core: make defaults for _change_email and _change_username configurable
closes #1789 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
f069cfb643
commit
88516ba2ca
|
@ -55,6 +55,7 @@ from authentik.core.models import (
|
||||||
User,
|
User,
|
||||||
)
|
)
|
||||||
from authentik.events.models import EventAction
|
from authentik.events.models import EventAction
|
||||||
|
from authentik.lib.config import CONFIG
|
||||||
from authentik.stages.email.models import EmailStage
|
from authentik.stages.email.models import EmailStage
|
||||||
from authentik.stages.email.tasks import send_mails
|
from authentik.stages.email.tasks import send_mails
|
||||||
from authentik.stages.email.utils import TemplateEmailMessage
|
from authentik.stages.email.utils import TemplateEmailMessage
|
||||||
|
@ -125,7 +126,9 @@ class UserSelfSerializer(ModelSerializer):
|
||||||
|
|
||||||
def validate_email(self, email: str):
|
def validate_email(self, email: str):
|
||||||
"""Check if the user is allowed to change their email"""
|
"""Check if the user is allowed to change their email"""
|
||||||
if self.instance.group_attributes().get(USER_ATTRIBUTE_CHANGE_EMAIL, True):
|
if self.instance.group_attributes().get(
|
||||||
|
USER_ATTRIBUTE_CHANGE_EMAIL, CONFIG.y_bool("default_user_change_email", True)
|
||||||
|
):
|
||||||
return email
|
return email
|
||||||
if email != self.instance.email:
|
if email != self.instance.email:
|
||||||
raise ValidationError("Not allowed to change email.")
|
raise ValidationError("Not allowed to change email.")
|
||||||
|
@ -133,7 +136,9 @@ class UserSelfSerializer(ModelSerializer):
|
||||||
|
|
||||||
def validate_username(self, username: str):
|
def validate_username(self, username: str):
|
||||||
"""Check if the user is allowed to change their username"""
|
"""Check if the user is allowed to change their username"""
|
||||||
if self.instance.group_attributes().get(USER_ATTRIBUTE_CHANGE_USERNAME, True):
|
if self.instance.group_attributes().get(
|
||||||
|
USER_ATTRIBUTE_CHANGE_USERNAME, CONFIG.y_bool("default_user_change_username", True)
|
||||||
|
):
|
||||||
return username
|
return username
|
||||||
if username != self.instance.username:
|
if username != self.instance.username:
|
||||||
raise ValidationError("Not allowed to change username.")
|
raise ValidationError("Not allowed to change username.")
|
||||||
|
|
|
@ -78,3 +78,6 @@ footer_links:
|
||||||
href: https://goauthentik.io/docs/?utm_source=authentik
|
href: https://goauthentik.io/docs/?utm_source=authentik
|
||||||
- name: authentik Website
|
- name: authentik Website
|
||||||
href: https://goauthentik.io/?utm_source=authentik
|
href: https://goauthentik.io/?utm_source=authentik
|
||||||
|
|
||||||
|
default_user_change_email: true
|
||||||
|
default_user_change_username: true
|
||||||
|
|
|
@ -149,6 +149,22 @@ Configure how authentik should show avatars for users. Following values can be s
|
||||||
- `%(mail_hash)s`: The email address, md5 hashed
|
- `%(mail_hash)s`: The email address, md5 hashed
|
||||||
- `%(upn)s`: The user's UPN, if set (otherwise an empty string)
|
- `%(upn)s`: The user's UPN, if set (otherwise an empty string)
|
||||||
|
|
||||||
|
### AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL
|
||||||
|
|
||||||
|
:::info
|
||||||
|
Requires authentik 2021.10.5
|
||||||
|
:::
|
||||||
|
|
||||||
|
Enable the ability for users to change their Email address, defaults to `true`.
|
||||||
|
|
||||||
|
### AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME
|
||||||
|
|
||||||
|
:::info
|
||||||
|
Requires authentik 2021.10.5
|
||||||
|
:::
|
||||||
|
|
||||||
|
Enable the ability for users to change their Usernames, defaults to `true`.
|
||||||
|
|
||||||
## Debugging
|
## Debugging
|
||||||
|
|
||||||
To check if your config has been applied correctly, you can run the following command to output the full config:
|
To check if your config has been applied correctly, you can run the following command to output the full config:
|
||||||
|
|
Reference in a new issue