stages/identification: add option to pretend user exists (#7610)
* stages/identification: add option to pretend user exists Signed-off-by: Jens Langhammer <jens@goauthentik.io> * fix tests? Signed-off-by: Jens Langhammer <jens@goauthentik.io> * update docs Signed-off-by: Jens Langhammer <jens@goauthentik.io> * test CI permission fix Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
98a07cd0ef
commit
44fc9ee80c
|
@ -6,6 +6,10 @@ on:
|
||||||
types:
|
types:
|
||||||
- closed
|
- closed
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
# Permission to delete cache
|
||||||
|
actions: write
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
cleanup:
|
cleanup:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
|
@ -10,6 +10,10 @@ on:
|
||||||
- "!locale/en/**"
|
- "!locale/en/**"
|
||||||
- "web/xliff/**"
|
- "web/xliff/**"
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
# Permission to write comment
|
||||||
|
pull-requests: write
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
post-comment:
|
post-comment:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
|
@ -6,6 +6,10 @@ on:
|
||||||
pull_request:
|
pull_request:
|
||||||
types: [opened, reopened]
|
types: [opened, reopened]
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
# Permission to rename PR
|
||||||
|
pull-requests: write
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
rename_pr:
|
rename_pr:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
|
@ -472,6 +472,7 @@ class TestFlowExecutor(FlowTestCase):
|
||||||
ident_stage = IdentificationStage.objects.create(
|
ident_stage = IdentificationStage.objects.create(
|
||||||
name="ident",
|
name="ident",
|
||||||
user_fields=[UserFields.E_MAIL],
|
user_fields=[UserFields.E_MAIL],
|
||||||
|
pretend_user_exists=False,
|
||||||
)
|
)
|
||||||
FlowStageBinding.objects.create(
|
FlowStageBinding.objects.create(
|
||||||
target=flow,
|
target=flow,
|
||||||
|
|
|
@ -154,7 +154,15 @@ def generate_avatar_from_name(
|
||||||
|
|
||||||
def avatar_mode_generated(user: "User", mode: str) -> Optional[str]:
|
def avatar_mode_generated(user: "User", mode: str) -> Optional[str]:
|
||||||
"""Wrapper that converts generated avatar to base64 svg"""
|
"""Wrapper that converts generated avatar to base64 svg"""
|
||||||
svg = generate_avatar_from_name(user.name if user.name.strip() != "" else "a k")
|
# By default generate based off of user's display name
|
||||||
|
name = user.name.strip()
|
||||||
|
if name == "":
|
||||||
|
# Fallback to username
|
||||||
|
name = user.username.strip()
|
||||||
|
# If we still don't have anything, fallback to `a k`
|
||||||
|
if name == "":
|
||||||
|
name = "a k"
|
||||||
|
svg = generate_avatar_from_name(name)
|
||||||
return f"data:image/svg+xml;base64,{b64encode(svg.encode('utf-8')).decode('utf-8')}"
|
return f"data:image/svg+xml;base64,{b64encode(svg.encode('utf-8')).decode('utf-8')}"
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -29,4 +29,14 @@ class Migration(migrations.Migration):
|
||||||
name="totpdevice",
|
name="totpdevice",
|
||||||
options={"verbose_name": "TOTP Device", "verbose_name_plural": "TOTP Devices"},
|
options={"verbose_name": "TOTP Device", "verbose_name_plural": "TOTP Devices"},
|
||||||
),
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name="authenticatortotpstage",
|
||||||
|
name="digits",
|
||||||
|
field=models.IntegerField(
|
||||||
|
choices=[
|
||||||
|
("6", "6 digits, widely compatible"),
|
||||||
|
("8", "8 digits, not compatible with apps like Google Authenticator"),
|
||||||
|
]
|
||||||
|
),
|
||||||
|
),
|
||||||
]
|
]
|
||||||
|
|
|
@ -33,6 +33,7 @@ class IdentificationStageSerializer(StageSerializer):
|
||||||
"passwordless_flow",
|
"passwordless_flow",
|
||||||
"sources",
|
"sources",
|
||||||
"show_source_labels",
|
"show_source_labels",
|
||||||
|
"pretend_user_exists",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
# Generated by Django 4.2.7 on 2023-11-17 16:32
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
dependencies = [
|
||||||
|
(
|
||||||
|
"authentik_stages_identification",
|
||||||
|
"0002_auto_20200530_2204_squashed_0013_identificationstage_passwordless_flow",
|
||||||
|
),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AddField(
|
||||||
|
model_name="identificationstage",
|
||||||
|
name="pretend_user_exists",
|
||||||
|
field=models.BooleanField(
|
||||||
|
default=True,
|
||||||
|
help_text="When enabled, the stage will succeed and continue even when incorrect user info is entered.",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
]
|
|
@ -54,6 +54,13 @@ class IdentificationStage(Stage):
|
||||||
"entered will be shown"
|
"entered will be shown"
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
|
pretend_user_exists = models.BooleanField(
|
||||||
|
default=True,
|
||||||
|
help_text=_(
|
||||||
|
"When enabled, the stage will succeed and continue even when incorrect user info "
|
||||||
|
"is entered."
|
||||||
|
),
|
||||||
|
)
|
||||||
|
|
||||||
enrollment_flow = models.ForeignKey(
|
enrollment_flow = models.ForeignKey(
|
||||||
Flow,
|
Flow,
|
||||||
|
|
|
@ -121,8 +121,8 @@ class IdentificationChallengeResponse(ChallengeResponse):
|
||||||
self.pre_user = self.stage.executor.plan.context[PLAN_CONTEXT_PENDING_USER]
|
self.pre_user = self.stage.executor.plan.context[PLAN_CONTEXT_PENDING_USER]
|
||||||
if not current_stage.show_matched_user:
|
if not current_stage.show_matched_user:
|
||||||
self.stage.executor.plan.context[PLAN_CONTEXT_PENDING_USER_IDENTIFIER] = uid_field
|
self.stage.executor.plan.context[PLAN_CONTEXT_PENDING_USER_IDENTIFIER] = uid_field
|
||||||
if self.stage.executor.flow.designation == FlowDesignation.RECOVERY:
|
# when `pretend` is enabled, continue regardless
|
||||||
# When used in a recovery flow, always continue to not disclose if a user exists
|
if current_stage.pretend_user_exists:
|
||||||
return attrs
|
return attrs
|
||||||
raise ValidationError("Failed to authenticate.")
|
raise ValidationError("Failed to authenticate.")
|
||||||
self.pre_user = pre_user
|
self.pre_user = pre_user
|
||||||
|
|
|
@ -28,6 +28,7 @@ class TestIdentificationStage(FlowTestCase):
|
||||||
self.stage = IdentificationStage.objects.create(
|
self.stage = IdentificationStage.objects.create(
|
||||||
name="identification",
|
name="identification",
|
||||||
user_fields=[UserFields.E_MAIL],
|
user_fields=[UserFields.E_MAIL],
|
||||||
|
pretend_user_exists=False,
|
||||||
)
|
)
|
||||||
self.stage.sources.set([source])
|
self.stage.sources.set([source])
|
||||||
self.stage.save()
|
self.stage.save()
|
||||||
|
@ -106,6 +107,26 @@ class TestIdentificationStage(FlowTestCase):
|
||||||
form_data,
|
form_data,
|
||||||
)
|
)
|
||||||
self.assertEqual(response.status_code, 200)
|
self.assertEqual(response.status_code, 200)
|
||||||
|
self.assertStageResponse(
|
||||||
|
response,
|
||||||
|
self.flow,
|
||||||
|
component="ak-stage-identification",
|
||||||
|
response_errors={
|
||||||
|
"non_field_errors": [{"string": "Failed to authenticate.", "code": "invalid"}]
|
||||||
|
},
|
||||||
|
)
|
||||||
|
|
||||||
|
def test_invalid_with_username_pretend(self):
|
||||||
|
"""Test invalid with username (user exists but stage only allows email)"""
|
||||||
|
self.stage.pretend_user_exists = True
|
||||||
|
self.stage.save()
|
||||||
|
form_data = {"uid_field": self.user.username}
|
||||||
|
response = self.client.post(
|
||||||
|
reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug}),
|
||||||
|
form_data,
|
||||||
|
)
|
||||||
|
self.assertEqual(response.status_code, 200)
|
||||||
|
self.assertStageRedirects(response, reverse("authentik_core:root-redirect"))
|
||||||
|
|
||||||
def test_invalid_no_fields(self):
|
def test_invalid_no_fields(self):
|
||||||
"""Test invalid with username (no user fields are enabled)"""
|
"""Test invalid with username (no user fields are enabled)"""
|
||||||
|
|
|
@ -7425,6 +7425,11 @@
|
||||||
"show_source_labels": {
|
"show_source_labels": {
|
||||||
"type": "boolean",
|
"type": "boolean",
|
||||||
"title": "Show source labels"
|
"title": "Show source labels"
|
||||||
|
},
|
||||||
|
"pretend_user_exists": {
|
||||||
|
"type": "boolean",
|
||||||
|
"title": "Pretend user exists",
|
||||||
|
"description": "When enabled, the stage will succeed and continue even when incorrect user info is entered."
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"required": []
|
"required": []
|
||||||
|
|
12
schema.yml
12
schema.yml
|
@ -32013,6 +32013,10 @@ components:
|
||||||
description: Specify which sources should be shown.
|
description: Specify which sources should be shown.
|
||||||
show_source_labels:
|
show_source_labels:
|
||||||
type: boolean
|
type: boolean
|
||||||
|
pretend_user_exists:
|
||||||
|
type: boolean
|
||||||
|
description: When enabled, the stage will succeed and continue even when
|
||||||
|
incorrect user info is entered.
|
||||||
required:
|
required:
|
||||||
- component
|
- component
|
||||||
- meta_model_name
|
- meta_model_name
|
||||||
|
@ -32077,6 +32081,10 @@ components:
|
||||||
description: Specify which sources should be shown.
|
description: Specify which sources should be shown.
|
||||||
show_source_labels:
|
show_source_labels:
|
||||||
type: boolean
|
type: boolean
|
||||||
|
pretend_user_exists:
|
||||||
|
type: boolean
|
||||||
|
description: When enabled, the stage will succeed and continue even when
|
||||||
|
incorrect user info is entered.
|
||||||
required:
|
required:
|
||||||
- name
|
- name
|
||||||
InstallID:
|
InstallID:
|
||||||
|
@ -36560,6 +36568,10 @@ components:
|
||||||
description: Specify which sources should be shown.
|
description: Specify which sources should be shown.
|
||||||
show_source_labels:
|
show_source_labels:
|
||||||
type: boolean
|
type: boolean
|
||||||
|
pretend_user_exists:
|
||||||
|
type: boolean
|
||||||
|
description: When enabled, the stage will succeed and continue even when
|
||||||
|
incorrect user info is entered.
|
||||||
PatchedInvitationRequest:
|
PatchedInvitationRequest:
|
||||||
type: object
|
type: object
|
||||||
description: Invitation Serializer
|
description: Invitation Serializer
|
||||||
|
|
|
@ -68,7 +68,7 @@ export class IdentificationStageForm extends ModelForm<IdentificationStage, stri
|
||||||
}
|
}
|
||||||
|
|
||||||
renderForm(): TemplateResult {
|
renderForm(): TemplateResult {
|
||||||
return html` <span>
|
return html`<span>
|
||||||
${msg("Let the user identify themselves with their username or Email address.")}
|
${msg("Let the user identify themselves with their username or Email address.")}
|
||||||
</span>
|
</span>
|
||||||
<ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
|
<ak-form-element-horizontal label=${msg("Name")} ?required=${true} name="name">
|
||||||
|
@ -169,6 +169,26 @@ export class IdentificationStageForm extends ModelForm<IdentificationStage, stri
|
||||||
)}
|
)}
|
||||||
</p>
|
</p>
|
||||||
</ak-form-element-horizontal>
|
</ak-form-element-horizontal>
|
||||||
|
<ak-form-element-horizontal name="pretendUserExists">
|
||||||
|
<label class="pf-c-switch">
|
||||||
|
<input
|
||||||
|
class="pf-c-switch__input"
|
||||||
|
type="checkbox"
|
||||||
|
?checked=${first(this.instance?.pretendUserExists, true)}
|
||||||
|
/>
|
||||||
|
<span class="pf-c-switch__toggle">
|
||||||
|
<span class="pf-c-switch__toggle-icon">
|
||||||
|
<i class="fas fa-check" aria-hidden="true"></i>
|
||||||
|
</span>
|
||||||
|
</span>
|
||||||
|
<span class="pf-c-switch__label">${msg("Pretend user exists")}</span>
|
||||||
|
</label>
|
||||||
|
<p class="pf-c-form__helper-text">
|
||||||
|
${msg(
|
||||||
|
"When enabled, the stage will always accept the given user identifier and continue.",
|
||||||
|
)}
|
||||||
|
</p>
|
||||||
|
</ak-form-element-horizontal>
|
||||||
<ak-form-element-horizontal name="showMatchedUser">
|
<ak-form-element-horizontal name="showMatchedUser">
|
||||||
<label class="pf-c-switch">
|
<label class="pf-c-switch">
|
||||||
<input
|
<input
|
||||||
|
|
|
@ -6069,6 +6069,12 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s824e0943a7104668">
|
<trans-unit id="s824e0943a7104668">
|
||||||
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s62e7f6ed7d9cb3ca">
|
||||||
|
<source>Pretend user exists</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s52bdc80690a9a8dc">
|
||||||
|
<source>When enabled, the stage will always accept the given user identifier and continue.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
|
@ -6346,6 +6346,12 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s824e0943a7104668">
|
<trans-unit id="s824e0943a7104668">
|
||||||
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s62e7f6ed7d9cb3ca">
|
||||||
|
<source>Pretend user exists</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s52bdc80690a9a8dc">
|
||||||
|
<source>When enabled, the stage will always accept the given user identifier and continue.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
|
@ -5985,6 +5985,12 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s824e0943a7104668">
|
<trans-unit id="s824e0943a7104668">
|
||||||
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s62e7f6ed7d9cb3ca">
|
||||||
|
<source>Pretend user exists</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s52bdc80690a9a8dc">
|
||||||
|
<source>When enabled, the stage will always accept the given user identifier and continue.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
|
@ -7971,6 +7971,12 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s824e0943a7104668">
|
<trans-unit id="s824e0943a7104668">
|
||||||
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s62e7f6ed7d9cb3ca">
|
||||||
|
<source>Pretend user exists</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s52bdc80690a9a8dc">
|
||||||
|
<source>When enabled, the stage will always accept the given user identifier and continue.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
|
@ -6193,6 +6193,12 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s824e0943a7104668">
|
<trans-unit id="s824e0943a7104668">
|
||||||
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s62e7f6ed7d9cb3ca">
|
||||||
|
<source>Pretend user exists</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s52bdc80690a9a8dc">
|
||||||
|
<source>When enabled, the stage will always accept the given user identifier and continue.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
|
@ -7871,4 +7871,10 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
<trans-unit id="s824e0943a7104668">
|
<trans-unit id="s824e0943a7104668">
|
||||||
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
|
<trans-unit id="s62e7f6ed7d9cb3ca">
|
||||||
|
<source>Pretend user exists</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s52bdc80690a9a8dc">
|
||||||
|
<source>When enabled, the stage will always accept the given user identifier and continue.</source>
|
||||||
|
</trans-unit>
|
||||||
</body></file></xliff>
|
</body></file></xliff>
|
||||||
|
|
|
@ -5978,6 +5978,12 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s824e0943a7104668">
|
<trans-unit id="s824e0943a7104668">
|
||||||
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s62e7f6ed7d9cb3ca">
|
||||||
|
<source>Pretend user exists</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s52bdc80690a9a8dc">
|
||||||
|
<source>When enabled, the stage will always accept the given user identifier and continue.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
<?xml version="1.0" ?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
|
<?xml version="1.0"?><xliff xmlns="urn:oasis:names:tc:xliff:document:1.2" version="1.2">
|
||||||
<file target-language="zh-Hans" source-language="en" original="lit-localize-inputs" datatype="plaintext">
|
<file target-language="zh-Hans" source-language="en" original="lit-localize-inputs" datatype="plaintext">
|
||||||
<body>
|
<body>
|
||||||
<trans-unit id="s4caed5b7a7e5d89b">
|
<trans-unit id="s4caed5b7a7e5d89b">
|
||||||
|
@ -613,9 +613,9 @@
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="saa0e2675da69651b">
|
<trans-unit id="saa0e2675da69651b">
|
||||||
<source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
|
<source>The URL "<x id="0" equiv-text="${this.url}"/>" was not found.</source>
|
||||||
<target>未找到 URL "
|
<target>未找到 URL "
|
||||||
<x id="0" equiv-text="${this.url}"/>"。</target>
|
<x id="0" equiv-text="${this.url}"/>"。</target>
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s58cd9c2fe836d9c6">
|
<trans-unit id="s58cd9c2fe836d9c6">
|
||||||
|
@ -1057,8 +1057,8 @@
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="sa8384c9c26731f83">
|
<trans-unit id="sa8384c9c26731f83">
|
||||||
<source>To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have.</source>
|
<source>To allow any redirect URI, set this value to ".*". Be aware of the possible security implications this can have.</source>
|
||||||
<target>要允许任何重定向 URI,请将此值设置为 ".*"。请注意这可能带来的安全影响。</target>
|
<target>要允许任何重定向 URI,请将此值设置为 ".*"。请注意这可能带来的安全影响。</target>
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s55787f4dfcdce52b">
|
<trans-unit id="s55787f4dfcdce52b">
|
||||||
|
@ -1799,8 +1799,8 @@
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="sa90b7809586c35ce">
|
<trans-unit id="sa90b7809586c35ce">
|
||||||
<source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
|
<source>Either input a full URL, a relative path, or use 'fa://fa-test' to use the Font Awesome icon "fa-test".</source>
|
||||||
<target>输入完整 URL、相对路径,或者使用 'fa://fa-test' 来使用 Font Awesome 图标 "fa-test"。</target>
|
<target>输入完整 URL、相对路径,或者使用 'fa://fa-test' 来使用 Font Awesome 图标 "fa-test"。</target>
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s0410779cb47de312">
|
<trans-unit id="s0410779cb47de312">
|
||||||
|
@ -2988,8 +2988,8 @@ doesn't pass when either or both of the selected options are equal or above the
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s76768bebabb7d543">
|
<trans-unit id="s76768bebabb7d543">
|
||||||
<source>Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'</source>
|
<source>Field which contains members of a group. Note that if using the "memberUid" field, the value is assumed to contain a relative distinguished name. e.g. 'memberUid=some-user' instead of 'memberUid=cn=some-user,ou=groups,...'</source>
|
||||||
<target>包含组成员的字段。请注意,如果使用 "memberUid" 字段,则假定该值包含相对可分辨名称。例如,'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...'</target>
|
<target>包含组成员的字段。请注意,如果使用 "memberUid" 字段,则假定该值包含相对可分辨名称。例如,'memberUid=some-user' 而不是 'memberUid=cn=some-user,ou=groups,...'</target>
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s026555347e589f0e">
|
<trans-unit id="s026555347e589f0e">
|
||||||
|
@ -3781,8 +3781,8 @@ doesn't pass when either or both of the selected options are equal or above the
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s7b1fba26d245cb1c">
|
<trans-unit id="s7b1fba26d245cb1c">
|
||||||
<source>When using an external logging solution for archiving, this can be set to "minutes=5".</source>
|
<source>When using an external logging solution for archiving, this can be set to "minutes=5".</source>
|
||||||
<target>使用外部日志记录解决方案进行存档时,可以将其设置为 "minutes=5"。</target>
|
<target>使用外部日志记录解决方案进行存档时,可以将其设置为 "minutes=5"。</target>
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s44536d20bb5c8257">
|
<trans-unit id="s44536d20bb5c8257">
|
||||||
|
@ -3791,8 +3791,8 @@ doesn't pass when either or both of the selected options are equal or above the
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s3bb51cabb02b997e">
|
<trans-unit id="s3bb51cabb02b997e">
|
||||||
<source>Format: "weeks=3;days=2;hours=3,seconds=2".</source>
|
<source>Format: "weeks=3;days=2;hours=3,seconds=2".</source>
|
||||||
<target>格式:"weeks=3;days=2;hours=3,seconds=2"。</target>
|
<target>格式:"weeks=3;days=2;hours=3,seconds=2"。</target>
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s04bfd02201db5ab8">
|
<trans-unit id="s04bfd02201db5ab8">
|
||||||
|
@ -3988,10 +3988,10 @@ doesn't pass when either or both of the selected options are equal or above the
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="sa95a538bfbb86111">
|
<trans-unit id="sa95a538bfbb86111">
|
||||||
<source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
|
<source>Are you sure you want to update <x id="0" equiv-text="${this.objectLabel}"/> "<x id="1" equiv-text="${this.obj?.name}"/>"?</source>
|
||||||
<target>您确定要更新
|
<target>您确定要更新
|
||||||
<x id="0" equiv-text="${this.objectLabel}"/>"
|
<x id="0" equiv-text="${this.objectLabel}"/>"
|
||||||
<x id="1" equiv-text="${this.obj?.name}"/>" 吗?</target>
|
<x id="1" equiv-text="${this.obj?.name}"/>" 吗?</target>
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="sc92d7cfb6ee1fec6">
|
<trans-unit id="sc92d7cfb6ee1fec6">
|
||||||
|
@ -5077,7 +5077,7 @@ doesn't pass when either or both of the selected options are equal or above the
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="sdf1d8edef27236f0">
|
<trans-unit id="sdf1d8edef27236f0">
|
||||||
<source>A "roaming" authenticator, like a YubiKey</source>
|
<source>A "roaming" authenticator, like a YubiKey</source>
|
||||||
<target>像 YubiKey 这样的“漫游”身份验证器</target>
|
<target>像 YubiKey 这样的“漫游”身份验证器</target>
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
|
@ -5412,10 +5412,10 @@ doesn't pass when either or both of the selected options are equal or above the
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s2d5f69929bb7221d">
|
<trans-unit id="s2d5f69929bb7221d">
|
||||||
<source><x id="0" equiv-text="${prompt.name}"/> ("<x id="1" equiv-text="${prompt.fieldKey}"/>", of type <x id="2" equiv-text="${prompt.type}"/>)</source>
|
<source><x id="0" equiv-text="${prompt.name}"/> ("<x id="1" equiv-text="${prompt.fieldKey}"/>", of type <x id="2" equiv-text="${prompt.type}"/>)</source>
|
||||||
<target>
|
<target>
|
||||||
<x id="0" equiv-text="${prompt.name}"/>("
|
<x id="0" equiv-text="${prompt.name}"/>("
|
||||||
<x id="1" equiv-text="${prompt.fieldKey}"/>",类型为
|
<x id="1" equiv-text="${prompt.fieldKey}"/>",类型为
|
||||||
<x id="2" equiv-text="${prompt.type}"/>)</target>
|
<x id="2" equiv-text="${prompt.type}"/>)</target>
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
|
@ -5464,7 +5464,7 @@ doesn't pass when either or both of the selected options are equal or above the
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s1608b2f94fa0dbd4">
|
<trans-unit id="s1608b2f94fa0dbd4">
|
||||||
<source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
|
<source>If set to a duration above 0, the user will have the option to choose to "stay signed in", which will extend their session by the time specified here.</source>
|
||||||
<target>如果设置时长大于 0,用户可以选择“保持登录”选项,这将使用户的会话延长此处设置的时间。</target>
|
<target>如果设置时长大于 0,用户可以选择“保持登录”选项,这将使用户的会话延长此处设置的时间。</target>
|
||||||
|
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
|
@ -7978,9 +7978,15 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
<target>成功创建用户并添加到组 <x id="0" equiv-text="${this.group.name}"/></target>
|
<target>成功创建用户并添加到组 <x id="0" equiv-text="${this.group.name}"/></target>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s824e0943a7104668">
|
<trans-unit id="s824e0943a7104668">
|
||||||
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
||||||
<target>此用户将会被添加到组 &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;。</target>
|
<target>此用户将会被添加到组 &quot;<x id="0" equiv-text="${this.targetGroup.name}"/>&quot;。</target>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s62e7f6ed7d9cb3ca">
|
||||||
|
<source>Pretend user exists</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s52bdc80690a9a8dc">
|
||||||
|
<source>When enabled, the stage will always accept the given user identifier and continue.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
</xliff>
|
</xliff>
|
||||||
|
|
|
@ -6026,6 +6026,12 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s824e0943a7104668">
|
<trans-unit id="s824e0943a7104668">
|
||||||
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s62e7f6ed7d9cb3ca">
|
||||||
|
<source>Pretend user exists</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s52bdc80690a9a8dc">
|
||||||
|
<source>When enabled, the stage will always accept the given user identifier and continue.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
|
@ -6025,6 +6025,12 @@ Bindings to groups/users are checked against the user of the event.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
<trans-unit id="s824e0943a7104668">
|
<trans-unit id="s824e0943a7104668">
|
||||||
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
<source>This user will be added to the group "<x id="0" equiv-text="${this.targetGroup.name}"/>".</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s62e7f6ed7d9cb3ca">
|
||||||
|
<source>Pretend user exists</source>
|
||||||
|
</trans-unit>
|
||||||
|
<trans-unit id="s52bdc80690a9a8dc">
|
||||||
|
<source>When enabled, the stage will always accept the given user identifier and continue.</source>
|
||||||
</trans-unit>
|
</trans-unit>
|
||||||
</body>
|
</body>
|
||||||
</file>
|
</file>
|
||||||
|
|
|
@ -25,3 +25,11 @@ To prompt users for their password on the same step as identifying themselves, a
|
||||||
## Enrollment/Recovery Flow
|
## Enrollment/Recovery Flow
|
||||||
|
|
||||||
These fields specify if and which flows are linked on the form. The enrollment flow is linked as `Need an account? Sign up.`, and the recovery flow is linked as `Forgot username or password?`.
|
These fields specify if and which flows are linked on the form. The enrollment flow is linked as `Need an account? Sign up.`, and the recovery flow is linked as `Forgot username or password?`.
|
||||||
|
|
||||||
|
## Pretend user exists
|
||||||
|
|
||||||
|
:::info
|
||||||
|
Requires authentik 2024.1
|
||||||
|
:::
|
||||||
|
|
||||||
|
When enabled, any user identifier will be accepted as valid (as long as they match the correct format, i.e. when [User fields](#user-fields) is set to only allow Emails, then the identifier still needs to be an Email). The stage will succeed and the flow will continue to the next stage. Stages like the [Password stage](../password/index.md) and [Email stage](../email/index.mdx) are aware of this "pretend" user and will behave the same as if the user would exist.
|
||||||
|
|
|
@ -19,6 +19,10 @@ slug: "/releases/2024.1"
|
||||||
|
|
||||||
## New features
|
## New features
|
||||||
|
|
||||||
|
- "Pretend user exists" option for Identification stage
|
||||||
|
|
||||||
|
Previously the identification stage would only continue if a user matching the user identifier exists. While this was the intended functionality, this release adds an option to continue to the next stage even if no matching user was found. "Pretend" users cannot authenticate nor receive emails, and don't exist in the database. **This feature is enabled by default.**
|
||||||
|
|
||||||
## Upgrading
|
## Upgrading
|
||||||
|
|
||||||
This release does not introduce any new requirements.
|
This release does not introduce any new requirements.
|
||||||
|
|
Reference in New Issue