habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1ffb7efed6c3d2c243496794bcb1c9e29e1133af
authentik/blueprints/default/flow-default-user-settings-flow.yaml
Jens L 2f469d2709 root: partial Live-updating config (#5959) 
* stages/email: directly use email credentials from config

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* use custom database backend that supports dynamic credentials

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add crude config reloader

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* make method names for CONFIG clearer

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* replace config.set with environ

Not sure if this is the cleanest way, but it persists through a config reload

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* re-add set for @patch

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* even more crudeness

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* clean up some old stuff?

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* somewhat rewrite config loader to keep track of a source of an attribute so we can refresh it

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* cleanup old things

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix flow e2e

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-07-19 23:13:22 +02:00

150 lines
4.2 KiB
YAML
Raw Blame History

version: 1
metadata:
name: Default - User settings flow
entries:
- attrs:
designation: stage_configuration
name: User settings
title: Update your info
authentication: require_authenticated
identifiers:
slug: default-user-settings-flow
model: authentik_flows.flow
id: flow
- attrs:
order: 200
placeholder: Username
placeholder_expression: false
initial_value: |
try:
return user.username
except:
return ''
initial_value_expression: true
required: true
type: text
field_key: username
label: Username
identifiers:
name: default-user-settings-field-username
id: prompt-field-username
model: authentik_stages_prompt.prompt
- attrs:
order: 201
placeholder: Name
placeholder_expression: false
initial_value: |
try:
return user.name
except:
return ''
initial_value_expression: true
required: true
type: text
field_key: name
label: Name
identifiers:
name: default-user-settings-field-name
id: prompt-field-name
model: authentik_stages_prompt.prompt
- attrs:
order: 202
placeholder: Email
placeholder_expression: false
initial_value: |
try:
return user.email
except:
return ''
initial_value_expression: true
required: true
type: email
field_key: email
label: Email
identifiers:
name: default-user-settings-field-email
id: prompt-field-email
model: authentik_stages_prompt.prompt
- attrs:
order: 203
placeholder: Locale
placeholder_expression: false
initial_value: |
try:
return user.attributes.get("settings", {}).get("locale", "")
except:
return ''
initial_value_expression: true
required: true
type: ak-locale
field_key: attributes.settings.locale
label: Locale
identifiers:
name: default-user-settings-field-locale
id: prompt-field-locale
model: authentik_stages_prompt.prompt
- attrs:
expression: |
from authentik.lib.config import CONFIG
from authentik.core.models import (
USER_ATTRIBUTE_CHANGE_EMAIL,
USER_ATTRIBUTE_CHANGE_NAME,
USER_ATTRIBUTE_CHANGE_USERNAME
)
prompt_data = request.context.get("prompt_data")
if not request.user.group_attributes(request.http_request).get(
USER_ATTRIBUTE_CHANGE_EMAIL, CONFIG.get_bool("default_user_change_email", True)
):
if prompt_data.get("email") != request.user.email:
ak_message("Not allowed to change email address.")
return False
if not request.user.group_attributes(request.http_request).get(
USER_ATTRIBUTE_CHANGE_NAME, CONFIG.get_bool("default_user_change_name", True)
):
if prompt_data.get("name") != request.user.name:
ak_message("Not allowed to change name.")
return False
if not request.user.group_attributes(request.http_request).get(
USER_ATTRIBUTE_CHANGE_USERNAME, CONFIG.get_bool("default_user_change_username", True)
):
if prompt_data.get("username") != request.user.username:
ak_message("Not allowed to change username.")
return False
return True
identifiers:
name: default-user-settings-authorization
id: default-user-settings-authorization
model: authentik_policies_expression.expressionpolicy
- identifiers:
name: default-user-settings-write
attrs:
user_creation_mode: never_create
id: default-user-settings-write
model: authentik_stages_user_write.userwritestage
- attrs:
fields:
- !KeyOf prompt-field-username
- !KeyOf prompt-field-name
- !KeyOf prompt-field-email
- !KeyOf prompt-field-locale
validation_policies:
- !KeyOf default-user-settings-authorization
identifiers:
name: default-user-settings
id: default-user-settings
model: authentik_stages_prompt.promptstage
- identifiers:
order: 20
stage: !KeyOf default-user-settings
target: !KeyOf flow
model: authentik_flows.flowstagebinding
- identifiers:
order: 100
stage: !KeyOf default-user-settings-write
target: !KeyOf flow
model: authentik_flows.flowstagebinding
Reference in New Issue View Git Blame Copy Permalink