From f7b62617454541e17c79a1769afbdb48aed780e7 Mon Sep 17 00:00:00 2001 From: Marc 'risson' Schmitt Date: Wed, 27 Dec 2023 14:44:28 +0100 Subject: [PATCH] wip Signed-off-by: Marc 'risson' Schmitt --- authentik/lib/expression/evaluator.py | 16 +++++++++++++--- .../default/flow-default-user-settings-flow.yaml | 6 ------ blueprints/default/flow-oobe.yaml | 3 +-- 3 files changed, 14 insertions(+), 11 deletions(-) diff --git a/authentik/lib/expression/evaluator.py b/authentik/lib/expression/evaluator.py index 46ba5f416..1f3746956 100644 --- a/authentik/lib/expression/evaluator.py +++ b/authentik/lib/expression/evaluator.py @@ -6,7 +6,6 @@ from textwrap import indent from typing import Any, Iterable, Optional from cachetools import TLRUCache, cached -from django.apps import apps from django.core.exceptions import FieldError from guardian.shortcuts import get_anonymous_user from rest_framework.serializers import ValidationError @@ -15,10 +14,16 @@ from sentry_sdk.hub import Hub from sentry_sdk.tracing import Span from structlog.stdlib import get_logger -from authentik.core.models import User +from authentik.core.models import ( + USER_ATTRIBUTE_CHANGE_EMAIL, + USER_ATTRIBUTE_CHANGE_NAME, + USER_ATTRIBUTE_CHANGE_USERNAME, + User, +) from authentik.events.models import Event from authentik.lib.config import CONFIG from authentik.lib.utils.http import get_http_session +from authentik.lib.utils.reflection import get_apps from authentik.policies.models import Policy, PolicyBinding from authentik.policies.process import PolicyProcess from authentik.policies.types import PolicyRequest, PolicyResult @@ -57,8 +62,13 @@ class BaseEvaluator: "requests": get_http_session(), "resolve_dns": BaseEvaluator.expr_resolve_dns, "reverse_dns": BaseEvaluator.expr_reverse_dns, + # Temporary addition of config until #7590 is through and this is not needed anymore + "CONFIG": CONFIG, + "USER_ATTRIBUTE_CHANGE_EMAIL": USER_ATTRIBUTE_CHANGE_EMAIL, + "USER_ATTRIBUTE_CHANGE_NAME": USER_ATTRIBUTE_CHANGE_NAME, + "USER_ATTRIBUTE_CHANGE_USERNAME": USER_ATTRIBUTE_CHANGE_USERNAME, } - for app in apps.get_app_configs(): + for app in get_apps(): # Load models from each app for model in app.get_models(): self._globals[model.__name__] = model diff --git a/blueprints/default/flow-default-user-settings-flow.yaml b/blueprints/default/flow-default-user-settings-flow.yaml index 01fb733d5..a37f72421 100644 --- a/blueprints/default/flow-default-user-settings-flow.yaml +++ b/blueprints/default/flow-default-user-settings-flow.yaml @@ -85,12 +85,6 @@ entries: model: authentik_stages_prompt.prompt - attrs: expression: | - from authentik.lib.config import CONFIG - from authentik.core.models import ( - USER_ATTRIBUTE_CHANGE_EMAIL, - USER_ATTRIBUTE_CHANGE_NAME, - USER_ATTRIBUTE_CHANGE_USERNAME - ) prompt_data = request.context.get("prompt_data") if not request.user.group_attributes(request.http_request).get( diff --git a/blueprints/default/flow-oobe.yaml b/blueprints/default/flow-oobe.yaml index e37603ebb..0521cdb15 100644 --- a/blueprints/default/flow-oobe.yaml +++ b/blueprints/default/flow-oobe.yaml @@ -89,9 +89,8 @@ entries: expression: | # This policy ensures that the setup flow can only be # used one time - from authentik.flows.models import Flow, FlowAuthenticationRequirement Flow.objects.filter(slug="initial-setup").update( - authentication=FlowAuthenticationRequirement.REQUIRE_SUPERUSER, + authentication=Flow.authentication.field.default.__class__.REQUIRE_SUPERUSER, ) return True id: policy-default-oobe-flow-set-authentication