File Prompt Placeholder Not Working

[EuleMitKeule]

Describe the bug

After I added custom avatars to my user settings page, I noticed that I have to reupload the avatar every time I update my settings.
I added this expression as the placeholder for the avatar prompt:

try:
    return user.attributes.get("avatar", "")
except:
    return ''

but no file is selected as a placeholder. This leads to the avatar being removed when clicking save on the user settings page.

To Reproduce
Steps to reproduce the behavior:

1. set AUTHENTIK_AVATARS to attributes.avatar
2. Create prompt for avatar with field type File
3. Include avatar prompt in default user settings flow
4. Upload avatar image on user settings page and save
5. Update any other user information and save
6. The custom avatar is gone

Expected behavior
The field type File should display a placeholder like all other field types, so the avatar does not have to be reuploaded everytime the user's settings are changed.

Screenshots

Logs
No relevant logs

Version and Deployment (please complete the following information):

• authentik version: ghcr.io/goauthentik/server:2022.10.1
• Deployment: docker-compose

Additional Information
This is related to #2631 #3156 de26c65

[Lanhild]

Getting the same issue here, v.2023.2.2

[Lanhild]

Seems like I don't have the issue anymore. What about you @EuleMitKeule ?

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[Keyinator]

Seems like this is still an issue. Above code will not load the previous attribute to the file-prompt in turn leading to builtins.ValueError: not enough values to unpack (expected 2, got 1)

Stacktrace

Traceback (most recent call last):
  File "/authentik/flows/views/executor.py", line 342, in post
    stage_response = self.current_stage_view.post(request, *args, **kwargs)
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/authentik/flows/stage.py", line 104, in post
    if not challenge.is_valid():
           ^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/rest_framework/serializers.py", line 227, in is_valid
    self._validated_data = self.run_validation(self.initial_data)
                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/rest_framework/serializers.py", line 426, in run_validation
    value = self.to_internal_value(data)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/rest_framework/serializers.py", line 483, in to_internal_value
    validated_value = field.run_validation(primitive_value)
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/rest_framework/fields.py", line 751, in run_validation
    return super().run_validation(data)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/rest_framework/fields.py", line 547, in run_validation
    value = self.to_internal_value(data)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/authentik/stages/prompt/models.py", line 102, in to_internal_value
    header, _encoded = uri.path.split(",", 1)
    ^^^^^^^^^^^^^^^^
builtins.ValueError: not enough values to unpack (expected 2, got 1)

[xNinjaKittyx]

So, I had a different solution to this...

What I did was I went to the policy that validates your user-settings. (default is default-user-settings-authorization), and I wrote something like this

from authentik.lib.config import CONFIG
from authentik.core.models import (
    USER_ATTRIBUTE_CHANGE_EMAIL,
    USER_ATTRIBUTE_CHANGE_NAME,
    USER_ATTRIBUTE_CHANGE_USERNAME
)
prompt_data = request.context.get("prompt_data")

if prompt_data["attributes"]["avatar"].startswith("data:application/octet-stream"):
  del prompt_data["attributes"]["avatar"]

So by default empty avatar actually passes a value, which is unfortunate, so the code above is meant to delete that data if it's the "default". I only tried this with firefox. Not sure if other browsers pass a different value.

You could also probably add some sort of checkbox to have a hacky workaround to add an option to delete the data, so you'd have something like

if prompt_data["whatever the prompt data key is"] == "expected value":
    prompt_data["attributes"]["avatar"] = None
    prompt_data["whatever the prompt data key is"]  # this value is probably useless, so you probably don't want to store it

haven't tried it, but I would think it would work

Ideally, the File module would have some way of displaying the previously existed data (which I haven't figured out), and also an option to remove said existed data and properly None the value rather than passing an empty file.

[Farossco]

I have a slightly different solution adapted from @xNinjaKittyx's.

prompt_data = request.context.get("prompt_data")

if not prompt_data["attributes"]["avatar"].startswith("data:image"):
  del prompt_data["attributes"]["avatar"]

if "avatar_reset" in prompt_data["attributes"]:
  del prompt_data["attributes"]["avatar_reset"]
  prompt_data["attributes"]["avatar"] = None

return True

This has the bonus effect of discarding any file that is not an image.

With this policy expression, you can also add a checkbox with "attributes.avatar_reset" as the field key to allow for avatar deletion