stages/user_write: add create_users_as_inactive flag
close #1086 Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
fea1f3be6f
commit
c19da839b1
|
@ -12,7 +12,7 @@ class UserWriteStageSerializer(StageSerializer):
|
|||
class Meta:
|
||||
|
||||
model = UserWriteStage
|
||||
fields = StageSerializer.Meta.fields
|
||||
fields = StageSerializer.Meta.fields + ["create_users_as_inactive"]
|
||||
|
||||
|
||||
class UserWriteStageViewSet(UsedByMixin, ModelViewSet):
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
# Generated by Django 3.2.4 on 2021-06-28 20:31
|
||||
|
||||
from django.db import migrations, models
|
||||
|
||||
|
||||
class Migration(migrations.Migration):
|
||||
|
||||
dependencies = [
|
||||
("authentik_stages_user_write", "0002_auto_20200918_1653"),
|
||||
]
|
||||
|
||||
operations = [
|
||||
migrations.AddField(
|
||||
model_name="userwritestage",
|
||||
name="create_users_as_inactive",
|
||||
field=models.BooleanField(
|
||||
default=False,
|
||||
help_text="When set, newly created users are inactive and cannot login.",
|
||||
),
|
||||
),
|
||||
]
|
|
@ -1,6 +1,7 @@
|
|||
"""write stage models"""
|
||||
from typing import Type
|
||||
|
||||
from django.db import models
|
||||
from django.utils.translation import gettext_lazy as _
|
||||
from django.views import View
|
||||
from rest_framework.serializers import BaseSerializer
|
||||
|
@ -12,6 +13,11 @@ class UserWriteStage(Stage):
|
|||
"""Writes currently pending data into the pending user, or if no user exists,
|
||||
creates a new user with the data."""
|
||||
|
||||
create_users_as_inactive = models.BooleanField(
|
||||
default=False,
|
||||
help_text=_("When set, newly created users are inactive and cannot login."),
|
||||
)
|
||||
|
||||
@property
|
||||
def serializer(self) -> BaseSerializer:
|
||||
from authentik.stages.user_write.api import UserWriteStageSerializer
|
||||
|
|
|
@ -35,7 +35,9 @@ class UserWriteStageView(StageView):
|
|||
data = self.executor.plan.context[PLAN_CONTEXT_PROMPT]
|
||||
user_created = False
|
||||
if PLAN_CONTEXT_PENDING_USER not in self.executor.plan.context:
|
||||
self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User()
|
||||
self.executor.plan.context[PLAN_CONTEXT_PENDING_USER] = User(
|
||||
is_active=not self.executor.current_stage.create_users_as_inactive
|
||||
)
|
||||
self.executor.plan.context[
|
||||
PLAN_CONTEXT_AUTHENTICATION_BACKEND
|
||||
] = class_to_path(ModelBackend)
|
||||
|
|
|
@ -25778,6 +25778,9 @@ components:
|
|||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/FlowRequest'
|
||||
create_users_as_inactive:
|
||||
type: boolean
|
||||
description: When set, newly created users are inactive and cannot login.
|
||||
PatchedWebAuthnDeviceRequest:
|
||||
type: object
|
||||
description: Serializer for WebAuthn authenticator devices
|
||||
|
@ -28272,6 +28275,9 @@ components:
|
|||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/Flow'
|
||||
create_users_as_inactive:
|
||||
type: boolean
|
||||
description: When set, newly created users are inactive and cannot login.
|
||||
required:
|
||||
- component
|
||||
- name
|
||||
|
@ -28288,6 +28294,9 @@ components:
|
|||
type: array
|
||||
items:
|
||||
$ref: '#/components/schemas/FlowRequest'
|
||||
create_users_as_inactive:
|
||||
type: boolean
|
||||
description: When set, newly created users are inactive and cannot login.
|
||||
required:
|
||||
- name
|
||||
ValidationError:
|
||||
|
|
|
@ -945,6 +945,10 @@ msgstr "Create User"
|
|||
msgid "Create provider"
|
||||
msgstr "Create provider"
|
||||
|
||||
#: src/pages/stages/user_write/UserWriteStageForm.ts
|
||||
msgid "Create users as inactive"
|
||||
msgstr "Create users as inactive"
|
||||
|
||||
#: src/pages/applications/ApplicationForm.ts
|
||||
#: src/pages/flows/BoundStagesList.ts
|
||||
#: src/pages/outposts/ServiceConnectionListPage.ts
|
||||
|
@ -2151,6 +2155,10 @@ msgstr "Logs"
|
|||
msgid "Long-running operations which authentik executes in the background."
|
||||
msgstr "Long-running operations which authentik executes in the background."
|
||||
|
||||
#: src/pages/stages/user_write/UserWriteStageForm.ts
|
||||
msgid "Mark newly created users as inactive."
|
||||
msgstr "Mark newly created users as inactive."
|
||||
|
||||
#: src/pages/policies/event_matcher/EventMatcherPolicyForm.ts
|
||||
msgid "Match created events with this action type. When left empty, all action types will be matched."
|
||||
msgstr "Match created events with this action type. When left empty, all action types will be matched."
|
||||
|
@ -3384,6 +3392,7 @@ msgstr "Stage used to validate any authenticator. This stage should be used duri
|
|||
#: src/pages/stages/password/PasswordStageForm.ts
|
||||
#: src/pages/stages/prompt/PromptStageForm.ts
|
||||
#: src/pages/stages/user_login/UserLoginStageForm.ts
|
||||
#: src/pages/stages/user_write/UserWriteStageForm.ts
|
||||
msgid "Stage-specific settings"
|
||||
msgstr "Stage-specific settings"
|
||||
|
||||
|
|
|
@ -939,6 +939,10 @@ msgstr ""
|
|||
msgid "Create provider"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
msgid "Create users as inactive"
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
|
@ -2143,6 +2147,10 @@ msgstr ""
|
|||
msgid "Long-running operations which authentik executes in the background."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
msgid "Mark newly created users as inactive."
|
||||
msgstr ""
|
||||
|
||||
#:
|
||||
msgid "Match created events with this action type. When left empty, all action types will be matched."
|
||||
msgstr ""
|
||||
|
@ -3376,6 +3384,7 @@ msgstr ""
|
|||
#:
|
||||
#:
|
||||
#:
|
||||
#:
|
||||
msgid "Stage-specific settings"
|
||||
msgstr ""
|
||||
|
||||
|
|
|
@ -5,7 +5,9 @@ import { html, TemplateResult } from "lit-html";
|
|||
import { DEFAULT_CONFIG } from "../../../api/Config";
|
||||
import { ifDefined } from "lit-html/directives/if-defined";
|
||||
import "../../../elements/forms/HorizontalFormElement";
|
||||
import "../../../elements/forms/FormGroup";
|
||||
import { ModelForm } from "../../../elements/forms/ModelForm";
|
||||
import { first } from "../../../utils";
|
||||
|
||||
@customElement("ak-stage-user-write-form")
|
||||
export class UserWriteStageForm extends ModelForm<UserWriteStage, string> {
|
||||
|
@ -49,6 +51,22 @@ export class UserWriteStageForm extends ModelForm<UserWriteStage, string> {
|
|||
name="name">
|
||||
<input type="text" value="${ifDefined(this.instance?.name || "")}" class="pf-c-form-control" required>
|
||||
</ak-form-element-horizontal>
|
||||
<ak-form-group .expanded=${true}>
|
||||
<span slot="header">
|
||||
${t`Stage-specific settings`}
|
||||
</span>
|
||||
<div slot="body" class="pf-c-form">
|
||||
<ak-form-element-horizontal name="createUsersAsInactive">
|
||||
<div class="pf-c-check">
|
||||
<input type="checkbox" class="pf-c-check__input" ?checked=${first(this.instance?.createUsersAsInactive, true)}>
|
||||
<label class="pf-c-check__label">
|
||||
${t`Create users as inactive`}
|
||||
</label>
|
||||
</div>
|
||||
<p class="pf-c-form__helper-text">${t`Mark newly created users as inactive.`}</p>
|
||||
</ak-form-element-horizontal>
|
||||
</div>
|
||||
</ak-form-group>
|
||||
</form>`;
|
||||
}
|
||||
|
||||
|
|
|
@ -132,6 +132,8 @@ slug: "2021.6"
|
|||
- providers/oauth2: fix exp of JWT when not using seconds
|
||||
- sources/ldap: improve error handling when checking for password complexity on non-ad setups
|
||||
- stages/authenticator_duo: fix component not being set in API
|
||||
- stages/prompt: ensure hidden and static fields keep the value they had set
|
||||
- stages/user_write: add flag to create new users as inactive
|
||||
- tenants: include all default flows in current_tenant
|
||||
- web/admin: fix deletion of authenticator not reloading the state correctly
|
||||
- web/admin: fix only recovery flows being selectable for unenrollment flow in tenant form
|
||||
|
|
|
@ -145,7 +145,9 @@
|
|||
"name": "default-enrollment-user-write"
|
||||
},
|
||||
"model": "authentik_stages_user_write.userwritestage",
|
||||
"attrs": {}
|
||||
"attrs": {
|
||||
"create_users_as_inactive": true
|
||||
}
|
||||
},
|
||||
{
|
||||
"identifiers": {
|
||||
|
|
Reference in a new issue