button>
+            ${until(tenant().then(te => {
+                if (te.flowRecovery) {
+                    return html`
+                        <ak-action-button
+                            .apiRequest=${() => {
+                                return new CoreApi(DEFAULT_CONFIG).coreUsersRecoveryRetrieve({
+                                    id: item.pk || 0,
+                                }).then(rec => {
+                                    showMessage({
+                                        level: MessageLevel.success,
+                                        message: t`Successfully generated recovery link`,
+                                        description: rec.link
+                                    });
+                                }).catch((ex: Response) => {
+                                    ex.json().then(() => {
+                                        showMessage({
+                                            level: MessageLevel.error,
+                                            message: t`No recovery flow is configured.`,
+                                        });
+                                    });
+                                });
+                            }}>
+                            ${t`Reset Password`}
+                        </ak-action-button>`;
+                }
+                return html``;
+            }))}
            <a class="pf-c-button pf-m-tertiary" href="${`/-/impersonation/${item.pk}/`}">
                ${t`Impersonate`}
            </a>`,