flows: change default flow stage binding settings (#4784)
* flows: change default flow stage binding settings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fallback to correct value Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
99ddbf553c
commit
39d0893303
|
@ -1,4 +1,7 @@
|
||||||
"""Flow Binding API Views"""
|
"""Flow Binding API Views"""
|
||||||
|
from typing import Any
|
||||||
|
|
||||||
|
from rest_framework.exceptions import ValidationError
|
||||||
from rest_framework.serializers import ModelSerializer
|
from rest_framework.serializers import ModelSerializer
|
||||||
from rest_framework.viewsets import ModelViewSet
|
from rest_framework.viewsets import ModelViewSet
|
||||||
|
|
||||||
|
@ -12,6 +15,13 @@ class FlowStageBindingSerializer(ModelSerializer):
|
||||||
|
|
||||||
stage_obj = StageSerializer(read_only=True, source="stage")
|
stage_obj = StageSerializer(read_only=True, source="stage")
|
||||||
|
|
||||||
|
def validate(self, attrs: dict[str, Any]) -> dict[str, Any]:
|
||||||
|
evaluate_on_plan = attrs.get("evaluate_on_plan", False)
|
||||||
|
re_evaluate_policies = attrs.get("re_evaluate_policies", True)
|
||||||
|
if not evaluate_on_plan and not re_evaluate_policies:
|
||||||
|
raise ValidationError("Either evaluation on plan or evaluation on run must be enabled")
|
||||||
|
return super().validate(attrs)
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
model = FlowStageBinding
|
model = FlowStageBinding
|
||||||
fields = [
|
fields = [
|
||||||
|
|
|
@ -0,0 +1,26 @@
|
||||||
|
# Generated by Django 4.1.7 on 2023-02-25 15:51
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
dependencies = [
|
||||||
|
("authentik_flows", "0024_flow_authentication"),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name="flowstagebinding",
|
||||||
|
name="evaluate_on_plan",
|
||||||
|
field=models.BooleanField(
|
||||||
|
default=False, help_text="Evaluate policies during the Flow planning process."
|
||||||
|
),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name="flowstagebinding",
|
||||||
|
name="re_evaluate_policies",
|
||||||
|
field=models.BooleanField(
|
||||||
|
default=True, help_text="Evaluate policies when the Stage is present to the user."
|
||||||
|
),
|
||||||
|
),
|
||||||
|
]
|
|
@ -211,14 +211,11 @@ class FlowStageBinding(SerializerModel, PolicyBindingModel):
|
||||||
stage = InheritanceForeignKey(Stage, on_delete=models.CASCADE)
|
stage = InheritanceForeignKey(Stage, on_delete=models.CASCADE)
|
||||||
|
|
||||||
evaluate_on_plan = models.BooleanField(
|
evaluate_on_plan = models.BooleanField(
|
||||||
default=True,
|
default=False,
|
||||||
help_text=_(
|
help_text=_("Evaluate policies during the Flow planning process."),
|
||||||
"Evaluate policies during the Flow planning process. "
|
|
||||||
"Disable this for input-based policies."
|
|
||||||
),
|
|
||||||
)
|
)
|
||||||
re_evaluate_policies = models.BooleanField(
|
re_evaluate_policies = models.BooleanField(
|
||||||
default=False,
|
default=True,
|
||||||
help_text=_("Evaluate policies when the Stage is present to the user."),
|
help_text=_("Evaluate policies when the Stage is present to the user."),
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -105,26 +105,18 @@ entries:
|
||||||
stage: !KeyOf default-enrollment-prompt-first
|
stage: !KeyOf default-enrollment-prompt-first
|
||||||
order: 10
|
order: 10
|
||||||
model: authentik_flows.flowstagebinding
|
model: authentik_flows.flowstagebinding
|
||||||
attrs:
|
|
||||||
re_evaluate_policies: false
|
|
||||||
- identifiers:
|
- identifiers:
|
||||||
target: !KeyOf flow
|
target: !KeyOf flow
|
||||||
stage: !KeyOf default-enrollment-prompt-second
|
stage: !KeyOf default-enrollment-prompt-second
|
||||||
order: 11
|
order: 11
|
||||||
model: authentik_flows.flowstagebinding
|
model: authentik_flows.flowstagebinding
|
||||||
attrs:
|
|
||||||
re_evaluate_policies: false
|
|
||||||
- identifiers:
|
- identifiers:
|
||||||
target: !KeyOf flow
|
target: !KeyOf flow
|
||||||
stage: !KeyOf default-enrollment-user-write
|
stage: !KeyOf default-enrollment-user-write
|
||||||
order: 20
|
order: 20
|
||||||
model: authentik_flows.flowstagebinding
|
model: authentik_flows.flowstagebinding
|
||||||
attrs:
|
|
||||||
re_evaluate_policies: false
|
|
||||||
- identifiers:
|
- identifiers:
|
||||||
target: !KeyOf flow
|
target: !KeyOf flow
|
||||||
stage: !KeyOf default-enrollment-user-login
|
stage: !KeyOf default-enrollment-user-login
|
||||||
order: 100
|
order: 100
|
||||||
model: authentik_flows.flowstagebinding
|
model: authentik_flows.flowstagebinding
|
||||||
attrs:
|
|
||||||
re_evaluate_policies: false
|
|
||||||
|
|
|
@ -123,33 +123,23 @@ entries:
|
||||||
stage: !KeyOf default-enrollment-prompt-first
|
stage: !KeyOf default-enrollment-prompt-first
|
||||||
order: 10
|
order: 10
|
||||||
model: authentik_flows.flowstagebinding
|
model: authentik_flows.flowstagebinding
|
||||||
attrs:
|
|
||||||
re_evaluate_policies: false
|
|
||||||
- identifiers:
|
- identifiers:
|
||||||
target: !KeyOf flow
|
target: !KeyOf flow
|
||||||
stage: !KeyOf default-enrollment-prompt-second
|
stage: !KeyOf default-enrollment-prompt-second
|
||||||
order: 11
|
order: 11
|
||||||
model: authentik_flows.flowstagebinding
|
model: authentik_flows.flowstagebinding
|
||||||
attrs:
|
|
||||||
re_evaluate_policies: false
|
|
||||||
- identifiers:
|
- identifiers:
|
||||||
target: !KeyOf flow
|
target: !KeyOf flow
|
||||||
stage: !KeyOf default-enrollment-user-write
|
stage: !KeyOf default-enrollment-user-write
|
||||||
order: 20
|
order: 20
|
||||||
model: authentik_flows.flowstagebinding
|
model: authentik_flows.flowstagebinding
|
||||||
attrs:
|
|
||||||
re_evaluate_policies: false
|
|
||||||
- identifiers:
|
- identifiers:
|
||||||
target: !KeyOf flow
|
target: !KeyOf flow
|
||||||
stage: !KeyOf default-enrollment-email-verification
|
stage: !KeyOf default-enrollment-email-verification
|
||||||
order: 30
|
order: 30
|
||||||
model: authentik_flows.flowstagebinding
|
model: authentik_flows.flowstagebinding
|
||||||
attrs:
|
|
||||||
re_evaluate_policies: false
|
|
||||||
- identifiers:
|
- identifiers:
|
||||||
target: !KeyOf flow
|
target: !KeyOf flow
|
||||||
stage: !KeyOf default-enrollment-user-login
|
stage: !KeyOf default-enrollment-user-login
|
||||||
order: 40
|
order: 40
|
||||||
model: authentik_flows.flowstagebinding
|
model: authentik_flows.flowstagebinding
|
||||||
attrs:
|
|
||||||
re_evaluate_policies: false
|
|
||||||
|
|
|
@ -23,5 +23,3 @@ entries:
|
||||||
stage: !KeyOf default-unenrollment-user-delete
|
stage: !KeyOf default-unenrollment-user-delete
|
||||||
order: 10
|
order: 10
|
||||||
model: authentik_flows.flowstagebinding
|
model: authentik_flows.flowstagebinding
|
||||||
attrs:
|
|
||||||
re_evaluate_policies: false
|
|
||||||
|
|
|
@ -28021,8 +28021,7 @@ components:
|
||||||
readOnly: true
|
readOnly: true
|
||||||
evaluate_on_plan:
|
evaluate_on_plan:
|
||||||
type: boolean
|
type: boolean
|
||||||
description: Evaluate policies during the Flow planning process. Disable
|
description: Evaluate policies during the Flow planning process.
|
||||||
this for input-based policies.
|
|
||||||
re_evaluate_policies:
|
re_evaluate_policies:
|
||||||
type: boolean
|
type: boolean
|
||||||
description: Evaluate policies when the Stage is present to the user.
|
description: Evaluate policies when the Stage is present to the user.
|
||||||
|
@ -28058,8 +28057,7 @@ components:
|
||||||
format: uuid
|
format: uuid
|
||||||
evaluate_on_plan:
|
evaluate_on_plan:
|
||||||
type: boolean
|
type: boolean
|
||||||
description: Evaluate policies during the Flow planning process. Disable
|
description: Evaluate policies during the Flow planning process.
|
||||||
this for input-based policies.
|
|
||||||
re_evaluate_policies:
|
re_evaluate_policies:
|
||||||
type: boolean
|
type: boolean
|
||||||
description: Evaluate policies when the Stage is present to the user.
|
description: Evaluate policies when the Stage is present to the user.
|
||||||
|
@ -33754,8 +33752,7 @@ components:
|
||||||
format: uuid
|
format: uuid
|
||||||
evaluate_on_plan:
|
evaluate_on_plan:
|
||||||
type: boolean
|
type: boolean
|
||||||
description: Evaluate policies during the Flow planning process. Disable
|
description: Evaluate policies during the Flow planning process.
|
||||||
this for input-based policies.
|
|
||||||
re_evaluate_policies:
|
re_evaluate_policies:
|
||||||
type: boolean
|
type: boolean
|
||||||
description: Evaluate policies when the Stage is present to the user.
|
description: Evaluate policies when the Stage is present to the user.
|
||||||
|
|
|
@ -148,17 +148,17 @@ export class StageBindingForm extends ModelForm<FlowStageBinding, string> {
|
||||||
<input
|
<input
|
||||||
class="pf-c-switch__input"
|
class="pf-c-switch__input"
|
||||||
type="checkbox"
|
type="checkbox"
|
||||||
?checked=${first(this.instance?.evaluateOnPlan, true)}
|
?checked=${first(this.instance?.evaluateOnPlan, false)}
|
||||||
/>
|
/>
|
||||||
<span class="pf-c-switch__toggle">
|
<span class="pf-c-switch__toggle">
|
||||||
<span class="pf-c-switch__toggle-icon">
|
<span class="pf-c-switch__toggle-icon">
|
||||||
<i class="fas fa-check" aria-hidden="true"></i>
|
<i class="fas fa-check" aria-hidden="true"></i>
|
||||||
</span>
|
</span>
|
||||||
</span>
|
</span>
|
||||||
<span class="pf-c-switch__label">${t`Evaluate on plan`}</span>
|
<span class="pf-c-switch__label">${t`Evaluate when flow is planned`}</span>
|
||||||
</label>
|
</label>
|
||||||
<p class="pf-c-form__helper-text">
|
<p class="pf-c-form__helper-text">
|
||||||
${t`Evaluate policies during the Flow planning process. Disable this for input-based policies. Should be used in conjunction with 'Re-evaluate policies', as with both options disabled, policies are **not** evaluated.`}
|
${t`Evaluate policies during the Flow planning process.`}
|
||||||
</p>
|
</p>
|
||||||
</ak-form-element-horizontal>
|
</ak-form-element-horizontal>
|
||||||
<ak-form-element-horizontal name="reEvaluatePolicies">
|
<ak-form-element-horizontal name="reEvaluatePolicies">
|
||||||
|
@ -166,14 +166,14 @@ export class StageBindingForm extends ModelForm<FlowStageBinding, string> {
|
||||||
<input
|
<input
|
||||||
class="pf-c-switch__input"
|
class="pf-c-switch__input"
|
||||||
type="checkbox"
|
type="checkbox"
|
||||||
?checked=${first(this.instance?.reEvaluatePolicies, false)}
|
?checked=${first(this.instance?.reEvaluatePolicies, true)}
|
||||||
/>
|
/>
|
||||||
<span class="pf-c-switch__toggle">
|
<span class="pf-c-switch__toggle">
|
||||||
<span class="pf-c-switch__toggle-icon">
|
<span class="pf-c-switch__toggle-icon">
|
||||||
<i class="fas fa-check" aria-hidden="true"></i>
|
<i class="fas fa-check" aria-hidden="true"></i>
|
||||||
</span>
|
</span>
|
||||||
</span>
|
</span>
|
||||||
<span class="pf-c-switch__label">${t`Re-evaluate policies`}</span>
|
<span class="pf-c-switch__label">${t`Evaluate when stage is run`}</span>
|
||||||
</label>
|
</label>
|
||||||
<p class="pf-c-form__helper-text">
|
<p class="pf-c-form__helper-text">
|
||||||
${t`Evaluate policies before the Stage is present to the user.`}
|
${t`Evaluate policies before the Stage is present to the user.`}
|
||||||
|
|
|
@ -9,7 +9,9 @@ Requires authentik 2022.7
|
||||||
:::
|
:::
|
||||||
|
|
||||||
```python
|
```python
|
||||||
plan = request.context["flow_plan"]
|
plan = request.context.get("flow_plan")
|
||||||
|
if not plan:
|
||||||
|
return False
|
||||||
plan.redirect("https://foo.bar")
|
plan.redirect("https://foo.bar")
|
||||||
return False
|
return False
|
||||||
```
|
```
|
||||||
|
|
Reference in a new issue