wip

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
2023-12-27 14:44:28 +01:00 · 2023-12-27 14:44:28 +01:00 · f7b6261745
parent 18d7395e7e
commit f7b6261745
3 changed files with 14 additions and 11 deletions
--- a/authentik/lib/expression/evaluator.py
+++ b/authentik/lib/expression/evaluator.py
@ -6,7 +6,6 @@ from textwrap import indent
 from typing import Any, Iterable, Optional
 from cachetools import TLRUCache, cached
 from django.apps import apps
 from django.core.exceptions import FieldError
 from guardian.shortcuts import get_anonymous_user
 from rest_framework.serializers import ValidationError
@ -15,10 +14,16 @@ from sentry_sdk.hub import Hub
 from sentry_sdk.tracing import Span
 from structlog.stdlib import get_logger
-from authentik.core.models import User
+from authentik.core.models import (
    USER_ATTRIBUTE_CHANGE_EMAIL,
    USER_ATTRIBUTE_CHANGE_NAME,
    USER_ATTRIBUTE_CHANGE_USERNAME,
    User,
 )
 from authentik.events.models import Event
 from authentik.lib.config import CONFIG
 from authentik.lib.utils.http import get_http_session
 from authentik.lib.utils.reflection import get_apps
 from authentik.policies.models import Policy, PolicyBinding
 from authentik.policies.process import PolicyProcess
 from authentik.policies.types import PolicyRequest, PolicyResult
@ -57,8 +62,13 @@ class BaseEvaluator:
            "requests": get_http_session(),
            "resolve_dns": BaseEvaluator.expr_resolve_dns,
            "reverse_dns": BaseEvaluator.expr_reverse_dns,
            # Temporary addition of config until #7590 is through and this is not needed anymore
            "CONFIG": CONFIG,
            "USER_ATTRIBUTE_CHANGE_EMAIL": USER_ATTRIBUTE_CHANGE_EMAIL,
            "USER_ATTRIBUTE_CHANGE_NAME": USER_ATTRIBUTE_CHANGE_NAME,
            "USER_ATTRIBUTE_CHANGE_USERNAME": USER_ATTRIBUTE_CHANGE_USERNAME,
        }
-        for app in apps.get_app_configs():
+        for app in get_apps():
            # Load models from each app
            for model in app.get_models():
                self._globals[model.__name__] = model
--- a/blueprints/default/flow-default-user-settings-flow.yaml
+++ b/blueprints/default/flow-default-user-settings-flow.yaml
@ -85,12 +85,6 @@ entries:
  model: authentik_stages_prompt.prompt
 - attrs:
    expression:  |
      from authentik.lib.config import CONFIG
      from authentik.core.models import (
          USER_ATTRIBUTE_CHANGE_EMAIL,
          USER_ATTRIBUTE_CHANGE_NAME,
          USER_ATTRIBUTE_CHANGE_USERNAME
      )
      prompt_data = request.context.get("prompt_data")
      if not request.user.group_attributes(request.http_request).get(
--- a/blueprints/default/flow-oobe.yaml
+++ b/blueprints/default/flow-oobe.yaml
@ -89,9 +89,8 @@ entries:
    expression: |
      # This policy ensures that the setup flow can only be
      # used one time
      from authentik.flows.models import Flow, FlowAuthenticationRequirement
      Flow.objects.filter(slug="initial-setup").update(
-          authentication=FlowAuthenticationRequirement.REQUIRE_SUPERUSER,
+          authentication=Flow.authentication.field.default.__class__.REQUIRE_SUPERUSER,
      )
      return True
  id: policy-default-oobe-flow-set-authentication