blueprints: prevent duplicate password stage in default flow when using combined identification stage (#6432)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2023-07-31 13:42:35 +02:00 committed by GitHub
parent 1b12c90f32
commit 5139656e95
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 0 deletions

View File

@ -51,6 +51,7 @@ entries:
order: 20 order: 20
stage: !KeyOf default-authentication-password stage: !KeyOf default-authentication-password
target: !KeyOf flow target: !KeyOf flow
id: default-authentication-flow-password-binding
model: authentik_flows.flowstagebinding model: authentik_flows.flowstagebinding
- identifiers: - identifiers:
order: 30 order: 30
@ -62,3 +63,18 @@ entries:
stage: !KeyOf default-authentication-login stage: !KeyOf default-authentication-login
target: !KeyOf flow target: !KeyOf flow
model: authentik_flows.flowstagebinding model: authentik_flows.flowstagebinding
- model: authentik_policies_expression.expressionpolicy
id: default-authentication-flow-password-optional
identifiers:
name: default-authentication-flow-password-stage
attrs:
expression: |
flow_plan = request.context["flow_plan"]
# If the user does not have a backend attached to it, they haven't
# been authenticated yet and we need the password stage
return not hasattr(flow_plan.context["pending_user"], "backend")
- model: authentik_policies.policybinding
identifiers:
order: 10
target: !KeyOf default-authentication-flow-password-binding
policy: !KeyOf default-authentication-flow-password-optional