blueprints: v1 (#1573)

* managed: move flowexporter to managed Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * *: implement SerializerModel in all models Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * managed: add initial api Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * managed: start blueprint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * managed: spec Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * version blueprint Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * yep Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove v2, improve v1 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * start custom tag, more rebrand Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add default flows Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * move blueprints out of website Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * try new things Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * add !lookup, fix web Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * update and cleanup default Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix tags in lists Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * don't save field if its set to default value Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * more flow cleanup Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * format web Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix missing serializer for sms Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * ignore _set fields Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * remove custom file extension Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * migrate default flow to tenant Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * include blueprints Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> * fix tests Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2022-07-31 17:11:44 +02:00
parent 882250a85e
commit 89c84f10d0
119 changed files with 2171 additions and 748 deletions
--- a/website/docs/flow/examples/flows.md
+++ b/website/docs/flow/examples/flows.md
@ -12,13 +12,13 @@ The example flows provided below will **override** the default flows, please rev

 ## Enrollment (2 Stage)

-Flow: right-click [here](/flows/enrollment-2-stage.akflow) and save the file.
+Flow: right-click [here](/blueprints/example/flows-enrollment-2-stage.yaml) and save the file.

 Sign-up flow for new users, which prompts them for their username, email, password and name. No verification is done. Users are also immediately logged on after this flow.

 ## Enrollment with email verification

-Flow: right-click [here](/flows/enrollment-email-verification.akflow) and save the file.
+Flow: right-click [here](/blueprints/example/flows-enrollment-email-verification.yaml) and save the file.

 Same flow as above, with an extra email verification stage.

@ -26,13 +26,13 @@ You'll probably have to adjust the Email stage and set your connection details.

 ## Two-factor Login

-Flow: right-click [here](/flows/login-2fa.akflow) and save the file.
+Flow: right-click [here](/blueprints/example/flows-login-2fa.yaml) and save the file.

 Login flow which follows the default pattern (username/email, then password), but also checks for the user's OTP token, if they have one configured

 ## Login with conditional Captcha

-Flow: right-click [here](/flows/login-conditional-captcha.akflow) and save the file.
+Flow: right-click [here](/blueprints/example/flows-login-conditional-captcha.yaml) and save the file.

 Login flow which conditionally shows the users a captcha, based on the reputation of their IP and Username.

@ -40,13 +40,13 @@ By default, the captcha test keys are used. You can get a proper key [here](http

 ## Recovery with email verification

-Flow: right-click [here](/flows/recovery-email-verification.akflow) and save the file.
+Flow: right-click [here](/blueprints/example/flows-recovery-email-verification.yaml) and save the file.

 Recovery flow, the user is sent an email after they've identified themselves. After they click on the link in the email, they are prompted for a new password and immediately logged on.

 ## User deletion

-Flow: right-click [here](/flows/unenrollment.akflow) and save the file.
+Flow: right-click [here](/blueprints/example/flows-unenrollment.yaml) and save the file.

 Flow for users to delete their account,

--- a/website/static/blueprints
+++ b/website/static/blueprints
@ -0,0 +1 @@
+../../blueprints/
--- a/website/static/flows/enrollment-2-stage.akflow
+++ b/website/static/flows/enrollment-2-stage.akflow
@ -1,120 +0,0 @@
-version: 1
-entries:
-  - identifiers:
-      pk: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
-      slug: default-enrollment-flow
-    model: authentik_flows.flow
-    attrs:
-      name: Default enrollment Flow
-      title: Welcome to authentik!
-      designation: enrollment
-  - identifiers:
-      pk: cb954fd4-65a5-4ad9-b1ee-180ee9559cf4
-    model: authentik_stages_prompt.prompt
-    attrs:
-      field_key: username
-      label: Username
-      type: username
-      required: true
-      placeholder: Username
-      order: 0
-  - identifiers:
-      pk: 7db91ee8-4290-4e08-8d39-63f132402515
-    model: authentik_stages_prompt.prompt
-    attrs:
-      field_key: password
-      label: Password
-      type: password
-      required: true
-      placeholder: Password
-      order: 0
-  - identifiers:
-      pk: d30b5eb4-7787-4072-b1ba-65b46e928920
-    model: authentik_stages_prompt.prompt
-    attrs:
-      field_key: password_repeat
-      label: Password (repeat)
-      type: password
-      required: true
-      placeholder: Password (repeat)
-      order: 1
-  - identifiers:
-      pk: f78d977a-efa6-4cc2-9a0f-2621a9fd94d2
-    model: authentik_stages_prompt.prompt
-    attrs:
-      field_key: name
-      label: Name
-      type: text
-      required: true
-      placeholder: Name
-      order: 0
-  - identifiers:
-      pk: 1ff91927-e33d-4615-95b0-c258e5f0df62
-    model: authentik_stages_prompt.prompt
-    attrs:
-      field_key: email
-      label: Email
-      type: email
-      required: true
-      placeholder: Email
-      order: 1
-  - identifiers:
-      pk: 6c342b94-790d-425a-ae31-6196b6570722
-      name: default-enrollment-prompt-second
-    model: authentik_stages_prompt.promptstage
-    attrs:
-      fields:
-        - f78d977a-efa6-4cc2-9a0f-2621a9fd94d2
-        - 1ff91927-e33d-4615-95b0-c258e5f0df62
-  - identifiers:
-      pk: 20375f30-7fa7-4562-8f6e-0f61889f2963
-      name: default-enrollment-prompt-first
-    model: authentik_stages_prompt.promptstage
-    attrs:
-      fields:
-        - cb954fd4-65a5-4ad9-b1ee-180ee9559cf4
-        - 7db91ee8-4290-4e08-8d39-63f132402515
-        - d30b5eb4-7787-4072-b1ba-65b46e928920
-  - identifiers:
-      pk: 77090897-eb3f-40db-81e6-b4074b1998c4
-      name: default-enrollment-user-login
-    model: authentik_stages_user_login.userloginstage
-    attrs:
-      session_duration: seconds=0
-  - identifiers:
-      pk: a4090add-f483-4ac6-8917-10b493ef843e
-      name: default-enrollment-user-write
-    model: authentik_stages_user_write.userwritestage
-    attrs: {}
-  - identifiers:
-      pk: 34e1e7d5-8eed-4549-bc7a-305069ff7df0
-      target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
-      stage: 20375f30-7fa7-4562-8f6e-0f61889f2963
-      order: 10
-    model: authentik_flows.flowstagebinding
-    attrs:
-      re_evaluate_policies: false
-  - identifiers:
-      pk: e40467a6-3052-488c-a1b5-1ad7a80fe7b3
-      target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
-      stage: 6c342b94-790d-425a-ae31-6196b6570722
-      order: 11
-    model: authentik_flows.flowstagebinding
-    attrs:
-      re_evaluate_policies: false
-  - identifiers:
-      pk: 76bc594e-2715-49ab-bd40-994abd9a7b70
-      target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
-      stage: a4090add-f483-4ac6-8917-10b493ef843e
-      order: 20
-    model: authentik_flows.flowstagebinding
-    attrs:
-      re_evaluate_policies: false
-  - identifiers:
-      pk: 2f324f6d-7646-4108-a6e2-e7f90985477f
-      target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
-      stage: 77090897-eb3f-40db-81e6-b4074b1998c4
-      order: 100
-    model: authentik_flows.flowstagebinding
-    attrs:
-      re_evaluate_policies: false
--- a/website/static/flows/enrollment-email-verification.akflow
+++ b/website/static/flows/enrollment-email-verification.akflow
@ -1,146 +0,0 @@
-version: 1
-entries:
-  - identifiers:
-      pk: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
-      slug: default-enrollment-flow
-    model: authentik_flows.flow
-    attrs:
-      name: Default enrollment Flow
-      title: Welcome to authentik!
-      designation: enrollment
-  - identifiers:
-      pk: cb954fd4-65a5-4ad9-b1ee-180ee9559cf4
-    model: authentik_stages_prompt.prompt
-    attrs:
-      field_key: username
-      label: Username
-      type: username
-      required: true
-      placeholder: Username
-      order: 0
-  - identifiers:
-      pk: 7db91ee8-4290-4e08-8d39-63f132402515
-    model: authentik_stages_prompt.prompt
-    attrs:
-      field_key: password
-      label: Password
-      type: password
-      required: true
-      placeholder: Password
-      order: 0
-  - identifiers:
-      pk: d30b5eb4-7787-4072-b1ba-65b46e928920
-    model: authentik_stages_prompt.prompt
-    attrs:
-      field_key: password_repeat
-      label: Password (repeat)
-      type: password
-      required: true
-      placeholder: Password (repeat)
-      order: 1
-  - identifiers:
-      pk: f78d977a-efa6-4cc2-9a0f-2621a9fd94d2
-    model: authentik_stages_prompt.prompt
-    attrs:
-      field_key: name
-      label: Name
-      type: text
-      required: true
-      placeholder: Name
-      order: 0
-  - identifiers:
-      pk: 1ff91927-e33d-4615-95b0-c258e5f0df62
-    model: authentik_stages_prompt.prompt
-    attrs:
-      field_key: email
-      label: Email
-      type: email
-      required: true
-      placeholder: Email
-      order: 1
-  - identifiers:
-      pk: 096e6282-6b30-4695-bd03-3b143eab5580
-      name: default-enrollment-email-verification
-    model: authentik_stages_email.emailstage
-    attrs:
-      use_global_settings: true
-      host: localhost
-      port: 25
-      username: ""
-      use_tls: false
-      use_ssl: false
-      timeout: 10
-      from_address: system@authentik.local
-      token_expiry: 30
-      subject: authentik
-      template: email/account_confirmation.html
-      activate_user_on_success: true
-  - identifiers:
-      pk: 6c342b94-790d-425a-ae31-6196b6570722
-      name: default-enrollment-prompt-second
-    model: authentik_stages_prompt.promptstage
-    attrs:
-      fields:
-        - f78d977a-efa6-4cc2-9a0f-2621a9fd94d2
-        - 1ff91927-e33d-4615-95b0-c258e5f0df62
-  - identifiers:
-      pk: 20375f30-7fa7-4562-8f6e-0f61889f2963
-      name: default-enrollment-prompt-first
-    model: authentik_stages_prompt.promptstage
-    attrs:
-      fields:
-        - cb954fd4-65a5-4ad9-b1ee-180ee9559cf4
-        - 7db91ee8-4290-4e08-8d39-63f132402515
-        - d30b5eb4-7787-4072-b1ba-65b46e928920
-  - identifiers:
-      pk: 77090897-eb3f-40db-81e6-b4074b1998c4
-      name: default-enrollment-user-login
-    model: authentik_stages_user_login.userloginstage
-    attrs:
-      session_duration: seconds=0
-  - identifiers:
-      pk: a4090add-f483-4ac6-8917-10b493ef843e
-      name: default-enrollment-user-write
-    model: authentik_stages_user_write.userwritestage
-    attrs:
-      create_users_as_inactive: true
-  - identifiers:
-      pk: 34e1e7d5-8eed-4549-bc7a-305069ff7df0
-      target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
-      stage: 20375f30-7fa7-4562-8f6e-0f61889f2963
-      order: 10
-    model: authentik_flows.flowstagebinding
-    attrs:
-      re_evaluate_policies: false
-  - identifiers:
-      pk: e40467a6-3052-488c-a1b5-1ad7a80fe7b3
-      target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
-      stage: 6c342b94-790d-425a-ae31-6196b6570722
-      order: 11
-    model: authentik_flows.flowstagebinding
-    attrs:
-      re_evaluate_policies: false
-  - identifiers:
-      pk: 76bc594e-2715-49ab-bd40-994abd9a7b70
-      target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
-      stage: a4090add-f483-4ac6-8917-10b493ef843e
-      order: 20
-    model: authentik_flows.flowstagebinding
-    attrs:
-      re_evaluate_policies: false
-  - identifiers:
-      pk: 1db34a14-8985-4184-b5c9-254cd585d94f
-      target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
-      stage: 096e6282-6b30-4695-bd03-3b143eab5580
-      order: 30
-    model: authentik_flows.flowstagebinding
-    attrs:
-      re_evaluate_policies: false
-  - identifiers:
-      pk: 2f324f6d-7646-4108-a6e2-e7f90985477f
-      target: 773c6673-e4a2-423f-8d32-95b7b4a41cf3
-      stage: 77090897-eb3f-40db-81e6-b4074b1998c4
-      order: 40
-    model: authentik_flows.flowstagebinding
-    attrs:
-      re_evaluate_policies: false
--- a/website/static/flows/login-2fa.akflow
+++ b/website/static/flows/login-2fa.akflow
@ -1,94 +0,0 @@
-version: 1
-entries:
-  - identifiers:
-      slug: default-authentication-flow
-      pk: 563ece21-e9a4-47e5-a264-23ffd923e393
-    model: authentik_flows.flow
-    attrs:
-      name: Default Authentication Flow
-      title: Welcome to authentik!
-      designation: authentication
-  - identifiers:
-      pk: 7db93f1e-788b-4af6-8dc6-5cdeb59d8be7
-    model: authentik_policies_expression.expressionpolicy
-    attrs:
-      name: test-not-app-password
-      execution_logging: false
-      bound_to: 1
-      expression: return context["auth_method"] != "app_password"
-  - identifiers:
-      pk: 69d41125-3987-499b-8d74-ef27b54b88c8
-      name: default-authentication-login
-    model: authentik_stages_user_login.userloginstage
-    attrs:
-      session_duration: seconds=0
-  - identifiers:
-      pk: 5f594f27-0def-488d-9855-fe604eb13de5
-      name: default-authentication-identification
-    model: authentik_stages_identification.identificationstage
-    attrs:
-      user_fields:
-        - email
-        - username
-      template: stages/identification/login.html
-      enrollment_flow: null
-      recovery_flow: null
-  - identifiers:
-      pk: 37f709c3-8817-45e8-9a93-80a925d293c2
-      name: default-authentication-flow-mfa
-    model: authentik_stages_authenticator_validate.AuthenticatorValidateStage
-    attrs: {}
-  - identifiers:
-      pk: d8affa62-500c-4c5c-a01f-5835e1ffdf40
-      name: default-authentication-password
-    model: authentik_stages_password.passwordstage
-    attrs:
-      backends:
-        - authentik.core.auth.InbuiltBackend
-        - authentik.core.auth.TokenBackend
-        - authentik.sources.ldap.auth.LDAPBackend
-  - identifiers:
-      pk: a3056482-b692-4e3a-93f1-7351c6a351c7
-      target: 563ece21-e9a4-47e5-a264-23ffd923e393
-      stage: 5f594f27-0def-488d-9855-fe604eb13de5
-      order: 10
-    model: authentik_flows.flowstagebinding
-    attrs:
-      re_evaluate_policies: false
-  - identifiers:
-      pk: 4e8538cf-3e18-4a68-82ae-6df6725fa2e6
-      target: 563ece21-e9a4-47e5-a264-23ffd923e393
-      stage: d8affa62-500c-4c5c-a01f-5835e1ffdf40
-      order: 20
-    model: authentik_flows.flowstagebinding
-    attrs:
-      re_evaluate_policies: false
-  - identifiers:
-      pk: 688aec6f-5622-42c6-83a5-d22072d7e798
-      target: 563ece21-e9a4-47e5-a264-23ffd923e393
-      stage: 37f709c3-8817-45e8-9a93-80a925d293c2
-      order: 30
-    model: authentik_flows.flowstagebinding
-    attrs:
-      evaluate_on_plan: false
-      re_evaluate_policies: true
-      policy_engine_mode: any
-      invalid_response_action: retry
-  - identifiers:
-      pk: f3fede3a-a9b5-4232-9ec7-be7ff4194b27
-      target: 563ece21-e9a4-47e5-a264-23ffd923e393
-      stage: 69d41125-3987-499b-8d74-ef27b54b88c8
-      order: 100
-    model: authentik_flows.flowstagebinding
-    attrs:
-      re_evaluate_policies: false
-  - identifiers:
-      pk: 6e40ae4d-a4ed-4bd7-a784-27b1fe5859d2
-      policy: 7db93f1e-788b-4af6-8dc6-5cdeb59d8be7
-      target: 688aec6f-5622-42c6-83a5-d22072d7e798
-      order: 0
-    model: authentik_policies.policybinding
-    attrs:
-      negate: false
-      enabled: true
-      timeout: 30
--- a/website/static/flows/login-conditional-captcha.akflow
+++ b/website/static/flows/login-conditional-captcha.akflow
@ -1,93 +0,0 @@
-version: 1
-entries:
-  - identifiers:
-      slug: default-authentication-flow
-      pk: 563ece21-e9a4-47e5-a264-23ffd923e393
-    model: authentik_flows.flow
-    attrs:
-      name: Default Authentication Flow
-      title: Welcome to authentik!
-      designation: authentication
-  - identifiers:
-      name: default-authentication-login
-      pk: 69d41125-3987-499b-8d74-ef27b54b88c8
-    model: authentik_stages_user_login.userloginstage
-    attrs:
-      session_duration: seconds=0
-  - identifiers:
-      name: default-authentication-flow-captcha
-      pk: a368cafc-1494-45e9-b75b-b5e7ac2bd3e4
-    model: authentik_stages_captcha.captchastage
-    attrs:
-      public_key: 6LeIxAcTAAAAAJcZVRqyHh71UMIEGNQ_MXjiZKhI
-      private_key: 6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe
-  - identifiers:
-      name: default-authentication-identification
-      pk: 5f594f27-0def-488d-9855-fe604eb13de5
-    model: authentik_stages_identification.identificationstage
-    attrs:
-      user_fields:
-        - email
-        - username
-      template: stages/identification/login.html
-      enrollment_flow: null
-      recovery_flow: null
-  - identifiers:
-      name: default-authentication-password
-      pk: d8affa62-500c-4c5c-a01f-5835e1ffdf40
-    model: authentik_stages_password.passwordstage
-    attrs:
-      backends:
-        - authentik.core.auth.InbuiltBackend
-        - authentik.core.auth.TokenBackend
-        - authentik.sources.ldap.auth.LDAPBackend
-  - identifiers:
-      pk: a3056482-b692-4e3a-93f1-7351c6a351c7
-      target: 563ece21-e9a4-47e5-a264-23ffd923e393
-      stage: 5f594f27-0def-488d-9855-fe604eb13de5
-      order: 10
-    model: authentik_flows.flowstagebinding
-    attrs:
-      re_evaluate_policies: false
-  - identifiers:
-      pk: 4e8538cf-3e18-4a68-82ae-6df6725fa2e6
-      target: 563ece21-e9a4-47e5-a264-23ffd923e393
-      stage: d8affa62-500c-4c5c-a01f-5835e1ffdf40
-      order: 20
-    model: authentik_flows.flowstagebinding
-    attrs:
-      re_evaluate_policies: false
-  - identifiers:
-      pk: 3bcd6af0-48a6-4e18-87f3-d251a1a58226
-      target: 563ece21-e9a4-47e5-a264-23ffd923e393
-      stage: a368cafc-1494-45e9-b75b-b5e7ac2bd3e4
-      order: 30
-    model: authentik_flows.flowstagebinding
-    attrs:
-      evaluate_on_plan: false
-      re_evaluate_policies: true
-  - identifiers:
-      pk: f3fede3a-a9b5-4232-9ec7-be7ff4194b27
-      target: 563ece21-e9a4-47e5-a264-23ffd923e393
-      stage: 69d41125-3987-499b-8d74-ef27b54b88c8
-      order: 100
-    model: authentik_flows.flowstagebinding
-    attrs:
-      re_evaluate_policies: false
-  - identifiers:
-      pk: 688c9890-47ad-4327-a9e5-380e88d34be5
-    model: authentik_policies_reputation.reputationpolicy
-    attrs:
-      name: default-authentication-flow-conditional-captcha
-      check_ip: true
-      check_username: true
-      threshold: -5
-  - identifiers:
-      pk: 02e4d220-3448-44db-822e-c5255cf7c250
-      policy: 688c9890-47ad-4327-a9e5-380e88d34be5
-      target: 3bcd6af0-48a6-4e18-87f3-d251a1a58226
-      order: 0
-    model: authentik_policies.policybinding
-    attrs:
-      enabled: true
-      timeout: 30
--- a/website/static/flows/recovery-email-verification.akflow
+++ b/website/static/flows/recovery-email-verification.akflow
@ -1,185 +0,0 @@
-version: 1
-entries:
-  - identifiers:
-      pk: a5993183-89c0-43d2-a7f4-ddffb17baba7
-      slug: default-recovery-flow
-    model: authentik_flows.flow
-    attrs:
-      name: Default recovery flow
-      title: Reset your password
-      designation: recovery
-      cache_count: 0
-      policy_engine_mode: any
-      compatibility_mode: false
-      layout: stacked
-  - identifiers:
-      pk: 7db91ee8-4290-4e08-8d39-63f132402515
-    model: authentik_stages_prompt.prompt
-    attrs:
-      field_key: password
-      label: Password
-      type: password
-      required: true
-      placeholder: Password
-      order: 0
-      sub_text: ""
-      placeholder_expression: false
-  - identifiers:
-      pk: d30b5eb4-7787-4072-b1ba-65b46e928920
-    model: authentik_stages_prompt.prompt
-    attrs:
-      field_key: password_repeat
-      label: Password (repeat)
-      type: password
-      required: true
-      placeholder: Password (repeat)
-      order: 1
-      sub_text: ""
-      placeholder_expression: false
-  - identifiers:
-      pk: 1c5709ae-1b3e-413a-a117-260ab509bf5c
-    model: authentik_policies_expression.expressionpolicy
-    attrs:
-      name: default-recovery-skip-if-restored
-      execution_logging: false
-      bound_to: 2
-      expression: return request.context.get('is_restored', False)
-  - identifiers:
-      pk: 1c5709ae-1b3e-413a-a117-260ab509bf5c
-    model: authentik_policies_expression.expressionpolicy
-    attrs:
-      name: default-recovery-skip-if-restored
-      execution_logging: false
-      bound_to: 2
-      expression: return request.context.get('is_restored', False)
-  - identifiers:
-      pk: 4ac5719f-32c0-441c-8a7e-33c5ea0db7da
-      name: default-recovery-email
-    model: authentik_stages_email.emailstage
-    attrs:
-      use_global_settings: true
-      host: localhost
-      port: 25
-      username: ""
-      use_tls: false
-      use_ssl: false
-      timeout: 10
-      from_address: system@authentik.local
-      token_expiry: 30
-      subject: authentik
-      template: email/password_reset.html
-      activate_user_on_success: true
-  - identifiers:
-      pk: 68b25ad5-318a-496e-95a7-cf4d94247f0d
-      name: default-recovery-user-write
-    model: authentik_stages_user_write.userwritestage
-    attrs:
-      create_users_as_inactive: false
-      create_users_group: null
-      user_path_template: ""
-  - identifiers:
-      pk: 94843ef6-28fe-4939-bd61-cd46bb34f1de
-      name: default-recovery-identification
-    model: authentik_stages_identification.identificationstage
-    attrs:
-      user_fields:
-        - email
-        - username
-      password_stage: null
-      case_insensitive_matching: true
-      show_matched_user: true
-      enrollment_flow: null
-      recovery_flow: null
-      passwordless_flow: null
-      sources: []
-      show_source_labels: false
-  - identifiers:
-      pk: e74230b2-82bc-4843-8b18-2c3a66a62d57
-      name: default-recovery-user-login
-    model: authentik_stages_user_login.userloginstage
-    attrs:
-      session_duration: seconds=0
-  - identifiers:
-      pk: fa2d8d65-1809-4dcc-bdc0-56266e0f7971
-      name: Change your password
-    model: authentik_stages_prompt.promptstage
-    attrs:
-      fields:
-        - 7db91ee8-4290-4e08-8d39-63f132402515
-        - d30b5eb4-7787-4072-b1ba-65b46e928920
-      validation_policies: []
-  - identifiers:
-      pk: 7af7558e-2196-4b9f-a08e-d38420b7cfbb
-      target: a5993183-89c0-43d2-a7f4-ddffb17baba7
-      stage: 94843ef6-28fe-4939-bd61-cd46bb34f1de
-      order: 10
-    model: authentik_flows.flowstagebinding
-    attrs:
-      evaluate_on_plan: true
-      re_evaluate_policies: true
-      policy_engine_mode: any
-      invalid_response_action: retry
-  - identifiers:
-      pk: 29446fd6-dd93-4e92-9830-2d81debad5ae
-      target: a5993183-89c0-43d2-a7f4-ddffb17baba7
-      stage: 4ac5719f-32c0-441c-8a7e-33c5ea0db7da
-      order: 20
-    model: authentik_flows.flowstagebinding
-    attrs:
-      evaluate_on_plan: true
-      re_evaluate_policies: true
-      policy_engine_mode: any
-      invalid_response_action: retry
-  - identifiers:
-      pk: 1219d06e-2c06-4c5b-a162-78e3959c6cf0
-      target: a5993183-89c0-43d2-a7f4-ddffb17baba7
-      stage: fa2d8d65-1809-4dcc-bdc0-56266e0f7971
-      order: 30
-    model: authentik_flows.flowstagebinding
-    attrs:
-      evaluate_on_plan: true
-      re_evaluate_policies: false
-      policy_engine_mode: any
-      invalid_response_action: retry
-  - identifiers:
-      pk: 66de86ba-0707-46a0-8475-ff2e260d6935
-      target: a5993183-89c0-43d2-a7f4-ddffb17baba7
-      stage: 68b25ad5-318a-496e-95a7-cf4d94247f0d
-      order: 40
-    model: authentik_flows.flowstagebinding
-    attrs:
-      evaluate_on_plan: true
-      re_evaluate_policies: false
-      policy_engine_mode: any
-      invalid_response_action: retry
-  - identifiers:
-      pk: 9cec2334-d4a2-4895-a2b2-bc5ae4e9639a
-      target: a5993183-89c0-43d2-a7f4-ddffb17baba7
-      stage: e74230b2-82bc-4843-8b18-2c3a66a62d57
-      order: 100
-    model: authentik_flows.flowstagebinding
-    attrs:
-      evaluate_on_plan: true
-      re_evaluate_policies: false
-      policy_engine_mode: any
-      invalid_response_action: retry
-  - identifiers:
-      pk: 95aad215-8729-4177-953d-41ffbe86239e
-      policy: 1c5709ae-1b3e-413a-a117-260ab509bf5c
-      target: 7af7558e-2196-4b9f-a08e-d38420b7cfbb
-      order: 0
-    model: authentik_policies.policybinding
-    attrs:
-      negate: false
-      enabled: true
-      timeout: 30
-  - identifiers:
-      pk: a5454cbc-d2e4-403a-84af-6af999990b12
-      policy: 1c5709ae-1b3e-413a-a117-260ab509bf5c
-      target: 29446fd6-dd93-4e92-9830-2d81debad5ae
-      order: 0
-    model: authentik_policies.policybinding
-    attrs:
-      negate: false
-      enabled: true
-      timeout: 30
--- a/website/static/flows/unenrollment.akflow
+++ b/website/static/flows/unenrollment.akflow
@ -1,23 +0,0 @@
-version: 1
-entries:
-  - identifiers:
-      pk: 59a576ce-2f23-4a63-b63a-d18dc7e550f5
-      slug: default-unenrollment-flow
-    model: authentik_flows.flow
-    attrs:
-      name: Default unenrollment flow
-      title: Delete your account
-      designation: unenrollment
-  - identifiers:
-      pk: c62ac2a4-2735-4a0f-abd0-8523d68c1209
-      name: default-unenrollment-user-delete
-    model: authentik_stages_user_delete.userdeletestage
-    attrs: {}
-  - identifiers:
-      pk: eb9aff2b-b95d-40b3-ad08-233aa77bbcf3
-      target: 59a576ce-2f23-4a63-b63a-d18dc7e550f5
-      stage: c62ac2a4-2735-4a0f-abd0-8523d68c1209
-      order: 10
-    model: authentik_flows.flowstagebinding
-    attrs:
-      re_evaluate_policies: false