From 5026cebf0239d14acfecf4d7f31fd17b77128927 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Sat, 10 Sep 2022 13:25:28 +0200 Subject: [PATCH] stages/consent: default to expiring consent instead of always_require Signed-off-by: Jens Langhammer --- .../0005_alter_consentstage_mode.py | 25 +++++++++++++++++++ authentik/stages/consent/models.py | 2 +- ...ovider-authorization-explicit-consent.yaml | 6 +++-- 3 files changed, 30 insertions(+), 3 deletions(-) create mode 100644 authentik/stages/consent/migrations/0005_alter_consentstage_mode.py diff --git a/authentik/stages/consent/migrations/0005_alter_consentstage_mode.py b/authentik/stages/consent/migrations/0005_alter_consentstage_mode.py new file mode 100644 index 000000000..32273132a --- /dev/null +++ b/authentik/stages/consent/migrations/0005_alter_consentstage_mode.py @@ -0,0 +1,25 @@ +# Generated by Django 4.1.1 on 2022-09-10 11:23 + +from django.db import migrations, models + + +class Migration(migrations.Migration): + + dependencies = [ + ("authentik_stages_consent", "0004_alter_userconsent_unique_together_and_more"), + ] + + operations = [ + migrations.AlterField( + model_name="consentstage", + name="mode", + field=models.TextField( + choices=[ + ("always_require", "Always Require"), + ("permanent", "Permanent"), + ("expiring", "Expiring"), + ], + default="expiring", + ), + ), + ] diff --git a/authentik/stages/consent/models.py b/authentik/stages/consent/models.py index 17c032cc5..12c603690 100644 --- a/authentik/stages/consent/models.py +++ b/authentik/stages/consent/models.py @@ -22,7 +22,7 @@ class ConsentMode(models.TextChoices): class ConsentStage(Stage): """Prompt the user for confirmation.""" - mode = models.TextField(choices=ConsentMode.choices, default=ConsentMode.ALWAYS_REQUIRE) + mode = models.TextField(choices=ConsentMode.choices, default=ConsentMode.EXPIRING) consent_expire_in = models.TextField( validators=[timedelta_string_validator], default="weeks=4", diff --git a/blueprints/default/20-flow-default-provider-authorization-explicit-consent.yaml b/blueprints/default/20-flow-default-provider-authorization-explicit-consent.yaml index 74eff8785..84dd76d25 100644 --- a/blueprints/default/20-flow-default-provider-authorization-explicit-consent.yaml +++ b/blueprints/default/20-flow-default-provider-authorization-explicit-consent.yaml @@ -10,9 +10,11 @@ entries: slug: default-provider-authorization-explicit-consent model: authentik_flows.flow id: flow -- identifiers: +- id: default-provider-authorization-consent + attrs: + mode: expiring + identifiers: name: default-provider-authorization-consent - id: default-provider-authorization-consent model: authentik_stages_consent.consentstage - identifiers: order: 0