From 43de4151bcd9421670feb7cf2dc6ec5129f65516 Mon Sep 17 00:00:00 2001
From: Marc 'risson' Schmitt <marc.schmitt@risson.space>
Date: Wed, 17 Jun 2026 17:46:16 +0200
Subject: [PATCH] add settings migrate from tenants

Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space>
---
 authentik/admin/migrations/0001_initial.py | 77 +++++++++++++++++++++-
 1 file changed, 75 insertions(+), 2 deletions(-)

diff --git a/authentik/admin/migrations/0001_initial.py b/authentik/admin/migrations/0001_initial.py
index 3b666cee86..23273dae35 100644
--- a/authentik/admin/migrations/0001_initial.py
+++ b/authentik/admin/migrations/0001_initial.py
@@ -1,9 +1,81 @@
 # Generated by Django 5.2.15 on 2026-06-17 14:56
 
+import django.core.validators
+from django.db import connections, migrations, models
+
 import authentik.lib.models
 import authentik.lib.utils.time
-import django.core.validators
-from django.db import migrations, models
+from authentik.lib.config import CONFIG
+
+
+def create_system_settings(apps, schema_editor):
+    db_alias = schema_editor.connection.alias
+
+    settings = dict(
+        avatars=CONFIG.get("avatars", "gravatar,initials"),
+        default_user_change_name=CONFIG.get_bool("default_user_change_name", True),
+        default_user_change_email=CONFIG.get_bool("default_user_change_email", False),
+        default_user_change_username=CONFIG.get_bool("default_user_change_username", False),
+        footer_links=CONFIG.get("footer_links", default=[]),
+        gdpr_compliance=CONFIG.get_bool("gdpr_compliance", True),
+        impersonation=CONFIG.get_bool("impersonation", True),
+        default_token_duration=CONFIG.get("default_token_duration", "days=1"),
+        default_token_length=CONFIG.get_int("default_token_length", 60),
+    )
+
+    with connections[db_alias].cursor() as cursor:
+        cursor.execute(
+            "select * from information_schema.tables where table_name = 'authentik_tenants_tenant'"
+        )
+        # Tenant table exists, migrate settings from there
+        if bool(cursor.rowcount):
+            cursor.execute(
+                """
+                select
+                    avatars,
+                    default_user_change_name,
+                    default_user_change_email,
+                    default_user_change_username,
+                    event_retention,
+                    reputation_lower_limit,
+                    reputation_upper_limit,
+                    footer_links,
+                    gdpr_compliance,
+                    impersonation,
+                    impersonation_require_reason,
+                    default_token_duration,
+                    default_token_length,
+                    pagination_default_page_size,
+                    pagination_max_page_size,
+                    flags
+                from authentik_tenants_tenant
+                where schema_name = %s
+            """,
+                [CONFIG.get("postgresql.default_schema")],
+            )
+            tenant = cursor.fetchone()
+            if tenant is not None:
+                settings = dict(
+                    avatars=tenant[0],
+                    default_user_change_name=tenant[1],
+                    default_user_change_email=tenant[2],
+                    default_user_change_username=tenant[3],
+                    event_retention=tenant[4],
+                    reputation_lower_limit=tenant[5],
+                    reputation_upper_limit=tenant[6],
+                    footer_links=tenant[7],
+                    gdpr_compliance=tenant[8],
+                    impersonation=tenant[9],
+                    impersonation_require_reason=tenant[10],
+                    default_token_duration=tenant[11],
+                    default_token_length=tenant[12],
+                    pagination_default_page_size=tenant[13],
+                    pagination_max_page_size=tenant[14],
+                    flags=tenant[15],
+                )
+
+    SystemSettings = apps.get_model("authentik_admin", "SystemSettings")
+    SystemSettings.objects.using(db_alias).create(**settings)
 
 
 class Migration(migrations.Migration):
@@ -149,4 +221,5 @@ class Migration(migrations.Migration):
             },
             bases=(authentik.lib.models.InternallyManagedMixin, models.Model),
         ),
+        migrations.RunPython(code=create_system_settings, reverse_code=migrations.RunPython.noop),
     ]