Merge branch 'pr/77'
# Conflicts: # docs/flow/flows.md # docs/installation/docker-compose.md # docs/providers.md
This commit is contained in:
Jens Langhammer
@ -2,17 +2,17 @@
|
||||
|
||||
Flows are a method of describing a sequence of stages. A stage represents a single verification or logic step. They are used to authenticate users, enroll them, and more.
|
||||
|
||||
Upon Flow execution, a plan is generated, which contains all stages. This means upon execution, all attached policies are evaluated. This behaviour can be altered by enabling the **Re-evaluate Policies** option on the binding.
|
||||
Upon flow execution, a plan containing all stages is generated. This means that all attached policies are evaluated upon execution. This behaviour can be altered by enabling the **Re-evaluate Policies** option on the binding.
|
||||
|
||||
To determine which flow is linked, passbook searches all Flows with the required designation and chooses the first instance the current user has access to.
|
||||
To determine which flow is linked, passbook searches all flows with the required designation and chooses the first instance the current user has access to.
|
||||
|
||||
## Permissions
|
||||
|
||||
Flows can have policies assigned to them, which determines if the current user is allowed to see and use this flow.
|
||||
Flows can have policies assigned to them. These policies determine if the current user is allowed to see and use this flow.
|
||||
|
||||
## Designation
|
||||
|
||||
Flows are designated for a single Purpose. This designation changes when a Flow is used. The following designations are available:
|
||||
Flows are designated for a single purpose. This designation changes when a flow is used. The following designations are available:
|
||||
|
||||
### Authentication
|
||||
|
||||
@ -22,24 +22,24 @@ The authentication flow should always contain a [**User Login**](stages/user_log
|
||||
|
||||
### Invalidation
|
||||
|
||||
This designates a flow to be used for the invalidation of a session.
|
||||
This designates a flow to be used to invalidate a session.
|
||||
|
||||
This stage should always contain a [**User Logout**](stages/user_logout.md) stage, which resets the current session.
|
||||
|
||||
### Enrollment
|
||||
|
||||
This designates a flow for enrollment. This flow can contain any amount of Prompt stages, E-Mail verification or Captchas. At the end to create the user, you can use the [**User Write**](stages/user_write.md) stage, which either updates the currently staged user, or if none exists, creates a new one.
|
||||
This designates a flow for enrollment. This flow can contain any amount of verification stages, such as [**email**](stages/email/index.md) or [**captcha**](stages/captcha/index.md). At the end, to create the user, you can use the [**user_write**](stages/user_write.md) stage, which either updates the currently staged user, or if none exists, creates a new one.
|
||||
|
||||
### Unenrollment
|
||||
|
||||
This designates a flow for unenrollment. This flow can contain any amount of verification, like [**E-Mail**](stages/email/index.md) or [**Captcha**](stages/captcha/index.md). To finally delete the account, use the [**User Delete**](stages/user_delete.md) stage.
|
||||
This designates a flow for unenrollment. This flow can contain any amount of verification stages, such as [**email**](stages/email/index.md) or [**captcha**](stages/captcha/index.md). As a final stage, to delete the account, use the [**user_delete**](stages/user_delete.md) stage.
|
||||
|
||||
### Recovery
|
||||
|
||||
This designates a flow for recovery. This flow normally contains an [**Identification**](stages/identification/index.md) stage to find the user. Then it can contain any amount of verification, like [**E-Mail**](stages/email/index.md) or [**Captcha**](stages/captcha/index.md).
|
||||
Afterwards, use the [**Prompt**](stages/prompt/index.md) stage to ask the user for a new password and use [**User Write**](stages/user_write.md) to update the password.
|
||||
This designates a flow for recovery. This flow normally contains an [**identification**](stages/identification/index.md) stage to find the user. It can also contain any amount of verification stages, such as [**email**](stages/email/index.md) or [**captcha**](stages/captcha/index.md).
|
||||
Afterwards, use the [**prompt**](stages/prompt/index.md) stage to ask the user for a new password and the [**user_write**](stages/user_write.md) stage to update the password.
|
||||
|
||||
### Change Password
|
||||
|
||||
This designates a flow for password changing. This flow can contain any amount of verification, like [**E-Mail**](stages/email/index.md) or [**Captcha**](stages/captcha/index.md).
|
||||
Afterwards, use the [**Prompt**](stages/prompt/index.md) stage to ask the user for a new password and use [**User Write**](stages/user_write.md) to update the password.
|
||||
This designates a flow for password changes. This flow can contain any amount of verification stages, such as [**email**](stages/email/index.md) or [**captcha**](stages/captcha/index.md).
|
||||
Afterwards, use the [**prompt**](stages/prompt/index.md) stage to ask the user for a new password and the [**user_write**](stages/user_write.md) stage to update the password.
|
||||
|
||||
@ -2,6 +2,6 @@
|
||||
|
||||
This stage adds a form of verification using [Google's ReCaptcha](https://www.google.com/recaptcha/intro/v3.html).
|
||||
|
||||
This stage has two required fields. You need a Public and a Private key, both of which you can acquire at https://www.google.com/recaptcha/admin.
|
||||
This stage has two required fields: Public key and private key. These can both be acquired at https://www.google.com/recaptcha/admin.
|
||||
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
# Dummy stage
|
||||
|
||||
This stage is used for development, and has no function. It presents the User with a form, that requires a single confirmation.
|
||||
This stage is used for development and has no function. It presents the user with a form which requires a single confirmation.
|
||||
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
# E-Mail
|
||||
# Email
|
||||
|
||||
This stage can be used for E-Mail verification. passbook's background worker will send an E-Mail using the specified connection details. When an E-Mail can't be delivered, it is automatically periodically retried.
|
||||
This stage can be used for email verification. passbook's background worker will send an email using the specified connection details. When an email can't be delivered, delivery is automatically retried periodically.
|
||||
|
||||
|
||||
|
||||
@ -14,7 +14,7 @@ Valid choices:
|
||||
|
||||
### Template
|
||||
|
||||
This specifies which template is rendered. Currently there are two templates.
|
||||
This specifies which template is rendered. Currently there are two templates:
|
||||
|
||||
The `Login` template shows configured Sources below the login form, as well as linking to the defined Enrollment and Recovery flows.
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
# Invitation Stage
|
||||
|
||||
This stage can be used to invite users. You can use this enroll users with preset values.
|
||||
This stage can be used to invite users. You can use this to enroll users with preset values.
|
||||
|
||||
If the option `Continue Flow without Invitation`, this stage will continue when no invitation token is present.
|
||||
If the option `Continue Flow without Invitation` is enabled, this stage will continue even when no invitation token is present.
|
||||
|
||||
If you want to check if a user has used an invitation within a policy, you can check `request.context.invitation_in_effect`.
|
||||
To check if a user has used an invitation within a policy, you can check `request.context.invitation_in_effect`.
|
||||
|
||||
@ -1,3 +1,3 @@
|
||||
# Password Stage
|
||||
|
||||
This is a generic password prompt, which authenticates the currently `pending_user`. This stage allows the selection of the Backend the user is authenticated against.
|
||||
This is a generic password prompt which authenticates the current `pending_user`. This stage allows the selection of the source the user is authenticated against.
|
||||
|
||||
@ -6,20 +6,20 @@ This stage is used to show the user arbitrary prompts.
|
||||
|
||||
The prompt can be any of the following types:
|
||||
|
||||
| | |
|
||||
| Type | Description |
|
||||
|----------|------------------------------------------------------------------|
|
||||
| text | Arbitrary text, no client-side validation is done. |
|
||||
| email | E-Mail input, requires a valid E-Mail adress |
|
||||
| password | Password Input |
|
||||
| number | Number Input, any number is allowed |
|
||||
| checkbox | Simple Checkbox |
|
||||
| hidden | Hidden Input field, allows for the pre-setting of default values |
|
||||
| text | Arbitrary text. No client-side validation is done. |
|
||||
| email | Email input. Requires a valid email adress. |
|
||||
| password | Password input. |
|
||||
| number | Number input. Any number is allowed. |
|
||||
| checkbox | Simple checkbox. |
|
||||
| hidden | Hidden input field. Allows for the pre-setting of default values.|
|
||||
|
||||
A Prompt has the following attributes:
|
||||
A prompt has the following attributes:
|
||||
|
||||
### `field_key`
|
||||
|
||||
HTML name used for the prompt. This key is also used to later retrieve the data in expression policies:
|
||||
The HTML name used for the prompt. This key is also used to later retrieve the data in expression policies:
|
||||
|
||||
```python
|
||||
request.context.get('prompt_data').get('<field_key>')
|
||||
@ -27,16 +27,16 @@ request.context.get('prompt_data').get('<field_key>')
|
||||
|
||||
### `label`
|
||||
|
||||
Label used to describe the Field. This might not be shown depending on the template selected.
|
||||
The label used to describe the field. Depending on the selected template, this may not be shown.
|
||||
|
||||
### `required`
|
||||
|
||||
Flag that decides whether or not this field is required.
|
||||
A flag which decides whether or not this field is required.
|
||||
|
||||
### `placeholder`
|
||||
|
||||
Field placeholder, shown within the input field. This field is also used by the `hidden` type as the actual value.
|
||||
A field placeholder, shown within the input field. This field is also used by the `hidden` type as the actual value.
|
||||
|
||||
### `order`
|
||||
|
||||
Numerical index of the prompt. This applies to all stages this prompt is a part of.
|
||||
The numerical index of the prompt. This applies to all stages which this prompt is a part of.
|
||||
|
||||
@ -11,6 +11,6 @@ if request.context.get('prompt_data').get('password') == request.context.get('pr
|
||||
pb_message("Passwords don't match.")
|
||||
return False
|
||||
```
|
||||
This policy expects you two have two password fields with `field_key` set to `password` and `password_repeat`.
|
||||
This policy expects you to have two password fields with `field_key` set to `password` and `password_repeat`.
|
||||
|
||||
Afterwards bind this policy to the prompt stage you want to validate.
|
||||
Afterwards, bind this policy to the prompt stage you want to validate.
|
||||
|
||||
Reference in New Issue
Block a user