stages/identification: add UPN

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

authentik/stages/identification/models.py

@@ -17,6 +17,7 @@ class UserFields(models.TextChoices):
 
     E_MAIL = "email"
     USERNAME = "username"
+    UPN = "upn"
 
 
 class IdentificationStage(Stage):

authentik/stages/identification/stage.py

@@ -96,7 +96,11 @@ class IdentificationStageView(ChallengeStageView):
         current_stage: IdentificationStage = self.executor.current_stage
         query = Q()
         for search_field in current_stage.user_fields:
-            model_field = search_field
+            model_field = {
+                "email": "email",
+                "username": "username",
+                "upn": "attributes__upn",
+            }[search_field]
             if current_stage.case_insensitive_matching:
                 model_field += "__iexact"
             else:

schema.yml

@@ -27687,6 +27687,7 @@ components:
       enum:
       - email
       - username
+      - upn
       type: string
     UserLoginStage:
       type: object

web/src/flows/stages/identification/IdentificationStage.ts

@@ -11,7 +11,7 @@ import PFAlert from "@patternfly/patternfly/components/Alert/alert.css";
 import AKGlobal from "../../../authentik.css";
 import "../../../elements/forms/FormElement";
 import "../../../elements/EmptyState";
-import { FlowChallengeRequest, IdentificationChallenge, IdentificationChallengeResponseRequest, UILoginButton } from "authentik-api";
+import { FlowChallengeRequest, IdentificationChallenge, IdentificationChallengeResponseRequest, UILoginButton, UserFieldsEnum } from "authentik-api";
 
 export const PasswordManagerPrefill: {
     password: string | undefined;
@@ -149,13 +149,18 @@ export class IdentificationStage extends BaseStage<IdentificationChallenge, Iden
                 ${t`Select one of the sources below to login.`}
             </p>`;
         }
-        if (this.challenge?.userFields === ["email"]) {
+        const fields = this.challenge?.userFields.sort() || [];
+        if (fields === [UserFieldsEnum.Email]) {
             label = t`Email`;
             type = "email";
-        } else if (this.challenge?.userFields === ["username"]) {
+        } else if (fields === [UserFieldsEnum.Username]) {
             label = t`Username`;
-        } else {
+        } else if (fields === [UserFieldsEnum.Upn]) {
+            label = t`UPN`;
+        } else if (fields === [UserFieldsEnum.Email, UserFieldsEnum.Username]) {
             label = t`Email or username`;
+        } else {
+            label = t`Email, UPN or username`;
         }
         return html`<ak-form-element
                 label=${label}

web/src/locales/en.po

@@ -674,11 +674,14 @@ msgstr "Configuration"
 #: src/pages/stages/authenticator_duo/AuthenticatorDuoStageForm.ts
 #: src/pages/stages/authenticator_static/AuthenticatorStaticStageForm.ts
 #: src/pages/stages/authenticator_totp/AuthenticatorTOTPStageForm.ts
-#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
 #: src/pages/stages/password/PasswordStageForm.ts
 msgid "Configuration flow"
 msgstr "Configuration flow"
 
+#: src/pages/stages/authenticator_validate/AuthenticatorValidateStageForm.ts
+msgid "Configuration stage"
+msgstr "Configuration stage"
+
 #: src/pages/user-settings/settings/UserSettingsAuthenticatorWebAuthn.ts
 msgid "Configure WebAuthn"
 msgstr "Configure WebAuthn"
@@ -1287,6 +1290,10 @@ msgstr "Email info:"
 msgid "Email or username"
 msgstr "Email or username"
 
+#: src/flows/stages/identification/IdentificationStage.ts
+msgid "Email, UPN or username"
+msgstr "Email, UPN or username"
+
 #: src/pages/stages/prompt/PromptForm.ts
 msgid "Email: Text field with Email type."
 msgstr "Email: Text field with Email type."
@@ -3981,6 +3988,11 @@ msgstr "UI settings"
 msgid "UID"
 msgstr "UID"
 
+#: src/flows/stages/identification/IdentificationStage.ts
+#: src/pages/stages/identification/IdentificationStageForm.ts
+msgid "UPN"
+msgstr "UPN"
+
 #: src/pages/sources/oauth/OAuthSourceForm.ts
 msgid "URL settings"
 msgstr "URL settings"
@@ -4529,6 +4541,10 @@ msgstr "authentik Builtin Database"
 msgid "authentik LDAP Backend"
 msgstr "authentik LDAP Backend"
 
+#: src/elements/forms/DeleteForm.ts
+msgid "connecting object will be deleted"
+msgstr "connecting object will be deleted"
+
 #: src/elements/Tabs.ts
 msgid "no tabs defined"
 msgstr "no tabs defined"

web/src/locales/pseudo-LOCALE.po

@@ -669,10 +669,13 @@ msgstr ""
 #: 
 #: 
 #: 
-#: 
 msgid "Configuration flow"
 msgstr ""
 
+#: 
+msgid "Configuration stage"
+msgstr ""
+
 #: 
 msgid "Configure WebAuthn"
 msgstr ""
@@ -1279,6 +1282,10 @@ msgstr ""
 msgid "Email or username"
 msgstr ""
 
+#: 
+msgid "Email, UPN or username"
+msgstr ""
+
 #: 
 msgid "Email: Text field with Email type."
 msgstr ""
@@ -3969,6 +3976,11 @@ msgstr ""
 msgid "UID"
 msgstr ""
 
+#: 
+#: 
+msgid "UPN"
+msgstr ""
+
 #: 
 msgid "URL settings"
 msgstr ""
@@ -4515,6 +4527,10 @@ msgstr ""
 msgid "authentik LDAP Backend"
 msgstr ""
 
+#: 
+msgid "connecting object will be deleted"
+msgstr ""
+
 #: 
 msgid "no tabs defined"
 msgstr ""

web/src/pages/stages/identification/IdentificationStageForm.ts

@@ -72,6 +72,9 @@ export class IdentificationStageForm extends ModelForm<IdentificationStage, stri
                             <option value=${UserFieldsEnum.Email} ?selected=${this.isUserFieldSelected(UserFieldsEnum.Email)}>
                                 ${t`Email`}
                             </option>
+                            <option value=${UserFieldsEnum.Upn} ?selected=${this.isUserFieldSelected(UserFieldsEnum.Upn)}>
+                                ${t`UPN`}
+                            </option>
                         </select>
                         <p class="pf-c-form__helper-text">${t`Fields a user can identify themselves with. If no fields are selected, the user will only be able to use sources.`}</p>
                         <p class="pf-c-form__helper-text">${t`Hold control/command to select multiple items.`}</p>