authentik.stages.password.models
password stage models
1"""password stage models""" 2 3from django.contrib.postgres.fields import ArrayField 4from django.db import models 5from django.utils.translation import gettext_lazy as _ 6from django.views import View 7from rest_framework.serializers import BaseSerializer 8 9from authentik.core.types import UserSettingSerializer 10from authentik.flows.models import ConfigurableStage, Stage 11from authentik.stages.password import ( 12 BACKEND_APP_PASSWORD, 13 BACKEND_INBUILT, 14 BACKEND_KERBEROS, 15 BACKEND_LDAP, 16) 17 18 19def get_authentication_backends(): 20 """Return all available authentication backends as tuple set""" 21 return [ 22 ( 23 BACKEND_INBUILT, 24 _("User database + standard password"), 25 ), 26 ( 27 BACKEND_APP_PASSWORD, 28 _("User database + app passwords"), 29 ), 30 ( 31 BACKEND_LDAP, 32 _("User database + LDAP password"), 33 ), 34 ( 35 BACKEND_KERBEROS, 36 _("User database + Kerberos password"), 37 ), 38 ] 39 40 41class PasswordStage(ConfigurableStage, Stage): 42 """Prompt the user for their password, and validate it against the configured backends.""" 43 44 backends = ArrayField( 45 models.TextField(choices=get_authentication_backends()), 46 help_text=_("Selection of backends to test the password against."), 47 ) 48 failed_attempts_before_cancel = models.IntegerField( 49 default=5, 50 help_text=_( 51 "How many attempts a user has before the flow is canceled. " 52 "To lock the user out, use a reputation policy and a user_write stage." 53 ), 54 ) 55 allow_show_password = models.BooleanField( 56 default=False, 57 help_text=_( 58 "When enabled, provides a 'show password' button with the password input field." 59 ), 60 ) 61 62 @property 63 def serializer(self) -> type[BaseSerializer]: 64 from authentik.stages.password.api import PasswordStageSerializer 65 66 return PasswordStageSerializer 67 68 @property 69 def view(self) -> type[View]: 70 from authentik.stages.password.stage import PasswordStageView 71 72 return PasswordStageView 73 74 @property 75 def component(self) -> str: 76 return "ak-stage-password-form" 77 78 def ui_user_settings(self) -> UserSettingSerializer | None: 79 if not self.configure_flow: 80 return None 81 return UserSettingSerializer( 82 data={ 83 "title": str(self._meta.verbose_name), 84 "component": "ak-user-settings-password", 85 } 86 ) 87 88 class Meta: 89 verbose_name = _("Password Stage") 90 verbose_name_plural = _("Password Stages")
def
get_authentication_backends():
20def get_authentication_backends(): 21 """Return all available authentication backends as tuple set""" 22 return [ 23 ( 24 BACKEND_INBUILT, 25 _("User database + standard password"), 26 ), 27 ( 28 BACKEND_APP_PASSWORD, 29 _("User database + app passwords"), 30 ), 31 ( 32 BACKEND_LDAP, 33 _("User database + LDAP password"), 34 ), 35 ( 36 BACKEND_KERBEROS, 37 _("User database + Kerberos password"), 38 ), 39 ]
Return all available authentication backends as tuple set
42class PasswordStage(ConfigurableStage, Stage): 43 """Prompt the user for their password, and validate it against the configured backends.""" 44 45 backends = ArrayField( 46 models.TextField(choices=get_authentication_backends()), 47 help_text=_("Selection of backends to test the password against."), 48 ) 49 failed_attempts_before_cancel = models.IntegerField( 50 default=5, 51 help_text=_( 52 "How many attempts a user has before the flow is canceled. " 53 "To lock the user out, use a reputation policy and a user_write stage." 54 ), 55 ) 56 allow_show_password = models.BooleanField( 57 default=False, 58 help_text=_( 59 "When enabled, provides a 'show password' button with the password input field." 60 ), 61 ) 62 63 @property 64 def serializer(self) -> type[BaseSerializer]: 65 from authentik.stages.password.api import PasswordStageSerializer 66 67 return PasswordStageSerializer 68 69 @property 70 def view(self) -> type[View]: 71 from authentik.stages.password.stage import PasswordStageView 72 73 return PasswordStageView 74 75 @property 76 def component(self) -> str: 77 return "ak-stage-password-form" 78 79 def ui_user_settings(self) -> UserSettingSerializer | None: 80 if not self.configure_flow: 81 return None 82 return UserSettingSerializer( 83 data={ 84 "title": str(self._meta.verbose_name), 85 "component": "ak-user-settings-password", 86 } 87 ) 88 89 class Meta: 90 verbose_name = _("Password Stage") 91 verbose_name_plural = _("Password Stages")
Prompt the user for their password, and validate it against the configured backends.
def
backends(unknown):
A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
def
failed_attempts_before_cancel(unknown):
A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
def
allow_show_password(unknown):
A wrapper for a deferred-loading field. When the value is read from this object the first time, the query is executed.
serializer: type[rest_framework.serializers.BaseSerializer]
63 @property 64 def serializer(self) -> type[BaseSerializer]: 65 from authentik.stages.password.api import PasswordStageSerializer 66 67 return PasswordStageSerializer
Get serializer for this model
view: type[django.views.generic.base.View]
69 @property 70 def view(self) -> type[View]: 71 from authentik.stages.password.stage import PasswordStageView 72 73 return PasswordStageView
Return StageView class that implements logic for this stage
79 def ui_user_settings(self) -> UserSettingSerializer | None: 80 if not self.configure_flow: 81 return None 82 return UserSettingSerializer( 83 data={ 84 "title": str(self._meta.verbose_name), 85 "component": "ak-user-settings-password", 86 } 87 )
Entrypoint to integrate with User settings. Can either return None if no user settings are available, or a challenge.
configure_flow
Accessor to the related object on the forward side of a many-to-one or one-to-one (via ForwardOneToOneDescriptor subclass) relation.
In the example::
class Child(Model):
parent = ForeignKey(Parent, related_name='children')
Child.parent is a ForwardManyToOneDescriptor instance.
stage_ptr
Accessor to the related object on the forward side of a one-to-one relation.
In the example::
class Restaurant(Model):
place = OneToOneField(Place, related_name='restaurant')
Restaurant.place is a ForwardOneToOneDescriptor instance.
identificationstage_set
Accessor to the related objects manager on the reverse side of a many-to-one relation.
In the example::
class Child(Model):
parent = ForeignKey(Parent, related_name='children')
Parent.children is a ReverseManyToOneDescriptor instance.
Most of the implementation is delegated to a dynamically defined manager
class built by create_forward_many_to_many_manager() defined below.
Inherited Members
- authentik.flows.models.Stage
- stage_uuid
- name
- objects
- is_in_memory
- flow_set
- flowstagebinding_set
- emailstage
- endpointstage
- invitationstage
- passwordstage
- promptstage
- authenticatorstaticstage
- authenticatorduostage
- authenticatoremailstage
- authenticatorsmsstage
- authenticatorwebauthnstage
- authenticatorvalidatestage
- captchastage
- identificationstage
- authenticatortotpstage
- consentstage
- denystage
- dummystage
- redirectstage
- userdeletestage
- userloginstage
- userlogoutstage
- userwritestage
- authenticatorendpointgdtcstage
- mutualtlsstage
- sourcestage
The requested object does not exist
The query returned multiple objects when only one was expected.