website/docs: add docs for `auth_method` and `auth_method_args` fields

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-08-23 17:23:55 +02:00 · 2021-08-23 17:23:55 +02:00 · 07a4f474f4
parent 244dc671db
commit 07a4f474f4
5 changed files with 41 additions and 13 deletions
--- a/authentik/events/signals.py
+++ b/authentik/events/signals.py
@ -47,11 +47,11 @@ def on_user_logged_in(sender, request: HttpRequest, user: User, **_):
        flow_plan: FlowPlan = request.session[SESSION_KEY_PLAN]
        if PLAN_CONTEXT_SOURCE in flow_plan.context:
            # Login request came from an external source, save it in the context
-            thread.kwargs["using_source"] = flow_plan.context[PLAN_CONTEXT_SOURCE]
+            thread.kwargs[PLAN_CONTEXT_SOURCE] = flow_plan.context[PLAN_CONTEXT_SOURCE]
        if PLAN_CONTEXT_METHOD in flow_plan.context:
-            thread.kwargs["method"] = flow_plan.context[PLAN_CONTEXT_METHOD]
+            thread.kwargs[PLAN_CONTEXT_METHOD] = flow_plan.context[PLAN_CONTEXT_METHOD]
            # Save the login method used
-            thread.kwargs["method_args"] = flow_plan.context.get(PLAN_CONTEXT_METHOD_ARGS, {})
+            thread.kwargs[PLAN_CONTEXT_METHOD_ARGS] = flow_plan.context.get(PLAN_CONTEXT_METHOD_ARGS, {})
    thread.user = user
    thread.run()
--- a/authentik/stages/password/stage.py
+++ b/authentik/stages/password/stage.py
@ -27,8 +27,8 @@ from authentik.stages.password.models import PasswordStage
 LOGGER = get_logger()
 PLAN_CONTEXT_AUTHENTICATION_BACKEND = "user_backend"
-PLAN_CONTEXT_METHOD = "method"
+PLAN_CONTEXT_METHOD = "auth_method"
-PLAN_CONTEXT_METHOD_ARGS = "method_args"
+PLAN_CONTEXT_METHOD_ARGS = "auth_method_args"
 SESSION_INVALID_TRIES = "user_invalid_tries"
--- a/schema.yml
+++ b/schema.yml
@ -20382,8 +20382,8 @@ components:
      - url
    BackendsEnum:
      enum:
-      - django.contrib.auth.backends.ModelBackend
+      - authentik.core.auth.InbuiltBackend
-      - authentik.core.token_auth.TokenBackend
+      - authentik.core.auth.TokenBackend
      - authentik.sources.ldap.auth.LDAPBackend
      type: string
    BindingTypeEnum:
--- a/web/src/pages/stages/password/PasswordStageForm.ts
+++ b/web/src/pages/stages/password/PasswordStageForm.ts
@ -76,25 +76,25 @@ export class PasswordStageForm extends ModelForm<PasswordStage, string> {
                    >
                        <select name="users" class="pf-c-form-control" multiple>
                            <option
-                                value=${BackendsEnum.DjangoContribAuthBackendsModelBackend}
+                                value=${BackendsEnum.CoreAuthInbuiltBackend}
                                ?selected=${this.isBackendSelected(
-                                    BackendsEnum.DjangoContribAuthBackendsModelBackend,
+                                    BackendsEnum.CoreAuthInbuiltBackend,
                                )}
                            >
                                ${t`User database + standard password`}
                            </option>
                            <option
-                                value=${BackendsEnum.AuthentikCoreTokenAuthTokenBackend}
+                                value=${BackendsEnum.CoreAuthTokenBackend}
                                ?selected=${this.isBackendSelected(
-                                    BackendsEnum.AuthentikCoreTokenAuthTokenBackend,
+                                    BackendsEnum.CoreAuthTokenBackend,
                                )}
                            >
                                ${t`User database + app passwords`}
                            </option>
                            <option
-                                value=${BackendsEnum.AuthentikSourcesLdapAuthLdapBackend}
+                                value=${BackendsEnum.SourcesLdapAuthLdapBackend}
                                ?selected=${this.isBackendSelected(
-                                    BackendsEnum.AuthentikSourcesLdapAuthLdapBackend,
+                                    BackendsEnum.SourcesLdapAuthLdapBackend,
                                )}
                            >
                                ${t`User database + LDAP password`}
--- a/website/docs/policies/expression.mdx
+++ b/website/docs/policies/expression.mdx
@ -59,3 +59,31 @@ This includes the following:
 - `prompt_data`: Data which has been saved from a prompt stage or an external source.
 - `application`: The application the user is in the process of authorizing.
 - `pending_user`: The currently pending user, see [User](/docs/expressions/reference/user-object)
 - `auth_method`: Authentication method set (this value is set by password stages)
    Depending on method, `auth_method_args` is also set.
    Can be any of:
    - `password`: Standard password login
    - `app_password`: App passowrd (token)
        Sets `auth_method_args` to
        ```json
        {
            "token": {
                "pk": "f6d639aac81940f38dcfdc6e0fe2a786",
                "app": "authentik_core",
                "name": "test (expires=2021-08-23 15:45:54.725880+00:00)",
                "model_name": "token"
            }
        }
        ```
    - `ldap`: LDAP bind authentication
        Sets `auth_method_args` to
        ```json
        {
            "source": {} // Information about the source used
        }
        ```