version: 1 metadata: name: Default - User settings flow entries: - attrs: designation: stage_configuration name: User settings title: Update your info authentication: require_authenticated identifiers: slug: default-user-settings-flow model: authentik_flows.flow id: flow - attrs: order: 200 placeholder: Username placeholder_expression: false initial_value: | try: return user.username except: return '' initial_value_expression: true required: true type: text field_key: username label: Username identifiers: name: default-user-settings-field-username id: prompt-field-username model: authentik_stages_prompt.prompt - attrs: order: 201 placeholder: Name placeholder_expression: false initial_value: | try: return user.name except: return '' initial_value_expression: true required: true type: text field_key: name label: Name identifiers: name: default-user-settings-field-name id: prompt-field-name model: authentik_stages_prompt.prompt - attrs: order: 202 placeholder: Email placeholder_expression: false initial_value: | try: return user.email except: return '' initial_value_expression: true required: true type: email field_key: email label: Email identifiers: name: default-user-settings-field-email id: prompt-field-email model: authentik_stages_prompt.prompt - attrs: order: 203 placeholder: Locale placeholder_expression: false initial_value: | try: return user.attributes.get("settings", {}).get("locale", "") except: return '' initial_value_expression: true required: true type: ak-locale field_key: attributes.settings.locale label: Locale identifiers: name: default-user-settings-field-locale id: prompt-field-locale model: authentik_stages_prompt.prompt - attrs: expression: | from authentik.core.models import ( USER_ATTRIBUTE_CHANGE_EMAIL, USER_ATTRIBUTE_CHANGE_NAME, USER_ATTRIBUTE_CHANGE_USERNAME ) prompt_data = request.context.get("prompt_data") if not request.user.group_attributes(request.http_request).get( USER_ATTRIBUTE_CHANGE_EMAIL, request.tenant.default_user_change_email ): if prompt_data.get("email") != request.user.email: ak_message("Not allowed to change email address.") return False if not request.user.group_attributes(request.http_request).get( USER_ATTRIBUTE_CHANGE_NAME, request.tenant.default_user_change_name ): if prompt_data.get("name") != request.user.name: ak_message("Not allowed to change name.") return False if not request.user.group_attributes(request.http_request).get( USER_ATTRIBUTE_CHANGE_USERNAME, request.tenant.default_user_change_username ): if prompt_data.get("username") != request.user.username: ak_message("Not allowed to change username.") return False return True identifiers: name: default-user-settings-authorization id: default-user-settings-authorization model: authentik_policies_expression.expressionpolicy - identifiers: name: default-user-settings-write attrs: user_creation_mode: never_create id: default-user-settings-write model: authentik_stages_user_write.userwritestage - attrs: fields: - !KeyOf prompt-field-username - !KeyOf prompt-field-name - !KeyOf prompt-field-email - !KeyOf prompt-field-locale validation_policies: - !KeyOf default-user-settings-authorization identifiers: name: default-user-settings id: default-user-settings model: authentik_stages_prompt.promptstage - identifiers: order: 20 stage: !KeyOf default-user-settings target: !KeyOf flow model: authentik_flows.flowstagebinding - identifiers: order: 100 stage: !KeyOf default-user-settings-write target: !KeyOf flow model: authentik_flows.flowstagebinding