stages/user_write: add create_users_as_inactive flag

close #1086

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-06-28 23:24:54 +02:00
parent fea1f3be6f
commit c19da839b1
10 changed files with 81 additions and 3 deletions

View file

@ -12,7 +12,7 @@ class UserWriteStageSerializer(StageSerializer):
class Meta:
model = UserWriteStage
fields = StageSerializer.Meta.fields
fields = StageSerializer.Meta.fields + ["create_users_as_inactive"]
class UserWriteStageViewSet(UsedByMixin, ModelViewSet):

View file

@ -0,0 +1,21 @@
# Generated by Django 3.2.4 on 2021-06-28 20:31
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
("authentik_stages_user_write", "0002_auto_20200918_1653"),
]
operations = [
migrations.AddField(
model_name="userwritestage",
name="create_users_as_inactive",
field=models.BooleanField(
default=False,
help_text="When set, newly created users are inactive and cannot login.",
),
),
]

View file

@ -1,6 +1,7 @@
"""write stage models"""
from typing import Type
from django.db import models
from django.utils.translation import gettext_lazy as _
from django.views import View
from rest_framework.serializers import BaseSerializer
@ -12,6 +13,11 @@ class UserWriteStage(Stage):
"""Writes currently pending data into the pending user, or if no user exists,
creates a new user with the data."""
create_users_as_inactive = models.BooleanField(
default=False,
help_text=_("When set, newly created users are inactive and cannot login."),
)
@property
def serializer(self) -> BaseSerializer:
from authentik.stages.user_write.api import UserWriteStageSerializer

View file

@ -35,7 +35,9 @@ class UserWriteStageView(StageView):
data = self.executor.plan.context[PLAN_CONTEXT_PROMPT]
user_created = False
if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context:
self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User()
self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User(
is_active=not self.executor.current_stage.create_users_as_inactive
)
self.executor.plan.context[
PLAN_CONTEXT_AUTHENTICATION_BACKEND
] = class_to_path(ModelBackend)

View file

@ -25778,6 +25778,9 @@ components:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
create_users_as_inactive:
type: boolean
description: When set, newly created users are inactive and cannot login.
PatchedWebAuthnDeviceRequest:
type: object
description: Serializer for WebAuthn authenticator devices
@ -28272,6 +28275,9 @@ components:
type: array
items:
$ref: '#/components/schemas/Flow'
create_users_as_inactive:
type: boolean
description: When set, newly created users are inactive and cannot login.
required:
- component
- name
@ -28288,6 +28294,9 @@ components:
type: array
items:
$ref: '#/components/schemas/FlowRequest'
create_users_as_inactive:
type: boolean
description: When set, newly created users are inactive and cannot login.
required:
- name
ValidationError:

View file

@ -945,6 +945,10 @@ msgstr "Create User"
msgid "Create provider"
msgstr "Create provider"
#: src/pages/stages/user_write/UserWriteStageForm.ts
msgid "Create users as inactive"
msgstr "Create users as inactive"
#: src/pages/applications/ApplicationForm.ts
#: src/pages/flows/BoundStagesList.ts
#: src/pages/outposts/ServiceConnectionListPage.ts
@ -2151,6 +2155,10 @@ msgstr "Logs"
msgid "Long-running operations which authentik executes in the background."
msgstr "Long-running operations which authentik executes in the background."
#: src/pages/stages/user_write/UserWriteStageForm.ts
msgid "Mark newly created users as inactive."
msgstr "Mark newly created users as inactive."
#: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts
msgid "Match created events with this action type. When left empty, all action types will be matched."
msgstr "Match created events with this action type. When left empty, all action types will be matched."
@ -3384,6 +3392,7 @@ msgstr "Stage used to validate any authenticator. This stage should be used duri
#: src/pages/stages/password/PasswordStageForm.ts
#: src/pages/stages/prompt/PromptStageForm.ts
#: src/pages/stages/user_login/UserLoginStageForm.ts
#: src/pages/stages/user_write/UserWriteStageForm.ts
msgid "Stage-specific settings"
msgstr "Stage-specific settings"

View file

@ -939,6 +939,10 @@ msgstr ""
msgid "Create provider"
msgstr ""
#:
msgid "Create users as inactive"
msgstr ""
#:
#:
#:
@ -2143,6 +2147,10 @@ msgstr ""
msgid "Long-running operations which authentik executes in the background."
msgstr ""
#:
msgid "Mark newly created users as inactive."
msgstr ""
#:
msgid "Match created events with this action type. When left empty, all action types will be matched."
msgstr ""
@ -3376,6 +3384,7 @@ msgstr ""
#:
#:
#:
#:
msgid "Stage-specific settings"
msgstr ""

View file

@ -5,7 +5,9 @@ import { html, TemplateResult } from "lit-html";
import { DEFAULT_CONFIG } from "../../../api/Config";
import { ifDefined } from "lit-html/directives/if-defined";
import "../../../elements/forms/HorizontalFormElement";
import "../../../elements/forms/FormGroup";
import { ModelForm } from "../../../elements/forms/ModelForm";
import { first } from "../../../utils";
@customElement("ak-stage-user-write-form")
export class UserWriteStageForm extends ModelForm<UserWriteStage, string> {
@ -49,6 +51,22 @@ export class UserWriteStageForm extends ModelForm<UserWriteStage, string> {
name="name">
<input type="text" value="${ifDefined(this.instance?.name || "")}" class="pf-c-form-control" required>
</ak-form-element-horizontal>
<ak-form-group .expanded=${true}>
<span slot="header">
${t`Stage-specific settings`}
</span>
<div slot="body" class="pf-c-form">
<ak-form-element-horizontal name="createUsersAsInactive">
<div class="pf-c-check">
<input type="checkbox" class="pf-c-check__input" ?checked=${first(this.instance?.createUsersAsInactive, true)}>
<label class="pf-c-check__label">
${t`Create users as inactive`}
</label>
</div>
<p class="pf-c-form__helper-text">${t`Mark newly created users as inactive.`}</p>
</ak-form-element-horizontal>
</div>
</ak-form-group>
</form>`;
}

View file

@ -132,6 +132,8 @@ slug: "2021.6"
- providers/oauth2: fix exp of JWT when not using seconds
- sources/ldap: improve error handling when checking for password complexity on non-ad setups
- stages/authenticator_duo: fix component not being set in API
- stages/prompt: ensure hidden and static fields keep the value they had set
- stages/user_write: add flag to create new users as inactive
- tenants: include all default flows in current_tenant
- web/admin: fix deletion of authenticator not reloading the state correctly
- web/admin: fix only recovery flows being selectable for unenrollment flow in tenant form

View file

@ -145,7 +145,9 @@
"name": "default-enrollment-user-write"
},
"model": "authentik_stages_user_write.userwritestage",
"attrs": {}
"attrs": {
"create_users_as_inactive": true
}
},
{
"identifiers": {