blueprints: fix policy exception causing password stage to be skipped after upgrade (#6674)

* blueprints: fix policy exception causing password stage to be skipped after upgrade

* make policy more fault tolerant

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

blueprints/default/flow-default-authentication-flow.yaml

@@ -51,6 +51,8 @@ entries:
     order: 20
     stage: !KeyOf default-authentication-password
     target: !KeyOf flow
+  attrs:
+    re_evaluate_policies: true
   id: default-authentication-flow-password-binding
   model: authentik_flows.flowstagebinding
 - identifiers:
@@ -69,10 +71,12 @@ entries:
     name: default-authentication-flow-password-stage
   attrs:
     expression: |
-      flow_plan = request.context["flow_plan"]
+      flow_plan = request.context.get("flow_plan")
+      if not flow_plan:
+          return True
       # If the user does not have a backend attached to it, they haven't
       # been authenticated yet and we need the password stage
-      return not hasattr(flow_plan.context["pending_user"], "backend")
+      return not hasattr(flow_plan.context.get("pending_user"), "backend")
 - model: authentik_policies.policybinding
   identifiers:
     order: 10