flows: change default flow stage binding settings (#4784)
* flows: change default flow stage binding settings Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fallback to correct value Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
99ddbf553c
commit
39d0893303
|
@ -1,4 +1,7 @@
|
|||
"""Flow Binding API Views"""
|
||||
from typing import Any
|
||||
|
||||
from rest_framework.exceptions import ValidationError
|
||||
from rest_framework.serializers import ModelSerializer
|
||||
from rest_framework.viewsets import ModelViewSet
|
||||
|
||||
|
@ -12,6 +15,13 @@ class FlowStageBindingSerializer(ModelSerializer):
|
|||
|
||||
stage_obj = StageSerializer(read_only=True, source="stage")
|
||||
|
||||
def validate(self, attrs: dict[str, Any]) -> dict[str, Any]:
|
||||
evaluate_on_plan = attrs.get("evaluate_on_plan", False)
|
||||
re_evaluate_policies = attrs.get("re_evaluate_policies", True)
|
||||
if not evaluate_on_plan and not re_evaluate_policies:
|
||||
raise ValidationError("Either evaluation on plan or evaluation on run must be enabled")
|
||||
return super().validate(attrs)
|
||||
|
||||
class Meta:
|
||||
model = FlowStageBinding
|
||||
fields = [
|
||||
|
|
|
@ -0,0 +1,26 @@
|
|||
# Generated by Django 4.1.7 on 2023-02-25 15:51
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
dependencies = [
|
||||
("authentik_flows", "0024_flow_authentication"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AlterField(
|
||||
model_name="flowstagebinding",
|
||||
name="evaluate_on_plan",
|
||||
field=models.BooleanField(
|
||||
default=False, help_text="Evaluate policies during the Flow planning process."
|
||||
),
|
||||
),
|
||||
migrations.AlterField(
|
||||
model_name="flowstagebinding",
|
||||
name="re_evaluate_policies",
|
||||
field=models.BooleanField(
|
||||
default=True, help_text="Evaluate policies when the Stage is present to the user."
|
||||
),
|
||||
),
|
||||
]
|
|
@ -211,14 +211,11 @@ class FlowStageBinding(SerializerModel, PolicyBindingModel):
|
|||
stage = InheritanceForeignKey(Stage, on_delete=models.CASCADE)
|
||||
|
||||
evaluate_on_plan = models.BooleanField(
|
||||
default=True,
|
||||
help_text=_(
|
||||
"Evaluate policies during the Flow planning process. "
|
||||
"Disable this for input-based policies."
|
||||
),
|
||||
default=False,
|
||||
help_text=_("Evaluate policies during the Flow planning process."),
|
||||
)
|
||||
re_evaluate_policies = models.BooleanField(
|
||||
default=False,
|
||||
default=True,
|
||||
help_text=_("Evaluate policies when the Stage is present to the user."),
|
||||
)
|
||||
|
||||
|
|
|
@ -105,26 +105,18 @@ entries:
|
|||
stage: !KeyOf default-enrollment-prompt-first
|
||||
order: 10
|
||||
model: authentik_flows.flowstagebinding
|
||||
attrs:
|
||||
re_evaluate_policies: false
|
||||
- identifiers:
|
||||
target: !KeyOf flow
|
||||
stage: !KeyOf default-enrollment-prompt-second
|
||||
order: 11
|
||||
model: authentik_flows.flowstagebinding
|
||||
attrs:
|
||||
re_evaluate_policies: false
|
||||
- identifiers:
|
||||
target: !KeyOf flow
|
||||
stage: !KeyOf default-enrollment-user-write
|
||||
order: 20
|
||||
model: authentik_flows.flowstagebinding
|
||||
attrs:
|
||||
re_evaluate_policies: false
|
||||
- identifiers:
|
||||
target: !KeyOf flow
|
||||
stage: !KeyOf default-enrollment-user-login
|
||||
order: 100
|
||||
model: authentik_flows.flowstagebinding
|
||||
attrs:
|
||||
re_evaluate_policies: false
|
||||
|
|
|
@ -123,33 +123,23 @@ entries:
|
|||
stage: !KeyOf default-enrollment-prompt-first
|
||||
order: 10
|
||||
model: authentik_flows.flowstagebinding
|
||||
attrs:
|
||||
re_evaluate_policies: false
|
||||
- identifiers:
|
||||
target: !KeyOf flow
|
||||
stage: !KeyOf default-enrollment-prompt-second
|
||||
order: 11
|
||||
model: authentik_flows.flowstagebinding
|
||||
attrs:
|
||||
re_evaluate_policies: false
|
||||
- identifiers:
|
||||
target: !KeyOf flow
|
||||
stage: !KeyOf default-enrollment-user-write
|
||||
order: 20
|
||||
model: authentik_flows.flowstagebinding
|
||||
attrs:
|
||||
re_evaluate_policies: false
|
||||
- identifiers:
|
||||
target: !KeyOf flow
|
||||
stage: !KeyOf default-enrollment-email-verification
|
||||
order: 30
|
||||
model: authentik_flows.flowstagebinding
|
||||
attrs:
|
||||
re_evaluate_policies: false
|
||||
- identifiers:
|
||||
target: !KeyOf flow
|
||||
stage: !KeyOf default-enrollment-user-login
|
||||
order: 40
|
||||
model: authentik_flows.flowstagebinding
|
||||
attrs:
|
||||
re_evaluate_policies: false
|
||||
|
|
|
@ -23,5 +23,3 @@ entries:
|
|||
stage: !KeyOf default-unenrollment-user-delete
|
||||
order: 10
|
||||
model: authentik_flows.flowstagebinding
|
||||
attrs:
|
||||
re_evaluate_policies: false
|
||||
|
|
|
@ -28021,8 +28021,7 @@ components:
|
|||
readOnly: true
|
||||
evaluate_on_plan:
|
||||
type: boolean
|
||||
description: Evaluate policies during the Flow planning process. Disable
|
||||
this for input-based policies.
|
||||
description: Evaluate policies during the Flow planning process.
|
||||
re_evaluate_policies:
|
||||
type: boolean
|
||||
description: Evaluate policies when the Stage is present to the user.
|
||||
|
@ -28058,8 +28057,7 @@ components:
|
|||
format: uuid
|
||||
evaluate_on_plan:
|
||||
type: boolean
|
||||
description: Evaluate policies during the Flow planning process. Disable
|
||||
this for input-based policies.
|
||||
description: Evaluate policies during the Flow planning process.
|
||||
re_evaluate_policies:
|
||||
type: boolean
|
||||
description: Evaluate policies when the Stage is present to the user.
|
||||
|
@ -33754,8 +33752,7 @@ components:
|
|||
format: uuid
|
||||
evaluate_on_plan:
|
||||
type: boolean
|
||||
description: Evaluate policies during the Flow planning process. Disable
|
||||
this for input-based policies.
|
||||
description: Evaluate policies during the Flow planning process.
|
||||
re_evaluate_policies:
|
||||
type: boolean
|
||||
description: Evaluate policies when the Stage is present to the user.
|
||||
|
|
|
@ -148,17 +148,17 @@ export class StageBindingForm extends ModelForm<FlowStageBinding, string> {
|
|||
<input
|
||||
class="pf-c-switch__input"
|
||||
type="checkbox"
|
||||
?checked=${first(this.instance?.evaluateOnPlan, true)}
|
||||
?checked=${first(this.instance?.evaluateOnPlan, false)}
|
||||
/>
|
||||
<span class="pf-c-switch__toggle">
|
||||
<span class="pf-c-switch__toggle-icon">
|
||||
<i class="fas fa-check" aria-hidden="true"></i>
|
||||
</span>
|
||||
</span>
|
||||
<span class="pf-c-switch__label">${t`Evaluate on plan`}</span>
|
||||
<span class="pf-c-switch__label">${t`Evaluate when flow is planned`}</span>
|
||||
</label>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${t`Evaluate policies during the Flow planning process. Disable this for input-based policies. Should be used in conjunction with 'Re-evaluate policies', as with both options disabled, policies are **not** evaluated.`}
|
||||
${t`Evaluate policies during the Flow planning process.`}
|
||||
</p>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-element-horizontal name="reEvaluatePolicies">
|
||||
|
@ -166,14 +166,14 @@ export class StageBindingForm extends ModelForm<FlowStageBinding, string> {
|
|||
<input
|
||||
class="pf-c-switch__input"
|
||||
type="checkbox"
|
||||
?checked=${first(this.instance?.reEvaluatePolicies, false)}
|
||||
?checked=${first(this.instance?.reEvaluatePolicies, true)}
|
||||
/>
|
||||
<span class="pf-c-switch__toggle">
|
||||
<span class="pf-c-switch__toggle-icon">
|
||||
<i class="fas fa-check" aria-hidden="true"></i>
|
||||
</span>
|
||||
</span>
|
||||
<span class="pf-c-switch__label">${t`Re-evaluate policies`}</span>
|
||||
<span class="pf-c-switch__label">${t`Evaluate when stage is run`}</span>
|
||||
</label>
|
||||
<p class="pf-c-form__helper-text">
|
||||
${t`Evaluate policies before the Stage is present to the user.`}
|
||||
|
|
|
@ -9,7 +9,9 @@ Requires authentik 2022.7
|
|||
:::
|
||||
|
||||
```python
|
||||
plan = request.context["flow_plan"]
|
||||
plan = request.context.get("flow_plan")
|
||||
if not plan:
|
||||
return False
|
||||
plan.redirect("https://foo.bar")
|
||||
return False
|
||||
```
|
||||
|
|
Reference in a new issue