diff --git a/docs/Dockerfile b/docs/Dockerfile deleted file mode 100644 index d0953e867..000000000 --- a/docs/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -FROM python:3.8-slim-buster as builder - -WORKDIR /mkdocs - -RUN pip install mkdocs mkdocs-material - -COPY docs/ docs -COPY mkdocs.yml . - -RUN mkdocs build - -FROM nginx - -COPY --from=builder /mkdocs/site /usr/share/nginx/html diff --git a/docs/build.sh b/docs/build.sh new file mode 100755 index 000000000..3ca164253 --- /dev/null +++ b/docs/build.sh @@ -0,0 +1,3 @@ +#!/bin/bash -x +pip install -U mkdocs mkdocs-material +mkdocs gh-deploy diff --git a/docs/flow/stages/email/email-recovery.png b/docs/flow/stages/email/email-recovery.png new file mode 100644 index 000000000..26c0cccb8 Binary files /dev/null and b/docs/flow/stages/email/email-recovery.png differ diff --git a/docs/flow/stages/email/email.md b/docs/flow/stages/email/email.md new file mode 100644 index 000000000..c7f2f5e68 --- /dev/null +++ b/docs/flow/stages/email/email.md @@ -0,0 +1,5 @@ +# E-Mail + +This stage can be used for E-Mail verification. passbook's background worker will send an E-Mail using the specified connection details. When an E-Mail can't be delivered, it is automatically periodically retried. + +![](email-recovery.png) diff --git a/docs/flow/stages/identification/identification.md b/docs/flow/stages/identification/identification.md new file mode 100644 index 000000000..4096f40b0 --- /dev/null +++ b/docs/flow/stages/identification/identification.md @@ -0,0 +1,25 @@ +# Identification + +This stage provides a ready-to-go form for users to identify themselves. + +## Options + +### User Fields + +Select which fields the user can use to identify themselves. Multiple fields can be specified and separated with a comma. +Valid choices: + +- email +- username + +### Template + +This specifies which template is rendered. Currently there are two templates. + +The `Login` template shows configured Sources below the login form, as well as linking to the defined Enrollment and Recovery flows. + +The `Recovery` template shows only the form. + +### Enrollment/Recovery Flow + +These fields specify if and which flows are linked on the form. The enrollment flow is linked as `Need an account? Sign up.`, and the recovery flow is linked as `Forgot username or password?`. diff --git a/docs/flow/stages/invitation/invitation.md b/docs/flow/stages/invitation/invitation.md new file mode 100644 index 000000000..db01b83be --- /dev/null +++ b/docs/flow/stages/invitation/invitation.md @@ -0,0 +1,7 @@ +# Invitation Stage + +This stage can be used to invite users. You can use this enroll users with preset values. + +If the option `Continue Flow without Invitation`, this stage will continue when no invitation token is present. + +If you want to check if a user has used an invitation within a policy, you can check `request.context.invitation_in_effect`. diff --git a/docs/flow/stages/otp/otp.md b/docs/flow/stages/otp/otp.md new file mode 100644 index 000000000..c14f6af27 --- /dev/null +++ b/docs/flow/stages/otp/otp.md @@ -0,0 +1,7 @@ +# OTP Stage + +This stage offers a generic Time-based One-time Password authentication step. + +You can optionally enforce this step, which will force every user without OTP setup to configure it. + +This stage uses a 6-digit Code with a 30 second time-drift. This is currently not changeable. diff --git a/docs/flow/stages/password/password.md b/docs/flow/stages/password/password.md new file mode 100644 index 000000000..319b0f486 --- /dev/null +++ b/docs/flow/stages/password/password.md @@ -0,0 +1,3 @@ +# Password Stage + +This is a generic password prompt, which authenticates the currently `pending_user`. This stage allows the selection of the Backend the user is authenticated against. diff --git a/docs/flow/stages/prompt/prompt.md b/docs/flow/stages/prompt/prompt.md new file mode 100644 index 000000000..fa95e5e47 --- /dev/null +++ b/docs/flow/stages/prompt/prompt.md @@ -0,0 +1,42 @@ +# Prompt Stage + +This stage is used to show the user arbitrary prompts. + +## Prompt + +The prompt can be any of the following types: + +| | | +|----------|------------------------------------------------------------------| +| text | Arbitrary text, no client-side validation is done. | +| email | E-Mail input, requires a valid E-Mail adress | +| password | Password Input | +| number | Number Input, any number is allowed | +| checkbox | Simple Checkbox | +| hidden | Hidden Input field, allows for the pre-setting of default values | + +A Prompt has the following attributes: + +### `field_key` + +HTML name used for the prompt. This key is also used to later retrieve the data in expression policies: + +```jinja2 +{{ request.context.prompt_data. }} +``` + +### `label` + +Label used to describe the Field. This might not be shown depending on the template selected. + +### `required` + +Flag that decides whether or not this field is required. + +### `placeholder` + +Field placeholder, shown within the input field. This field is also used by the `hidden` type as the actual value. + +### `order` + +Numerical index of the prompt. This applies to all stages this prompt is a part of. diff --git a/docs/flow/stages/prompt/validation.md b/docs/flow/stages/prompt/validation.md new file mode 100644 index 000000000..8c1ac4f28 --- /dev/null +++ b/docs/flow/stages/prompt/validation.md @@ -0,0 +1,17 @@ +# Prompt Validation + +Further validation of prompts can be done using policies. + +To validate that two password fields are identical, create the following expression policy: + +```jinja2 +{% if request.context.prompt_data.password == request.context.prompt_data.password_repeat %} +True +{% else %} +{% do pb_message("Passwords don't match.") %} +False +{% endif %} +``` +This policy expects you two have two password fields with `field_key` set to `password` and `password_repeat`. + +Afterwards bind this policy to the prompt stage you want to validate. diff --git a/docs/flow/stages/user_delete.md b/docs/flow/stages/user_delete.md new file mode 100644 index 000000000..040337a81 --- /dev/null +++ b/docs/flow/stages/user_delete.md @@ -0,0 +1,8 @@ +# User Delete Stage + +!!! danger + This stage deletes the `pending_user` without any confirmation. You have to make sure the user is aware of this. + +This stage is intended for an unenrollment flow. It deletes the currently pending user. + +The pending user is also removed from the current session. diff --git a/docs/flow/stages/user_login.md b/docs/flow/stages/user_login.md new file mode 100644 index 000000000..ab3f18d6c --- /dev/null +++ b/docs/flow/stages/user_login.md @@ -0,0 +1,5 @@ +# User Login Stage + +This stage attaches a currently pending user to the current session. + +It can be used after `user_write` during an enrollment flow, or after a `password` stage during an authentication flow. diff --git a/docs/flow/stages/user_logout.md b/docs/flow/stages/user_logout.md new file mode 100644 index 000000000..47c7b3b7b --- /dev/null +++ b/docs/flow/stages/user_logout.md @@ -0,0 +1,3 @@ +# User Logout Stage + +Opposite stage of [User Login Stages](user_login.md). It removes the user from the current session. diff --git a/docs/flow/stages/user_write.md b/docs/flow/stages/user_write.md new file mode 100644 index 000000000..9fd718ce0 --- /dev/null +++ b/docs/flow/stages/user_write.md @@ -0,0 +1,3 @@ +# User Write Stage + +This stages writes data from the current context to the current pending user. If no user is pending, a new one is created. diff --git a/docs/k8s/deployment.yml b/docs/k8s/deployment.yml deleted file mode 100644 index 616245cbb..000000000 --- a/docs/k8s/deployment.yml +++ /dev/null @@ -1,33 +0,0 @@ ---- -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: passbook-docs - namespace: prod-passbook-docs - labels: - app.kubernetes.io/name: passbook-docs - app.kubernetes.io/managed-by: passbook-docs -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/name: passbook-docs - template: - metadata: - labels: - app.kubernetes.io/name: passbook-docs - spec: - containers: - - name: passbook-docs - image: "beryju/passbook-docs:latest" - ports: - - name: http - containerPort: 80 - protocol: TCP - resources: - limits: - cpu: 10m - memory: 20Mi - requests: - cpu: 10m - memory: 20Mi diff --git a/docs/k8s/ingress.yml b/docs/k8s/ingress.yml deleted file mode 100644 index 210826cad..000000000 --- a/docs/k8s/ingress.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - labels: - app.kubernetes.io/name: passbook-docs - name: passbook-docs - namespace: prod-passbook-docs -spec: - rules: - - host: docs.passbook.beryju.org - http: - paths: - - backend: - serviceName: passbook-docs-http - servicePort: http - path: / - tls: - - hosts: - - docs.passbook.beryju.org - secretName: passbook-docs-acme diff --git a/docs/k8s/service.yml b/docs/k8s/service.yml deleted file mode 100644 index 0e83a1a8a..000000000 --- a/docs/k8s/service.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -apiVersion: v1 -kind: Service -metadata: - name: passbook-docs-http - namespace: prod-passbook-docs - labels: - app.kubernetes.io/name: passbook-docs -spec: - type: ClusterIP - ports: - - port: 80 - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: passbook-docs diff --git a/mkdocs.yml b/mkdocs.yml index cc2d5e525..e9f173113 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -12,11 +12,12 @@ nav: - Captcha Stage: flow/stages/captcha/captcha.md - Dummy Stage: flow/stages/dummy/dummy.md - E-Mail Stage: flow/stages/email/email.md - - Identification Stage: flow/stages/identification.md - - Invitation Stage: flow/stages/invitation.md - - OTP Stage: flow/stages/otp.md - - Password Stage: flow/stages/password.md - - Prompt Stage: flow/stages/prompt.md + - Identification Stage: flow/stages/identification/identification.md + - Invitation Stage: flow/stages/invitation/invitation.md + - OTP Stage: flow/stages/otp/otp.md + - Password Stage: flow/stages/password/password.md + - Prompt Stage: flow/stages/prompt/prompt.md + - Prompt Stage Validation: flow/stages/prompt/validation.md - User Delete Stage: flow/stages/user_delete.md - User Login Stage: flow/stages/user_login.md - User Logout Stage: flow/stages/user_logout.md diff --git a/passbook/stages/invitation/stage.py b/passbook/stages/invitation/stage.py index 2ec3a5de7..be1582775 100644 --- a/passbook/stages/invitation/stage.py +++ b/passbook/stages/invitation/stage.py @@ -7,6 +7,7 @@ from passbook.stages.invitation.models import Invitation, InvitationStage from passbook.stages.prompt.stage import PLAN_CONTEXT_PROMPT INVITATION_TOKEN_KEY = "token" +INVITATION_IN_EFFECT = "invitation_in_effect" class InvitationStageView(StageView): @@ -23,4 +24,5 @@ class InvitationStageView(StageView): token = request.GET[INVITATION_TOKEN_KEY] invite: Invitation = get_object_or_404(Invitation, pk=token) self.executor.plan.context[PLAN_CONTEXT_PROMPT] = invite.fixed_data + self.executor.plan.context[INVITATION_IN_EFFECT] = True return self.executor.stage_ok()