trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

flows: migrate flows to be yaml (#3335) 

* flows: migrate flows to be yaml

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate flows to yaml

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens L 2022-07-30 23:55:58 +02:00 committed by GitHub
parent db1dd196e0
commit 882250a85e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 708 additions and 993 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.vscode/settings.json vendored
View File

@ -21,7 +21,7 @@
"todo-tree.tree.showBadges": true,
"python.formatting.provider": "black",
"files.associations": {
"*.akflow": "json"
"*.akflow": "yaml"
},
"typescript.preferences.importModuleSpecifier": "non-relative",
"typescript.preferences.importModuleSpecifierEnding": "index",

6
authentik/flows/api/flows.py
View File

@ -3,7 +3,8 @@ from dataclasses import dataclass
from django.core.cache import cache
from django.db.models import Model
from django.http.response import HttpResponseBadRequest, JsonResponse
from django.http import HttpResponse
from django.http.response import HttpResponseBadRequest
from django.urls import reverse
from django.utils.translation import gettext as _
from drf_spectacular.types import OpenApiTypes
@ -29,7 +30,6 @@ from authentik.core.api.utils import (
from authentik.flows.exceptions import FlowNonApplicableException
from authentik.flows.models import Flow
from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlanner, cache_key
from authentik.flows.transfer.common import DataclassEncoder
from authentik.flows.transfer.exporter import FlowExporter
from authentik.flows.transfer.importer import FlowImporter
from authentik.flows.views.executor import SESSION_KEY_HISTORY, SESSION_KEY_PLAN
@ -198,7 +198,7 @@ class FlowViewSet(UsedByMixin, ModelViewSet):
"""Export flow to .akflow file"""
flow = self.get_object()
exporter = FlowExporter(flow)
response = JsonResponse(exporter.export(), encoder=DataclassEncoder, safe=False)
response = HttpResponse(content=exporter.export_to_string())
response["Content-Disposition"] = f'attachment; filename="{flow.slug}.akflow"'
return response

17
authentik/flows/tests/test_transfer.py
View File

@ -1,10 +1,9 @@
"""Test flow transfer"""
from json import dumps
from django.test import TransactionTestCase
from yaml import dump
from authentik.flows.models import Flow, FlowDesignation, FlowStageBinding
from authentik.flows.transfer.common import DataclassEncoder
from authentik.flows.transfer.common import DataclassDumper
from authentik.flows.transfer.exporter import FlowExporter
from authentik.flows.transfer.importer import FlowImporter, transaction_rollback
from authentik.lib.generators import generate_id
@ -70,9 +69,9 @@ class TestFlowTransfer(TransactionTestCase):
exporter = FlowExporter(flow)
export = exporter.export()
self.assertEqual(len(export.entries), 3)
export_json = exporter.export_to_string()
export_yaml = exporter.export_to_string()
importer = FlowImporter(export_json)
importer = FlowImporter(export_yaml)
self.assertTrue(importer.validate())
self.assertTrue(importer.apply())
@ -118,9 +117,9 @@ class TestFlowTransfer(TransactionTestCase):
exporter = FlowExporter(flow)
export = exporter.export()
export_json = dumps(export, cls=DataclassEncoder)
export_yaml = dump(export, Dumper=DataclassDumper)
importer = FlowImporter(export_json)
importer = FlowImporter(export_yaml)
self.assertTrue(importer.validate())
self.assertTrue(importer.apply())
self.assertTrue(UserLoginStage.objects.filter(name=stage_name).exists())
@ -162,9 +161,9 @@ class TestFlowTransfer(TransactionTestCase):
exporter = FlowExporter(flow)
export = exporter.export()
export_json = dumps(export, cls=DataclassEncoder)
export_yaml = dump(export, Dumper=DataclassDumper)
importer = FlowImporter(export_json)
importer = FlowImporter(export_yaml)
self.assertTrue(importer.validate())
self.assertTrue(importer.apply())

17
authentik/flows/transfer/common.py
View File

@ -5,6 +5,7 @@ from typing import Any
from uuid import UUID
from django.core.serializers.json import DjangoJSONEncoder
from yaml import SafeDumper
from authentik.lib.models import SerializerModel
from authentik.lib.sentry import SentryIgnoredException
@ -84,5 +85,21 @@ class DataclassEncoder(DjangoJSONEncoder):
return super().default(o) # pragma: no cover
class DataclassDumper(SafeDumper):
"""Dump dataclasses to yaml"""
default_flow_style = False
def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs)
self.add_representer(UUID, lambda self, data: self.represent_str(str(data)))
self.add_representer(Enum, lambda self, data: self.represent_str(data.value))
def represent(self, data) -> None:
if is_dataclass(data):
data = asdict(data)
return super().represent(data)
class EntryInvalidError(SentryIgnoredException):
"""Error raised when an entry is invalid"""

6
authentik/flows/transfer/exporter.py
View File

@ -1,12 +1,12 @@
"""Flow exporter"""
from json import dumps
from typing import Iterator
from uuid import UUID
from django.db.models import Q
from yaml import dump
from authentik.flows.models import Flow, FlowStageBinding, Stage
from authentik.flows.transfer.common import DataclassEncoder, FlowBundle, FlowBundleEntry
from authentik.flows.transfer.common import DataclassDumper, FlowBundle, FlowBundleEntry
from authentik.policies.models import Policy, PolicyBinding
from authentik.stages.prompt.models import PromptStage
@ -89,4 +89,4 @@ class FlowExporter:
def export_to_string(self) -> str:
"""Call export and convert it to json"""
bundle = self.export()
return dumps(bundle, cls=DataclassEncoder)
return dump(bundle, Dumper=DataclassDumper)

6
authentik/flows/transfer/importer.py
View File

@ -1,7 +1,6 @@
"""Flow importer"""
from contextlib import contextmanager
from copy import deepcopy
from json import loads
from typing import Any
from dacite import from_dict
@ -14,6 +13,7 @@ from django.db.utils import IntegrityError
from rest_framework.exceptions import ValidationError
from rest_framework.serializers import BaseSerializer, Serializer
from structlog.stdlib import BoundLogger, get_logger
from yaml import safe_load
from authentik.flows.models import Flow, FlowStageBinding, Stage
from authentik.flows.transfer.common import EntryInvalidError, FlowBundle, FlowBundleEntry
@ -39,10 +39,10 @@ class FlowImporter:
logger: BoundLogger
def __init__(self, json_input: str):
def __init__(self, yaml_input: str):
self.__pk_map: dict[Any, Model] = {}
self.logger = get_logger()
import_dict = loads(json_input)
import_dict = safe_load(yaml_input)
try:
self.__import = from_dict(FlowBundle, import_dict)
except DaciteError as exc:

18
website/docs/flow/index.md
View File

@ -32,31 +32,37 @@ Configure what happens when access to a flow is denied by a policy. By default,
Flows are designated for a single purpose. This designation changes when a flow is used. The following designations are available:
### Authentication
#### Authentication
This is designates a flow to be used for authentication.
The authentication flow should always contain a [**User Login**](stages/user_login.md) stage, which attaches the staged user to the current session.
### Invalidation
#### Invalidation
This designates a flow to be used to invalidate a session.
This stage should always contain a [**User Logout**](stages/user_logout.md) stage, which resets the current session.
### Enrollment
#### Enrollment
This designates a flow for enrollment. This flow can contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). At the end, to create the user, you can use the [**user_write**](stages/user_write.md) stage, which either updates the currently staged user, or if none exists, creates a new one.
### Unenrollment
#### Unenrollment
This designates a flow for unenrollment. This flow can contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/). As a final stage, to delete the account, use the [**user_delete**](stages/user_delete.md) stage.
### Recovery
#### Recovery
This designates a flow for recovery. This flow normally contains an [**identification**](stages/identification/) stage to find the user. It can also contain any amount of verification stages, such as [**email**](stages/email/) or [**captcha**](stages/captcha/).
Afterwards, use the [**prompt**](stages/prompt/) stage to ask the user for a new password and the [**user_write**](stages/user_write.md) stage to update the password.
### Stage configuration
#### Stage configuration
This designates a flow for general setup. This designation doesn't have any constraints in what you can do. For example, by default this designation is used to configure Factors, like change a password and setup TOTP.
## Import & Export
Flows can be imported and exported to share with other people, the community and for troubleshooting. Flows can be imported to apply new functionality and apply existing workflows.
Starting with authentik 2022.8, flows will be exported as YAML, but JSON-based flows can still be imported.

300
website/static/flows/enrollment-2-stage.akflow
View File

@ -1,180 +1,120 @@
{
"version": 1,
"entries": [
{
"identifiers": {
"pk": "773c6673-e4a2-423f-8d32-95b7b4a41cf3",
"slug": "default-enrollment-flow"
},
"model": "authentik_flows.flow",
"attrs": {
"name": "Default enrollment Flow",
"title": "Welcome to authentik!",
"designation": "enrollment"
}
},
{
"identifiers": {
"pk": "cb954fd4-65a5-4ad9-b1ee-180ee9559cf4"
},
"model": "authentik_stages_prompt.prompt",
"attrs": {
"field_key": "username",
"label": "Username",
"type": "username",
"required": true,
"placeholder": "Username",
"order": 0
}
},
{
"identifiers": {
"pk": "7db91ee8-4290-4e08-8d39-63f132402515"
},
"model": "authentik_stages_prompt.prompt",
"attrs": {
"field_key": "password",
"label": "Password",
"type": "password",
"required": true,
"placeholder": "Password",
"order": 0
}
},
{
"identifiers": {
"pk": "d30b5eb4-7787-4072-b1ba-65b46e928920"
},
"model": "authentik_stages_prompt.prompt",
"attrs": {
"field_key": "password_repeat",
"label": "Password (repeat)",
"type": "password",
"required": true,
"placeholder": "Password (repeat)",
"order": 1
}
},
{
"identifiers": {
"pk": "f78d977a-efa6-4cc2-9a0f-2621a9fd94d2"
},
"model": "authentik_stages_prompt.prompt",
"attrs": {
"field_key": "name",
"label": "Name",
"type": "text",
"required": true,
"placeholder": "Name",
"order": 0
}
},
{
"identifiers": {
"pk": "1ff91927-e33d-4615-95b0-c258e5f0df62"
},
"model": "authentik_stages_prompt.prompt",
"attrs": {
"field_key": "email",
"label": "Email",
"type": "email",
"required": true,
"placeholder": "Email",
"order": 1
}
},
{
"identifiers": {
"pk": "6c342b94-790d-425a-ae31-6196b6570722",
"name": "default-enrollment-prompt-second"
},
"model": "authentik_stages_prompt.promptstage",
"attrs": {
"fields": [
"f78d977a-efa6-4cc2-9a0f-2621a9fd94d2",
"1ff91927-e33d-4615-95b0-c258e5f0df62"
]
}
},
{
"identifiers": {
"pk": "20375f30-7fa7-4562-8f6e-0f61889f2963",
"name": "default-enrollment-prompt-first"
},
"model": "authentik_stages_prompt.promptstage",
"attrs": {
"fields": [
"cb954fd4-65a5-4ad9-b1ee-180ee9559cf4",
"7db91ee8-4290-4e08-8d39-63f132402515",
"d30b5eb4-7787-4072-b1ba-65b46e928920"
]
}
},
{
"identifiers": {
"pk": "77090897-eb3f-40db-81e6-b4074b1998c4",
"name": "default-enrollment-user-login"
},
"model": "authentik_stages_user_login.userloginstage",
"attrs": {
"session_duration": "seconds=0"
}
},
{
"identifiers": {
"pk": "a4090add-f483-4ac6-8917-10b493ef843e",
"name": "default-enrollment-user-write"
},
"model": "authentik_stages_user_write.userwritestage",
"attrs": {}
},
{
"identifiers": {
"pk": "34e1e7d5-8eed-4549-bc7a-305069ff7df0",
"target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3",
"stage": "20375f30-7fa7-4562-8f6e-0f61889f2963",
"order": 10
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "e40467a6-3052-488c-a1b5-1ad7a80fe7b3",
"target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3",
"stage": "6c342b94-790d-425a-ae31-6196b6570722",
"order": 11
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "76bc594e-2715-49ab-bd40-994abd9a7b70",
"target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3",
"stage": "a4090add-f483-4ac6-8917-10b493ef843e",
"order": 20
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "2f324f6d-7646-4108-a6e2-e7f90985477f",
"target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3",
"stage": "77090897-eb3f-40db-81e6-b4074b1998c4",
"order": 100
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
}
]
}
version: 1
entries:
- identifiers:
pk: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
slug: default-enrollment-flow
model: authentik_flows.flow
attrs:
name: Default enrollment Flow
title: Welcome to authentik!
designation: enrollment
- identifiers:
pk: cb954fd4-65a5-4ad9-b1ee-180ee9559cf4
model: authentik_stages_prompt.prompt
attrs:
field_key: username
label: Username
type: username
required: true
placeholder: Username
order: 0
- identifiers:
pk: 7db91ee8-4290-4e08-8d39-63f132402515
model: authentik_stages_prompt.prompt
attrs:
field_key: password
label: Password
type: password
required: true
placeholder: Password
order: 0
- identifiers:
pk: d30b5eb4-7787-4072-b1ba-65b46e928920
model: authentik_stages_prompt.prompt
attrs:
field_key: password_repeat
label: Password (repeat)
type: password
required: true
placeholder: Password (repeat)
order: 1
- identifiers:
pk: f78d977a-efa6-4cc2-9a0f-2621a9fd94d2
model: authentik_stages_prompt.prompt
attrs:
field_key: name
label: Name
type: text
required: true
placeholder: Name
order: 0
- identifiers:
pk: 1ff91927-e33d-4615-95b0-c258e5f0df62
model: authentik_stages_prompt.prompt
attrs:
field_key: email
label: Email
type: email
required: true
placeholder: Email
order: 1
- identifiers:
pk: 6c342b94-790d-425a-ae31-6196b6570722
name: default-enrollment-prompt-second
model: authentik_stages_prompt.promptstage
attrs:
fields:
- f78d977a-efa6-4cc2-9a0f-2621a9fd94d2
- 1ff91927-e33d-4615-95b0-c258e5f0df62
- identifiers:
pk: 20375f30-7fa7-4562-8f6e-0f61889f2963
name: default-enrollment-prompt-first
model: authentik_stages_prompt.promptstage
attrs:
fields:
- cb954fd4-65a5-4ad9-b1ee-180ee9559cf4
- 7db91ee8-4290-4e08-8d39-63f132402515
- d30b5eb4-7787-4072-b1ba-65b46e928920
- identifiers:
pk: 77090897-eb3f-40db-81e6-b4074b1998c4
name: default-enrollment-user-login
model: authentik_stages_user_login.userloginstage
attrs:
session_duration: seconds=0
- identifiers:
pk: a4090add-f483-4ac6-8917-10b493ef843e
name: default-enrollment-user-write
model: authentik_stages_user_write.userwritestage
attrs: {}
- identifiers:
pk: 34e1e7d5-8eed-4549-bc7a-305069ff7df0
target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
stage: 20375f30-7fa7-4562-8f6e-0f61889f2963
order: 10
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
pk: e40467a6-3052-488c-a1b5-1ad7a80fe7b3
target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
stage: 6c342b94-790d-425a-ae31-6196b6570722
order: 11
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
pk: 76bc594e-2715-49ab-bd40-994abd9a7b70
target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
stage: a4090add-f483-4ac6-8917-10b493ef843e
order: 20
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
pk: 2f324f6d-7646-4108-a6e2-e7f90985477f
target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
stage: 77090897-eb3f-40db-81e6-b4074b1998c4
order: 100
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false

361
website/static/flows/enrollment-email-verification.akflow
View File

@ -1,215 +1,146 @@
{
"version": 1,
"entries": [
{
"identifiers": {
"pk": "773c6673-e4a2-423f-8d32-95b7b4a41cf3",
"slug": "default-enrollment-flow"
},
"model": "authentik_flows.flow",
"attrs": {
"name": "Default enrollment Flow",
"title": "Welcome to authentik!",
"designation": "enrollment"
}
},
{
"identifiers": {
"pk": "cb954fd4-65a5-4ad9-b1ee-180ee9559cf4"
},
"model": "authentik_stages_prompt.prompt",
"attrs": {
"field_key": "username",
"label": "Username",
"type": "username",
"required": true,
"placeholder": "Username",
"order": 0
}
},
{
"identifiers": {
"pk": "7db91ee8-4290-4e08-8d39-63f132402515"
},
"model": "authentik_stages_prompt.prompt",
"attrs": {
"field_key": "password",
"label": "Password",
"type": "password",
"required": true,
"placeholder": "Password",
"order": 0
}
},
{
"identifiers": {
"pk": "d30b5eb4-7787-4072-b1ba-65b46e928920"
},
"model": "authentik_stages_prompt.prompt",
"attrs": {
"field_key": "password_repeat",
"label": "Password (repeat)",
"type": "password",
"required": true,
"placeholder": "Password (repeat)",
"order": 1
}
},
{
"identifiers": {
"pk": "f78d977a-efa6-4cc2-9a0f-2621a9fd94d2"
},
"model": "authentik_stages_prompt.prompt",
"attrs": {
"field_key": "name",
"label": "Name",
"type": "text",
"required": true,
"placeholder": "Name",
"order": 0
}
},
{
"identifiers": {
"pk": "1ff91927-e33d-4615-95b0-c258e5f0df62"
},
"model": "authentik_stages_prompt.prompt",
"attrs": {
"field_key": "email",
"label": "Email",
"type": "email",
"required": true,
"placeholder": "Email",
"order": 1
}
},
{
"identifiers": {
"pk": "096e6282-6b30-4695-bd03-3b143eab5580",
"name": "default-enrollment-email-verification"
},
"model": "authentik_stages_email.emailstage",
"attrs": {
"use_global_settings": true,
"host": "localhost",
"port": 25,
"username": "",
"use_tls": false,
"use_ssl": false,
"timeout": 10,
"from_address": "system@authentik.local",
"token_expiry": 30,
"subject": "authentik",
"template": "email/account_confirmation.html",
"activate_user_on_success": true
}
},
{
"identifiers": {
"pk": "6c342b94-790d-425a-ae31-6196b6570722",
"name": "default-enrollment-prompt-second"
},
"model": "authentik_stages_prompt.promptstage",
"attrs": {
"fields": [
"f78d977a-efa6-4cc2-9a0f-2621a9fd94d2",
"1ff91927-e33d-4615-95b0-c258e5f0df62"
]
}
},
{
"identifiers": {
"pk": "20375f30-7fa7-4562-8f6e-0f61889f2963",
"name": "default-enrollment-prompt-first"
},
"model": "authentik_stages_prompt.promptstage",
"attrs": {
"fields": [
"cb954fd4-65a5-4ad9-b1ee-180ee9559cf4",
"7db91ee8-4290-4e08-8d39-63f132402515",
"d30b5eb4-7787-4072-b1ba-65b46e928920"
]
}
},
{
"identifiers": {
"pk": "77090897-eb3f-40db-81e6-b4074b1998c4",
"name": "default-enrollment-user-login"
},
"model": "authentik_stages_user_login.userloginstage",
"attrs": {
"session_duration": "seconds=0"
}
},
{
"identifiers": {
"pk": "a4090add-f483-4ac6-8917-10b493ef843e",
"name": "default-enrollment-user-write"
},
"model": "authentik_stages_user_write.userwritestage",
"attrs": {
"create_users_as_inactive": true
}
},
{
"identifiers": {
"pk": "34e1e7d5-8eed-4549-bc7a-305069ff7df0",
"target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3",
"stage": "20375f30-7fa7-4562-8f6e-0f61889f2963",
"order": 10
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "e40467a6-3052-488c-a1b5-1ad7a80fe7b3",
"target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3",
"stage": "6c342b94-790d-425a-ae31-6196b6570722",
"order": 11
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "76bc594e-2715-49ab-bd40-994abd9a7b70",
"target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3",
"stage": "a4090add-f483-4ac6-8917-10b493ef843e",
"order": 20
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "1db34a14-8985-4184-b5c9-254cd585d94f",
"target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3",
"stage": "096e6282-6b30-4695-bd03-3b143eab5580",
"order": 30
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "2f324f6d-7646-4108-a6e2-e7f90985477f",
"target": "773c6673-e4a2-423f-8d32-95b7b4a41cf3",
"stage": "77090897-eb3f-40db-81e6-b4074b1998c4",
"order": 40
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
}
]
}
version: 1
entries:
- identifiers:
pk: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
slug: default-enrollment-flow
model: authentik_flows.flow
attrs:
name: Default enrollment Flow
title: Welcome to authentik!
designation: enrollment
- identifiers:
pk: cb954fd4-65a5-4ad9-b1ee-180ee9559cf4
model: authentik_stages_prompt.prompt
attrs:
field_key: username
label: Username
type: username
required: true
placeholder: Username
order: 0
- identifiers:
pk: 7db91ee8-4290-4e08-8d39-63f132402515
model: authentik_stages_prompt.prompt
attrs:
field_key: password
label: Password
type: password
required: true
placeholder: Password
order: 0
- identifiers:
pk: d30b5eb4-7787-4072-b1ba-65b46e928920
model: authentik_stages_prompt.prompt
attrs:
field_key: password_repeat
label: Password (repeat)
type: password
required: true
placeholder: Password (repeat)
order: 1
- identifiers:
pk: f78d977a-efa6-4cc2-9a0f-2621a9fd94d2
model: authentik_stages_prompt.prompt
attrs:
field_key: name
label: Name
type: text
required: true
placeholder: Name
order: 0
- identifiers:
pk: 1ff91927-e33d-4615-95b0-c258e5f0df62
model: authentik_stages_prompt.prompt
attrs:
field_key: email
label: Email
type: email
required: true
placeholder: Email
order: 1
- identifiers:
pk: 096e6282-6b30-4695-bd03-3b143eab5580
name: default-enrollment-email-verification
model: authentik_stages_email.emailstage
attrs:
use_global_settings: true
host: localhost
port: 25
username: ""
use_tls: false
use_ssl: false
timeout: 10
from_address: system@authentik.local
token_expiry: 30
subject: authentik
template: email/account_confirmation.html
activate_user_on_success: true
- identifiers:
pk: 6c342b94-790d-425a-ae31-6196b6570722
name: default-enrollment-prompt-second
model: authentik_stages_prompt.promptstage
attrs:
fields:
- f78d977a-efa6-4cc2-9a0f-2621a9fd94d2
- 1ff91927-e33d-4615-95b0-c258e5f0df62
- identifiers:
pk: 20375f30-7fa7-4562-8f6e-0f61889f2963
name: default-enrollment-prompt-first
model: authentik_stages_prompt.promptstage
attrs:
fields:
- cb954fd4-65a5-4ad9-b1ee-180ee9559cf4
- 7db91ee8-4290-4e08-8d39-63f132402515
- d30b5eb4-7787-4072-b1ba-65b46e928920
- identifiers:
pk: 77090897-eb3f-40db-81e6-b4074b1998c4
name: default-enrollment-user-login
model: authentik_stages_user_login.userloginstage
attrs:
session_duration: seconds=0
- identifiers:
pk: a4090add-f483-4ac6-8917-10b493ef843e
name: default-enrollment-user-write
model: authentik_stages_user_write.userwritestage
attrs:
create_users_as_inactive: true
- identifiers:
pk: 34e1e7d5-8eed-4549-bc7a-305069ff7df0
target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
stage: 20375f30-7fa7-4562-8f6e-0f61889f2963
order: 10
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
pk: e40467a6-3052-488c-a1b5-1ad7a80fe7b3
target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
stage: 6c342b94-790d-425a-ae31-6196b6570722
order: 11
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
pk: 76bc594e-2715-49ab-bd40-994abd9a7b70
target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
stage: a4090add-f483-4ac6-8917-10b493ef843e
order: 20
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
pk: 1db34a14-8985-4184-b5c9-254cd585d94f
target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
stage: 096e6282-6b30-4695-bd03-3b143eab5580
order: 30
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
pk: 2f324f6d-7646-4108-a6e2-e7f90985477f
target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
stage: 77090897-eb3f-40db-81e6-b4074b1998c4
order: 40
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false

233
website/static/flows/login-2fa.akflow
View File

@ -1,139 +1,94 @@
{
"version": 1,
"entries": [
{
"identifiers": {
"slug": "default-authentication-flow",
"pk": "563ece21-e9a4-47e5-a264-23ffd923e393"
},
"model": "authentik_flows.flow",
"attrs": {
"name": "Default Authentication Flow",
"title": "Welcome to authentik!",
"designation": "authentication"
}
},
{
"identifiers": {
"pk": "7db93f1e-788b-4af6-8dc6-5cdeb59d8be7"
},
"model": "authentik_policies_expression.expressionpolicy",
"attrs": {
"name": "test-not-app-password",
"execution_logging": false,
"bound_to": 1,
"expression": "return context[\"auth_method\"] != \"app_password\""
}
},
{
"identifiers": {
"pk": "69d41125-3987-499b-8d74-ef27b54b88c8",
"name": "default-authentication-login"
},
"model": "authentik_stages_user_login.userloginstage",
"attrs": {
"session_duration": "seconds=0"
}
},
{
"identifiers": {
"pk": "5f594f27-0def-488d-9855-fe604eb13de5",
"name": "default-authentication-identification"
},
"model": "authentik_stages_identification.identificationstage",
"attrs": {
"user_fields": ["email", "username"],
"template": "stages/identification/login.html",
"enrollment_flow": null,
"recovery_flow": null
}
},
{
"identifiers": {
"pk": "37f709c3-8817-45e8-9a93-80a925d293c2",
"name": "default-authentication-flow-mfa"
},
"model": "authentik_stages_authenticator_validate.AuthenticatorValidateStage",
"attrs": {}
},
{
"identifiers": {
"pk": "d8affa62-500c-4c5c-a01f-5835e1ffdf40",
"name": "default-authentication-password"
},
"model": "authentik_stages_password.passwordstage",
"attrs": {
"backends": [
"authentik.core.auth.InbuiltBackend",
"authentik.core.auth.TokenBackend",
"authentik.sources.ldap.auth.LDAPBackend"
]
}
},
{
"identifiers": {
"pk": "a3056482-b692-4e3a-93f1-7351c6a351c7",
"target": "563ece21-e9a4-47e5-a264-23ffd923e393",
"stage": "5f594f27-0def-488d-9855-fe604eb13de5",
"order": 10
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "4e8538cf-3e18-4a68-82ae-6df6725fa2e6",
"target": "563ece21-e9a4-47e5-a264-23ffd923e393",
"stage": "d8affa62-500c-4c5c-a01f-5835e1ffdf40",
"order": 20
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "688aec6f-5622-42c6-83a5-d22072d7e798",
"target": "563ece21-e9a4-47e5-a264-23ffd923e393",
"stage": "37f709c3-8817-45e8-9a93-80a925d293c2",
"order": 30
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"evaluate_on_plan": false,
"re_evaluate_policies": true,
"policy_engine_mode": "any",
"invalid_response_action": "retry"
}
},
{
"identifiers": {
"pk": "f3fede3a-a9b5-4232-9ec7-be7ff4194b27",
"target": "563ece21-e9a4-47e5-a264-23ffd923e393",
"stage": "69d41125-3987-499b-8d74-ef27b54b88c8",
"order": 100
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "6e40ae4d-a4ed-4bd7-a784-27b1fe5859d2",
"policy": "7db93f1e-788b-4af6-8dc6-5cdeb59d8be7",
"target": "688aec6f-5622-42c6-83a5-d22072d7e798",
"order": 0
},
"model": "authentik_policies.policybinding",
"attrs": {
"negate": false,
"enabled": true,
"timeout": 30
}
}
]
}
version: 1
entries:
- identifiers:
slug: default-authentication-flow
pk: 563ece21-e9a4-47e5-a264-23ffd923e393
model: authentik_flows.flow
attrs:
name: Default Authentication Flow
title: Welcome to authentik!
designation: authentication
- identifiers:
pk: 7db93f1e-788b-4af6-8dc6-5cdeb59d8be7
model: authentik_policies_expression.expressionpolicy
attrs:
name: test-not-app-password
execution_logging: false
bound_to: 1
expression: return context["auth_method"] != "app_password"
- identifiers:
pk: 69d41125-3987-499b-8d74-ef27b54b88c8
name: default-authentication-login
model: authentik_stages_user_login.userloginstage
attrs:
session_duration: seconds=0
- identifiers:
pk: 5f594f27-0def-488d-9855-fe604eb13de5
name: default-authentication-identification
model: authentik_stages_identification.identificationstage
attrs:
user_fields:
- email
- username
template: stages/identification/login.html
enrollment_flow: null
recovery_flow: null
- identifiers:
pk: 37f709c3-8817-45e8-9a93-80a925d293c2
name: default-authentication-flow-mfa
model: authentik_stages_authenticator_validate.AuthenticatorValidateStage
attrs: {}
- identifiers:
pk: d8affa62-500c-4c5c-a01f-5835e1ffdf40
name: default-authentication-password
model: authentik_stages_password.passwordstage
attrs:
backends:
- authentik.core.auth.InbuiltBackend
- authentik.core.auth.TokenBackend
- authentik.sources.ldap.auth.LDAPBackend
- identifiers:
pk: a3056482-b692-4e3a-93f1-7351c6a351c7
target: 563ece21-e9a4-47e5-a264-23ffd923e393
stage: 5f594f27-0def-488d-9855-fe604eb13de5
order: 10
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
pk: 4e8538cf-3e18-4a68-82ae-6df6725fa2e6
target: 563ece21-e9a4-47e5-a264-23ffd923e393
stage: d8affa62-500c-4c5c-a01f-5835e1ffdf40
order: 20
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
pk: 688aec6f-5622-42c6-83a5-d22072d7e798
target: 563ece21-e9a4-47e5-a264-23ffd923e393
stage: 37f709c3-8817-45e8-9a93-80a925d293c2
order: 30
model: authentik_flows.flowstagebinding
attrs:
evaluate_on_plan: false
re_evaluate_policies: true
policy_engine_mode: any
invalid_response_action: retry
- identifiers:
pk: f3fede3a-a9b5-4232-9ec7-be7ff4194b27
target: 563ece21-e9a4-47e5-a264-23ffd923e393
stage: 69d41125-3987-499b-8d74-ef27b54b88c8
order: 100
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
pk: 6e40ae4d-a4ed-4bd7-a784-27b1fe5859d2
policy: 7db93f1e-788b-4af6-8dc6-5cdeb59d8be7
target: 688aec6f-5622-42c6-83a5-d22072d7e798
order: 0
model: authentik_policies.policybinding
attrs:
negate: false
enabled: true
timeout: 30

232
website/static/flows/login-conditional-captcha.akflow
View File

@ -1,139 +1,93 @@
{
"version": 1,
"entries": [
{
"identifiers": {
"slug": "default-authentication-flow",
"pk": "563ece21-e9a4-47e5-a264-23ffd923e393"
},
"model": "authentik_flows.flow",
"attrs": {
"name": "Default Authentication Flow",
"title": "Welcome to authentik!",
"designation": "authentication"
}
},
{
"identifiers": {
"name": "default-authentication-login",
"pk": "69d41125-3987-499b-8d74-ef27b54b88c8"
},
"model": "authentik_stages_user_login.userloginstage",
"attrs": {
"session_duration": "seconds=0"
}
},
{
"identifiers": {
"name": "default-authentication-flow-captcha",
"pk": "a368cafc-1494-45e9-b75b-b5e7ac2bd3e4"
},
"model": "authentik_stages_captcha.captchastage",
"attrs": {
"public_key": "6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI",
"private_key": "6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe"
}
},
{
"identifiers": {
"name": "default-authentication-identification",
"pk": "5f594f27-0def-488d-9855-fe604eb13de5"
},
"model": "authentik_stages_identification.identificationstage",
"attrs": {
"user_fields": ["email", "username"],
"template": "stages/identification/login.html",
"enrollment_flow": null,
"recovery_flow": null
}
},
{
"identifiers": {
"name": "default-authentication-password",
"pk": "d8affa62-500c-4c5c-a01f-5835e1ffdf40"
},
"model": "authentik_stages_password.passwordstage",
"attrs": {
"backends": [
"authentik.core.auth.InbuiltBackend",
"authentik.core.auth.TokenBackend",
"authentik.sources.ldap.auth.LDAPBackend"
]
}
},
{
"identifiers": {
"pk": "a3056482-b692-4e3a-93f1-7351c6a351c7",
"target": "563ece21-e9a4-47e5-a264-23ffd923e393",
"stage": "5f594f27-0def-488d-9855-fe604eb13de5",
"order": 10
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "4e8538cf-3e18-4a68-82ae-6df6725fa2e6",
"target": "563ece21-e9a4-47e5-a264-23ffd923e393",
"stage": "d8affa62-500c-4c5c-a01f-5835e1ffdf40",
"order": 20
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "3bcd6af0-48a6-4e18-87f3-d251a1a58226",
"target": "563ece21-e9a4-47e5-a264-23ffd923e393",
"stage": "a368cafc-1494-45e9-b75b-b5e7ac2bd3e4",
"order": 30
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"evaluate_on_plan": false,
"re_evaluate_policies": true
}
},
{
"identifiers": {
"pk": "f3fede3a-a9b5-4232-9ec7-be7ff4194b27",
"target": "563ece21-e9a4-47e5-a264-23ffd923e393",
"stage": "69d41125-3987-499b-8d74-ef27b54b88c8",
"order": 100
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
},
{
"identifiers": {
"pk": "688c9890-47ad-4327-a9e5-380e88d34be5"
},
"model": "authentik_policies_reputation.reputationpolicy",
"attrs": {
"name": "default-authentication-flow-conditional-captcha",
"check_ip": true,
"check_username": true,
"threshold": -5
}
},
{
"identifiers": {
"pk": "02e4d220-3448-44db-822e-c5255cf7c250",
"policy": "688c9890-47ad-4327-a9e5-380e88d34be5",
"target": "3bcd6af0-48a6-4e18-87f3-d251a1a58226",
"order": 0
},
"model": "authentik_policies.policybinding",
"attrs": {
"enabled": true,
"timeout": 30
}
}
]
}
version: 1
entries:
- identifiers:
slug: default-authentication-flow
pk: 563ece21-e9a4-47e5-a264-23ffd923e393
model: authentik_flows.flow
attrs:
name: Default Authentication Flow
title: Welcome to authentik!
designation: authentication
- identifiers:
name: default-authentication-login
pk: 69d41125-3987-499b-8d74-ef27b54b88c8
model: authentik_stages_user_login.userloginstage
attrs:
session_duration: seconds=0
- identifiers:
name: default-authentication-flow-captcha
pk: a368cafc-1494-45e9-b75b-b5e7ac2bd3e4
model: authentik_stages_captcha.captchastage
attrs:
public_key: 6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
private_key: 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe
- identifiers:
name: default-authentication-identification
pk: 5f594f27-0def-488d-9855-fe604eb13de5
model: authentik_stages_identification.identificationstage
attrs:
user_fields:
- email
- username
template: stages/identification/login.html
enrollment_flow: null
recovery_flow: null
- identifiers:
name: default-authentication-password
pk: d8affa62-500c-4c5c-a01f-5835e1ffdf40
model: authentik_stages_password.passwordstage
attrs:
backends:
- authentik.core.auth.InbuiltBackend
- authentik.core.auth.TokenBackend
- authentik.sources.ldap.auth.LDAPBackend
- identifiers:
pk: a3056482-b692-4e3a-93f1-7351c6a351c7
target: 563ece21-e9a4-47e5-a264-23ffd923e393
stage: 5f594f27-0def-488d-9855-fe604eb13de5
order: 10
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
pk: 4e8538cf-3e18-4a68-82ae-6df6725fa2e6
target: 563ece21-e9a4-47e5-a264-23ffd923e393
stage: d8affa62-500c-4c5c-a01f-5835e1ffdf40
order: 20
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
pk: 3bcd6af0-48a6-4e18-87f3-d251a1a58226
target: 563ece21-e9a4-47e5-a264-23ffd923e393
stage: a368cafc-1494-45e9-b75b-b5e7ac2bd3e4
order: 30
model: authentik_flows.flowstagebinding
attrs:
evaluate_on_plan: false
re_evaluate_policies: true
- identifiers:
pk: f3fede3a-a9b5-4232-9ec7-be7ff4194b27
target: 563ece21-e9a4-47e5-a264-23ffd923e393
stage: 69d41125-3987-499b-8d74-ef27b54b88c8
order: 100
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
pk: 688c9890-47ad-4327-a9e5-380e88d34be5
model: authentik_policies_reputation.reputationpolicy
attrs:
name: default-authentication-flow-conditional-captcha
check_ip: true
check_username: true
threshold: -5
- identifiers:
pk: 02e4d220-3448-44db-822e-c5255cf7c250
policy: 688c9890-47ad-4327-a9e5-380e88d34be5
target: 3bcd6af0-48a6-4e18-87f3-d251a1a58226
order: 0
model: authentik_policies.policybinding
attrs:
enabled: true
timeout: 30

443
website/static/flows/recovery-email-verification.akflow
View File

@ -1,258 +1,185 @@
{
"version": 1,
"entries": [
{
"identifiers": {
"pk": "a5993183-89c0-43d2-a7f4-ddffb17baba7",
"slug": "default-recovery-flow"
},
"model": "authentik_flows.flow",
"attrs": {
"name": "Default recovery flow",
"title": "Reset your password",
"designation": "recovery",
"cache_count": 0,
"policy_engine_mode": "any",
"compatibility_mode": false,
"layout": "stacked"
}
},
{
"identifiers": {
"pk": "7db91ee8-4290-4e08-8d39-63f132402515"
},
"model": "authentik_stages_prompt.prompt",
"attrs": {
"field_key": "password",
"label": "Password",
"type": "password",
"required": true,
"placeholder": "Password",
"order": 0,
"sub_text": "",
"placeholder_expression": false
}
},
{
"identifiers": {
"pk": "d30b5eb4-7787-4072-b1ba-65b46e928920"
},
"model": "authentik_stages_prompt.prompt",
"attrs": {
"field_key": "password_repeat",
"label": "Password (repeat)",
"type": "password",
"required": true,
"placeholder": "Password (repeat)",
"order": 1,
"sub_text": "",
"placeholder_expression": false
}
},
{
"identifiers": {
"pk": "1c5709ae-1b3e-413a-a117-260ab509bf5c"
},
"model": "authentik_policies_expression.expressionpolicy",
"attrs": {
"name": "default-recovery-skip-if-restored",
"execution_logging": false,
"bound_to": 2,
"expression": "return request.context.get('is_restored', False)"
}
},
{
"identifiers": {
"pk": "1c5709ae-1b3e-413a-a117-260ab509bf5c"
},
"model": "authentik_policies_expression.expressionpolicy",
"attrs": {
"name": "default-recovery-skip-if-restored",
"execution_logging": false,
"bound_to": 2,
"expression": "return request.context.get('is_restored', False)"
}
},
{
"identifiers": {
"pk": "4ac5719f-32c0-441c-8a7e-33c5ea0db7da",
"name": "default-recovery-email"
},
"model": "authentik_stages_email.emailstage",
"attrs": {
"use_global_settings": true,
"host": "localhost",
"port": 25,
"username": "",
"use_tls": false,
"use_ssl": false,
"timeout": 10,
"from_address": "system@authentik.local",
"token_expiry": 30,
"subject": "authentik",
"template": "email/password_reset.html",
"activate_user_on_success": true
}
},
{
"identifiers": {
"pk": "68b25ad5-318a-496e-95a7-cf4d94247f0d",
"name": "default-recovery-user-write"
},
"model": "authentik_stages_user_write.userwritestage",
"attrs": {
"create_users_as_inactive": false,
"create_users_group": null,
"user_path_template": ""
}
},
{
"identifiers": {
"pk": "94843ef6-28fe-4939-bd61-cd46bb34f1de",
"name": "default-recovery-identification"
},
"model": "authentik_stages_identification.identificationstage",
"attrs": {
"user_fields": [
"email",
"username"
],
"password_stage": null,
"case_insensitive_matching": true,
"show_matched_user": true,
"enrollment_flow": null,
"recovery_flow": null,
"passwordless_flow": null,
"sources": [],
"show_source_labels": false
}
},
{
"identifiers": {
"pk": "e74230b2-82bc-4843-8b18-2c3a66a62d57",
"name": "default-recovery-user-login"
},
"model": "authentik_stages_user_login.userloginstage",
"attrs": {
"session_duration": "seconds=0"
}
},
{
"identifiers": {
"pk": "fa2d8d65-1809-4dcc-bdc0-56266e0f7971",
"name": "Change your password"
},
"model": "authentik_stages_prompt.promptstage",
"attrs": {
"fields": [
"7db91ee8-4290-4e08-8d39-63f132402515",
"d30b5eb4-7787-4072-b1ba-65b46e928920"
],
"validation_policies": []
}
},
{
"identifiers": {
"pk": "7af7558e-2196-4b9f-a08e-d38420b7cfbb",
"target": "a5993183-89c0-43d2-a7f4-ddffb17baba7",
"stage": "94843ef6-28fe-4939-bd61-cd46bb34f1de",
"order": 10
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"evaluate_on_plan": true,
"re_evaluate_policies": true,
"policy_engine_mode": "any",
"invalid_response_action": "retry"
}
},
{
"identifiers": {
"pk": "29446fd6-dd93-4e92-9830-2d81debad5ae",
"target": "a5993183-89c0-43d2-a7f4-ddffb17baba7",
"stage": "4ac5719f-32c0-441c-8a7e-33c5ea0db7da",
"order": 20
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"evaluate_on_plan": true,
"re_evaluate_policies": true,
"policy_engine_mode": "any",
"invalid_response_action": "retry"
}
},
{
"identifiers": {
"pk": "1219d06e-2c06-4c5b-a162-78e3959c6cf0",
"target": "a5993183-89c0-43d2-a7f4-ddffb17baba7",
"stage": "fa2d8d65-1809-4dcc-bdc0-56266e0f7971",
"order": 30
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"evaluate_on_plan": true,
"re_evaluate_policies": false,
"policy_engine_mode": "any",
"invalid_response_action": "retry"
}
},
{
"identifiers": {
"pk": "66de86ba-0707-46a0-8475-ff2e260d6935",
"target": "a5993183-89c0-43d2-a7f4-ddffb17baba7",
"stage": "68b25ad5-318a-496e-95a7-cf4d94247f0d",
"order": 40
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"evaluate_on_plan": true,
"re_evaluate_policies": false,
"policy_engine_mode": "any",
"invalid_response_action": "retry"
}
},
{
"identifiers": {
"pk": "9cec2334-d4a2-4895-a2b2-bc5ae4e9639a",
"target": "a5993183-89c0-43d2-a7f4-ddffb17baba7",
"stage": "e74230b2-82bc-4843-8b18-2c3a66a62d57",
"order": 100
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"evaluate_on_plan": true,
"re_evaluate_policies": false,
"policy_engine_mode": "any",
"invalid_response_action": "retry"
}
},
{
"identifiers": {
"pk": "95aad215-8729-4177-953d-41ffbe86239e",
"policy": "1c5709ae-1b3e-413a-a117-260ab509bf5c",
"target": "7af7558e-2196-4b9f-a08e-d38420b7cfbb",
"order": 0
},
"model": "authentik_policies.policybinding",
"attrs": {
"negate": false,
"enabled": true,
"timeout": 30
}
},
{
"identifiers": {
"pk": "a5454cbc-d2e4-403a-84af-6af999990b12",
"policy": "1c5709ae-1b3e-413a-a117-260ab509bf5c",
"target": "29446fd6-dd93-4e92-9830-2d81debad5ae",
"order": 0
},
"model": "authentik_policies.policybinding",
"attrs": {
"negate": false,
"enabled": true,
"timeout": 30
}
}
]
}
version: 1
entries:
- identifiers:
pk: a5993183-89c0-43d2-a7f4-ddffb17baba7
slug: default-recovery-flow
model: authentik_flows.flow
attrs:
name: Default recovery flow
title: Reset your password
designation: recovery
cache_count: 0
policy_engine_mode: any
compatibility_mode: false
layout: stacked
- identifiers:
pk: 7db91ee8-4290-4e08-8d39-63f132402515
model: authentik_stages_prompt.prompt
attrs:
field_key: password
label: Password
type: password
required: true
placeholder: Password
order: 0
sub_text: ""
placeholder_expression: false
- identifiers:
pk: d30b5eb4-7787-4072-b1ba-65b46e928920
model: authentik_stages_prompt.prompt
attrs:
field_key: password_repeat
label: Password (repeat)
type: password
required: true
placeholder: Password (repeat)
order: 1
sub_text: ""
placeholder_expression: false
- identifiers:
pk: 1c5709ae-1b3e-413a-a117-260ab509bf5c
model: authentik_policies_expression.expressionpolicy
attrs:
name: default-recovery-skip-if-restored
execution_logging: false
bound_to: 2
expression: return request.context.get('is_restored', False)
- identifiers:
pk: 1c5709ae-1b3e-413a-a117-260ab509bf5c
model: authentik_policies_expression.expressionpolicy
attrs:
name: default-recovery-skip-if-restored
execution_logging: false
bound_to: 2
expression: return request.context.get('is_restored', False)
- identifiers:
pk: 4ac5719f-32c0-441c-8a7e-33c5ea0db7da
name: default-recovery-email
model: authentik_stages_email.emailstage
attrs:
use_global_settings: true
host: localhost
port: 25
username: ""
use_tls: false
use_ssl: false
timeout: 10
from_address: system@authentik.local
token_expiry: 30
subject: authentik
template: email/password_reset.html
activate_user_on_success: true
- identifiers:
pk: 68b25ad5-318a-496e-95a7-cf4d94247f0d
name: default-recovery-user-write
model: authentik_stages_user_write.userwritestage
attrs:
create_users_as_inactive: false
create_users_group: null
user_path_template: ""
- identifiers:
pk: 94843ef6-28fe-4939-bd61-cd46bb34f1de
name: default-recovery-identification
model: authentik_stages_identification.identificationstage
attrs:
user_fields:
- email
- username
password_stage: null
case_insensitive_matching: true
show_matched_user: true
enrollment_flow: null
recovery_flow: null
passwordless_flow: null
sources: []
show_source_labels: false
- identifiers:
pk: e74230b2-82bc-4843-8b18-2c3a66a62d57
name: default-recovery-user-login
model: authentik_stages_user_login.userloginstage
attrs:
session_duration: seconds=0
- identifiers:
pk: fa2d8d65-1809-4dcc-bdc0-56266e0f7971
name: Change your password
model: authentik_stages_prompt.promptstage
attrs:
fields:
- 7db91ee8-4290-4e08-8d39-63f132402515
- d30b5eb4-7787-4072-b1ba-65b46e928920
validation_policies: []
- identifiers:
pk: 7af7558e-2196-4b9f-a08e-d38420b7cfbb
target: a5993183-89c0-43d2-a7f4-ddffb17baba7
stage: 94843ef6-28fe-4939-bd61-cd46bb34f1de
order: 10
model: authentik_flows.flowstagebinding
attrs:
evaluate_on_plan: true
re_evaluate_policies: true
policy_engine_mode: any
invalid_response_action: retry
- identifiers:
pk: 29446fd6-dd93-4e92-9830-2d81debad5ae
target: a5993183-89c0-43d2-a7f4-ddffb17baba7
stage: 4ac5719f-32c0-441c-8a7e-33c5ea0db7da
order: 20
model: authentik_flows.flowstagebinding
attrs:
evaluate_on_plan: true
re_evaluate_policies: true
policy_engine_mode: any
invalid_response_action: retry
- identifiers:
pk: 1219d06e-2c06-4c5b-a162-78e3959c6cf0
target: a5993183-89c0-43d2-a7f4-ddffb17baba7
stage: fa2d8d65-1809-4dcc-bdc0-56266e0f7971
order: 30
model: authentik_flows.flowstagebinding
attrs:
evaluate_on_plan: true
re_evaluate_policies: false
policy_engine_mode: any
invalid_response_action: retry
- identifiers:
pk: 66de86ba-0707-46a0-8475-ff2e260d6935
target: a5993183-89c0-43d2-a7f4-ddffb17baba7
stage: 68b25ad5-318a-496e-95a7-cf4d94247f0d
order: 40
model: authentik_flows.flowstagebinding
attrs:
evaluate_on_plan: true
re_evaluate_policies: false
policy_engine_mode: any
invalid_response_action: retry
- identifiers:
pk: 9cec2334-d4a2-4895-a2b2-bc5ae4e9639a
target: a5993183-89c0-43d2-a7f4-ddffb17baba7
stage: e74230b2-82bc-4843-8b18-2c3a66a62d57
order: 100
model: authentik_flows.flowstagebinding
attrs:
evaluate_on_plan: true
re_evaluate_policies: false
policy_engine_mode: any
invalid_response_action: retry
- identifiers:
pk: 95aad215-8729-4177-953d-41ffbe86239e
policy: 1c5709ae-1b3e-413a-a117-260ab509bf5c
target: 7af7558e-2196-4b9f-a08e-d38420b7cfbb
order: 0
model: authentik_policies.policybinding
attrs:
negate: false
enabled: true
timeout: 30
- identifiers:
pk: a5454cbc-d2e4-403a-84af-6af999990b12
policy: 1c5709ae-1b3e-413a-a117-260ab509bf5c
target: 29446fd6-dd93-4e92-9830-2d81debad5ae
order: 0
model: authentik_policies.policybinding
attrs:
negate: false
enabled: true
timeout: 30

60
website/static/flows/unenrollment.akflow
View File

@ -1,37 +1,23 @@
{
"version": 1,
"entries": [
{
"identifiers": {
"pk": "59a576ce-2f23-4a63-b63a-d18dc7e550f5",
"slug": "default-unenrollment-flow"
},
"model": "authentik_flows.flow",
"attrs": {
"name": "Default unenrollment flow",
"title": "Delete your account",
"designation": "unenrollment"
}
},
{
"identifiers": {
"pk": "c62ac2a4-2735-4a0f-abd0-8523d68c1209",
"name": "default-unenrollment-user-delete"
},
"model": "authentik_stages_user_delete.userdeletestage",
"attrs": {}
},
{
"identifiers": {
"pk": "eb9aff2b-b95d-40b3-ad08-233aa77bbcf3",
"target": "59a576ce-2f23-4a63-b63a-d18dc7e550f5",
"stage": "c62ac2a4-2735-4a0f-abd0-8523d68c1209",
"order": 10
},
"model": "authentik_flows.flowstagebinding",
"attrs": {
"re_evaluate_policies": false
}
}
]
}
version: 1
entries:
- identifiers:
pk: 59a576ce-2f23-4a63-b63a-d18dc7e550f5
slug: default-unenrollment-flow
model: authentik_flows.flow
attrs:
name: Default unenrollment flow
title: Delete your account
designation: unenrollment
- identifiers:
pk: c62ac2a4-2735-4a0f-abd0-8523d68c1209
name: default-unenrollment-user-delete
model: authentik_stages_user_delete.userdeletestage
attrs: {}
- identifiers:
pk: eb9aff2b-b95d-40b3-ad08-233aa77bbcf3
target: 59a576ce-2f23-4a63-b63a-d18dc7e550f5
stage: c62ac2a4-2735-4a0f-abd0-8523d68c1209
order: 10
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false