mirror of
https://github.com/goauthentik/authentik
synced 2026-04-25 17:15:26 +02:00
9640992c3c
* Update unique_email.md to also exclude current user Signed-off-by: Timon Klinkert <83671398+DenuxPlays@users.noreply.github.com> * Applied review suggestion Co-authored-by: Jens L. <jens@beryju.org> Signed-off-by: Timon Klinkert <83671398+DenuxPlays@users.noreply.github.com> --------- Signed-off-by: Timon Klinkert <83671398+DenuxPlays@users.noreply.github.com> Co-authored-by: Jens L. <jens@beryju.org>
1.0 KiB
1.0 KiB
title
| title |
|---|
| Ensure unique email addresses |
Due to the database design of authentik, email addresses are by default not required to be unique. However, this behavior can be changed using an expression policy.
The snippet below can be used in an expression policy within enrollment flows. The policy should be bound to any stage before the User write stage, or with the Prompt stage.
# Ensure this matches the *Field Key* value of the prompt
field_name = "email"
email = request.context["prompt_data"][field_name]
pending_user = request.context.get("pending_user")
from authentik.core.models import User
query = User.objects.filter(email__iexact=email)
if pending_user:
query = query.exclude(pk=pending_user.pk)
elif request.user and request.user.is_authenticated:
query = query.exclude(pk=request.user.pk)
if query.exists():
ak_message("Email address in use")
return False
return True