diff --git a/Makefile b/Makefile index 612dc68f3..9fbc653b3 100644 --- a/Makefile +++ b/Makefile @@ -151,7 +151,7 @@ web-extract: ## Website ######################### -website: website-lint-fix +website: website-lint-fix website-build website-install: cd website && npm ci @@ -159,6 +159,9 @@ website-install: website-lint-fix: cd website && npm run prettier +website-build: + cd website && npm run build + website-watch: cd website && npm run watch diff --git a/website/docs/flow/stages/authenticator_validate/index.md b/website/docs/flow/stages/authenticator_validate/index.md index 77985a62a..9fa3a45c8 100644 --- a/website/docs/flow/stages/authenticator_validate/index.md +++ b/website/docs/flow/stages/authenticator_validate/index.md @@ -35,7 +35,7 @@ You can configure this stage to only ask for MFA validation if the user hasn't a Requires authentik 2021.12.4 ::: -Passwordless authentication currently only supports WebAuthn devices, like security keys and biometrics. +Passwordless authentication currently only supports WebAuthn devices, like security keys and biometrics. For an alternate passwordless setup, see [Password stage](../password/index.md#passwordless-login), which supports other types. To configure passwordless authentication, create a new Flow with the delegation set to _Authentication_. diff --git a/website/docs/flow/stages/password/index.md b/website/docs/flow/stages/password/index.md index 74ed43598..9cddce661 100644 --- a/website/docs/flow/stages/password/index.md +++ b/website/docs/flow/stages/password/index.md @@ -6,7 +6,7 @@ This is a generic password prompt which authenticates the current `pending_user` ## Passwordless login -To achieve a "passwordless" experience; authenticating users based only on TOTP/WebAuthn/Duo, create an expression policy and optionally skip the password stage. +There are two different ways to configure passwordless authentication; you can follow the instructions [here](../authenticator_validate/index.md#passwordless-authentication) to allow users to directly authenticate with their authenticator (only supported for WebAuthn devices), or dynamically skip the password stage depending on the users device, which is documented here. Depending on what kind of device you want to require the user to have: @@ -14,14 +14,14 @@ Depending on what kind of device you want to require the user to have: ```python from authentik.stages.authenticator_webauthn.models import WebAuthnDevice -return WebAuthnDevice.objects.filter(user=request.user, confirmed=True).exists() +return WebAuthnDevice.objects.filter(user=request.context['pending_user'], confirmed=True).exists() ``` #### Duo ```python from authentik.stages.authenticator_duo.models import DuoDevice -return DuoDevice.objects.filter(user=request.user, confirmed=True).exists() +return DuoDevice.objects.filter(user=request.context['pending_user'], confirmed=True).exists() ``` Afterwards, bind the policy you've created to the stage binding of the password stage.