This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/blueprints/example/flows-recovery-email-verifi...

178 lines
4.9 KiB
YAML

version: 1
metadata:
labels:
blueprints.goauthentik.io/example: "true"
name: Example - Recovery with email verification
entries:
- identifiers:
slug: default-recovery-flow
id: flow
model: authentik_flows.flow
attrs:
name: Default recovery flow
title: Reset your password
designation: recovery
cache_count: 0
policy_engine_mode: any
compatibility_mode: false
layout: stacked
- identifiers:
field_key: password
label: Password
id: prompt-field-password
model: authentik_stages_prompt.prompt
attrs:
type: password
required: true
placeholder: Password
order: 0
sub_text: ""
placeholder_expression: false
- identifiers:
field_key: password_repeat
label: Password (repeat)
id: prompt-field-password-repeat
model: authentik_stages_prompt.prompt
attrs:
type: password
required: true
placeholder: Password (repeat)
order: 1
sub_text: ""
placeholder_expression: false
- identifiers:
name: default-recovery-skip-if-restored
id: default-recovery-skip-if-restored
model: authentik_policies_expression.expressionpolicy
attrs:
execution_logging: false
expression: |
return request.context.get('is_restored', False)
- identifiers:
name: default-recovery-email
id: default-recovery-email
model: authentik_stages_email.emailstage
attrs:
use_global_settings: true
host: localhost
port: 25
username: ""
use_tls: false
use_ssl: false
timeout: 10
from_address: system@authentik.local
token_expiry: 30
subject: authentik
template: email/password_reset.html
activate_user_on_success: true
- identifiers:
name: default-recovery-user-write
id: default-recovery-user-write
model: authentik_stages_user_write.userwritestage
attrs:
create_users_as_inactive: false
create_users_group: null
user_path_template: ""
- identifiers:
name: default-recovery-identification
id: default-recovery-identification
model: authentik_stages_identification.identificationstage
attrs:
user_fields:
- email
- username
password_stage: null
case_insensitive_matching: true
show_matched_user: true
enrollment_flow: null
recovery_flow: null
passwordless_flow: null
sources: []
show_source_labels: false
- identifiers:
name: default-recovery-user-login
id: default-recovery-user-login
model: authentik_stages_user_login.userloginstage
attrs:
session_duration: seconds=0
- identifiers:
name: Change your password
id: stages-prompt-password
model: authentik_stages_prompt.promptstage
attrs:
fields:
- !KeyOf prompt-field-password
- !KeyOf prompt-field-password-repeat
validation_policies: []
- identifiers:
target: !KeyOf flow
stage: !KeyOf default-recovery-identification
order: 10
model: authentik_flows.flowstagebinding
id: flow-binding-identification
attrs:
evaluate_on_plan: true
re_evaluate_policies: true
policy_engine_mode: any
invalid_response_action: retry
- identifiers:
target: !KeyOf flow
stage: !KeyOf default-recovery-email
order: 20
model: authentik_flows.flowstagebinding
id: flow-binding-email
attrs:
evaluate_on_plan: true
re_evaluate_policies: true
policy_engine_mode: any
invalid_response_action: retry
- identifiers:
pk: 1219d06e-2c06-4c5b-a162-78e3959c6cf0
target: !KeyOf flow
stage: !KeyOf stages-prompt-password
order: 30
model: authentik_flows.flowstagebinding
attrs:
evaluate_on_plan: true
re_evaluate_policies: false
policy_engine_mode: any
invalid_response_action: retry
- identifiers:
target: !KeyOf flow
stage: !KeyOf default-recovery-user-write
order: 40
model: authentik_flows.flowstagebinding
attrs:
evaluate_on_plan: true
re_evaluate_policies: false
policy_engine_mode: any
invalid_response_action: retry
- identifiers:
target: !KeyOf flow
stage: !KeyOf default-recovery-user-login
order: 100
model: authentik_flows.flowstagebinding
attrs:
evaluate_on_plan: true
re_evaluate_policies: false
policy_engine_mode: any
invalid_response_action: retry
- identifiers:
policy: !KeyOf default-recovery-skip-if-restored
target: !KeyOf flow-binding-identification
order: 0
model: authentik_policies.policybinding
attrs:
negate: false
enabled: true
timeout: 30
- identifiers:
policy: !KeyOf default-recovery-skip-if-restored
target: !KeyOf flow-binding-email
order: 0
model: authentik_policies.policybinding
attrs:
negate: false
enabled: true
timeout: 30