trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: add example for login flow

This commit is contained in:
Jens Langhammer 2020-06-05 17:29:08 +02:00
parent 0c5aff21bc
commit 6a7ffa855e
13 changed files with 51 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
docs/flow/examples/login.md Normal file
View File

@ -0,0 +1,36 @@
# Login Flow
This document describes how a simple authentication flow can be created.
This flow is created automatically when passbook is installed.
1. Create an **Identification** stage
> Here you can select whichever fields the user can identify themselves with
> Select the Template **Default Login**, as this template shows the (optional) Flows
> Here you can also link optional enrollment and recovery flows.
2. Create a **Password** stage
> Select the Backend you want the password to be checked against. Select "passbook-internal Userdatabase".
3. Create a **User Login** stage
> This stage doesn't have any options.
4. Create a flow
> Create a flow with the delegation of **Authentication**
> Assign a name and a slug. The slug is used in the URL when the flow is executed.
5. Bind the stages to the flow
> Bind the **Identification** Stage with an order of 0
> Bind the **Password** Stage with an order of 1
> Bind the **User Login** Stage with an order of 2
![](login.png)
!!! notice
This flow can used by any user, authenticated and un-authenticated. This means any authenticated user that visits this flow can login again.

BIN
docs/flow/examples/login.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 110 KiB

18
docs/flow/flows.md
View File

@ -2,7 +2,7 @@
Flows are a method of describing a sequence of stages. A stage represents a single verification or logic step. They are used to authenticate users, enroll them, and more. Flows are a method of describing a sequence of stages. A stage represents a single verification or logic step. They are used to authenticate users, enroll them, and more.
Upon Flow execution, a plan is generated, which contains all stages. This means upon execution, all attached policies are evaluated. This behaviour can be altered by enabling the `Re-evaluate Policies` option on the binding. Upon Flow execution, a plan is generated, which contains all stages. This means upon execution, all attached policies are evaluated. This behaviour can be altered by enabling the **Re-evaluate Policies** option on the binding.
To determine which flow is linked, passbook searches all Flows with the required designation and chooses the first instance the current user has access to. To determine which flow is linked, passbook searches all Flows with the required designation and chooses the first instance the current user has access to.
@ -18,28 +18,28 @@ Flows are designated for a single Purpose. This designation changes when a Flow
This is designates a flow to be used for authentication. This is designates a flow to be used for authentication.
The authentication flow should always contain a `user_login` stage, which attaches the staged user to the current session. The authentication flow should always contain a [**User Login**](stages/user_login.md) stage, which attaches the staged user to the current session.
### Invalidation ### Invalidation
This designates a flow to be used for the invalidation of a session. This designates a flow to be used for the invalidation of a session.
This stage should always contain a `user_logout` stage, which resets the current session. This stage should always contain a [**User Logout**](stages/user_logout.md) stage, which resets the current session.
### Enrollment ### Enrollment
This designates a flow for enrollment. This flow can contain any amount of Prompt stages, E-Mail verification or Captchas. At the end to create the user, you can use the `user_write` stage, which either updates the currently staged user, or if none exists, creates a new one. This designates a flow for enrollment. This flow can contain any amount of Prompt stages, E-Mail verification or Captchas. At the end to create the user, you can use the [**User Write**](stages/user_write.md) stage, which either updates the currently staged user, or if none exists, creates a new one.
### Unenrollment ### Unenrollment
This designates a flow for unenrollment. This flow can contain any amount of verification, like `email` or captcha. To finally delete the account, use the `user_delete` stage. This designates a flow for unenrollment. This flow can contain any amount of verification, like [**E-Mail**](stages/email/index.md) or [**Captcha**](stages/captcha/index.md). To finally delete the account, use the [**User Delete**](stages/user_delete.md) stage.
### Recovery ### Recovery
This designates a flow for recovery. This flow normally contains an `identification` stage to find the user. Then it can contain any amount of verification, like `email` or captcha. This designates a flow for recovery. This flow normally contains an [**Identification**](stages/identification/index.md) stage to find the user. Then it can contain any amount of verification, like [**E-Mail**](stages/email/index.md) or [**Captcha**](stages/captcha/index.md).
Afterwards, use the `prompt` stage to ask the user for a new password and use `user_write` to update the password. Afterwards, use the [**Prompt**](stages/prompt/index.md) stage to ask the user for a new password and use [**User Write**](stages/user_write.md) to update the password.
### Change Password ### Change Password
This designates a flow for password changing. This flow can contain any amount of verification, like `email` or captcha. This designates a flow for password changing. This flow can contain any amount of verification, like [**E-Mail**](stages/email/index.md) or [**Captcha**](stages/captcha/index.md).
Afterwards, use the `prompt` stage to ask the user for a new password and use `user_write` to update the password. Afterwards, use the [**Prompt**](stages/prompt/index.md) stage to ask the user for a new password and use [**User Write**](stages/user_write.md) to update the password.

0
docs/flow/stages/captcha/captcha.md → docs/flow/stages/captcha/index.md
View File

0
docs/flow/stages/dummy/dummy.md → docs/flow/stages/dummy/index.md
View File

0
docs/flow/stages/email/email.md → docs/flow/stages/email/index.md
View File

0
docs/flow/stages/identification/identification.md → docs/flow/stages/identification/index.md
View File

0
docs/flow/stages/invitation/invitation.md → docs/flow/stages/invitation/index.md
View File

0
docs/flow/stages/otp/otp.md → docs/flow/stages/otp/index.md
View File

0
docs/flow/stages/password/password.md → docs/flow/stages/password/index.md
View File

0
docs/flow/stages/prompt/prompt.md → docs/flow/stages/prompt/index.md
View File

5
mkdocs.yml
View File

@ -8,7 +8,10 @@ nav:
- Installation: - Installation:
- docker-compose: installation/docker-compose.md - docker-compose: installation/docker-compose.md
- Kubernetes: installation/kubernetes.md - Kubernetes: installation/kubernetes.md
- Flows: flow/flows.md - Flows:
Overview: flow/flows.md
Examples:
- Login: flow/examples/login.md
- Stages: - Stages:
- Captcha Stage: flow/stages/captcha/captcha.md - Captcha Stage: flow/stages/captcha/captcha.md
- Dummy Stage: flow/stages/dummy/dummy.md - Dummy Stage: flow/stages/dummy/dummy.md

2
passbook/admin/templates/administration/stage/list.html
View File

@ -62,6 +62,8 @@
<ul> <ul>
{% for flow in stage.flow_set.all %} {% for flow in stage.flow_set.all %}
<li><a href="{% url 'passbook_admin:flow-update' pk=flow.pk %}">{{ flow.slug }}</a></li> <li><a href="{% url 'passbook_admin:flow-update' pk=flow.pk %}">{{ flow.slug }}</a></li>
{% empty %}
<li>-</li>
{% endfor %} {% endfor %}
</ul> </ul>
</td> </td>