# Ultimail — inscription self-service (email, mot de passe, profil, avatar optionnel) version: 1 metadata: name: Ultimail enrollment labels: blueprints.goauthentik.io/instantiate: "true" entries: - model: authentik_flows.flow id: ulti-enrollment-flow identifiers: slug: ulti-enrollment attrs: name: Ultimail — Créer un compte title: Créer votre compte Ultimail designation: enrollment authentication: require_unauthenticated - model: authentik_stages_prompt.prompt id: ulti-enroll-field-email identifiers: name: ulti-enrollment-field-email attrs: field_key: username label: Adresse e-mail type: text required: true placeholder: prenom.nom placeholder_expression: false order: 0 - model: authentik_stages_prompt.prompt id: ulti-enroll-field-email-sync identifiers: name: ulti-enrollment-field-email-sync attrs: field_key: email label: E-mail type: hidden required: true initial_value: "{{ prompt_data.username }}@ultisuite.fr" initial_value_expression: true placeholder_expression: false order: 1 - model: authentik_stages_prompt.prompt id: ulti-enroll-field-password identifiers: name: ulti-enrollment-field-password attrs: field_key: password label: Mot de passe type: password required: true placeholder: Mot de passe placeholder_expression: false order: 1 - model: authentik_stages_prompt.prompt id: ulti-enroll-field-password-repeat identifiers: name: ulti-enrollment-field-password-repeat attrs: field_key: password_repeat label: Confirmer le mot de passe type: password required: true placeholder: Confirmer le mot de passe placeholder_expression: false order: 2 - model: authentik_stages_prompt.prompt id: ulti-enroll-field-name identifiers: name: ulti-enrollment-field-name attrs: field_key: name label: Nom et prénom type: text required: true placeholder: Jean Dupont placeholder_expression: false order: 0 - model: authentik_stages_prompt.prompt id: ulti-enroll-field-phone identifiers: name: ulti-enrollment-field-phone attrs: field_key: attributes.phone label: Numéro de téléphone (optionnel) type: text required: false placeholder: +33 6 12 34 56 78 placeholder_expression: false order: 1 - model: authentik_stages_prompt.prompt id: ulti-enroll-field-avatar identifiers: name: ulti-enrollment-field-avatar attrs: field_key: attributes.avatar label: Photo de profil (optionnel) type: file required: false placeholder: "" placeholder_expression: false order: 2 - model: authentik_stages_prompt.promptstage id: ulti-enroll-prompt-credentials identifiers: name: ulti-enrollment-prompt-credentials attrs: fields: - !KeyOf ulti-enroll-field-email - !KeyOf ulti-enroll-field-email-sync - !KeyOf ulti-enroll-field-password - !KeyOf ulti-enroll-field-password-repeat - model: authentik_stages_prompt.promptstage id: ulti-enroll-prompt-profile identifiers: name: ulti-enrollment-prompt-profile attrs: fields: - !KeyOf ulti-enroll-field-name - !KeyOf ulti-enroll-field-phone - !KeyOf ulti-enroll-field-avatar - model: authentik_stages_user_write.userwritestage id: ulti-enroll-user-write identifiers: name: ulti-enrollment-user-write attrs: user_creation_mode: always_create create_users_as_inactive: false - model: authentik_stages_user_login.userloginstage id: ulti-enroll-user-login identifiers: name: ulti-enrollment-user-login - model: authentik_policies_expression.expressionpolicy id: ulti-enroll-policy-username-available identifiers: name: ulti-enrollment-username-available attrs: name: Ultimail — adresse disponible expression: | import json from urllib.request import urlopen local = (request.context.get("prompt_data") or {}).get("username", "").strip().lower() if not local or len(local) < 2: return False url = f"http://ultid:8080/api/v1/mail/addresses/check?local={local}&domain=ultisuite.fr" try: with urlopen(url, timeout=5) as resp: data = json.loads(resp.read().decode("utf-8")) return data.get("available") is True except Exception: return False - model: authentik_policies.policybinding identifiers: order: 0 target: !KeyOf ulti-enroll-prompt-credentials policy: !KeyOf ulti-enroll-policy-username-available attrs: enabled: true timeout: 10 failure_result: false - model: authentik_stages_webhook.webhookstage id: ulti-enroll-provision-webhook identifiers: name: ulti-enrollment-provision-webhook attrs: url: http://ultid:8080/internal/provision/user?secret=changeme-provision-webhook method: POST headers: X-Provision-Secret: changeme-provision-webhook Content-Type: application/json body: | { "email": "{{ prompt_data.email }}", "username": "{{ prompt_data.username }}", "password": "{{ prompt_data.password }}", "name": "{{ prompt_data.name }}", "external_id": "{{ user.uuid }}" } - model: authentik_flows.flowstagebinding identifiers: target: !KeyOf ulti-enrollment-flow stage: !KeyOf ulti-enroll-prompt-credentials order: 10 - model: authentik_flows.flowstagebinding identifiers: target: !KeyOf ulti-enrollment-flow stage: !KeyOf ulti-enroll-prompt-profile order: 20 - model: authentik_flows.flowstagebinding identifiers: target: !KeyOf ulti-enrollment-flow stage: !KeyOf ulti-enroll-user-write order: 30 - model: authentik_flows.flowstagebinding identifiers: target: !KeyOf ulti-enrollment-flow stage: !KeyOf ulti-enroll-provision-webhook order: 40 - model: authentik_flows.flowstagebinding identifiers: target: !KeyOf ulti-enrollment-flow stage: !KeyOf ulti-enroll-user-login order: 100