From 882250a85e5445c72029f2fd4c4126f8c4359945 Mon Sep 17 00:00:00 2001 From: Jens L Date: Sat, 30 Jul 2022 23:55:58 +0200 Subject: [PATCH] flows: migrate flows to be yaml (#3335) * flows: migrate flows to be yaml Signed-off-by: Jens Langhammer * migrate flows to yaml Signed-off-by: Jens Langhammer --- .vscode/settings.json | 2 +- authentik/flows/api/flows.py | 6 +- authentik/flows/tests/test_transfer.py | 17 +- authentik/flows/transfer/common.py | 17 + authentik/flows/transfer/exporter.py | 6 +- authentik/flows/transfer/importer.py | 6 +- website/docs/flow/index.md | 18 +- .../static/flows/enrollment-2-stage.akflow | 300 +++++------- .../enrollment-email-verification.akflow | 361 ++++++-------- website/static/flows/login-2fa.akflow | 233 ++++----- .../flows/login-conditional-captcha.akflow | 232 ++++----- .../flows/recovery-email-verification.akflow | 443 ++++++++---------- website/static/flows/unenrollment.akflow | 60 +-- 13 files changed, 708 insertions(+), 993 deletions(-) diff --git a/.vscode/settings.json b/.vscode/settings.json index 27c1b5626..a6c904700 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -21,7 +21,7 @@ "todo-tree.tree.showBadges": true, "python.formatting.provider": "black", "files.associations": { - "*.akflow": "json" + "*.akflow": "yaml" }, "typescript.preferences.importModuleSpecifier": "non-relative", "typescript.preferences.importModuleSpecifierEnding": "index", diff --git a/authentik/flows/api/flows.py b/authentik/flows/api/flows.py index 296a6976f..9015a94c4 100644 --- a/authentik/flows/api/flows.py +++ b/authentik/flows/api/flows.py @@ -3,7 +3,8 @@ from dataclasses import dataclass from django.core.cache import cache from django.db.models import Model -from django.http.response import HttpResponseBadRequest, JsonResponse +from django.http import HttpResponse +from django.http.response import HttpResponseBadRequest from django.urls import reverse from django.utils.translation import gettext as _ from drf_spectacular.types import OpenApiTypes @@ -29,7 +30,6 @@ from authentik.core.api.utils import ( from authentik.flows.exceptions import FlowNonApplicableException from authentik.flows.models import Flow from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlanner, cache_key -from authentik.flows.transfer.common import DataclassEncoder from authentik.flows.transfer.exporter import FlowExporter from authentik.flows.transfer.importer import FlowImporter from authentik.flows.views.executor import SESSION_KEY_HISTORY, SESSION_KEY_PLAN @@ -198,7 +198,7 @@ class FlowViewSet(UsedByMixin, ModelViewSet): """Export flow to .akflow file""" flow = self.get_object() exporter = FlowExporter(flow) - response = JsonResponse(exporter.export(), encoder=DataclassEncoder, safe=False) + response = HttpResponse(content=exporter.export_to_string()) response["Content-Disposition"] = f'attachment; filename="{flow.slug}.akflow"' return response diff --git a/authentik/flows/tests/test_transfer.py b/authentik/flows/tests/test_transfer.py index 67a13148b..5c60c478a 100644 --- a/authentik/flows/tests/test_transfer.py +++ b/authentik/flows/tests/test_transfer.py @@ -1,10 +1,9 @@ """Test flow transfer""" -from json import dumps - from django.test import TransactionTestCase +from yaml import dump from authentik.flows.models import Flow, FlowDesignation, FlowStageBinding -from authentik.flows.transfer.common import DataclassEncoder +from authentik.flows.transfer.common import DataclassDumper from authentik.flows.transfer.exporter import FlowExporter from authentik.flows.transfer.importer import FlowImporter, transaction_rollback from authentik.lib.generators import generate_id @@ -70,9 +69,9 @@ class TestFlowTransfer(TransactionTestCase): exporter = FlowExporter(flow) export = exporter.export() self.assertEqual(len(export.entries), 3) - export_json = exporter.export_to_string() + export_yaml = exporter.export_to_string() - importer = FlowImporter(export_json) + importer = FlowImporter(export_yaml) self.assertTrue(importer.validate()) self.assertTrue(importer.apply()) @@ -118,9 +117,9 @@ class TestFlowTransfer(TransactionTestCase): exporter = FlowExporter(flow) export = exporter.export() - export_json = dumps(export, cls=DataclassEncoder) + export_yaml = dump(export, Dumper=DataclassDumper) - importer = FlowImporter(export_json) + importer = FlowImporter(export_yaml) self.assertTrue(importer.validate()) self.assertTrue(importer.apply()) self.assertTrue(UserLoginStage.objects.filter(name=stage_name).exists()) @@ -162,9 +161,9 @@ class TestFlowTransfer(TransactionTestCase): exporter = FlowExporter(flow) export = exporter.export() - export_json = dumps(export, cls=DataclassEncoder) + export_yaml = dump(export, Dumper=DataclassDumper) - importer = FlowImporter(export_json) + importer = FlowImporter(export_yaml) self.assertTrue(importer.validate()) self.assertTrue(importer.apply()) diff --git a/authentik/flows/transfer/common.py b/authentik/flows/transfer/common.py index b92af0513..193754e9d 100644 --- a/authentik/flows/transfer/common.py +++ b/authentik/flows/transfer/common.py @@ -5,6 +5,7 @@ from typing import Any from uuid import UUID from django.core.serializers.json import DjangoJSONEncoder +from yaml import SafeDumper from authentik.lib.models import SerializerModel from authentik.lib.sentry import SentryIgnoredException @@ -84,5 +85,21 @@ class DataclassEncoder(DjangoJSONEncoder): return super().default(o) # pragma: no cover +class DataclassDumper(SafeDumper): + """Dump dataclasses to yaml""" + + default_flow_style = False + + def __init__(self, *args, **kwargs): + super().__init__(*args, **kwargs) + self.add_representer(UUID, lambda self, data: self.represent_str(str(data))) + self.add_representer(Enum, lambda self, data: self.represent_str(data.value)) + + def represent(self, data) -> None: + if is_dataclass(data): + data = asdict(data) + return super().represent(data) + + class EntryInvalidError(SentryIgnoredException): """Error raised when an entry is invalid""" diff --git a/authentik/flows/transfer/exporter.py b/authentik/flows/transfer/exporter.py index a39fdd5ed..3d1a8c56f 100644 --- a/authentik/flows/transfer/exporter.py +++ b/authentik/flows/transfer/exporter.py @@ -1,12 +1,12 @@ """Flow exporter""" -from json import dumps from typing import Iterator from uuid import UUID from django.db.models import Q +from yaml import dump from authentik.flows.models import Flow, FlowStageBinding, Stage -from authentik.flows.transfer.common import DataclassEncoder, FlowBundle, FlowBundleEntry +from authentik.flows.transfer.common import DataclassDumper, FlowBundle, FlowBundleEntry from authentik.policies.models import Policy, PolicyBinding from authentik.stages.prompt.models import PromptStage @@ -89,4 +89,4 @@ class FlowExporter: def export_to_string(self) -> str: """Call export and convert it to json""" bundle = self.export() - return dumps(bundle, cls=DataclassEncoder) + return dump(bundle, Dumper=DataclassDumper) diff --git a/authentik/flows/transfer/importer.py b/authentik/flows/transfer/importer.py index c4bcd8524..b9b024d9a 100644 --- a/authentik/flows/transfer/importer.py +++ b/authentik/flows/transfer/importer.py @@ -1,7 +1,6 @@ """Flow importer""" from contextlib import contextmanager from copy import deepcopy -from json import loads from typing import Any from dacite import from_dict @@ -14,6 +13,7 @@ from django.db.utils import IntegrityError from rest_framework.exceptions import ValidationError from rest_framework.serializers import BaseSerializer, Serializer from structlog.stdlib import BoundLogger, get_logger +from yaml import safe_load from authentik.flows.models import Flow, FlowStageBinding, Stage from authentik.flows.transfer.common import EntryInvalidError, FlowBundle, FlowBundleEntry @@ -39,10 +39,10 @@ class FlowImporter: logger: BoundLogger - def __init__(self, json_input: str): + def __init__(self, yaml_input: str): self.__pk_map: dict[Any, Model] = {} self.logger = get_logger() - import_dict = loads(json_input) + import_dict = safe_load(yaml_input) try: self.__import = from_dict(FlowBundle, import_dict) except DaciteError as exc: diff --git a/website/docs/flow/index.md b/website/docs/flow/index.md index c085cc55e..ed12f4a6c 100644 --- a/website/docs/flow/index.md +++ b/website/docs/flow/index.md @@ -32,31 +32,37 @@ Configure what happens when access to a flow is denied by a policy. By default, Flows are designated for a single purpose. This designation changes when a flow is used. The following designations are available: -### Authentication +#### Authentication This is designates a flow to be used for authentication. The authentication flow should always contain a [**User Login**](stages/user_login.md) stage, which attaches the staged user to the current session. -### Invalidation +#### Invalidation This designates a flow to be used to invalidate a session. This stage should always contain a [**User Logout**](stages/user_logout.md) stage, which resets the current session. -### Enrollment +#### Enrollment This designates a flow for enrollment. This flow can contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). At the end, to create the user, you can use the [**user_write**](stages/user_write.md) stage, which either updates the currently staged user, or if none exists, creates a new one. -### Unenrollment +#### Unenrollment This designates a flow for unenrollment. This flow can contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). As a final stage, to delete the account, use the [**user_delete**](stages/user_delete.md) stage. -### Recovery +#### Recovery This designates a flow for recovery. This flow normally contains an [**identification**](stages/identification/) stage to find the user. It can also contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). Afterwards, use the [**prompt**](stages/prompt/) stage to ask the user for a new password and the [**user_write**](stages/user_write.md) stage to update the password. -### Stage configuration +#### Stage configuration This designates a flow for general setup. This designation doesn't have any constraints in what you can do. For example, by default this designation is used to configure Factors, like change a password and setup TOTP. + +## Import & Export + +Flows can be imported and exported to share with other people, the community and for troubleshooting. Flows can be imported to apply new functionality and apply existing workflows. + +Starting with authentik 2022.8, flows will be exported as YAML, but JSON-based flows can still be imported. diff --git a/website/static/flows/enrollment-2-stage.akflow b/website/static/flows/enrollment-2-stage.akflow index 13b364c87..73bffb12a 100644 --- a/website/static/flows/enrollment-2-stage.akflow +++ b/website/static/flows/enrollment-2-stage.akflow @@ -1,180 +1,120 @@ -{ - "version": 1, - "entries": [ - { - "identifiers": { - "pk": "773c6673-e4a2-423f-8d32-95b7b4a41cf3", - "slug": "default-enrollment-flow" - }, - "model": "authentik_flows.flow", - "attrs": { - "name": "Default enrollment Flow", - "title": "Welcome to authentik!", - "designation": "enrollment" - } - }, - { - "identifiers": { - "pk": "cb954fd4-65a5-4ad9-b1ee-180ee9559cf4" - }, - "model": "authentik_stages_prompt.prompt", - "attrs": { - "field_key": "username", - "label": "Username", - "type": "username", - "required": true, - "placeholder": "Username", - "order": 0 - } - }, - { - "identifiers": { - "pk": "7db91ee8-4290-4e08-8d39-63f132402515" - }, - "model": "authentik_stages_prompt.prompt", - "attrs": { - "field_key": "password", - "label": "Password", - "type": "password", - "required": true, - "placeholder": "Password", - "order": 0 - } - }, - { - "identifiers": { - "pk": "d30b5eb4-7787-4072-b1ba-65b46e928920" - }, - "model": "authentik_stages_prompt.prompt", - "attrs": { - "field_key": "password_repeat", - "label": "Password (repeat)", - "type": "password", - "required": true, - "placeholder": "Password (repeat)", - "order": 1 - } - }, - { - "identifiers": { - "pk": "f78d977a-efa6-4cc2-9a0f-2621a9fd94d2" - }, - "model": "authentik_stages_prompt.prompt", - "attrs": { - "field_key": "name", - "label": "Name", - "type": "text", - "required": true, - "placeholder": "Name", - "order": 0 - } - }, - { - "identifiers": { - "pk": "1ff91927-e33d-4615-95b0-c258e5f0df62" - }, - "model": "authentik_stages_prompt.prompt", - "attrs": { - "field_key": "email", - "label": "Email", - "type": "email", - "required": true, - "placeholder": "Email", - "order": 1 - } - }, - { - "identifiers": { - "pk": "6c342b94-790d-425a-ae31-6196b6570722", - "name": "default-enrollment-prompt-second" - }, - "model": "authentik_stages_prompt.promptstage", - "attrs": { - "fields": [ - "f78d977a-efa6-4cc2-9a0f-2621a9fd94d2", - "1ff91927-e33d-4615-95b0-c258e5f0df62" - ] - } - }, - { - "identifiers": { - "pk": "20375f30-7fa7-4562-8f6e-0f61889f2963", - "name": "default-enrollment-prompt-first" - }, - "model": "authentik_stages_prompt.promptstage", - "attrs": { - "fields": [ - "cb954fd4-65a5-4ad9-b1ee-180ee9559cf4", - "7db91ee8-4290-4e08-8d39-63f132402515", - "d30b5eb4-7787-4072-b1ba-65b46e928920" - ] - } - }, - { - "identifiers": { - "pk": "77090897-eb3f-40db-81e6-b4074b1998c4", - "name": "default-enrollment-user-login" - }, - "model": "authentik_stages_user_login.userloginstage", - "attrs": { - "session_duration": "seconds=0" - } - }, - { - "identifiers": { - "pk": "a4090add-f483-4ac6-8917-10b493ef843e", - "name": "default-enrollment-user-write" - }, - "model": "authentik_stages_user_write.userwritestage", - "attrs": {} - }, - { - "identifiers": { - "pk": "34e1e7d5-8eed-4549-bc7a-305069ff7df0", - "target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3", - "stage": "20375f30-7fa7-4562-8f6e-0f61889f2963", - "order": 10 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "re_evaluate_policies": false - } - }, - { - "identifiers": { - "pk": "e40467a6-3052-488c-a1b5-1ad7a80fe7b3", - "target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3", - "stage": "6c342b94-790d-425a-ae31-6196b6570722", - "order": 11 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "re_evaluate_policies": false - } - }, - { - "identifiers": { - "pk": "76bc594e-2715-49ab-bd40-994abd9a7b70", - "target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3", - "stage": "a4090add-f483-4ac6-8917-10b493ef843e", - "order": 20 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "re_evaluate_policies": false - } - }, - { - "identifiers": { - "pk": "2f324f6d-7646-4108-a6e2-e7f90985477f", - "target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3", - "stage": "77090897-eb3f-40db-81e6-b4074b1998c4", - "order": 100 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "re_evaluate_policies": false - } - } - ] -} +version: 1 +entries: + - identifiers: + pk: 773c6673-e4a2-423f-8d32-95b7b4a41cf3 + slug: default-enrollment-flow + model: authentik_flows.flow + attrs: + name: Default enrollment Flow + title: Welcome to authentik! + designation: enrollment + - identifiers: + pk: cb954fd4-65a5-4ad9-b1ee-180ee9559cf4 + model: authentik_stages_prompt.prompt + attrs: + field_key: username + label: Username + type: username + required: true + placeholder: Username + order: 0 + - identifiers: + pk: 7db91ee8-4290-4e08-8d39-63f132402515 + model: authentik_stages_prompt.prompt + attrs: + field_key: password + label: Password + type: password + required: true + placeholder: Password + order: 0 + - identifiers: + pk: d30b5eb4-7787-4072-b1ba-65b46e928920 + model: authentik_stages_prompt.prompt + attrs: + field_key: password_repeat + label: Password (repeat) + type: password + required: true + placeholder: Password (repeat) + order: 1 + - identifiers: + pk: f78d977a-efa6-4cc2-9a0f-2621a9fd94d2 + model: authentik_stages_prompt.prompt + attrs: + field_key: name + label: Name + type: text + required: true + placeholder: Name + order: 0 + - identifiers: + pk: 1ff91927-e33d-4615-95b0-c258e5f0df62 + model: authentik_stages_prompt.prompt + attrs: + field_key: email + label: Email + type: email + required: true + placeholder: Email + order: 1 + - identifiers: + pk: 6c342b94-790d-425a-ae31-6196b6570722 + name: default-enrollment-prompt-second + model: authentik_stages_prompt.promptstage + attrs: + fields: + - f78d977a-efa6-4cc2-9a0f-2621a9fd94d2 + - 1ff91927-e33d-4615-95b0-c258e5f0df62 + - identifiers: + pk: 20375f30-7fa7-4562-8f6e-0f61889f2963 + name: default-enrollment-prompt-first + model: authentik_stages_prompt.promptstage + attrs: + fields: + - cb954fd4-65a5-4ad9-b1ee-180ee9559cf4 + - 7db91ee8-4290-4e08-8d39-63f132402515 + - d30b5eb4-7787-4072-b1ba-65b46e928920 + - identifiers: + pk: 77090897-eb3f-40db-81e6-b4074b1998c4 + name: default-enrollment-user-login + model: authentik_stages_user_login.userloginstage + attrs: + session_duration: seconds=0 + - identifiers: + pk: a4090add-f483-4ac6-8917-10b493ef843e + name: default-enrollment-user-write + model: authentik_stages_user_write.userwritestage + attrs: {} + - identifiers: + pk: 34e1e7d5-8eed-4549-bc7a-305069ff7df0 + target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3 + stage: 20375f30-7fa7-4562-8f6e-0f61889f2963 + order: 10 + model: authentik_flows.flowstagebinding + attrs: + re_evaluate_policies: false + - identifiers: + pk: e40467a6-3052-488c-a1b5-1ad7a80fe7b3 + target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3 + stage: 6c342b94-790d-425a-ae31-6196b6570722 + order: 11 + model: authentik_flows.flowstagebinding + attrs: + re_evaluate_policies: false + - identifiers: + pk: 76bc594e-2715-49ab-bd40-994abd9a7b70 + target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3 + stage: a4090add-f483-4ac6-8917-10b493ef843e + order: 20 + model: authentik_flows.flowstagebinding + attrs: + re_evaluate_policies: false + - identifiers: + pk: 2f324f6d-7646-4108-a6e2-e7f90985477f + target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3 + stage: 77090897-eb3f-40db-81e6-b4074b1998c4 + order: 100 + model: authentik_flows.flowstagebinding + attrs: + re_evaluate_policies: false diff --git a/website/static/flows/enrollment-email-verification.akflow b/website/static/flows/enrollment-email-verification.akflow index 0aa80ae1f..06b461a2a 100644 --- a/website/static/flows/enrollment-email-verification.akflow +++ b/website/static/flows/enrollment-email-verification.akflow @@ -1,215 +1,146 @@ -{ - "version": 1, - "entries": [ - { - "identifiers": { - "pk": "773c6673-e4a2-423f-8d32-95b7b4a41cf3", - "slug": "default-enrollment-flow" - }, - "model": "authentik_flows.flow", - "attrs": { - "name": "Default enrollment Flow", - "title": "Welcome to authentik!", - "designation": "enrollment" - } - }, - { - "identifiers": { - "pk": "cb954fd4-65a5-4ad9-b1ee-180ee9559cf4" - }, - "model": "authentik_stages_prompt.prompt", - "attrs": { - "field_key": "username", - "label": "Username", - "type": "username", - "required": true, - "placeholder": "Username", - "order": 0 - } - }, - { - "identifiers": { - "pk": "7db91ee8-4290-4e08-8d39-63f132402515" - }, - "model": "authentik_stages_prompt.prompt", - "attrs": { - "field_key": "password", - "label": "Password", - "type": "password", - "required": true, - "placeholder": "Password", - "order": 0 - } - }, - { - "identifiers": { - "pk": "d30b5eb4-7787-4072-b1ba-65b46e928920" - }, - "model": "authentik_stages_prompt.prompt", - "attrs": { - "field_key": "password_repeat", - "label": "Password (repeat)", - "type": "password", - "required": true, - "placeholder": "Password (repeat)", - "order": 1 - } - }, - { - "identifiers": { - "pk": "f78d977a-efa6-4cc2-9a0f-2621a9fd94d2" - }, - "model": "authentik_stages_prompt.prompt", - "attrs": { - "field_key": "name", - "label": "Name", - "type": "text", - "required": true, - "placeholder": "Name", - "order": 0 - } - }, - { - "identifiers": { - "pk": "1ff91927-e33d-4615-95b0-c258e5f0df62" - }, - "model": "authentik_stages_prompt.prompt", - "attrs": { - "field_key": "email", - "label": "Email", - "type": "email", - "required": true, - "placeholder": "Email", - "order": 1 - } - }, - { - "identifiers": { - "pk": "096e6282-6b30-4695-bd03-3b143eab5580", - "name": "default-enrollment-email-verification" - }, - "model": "authentik_stages_email.emailstage", - "attrs": { - "use_global_settings": true, - "host": "localhost", - "port": 25, - "username": "", - "use_tls": false, - "use_ssl": false, - "timeout": 10, - "from_address": "system@authentik.local", - "token_expiry": 30, - "subject": "authentik", - "template": "email/account_confirmation.html", - "activate_user_on_success": true - } - }, - { - "identifiers": { - "pk": "6c342b94-790d-425a-ae31-6196b6570722", - "name": "default-enrollment-prompt-second" - }, - "model": "authentik_stages_prompt.promptstage", - "attrs": { - "fields": [ - "f78d977a-efa6-4cc2-9a0f-2621a9fd94d2", - "1ff91927-e33d-4615-95b0-c258e5f0df62" - ] - } - }, - { - "identifiers": { - "pk": "20375f30-7fa7-4562-8f6e-0f61889f2963", - "name": "default-enrollment-prompt-first" - }, - "model": "authentik_stages_prompt.promptstage", - "attrs": { - "fields": [ - "cb954fd4-65a5-4ad9-b1ee-180ee9559cf4", - "7db91ee8-4290-4e08-8d39-63f132402515", - "d30b5eb4-7787-4072-b1ba-65b46e928920" - ] - } - }, - { - "identifiers": { - "pk": "77090897-eb3f-40db-81e6-b4074b1998c4", - "name": "default-enrollment-user-login" - }, - "model": "authentik_stages_user_login.userloginstage", - "attrs": { - "session_duration": "seconds=0" - } - }, - { - "identifiers": { - "pk": "a4090add-f483-4ac6-8917-10b493ef843e", - "name": "default-enrollment-user-write" - }, - "model": "authentik_stages_user_write.userwritestage", - "attrs": { - "create_users_as_inactive": true - } - }, - { - "identifiers": { - "pk": "34e1e7d5-8eed-4549-bc7a-305069ff7df0", - "target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3", - "stage": "20375f30-7fa7-4562-8f6e-0f61889f2963", - "order": 10 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "re_evaluate_policies": false - } - }, - { - "identifiers": { - "pk": "e40467a6-3052-488c-a1b5-1ad7a80fe7b3", - "target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3", - "stage": "6c342b94-790d-425a-ae31-6196b6570722", - "order": 11 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "re_evaluate_policies": false - } - }, - { - "identifiers": { - "pk": "76bc594e-2715-49ab-bd40-994abd9a7b70", - "target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3", - "stage": "a4090add-f483-4ac6-8917-10b493ef843e", - "order": 20 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "re_evaluate_policies": false - } - }, - { - "identifiers": { - "pk": "1db34a14-8985-4184-b5c9-254cd585d94f", - "target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3", - "stage": "096e6282-6b30-4695-bd03-3b143eab5580", - "order": 30 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "re_evaluate_policies": false - } - }, - { - "identifiers": { - "pk": "2f324f6d-7646-4108-a6e2-e7f90985477f", - "target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3", - "stage": "77090897-eb3f-40db-81e6-b4074b1998c4", - "order": 40 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "re_evaluate_policies": false - } - } - ] -} +version: 1 +entries: + - identifiers: + pk: 773c6673-e4a2-423f-8d32-95b7b4a41cf3 + slug: default-enrollment-flow + model: authentik_flows.flow + attrs: + name: Default enrollment Flow + title: Welcome to authentik! + designation: enrollment + - identifiers: + pk: cb954fd4-65a5-4ad9-b1ee-180ee9559cf4 + model: authentik_stages_prompt.prompt + attrs: + field_key: username + label: Username + type: username + required: true + placeholder: Username + order: 0 + - identifiers: + pk: 7db91ee8-4290-4e08-8d39-63f132402515 + model: authentik_stages_prompt.prompt + attrs: + field_key: password + label: Password + type: password + required: true + placeholder: Password + order: 0 + - identifiers: + pk: d30b5eb4-7787-4072-b1ba-65b46e928920 + model: authentik_stages_prompt.prompt + attrs: + field_key: password_repeat + label: Password (repeat) + type: password + required: true + placeholder: Password (repeat) + order: 1 + - identifiers: + pk: f78d977a-efa6-4cc2-9a0f-2621a9fd94d2 + model: authentik_stages_prompt.prompt + attrs: + field_key: name + label: Name + type: text + required: true + placeholder: Name + order: 0 + - identifiers: + pk: 1ff91927-e33d-4615-95b0-c258e5f0df62 + model: authentik_stages_prompt.prompt + attrs: + field_key: email + label: Email + type: email + required: true + placeholder: Email + order: 1 + - identifiers: + pk: 096e6282-6b30-4695-bd03-3b143eab5580 + name: default-enrollment-email-verification + model: authentik_stages_email.emailstage + attrs: + use_global_settings: true + host: localhost + port: 25 + username: "" + use_tls: false + use_ssl: false + timeout: 10 + from_address: system@authentik.local + token_expiry: 30 + subject: authentik + template: email/account_confirmation.html + activate_user_on_success: true + - identifiers: + pk: 6c342b94-790d-425a-ae31-6196b6570722 + name: default-enrollment-prompt-second + model: authentik_stages_prompt.promptstage + attrs: + fields: + - f78d977a-efa6-4cc2-9a0f-2621a9fd94d2 + - 1ff91927-e33d-4615-95b0-c258e5f0df62 + - identifiers: + pk: 20375f30-7fa7-4562-8f6e-0f61889f2963 + name: default-enrollment-prompt-first + model: authentik_stages_prompt.promptstage + attrs: + fields: + - cb954fd4-65a5-4ad9-b1ee-180ee9559cf4 + - 7db91ee8-4290-4e08-8d39-63f132402515 + - d30b5eb4-7787-4072-b1ba-65b46e928920 + - identifiers: + pk: 77090897-eb3f-40db-81e6-b4074b1998c4 + name: default-enrollment-user-login + model: authentik_stages_user_login.userloginstage + attrs: + session_duration: seconds=0 + - identifiers: + pk: a4090add-f483-4ac6-8917-10b493ef843e + name: default-enrollment-user-write + model: authentik_stages_user_write.userwritestage + attrs: + create_users_as_inactive: true + - identifiers: + pk: 34e1e7d5-8eed-4549-bc7a-305069ff7df0 + target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3 + stage: 20375f30-7fa7-4562-8f6e-0f61889f2963 + order: 10 + model: authentik_flows.flowstagebinding + attrs: + re_evaluate_policies: false + - identifiers: + pk: e40467a6-3052-488c-a1b5-1ad7a80fe7b3 + target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3 + stage: 6c342b94-790d-425a-ae31-6196b6570722 + order: 11 + model: authentik_flows.flowstagebinding + attrs: + re_evaluate_policies: false + - identifiers: + pk: 76bc594e-2715-49ab-bd40-994abd9a7b70 + target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3 + stage: a4090add-f483-4ac6-8917-10b493ef843e + order: 20 + model: authentik_flows.flowstagebinding + attrs: + re_evaluate_policies: false + - identifiers: + pk: 1db34a14-8985-4184-b5c9-254cd585d94f + target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3 + stage: 096e6282-6b30-4695-bd03-3b143eab5580 + order: 30 + model: authentik_flows.flowstagebinding + attrs: + re_evaluate_policies: false + - identifiers: + pk: 2f324f6d-7646-4108-a6e2-e7f90985477f + target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3 + stage: 77090897-eb3f-40db-81e6-b4074b1998c4 + order: 40 + model: authentik_flows.flowstagebinding + attrs: + re_evaluate_policies: false diff --git a/website/static/flows/login-2fa.akflow b/website/static/flows/login-2fa.akflow index 9f4689f0b..74f877f4a 100644 --- a/website/static/flows/login-2fa.akflow +++ b/website/static/flows/login-2fa.akflow @@ -1,139 +1,94 @@ -{ - "version": 1, - "entries": [ - { - "identifiers": { - "slug": "default-authentication-flow", - "pk": "563ece21-e9a4-47e5-a264-23ffd923e393" - }, - "model": "authentik_flows.flow", - "attrs": { - "name": "Default Authentication Flow", - "title": "Welcome to authentik!", - "designation": "authentication" - } - }, - { - "identifiers": { - "pk": "7db93f1e-788b-4af6-8dc6-5cdeb59d8be7" - }, - "model": "authentik_policies_expression.expressionpolicy", - "attrs": { - "name": "test-not-app-password", - "execution_logging": false, - "bound_to": 1, - "expression": "return context[\"auth_method\"] != \"app_password\"" - } - }, - { - "identifiers": { - "pk": "69d41125-3987-499b-8d74-ef27b54b88c8", - "name": "default-authentication-login" - }, - "model": "authentik_stages_user_login.userloginstage", - "attrs": { - "session_duration": "seconds=0" - } - }, - { - "identifiers": { - "pk": "5f594f27-0def-488d-9855-fe604eb13de5", - "name": "default-authentication-identification" - }, - "model": "authentik_stages_identification.identificationstage", - "attrs": { - "user_fields": ["email", "username"], - "template": "stages/identification/login.html", - "enrollment_flow": null, - "recovery_flow": null - } - }, - { - "identifiers": { - "pk": "37f709c3-8817-45e8-9a93-80a925d293c2", - "name": "default-authentication-flow-mfa" - }, - "model": "authentik_stages_authenticator_validate.AuthenticatorValidateStage", - "attrs": {} - }, - { - "identifiers": { - "pk": "d8affa62-500c-4c5c-a01f-5835e1ffdf40", - "name": "default-authentication-password" - }, - "model": "authentik_stages_password.passwordstage", - "attrs": { - "backends": [ - "authentik.core.auth.InbuiltBackend", - "authentik.core.auth.TokenBackend", - "authentik.sources.ldap.auth.LDAPBackend" - ] - } - }, - { - "identifiers": { - "pk": "a3056482-b692-4e3a-93f1-7351c6a351c7", - "target": "563ece21-e9a4-47e5-a264-23ffd923e393", - "stage": "5f594f27-0def-488d-9855-fe604eb13de5", - "order": 10 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "re_evaluate_policies": false - } - }, - { - "identifiers": { - "pk": "4e8538cf-3e18-4a68-82ae-6df6725fa2e6", - "target": "563ece21-e9a4-47e5-a264-23ffd923e393", - "stage": "d8affa62-500c-4c5c-a01f-5835e1ffdf40", - "order": 20 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "re_evaluate_policies": false - } - }, - { - "identifiers": { - "pk": "688aec6f-5622-42c6-83a5-d22072d7e798", - "target": "563ece21-e9a4-47e5-a264-23ffd923e393", - "stage": "37f709c3-8817-45e8-9a93-80a925d293c2", - "order": 30 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "evaluate_on_plan": false, - "re_evaluate_policies": true, - "policy_engine_mode": "any", - "invalid_response_action": "retry" - } - }, - { - "identifiers": { - "pk": "f3fede3a-a9b5-4232-9ec7-be7ff4194b27", - "target": "563ece21-e9a4-47e5-a264-23ffd923e393", - "stage": "69d41125-3987-499b-8d74-ef27b54b88c8", - "order": 100 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "re_evaluate_policies": false - } - }, - { - "identifiers": { - "pk": "6e40ae4d-a4ed-4bd7-a784-27b1fe5859d2", - "policy": "7db93f1e-788b-4af6-8dc6-5cdeb59d8be7", - "target": "688aec6f-5622-42c6-83a5-d22072d7e798", - "order": 0 - }, - "model": "authentik_policies.policybinding", - "attrs": { - "negate": false, - "enabled": true, - "timeout": 30 - } - } - ] -} +version: 1 +entries: + - identifiers: + slug: default-authentication-flow + pk: 563ece21-e9a4-47e5-a264-23ffd923e393 + model: authentik_flows.flow + attrs: + name: Default Authentication Flow + title: Welcome to authentik! + designation: authentication + - identifiers: + pk: 7db93f1e-788b-4af6-8dc6-5cdeb59d8be7 + model: authentik_policies_expression.expressionpolicy + attrs: + name: test-not-app-password + execution_logging: false + bound_to: 1 + expression: return context["auth_method"] != "app_password" + - identifiers: + pk: 69d41125-3987-499b-8d74-ef27b54b88c8 + name: default-authentication-login + model: authentik_stages_user_login.userloginstage + attrs: + session_duration: seconds=0 + - identifiers: + pk: 5f594f27-0def-488d-9855-fe604eb13de5 + name: default-authentication-identification + model: authentik_stages_identification.identificationstage + attrs: + user_fields: + - email + - username + template: stages/identification/login.html + enrollment_flow: null + recovery_flow: null + - identifiers: + pk: 37f709c3-8817-45e8-9a93-80a925d293c2 + name: default-authentication-flow-mfa + model: authentik_stages_authenticator_validate.AuthenticatorValidateStage + attrs: {} + - identifiers: + pk: d8affa62-500c-4c5c-a01f-5835e1ffdf40 + name: default-authentication-password + model: authentik_stages_password.passwordstage + attrs: + backends: + - authentik.core.auth.InbuiltBackend + - authentik.core.auth.TokenBackend + - authentik.sources.ldap.auth.LDAPBackend + - identifiers: + pk: a3056482-b692-4e3a-93f1-7351c6a351c7 + target: 563ece21-e9a4-47e5-a264-23ffd923e393 + stage: 5f594f27-0def-488d-9855-fe604eb13de5 + order: 10 + model: authentik_flows.flowstagebinding + attrs: + re_evaluate_policies: false + - identifiers: + pk: 4e8538cf-3e18-4a68-82ae-6df6725fa2e6 + target: 563ece21-e9a4-47e5-a264-23ffd923e393 + stage: d8affa62-500c-4c5c-a01f-5835e1ffdf40 + order: 20 + model: authentik_flows.flowstagebinding + attrs: + re_evaluate_policies: false + - identifiers: + pk: 688aec6f-5622-42c6-83a5-d22072d7e798 + target: 563ece21-e9a4-47e5-a264-23ffd923e393 + stage: 37f709c3-8817-45e8-9a93-80a925d293c2 + order: 30 + model: authentik_flows.flowstagebinding + attrs: + evaluate_on_plan: false + re_evaluate_policies: true + policy_engine_mode: any + invalid_response_action: retry + - identifiers: + pk: f3fede3a-a9b5-4232-9ec7-be7ff4194b27 + target: 563ece21-e9a4-47e5-a264-23ffd923e393 + stage: 69d41125-3987-499b-8d74-ef27b54b88c8 + order: 100 + model: authentik_flows.flowstagebinding + attrs: + re_evaluate_policies: false + - identifiers: + pk: 6e40ae4d-a4ed-4bd7-a784-27b1fe5859d2 + policy: 7db93f1e-788b-4af6-8dc6-5cdeb59d8be7 + target: 688aec6f-5622-42c6-83a5-d22072d7e798 + order: 0 + model: authentik_policies.policybinding + attrs: + negate: false + enabled: true + timeout: 30 diff --git a/website/static/flows/login-conditional-captcha.akflow b/website/static/flows/login-conditional-captcha.akflow index 44ffa44ae..a6ac31a8c 100644 --- a/website/static/flows/login-conditional-captcha.akflow +++ b/website/static/flows/login-conditional-captcha.akflow @@ -1,139 +1,93 @@ -{ - "version": 1, - "entries": [ - { - "identifiers": { - "slug": "default-authentication-flow", - "pk": "563ece21-e9a4-47e5-a264-23ffd923e393" - }, - "model": "authentik_flows.flow", - "attrs": { - "name": "Default Authentication Flow", - "title": "Welcome to authentik!", - "designation": "authentication" - } - }, - { - "identifiers": { - "name": "default-authentication-login", - "pk": "69d41125-3987-499b-8d74-ef27b54b88c8" - }, - "model": "authentik_stages_user_login.userloginstage", - "attrs": { - "session_duration": "seconds=0" - } - }, - { - "identifiers": { - "name": "default-authentication-flow-captcha", - "pk": "a368cafc-1494-45e9-b75b-b5e7ac2bd3e4" - }, - "model": "authentik_stages_captcha.captchastage", - "attrs": { - "public_key": "6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI", - "private_key": "6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe" - } - }, - { - "identifiers": { - "name": "default-authentication-identification", - "pk": "5f594f27-0def-488d-9855-fe604eb13de5" - }, - "model": "authentik_stages_identification.identificationstage", - "attrs": { - "user_fields": ["email", "username"], - "template": "stages/identification/login.html", - "enrollment_flow": null, - "recovery_flow": null - } - }, - { - "identifiers": { - "name": "default-authentication-password", - "pk": "d8affa62-500c-4c5c-a01f-5835e1ffdf40" - }, - "model": "authentik_stages_password.passwordstage", - "attrs": { - "backends": [ - "authentik.core.auth.InbuiltBackend", - "authentik.core.auth.TokenBackend", - "authentik.sources.ldap.auth.LDAPBackend" - ] - } - }, - { - "identifiers": { - "pk": "a3056482-b692-4e3a-93f1-7351c6a351c7", - "target": "563ece21-e9a4-47e5-a264-23ffd923e393", - "stage": "5f594f27-0def-488d-9855-fe604eb13de5", - "order": 10 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "re_evaluate_policies": false - } - }, - { - "identifiers": { - "pk": "4e8538cf-3e18-4a68-82ae-6df6725fa2e6", - "target": "563ece21-e9a4-47e5-a264-23ffd923e393", - "stage": "d8affa62-500c-4c5c-a01f-5835e1ffdf40", - "order": 20 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "re_evaluate_policies": false - } - }, - { - "identifiers": { - "pk": "3bcd6af0-48a6-4e18-87f3-d251a1a58226", - "target": "563ece21-e9a4-47e5-a264-23ffd923e393", - "stage": "a368cafc-1494-45e9-b75b-b5e7ac2bd3e4", - "order": 30 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "evaluate_on_plan": false, - "re_evaluate_policies": true - } - }, - { - "identifiers": { - "pk": "f3fede3a-a9b5-4232-9ec7-be7ff4194b27", - "target": "563ece21-e9a4-47e5-a264-23ffd923e393", - "stage": "69d41125-3987-499b-8d74-ef27b54b88c8", - "order": 100 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "re_evaluate_policies": false - } - }, - { - "identifiers": { - "pk": "688c9890-47ad-4327-a9e5-380e88d34be5" - }, - "model": "authentik_policies_reputation.reputationpolicy", - "attrs": { - "name": "default-authentication-flow-conditional-captcha", - "check_ip": true, - "check_username": true, - "threshold": -5 - } - }, - { - "identifiers": { - "pk": "02e4d220-3448-44db-822e-c5255cf7c250", - "policy": "688c9890-47ad-4327-a9e5-380e88d34be5", - "target": "3bcd6af0-48a6-4e18-87f3-d251a1a58226", - "order": 0 - }, - "model": "authentik_policies.policybinding", - "attrs": { - "enabled": true, - "timeout": 30 - } - } - ] -} +version: 1 +entries: + - identifiers: + slug: default-authentication-flow + pk: 563ece21-e9a4-47e5-a264-23ffd923e393 + model: authentik_flows.flow + attrs: + name: Default Authentication Flow + title: Welcome to authentik! + designation: authentication + - identifiers: + name: default-authentication-login + pk: 69d41125-3987-499b-8d74-ef27b54b88c8 + model: authentik_stages_user_login.userloginstage + attrs: + session_duration: seconds=0 + - identifiers: + name: default-authentication-flow-captcha + pk: a368cafc-1494-45e9-b75b-b5e7ac2bd3e4 + model: authentik_stages_captcha.captchastage + attrs: + public_key: 6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI + private_key: 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe + - identifiers: + name: default-authentication-identification + pk: 5f594f27-0def-488d-9855-fe604eb13de5 + model: authentik_stages_identification.identificationstage + attrs: + user_fields: + - email + - username + template: stages/identification/login.html + enrollment_flow: null + recovery_flow: null + - identifiers: + name: default-authentication-password + pk: d8affa62-500c-4c5c-a01f-5835e1ffdf40 + model: authentik_stages_password.passwordstage + attrs: + backends: + - authentik.core.auth.InbuiltBackend + - authentik.core.auth.TokenBackend + - authentik.sources.ldap.auth.LDAPBackend + - identifiers: + pk: a3056482-b692-4e3a-93f1-7351c6a351c7 + target: 563ece21-e9a4-47e5-a264-23ffd923e393 + stage: 5f594f27-0def-488d-9855-fe604eb13de5 + order: 10 + model: authentik_flows.flowstagebinding + attrs: + re_evaluate_policies: false + - identifiers: + pk: 4e8538cf-3e18-4a68-82ae-6df6725fa2e6 + target: 563ece21-e9a4-47e5-a264-23ffd923e393 + stage: d8affa62-500c-4c5c-a01f-5835e1ffdf40 + order: 20 + model: authentik_flows.flowstagebinding + attrs: + re_evaluate_policies: false + - identifiers: + pk: 3bcd6af0-48a6-4e18-87f3-d251a1a58226 + target: 563ece21-e9a4-47e5-a264-23ffd923e393 + stage: a368cafc-1494-45e9-b75b-b5e7ac2bd3e4 + order: 30 + model: authentik_flows.flowstagebinding + attrs: + evaluate_on_plan: false + re_evaluate_policies: true + - identifiers: + pk: f3fede3a-a9b5-4232-9ec7-be7ff4194b27 + target: 563ece21-e9a4-47e5-a264-23ffd923e393 + stage: 69d41125-3987-499b-8d74-ef27b54b88c8 + order: 100 + model: authentik_flows.flowstagebinding + attrs: + re_evaluate_policies: false + - identifiers: + pk: 688c9890-47ad-4327-a9e5-380e88d34be5 + model: authentik_policies_reputation.reputationpolicy + attrs: + name: default-authentication-flow-conditional-captcha + check_ip: true + check_username: true + threshold: -5 + - identifiers: + pk: 02e4d220-3448-44db-822e-c5255cf7c250 + policy: 688c9890-47ad-4327-a9e5-380e88d34be5 + target: 3bcd6af0-48a6-4e18-87f3-d251a1a58226 + order: 0 + model: authentik_policies.policybinding + attrs: + enabled: true + timeout: 30 diff --git a/website/static/flows/recovery-email-verification.akflow b/website/static/flows/recovery-email-verification.akflow index 706f8cf54..ab9786c2a 100644 --- a/website/static/flows/recovery-email-verification.akflow +++ b/website/static/flows/recovery-email-verification.akflow @@ -1,258 +1,185 @@ -{ - "version": 1, - "entries": [ - { - "identifiers": { - "pk": "a5993183-89c0-43d2-a7f4-ddffb17baba7", - "slug": "default-recovery-flow" - }, - "model": "authentik_flows.flow", - "attrs": { - "name": "Default recovery flow", - "title": "Reset your password", - "designation": "recovery", - "cache_count": 0, - "policy_engine_mode": "any", - "compatibility_mode": false, - "layout": "stacked" - } - }, - { - "identifiers": { - "pk": "7db91ee8-4290-4e08-8d39-63f132402515" - }, - "model": "authentik_stages_prompt.prompt", - "attrs": { - "field_key": "password", - "label": "Password", - "type": "password", - "required": true, - "placeholder": "Password", - "order": 0, - "sub_text": "", - "placeholder_expression": false - } - }, - { - "identifiers": { - "pk": "d30b5eb4-7787-4072-b1ba-65b46e928920" - }, - "model": "authentik_stages_prompt.prompt", - "attrs": { - "field_key": "password_repeat", - "label": "Password (repeat)", - "type": "password", - "required": true, - "placeholder": "Password (repeat)", - "order": 1, - "sub_text": "", - "placeholder_expression": false - } - }, - { - "identifiers": { - "pk": "1c5709ae-1b3e-413a-a117-260ab509bf5c" - }, - "model": "authentik_policies_expression.expressionpolicy", - "attrs": { - "name": "default-recovery-skip-if-restored", - "execution_logging": false, - "bound_to": 2, - "expression": "return request.context.get('is_restored', False)" - } - }, - { - "identifiers": { - "pk": "1c5709ae-1b3e-413a-a117-260ab509bf5c" - }, - "model": "authentik_policies_expression.expressionpolicy", - "attrs": { - "name": "default-recovery-skip-if-restored", - "execution_logging": false, - "bound_to": 2, - "expression": "return request.context.get('is_restored', False)" - } - }, - { - "identifiers": { - "pk": "4ac5719f-32c0-441c-8a7e-33c5ea0db7da", - "name": "default-recovery-email" - }, - "model": "authentik_stages_email.emailstage", - "attrs": { - "use_global_settings": true, - "host": "localhost", - "port": 25, - "username": "", - "use_tls": false, - "use_ssl": false, - "timeout": 10, - "from_address": "system@authentik.local", - "token_expiry": 30, - "subject": "authentik", - "template": "email/password_reset.html", - "activate_user_on_success": true - } - }, - { - "identifiers": { - "pk": "68b25ad5-318a-496e-95a7-cf4d94247f0d", - "name": "default-recovery-user-write" - }, - "model": "authentik_stages_user_write.userwritestage", - "attrs": { - "create_users_as_inactive": false, - "create_users_group": null, - "user_path_template": "" - } - }, - { - "identifiers": { - "pk": "94843ef6-28fe-4939-bd61-cd46bb34f1de", - "name": "default-recovery-identification" - }, - "model": "authentik_stages_identification.identificationstage", - "attrs": { - "user_fields": [ - "email", - "username" - ], - "password_stage": null, - "case_insensitive_matching": true, - "show_matched_user": true, - "enrollment_flow": null, - "recovery_flow": null, - "passwordless_flow": null, - "sources": [], - "show_source_labels": false - } - }, - { - "identifiers": { - "pk": "e74230b2-82bc-4843-8b18-2c3a66a62d57", - "name": "default-recovery-user-login" - }, - "model": "authentik_stages_user_login.userloginstage", - "attrs": { - "session_duration": "seconds=0" - } - }, - { - "identifiers": { - "pk": "fa2d8d65-1809-4dcc-bdc0-56266e0f7971", - "name": "Change your password" - }, - "model": "authentik_stages_prompt.promptstage", - "attrs": { - "fields": [ - "7db91ee8-4290-4e08-8d39-63f132402515", - "d30b5eb4-7787-4072-b1ba-65b46e928920" - ], - "validation_policies": [] - } - }, - { - "identifiers": { - "pk": "7af7558e-2196-4b9f-a08e-d38420b7cfbb", - "target": "a5993183-89c0-43d2-a7f4-ddffb17baba7", - "stage": "94843ef6-28fe-4939-bd61-cd46bb34f1de", - "order": 10 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "evaluate_on_plan": true, - "re_evaluate_policies": true, - "policy_engine_mode": "any", - "invalid_response_action": "retry" - } - }, - { - "identifiers": { - "pk": "29446fd6-dd93-4e92-9830-2d81debad5ae", - "target": "a5993183-89c0-43d2-a7f4-ddffb17baba7", - "stage": "4ac5719f-32c0-441c-8a7e-33c5ea0db7da", - "order": 20 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "evaluate_on_plan": true, - "re_evaluate_policies": true, - "policy_engine_mode": "any", - "invalid_response_action": "retry" - } - }, - { - "identifiers": { - "pk": "1219d06e-2c06-4c5b-a162-78e3959c6cf0", - "target": "a5993183-89c0-43d2-a7f4-ddffb17baba7", - "stage": "fa2d8d65-1809-4dcc-bdc0-56266e0f7971", - "order": 30 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "evaluate_on_plan": true, - "re_evaluate_policies": false, - "policy_engine_mode": "any", - "invalid_response_action": "retry" - } - }, - { - "identifiers": { - "pk": "66de86ba-0707-46a0-8475-ff2e260d6935", - "target": "a5993183-89c0-43d2-a7f4-ddffb17baba7", - "stage": "68b25ad5-318a-496e-95a7-cf4d94247f0d", - "order": 40 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "evaluate_on_plan": true, - "re_evaluate_policies": false, - "policy_engine_mode": "any", - "invalid_response_action": "retry" - } - }, - { - "identifiers": { - "pk": "9cec2334-d4a2-4895-a2b2-bc5ae4e9639a", - "target": "a5993183-89c0-43d2-a7f4-ddffb17baba7", - "stage": "e74230b2-82bc-4843-8b18-2c3a66a62d57", - "order": 100 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "evaluate_on_plan": true, - "re_evaluate_policies": false, - "policy_engine_mode": "any", - "invalid_response_action": "retry" - } - }, - { - "identifiers": { - "pk": "95aad215-8729-4177-953d-41ffbe86239e", - "policy": "1c5709ae-1b3e-413a-a117-260ab509bf5c", - "target": "7af7558e-2196-4b9f-a08e-d38420b7cfbb", - "order": 0 - }, - "model": "authentik_policies.policybinding", - "attrs": { - "negate": false, - "enabled": true, - "timeout": 30 - } - }, - { - "identifiers": { - "pk": "a5454cbc-d2e4-403a-84af-6af999990b12", - "policy": "1c5709ae-1b3e-413a-a117-260ab509bf5c", - "target": "29446fd6-dd93-4e92-9830-2d81debad5ae", - "order": 0 - }, - "model": "authentik_policies.policybinding", - "attrs": { - "negate": false, - "enabled": true, - "timeout": 30 - } - } - ] -} +version: 1 +entries: + - identifiers: + pk: a5993183-89c0-43d2-a7f4-ddffb17baba7 + slug: default-recovery-flow + model: authentik_flows.flow + attrs: + name: Default recovery flow + title: Reset your password + designation: recovery + cache_count: 0 + policy_engine_mode: any + compatibility_mode: false + layout: stacked + - identifiers: + pk: 7db91ee8-4290-4e08-8d39-63f132402515 + model: authentik_stages_prompt.prompt + attrs: + field_key: password + label: Password + type: password + required: true + placeholder: Password + order: 0 + sub_text: "" + placeholder_expression: false + - identifiers: + pk: d30b5eb4-7787-4072-b1ba-65b46e928920 + model: authentik_stages_prompt.prompt + attrs: + field_key: password_repeat + label: Password (repeat) + type: password + required: true + placeholder: Password (repeat) + order: 1 + sub_text: "" + placeholder_expression: false + - identifiers: + pk: 1c5709ae-1b3e-413a-a117-260ab509bf5c + model: authentik_policies_expression.expressionpolicy + attrs: + name: default-recovery-skip-if-restored + execution_logging: false + bound_to: 2 + expression: return request.context.get('is_restored', False) + - identifiers: + pk: 1c5709ae-1b3e-413a-a117-260ab509bf5c + model: authentik_policies_expression.expressionpolicy + attrs: + name: default-recovery-skip-if-restored + execution_logging: false + bound_to: 2 + expression: return request.context.get('is_restored', False) + - identifiers: + pk: 4ac5719f-32c0-441c-8a7e-33c5ea0db7da + name: default-recovery-email + model: authentik_stages_email.emailstage + attrs: + use_global_settings: true + host: localhost + port: 25 + username: "" + use_tls: false + use_ssl: false + timeout: 10 + from_address: system@authentik.local + token_expiry: 30 + subject: authentik + template: email/password_reset.html + activate_user_on_success: true + - identifiers: + pk: 68b25ad5-318a-496e-95a7-cf4d94247f0d + name: default-recovery-user-write + model: authentik_stages_user_write.userwritestage + attrs: + create_users_as_inactive: false + create_users_group: null + user_path_template: "" + - identifiers: + pk: 94843ef6-28fe-4939-bd61-cd46bb34f1de + name: default-recovery-identification + model: authentik_stages_identification.identificationstage + attrs: + user_fields: + - email + - username + password_stage: null + case_insensitive_matching: true + show_matched_user: true + enrollment_flow: null + recovery_flow: null + passwordless_flow: null + sources: [] + show_source_labels: false + - identifiers: + pk: e74230b2-82bc-4843-8b18-2c3a66a62d57 + name: default-recovery-user-login + model: authentik_stages_user_login.userloginstage + attrs: + session_duration: seconds=0 + - identifiers: + pk: fa2d8d65-1809-4dcc-bdc0-56266e0f7971 + name: Change your password + model: authentik_stages_prompt.promptstage + attrs: + fields: + - 7db91ee8-4290-4e08-8d39-63f132402515 + - d30b5eb4-7787-4072-b1ba-65b46e928920 + validation_policies: [] + - identifiers: + pk: 7af7558e-2196-4b9f-a08e-d38420b7cfbb + target: a5993183-89c0-43d2-a7f4-ddffb17baba7 + stage: 94843ef6-28fe-4939-bd61-cd46bb34f1de + order: 10 + model: authentik_flows.flowstagebinding + attrs: + evaluate_on_plan: true + re_evaluate_policies: true + policy_engine_mode: any + invalid_response_action: retry + - identifiers: + pk: 29446fd6-dd93-4e92-9830-2d81debad5ae + target: a5993183-89c0-43d2-a7f4-ddffb17baba7 + stage: 4ac5719f-32c0-441c-8a7e-33c5ea0db7da + order: 20 + model: authentik_flows.flowstagebinding + attrs: + evaluate_on_plan: true + re_evaluate_policies: true + policy_engine_mode: any + invalid_response_action: retry + - identifiers: + pk: 1219d06e-2c06-4c5b-a162-78e3959c6cf0 + target: a5993183-89c0-43d2-a7f4-ddffb17baba7 + stage: fa2d8d65-1809-4dcc-bdc0-56266e0f7971 + order: 30 + model: authentik_flows.flowstagebinding + attrs: + evaluate_on_plan: true + re_evaluate_policies: false + policy_engine_mode: any + invalid_response_action: retry + - identifiers: + pk: 66de86ba-0707-46a0-8475-ff2e260d6935 + target: a5993183-89c0-43d2-a7f4-ddffb17baba7 + stage: 68b25ad5-318a-496e-95a7-cf4d94247f0d + order: 40 + model: authentik_flows.flowstagebinding + attrs: + evaluate_on_plan: true + re_evaluate_policies: false + policy_engine_mode: any + invalid_response_action: retry + - identifiers: + pk: 9cec2334-d4a2-4895-a2b2-bc5ae4e9639a + target: a5993183-89c0-43d2-a7f4-ddffb17baba7 + stage: e74230b2-82bc-4843-8b18-2c3a66a62d57 + order: 100 + model: authentik_flows.flowstagebinding + attrs: + evaluate_on_plan: true + re_evaluate_policies: false + policy_engine_mode: any + invalid_response_action: retry + - identifiers: + pk: 95aad215-8729-4177-953d-41ffbe86239e + policy: 1c5709ae-1b3e-413a-a117-260ab509bf5c + target: 7af7558e-2196-4b9f-a08e-d38420b7cfbb + order: 0 + model: authentik_policies.policybinding + attrs: + negate: false + enabled: true + timeout: 30 + - identifiers: + pk: a5454cbc-d2e4-403a-84af-6af999990b12 + policy: 1c5709ae-1b3e-413a-a117-260ab509bf5c + target: 29446fd6-dd93-4e92-9830-2d81debad5ae + order: 0 + model: authentik_policies.policybinding + attrs: + negate: false + enabled: true + timeout: 30 diff --git a/website/static/flows/unenrollment.akflow b/website/static/flows/unenrollment.akflow index d14f37e43..efaa673ab 100644 --- a/website/static/flows/unenrollment.akflow +++ b/website/static/flows/unenrollment.akflow @@ -1,37 +1,23 @@ -{ - "version": 1, - "entries": [ - { - "identifiers": { - "pk": "59a576ce-2f23-4a63-b63a-d18dc7e550f5", - "slug": "default-unenrollment-flow" - }, - "model": "authentik_flows.flow", - "attrs": { - "name": "Default unenrollment flow", - "title": "Delete your account", - "designation": "unenrollment" - } - }, - { - "identifiers": { - "pk": "c62ac2a4-2735-4a0f-abd0-8523d68c1209", - "name": "default-unenrollment-user-delete" - }, - "model": "authentik_stages_user_delete.userdeletestage", - "attrs": {} - }, - { - "identifiers": { - "pk": "eb9aff2b-b95d-40b3-ad08-233aa77bbcf3", - "target": "59a576ce-2f23-4a63-b63a-d18dc7e550f5", - "stage": "c62ac2a4-2735-4a0f-abd0-8523d68c1209", - "order": 10 - }, - "model": "authentik_flows.flowstagebinding", - "attrs": { - "re_evaluate_policies": false - } - } - ] -} +version: 1 +entries: + - identifiers: + pk: 59a576ce-2f23-4a63-b63a-d18dc7e550f5 + slug: default-unenrollment-flow + model: authentik_flows.flow + attrs: + name: Default unenrollment flow + title: Delete your account + designation: unenrollment + - identifiers: + pk: c62ac2a4-2735-4a0f-abd0-8523d68c1209 + name: default-unenrollment-user-delete + model: authentik_stages_user_delete.userdeletestage + attrs: {} + - identifiers: + pk: eb9aff2b-b95d-40b3-ad08-233aa77bbcf3 + target: 59a576ce-2f23-4a63-b63a-d18dc7e550f5 + stage: c62ac2a4-2735-4a0f-abd0-8523d68c1209 + order: 10 + model: authentik_flows.flowstagebinding + attrs: + re_evaluate_policies: false