diff --git a/authentik/stages/authenticator_validate/migrations/0009_default_stage.py b/authentik/stages/authenticator_validate/migrations/0009_default_stage.py new file mode 100644 index 000000000..df1d9b569 --- /dev/null +++ b/authentik/stages/authenticator_validate/migrations/0009_default_stage.py @@ -0,0 +1,57 @@ +# Generated by Django 3.0.3 on 2020-05-08 14:30 + +from django.apps.registry import Apps +from django.db import migrations +from django.db.backends.base.schema import BaseDatabaseSchemaEditor + +from authentik.stages.authenticator_validate.models import default_device_classes + + +def create_default_validate_stage(apps: Apps, schema_editor: BaseDatabaseSchemaEditor): + Flow = apps.get_model("authentik_flows", "Flow") + FlowStageBinding = apps.get_model("authentik_flows", "FlowStageBinding") + AuthenticatorValidateStage = apps.get_model( + "authentik_stages_authenticator_validate", "AuthenticatorValidateStage" + ) + + db_alias = schema_editor.connection.alias + + auth_flows = Flow.objects.using(db_alias).filter(slug="default-authentication-flow") + if not auth_flows.exists(): + return + + # If there's already a validation stage in the flow, skip + if ( + AuthenticatorValidateStage.objects.using(db_alias) + .filter(flow__slug="default-authentication-flow") + .exists() + ): + return + + validate_stage, _ = AuthenticatorValidateStage.objects.using(db_alias).update_or_create( + name="default-authentication-mfa-validation", + defaults={ + "device_classes": default_device_classes, + }, + ) + + FlowStageBinding.objects.using(db_alias).update_or_create( + target=auth_flows.first(), + stage=validate_stage, + defaults={ + "order": 30, + }, + ) + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_flows", "0008_default_flows"), + ( + "authentik_stages_authenticator_validate", + "0008_alter_authenticatorvalidatestage_device_classes", + ), + ] + + operations = [migrations.RunPython(create_default_validate_stage)]