core: make defaults for _change_email and _change_username configurable

closes #1789 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-11-13 22:33:03 +01:00
parent f069cfb643
commit 88516ba2ca
3 changed files with 26 additions and 2 deletions
--- a/authentik/core/api/users.py
+++ b/authentik/core/api/users.py
@ -55,6 +55,7 @@ from authentik.core.models import (
    User,
 )
 from authentik.events.models import EventAction
+from authentik.lib.config import CONFIG
 from authentik.stages.email.models import EmailStage
 from authentik.stages.email.tasks import send_mails
 from authentik.stages.email.utils import TemplateEmailMessage
@ -125,7 +126,9 @@ class UserSelfSerializer(ModelSerializer):

    def validate_email(self, email: str):
        """Check if the user is allowed to change their email"""
-        if self.instance.group_attributes().get(USER_ATTRIBUTE_CHANGE_EMAIL, True):
+        if self.instance.group_attributes().get(
+            USER_ATTRIBUTE_CHANGE_EMAIL, CONFIG.y_bool("default_user_change_email", True)
+        ):
            return email
        if email != self.instance.email:
            raise ValidationError("Not allowed to change email.")
@ -133,7 +136,9 @@ class UserSelfSerializer(ModelSerializer):

    def validate_username(self, username: str):
        """Check if the user is allowed to change their username"""
-        if self.instance.group_attributes().get(USER_ATTRIBUTE_CHANGE_USERNAME, True):
+        if self.instance.group_attributes().get(
+            USER_ATTRIBUTE_CHANGE_USERNAME, CONFIG.y_bool("default_user_change_username", True)
+        ):
            return username
        if username != self.instance.username:
            raise ValidationError("Not allowed to change username.")