flows: migrate flows to be yaml (#3335)

* flows: migrate flows to be yaml

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate flows to yaml

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens L 2022-07-30 23:55:58 +02:00 committed by GitHub
parent db1dd196e0
commit 882250a85e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 708 additions and 993 deletions

View file

@ -21,7 +21,7 @@
"todo-tree.tree.showBadges": true, "todo-tree.tree.showBadges": true,
"python.formatting.provider": "black", "python.formatting.provider": "black",
"files.associations": { "files.associations": {
"*.akflow": "json" "*.akflow": "yaml"
}, },
"typescript.preferences.importModuleSpecifier": "non-relative", "typescript.preferences.importModuleSpecifier": "non-relative",
"typescript.preferences.importModuleSpecifierEnding": "index", "typescript.preferences.importModuleSpecifierEnding": "index",

View file

@ -3,7 +3,8 @@ from dataclasses import dataclass
from django.core.cache import cache from django.core.cache import cache
from django.db.models import Model from django.db.models import Model
from django.http.response import HttpResponseBadRequest, JsonResponse from django.http import HttpResponse
from django.http.response import HttpResponseBadRequest
from django.urls import reverse from django.urls import reverse
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from drf_spectacular.types import OpenApiTypes from drf_spectacular.types import OpenApiTypes
@ -29,7 +30,6 @@ from authentik.core.api.utils import (
from authentik.flows.exceptions import FlowNonApplicableException from authentik.flows.exceptions import FlowNonApplicableException
from authentik.flows.models import Flow from authentik.flows.models import Flow
from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlanner, cache_key from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlanner, cache_key
from authentik.flows.transfer.common import DataclassEncoder
from authentik.flows.transfer.exporter import FlowExporter from authentik.flows.transfer.exporter import FlowExporter
from authentik.flows.transfer.importer import FlowImporter from authentik.flows.transfer.importer import FlowImporter
from authentik.flows.views.executor import SESSION_KEY_HISTORY, SESSION_KEY_PLAN from authentik.flows.views.executor import SESSION_KEY_HISTORY, SESSION_KEY_PLAN
@ -198,7 +198,7 @@ class FlowViewSet(UsedByMixin, ModelViewSet):
"""Export flow to .akflow file""" """Export flow to .akflow file"""
flow = self.get_object() flow = self.get_object()
exporter = FlowExporter(flow) exporter = FlowExporter(flow)
response = JsonResponse(exporter.export(), encoder=DataclassEncoder, safe=False) response = HttpResponse(content=exporter.export_to_string())
response["Content-Disposition"] = f'attachment; filename="{flow.slug}.akflow"' response["Content-Disposition"] = f'attachment; filename="{flow.slug}.akflow"'
return response return response

View file

@ -1,10 +1,9 @@
"""Test flow transfer""" """Test flow transfer"""
from json import dumps
from django.test import TransactionTestCase from django.test import TransactionTestCase
from yaml import dump
from authentik.flows.models import Flow, FlowDesignation, FlowStageBinding from authentik.flows.models import Flow, FlowDesignation, FlowStageBinding
from authentik.flows.transfer.common import DataclassEncoder from authentik.flows.transfer.common import DataclassDumper
from authentik.flows.transfer.exporter import FlowExporter from authentik.flows.transfer.exporter import FlowExporter
from authentik.flows.transfer.importer import FlowImporter, transaction_rollback from authentik.flows.transfer.importer import FlowImporter, transaction_rollback
from authentik.lib.generators import generate_id from authentik.lib.generators import generate_id
@ -70,9 +69,9 @@ class TestFlowTransfer(TransactionTestCase):
exporter = FlowExporter(flow) exporter = FlowExporter(flow)
export = exporter.export() export = exporter.export()
self.assertEqual(len(export.entries), 3) self.assertEqual(len(export.entries), 3)
export_json = exporter.export_to_string() export_yaml = exporter.export_to_string()
importer = FlowImporter(export_json) importer = FlowImporter(export_yaml)
self.assertTrue(importer.validate()) self.assertTrue(importer.validate())
self.assertTrue(importer.apply()) self.assertTrue(importer.apply())
@ -118,9 +117,9 @@ class TestFlowTransfer(TransactionTestCase):
exporter = FlowExporter(flow) exporter = FlowExporter(flow)
export = exporter.export() export = exporter.export()
export_json = dumps(export, cls=DataclassEncoder) export_yaml = dump(export, Dumper=DataclassDumper)
importer = FlowImporter(export_json) importer = FlowImporter(export_yaml)
self.assertTrue(importer.validate()) self.assertTrue(importer.validate())
self.assertTrue(importer.apply()) self.assertTrue(importer.apply())
self.assertTrue(UserLoginStage.objects.filter(name=stage_name).exists()) self.assertTrue(UserLoginStage.objects.filter(name=stage_name).exists())
@ -162,9 +161,9 @@ class TestFlowTransfer(TransactionTestCase):
exporter = FlowExporter(flow) exporter = FlowExporter(flow)
export = exporter.export() export = exporter.export()
export_json = dumps(export, cls=DataclassEncoder) export_yaml = dump(export, Dumper=DataclassDumper)
importer = FlowImporter(export_json) importer = FlowImporter(export_yaml)
self.assertTrue(importer.validate()) self.assertTrue(importer.validate())
self.assertTrue(importer.apply()) self.assertTrue(importer.apply())

View file

@ -5,6 +5,7 @@ from typing import Any
from uuid import UUID from uuid import UUID
from django.core.serializers.json import DjangoJSONEncoder from django.core.serializers.json import DjangoJSONEncoder
from yaml import SafeDumper
from authentik.lib.models import SerializerModel from authentik.lib.models import SerializerModel
from authentik.lib.sentry import SentryIgnoredException from authentik.lib.sentry import SentryIgnoredException
@ -84,5 +85,21 @@ class DataclassEncoder(DjangoJSONEncoder):
return super().default(o) # pragma: no cover return super().default(o) # pragma: no cover
class DataclassDumper(SafeDumper):
"""Dump dataclasses to yaml"""
default_flow_style = False
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.add_representer(UUID, lambda self, data: self.represent_str(str(data)))
self.add_representer(Enum, lambda self, data: self.represent_str(data.value))
def represent(self, data) -> None:
if is_dataclass(data):
data = asdict(data)
return super().represent(data)
class EntryInvalidError(SentryIgnoredException): class EntryInvalidError(SentryIgnoredException):
"""Error raised when an entry is invalid""" """Error raised when an entry is invalid"""

View file

@ -1,12 +1,12 @@
"""Flow exporter""" """Flow exporter"""
from json import dumps
from typing import Iterator from typing import Iterator
from uuid import UUID from uuid import UUID
from django.db.models import Q from django.db.models import Q
from yaml import dump
from authentik.flows.models import Flow, FlowStageBinding, Stage from authentik.flows.models import Flow, FlowStageBinding, Stage
from authentik.flows.transfer.common import DataclassEncoder, FlowBundle, FlowBundleEntry from authentik.flows.transfer.common import DataclassDumper, FlowBundle, FlowBundleEntry
from authentik.policies.models import Policy, PolicyBinding from authentik.policies.models import Policy, PolicyBinding
from authentik.stages.prompt.models import PromptStage from authentik.stages.prompt.models import PromptStage
@ -89,4 +89,4 @@ class FlowExporter:
def export_to_string(self) -> str: def export_to_string(self) -> str:
"""Call export and convert it to json""" """Call export and convert it to json"""
bundle = self.export() bundle = self.export()
return dumps(bundle, cls=DataclassEncoder) return dump(bundle, Dumper=DataclassDumper)

View file

@ -1,7 +1,6 @@
"""Flow importer""" """Flow importer"""
from contextlib import contextmanager from contextlib import contextmanager
from copy import deepcopy from copy import deepcopy
from json import loads
from typing import Any from typing import Any
from dacite import from_dict from dacite import from_dict
@ -14,6 +13,7 @@ from django.db.utils import IntegrityError
from rest_framework.exceptions import ValidationError from rest_framework.exceptions import ValidationError
from rest_framework.serializers import BaseSerializer, Serializer from rest_framework.serializers import BaseSerializer, Serializer
from structlog.stdlib import BoundLogger, get_logger from structlog.stdlib import BoundLogger, get_logger
from yaml import safe_load
from authentik.flows.models import Flow, FlowStageBinding, Stage from authentik.flows.models import Flow, FlowStageBinding, Stage
from authentik.flows.transfer.common import EntryInvalidError, FlowBundle, FlowBundleEntry from authentik.flows.transfer.common import EntryInvalidError, FlowBundle, FlowBundleEntry
@ -39,10 +39,10 @@ class FlowImporter:
logger: BoundLogger logger: BoundLogger
def __init__(self, json_input: str): def __init__(self, yaml_input: str):
self.__pk_map: dict[Any, Model] = {} self.__pk_map: dict[Any, Model] = {}
self.logger = get_logger() self.logger = get_logger()
import_dict = loads(json_input) import_dict = safe_load(yaml_input)
try: try:
self.__import = from_dict(FlowBundle, import_dict) self.__import = from_dict(FlowBundle, import_dict)
except DaciteError as exc: except DaciteError as exc:

View file

@ -32,31 +32,37 @@ Configure what happens when access to a flow is denied by a policy. By default,
Flows are designated for a single purpose. This designation changes when a flow is used. The following designations are available: Flows are designated for a single purpose. This designation changes when a flow is used. The following designations are available:
### Authentication #### Authentication
This is designates a flow to be used for authentication. This is designates a flow to be used for authentication.
The authentication flow should always contain a [**User Login**](stages/user_login.md) stage, which attaches the staged user to the current session. The authentication flow should always contain a [**User Login**](stages/user_login.md) stage, which attaches the staged user to the current session.
### Invalidation #### Invalidation
This designates a flow to be used to invalidate a session. This designates a flow to be used to invalidate a session.
This stage should always contain a [**User Logout**](stages/user_logout.md) stage, which resets the current session. This stage should always contain a [**User Logout**](stages/user_logout.md) stage, which resets the current session.
### Enrollment #### Enrollment
This designates a flow for enrollment. This flow can contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). At the end, to create the user, you can use the [**user_write**](stages/user_write.md) stage, which either updates the currently staged user, or if none exists, creates a new one. This designates a flow for enrollment. This flow can contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). At the end, to create the user, you can use the [**user_write**](stages/user_write.md) stage, which either updates the currently staged user, or if none exists, creates a new one.
### Unenrollment #### Unenrollment
This designates a flow for unenrollment. This flow can contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). As a final stage, to delete the account, use the [**user_delete**](stages/user_delete.md) stage. This designates a flow for unenrollment. This flow can contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). As a final stage, to delete the account, use the [**user_delete**](stages/user_delete.md) stage.
### Recovery #### Recovery
This designates a flow for recovery. This flow normally contains an [**identification**](stages/identification/) stage to find the user. It can also contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). This designates a flow for recovery. This flow normally contains an [**identification**](stages/identification/) stage to find the user. It can also contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/).
Afterwards, use the [**prompt**](stages/prompt/) stage to ask the user for a new password and the [**user_write**](stages/user_write.md) stage to update the password. Afterwards, use the [**prompt**](stages/prompt/) stage to ask the user for a new password and the [**user_write**](stages/user_write.md) stage to update the password.
### Stage configuration #### Stage configuration
This designates a flow for general setup. This designation doesn't have any constraints in what you can do. For example, by default this designation is used to configure Factors, like change a password and setup TOTP. This designates a flow for general setup. This designation doesn't have any constraints in what you can do. For example, by default this designation is used to configure Factors, like change a password and setup TOTP.
## Import & Export
Flows can be imported and exported to share with other people, the community and for troubleshooting. Flows can be imported to apply new functionality and apply existing workflows.
Starting with authentik 2022.8, flows will be exported as YAML, but JSON-based flows can still be imported.

View file

@ -1,180 +1,120 @@
{ version: 1
"version": 1, entries:
"entries": [ - identifiers:
{ pk: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
"identifiers": { slug: default-enrollment-flow
"pk": "773c6673-e4a2-423f-8d32-95b7b4a41cf3", model: authentik_flows.flow
"slug": "default-enrollment-flow" attrs:
}, name: Default enrollment Flow
"model": "authentik_flows.flow", title: Welcome to authentik!
"attrs": { designation: enrollment
"name": "Default enrollment Flow", - identifiers:
"title": "Welcome to authentik!", pk: cb954fd4-65a5-4ad9-b1ee-180ee9559cf4
"designation": "enrollment" model: authentik_stages_prompt.prompt
} attrs:
}, field_key: username
{ label: Username
"identifiers": { type: username
"pk": "cb954fd4-65a5-4ad9-b1ee-180ee9559cf4" required: true
}, placeholder: Username
"model": "authentik_stages_prompt.prompt", order: 0
"attrs": { - identifiers:
"field_key": "username", pk: 7db91ee8-4290-4e08-8d39-63f132402515
"label": "Username", model: authentik_stages_prompt.prompt
"type": "username", attrs:
"required": true, field_key: password
"placeholder": "Username", label: Password
"order": 0 type: password
} required: true
}, placeholder: Password
{ order: 0
"identifiers": { - identifiers:
"pk": "7db91ee8-4290-4e08-8d39-63f132402515" pk: d30b5eb4-7787-4072-b1ba-65b46e928920
}, model: authentik_stages_prompt.prompt
"model": "authentik_stages_prompt.prompt", attrs:
"attrs": { field_key: password_repeat
"field_key": "password", label: Password (repeat)
"label": "Password", type: password
"type": "password", required: true
"required": true, placeholder: Password (repeat)
"placeholder": "Password", order: 1
"order": 0 - identifiers:
} pk: f78d977a-efa6-4cc2-9a0f-2621a9fd94d2
}, model: authentik_stages_prompt.prompt
{ attrs:
"identifiers": { field_key: name
"pk": "d30b5eb4-7787-4072-b1ba-65b46e928920" label: Name
}, type: text
"model": "authentik_stages_prompt.prompt", required: true
"attrs": { placeholder: Name
"field_key": "password_repeat", order: 0
"label": "Password (repeat)", - identifiers:
"type": "password", pk: 1ff91927-e33d-4615-95b0-c258e5f0df62
"required": true, model: authentik_stages_prompt.prompt
"placeholder": "Password (repeat)", attrs:
"order": 1 field_key: email
} label: Email
}, type: email
{ required: true
"identifiers": { placeholder: Email
"pk": "f78d977a-efa6-4cc2-9a0f-2621a9fd94d2" order: 1
}, - identifiers:
"model": "authentik_stages_prompt.prompt", pk: 6c342b94-790d-425a-ae31-6196b6570722
"attrs": { name: default-enrollment-prompt-second
"field_key": "name", model: authentik_stages_prompt.promptstage
"label": "Name", attrs:
"type": "text", fields:
"required": true, - f78d977a-efa6-4cc2-9a0f-2621a9fd94d2
"placeholder": "Name", - 1ff91927-e33d-4615-95b0-c258e5f0df62
"order": 0 - identifiers:
} pk: 20375f30-7fa7-4562-8f6e-0f61889f2963
}, name: default-enrollment-prompt-first
{ model: authentik_stages_prompt.promptstage
"identifiers": { attrs:
"pk": "1ff91927-e33d-4615-95b0-c258e5f0df62" fields:
}, - cb954fd4-65a5-4ad9-b1ee-180ee9559cf4
"model": "authentik_stages_prompt.prompt", - 7db91ee8-4290-4e08-8d39-63f132402515
"attrs": { - d30b5eb4-7787-4072-b1ba-65b46e928920
"field_key": "email", - identifiers:
"label": "Email", pk: 77090897-eb3f-40db-81e6-b4074b1998c4
"type": "email", name: default-enrollment-user-login
"required": true, model: authentik_stages_user_login.userloginstage
"placeholder": "Email", attrs:
"order": 1 session_duration: seconds=0
} - identifiers:
}, pk: a4090add-f483-4ac6-8917-10b493ef843e
{ name: default-enrollment-user-write
"identifiers": { model: authentik_stages_user_write.userwritestage
"pk": "6c342b94-790d-425a-ae31-6196b6570722", attrs: {}
"name": "default-enrollment-prompt-second" - identifiers:
}, pk: 34e1e7d5-8eed-4549-bc7a-305069ff7df0
"model": "authentik_stages_prompt.promptstage", target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
"attrs": { stage: 20375f30-7fa7-4562-8f6e-0f61889f2963
"fields": [ order: 10
"f78d977a-efa6-4cc2-9a0f-2621a9fd94d2", model: authentik_flows.flowstagebinding
"1ff91927-e33d-4615-95b0-c258e5f0df62" attrs:
] re_evaluate_policies: false
} - identifiers:
}, pk: e40467a6-3052-488c-a1b5-1ad7a80fe7b3
{ target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
"identifiers": { stage: 6c342b94-790d-425a-ae31-6196b6570722
"pk": "20375f30-7fa7-4562-8f6e-0f61889f2963", order: 11
"name": "default-enrollment-prompt-first" model: authentik_flows.flowstagebinding
}, attrs:
"model": "authentik_stages_prompt.promptstage", re_evaluate_policies: false
"attrs": { - identifiers:
"fields": [ pk: 76bc594e-2715-49ab-bd40-994abd9a7b70
"cb954fd4-65a5-4ad9-b1ee-180ee9559cf4", target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
"7db91ee8-4290-4e08-8d39-63f132402515", stage: a4090add-f483-4ac6-8917-10b493ef843e
"d30b5eb4-7787-4072-b1ba-65b46e928920" order: 20
] model: authentik_flows.flowstagebinding
} attrs:
}, re_evaluate_policies: false
{ - identifiers:
"identifiers": { pk: 2f324f6d-7646-4108-a6e2-e7f90985477f
"pk": "77090897-eb3f-40db-81e6-b4074b1998c4", target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
"name": "default-enrollment-user-login" stage: 77090897-eb3f-40db-81e6-b4074b1998c4
}, order: 100
"model": "authentik_stages_user_login.userloginstage", model: authentik_flows.flowstagebinding
"attrs": { attrs:
"session_duration": "seconds=0" re_evaluate_policies: false
}
},
{
"identifiers": {
"pk": "a4090add-f483-4ac6-8917-10b493ef843e",
"name": "default-enrollment-user-write"
},
"model": "authentik_stages_user_write.userwritestage",
"attrs": {}
},
{
"identifiers": {
"pk": "34e1e7d5-8eed-4549-bc7a-305069ff7df0",
"target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3",
"stage": "20375f30-7fa7-4562-8f6e-0f61889f2963",
"order": 10
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "e40467a6-3052-488c-a1b5-1ad7a80fe7b3",
"target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3",
"stage": "6c342b94-790d-425a-ae31-6196b6570722",
"order": 11
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "76bc594e-2715-49ab-bd40-994abd9a7b70",
"target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3",
"stage": "a4090add-f483-4ac6-8917-10b493ef843e",
"order": 20
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "2f324f6d-7646-4108-a6e2-e7f90985477f",
"target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3",
"stage": "77090897-eb3f-40db-81e6-b4074b1998c4",
"order": 100
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
}
]
}

View file

@ -1,215 +1,146 @@
{ version: 1
"version": 1, entries:
"entries": [ - identifiers:
{ pk: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
"identifiers": { slug: default-enrollment-flow
"pk": "773c6673-e4a2-423f-8d32-95b7b4a41cf3", model: authentik_flows.flow
"slug": "default-enrollment-flow" attrs:
}, name: Default enrollment Flow
"model": "authentik_flows.flow", title: Welcome to authentik!
"attrs": { designation: enrollment
"name": "Default enrollment Flow", - identifiers:
"title": "Welcome to authentik!", pk: cb954fd4-65a5-4ad9-b1ee-180ee9559cf4
"designation": "enrollment" model: authentik_stages_prompt.prompt
} attrs:
}, field_key: username
{ label: Username
"identifiers": { type: username
"pk": "cb954fd4-65a5-4ad9-b1ee-180ee9559cf4" required: true
}, placeholder: Username
"model": "authentik_stages_prompt.prompt", order: 0
"attrs": { - identifiers:
"field_key": "username", pk: 7db91ee8-4290-4e08-8d39-63f132402515
"label": "Username", model: authentik_stages_prompt.prompt
"type": "username", attrs:
"required": true, field_key: password
"placeholder": "Username", label: Password
"order": 0 type: password
} required: true
}, placeholder: Password
{ order: 0
"identifiers": { - identifiers:
"pk": "7db91ee8-4290-4e08-8d39-63f132402515" pk: d30b5eb4-7787-4072-b1ba-65b46e928920
}, model: authentik_stages_prompt.prompt
"model": "authentik_stages_prompt.prompt", attrs:
"attrs": { field_key: password_repeat
"field_key": "password", label: Password (repeat)
"label": "Password", type: password
"type": "password", required: true
"required": true, placeholder: Password (repeat)
"placeholder": "Password", order: 1
"order": 0 - identifiers:
} pk: f78d977a-efa6-4cc2-9a0f-2621a9fd94d2
}, model: authentik_stages_prompt.prompt
{ attrs:
"identifiers": { field_key: name
"pk": "d30b5eb4-7787-4072-b1ba-65b46e928920" label: Name
}, type: text
"model": "authentik_stages_prompt.prompt", required: true
"attrs": { placeholder: Name
"field_key": "password_repeat", order: 0
"label": "Password (repeat)", - identifiers:
"type": "password", pk: 1ff91927-e33d-4615-95b0-c258e5f0df62
"required": true, model: authentik_stages_prompt.prompt
"placeholder": "Password (repeat)", attrs:
"order": 1 field_key: email
} label: Email
}, type: email
{ required: true
"identifiers": { placeholder: Email
"pk": "f78d977a-efa6-4cc2-9a0f-2621a9fd94d2" order: 1
}, - identifiers:
"model": "authentik_stages_prompt.prompt", pk: 096e6282-6b30-4695-bd03-3b143eab5580
"attrs": { name: default-enrollment-email-verification
"field_key": "name", model: authentik_stages_email.emailstage
"label": "Name", attrs:
"type": "text", use_global_settings: true
"required": true, host: localhost
"placeholder": "Name", port: 25
"order": 0 username: ""
} use_tls: false
}, use_ssl: false
{ timeout: 10
"identifiers": { from_address: system@authentik.local
"pk": "1ff91927-e33d-4615-95b0-c258e5f0df62" token_expiry: 30
}, subject: authentik
"model": "authentik_stages_prompt.prompt", template: email/account_confirmation.html
"attrs": { activate_user_on_success: true
"field_key": "email", - identifiers:
"label": "Email", pk: 6c342b94-790d-425a-ae31-6196b6570722
"type": "email", name: default-enrollment-prompt-second
"required": true, model: authentik_stages_prompt.promptstage
"placeholder": "Email", attrs:
"order": 1 fields:
} - f78d977a-efa6-4cc2-9a0f-2621a9fd94d2
}, - 1ff91927-e33d-4615-95b0-c258e5f0df62
{ - identifiers:
"identifiers": { pk: 20375f30-7fa7-4562-8f6e-0f61889f2963
"pk": "096e6282-6b30-4695-bd03-3b143eab5580", name: default-enrollment-prompt-first
"name": "default-enrollment-email-verification" model: authentik_stages_prompt.promptstage
}, attrs:
"model": "authentik_stages_email.emailstage", fields:
"attrs": { - cb954fd4-65a5-4ad9-b1ee-180ee9559cf4
"use_global_settings": true, - 7db91ee8-4290-4e08-8d39-63f132402515
"host": "localhost", - d30b5eb4-7787-4072-b1ba-65b46e928920
"port": 25, - identifiers:
"username": "", pk: 77090897-eb3f-40db-81e6-b4074b1998c4
"use_tls": false, name: default-enrollment-user-login
"use_ssl": false, model: authentik_stages_user_login.userloginstage
"timeout": 10, attrs:
"from_address": "system@authentik.local", session_duration: seconds=0
"token_expiry": 30, - identifiers:
"subject": "authentik", pk: a4090add-f483-4ac6-8917-10b493ef843e
"template": "email/account_confirmation.html", name: default-enrollment-user-write
"activate_user_on_success": true model: authentik_stages_user_write.userwritestage
} attrs:
}, create_users_as_inactive: true
{ - identifiers:
"identifiers": { pk: 34e1e7d5-8eed-4549-bc7a-305069ff7df0
"pk": "6c342b94-790d-425a-ae31-6196b6570722", target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
"name": "default-enrollment-prompt-second" stage: 20375f30-7fa7-4562-8f6e-0f61889f2963
}, order: 10
"model": "authentik_stages_prompt.promptstage", model: authentik_flows.flowstagebinding
"attrs": { attrs:
"fields": [ re_evaluate_policies: false
"f78d977a-efa6-4cc2-9a0f-2621a9fd94d2", - identifiers:
"1ff91927-e33d-4615-95b0-c258e5f0df62" pk: e40467a6-3052-488c-a1b5-1ad7a80fe7b3
] target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
} stage: 6c342b94-790d-425a-ae31-6196b6570722
}, order: 11
{ model: authentik_flows.flowstagebinding
"identifiers": { attrs:
"pk": "20375f30-7fa7-4562-8f6e-0f61889f2963", re_evaluate_policies: false
"name": "default-enrollment-prompt-first" - identifiers:
}, pk: 76bc594e-2715-49ab-bd40-994abd9a7b70
"model": "authentik_stages_prompt.promptstage", target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
"attrs": { stage: a4090add-f483-4ac6-8917-10b493ef843e
"fields": [ order: 20
"cb954fd4-65a5-4ad9-b1ee-180ee9559cf4", model: authentik_flows.flowstagebinding
"7db91ee8-4290-4e08-8d39-63f132402515", attrs:
"d30b5eb4-7787-4072-b1ba-65b46e928920" re_evaluate_policies: false
] - identifiers:
} pk: 1db34a14-8985-4184-b5c9-254cd585d94f
}, target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
{ stage: 096e6282-6b30-4695-bd03-3b143eab5580
"identifiers": { order: 30
"pk": "77090897-eb3f-40db-81e6-b4074b1998c4", model: authentik_flows.flowstagebinding
"name": "default-enrollment-user-login" attrs:
}, re_evaluate_policies: false
"model": "authentik_stages_user_login.userloginstage", - identifiers:
"attrs": { pk: 2f324f6d-7646-4108-a6e2-e7f90985477f
"session_duration": "seconds=0" target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
} stage: 77090897-eb3f-40db-81e6-b4074b1998c4
}, order: 40
{ model: authentik_flows.flowstagebinding
"identifiers": { attrs:
"pk": "a4090add-f483-4ac6-8917-10b493ef843e", re_evaluate_policies: false
"name": "default-enrollment-user-write"
},
"model": "authentik_stages_user_write.userwritestage",
"attrs": {
"create_users_as_inactive": true
}
},
{
"identifiers": {
"pk": "34e1e7d5-8eed-4549-bc7a-305069ff7df0",
"target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3",
"stage": "20375f30-7fa7-4562-8f6e-0f61889f2963",
"order": 10
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "e40467a6-3052-488c-a1b5-1ad7a80fe7b3",
"target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3",
"stage": "6c342b94-790d-425a-ae31-6196b6570722",
"order": 11
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "76bc594e-2715-49ab-bd40-994abd9a7b70",
"target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3",
"stage": "a4090add-f483-4ac6-8917-10b493ef843e",
"order": 20
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "1db34a14-8985-4184-b5c9-254cd585d94f",
"target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3",
"stage": "096e6282-6b30-4695-bd03-3b143eab5580",
"order": 30
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "2f324f6d-7646-4108-a6e2-e7f90985477f",
"target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3",
"stage": "77090897-eb3f-40db-81e6-b4074b1998c4",
"order": 40
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
}
]
}

View file

@ -1,139 +1,94 @@
{ version: 1
"version": 1, entries:
"entries": [ - identifiers:
{ slug: default-authentication-flow
"identifiers": { pk: 563ece21-e9a4-47e5-a264-23ffd923e393
"slug": "default-authentication-flow", model: authentik_flows.flow
"pk": "563ece21-e9a4-47e5-a264-23ffd923e393" attrs:
}, name: Default Authentication Flow
"model": "authentik_flows.flow", title: Welcome to authentik!
"attrs": { designation: authentication
"name": "Default Authentication Flow", - identifiers:
"title": "Welcome to authentik!", pk: 7db93f1e-788b-4af6-8dc6-5cdeb59d8be7
"designation": "authentication" model: authentik_policies_expression.expressionpolicy
} attrs:
}, name: test-not-app-password
{ execution_logging: false
"identifiers": { bound_to: 1
"pk": "7db93f1e-788b-4af6-8dc6-5cdeb59d8be7" expression: return context["auth_method"] != "app_password"
}, - identifiers:
"model": "authentik_policies_expression.expressionpolicy", pk: 69d41125-3987-499b-8d74-ef27b54b88c8
"attrs": { name: default-authentication-login
"name": "test-not-app-password", model: authentik_stages_user_login.userloginstage
"execution_logging": false, attrs:
"bound_to": 1, session_duration: seconds=0
"expression": "return context[\"auth_method\"] != \"app_password\"" - identifiers:
} pk: 5f594f27-0def-488d-9855-fe604eb13de5
}, name: default-authentication-identification
{ model: authentik_stages_identification.identificationstage
"identifiers": { attrs:
"pk": "69d41125-3987-499b-8d74-ef27b54b88c8", user_fields:
"name": "default-authentication-login" - email
}, - username
"model": "authentik_stages_user_login.userloginstage", template: stages/identification/login.html
"attrs": { enrollment_flow: null
"session_duration": "seconds=0" recovery_flow: null
} - identifiers:
}, pk: 37f709c3-8817-45e8-9a93-80a925d293c2
{ name: default-authentication-flow-mfa
"identifiers": { model: authentik_stages_authenticator_validate.AuthenticatorValidateStage
"pk": "5f594f27-0def-488d-9855-fe604eb13de5", attrs: {}
"name": "default-authentication-identification" - identifiers:
}, pk: d8affa62-500c-4c5c-a01f-5835e1ffdf40
"model": "authentik_stages_identification.identificationstage", name: default-authentication-password
"attrs": { model: authentik_stages_password.passwordstage
"user_fields": ["email", "username"], attrs:
"template": "stages/identification/login.html", backends:
"enrollment_flow": null, - authentik.core.auth.InbuiltBackend
"recovery_flow": null - authentik.core.auth.TokenBackend
} - authentik.sources.ldap.auth.LDAPBackend
}, - identifiers:
{ pk: a3056482-b692-4e3a-93f1-7351c6a351c7
"identifiers": { target: 563ece21-e9a4-47e5-a264-23ffd923e393
"pk": "37f709c3-8817-45e8-9a93-80a925d293c2", stage: 5f594f27-0def-488d-9855-fe604eb13de5
"name": "default-authentication-flow-mfa" order: 10
}, model: authentik_flows.flowstagebinding
"model": "authentik_stages_authenticator_validate.AuthenticatorValidateStage", attrs:
"attrs": {} re_evaluate_policies: false
}, - identifiers:
{ pk: 4e8538cf-3e18-4a68-82ae-6df6725fa2e6
"identifiers": { target: 563ece21-e9a4-47e5-a264-23ffd923e393
"pk": "d8affa62-500c-4c5c-a01f-5835e1ffdf40", stage: d8affa62-500c-4c5c-a01f-5835e1ffdf40
"name": "default-authentication-password" order: 20
}, model: authentik_flows.flowstagebinding
"model": "authentik_stages_password.passwordstage", attrs:
"attrs": { re_evaluate_policies: false
"backends": [ - identifiers:
"authentik.core.auth.InbuiltBackend", pk: 688aec6f-5622-42c6-83a5-d22072d7e798
"authentik.core.auth.TokenBackend", target: 563ece21-e9a4-47e5-a264-23ffd923e393
"authentik.sources.ldap.auth.LDAPBackend" stage: 37f709c3-8817-45e8-9a93-80a925d293c2
] order: 30
} model: authentik_flows.flowstagebinding
}, attrs:
{ evaluate_on_plan: false
"identifiers": { re_evaluate_policies: true
"pk": "a3056482-b692-4e3a-93f1-7351c6a351c7", policy_engine_mode: any
"target": "563ece21-e9a4-47e5-a264-23ffd923e393", invalid_response_action: retry
"stage": "5f594f27-0def-488d-9855-fe604eb13de5", - identifiers:
"order": 10 pk: f3fede3a-a9b5-4232-9ec7-be7ff4194b27
}, target: 563ece21-e9a4-47e5-a264-23ffd923e393
"model": "authentik_flows.flowstagebinding", stage: 69d41125-3987-499b-8d74-ef27b54b88c8
"attrs": { order: 100
"re_evaluate_policies": false model: authentik_flows.flowstagebinding
} attrs:
}, re_evaluate_policies: false
{ - identifiers:
"identifiers": { pk: 6e40ae4d-a4ed-4bd7-a784-27b1fe5859d2
"pk": "4e8538cf-3e18-4a68-82ae-6df6725fa2e6", policy: 7db93f1e-788b-4af6-8dc6-5cdeb59d8be7
"target": "563ece21-e9a4-47e5-a264-23ffd923e393", target: 688aec6f-5622-42c6-83a5-d22072d7e798
"stage": "d8affa62-500c-4c5c-a01f-5835e1ffdf40", order: 0
"order": 20 model: authentik_policies.policybinding
}, attrs:
"model": "authentik_flows.flowstagebinding", negate: false
"attrs": { enabled: true
"re_evaluate_policies": false timeout: 30
}
},
{
"identifiers": {
"pk": "688aec6f-5622-42c6-83a5-d22072d7e798",
"target": "563ece21-e9a4-47e5-a264-23ffd923e393",
"stage": "37f709c3-8817-45e8-9a93-80a925d293c2",
"order": 30
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"evaluate_on_plan": false,
"re_evaluate_policies": true,
"policy_engine_mode": "any",
"invalid_response_action": "retry"
}
},
{
"identifiers": {
"pk": "f3fede3a-a9b5-4232-9ec7-be7ff4194b27",
"target": "563ece21-e9a4-47e5-a264-23ffd923e393",
"stage": "69d41125-3987-499b-8d74-ef27b54b88c8",
"order": 100
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "6e40ae4d-a4ed-4bd7-a784-27b1fe5859d2",
"policy": "7db93f1e-788b-4af6-8dc6-5cdeb59d8be7",
"target": "688aec6f-5622-42c6-83a5-d22072d7e798",
"order": 0
},
"model": "authentik_policies.policybinding",
"attrs": {
"negate": false,
"enabled": true,
"timeout": 30
}
}
]
}

View file

@ -1,139 +1,93 @@
{ version: 1
"version": 1, entries:
"entries": [ - identifiers:
{ slug: default-authentication-flow
"identifiers": { pk: 563ece21-e9a4-47e5-a264-23ffd923e393
"slug": "default-authentication-flow", model: authentik_flows.flow
"pk": "563ece21-e9a4-47e5-a264-23ffd923e393" attrs:
}, name: Default Authentication Flow
"model": "authentik_flows.flow", title: Welcome to authentik!
"attrs": { designation: authentication
"name": "Default Authentication Flow", - identifiers:
"title": "Welcome to authentik!", name: default-authentication-login
"designation": "authentication" pk: 69d41125-3987-499b-8d74-ef27b54b88c8
} model: authentik_stages_user_login.userloginstage
}, attrs:
{ session_duration: seconds=0
"identifiers": { - identifiers:
"name": "default-authentication-login", name: default-authentication-flow-captcha
"pk": "69d41125-3987-499b-8d74-ef27b54b88c8" pk: a368cafc-1494-45e9-b75b-b5e7ac2bd3e4
}, model: authentik_stages_captcha.captchastage
"model": "authentik_stages_user_login.userloginstage", attrs:
"attrs": { public_key: 6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
"session_duration": "seconds=0" private_key: 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe
} - identifiers:
}, name: default-authentication-identification
{ pk: 5f594f27-0def-488d-9855-fe604eb13de5
"identifiers": { model: authentik_stages_identification.identificationstage
"name": "default-authentication-flow-captcha", attrs:
"pk": "a368cafc-1494-45e9-b75b-b5e7ac2bd3e4" user_fields:
}, - email
"model": "authentik_stages_captcha.captchastage", - username
"attrs": { template: stages/identification/login.html
"public_key": "6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI", enrollment_flow: null
"private_key": "6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe" recovery_flow: null
} - identifiers:
}, name: default-authentication-password
{ pk: d8affa62-500c-4c5c-a01f-5835e1ffdf40
"identifiers": { model: authentik_stages_password.passwordstage
"name": "default-authentication-identification", attrs:
"pk": "5f594f27-0def-488d-9855-fe604eb13de5" backends:
}, - authentik.core.auth.InbuiltBackend
"model": "authentik_stages_identification.identificationstage", - authentik.core.auth.TokenBackend
"attrs": { - authentik.sources.ldap.auth.LDAPBackend
"user_fields": ["email", "username"], - identifiers:
"template": "stages/identification/login.html", pk: a3056482-b692-4e3a-93f1-7351c6a351c7
"enrollment_flow": null, target: 563ece21-e9a4-47e5-a264-23ffd923e393
"recovery_flow": null stage: 5f594f27-0def-488d-9855-fe604eb13de5
} order: 10
}, model: authentik_flows.flowstagebinding
{ attrs:
"identifiers": { re_evaluate_policies: false
"name": "default-authentication-password", - identifiers:
"pk": "d8affa62-500c-4c5c-a01f-5835e1ffdf40" pk: 4e8538cf-3e18-4a68-82ae-6df6725fa2e6
}, target: 563ece21-e9a4-47e5-a264-23ffd923e393
"model": "authentik_stages_password.passwordstage", stage: d8affa62-500c-4c5c-a01f-5835e1ffdf40
"attrs": { order: 20
"backends": [ model: authentik_flows.flowstagebinding
"authentik.core.auth.InbuiltBackend", attrs:
"authentik.core.auth.TokenBackend", re_evaluate_policies: false
"authentik.sources.ldap.auth.LDAPBackend" - identifiers:
] pk: 3bcd6af0-48a6-4e18-87f3-d251a1a58226
} target: 563ece21-e9a4-47e5-a264-23ffd923e393
}, stage: a368cafc-1494-45e9-b75b-b5e7ac2bd3e4
{ order: 30
"identifiers": { model: authentik_flows.flowstagebinding
"pk": "a3056482-b692-4e3a-93f1-7351c6a351c7", attrs:
"target": "563ece21-e9a4-47e5-a264-23ffd923e393", evaluate_on_plan: false
"stage": "5f594f27-0def-488d-9855-fe604eb13de5", re_evaluate_policies: true
"order": 10 - identifiers:
}, pk: f3fede3a-a9b5-4232-9ec7-be7ff4194b27
"model": "authentik_flows.flowstagebinding", target: 563ece21-e9a4-47e5-a264-23ffd923e393
"attrs": { stage: 69d41125-3987-499b-8d74-ef27b54b88c8
"re_evaluate_policies": false order: 100
} model: authentik_flows.flowstagebinding
}, attrs:
{ re_evaluate_policies: false
"identifiers": { - identifiers:
"pk": "4e8538cf-3e18-4a68-82ae-6df6725fa2e6", pk: 688c9890-47ad-4327-a9e5-380e88d34be5
"target": "563ece21-e9a4-47e5-a264-23ffd923e393", model: authentik_policies_reputation.reputationpolicy
"stage": "d8affa62-500c-4c5c-a01f-5835e1ffdf40", attrs:
"order": 20 name: default-authentication-flow-conditional-captcha
}, check_ip: true
"model": "authentik_flows.flowstagebinding", check_username: true
"attrs": { threshold: -5
"re_evaluate_policies": false - identifiers:
} pk: 02e4d220-3448-44db-822e-c5255cf7c250
}, policy: 688c9890-47ad-4327-a9e5-380e88d34be5
{ target: 3bcd6af0-48a6-4e18-87f3-d251a1a58226
"identifiers": { order: 0
"pk": "3bcd6af0-48a6-4e18-87f3-d251a1a58226", model: authentik_policies.policybinding
"target": "563ece21-e9a4-47e5-a264-23ffd923e393", attrs:
"stage": "a368cafc-1494-45e9-b75b-b5e7ac2bd3e4", enabled: true
"order": 30 timeout: 30
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"evaluate_on_plan": false,
"re_evaluate_policies": true
}
},
{
"identifiers": {
"pk": "f3fede3a-a9b5-4232-9ec7-be7ff4194b27",
"target": "563ece21-e9a4-47e5-a264-23ffd923e393",
"stage": "69d41125-3987-499b-8d74-ef27b54b88c8",
"order": 100
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "688c9890-47ad-4327-a9e5-380e88d34be5"
},
"model": "authentik_policies_reputation.reputationpolicy",
"attrs": {
"name": "default-authentication-flow-conditional-captcha",
"check_ip": true,
"check_username": true,
"threshold": -5
}
},
{
"identifiers": {
"pk": "02e4d220-3448-44db-822e-c5255cf7c250",
"policy": "688c9890-47ad-4327-a9e5-380e88d34be5",
"target": "3bcd6af0-48a6-4e18-87f3-d251a1a58226",
"order": 0
},
"model": "authentik_policies.policybinding",
"attrs": {
"enabled": true,
"timeout": 30
}
}
]
}

View file

@ -1,258 +1,185 @@
{ version: 1
"version": 1, entries:
"entries": [ - identifiers:
{ pk: a5993183-89c0-43d2-a7f4-ddffb17baba7
"identifiers": { slug: default-recovery-flow
"pk": "a5993183-89c0-43d2-a7f4-ddffb17baba7", model: authentik_flows.flow
"slug": "default-recovery-flow" attrs:
}, name: Default recovery flow
"model": "authentik_flows.flow", title: Reset your password
"attrs": { designation: recovery
"name": "Default recovery flow", cache_count: 0
"title": "Reset your password", policy_engine_mode: any
"designation": "recovery", compatibility_mode: false
"cache_count": 0, layout: stacked
"policy_engine_mode": "any", - identifiers:
"compatibility_mode": false, pk: 7db91ee8-4290-4e08-8d39-63f132402515
"layout": "stacked" model: authentik_stages_prompt.prompt
} attrs:
}, field_key: password
{ label: Password
"identifiers": { type: password
"pk": "7db91ee8-4290-4e08-8d39-63f132402515" required: true
}, placeholder: Password
"model": "authentik_stages_prompt.prompt", order: 0
"attrs": { sub_text: ""
"field_key": "password", placeholder_expression: false
"label": "Password", - identifiers:
"type": "password", pk: d30b5eb4-7787-4072-b1ba-65b46e928920
"required": true, model: authentik_stages_prompt.prompt
"placeholder": "Password", attrs:
"order": 0, field_key: password_repeat
"sub_text": "", label: Password (repeat)
"placeholder_expression": false type: password
} required: true
}, placeholder: Password (repeat)
{ order: 1
"identifiers": { sub_text: ""
"pk": "d30b5eb4-7787-4072-b1ba-65b46e928920" placeholder_expression: false
}, - identifiers:
"model": "authentik_stages_prompt.prompt", pk: 1c5709ae-1b3e-413a-a117-260ab509bf5c
"attrs": { model: authentik_policies_expression.expressionpolicy
"field_key": "password_repeat", attrs:
"label": "Password (repeat)", name: default-recovery-skip-if-restored
"type": "password", execution_logging: false
"required": true, bound_to: 2
"placeholder": "Password (repeat)", expression: return request.context.get('is_restored', False)
"order": 1, - identifiers:
"sub_text": "", pk: 1c5709ae-1b3e-413a-a117-260ab509bf5c
"placeholder_expression": false model: authentik_policies_expression.expressionpolicy
} attrs:
}, name: default-recovery-skip-if-restored
{ execution_logging: false
"identifiers": { bound_to: 2
"pk": "1c5709ae-1b3e-413a-a117-260ab509bf5c" expression: return request.context.get('is_restored', False)
}, - identifiers:
"model": "authentik_policies_expression.expressionpolicy", pk: 4ac5719f-32c0-441c-8a7e-33c5ea0db7da
"attrs": { name: default-recovery-email
"name": "default-recovery-skip-if-restored", model: authentik_stages_email.emailstage
"execution_logging": false, attrs:
"bound_to": 2, use_global_settings: true
"expression": "return request.context.get('is_restored', False)" host: localhost
} port: 25
}, username: ""
{ use_tls: false
"identifiers": { use_ssl: false
"pk": "1c5709ae-1b3e-413a-a117-260ab509bf5c" timeout: 10
}, from_address: system@authentik.local
"model": "authentik_policies_expression.expressionpolicy", token_expiry: 30
"attrs": { subject: authentik
"name": "default-recovery-skip-if-restored", template: email/password_reset.html
"execution_logging": false, activate_user_on_success: true
"bound_to": 2, - identifiers:
"expression": "return request.context.get('is_restored', False)" pk: 68b25ad5-318a-496e-95a7-cf4d94247f0d
} name: default-recovery-user-write
}, model: authentik_stages_user_write.userwritestage
{ attrs:
"identifiers": { create_users_as_inactive: false
"pk": "4ac5719f-32c0-441c-8a7e-33c5ea0db7da", create_users_group: null
"name": "default-recovery-email" user_path_template: ""
}, - identifiers:
"model": "authentik_stages_email.emailstage", pk: 94843ef6-28fe-4939-bd61-cd46bb34f1de
"attrs": { name: default-recovery-identification
"use_global_settings": true, model: authentik_stages_identification.identificationstage
"host": "localhost", attrs:
"port": 25, user_fields:
"username": "", - email
"use_tls": false, - username
"use_ssl": false, password_stage: null
"timeout": 10, case_insensitive_matching: true
"from_address": "system@authentik.local", show_matched_user: true
"token_expiry": 30, enrollment_flow: null
"subject": "authentik", recovery_flow: null
"template": "email/password_reset.html", passwordless_flow: null
"activate_user_on_success": true sources: []
} show_source_labels: false
}, - identifiers:
{ pk: e74230b2-82bc-4843-8b18-2c3a66a62d57
"identifiers": { name: default-recovery-user-login
"pk": "68b25ad5-318a-496e-95a7-cf4d94247f0d", model: authentik_stages_user_login.userloginstage
"name": "default-recovery-user-write" attrs:
}, session_duration: seconds=0
"model": "authentik_stages_user_write.userwritestage", - identifiers:
"attrs": { pk: fa2d8d65-1809-4dcc-bdc0-56266e0f7971
"create_users_as_inactive": false, name: Change your password
"create_users_group": null, model: authentik_stages_prompt.promptstage
"user_path_template": "" attrs:
} fields:
}, - 7db91ee8-4290-4e08-8d39-63f132402515
{ - d30b5eb4-7787-4072-b1ba-65b46e928920
"identifiers": { validation_policies: []
"pk": "94843ef6-28fe-4939-bd61-cd46bb34f1de", - identifiers:
"name": "default-recovery-identification" pk: 7af7558e-2196-4b9f-a08e-d38420b7cfbb
}, target: a5993183-89c0-43d2-a7f4-ddffb17baba7
"model": "authentik_stages_identification.identificationstage", stage: 94843ef6-28fe-4939-bd61-cd46bb34f1de
"attrs": { order: 10
"user_fields": [ model: authentik_flows.flowstagebinding
"email", attrs:
"username" evaluate_on_plan: true
], re_evaluate_policies: true
"password_stage": null, policy_engine_mode: any
"case_insensitive_matching": true, invalid_response_action: retry
"show_matched_user": true, - identifiers:
"enrollment_flow": null, pk: 29446fd6-dd93-4e92-9830-2d81debad5ae
"recovery_flow": null, target: a5993183-89c0-43d2-a7f4-ddffb17baba7
"passwordless_flow": null, stage: 4ac5719f-32c0-441c-8a7e-33c5ea0db7da
"sources": [], order: 20
"show_source_labels": false model: authentik_flows.flowstagebinding
} attrs:
}, evaluate_on_plan: true
{ re_evaluate_policies: true
"identifiers": { policy_engine_mode: any
"pk": "e74230b2-82bc-4843-8b18-2c3a66a62d57", invalid_response_action: retry
"name": "default-recovery-user-login" - identifiers:
}, pk: 1219d06e-2c06-4c5b-a162-78e3959c6cf0
"model": "authentik_stages_user_login.userloginstage", target: a5993183-89c0-43d2-a7f4-ddffb17baba7
"attrs": { stage: fa2d8d65-1809-4dcc-bdc0-56266e0f7971
"session_duration": "seconds=0" order: 30
} model: authentik_flows.flowstagebinding
}, attrs:
{ evaluate_on_plan: true
"identifiers": { re_evaluate_policies: false
"pk": "fa2d8d65-1809-4dcc-bdc0-56266e0f7971", policy_engine_mode: any
"name": "Change your password" invalid_response_action: retry
}, - identifiers:
"model": "authentik_stages_prompt.promptstage", pk: 66de86ba-0707-46a0-8475-ff2e260d6935
"attrs": { target: a5993183-89c0-43d2-a7f4-ddffb17baba7
"fields": [ stage: 68b25ad5-318a-496e-95a7-cf4d94247f0d
"7db91ee8-4290-4e08-8d39-63f132402515", order: 40
"d30b5eb4-7787-4072-b1ba-65b46e928920" model: authentik_flows.flowstagebinding
], attrs:
"validation_policies": [] evaluate_on_plan: true
} re_evaluate_policies: false
}, policy_engine_mode: any
{ invalid_response_action: retry
"identifiers": { - identifiers:
"pk": "7af7558e-2196-4b9f-a08e-d38420b7cfbb", pk: 9cec2334-d4a2-4895-a2b2-bc5ae4e9639a
"target": "a5993183-89c0-43d2-a7f4-ddffb17baba7", target: a5993183-89c0-43d2-a7f4-ddffb17baba7
"stage": "94843ef6-28fe-4939-bd61-cd46bb34f1de", stage: e74230b2-82bc-4843-8b18-2c3a66a62d57
"order": 10 order: 100
}, model: authentik_flows.flowstagebinding
"model": "authentik_flows.flowstagebinding", attrs:
"attrs": { evaluate_on_plan: true
"evaluate_on_plan": true, re_evaluate_policies: false
"re_evaluate_policies": true, policy_engine_mode: any
"policy_engine_mode": "any", invalid_response_action: retry
"invalid_response_action": "retry" - identifiers:
} pk: 95aad215-8729-4177-953d-41ffbe86239e
}, policy: 1c5709ae-1b3e-413a-a117-260ab509bf5c
{ target: 7af7558e-2196-4b9f-a08e-d38420b7cfbb
"identifiers": { order: 0
"pk": "29446fd6-dd93-4e92-9830-2d81debad5ae", model: authentik_policies.policybinding
"target": "a5993183-89c0-43d2-a7f4-ddffb17baba7", attrs:
"stage": "4ac5719f-32c0-441c-8a7e-33c5ea0db7da", negate: false
"order": 20 enabled: true
}, timeout: 30
"model": "authentik_flows.flowstagebinding", - identifiers:
"attrs": { pk: a5454cbc-d2e4-403a-84af-6af999990b12
"evaluate_on_plan": true, policy: 1c5709ae-1b3e-413a-a117-260ab509bf5c
"re_evaluate_policies": true, target: 29446fd6-dd93-4e92-9830-2d81debad5ae
"policy_engine_mode": "any", order: 0
"invalid_response_action": "retry" model: authentik_policies.policybinding
} attrs:
}, negate: false
{ enabled: true
"identifiers": { timeout: 30
"pk": "1219d06e-2c06-4c5b-a162-78e3959c6cf0",
"target": "a5993183-89c0-43d2-a7f4-ddffb17baba7",
"stage": "fa2d8d65-1809-4dcc-bdc0-56266e0f7971",
"order": 30
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"evaluate_on_plan": true,
"re_evaluate_policies": false,
"policy_engine_mode": "any",
"invalid_response_action": "retry"
}
},
{
"identifiers": {
"pk": "66de86ba-0707-46a0-8475-ff2e260d6935",
"target": "a5993183-89c0-43d2-a7f4-ddffb17baba7",
"stage": "68b25ad5-318a-496e-95a7-cf4d94247f0d",
"order": 40
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"evaluate_on_plan": true,
"re_evaluate_policies": false,
"policy_engine_mode": "any",
"invalid_response_action": "retry"
}
},
{
"identifiers": {
"pk": "9cec2334-d4a2-4895-a2b2-bc5ae4e9639a",
"target": "a5993183-89c0-43d2-a7f4-ddffb17baba7",
"stage": "e74230b2-82bc-4843-8b18-2c3a66a62d57",
"order": 100
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"evaluate_on_plan": true,
"re_evaluate_policies": false,
"policy_engine_mode": "any",
"invalid_response_action": "retry"
}
},
{
"identifiers": {
"pk": "95aad215-8729-4177-953d-41ffbe86239e",
"policy": "1c5709ae-1b3e-413a-a117-260ab509bf5c",
"target": "7af7558e-2196-4b9f-a08e-d38420b7cfbb",
"order": 0
},
"model": "authentik_policies.policybinding",
"attrs": {
"negate": false,
"enabled": true,
"timeout": 30
}
},
{
"identifiers": {
"pk": "a5454cbc-d2e4-403a-84af-6af999990b12",
"policy": "1c5709ae-1b3e-413a-a117-260ab509bf5c",
"target": "29446fd6-dd93-4e92-9830-2d81debad5ae",
"order": 0
},
"model": "authentik_policies.policybinding",
"attrs": {
"negate": false,
"enabled": true,
"timeout": 30
}
}
]
}

View file

@ -1,37 +1,23 @@
{ version: 1
"version": 1, entries:
"entries": [ - identifiers:
{ pk: 59a576ce-2f23-4a63-b63a-d18dc7e550f5
"identifiers": { slug: default-unenrollment-flow
"pk": "59a576ce-2f23-4a63-b63a-d18dc7e550f5", model: authentik_flows.flow
"slug": "default-unenrollment-flow" attrs:
}, name: Default unenrollment flow
"model": "authentik_flows.flow", title: Delete your account
"attrs": { designation: unenrollment
"name": "Default unenrollment flow", - identifiers:
"title": "Delete your account", pk: c62ac2a4-2735-4a0f-abd0-8523d68c1209
"designation": "unenrollment" name: default-unenrollment-user-delete
} model: authentik_stages_user_delete.userdeletestage
}, attrs: {}
{ - identifiers:
"identifiers": { pk: eb9aff2b-b95d-40b3-ad08-233aa77bbcf3
"pk": "c62ac2a4-2735-4a0f-abd0-8523d68c1209", target: 59a576ce-2f23-4a63-b63a-d18dc7e550f5
"name": "default-unenrollment-user-delete" stage: c62ac2a4-2735-4a0f-abd0-8523d68c1209
}, order: 10
"model": "authentik_stages_user_delete.userdeletestage", model: authentik_flows.flowstagebinding
"attrs": {} attrs:
}, re_evaluate_policies: false
{
"identifiers": {
"pk": "eb9aff2b-b95d-40b3-ad08-233aa77bbcf3",
"target": "59a576ce-2f23-4a63-b63a-d18dc7e550f5",
"stage": "c62ac2a4-2735-4a0f-abd0-8523d68c1209",
"order": 10
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
}
]
}