From bb43c49b1e89bf1dcf1ef40a39b2bd55be641227 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Tue, 18 Oct 2022 21:38:01 +0200 Subject: [PATCH] website/docs: fix passwordless docs, cross-link both closes #3803 Signed-off-by: Jens Langhammer --- Makefile | 5 ++++- website/docs/flow/stages/authenticator_validate/index.md | 2 +- website/docs/flow/stages/password/index.md | 6 +++--- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index 612dc68f33..9fbc653b31 100644 --- a/Makefile +++ b/Makefile @@ -151,7 +151,7 @@ web-extract: ## Website ######################### -website: website-lint-fix +website: website-lint-fix website-build website-install: cd website && npm ci @@ -159,6 +159,9 @@ website-install: website-lint-fix: cd website && npm run prettier +website-build: + cd website && npm run build + website-watch: cd website && npm run watch diff --git a/website/docs/flow/stages/authenticator_validate/index.md b/website/docs/flow/stages/authenticator_validate/index.md index 77985a62ab..9fa3a45c8e 100644 --- a/website/docs/flow/stages/authenticator_validate/index.md +++ b/website/docs/flow/stages/authenticator_validate/index.md @@ -35,7 +35,7 @@ You can configure this stage to only ask for MFA validation if the user hasn't a Requires authentik 2021.12.4 ::: -Passwordless authentication currently only supports WebAuthn devices, like security keys and biometrics. +Passwordless authentication currently only supports WebAuthn devices, like security keys and biometrics. For an alternate passwordless setup, see [Password stage](../password/index.md#passwordless-login), which supports other types. To configure passwordless authentication, create a new Flow with the delegation set to _Authentication_. diff --git a/website/docs/flow/stages/password/index.md b/website/docs/flow/stages/password/index.md index 74ed435980..9cddce6616 100644 --- a/website/docs/flow/stages/password/index.md +++ b/website/docs/flow/stages/password/index.md @@ -6,7 +6,7 @@ This is a generic password prompt which authenticates the current `pending_user` ## Passwordless login -To achieve a "passwordless" experience; authenticating users based only on TOTP/WebAuthn/Duo, create an expression policy and optionally skip the password stage. +There are two different ways to configure passwordless authentication; you can follow the instructions [here](../authenticator_validate/index.md#passwordless-authentication) to allow users to directly authenticate with their authenticator (only supported for WebAuthn devices), or dynamically skip the password stage depending on the users device, which is documented here. Depending on what kind of device you want to require the user to have: @@ -14,14 +14,14 @@ Depending on what kind of device you want to require the user to have: ```python from authentik.stages.authenticator_webauthn.models import WebAuthnDevice -return WebAuthnDevice.objects.filter(user=request.user, confirmed=True).exists() +return WebAuthnDevice.objects.filter(user=request.context['pending_user'], confirmed=True).exists() ``` #### Duo ```python from authentik.stages.authenticator_duo.models import DuoDevice -return DuoDevice.objects.filter(user=request.user, confirmed=True).exists() +return DuoDevice.objects.filter(user=request.context['pending_user'], confirmed=True).exists() ``` Afterwards, bind the policy you've created to the stage binding of the password stage.