This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/blueprints/default/30-flow-default-user-settings-flow.yaml
Jens L 89c84f10d0
blueprints: v1 (#1573)
* managed: move flowexporter to managed

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* *: implement SerializerModel in all models

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: add initial api

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: start blueprint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* managed: spec

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* version blueprint

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* yep

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove v2, improve v1

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* start custom tag, more rebrand

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add default flows

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* move blueprints out of website

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* try new things

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* add !lookup, fix web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* update and cleanup default

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tags in lists

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* don't save field if its set to default value

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* more flow cleanup

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* format web

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix missing serializer for sms

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* ignore _set fields

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* remove custom file extension

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* migrate default flow to tenant

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* include blueprints

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

* fix tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-31 17:11:44 +02:00

158 lines
4.3 KiB
YAML

entries:
- attrs:
compatibility_mode: false
designation: stage_configuration
layout: stacked
name: Update your info
policy_engine_mode: any
title: ''
identifiers:
slug: default-user-settings-flow
model: authentik_flows.flow
id: flow
- attrs:
order: 200
placeholder: |
try:
return user.username
except:
return ''
placeholder_expression: true
required: true
sub_text: ''
type: text
identifiers:
field_key: username
label: Username
id: prompt-field-username
model: authentik_stages_prompt.prompt
- attrs:
order: 201
placeholder: |
try:
return user.name
except:
return ''
placeholder_expression: true
required: true
sub_text: ''
type: text
identifiers:
field_key: name
label: Name
id: prompt-field-name
model: authentik_stages_prompt.prompt
- attrs:
order: 202
placeholder: |
try:
return user.email
except:
return ''
placeholder_expression: true
required: true
sub_text: ''
type: email
identifiers:
field_key: email
label: Email
id: prompt-field-email
model: authentik_stages_prompt.prompt
- attrs:
order: 203
placeholder: |
try:
return user.attributes.get("settings", {}).get("locale", "")
except:
return ''
placeholder_expression: true
required: true
sub_text: ''
type: ak-locale
identifiers:
field_key: attributes.settings.locale
label: Locale
id: prompt-field-locale
model: authentik_stages_prompt.prompt
- attrs:
execution_logging: false
expression: |
from authentik.lib.config import CONFIG
from authentik.core.models import (
USER_ATTRIBUTE_CHANGE_EMAIL,
USER_ATTRIBUTE_CHANGE_NAME,
USER_ATTRIBUTE_CHANGE_USERNAME
)
prompt_data = request.context.get("prompt_data")
if not request.user.group_attributes(request.http_request).get(
USER_ATTRIBUTE_CHANGE_EMAIL, CONFIG.y_bool("default_user_change_email", True)
):
if prompt_data.get("email") != request.user.email:
ak_message("Not allowed to change email address.")
return False
if not request.user.group_attributes(request.http_request).get(
USER_ATTRIBUTE_CHANGE_NAME, CONFIG.y_bool("default_user_change_name", True)
):
if prompt_data.get("name") != request.user.name:
ak_message("Not allowed to change name.")
return False
if not request.user.group_attributes(request.http_request).get(
USER_ATTRIBUTE_CHANGE_USERNAME, CONFIG.y_bool("default_user_change_username", True)
):
if prompt_data.get("username") != request.user.username:
ak_message("Not allowed to change username.")
return False
return True
meta_model_name: authentik_policies_expression.expressionpolicy
name: default-user-settings-authorization
identifiers:
name: default-user-settings-authorization
model: authentik_policies_expression.expressionpolicy
- attrs:
create_users_as_inactive: false
create_users_group: null
meta_model_name: authentik_stages_user_write.userwritestage
user_path_template: ''
identifiers:
name: default-user-settings-write
id: default-user-settings-write
model: authentik_stages_user_write.userwritestage
- attrs:
fields:
- !KeyOf prompt-field-username
- !KeyOf prompt-field-name
- !KeyOf prompt-field-email
- !KeyOf prompt-field-locale
meta_model_name: authentik_stages_prompt.promptstage
validation_policies:
- !KeyOf default-user-settings-authorization
identifiers:
name: default-user-settings
id: default-user-settings
model: authentik_stages_prompt.promptstage
- attrs:
evaluate_on_plan: true
invalid_response_action: retry
policy_engine_mode: any
re_evaluate_policies: false
identifiers:
order: 20
stage: !KeyOf default-user-settings
target: !KeyOf flow
model: authentik_flows.flowstagebinding
- attrs:
evaluate_on_plan: true
invalid_response_action: retry
policy_engine_mode: any
re_evaluate_policies: false
identifiers:
order: 100
stage: !KeyOf default-user-settings-write
target: !KeyOf flow
model: authentik_flows.flowstagebinding
version: 1