wip
Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
This commit is contained in:
parent
18d7395e7e
commit
f7b6261745
|
@ -6,7 +6,6 @@ from textwrap import indent
|
||||||
from typing import Any, Iterable, Optional
|
from typing import Any, Iterable, Optional
|
||||||
|
|
||||||
from cachetools import TLRUCache, cached
|
from cachetools import TLRUCache, cached
|
||||||
from django.apps import apps
|
|
||||||
from django.core.exceptions import FieldError
|
from django.core.exceptions import FieldError
|
||||||
from guardian.shortcuts import get_anonymous_user
|
from guardian.shortcuts import get_anonymous_user
|
||||||
from rest_framework.serializers import ValidationError
|
from rest_framework.serializers import ValidationError
|
||||||
|
@ -15,10 +14,16 @@ from sentry_sdk.hub import Hub
|
||||||
from sentry_sdk.tracing import Span
|
from sentry_sdk.tracing import Span
|
||||||
from structlog.stdlib import get_logger
|
from structlog.stdlib import get_logger
|
||||||
|
|
||||||
from authentik.core.models import User
|
from authentik.core.models import (
|
||||||
|
USER_ATTRIBUTE_CHANGE_EMAIL,
|
||||||
|
USER_ATTRIBUTE_CHANGE_NAME,
|
||||||
|
USER_ATTRIBUTE_CHANGE_USERNAME,
|
||||||
|
User,
|
||||||
|
)
|
||||||
from authentik.events.models import Event
|
from authentik.events.models import Event
|
||||||
from authentik.lib.config import CONFIG
|
from authentik.lib.config import CONFIG
|
||||||
from authentik.lib.utils.http import get_http_session
|
from authentik.lib.utils.http import get_http_session
|
||||||
|
from authentik.lib.utils.reflection import get_apps
|
||||||
from authentik.policies.models import Policy, PolicyBinding
|
from authentik.policies.models import Policy, PolicyBinding
|
||||||
from authentik.policies.process import PolicyProcess
|
from authentik.policies.process import PolicyProcess
|
||||||
from authentik.policies.types import PolicyRequest, PolicyResult
|
from authentik.policies.types import PolicyRequest, PolicyResult
|
||||||
|
@ -57,8 +62,13 @@ class BaseEvaluator:
|
||||||
"requests": get_http_session(),
|
"requests": get_http_session(),
|
||||||
"resolve_dns": BaseEvaluator.expr_resolve_dns,
|
"resolve_dns": BaseEvaluator.expr_resolve_dns,
|
||||||
"reverse_dns": BaseEvaluator.expr_reverse_dns,
|
"reverse_dns": BaseEvaluator.expr_reverse_dns,
|
||||||
|
# Temporary addition of config until #7590 is through and this is not needed anymore
|
||||||
|
"CONFIG": CONFIG,
|
||||||
|
"USER_ATTRIBUTE_CHANGE_EMAIL": USER_ATTRIBUTE_CHANGE_EMAIL,
|
||||||
|
"USER_ATTRIBUTE_CHANGE_NAME": USER_ATTRIBUTE_CHANGE_NAME,
|
||||||
|
"USER_ATTRIBUTE_CHANGE_USERNAME": USER_ATTRIBUTE_CHANGE_USERNAME,
|
||||||
}
|
}
|
||||||
for app in apps.get_app_configs():
|
for app in get_apps():
|
||||||
# Load models from each app
|
# Load models from each app
|
||||||
for model in app.get_models():
|
for model in app.get_models():
|
||||||
self._globals[model.__name__] = model
|
self._globals[model.__name__] = model
|
||||||
|
|
|
@ -85,12 +85,6 @@ entries:
|
||||||
model: authentik_stages_prompt.prompt
|
model: authentik_stages_prompt.prompt
|
||||||
- attrs:
|
- attrs:
|
||||||
expression: |
|
expression: |
|
||||||
from authentik.lib.config import CONFIG
|
|
||||||
from authentik.core.models import (
|
|
||||||
USER_ATTRIBUTE_CHANGE_EMAIL,
|
|
||||||
USER_ATTRIBUTE_CHANGE_NAME,
|
|
||||||
USER_ATTRIBUTE_CHANGE_USERNAME
|
|
||||||
)
|
|
||||||
prompt_data = request.context.get("prompt_data")
|
prompt_data = request.context.get("prompt_data")
|
||||||
|
|
||||||
if not request.user.group_attributes(request.http_request).get(
|
if not request.user.group_attributes(request.http_request).get(
|
||||||
|
|
|
@ -89,9 +89,8 @@ entries:
|
||||||
expression: |
|
expression: |
|
||||||
# This policy ensures that the setup flow can only be
|
# This policy ensures that the setup flow can only be
|
||||||
# used one time
|
# used one time
|
||||||
from authentik.flows.models import Flow, FlowAuthenticationRequirement
|
|
||||||
Flow.objects.filter(slug="initial-setup").update(
|
Flow.objects.filter(slug="initial-setup").update(
|
||||||
authentication=FlowAuthenticationRequirement.REQUIRE_SUPERUSER,
|
authentication=Flow.authentication.field.default.__class__.REQUIRE_SUPERUSER,
|
||||||
)
|
)
|
||||||
return True
|
return True
|
||||||
id: policy-default-oobe-flow-set-authentication
|
id: policy-default-oobe-flow-set-authentication
|
||||||
|
|
Reference in a new issue