 980320e24b
			
		
	
	980320e24b
	
	
	
		
			
			* tests/e2e: use blueprints for testing Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add identification stage assignment Signed-off-by: Jens Langhammer <jens@goauthentik.io> * add recovery flow tests Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
		
			
				
	
	
		
			162 lines
		
	
	
		
			4.6 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			162 lines
		
	
	
		
			4.6 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| version: 1
 | |
| metadata:
 | |
|   labels:
 | |
|     blueprints.goauthentik.io/instantiate: "false"
 | |
|   name: Example - Recovery with email verification
 | |
| entries:
 | |
|   - identifiers:
 | |
|       slug: default-recovery-flow
 | |
|     id: flow
 | |
|     model: authentik_flows.flow
 | |
|     attrs:
 | |
|       name: Default recovery flow
 | |
|       title: Reset your password
 | |
|       designation: recovery
 | |
|       authentication: require_unauthenticated
 | |
|   - identifiers:
 | |
|       name: default-recovery-field-password
 | |
|     id: prompt-field-password
 | |
|     model: authentik_stages_prompt.prompt
 | |
|     attrs:
 | |
|       field_key: password
 | |
|       label: Password
 | |
|       type: password
 | |
|       required: true
 | |
|       placeholder: Password
 | |
|       order: 0
 | |
|       placeholder_expression: false
 | |
|   - identifiers:
 | |
|       name: default-recovery-field-password-repeat
 | |
|     id: prompt-field-password-repeat
 | |
|     model: authentik_stages_prompt.prompt
 | |
|     attrs:
 | |
|       field_key: password_repeat
 | |
|       label: Password (repeat)
 | |
|       type: password
 | |
|       required: true
 | |
|       placeholder: Password (repeat)
 | |
|       order: 1
 | |
|       placeholder_expression: false
 | |
|   - identifiers:
 | |
|       name: default-recovery-skip-if-restored
 | |
|     id: default-recovery-skip-if-restored
 | |
|     model: authentik_policies_expression.expressionpolicy
 | |
|     attrs:
 | |
|       expression: |
 | |
|         return bool(request.context.get('is_restored', True))
 | |
|   - identifiers:
 | |
|       name: default-recovery-email
 | |
|     id: default-recovery-email
 | |
|     model: authentik_stages_email.emailstage
 | |
|     attrs:
 | |
|       use_global_settings: true
 | |
|       host: localhost
 | |
|       port: 25
 | |
|       username: ""
 | |
|       use_tls: false
 | |
|       use_ssl: false
 | |
|       timeout: 10
 | |
|       from_address: system@authentik.local
 | |
|       token_expiry: 30
 | |
|       subject: authentik
 | |
|       template: email/password_reset.html
 | |
|       activate_user_on_success: true
 | |
|   - identifiers:
 | |
|       name: default-recovery-user-write
 | |
|     id: default-recovery-user-write
 | |
|     model: authentik_stages_user_write.userwritestage
 | |
|     attrs:
 | |
|       user_creation_mode: never_create
 | |
|   - identifiers:
 | |
|       name: default-recovery-identification
 | |
|     id: default-recovery-identification
 | |
|     model: authentik_stages_identification.identificationstage
 | |
|     attrs:
 | |
|       user_fields:
 | |
|         - email
 | |
|         - username
 | |
|   - identifiers:
 | |
|       name: default-recovery-user-login
 | |
|     id: default-recovery-user-login
 | |
|     model: authentik_stages_user_login.userloginstage
 | |
|   - identifiers:
 | |
|       name: Change your password
 | |
|     id: stages-prompt-password
 | |
|     model: authentik_stages_prompt.promptstage
 | |
|     attrs:
 | |
|       fields:
 | |
|         - !KeyOf prompt-field-password
 | |
|         - !KeyOf prompt-field-password-repeat
 | |
|       validation_policies: []
 | |
|   - identifiers:
 | |
|       target: !KeyOf flow
 | |
|       stage: !KeyOf default-recovery-identification
 | |
|       order: 10
 | |
|     model: authentik_flows.flowstagebinding
 | |
|     id: flow-binding-identification
 | |
|     attrs:
 | |
|       evaluate_on_plan: true
 | |
|       re_evaluate_policies: true
 | |
|       policy_engine_mode: any
 | |
|       invalid_response_action: retry
 | |
|   - identifiers:
 | |
|       target: !KeyOf flow
 | |
|       stage: !KeyOf default-recovery-email
 | |
|       order: 20
 | |
|     model: authentik_flows.flowstagebinding
 | |
|     id: flow-binding-email
 | |
|     attrs:
 | |
|       evaluate_on_plan: true
 | |
|       re_evaluate_policies: true
 | |
|       policy_engine_mode: any
 | |
|       invalid_response_action: retry
 | |
|   - identifiers:
 | |
|       pk: 1219d06e-2c06-4c5b-a162-78e3959c6cf0
 | |
|       target: !KeyOf flow
 | |
|       stage: !KeyOf stages-prompt-password
 | |
|       order: 30
 | |
|     model: authentik_flows.flowstagebinding
 | |
|     attrs:
 | |
|       evaluate_on_plan: true
 | |
|       re_evaluate_policies: false
 | |
|       policy_engine_mode: any
 | |
|       invalid_response_action: retry
 | |
|   - identifiers:
 | |
|       target: !KeyOf flow
 | |
|       stage: !KeyOf default-recovery-user-write
 | |
|       order: 40
 | |
|     model: authentik_flows.flowstagebinding
 | |
|     attrs:
 | |
|       evaluate_on_plan: true
 | |
|       re_evaluate_policies: false
 | |
|       policy_engine_mode: any
 | |
|       invalid_response_action: retry
 | |
|   - identifiers:
 | |
|       target: !KeyOf flow
 | |
|       stage: !KeyOf default-recovery-user-login
 | |
|       order: 100
 | |
|     model: authentik_flows.flowstagebinding
 | |
|     attrs:
 | |
|       evaluate_on_plan: true
 | |
|       re_evaluate_policies: false
 | |
|       policy_engine_mode: any
 | |
|       invalid_response_action: retry
 | |
|   - identifiers:
 | |
|       policy: !KeyOf default-recovery-skip-if-restored
 | |
|       target: !KeyOf flow-binding-identification
 | |
|       order: 0
 | |
|     model: authentik_policies.policybinding
 | |
|     attrs:
 | |
|       negate: false
 | |
|       enabled: true
 | |
|       timeout: 30
 | |
|   - identifiers:
 | |
|       policy: !KeyOf default-recovery-skip-if-restored
 | |
|       target: !KeyOf flow-binding-email
 | |
|       order: 0
 | |
|     model: authentik_policies.policybinding
 | |
|     attrs:
 | |
|       negate: false
 | |
|       enabled: true
 | |
|       timeout: 30
 |