core: only show `Reset password` link when recovery flow is configured

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>

authentik/core/api/users.py

@@ -2,12 +2,11 @@
 from json import loads
 
 from django.db.models.query import QuerySet
-from django.http.response import Http404
 from django.urls import reverse_lazy
 from django.utils.http import urlencode
 from django_filters.filters import BooleanFilter, CharFilter
 from django_filters.filterset import FilterSet
-from drf_spectacular.utils import OpenApiResponse, extend_schema, extend_schema_field
+from drf_spectacular.utils import extend_schema, extend_schema_field
 from guardian.utils import get_anonymous_user
 from rest_framework.decorators import action
 from rest_framework.fields import CharField, JSONField, SerializerMethodField
@@ -173,7 +172,7 @@ class UserViewSet(UsedByMixin, ModelViewSet):
     @extend_schema(
         responses={
             "200": LinkSerializer(many=False),
-            "404": OpenApiResponse(description="No recovery flow found."),
+            "404": LinkSerializer(many=False),
         },
     )
     @action(detail=True, pagination_class=None, filter_backends=[])
@@ -184,7 +183,7 @@ class UserViewSet(UsedByMixin, ModelViewSet):
         # Check that there is a recovery flow, if not return an error
         flow = tenant.flow_recovery
         if not flow:
-            raise Http404
+            return Response({"link": ""}, status=404)
         user: User = self.get_object()
         token, __ = Token.objects.get_or_create(
             identifier=f"{user.uid}-password-reset",

schema.yml

@@ -3096,7 +3096,11 @@ paths:
                 $ref: '#/components/schemas/Link'
           description: ''
         '404':
-          description: No recovery flow found.
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/Link'
+          description: ''
         '400':
           $ref: '#/components/schemas/ValidationError'
         '403':

web/src/pages/users/UserListPage.ts

@@ -9,13 +9,14 @@ import "../../elements/buttons/ActionButton";
 import { TableColumn } from "../../elements/table/Table";
 import { PAGE_SIZE } from "../../constants";
 import { CoreApi, User } from "authentik-api";
-import { DEFAULT_CONFIG } from "../../api/Config";
+import { DEFAULT_CONFIG, tenant } from "../../api/Config";
 import "../../elements/forms/DeleteForm";
 import "./UserActiveForm";
 import "./UserForm";
 import { showMessage } from "../../elements/messages/MessageContainer";
 import { MessageLevel } from "../../elements/messages/Message";
 import { first } from "../../utils";
+import { until } from "lit-html/directives/until";
 
 @customElement("ak-user-list")
 export class UserListPage extends TablePage<User> {
@@ -128,27 +129,33 @@ export class UserListPage extends TablePage<User> {
                     </li>
                 </ul>
             </ak-dropdown>
-            <ak-action-button
+            ${until(tenant().then(te => {
-                .apiRequest=${() => {
+                if (te.flowRecovery) {
-                    return new CoreApi(DEFAULT_CONFIG).coreUsersRecoveryRetrieve({
+                    return html`
-                        id: item.pk || 0,
+                        <ak-action-button
-                    }).then(rec => {
+                            .apiRequest=${() => {
-                        showMessage({
+                                return new CoreApi(DEFAULT_CONFIG).coreUsersRecoveryRetrieve({
-                            level: MessageLevel.success,
+                                    id: item.pk || 0,
-                            message: t`Successfully generated recovery link`,
+                                }).then(rec => {
-                            description: rec.link
+                                    showMessage({
-                        });
+                                        level: MessageLevel.success,
-                    }).catch((ex: Response) => {
+                                        message: t`Successfully generated recovery link`,
-                        ex.json().then(() => {
+                                        description: rec.link
-                            showMessage({
+                                    });
-                                level: MessageLevel.error,
+                                }).catch((ex: Response) => {
-                                message: t`No recovery flow is configured.`,
+                                    ex.json().then(() => {
-                            });
+                                        showMessage({
-                        });
+                                            level: MessageLevel.error,
-                    });
+                                            message: t`No recovery flow is configured.`,
-                }}>
+                                        });
-                ${t`Reset Password`}
+                                    });
-            </ak-action-button>
+                                });
+                            }}>
+                            ${t`Reset Password`}
+                        </ak-action-button>`;
+                }
+                return html``;
+            }))}
             <a class="pf-c-button pf-m-tertiary" href="${`/-/impersonation/${item.pk}/`}">
                 ${t`Impersonate`}
             </a>`,