flows: add invalid_response_action to configure how the FlowExecutor should handle invalid responses

closes #1079 Default value of `retry` behaves like previous version. `restart` and `restart_with_context` restart the flow upon an invalid response. `restart_with_context` keeps the same context of the Flow, allowing users to bind policies that maybe aren't valid on the first execution, but are after a retry, like a reputation policy with a deny stage. Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-06-27 23:57:42 +02:00
parent ba9edd6c44
commit 2b1356bb91
14 changed files with 291 additions and 16 deletions
--- a/web/src/locales/en.po
+++ b/web/src/locales/en.po
@ -698,6 +698,10 @@ msgstr "Configure how long refresh tokens and their id_tokens are valid for."
 msgid "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected."
 msgstr "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected."

+#: src/pages/flows/StageBindingForm.ts
+msgid "Configure how the flow executor should handle an invalid response to a challenge."
+msgstr "Configure how the flow executor should handle an invalid response to a challenge."
+
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 msgid "Configure how the issuer field of the ID Token should be filled."
 msgstr "Configure how the issuer field of the ID Token should be filled."
@ -1881,6 +1885,10 @@ msgstr "Internal host"
 msgid "Internal host SSL Validation"
 msgstr "Internal host SSL Validation"

+#: src/pages/flows/StageBindingForm.ts
+msgid "Invalid response action"
+msgstr "Invalid response action"
+
 #: src/pages/flows/FlowForm.ts
 msgid "Invalidation"
 msgstr "Invalidation"
@ -2847,6 +2855,18 @@ msgstr "Public key, acquired from https://www.google.com/recaptcha/intro/v3.html
 msgid "Publisher"
 msgstr "Publisher"

+#: src/pages/flows/StageBindingForm.ts
+msgid "RESTART restarts the flow from the beginning, while keeping the flow context."
+msgstr "RESTART restarts the flow from the beginning, while keeping the flow context."
+
+#: src/pages/flows/StageBindingForm.ts
+msgid "RESTART restarts the flow from the beginning."
+msgstr "RESTART restarts the flow from the beginning."
+
+#: src/pages/flows/StageBindingForm.ts
+msgid "RETRY returns the error message and a similar challenge to the executor."
+msgstr "RETRY returns the error message and a similar challenge to the executor."
+
 #: src/pages/providers/oauth2/OAuth2ProviderForm.ts
 msgid "RS256 (Asymmetric Encryption)"
 msgstr "RS256 (Asymmetric Encryption)"
--- a/web/src/locales/pseudo-LOCALE.po
+++ b/web/src/locales/pseudo-LOCALE.po
@ -692,6 +692,10 @@ msgstr ""
 msgid "Configure how the NameID value will be created. When left empty, the NameIDPolicy of the incoming request will be respected."
 msgstr ""

+#: 
+msgid "Configure how the flow executor should handle an invalid response to a challenge."
+msgstr ""
+
 #: 
 msgid "Configure how the issuer field of the ID Token should be filled."
 msgstr ""
@ -1873,6 +1877,10 @@ msgstr ""
 msgid "Internal host SSL Validation"
 msgstr ""

+#: 
+msgid "Invalid response action"
+msgstr ""
+
 #: 
 msgid "Invalidation"
 msgstr ""
@ -2839,6 +2847,18 @@ msgstr ""
 msgid "Publisher"
 msgstr ""

+#: 
+msgid "RESTART restarts the flow from the beginning, while keeping the flow context."
+msgstr ""
+
+#: 
+msgid "RESTART restarts the flow from the beginning."
+msgstr ""
+
+#: 
+msgid "RETRY returns the error message and a similar challenge to the executor."
+msgstr ""
+
 #: 
 msgid "RS256 (Asymmetric Encryption)"
 msgstr ""
--- a/web/src/pages/flows/StageBindingForm.ts
+++ b/web/src/pages/flows/StageBindingForm.ts
@ -1,4 +1,4 @@
-import { FlowsApi, FlowStageBinding, PolicyEngineMode, Stage, StagesApi } from "authentik-api";
+import { FlowsApi, FlowStageBinding, InvalidResponseActionEnum, PolicyEngineMode, Stage, StagesApi } from "authentik-api";
 import { t } from "@lingui/macro";
 import { customElement, property } from "lit-element";
 import { html, TemplateResult } from "lit-html";
@ -135,6 +135,23 @@ export class StageBindingForm extends ModelForm<FlowStageBinding, string> {
                </div>
                <p class="pf-c-form__helper-text">${t`Evaluate policies before the Stage is present to the user.`}</p>
            </ak-form-element-horizontal>
+            <ak-form-element-horizontal
+                label=${t`Invalid response action`}
+                ?required=${true}
+                name="invalidResponseAction">
+                <select class="pf-c-form-control">
+                    <option value=${InvalidResponseActionEnum.Retry} ?selected=${this.instance?.invalidResponseAction === InvalidResponseActionEnum.Retry}>
+                        ${t`RETRY returns the error message and a similar challenge to the executor.`}
+                    </option>
+                    <option value=${InvalidResponseActionEnum.Restart} ?selected=${this.instance?.invalidResponseAction === InvalidResponseActionEnum.Restart}>
+                        ${t`RESTART restarts the flow from the beginning.`}
+                    </option>
+                    <option value=${InvalidResponseActionEnum.RestartWithContext} ?selected=${this.instance?.invalidResponseAction === InvalidResponseActionEnum.RestartWithContext}>
+                        ${t`RESTART restarts the flow from the beginning, while keeping the flow context.`}
+                    </option>
+                </select>
+                <p class="pf-c-form__helper-text">${t`Configure how the flow executor should handle an invalid response to a challenge.`}</p>
+            </ak-form-element-horizontal>
            <ak-form-element-horizontal
                label=${t`Policy engine mode`}
                ?required=${true}