7143a36c19
- Added configuration options for Stalwart hosted mail in .env.example. - Updated Docker Compose to include Stalwart service with health checks. - Introduced new API endpoints for managing mail domains and migration projects. - Enhanced Authentik blueprints for user enrollment and post-migration security. - Updated OAuth handling for Google and Microsoft migration processes. - Improved error handling and response structures in the mail API. - Added integration tests for email claiming and migration workflows.
237 lines
6.7 KiB
YAML
237 lines
6.7 KiB
YAML
# Ultimail — inscription self-service (email, mot de passe, profil, avatar optionnel)
|
|
version: 1
|
|
metadata:
|
|
name: Ultimail enrollment
|
|
labels:
|
|
blueprints.goauthentik.io/instantiate: "true"
|
|
entries:
|
|
- model: authentik_flows.flow
|
|
id: ulti-enrollment-flow
|
|
identifiers:
|
|
slug: ulti-enrollment
|
|
attrs:
|
|
name: Ultimail — Créer un compte
|
|
title: Créer votre compte Ultimail
|
|
designation: enrollment
|
|
authentication: require_unauthenticated
|
|
|
|
- model: authentik_stages_prompt.prompt
|
|
id: ulti-enroll-field-email
|
|
identifiers:
|
|
name: ulti-enrollment-field-email
|
|
attrs:
|
|
field_key: username
|
|
label: Adresse e-mail
|
|
type: text
|
|
required: true
|
|
placeholder: prenom.nom
|
|
placeholder_expression: false
|
|
order: 0
|
|
|
|
- model: authentik_stages_prompt.prompt
|
|
id: ulti-enroll-field-domain-hint
|
|
identifiers:
|
|
name: ulti-enrollment-field-domain-hint
|
|
attrs:
|
|
field_key: domain_hint
|
|
label: Votre adresse sera
|
|
type: static
|
|
required: false
|
|
initial_value: "@ultisuite.fr"
|
|
initial_value_expression: false
|
|
placeholder_expression: false
|
|
order: 1
|
|
|
|
- model: authentik_stages_prompt.prompt
|
|
id: ulti-enroll-field-email-sync
|
|
identifiers:
|
|
name: ulti-enrollment-field-email-sync
|
|
attrs:
|
|
field_key: email
|
|
label: E-mail
|
|
type: hidden
|
|
required: true
|
|
initial_value: "{{ prompt_data.username }}@ultisuite.fr"
|
|
initial_value_expression: true
|
|
placeholder_expression: false
|
|
order: 1
|
|
|
|
- model: authentik_stages_prompt.prompt
|
|
id: ulti-enroll-field-password
|
|
identifiers:
|
|
name: ulti-enrollment-field-password
|
|
attrs:
|
|
field_key: password
|
|
label: Mot de passe
|
|
type: password
|
|
required: true
|
|
placeholder: Mot de passe
|
|
placeholder_expression: false
|
|
order: 1
|
|
|
|
- model: authentik_stages_prompt.prompt
|
|
id: ulti-enroll-field-password-repeat
|
|
identifiers:
|
|
name: ulti-enrollment-field-password-repeat
|
|
attrs:
|
|
field_key: password_repeat
|
|
label: Confirmer le mot de passe
|
|
type: password
|
|
required: true
|
|
placeholder: Confirmer le mot de passe
|
|
placeholder_expression: false
|
|
order: 2
|
|
|
|
- model: authentik_stages_prompt.prompt
|
|
id: ulti-enroll-field-name
|
|
identifiers:
|
|
name: ulti-enrollment-field-name
|
|
attrs:
|
|
field_key: name
|
|
label: Nom et prénom
|
|
type: text
|
|
required: true
|
|
placeholder: Jean Dupont
|
|
placeholder_expression: false
|
|
order: 0
|
|
|
|
- model: authentik_stages_prompt.prompt
|
|
id: ulti-enroll-field-phone
|
|
identifiers:
|
|
name: ulti-enrollment-field-phone
|
|
attrs:
|
|
field_key: attributes.phone
|
|
label: Numéro de téléphone (optionnel)
|
|
type: text
|
|
required: false
|
|
placeholder: +33 6 12 34 56 78
|
|
placeholder_expression: false
|
|
order: 1
|
|
|
|
- model: authentik_stages_prompt.prompt
|
|
id: ulti-enroll-field-avatar
|
|
identifiers:
|
|
name: ulti-enrollment-field-avatar
|
|
attrs:
|
|
field_key: attributes.avatar
|
|
label: Photo de profil (optionnel)
|
|
type: file
|
|
required: false
|
|
placeholder: ""
|
|
placeholder_expression: false
|
|
order: 2
|
|
|
|
- model: authentik_stages_prompt.promptstage
|
|
id: ulti-enroll-prompt-credentials
|
|
identifiers:
|
|
name: ulti-enrollment-prompt-credentials
|
|
attrs:
|
|
fields:
|
|
- !KeyOf ulti-enroll-field-email
|
|
- !KeyOf ulti-enroll-field-domain-hint
|
|
- !KeyOf ulti-enroll-field-email-sync
|
|
- !KeyOf ulti-enroll-field-password
|
|
- !KeyOf ulti-enroll-field-password-repeat
|
|
|
|
- model: authentik_stages_prompt.promptstage
|
|
id: ulti-enroll-prompt-profile
|
|
identifiers:
|
|
name: ulti-enrollment-prompt-profile
|
|
attrs:
|
|
fields:
|
|
- !KeyOf ulti-enroll-field-name
|
|
- !KeyOf ulti-enroll-field-phone
|
|
- !KeyOf ulti-enroll-field-avatar
|
|
|
|
- model: authentik_stages_user_write.userwritestage
|
|
id: ulti-enroll-user-write
|
|
identifiers:
|
|
name: ulti-enrollment-user-write
|
|
attrs:
|
|
user_creation_mode: always_create
|
|
create_users_as_inactive: false
|
|
|
|
- model: authentik_stages_user_login.userloginstage
|
|
id: ulti-enroll-user-login
|
|
identifiers:
|
|
name: ulti-enrollment-user-login
|
|
|
|
- model: authentik_policies_expression.expressionpolicy
|
|
id: ulti-enroll-policy-username-available
|
|
identifiers:
|
|
name: ulti-enrollment-username-available
|
|
attrs:
|
|
name: Ultimail — adresse disponible
|
|
expression: |
|
|
import json
|
|
from urllib.request import urlopen
|
|
local = (request.context.get("prompt_data") or {}).get("username", "").strip().lower()
|
|
if not local or len(local) < 2:
|
|
return False
|
|
url = f"http://ultid:8080/api/v1/mail/addresses/check?local={local}&domain=ultisuite.fr"
|
|
try:
|
|
with urlopen(url, timeout=5) as resp:
|
|
data = json.loads(resp.read().decode("utf-8"))
|
|
return data.get("available") is True
|
|
except Exception:
|
|
return False
|
|
|
|
- model: authentik_policies.policybinding
|
|
identifiers:
|
|
order: 0
|
|
target: !KeyOf ulti-enroll-prompt-credentials
|
|
policy: !KeyOf ulti-enroll-policy-username-available
|
|
attrs:
|
|
enabled: true
|
|
timeout: 10
|
|
failure_result: false
|
|
|
|
- model: authentik_stages_webhook.webhookstage
|
|
id: ulti-enroll-provision-webhook
|
|
identifiers:
|
|
name: ulti-enrollment-provision-webhook
|
|
attrs:
|
|
url: http://ultid:8080/internal/provision/user?secret=changeme-provision-webhook
|
|
method: POST
|
|
headers:
|
|
X-Provision-Secret: changeme-provision-webhook
|
|
Content-Type: application/json
|
|
body: |
|
|
{
|
|
"email": "{{ prompt_data.email }}",
|
|
"username": "{{ prompt_data.username }}",
|
|
"password": "{{ prompt_data.password }}",
|
|
"name": "{{ prompt_data.name }}",
|
|
"external_id": "{{ user.uuid }}"
|
|
}
|
|
|
|
- model: authentik_flows.flowstagebinding
|
|
identifiers:
|
|
target: !KeyOf ulti-enrollment-flow
|
|
stage: !KeyOf ulti-enroll-prompt-credentials
|
|
order: 10
|
|
|
|
- model: authentik_flows.flowstagebinding
|
|
identifiers:
|
|
target: !KeyOf ulti-enrollment-flow
|
|
stage: !KeyOf ulti-enroll-prompt-profile
|
|
order: 20
|
|
|
|
- model: authentik_flows.flowstagebinding
|
|
identifiers:
|
|
target: !KeyOf ulti-enrollment-flow
|
|
stage: !KeyOf ulti-enroll-user-write
|
|
order: 30
|
|
|
|
- model: authentik_flows.flowstagebinding
|
|
identifiers:
|
|
target: !KeyOf ulti-enrollment-flow
|
|
stage: !KeyOf ulti-enroll-provision-webhook
|
|
order: 40
|
|
|
|
- model: authentik_flows.flowstagebinding
|
|
identifiers:
|
|
target: !KeyOf ulti-enrollment-flow
|
|
stage: !KeyOf ulti-enroll-user-login
|
|
order: 100
|