This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/blueprints/default/0-flow-password-change.yaml
Jens L 8eb73d3a16
security: fix CVE 2022 46172 (#4275)
* fallback to current user in user_write, add flag to disable user creation

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update api and web ui

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add cve post to website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-12-23 14:18:09 +01:00

60 lines
1.5 KiB
YAML

version: 1
metadata:
name: Default - Password change flow
entries:
- attrs:
designation: stage_configuration
name: Change Password
title: Change password
authentication: require_authenticated
identifiers:
slug: default-password-change
model: authentik_flows.flow
id: flow
- attrs:
order: 300
placeholder: Password
placeholder_expression: false
required: true
type: password
identifiers:
field_key: password
label: Password
id: prompt-field-password
model: authentik_stages_prompt.prompt
- attrs:
order: 301
placeholder: Password (repeat)
placeholder_expression: false
required: true
type: password
identifiers:
field_key: password_repeat
label: Password (repeat)
id: prompt-field-password-repeat
model: authentik_stages_prompt.prompt
- attrs:
fields:
- !KeyOf prompt-field-password
- !KeyOf prompt-field-password-repeat
identifiers:
name: default-password-change-prompt
id: default-password-change-prompt
model: authentik_stages_prompt.promptstage
- identifiers:
name: default-password-change-write
id: default-password-change-write
model: authentik_stages_user_write.userwritestage
attrs:
can_create_users: false
- identifiers:
order: 0
stage: !KeyOf default-password-change-prompt
target: !KeyOf flow
model: authentik_flows.flowstagebinding
- identifiers:
order: 1
stage: !KeyOf default-password-change-write
target: !KeyOf flow
model: authentik_flows.flowstagebinding