core: make defaults for _change_email and _change_username configurable

closes #1789

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-11-13 22:33:03 +01:00
parent f069cfb643
commit 88516ba2ca
3 changed files with 26 additions and 2 deletions

View File

@ -55,6 +55,7 @@ from authentik.core.models import (
User, User,
) )
from authentik.events.models import EventAction from authentik.events.models import EventAction
from authentik.lib.config import CONFIG
from authentik.stages.email.models import EmailStage from authentik.stages.email.models import EmailStage
from authentik.stages.email.tasks import send_mails from authentik.stages.email.tasks import send_mails
from authentik.stages.email.utils import TemplateEmailMessage from authentik.stages.email.utils import TemplateEmailMessage
@ -125,7 +126,9 @@ class UserSelfSerializer(ModelSerializer):
def validate_email(self, email: str): def validate_email(self, email: str):
"""Check if the user is allowed to change their email""" """Check if the user is allowed to change their email"""
if self.instance.group_attributes().get(USER_ATTRIBUTE_CHANGE_EMAIL, True): if self.instance.group_attributes().get(
USER_ATTRIBUTE_CHANGE_EMAIL, CONFIG.y_bool("default_user_change_email", True)
):
return email return email
if email != self.instance.email: if email != self.instance.email:
raise ValidationError("Not allowed to change email.") raise ValidationError("Not allowed to change email.")
@ -133,7 +136,9 @@ class UserSelfSerializer(ModelSerializer):
def validate_username(self, username: str): def validate_username(self, username: str):
"""Check if the user is allowed to change their username""" """Check if the user is allowed to change their username"""
if self.instance.group_attributes().get(USER_ATTRIBUTE_CHANGE_USERNAME, True): if self.instance.group_attributes().get(
USER_ATTRIBUTE_CHANGE_USERNAME, CONFIG.y_bool("default_user_change_username", True)
):
return username return username
if username != self.instance.username: if username != self.instance.username:
raise ValidationError("Not allowed to change username.") raise ValidationError("Not allowed to change username.")

View File

@ -78,3 +78,6 @@ footer_links:
href: https://goauthentik.io/docs/?utm_source=authentik href: https://goauthentik.io/docs/?utm_source=authentik
- name: authentik Website - name: authentik Website
href: https://goauthentik.io/?utm_source=authentik href: https://goauthentik.io/?utm_source=authentik
default_user_change_email: true
default_user_change_username: true

View File

@ -149,6 +149,22 @@ Configure how authentik should show avatars for users. Following values can be s
- `%(mail_hash)s`: The email address, md5 hashed - `%(mail_hash)s`: The email address, md5 hashed
- `%(upn)s`: The user's UPN, if set (otherwise an empty string) - `%(upn)s`: The user's UPN, if set (otherwise an empty string)
### AUTHENTIK_DEFAULT_USER_CHANGE_EMAIL
:::info
Requires authentik 2021.10.5
:::
Enable the ability for users to change their Email address, defaults to `true`.
### AUTHENTIK_DEFAULT_USER_CHANGE_USERNAME
:::info
Requires authentik 2021.10.5
:::
Enable the ability for users to change their Usernames, defaults to `true`.
## Debugging ## Debugging
To check if your config has been applied correctly, you can run the following command to output the full config: To check if your config has been applied correctly, you can run the following command to output the full config: