version: 1 metadata: name: Default - User settings flow entries: - attrs: designation: stage_configuration name: User settings title: Update your info authentication: require_authenticated identifiers: slug: default-user-settings-flow model: authentik_flows.flow id: flow - attrs: order: 200 placeholder: | try: return user.username except: return '' placeholder_expression: true required: true type: text identifiers: field_key: username label: Username id: prompt-field-username model: authentik_stages_prompt.prompt - attrs: order: 201 placeholder: | try: return user.name except: return '' placeholder_expression: true required: true type: text identifiers: field_key: name label: Name id: prompt-field-name model: authentik_stages_prompt.prompt - attrs: order: 202 placeholder: | try: return user.email except: return '' placeholder_expression: true required: true type: email identifiers: field_key: email label: Email id: prompt-field-email model: authentik_stages_prompt.prompt - attrs: order: 203 placeholder: | try: return user.attributes.get("settings", {}).get("locale", "") except: return '' placeholder_expression: true required: true type: ak-locale identifiers: field_key: attributes.settings.locale label: Locale id: prompt-field-locale model: authentik_stages_prompt.prompt - attrs: expression: | from authentik.lib.config import CONFIG from authentik.core.models import ( USER_ATTRIBUTE_CHANGE_EMAIL, USER_ATTRIBUTE_CHANGE_NAME, USER_ATTRIBUTE_CHANGE_USERNAME ) prompt_data = request.context.get("prompt_data") if not request.user.group_attributes(request.http_request).get( USER_ATTRIBUTE_CHANGE_EMAIL, CONFIG.y_bool("default_user_change_email", True) ): if prompt_data.get("email") != request.user.email: ak_message("Not allowed to change email address.") return False if not request.user.group_attributes(request.http_request).get( USER_ATTRIBUTE_CHANGE_NAME, CONFIG.y_bool("default_user_change_name", True) ): if prompt_data.get("name") != request.user.name: ak_message("Not allowed to change name.") return False if not request.user.group_attributes(request.http_request).get( USER_ATTRIBUTE_CHANGE_USERNAME, CONFIG.y_bool("default_user_change_username", True) ): if prompt_data.get("username") != request.user.username: ak_message("Not allowed to change username.") return False return True identifiers: name: default-user-settings-authorization id: default-user-settings-authorization model: authentik_policies_expression.expressionpolicy - identifiers: name: default-user-settings-write attrs: user_creation_mode: never_create id: default-user-settings-write model: authentik_stages_user_write.userwritestage - attrs: fields: - !KeyOf prompt-field-username - !KeyOf prompt-field-name - !KeyOf prompt-field-email - !KeyOf prompt-field-locale validation_policies: - !KeyOf default-user-settings-authorization identifiers: name: default-user-settings id: default-user-settings model: authentik_stages_prompt.promptstage - identifiers: order: 20 stage: !KeyOf default-user-settings target: !KeyOf flow model: authentik_flows.flowstagebinding - identifiers: order: 100 stage: !KeyOf default-user-settings-write target: !KeyOf flow model: authentik_flows.flowstagebinding