flows: change default flow stage binding settings (#4784)

* flows: change default flow stage binding settings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fallback to correct value

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2023-02-27 15:21:26 +01:00 committed by GitHub
parent 99ddbf553c
commit 39d0893303
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 50 additions and 38 deletions

View file

@ -1,4 +1,7 @@
"""Flow Binding API Views""" """Flow Binding API Views"""
from typing import Any
from rest_framework.exceptions import ValidationError
from rest_framework.serializers import ModelSerializer from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet from rest_framework.viewsets import ModelViewSet
@ -12,6 +15,13 @@ class FlowStageBindingSerializer(ModelSerializer):
stage_obj = StageSerializer(read_only=True, source="stage") stage_obj = StageSerializer(read_only=True, source="stage")
def validate(self, attrs: dict[str, Any]) -> dict[str, Any]:
evaluate_on_plan = attrs.get("evaluate_on_plan", False)
re_evaluate_policies = attrs.get("re_evaluate_policies", True)
if not evaluate_on_plan and not re_evaluate_policies:
raise ValidationError("Either evaluation on plan or evaluation on run must be enabled")
return super().validate(attrs)
class Meta: class Meta:
model = FlowStageBinding model = FlowStageBinding
fields = [ fields = [

View file

@ -0,0 +1,26 @@
# Generated by Django 4.1.7 on 2023-02-25 15:51
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("authentik_flows", "0024_flow_authentication"),
]
operations = [
migrations.AlterField(
model_name="flowstagebinding",
name="evaluate_on_plan",
field=models.BooleanField(
default=False, help_text="Evaluate policies during the Flow planning process."
),
),
migrations.AlterField(
model_name="flowstagebinding",
name="re_evaluate_policies",
field=models.BooleanField(
default=True, help_text="Evaluate policies when the Stage is present to the user."
),
),
]

View file

@ -211,14 +211,11 @@ class FlowStageBinding(SerializerModel, PolicyBindingModel):
stage = InheritanceForeignKey(Stage, on_delete=models.CASCADE) stage = InheritanceForeignKey(Stage, on_delete=models.CASCADE)
evaluate_on_plan = models.BooleanField( evaluate_on_plan = models.BooleanField(
default=True, default=False,
help_text=_( help_text=_("Evaluate policies during the Flow planning process."),
"Evaluate policies during the Flow planning process. "
"Disable this for input-based policies."
),
) )
re_evaluate_policies = models.BooleanField( re_evaluate_policies = models.BooleanField(
default=False, default=True,
help_text=_("Evaluate policies when the Stage is present to the user."), help_text=_("Evaluate policies when the Stage is present to the user."),
) )

View file

@ -105,26 +105,18 @@ entries:
stage: !KeyOf default-enrollment-prompt-first stage: !KeyOf default-enrollment-prompt-first
order: 10 order: 10
model: authentik_flows.flowstagebinding model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers: - identifiers:
target: !KeyOf flow target: !KeyOf flow
stage: !KeyOf default-enrollment-prompt-second stage: !KeyOf default-enrollment-prompt-second
order: 11 order: 11
model: authentik_flows.flowstagebinding model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers: - identifiers:
target: !KeyOf flow target: !KeyOf flow
stage: !KeyOf default-enrollment-user-write stage: !KeyOf default-enrollment-user-write
order: 20 order: 20
model: authentik_flows.flowstagebinding model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers: - identifiers:
target: !KeyOf flow target: !KeyOf flow
stage: !KeyOf default-enrollment-user-login stage: !KeyOf default-enrollment-user-login
order: 100 order: 100
model: authentik_flows.flowstagebinding model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false

View file

@ -123,33 +123,23 @@ entries:
stage: !KeyOf default-enrollment-prompt-first stage: !KeyOf default-enrollment-prompt-first
order: 10 order: 10
model: authentik_flows.flowstagebinding model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers: - identifiers:
target: !KeyOf flow target: !KeyOf flow
stage: !KeyOf default-enrollment-prompt-second stage: !KeyOf default-enrollment-prompt-second
order: 11 order: 11
model: authentik_flows.flowstagebinding model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers: - identifiers:
target: !KeyOf flow target: !KeyOf flow
stage: !KeyOf default-enrollment-user-write stage: !KeyOf default-enrollment-user-write
order: 20 order: 20
model: authentik_flows.flowstagebinding model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers: - identifiers:
target: !KeyOf flow target: !KeyOf flow
stage: !KeyOf default-enrollment-email-verification stage: !KeyOf default-enrollment-email-verification
order: 30 order: 30
model: authentik_flows.flowstagebinding model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers: - identifiers:
target: !KeyOf flow target: !KeyOf flow
stage: !KeyOf default-enrollment-user-login stage: !KeyOf default-enrollment-user-login
order: 40 order: 40
model: authentik_flows.flowstagebinding model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false

View file

@ -23,5 +23,3 @@ entries:
stage: !KeyOf default-unenrollment-user-delete stage: !KeyOf default-unenrollment-user-delete
order: 10 order: 10
model: authentik_flows.flowstagebinding model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false

View file

@ -28021,8 +28021,7 @@ components:
readOnly: true readOnly: true
evaluate_on_plan: evaluate_on_plan:
type: boolean type: boolean
description: Evaluate policies during the Flow planning process. Disable description: Evaluate policies during the Flow planning process.
this for input-based policies.
re_evaluate_policies: re_evaluate_policies:
type: boolean type: boolean
description: Evaluate policies when the Stage is present to the user. description: Evaluate policies when the Stage is present to the user.
@ -28058,8 +28057,7 @@ components:
format: uuid format: uuid
evaluate_on_plan: evaluate_on_plan:
type: boolean type: boolean
description: Evaluate policies during the Flow planning process. Disable description: Evaluate policies during the Flow planning process.
this for input-based policies.
re_evaluate_policies: re_evaluate_policies:
type: boolean type: boolean
description: Evaluate policies when the Stage is present to the user. description: Evaluate policies when the Stage is present to the user.
@ -33754,8 +33752,7 @@ components:
format: uuid format: uuid
evaluate_on_plan: evaluate_on_plan:
type: boolean type: boolean
description: Evaluate policies during the Flow planning process. Disable description: Evaluate policies during the Flow planning process.
this for input-based policies.
re_evaluate_policies: re_evaluate_policies:
type: boolean type: boolean
description: Evaluate policies when the Stage is present to the user. description: Evaluate policies when the Stage is present to the user.

View file

@ -148,17 +148,17 @@ export class StageBindingForm extends ModelForm<FlowStageBinding, string> {
<input <input
class="pf-c-switch__input" class="pf-c-switch__input"
type="checkbox" type="checkbox"
?checked=${first(this.instance?.evaluateOnPlan, true)} ?checked=${first(this.instance?.evaluateOnPlan, false)}
/> />
<span class="pf-c-switch__toggle"> <span class="pf-c-switch__toggle">
<span class="pf-c-switch__toggle-icon"> <span class="pf-c-switch__toggle-icon">
<i class="fas fa-check" aria-hidden="true"></i> <i class="fas fa-check" aria-hidden="true"></i>
</span> </span>
</span> </span>
<span class="pf-c-switch__label">${t`Evaluate on plan`}</span> <span class="pf-c-switch__label">${t`Evaluate when flow is planned`}</span>
</label> </label>
<p class="pf-c-form__helper-text"> <p class="pf-c-form__helper-text">
${t`Evaluate policies during the Flow planning process. Disable this for input-based policies. Should be used in conjunction with 'Re-evaluate policies', as with both options disabled, policies are **not** evaluated.`} ${t`Evaluate policies during the Flow planning process.`}
</p> </p>
</ak-form-element-horizontal> </ak-form-element-horizontal>
<ak-form-element-horizontal name="reEvaluatePolicies"> <ak-form-element-horizontal name="reEvaluatePolicies">
@ -166,14 +166,14 @@ export class StageBindingForm extends ModelForm<FlowStageBinding, string> {
<input <input
class="pf-c-switch__input" class="pf-c-switch__input"
type="checkbox" type="checkbox"
?checked=${first(this.instance?.reEvaluatePolicies, false)} ?checked=${first(this.instance?.reEvaluatePolicies, true)}
/> />
<span class="pf-c-switch__toggle"> <span class="pf-c-switch__toggle">
<span class="pf-c-switch__toggle-icon"> <span class="pf-c-switch__toggle-icon">
<i class="fas fa-check" aria-hidden="true"></i> <i class="fas fa-check" aria-hidden="true"></i>
</span> </span>
</span> </span>
<span class="pf-c-switch__label">${t`Re-evaluate policies`}</span> <span class="pf-c-switch__label">${t`Evaluate when stage is run`}</span>
</label> </label>
<p class="pf-c-form__helper-text"> <p class="pf-c-form__helper-text">
${t`Evaluate policies before the Stage is present to the user.`} ${t`Evaluate policies before the Stage is present to the user.`}

View file

@ -9,7 +9,9 @@ Requires authentik 2022.7
::: :::
```python ```python
plan = request.context["flow_plan"] plan = request.context.get("flow_plan")
if not plan:
return False
plan.redirect("https://foo.bar") plan.redirect("https://foo.bar")
return False return False
``` ```