habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

flows: change default flow stage binding settings (#4784)

Browse Source 
* flows: change default flow stage binding settings

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fallback to correct value

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L
2023-02-27 15:21:26 +01:00
committed by GitHub
parent 99ddbf553c
commit 39d0893303
9 changed files with 50 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
authentik/flows/api/bindings.py
View File

@ -1,4 +1,7 @@
"""Flow Binding API Views"""
from typing import Any
from rest_framework.exceptions import ValidationError
from rest_framework.serializers import ModelSerializer
from rest_framework.viewsets import ModelViewSet
@ -12,6 +15,13 @@ class FlowStageBindingSerializer(ModelSerializer):
stage_obj = StageSerializer(read_only=True, source="stage")
def validate(self, attrs: dict[str, Any]) -> dict[str, Any]:
evaluate_on_plan = attrs.get("evaluate_on_plan", False)
re_evaluate_policies = attrs.get("re_evaluate_policies", True)
if not evaluate_on_plan and not re_evaluate_policies:
raise ValidationError("Either evaluation on plan or evaluation on run must be enabled")
return super().validate(attrs)
class Meta:
model = FlowStageBinding
fields = [

26
authentik/flows/migrations/0025_alter_flowstagebinding_evaluate_on_plan_and_more.py Normal file
View File

@ -0,0 +1,26 @@
# Generated by Django 4.1.7 on 2023-02-25 15:51
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("authentik_flows", "0024_flow_authentication"),
]
operations = [
migrations.AlterField(
model_name="flowstagebinding",
name="evaluate_on_plan",
field=models.BooleanField(
default=False, help_text="Evaluate policies during the Flow planning process."
),
),
migrations.AlterField(
model_name="flowstagebinding",
name="re_evaluate_policies",
field=models.BooleanField(
default=True, help_text="Evaluate policies when the Stage is present to the user."
),
),
]

9
authentik/flows/models.py
View File

@ -211,14 +211,11 @@ class FlowStageBinding(SerializerModel, PolicyBindingModel):
stage = InheritanceForeignKey(Stage, on_delete=models.CASCADE)
evaluate_on_plan = models.BooleanField(
default=True,
help_text=_(
"Evaluate policies during the Flow planning process. "
"Disable this for input-based policies."
),
default=False,
help_text=_("Evaluate policies during the Flow planning process."),
)
re_evaluate_policies = models.BooleanField(
default=False,
default=True,
help_text=_("Evaluate policies when the Stage is present to the user."),
)

8
blueprints/example/flows-enrollment-2-stage.yaml
View File

@ -105,26 +105,18 @@ entries:
stage: !KeyOf default-enrollment-prompt-first
order: 10
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
target: !KeyOf flow
stage: !KeyOf default-enrollment-prompt-second
order: 11
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
target: !KeyOf flow
stage: !KeyOf default-enrollment-user-write
order: 20
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
target: !KeyOf flow
stage: !KeyOf default-enrollment-user-login
order: 100
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false

10
blueprints/example/flows-enrollment-email-verification.yaml
View File

@ -123,33 +123,23 @@ entries:
stage: !KeyOf default-enrollment-prompt-first
order: 10
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
target: !KeyOf flow
stage: !KeyOf default-enrollment-prompt-second
order: 11
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
target: !KeyOf flow
stage: !KeyOf default-enrollment-user-write
order: 20
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
target: !KeyOf flow
stage: !KeyOf default-enrollment-email-verification
order: 30
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false
- identifiers:
target: !KeyOf flow
stage: !KeyOf default-enrollment-user-login
order: 40
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false

2
blueprints/example/flows-unenrollment.yaml
View File

@ -23,5 +23,3 @@ entries:
stage: !KeyOf default-unenrollment-user-delete
order: 10
model: authentik_flows.flowstagebinding
attrs:
re_evaluate_policies: false

9
schema.yml
View File

@ -28021,8 +28021,7 @@ components:
readOnly: true
evaluate_on_plan:
type: boolean
description: Evaluate policies during the Flow planning process. Disable
this for input-based policies.
description: Evaluate policies during the Flow planning process.
re_evaluate_policies:
type: boolean
description: Evaluate policies when the Stage is present to the user.
@ -28058,8 +28057,7 @@ components:
format: uuid
evaluate_on_plan:
type: boolean
description: Evaluate policies during the Flow planning process. Disable
this for input-based policies.
description: Evaluate policies during the Flow planning process.
re_evaluate_policies:
type: boolean
description: Evaluate policies when the Stage is present to the user.
@ -33754,8 +33752,7 @@ components:
format: uuid
evaluate_on_plan:
type: boolean
description: Evaluate policies during the Flow planning process. Disable
this for input-based policies.
description: Evaluate policies during the Flow planning process.
re_evaluate_policies:
type: boolean
description: Evaluate policies when the Stage is present to the user.

10
web/src/admin/flows/StageBindingForm.ts
View File

@ -148,17 +148,17 @@ export class StageBindingForm extends ModelForm<FlowStageBinding, string> {
<input
class="pf-c-switch__input"
type="checkbox"
?checked=${first(this.instance?.evaluateOnPlan, true)}
?checked=${first(this.instance?.evaluateOnPlan, false)}
/>
<span class="pf-c-switch__toggle">
<span class="pf-c-switch__toggle-icon">
<i class="fas fa-check" aria-hidden="true"></i>
</span>
</span>
<span class="pf-c-switch__label">${t`Evaluate on plan`}</span>
<span class="pf-c-switch__label">${t`Evaluate when flow is planned`}</span>
</label>
<p class="pf-c-form__helper-text">
${t`Evaluate policies during the Flow planning process. Disable this for input-based policies. Should be used in conjunction with 'Re-evaluate policies', as with both options disabled, policies are **not** evaluated.`}
${t`Evaluate policies during the Flow planning process.`}
</p>
</ak-form-element-horizontal>
<ak-form-element-horizontal name="reEvaluatePolicies">
@ -166,14 +166,14 @@ export class StageBindingForm extends ModelForm<FlowStageBinding, string> {
<input
class="pf-c-switch__input"
type="checkbox"
?checked=${first(this.instance?.reEvaluatePolicies, false)}
?checked=${first(this.instance?.reEvaluatePolicies, true)}
/>
<span class="pf-c-switch__toggle">
<span class="pf-c-switch__toggle-icon">
<i class="fas fa-check" aria-hidden="true"></i>
</span>
</span>
<span class="pf-c-switch__label">${t`Re-evaluate policies`}</span>
<span class="pf-c-switch__label">${t`Evaluate when stage is run`}</span>
</label>
<p class="pf-c-form__helper-text">
${t`Evaluate policies before the Stage is present to the user.`}

4
website/docs/flow/examples/snippets.md
View File

@ -9,7 +9,9 @@ Requires authentik 2022.7
:::
```python
plan = request.context["flow_plan"]
plan = request.context.get("flow_plan")
if not plan:
return False
plan.redirect("https://foo.bar")
return False
```