Comments (3)
Data when called from a flow stage binding:
{
"asn": {
"asn": 0,
"as_org": "###",
"network": "###"
},
"geo": {
"lat": 0.0,
"city": "###",
"long": 0.0,
"country": "##",
"continent": "##"
},
"result": {
"passing": true,
"messages": [],
"raw_result": true,
"log_messages": [],
"source_binding": null,
"source_results": []
},
"binding": {
"pk": "###",
"app": "authentik_policies",
"name": "Binding from Flow-stage binding #40 to b28b1ffd-322d-4ae4-93c2-072533cd9f92 #0 to Policy custom-debug-check-context-data",
"model_name": "policybinding"
},
"message": "Policy Execution",
"request": {
"obj": {
"pk": "###",
"app": "authentik_flows",
"name": "Flow-stage binding #40 to b28b1ffd-322d-4ae4-93c2-072533cd9f92",
"model_name": "flowstagebinding"
},
"user": {
"pk": 1,
"email": "",
"username": "AnonymousUser",
"is_anonymous": true
},
"debug": false,
"context": {
"asn": {
"asn": 0,
"as_org": "###",
"network": "###"
},
"geoip": {
"lat": 0.0,
"city": "##",
"long": 0.0,
"country": "##",
"continent": "##"
},
"flow_plan": {
"context": {
"invitation": {
"pk": "###",
"app": "authentik_stages_invitation",
"name": "test-invitation-abcdefxyz",
"model_name": "invitation"
},
"prompt_data": {
"email": "julia@######",
"username": "[email protected]",
"component": "ak-stage-prompt",
"attributes": {
"invite_used": "test-invitation-abcdefxyz"
},
"email_repeat": "julia@######",
"invite_suffix": "@id.abcdef.xyz"
},
"invitation_in_effect": true
},
"flow_pk": "##",
"markers": [
{
"binding": {
"pk": "###",
"app": "authentik_flows",
"name": "Flow-stage binding #40 to b28b1ffd-322d-4ae4-93c2-072533cd9f92",
"model_name": "flowstagebinding"
}
},
{
"binding": {
"pk": "###",
"app": "authentik_flows",
"name": "Flow-stage binding #50 to b28b1ffd-322d-4ae4-93c2-072533cd9f92",
"model_name": "flowstagebinding"
}
},
{
"binding": {
"pk": "###",
"app": "authentik_flows",
"name": "Flow-stage binding #60 to b28b1ffd-322d-4ae4-93c2-072533cd9f92",
"model_name": "flowstagebinding"
}
}
],
"bindings": [
{
"pk": "###",
"app": "authentik_flows",
"name": "Flow-stage binding #40 to b28b1ffd-322d-4ae4-93c2-072533cd9f92",
"model_name": "flowstagebinding"
},
{
"pk": "###",
"app": "authentik_flows",
"name": "Flow-stage binding #50 to b28b1ffd-322d-4ae4-93c2-072533cd9f92",
"model_name": "flowstagebinding"
},
{
"pk": "###",
"app": "authentik_flows",
"name": "Flow-stage binding #60 to b28b1ffd-322d-4ae4-93c2-072533cd9f92",
"model_name": "flowstagebinding"
}
]
},
"invitation": {
"pk": "###",
"app": "authentik_stages_invitation",
"name": "test-invitation-abcdefxyz",
"model_name": "invitation"
},
"dumped_data": {
"context_flow_plan": "TypeError('Object of type FlowPlan is not JSON serializable')",
"context_prompt_data": "{\"attributes\": {\"invite_used\": \"test-invitation-abcdefxyz\"}, \"invite_suffix\": \"@id.abcdef.xyz\", \"component\": \"ak-stage-prompt\", \"email\": \"julia@######\", \"email_repeat\": \"julia@######\", \"username\": \"[email protected]\"}",
"context_flow_plan_context": "TypeError('Object of type Invitation is not JSON serializable')",
"request_context_flow_plan": "TypeError('Object of type FlowPlan is not JSON serializable')",
"request_context_prompt_data": "{\"attributes\": {\"invite_used\": \"test-invitation-abcdefxyz\"}, \"invite_suffix\": \"@id.abcdef.xyz\", \"component\": \"ak-stage-prompt\", \"email\": \"julia@######\", \"email_repeat\": \"julia@######\", \"username\": \"[email protected]\"}",
"request_context_flow_plan_context": "TypeError('Object of type Invitation is not JSON serializable')"
},
"prompt_data": {
"email": "julia@######",
"username": "[email protected]",
"component": "ak-stage-prompt",
"attributes": {
"invite_used": "test-invitation-abcdef"
},
"email_repeat": "julia@######",
"invite_suffix": "@id.abcdef.xyz"
},
"invitation_in_effect": true
},
"http_request": null
},
"policy_uuid": "7b925018e11043819adaf3caad8498c3",
"http_request": {
"args": {
"itoken": "********************"
},
"path": "/api/v3/flows/executor/welcome-to-abcdefx/",
"method": "GET",
"user_agent": "Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0"
}
}
from authentik.
On further reading I noticed that https://version-2024-2.goauthentik.io/docs/policies/expression states:
Additionally, when the policy is executed from a flow, every variable from the flow's current context is accessible under the context object.
Which I can't shake the feeling would still apply to my situation since I am calling the policy from a stage during a flow. I get that this is probably the part that meant to warn me about my situation. Still... is there some way around it?
from authentik.
I think I found a solution that is labor intensive if there is a lot of data but totally fine in my case. I had my head stuck with the idea to take the values from the flow_plan or context but it is much easier.
I added a hidden field to the prompt stage that read it's initial value from the prompt_data. I figured this should work since - as stated in the original question - the data is there for the placeholder expression - turns out it is also there for the initial value expression. The hints for the two expression input fields suggest that their environments are a little different but i don't know.
The initial value of a hidden prompt with the key 'username_suffix` is
invite_suffix=''
try:
invite_suffix = request.context['prompt_context'].get('invite_suffix',invite_suffix)
except:
pass
return invite_suffix
The policy used in the Prompt stages validation phase looks something like this:
max_length=64
question = ''
invite_suffix=request.context['prompt_data'].get('username_suffix', '')
username = request.context['prompt_data'].get('username')
if invite_suffix:
question=f' Did you use suffix {invite_suffix}?'
if len(username) > max_length:
ak_message('The resulting username is too long')
return False
if not username:
ak_messaage('Please specify a username')
return False
if not username.endswith(invite_suffix):
ak_message(f'Username does not look right{question}')
return False
return True
Editing the hidden fields value in the HTML does NOT lead to the value being different when running the policy so that's good.
from authentik.
Related Issues (20)
- Failed to start metrics server HOT 1
- LDAP Outpost will refuse to start until an Application is created that uses it HOT 1
- Passwordless not working on 2024.4.1 HOT 7
- LDAP source: internal password is written after password change (without "update internal password on login")
- Provider not showing Proxy Setup
- LDAP Outpost: Custom `gidNumber` attribute is ignored in virtual-group-object if it is not a string, but the user-object accepts also a integer
- Event Matcher Policy Action Type = "Custom Prefix" not working as expected HOT 1
- Authentik Api key access
- website: AUTHENTIK_SECRET_KEY has a newline character HOT 2
- Nextcloud OpenID Connect exception: Object of type UUID is not JSON serializable HOT 4
- OpenShift Support
- prowlarr with authentik my other *arr can't contact the indexers
- Now it generates the code, but still not working. HOT 1
- ak_user_has_authenticator result does not change while logged in
- Outpost Controller task (and thus respective pods) not starting when Authentik is started with helm chart HOT 1
- Static token OTP Gui overflow
- Authorization flow / Failed to fetch objects: undefined / proxy HOT 3
- smtp transport self signed certificate error: NotificationTransportError: [SSL: CERTIFICATE_VERIFY_FAILED]
- Initial setup link not working HOT 5
- Support systemd notify
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authentik.