stages/user_write: add create_users_as_inactive flag
close #1086 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
@ -12,7 +12,7 @@ class UserWriteStageSerializer(StageSerializer):
|
|||||||
class Meta:
|
class Meta:
|
||||||
|
|
||||||
model = UserWriteStage
|
model = UserWriteStage
|
||||||
fields = StageSerializer.Meta.fields
|
fields = StageSerializer.Meta.fields + ["create_users_as_inactive"]
|
||||||
|
|
||||||
|
|
||||||
class UserWriteStageViewSet(UsedByMixin, ModelViewSet):
|
class UserWriteStageViewSet(UsedByMixin, ModelViewSet):
|
||||||
|
|||||||
@ -0,0 +1,21 @@
|
|||||||
|
# Generated by Django 3.2.4 on 2021-06-28 20:31
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
("authentik_stages_user_write", "0002_auto_20200918_1653"),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AddField(
|
||||||
|
model_name="userwritestage",
|
||||||
|
name="create_users_as_inactive",
|
||||||
|
field=models.BooleanField(
|
||||||
|
default=False,
|
||||||
|
help_text="When set, newly created users are inactive and cannot login.",
|
||||||
|
),
|
||||||
|
),
|
||||||
|
]
|
||||||
@ -1,6 +1,7 @@
|
|||||||
"""write stage models"""
|
"""write stage models"""
|
||||||
from typing import Type
|
from typing import Type
|
||||||
|
|
||||||
|
from django.db import models
|
||||||
from django.utils.translation import gettext_lazy as _
|
from django.utils.translation import gettext_lazy as _
|
||||||
from django.views import View
|
from django.views import View
|
||||||
from rest_framework.serializers import BaseSerializer
|
from rest_framework.serializers import BaseSerializer
|
||||||
@ -12,6 +13,11 @@ class UserWriteStage(Stage):
|
|||||||
"""Writes currently pending data into the pending user, or if no user exists,
|
"""Writes currently pending data into the pending user, or if no user exists,
|
||||||
creates a new user with the data."""
|
creates a new user with the data."""
|
||||||
|
|
||||||
|
create_users_as_inactive = models.BooleanField(
|
||||||
|
default=False,
|
||||||
|
help_text=_("When set, newly created users are inactive and cannot login."),
|
||||||
|
)
|
||||||
|
|
||||||
@property
|
@property
|
||||||
def serializer(self) -> BaseSerializer:
|
def serializer(self) -> BaseSerializer:
|
||||||
from authentik.stages.user_write.api import UserWriteStageSerializer
|
from authentik.stages.user_write.api import UserWriteStageSerializer
|
||||||
|
|||||||
@ -35,7 +35,9 @@ class UserWriteStageView(StageView):
|
|||||||
data = self.executor.plan.context[PLAN_CONTEXT_PROMPT]
|
data = self.executor.plan.context[PLAN_CONTEXT_PROMPT]
|
||||||
user_created = False
|
user_created = False
|
||||||
if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context:
|
if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context:
|
||||||
self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User()
|
self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User(
|
||||||
|
is_active=not self.executor.current_stage.create_users_as_inactive
|
||||||
|
)
|
||||||
self.executor.plan.context[
|
self.executor.plan.context[
|
||||||
PLAN_CONTEXT_AUTHENTICATION_BACKEND
|
PLAN_CONTEXT_AUTHENTICATION_BACKEND
|
||||||
] = class_to_path(ModelBackend)
|
] = class_to_path(ModelBackend)
|
||||||
|
|||||||
@ -25778,6 +25778,9 @@ components:
|
|||||||
type: array
|
type: array
|
||||||
items:
|
items:
|
||||||
$ref: '#/components/schemas/FlowRequest'
|
$ref: '#/components/schemas/FlowRequest'
|
||||||
|
create_users_as_inactive:
|
||||||
|
type: boolean
|
||||||
|
description: When set, newly created users are inactive and cannot login.
|
||||||
PatchedWebAuthnDeviceRequest:
|
PatchedWebAuthnDeviceRequest:
|
||||||
type: object
|
type: object
|
||||||
description: Serializer for WebAuthn authenticator devices
|
description: Serializer for WebAuthn authenticator devices
|
||||||
@ -28272,6 +28275,9 @@ components:
|
|||||||
type: array
|
type: array
|
||||||
items:
|
items:
|
||||||
$ref: '#/components/schemas/Flow'
|
$ref: '#/components/schemas/Flow'
|
||||||
|
create_users_as_inactive:
|
||||||
|
type: boolean
|
||||||
|
description: When set, newly created users are inactive and cannot login.
|
||||||
required:
|
required:
|
||||||
- component
|
- component
|
||||||
- name
|
- name
|
||||||
@ -28288,6 +28294,9 @@ components:
|
|||||||
type: array
|
type: array
|
||||||
items:
|
items:
|
||||||
$ref: '#/components/schemas/FlowRequest'
|
$ref: '#/components/schemas/FlowRequest'
|
||||||
|
create_users_as_inactive:
|
||||||
|
type: boolean
|
||||||
|
description: When set, newly created users are inactive and cannot login.
|
||||||
required:
|
required:
|
||||||
- name
|
- name
|
||||||
ValidationError:
|
ValidationError:
|
||||||
|
|||||||
@ -945,6 +945,10 @@ msgstr "Create User"
|
|||||||
msgid "Create provider"
|
msgid "Create provider"
|
||||||
msgstr "Create provider"
|
msgstr "Create provider"
|
||||||
|
|
||||||
|
#: src/pages/stages/user_write/UserWriteStageForm.ts
|
||||||
|
msgid "Create users as inactive"
|
||||||
|
msgstr "Create users as inactive"
|
||||||
|
|
||||||
#: src/pages/applications/ApplicationForm.ts
|
#: src/pages/applications/ApplicationForm.ts
|
||||||
#: src/pages/flows/BoundStagesList.ts
|
#: src/pages/flows/BoundStagesList.ts
|
||||||
#: src/pages/outposts/ServiceConnectionListPage.ts
|
#: src/pages/outposts/ServiceConnectionListPage.ts
|
||||||
@ -2151,6 +2155,10 @@ msgstr "Logs"
|
|||||||
msgid "Long-running operations which authentik executes in the background."
|
msgid "Long-running operations which authentik executes in the background."
|
||||||
msgstr "Long-running operations which authentik executes in the background."
|
msgstr "Long-running operations which authentik executes in the background."
|
||||||
|
|
||||||
|
#: src/pages/stages/user_write/UserWriteStageForm.ts
|
||||||
|
msgid "Mark newly created users as inactive."
|
||||||
|
msgstr "Mark newly created users as inactive."
|
||||||
|
|
||||||
#: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts
|
#: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts
|
||||||
msgid "Match created events with this action type. When left empty, all action types will be matched."
|
msgid "Match created events with this action type. When left empty, all action types will be matched."
|
||||||
msgstr "Match created events with this action type. When left empty, all action types will be matched."
|
msgstr "Match created events with this action type. When left empty, all action types will be matched."
|
||||||
@ -3384,6 +3392,7 @@ msgstr "Stage used to validate any authenticator. This stage should be used duri
|
|||||||
#: src/pages/stages/password/PasswordStageForm.ts
|
#: src/pages/stages/password/PasswordStageForm.ts
|
||||||
#: src/pages/stages/prompt/PromptStageForm.ts
|
#: src/pages/stages/prompt/PromptStageForm.ts
|
||||||
#: src/pages/stages/user_login/UserLoginStageForm.ts
|
#: src/pages/stages/user_login/UserLoginStageForm.ts
|
||||||
|
#: src/pages/stages/user_write/UserWriteStageForm.ts
|
||||||
msgid "Stage-specific settings"
|
msgid "Stage-specific settings"
|
||||||
msgstr "Stage-specific settings"
|
msgstr "Stage-specific settings"
|
||||||
|
|
||||||
|
|||||||
@ -939,6 +939,10 @@ msgstr ""
|
|||||||
msgid "Create provider"
|
msgid "Create provider"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
#:
|
||||||
|
msgid "Create users as inactive"
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#:
|
#:
|
||||||
#:
|
#:
|
||||||
#:
|
#:
|
||||||
@ -2143,6 +2147,10 @@ msgstr ""
|
|||||||
msgid "Long-running operations which authentik executes in the background."
|
msgid "Long-running operations which authentik executes in the background."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
#:
|
||||||
|
msgid "Mark newly created users as inactive."
|
||||||
|
msgstr ""
|
||||||
|
|
||||||
#:
|
#:
|
||||||
msgid "Match created events with this action type. When left empty, all action types will be matched."
|
msgid "Match created events with this action type. When left empty, all action types will be matched."
|
||||||
msgstr ""
|
msgstr ""
|
||||||
@ -3376,6 +3384,7 @@ msgstr ""
|
|||||||
#:
|
#:
|
||||||
#:
|
#:
|
||||||
#:
|
#:
|
||||||
|
#:
|
||||||
msgid "Stage-specific settings"
|
msgid "Stage-specific settings"
|
||||||
msgstr ""
|
msgstr ""
|
||||||
|
|
||||||
|
|||||||
@ -5,7 +5,9 @@ import { html, TemplateResult } from "lit-html";
|
|||||||
import { DEFAULT_CONFIG } from "../../../api/Config";
|
import { DEFAULT_CONFIG } from "../../../api/Config";
|
||||||
import { ifDefined } from "lit-html/directives/if-defined";
|
import { ifDefined } from "lit-html/directives/if-defined";
|
||||||
import "../../../elements/forms/HorizontalFormElement";
|
import "../../../elements/forms/HorizontalFormElement";
|
||||||
|
import "../../../elements/forms/FormGroup";
|
||||||
import { ModelForm } from "../../../elements/forms/ModelForm";
|
import { ModelForm } from "../../../elements/forms/ModelForm";
|
||||||
|
import { first } from "../../../utils";
|
||||||
|
|
||||||
@customElement("ak-stage-user-write-form")
|
@customElement("ak-stage-user-write-form")
|
||||||
export class UserWriteStageForm extends ModelForm<UserWriteStage, string> {
|
export class UserWriteStageForm extends ModelForm<UserWriteStage, string> {
|
||||||
@ -49,6 +51,22 @@ export class UserWriteStageForm extends ModelForm<UserWriteStage, string> {
|
|||||||
name="name">
|
name="name">
|
||||||
<input type="text" value="${ifDefined(this.instance?.name || "")}" class="pf-c-form-control" required>
|
<input type="text" value="${ifDefined(this.instance?.name || "")}" class="pf-c-form-control" required>
|
||||||
</ak-form-element-horizontal>
|
</ak-form-element-horizontal>
|
||||||
|
<ak-form-group .expanded=${true}>
|
||||||
|
<span slot="header">
|
||||||
|
${t`Stage-specific settings`}
|
||||||
|
</span>
|
||||||
|
<div slot="body" class="pf-c-form">
|
||||||
|
<ak-form-element-horizontal name="createUsersAsInactive">
|
||||||
|
<div class="pf-c-check">
|
||||||
|
<input type="checkbox" class="pf-c-check__input" ?checked=${first(this.instance?.createUsersAsInactive, true)}>
|
||||||
|
<label class="pf-c-check__label">
|
||||||
|
${t`Create users as inactive`}
|
||||||
|
</label>
|
||||||
|
</div>
|
||||||
|
<p class="pf-c-form__helper-text">${t`Mark newly created users as inactive.`}</p>
|
||||||
|
</ak-form-element-horizontal>
|
||||||
|
</div>
|
||||||
|
</ak-form-group>
|
||||||
</form>`;
|
</form>`;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -132,6 +132,8 @@ slug: "2021.6"
|
|||||||
- providers/oauth2: fix exp of JWT when not using seconds
|
- providers/oauth2: fix exp of JWT when not using seconds
|
||||||
- sources/ldap: improve error handling when checking for password complexity on non-ad setups
|
- sources/ldap: improve error handling when checking for password complexity on non-ad setups
|
||||||
- stages/authenticator_duo: fix component not being set in API
|
- stages/authenticator_duo: fix component not being set in API
|
||||||
|
- stages/prompt: ensure hidden and static fields keep the value they had set
|
||||||
|
- stages/user_write: add flag to create new users as inactive
|
||||||
- tenants: include all default flows in current_tenant
|
- tenants: include all default flows in current_tenant
|
||||||
- web/admin: fix deletion of authenticator not reloading the state correctly
|
- web/admin: fix deletion of authenticator not reloading the state correctly
|
||||||
- web/admin: fix only recovery flows being selectable for unenrollment flow in tenant form
|
- web/admin: fix only recovery flows being selectable for unenrollment flow in tenant form
|
||||||
|
|||||||
@ -145,7 +145,9 @@
|
|||||||
"name": "default-enrollment-user-write"
|
"name": "default-enrollment-user-write"
|
||||||
},
|
},
|
||||||
"model": "authentik_stages_user_write.userwritestage",
|
"model": "authentik_stages_user_write.userwritestage",
|
||||||
"attrs": {}
|
"attrs": {
|
||||||
|
"create_users_as_inactive": true
|
||||||
|
}
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"identifiers": {
|
"identifiers": {
|
||||||
|
|||||||
Reference in New Issue
Block a user