version: 1
metadata:
  labels:
    blueprints.goauthentik.io/instantiate: "true"
  name: Invitation Enrollment Flow
context:
  welcome_message: {{ if eq (env "WELCOME_MESSAGE") "" }} "Welcome to authentik!" {{ else }} {{ env "WELCOME_MESSAGE" }} {{ end }}

entries:
### DEPENDENCIES
- model: authentik_blueprints.metaapplyblueprint
  attrs:
    identifiers:
      name: Flow Translations
    required: true

### FLOW
- attrs:
    designation: enrollment
    name: invitation-enrollment-flow
    title: !Context welcome_message
  identifiers:
    slug: invitation-enrollment-flow
  id: invitation-enrollment-flow
  model: authentik_flows.flow

### POLICIES
- attrs:
    expression: |
      if not regex_match(request.context.get('prompt_data').get('username'), '\s'):
          return True
      ak_message("Username must not contain any whitespace!")
      return False
  id: username-without-spaces-policy
  identifiers:
    name: username-without-spaces-policy
  model: authentik_policies_expression.expressionpolicy

### STAGES
- identifiers:
    name: invitation-stage
  id: invitation-stage
  model: authentik_stages_invitation.invitationstage

- identifiers:
    name: enrollment-prompt-userdata
  id: enrollment-prompt-userdata
  model: authentik_stages_prompt.promptstage
  attrs:
    fields:
      - !Find [authentik_stages_prompt.prompt, [name, default-source-enrollment-field-username]]
      - !Find [authentik_stages_prompt.prompt, [name, default-user-settings-field-name]]
      - !Find [authentik_stages_prompt.prompt, [name, default-user-settings-field-email]]
      - !Find [authentik_stages_prompt.prompt, [name, default-password-change-field-password]]
      - !Find [authentik_stages_prompt.prompt, [name, default-password-change-field-password-repeat]]
    validation_policies:
      - !Find [ authentik_policies_expression.expressionpolicy, [name, username-without-spaces-policy]]

### STAGE BINDINGS
- identifiers:
    order: 1
    stage: !KeyOf invitation-stage
    target: !KeyOf invitation-enrollment-flow
  model: authentik_flows.flowstagebinding
- identifiers:
    order: 10
    stage: !KeyOf enrollment-prompt-userdata
    target: !KeyOf invitation-enrollment-flow
  model: authentik_flows.flowstagebinding
- identifiers:
    order: 20
    stage: !Find [authentik_stages_user_write.userwritestage, [name,  default-source-enrollment-write]]
    target: !KeyOf invitation-enrollment-flow
  model: authentik_flows.flowstagebinding
- identifiers:
    order: 100
    stage: !Find [authentik_stages_user_login.userloginstage, [name,  default-authentication-login]]
    target: !KeyOf invitation-enrollment-flow
  model: authentik_flows.flowstagebinding