stages/prompt: use policyenginemode all

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-12-09 09:39:37 +01:00
parent 6209714f87
commit db316b59c5
3 changed files with 9 additions and 2 deletions

View File

@ -18,7 +18,7 @@ from authentik.flows.challenge import Challenge, ChallengeResponse, ChallengeTyp
from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlan from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER, FlowPlan
from authentik.flows.stage import ChallengeStageView from authentik.flows.stage import ChallengeStageView
from authentik.policies.engine import PolicyEngine from authentik.policies.engine import PolicyEngine
from authentik.policies.models import PolicyBinding, PolicyBindingModel from authentik.policies.models import PolicyBinding, PolicyBindingModel, PolicyEngineMode
from authentik.stages.prompt.models import FieldTypes, Prompt, PromptStage from authentik.stages.prompt.models import FieldTypes, Prompt, PromptStage
from authentik.stages.prompt.signals import password_validate from authentik.stages.prompt.signals import password_validate
@ -110,6 +110,7 @@ class PromptChallengeResponse(ChallengeResponse):
user = self.plan.context.get(PLAN_CONTEXT_PENDING_USER, get_anonymous_user()) user = self.plan.context.get(PLAN_CONTEXT_PENDING_USER, get_anonymous_user())
engine = ListPolicyEngine(self.stage.validation_policies.all(), user, self.request) engine = ListPolicyEngine(self.stage.validation_policies.all(), user, self.request)
engine.mode = PolicyEngineMode.MODE_ALL
engine.request.context[PLAN_CONTEXT_PROMPT] = attrs engine.request.context[PLAN_CONTEXT_PROMPT] = attrs
engine.request.context.update(attrs) engine.request.context.update(attrs)
engine.build() engine.build()

View File

@ -60,3 +60,5 @@ return False
This policy expects you to have two password fields with `field_key` set to `password` and `password_repeat`. This policy expects you to have two password fields with `field_key` set to `password` and `password_repeat`.
Afterwards, bind this policy to the prompt stage you want to validate. Afterwards, bind this policy to the prompt stage you want to validate.
Before 2021.12, any policy was required to pass for the result to be considered valid. This has been changed, and now all policies are required to be valid.

View File

@ -3,10 +3,14 @@ title: Release 2021.12
slug: "2021.12" slug: "2021.12"
--- ---
## Headline Changes ## Headline changes
This release does not have any headline features, and mostly fixes bugs. This release does not have any headline features, and mostly fixes bugs.
## Breaking changes
- stages/prompt: Before 2021.12, any policy was required to pass for the result to be considered valid. This has been changed, and now all policies are required to be valid.
## Minor changes ## Minor changes
- core: make defaults for _change_email and _change_username configurable - core: make defaults for _change_email and _change_username configurable