From 92214d932d74a24e793d295a4d7b6490ca0ac3ea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89loi=20Rivard?= Date: Sat, 7 Dec 2024 16:34:12 +0100 Subject: [PATCH] wip --- canaille/app/themes.py | 8 +- canaille/scim/endpoints.py | 372 +-- canaille/scim/models.py | 291 ++ doc/development/specifications.rst | 51 +- doc/locales/doc.pot | 4269 +++++++++++++++------------- doc/tutorial/index.rst | 1 + doc/tutorial/provisioning.rst | 19 + tests/scim/conftest.py | 1 + tests/scim/test_authentication.py | 45 - tests/scim/test_errors.py | 76 + tests/scim/test_scim_tester.py | 14 +- uv.lock | 55 +- 12 files changed, 2846 insertions(+), 2356 deletions(-) create mode 100644 canaille/scim/models.py create mode 100644 doc/tutorial/provisioning.rst delete mode 100644 tests/scim/test_authentication.py create mode 100644 tests/scim/test_errors.py diff --git a/canaille/app/themes.py b/canaille/app/themes.py index 728df038..2230e8ff 100644 --- a/canaille/app/themes.py +++ b/canaille/app/themes.py @@ -40,10 +40,14 @@ if flask_themer: @app.errorhandler(404) def page_not_found(error): + # There is currently no way to make 404 handling generic + # https://flask.palletsprojects.com/en/stable/errorhandling/#handling + # However, the blueprint cannot handle 404 routing errors because the + # 404 occurs at the routing level before the blueprint can be determined. if flask.request.path.startswith("/scim/"): - from canaille.scim.endpoints import scim_error_handler + from canaille.scim.endpoints import http_error_handler - return scim_error_handler(error) + return http_error_handler(error) return render_template("error.html", description=error, error_code=404), 404 @app.errorhandler(500) diff --git a/canaille/scim/endpoints.py b/canaille/scim/endpoints.py index 37f56151..606a0886 100644 --- a/canaille/scim/endpoints.py +++ b/canaille/scim/endpoints.py @@ -1,56 +1,46 @@ +import json from http import HTTPStatus from authlib.integrations.flask_oauth2 import ResourceProtector +from authlib.integrations.flask_oauth2.errors import ( + _HTTPException as AuthlibHTTPException, +) from authlib.oauth2.rfc6750 import BearerTokenValidator from flask import Blueprint from flask import Response from flask import abort from flask import request -from flask import url_for -from scim2_models import Address -from scim2_models import AuthenticationScheme -from scim2_models import Bulk -from scim2_models import ChangePassword +from pydantic import ValidationError from scim2_models import Context -from scim2_models import Email from scim2_models import EnterpriseUser from scim2_models import Error -from scim2_models import ETag -from scim2_models import Filter -from scim2_models import Group -from scim2_models import GroupMember -from scim2_models import GroupMembership from scim2_models import ListResponse -from scim2_models import Meta -from scim2_models import Name -from scim2_models import Patch -from scim2_models import PhoneNumber -from scim2_models import Photo -from scim2_models import Required -from scim2_models import Resource from scim2_models import ResourceType from scim2_models import Schema from scim2_models import SearchRequest -from scim2_models import ServiceProviderConfig -from scim2_models import Sort -from scim2_models import User from werkzeug.exceptions import HTTPException from canaille import csrf from canaille.app import models from canaille.backends import Backend -bp = Blueprint("scim", __name__, url_prefix="/scim") +from .models import Group +from .models import User +from .models import get_resource_types +from .models import get_schemas +from .models import get_service_provider_config +from .models import group_from_canaille_to_scim +from .models import group_from_scim_to_canaille +from .models import user_from_canaille_to_scim +from .models import user_from_scim_to_canaille -# At the difference of the SCIM Group, Canaille Group must have a display_name -group_schema = Group.to_schema() -group_schema.attributes[0].required = Required.true -Group = Resource.from_schema(group_schema) +bp = Blueprint("scim", __name__, url_prefix="/scim/v2") class SCIMBearerTokenValidator(BearerTokenValidator): def authenticate_token(self, token_string: str): token = Backend.instance.get(models.Token, access_token=token_string) + # At the moment, only client tokens are allowed, and not user tokens return token if token and not token.subject else None @@ -65,8 +55,33 @@ def add_scim_content_type(response): @bp.errorhandler(HTTPException) +def http_error_handler(error): + obj = Error(detail=str(error), status=error.code) + return obj.model_dump(), obj.status + + +@bp.errorhandler(AuthlibHTTPException) +def oauth2_error(error): + body = json.loads(error.body) + obj = Error( + detail=f"{body['error']}: {body['error_description']}" + if "error_description" in body + else body["error"], + status=error.code, + ) + return obj.model_dump(), error.code + + +@bp.errorhandler(ValidationError) def scim_error_handler(error): - return Error(detail=str(error), status=error.code).model_dump(), error.code + error_details = error.errors()[0] + obj = Error(status=400, detail=error_details["msg"]) + # TODO: maybe the Pydantic <=> SCIM error code mapping could go in scim2_models + obj.scim_type = ( + "invalidValue" if error_details["type"] == "required_error" else None + ) + + return obj.model_dump(), obj.status def parse_search_request(request) -> SearchRequest: @@ -86,234 +101,18 @@ def parse_search_request(request) -> SearchRequest: return req -def get_resource_types(): - """The resource types implemented by Canaille.""" - - return { - "User": ResourceType( - id="User", - name="User", - endpoint=url_for("scim.query_users", _external=True), - description="User accounts", - schema_="urn:ietf:params:scim:schemas:core:2.0:User", - meta=Meta( - resource_type="ResourceType", - location=url_for( - "scim.query_resource_type", - resource_type_name="User", - _external=True, - ), - ), - ), - "Group": ResourceType( - id="Group", - name="Group", - endpoint=url_for("scim.query_groups", _external=True), - description="Group management", - schema_="urn:ietf:params:scim:schemas:core:2.0:Group", - meta=Meta( - resource_type="ResourceType", - location=url_for( - "scim.query_resource_type", - resource_type_name="Group", - _external=True, - ), - ), - ), - } - - -def get_schemas(): - schemas = { - "urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig": ServiceProviderConfig.to_schema(), - "urn:ietf:params:scim:schemas:core:2.0:ResourceType": ResourceType.to_schema(), - "urn:ietf:params:scim:schemas:core:2.0:Schema": Schema.to_schema(), - "urn:ietf:params:scim:schemas:core:2.0:User": User.to_schema(), - "urn:ietf:params:scim:schemas:core:2.0:Group": Group.to_schema(), - "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": EnterpriseUser.to_schema(), - } - for schema_id, schema in schemas.items(): - schema.meta = Meta( - resource_type="Schema", - location=url_for("scim.query_schema", schema_id=schema_id, _external=True), - ) - return schemas - - -def user_from_canaille_to_scim(user): - scim_user = User[EnterpriseUser]( - meta=Meta( - resource_type="User", - created=user.created, - last_modified=user.last_modified, - location=url_for("scim.query_user", user=user, _external=True), - ), - id=user.id, - user_name=user.user_name, - # password=user.password, - preferred_language=user.preferred_language, - name=Name( - formatted=user.formatted_name, - family_name=user.family_name, - given_name=user.given_name, - ) - if (user.formatted_name or user.family_name or user.given_name) - else None, - display_name=user.display_name, - title=user.title, - profile_url=user.profile_url, - emails=[ - Email( - value=email, - primary=email == user.emails[0], - ) - for email in user.emails or [] - ] - or None, - phone_numbers=[ - PhoneNumber( - value=phone_number, primary=phone_number == user.phone_numbers[0] - ) - for phone_number in user.phone_numbers or [] - ] - or None, - addresses=[ - Address( - formatted=user.formatted_address, - street_address=user.street, - postal_code=user.postal_code, - locality=user.locality, - region=user.region, - primary=True, - ) - ] - if ( - user.formatted_address - or user.street - or user.postal_code - or user.locality - or user.region - ) - else None, - photos=[ - Photo( - value=url_for( - "core.account.photo", user=user, field="photo", _external=True - ), - primary=True, - type=Photo.Type.photo, - ) - ] - if user.photo - else None, - groups=[ - GroupMembership( - value=group.id, - display=group.display_name, - ref=url_for("scim.query_group", group=group, _external=True), - ) - for group in user.groups or [] - ] - or None, - ) - scim_user[EnterpriseUser] = EnterpriseUser( - employee_number=user.employee_number, - organization=user.organization, - department=user.department, - ) - return scim_user - - -def user_from_scim_to_canaille(scim_user: User, user): - user.user_name = scim_user.user_name - user.password = scim_user.password - user.preferred_language = scim_user.preferred_language - user.formatted_name = scim_user.name.formatted if scim_user.name else None - user.family_name = scim_user.name.family_name if scim_user.name else None - user.given_name = scim_user.name.given_name if scim_user.name else None - user.display_name = scim_user.display_name - user.title = scim_user.title - user.profile_url = scim_user.profile_url - user.emails = [email.value for email in scim_user.emails or []] or None - user.phone_numbers = [ - phone_number.value for phone_number in scim_user.phone_numbers or [] - ] or None - user.formatted_address = ( - scim_user.addresses[0].formatted if scim_user.addresses else None - ) - user.street = scim_user.addresses[0].street_address if scim_user.addresses else None - user.postal_code = ( - scim_user.addresses[0].postal_code if scim_user.addresses else None - ) - user.locality = scim_user.addresses[0].locality if scim_user.addresses else None - user.region = scim_user.addresses[0].region if scim_user.addresses else None - # TODO: delete the photo - # if scim_user.photos and scim_user.photos[0].value: - # user.photo = scim_user.photos[0].value - user.employee_number = ( - scim_user[EnterpriseUser].employee_number if scim_user[EnterpriseUser] else None - ) - user.organization = ( - scim_user[EnterpriseUser].organization if scim_user[EnterpriseUser] else None - ) - user.department = ( - scim_user[EnterpriseUser].department if scim_user[EnterpriseUser] else None - ) - user.groups = [ - Backend.instance.get(models.Group, group.value) - for group in scim_user.groups or [] - if group.value - ] - return user - - -def group_from_canaille_to_scim(group): - return Group( - id=group.id, - meta=Meta( - resource_type="Group", - created=group.created, - last_modified=group.last_modified, - location=url_for("scim.query_group", group=group, _external=True), - ), - display_name=group.display_name, - members=[ - GroupMember( - value=user.id, - type="User", - display=user.display_name, - ref=url_for("scim.query_user", user=user, _external=True), - ) - for user in group.members or [] - ] - or None, - ) - - -def group_from_scim_to_canaille(scim_group: Group, group): - group.display_name = scim_group.display_name - - members = [] - for member in scim_group.members or []: - Backend.instance.get(models.User, member.value) - group.members = members - - return group - - @bp.route("/Users", methods=["GET"]) @csrf.exempt @require_oauth() def query_users(): req = parse_search_request(request) - start_index_1 = req.start_index or 1 - start_index_0 = (start_index_1 - 1) or None - stop_index_0 = (start_index_1 + req.count - 1) if req.count else None - users = list(Backend.instance.query(models.User)[start_index_0:stop_index_0]) + users = list( + Backend.instance.query(models.User)[req.start_index_0 : req.stop_index_0] + ) total = len(users) scim_users = [user_from_canaille_to_scim(user) for user in users] list_response = ListResponse[User[EnterpriseUser]]( - start_index=start_index_1, + start_index=req.start_index, items_per_page=req.count, total_results=total, resources=scim_users, @@ -339,14 +138,13 @@ def query_user(user): @require_oauth() def query_groups(): req = parse_search_request(request) - start_index_1 = req.start_index or 1 - start_index_0 = (start_index_1 - 1) or None - stop_index_0 = (start_index_1 + req.count - 1) if req.count else None - groups = list(Backend.instance.query(models.group)[start_index_0:stop_index_0]) + groups = list( + Backend.instance.query(models.group)[req.start_index_0 : req.stop_index_0] + ) total = len(groups) scim_groups = [group_from_canaille_to_scim(group) for group in groups] list_response = ListResponse[Group]( - start_index=start_index_1, + start_index=req.start_index, items_per_page=req.count, total_results=total, resources=scim_groups, @@ -372,14 +170,11 @@ def query_group(group): @require_oauth() def query_schemas(): req = parse_search_request(request) - start_index_1 = req.start_index or 1 - start_index_0 = (start_index_1 - 1) or None - stop_index_0 = (start_index_1 + req.count - 1) if req.count else None - schemas = list(get_schemas().values())[start_index_0:stop_index_0] + schemas = list(get_schemas().values())[req.start_index_0 : req.stop_index_0] response = ListResponse[Schema]( total_results=len(schemas), items_per_page=req.count or len(schemas), - start_index=start_index_1, + start_index=req.start_index, resources=schemas, ) return response.model_dump(scim_ctx=Context.RESOURCE_QUERY_RESPONSE) @@ -401,14 +196,13 @@ def query_schema(schema_id): @require_oauth() def query_resource_types(): req = parse_search_request(request) - start_index_1 = req.start_index or 1 - start_index_0 = (start_index_1 - 1) or None - stop_index_0 = (start_index_1 + req.count - 1) if req.count else None - resource_types = list(get_resource_types().values())[start_index_0:stop_index_0] + resource_types = list(get_resource_types().values())[ + req.start_index_0 : req.stop_index_0 + ] response = ListResponse[ResourceType]( total_results=len(resource_types), items_per_page=req.count or len(resource_types), - start_index=start_index_1, + start_index=req.start_index, resources=resource_types, ) return response.model_dump(scim_ctx=Context.RESOURCE_QUERY_RESPONSE) @@ -429,29 +223,7 @@ def query_resource_type(resource_type_name): @csrf.exempt @require_oauth() def query_service_provider_config(): - spc = ServiceProviderConfig( - meta=Meta( - resource_type="ServiceProviderConfig", - location=url_for("scim.query_service_provider_config", _external=True), - ), - documentation_uri="https://canaille.readthedocs.io", - patch=Patch(supported=False), - bulk=Bulk(supported=False, max_operations=0, max_payload_size=0), - change_password=ChangePassword(supported=True), - filter=Filter(supported=False, max_results=0), - sort=Sort(supported=False), - etag=ETag(supported=False), - authentication_schemes=[ - AuthenticationScheme( - name="OAuth Bearer Token", - description="Authentication scheme using the OAuth Bearer Token Standard", - spec_uri="http://www.rfc-editor.org/info/rfc6750", - documentation_uri="https://canaille.readthedocs.io", - type="oauthbearertoken", - primary=True, - ), - ], - ) + spc = get_service_provider_config() return spc.model_dump(scim_ctx=Context.RESOURCE_QUERY_RESPONSE) @@ -489,13 +261,18 @@ def create_group(): @csrf.exempt @require_oauth() def replace_user(user): - request_user = User[EnterpriseUser].model_validate( - request.json, scim_ctx=Context.RESOURCE_REPLACEMENT_REQUEST + original_scim_user = user_from_canaille_to_scim(user) + request_scim_user = User[EnterpriseUser].model_validate( + request.json, + scim_ctx=Context.RESOURCE_REPLACEMENT_REQUEST, + original=original_scim_user, + ) + updated_user = user_from_scim_to_canaille(request_scim_user, user) + Backend.instance.save(updated_user) + response_scim_user = user_from_canaille_to_scim(updated_user) + payload = response_scim_user.model_dump( + scim_ctx=Context.RESOURCE_REPLACEMENT_RESPONSE ) - user = user_from_scim_to_canaille(request_user, user) - Backend.instance.save(user) - response_user = user_from_canaille_to_scim(user) - payload = response_user.model_dump(scim_ctx=Context.RESOURCE_REPLACEMENT_RESPONSE) return payload @@ -503,12 +280,15 @@ def replace_user(user): @csrf.exempt @require_oauth() def replace_group(group): - request_group = Group.model_validate( - request.json, scim_ctx=Context.RESOURCE_REPLACEMENT_REQUEST + original_scim_group = group_from_canaille_to_scim(group) + request_scim_group = Group.model_validate( + request.json, + scim_ctx=Context.RESOURCE_REPLACEMENT_REQUEST, + original=original_scim_group, ) - group = group_from_scim_to_canaille(request_group, group) - Backend.instance.save(group) - response_group = group_from_canaille_to_scim(group) + updated_group = group_from_scim_to_canaille(request_scim_group, group) + Backend.instance.save(updated_group) + response_group = group_from_canaille_to_scim(updated_group) payload = response_group.model_dump(scim_ctx=Context.RESOURCE_REPLACEMENT_RESPONSE) return payload diff --git a/canaille/scim/models.py b/canaille/scim/models.py new file mode 100644 index 00000000..ce446215 --- /dev/null +++ b/canaille/scim/models.py @@ -0,0 +1,291 @@ +from flask import url_for +from scim2_models import AuthenticationScheme +from scim2_models import Bulk +from scim2_models import ChangePassword +from scim2_models import EnterpriseUser +from scim2_models import ETag +from scim2_models import Filter +from scim2_models import Group +from scim2_models import Meta +from scim2_models import Mutability +from scim2_models import Patch +from scim2_models import Required +from scim2_models import Resource +from scim2_models import ResourceType +from scim2_models import Schema +from scim2_models import SchemaExtension +from scim2_models import ServiceProviderConfig +from scim2_models import Sort +from scim2_models import User + +from canaille.app import models +from canaille.backends import Backend + +# At the difference of SCIM User, Canaille User need a 'family_name' +# (because the LDAP 'sn' is mandatory) and the 'user_name' +# attribute is immutable (because it is part of the LDAP DN). +user_schema = User.to_schema() +user_schema["name"].required = Required.true +user_schema["name"]["familyName"].required = Required.true +user_schema["userName"].mutability = Mutability.immutable +User = Resource.from_schema(user_schema) + +# At the difference of the SCIM Group, Canaille Group must have a display_name. +# and 'members' cannot be null. +group_schema = Group.to_schema() +group_schema["displayName"].required = Required.true +group_schema["displayName"].mutability = Mutability.immutable +group_schema["members"].required = Required.true +group_schema["members"]["value"].required = Required.true +group_schema["members"]["$ref"].required = Required.true +Group = Resource.from_schema(group_schema) + + +def get_service_provider_config(): + return ServiceProviderConfig( + meta=Meta( + resource_type="ServiceProviderConfig", + location=url_for("scim.query_service_provider_config", _external=True), + ), + documentation_uri="https://canaille.readthedocs.io", + patch=Patch(supported=False), + bulk=Bulk(supported=False, max_operations=0, max_payload_size=0), + change_password=ChangePassword(supported=True), + filter=Filter(supported=False, max_results=0), + sort=Sort(supported=False), + etag=ETag(supported=False), + authentication_schemes=[ + AuthenticationScheme( + name="OAuth Bearer Token", + description="Authentication scheme using the OAuth Bearer Token Standard", + spec_uri="http://www.rfc-editor.org/info/rfc6750", + documentation_uri="https://canaille.readthedocs.io", + type="oauthbearertoken", + primary=True, + ), + ], + ) + + +def get_resource_types(): + """The resource types implemented by Canaille.""" + + return { + "User": ResourceType( + id="User", + name="User", + endpoint=url_for("scim.query_users", _external=True), + description="User accounts", + schema_="urn:ietf:params:scim:schemas:core:2.0:User", + schema_extensions=[ + SchemaExtension( + schema_="urn:ietf:params:scim:schemas:extension:enterprise:2.0:User", + required=True, + ) + ], + meta=Meta( + resource_type="ResourceType", + location=url_for( + "scim.query_resource_type", + resource_type_name="User", + _external=True, + ), + ), + ), + "Group": ResourceType( + id="Group", + name="Group", + endpoint=url_for("scim.query_groups", _external=True), + description="Group management", + schema_="urn:ietf:params:scim:schemas:core:2.0:Group", + meta=Meta( + resource_type="ResourceType", + location=url_for( + "scim.query_resource_type", + resource_type_name="Group", + _external=True, + ), + ), + ), + } + + +def get_schemas(): + schemas = { + "urn:ietf:params:scim:schemas:core:2.0:ServiceProviderConfig": ServiceProviderConfig.to_schema(), + "urn:ietf:params:scim:schemas:core:2.0:ResourceType": ResourceType.to_schema(), + "urn:ietf:params:scim:schemas:core:2.0:Schema": Schema.to_schema(), + "urn:ietf:params:scim:schemas:core:2.0:User": User.to_schema(), + "urn:ietf:params:scim:schemas:core:2.0:Group": Group.to_schema(), + "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User": EnterpriseUser.to_schema(), + } + for schema_id, schema in schemas.items(): + schema.meta = Meta( + resource_type="Schema", + location=url_for("scim.query_schema", schema_id=schema_id, _external=True), + ) + return schemas + + +def user_from_canaille_to_scim(user): + scim_user = User[EnterpriseUser]( + meta=Meta( + resource_type="User", + created=user.created, + last_modified=user.last_modified, + location=url_for("scim.query_user", user=user, _external=True), + ), + id=user.id, + user_name=user.user_name, + # password=user.password, + preferred_language=user.preferred_language, + name=User.Name( + formatted=user.formatted_name, + family_name=user.family_name, + given_name=user.given_name, + ) + if (user.formatted_name or user.family_name or user.given_name) + else None, + display_name=user.display_name, + title=user.title, + profile_url=user.profile_url, + emails=[ + User.Emails( + value=email, + primary=email == user.emails[0], + ) + for email in user.emails or [] + ] + or None, + phone_numbers=[ + User.PhoneNumbers( + value=phone_number, primary=phone_number == user.phone_numbers[0] + ) + for phone_number in user.phone_numbers or [] + ] + or None, + addresses=[ + User.Addresses( + formatted=user.formatted_address, + street_address=user.street, + postal_code=user.postal_code, + locality=user.locality, + region=user.region, + primary=True, + ) + ] + if ( + user.formatted_address + or user.street + or user.postal_code + or user.locality + or user.region + ) + else None, + photos=[ + User.Photos( + value=url_for( + "core.account.photo", user=user, field="photo", _external=True + ), + primary=True, + type=User.Photos.Type.photo, + ) + ] + if user.photo + else None, + groups=[ + User.Groups( + value=group.id, + display=group.display_name, + ref=url_for("scim.query_group", group=group, _external=True), + ) + for group in user.groups or [] + ] + or None, + ) + scim_user[EnterpriseUser] = EnterpriseUser( + employee_number=user.employee_number, + organization=user.organization, + department=user.department, + ) + return scim_user + + +def user_from_scim_to_canaille(scim_user: User, user): + user.user_name = scim_user.user_name + user.password = scim_user.password + user.preferred_language = scim_user.preferred_language + user.formatted_name = scim_user.name.formatted if scim_user.name else None + user.family_name = scim_user.name.family_name if scim_user.name else None + user.given_name = scim_user.name.given_name if scim_user.name else None + user.display_name = scim_user.display_name + user.title = scim_user.title + user.profile_url = scim_user.profile_url + user.emails = [email.value for email in scim_user.emails or []] or None + user.phone_numbers = [ + phone_number.value for phone_number in scim_user.phone_numbers or [] + ] or None + user.formatted_address = ( + scim_user.addresses[0].formatted if scim_user.addresses else None + ) + user.street = scim_user.addresses[0].street_address if scim_user.addresses else None + user.postal_code = ( + scim_user.addresses[0].postal_code if scim_user.addresses else None + ) + user.locality = scim_user.addresses[0].locality if scim_user.addresses else None + user.region = scim_user.addresses[0].region if scim_user.addresses else None + # TODO: delete the photo + # if scim_user.photos and scim_user.photos[0].value: + # user.photo = scim_user.photos[0].value + user.employee_number = ( + scim_user[EnterpriseUser].employee_number if scim_user[EnterpriseUser] else None + ) + user.organization = ( + scim_user[EnterpriseUser].organization if scim_user[EnterpriseUser] else None + ) + user.department = ( + scim_user[EnterpriseUser].department if scim_user[EnterpriseUser] else None + ) + user.groups = [ + Backend.instance.get(models.Group, group.value) + for group in scim_user.groups or [] + if group.value + ] + return user + + +def group_from_canaille_to_scim(group): + return Group( + id=group.id, + meta=Meta( + resource_type="Group", + created=group.created, + last_modified=group.last_modified, + location=url_for("scim.query_group", group=group, _external=True), + ), + display_name=group.display_name, + members=[ + Group.Members( + value=user.id, + type="User", + display=user.display_name, + ref=url_for("scim.query_user", user=user, _external=True), + ) + for user in group.members or [] + ] + or None, + ) + + +def group_from_scim_to_canaille(scim_group: Group, group): + group.display_name = scim_group.display_name + + members = [] + for member in scim_group.members or []: + # extract the user identifier from scim/v2/Users/ + identifier = member.ref.split("/")[-1] + members.append(Backend.instance.get(models.User, identifier)) + + group.members = members + + return group diff --git a/doc/development/specifications.rst b/doc/development/specifications.rst index 35f0299e..ea7e9a73 100644 --- a/doc/development/specifications.rst +++ b/doc/development/specifications.rst @@ -48,9 +48,52 @@ OpenID Connect SCIM ---- -- ❌ `RFC7642: System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirements `_ -- ❌ `RFC7643: System for Cross-domain Identity Management: Core Schema `_ -- ❌ `RFC7644: System for Cross-domain Identity Management: Protocol `_ +Canaille provides a basic SCIM server implementation. + +- 🟠 `RFC7642: System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirements `_ +- 🟠 `RFC7643: System for Cross-domain Identity Management: Core Schema `_ +- 🟠 `RFC7644: System for Cross-domain Identity Management: Protocol `_ + +Client-side implementation (i.e. broadcasting changes on users and groups among clients) and advanced features will be implemented in the future. + +What's implemented +~~~~~~~~~~~~~~~~~~ + +Endpoints: + +- /Users (GET, POST) +- /Users/ (GET, PUT, DELETE) +- /Groups (GET, POST) +- /Groups/ (GET, PUT, DELETE) +- /ServiceProviderConfig (GET) +- /Schemas (GET) +- /Schemas/ (GET) +- /ResourceTypes (GET) +- /ResourceTypes/ (GET) + +Features: + +- :rfc:`pagination <7644#section-3.4.2.4>` + +.. _scim_unimplemented: + +What is not implemented yet +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Endpoints: + +- /Users (PATCH) +- /Groups (PATCH) +- :rfc:`/Me <7644#section-3.11>` (GET, POST, PUT, PATCH, DELETE) +- :rfc:`/Bulk <7644#section-3.11>` (POST) +- :rfc:`/.search <7644#section-3.4.3>` (POST) + +Features + +- :rfc:`filtering <7644#section-3.4.2.2>` +- :rfc:`sorting <7644#section-3.4.2.3>` +- :rfc:`attributes selection <7644#section-3.4.2.5>` +- :rfc:`ETags <7644#section-3.14>` Comparison with other providers =============================== @@ -64,7 +107,7 @@ Canaille voluntarily only implements the OpenID Connect protocol to keep its cod | +-------+-----------+------+------+------+------+------+------+-------+ | | FLOSS | Language | LOC | OIDC | SAML | CAS | SCIM | LDAP | SQL | +===============+=======+===========+======+======+======+======+======+======+=======+ -| Canaille | ✅  | Python | 10k | ✅ | ❌ | ❌ | ❌ | ✅ | ✅ | +| Canaille | ✅  | Python | 10k | ✅ | ❌ | ❌ | 🟠 | ✅ | ✅ | +---------------+-------+-----------+------+------+------+------+------+------+-------+ | `Auth0`_ | ❌  | ❔ | ❔ | ✅ | ✅ | ❌ | ✅ | ✅ | ❔ | +---------------+-------+-----------+------+------+------+------+------+------+-------+ diff --git a/doc/locales/doc.pot b/doc/locales/doc.pot index 54621a7d..5e400e82 100644 --- a/doc/locales/doc.pot +++ b/doc/locales/doc.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: canaille 0.0.56\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2024-12-09 23:25+0100\n" +"POT-Creation-Date: 2024-12-11 17:35+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -17,2828 +17,2969 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" #: ../development/changelog.rst:2 -#: 3fb33c37ddc0459280f3c58be943008e +#: 939119e221dc48ccadef61738f593f75 msgid "Release notes" msgstr "" #: ../development/changelog.rst:4 -#: 67e645fac3b646bba12959afa71710cc +#: 5c86e0ddf13b4a11afae719b4a8c4213 msgid "All notable changes to this project will be documented in there." msgstr "" #: ../development/changelog.rst:6 -#: 6c5d0b8435cf4001afa1fe74104daf7a +#: 61e5050f997c46568da55c6829f11531 msgid "The format is based on `Keep a Changelog `_, and this project adheres to `Semantic Versioning `_." msgstr "" #: ../../CHANGES.rst:2 -#: c415689d242946298da972c97d5bb0c4 +#: 206f6798b58b44e9ade1689d820c7552 msgid "[0.0.57] - Unreleased" msgstr "" #: ../../CHANGES.rst:5 -#: ../../CHANGES.rst:27 -#: ../../CHANGES.rst:55 -#: ../../CHANGES.rst:74 -#: ../../CHANGES.rst:81 -#: ../../CHANGES.rst:100 -#: ../../CHANGES.rst:160 -#: ../../CHANGES.rst:186 -#: ../../CHANGES.rst:201 -#: ../../CHANGES.rst:250 -#: ../../CHANGES.rst:276 -#: ../../CHANGES.rst:295 -#: ../../CHANGES.rst:303 -#: ../../CHANGES.rst:312 -#: ../../CHANGES.rst:338 -#: ../../CHANGES.rst:373 -#: ../../CHANGES.rst:399 -#: ../../CHANGES.rst:448 -#: ../../CHANGES.rst:476 -#: ../../CHANGES.rst:506 -#: ../../CHANGES.rst:562 -#: ../../CHANGES.rst:595 -#: ../../CHANGES.rst:616 -#: ../../CHANGES.rst:626 -#: ../../CHANGES.rst:649 -#: ../../CHANGES.rst:716 -#: ../../CHANGES.rst:754 -#: ../../CHANGES.rst:771 -#: ../../CHANGES.rst:807 -#: 91a8054efa234209906812cdd41bd586 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: f290d44be0ec48a6b509a60a763954d6 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 -#: 2e9453d4722144fd9ad7f53b28a7cb37 +#: ../../CHANGES.rst:33 +#: ../../CHANGES.rst:61 +#: ../../CHANGES.rst:80 +#: ../../CHANGES.rst:87 +#: ../../CHANGES.rst:106 +#: ../../CHANGES.rst:166 +#: ../../CHANGES.rst:192 +#: ../../CHANGES.rst:207 +#: ../../CHANGES.rst:256 +#: ../../CHANGES.rst:282 +#: ../../CHANGES.rst:301 +#: ../../CHANGES.rst:309 +#: ../../CHANGES.rst:318 +#: ../../CHANGES.rst:344 +#: ../../CHANGES.rst:379 +#: ../../CHANGES.rst:405 +#: ../../CHANGES.rst:454 +#: ../../CHANGES.rst:482 +#: ../../CHANGES.rst:512 +#: ../../CHANGES.rst:568 +#: ../../CHANGES.rst:601 +#: ../../CHANGES.rst:622 +#: ../../CHANGES.rst:632 +#: ../../CHANGES.rst:655 +#: ../../CHANGES.rst:722 +#: ../../CHANGES.rst:760 +#: ../../CHANGES.rst:777 +#: ../../CHANGES.rst:813 +#: 5b2ae28202d249e39370b51c82a35bda +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 +#: a10a871fc6ea42e8a52a1aa323001a53 msgid "Added" msgstr "" #: ../../CHANGES.rst:6 -#: 05060126fea740ef82fba8246132aa6e -msgid "Password compromission check :issue:`179`" +#: 0952593cb9c24691baaf0bbbeafbefd0 +msgid "Multi-factor authentication :issue:`47`" msgstr "" #: ../../CHANGES.rst:7 -#: a90b270f7e144a4b81babbac96f5ff22 -msgid ":attr:`~canaille.core.configuration.CoreSettings.ADMIN_EMAIL` and :attr:`~canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_COMPROMISSION_CHECK` and :attr:`~canaille.core.configuration.CoreSettings.API_URL_HIBP` :issue:`179`" -msgstr "" - -#: ../../CHANGES.rst:11 -#: 2cfcbdba2e9541dbab610bc724a2683a -msgid "Implement OIDC client_credentials flow. :issue:`207`" +#: 4eaf987f0daa4715826a62f691583866 +msgid ":attr:`~canaille.core.configuration.CoreSettings.OTP_METHOD` and :attr:`~canaille.core.configuration.CoreSettings.EMAIL_OTP` and :attr:`~canaille.core.configuration.CoreSettings.SMS_OTP` and :attr:`~canaille.core.configuration.CoreSettings.SMPP` :issue:`47`" msgstr "" #: ../../CHANGES.rst:12 -#: 1e36a8464f6045708cf07b39bcdfea1c -msgid "Button in the client admin page to create client tokens." +#: ba76f44c46d54198af2dcd0692442ce2 +msgid "Password compromission check :issue:`179`" msgstr "" -#: ../../CHANGES.rst:15 -#: ../../CHANGES.rst:35 -#: ../../CHANGES.rst:48 -#: ../../CHANGES.rst:60 -#: ../../CHANGES.rst:85 -#: ../../CHANGES.rst:93 -#: ../../CHANGES.rst:141 -#: ../../CHANGES.rst:167 -#: ../../CHANGES.rst:219 -#: ../../CHANGES.rst:256 -#: ../../CHANGES.rst:325 -#: ../../CHANGES.rst:343 -#: ../../CHANGES.rst:381 -#: ../../CHANGES.rst:420 -#: ../../CHANGES.rst:455 -#: ../../CHANGES.rst:498 -#: ../../CHANGES.rst:602 -#: ../../CHANGES.rst:656 -#: ../../CHANGES.rst:688 -#: ../../CHANGES.rst:702 -#: 254357b217fe4a309d66a400497a104a -#: 254357b217fe4a309d66a400497a104a -#: 254357b217fe4a309d66a400497a104a -#: 254357b217fe4a309d66a400497a104a -#: 254357b217fe4a309d66a400497a104a -#: 254357b217fe4a309d66a400497a104a -#: 254357b217fe4a309d66a400497a104a -#: 254357b217fe4a309d66a400497a104a -#: 254357b217fe4a309d66a400497a104a -#: 254357b217fe4a309d66a400497a104a -#: 254357b217fe4a309d66a400497a104a -#: 254357b217fe4a309d66a400497a104a -#: 254357b217fe4a309d66a400497a104a -#: 254357b217fe4a309d66a400497a104a -#: 254357b217fe4a309d66a400497a104a -#: 254357b217fe4a309d66a400497a104a -#: 254357b217fe4a309d66a400497a104a -#: 254357b217fe4a309d66a400497a104a -#: 254357b217fe4a309d66a400497a104a -#: 254357b217fe4a309d66a400497a104a -msgid "Changed" -msgstr "" - -#: ../../CHANGES.rst:16 -#: bb196cd8528b48628628ab53c5288b49 -msgid "PostgreSQL and MySQL extras does not rely on libraries that need to be compiled." +#: ../../CHANGES.rst:13 +#: 4eaf987f0daa4715826a62f691583866 +msgid ":attr:`~canaille.core.configuration.CoreSettings.ADMIN_EMAIL` and :attr:`~canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_COMPROMISSION_CHECK` and :attr:`~canaille.core.configuration.CoreSettings.API_URL_HIBP` :issue:`179`" msgstr "" #: ../../CHANGES.rst:17 -#: c36865875c264bb4a34d614ea2be23cf -msgid "``.env`` files are not loaded by default. The ``ENV_FILE`` env var must be passed so ``.env`` files are loaded." +#: c3938df1d7fc47aa9e9e686b32366a0a +msgid "Implement OIDC client_credentials flow. :issue:`207`" msgstr "" -#: ../../CHANGES.rst:20 -#: 045b041136be49de8d54674ad57fea87 -msgid "[0.0.56] - 2024-11-07" +#: ../../CHANGES.rst:18 +#: 7412b825ef54497db43d6f157d46fb6b +msgid "Button in the client admin page to create client tokens." +msgstr "" + +#: ../../CHANGES.rst:21 +#: ../../CHANGES.rst:41 +#: ../../CHANGES.rst:54 +#: ../../CHANGES.rst:66 +#: ../../CHANGES.rst:91 +#: ../../CHANGES.rst:99 +#: ../../CHANGES.rst:147 +#: ../../CHANGES.rst:173 +#: ../../CHANGES.rst:225 +#: ../../CHANGES.rst:262 +#: ../../CHANGES.rst:331 +#: ../../CHANGES.rst:349 +#: ../../CHANGES.rst:387 +#: ../../CHANGES.rst:426 +#: ../../CHANGES.rst:461 +#: ../../CHANGES.rst:504 +#: ../../CHANGES.rst:608 +#: ../../CHANGES.rst:662 +#: ../../CHANGES.rst:694 +#: ../../CHANGES.rst:708 +#: 51ebea9760e04f049db58a8d1e2fdd09 +#: 51ebea9760e04f049db58a8d1e2fdd09 +#: 51ebea9760e04f049db58a8d1e2fdd09 +#: 51ebea9760e04f049db58a8d1e2fdd09 +#: f16b19d1f00741a9a6ac39eca0c46f63 +#: 51ebea9760e04f049db58a8d1e2fdd09 +#: 51ebea9760e04f049db58a8d1e2fdd09 +#: 51ebea9760e04f049db58a8d1e2fdd09 +#: 51ebea9760e04f049db58a8d1e2fdd09 +#: 51ebea9760e04f049db58a8d1e2fdd09 +#: 51ebea9760e04f049db58a8d1e2fdd09 +#: 51ebea9760e04f049db58a8d1e2fdd09 +#: 51ebea9760e04f049db58a8d1e2fdd09 +#: 51ebea9760e04f049db58a8d1e2fdd09 +#: 51ebea9760e04f049db58a8d1e2fdd09 +#: 51ebea9760e04f049db58a8d1e2fdd09 +#: 51ebea9760e04f049db58a8d1e2fdd09 +#: 51ebea9760e04f049db58a8d1e2fdd09 +#: 51ebea9760e04f049db58a8d1e2fdd09 +#: 51ebea9760e04f049db58a8d1e2fdd09 +msgid "Changed" +msgstr "" + +#: ../../CHANGES.rst:22 +#: 5085714dd09e40dcbf2540a73162985c +msgid "PostgreSQL and MySQL extras does not rely on libraries that need to be compiled." msgstr "" #: ../../CHANGES.rst:23 -#: ../../CHANGES.rst:65 -#: ../../CHANGES.rst:104 -#: ../../CHANGES.rst:112 -#: ../../CHANGES.rst:120 -#: ../../CHANGES.rst:127 -#: ../../CHANGES.rst:134 -#: ../../CHANGES.rst:148 -#: ../../CHANGES.rst:178 -#: ../../CHANGES.rst:191 -#: ../../CHANGES.rst:209 -#: ../../CHANGES.rst:228 -#: ../../CHANGES.rst:236 -#: ../../CHANGES.rst:262 -#: ../../CHANGES.rst:270 -#: ../../CHANGES.rst:290 -#: ../../CHANGES.rst:320 -#: ../../CHANGES.rst:352 -#: ../../CHANGES.rst:360 -#: ../../CHANGES.rst:386 -#: ../../CHANGES.rst:406 -#: ../../CHANGES.rst:430 -#: ../../CHANGES.rst:440 -#: ../../CHANGES.rst:461 -#: ../../CHANGES.rst:469 -#: ../../CHANGES.rst:492 -#: ../../CHANGES.rst:515 -#: ../../CHANGES.rst:527 -#: ../../CHANGES.rst:536 -#: ../../CHANGES.rst:545 -#: ../../CHANGES.rst:554 -#: ../../CHANGES.rst:574 -#: ../../CHANGES.rst:581 -#: ../../CHANGES.rst:631 -#: ../../CHANGES.rst:639 -#: ../../CHANGES.rst:664 -#: ../../CHANGES.rst:672 -#: ../../CHANGES.rst:680 -#: ../../CHANGES.rst:693 -#: ../../CHANGES.rst:707 -#: ../../CHANGES.rst:739 -#: ../../CHANGES.rst:762 -#: ../../CHANGES.rst:793 -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: f251ffbac69548f6b747cd4b8ea6f8ec -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: c582172293c74e6e9df5bb65756c4c6c -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 839f52c15ed94f0ba4a9356f392f728b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b -#: 13ee0de3f7db4046b8399917e8d52e0b +#: 9108b999fecf4abf910d338c13fd0fc0 +msgid "``.env`` files are not loaded by default. The ``ENV_FILE`` env var must be passed so ``.env`` files are loaded." +msgstr "" + +#: ../../CHANGES.rst:26 +#: 56edbd9989cf41c4b9b58dfd5e108991 +msgid "[0.0.56] - 2024-11-07" +msgstr "" + +#: ../../CHANGES.rst:29 +#: ../../CHANGES.rst:71 +#: ../../CHANGES.rst:110 +#: ../../CHANGES.rst:118 +#: ../../CHANGES.rst:126 +#: ../../CHANGES.rst:133 +#: ../../CHANGES.rst:140 +#: ../../CHANGES.rst:154 +#: ../../CHANGES.rst:184 +#: ../../CHANGES.rst:197 +#: ../../CHANGES.rst:215 +#: ../../CHANGES.rst:234 +#: ../../CHANGES.rst:242 +#: ../../CHANGES.rst:268 +#: ../../CHANGES.rst:276 +#: ../../CHANGES.rst:296 +#: ../../CHANGES.rst:326 +#: ../../CHANGES.rst:358 +#: ../../CHANGES.rst:366 +#: ../../CHANGES.rst:392 +#: ../../CHANGES.rst:412 +#: ../../CHANGES.rst:436 +#: ../../CHANGES.rst:446 +#: ../../CHANGES.rst:467 +#: ../../CHANGES.rst:475 +#: ../../CHANGES.rst:498 +#: ../../CHANGES.rst:521 +#: ../../CHANGES.rst:533 +#: ../../CHANGES.rst:542 +#: ../../CHANGES.rst:551 +#: ../../CHANGES.rst:560 +#: ../../CHANGES.rst:580 +#: ../../CHANGES.rst:587 +#: ../../CHANGES.rst:637 +#: ../../CHANGES.rst:645 +#: ../../CHANGES.rst:670 +#: ../../CHANGES.rst:678 +#: ../../CHANGES.rst:686 +#: ../../CHANGES.rst:699 +#: ../../CHANGES.rst:713 +#: ../../CHANGES.rst:745 +#: ../../CHANGES.rst:768 +#: ../../CHANGES.rst:799 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 +#: ada79906de064c77a4cff6eda5238016 msgid "Fixed" msgstr "" -#: ../../CHANGES.rst:24 -#: 10c707b06b884b168b2dd26bffd7bf76 +#: ../../CHANGES.rst:30 +#: 3d50d62c605c4973956375e2229be4f1 msgid "With LDAP backend, updating another user groups could result in a permission lost for the editor. :issue:`202`" msgstr "" -#: ../../CHANGES.rst:28 -#: efa1fc20329f42918fe6a530617cf102 +#: ../../CHANGES.rst:34 +#: ce5db69d7e134a938f544bc4c14c2dbc msgid ":attr:`~canaille.core.configuration.CoreSettings.MAX_PASSWORD_LENGHT` and :attr:`~canaille.core.configuration.CoreSettings.MIN_PASSWORD_LENGHT` configuration options :issue:`174`" msgstr "" -#: ../../CHANGES.rst:30 -#: cdab69b7537c452caa3eadb572993a40 +#: ../../CHANGES.rst:36 +#: 0952593cb9c24691baaf0bbbeafbefd0 msgid "Password strength visual indicator. :issue:`174`" msgstr "" -#: ../../CHANGES.rst:31 -#: 2ae6bad543d64621886630d3db7832e6 +#: ../../CHANGES.rst:37 +#: 34660cc568ac402485a0ae2a226c3ed9 msgid "Security events logs. :issue:`177`" msgstr "" -#: ../../CHANGES.rst:32 -#: 40ab5f1ed3bc406fb662d0025e5b3212 +#: ../../CHANGES.rst:38 +#: 74390b590e9e4714bff818c8d9d95630 msgid "Support for Python 3.13. :pr:`186`" msgstr "" -#: ../../CHANGES.rst:36 -#: c7940e351aac4939b964ccb80cebd616 +#: ../../CHANGES.rst:42 +#: 962e298f8c7c44a8b3b0f450eb596537 msgid "Update to `HTMX` 2.0.3. :pr:`184`" msgstr "" -#: ../../CHANGES.rst:37 -#: dfc1569ae0ec412d86503a0695522fa5 +#: ../../CHANGES.rst:43 +#: ab78bee0981041d3ade7f68673ab3f12 msgid "Migrate the Python project management tool from poetry to uv. :pr:`187`" msgstr "" -#: ../../CHANGES.rst:38 -#: 40c97bec2553487fa62efc486d3ee444 +#: ../../CHANGES.rst:44 +#: 7cb284d8934d4df7b96b3d995f0ae69a msgid "The ``sql`` package extra is now split between ``sqlite``, ``postgresql`` and ``mysql``." msgstr "" -#: ../../CHANGES.rst:41 -#: ../../CHANGES.rst:391 -#: ../../CHANGES.rst:799 -#: bc1a20b5783a4fe38fa201438a8075e5 -#: bc1a20b5783a4fe38fa201438a8075e5 -#: bc1a20b5783a4fe38fa201438a8075e5 +#: ../../CHANGES.rst:47 +#: ../../CHANGES.rst:397 +#: ../../CHANGES.rst:805 +#: 06fd8459f24443f5bc2dd961a2174774 +#: 06fd8459f24443f5bc2dd961a2174774 +#: 06fd8459f24443f5bc2dd961a2174774 msgid "Removed" msgstr "" -#: ../../CHANGES.rst:42 -#: 3f97d00692d047dbbecb5c18a2d45b07 +#: ../../CHANGES.rst:48 +#: 7dbb1818231144988378efbcc14e0335 msgid "End support for Python 3.9. :pr:`179`" msgstr "" -#: ../../CHANGES.rst:45 -#: 4a57056601f148969254d2f049e0f460 +#: ../../CHANGES.rst:51 +#: bb731fcd74024f44b0b679df8fd1de3b msgid "[0.0.55] - 2024-08-30" msgstr "" -#: ../../CHANGES.rst:49 -#: a037ad5da20049ad82e9f9b0d766cfbb +#: ../../CHANGES.rst:55 +#: e3f7e5b1ec3d471bbaad41ad6afbd38e msgid "Use poetry-core build backend. :pr:`178`" msgstr "" -#: ../../CHANGES.rst:52 -#: d6bf96b8e5cc4a6f8e099b48c1951a6a +#: ../../CHANGES.rst:58 +#: 97d86f7b7b6d4df3a78b00068c114b55 msgid "[0.0.54] - 2024-07-25" msgstr "" -#: ../../CHANGES.rst:56 -#: 062bcc176aac499384187fcb06e2a00b +#: ../../CHANGES.rst:62 +#: 0f6a7830c88b4121b1141a68853d36fd msgid "Group member removal can be achieved from the group edition page. :issue:`192`" msgstr "" -#: ../../CHANGES.rst:57 -#: 8680469549c74d37a52b1c6252c74d57 +#: ../../CHANGES.rst:63 +#: 761788b232b74eb089dd20c1a57bcf2a msgid "Model management commands. :issue:`117` :issue:`54`" msgstr "" -#: ../../CHANGES.rst:61 -#: c19428c67d8f4d198d0ab97defe14fb3 +#: ../../CHANGES.rst:67 +#: 1e28ba0fab8947bfbb7b10fc9dfca645 msgid "Model `identifier_attributes` are fixed." msgstr "" -#: ../../CHANGES.rst:62 -#: 571f38b1484b43e2beed6f33eb675700 +#: ../../CHANGES.rst:68 +#: 72287f1ba34c4cc8b2cf0b4af47bbd53 msgid "Bump to `HTMX` 1.9.12. :pr:`172`" msgstr "" -#: ../../CHANGES.rst:67 -#: 9e54da898699471194477836791f08a6 +#: ../../CHANGES.rst:73 +#: 72071aa06de847d29dcd9500881409d0 msgid "Dark theme colors for better readability." msgstr "" -#: ../../CHANGES.rst:68 -#: 4e0f2a8e03a447e59cb0a2b0e6d208f1 +#: ../../CHANGES.rst:74 +#: 600f70e2aecd4eba9ddee16500df48db msgid "Crash for passwordless users at login when no SMTP server was configured." msgstr "" -#: ../../CHANGES.rst:71 -#: a9273241db7e4137bac5973b20e3ec5d +#: ../../CHANGES.rst:77 +#: 09953502ecec43198af93b4c10d5dc3e msgid "[0.0.53] - 2024-04-22" msgstr "" -#: ../../CHANGES.rst:75 -#: 17fbf739a68a4e59b5cc6da8befa1c6f +#: ../../CHANGES.rst:81 +#: 4627291987094c60b1acc76d520719b4 msgid "`env_prefix` :meth:`~canaille.create_app` variable can select the environment var prefix." msgstr "" -#: ../../CHANGES.rst:78 -#: 7bdc8f732053463b95353cdf5c994838 +#: ../../CHANGES.rst:84 +#: f21535ae9e6643708c8459143e861870 msgid "[0.0.52] - 2024-04-22" msgstr "" -#: ../../CHANGES.rst:82 -#: bc7d1037cdfd40a69044f465467f6834 +#: ../../CHANGES.rst:88 +#: c9c3eb7bdd894b96b0adf60e33691fd4 msgid "`env_file` create_app variable can customize/disable the .env file." msgstr "" -#: ../../CHANGES.rst:86 -#: 9685a5e5a13147f093ac57e2039fe11b +#: ../../CHANGES.rst:92 +#: 7cda9bf8a22540d0b3233546e130847f msgid "Locked users cannot be impersonated anymore." msgstr "" -#: ../../CHANGES.rst:87 -#: 1b83a24a97384c2faab67e915701e6b2 +#: ../../CHANGES.rst:93 +#: 965223cd352948c8a77f1b4ce2b50ce4 msgid "Minimum Python requirement is 3.9." msgstr "" -#: ../../CHANGES.rst:90 -#: e88f01e3f89f45f2a63b456f8e304d3d +#: ../../CHANGES.rst:96 +#: de227140ea8e4d629ffd4189dbd43460 msgid "[0.0.51] - 2024-04-09" msgstr "" -#: ../../CHANGES.rst:94 -#: aae3d126989840578ec2b08058aad688 +#: ../../CHANGES.rst:100 +#: 79f55debd9964020a684739fd256ef14 msgid "Display the menu bar on error pages." msgstr "" -#: ../../CHANGES.rst:97 -#: 22b11dc18595450fa5e7fe5f35824ebe +#: ../../CHANGES.rst:103 +#: 27a5f8ea8faa41deaf71ae8564fd43a5 msgid "[0.0.50] - 2024-04-09" msgstr "" -#: ../../CHANGES.rst:101 -#: fc1bc503759c4beb943e9dcbf0c4a9cf +#: ../../CHANGES.rst:107 +#: 8d78dcd06ac84e7d9075dbb55d08b68c msgid "Sign in/out events are logged in. :issue:`177`" msgstr "" -#: ../../CHANGES.rst:105 -#: cfe0182123c94bcc9ee847739bd2e114 +#: ../../CHANGES.rst:111 +#: f54c1f04263c4f19bf7c01a9e9fb1533 msgid "`HTMX` and `JAVASCRIPT` configuration settings." msgstr "" -#: ../../CHANGES.rst:106 -#: 3bc7c83763d34549bac91df86a22b3a0 +#: ../../CHANGES.rst:112 +#: aac9f0d6bc274a6998bed8663e581445 msgid "Compatibility with old sessions IDs." msgstr "" -#: ../../CHANGES.rst:109 -#: cdee0bee34024d21bace2d77ff637ed9 +#: ../../CHANGES.rst:115 +#: 6c309d659a9d4b00897c0c86136117f2 msgid "[0.0.49] - 2024-04-08" msgstr "" -#: ../../CHANGES.rst:113 -#: f9c9585c305d47628adffcae287229d2 +#: ../../CHANGES.rst:119 +#: e40c5385bf174d4dbdeb1e6c8f2bbca9 msgid "LDAP user group removal." msgstr "" -#: ../../CHANGES.rst:114 -#: c25c5c6a9cca4061be6502cae5e86ba2 +#: ../../CHANGES.rst:120 +#: db426dd917e9449ea1571f6d90fb59cb msgid "Display an error message when trying to remove the last user from a group." msgstr "" -#: ../../CHANGES.rst:117 -#: 5e0c66b55801444497954839297b97eb +#: ../../CHANGES.rst:123 +#: aa9c1e96a9d84eb388b2ad22b0b9fa86 msgid "[0.0.48] - 2024-04-08" msgstr "" -#: ../../CHANGES.rst:121 -#: bd9920a130844ee897863a6b649484e2 +#: ../../CHANGES.rst:127 +#: 3bbde6f2fc244902955a6b16a1d9bdc6 msgid "LDAP ``objectClass`` guessing exception." msgstr "" -#: ../../CHANGES.rst:124 -#: 93cf829932204311ba399ae713aff29f +#: ../../CHANGES.rst:130 +#: f55a477d72624ef691e7a783940c3208 msgid "[0.0.47] - 2024-04-08" msgstr "" -#: ../../CHANGES.rst:128 -#: b7a5d3351a334b0592b12373e1c7afa6 +#: ../../CHANGES.rst:134 +#: aa6227db351548d1a883af36de508805 msgid "Lazy permission loading exception." msgstr "" -#: ../../CHANGES.rst:131 -#: c6000ae4f0fc4d488ab180c3aa9eb144 +#: ../../CHANGES.rst:137 +#: 665fb2129c5f4c498a9eca30a7625d69 msgid "[0.0.46] - 2024-04-08" msgstr "" -#: ../../CHANGES.rst:135 -#: db4476f22ad049f49833696323eb1b33 +#: ../../CHANGES.rst:141 +#: a736243f81d845d5a13e66303db4632d msgid "Saving an object with the LDAP backend keeps the ``objectClass`` un-managed by Canaille. :pr:`171`" msgstr "" -#: ../../CHANGES.rst:138 -#: d7117b0322b549ff87b73b8e4c839915 +#: ../../CHANGES.rst:144 +#: 23d50243f242497eafeb43190b191910 msgid "[0.0.45] - 2024-04-04" msgstr "" -#: ../../CHANGES.rst:142 -#: 9690ab893eef4290a52b1137f24b9be8 +#: ../../CHANGES.rst:148 +#: 8ca38c12afde4e1d881f0f631dee2180 msgid "Internal indexation mechanism of :class:`~canaille.backends.memory.model.MemoryModel`." msgstr "" -#: ../../CHANGES.rst:145 -#: be79650410904879b53da2c62ac092d5 +#: ../../CHANGES.rst:151 +#: 0ec8aaff2a864d52beaead02de313d2f msgid "[0.0.44] - 2024-03-29" msgstr "" -#: ../../CHANGES.rst:149 -#: 1c2533bc36b548c59361d7b3e304cce6 +#: ../../CHANGES.rst:155 +#: 23af820d08664c0dbf3229567505e6a9 msgid "Fix the default LDAP ``USER_FILTER`` value." msgstr "" -#: ../../CHANGES.rst:150 -#: c429e79bd5aa46edb7b4cd1bd87c3ad8 +#: ../../CHANGES.rst:156 +#: 695d4f4fe29a4f07960244b87ee1db21 msgid "Fix the OIDC feature detection." msgstr "" -#: ../../CHANGES.rst:153 -#: 51a43a574cc943b5912effdaa67f8690 +#: ../../CHANGES.rst:159 +#: e7f1b082e81e4486b09fc76512e49dc5 msgid "[0.0.43] - 2024-03-29" msgstr "" -#: ../../CHANGES.rst:157 -#: ../../CHANGES.rst:416 -#: 02e8eccba3b74e889a68c78dc51e0a24 -#: 02e8eccba3b74e889a68c78dc51e0a24 +#: ../../CHANGES.rst:163 +#: ../../CHANGES.rst:422 +#: 5cd7f27a291e46298c9a3aa6ee0e5cf0 +#: 5cd7f27a291e46298c9a3aa6ee0e5cf0 msgid "Configuration files must be updated." msgstr "" -#: ../../CHANGES.rst:162 -#: a39fba5f25754fdc9f0f339142ff0320 +#: ../../CHANGES.rst:168 +#: d7d284cc9b424ec69d5240b428964d52 msgid "Add ``created`` and ``last_modified`` datetime for all models." msgstr "" -#: ../../CHANGES.rst:163 -#: b1e37ddf62994798a70a23cff76ed4d6 +#: ../../CHANGES.rst:169 +#: 19050fc882664743866b11a49ca7e398 msgid "Sitemap to the documentation. :pr:`169`" msgstr "" -#: ../../CHANGES.rst:164 -#: 54cf20bc59af4634af6b3f2d0e10c5e9 +#: ../../CHANGES.rst:170 +#: bd7c56451cfa479fb3b8d19275045b6e msgid "Configuration management with `pydantic-settings`. :issue:`138` :pr:`170`" msgstr "" -#: ../../CHANGES.rst:169 -#: 689b4f88ba4b43db8c8b1a7bff0aebe6 +#: ../../CHANGES.rst:175 +#: d3e65f7666664d4f8ca54f02bf597c71 msgid "Use default Python logging configuration format. :issue:`188` :pr:`165`" msgstr "" -#: ../../CHANGES.rst:170 -#: 7d18c66450654e25a65749ea273b859d +#: ../../CHANGES.rst:176 +#: ae5e4441862443b9aac1e26cf19a8908 msgid "Bump to `HTMX` 1.99.11. :pr:`166`" msgstr "" -#: ../../CHANGES.rst:171 -#: 9d053f12577548bc8cff1add00376bae +#: ../../CHANGES.rst:177 +#: e487c2a78a354c6e85ec43fda9f59c4d msgid "Use the standard tomllib Python module instead of `toml` starting from Python 3.11. :pr:`167`" msgstr "" -#: ../../CHANGES.rst:172 -#: fd8c1c0314b2465c9cacb4ba593eae77 +#: ../../CHANGES.rst:178 +#: e80e66bd46e14c0fae82950444ba043b msgid "Use shibuya as the documentation theme :pr:`168`" msgstr "" -#: ../../CHANGES.rst:175 -#: abc0b3ba739e4f99866d02027d8128d2 +#: ../../CHANGES.rst:181 +#: 0eb0c4eec73848d283d54626e8538c61 msgid "[0.0.42] - 2023-12-29" msgstr "" -#: ../../CHANGES.rst:180 -#: 74e8932123b744b2809d370b36980326 +#: ../../CHANGES.rst:186 +#: 8e57897d767b4603a54db28c97416ee8 msgid "Avoid to fail on imports if ``cryptography`` is missing." msgstr "" -#: ../../CHANGES.rst:183 -#: 41f209b7a9054599b7b71d4fab3afe8f +#: ../../CHANGES.rst:189 +#: f4ff69324e6e4a24b2f5aabf9ee71655 msgid "[0.0.41] - 2023-12-25" msgstr "" -#: ../../CHANGES.rst:188 -#: 77ff8fdeadf94e2f8696b2f5b9bd9349 +#: ../../CHANGES.rst:194 +#: 39dd9ec6c6c2415fa90973a715a08d9f msgid "OIDC support for the ``create`` value of the ``prompt`` parameter. :issue:`185` :pr:`164`" msgstr "" -#: ../../CHANGES.rst:193 -#: 8940d9836a9f46a09613c3646e1d55f8 +#: ../../CHANGES.rst:199 +#: 7d59a023c9bc4a9b94f4339112602d32 msgid "Correctly set up :attr:`~canaille.oidc.basemodels.Client.audience` during OIDC dynamic registration." msgstr "" -#: ../../CHANGES.rst:194 -#: bb9a9230771445b6a7c93f042fb289ee +#: ../../CHANGES.rst:200 +#: 1e194b3a94034c65936a18174d1078c5 msgid "``post_logout_redirect_uris`` was ignored during OIDC dynamic registration." msgstr "" -#: ../../CHANGES.rst:195 -#: b5d0341447ef443b969d2a48457442f2 +#: ../../CHANGES.rst:201 +#: d9f10cf1c5b3401d95f461f57dbfbece msgid "Group field error prevented the registration form validation." msgstr "" -#: ../../CHANGES.rst:198 -#: 7bcad6150cbc4883817538eb23bed3bd +#: ../../CHANGES.rst:204 +#: 6653ebc2588a4ad8989581ca1060f1d9 msgid "[0.0.40] - 2023-12-22" msgstr "" -#: ../../CHANGES.rst:203 -#: aae4204166c443f99e04d84842dd6dd9 +#: ../../CHANGES.rst:209 +#: 1eb728d8f35e4e57bd9b4284c7dd677b msgid "The ``THEME`` setting can be a relative path." msgstr "" -#: ../../CHANGES.rst:206 -#: 26224cfa5ee647a2b15239a78065f5f7 +#: ../../CHANGES.rst:212 +#: 37f2ef92582741e2985bab37fb6495df msgid "[0.0.39] - 2023-12-15" msgstr "" -#: ../../CHANGES.rst:211 -#: 14b2b67c379045d681ee712797f44328 +#: ../../CHANGES.rst:217 +#: b46f180dbba54aafb438013586a4100f msgid "Crash when no ACL were defined." msgstr "" -#: ../../CHANGES.rst:212 -#: 38649598ac954d29843b54b15343dd15 +#: ../../CHANGES.rst:218 +#: 958f8c3ecc57438e835053b3a7d87721 msgid "OIDC Userinfo endpoint is also available in POST." msgstr "" -#: ../../CHANGES.rst:213 -#: ed1da2958a1646fd82c70171a5c04317 +#: ../../CHANGES.rst:219 +#: c37693d772f44c64b03f3baee793c0a1 msgid "Fix redirection after password reset. :issue:`159`" msgstr "" -#: ../../CHANGES.rst:216 -#: 8f2bc47f69554f539aa2836958029d59 +#: ../../CHANGES.rst:222 +#: 9f0b57bb752141079ef51cc0833d3597 msgid "[0.0.38] - 2023-12-15" msgstr "" -#: ../../CHANGES.rst:221 -#: 24f252671c9a4a3590e94e5e563e4d19 +#: ../../CHANGES.rst:227 +#: b208dfe943e64175906f965703dc33dd msgid "Convert all the `PNG` pictures in `Webp`. :pr:`162`" msgstr "" -#: ../../CHANGES.rst:222 -#: 8a1d423f79f749868c06a775e9c21bd2 +#: ../../CHANGES.rst:228 +#: 3827e636cee240479b1fcedbc86bdfde msgid "Update to Flask 3. :issue:`161` :pr:`163`" msgstr "" -#: ../../CHANGES.rst:225 -#: 9d53638e5933499baafec12390f02e23 +#: ../../CHANGES.rst:231 +#: acb7a5113f214b84b7f8fd21b48e22de msgid "[0.0.37] - 2023-12-01" msgstr "" -#: ../../CHANGES.rst:230 -#: 5ed255dd094a4a3aae1b75edf54001ad +#: ../../CHANGES.rst:236 +#: a22ebfb72b3d4c8c8285d99f4a18ed88 msgid "Handle 4xx and 5xx error codes with HTMX. :issue:`171` :pr:`161`" msgstr "" -#: ../../CHANGES.rst:233 -#: 26d16685ada341a29bf6ee6e98997128 +#: ../../CHANGES.rst:239 +#: 5033ceb76b61492896a738cbabdf0e1a msgid "[0.0.36] - 2023-12-01" msgstr "" -#: ../../CHANGES.rst:238 -#: 2cfddfd6843e4cbfb1b645c84bc70322 +#: ../../CHANGES.rst:244 +#: df785fb08515480b8205eb8d521d699b msgid "Avoid crashing when LDAP groups references unexisting users." msgstr "" -#: ../../CHANGES.rst:239 -#: f5714a32e81841e29f2619f6ee5464e8 +#: ../../CHANGES.rst:245 +#: e24d3cf2b5344f3196d44717249eeac9 msgid "Password reset and initialization mails were only sent to the preferred user email address." msgstr "" -#: ../../CHANGES.rst:241 -#: 4e121ada1cc24b7b8051d085b0ce464b +#: ../../CHANGES.rst:247 +#: 279eb5763cb9437e98472ba23ef09cb9 msgid "Password reset and initialization mails were not sent at all the user addresses if one email address could not be reached." msgstr "" -#: ../../CHANGES.rst:243 -#: c5fc8c86d3df4732b3a06f70dd89af18 +#: ../../CHANGES.rst:249 +#: 8dbbbb93c0d9468db5756b74091a0346 msgid "Password comparison was too permissive on login." msgstr "" -#: ../../CHANGES.rst:244 -#: 36f936a6dd8c41c5bc833d928f347321 +#: ../../CHANGES.rst:250 +#: 2d5c6dab823a45df94ab7061b78fa140 msgid "Encrypt passwords in the SQL backend." msgstr "" -#: ../../CHANGES.rst:247 -#: 76befacfb135435fbee6ee0fe07f40e5 +#: ../../CHANGES.rst:253 +#: 09acf9167bb14934ac3e4b763914df5c msgid "[0.0.35] - 2023-11-25" msgstr "" -#: ../../CHANGES.rst:252 -#: 14d361d80e4c429f929b943d3321e895 +#: ../../CHANGES.rst:258 +#: b616ae34c6084446b826cbb4bea285ce msgid "Refresh token grant supports other client authentication methods. :pr:`157`" msgstr "" -#: ../../CHANGES.rst:253 -#: c52cda2685214bcab533db539acee007 +#: ../../CHANGES.rst:259 +#: 5e0cc8d4b2f9482cb0dd7d15578824ca msgid "Implement a SQLAlchemy backend. :issue:`30` :pr:`158`" msgstr "" -#: ../../CHANGES.rst:258 -#: 57670f55b7644a0888ab65cd2da2fd8c +#: ../../CHANGES.rst:264 +#: 1379d1aee7ee46fca1a78b6015f8d450 msgid "Model attributes cardinality is closer to SCIM model. :pr:`155`" msgstr "" -#: ../../CHANGES.rst:259 -#: f4ef25b7b38b42a48fb2a32c5cd8888f +#: ../../CHANGES.rst:265 +#: 08f54a2189ba47dbb2e65e442181d6fd msgid "Bump to `HTMX` 1.9.9. :pr:`159`" msgstr "" -#: ../../CHANGES.rst:264 -#: 49b0b7da40204fdeaf40c5281235c2a6 +#: ../../CHANGES.rst:270 +#: 001465c19ae140678ce9a78eb0ae7ff5 msgid "Disable `HTMX` boosting during the OIDC dance. :pr:`160`" msgstr "" -#: ../../CHANGES.rst:267 -#: db372dee122e4b4fb18c2c99dd056ce2 +#: ../../CHANGES.rst:273 +#: e063fae1c9984dc0af421058e9bfb500 msgid "[0.0.34] - 2023-10-02" msgstr "" -#: ../../CHANGES.rst:272 -#: a4b5211e96894c5d9d51b2630d6aea17 +#: ../../CHANGES.rst:278 +#: 3aadd82912d6401f8fddc3655ad594b9 msgid "Canaille installations without account lockabilty could not delete users. :pr:`153`" msgstr "" -#: ../../CHANGES.rst:278 -#: 4f4ca04b08a04dcb8f6a2eb6605f0e13 +#: ../../CHANGES.rst:284 +#: 52c2946196324ed2bfacac3fb518a6a1 msgid "If users register or authenticate during a OAuth Authorization phase, they get redirected back to that page afterwards. :issue:`168` :pr:`151`" msgstr "" -#: ../../CHANGES.rst:281 -#: 298ffe26093441918be8b38d13f0cc58 +#: ../../CHANGES.rst:287 +#: e0bb3561373b4651b98fcc1df2e5db94 msgid "The `flask-babel` and `pytz` libraries are now part of the `front` packaging extras." msgstr "" -#: ../../CHANGES.rst:282 -#: ccb502180d634f11ad173619af1b68d8 +#: ../../CHANGES.rst:288 +#: 9cc1748f2a624399ae9983904d6765fc msgid "Bump to `fomantic-ui` 2.9.3. :pr:`152`" msgstr "" -#: ../../CHANGES.rst:283 -#: 7413676f512d4473972484920ff5f060 +#: ../../CHANGES.rst:289 +#: ec7e3985dc034f43bc0e2411086928e7 msgid "Bump to `HTMX` 1.9.6. :pr:`154`" msgstr "" -#: ../../CHANGES.rst:284 -#: 7905327465c44c09b2a10854abe79960 +#: ../../CHANGES.rst:290 +#: 768b97eabcb04396a1c3f7e3691c3ed2 msgid "Support for Python 3.12. :pr:`155`" msgstr "" -#: ../../CHANGES.rst:287 -#: 808e57e560f74a25b60029fbd6531d2e +#: ../../CHANGES.rst:293 +#: 4664970b84d545e18a553f8191bc6e8b msgid "[0.0.33] - 2023-08-26" msgstr "" -#: ../../CHANGES.rst:292 -#: 1179dc27648248188fdecf5696fd5045 +#: ../../CHANGES.rst:298 +#: 3456a02cbd894fccb45ffc1108226c5a msgid "OIDC jwks endpoint do not return empty `kid` claim." msgstr "" -#: ../../CHANGES.rst:297 -#: b8b2caca239b4b609143ffd267522a16 +#: ../../CHANGES.rst:303 +#: fd6c83b8455f4402b82ffe670e6c83c1 msgid "Documentation details on the Canaille models." msgstr "" -#: ../../CHANGES.rst:300 -#: dd35ed0e27664b6b954e9b39881f14bc +#: ../../CHANGES.rst:306 +#: 1f3135eb404e412787af9b4f971ea523 msgid "[0.0.32] - 2023-08-17" msgstr "" -#: ../../CHANGES.rst:305 -#: bdcae061315a4e92a6bc1a48475cb351 +#: ../../CHANGES.rst:311 +#: fe7a0cb646094a3d9b2428f7b7d2f3d4 msgid "Additional inmemory backend. :issue:`30` :pr:`149`" msgstr "" -#: ../../CHANGES.rst:306 -#: c39cbed721254ce5ad9c250de1e7ea41 +#: ../../CHANGES.rst:312 +#: 82523d1da67a46089ffd899f134486dd msgid "Installation extras. :issue:`167` :pr:`150`" msgstr "" -#: ../../CHANGES.rst:309 -#: 5311648e4c714ed29e89e9644167f963 +#: ../../CHANGES.rst:315 +#: 9b5b3399c9fd4f3bbc8e152ee37e7910 msgid "[0.0.31] - 2023-08-15" msgstr "" -#: ../../CHANGES.rst:314 -#: a6a4b510a0ac4b4ebeb9160510f72d77 +#: ../../CHANGES.rst:320 +#: b2ebe664d67047a5882a33ac5c75875b msgid "Configuration option to disable the forced usage of OIDC `nonce` parameter. :pr:`143`" msgstr "" -#: ../../CHANGES.rst:315 -#: 37eb24ef005e44da8ae0f4c48bda766c +#: ../../CHANGES.rst:321 +#: 463b404944d9465fa6a17d3d3c0ea106 msgid "Validate phone numbers with a regex. :pr:`146`" msgstr "" -#: ../../CHANGES.rst:316 -#: 2be2120a0500430a8d854d1b8f19a0bf +#: ../../CHANGES.rst:322 +#: 0effe02b658f49698ab59c14e9103fbe msgid "Email verification. :issue:`41` :pr:`147`" msgstr "" -#: ../../CHANGES.rst:317 -#: d3be95492ef348efa77976515d4ffca9 +#: ../../CHANGES.rst:323 +#: ca5e445840644c90980662464ea67abc msgid "Account registration. :issue:`55` :pr:`133` :pr:`148`" msgstr "" -#: ../../CHANGES.rst:322 -#: 1a3da0153c2b451d99665d2b61c512f2 +#: ../../CHANGES.rst:328 +#: 3792c9999c5a44c892129bce1c222552 msgid "The `check` command uses the default configuration values." msgstr "" -#: ../../CHANGES.rst:327 -#: 15f35fa96af04e508b1a6448d866cb5f +#: ../../CHANGES.rst:333 +#: 6e0b77065c024ebb96f30998294a3b8d msgid "Modals do not need use Javascript at the moment. :issue:`158` :pr:`144`" msgstr "" -#: ../../CHANGES.rst:330 -#: add3188842de44b691dfbe3152546f7b +#: ../../CHANGES.rst:336 +#: e513ff9194cb493fb3273e811b5b96d0 msgid "[0.0.30] - 2023-07-06" msgstr "" -#: ../../CHANGES.rst:334 -#: b96e981450334eee84128d7dffb40d8f +#: ../../CHANGES.rst:340 +#: 7bd32f1cc1c24ce9a6a7a4f3d7fd6024 msgid "Configuration files must be updated. Check the new format with ``git diff 0.0.29 0.0.30 canaille/conf/config.sample.toml``" msgstr "" -#: ../../CHANGES.rst:340 -#: ab83051dda0b48d185846e49011f2429 +#: ../../CHANGES.rst:346 +#: a3f5487d18624886a2adee2c28346eae msgid "Configuration option to disable Javascript. :pr:`141`" msgstr "" -#: ../../CHANGES.rst:345 -#: 85fb804c891f444c9de116e6e4771526 +#: ../../CHANGES.rst:351 +#: e6ab42f3565b415f85d7778e5ac18966 msgid "The configuration parameter ``USER_FILTER`` is parsed with Jinja." msgstr "" -#: ../../CHANGES.rst:346 -#: 42d91f7cf5a3438a8bcb0bd5c193f1ea +#: ../../CHANGES.rst:352 +#: de4e44a5b6324f389effc64a28a69c5d msgid "Configuration use ``PRIVATE_KEY_FILE`` instead of ``PRIVATE_KEY`` and ``PUBLIC_KEY_FILE`` instead of ``PUBLIC_KEY``." msgstr "" -#: ../../CHANGES.rst:349 -#: 30736e0e4b854b46940e80c38023946a +#: ../../CHANGES.rst:355 +#: 812f9e5828dd4912bc832214d5ae721d msgid "[0.0.29] - 2023-06-30" msgstr "" -#: ../../CHANGES.rst:354 -#: 89d319fb81e148cb8f82f4b1a5a5390c +#: ../../CHANGES.rst:360 +#: 81bf1e1132f44c5399805dc865372873 msgid "Disabled `HTMX` boosting on OIDC forms to avoid errors." msgstr "" -#: ../../CHANGES.rst:357 -#: 68d32ee84fa642dfbf358ef907193eb8 +#: ../../CHANGES.rst:363 +#: 0b442eaa0f7f44919f3793aac59d4b4d msgid "[0.0.28] - 2023-06-30" msgstr "" -#: ../../CHANGES.rst:362 -#: 5490daf53fd144c0b6b360e90bf5667b +#: ../../CHANGES.rst:368 +#: 3b645ba8d22642f7ae36a9401a170414 msgid "A template variable was misnamed." msgstr "" -#: ../../CHANGES.rst:365 -#: c65a251ed68a49beaff42740c12ce76a +#: ../../CHANGES.rst:371 +#: 1c8d7269601c4cbf8c6952063000a5f1 msgid "[0.0.27] - 2023-06-29" msgstr "" -#: ../../CHANGES.rst:369 -#: ccf84fb0d4cd47058c3849498bd92259 +#: ../../CHANGES.rst:375 +#: 3082667648f14f86a48ba1f4c71c6bf1 msgid "Configuration files must be updated. Check the new format with ``git diff 0.0.26 0.0.27 canaille/conf/config.sample.toml``" msgstr "" -#: ../../CHANGES.rst:375 -#: 0856562aad23492aa6efc7f6e4bf8f90 +#: ../../CHANGES.rst:381 +#: d37a0bf60d6a407094dca1df32907bc3 msgid "Configuration entries can be loaded from files if the entry key has a *_FILE* suffix and the entry value is the path to the file. :issue:`134` :pr:`134`" msgstr "" -#: ../../CHANGES.rst:377 -#: 24fa209262e04bcbb46c2ab7c881fbaa +#: ../../CHANGES.rst:383 +#: b198cedfd2dc4b1ca5caffb7281b2b77 msgid "Field list support. :issue:`115` :pr:`136`" msgstr "" -#: ../../CHANGES.rst:378 -#: eaff808f9ce745c59a1b373ab0ef90ab +#: ../../CHANGES.rst:384 +#: bda5916225d046aa92eee4df020d31d7 msgid "Pages are boosted with `HTMX`. :issue:`144` :issue:`145` :pr:`137`" msgstr "" -#: ../../CHANGES.rst:383 -#: 8afcdb0ddd8f4e6c9941315ff1b06538 +#: ../../CHANGES.rst:389 +#: f0103671112e414da54f464537b92886 msgid "Bump to jquery 3.7.0. :pr:`138`" msgstr "" -#: ../../CHANGES.rst:388 -#: a6e1f4b8a72f4500ab437a86f6e98d06 +#: ../../CHANGES.rst:394 +#: a3de7cd9d0b74333bbe2252c30b27d24 msgid "Profile edition when the user RDN was not ``uid``. :issue:`148` :pr:`139`" msgstr "" -#: ../../CHANGES.rst:393 -#: cfcf7ee77bb84df1bcd780df223e9044 +#: ../../CHANGES.rst:399 +#: a8ee95c286e44ee190211fc2e7792b41 msgid "Stop support for Python 3.7. :pr:`131`" msgstr "" -#: ../../CHANGES.rst:396 -#: 42eab7328c604747ad6bde0067cb6603 +#: ../../CHANGES.rst:402 +#: 031ef0bde1a142fda5313115f399b305 msgid "[0.0.26] - 2023-06-03" msgstr "" -#: ../../CHANGES.rst:401 -#: b621a029c6ec420d8708f0ddd4b49c85 +#: ../../CHANGES.rst:407 +#: 8cd815265cd245d8ae32992c885e4c63 msgid "Implemented account expiration based on OpenLDAP ppolicy overlay. Needs OpenLDAP 2.5+. :issue:`13` :pr:`118`" msgstr "" -#: ../../CHANGES.rst:403 -#: 05f5b0808e74429b92bf61fa570014cf +#: ../../CHANGES.rst:409 +#: f7ab79e41d1c400fa0f5be534df749eb msgid "Timezone configuration entry. :issue:`137` :pr:`130`" msgstr "" -#: ../../CHANGES.rst:408 -#: d7e71d1ce6704911b7e5094538cc1084 +#: ../../CHANGES.rst:414 +#: 01a6b5ffbd164e11a7d13c2a720b6230 msgid "Avoid setting ``None`` in JWT claims when they have no value." msgstr "" -#: ../../CHANGES.rst:409 -#: e16dcca3b764486d874401ba65e22f78 +#: ../../CHANGES.rst:415 +#: 1b9beda783b14033b13b34bb69dcf94e msgid "Display password recovery button on OIDC login page. :pr:`129`" msgstr "" -#: ../../CHANGES.rst:412 -#: dcbd97e0bc4f44babcdc9ad9a503c162 +#: ../../CHANGES.rst:418 +#: 98f294fe9c78448e92a9340f14812660 msgid "[0.0.25] - 2023-05-05" msgstr "" -#: ../../CHANGES.rst:417 -#: 4109765130284304994ae405858bdd3c +#: ../../CHANGES.rst:423 +#: b9e80a38348a4fabb577d17c476ef787 msgid "Check the new format with ``git diff 0.0.25 0.0.24 canaille/conf/config.sample.toml``" msgstr "" -#: ../../CHANGES.rst:422 -#: c4645c08f789400bba029897871bb828 +#: ../../CHANGES.rst:428 +#: d72e485b1606403e895166193d518a26 msgid "Renamed user model attributes to match SCIM naming convention. :pr:`123`" msgstr "" -#: ../../CHANGES.rst:423 -#: 3c58d21fdc81418e8ee43179c2d6384f +#: ../../CHANGES.rst:429 +#: f53dae9936ca4478b6575167779eb297 msgid "Moved OIDC related configuration entries in ``OIDC``." msgstr "" -#: ../../CHANGES.rst:424 -#: 5b002906414e41448a3fadea87d71e45 +#: ../../CHANGES.rst:430 +#: c097b3593a1f42d882167cef3925368a msgid "Moved ``LDAP`` configuration entry to ``BACKENDS.LDAP``." msgstr "" -#: ../../CHANGES.rst:425 -#: d58c113094474cf3b82e8a3303202bb6 +#: ../../CHANGES.rst:431 +#: 88b8faa16b314ab3bc05c8a24dc7432e msgid "Bumped to `HTMX` 1.9.0. :pr:`124`" msgstr "" -#: ../../CHANGES.rst:426 -#: 3bbdffb495f74fccbdb9eeb78a8eaf81 +#: ../../CHANGES.rst:432 +#: 391a6692f5de4897ac370fc253b7caf4 msgid "ACL filters are no more LDAP filters but user attribute mappings. :pr:`125`" msgstr "" -#: ../../CHANGES.rst:427 -#: 0d3ea4f8df2542e0a7da5029159f31e0 +#: ../../CHANGES.rst:433 +#: 286baa01210c47ee8a9c71a8c51e72fb msgid "Bumped to `HTMX` 1.9.2. :pr:`127`" msgstr "" -#: ../../CHANGES.rst:432 -#: 71139e5ab6e34c2a87d51d3d04c0dbc0 +#: ../../CHANGES.rst:438 +#: 2f5e152512fe493c9e5f291f3dc47ca3 msgid "``OIDC.JWT.MAPPING`` configuration entry is really optional now." msgstr "" -#: ../../CHANGES.rst:433 -#: e34b111a3a8b4e2da966a36107a682b5 +#: ../../CHANGES.rst:439 +#: 646ffd29b1694f58a41036fec066e023 msgid "Fixed empty model attributes registration. :pr:`125`" msgstr "" -#: ../../CHANGES.rst:434 -#: 566d49eca850419cbb39c3a78a4160aa +#: ../../CHANGES.rst:440 +#: 8ef81a1e8e584cab90c6401a07c88b81 msgid "Password initialization mails were not correctly sent. :pr:`128`" msgstr "" -#: ../../CHANGES.rst:437 -#: f461dc48e9c846628f7ddb99b18252c6 +#: ../../CHANGES.rst:443 +#: e9729b8de309453a862cb61a500d83a6 msgid "[0.0.24] - 2023-04-07" msgstr "" -#: ../../CHANGES.rst:442 -#: 007393d26d6e4375a0e05cbbf6c41d65 +#: ../../CHANGES.rst:448 +#: e25900ea2cb9451f9def4f1230cf311b msgid "Fixed avatar update. :pr:`122`" msgstr "" -#: ../../CHANGES.rst:445 -#: 0ddfaf5df815484f9eb469a884e5f667 +#: ../../CHANGES.rst:451 +#: 6b0ff68eb4d048f9a87c723077b6a917 msgid "[0.0.23] - 2023-04-05" msgstr "" -#: ../../CHANGES.rst:450 -#: 2e7346baddf44a7f9f5b9a05ae826913 +#: ../../CHANGES.rst:456 +#: 45d12b8c7b044a6aa129a826cb589403 msgid "Organization field. :pr:`116`" msgstr "" -#: ../../CHANGES.rst:451 -#: 1c68c43ae90f4e2e944dab12514f06d1 +#: ../../CHANGES.rst:457 +#: 7554a21c2da44a10ae7044507e7e8ef1 msgid "ETag and Last-Modified headers on user photos. :pr:`116`" msgstr "" -#: ../../CHANGES.rst:452 -#: bcaf8fe7d8e940f191ed6ea5178566c1 +#: ../../CHANGES.rst:458 +#: 56e3c78c43bc4ebfb789357d53401f12 msgid "Dynamic form validation. :pr:`120`" msgstr "" -#: ../../CHANGES.rst:457 -#: 2b077ff5215a4b20b8438e82f4366ada +#: ../../CHANGES.rst:463 +#: eef201e52d6e487fb83b276678dcf6ad msgid "UX rework. Submenu addition. :pr:`114`" msgstr "" -#: ../../CHANGES.rst:458 -#: 166152fdbf6248e8a4af29f4f3bf5b6e +#: ../../CHANGES.rst:464 +#: f6dfc94a3486418cb94ebe88c6078543 msgid "Properly handle LDAP date timezones. :pr:`117`" msgstr "" -#: ../../CHANGES.rst:463 -#: 343c4102b6d648018544f151f97540e1 +#: ../../CHANGES.rst:469 +#: c81b6adf5d6e40e8b0aeb2898e40c692 msgid "CSRF protection on every forms. :pr:`119`" msgstr "" -#: ../../CHANGES.rst:466 -#: 7140973831594dacad0bd205ca9b60e5 +#: ../../CHANGES.rst:472 +#: 41e5cc643b4e4c35b9d04ed3c6eba537 msgid "[0.0.22] - 2023-03-13" msgstr "" -#: ../../CHANGES.rst:470 -#: 67dc897fec2946598dbb4fe82db8a94f +#: ../../CHANGES.rst:476 +#: e510bec507814d5387a49ba6117ef0a7 msgid "The `Faker` library is not imported anymore when the `clean` command is called." msgstr "" -#: ../../CHANGES.rst:473 -#: 58e3c0af1ce74125bf42a5ea16b88fbf +#: ../../CHANGES.rst:479 +#: 9af418bca29f4c169f5720ea8e14e9ac msgid "[0.0.21] - 2023-03-12" msgstr "" -#: ../../CHANGES.rst:478 -#: a25f75d9086a4499aa1088e537f21bc3 +#: ../../CHANGES.rst:484 +#: 6c81ccf5040343cebb06fe34cc66221e msgid "Display TOS and policy URI on the consent list page. :pr:`102`" msgstr "" -#: ../../CHANGES.rst:479 -#: e848a4f5372b44249423579a7e2cdc3d +#: ../../CHANGES.rst:485 +#: 4d19d14961744e028504787840181114 msgid "Admin token deletion. :pr:`100` :pr:`101`" msgstr "" -#: ../../CHANGES.rst:480 -#: 61b841de5b89407d9912c8c73309111a +#: ../../CHANGES.rst:486 +#: cf00a4a47f2a4463a3cc06dd126d589d msgid "Revoked consents can be restored. :pr:`103`" msgstr "" -#: ../../CHANGES.rst:481 -#: 656acd80913242a4820a20bc76d797e8 +#: ../../CHANGES.rst:487 +#: 06108983455940049911e3b8892f8735 msgid "Pre-consented clients are displayed in the user consent list, and their consents can be revoked. :issue:`69` :pr:`103`" msgstr "" -#: ../../CHANGES.rst:483 -#: e08c1586240745fa9537dd7501475c0d +#: ../../CHANGES.rst:489 +#: 2f26c80f733b42f99df3af94c8774ad5 msgid "A ``populate`` command can be used to fill the database with random users generated with faker. :pr:`105`" msgstr "" -#: ../../CHANGES.rst:485 -#: dc653adfdbc441589c385b956ae9739e +#: ../../CHANGES.rst:491 +#: 64049d3aa81141f3b29778b9f2f3d188 msgid "SMTP SSL support. :pr:`108`" msgstr "" -#: ../../CHANGES.rst:486 -#: c69d8b01e4194d5b9268b84ab81849d6 +#: ../../CHANGES.rst:492 +#: 6f16cdf0ce864a20b13344f84e6dfefb msgid "Server side pagination. :issue:`114` :pr:`111`" msgstr "" -#: ../../CHANGES.rst:487 -#: 5b4f3aa107a74df3ba845920503dfdc5 +#: ../../CHANGES.rst:493 +#: 7aeacbe0b4fa48c79db52ed0cf7229fd msgid "Department number support. :issue:`129`" msgstr "" -#: ../../CHANGES.rst:488 -#: d219e1ac8fa148d5b6e4babc678fbeb2 +#: ../../CHANGES.rst:494 +#: e5bb989cd1fe472cb845dfe3de958f55 msgid "Address edition support (but not in the OIDC claims yet). :pr:`112`" msgstr "" -#: ../../CHANGES.rst:489 -#: 52d2ceda28ab430a984dee19f8766b2a +#: ../../CHANGES.rst:495 +#: 1140843546bf41dd826bf71bea29ff23 msgid "Title edition support. :pr:`113`" msgstr "" -#: ../../CHANGES.rst:494 -#: c4aca25daa3b491f9208d71f7715800f +#: ../../CHANGES.rst:500 +#: d9bd3caa1f4f47ebb304efd457802ca1 msgid "Client deletion also deletes related :class:`~canaille.oidc.basemodels.Consent`, :class:`~canaille.oidc.basemodels.Token` and :class:`~canaille.oidc.basemodels.AuthorizationCode` objects. :issue:`126` :pr:`98`" msgstr "" -#: ../../CHANGES.rst:500 -#: a1c057df21a9436a9b149fb91fdb28d0 +#: ../../CHANGES.rst:506 +#: ac1feaf507284b65bab96bc30457d263 msgid "Removed the `DataTables` Javascript library." msgstr "" -#: ../../CHANGES.rst:503 -#: 74a0312b6fff499fa609d0adbe73dfac +#: ../../CHANGES.rst:509 +#: d0d7087c87844d069df327a34667ef31 msgid "[0.0.20] - 2023-01-28" msgstr "" -#: ../../CHANGES.rst:508 -#: c443970df56e4203b8ee3fd9e4fa2395 +#: ../../CHANGES.rst:514 +#: 6254c6b37dea417d908d7679fa0c2df5 msgid "Spanish translation. :pr:`85` :pr:`88`" msgstr "" -#: ../../CHANGES.rst:509 -#: 9e42a95e59a74c5584d1144c249a57c1 +#: ../../CHANGES.rst:515 +#: 3a8a7c3e462e4388a29c87ea44bbca31 msgid "Dedicated connectivity test email. :pr:`89`" msgstr "" -#: ../../CHANGES.rst:510 -#: e06855259b6f463897acd0f8a23cd05e +#: ../../CHANGES.rst:516 +#: 6c73a2cff39a4b8caacfca57f27ba60b msgid "Update to jquery 3.6.3. :pr:`90`" msgstr "" -#: ../../CHANGES.rst:511 -#: 96cb7430946248108d8c97973a4799d5 +#: ../../CHANGES.rst:517 +#: 2a31509ad04a41d4a9ceab66e4447c61 msgid "Update to fomantic-ui 2.9.1. :pr:`90`" msgstr "" -#: ../../CHANGES.rst:512 -#: 5b5784d9aedb4949bac1591395fc7eb9 +#: ../../CHANGES.rst:518 +#: 1b8798a48e73416383644caadcb8c9d0 msgid "Update to DataTables 1.13.1. :pr:`90`" msgstr "" -#: ../../CHANGES.rst:517 -#: e88b90b5e0eb418f99ea2839c1e79943 +#: ../../CHANGES.rst:523 +#: 43bb3fea7c22470bb734e723ae6ec2dc msgid "Fix typos and grammar errors. :pr:`84`" msgstr "" -#: ../../CHANGES.rst:518 -#: d333115d646f4ccf9a5bb2dc4d23eba0 +#: ../../CHANGES.rst:524 +#: 28f37a5212944339bb10de4c91b1555d msgid "Fix wording and punctuations. :pr:`86`" msgstr "" -#: ../../CHANGES.rst:519 -#: cfc153afa2ec4bee9c2dd589a234716c +#: ../../CHANGES.rst:525 +#: 3511a582ca4d4dd5b57f04e945ff2615 msgid "Fix HTML lang tag. :issue:`122` :pr:`87`" msgstr "" -#: ../../CHANGES.rst:520 -#: a2dc7b3677d040c7a43bde721f766029 +#: ../../CHANGES.rst:526 +#: 227f6ecacee547eab969399f3543c1a9 msgid "Automatically trims the HTML translated strings. :pr:`91`" msgstr "" -#: ../../CHANGES.rst:521 -#: 9a91064adb7f414fab73518fbc77b01d +#: ../../CHANGES.rst:527 +#: ce4262a979b34e588c4d99db8ec9fae6 msgid "Fixed dynamic registration scope management. :issue:`123` :pr:`93`" msgstr "" -#: ../../CHANGES.rst:524 -#: d7a2cda6d8e24cc484f13ee4df40c1ea +#: ../../CHANGES.rst:530 +#: 3326dbb8be62452d8140320a39612093 msgid "[0.0.19] - 2023-01-14" msgstr "" -#: ../../CHANGES.rst:529 -#: f7c94b5e7545458e8375ef8a8e3dc21c +#: ../../CHANGES.rst:535 +#: c15def45121b4d30ab4c57c640f5da6a msgid "Ensures the token `expires_in` claim and the `access_token` `exp` claim have the same value. :pr:`83`" msgstr "" -#: ../../CHANGES.rst:533 -#: 9291df232e4b4a7eb97fb87504f9b8d4 +#: ../../CHANGES.rst:539 +#: 2e2f24525dba4a819e97e6589907d0a5 msgid "[0.0.18] - 2022-12-28" msgstr "" -#: ../../CHANGES.rst:538 -#: c896b9996ab24cfeb217e9ebfdbed090 +#: ../../CHANGES.rst:544 +#: 82745fec4b984965b3d0b81bed5a3941 msgid "OIDC end_session was not returning the ``state`` parameter in the ``post_logout_redirect_uri``. :pr:`82`" msgstr "" -#: ../../CHANGES.rst:542 -#: 2fa2e9a70b8d4ab4bed4d7f0d8d68f37 +#: ../../CHANGES.rst:548 +#: 3bd062d77c0048d3816421ed0de978e6 msgid "[0.0.17] - 2022-12-26" msgstr "" -#: ../../CHANGES.rst:547 -#: cff81f4ef5254cfdb1e6ba76c2c3b9f6 +#: ../../CHANGES.rst:553 +#: 4f0e0feb2cca4a8eb54473f5764cfcc7 msgid "Fixed group deletion button. :pr:`80`" msgstr "" -#: ../../CHANGES.rst:548 -#: 552d92ac7c364f198201b60a3abebae2 +#: ../../CHANGES.rst:554 +#: b6fc018fb2dc41ecaf43a313cf5330b9 msgid "Fixed post requests in oidc clients views. :pr:`81`" msgstr "" -#: ../../CHANGES.rst:551 -#: f7c78b950b184117855277070cb4e548 +#: ../../CHANGES.rst:557 +#: 0e9699c0d5a74e689fdb73d2ac431d28 msgid "[0.0.16] - 2022-12-15" msgstr "" -#: ../../CHANGES.rst:556 -#: 3e522208e81740fba479a43b017311fd +#: ../../CHANGES.rst:562 +#: a43af598d338438ea64a3352a866610c msgid "Fixed LDAP operational attributes handling." msgstr "" -#: ../../CHANGES.rst:559 -#: 53e83abb15b24cc0a3d589011cf7c2a3 +#: ../../CHANGES.rst:565 +#: 11d5f04851c847e6b3939176add7c1e2 msgid "[0.0.15] - 2022-12-15" msgstr "" -#: ../../CHANGES.rst:564 -#: 7194a505926740e3b52b81708d2818de +#: ../../CHANGES.rst:570 +#: ce751d2ad6e44f438e092afbdcfe72ce msgid "User can chose their display name. :pr:`77`" msgstr "" -#: ../../CHANGES.rst:565 -#: 5c5a59a03bd5497aa7474ae59e88f6bf +#: ../../CHANGES.rst:571 +#: 008bcd50172d46429d218c6afbd7bc0f msgid "Bumped to Authlib 1.2. :pr:`78`" msgstr "" -#: ../../CHANGES.rst:566 -#: 0a3d037fae66464b8c2dfeea28dd3eaf +#: ../../CHANGES.rst:572 +#: 3edcc407205b44918ab63920f9734a50 msgid "Implemented :rfc:`RFC7592 <7592>` OAuth 2.0 Dynamic Client Registration Management Protocol. :pr:`79`" msgstr "" -#: ../../CHANGES.rst:568 -#: 0670727ea1074acf968c49e71dc4062b +#: ../../CHANGES.rst:574 +#: e327d602ecac448f8f73a848047f6319 msgid "Add the ``nonce`` parameter to the ``claims_supported`` server metadata list." msgstr "" -#: ../../CHANGES.rst:571 -#: eb86b7335b7b4971812f25c9a2d37d1e +#: ../../CHANGES.rst:577 +#: 74ad576932584357834751ca5edd823a msgid "[0.0.14] - 2022-11-29" msgstr "" -#: ../../CHANGES.rst:575 -#: 9903a64c05994256813debf83e9a6b21 +#: ../../CHANGES.rst:581 +#: 1205e961f8944bbb8dbc519bbfdf4993 msgid "Fixed translation catalogs packaging." msgstr "" -#: ../../CHANGES.rst:578 -#: eb1e508e7d2c46bdb471cffecbe4d897 +#: ../../CHANGES.rst:584 +#: fc089f22a3a14548b469d6c4668bb3dc msgid "[0.0.13] - 2022-11-21" msgstr "" -#: ../../CHANGES.rst:583 -#: 6e71d21752234824bc42897b8a434bb3 +#: ../../CHANGES.rst:589 +#: ea1f503e84f04965b18a569cf25d2941 msgid "Fixed a bug on the contacts field in the admin client form following the LDAP schema update of 0.0.12." msgstr "" -#: ../../CHANGES.rst:585 -#: 374bd3f105af42bc8ea5c0de35e7437f +#: ../../CHANGES.rst:591 +#: 95a73e92dd77499c9109135edf0040cf msgid "Fixed a bug happening during RP initiated logout on clients without `post_logout_redirect_uri` defined." msgstr "" -#: ../../CHANGES.rst:587 -#: 6244294cde9d429dbab852b0f7721160 +#: ../../CHANGES.rst:593 +#: 5648d45162744cf4956d8d9c7d9bbf3d msgid "Gitlab CI fix. :pr:`64`" msgstr "" -#: ../../CHANGES.rst:588 -#: 8dc7de6abbd447f4a78272f33cbcb6cf +#: ../../CHANGES.rst:594 +#: 1b490834cff04cb99ff4b83f9e5dd758 msgid "Fixed `client_secret` display on the client administration page. :pr:`65`" msgstr "" -#: ../../CHANGES.rst:589 -#: be276c6c0aed433987b562fa51a9af06 +#: ../../CHANGES.rst:595 +#: 5d7cd051df4c45eb9b8e2beea6ec9659 msgid "Fixed non-square logo CSS. :pr:`67`" msgstr "" -#: ../../CHANGES.rst:590 -#: 45c4b643c08f4e98b8eb1994cca78051 +#: ../../CHANGES.rst:596 +#: 16e68eaca761436eb1add2beea510963 msgid "Fixed schema path on installation. :pr:`68`" msgstr "" -#: ../../CHANGES.rst:591 -#: 490ff7e15c244e1c80522169f52be22c +#: ../../CHANGES.rst:597 +#: 5d87e6344c9d474c821419beb33a1d56 msgid "Fixed RFC7591 ``software_statement`` claim support. :pr:`70`" msgstr "" -#: ../../CHANGES.rst:592 -#: 13d139a4ca6b420eb0780952acd8582c +#: ../../CHANGES.rst:598 +#: b65b8f602a7d4440936987b7c0143cf7 msgid "Fixed client preconsent disabling. :pr:`72`" msgstr "" -#: ../../CHANGES.rst:597 -#: f863beea190c4605afc13c35d7828c7e +#: ../../CHANGES.rst:603 +#: 05f32b1852b34334be85dc02f3bc2689 msgid "Python 3.11 support. :pr:`61`" msgstr "" -#: ../../CHANGES.rst:598 -#: dfa820f752f64485950bd9f2f4f2f798 +#: ../../CHANGES.rst:604 +#: 33289ea27c844082832e8eea78498d86 msgid "``apparmor`` slapd configuration instructions in the documentation page for contributions. :pr:`66`" msgstr "" -#: ../../CHANGES.rst:599 -#: 33f4b497e723467fb7cca94de105b331 +#: ../../CHANGES.rst:605 +#: d12ad2a4e17244f8b2719ba9d0749597 msgid "``preferredLanguage`` attribute support. :pr:`75`" msgstr "" -#: ../../CHANGES.rst:604 -#: 80931cb05ba54eb0bdd13af0e69ae5c4 +#: ../../CHANGES.rst:610 +#: dac1b885aa8243af874405b4ccce52f2 msgid "Replaced the use of the deprecated `FLASK_ENV` environment variable by `FLASK_DEBUG`." msgstr "" -#: ../../CHANGES.rst:606 -#: 74c0ecca84cb4195b047360a2a12b281 +#: ../../CHANGES.rst:612 +#: b6ca7ce41fa346b8bb3fa325f1e1ac0d msgid "Dynamically generate the server metadata. Users won't have to copy and manually edit ``oauth-authorizationserver.json`` and ``openid-configuration.json``. :pr:`71`" msgstr "" -#: ../../CHANGES.rst:609 -#: b56f59b2dd124c91a6268830cf4ddecc +#: ../../CHANGES.rst:615 +#: ae1b6570238e43f1ac83a511fece3cf5 msgid "The `FROM_ADDR` configuration option is not mandatory anymore. :pr:`73`" msgstr "" -#: ../../CHANGES.rst:610 -#: d701256eb4764f81827acd7b0a0dbda3 +#: ../../CHANGES.rst:616 +#: cba8b0fae91a4dfe9f0e05ddb541f667 msgid "The `JWT.ISS` configuration option is not mandatory anymore. :pr:`74`" msgstr "" -#: ../../CHANGES.rst:613 -#: 45607852e443428199051f1ecba9ba24 +#: ../../CHANGES.rst:619 +#: 36caf034f254408aa020410594ab0cce msgid "[0.0.12] - 2022-10-24" msgstr "" -#: ../../CHANGES.rst:618 -#: 9997d515babd44b4841ef0218885f1f1 +#: ../../CHANGES.rst:624 +#: 319c8b51be714d25ab11b9a83241970d msgid "Basic WebFinger endpoint. :pr:`59`" msgstr "" -#: ../../CHANGES.rst:619 -#: 509a601f77664756bc01064f20359cf6 +#: ../../CHANGES.rst:625 +#: 97c9f28850884353be68c0ada430c443 msgid "Bumped to FomanticUI 2.9.0." msgstr "" -#: ../../CHANGES.rst:620 -#: 2cfcbdba2e9541dbab610bc724a2683a +#: ../../CHANGES.rst:626 +#: c3938df1d7fc47aa9e9e686b32366a0a msgid "Implemented Dynamic Client Registration. :pr:`60`" msgstr "" -#: ../../CHANGES.rst:623 -#: 4acb242ffb5440d1a468e2d3c3856fe8 +#: ../../CHANGES.rst:629 +#: 5fbfc5c654b0443bac204c4743931636 msgid "[0.0.11] - 2022-08-11" msgstr "" -#: ../../CHANGES.rst:628 -#: 0c4bd2691ba9453b88a686a22ede18ef +#: ../../CHANGES.rst:634 +#: d3758c7b32f54dc38b34ab4f54a526ba msgid "Default theme has a dark variant. :pr:`57`" msgstr "" -#: ../../CHANGES.rst:633 -#: d3cabac68def4f77a693a6159bf2f5c0 +#: ../../CHANGES.rst:639 +#: eac5e673605c44bebeab671117d02935 msgid "Fixed missing ``canaille`` binary. :pr:`58`" msgstr "" -#: ../../CHANGES.rst:636 -#: 735459f4aeea42c6b0f7be4a2b06802f +#: ../../CHANGES.rst:642 +#: be7d08fe65be48d09396c1c7af7f0e49 msgid "[0.0.10] - 2022-07-07" msgstr "" -#: ../../CHANGES.rst:641 -#: f9dfd87d0fa145579e2297b27b61a11b +#: ../../CHANGES.rst:647 +#: f2759b5afad84126b4041f583edb72eb msgid "Online demo. :pr:`55`" msgstr "" -#: ../../CHANGES.rst:642 -#: 5e5eef7b53ce470ab0a0137617552a9c +#: ../../CHANGES.rst:648 +#: e3d980415ffb4cccb2272b1cf96719cc msgid "The consent page was displaying scopes not supported by clients. :pr:`56`" msgstr "" -#: ../../CHANGES.rst:643 -#: f7b8675a05b64bafb3efbbad603537ce +#: ../../CHANGES.rst:649 +#: d936dc556a9f4503b0802988273649d3 msgid "Fixed end session when user are already disconnected." msgstr "" -#: ../../CHANGES.rst:646 -#: a14c8084a27d463f82c1573d946a6676 +#: ../../CHANGES.rst:652 +#: 1732d28f09b24b89854f21bfe7942840 msgid "[0.0.9] - 2022-06-05" msgstr "" -#: ../../CHANGES.rst:651 -#: d04e2396209641cc84fa39d8bb397eaa +#: ../../CHANGES.rst:657 +#: a298893156394c80b5f843c7193b0ca8 msgid "``DISABLE_PASSWORD_RESET`` configuration option to disable password recovery. :pr:`46`" msgstr "" -#: ../../CHANGES.rst:652 -#: 01acc147a456445eb3858de7b0586dca +#: ../../CHANGES.rst:658 +#: c831a4847472435881495bdc121788f9 msgid "``edit_self`` ACL permission to control user self edition. :pr:`47`" msgstr "" -#: ../../CHANGES.rst:653 -#: dafb92303cb147909db73fdc619f1267 +#: ../../CHANGES.rst:659 +#: 312e6a546170436ea1fa95b58e7d91e1 msgid "`RP-initiated logout` implementation. :pr:`54`" msgstr "" -#: ../../CHANGES.rst:658 -#: f672b1443aa9498994204b20952103e4 +#: ../../CHANGES.rst:664 +#: 797b8359f6a449e5ba16bcc78088768f msgid "Bumped to Authlib 1. :pr:`48`" msgstr "" -#: ../../CHANGES.rst:659 -#: 18c1456a82f748cd9ee0d6abcb40801f +#: ../../CHANGES.rst:665 +#: 4d9126ad1c3742759d3d204f1cf76dac msgid "Various documentation improvements. :pr:`50`" msgstr "" -#: ../../CHANGES.rst:660 -#: 77c7a3b3242647718a3a94a1fc4d05a1 +#: ../../CHANGES.rst:666 +#: 36dc25439ee04162b5a0a808de0e823e msgid "Use poetry instead of setuptools as project management tool. :pr:`51`" msgstr "" -#: ../../CHANGES.rst:661 -#: 3b65181a80b64d0d8a474a5e643d3f80 +#: ../../CHANGES.rst:667 +#: f1fc01004b2f41349cbe787739c40b03 msgid "Additional tests for the OIDC ``nonce`` parameter. :pr:`52`" msgstr "" -#: ../../CHANGES.rst:665 -#: 35eef6ab06b940e8ad49bf31b7620404 +#: ../../CHANGES.rst:671 +#: 0183302671b24cb0b537b104dc58a9ea msgid "``HIDE_INVALID_LOGIN`` behavior and default value." msgstr "" -#: ../../CHANGES.rst:666 -#: 2792732f7d154df2b11a35b13114939b +#: ../../CHANGES.rst:672 +#: 781578064d2347228773e4f950d612b2 msgid "Compiled translation catalogs are not versioned anymore. :pr:`49` :pr:`53`" msgstr "" -#: ../../CHANGES.rst:669 -#: 8766634316d146ab8929259434391f34 +#: ../../CHANGES.rst:675 +#: d816db34635d4549985bb9d94d9a7862 msgid "[0.0.8] - 2022-03-15" msgstr "" -#: ../../CHANGES.rst:674 -#: f053b2fe7153473a81cb24bfc2b90c7d +#: ../../CHANGES.rst:680 +#: 5c82cce323c6462687804d2c7f006f8d msgid "Fixed dependencies." msgstr "" -#: ../../CHANGES.rst:677 -#: 6fe1289ea759485b9c3c7658461a409d +#: ../../CHANGES.rst:683 +#: e6ab77996ddc43dab6022173bbd8eae0 msgid "[0.0.7] - 2022-03-15" msgstr "" -#: ../../CHANGES.rst:682 -#: f40f5e320ea4412fadc8f1bc1d99198c +#: ../../CHANGES.rst:688 +#: db3701add4984f8c8dd764706a9639fd msgid "Fixed spaces and escaped special char in LDAP ``cn/dn`` attributes. :pr:`43`" msgstr "" -#: ../../CHANGES.rst:685 -#: ac9b3059b303486a9b31536f1726d873 +#: ../../CHANGES.rst:691 +#: 099a78c093eb4078914a63b9f15403b7 msgid "[0.0.6] - 2022-03-08" msgstr "" -#: ../../CHANGES.rst:690 -#: 357a41c66f054b9b830d9ae20551690d +#: ../../CHANGES.rst:696 +#: 4598be258efa4e99ab34d7bd5648a824 msgid "Access token are JWT. :pr:`38`" msgstr "" -#: ../../CHANGES.rst:695 -#: 20b619f456934ab09712d95d37ef12cd +#: ../../CHANGES.rst:701 +#: 19eb39b5f802426f9c1380f0d3c0dfbb msgid "Default groups on invitations. :pr:`41`" msgstr "" -#: ../../CHANGES.rst:696 -#: 74f8d8568cd1405bbef739de7b92f380 +#: ../../CHANGES.rst:702 +#: 81b3f2d331284cd1bd5d5a148b5d3b77 msgid "LDAP schemas are shipped within the Canaille package. :pr:`42`" msgstr "" -#: ../../CHANGES.rst:699 -#: 936cdbdb780241beb677c1a3c5d21735 +#: ../../CHANGES.rst:705 +#: bc34ed5400c7449886a6d25b679c7ae2 msgid "[0.0.5] - 2022-02-17" msgstr "" -#: ../../CHANGES.rst:704 -#: b49925c79428413ca8c31eff4f42a588 +#: ../../CHANGES.rst:710 +#: 45fc46e1672846778b27bc8766c1aeae msgid "LDAP model objects have new identifiers. :pr:`37`" msgstr "" -#: ../../CHANGES.rst:709 -#: 21e3bd1145ce480ea8a82394722cef34 +#: ../../CHANGES.rst:715 +#: 8973b4acdebf481783a30266f9502cc2 msgid "Admin menu dropdown display. :pr:`39`" msgstr "" -#: ../../CHANGES.rst:710 -#: b50bd877e6fa4055a450f65d4e0e6951 +#: ../../CHANGES.rst:716 +#: b5deb21feb4d45e58f0b010788916ecd msgid "``GROUP_ID_ATTRIBUTE`` configuration typo. :pr:`40`" msgstr "" -#: ../../CHANGES.rst:713 -#: 93523c049fd2438b9f8dbb942b657b7c +#: ../../CHANGES.rst:719 +#: 3dad472d941b4b5392930e039a934df2 msgid "[0.0.4] - 2022-02-16" msgstr "" -#: ../../CHANGES.rst:718 -#: 9cc5e4c0be3e43f98a84d076d254a7a8 +#: ../../CHANGES.rst:724 +#: 3086c540c13844a3b626a211f86a856b msgid "Client pre-authorization. :pr:`11`" msgstr "" -#: ../../CHANGES.rst:719 -#: b1444e5514e3495f8f05b00bfb31e54b +#: ../../CHANGES.rst:725 +#: b621896643ca409cac8c3007137ed084 msgid "LDAP permissions check with the check command. :pr:`12`" msgstr "" -#: ../../CHANGES.rst:720 -#: 81badbb21dfe4dd0bd990037947c24cf +#: ../../CHANGES.rst:726 +#: ac5232266c154c829a210031f4d8a1bc msgid "Update consents when a scope required is larger than the scope of an already given consent. :pr:`13`" msgstr "" -#: ../../CHANGES.rst:722 -#: 5f6092f6103d401e9fe4554e04ad12cb +#: ../../CHANGES.rst:728 +#: 7af42dde14864ada93162b9ea16e7cd4 msgid "Theme customization. :pr:`15`" msgstr "" -#: ../../CHANGES.rst:723 -#: 7e99d3a9c9134144a8e18989e6d0d633 +#: ../../CHANGES.rst:729 +#: b8096ecde48d430b91666fa493e4fffe msgid "Logging configuration. :pr:`16`" msgstr "" -#: ../../CHANGES.rst:724 -#: abd6618054b443efbb5101e9c32f0c90 +#: ../../CHANGES.rst:730 +#: 0db8075af2664c10be1433c0426592e5 msgid "Installation command. :pr:`17`" msgstr "" -#: ../../CHANGES.rst:725 -#: 18c69372e28c42c4b0ac0cae51fcd8aa +#: ../../CHANGES.rst:731 +#: 5a0d7f3aca6b446fba5f0d36512be8c1 msgid "Invitation links. :pr:`18`" msgstr "" -#: ../../CHANGES.rst:726 -#: 2e35dc7cf246485c97650451d1f41d93 +#: ../../CHANGES.rst:732 +#: 900b1cb1421848c78ccd8559ce8aa513 msgid "Advanced permissions. :pr:`20`" msgstr "" -#: ../../CHANGES.rst:727 -#: ef3b8ab7e89448089a9d09363832c7cc +#: ../../CHANGES.rst:733 +#: be2815e3ce9b44f6aeb64d24d7cd75ee msgid "An option to not use OIDC. :pr:`23`" msgstr "" -#: ../../CHANGES.rst:728 -#: 4d5d5581283a4eaabab00c6df18077a0 +#: ../../CHANGES.rst:734 +#: 6fe21ccaf0474887a8c6c04e69154ada msgid "Disable some features when no SMTP server is configured. :pr:`24`" msgstr "" -#: ../../CHANGES.rst:729 -#: a54b117ff68e47eabb66aa0a741790b1 +#: ../../CHANGES.rst:735 +#: 7fcdcf093e8849e59445af91ec4cfab6 msgid "Login placeholder dynamically generated according to the configuration. :pr:`25`" msgstr "" -#: ../../CHANGES.rst:730 -#: 8593aca44439457296e5591823f56739 +#: ../../CHANGES.rst:736 +#: 9bebc076e1b64cb3be67690a3e46e808 msgid "Added an option to tune object IDs. :pr:`26`" msgstr "" -#: ../../CHANGES.rst:731 -#: 548d5d09a1da4104aed49324dd3d96b6 +#: ../../CHANGES.rst:737 +#: 983fa51b51db46409b73d0ba279c76d5 msgid "Avatar support. :pr:`27`" msgstr "" -#: ../../CHANGES.rst:732 -#: e6275bae918547beab8caabaf64f57db +#: ../../CHANGES.rst:738 +#: 94758b3cf72342d2948e727f6deb10a7 msgid "Dynamical and configurable JWT claims. :pr:`28`" msgstr "" -#: ../../CHANGES.rst:733 -#: 82bbcaaa7973438696de021fbff14354 +#: ../../CHANGES.rst:739 +#: 33402d7e6d47455cbfc52aeb276a12f2 msgid "UI improvements. :pr:`29`" msgstr "" -#: ../../CHANGES.rst:734 -#: 70cd1dd3d81d4288b1c6bca674492944 +#: ../../CHANGES.rst:740 +#: 181fed73a01445ea9865aadc802e9642 msgid "Invitation links expiration. :pr:`30`" msgstr "" -#: ../../CHANGES.rst:735 -#: af865fef102c44bc801e8aec157c2835 +#: ../../CHANGES.rst:741 +#: eeaa39f7f6c842d39c1d8d40c6e4fbf8 msgid "Invitees can choose their IDs. :pr:`31`" msgstr "" -#: ../../CHANGES.rst:736 -#: d194b87cfbd94dd398f1c58bec6e4c37 +#: ../../CHANGES.rst:742 +#: 8123032bb5d341ec82aa2b0ac8caf886 msgid "LDAP backend refactoring. :pr:`35`" msgstr "" -#: ../../CHANGES.rst:741 -#: 2409763cd25243c9a80678c470fa336d +#: ../../CHANGES.rst:747 +#: c9a12647745f472890eff2ceb165a8b8 msgid "Fixed ghost members in a group. :pr:`14`" msgstr "" -#: ../../CHANGES.rst:742 -#: ae04a8fa1896467792d8aaaf161fed29 +#: ../../CHANGES.rst:748 +#: 834311277daf401e9c654cfe0751d4f2 msgid "Fixed email sender names. :pr:`19`" msgstr "" -#: ../../CHANGES.rst:743 -#: 596c5956ebc6442984251ca5c558834e +#: ../../CHANGES.rst:749 +#: 5fa1016aa05747ca84948a30c452d5a4 msgid "Fixed filter being not escaped. :pr:`21`" msgstr "" -#: ../../CHANGES.rst:744 -#: bbf97ea202404efd8708cfbed4bbfe74 +#: ../../CHANGES.rst:750 +#: a221c0e18ffd40e3986f7d20f6eac01a msgid "Demo script good practices. :pr:`32`" msgstr "" -#: ../../CHANGES.rst:745 -#: 8d176b7d4da5419d8768430eeb01036c +#: ../../CHANGES.rst:751 +#: 7e90135fab824314847bb5f4e9ab0664 msgid "Binary path for Debian. :pr:`33`" msgstr "" -#: ../../CHANGES.rst:746 -#: 004ecd0e934049ef823bbf0d63f75c14 +#: ../../CHANGES.rst:752 +#: 39205a39be2c4d4bbc2359ba32796266 msgid "Last name was not mandatory in the forms while this was mandatory in the LDAP server. :pr:`34`" msgstr "" -#: ../../CHANGES.rst:748 -#: c6de3dbeeb5f40ff85c60e062271bfdb +#: ../../CHANGES.rst:754 +#: bef3030603fa42ccaeffb936e450cfeb msgid "Spelling typos. :pr:`36`" msgstr "" -#: ../../CHANGES.rst:751 -#: d49aed2f00e346cc8adaa26aa54f470a +#: ../../CHANGES.rst:757 +#: 2dc8f2d4014f4eb9805a19921e4e336a msgid "[0.0.3] - 2021-10-13" msgstr "" -#: ../../CHANGES.rst:756 -#: 0b32a6319c044bba95b3a00f245c6956 +#: ../../CHANGES.rst:762 +#: f0b73ca5d1da4a728d770d11887f9754 msgid "Two-steps sign-in. :issue:`49`" msgstr "" -#: ../../CHANGES.rst:757 -#: 4cf53569893c4b0ba8eab17b44a4a15b +#: ../../CHANGES.rst:763 +#: d8353e939a4341fdb9d8b51ac4e03c75 msgid "Tokens can have several audiences. :issue:`62` :pr:`9`" msgstr "" -#: ../../CHANGES.rst:758 -#: 2956507b8bba47839fef6f9a63d5321a +#: ../../CHANGES.rst:764 +#: a8bf6576f8214a6299aadf379a50f282 msgid "Configuration check command. :issue:`66` :pr:`8`" msgstr "" -#: ../../CHANGES.rst:759 -#: 0415c157cb414913b3d7748afba41cda +#: ../../CHANGES.rst:765 +#: 05a103a6101241a9afbfeffb28b04ee2 msgid "Groups management. :issue:`12` :pr:`6`" msgstr "" -#: ../../CHANGES.rst:764 -#: e08a9eafc49f45cbb361ed3bd89d4649 +#: ../../CHANGES.rst:770 +#: f9681903b632489e99eb53fdf5301bb7 msgid "Introspection access bugfix. :issue:`63` :pr:`10`" msgstr "" -#: ../../CHANGES.rst:765 -#: 48e63a4a411d4aab8259f74b1d257a37 +#: ../../CHANGES.rst:771 +#: 08202024eda84dd2b15e255de912389d msgid "Introspection sub claim. :issue:`64` :pr:`7`" msgstr "" -#: ../../CHANGES.rst:768 -#: 2a9047b937be481f811eb403d6bf7fd9 +#: ../../CHANGES.rst:774 +#: c8cf3465674b4ecb94bf3a4548fc5601 msgid "[0.0.2] - 2021-01-06" msgstr "" -#: ../../CHANGES.rst:773 -#: 9f74458dacff435998774594822a1506 +#: ../../CHANGES.rst:779 +#: a52712c92f57496f9cbaf32727c9a2df msgid "Login page is responsive. :issue:`1`" msgstr "" -#: ../../CHANGES.rst:774 -#: 8a87683d8d524cd482264473256b3777 +#: ../../CHANGES.rst:780 +#: 3e40e18b9ffa4afd9036177b6d1a0393 msgid "Adapt mobile keyboards to login page fields. :issue:`2`" msgstr "" -#: ../../CHANGES.rst:775 -#: c777083179094cd994619adcfc8499d9 +#: ../../CHANGES.rst:781 +#: cf124fc4d201473f9a1d604b092c8c0a msgid "Password recovery interface. :issue:`3`" msgstr "" -#: ../../CHANGES.rst:776 -#: c7393dc1bb6a4290bfdb2d59a3fef0c9 +#: ../../CHANGES.rst:782 +#: 6a024dfd785b44f09e231f0f3b6a1bdd msgid "User profile interface. :issue:`4`" msgstr "" -#: ../../CHANGES.rst:777 -#: e874e0e97cae4310ba62553c3d31cd16 +#: ../../CHANGES.rst:783 +#: 295718a0674c41749936c9ee63d895b2 msgid "Renamed the project *Canaille*. :issue:`5`" msgstr "" -#: ../../CHANGES.rst:778 -#: 27a300eabaaf4644989d134ccca22dd8 +#: ../../CHANGES.rst:784 +#: 5572ba58f8934db484ed5914858c1f61 msgid "Command to remove old tokens. :issue:`17`" msgstr "" -#: ../../CHANGES.rst:779 -#: 8e168b1583984a71848678112365d1c7 +#: ../../CHANGES.rst:785 +#: da0ebb8c52d34d209bbbc13ec7a1902a msgid "Improved password recovery email. :issue:`14` :issue:`26`" msgstr "" -#: ../../CHANGES.rst:780 -#: 901de9a21dd94541b3c23946ada4cd88 +#: ../../CHANGES.rst:786 +#: 2eca9a011ae64f8788ff5b22428f2b63 msgid "Use Flask `SERVER_NAME` configuration variable instead of `URL`. :issue:`24`" msgstr "" -#: ../../CHANGES.rst:781 -#: 62c1e3da0a87437aaa529dcc936c7dbc +#: ../../CHANGES.rst:787 +#: 42eb9a40233047e4a8d632b8b60a4220 msgid "Improved consents page. :issue:`27`" msgstr "" -#: ../../CHANGES.rst:782 -#: f816ffeb73244ae0b1171b8c156d1e12 +#: ../../CHANGES.rst:788 +#: 4511807efd4b4f6ea558d2632d914cae msgid "Admin user page. :issue:`8`" msgstr "" -#: ../../CHANGES.rst:783 -#: 2241f2b45f1e426f99f68ccc516c6b60 +#: ../../CHANGES.rst:789 +#: 9928a9d6301649a2bb80e54f26506c4e msgid "Project logo. :pr:`29`" msgstr "" -#: ../../CHANGES.rst:784 -#: dd802cef3e384fdc928fc43178ab119a +#: ../../CHANGES.rst:790 +#: 4403f90b28a249c2b38248bf0c9f77f7 msgid "User account self-deletion can be enabled in the configuration with `SELF_DELETION`. :issue:`35`" msgstr "" -#: ../../CHANGES.rst:785 -#: 75d6d908a827424284ea63478783cbf9 +#: ../../CHANGES.rst:791 +#: 21fd51a849844a03b830dc97bc05ab0c msgid "Admins can impersonate users. :issue:`39`" msgstr "" -#: ../../CHANGES.rst:786 -#: b4eee6e748f94ba9b6e62e2e7fd4d86b +#: ../../CHANGES.rst:792 +#: 31d73c9489164e0e92e62ac84bc8c22a msgid "Forgotten page UX improvement. :pr:`43`" msgstr "" -#: ../../CHANGES.rst:787 -#: 44489482b8d54ae78c70959758d6f825 +#: ../../CHANGES.rst:793 +#: 2b400ada80514bc68dd82d954fff040d msgid "Admins can remove clients. :pr:`45`" msgstr "" -#: ../../CHANGES.rst:788 -#: be6e5371ee2a48efa0d9d276e9caa9a0 +#: ../../CHANGES.rst:794 +#: 2355c3ec7d674d50ace6ac3ad2065627 msgid "Option `HIDE_INVALID_LOGIN` that can be unactivated to let the user know if the login he attempt to sign in with exists or not. :pr:`48`" msgstr "" -#: ../../CHANGES.rst:790 -#: b1df16b2411a440d8d2a0745c972f368 +#: ../../CHANGES.rst:796 +#: ad8e32ede8504576b73db0b8b7bf303a msgid "Password initialization mail. :pr:`51`" msgstr "" -#: ../../CHANGES.rst:795 -#: ba317999584d46d7b5bfda36157bc111 +#: ../../CHANGES.rst:801 +#: 0f2d8650e76545438f92a8ca420e65e9 msgid "Form translations. :issue:`19` :issue:`23`" msgstr "" -#: ../../CHANGES.rst:796 -#: e0d773fd3f814a438321528df1c4d67d +#: ../../CHANGES.rst:802 +#: 6f367157d7464c9492c0f8a528dbd11f msgid "Avoid to use Google Fonts. :issue:`21`" msgstr "" -#: ../../CHANGES.rst:801 -#: d7c5d0509cfe422ab95beb9c1929e413 +#: ../../CHANGES.rst:807 +#: ae2646eead6a4983998e7b76396f3862 msgid "'My tokens' page. :issue:`22`" msgstr "" -#: ../../CHANGES.rst:804 -#: 35ab727ebe564ff2a2aa3e28f9392f5b +#: ../../CHANGES.rst:810 +#: b2a9ee20e0214e2eb650a3c0c80c6a8f msgid "[0.0.1] - 2020-10-21" msgstr "" -#: ../../CHANGES.rst:809 -#: 487e834d3b154f69991d042f97ce3734 +#: ../../CHANGES.rst:815 +#: 974217beadfa4205ad58a4fff852a8d4 msgid "Initial release." msgstr "" #: ../../CONTRIBUTING.rst:2 -#: 77d0a023f5f34e7c804011fd50b75bc3 +#: a96f68b7ad98474ba59c1cc935c2fab4 msgid "Contributions" msgstr "" #: ../../CONTRIBUTING.rst:4 -#: 9955ba6bbfb54c74930043f9d86335dc +#: f190f6b5c4a1498eadcb7fae2bcdf493 msgid "Contributions are welcome!" msgstr "" #: ../../CONTRIBUTING.rst:6 -#: dd58980e1983404d8bc93b9e0866785d +#: 26f13dddd093492789f21e4db847d7a9 msgid "The repository is hosted at `gitlab.com/yaal/canaille `_." msgstr "" #: ../../CONTRIBUTING.rst:9 -#: 880fd4b263fa4f5aa77f826cf6d7a13e +#: 25361fdaed76435db19183cb37a4ee83 msgid "Discuss" msgstr "" #: ../../CONTRIBUTING.rst:11 -#: 0e5a0bf82cd4444ebc3ff1dd43a4362c +#: b8e752ea3b8f4591a9c8616ed7f0d9af msgid "If you want to implement a feature or a bugfix, please start by discussing it with us on the `bugtracker `_ or the `matrix room `_." msgstr "" #: ../../CONTRIBUTING.rst:16 -#: 032421a7ce0548e38943bb37b9e46f90 +#: 5e0c1113f29742f89b251b5903f73e36 msgid "Development environment" msgstr "" #: ../../CONTRIBUTING.rst:18 -#: 464b7af189da4cf2ba346183c47e6264 +#: 710016d6c25b4193925b83445146a358 msgid "You can either run the demo locally or with Docker." msgstr "" #: ../../CONTRIBUTING.rst:20 -#: b918844970c545a3826d0b39a79cb08c +#: 62ee7de4d731446fa1b2df4e3805803b msgid "The only tool required for local development is `uv`. Make sure to have uv `installed on your computer `_ to be able to hack Canaille." msgstr "" #: ../../CONTRIBUTING.rst:24 -#: 56f217cf35444c72b1bc1a1cb3ee9e53 +#: b95dab6a28fb472bba445e43148ff6bc msgid "Initialize your development environment with:" msgstr "" #: ../../CONTRIBUTING.rst:26 -#: 9cf0a292c2bb408fa660e14ab61f0e43 +#: 8724e2b7dec24128988b2a3ffb199a4d msgid "``uv sync --extra front --extra oidc`` to have a minimal working development environment. This will allow you to run the tests with ``uv pytest --backend memory``." msgstr "" #: ../../CONTRIBUTING.rst:27 -#: 8d29fc6ad3bd43c5b232963f5137c91a +#: ef925e13845f4ec1abf9cae0f0e64140 msgid "``uv sync --extra front --extra oidc --extra sqlite`` to have a minimal working development environment with SQLite backend support. This will allow you to run the tests with ``uv pytest --backend sql``." msgstr "" #: ../../CONTRIBUTING.rst:28 -#: 928d535d56314259b20055eea3a4ceb4 +#: 2a07d0fc832b4178be5633d02a0f1d07 msgid "``uv sync --extra front --extra oidc --extra ldap`` to have a minimal working development environment with LDAP backend support. This will allow you to run the tests with ``uv pytest --backend ldap``." msgstr "" #: ../../CONTRIBUTING.rst:29 -#: 56b8780399064aec89d3099841d1b017 +#: 77b8e98fabe140a28382d44b936baa18 msgid "``uv sync --all-extras`` if you want to have everything at your fingertips. Note that it may compile some Python dependencies that would expect things to be installed on your system; Some dependencies of Canaille might need to be compiled, so you probably want to check that `GCC` and `cargo` are available on your computer." msgstr "" #: ../../CONTRIBUTING.rst:32 -#: 1a514a3605f243979b2d04e1a329368a +#: a69af4c344d546e4abf52e4a3aa35cf8 msgid "After having launched the demo you have access to several services:" msgstr "" #: ../../CONTRIBUTING.rst:34 -#: bbde54dc79ba4241bd97323b5152b50b +#: dda88353032541b9a70440211ee1a89b msgid "A canaille server at `localhost:5000 `_" msgstr "" #: ../../CONTRIBUTING.rst:35 -#: d028b9cbae714b2d945ba4d70a75fb99 +#: 5d2493dbe0924c578cbce67b64f80d14 msgid "A dummy client at `localhost:5001 `_" msgstr "" #: ../../CONTRIBUTING.rst:36 -#: dbd0340fc974432798237b9b3efe01ea +#: 595602fe39c040259d1e0346e45efdb7 msgid "Another dummy client at `localhost:5002 `_" msgstr "" #: ../../CONTRIBUTING.rst:38 -#: 9ff28ddd679b42f4a5bf288242e8c827 +#: 6de7e48182d648f89fe8b2c0b30634fd msgid "The canaille server has some default users:" msgstr "" #: ../../CONTRIBUTING.rst:40 -#: 324e9f4f1d744fa49a0c3e7fe60cf46b +#: 05cc64bd64b3425f8c727e448bac1904 msgid "A regular user which login and password are **user**;" msgstr "" #: ../../CONTRIBUTING.rst:41 -#: 30a3f2679a4b456791471ac6d4c15e2b +#: 526ece6f767c4728a86ccc832ed77f3e msgid "A moderator user which login and password are **moderator**;" msgstr "" #: ../../CONTRIBUTING.rst:42 -#: d5e4f771a0854678af55e11ae4c8fc3d +#: bb69c0dfc3e64ceeba0152302e50d5d2 msgid "An admin user which admin and password are **admin**;" msgstr "" #: ../../CONTRIBUTING.rst:43 -#: 325a060f0844402d80a7267a46291010 +#: c188d453c64c47869a6c1bba24c32639 msgid "A new user which login is **james**. This user has no password yet, and his first attempt to log-in would result in sending a password initialization email (if a smtp server is configured)." msgstr "" -#: ../development/specifications.rst:63 +#: ../development/specifications.rst:106 #: ../../CONTRIBUTING.rst:48 -#: c01f125a22914f369ef28ef090a728b1 -#: 01a043d4a4364011b8a22a53549b20da +#: f9d8d16e7fd1478ea154c65fddc0c109 +#: 30174a5d8c1f479eaf739cfb67550caa msgid "Backends" msgstr "" #: ../../CONTRIBUTING.rst:50 -#: 12c4afcb316c448797ed9784ef9fbaa1 +#: 0ec216a61a0f4d0c81ef8859f4b8e775 msgid "Canaille comes with several backends:" msgstr "" #: ../../CONTRIBUTING.rst:52 -#: 853d2b906b80415db33c707e29640f4c +#: d49ccb7bb5d349b3b97dcb367e9f50db msgid "a lightweight test purpose `memory` backend" msgstr "" #: ../../CONTRIBUTING.rst:53 -#: b280dce615cb48ec8456abf65fec4a9e +#: 2b5961e3d4d34b41a03f5f4e1b305f14 msgid "a `sql` backend, based on sqlalchemy" msgstr "" #: ../../CONTRIBUTING.rst:54 -#: ad6d07459c274a9e8282e290875d5bfb +#: 3db6bec104534cbbb972fef81e090786 msgid "a production-ready `LDAP` backend" msgstr "" #: ../../CONTRIBUTING.rst:57 -#: 7db1494e281b4b89949e18e1ece1cb6c +#: b800e3599701462b8ad5f4449e0a62b4 msgid "Docker environment" msgstr "" #: ../../CONTRIBUTING.rst:59 -#: c8e61bddd24e4af0ab8ee2bd2709652d +#: 39ea2b50603a473cb167b4e1a6a135ca msgid "If you want to develop with docker, your browser needs to be able to reach the `canaille` container. The docker-compose file exposes the right ports, but front requests are from outside the docker network: the `canaille` url that makes sense for docker, points nowhere from your browser. As exposed ports are on `localhost`, you need to tell your computer that `canaille` url means `localhost`." msgstr "" #: ../../CONTRIBUTING.rst:64 -#: 0e3e6469d25f43998fce20bcb1291b86 +#: dd86e0f0a4204a77ba9927f1768aa33e msgid "To do that, you can add the following line to your `/etc/hosts`:" msgstr "" #: ../../CONTRIBUTING.rst:70 -#: c0dce613d6384dd18a1d6abce742bf55 +#: 5572861cc5114b9b9e7f520fee49b975 msgid "To launch containers, use:" msgstr "" -#: ../development/specifications.rst:65 +#: ../development/specifications.rst:108 #: ../tutorial/databases.rst:16 #: ../../CONTRIBUTING.rst:73 #: ../../CONTRIBUTING.rst:106 -#: 32e05154931e4a6fadcba3b0720e0655 -#: f1b0c988daa54dd4a0c5b30a062cf012 -#: 94f958ac7cab437580604c64cdfa27be -#: 528aa40e3cd04297b5ebf44fc955e9a9 +#: 7a0d8968fcbe4d8693ac6cf593f51106 +#: fafde474a9ed41dab483dfb87f46dda3 +#: f210968f704646b2a4b35d9f6a5baa90 +#: e8a3d979968c4e05ab1fb5630eb8fc6b msgid "SQL" msgstr "" #: ../../CONTRIBUTING.rst:74 #: ../../CONTRIBUTING.rst:107 -#: c66d8a018f064cb3ba36abf12473b5f4 -#: 15c287c63f7f441f991033e23cbb9f95 +#: a1183f0e179942889b697fccf6fde014 +#: f12297286ea648a7a4f8723cd900dd74 msgid "With the SQL backend, the demo instance will load and save data in a local sqlite database." msgstr "" #: ../../CONTRIBUTING.rst:76 #: ../../CONTRIBUTING.rst:109 -#: 6ddf226447fa4bb89cbf73cc8376c371 -#: c72bd69b5ad94f5992bfe2d30f5b0e8d +#: 2f256843b3974bfe82ebbd54b22758a0 +#: 03535ba511ef42feb8d6fb77934fb88b msgid "Run the demo instance with the SQL backend" msgstr "" #: ../tutorial/databases.rst:8 #: ../../CONTRIBUTING.rst:83 #: ../../CONTRIBUTING.rst:115 -#: e5f82f8945b747ac81b31a20cc241e5d -#: 9a11f967d4c74ad8b9dff673e77d2315 -#: 84a192a56d404fb1baf97b065f6ceaa8 +#: 3216b8433f1847809573eaaa434fe9a7 +#: 6323f7ec77464e2ba7d399f7ccc6f590 +#: d63a7ad080eb47be9529226d4685cf76 msgid "Memory" msgstr "" #: ../../CONTRIBUTING.rst:84 #: ../../CONTRIBUTING.rst:116 -#: 9c56b31ca9724e62a5aee62e28196764 -#: 22784d30d5a748d2b73ebe7c423c64bc +#: 96e1856006aa4151b406b7f7922e84ff +#: 74b6ac7aa3c144f9be537b2c60010548 msgid "With the memory backend, all data is lost when Canaille stops." msgstr "" #: ../../CONTRIBUTING.rst:86 #: ../../CONTRIBUTING.rst:118 -#: da0af4f3bc5147ae8130399630381126 -#: c1436f14bd2049479ac16384a47f2d38 +#: 6751970e321642cb9cfabd3395bdf82b +#: b4933b104b004ed39073970b595e9b5f msgid "Run the demo instance with the memory backend" msgstr "" -#: ../development/specifications.rst:65 +#: ../development/specifications.rst:108 #: ../tutorial/databases.rst:32 #: ../../CONTRIBUTING.rst:93 #: ../../CONTRIBUTING.rst:124 -#: 6f4008249f544ff4afa4e2a7ccebfab2 -#: ce4afa36ab774346b11322758b51325e -#: f9a9bf9c1c6d49b99edee201000ea0a0 -#: 2e130a461dc64b989f22d4f932976a65 +#: fdfa320e4c4445e5a0c5443e647c0835 +#: 44d5d5bd5737458d81975f70b3477b17 +#: bbe1b4e1618b44fb9651929f4e459099 +#: 2794653a6dd64b5f8a13bc552aa7acc9 msgid "LDAP" msgstr "" #: ../../CONTRIBUTING.rst:94 #: ../../CONTRIBUTING.rst:125 -#: 4f3a2e440337421f95f937952e7dc9be -#: db5ad48ecaa94207ab2b7d84bbebf569 +#: c8a1e8a894ef4fa9a4ea60027c3b73a1 +#: 8733bd5bbf5b4744ab8896570d709291 msgid "With the LDAP backend, all data is lost when Canaille stops." msgstr "" #: ../../CONTRIBUTING.rst:96 #: ../../CONTRIBUTING.rst:127 -#: 50095289006e499588719acc50eb5a56 -#: 80a55900cfc34f4e8b34b5e653a7fdfb +#: ac813d37940b4d189a3957eeba2ffb08 +#: 73ef2cc1d55f45acbe1568f8da59c158 msgid "Run the demo instance with the LDAP backend" msgstr "" #: ../../CONTRIBUTING.rst:103 -#: 9e2c9acef9184e34b00d62c97980467d +#: 80000162aaf447eda038a20ae12973c7 msgid "Local environment" msgstr "" #: ../../CONTRIBUTING.rst:133 -#: 5fffaf4bff884b5a839078ad5a889fc9 +#: 8b346e3f0ae84b289a7e819279283718 msgid "If you want to run the demo locally with the LDAP backend, you need to have `OpenLDAP `_ installed on your system. It is generally shipped under the ``slapd`` or ``openldap`` package name." msgstr "" #: ../../CONTRIBUTING.rst:138 -#: aa9aab912ff04dd68c3b59bf1e36575a +#: ad84a2866902456b8f29498783fd665b msgid "On Debian or Ubuntu systems, the OpenLDAP `slapd` binary usage might be restricted by apparmor, and thus makes the tests and the demo fail. This can be mitigated by removing apparmor restrictions on `slapd`." msgstr "" #: ../../CONTRIBUTING.rst:148 -#: 3d21757ba34c4721af043c150330c2e4 +#: cdab025ce1dc48fa97161a955423b957 msgid "Populate the database" msgstr "" #: ../../CONTRIBUTING.rst:150 -#: a412d39e98cf44f6b911566e1ebcdbde +#: 319a37a58be44aac8e617f300e3c3afb msgid "The demo database comes populated with some random users and groups. If you need more, you can generate users and groups with the ``populate`` command:" msgstr "" #: ../../CONTRIBUTING.rst:161 -#: cdf90f875bcc44d5b41197a7cdbb275c +#: 4bf45406e18a4505999dca7b84c4e8f0 msgid "Adapt to use either the `ldap` or the `sql` configuration file. Note that this will not work with the memory backend." msgstr "" #: ../../CONTRIBUTING.rst:164 -#: 2db32f774df8429fa4c9e83d00616a96 +#: 62c234c473324a82a1038d3f4610a338 msgid "Unit tests" msgstr "" #: ../../CONTRIBUTING.rst:166 -#: 5d6a9b57b35d49c48e2b615f8128ebcc +#: 314f0cc4c01c47f4bca6c87e7460b03b msgid "To run the tests, you just can run `uv run pytest` and/or `uv run tox` to test all the supported python environments. Everything must be green before patches get merged." msgstr "" #: ../../CONTRIBUTING.rst:169 -#: e1e6e475ff78404f930bb453f1f26e3b +#: b9dc93b982bf4fc98eddf47c5730b09c msgid "To test a specific backend you can pass ``--backend memory``, ``--backend sql`` or ``--backend ldap`` to pytest and tox." msgstr "" #: ../../CONTRIBUTING.rst:171 -#: 2cb85029b4274de388878da3d3285369 +#: 13c7913d62db412bb4e66637a79cd789 msgid "The test coverage is 100%, patches won't be accepted if not entirely covered. You can check the test coverage with ``uv run pytest --cov --cov-report=html`` or ``uv run tox -e coverage -- --cov-report=html``. You can check the HTML coverage report in the newly created `htmlcov` directory." msgstr "" #: ../../CONTRIBUTING.rst:176 -#: 4408d499056c480f86f450a781d2ca0d +#: 6a901706012a4004b1dbb87ef68c803a msgid "Code style" msgstr "" #: ../../CONTRIBUTING.rst:178 -#: 93e483f2a66a4d8f82feb8ca9a739818 +#: 9fa3a042eca848fe9b9af832c325142c msgid "We use `ruff `_ along with other tools to format our code. Please run ``uv run tox -e style`` on your patches before submitting them. In order to perform a style check and correction at each commit you can use our `pre-commit `_ configuration with ``uv run pre-commit install``." msgstr "" #: ../../CONTRIBUTING.rst:184 -#: 0dca6207e6734ab487cb3fe72c3e90e8 +#: 831a60fcf8ee4e37828421e71b2931c0 msgid "Front" msgstr "" #: ../../CONTRIBUTING.rst:186 -#: 930e01d770324dc68f73095cd5456a8e +#: f9ab478278ef4d39bee37c056fb937f2 msgid "The interface is built upon the `Fomantic UI `_ CSS framework. The dynamical parts of the interface use `htmx `_." msgstr "" #: ../../CONTRIBUTING.rst:189 -#: fc0da8a2736e461dab5a7d242c1cfa9a +#: 115550e00eb74a80828b6acae2948606 msgid "Using Javascript in the interface is tolerated, but the whole website MUST be accessible for browsers without Javascript support, and without any feature loss." msgstr "" #: ../../CONTRIBUTING.rst:191 -#: a13b055a65244362a025440451de998d +#: 4d3ab5a48a9d49a6aaef6c5c583e938d msgid "Because of Fomantic UI we have a dependency to jQuery, however new contributions should not depend on jQuery at all. See the `related issue `_." msgstr "" #: ../index.rst:71 #: ../../CONTRIBUTING.rst:196 -#: e3ff6afa466e4e61aa4f677cd58d3ed2 -#: a08d8d5331494e7d93508eaf25f41a07 +#: 03d0d76bba134693bed77e50d1911dd9 +#: 84410d2758484c01b8b48461c40d0a7c msgid "Documentation" msgstr "" #: ../../CONTRIBUTING.rst:198 -#: 2e1fdcae75de46a6b50db7e4155758af +#: 5eb4ba179d0444fd9647504055935495 msgid "The documentation is generated when the tests run:" msgstr "" #: ../../CONTRIBUTING.rst:204 -#: 94405109592b47c09c8726c305fa5edc +#: 7f28cb743dcb44d9b66a31febcc8a6d0 msgid "You can also run sphinx by hand, that should be faster since it avoids the tox environment initialization:" msgstr "" #: ../../CONTRIBUTING.rst:210 -#: fe4610d142474897ae4f97d321448fac +#: 4e73e6c26d164591bd5edf84fc921cc4 msgid "The generated documentation is located at ``build/sphinx/html/en``." msgstr "" #: ../../CONTRIBUTING.rst:213 -#: bf09dd8ed31742bca2fa80175ae85bb3 +#: 3fd3b7e2ec184cf8b2a81f87177f48fb msgid "Code translation" msgstr "" #: ../../canaille/translations/README.rst:1 -#: 35fff9d115334ec6aa6a99ec5da8a27f +#: 3f134d116261469d8e6e9a05b5c47b47 msgid "Translations are done with `Weblate `__." msgstr "" #: ../../canaille/translations/README.rst:3 -#: b72ee2174a9b42c493780415e3d3fcfd +#: f5045b02a67f426188352a5d6ff207e1 msgid "The following commands are there as documentation, only the message extraction is needed for contributors. All the other steps are automatically done with Weblate." msgstr "" #: readme.rst:6 #: ../../canaille/translations/README.rst:8 #: readme.rst:6 -#: ea5bd05b09984bcaa643efa7a1a7618c -#: ea5bd05b09984bcaa643efa7a1a7618c -#: 33490a8ff4a3465fb8648393ff65eb75 +#: 24b270040aba498184edc6fd3b60c94e +#: 2056f7130ccd40b7b3b34c0c572a6578 +#: 41a918a2d4a74a5b9b2817c613ca08f4 msgid "Message extraction" msgstr "" #: readme.rst:8 #: ../../canaille/translations/README.rst:10 #: readme.rst:8 -#: 210e9ff98db74777830a5a1f4746df44 -#: 210e9ff98db74777830a5a1f4746df44 -#: 16b22e2bc3cf495bbef529f5732887e3 +#: 3d0d46dbb4b849429d1b20c8d4655b71 +#: ca03937bab89437aaca273df6d905a44 +#: 5743021622e04712918dcadbabc6c7f7 msgid "After you have edited translatable strings, you should extract the messages with:" msgstr "" #: readme.rst:15 #: ../../canaille/translations/README.rst:17 #: readme.rst:15 -#: 54ecd51acf494402964ae281c6cd639b -#: 54ecd51acf494402964ae281c6cd639b -#: 02fa7225075346f89ad702cba8aabdeb +#: 33a52dea69f84cdd8031217438609b01 +#: 1bdb41af37fb4b29970caa32ceb9f68e +#: fcdbb11edc8c403dba19ddcc30f0c74a msgid "Language addition" msgstr "" #: readme.rst:17 #: ../../canaille/translations/README.rst:19 #: readme.rst:17 -#: 5429b47768e2472ea597ed48140a5621 -#: 5429b47768e2472ea597ed48140a5621 -#: 015d6a437f7e4d099c8cad60986c0b68 +#: 85155247ccbe4cdda3c379b515fd2413 +#: 04039c23ea56483b9ccf96d20f26f2bd +#: ba0855443a6f465d9274426f59f251de msgid "You can add a new language manually with the following command, however this should not be needed as Weblate takes car of this:" msgstr "" #: ../../canaille/translations/README.rst:26 -#: bdfbb4ef60c54b26abf457ba930b7fcf +#: d186ca49fae24bbd9d3c28120601a60e msgid "Catalog update" msgstr "" #: ../../canaille/translations/README.rst:28 -#: 94b8fc10d3aa4e05b54d619c4b1aaa25 +#: 0ed1087f30a74059b6c7e0e06de6573d msgid "You can update the catalogs with the following command, however this should not be needed as Weblate automatically update language catalogs when it detects new strings or when someone translate some existing strings. Weblate pushes happen every 24h." msgstr "" #: ../../canaille/translations/README.rst:36 -#: f232cbfdd201463ab74fe71353c8e23b +#: ddf0e21cf51b4dc79d6250343d97b0d1 msgid "Catalog compilation" msgstr "" #: ../../canaille/translations/README.rst:38 -#: 3c756dd105564866a8d74e994e65f2b6 +#: 6ef8340ccc2c46ea99f8d0de91ee483a msgid "You can compile the catalogs with the following command, however this should not be needed as catalogs are automatically compiled before running the unit tests, before launching the demo and before compiling the Canaille python package:" msgstr "" #: ../../CONTRIBUTING.rst:219 -#: 4ff341d941384c029ed9c0b49d1062f9 +#: 1de2a285415949c49cad5e827186884c msgid "Documentation translation" msgstr "" #: readme.rst:1 #: readme.rst:1 -#: 35fff9d115334ec6aa6a99ec5da8a27f -#: 7abe83f2eeb54b3f9f3d1a8542696765 +#: 3f134d116261469d8e6e9a05b5c47b47 +#: 82307c31bbd04c86b438e8a4e005cbfd msgid "Translations are done with `Weblate `__." msgstr "" #: readme.rst:3 #: readme.rst:3 -#: de92a131ecf44614963dd89770f593ae -#: 0ca00925251d48668c7673ddece41d66 +#: e68bab4e55074d099971067e8585e7bc +#: 36d72bb59c6442f0ac0078ec35cff7db msgid "The following commands are there as documentation, only the message extraction and the language addition is needed for contributors." msgstr "" #: readme.rst:24 #: readme.rst:24 -#: 3d142fe9f633400ea029e949f1e869ee -#: 74cc2740b1584972aa3c0e672dff5f3e +#: 2249c8bd3ebb4123b1b85e55d501a414 +#: 592956cc63d849ad8f23d530a03daa2a msgid "Build the documentation in another language" msgstr "" #: ../../CONTRIBUTING.rst:224 -#: 4b1dc3dae99f4c6fbbeec3e54be3e922 +#: ccb55b67aa5c4d8baf4a4a56eb19fe8c msgid "Publish a new release" msgstr "" #: ../../CONTRIBUTING.rst:226 -#: 975b37a07edc4a42bbef14c2ca80a34f +#: a2df8944754246d4a92c6e7f76b8273a msgid "Check that dependencies are up to date with ``uv sync --all-extras --upgrade`` and update dependencies accordingly in separated commits;" msgstr "" #: ../../CONTRIBUTING.rst:227 -#: e9bd8386c6c64ef99aac12ee831f39d1 +#: 4d2be841e11345a7a9f62a7f7e0d46b3 msgid "Check that tests are still green for every supported python version, and that coverage is still at 100%, by running ``uv run tox``;" msgstr "" #: ../../CONTRIBUTING.rst:228 -#: 3e7d5493a8e44c1a9067010115678723 +#: 69338c8be69e45659eada1ffe5c0f67c msgid "Check that the demo environments are still working, both the local and the Docker one;" msgstr "" #: ../../CONTRIBUTING.rst:229 -#: fe7867ea9416424e81c518f77853958a +#: 8bba3fab5e164ade8916c47fb38a9c19 msgid "Check that the :ref:`development/changelog:Release notes` section is correctly filled up;" msgstr "" #: ../../CONTRIBUTING.rst:230 -#: 7d89adc1c3e6478ab9e8faa02f97bf03 +#: 7be3604476174714a93fb5c8673febf7 msgid "Increase the version number in ``pyproject.toml``;" msgstr "" #: ../../CONTRIBUTING.rst:231 -#: a376131776cd4e469611fa3ad6749be9 +#: e8b5c52d84d94d809eb6fd08e9a61939 msgid "Commit with ``git commit``;" msgstr "" #: ../../CONTRIBUTING.rst:232 -#: 655fd489e5324dc5b6172d438a6b8e3e +#: 70de3f18c0d144c8b5e6ad264629491e msgid "Build with ``uv build``;" msgstr "" #: ../../CONTRIBUTING.rst:233 -#: 79fc61b7c13647a285a918a0c126ea53 +#: 54bbdc2762b14df98894d94d760597b9 msgid "Publish on test PyPI with ``uv publish --publish-url https://test.pypi.org/legacy/``;" msgstr "" #: ../../CONTRIBUTING.rst:234 -#: 93540129ce0c440eba4da63ed3ddb769 +#: 327a4abb66b14f95821cf861312ff6be msgid "Install the test package somewhere with ``pip install --extra-index-url https://test.pypi.org/simple --upgrade canaille``. Check that everything looks fine;" msgstr "" #: ../../CONTRIBUTING.rst:235 -#: 8a73b31d1fe14fdda15e6c2dea0cafc9 +#: 270ce1780553422780cddbbca1791bbd msgid "Publish on production PyPI ``uv publish``;" msgstr "" #: ../../CONTRIBUTING.rst:236 -#: 93131bb37ccc4207825449d393f92201 +#: 35cf31b173f34bb2b6ffc0d5cb0931a9 msgid "Tag the commit with ``git tag XX.YY.ZZ``;" msgstr "" #: ../../CONTRIBUTING.rst:237 -#: a98a5168d5f949ec9e96f16d8ff8b6f5 +#: 673bf114db3945dbbe806b281a6bc1d6 msgid "Push the release commit and the new tag on the repository with ``git push --tags``." msgstr "" #: ../development/index.rst:2 -#: c0f14bad2988468fa0700bbd47fe1de0 +#: 82f9846032eb48449059b9b21039acf3 msgid "Development" msgstr "" #: ../development/specifications.rst:2 -#: 156d2082306649a89c7c6ff9b0879911 +#: 68b9e4a665f74983994ec7f7820a6555 msgid "Specifications" msgstr "" #: ../development/specifications.rst:4 -#: 2c830d15b604470ca1912e9a07b2deb6 +#: a91f12df80654d7a9159894525f0a1fa msgid "This page details which specifications are implemented in Canaille, and compares Canaille with other well-known identity providers." msgstr "" #: ../development/specifications.rst:7 -#: bfa87dc7f42445fb96172a2ce7643950 +#: 798ff9024fa049a5889c4e9f725985f4 msgid "State of the specs in Canaille" msgstr "" #: ../development/specifications.rst:10 -#: b57576e6aa1e46c0ab9b0d74e40f7a1c +#: faec5be28e9d4a0380914450cb563d74 msgid "OAuth2" msgstr "" #: ../development/specifications.rst:12 -#: 44156ac1d21c44f89d2090ae27ad397e +#: bc158a2abfdf4e669db0bf71ac12e539 msgid "✅ `RFC6749: OAuth 2.0 Framework `_" msgstr "" #: ../development/specifications.rst:13 -#: 3dd5d1bc312e4808b9dfb7e906f9a1b3 +#: 41aacf25a278469488576916b0dc1100 msgid "✅ `RFC6750: OAuth 2.0 Bearer Tokens `_" msgstr "" #: ../development/specifications.rst:14 -#: 3f7c67f6ca7049a0a99455d27e7b9278 +#: c84b09e12da74d1e9bb498f4abd41cef msgid "✅ `RFC7009: OAuth 2.0 Token Revocation `_" msgstr "" #: ../development/specifications.rst:15 -#: b11098fcf9e64dfca026aa25e97624cc +#: 319878f12ee94c71bcd20839b8e9cdf2 msgid "❌ `RFC7523: JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants `_" msgstr "" #: ../development/specifications.rst:16 -#: 0213796d176a4938a10c902cfb737a18 +#: 7c8c430d14b04548a82b1f6c5b41edef msgid "✅ `RFC7591: OAuth 2.0 Dynamic Client Registration Protocol `_" msgstr "" #: ../development/specifications.rst:17 -#: afdc8def073c495e8bb24a1ec6a0d62a +#: a0eeca49247d4d0a858fbd68b8feae7a msgid "✅ `RFC7592: OAuth 2.0 Dynamic Client Registration Management Protocol `_" msgstr "" #: ../development/specifications.rst:18 -#: f592e7f0f2074289b67beb893604277d +#: 6ba8732c85c743c3ac3f63b40fbf3aa2 msgid "✅ `RFC7636: Proof Key for Code Exchange by OAuth Public Clients `_" msgstr "" #: ../development/specifications.rst:19 -#: bc914d1d327d4ce6a638c5245c4cfcc3 +#: 338bb06b2df547edbe50a150b4d8c146 msgid "✅ `RFC7662: OAuth 2.0 Token Introspection `_" msgstr "" #: ../development/specifications.rst:20 -#: 08bbaa19162d456899ba99be7b0f9e3d +#: 1663509c8aa249af8ec326ae877e7044 msgid "✅ `RFC8414: OAuth 2.0 Authorization Server Metadata `_" msgstr "" #: ../development/specifications.rst:21 -#: abbbc93f57ba4660bafa5396616419d8 +#: 37a881c253ff4c87b340587a85546041 msgid "❌ `RFC8428: OAuth 2.0 Device Authorization Grant `_" msgstr "" #: ../development/specifications.rst:22 -#: a9adf95822164ad9a91366b631a095ab +#: 5398a841990f4e6ea8b40b97e9a32097 msgid "❌ `RFC8693: OAuth 2.0 Token Exchange `_" msgstr "" #: ../development/specifications.rst:23 -#: fac77fd04d2c457cbdda2f46d21a549d +#: 2045b4c2c1bf4d808e03894e4b365fb8 msgid "❌ `RFC8705: OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens `_" msgstr "" #: ../development/specifications.rst:24 -#: 772cbe80f8cd44faa3230ee4e690e5f3 +#: 107a0959842641af8fa7f1382928f2e1 msgid "❌ `RFC8707: Resource Indicators for OAuth 2.0 `_" msgstr "" #: ../development/specifications.rst:25 -#: 8b06eb72e70742fc821332a4676ba48e +#: b6b8eaed434f47bfb07f5d077c670b22 msgid "❌ `RFC9068: JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens `_" msgstr "" #: ../development/specifications.rst:26 -#: 088615a4afdc48a5b6449df856cb1eb3 +#: 48f411a150274d74b09dd3111d70d4ef msgid "❌ `RFC9101: OAuth 2.0 JWT-Secured Authorization Request (JAR) `_" msgstr "" #: ../development/specifications.rst:27 -#: 4bd307887c6a4dcebb9d5ff9b9c3176a +#: 68ff3ad36aa1400e85a6f6703f5d75ae msgid "❌ `RFC9126: OAuth 2.0 Pushed Authorization Requests `_" msgstr "" #: ../development/specifications.rst:28 -#: bf777af155ec47bb85265068ff053b85 +#: 312945002b5f49a5ac6e6d797e9322d0 msgid "❌ `RFC9207: OAuth 2.0 Authorization Server Issuer Identification `_" msgstr "" #: ../development/specifications.rst:29 -#: 06b84e457b3f423099a45450e8be7b96 +#: 6f0f83d947a3442c84f44b67f11184b3 msgid "❌ `RFC9394: OAuth 2.0 Rich Authorization Requests `_" msgstr "" #: ../development/specifications.rst:30 -#: 17a488e183c64a7696ff1f8b3f02e3d8 +#: f11bf858bc1342a781c9139f05938eae msgid "❌ `OAuth2 Multiple Response Types `_" msgstr "" #: ../development/specifications.rst:31 -#: 28df30b698994c9ebb429fbe577701ac +#: d2e5d74b4dd94d85a5d431f60f875dbc msgid "❌ `OAuth2 Form Post Response Mode `_" msgstr "" #: ../development/specifications.rst:34 -#: ../features.rst:212 -#: 273611a66c514122bd1b8986c81f8464 -#: 511272a32c844e4cb9ca0d2c2b0aeb42 +#: ../features.rst:223 +#: 8f72523ff51c4575b94efb2d3ce15f6b +#: f36365f798bf4a29a1c762d3d984b773 msgid "OpenID Connect" msgstr "" #: ../development/specifications.rst:36 -#: 1b811c589c884281a965b470a69c935c +#: cf8887ca156c4c1c9888a84fc8065530 msgid "✅ `OpenID Connect Core `_" msgstr "" #: ../development/specifications.rst:37 -#: 8eb4c67d2de84a09ba6681ab0ad1dcf0 +#: 5c4310f0f040430fbc2a843183e96fd8 msgid "✅ `OpenID Connect Discovery `_" msgstr "" #: ../development/specifications.rst:38 -#: 3dd0ab1827034c7f8bb58dd56463cb2a +#: 5d5801df6b9c4bf4a6a02e97b8ced460 msgid "✅ `OpenID Connect Dynamic Client Registration `_" msgstr "" #: ../development/specifications.rst:39 -#: 5202769d4fed46999e56f7d6a0a03c5d +#: 7d48e73edb044c8e85e6210edc4c327b msgid "✅ `OpenID Connect RP Initiated Logout `_" msgstr "" #: ../development/specifications.rst:40 -#: 768d7dd2182a418fb9344db3f5cba48a +#: cdef4546f7dc4de8865f7a1302d4ba5d msgid "❌ `OpenID Connect Session Management `_" msgstr "" #: ../development/specifications.rst:41 -#: bffbc632d9bf4c89b64bb51cdece0844 +#: 21aa2648b1f64ffeabe2a6123a75c27d msgid "❌ `OpenID Connect Front Channel Logout `_" msgstr "" #: ../development/specifications.rst:42 -#: 3001306e82cc4e9b80078a4631c791f9 +#: dac849b7b0ae48afb3e07330a4155e85 msgid "❌ `OpenID Connect Back Channel Logout `_" msgstr "" #: ../development/specifications.rst:43 -#: 3e1058c4a8154eb58a563e171a03a51b +#: 9465d51e2c23461486052de55942bbea msgid "❌ `OpenID Connect Back Channel Authentication Flow `_" msgstr "" #: ../development/specifications.rst:44 -#: 7d20317b02f54007a0d6e9e79b82b243 +#: b4f2991cded34e7190e7e7185828536c msgid "❌ `OpenID Connect Core Error Code unmet_authentication_requirements `_" msgstr "" #: ../development/specifications.rst:45 -#: cc695337a4a4431c9a62bdc2471f489d +#: 1cb0fe5d644c49b2a1c6c7af780c407a msgid "✅ `Initiating User Registration via OpenID Connect 1.0 `_" msgstr "" #: ../development/specifications.rst:46 -#: 6cfd3e82e2bb4f80a58d8864be2ef301 +#: 7c15c3d629b44469bb0feba2b79e0522 msgid "❌ `OpenID Connect Profile for SCIM Services `_" msgstr "" #: ../development/specifications.rst:49 -#: ../development/specifications.rst:65 -#: d9278a9cbe784818b57f9fd9d76dda68 -#: d9278a9cbe784818b57f9fd9d76dda68 +#: ../development/specifications.rst:108 +#: 81a42181f7ed4f43b5fc6af1bae15e65 +#: 81a42181f7ed4f43b5fc6af1bae15e65 msgid "SCIM" msgstr "" #: ../development/specifications.rst:51 -#: c91f11a0512e4782981c5bb98a8038d7 -msgid "❌ `RFC7642: System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirements `_" -msgstr "" - -#: ../development/specifications.rst:52 -#: 2f4ea31b4c80425a8e3075b8597ae8e5 -msgid "❌ `RFC7643: System for Cross-domain Identity Management: Core Schema `_" +#: c3e061fe92e4451ea24e50dacd112c46 +msgid "Canaille provides a basic SCIM server implementation." msgstr "" #: ../development/specifications.rst:53 -#: 6ffdb285557144afb301b05c33fecddf -msgid "❌ `RFC7644: System for Cross-domain Identity Management: Protocol `_" +#: aefb1b937f7a4e35a4eae6d8648c6303 +msgid "🟠 `RFC7642: System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirements `_" msgstr "" -#: ../development/specifications.rst:56 -#: ac600b38603f4fb999aebf5ffbe33cc7 -msgid "Comparison with other providers" +#: ../development/specifications.rst:54 +#: 6193cd6fb48643e99f0e2018dbdaba83 +msgid "🟠 `RFC7643: System for Cross-domain Identity Management: Core Schema `_" msgstr "" -#: ../development/specifications.rst:58 -#: 2ef9567e17694a669ed5071c882661ad -msgid "Here is a feature comparison with other OpenID Connect server software." +#: ../development/specifications.rst:55 +#: 9b124b409b3041f5bdefedf9b0593d06 +msgid "🟠 `RFC7644: System for Cross-domain Identity Management: Protocol `_" +msgstr "" + +#: ../development/specifications.rst:57 +#: e6062c405e8948d38ec280a762370179 +msgid "Client-side implementation (i.e. broadcasting changes on users and groups among clients) and advanced features will be implemented in the future." msgstr "" #: ../development/specifications.rst:60 -#: d6d241980d3e46e192dd54a5082b0197 -msgid "Canaille voluntarily only implements the OpenID Connect protocol to keep its codebase simple." +#: da7a2a26dbfb494abca9e21b3178087e +msgid "What's implemented" msgstr "" -#: ../development/specifications.rst:63 -#: 0b9a4fba353c483692ed6fb04227691e -msgid "Software" -msgstr "" - -#: ../development/specifications.rst:63 -#: 62c2fe7c97644cfa8e7d297a337bfe36 -msgid "Project" -msgstr "" - -#: ../development/specifications.rst:63 -#: f4700ad912314bfc8d66be8471a4c772 -msgid "Protocols implementations" -msgstr "" - -#: ../development/specifications.rst:65 -#: ea237be2a99a4940be67516a1b95d97d -msgid "FLOSS" -msgstr "" - -#: ../development/specifications.rst:65 -#: 55d5dd9174f94ca9850b999864598259 -msgid "Language" -msgstr "" - -#: ../development/specifications.rst:65 -#: 27002c409c6440d29ae89e91559a6994 -msgid "LOC" -msgstr "" - -#: ../development/specifications.rst:65 -#: 3ba35fd6c6d44150b4b049cf603e4a85 -msgid "OIDC" -msgstr "" - -#: ../development/specifications.rst:65 -#: dc762bcd6eca4fc79dae1ca65c411351 -msgid "SAML" -msgstr "" - -#: ../development/specifications.rst:65 -#: 6ae5803282c4439a9e7b1c1570e4c505 -msgid "CAS" -msgstr "" - -#: ../development/specifications.rst:67 -#: f4c4ac6fdea74558a74bc9a3cefbb5c7 -msgid "Canaille" -msgstr "" - -#: ../development/specifications.rst:67 -#: ../development/specifications.rst:69 -#: ../development/specifications.rst:71 -#: ../development/specifications.rst:73 -#: ../development/specifications.rst:75 -#: ../development/specifications.rst:77 -#: ../development/specifications.rst:79 -#: ../development/specifications.rst:81 +#: ../development/specifications.rst:62 #: ../development/specifications.rst:83 -#: ../development/specifications.rst:85 -#: ../development/specifications.rst:87 -#: ../development/specifications.rst:89 -#: c2035a448fa9405a92d51c9c90277394 -#: c2035a448fa9405a92d51c9c90277394 -#: b4f8f14c2ccd48d7a2df4514e072872c -#: c2035a448fa9405a92d51c9c90277394 -#: ae10fc61ac05465c88b82d0432b9f6f3 -#: c2035a448fa9405a92d51c9c90277394 -#: aa47e755d8094a54a72e5a984eca8212 -#: c2035a448fa9405a92d51c9c90277394 -#: c2035a448fa9405a92d51c9c90277394 -#: c2035a448fa9405a92d51c9c90277394 -#: 33e7166b401144bcadff959d61e03c4c -#: c2035a448fa9405a92d51c9c90277394 -#: c2035a448fa9405a92d51c9c90277394 -#: 01a61d6ece794b39adc441233aef3a3d -#: 7bba6b8427854a41b99c15b883290007 -#: c2035a448fa9405a92d51c9c90277394 -#: 35d2af03a40c44f3be85f38d56883d26 -#: c2035a448fa9405a92d51c9c90277394 -#: c2035a448fa9405a92d51c9c90277394 -#: 588ab8a50fca4528b9a471dbddfb7d4a -#: c2035a448fa9405a92d51c9c90277394 -#: 5b92e201931a462c90a3d3883c2bd94a -#: ba65de35554741a48a7eb4a72fc66433 -#: c2035a448fa9405a92d51c9c90277394 -#: c2035a448fa9405a92d51c9c90277394 -#: b845153d9ebc4c2e83791da5c5d0bf5a -#: 4dd20636352243038f0bdad8d15e8449 -#: 5b23071246ab41f1abd1bfa5596a4b46 -#: e9195a6880cc4824bb5fbfce4b1d26dc -#: c2035a448fa9405a92d51c9c90277394 -#: d95ce6d1875045fc8442060795ebfe22 -#: c2035a448fa9405a92d51c9c90277394 -#: c1aa2d442f2047f9a1194e38c2b1ddd1 -#: c2035a448fa9405a92d51c9c90277394 -#: c2035a448fa9405a92d51c9c90277394 -#: ce03d94ab7954c02968bfb44eb0f72fd -#: 9fb4e3e247d846419051f2852ffa3f31 -#: f5e5911bcb704af19c073370f437c1b4 -#: 2a75e780caa141b798c8b207bcc8fcbe -#: c2035a448fa9405a92d51c9c90277394 -#: c2035a448fa9405a92d51c9c90277394 -#: e063ffcc58474df4a66b2814eb4c0f61 -#: c2035a448fa9405a92d51c9c90277394 -#: 1b724ec2c443410fa224420a2dc57059 -#: c2035a448fa9405a92d51c9c90277394 -#: c2035a448fa9405a92d51c9c90277394 -#: b96e91bf613c4f4cb6ac463fad5a68fe -#: cff48ca4a13545309d9e1b58c3dede80 -#: e55ccef99f4a45be8fb35a1ed8bb1ac4 -#: a5b3f91649094efebe4e858d745ccb2e -#: 4b09487097334807804aaba873d4dc7b -#: c2035a448fa9405a92d51c9c90277394 -#: c2035a448fa9405a92d51c9c90277394 -#: c9b45500d9d145a8862c978d95329330 -#: c34b7940cbbd4218af2cb94e8eb24fc7 -#: c2035a448fa9405a92d51c9c90277394 -#: 8a394726b7b941dfbbd8af3e546782c1 -#: c2035a448fa9405a92d51c9c90277394 -#: 78eb76570364482583c3cb19d0303903 -#: c2035a448fa9405a92d51c9c90277394 -#: 888a30003d764dd28c8744ea11295da4 -#: f5320617a03e47dea905ac5a70208c70 -#: c2035a448fa9405a92d51c9c90277394 -msgid "✅" +#: f00bbd829f164b10bea0b4a04ac7123d +#: e66e2017457c4526a39df9630674c5ac +msgid "Endpoints:" +msgstr "" + +#: ../development/specifications.rst:64 +#: 0eb744fd5a6c4e60a41e71982f000800 +msgid "/Users (GET, POST)" +msgstr "" + +#: ../development/specifications.rst:65 +#: f537052ae8b94a3a83c0e84c52855dc7 +msgid "/Users/ (GET, PUT, DELETE)" +msgstr "" + +#: ../development/specifications.rst:66 +#: 3b4e9d3e1079430b97611c8dadee4395 +msgid "/Groups (GET, POST)" msgstr "" #: ../development/specifications.rst:67 -#: ../development/specifications.rst:73 -#: 86f975b8aaab4af9bfc62ef2df91ba28 -#: 86f975b8aaab4af9bfc62ef2df91ba28 -msgid "Python" +#: 3e673b4744e945b89c77ced8145f54fc +msgid "/Groups/ (GET, PUT, DELETE)" msgstr "" -#: ../development/specifications.rst:67 -#: 3a757539fafc4e3aa92dbdec5227a2df -msgid "10k" -msgstr "" - -#: ../development/specifications.rst:67 -#: ../development/specifications.rst:69 -#: ../development/specifications.rst:71 -#: ../development/specifications.rst:73 -#: ../development/specifications.rst:75 -#: ../development/specifications.rst:77 -#: ../development/specifications.rst:79 -#: ../development/specifications.rst:83 -#: ../development/specifications.rst:87 -#: ../development/specifications.rst:89 -#: 0baee04e46584b46ab2b5bd83dea4c0d -#: cab3dd361d004e25bc0250cb2e0ffe9a -#: d1129a1abbbe451393139f636f972160 -#: d1129a1abbbe451393139f636f972160 -#: d1129a1abbbe451393139f636f972160 -#: 465d3f3e0fd74093b25163100de425b3 -#: 7d6b64f2f3bd472bac864db31a8369db -#: d1129a1abbbe451393139f636f972160 -#: d1129a1abbbe451393139f636f972160 -#: d1129a1abbbe451393139f636f972160 -#: d1129a1abbbe451393139f636f972160 -#: d1129a1abbbe451393139f636f972160 -#: fd884c4495c144699d4ed019e0264719 -#: d1129a1abbbe451393139f636f972160 -#: 94a1a61f502a42569788cfe93ad6bcf7 -#: d1129a1abbbe451393139f636f972160 -#: d1129a1abbbe451393139f636f972160 -#: d1129a1abbbe451393139f636f972160 -#: d1129a1abbbe451393139f636f972160 -msgid "❌" +#: ../development/specifications.rst:68 +#: c279b1a6193b4de49c1ac392b9c9f1f8 +msgid "/ServiceProviderConfig (GET)" msgstr "" #: ../development/specifications.rst:69 -#: 41d7747dc9384c6b908b8394168b5b5a -msgid "`Auth0`_" +#: 833aa61f227c44bebf4cab293e712391 +msgid "/Schemas (GET)" msgstr "" -#: ../development/specifications.rst:69 -#: ../development/specifications.rst:79 -#: ../development/specifications.rst:81 -#: ../development/specifications.rst:89 -#: 8f85eeab9d6945af894c55e2a4aa0b9b -#: b391b0e5e2724d7f9d457a4e64303697 -#: b391b0e5e2724d7f9d457a4e64303697 -#: 9d4e74c78b2b439785310a334d06a1c7 -#: b391b0e5e2724d7f9d457a4e64303697 -#: b391b0e5e2724d7f9d457a4e64303697 -#: b391b0e5e2724d7f9d457a4e64303697 -#: f682275b9cb14280a7f2654d727c75d1 -#: b391b0e5e2724d7f9d457a4e64303697 -msgid "❔" +#: ../development/specifications.rst:70 +#: 437a13d677eb4961a96df34b5f5081dc +msgid "/Schemas/ (GET)" msgstr "" #: ../development/specifications.rst:71 -#: 47ff7b1213464f85b246c4282f3af933 -msgid "`Authelia`_" +#: 31b2a6d444504b8c88257b25f6fd6467 +msgid "/ResourceTypes (GET)" msgstr "" -#: ../development/specifications.rst:71 -#: ../development/specifications.rst:75 -#: ../development/specifications.rst:83 -#: 5db56fd3e64948f5a108d2f74f7070b4 -#: 5db56fd3e64948f5a108d2f74f7070b4 -#: 5db56fd3e64948f5a108d2f74f7070b4 -msgid "Go" +#: ../development/specifications.rst:72 +#: e9a55c28a7944c5fbaa20d14508ac6ed +msgid "/ResourceTypes/ (GET)" msgstr "" -#: ../development/specifications.rst:71 -#: ../development/specifications.rst:83 -#: 741e97755b8c4478b7e19ba006898401 -#: 741e97755b8c4478b7e19ba006898401 -msgid "50k" +#: ../development/specifications.rst:74 +#: 7bd6fb34cea64198b21ae7f53d85a6a5 +msgid "Features:" msgstr "" -#: ../development/specifications.rst:73 -#: 7fb71b70103e40eeb178e1281ea81de3 -msgid "`Authentic2`_" -msgstr "" - -#: ../development/specifications.rst:73 -#: cb26c38797d9416fafe5d1a1b5c5b03b -msgid "65k" -msgstr "" - -#: ../development/specifications.rst:75 -#: 6f7fc7bbb2694f09a12393a74ffc8013 -msgid "`Authentik`_" -msgstr "" - -#: ../development/specifications.rst:75 -#: bb964534c0704925b6d856bd54af7c7f -msgid "55k" -msgstr "" - -#: ../development/specifications.rst:77 -#: 4604cb0778044b63807b2be23ced893c -msgid "`CAS`_" -msgstr "" - -#: ../development/specifications.rst:77 -#: ../development/specifications.rst:81 -#: ../development/specifications.rst:85 -#: aa3618e441ac413e83acdfe56631d15a -#: aa3618e441ac413e83acdfe56631d15a -#: aa3618e441ac413e83acdfe56631d15a -msgid "Java" -msgstr "" - -#: ../development/specifications.rst:77 -#: c316893b4f00454a8c5745071e0888b1 -msgid "360k" -msgstr "" - -#: ../development/specifications.rst:79 -#: c8a158afb8d841209c20b9ef42e563cb -msgid "`Connect2id`_" +#: ../development/specifications.rst:76 +#: bb39dc2c17084a99bfe91991bff98c65 +msgid ":rfc:`pagination <7644#section-3.4.2.4>`" msgstr "" #: ../development/specifications.rst:81 -#: a264cd68201c442faf08474397c550aa -msgid "`Gluu`_" -msgstr "" - -#: ../development/specifications.rst:83 -#: e54b53bfeafd4764b01095c1cd0077b7 -msgid "`Hydra`_" +#: da7a2a26dbfb494abca9e21b3178087e +msgid "What is not implemented yet" msgstr "" #: ../development/specifications.rst:85 -#: 87594578370246d494ef5e63196a3a92 -msgid "`Keycloak`_" +#: 3f5bbff2d4e645e2bac778dfde9ed8dc +msgid "/Users (PATCH)" msgstr "" -#: ../development/specifications.rst:85 -#: d6304d1f41714ad5af15edb6febbfbc5 -msgid "600k" +#: ../development/specifications.rst:86 +#: b04a230b285c4f929df30d29d39f4adc +msgid "/Groups (PATCH)" msgstr "" #: ../development/specifications.rst:87 -#: 2efe7957b848447dacfecb082a95c438 -msgid "`LemonLDAP`_" +#: a9624bebc96e4cde8a86dca7891fc608 +msgid ":rfc:`/Me <7644#section-3.11>` (GET, POST, PUT, PATCH, DELETE)" msgstr "" -#: ../development/specifications.rst:87 -#: cdd25b565e5d4de4b4202f82f4407843 -msgid "Perl" -msgstr "" - -#: ../development/specifications.rst:87 -#: 51b2d4fcc1fc43d2a692826a2b2c62d1 -msgid "130k" +#: ../development/specifications.rst:88 +#: 0d99d94d47e2444bb6f01c2ec9473a56 +msgid ":rfc:`/Bulk <7644#section-3.11>` (POST)" msgstr "" #: ../development/specifications.rst:89 -#: 4c2a5d27487345f7bc3c1bbd0c897c47 -msgid "`Okta`_" +#: 506274526a7647ceb7d2e5261bbf9651 +msgid ":rfc:`/.search <7644#section-3.4.3>` (POST)" msgstr "" +#: ../development/specifications.rst:91 #: ../features.rst:9 -#: 61a68141a485477a9fb49921e7b8aa3a +#: 5939a5db19484022bdfaec1794dc1516 +#: f057b88a8b504465b8ed8e332fd5a830 msgid "Features" msgstr "" +#: ../development/specifications.rst:93 +#: 6296feda85f44091a6fc410094a96b28 +msgid ":rfc:`filtering <7644#section-3.4.2.2>`" +msgstr "" + +#: ../development/specifications.rst:94 +#: 85a81b4268b44d729dfb8c5e7de75331 +msgid ":rfc:`sorting <7644#section-3.4.2.3>`" +msgstr "" + +#: ../development/specifications.rst:95 +#: 48122d4760344fb9ae3744592a4391d1 +msgid ":rfc:`attributes selection <7644#section-3.4.2.5>`" +msgstr "" + +#: ../development/specifications.rst:96 +#: 2b86a717dda044408341557e54acab93 +msgid ":rfc:`ETags <7644#section-3.14>`" +msgstr "" + +#: ../development/specifications.rst:99 +#: efa9edcb4c094b339af9010d82b9f505 +msgid "Comparison with other providers" +msgstr "" + +#: ../development/specifications.rst:101 +#: cb82439c48684c8d919147a88247f36f +msgid "Here is a feature comparison with other OpenID Connect server software." +msgstr "" + +#: ../development/specifications.rst:103 +#: 47f5af9436b14ce8afaae2e08adceb8d +msgid "Canaille voluntarily only implements the OpenID Connect protocol to keep its codebase simple." +msgstr "" + +#: ../development/specifications.rst:106 +#: 230957da07d14930aac58e75241f769b +msgid "Software" +msgstr "" + +#: ../development/specifications.rst:106 +#: 1e53a394ee3f4824ac843953a1c6f6a4 +msgid "Project" +msgstr "" + +#: ../development/specifications.rst:106 +#: da7a2a26dbfb494abca9e21b3178087e +msgid "Protocols implementations" +msgstr "" + +#: ../development/specifications.rst:108 +#: 54e482c6722046fc9cad9abdf6501ebf +msgid "FLOSS" +msgstr "" + +#: ../development/specifications.rst:108 +#: 27466fe335f14fc58651275455bc3b85 +msgid "Language" +msgstr "" + +#: ../development/specifications.rst:108 +#: a62b0ccd1e3642f1922043446575891c +msgid "LOC" +msgstr "" + +#: ../development/specifications.rst:108 +#: 8a0ae563aeb34a48afdd436dfb90bdfb +msgid "OIDC" +msgstr "" + +#: ../development/specifications.rst:108 +#: 988a35af2eef476299eb83b8ae5a3849 +msgid "SAML" +msgstr "" + +#: ../development/specifications.rst:108 +#: 32c77efb6cff4149868aa5ae1ea6e9d4 +msgid "CAS" +msgstr "" + +#: ../development/specifications.rst:110 +#: f48994303e73429c9073af002d2cbe8b +msgid "Canaille" +msgstr "" + +#: ../development/specifications.rst:110 +#: ../development/specifications.rst:112 +#: ../development/specifications.rst:114 +#: ../development/specifications.rst:116 +#: ../development/specifications.rst:118 +#: ../development/specifications.rst:120 +#: ../development/specifications.rst:122 +#: ../development/specifications.rst:124 +#: ../development/specifications.rst:126 +#: ../development/specifications.rst:128 +#: ../development/specifications.rst:130 +#: ../development/specifications.rst:132 +#: 4384675732a44a5699eadf3db840ea68 +#: cecfeb6d9fb7420ca837b206d1d6764c +#: a2b336de60474811a85371ac9b8fc936 +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: f1e4ba474c2545f788b426e174b25269 +#: cecfeb6d9fb7420ca837b206d1d6764c +#: 45623bf338bb42e8b4a3f1276d08dbf8 +#: cecfeb6d9fb7420ca837b206d1d6764c +#: 5c1d5b1b5b9947169a6512526bf1354c +#: bca0227caf0541afac9dde2ef357f96a +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: 99c49b778a0248848dc909e7e9de6327 +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: 646e26dbbb6d4c158ff400b6c7ac4752 +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: 047de5aa45d14d57a0f7c65c16a25060 +#: 374cb94f40a9471e95364d0dca1f9a0c +#: 726b27f2dcf347c0b5421f3e41bf3dba +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: 9fc1f509353c4f6cab3f7c3b21883cf6 +#: eea6bc914188401e8e132b973e250a62 +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: 92e87b99f7a1479aaa8dbca7200356e4 +#: 6f79ec5e229a4675b9b9a8c0d2700567 +#: cdd868b8d08c488f9f47c95e0acf3f1b +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: b36371c9f8004f0788446980ea23685a +#: fc2c732457544aeab7c028832e170afd +#: 47f38426ae2d4daf866ba55ca0fb065c +#: 764feb42eb4f4c218bc5764f8d1076f3 +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: a80e2f550fd842f3bdf85a6b83f985cd +#: d2a83a7da92c4f599843afcaacff9727 +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +#: cecfeb6d9fb7420ca837b206d1d6764c +msgid "✅" +msgstr "" + +#: ../development/specifications.rst:110 +#: ../development/specifications.rst:116 +#: c38bff66a17c471fabb1344102a537ea +#: c38bff66a17c471fabb1344102a537ea +msgid "Python" +msgstr "" + +#: ../development/specifications.rst:110 +#: 2898d3796e7c4b88b8b7a9f519d2fc45 +msgid "10k" +msgstr "" + +#: ../development/specifications.rst:110 +#: ../development/specifications.rst:112 +#: ../development/specifications.rst:114 +#: ../development/specifications.rst:116 +#: ../development/specifications.rst:118 +#: ../development/specifications.rst:120 +#: ../development/specifications.rst:122 +#: ../development/specifications.rst:126 +#: ../development/specifications.rst:130 +#: ../development/specifications.rst:132 +#: 3a76f65f9cc740a5ac8954efd498ae76 +#: 3a76f65f9cc740a5ac8954efd498ae76 +#: 3a76f65f9cc740a5ac8954efd498ae76 +#: 3a76f65f9cc740a5ac8954efd498ae76 +#: 3a76f65f9cc740a5ac8954efd498ae76 +#: 3a76f65f9cc740a5ac8954efd498ae76 +#: 3a76f65f9cc740a5ac8954efd498ae76 +#: 3a76f65f9cc740a5ac8954efd498ae76 +#: 3a76f65f9cc740a5ac8954efd498ae76 +#: fff8dea44f12432098ca99ba6d1b5c2e +#: 3a76f65f9cc740a5ac8954efd498ae76 +#: 3a76f65f9cc740a5ac8954efd498ae76 +#: 3a76f65f9cc740a5ac8954efd498ae76 +#: 3a76f65f9cc740a5ac8954efd498ae76 +#: 3a76f65f9cc740a5ac8954efd498ae76 +#: 3a76f65f9cc740a5ac8954efd498ae76 +#: 3a76f65f9cc740a5ac8954efd498ae76 +#: 3a76f65f9cc740a5ac8954efd498ae76 +msgid "❌" +msgstr "" + +#: ../development/specifications.rst:110 +#: 5cfccc6b8c584d5cbdd54736cddb3502 +msgid "🟠" +msgstr "" + +#: ../development/specifications.rst:112 +#: d9d78032f92a41c7bf30d755415a3cbb +msgid "`Auth0`_" +msgstr "" + +#: ../development/specifications.rst:112 +#: ../development/specifications.rst:122 +#: ../development/specifications.rst:124 +#: ../development/specifications.rst:132 +#: 517701d2d9ae411db882f60fd1747fd0 +#: 517701d2d9ae411db882f60fd1747fd0 +#: 517701d2d9ae411db882f60fd1747fd0 +#: 517701d2d9ae411db882f60fd1747fd0 +#: 517701d2d9ae411db882f60fd1747fd0 +#: 517701d2d9ae411db882f60fd1747fd0 +#: 517701d2d9ae411db882f60fd1747fd0 +#: 517701d2d9ae411db882f60fd1747fd0 +#: 517701d2d9ae411db882f60fd1747fd0 +msgid "❔" +msgstr "" + +#: ../development/specifications.rst:114 +#: 1682bb5887184cd9bff0b61796d76876 +msgid "`Authelia`_" +msgstr "" + +#: ../development/specifications.rst:114 +#: ../development/specifications.rst:118 +#: ../development/specifications.rst:126 +#: d82982be3ee7475a983ce04e39624c7b +#: d82982be3ee7475a983ce04e39624c7b +#: d82982be3ee7475a983ce04e39624c7b +msgid "Go" +msgstr "" + +#: ../development/specifications.rst:114 +#: ../development/specifications.rst:126 +#: 44c24ba16cb6419abd4d3af84403a709 +#: 44c24ba16cb6419abd4d3af84403a709 +msgid "50k" +msgstr "" + +#: ../development/specifications.rst:116 +#: 9110311d7f6e48b38ba0b32706d706e8 +msgid "`Authentic2`_" +msgstr "" + +#: ../development/specifications.rst:116 +#: d5b5b77fa7e544278f1e017ebe7b9b73 +msgid "65k" +msgstr "" + +#: ../development/specifications.rst:118 +#: 0f7c8328ceb74a3286d140ea99595441 +msgid "`Authentik`_" +msgstr "" + +#: ../development/specifications.rst:118 +#: 9b22f0bb6f364ffba33f4906e6bca29d +msgid "55k" +msgstr "" + +#: ../development/specifications.rst:120 +#: 935dcdae37fe48a68e5dfb04ab8f64f8 +msgid "`CAS`_" +msgstr "" + +#: ../development/specifications.rst:120 +#: ../development/specifications.rst:124 +#: ../development/specifications.rst:128 +#: a9de8918cec743a1a9d325a74233ece4 +#: a9de8918cec743a1a9d325a74233ece4 +#: a9de8918cec743a1a9d325a74233ece4 +msgid "Java" +msgstr "" + +#: ../development/specifications.rst:120 +#: fd1f63cd853f44e885dd67b3a6094f9a +msgid "360k" +msgstr "" + +#: ../development/specifications.rst:122 +#: f10eb07a326744518a2f6b631cb88d15 +msgid "`Connect2id`_" +msgstr "" + +#: ../development/specifications.rst:124 +#: 4c26496dd0e544ef97d8d345c3d9169f +msgid "`Gluu`_" +msgstr "" + +#: ../development/specifications.rst:126 +#: b505e8661bf24fe287f1fc77d1326ab2 +msgid "`Hydra`_" +msgstr "" + +#: ../development/specifications.rst:128 +#: 53abb4819cbf4fb7ad273fa25556814e +msgid "`Keycloak`_" +msgstr "" + +#: ../development/specifications.rst:128 +#: 5d8e6ef889ba4715986a7a237b753297 +msgid "600k" +msgstr "" + +#: ../development/specifications.rst:130 +#: 30fe26bf61584e29ac73c07d679ba6a5 +msgid "`LemonLDAP`_" +msgstr "" + +#: ../development/specifications.rst:130 +#: 12a5b8832f2b4831a41af30522055343 +msgid "Perl" +msgstr "" + +#: ../development/specifications.rst:130 +#: 42f8e0deef9246a5a4f9a3cb69a5966f +msgid "130k" +msgstr "" + +#: ../development/specifications.rst:132 +#: 8bcf4b8cde474ff49b0e8bbc96e52986 +msgid "`Okta`_" +msgstr "" + #: ../features.rst:11 -#: 5dd070084abb440ebf87c36df501f197 +#: ede71f0291474638a54b3c73dbf2e4bf msgid "Here are the different features that Canaille provides. You can enable any of those features with the :doc:`configuration ` to fit any :doc:`use cases ` you may meet. Check our :ref:`roadmap ` to see what is coming next." msgstr "" #: ../features.rst:15 -#: 83eef1f1157b4d37b4627438618f31ab +#: cf814f15959a43cfaa0392cd83755fce msgid "Users can interact with Canaille through its :ref:`web interface ` and administrators can also use its :ref:`command line interface `. Canaille can handle data stored in different :ref:`database backends `." msgstr "" #: ../features.rst:19 -#: 73c7e363c37147fc825deea06ee26975 +#: 02e100abc6e44fe49224f9e4046dc49e msgid "User and group management" msgstr "" #: ../features.rst:21 -#: e19b2b99a8544219b61bbedc1229e77c +#: 09d69566150048b4a17d192bfc4d5112 msgid "Canaille web interface can be used either in :doc:`production environments ` or locally for development purposes." msgstr "" #: ../features.rst:26 #: ../index.rst:27 -#: 759b0714ba194bc5a5d043350cb4cd14 -#: dd79223676e0465293d1499d8929fa26 +#: 4a8e8cfdbaaf4d86a28840ef0939d7d9 +#: 947ce49c0ff9406fb81b5e3cc5329c24 msgid "Profile management" msgstr "" -#: ../features.rst:28 -#: ../features.rst:220 -#: 53e5483c51ae4df28138ae990c16de07 -#: 0a36f2261b84450b98131ff740f7ceb9 +#: ../features.rst:-1 +#: d4de0b07d24e47b9aba16e48ed9cbe27 +#: 542fdff284144a8c805b4824d03d6b76 msgid "Profile" msgstr "" #: ../features.rst:33 -#: 864adfa77693422cad803b08d9187a5e +#: c59d37a518514008bc2c6f2c18dd6326 msgid "Canaille provides an interface to manage user profiles." msgstr "" #: ../features.rst:35 -#: 505ce537381249ec82445d38a4e093df +#: 8b67e3a00af440328b615d2921dc27a6 msgid "The exact list of displayed fields, and whether they are :attr:`writable ` or :attr:`read-only ` depends on the user :class:`Access Control List settings (ACL) `." msgstr "" #: ../features.rst:37 -#: 625c7cea8a034a7ba263a71ce0587a26 +#: eb4ca5b563c44281aefc8d4ad4c549e8 msgid "Depending on their ACL :class:`permissions `, users can either be allowed to edit their own profile, edit any user profile, or do nothing at all." msgstr "" #: ../features.rst:42 -#: 530dac22b587444cbd5de9ba2d7a3a90 +#: e4d34befed5941bab9161eb3c0330fad msgid "Email confirmation" msgstr "" #: ../features.rst:44 -#: 2c3acd412bb944ab81ff2631784bff71 +#: 28a9397d838e4ffaaf5c8f8558416355 msgid "If the :attr:`email confirmation feature ` is enabled, any modification or addition of a profile email will send a confirmation mail to the new address. The mail will contain a link that users will need to click on to confirm their email address." msgstr "" #: ../features.rst:46 -#: 8d597149b59e45f896eff2baa716fc20 +#: d3563178a13d42268ae8a3f0cb15b90f msgid "Users with :attr:`user management permission ` can set user emails without confirmation though." msgstr "" #: ../features.rst:51 -#: 4a6be5a6b71a4a5ea35d7c4a41630e35 +#: 280cf35bfcbe4a25b39bb567780bafdb msgid "Group management" msgstr "" -#: ../features.rst:53 -#: ../features.rst:140 -#: 4824338c1fbf4fdd8c2e01534219ee98 -#: 3d8b9fc086e945d890bf9b3e01c82984 +#: ../features.rst:-1 +#: 1d74522e450c43f5adec93c195b5a356 +#: ca799065d4684b54940c65062bed411b msgid "Group edition" msgstr "" #: ../features.rst:58 -#: afc7e192d41148e0a2ef8ec6f8944729 +#: 1471f707ae604de8b2b0222ca43eb2c2 msgid "In a similar fashion than :ref:`profile management ` Canaille provides an interface to manage user groups." msgstr "" #: ../features.rst:60 -#: b83c6d0af7fe45228496bb2c594cf88c +#: 08eb7bac987947149589e0b40c938b0c msgid "The group management is quite simple at the moment and consists in a group name and description, and the list of its members. Group membership can be use as :attr:`ACL Filter ` to define user permissions." msgstr "" @@ -2846,750 +2987,772 @@ msgstr "" #: ../features.rst:83 #: ../features.rst:149 #: ../tutorial/deployment.rst:13 -#: 6fdf0a969ccb49e1bf9bfc28f4df9169 -#: 4065a0b70a1444058df3bb16f0abc445 -#: bc0be7a805e04b5f91b89db28d7dffae -#: 7ab21494d11e4287acffeb771f8f5244 +#: ../tutorial/provisioning.rst:13 +#: 4ca7b990ff9c429aa56f1ec0ab57aef9 +#: 2cf4c2bbf0ab431f857b4fe0f7b840a0 +#: 1382b05cef654b76b8fb57324f33b950 +#: 757f761fb4724713bdc1308505431bfb +#: 12614607f99a412c9cf9f161db77c3ac msgid "Todo" msgstr "" #: ../features.rst:64 -#: 60eafd84b6934482b1ec0831e6aaa3b7 +#: 89199041503f41d3b7cad73267f4cf96 msgid "At the moment adding an user to a group can only be achieved by the user settings page, but we are :issue:`working to improve this <192>`." msgstr "" #: ../features.rst:66 -#: 6440e19e527d4d5f8abc44d99c8a3dba +#: fcdf9f9d5f1e4723b46a2ca1fc89539e msgid "Group management can be enable with a :attr:`dedicated user permission `." msgstr "" #: ../features.rst:69 -#: 2382414ec97641a4925e741a26ae3148 +#: 95eff978c7994138a3200e090c84471d msgid "Due to limitations in the :ref:`LDAP backend `, groups must have at least one member. Thus it is not possible to remove the last user of a group without removing the group." msgstr "" #: ../features.rst:75 #: ../index.rst:34 -#: b136f97d836d4c8dbb63cd671ceebe4e -#: 76d8725ced9e421f98de5fb1e1ee01a2 +#: 177c53d2c6094d43875d87ca2a55ed98 +#: 937baa96f2514cdaad76f4d28816abe7 msgid "User authentication" msgstr "" #: ../features.rst:77 -#: 022b43e4ff7f4932aa151eaade78aeb6 +#: d461efae4b9d41e4b7dba32a75588df0 msgid "Unless their account is :ref:`locked `, users can authenticate with a login and a password." msgstr "" #: ../features.rst:81 -#: 1a8cb7dc227a452b81768be3758a8fb4 +#: 3c53cd1507ce48c780297457fc4efd97 msgid "For security reasons, it won't be told to users if they try to sign in with an unexisting logging, unless explicitly :attr:`set in the configuration `." msgstr "" #: ../features.rst:83 -#: 778349cb3c344689bd8cc06184005e10 +#: 80eee19145c64fbc9ea0c26464fab965 msgid ":ref:`LDAP backend ` users can define which :class:`user field ` should be used as the login (such as :attr:`~canaille.core.models.User.user_name` or :attr:`~canaille.core.models.User.emails`) using a :attr:`configuration parameter `, but other backends can only login using :attr:`~canaille.core.models.User.user_name`. We are :issue:`working to improve this <196>`." msgstr "" #: ../features.rst:88 -#: aa467ae3118543ed94401a8ca23776f1 +#: 560be09061014d5485f75f3c90d3790c msgid "User registration" msgstr "" #: ../features.rst:90 -#: c81ba8ba520c4d8bb6c8475fe023404b +#: 4780fab4d36744c6991df9ae3919e4a0 msgid "Users can create accounts on Canaille if the :attr:`registration feature ` is enabled. They will be able to fill a registration form with the fields detailed in the default :class:`ACL settings `." msgstr "" #: ../features.rst:92 -#: c1f2442a948d414e9b9983d79aa91ae4 +#: f1e0991feda34f918887bf7653c16801 msgid "If :attr:`email confirmation ` is also enabled, users will be sent a confirmation link to their email address, on which they will need to click in order to finalize their registration." msgstr "" +#: ../features.rst:-1 #: ../features.rst:97 -#: ../features.rst:99 -#: 3d200c871e19420db3ce1885f7414a3c -#: 7bf61d1ad01240f7b1ed2db4ab0fdf77 +#: 6edf18a1ecff4430baaed61db6717c23 +#: a2293ea9f6564b6b8bc9c02c5a8f0f40 msgid "User invitation" msgstr "" #: ../features.rst:104 -#: 134f042cb892434e922c01d62222ed54 +#: 7f4e56bdbb9842beba1644e2fabad41f msgid "If a :class:`mail server ` is configured, users with :attr:`user management permission ` can create an invitation link for one user." msgstr "" #: ../features.rst:106 -#: e054dbb49f644364a6aaadcb2f5a0024 +#: 05145189cce34c4d80a56aa785cee5f5 msgid "The link goes to a registration form, even if regular :ref:`user registration ` is disabled." msgstr "" #: ../features.rst:108 -#: 536cbb5eff1444dda4ac45998d356fe6 +#: 24a4d13134934174aaedf461e03f2363 msgid "It can be automatically sent by email to the new user." msgstr "" #: ../features.rst:113 -#: c24731829c1949aeb3f54f0167ed8b37 +#: a05444b5846248f9aebaa28b316be1b8 msgid "Account locking" msgstr "" #: ../features.rst:115 -#: 48e7bf2282b5487f9437be3863edc5ed +#: 1c40bbaf596c4a28993904e4aab8b076 msgid "If Canaille is plugged to a :ref:`backend ` that supports it, user accounts can be locked by users with :attr:`user management permission `. The lock date can be set instantly or at a given date in the future." msgstr "" #: ../features.rst:118 -#: 31e7e6b90652414ab1b450f98ddb7d53 +#: e6053c7a0e4c4feabd77b2aa14c50018 msgid "At the moment a user account is locked:" msgstr "" #: ../features.rst:120 -#: 6be8caf7464643e99cb2614ce0138045 +#: 1614c2a9020a4da58427064a8b480050 msgid "their open sessions will be closed;" msgstr "" #: ../features.rst:121 -#: 93da628150674abe85e3ff8f27e83c0a +#: bd083a39c3e94f20b0ca06eb45a6ee68 msgid "they won't be able to sign in again;" msgstr "" #: ../features.rst:122 -#: e5196d576eb445d9aa83989d6f241c42 +#: 3f671916358b469d91fb687a638b5c39 msgid "no new OIDC token will be issued;" msgstr "" #: ../features.rst:124 -#: c784a99a157b46028eb5c3543da73e38 +#: 2cc679d736b341e4bde79d159d806618 msgid "User accounts must be manually unlocked by an administrator for the users to regain access to those actions." msgstr "" #: ../features.rst:129 -#: da2f0b388508475cbb3fd080de1ff44c +#: fb080216984840ba99f095aece85255d msgid "Account deletion" msgstr "" #: ../features.rst:131 -#: 5bc09c4f89764a1a950c44dc255b98d2 +#: 1339699fc6974a4e8e1ab03633a79a69 msgid "Users with the :attr:`account deletion permission ` are allowed to delete their own account." msgstr "" #: ../features.rst:133 -#: 85f4ea778e8f45f7841ddf39f1bc8b41 +#: 65b2e1806f3a437aa8b5238f022e0352 msgid "Users that also have the :attr:`user management permission ` are also allowed to delete other users accounts." msgstr "" #: ../features.rst:138 -#: 86a66e197de94dcbb90d559730b89318 +#: 278ed12bce6b4b318f677aa6d22138f5 msgid "Password recovery" msgstr "" #: ../features.rst:145 -#: 6693db5e96354da69ed660a259c109ce +#: c2409768ec7a46d584ed1ed235e7a4d0 msgid "If a :class:`mail server ` is configured and the :attr:`password recovery feature ` is enabled, then users can ask for a password reset email if they cannot remember their password." msgstr "" #: ../features.rst:147 -#: 2f356fab771549f9bdca5fa4f3ca2e5e +#: 7dbfa07474cd40c7a7c17748fbb21a07 msgid "The email will be sent to the email addresses filled in their profile, and will contain a link that will allow them to choose a new password. ." msgstr "" #: ../features.rst:151 -#: a603b57c4fc54e67ba04056b0037ae8e +#: 410c54a611eb4b1c8a372b80f744f941 msgid "Check that password recovery is disabled on locked accounts." msgstr "" #: ../features.rst:156 -#: 1bdb193d14a444a2a823f0dcef03e8ad +#: 2c4f6c64da0c42eab5520711fca1dc46 msgid "Password reset" msgstr "" #: ../features.rst:158 -#: 077ee41f3059484dad80b08733aae520 +#: 383eb7a045cd41f0909ad9aad2601065 msgid "If a :class:`mail server ` is configured, :attr:`user management permission ` can send password reset mails to users. The mails contains a link that allow users to choose a new password without having to retrieve the old one." msgstr "" #: ../features.rst:164 -#: c4e7b07761674e608a0e2bfdd50a659a +#: 7be9af4a393e4203b3da626d93d71d69 msgid "Password initialization" msgstr "" #: ../features.rst:166 -#: 5043df71775449a78e19ce0296f8d9ee +#: 02bd8f9a76fd4b66a8f803288246c0ef msgid "User :attr:`passwords ` are optional. If a :class:`mail server ` is configured, when users with no password attempt to sign in, they are invited to click a button that will send them a password initialization mail. The mail contains a link that leads to a form that allows users to choose a password." msgstr "" #: ../features.rst:173 -#: 412b386c0c794b5d8c71ea7b51278da8 +#: 4f60c7a56e5544afa1bbaee9df0805e0 msgid "Password compromission check" msgstr "" #: ../features.rst:175 -#: 35e11da6bbdf4e2da05a3a66c24e1dbe +#: 3dc13b94cd014d6f976426da9840a3d6 msgid "If :attr:`password compromission check feature ` is enabled, Canaille will check for password compromise on HIBP (https://haveibeenpwned.com/) every time a new password is register. You will need to set an :attr:`admin email `." msgstr "" -#: ../features.rst:178 -#: cbba3fccd9f84230b6eb0774cfd7e109 +#: ../features.rst:180 +#: d0049b96f7c1401a91d968aa93715930 +msgid "Multi-factor authentication" +msgstr "" + +#: ../features.rst:182 +#: c480b36838b64abbbe3986a7295613d5 +msgid "If the :attr:`one-time password feature ` is set, then users will need to authenticate themselves using a one-time password via an authenticator app. Two options are supported : \"TOTP\" for time one-time password, and \"HOTP\" for HMAC-based one-time password. In case of lost token, TOTP/HOTP authentication can be reset by users with :attr:`user management permission `. If a :class:`mail server ` is configured and the :attr:`email one-time password feature ` is enabled, then users will need to authenticate themselves via a one-time password sent to their primary email address. If a :class:`smpp server ` is configured and the :attr:`sms one-time password feature ` is enabled, then users will need to authenticate themselves via a one-time password sent to their primary phone number." +msgstr "" + +#: ../features.rst:189 +#: a9118911f6a341a3b529fd8882c4e3e4 msgid "Web interface" msgstr "" -#: ../features.rst:183 -#: fab0081b9bd4460098de6df7d8c317b5 +#: ../features.rst:194 +#: 277603f8de354f15857ad0068f148115 msgid "Internationalization" msgstr "" -#: ../features.rst:185 -#: 46cf7a3a3e9047439aa7fa6654b07921 +#: ../features.rst:-1 +#: 6bc7d90be4bf486d8a2e84a48cc76b66 msgid "Translation state" msgstr "" -#: ../features.rst:190 -#: 0a5afedc31de47a28d0bf7842a8558cd +#: ../features.rst:201 +#: a1f40124b57e452a85abf8af401dc2b1 msgid "Canaile will display in your :attr:`preferred language ` if available, or your browser language if available (and if it is not you can :ref:`help us with the translation `). If you prefer, you can also :attr:`force a language ` for every users." msgstr "" -#: ../features.rst:196 -#: 2caebf718cab47029a83bb91253e36e5 +#: ../features.rst:207 +#: 8bf0ddac3fee4b4f931bd704bbb167dc msgid "Lightweight" msgstr "" -#: ../features.rst:198 -#: e3cbad3b2af0422287a92a4094559d8b +#: ../features.rst:209 +#: 3774910a87b34b9dba3b6c28a1e6ba68 msgid "The web interface is lightweight, so everything should load quickly. There is a few Javascript here and there to smooth the experience, but no Javascript at all is needed to use Canaille." msgstr "" -#: ../features.rst:202 -#: a7db848b637a46b1874f04fb542009e2 +#: ../features.rst:213 +#: 0da766448075460d9360204e6975a0f4 msgid "Customizable" msgstr "" -#: ../features.rst:204 -#: 0c829a128889493fbc97247a60390954 +#: ../features.rst:215 +#: 737f45bc79a542ee903e8349947c3b5f msgid "The default theme should be good enough for most usages. It has a dark theme, display well on mobile, and let you choose a :attr:`logo ` and a :attr:`favicon `." msgstr "" -#: ../features.rst:207 -#: 3a69d40c024744af967a1408c054aca0 +#: ../features.rst:218 +#: 36b615461b0c49e9aca81c65a60c3308 msgid "If you need more you can also use a :attr:`custom theme `." msgstr "" -#: ../features.rst:214 -#: 003c4e8eee334a9d89486e2c0ae5d106 +#: ../features.rst:225 +#: 02908b4590a0462cac7afbc2fd17d7f6 msgid "Canaille implements a :ref:`subset` of the OAuth2/OpenID Connect specifications . This allows to provide :abbr:`SSO (Single Sign-On)` and :abbr:`SLO (Single Log-On)` to applications plugged to Canaille." msgstr "" -#: ../features.rst:218 -#: 51e9a6e1ddb04b99a6a73135fc8728e7 +#: ../features.rst:229 +#: f8c59847b97049d19a13ccaa6539f863 msgid "Consent management" msgstr "" -#: ../features.rst:226 -#: a613e3d10f1243f3bc5d4e796b278c89 +#: ../features.rst:237 +#: 8e7afe2e2e6943feb664ab03ae9da770 msgid "Users can give their consent to application requesting access to their personal information, and then revoke those consent at their will." msgstr "" -#: ../features.rst:230 -#: 115bec7ea8944f6ab98641d9bd2540ec +#: ../features.rst:241 +#: c7a8da519165448ebc4e1c53eb25f207 msgid "Application management" msgstr "" -#: ../features.rst:232 -#: 526d36374a8747d6ad6280379bcf664c +#: ../features.rst:243 +#: 2e65c0c497da4a77bc85c9500a074047 msgid "Users with the right :attr:`permission ` can manager OIDC clients through the web interface." msgstr "" -#: ../features.rst:234 -#: 79f0217902dc4b2ca73128ff6c16e7b5 +#: ../features.rst:245 +#: bafe35db98f749d99557feec3ceaf4e7 msgid "In some cases, it might be useful to avoid the consent page for some trusted applications, so clients can be pre-consented." msgstr "" -#: ../features.rst:237 -#: d1f7f85df6404afe91d29e4dee44be1d +#: ../features.rst:248 +#: 76b48b09fc1c44038a697dfa816afbcc msgid "Discovery" msgstr "" -#: ../features.rst:239 -#: 8b306f1c76664574a0f3d85805a46d87 +#: ../features.rst:250 +#: f251fff6b3374ecd9fde5bdebced6313 msgid "Canaille implements the :doc:`Discovery specifications ` so most of the applications plugged to Canaille can auto-configure themselves." msgstr "" -#: ../features.rst:242 -#: d5a2f0c4fa2f4363b5e87c4243376aaa +#: ../features.rst:253 +#: 4fac1fe3bcd346aeb34e8c600df0d542 msgid "Dynamic Client Registration" msgstr "" -#: ../features.rst:244 -#: 800aec57df82487f80fc7da359dc5c34 +#: ../features.rst:255 +#: f53321a9a89d40c0b7fdc48be51240a4 msgid "Canaille implements the :doc:`Dynamic Client Registration specifications `, so when the :attr:`feature is enabled `, clients can register themselves on Canaille without an administrator intervention." msgstr "" -#: ../features.rst:247 -#: 9cae9e0af58f499dac34354e9c12785d +#: ../features.rst:258 +#: ec8846e6d8404a8185860b509814e54c msgid "System administration" msgstr "" -#: ../features.rst:252 +#: ../features.rst:263 #: ../references/commands.rst:2 -#: 9b5fcf18f6214856ae377f83005f8309 -#: e2a97a5dfb5844f9a74c78b1a28ed23f +#: 511d3810fbd4411dbf14065b1f014256 +#: a07ec9235c4347858a3f9dd667ade4b6 msgid "Command Line Interface" msgstr "" -#: ../features.rst:254 -#: 98ef5f39d74944668dfff8b63d9d6199 +#: ../features.rst:265 +#: 446a668dea4548ffb184afa168ed6115 msgid "Canaille comes with a :abbr:`CLI (Command Line Interface)` to help administrators in hosting and management." msgstr "" -#: ../features.rst:256 -#: 9a30112ff2eb47c69263e73aa3c4ee15 +#: ../features.rst:267 +#: 1b76ec06f2f841ccb8396a5345014ffd msgid "There are tools to :ref:`check your configuration ` or to :ref:`install missing parts `. You can use the CLI to :ref:`create `, :ref:`read `, :ref:`update ` and :ref:`delete ` models such as :class:`users `, :class:`groups ` or :class:`OIDC clients `." msgstr "" -#: ../features.rst:259 -#: 02d13c90aa8f41f5b1007cd67fcea510 +#: ../features.rst:270 +#: 9f10d5a6354c4cda8b1a4e652c129231 msgid "There are also tools to :ref:`fill your database ` with random objects, for tests purpose for instance." msgstr "" -#: ../features.rst:264 +#: ../features.rst:275 #: ../tutorial/databases.rst:2 -#: 0225297b7d884971a952f5ec904a15ac -#: cf1fc0e0abb74b3ca66c1e92a5e773e9 +#: 3f06ed32b21149799d58c75cad1db5ff +#: fbfabda71be84552b6583acdaa13af3e msgid "Databases" msgstr "" -#: ../features.rst:266 -#: 1a7af5dc07fa4f6c9231664737ee46a7 +#: ../features.rst:277 +#: 004f29ea7eb74ee2912627a929e87f1c msgid "Canaille can handle data from the most :ref:`common SQL databases ` such as PostgreSQL, MariaDB or SQLite, as well as :ref:`OpenLDAP `. It also comes with a no-dependency :ref:`in-memory database ` that can be used in unit tests suites." msgstr "" -#: ../features.rst:272 -#: a6a6a7334af54051aebed82d83027ea8 +#: ../features.rst:283 +#: 8add6581a16b4877a66ba7c8827152ca msgid "Logging" msgstr "" -#: ../features.rst:274 -#: 9bc7705bd378459abf2f813381aa58a6 +#: ../features.rst:285 +#: 1179b565c1de4b11a03ca824cce52977 msgid "Canaille writes :attr:`logs ` for every important event happening, to help administrators understand what is going on and debug funky situations." msgstr "" -#: ../features.rst:276 -#: 2aeb5161276a4f048c40a7256c3d7f0e -msgid "The following security events are logged with the tag [SECURITY] for easy retrieval:" +#: ../features.rst:287 +#: a6282bdfca0b4e2c8ecfd02478d3623d +msgid "The following security events are logged with the log level \"security\" for easy retrieval :" msgstr "" -#: ../features.rst:278 -#: ed4be0b57afe4ce9976c45f03c249444 +#: ../features.rst:289 +#: 49f7ec7627e7414aa616f1060c33d110 msgid "Authentication attempt" msgstr "" -#: ../features.rst:279 -#: 452456f9907e4bbd89439903c2fc9ebc +#: ../features.rst:290 +#: a26713f492ff4f14a2e3a881e7ab19f1 msgid "Password update" msgstr "" -#: ../features.rst:280 -#: 9ccb4ef2a139403c85223576eb87a182 +#: ../features.rst:291 +#: ca7c103705f14293950cc12dedd96378 msgid "Email update" msgstr "" -#: ../features.rst:281 -#: bd0936deb7994f8fb59f2f0a47115edc +#: ../features.rst:292 +#: 0e01ba62ff054e4e849ae1d4c1f6fdee msgid "Forgotten password mail sent to user" msgstr "" -#: ../features.rst:282 -#: 02079fe76d2041aaba48a6b2079630f1 +#: ../features.rst:293 +#: 0e01ba62ff054e4e849ae1d4c1f6fdee +msgid "One-time password mail sent to user" +msgstr "" + +#: ../features.rst:294 +#: d0049b96f7c1401a91d968aa93715930 +msgid "Multi-factor authentication reset" +msgstr "" + +#: ../features.rst:295 +#: 8f4e5a1567114749b944d391c43ad2bb msgid "Token emission" msgstr "" -#: ../features.rst:283 -#: 814519684d8c47a5b0b5ae6eaa9aa66e +#: ../features.rst:296 +#: 04cf77b4e9514ab7805b4f4156209cff msgid "Token refresh" msgstr "" -#: ../features.rst:284 -#: 4489f99b64dd40248f28453fb8b4b0df +#: ../features.rst:297 +#: ec6501d110694e58b6181468d6154bda msgid "Token revokation" msgstr "" -#: ../features.rst:285 -#: 99abcc04f85649c1b184e22e67b36f18 +#: ../features.rst:298 +#: 76f7ecd101a541d3a1dbb7b3090db868 msgid "New consent given for client application" msgstr "" -#: ../features.rst:286 -#: c64802d623a74d678c4aca29f82c39d7 +#: ../features.rst:299 +#: 100d9e39db3644c78ed000b9d27342a4 msgid "Consent revokation" msgstr "" -#: ../features.rst:291 -#: f9d92f5f76a745ee97ea36afc853c516 +#: ../features.rst:304 +#: 267852d80a8f4235af2ca961f8de8f09 msgid "Development and testing tool" msgstr "" -#: ../features.rst:296 -#: 9c0500515a5847c2bec5b1bb743f42fc +#: ../features.rst:309 +#: 3dd5b1afcdf74705a07096fb3d7fd788 msgid "Unit-testing tool" msgstr "" -#: ../features.rst:298 -#: b1dc62a0c2024ff1bd6682408301766a +#: ../features.rst:311 +#: 8c74a6c31d294bcb85e4fd0db0bb40fd msgid "Thanks to its lightweight :ref:`in-memory database ` and its curated :ref:`dependency list `, Canaille can be used in the unit test suite of your application, so you can check how it behaves against a real world OpenID Connect server. If you work with python you might want to check :doc:`pytest-iam:index`." msgstr "" -#: ../features.rst:301 -#: ff4f45059bc2485eb5fa0145f5f01f9a +#: ../features.rst:314 +#: 197c22656e1b44b89c3587f95b3bb5c8 msgid "Development server" msgstr "" -#: ../features.rst:303 -#: a430530dc1ac42b680a9024e920dad7d +#: ../features.rst:316 +#: 5f930c719ffe484d9680e8d7f3169e54 msgid "It can also being launched in your development environment, if you find that launching a Keycloak in a Docker container is too heavy for your little web application." msgstr "" -#: ../features.rst:308 -#: 3594d882079a4c89b28f0d9b25b5a647 +#: ../features.rst:321 +#: e9cc836cf3d54a32ad7b1d691826bc39 msgid "Continuous Integration tools" msgstr "" -#: ../features.rst:310 -#: f7bb141a215c46df915ce63b47f13cdb +#: ../features.rst:323 +#: a4c714c1c0d44b7ab7a10dff7105a725 msgid "It also fits well in continuous integration scenarios. Thanks to its :ref:`CLI `, you can prepare data in Canaille, let your application interact with it, and then check the side effects." msgstr "" -#: ../features.rst:313 -#: beb39ccb89e040118104ba0c0f41eb71 +#: ../features.rst:326 +#: cef90af6922045ccb06933f9c96c6f6e msgid "Roadmap" msgstr "" -#: ../features.rst:316 -#: 4fee3c311fe844bbb345bd5b562844ad +#: ../features.rst:329 +#: 35efac03aaf843308e6941fa96ff921b msgid "Bêta version" msgstr "" -#: ../features.rst:318 -#: f699343ae7fe4f12a9d12f4692c22827 +#: ../features.rst:331 +#: 390267ac81744daf95a62fffcd0af834 msgid "To go out of the current Alpha version we want to achieve the following tasks:" msgstr "" -#: ../features.rst:320 -#: c8aec1fe7d574a789319e75cc64bd2e7 +#: ../features.rst:333 +#: 16cbac25ee2f420abda2992cd351559c msgid ":issue:`Configuration validation using pydantic <138>`" msgstr "" -#: ../features.rst:323 -#: 706d590389f54c40ba1b219877946bb5 +#: ../features.rst:336 +#: 9f7d9a2a96974645bd8fc63a44d1a2c8 msgid "Stable version" msgstr "" -#: ../features.rst:325 -#: 54c0d4cc60054a5ebe7456575b1b70c3 +#: ../features.rst:338 +#: 2736b944f850403f9592ba3265b6f986 msgid "Before we push Canaille in stable version we want to achieve the following tasks:" msgstr "" -#: ../features.rst:328 -#: 7807e2d92e264bc78fd5b6a3c63beb3a +#: ../features.rst:341 +#: 4a9ef596fb13405185ef106cd2dda007 msgid "Security" msgstr "" -#: ../features.rst:330 -#: 577ab46503ee45e89daa8c42938635e5 +#: ../features.rst:343 +#: a09c2af5ad3e424eba893efd02faf213 msgid ":issue:`Password hashing configuration <175>`" msgstr "" -#: ../features.rst:331 -#: a337cb0aac704dbca90dd70f1d68456d +#: ../features.rst:344 +#: 3001ee87077c4479b3f3c8b3b5aecd33 msgid ":issue:`Authentication logging policy <177>`" msgstr "" -#: ../features.rst:332 -#: 39adf64b80444b27bb6f9f11747a6960 +#: ../features.rst:345 +#: e4387f0454dd483eb1c33ce14ef1d9ea msgid ":issue:`Intruder lockout <173>`" msgstr "" -#: ../features.rst:333 -#: 3eeac7b1dec04fe9b990864b8810db50 +#: ../features.rst:346 +#: e38560428a8f48528d9f02a5e00197fb msgid ":issue:`Password expiry policy <176>`" msgstr "" -#: ../features.rst:334 -#: 4ad4707b7d02481ab507ded2d410eb70 +#: ../features.rst:347 +#: de013ed91c4443d190d9783c5cff060a msgid ":issue:`Multi-factor authentication: Email <47>`" msgstr "" -#: ../features.rst:335 -#: 478b4f7b443f4f728085a2ea686b0248 +#: ../features.rst:348 +#: d0049b96f7c1401a91d968aa93715930 msgid ":issue:`Multi-factor authentication: SMS <47>`" msgstr "" -#: ../features.rst:336 -#: fd624a7e3d404428830928ee05ec5348 +#: ../features.rst:349 +#: e5e2f43901ae4d00bd1c675076fb846d msgid ":issue:`Multi-factor authentication: OTP <47>`" msgstr "" -#: ../features.rst:339 -#: a6acbc89a16a4fad8658fb33764830ad +#: ../features.rst:352 +#: 277364ce7ca04a169409ad5acf68d075 msgid "Packaging" msgstr "" -#: ../features.rst:341 -#: 575b556539994d1190e50cbfd0133bd4 +#: ../features.rst:354 +#: dece9c7d75d441cdbdce48eb7a4bebcf msgid ":issue:`Nix package <190>`" msgstr "" -#: ../features.rst:342 -#: f8facef108bf4d668509e57200f732bb +#: ../features.rst:355 +#: a53f52a497344bb6b889fa63de7d9c26 msgid ":issue:`Docker / OCI package <59>`" msgstr "" -#: ../features.rst:345 -#: 92825d26f07c4b718121c2784a9b6b81 +#: ../features.rst:358 +#: 6a738414fcb944ac9c4d5b61a53f0d11 msgid "And beyond" msgstr "" -#: ../features.rst:347 -#: ac17ddb06c4d400ebc190454535608c2 +#: ../features.rst:360 +#: 66a95c24a32940118517f6bb3bf27838 msgid ":issue:`OpenID Connect certification <182>`" msgstr "" -#: ../features.rst:348 -#: 1b80703b0f434fe6ade3288840b9cf3c +#: ../features.rst:361 +#: 73307b368d454e338ff4bbd05657bbcc msgid ":issue:`SCIM support <116>`" msgstr "" #: ../index.rst:15 -#: 2c1f5afe842843a6bbedd65606fde0f5 +#: 8d018998cb4b4ff38d92f2a73326716e msgid "Lightweight Identity and Authorization Management" msgstr "" #: ../index.rst:19 -#: 0fa9dc97ee984c00a9460a07144eba66 +#: 55ed7b7eb88e42f78ef42eb5b55a3555 msgid "**Canaille** is a French word meaning *rascal*. It is roughly pronounced **Can I?**, as in *Can I access your data?* Canaille is a lightweight identity and authorization management software. It aims to be very light, simple to install and simple to maintain. Its main features are :" msgstr "" #: ../index.rst:31 -#: 8b56e6fd5b374afbadf70d3371ad8538 +#: d12af997fa5e48da987d2ecfcb4f149f msgid "User profile and groups management, Basic permissions" msgstr "" #: ../index.rst:38 -#: ae2a113a2f63489ebb6a9696df422ed1 +#: ea53cfd918924c97a6726cfd357f5ce5 msgid "Authentication, registration, email confirmation, \"I forgot my password\" emails" msgstr "" #: ../index.rst:40 -#: c4659885674a4b848e904b352c94b89c +#: 127cca0af1054bf08a8ce05d1c55d539 msgid "SSO" msgstr "" #: ../index.rst:44 -#: 3dabf6a8010d4aff943f07dbf6fe52aa +#: f4b6d7b278ba480da9d7c964849ba988 msgid "OpenID Connect identity provider" msgstr "" #: ../index.rst:46 -#: f7caa27d43354246a89db295901976cb +#: be1ff5f7d2ca468fa300f595696d9c10 msgid "Multi-database support" msgstr "" #: ../index.rst:50 -#: 73b988c55cc241eeafe075a55fd037a0 +#: 92a7a7f6ee474890bf705bd67945dd9e msgid "PostgreSQL, Mariadb and OpenLDAP first-class citizenship" msgstr "" #: ../index.rst:52 -#: 9caead4464284ccca1a59bff67fbec2d +#: b1569cdc9eef44d68ed3b52496ef75b3 msgid "Customization" msgstr "" #: ../index.rst:56 -#: e2604712b57b4583b53181a9fefcda0e +#: 68415646dbfa4be79d953583749246fe msgid "Put Canaille at yours colors by choosing a logo or use a custom theme!" msgstr "" #: ../index.rst:58 -#: b168d0612c04400e8b259edb581dc6c7 +#: 2a6a4e752e494f65b7766a082624d1a4 msgid "Developers friendliness" msgstr "" #: ../index.rst:62 -#: 8b5f849ae22348f19d5d8feca1590032 +#: 42693164646349bcbe9f680b08cd904b msgid "Canaille can easily fit in your unit tests suite or in your Continuous Integration." msgstr "" #: ../index.rst:66 -#: a4dbd4558bda425cab549061b5952854 +#: bc563a309b784f2cbc15399c3ad8f51c msgid ":doc:`Full feature list ` :doc:`Common use cases `" msgstr "" #: ../references/commands.rst:4 -#: 574cb073f7584f8599a4cc129a337c4a +#: aebb427c91ed41da9c0b7ecdfcaf590a msgid "Canaille provide several commands to help administrator manage their data." msgstr "" #: ../references/commands.rst:6 -#: aa7436e81d0347aca49e76837769f92b +#: b907889f6d0d4dabb1a963c60758fedf msgid "Generally, some configuration has to be loaded by `Canaille`. This can be achieved by :ref:`configuration loading method` available, but most of the time a ``CONFIG`` environment variable is used. For the sake of readability, it is omitted in the following examples." msgstr "" #: ../../canaille check:1 -#: d3880ac07b8641fbb96a657384193437 +#: e48a730fe9c94efcb41a272f5478ed19 msgid "Test the configuration file." msgstr "" #: ../../canaille check:1 -#: 8edd9caa824f4c3aa3298a3e0b28a418 +#: 41aae9c8d46743aba9e79f57c079d0c7 msgid "Attempt to reach the database and the SMTP server with the provided credentials." msgstr "" #: ../../canaille clean:1 -#: 15fc7dadf416460fb034401cb2298ddc +#: e4dceb9281e14cf0adbd56154fffbc04 msgid "Remove expired tokens and authorization codes." msgstr "" #: ../../canaille install:1 -#: f58f2f270c9642208409eab2a078aa10 +#: fade86f4801a403dab35e0e1cf5bb2a9 msgid "Installs canaille elements from the configuration." msgstr "" #: ../../canaille install:1 -#: ee828128d3684eaea85f63a4d8efb295 +#: 59f7082a6fc74329965dacbbd4b29d74 msgid "For instance, depending on the configuration, this can generate OIDC keys or install LDAP schemas." msgstr "" #: ../../canaille populate:1 -#: df2355b792904bae8c2adfdc44e3abc1 +#: 10dd1f2f8dfd4382ba79586e84d228b6 msgid "Populate the database with generated random data." msgstr "" #: ../references/commands.rst:0 -#: 25c273b3659241e5a58c4ccfc4d1aa62 -#: 23e595a7ef3e40738c72964260d647d4 -#: b9df5380bb904ef3b2c158886514b1f4 -#: 810cab23bf5f4e0bbe5e403092b4739f -#: 2b944a79e15441a28501202fb405ceec -#: 337385bfcd154b46942fd5cc685e3c53 -#: 3c51398f5ef14fafac576c18c1938015 -#: f7857604a6af425d92b5f49a3a571724 -#: 50ab489bedfa413b941eaca1514e779e -#: 817fa12a167549c2b2dcda5cf8aca990 -#: e144249ab1e4497a8e2b59433d28dd94 -#: 8e13e364d31643ebbcbea2ec3c48cebb -#: 93521a77f0084af9b274926a73bb1866 -#: 979aef4626814c74bd3208394714d692 -#: 145d1e9e3fe74947b6695497c7f75b40 -#: 7e7e2edd89534686997d302f673e5005 -#: 2d123fd2ca8b46dbb63d2f8cd67b8a9b -#: 658ca5556e9b484884784c60355dcaba -#: ecc2c5a1d0ee4d75a8dabc1519c9b46f -#: e9427573b4fd4fea8baa73d3dfd6c901 +#: eef93c8f7efa4bcca26a9984edfec552 +#: ab621caa7a2c4d8fa849e7797625d3ba +#: f8d114457ca741bf800ee8c4b3f942a1 +#: 6fbad5feee934277bdbbbd04f071fe34 +#: b61fa1c2360748b999a9aced4bd164ab +#: 7c65f97affff43a2a78f72e6d2a8b2bf +#: 20f752045a96446387d44095a57eca5c +#: 14304e9889da477c8a93cf9b9dd6c1e5 +#: bb0e8261f2454b65aa180dd68ad176d8 +#: 16a6ff9805e447789f9cee87d357b936 +#: a7c4100a940e41fe9440ad6b0bbd28dd +#: 296c95633a584e4e924f2f36676c1c2f +#: e0d5e5ab4bf9456aa3c194dbb343ffd8 +#: 230b27138fe641e19ac2bda6f21d1507 +#: 682d03c24b1349d1be236737cf9c8478 +#: 0201087fa2f8445c9c291d4cc4ba3700 +#: a537cbb030a84e5b96ca899c18aaef63 +#: aa0eedc786284ae49d37dab255457175 +#: 1715de5f32c34e7cab8f1379549071f9 +#: f9c437d0c28c4079995fd7bc83ed2ec9 msgid "Options" msgstr "" #: ../../canaille populate:1 -#: 757aacf7045343ac87f0d6123fe1e181 +#: 94ba9e16305a484ea1415b3237723cf1 msgid "Number of items to create" msgstr "" #: ../../canaille populate groups:1 -#: 0e4a01018e724dc6a6ca0b638d66852a +#: 379afc690fa147acb76c519bccb010a6 msgid "Populate the database with generated random groups." msgstr "" #: ../../canaille populate groups:1 -#: b8f050417d3e4d5cb1abef74d5b23fef +#: da4cf29b95b846119a772e8d9f73f96b msgid "The maximum number of users that will randomly be affected in the group" msgstr "" #: ../../canaille populate users:1 -#: 27cbff2cac6c4d0ba3a881e593e6d298 +#: b87d2b5df82a46e0a11fccb84a997ab9 msgid "Populate the database with generated random users." msgstr "" #: ../../canaille get:1 -#: a991a3b616044f2c932b1b5781575930 +#: ce45ebf26cf149d3b0fd406e1ed2b5a9 msgid "Read information about models." msgstr "" #: ../../canaille get:1 -#: ff29fb8d5ce14bc291589af023d25348 +#: 00dbea345e914dafb4a736214b895b1c msgid "Options can be used to filter models::" msgstr "" #: ../../canaille get:1 -#: ebb9a30bb4ad418b937898f33eb3154d +#: 43207b9c3af4494e9714cbf6ff2c473d msgid "Displays the matching models in JSON format in the standard output." msgstr "" #: ../../canaille get authorizationcode:1 -#: 3b7cec01bf904fbd95a74ecc629450d4 +#: 8f0d2152f80d49e8be0e904a850cacdd msgid "Search for authorizationcodes and display the matching models as JSON." msgstr "" #: ../../canaille get client:1 -#: 04713bc174844fbc90ffcd66309a32d7 +#: bef20cbd666c49ff993234428725ddd3 msgid "Search for clients and display the matching models as JSON." msgstr "" #: ../../canaille get consent:1 -#: 3d85785b1e954ca48fb3600e102060dc +#: 173ac74323844b969fdb2ce7bb9632c7 msgid "Search for consents and display the matching models as JSON." msgstr "" #: ../../canaille get group:1 -#: a7f5ed4db7ca4b6e990d3008e3df40dd +#: 8cc4308278af4625bc3d625a22ea5aa3 msgid "Search for groups and display the matching models as JSON." msgstr "" #: ../../canaille get token:1 -#: f28ab88c832f4310ba8fce02409a0471 +#: 5307294d0c7a49d6ad21d0d505f11aab msgid "Search for tokens and display the matching models as JSON." msgstr "" #: ../../canaille get user:1 -#: 243977ad7e504fedbd9646f89f934592 +#: db01fd1777f4431793d3885c834b7680 msgid "Search for users and display the matching models as JSON." msgstr "" #: ../../canaille set:1 -#: f1db85f49bf44d11a4bb25bef94995c7 +#: cec2b45a156b461faacc323380171e6f msgid "Update models." msgstr "" #: ../../canaille set:1 -#: 81f6f6bde2db46419feea67dae446a01 +#: e5fc377719b04495a57faa42a87be86a msgid "The command takes an model ID and edit one or several attributes::" msgstr "" #: ../../canaille set:1 -#: 2605d2f99fff4a3685e4acb6c7d08749 +#: 4e8bb50216e741f0bb44ecc365265370 msgid "Displays the edited model in JSON format in the standard output." msgstr "" #: ../../canaille set authorizationcode:1 -#: 0e3e63095aaa4d10827812a9df412418 +#: 03d1eebac72e42b58b3aef5a429dee1b msgid "Update a authorizationcode and display the edited model in JSON format in the standard output." msgstr "" #: ../../canaille delete authorizationcode:1 #: ../../canaille set authorizationcode:1 -#: 272d0df08f904f519632f9fd2fe65385 -#: 2f9f07b54e574b76b44a885d2edcee5f +#: ddbdb0447cd34e59b5e1c6f9f852c619 +#: 4abf794613df4e5c8472ce2a6e7dc989 msgid "IDENTIFIER should be a authorizationcode id or authorization_code_id" msgstr "" #: ../references/commands.rst:0 -#: 68201cc09cab43ae872191c5e1e0de51 -#: 797f38593b54447e9abe286cd709857c -#: 5f7b7a34cec54b7bb8813914c7b1da9e -#: e2da0bdb8e364ad4ac3fa9a24108e9c9 -#: 7a653436ae5244b3915e22f7b337b441 -#: 83d05fec78e043fcbf55d763d9664075 -#: 314878b93dce45baac9f4ab7248087c2 -#: 59d47562162a44fcb07558824e722d39 -#: 811906b3e60e4f96bb46272adf7a2702 -#: 9f85ada6864146db941a9b74f9dccdcc -#: e15f98264ca3466aa879164b237471d4 -#: 23cb9085c4df46c5919811da9786751a +#: f2adfafce0754af79d2770a34dae5309 +#: 283f0c7412de4a97bb4e7954f008ff3e +#: 46a35e9dcc73463db8ff772da3638b31 +#: fae552d2703d4a2186332c0847506798 +#: 4fafb5c0151f445c9c573b6472b4d0f5 +#: 3115c2cba5f04f9094165896feac1cc9 +#: e3c459094f734f6382847753305e76aa +#: 4e8a2cd6e1224733b644484774cf0621 +#: 6f97567dcca64c4a92c0b869a6ce337d +#: fea5ce77581940eabec5498e9347643b +#: 7b57a6d1d40d40eaa51b6bba807602b5 +#: 0c5b1219cf2c4d97bc0cf7717c7b4ef3 msgid "Arguments" msgstr "" @@ -3605,356 +3768,358 @@ msgstr "" #: ../../canaille set group:1 #: ../../canaille set token:1 #: ../../canaille set user:1 -#: cafe88a3ce2e428eac214691a4cceb5a -#: 7b2ff0501238407193726c30d9eca3c9 -#: 0ba51222ad4a4533b4b41b1757a35c64 -#: ea0c5446d43d40c49f2b92c5b3541ce9 -#: 9ac86d8bfd664383a081e3c1ede9c96e -#: cd7e04caa435456ca0cf597a4cf2b866 -#: 8d3a56d3d2d8434a96e06ee1db5c7f74 -#: ee33e52044104463b44bf754ebc2bfd3 -#: ec1ed557213c433f960f06a20c6305f0 -#: 79fcf662ca834cb9bad46e70395f5c0d -#: a2446c9d8a43489f95b98774f9e95af2 -#: c84e4574c2934d05b8911fbf5ff07255 +#: c0f3d574bd3640aca180dbe7695f53e9 +#: 61c7448c4a41497a8b923a636124b2be +#: e523b87636874d088f2ef6e7c2d8c79a +#: 3e12bc882bce4c71928c127525ee8358 +#: ef0be6baac8a4a44bd4a317601ea2018 +#: f60f6b4edba24b98a79df93768b3041f +#: c1192e9d2ddc429f911056db63d54e6c +#: 4e3ae120210c4d62bfd1cc1d7c199f7a +#: 3b9c5a9904f74f9e8308a21d4ee8da42 +#: a6ecc5cf2bb54dfe98d8553f7f49c5d6 +#: 6492e2a92bac400c990cc3182c8b1cb0 +#: ca2ec2ca915e40438b1b18eb27c46670 msgid "Required argument" msgstr "" #: ../../canaille set client:1 -#: 8fd29a2556aa4939a91f5dff64f750f9 +#: f2b0a1421fdf46d684fbe616a1771b62 msgid "Update a client and display the edited model in JSON format in the standard output." msgstr "" #: ../../canaille delete client:1 #: ../../canaille set client:1 -#: 1fe7624c6c204327b3dea4672369b25c -#: a507a2cde7be4e01b653d88b1143bcc1 +#: 04f98ee9b5254ad58f59cba6824a2ef0 +#: db9ef2c5ffc342fe858b000bc05fbcc8 msgid "IDENTIFIER should be a client id or client_id" msgstr "" #: ../../canaille set consent:1 -#: bc9887077625496493e99ffd14864f21 +#: d8dbf4d59a0e4afcac26174972d6804c msgid "Update a consent and display the edited model in JSON format in the standard output." msgstr "" #: ../../canaille delete consent:1 #: ../../canaille set consent:1 -#: c40a621613bb4a57ae61d0bf635d4be1 -#: 36c566d3a8d64d98b3139d1d408e6e33 +#: ecded87087fb4018854b4d14a277df8f +#: bfebd623b59243cb8efe4178994c8209 msgid "IDENTIFIER should be a consent id or consent_id" msgstr "" #: ../../canaille set group:1 -#: 24bf72192e064a11ba8f4408dc6cd2f2 +#: 1f36d3e6d60343989097aac3e4424ed4 msgid "Update a group and display the edited model in JSON format in the standard output." msgstr "" #: ../../canaille delete group:1 #: ../../canaille set group:1 -#: f9bb7a0e3cb74e87bd9647b1d854d4c5 -#: 2b44dcf76741473980e37c9fb1f972c9 +#: 772ff82f2ff54593b9ef8dc8e0af8d4f +#: f5e84ce4a1dc4bcdbf5a660209e2d7d9 msgid "IDENTIFIER should be a group id or display_name" msgstr "" #: ../../canaille set token:1 -#: ed64c8271e11430f829f537ac1c9fb03 +#: 6534c48546d94e76a03c8ea1521c5cd4 msgid "Update a token and display the edited model in JSON format in the standard output." msgstr "" #: ../../canaille delete token:1 #: ../../canaille set token:1 -#: 5872d15912fa4904bc7429f1e6c4e4e5 -#: 2e473a0a6bc4446eb92d334a50bad9e0 +#: edecbc4f0f9946c48834bf53a5fbf0f8 +#: 3dacc05a5d1240ea812eb792ed737810 msgid "IDENTIFIER should be a token id or token_id" msgstr "" #: ../../canaille set user:1 -#: 6db0783b2700470888b19c5bc6144406 +#: da1f8e5fba5f40ad8f20a017e886aa02 msgid "Update a user and display the edited model in JSON format in the standard output." msgstr "" #: ../../canaille delete user:1 #: ../../canaille set user:1 -#: e98462e8df9b4465af9a63c0bbf21546 -#: d7cebb3763ed4824afd5b69c0a82f605 +#: bf3b446f2eda4b26a9ef702f4c6dd0b9 +#: 881aab67b4fb4777a160e9affc77be0c msgid "IDENTIFIER should be a user id or user_name" msgstr "" #: ../../canaille create:1 -#: 3f6211fedcff4c49a1a05bb0d923b452 +#: 563f23f330bc43ed951ca8812fa0c2fc msgid "Create models." msgstr "" #: ../../canaille create:1 -#: dabf2e993c7e4f4e958ecf36a3a64cfa +#: 9d4c06295f304ac093848a3de8b716bb msgid "The model attributes can be passed as command options::" msgstr "" #: ../../canaille create:1 -#: 88fc347eb7814471b13dc9a6b562dd75 +#: 63735ef4eb924ae1ab2a244a018dc3be msgid "Displays the created model in JSON format in the standard output." msgstr "" #: ../../canaille create authorizationcode:1 -#: 428bc4494e3f4f6d875f2a701295e030 +#: a96e7d0b6bed4a7bb8e0257b08600be1 msgid "Create a new authorizationcode and display the created model in JSON format in the standard output." msgstr "" #: ../../canaille create client:1 -#: 4f234a94637b44698b95c220d5c3d59e +#: 41428e12aeae44479602c0f92a840d2c msgid "Create a new client and display the created model in JSON format in the standard output." msgstr "" #: ../../canaille create consent:1 -#: 741d27c2f5fb448da39ad4955e77518e +#: 994455a2e844478bbffe389520751a33 msgid "Create a new consent and display the created model in JSON format in the standard output." msgstr "" #: ../../canaille create group:1 -#: 973102f969a0499692c7a2416dd0f469 +#: c3b6e110307b45c4b7e8ce07a66a4cf9 msgid "Create a new group and display the created model in JSON format in the standard output." msgstr "" #: ../../canaille create token:1 -#: 4f44ca45c9f8454b950534b228e8ef12 +#: 3774f3cf8635474fb6ba63ac1b57aa1b msgid "Create a new token and display the created model in JSON format in the standard output." msgstr "" #: ../../canaille create user:1 -#: 35ce000da38042699e6154f107a3e814 +#: ae4b9357629c41f2bd3443048f12f734 msgid "Create a new user and display the created model in JSON format in the standard output." msgstr "" #: ../../canaille delete:1 -#: fd758e22b29a4fd4b7f1c92876768518 +#: 416fbf5d468742f6af7aa3afe222389c msgid "Delete models." msgstr "" #: ../../canaille delete:1 -#: 42450f0ac5674556be84bcf4cc34c98f +#: 05ea570bc20b42c9943f9073f58c19f9 msgid "The command takes a model ID and deletes it::" msgstr "" #: ../../canaille delete authorizationcode:1 -#: 4607eae8cf4c40a3a37bef887f2254a1 +#: e73a91f3f9d347d082621014cb60fd7f msgid "Delete a authorizationcode." msgstr "" #: ../../canaille delete client:1 -#: 01b65f6e61a848c490034606d1d00095 +#: d376d0088bff46ca817210c0ae84ccec msgid "Delete a client." msgstr "" #: ../../canaille delete consent:1 -#: b1dfdb33eba94dc2a71f9172cff74acb +#: 2cd2f844ba974bbaa3c2a84cd7fa1a68 msgid "Delete a consent." msgstr "" #: ../../canaille delete group:1 -#: 6c79a439e1f54f4f81194cc8d6fc5944 +#: bf80244164a54ae887b7caadf7914dc1 msgid "Delete a group." msgstr "" #: ../../canaille delete token:1 -#: 1fb9fa8740c442ff82297d480fbba5ca +#: 3bf34916fadf48139dbcf439545c4276 msgid "Delete a token." msgstr "" #: ../../canaille delete user:1 -#: b0298caa666647268cd204cbd1cccd4d +#: 22a78b7140094b6ebe34988f5b37fec3 msgid "Delete a user." msgstr "" #: ../references/configuration.rst:2 -#: 6c3d1ad364a84afb9586b1b62e42dedb +#: e23c84272ce74d1d87f815825cb4a488 msgid "Configuration" msgstr "" #: ../references/configuration.rst:5 -#: fca2326d4bf84702b7d8d0f5d3a65f20 +#: 90eeb71ed1294fd7bc6bf7f8c8ed5c8c msgid "Load the configuration" msgstr "" #: ../references/configuration.rst:7 -#: 51e2253170d4489ab9598217182b6f1d +#: f2621ade958b4ffb9815fa8322ca64e5 msgid "Canaille can be configured either by a environment variables, environment file, or by a configuration file." msgstr "" #: ../references/configuration.rst:10 -#: 1560e71d7b2d42aa8ec0accc06131b3d +#: 37d9f514da104c6aa15bf83cb6303487 msgid "Configuration file" msgstr "" #: ../references/configuration.rst:12 -#: 0fc2b0bc764345caba3f9402376e279a +#: 88467c2beaea43a19228f85c1f398494 msgid "The configuration can be written in `toml` configuration file which path is passed in the :envvar:`CONFIG` environment variable." msgstr "" #: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:11 #: ../references/configuration.rst:14 -#: ../references/configuration.rst:94 +#: ../references/configuration.rst:95 #: ../tutorial/databases.rst:23 #: ../tutorial/databases.rst:37 -#: 3626de52eeca4eecbda8f1d47354a80c -#: f59eab2f20b542f1af3ae7e6e4856266 -#: f59eab2f20b542f1af3ae7e6e4856266 -#: c1e56e5ab5ba40228c68cd9eb470348d -#: 8acf4c15626e4f6897aa81c2e5e8ef42 +#: ../tutorial/databases.rst:138 +#: 1b8aaa7b767b49eb9a81d6663fb6c1e8 +#: bb4c8f23d29248f5abfd0d96af2d80bf +#: ee90ce99e8a4449fbb7cb28d559147b5 +#: 84cfcdaa79ef439cb013e00e3c4cd792 +#: cb517d061c4a4d16ae4a868999611801 +#: 3fc7e3d6f94f47579174c1ebcb598f6a msgid "config.toml" msgstr "" #: ../references/configuration.rst:26 -#: 4b63b3891e1c45788780ea1af554d1db +#: 4f4e3b14ad79434b93659ff0d99e92d5 msgid "You can have a look at the :ref:`example file ` for inspiration." msgstr "" #: ../references/configuration.rst:29 -#: 8cbac0cd9e3e4bc3ad5fc60d82180568 +#: 52e72a243eda4c6d8c20601ec11d21ea msgid "Environment variables" msgstr "" #: ../references/configuration.rst:31 -#: b909831b5aed44a4b439b37701feabb7 +#: 5a5db358ab214e86b11ce341a71a4abb msgid "In addition, parameters that have not been set in the configuration file can be read from environment variables. The way environment variables are parsed can be read from the `pydantic-settings documentation `_." msgstr "" #: ../references/configuration.rst:36 -#: fd22a354c18f4733b8b1962cfcbe2139 +#: 9c85a8e682a74e9d9d8c3aa79e2d02ba msgid "For environment vars, the separator between sections and variables is a double underscore: ``__``. For instance, the ``NAME`` var in the ``CANAILLE`` section shown above is ``CANAILLE__NAME``." msgstr "" #: ../references/configuration.rst:40 -#: f12f0cbb606e4627be2fa3b2a895f162 +#: 26c9129f81c54386966cffd31c323f14 msgid "Environment file" msgstr "" #: ../references/configuration.rst:42 -#: 434c11ee0d6a4a118f9b8802d407d447 +#: 54056c93ac3b40e882bf20789d72fded msgid "Any environment variable can also be written in an environment file, which path should be passed in the ``ENV_FILE`` environment variable. For instance, set ``ENV_FILE=.env`` to load a ``.env`` file." msgstr "" #: ../references/configuration.rst:45 -#: 83d91b20c3204d09b61a4a6de8c84769 +#: ba796d7f6bdb4ef5a32865f844ead63e msgid ".env" msgstr "" #: ../references/configuration.rst:63 -#: 8fc48610072c4e248c494befe2a4c8f6 +#: 3c2136aab27c4650acf0d25ced3636e2 msgid "Configuration methods priority" msgstr "" #: ../references/configuration.rst:65 -#: d3fdde7c8d9841e49e92bcba763e33d8 +#: 6e85c7ec407f4fc68adff17adb6652b2 msgid "If a same configuration option is defined by different ways, here is how Canaille will choose which one to use:" msgstr "" #: ../references/configuration.rst:67 -#: b79bfecad485446b85a8866657222448 +#: 8857be48d8f54be7aa8d350d5346887a msgid "environment vars have priority over the environment file and the configuration file;" msgstr "" #: ../references/configuration.rst:68 -#: 63800f5a14d44e1fa3ed0266e19f5482 +#: d946c715e1c34f55acfe97acc96cab68 msgid "environment file will have priority over the configuration file." msgstr "" #: ../references/configuration.rst:71 -#: e8e7a0f78d68479a9586036adf25e183 +#: 369d25ff21b042fbabf703be7b66e138 msgid "Parameters" msgstr "" #: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:1 -#: ba32908d458e4689a5d90a46b386fdf3 +#: 2226ecd0f90440d58a4089df736be757 msgid "The top-level namespace contains the configuration settings unrelated to Canaille." msgstr "" #: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:4 -#: fffc30ea67ab47d99472750172be2a29 +#: f53fd6edbc9148c781006d112688f022 msgid "The configuration parameters from the following libraries can be used:" msgstr "" #: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:6 -#: ae9ceb139bfc47f8b383dec852b507c2 +#: 0a1ba7d3d9d24c598640a87301549190 msgid ":doc:`Flask `" msgstr "" #: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:7 -#: 3d01d0dc9cdc47e59420f5b121370277 +#: 6288bee773454f6fb13d7c3c43c0acfe msgid ":doc:`Flask-WTF `" msgstr "" #: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:8 -#: d573a04c56154eaf857d49c057690bfd +#: 8dc449c88676405aa689c232c0c17eaa msgid ":doc:`Flask-Babel `" msgstr "" #: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:9 -#: 552391e3f12c4385abb3e1a2e3929cfa +#: f0f21a8b4661490ea85203669e05fe2a msgid ":doc:`Authlib `" msgstr "" #: ../../docstring of canaille.app.configuration.RootSettings.DEBUG:1 -#: 4309008dba2c4aa79584299f19987ac4 +#: aee2c3dead184d3ab7655e0df3b9f66c msgid "The Flask :external:py:data:`DEBUG` configuration setting." msgstr "" #: ../../docstring of canaille.app.configuration.RootSettings.DEBUG:3 -#: f8cb9ba68ed14b818c2fb2bcfbffb16a +#: da1c3a1146284b0597c12fab8ac713a9 msgid "This enables debug options." msgstr "" #: ../../docstring of canaille.app.configuration.RootSettings.DEBUG:7 -#: 553b378e895a4b74aa242c08cd29450f +#: 22813fdeb3ad46729bf6d91f1a6a799b msgid "This is useful for development but should be absolutely avoided in production environments." msgstr "" #: ../../docstring of canaille.app.configuration.RootSettings.PREFERRED_URL_SCHEME:1 -#: cb2cc7437e4a4d3c90895c4148186b25 +#: 8d9650f0f1c34ab7b888fce27cfcc459 msgid "The Flask :external:py:data:`PREFERRED_URL_SCHEME` configuration setting." msgstr "" #: ../../docstring of canaille.app.configuration.RootSettings.PREFERRED_URL_SCHEME:4 -#: 530f78ce6f4842c983c10b38fe4c4b93 +#: 33538d7dda284e2da14720d9ecf5b81f msgid "This sets the url scheme by which canaille will be served." msgstr "" #: ../../docstring of canaille.app.configuration.RootSettings.SECRET_KEY:1 -#: 42e179fea274407eb26dd67e4a6d14a5 +#: ca299cb1b21a4aff913e478725dee516 msgid "The Flask :external:py:data:`SECRET_KEY` configuration setting." msgstr "" #: ../../docstring of canaille.app.configuration.RootSettings.SECRET_KEY:3 -#: b16e239dce5c4f199a2fba1707c82d1a +#: e0e842ea56e7409da386c9fa3b44f45f msgid "You MUST change this." msgstr "" #: ../../docstring of canaille.app.configuration.RootSettings.SERVER_NAME:1 -#: 0f0f60195f334cf597f67857740b2ace +#: 8aaa9ab83eb245a996e82b25f47a18be msgid "The Flask :external:py:data:`SERVER_NAME` configuration setting." msgstr "" #: ../../docstring of canaille.app.configuration.RootSettings.SERVER_NAME:3 -#: 39edb89e79af4a10a154a5c42d51e86e +#: a7a33ff93b6d471e9395fffab55b8497 msgid "This sets domain name on which canaille will be served." msgstr "" #: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.CoreSettings:1 -#: d831c1b108eb4e96bb11a6ddc92ed45e +#: 49b29a899f644466acba509b0b3e9f00 msgid "The settings from the ``CANAILLE`` namespace." msgstr "" #: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.CoreSettings:3 -#: a51801e81d914eb3bfe1fa4e649133c1 +#: 63104b7fc45e4ef39f55f96c7a093f33 msgid "Those are all the configuration parameters that controls the behavior of Canaille." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.ACL:1 -#: 89de24471b434051a4a84e39bc47aded +#: 1c134db317ea498d8b595a7a3b2f610e msgid "Mapping of permission groups. See :class:`ACLSettings` for more details." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.ACL:3 -#: 1f85af06bed64d9da4417c6e6f7e244e +#: c2f72f20b39c4706b4e5ba01db79eb2c msgid "The ACL name can be freely chosen. For example:" msgstr "" @@ -3962,676 +4127,726 @@ msgstr "" #: ../../docstring of canaille.core.configuration.ACLSettings.PERMISSIONS:6 #: ../../docstring of canaille.core.configuration.CoreSettings.ACL:5 #: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:12 -#: 56ce67b55d3b4d8eba9a07b4feed2587 -#: d9b0f4816c2644679233ec3b797c2fc4 -#: ea4face810944c2e934e593ccfe99a84 -#: ea4face810944c2e934e593ccfe99a84 +#: 7f4c9bc691c14d29b0465e0af9e49012 +#: 7e37e8d6e156472e9a7a39fac9d88ff2 +#: f9cab605f9cd4a48ace060c109339896 +#: d723924be3cf4f0bbfc5f4f454c9fd17 msgid "..code-block:: toml" msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.ACL:7 -#: dc73b62baf4f465598787ebb33191c7b +#: c5d39ea293234d4aa11c0494ddc011b6 msgid "[CANAILLE.ACL.DEFAULT] PERMISSIONS = [\"edit_self\", \"use_oidc\"] READ = [\"user_name\", \"groups\"] WRITE = [\"given_name\", \"family_name\"]" msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.ACL:12 -#: 56d15bcfdbcc4556a3848702228b970f +#: 27f179210a5a4bae899d38bc6d1963c0 msgid "[CANAILLE.ACL.ADMIN] WRITE = [\"user_name\", \"groups\"]" msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.ADMIN_EMAIL:1 -#: e07c109febe5434e95b532da3dadf454 +#: da428b02fcc6465ca83593370a8c52c1 msgid "Administration email contact." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.ADMIN_EMAIL:3 -#: 7a5e93e36d434fcb96b85beea8f1adc6 +#: 80265b26992742b4a55529bb9514ef19 msgid "In certain special cases (example : questioning about password corruption), it is necessary to provide an administration contact email." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.EMAIL_CONFIRMATION:1 -#: 478effaaf0da47a1a31b996b06b8c650 +#: aae582f58bfa47f2a6f5b32a1b5c3ead msgid "If :py:data:`True`, users will need to click on a confirmation link sent by email when they want to add a new email." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.EMAIL_CONFIRMATION:4 -#: b82dc4dc6818409eb5fa256462c4ac19 +#: 35bd824b2f8d4040898ed4dbdb7e599d msgid "By default, this is true if ``SMTP`` is configured, else this is false. If explicitly set to true and ``SMTP`` is disabled, the email field will be read-only." msgstr "" +#: ../../docstring of canaille.core.configuration.CoreSettings.EMAIL_OTP:1 +#: 15d696ce895d4517964f6a9fe0269d30 +msgid "If :py:data:`True`, then users will need to authenticate themselves via a one-time password sent to their primary email address." +msgstr "" + #: ../../docstring of canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_COMPROMISSION_CHECK:1 -#: cb4478169a09415a9f17e3df16239ecd +#: 2bb9ee1a4a1f4c3dac7cd54259173873 msgid "If :py:data:`True`, Canaille will check if passwords appears in compromission databases such as `HIBP `_ when users choose a new one." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_RECOVERY:1 -#: b70cf94037df4bd1ae8a74acc370b3a5 +#: 9b83a2bb7e5a45358efb53447ed21cda msgid "If :py:data:`False`, then users cannot ask for a password recovery link by email." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.ENABLE_REGISTRATION:1 -#: 6ee78ec59c21456e8761778153d4f700 +#: ad8746125fae4336a86e7a5a47949ea4 msgid "If :py:data:`True`, then users can freely create an account at this instance." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.ENABLE_REGISTRATION:4 -#: 979b9444b9c04354add2e781bd324752 +#: 4519e48effe84001a82418bf3a2da190 msgid "If email verification is available, users must confirm their email before the account is created." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.FAVICON:1 -#: 8931d55b0c264be0982765f04f83ae38 +#: ad1dce6bc9dd49608f1556cebf0f44fe msgid "You favicon." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.FAVICON:3 -#: 7991e0eec12c457dad401f49b34ad835 +#: 36086dc79c1b485fa6594ef442028011 msgid "If unset and :attr:`LOGO` is set, then the logo will be used." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.HIDE_INVALID_LOGINS:1 -#: 8e19d8a485fe456191ab16773f84483e +#: 15d696ce895d4517964f6a9fe0269d30 msgid "If :py:data:`True`, when users try to sign in with an invalid login, a message is shown indicating that the password is wrong, but does not give a clue whether the login exists or not." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.HIDE_INVALID_LOGINS:5 -#: dffe6e218f4f48e981ac5a9fa9a21e37 +#: 8203d7591b394141b0beec099e5a0c8d msgid "If :py:data:`False`, when a user tries to sign in with an invalid login, a message is shown indicating that the login does not exist." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.HTMX:1 -#: b200882d189b46f3a83f217ff8b59551 +#: fca447a64b184732b6664c3c20ade0ce msgid "Accelerates webpages loading with asynchronous requests." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.INVITATION_EXPIRATION:1 -#: 2dc15bd9ea8a4386b7202dbdbab5de36 +#: c3295518c8ce46359cb5fc8012267002 msgid "The validity duration of registration invitations, in seconds." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.INVITATION_EXPIRATION:3 -#: c6aaae8719c34838aec54b8fea2d5101 +#: cca98367f271454987d915c9da1deecc msgid "Defaults to 2 days." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.JAVASCRIPT:1 -#: 70d5c7fa2dfa4e6695c84f2b4ab547c9 +#: f10d5dbbd4054185b5caff2aa7b4602c msgid "Enables Javascript to smooth the user experience." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.LANGUAGE:1 -#: 1e1cda3ec4c04a4aaeb2069ccc8f376f +#: caa7570c19d343d8a5350b38ab890a08 msgid "If a language code is set, it will be used for every user." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.LANGUAGE:3 -#: 6818acfcf652444db48e1c61878b6bb6 +#: 2f02910686974fa68a6b3af15a9e1c42 msgid "If unset, the language is guessed according to the users browser." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:1 -#: 63800f5a14d44e1fa3ed0266e19f5482 +#: aad50a21706943fda6f1cde1c79762fb msgid "Configures the logging output using the python logging configuration format:" msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:3 -#: 62d20006362a45ca8ff0f0a8fbb82bf4 +#: 75bb9ce97f514d3eb50ed11a5fcaf986 msgid "If :data:`None`, everything is logged in the standard error output. The log level is :data:`~logging.DEBUG` if the :attr:`~canaille.app.configuration.RootSettings.DEBUG` setting is :py:data:`True`, else this is :py:data:`~logging.INFO`." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:6 -#: 44c6ded187ab4e44aac024c2cdb85303 +#: a8552f90740e4287bd06aab66b4dc85d msgid "If this is a :class:`dict`, it is passed to :func:`logging.config.dictConfig`:" msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:7 -#: 6e269ac8b9144e9699a5856c375d7a37 +#: 1987a5781d6e42af97e3df073b29599b msgid "If this is a :class:`str`, it is expected to be a file path that will be passed to :func:`logging.config.fileConfig`." msgstr "" #: ../../docstring of canaille.core.configuration.ACLSettings.PERMISSIONS:4 #: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:10 -#: ba8b9d6794e2459492abfa778736328a -#: 4d1ff118c1a44a50a962e527d1a8e2a2 +#: edd8ec5aad1047688bbbc5613d9896f5 +#: edd8ec5aad1047688bbbc5613d9896f5 msgid "For example:" msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:14 -#: 2eedaa2fba4545698dfd11007a2e0c9c +#: 397db3f41bce4260b537ae55755badaf msgid "[CANAILLE.LOGGING] version = 1 formatters.default.format = \"[%(asctime)s] %(levelname)s in %(module)s: %(message)s\" root = {level = \"INFO\", handlers = [\"canaille\"]}" msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:19 -#: 4b44c1c288c3433fb0edba70dd9c1343 +#: 623ab6abfdc84ec38448df94e0562f97 msgid "[CANAILLE.LOGGING.handlers.canaille] class = \"logging.handlers.WatchedFileHandler\" filename = \"/var/log/canaille.log\" formatter = \"default\"" msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.LOGO:1 -#: 851b93aeb7b54426872a6b4a2ed973b9 +#: 40c46d3aa7bb4e81a857540a99eb3df9 msgid "The logo of your organization, this is useful to make your organization recognizable on login screens." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.MAX_PASSWORD_LENGTH:1 -#: 88cd67b65c954dc7a261df77d1823cda +#: 04c3b3e362a74164bd49cbedad027ea8 msgid "User password maximum length." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.MAX_PASSWORD_LENGTH:3 -#: 435e72d3f33642da9016c521a88f15e6 +#: a40eddffe3bc4c46ac7624a5f7d40c8f msgid "There is a technical of 4096 characters with the SQL backend. If the value is 0, :data:`None`, or greater than 4096, then 4096 will be retained." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.MIN_PASSWORD_LENGTH:1 -#: b15846ed6b2a4ad49bbb19cde177023a +#: 129e3bbcdb1c40bbb45933fe156f00b1 msgid "User password minimum length." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.MIN_PASSWORD_LENGTH:3 -#: 820670101aa7436eb014aa61e1c1a7eb +#: 1f84fb34d6234361b2c215fda0d8a6d9 msgid "If 0 or :data:`None`, password won't have a minimum length." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.NAME:1 -#: a41944f564f5438fb8572449b5d13995 +#: befe22deda144065bcee73d9d0404dea msgid "Your organization name." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.NAME:3 -#: d61df1326c344b45b6d1c7b24e12b207 +#: 0a659d2aa1994859a59506e97a715ea7 msgid "Used for display purpose." msgstr "" +#: ../../docstring of canaille.core.configuration.CoreSettings.OTP_METHOD:1 +#: c0ade835e0164d5e9dcb405ff53f299e +msgid "If OTP_METHOD is defined, then users will need to authenticate themselves using a one-time password (OTP) via an authenticator app. If set to :py:data:`TOTP`, the application will use time one-time passwords, If set to :py:data:`HOTP`, the application will use HMAC-based one-time passwords." +msgstr "" + #: ../../docstring of canaille.core.configuration.CoreSettings.PASSWORD_COMPROMISSION_CHECK_API_URL:1 -#: 4501d236ecc142e2ad045599ee19ac19 +#: 6ab659ea03d349d88fef1b5cdc9da5f8 msgid "Have i been pwned api url for compromission checks." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.SENTRY_DSN:1 -#: 0b234cbe21824f31b27a3b3c893fd37b +#: 42626c8f0fa24a3fbfc131099bae6302 msgid "A `Sentry `_ DSN to collect the exceptions." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.SENTRY_DSN:3 -#: 2eab9799f4c0478aa5479f62e826b170 +#: b29a9995f9b04c71a953d7ea902bd1f5 msgid "This is useful for tracking errors in test and production environments." msgstr "" +#: ../../docstring of canaille.core.configuration.CoreSettings.SMPP:1 +#: 78b26880da2746c583f686747b26f179 +msgid "The settings related to SMPP configuration." +msgstr "" + +#: ../../docstring of canaille.core.configuration.CoreSettings.SMPP:3 +#: 24787179b702424697f1fe11214d1f9c +msgid "If unset, sms-related features like sms one-time passwords won't be enabled." +msgstr "" + +#: ../../docstring of canaille.core.configuration.CoreSettings.SMS_OTP:1 +#: 15d696ce895d4517964f6a9fe0269d30 +msgid "If :py:data:`True`, then users will need to authenticate themselves via a one-time password sent to their primary phone number." +msgstr "" + #: ../../docstring of canaille.core.configuration.CoreSettings.SMTP:1 -#: 79d66e38b7d94974a21563fac9a58149 +#: 78b26880da2746c583f686747b26f179 msgid "The settings related to SMTP and mail configuration." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.SMTP:3 -#: 41d396512e7d40b28223841b21f8ed09 +#: 24787179b702424697f1fe11214d1f9c msgid "If unset, mail-related features like password recovery won't be enabled." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.THEME:1 -#: e327a089ace6495285f29ade69226d1b +#: 65f9f8cf44c347b9b18a9bd8e3624c6b msgid "The name of a theme in the 'theme' directory, or a path to a theme." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.THEME:3 -#: 641146b41ecc461d9fa7280687a462d9 +#: a930cadcbbaf40e59f78c34a6fea099e msgid "Defaults to ``default``. Theming is done with `flask-themer `_." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.TIMEZONE:1 -#: 421c3427b77b4cc4af9619406463c1c2 +#: 60a19e875a924f2ca2f466cc2a3de293 msgid "The timezone in which datetimes will be displayed to the users (e.g. ``CEST``)." msgstr "" #: ../../docstring of canaille.core.configuration.CoreSettings.TIMEZONE:4 -#: d8d80524578e4697a5bb9f7e83c7d113 +#: 3674c492480c4bc8877913002b54efa1 msgid "If unset, the server timezone will be used." msgstr "" #: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.SMTPSettings:1 -#: 2f0178f9dbe747c695273f89e42da8c2 +#: 0513a51a39d44f719e5bf3b7abfe7224 msgid "The SMTP configuration. Belong in the ``CANAILLE.SMTP`` namespace. If unset, mail related features will be disabled, such as mail verification or password recovery emails." msgstr "" #: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.SMTPSettings:5 -#: 598e1ca109154455ad98b50d8853891d +#: 2b30db6216b44d98973d7401cd778e03 msgid "By default, Canaille will try to send mails from localhost without authentication." msgstr "" #: ../../docstring of canaille.core.configuration.SMTPSettings.FROM_ADDR:1 -#: 8ab9425f8a6b42dc9097b69e3eaa334a +#: 60a234eca526445b86c8669fbfda12c5 msgid "The sender for Canaille mails." msgstr "" #: ../../docstring of canaille.core.configuration.SMTPSettings.FROM_ADDR:3 -#: f8f5f1377e5147d4baf9782ff95b4aa3 +#: 0ed3035ba98243e3814d51329ceac05f msgid "Some mail provider might require a valid sender address." msgstr "" #: ../../docstring of canaille.core.configuration.SMTPSettings.HOST:1 -#: 9059b29ae44849efb180f3b2da128c19 +#: 734742323e1a40e482a2433adbed3cf9 msgid "The SMTP host." msgstr "" #: ../../docstring of canaille.core.configuration.SMTPSettings.LOGIN:1 -#: 0bf8168dc84545cb810a8f25bbb4abf7 +#: 6b56c482d9274a7d9b308055ce3d8b07 msgid "The SMTP login." msgstr "" #: ../../docstring of canaille.core.configuration.SMTPSettings.PASSWORD:1 -#: ec1b4f81894e45f5abcae80dfaee87a9 +#: 8ca424cbdc7647a99400ae460510a183 msgid "The SMTP password." msgstr "" #: ../../docstring of canaille.core.configuration.SMTPSettings.PORT:1 -#: 514104bb8bcc4331b1e7fff12e550ba3 +#: f581660baf5a4637974640c3d253692f msgid "The SMTP port." msgstr "" #: ../../docstring of canaille.core.configuration.SMTPSettings.SSL:1 -#: f4e65d7811cb43d5b7d86ec07af2576d +#: 129075d9b7284662b50893663f3b3c74 msgid "Whether to use SSL to connect to the SMTP server." msgstr "" #: ../../docstring of canaille.core.configuration.SMTPSettings.TLS:1 -#: bd8dac0e38f14b6583d024fca1768b7d +#: b34e44fef5b24697bab696419b926d6d msgid "Whether to use TLS to connect to the SMTP server." msgstr "" +#: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.SMPPSettings:1 +#: 0513a51a39d44f719e5bf3b7abfe7224 +msgid "The SMPP configuration. Belong in the ``CANAILLE.SMPP`` namespace. If not set, sms related features such as sms one-time passwords will be disabled." +msgstr "" + +#: ../../docstring of canaille.core.configuration.SMPPSettings.HOST:1 +#: 734742323e1a40e482a2433adbed3cf9 +msgid "The SMPP host." +msgstr "" + +#: ../../docstring of canaille.core.configuration.SMPPSettings.LOGIN:1 +#: 6b56c482d9274a7d9b308055ce3d8b07 +msgid "The SMPP login." +msgstr "" + +#: ../../docstring of canaille.core.configuration.SMPPSettings.PASSWORD:1 +#: 8ca424cbdc7647a99400ae460510a183 +msgid "The SMPP password." +msgstr "" + +#: ../../docstring of canaille.core.configuration.SMPPSettings.PORT:1 +#: 0780176282814cd1ad4ceb1567e2f160 +msgid "The SMPP port. Use 8775 for SMPP over TLS (recommended)." +msgstr "" + #: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.ACLSettings:1 -#: 45f3089188214078ab06f2b1cff3b0e0 +#: ddbf39ff35684a7c8be7dd8442348d9b msgid "Access Control List settings. Belong in the ``CANAILLE.ACL`` namespace." msgstr "" #: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.ACLSettings:3 -#: 733df203b313404eb417f40ed8708a2e +#: fb2bf8e9b559475fa0da8a5a9a716d1b msgid "You can define access controls that define what users can do on canaille. An access control consists in a :attr:`FILTER` to match users, a list of :attr:`PERMISSIONS` matched users will be able to perform, and fields users will be able to :attr:`READ` and :attr:`WRITE`. Users matching several filters will cumulate permissions." msgstr "" #: ../../docstring of canaille.core.configuration.ACLSettings.FILTER:1 -#: a14933a4c7244138bb59a43c9d288955 +#: 44a6412c07e74f10991a803bec3ffd5b msgid ":attr:`FILTER` can be:" msgstr "" #: ../../docstring of canaille.core.configuration.ACLSettings.FILTER:3 -#: d0f71dfab2ec47fca2184767e58eec59 +#: a46c99d48a184f8f9cbbd60fd0113bd9 msgid ":py:data:`None`, in which case all the users will match this access control" msgstr "" #: ../../docstring of canaille.core.configuration.ACLSettings.FILTER:4 -#: e33849bb0c954228951cb18c56a9e70d +#: 3b80807a79704eb9b5c53f31319a334f msgid "a mapping where keys are user attributes name and the values those user attribute values. All the values must be matched for the user to be part of the access control." msgstr "" #: ../../docstring of canaille.core.configuration.ACLSettings.FILTER:7 -#: 2ed07fdd7da94cfd90167b2d1f4cb4eb +#: 53ad291e288c490abd5b1e854132a0ef msgid "a list of those mappings. If a user values match at least one mapping, then the user will be part of the access control" msgstr "" #: ../../docstring of canaille.core.configuration.ACLSettings.FILTER:10 -#: 657a11f5921947b88bfc47cf8affbe00 +#: eb01b4eb724941cab7f44d69c0627b1e msgid "Here are some examples::" msgstr "" #: ../../docstring of canaille.core.configuration.ACLSettings.PERMISSIONS:1 -#: df95253032c647229909e34386b1e5cc +#: 75a4d0c394fa4aebbb48d077e63aa0f0 msgid "A list of :class:`Permission` users in the access control will be able to manage." msgstr "" #: ../../docstring of canaille.core.configuration.ACLSettings.PERMISSIONS:8 -#: 700fa74aeea44e9aa6dd204df7870e90 +#: 721eb691ae3e4151a5eaf811c2a1b01c msgid "PERMISSIONS = [\"manage_users\", \"manage_groups\", \"manage_oidc\", \"delete_account\", \"impersonate_users\"]" msgstr "" #: ../../docstring of canaille.core.configuration.ACLSettings.READ:1 -#: ab801708874c4b1bb937f62969614340 +#: d3e143b82c304e238a797124231f644f msgid "A list of :class:`~canaille.core.models.User` attributes that users in the ACL will be able to read." msgstr "" #: ../../docstring of canaille.core.configuration.ACLSettings.WRITE:1 -#: 384d296240314638a1f1b6b7719c6bb6 +#: cd5c4a6863b3455795388ea58d2f8ff1 msgid "A list of :class:`~canaille.core.models.User` attributes that users in the ACL will be able to edit." msgstr "" #: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.Permission:1 -#: f9eec27878c64e608b2783b5e89172ed +#: d0fc68105eb54d359eb01628902767b5 msgid "The permissions that can be assigned to users." msgstr "" #: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.Permission:3 -#: 217cf0cc0b9b4a48a26abeaad488c131 +#: 8f3355f64e2c490ab0e8b4765dca8781 msgid "The permissions are intended to be used in :attr:`ACLSettings `." msgstr "" #: ../../docstring of canaille.core.configuration.Permission.DELETE_ACCOUNT:1 -#: 370dec6e2b8049d0b7353b085340b102 +#: 500cfd5a09554ac0b3efb8801a314e38 msgid "Allows users to delete their account." msgstr "" #: ../../docstring of canaille.core.configuration.Permission.DELETE_ACCOUNT:3 -#: f7be239942c94727a948d27c6c93408e +#: cca431c321484569862b3a05616c7907 msgid "If used with :attr:`~canaille.core.configuration.Permission.MANAGE_USERS`, users can delete any account." msgstr "" #: ../../docstring of canaille.core.configuration.Permission.EDIT_SELF:1 -#: 1f716bb0d0ec481ab5dff0a02f5c9e37 +#: 6dc188b41f5440319e87c333aea28060 msgid "Allows users to edit their own profile." msgstr "" #: ../../docstring of canaille.core.configuration.Permission.IMPERSONATE_USERS:1 -#: c9018bb9aceb40bc9536cc03320c5bad +#: 113e6c4d2b714be79d746c84a0bde30a msgid "Allows users to take the identity of another user." msgstr "" #: ../../docstring of canaille.core.configuration.Permission.MANAGE_GROUPS:1 -#: 1072c369689f4922997715eb5337795a +#: 9531fd7773fe46f78f3da23f5d7e6f02 msgid "Allows group edition and creation." msgstr "" #: ../../docstring of canaille.core.configuration.Permission.MANAGE_OIDC:1 -#: 014b4028381e4f4d8dcc8dc8a5e3a26f +#: 6a14ecfbecc7402b90c1f984af552750 msgid "Allows OpenID Connect client managements." msgstr "" #: ../../docstring of canaille.core.configuration.Permission.MANAGE_USERS:1 -#: ff39df8edc7143c7b23d22bb773b5198 +#: 7d115497bd7e4284b71cee12f6012e06 msgid "Allows other users management." msgstr "" #: ../../docstring of canaille.core.configuration.Permission.USE_OIDC:1 -#: c7e27c4618a9460e8373c17f558f8d1e +#: 5e48261fd5c9437eb453e703f93703b5 msgid "Allows OpenID Connect authentication." msgstr "" #: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.OIDCSettings:1 -#: e2e226bd197b4d6f87291ee45a3004ef +#: 63057e3d73a14c63bbe40bc95a0e4c84 msgid "OpenID Connect settings." msgstr "" #: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.OIDCSettings:3 -#: db9af81a48ac4b1a914370a2e47bf4e0 +#: 035105e6e931419a8302feadec577ed6 msgid "Belong in the ``CANAILLE_OIDC`` namespace." msgstr "" #: ../../docstring of canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_OPEN:1 -#: 092f0d4259994eb8b834b256a8f72453 +#: fba0c11bf0f648909450d12e1ceffdb9 msgid "Whether a token is needed for the RFC7591 dynamical client registration." msgstr "" #: ../../docstring of canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_OPEN:3 -#: 506f1fcd0f424df4bdafd9a69307f645 +#: f5ba930ce26f4588b539da7703aafd4d msgid "If :py:data:`True`, no token is needed to register a client. If :py:data:`False`, dynamical client registration needs a token defined in :attr:`DYNAMIC_CLIENT_REGISTRATION_TOKENS`." msgstr "" #: ../../docstring of canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_TOKENS:1 -#: 30861c9a3a294daf8105dd5ac9007282 +#: 092b15419a354a5888a9f80ab6194696 msgid "A list of tokens that can be used for dynamic client registration." msgstr "" #: ../../docstring of canaille.oidc.configuration.OIDCSettings.JWT:1 -#: 04e054bb3d094e4ea8f23ab6fdec9bf6 +#: 9cd2e236fdb14317b0ffed9a3d2608bb msgid "JSON Web Token settings." msgstr "" #: ../../docstring of canaille.oidc.configuration.OIDCSettings.REQUIRE_NONCE:1 -#: 95b1ee4fd0da4ec2b30beb3e25944cd9 +#: fa7308da6bb547ae821995b6d7995ad1 msgid "Force the nonce exchange during the authentication flows." msgstr "" #: ../../docstring of canaille.oidc.configuration.OIDCSettings.REQUIRE_NONCE:3 -#: de680082bc4546a6883ff4826df0067b +#: 0c8ebdd95ff84eca839a0b3e755815e8 msgid "This adds security but may not be supported by all clients." msgstr "" #: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.JWTSettings:1 -#: 750fbe7d77954d87855e68d3199c81e7 +#: 37bc9fb542044bd794610b97da9255f3 msgid "JSON Web Token settings. Belong in the ``CANAILLE_OIDC.JWT`` namespace." msgstr "" #: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.JWTSettings:3 -#: 03945dc4192c4f7abefbcd2b5c7c2bd9 +#: 13ef6c0a21924214b46130443a178a3b msgid "You can generate a RSA keypair with::" msgstr "" #: ../../docstring of canaille.oidc.configuration.JWTSettings.ALG:1 -#: d65a4aaf4cb64130ac59c97cddcffb0b +#: d2bc59d1182f47bea20962eb0acc5690 msgid "The key algorithm." msgstr "" #: ../../docstring of canaille.oidc.configuration.JWTSettings.EXP:1 -#: c0c460480db94b1a9ebceea06528d426 +#: f282a838950942ea9e15a209546aece5 msgid "The time the JWT will be valid, in seconds." msgstr "" #: ../../docstring of canaille.oidc.configuration.JWTSettings.ISS:1 -#: 6501426215db4b27b7b5d217954ca6be +#: 8ad74727c039426d84a5df7154d85088 msgid "The URI of the identity provider." msgstr "" #: ../../docstring of canaille.oidc.configuration.JWTSettings.KTY:1 -#: 3e338458e42e405fb025bfcfc53688f4 +#: cc46bfa52a58479ebeeabc645f0efbee msgid "The key type." msgstr "" #: ../../docstring of canaille.oidc.configuration.JWTSettings.PRIVATE_KEY:1 -#: 27a15f235d63447884175edd85e55cf4 +#: 521a0d91f9c54a45b362036aeabf476b msgid "The private key." msgstr "" #: ../../docstring of canaille.oidc.configuration.JWTSettings.PRIVATE_KEY:3 #: ../../docstring of canaille.oidc.configuration.JWTSettings.PUBLIC_KEY:3 -#: 29d2c1b105e74d46b80db01b78954711 -#: 29d2c1b105e74d46b80db01b78954711 +#: 8f11d684881944cd8a2e7a7bcbb48c48 +#: 8f11d684881944cd8a2e7a7bcbb48c48 msgid "If :py:data:`None` and debug mode is enabled, then an in-memory key will be used." msgstr "" #: ../../docstring of canaille.oidc.configuration.JWTSettings.PUBLIC_KEY:1 -#: e88605c89e4b47989186fd27e5aff172 +#: f0f19ad86cb94cc7b63447e2a6d6ef56 msgid "The public key." msgstr "" #: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.JWTMappingSettings:1 -#: 235687b99f2c408aaf1c063061975f77 +#: 1380be8739ba4fbab5425af1c0253066 msgid "Mapping between the user model and the JWT fields." msgstr "" #: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.JWTMappingSettings:3 -#: ebe87d5efdaa458b97451b5ab4fdeb3d +#: 6f4c5c2cbd07499c972d2f1ab29ffa1e msgid "Fields are evaluated with jinja. A ``user`` var is available." msgstr "" #: ../../canaille/backends/sql/configuration.py:docstring of canaille.backends.sql.configuration.SQLSettings:1 -#: b7ccdac0ebd14f47be2d77ea52bd75d7 +#: 8a43c250075c4918b0ce4204fa803047 msgid "Settings related to the SQL backend." msgstr "" #: ../../canaille/backends/sql/configuration.py:docstring of canaille.backends.sql.configuration.SQLSettings:3 -#: 07e03b184cb54e0a92ca3a33033da5cd +#: 038af6ccc90c4711bf2630c27656a810 msgid "Belong in the ``CANAILLE_SQL`` namespace." msgstr "" #: ../../docstring of canaille.backends.sql.configuration.SQLSettings.DATABASE_URI:1 -#: 4d1ff118c1a44a50a962e527d1a8e2a2 +#: 1aacc345a8b74b12af594ae00bb018d6 msgid "The SQL server URI. For example:" msgstr "" #: ../../docstring of canaille.backends.sql.configuration.SQLSettings.DATABASE_URI:6 -#: 4bb9ca2e412a461caacf1a146582247f +#: 677e3555144149ed9ca260747ac80af7 msgid "DATABASE_URI = \"postgresql://user:password@localhost/database_name\"" msgstr "" #: ../../canaille/backends/ldap/configuration.py:docstring of canaille.backends.ldap.configuration.LDAPSettings:1 -#: e656ae1d120e45109618f653d29d845e +#: 3f3caf7b34464a66a3616e93568df5d0 msgid "Settings related to the LDAP backend." msgstr "" #: ../../canaille/backends/ldap/configuration.py:docstring of canaille.backends.ldap.configuration.LDAPSettings:3 -#: 9877879932a3406b87f9893f4a6bf8f3 +#: dfa0746894e344faa806b939a64e1bc4 msgid "Belong in the ``CANAILLE_LDAP`` namespace." msgstr "" #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.BIND_DN:1 -#: 96d852cc067c459cabfcc201a7271cf0 +#: 6bfbb516f18341ccb29ba837eee1182e msgid "The LDAP bind DN." msgstr "" #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.BIND_PW:1 -#: 084f3814a8604375aed794d649845045 +#: 2f6f3c3c7b4946898c03f95709e8ada4 msgid "The LDAP bind password." msgstr "" #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.GROUP_BASE:1 -#: 8f56c7d2bfb348afbcc36de24398dfac +#: 6d51a73361254d7b83fce929ae2b6b37 msgid "The LDAP node under which groups will be looked for and saved." msgstr "" #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.GROUP_BASE:3 -#: 58cf9c9e87464b709e4e8508577fbd63 +#: 59bb594131944870a7bdbffcec6cb47b msgid "For instance `\"ou=groups,dc=mydomain,dc=tld\"`." msgstr "" #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.GROUP_CLASS:1 -#: 3b6a2121763e4302aa1780cb6d51d9d6 +#: 6ef1fa2af1cb49d48dc49e16da349186 msgid "The object class to use for creating new groups." msgstr "" #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.GROUP_NAME_ATTRIBUTE:1 -#: 10d8bb8232bf4b30b6c631847ea70b2b +#: 6b02bb2acfa949848ac24822ba9e65a2 msgid "The attribute to use to identify a group." msgstr "" #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.GROUP_RDN:1 -#: 688132cb0d4e4f27973a02406d50edaa +#: d4b05df5c7c44d4aa00e29be5efbe08b msgid "The attribute to identify an object in the Group DN." msgstr "" #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.ROOT_DN:1 -#: 4428b1de4b664a55b077caa3969d6769 +#: 1dfee889fb7348d39a4fd73315b92f0f msgid "The LDAP root DN." msgstr "" #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.TIMEOUT:1 -#: 5a175d6a66e445458ee6bc473d614a45 +#: bf016c8880b2441ebc1f7eb63c472e1f msgid "The LDAP connection timeout." msgstr "" #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.URI:1 -#: 3172b80b5b86434699f226a3b713c52f +#: f2d63d56281a4ac9bf59a566fca49efb msgid "The LDAP server URI." msgstr "" #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_BASE:1 -#: 0e03c3262f504b79b84847041ee442e5 +#: 2b9e8a84a0a741dba1b0eb8183d14a91 msgid "The LDAP node under which users will be looked for and saved." msgstr "" #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_BASE:3 -#: e1d16301542b40929d9e65c9a949b303 +#: 7e3ac032d5bd418482f13ab7c81d1515 msgid "For instance `ou=users,dc=mydomain,dc=tld`." msgstr "" #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_CLASS:1 -#: 92a1f8f8665848c9aaf4d5f9f1f3b6b7 +#: 5791e76405f94f38b07650cf43719cf8 msgid "The object class to use for creating new users." msgstr "" #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_FILTER:1 -#: 228fcd64b4704fa0b4ea52ab85f48f08 +#: d5ccfe3b5d7e438389f98cad6718a9d0 msgid "Filter to match users on sign in." msgstr "" #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_FILTER:3 -#: f61c66f7c0e94e67ae5a4ce5de0dc548 +#: 737d190e512f480a9227e6fe72f96c26 msgid "For instance ``(|(uid={{ login }})(mail={{ login }}))``. Jinja syntax is supported and a ``login`` variable is available, containing the value passed in the login field." msgstr "" #: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_RDN:1 -#: d49e7765b3d6440d9fdcb0ecb18c06c1 +#: b7d504ef3c74424abeccc8ad35072d0f msgid "The attribute to identify an object in the User DN." msgstr "" -#: ../references/configuration.rst:90 -#: c4674c5a1b434e81944983c7ec2fb0f1 +#: ../references/configuration.rst:91 +#: d0a193b9740940ceac9bbb0b609c7b38 msgid "Example file" msgstr "" -#: ../references/configuration.rst:92 -#: 87c3dcb2ef5a4f649ec0fa9005449a79 +#: ../references/configuration.rst:93 +#: 380ab48a596a497789c004a25fd645c8 msgid "Here is a configuration file example:" msgstr "" #: ../references/index.rst:2 -#: 51ac90bb647f41b69879253e3e7c475e +#: 7aedfd273422477bb60f319eb4c1eb09 msgid "References" msgstr "" #: ../references/models.rst:2 -#: bf9a972313e94c6aa0e72470dfc9677c +#: 40ab2b878a534ca38780473aa8c0dd24 msgid "Data models" msgstr "" #: ../references/models.rst:4 -#: 620f9112555349eba4cc5daecdb72217 +#: fc86419b230d4b3ea107617213675e38 msgid "This reference details the data models used by Canaille. This is mostly useful for developers." msgstr "" #: ../../canaille/backends/models.py:docstring of canaille.backends.models.BackendModel:1 #: ../../canaille/backends/models.py:docstring of canaille.backends.models.Model:1 -#: b407db3f81d14e789f9f7f2e2bec7613 -#: b29fcc3a6bdc4ee582d1e14851e430b7 +#: af7b8f2e8eae457f8451e659c3213675 +#: 0d1f4ecf6c974902b15375ec2f545d11 msgid "Bases: :py:class:`object`" msgstr "" #: ../../canaille/backends/models.py:docstring of canaille.backends.models.BackendModel:1 -#: 664ca63468e648ddb0b2f2f957139ae9 +#: 5c4d9070fe3a46a695c06ef143b7b3e0 msgid "The backend model abstract class." msgstr "" #: ../../canaille/backends/models.py:docstring of canaille.backends.models.BackendModel:3 -#: e16c978524f44a57affe6f2e15fdb5e2 +#: 51d88470412841bdb28daefe752259c8 msgid "It details all the methods and attributes that are expected to be implemented for every model and for every backend." msgstr "" #: ../../canaille/backends/models.py:docstring of canaille.backends.models.Model:1 -#: 9f46b7e1801e4a57a346c598161cbdac +#: 91a5b49dc4f54e4ba3acea5e80114ad6 msgid "The model abstract class." msgstr "" #: ../../canaille/backends/models.py:docstring of canaille.backends.models.Model:3 -#: f4dad754b1d7448f842620b4f7b6069b +#: 05f702c2e3324742a9840c46621f02e7 msgid "It details all the common attributes shared by every models." msgstr "" #: ../../docstring of canaille.backends.models.Model.created:1 -#: 8685782e932b476a8b6f80256ebca659 +#: 55c80d78a6514379b68db68d53d08628 msgid "The :class:`~datetime.datetime` that the resource was added to the service provider." msgstr "" #: ../../docstring of canaille.backends.models.Model.id:1 -#: 112d9fd0a032418682875fe5f5685fc8 +#: 6c1d3282e98e4d7b96213c626e92665a msgid "A unique identifier for a SCIM resource as defined by the service provider. Id will be :py:data:`None` until the :meth:`~canaille.backends.models.BackendModel.save` method is called." msgstr "" #: ../../docstring of canaille.backends.models.Model.id:5 -#: fe3e4be3b44b43ebbbd11fe81fdc2613 +#: 64c1848034b34d2086fa0d50e1b94a98 msgid "Each representation of the resource MUST include a non-empty \"id\" value. This identifier MUST be unique across the SCIM service provider's entire set of resources. It MUST be a stable, non- reassignable identifier that does not change when the same resource is returned in subsequent requests. The value of the \"id\" attribute is always issued by the service provider and MUST NOT be specified by the client. The string \"bulkId\" is a reserved keyword and MUST NOT be used within any unique identifier value. The attribute characteristics are \"caseExact\" as \"true\", a mutability of \"readOnly\", and a \"returned\" characteristic of \"always\". See Section 9 for additional considerations regarding privacy." msgstr "" #: ../../canaille/backends/models.py:docstring of canaille.backends.models.Model.identifier:1 -#: 4f16f8a2628746e0bbb013e0ebdd53de +#: bd6bdb35102f4e4d803a072d6c012255 msgid "Returns a unique value that will be used to identify the model instance." msgstr "" #: ../../canaille/backends/models.py:docstring of canaille.backends.models.Model.identifier:4 -#: 570af0c54d8a4b9ca5e1180a154578c6 +#: 3ee0208a12e4453abe733d48f8046054 msgid "This value will be used in URLs in canaille, so it should be unique and short." msgstr "" #: ../../docstring of canaille.backends.models.Model.last_modified:1 -#: a64d636f5ae843698bae18cbc27adae5 +#: 339106d4e64c4cce82c7b4eb3e783713 msgid "The most recent :class:`~datetime.datetime` that the details of this resource were updated at the service provider." msgstr "" #: ../../docstring of canaille.backends.models.Model.last_modified:4 -#: 1478742051c64d3c8e8cb44b101c2337 +#: c7d7e9d90b744b41ac4899977c14174f msgid "If this resource has never been modified since its initial creation, the value MUST be the same as the value of :attr:`~canaille.backends.models.Model.created`." msgstr "" @@ -4641,1023 +4856,1135 @@ msgstr "" #: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Client:1 #: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Consent:1 #: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Token:1 -#: 31058fb082044629ab68e330524f37d4 -#: 963c873782434df6bc7a6314e406858e -#: ec3b5ed7c8e94f728377c74990bc94e6 -#: fac7abe230f5419eadc03a768bc0872c -#: 1269097fb76b42c29248af6773628ec4 -#: 25aa111736e44c4ea89c97864274d146 +#: d3ae97f457864dbf953ac9a3cfc043e2 +#: c8d3896a864d4331a8d5532b312376db +#: c1c3e9ca21a04c1d851e4a75082b1c90 +#: c1c3e9ca21a04c1d851e4a75082b1c90 +#: c1c3e9ca21a04c1d851e4a75082b1c90 +#: c1c3e9ca21a04c1d851e4a75082b1c90 msgid "Bases: :py:class:`~canaille.backends.models.Model`" msgstr "" #: ../../canaille/core/models.py:docstring of canaille.core.models.Group:1 -#: d8d4759602c44e048e0d4f053dc5c895 +#: fcf6434c92de4c0e9ae1790f19a43d8c msgid "User model, based on the `SCIM Group schema `_." msgstr "" #: ../../docstring of canaille.core.models.Group.display_name:1 -#: f557ae62a380458ca1e212165ff7ebd2 +#: 6ae4c021384e45b3b90ca7840c9caa48 msgid "A human-readable name for the Group." msgstr "" #: ../../docstring of canaille.core.models.Group.display_name:3 #: ../../docstring of canaille.oidc.basemodels.Client.client_id:1 -#: 3a782effac4c44f2b4084280c168f909 -#: 038998149ec146249f6cd7993b6ea7c2 +#: 94bf457053a8408a80e8157f385e6127 +#: 8ef14562e7c1440e89a45a65c05b07c4 msgid "REQUIRED." msgstr "" #: ../../docstring of canaille.core.models.Group.members:1 -#: 83c94299de834bb7899fc5d919567ddf +#: 0b61dbdad02b48bbb9a9ace3f9ce130a msgid "A list of members of the Group." msgstr "" #: ../../docstring of canaille.core.models.Group.members:3 -#: f8395458983d4efd966c1f2bd3e771dc +#: 4f5d6c5417ce40c39617fed66f507f2d msgid "While values MAY be added or removed, sub-attributes of members are \"immutable\". The \"value\" sub-attribute contains the value of an \"id\" attribute of a SCIM resource, and the \"$ref\" sub-attribute must be the URI of a SCIM resource such as a \"User\", or a \"Group\". The intention of the \"Group\" type is to allow the service provider to support nested groups. Service providers MAY require clients to provide a non-empty value by setting the \"required\" attribute characteristic of a sub-attribute of the \"members\" attribute in the \"Group\" resource schema." msgstr "" #: ../../canaille/core/models.py:docstring of canaille.core.models.User:1 -#: 3de74c338e4e45d4ada0909e1d6a2c1d +#: ea9a3214f2fe40079b36d4acc3993d0b msgid "User model, based on the `SCIM User schema `_, `Entreprise User Schema Extension `_ and `SCIM Password Management Extension `_ draft. Attribute description is based on SCIM and put there for information purpose. The description may not fit the current implementation in Canaille." msgstr "" #: ../../canaille/core/models.py:docstring of canaille.core.models.User.can:1 -#: dd44c29c7f88458e923a6bdc89ff4bd8 +#: 50465e6a043e4772901bbc25136c15c7 msgid "Whether or not the user has the :class:`~canaille.core.configuration.Permission` according to the :class:`configuration `." msgstr "" #: ../../docstring of canaille.core.models.User.department:1 -#: d09b761f1c3d4bcda3c7c5841cb86768 +#: 300ebcf15c3d4ee8b50478aa38113f2f msgid "Identifies the name of a department." msgstr "" #: ../../docstring of canaille.core.models.User.display_name:1 -#: 7a92e34396f14701a901c6342ba43372 +#: 44d18f2b6f5147d7bb381e18daf093e3 msgid "The name of the user, suitable for display to end-users." msgstr "" #: ../../docstring of canaille.core.models.User.display_name:3 -#: e89fec83b2eb42deaac70264489240e3 +#: c04b6da17ce14862afd1911eb9fda1fd msgid "Each user returned MAY include a non-empty displayName value. The name SHOULD be the full name of the User being described, if known (e.g., \"Babs Jensen\" or \"Ms. Barbara J Jensen, III\") but MAY be a username or handle, if that is all that is available (e.g., \"bjensen\"). The value provided SHOULD be the primary textual label by which this User is normally displayed by the service provider when presenting it to end-users." msgstr "" #: ../../docstring of canaille.core.models.User.emails:1 -#: 5383ce6b712040c4a0bba18c1bbef93d +#: c7a7d69b175742f692f41bfdff6d3957 msgid "Email addresses for the User." msgstr "" #: ../../docstring of canaille.core.models.User.emails:3 -#: dcbfe09f878141a4bd5a20b9e2d9b6da +#: 63f46cb0c21a4fa4b8b0a720c8d14248 msgid "The value SHOULD be specified according to [RFC5321]. Service providers SHOULD canonicalize the value according to [RFC5321], e.g., \"bjensen@example.com\" instead of \"bjensen@EXAMPLE.COM\". The \"display\" sub-attribute MAY be used to return the canonicalized representation of the email value. The \"type\" sub-attribute is used to provide a classification meaningful to the (human) user. The user interface should encourage the use of basic values of \"work\", \"home\", and \"other\" and MAY allow additional type values to be used at the discretion of SCIM clients." msgstr "" #: ../../docstring of canaille.core.models.User.employee_number:1 -#: 6cc0c003bd234628a0bc0a0c27cccaee +#: 3c9e8a305a2e45188d1991241730c384 msgid "A string identifier, typically numeric or alphanumeric, assigned to a person, typically based on order of hire or association with an organization." msgstr "" #: ../../docstring of canaille.core.models.User.family_name:1 -#: db1cbc1b88a44555ac36431d951ed1bc +#: dd49515b6ca4486487bbb848d32ec95d msgid "The family name of the User, or last name in most Western languages (e.g., \"Jensen\" given the full name \"Ms. Barbara Jane Jensen, III\")." msgstr "" #: ../../docstring of canaille.core.models.User.formatted_address:1 -#: 19bb2c52eb2747a8bae2df988b0f3226 +#: f80305cee214421eb76ae29dd6697765 msgid "The full mailing address, formatted for display or use with a mailing label." msgstr "" #: ../../docstring of canaille.core.models.User.formatted_address:4 -#: aaf2f2de713c468a8388bd976795c621 +#: 85a0ba3e7b064d75b6bb0f9135fb23c1 msgid "This attribute MAY contain newlines." msgstr "" #: ../../docstring of canaille.core.models.User.formatted_name:1 -#: 6e02928b97a944b5929f0002f9c7b70c +#: 4e458944ffe74d00bfc78e91f7f4b925 msgid "The full name, including all middle names, titles, and suffixes as appropriate, formatted for display (e.g., \"Ms. Barbara Jane Jensen, III\")." msgstr "" #: ../../docstring of canaille.core.models.User.given_name:1 -#: 0adf168d41024021aca8fcbf22e2b575 +#: f44fded253494128a007b56f7303dc14 msgid "The given name of the User, or first name in most Western languages (e.g., \"Barbara\" given the full name \"Ms. Barbara Jane Jensen, III\")." msgstr "" #: ../../docstring of canaille.core.models.User.groups:1 -#: ef755a48c32047c187a2405190a88b07 +#: e31e09adf6404439bf17d6aab21fff32 msgid "A list of groups to which the user belongs, either through direct membership, through nested groups, or dynamically calculated." msgstr "" #: ../../docstring of canaille.core.models.User.groups:4 -#: 0d7136476f7649ddad322de96971e938 +#: c05221c0bcca4718bfa6fdb9519fe95e msgid "The values are meant to enable expression of common group-based or role-based access control models, although no explicit authorization model is defined. It is intended that the semantics of group membership and any behavior or authorization granted as a result of membership are defined by the service provider. The canonical types \"direct\" and \"indirect\" are defined to describe how the group membership was derived. Direct group membership indicates that the user is directly associated with the group and SHOULD indicate that clients may modify membership through the \"Group\" resource. Indirect membership indicates that user membership is transitive or dynamic and implies that clients cannot modify indirect group membership through the \"Group\" resource but MAY modify direct group membership through the \"Group\" resource, which may influence indirect memberships. If the SCIM service provider exposes a \"Group\" resource, the \"value\" sub-attribute MUST be the \"id\", and the \"$ref\" sub-attribute must be the URI of the corresponding \"Group\" resources to which the user belongs. Since this attribute has a mutability of \"readOnly\", group membership changes MUST be applied via the \"Group\" Resource (Section 4.2). This attribute has a mutability of \"readOnly\"." msgstr "" #: ../../canaille/core/models.py:docstring of canaille.core.models.User.has_password:1 -#: 034f9fa73a5d455382726ac4b448c136 +#: 995c5dd87f84486b866861819560cddf msgid "Check whether a password has been set for the user." msgstr "" +#: ../../docstring of canaille.core.models.User.hotp_counter:1 +#: b20ebcdbcb5844738f1587b2713c1ee3 +msgid "HMAC-based One Time Password counter, used for two-factor authentication." +msgstr "" + +#: ../../docstring of canaille.core.models.User.last_otp_login:1 +#: aeffd6550ea64663ab67d8acca53691b +msgid "A DateTime indicating when the user last logged in with a one-time password. This attribute is currently used to check whether the user has activated one-time password authentication or not." +msgstr "" + #: ../../docstring of canaille.core.models.User.locality:1 -#: 3d50110e459f4ba3b06af609c8f2bef8 +#: 6392444bc3f54ec2b7a2e6d76dcebfd9 msgid "The city or locality component." msgstr "" #: ../../docstring of canaille.core.models.User.lock_date:1 -#: bc9386fb2f7c41cc82308c45d919feb9 +#: 52b1f476fb584fa89da42a63597ba27d msgid "A DateTime indicating when the resource was locked." msgstr "" #: ../../canaille/core/models.py:docstring of canaille.core.models.User.locked:1 -#: 8f227ede6e584fda946d50e86049afcb +#: 11adeee0c9264a899a29f6650947d5f9 msgid "Whether the user account has been locked or has expired." msgstr "" +#: ../../docstring of canaille.core.models.User.one_time_password:1 +#: 6e8fc6e79f3d45ac804673abaed8ae41 +msgid "One time password used for email or sms two-factor authentication." +msgstr "" + +#: ../../docstring of canaille.core.models.User.one_time_password_emission_date:1 +#: 51fa37f2cd494b699222475514856ecf +msgid "A DateTime indicating when the user last emitted an email or sms one-time password." +msgstr "" + #: ../../docstring of canaille.core.models.User.organization:1 -#: 39b14adbf8ad42b39c2cdd9fb0fcf96c +#: 7f2c3e4f3c354bedbccde4710263b02f msgid "Identifies the name of an organization." msgstr "" #: ../../docstring of canaille.core.models.User.password:1 -#: a4ec9a6f72834b47b82db401e1ebed2f +#: 072e6b6f57ea480eb08da8b2014e78fc msgid "This attribute is intended to be used as a means to set, replace, or compare (i.e., filter for equality) a password. The cleartext value or the hashed value of a password SHALL NOT be returnable by a service provider. If a service provider holds the value locally, the value SHOULD be hashed. When a password is set or changed by the client, the cleartext password SHOULD be processed by the service provider as follows:" msgstr "" #: ../../docstring of canaille.core.models.User.password:9 -#: 4a4c0608f0ac4739bbb358ebfffbc94c +#: ad7fb50b57bf4a0eaf4e0e96899afad2 msgid "Prepare the cleartext value for international language comparison. See Section 7.8 of [RFC7644]." msgstr "" #: ../../docstring of canaille.core.models.User.password:12 -#: 770cfb12f1c943188e281ef2e527ccb2 +#: 46d03fb43b2e40cc9f2ad6ea3dd511ff msgid "Validate the value against server password policy. Note: The definition and enforcement of password policy are beyond the scope of this document." msgstr "" #: ../../docstring of canaille.core.models.User.password:16 -#: 736bf805f27d4dfb8c1292b5afaca0be +#: 72ece62774ba4f9c9ef5ddf163d12af4 msgid "Ensure that the value is encrypted (e.g., hashed). See Section 9.2 for acceptable hashing and encryption handling when storing or persisting for provisioning workflow reasons." msgstr "" #: ../../docstring of canaille.core.models.User.password:20 -#: 605f5a91894e42ee9d14686ae2f346cd +#: 094d9a68c6b743f3af8832f6fe75e71e msgid "A service provider that immediately passes the cleartext value on to another system or programming interface MUST pass the value directly over a secured connection (e.g., Transport Layer Security (TLS)). If the value needs to be temporarily persisted for a period of time (e.g., because of a workflow) before provisioning, then the value MUST be protected by some method, such as encryption." msgstr "" #: ../../docstring of canaille.core.models.User.password:28 -#: 198ed93545fe467ea461cef9a184362c +#: a4f2fcdde65c4774a2cb672677275686 msgid "Testing for an equality match MAY be supported if there is an existing stored hashed value. When testing for equality, the service provider:" msgstr "" #: ../../docstring of canaille.core.models.User.password:32 -#: becd82e6d299471d94ab4906ce105218 +#: 7595e72df7db44f9b6c42796e830f12b msgid "Prepares the filter value for international language comparison. See Section 7.8 of [RFC7644]." msgstr "" #: ../../docstring of canaille.core.models.User.password:35 -#: ca91b3fdd3ae434dbb47d55b73ccbcb2 +#: 61b66fa2e8814634889657f8d0edfab0 msgid "Generates the salted hash of the filter value and tests for a match with the locally held value." msgstr "" #: ../../docstring of canaille.core.models.User.password:38 -#: 0c4d62a31f2d442981432c2f841abdac +#: a7cfcbc3765b4f78a7155e4dd9415a1e msgid "The mutability of the password attribute is \"writeOnly\", indicating that the value MUST NOT be returned by a service provider in any form (the attribute characteristic \"returned\" is \"never\")." msgstr "" #: ../../docstring of canaille.core.models.User.phone_numbers:1 -#: 636757499c76498ca8a1cbad6ea4fbb7 +#: 9c94598375724785b44ef15df37f51e4 msgid "Phone numbers for the user." msgstr "" #: ../../docstring of canaille.core.models.User.phone_numbers:3 -#: dabf654512714fda965fded70f74aeac +#: 5dd8841664b34a61b816f4809063e0c2 msgid "The value SHOULD be specified according to the format defined in [RFC3966], e.g., 'tel:+1-201-555-0123'. Service providers SHOULD canonicalize the value according to [RFC3966] format, when appropriate. The \"display\" sub-attribute MAY be used to return the canonicalized representation of the phone number value. The sub- attribute \"type\" often has typical values of \"work\", \"home\", \"mobile\", \"fax\", \"pager\", and \"other\" and MAY allow more types to be defined by the SCIM clients." msgstr "" #: ../../docstring of canaille.core.models.User.photo:1 -#: 27d8a36d06ce46858ed9974cfb3a9a9b +#: 291043b969b54c499248e5cd4137ba46 msgid "A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) that points to a resource location representing the user's image." msgstr "" #: ../../docstring of canaille.core.models.User.photo:5 -#: 8d0e8ca2555c48b0aad26fa7fdb102cf +#: d20c5f4d9f154642a7e5197897542d16 msgid "The resource MUST be a file (e.g., a GIF, JPEG, or PNG image file) rather than a web page containing an image. Service providers MAY return the same image in different sizes, although it is recognized that no standard for describing images of various sizes currently exists. Note that this attribute SHOULD NOT be used to send down arbitrary photos taken by this user; instead, profile photos of the user that are suitable for display when describing the user should be sent. Instead of the standard canonical values for type, this attribute defines the following canonical values to represent popular photo sizes: \"photo\" and \"thumbnail\"." msgstr "" #: ../../docstring of canaille.core.models.User.postal_code:1 -#: ca9c10bc74eb4a2b90365bbd3473b1be +#: 43d41ad405ca4db99f51e8c857e137e3 msgid "The zip code or postal code component." msgstr "" #: ../../docstring of canaille.core.models.User.preferred_language:1 -#: 5c7d29d6e6334161b21068010f566af2 +#: c8f7b6dd86d646f191246ff0070da604 msgid "Indicates the user's preferred written or spoken languages and is generally used for selecting a localized user interface." msgstr "" #: ../../docstring of canaille.core.models.User.preferred_language:4 -#: c45f7e1feb59446daa9dbea7cce24305 +#: 7bf574c66b664d229948814478d62a8a msgid "The value indicates the set of natural languages that are preferred. The format of the value is the same as the HTTP Accept-Language header field (not including \"Accept-Language:\") and is specified in Section 5.3.5 of [RFC7231]. The intent of this value is to enable cloud applications to perform matching of language tags [RFC4647] to the user's language preferences, regardless of what may be indicated by a user agent (which might be shared), or in an interaction that does not involve a user (such as in a delegated OAuth 2.0 [RFC6749] style interaction) where normal HTTP Accept-Language header negotiation cannot take place." msgstr "" #: ../../docstring of canaille.core.models.User.profile_url:1 -#: 267adc8c4ecf4750a9db3464eb2b8573 +#: 1cb9deea306246f8a148e8cd469da0d8 msgid "A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) and that points to a location representing the user's online profile (e.g., a web page)." msgstr "" #: ../../docstring of canaille.core.models.User.profile_url:5 -#: 7f227419ab034b3da8303fe94affeb6c +#: 84b648830c3148ecb4e74a368b850c23 msgid "URIs are canonicalized per Section 6.2 of [RFC3986]." msgstr "" #: ../../canaille/core/models.py:docstring of canaille.core.models.User.readable_fields:1 -#: e064888816ad4e228797af005daa0c1b +#: 58a2e21fdb434721a2f63d42d309bdf5 msgid "The fields the user can read according to the :class:`configuration ` configuration." msgstr "" #: ../../canaille/core/models.py:docstring of canaille.core.models.User.readable_fields:4 -#: d51b5c9a3058444187f7f52aafcc57ce +#: 13d48165549548f4b93daef3011da021 msgid "This does not include the :attr:`writable ` fields." msgstr "" #: ../../docstring of canaille.core.models.User.region:1 -#: 7781da46bb4f45c19d4061a73efd1860 +#: 6f59b77e31f04e928a5ba62b1e24e768 msgid "The state or region component." msgstr "" +#: ../../docstring of canaille.core.models.User.secret_token:1 +#: 976966fe6b494fa7881ec2bb7c992d48 +msgid "Unique token generated for each user, used for two-factor authentication." +msgstr "" + #: ../../docstring of canaille.core.models.User.street:1 -#: e15de46ed1a745e580399d0bf40e96b8 +#: 499ca20e98174187b6a7e067dc8bb99d msgid "The full street address component, which may include house number, street name, P.O." msgstr "" #: ../../docstring of canaille.core.models.User.street:4 -#: 663a1b080f3646f5bbc30492beccda49 +#: 9da29eeb9a7749388ec24a3d730cdcca msgid "box, and multi-line extended street address information. This attribute MAY contain newlines." msgstr "" #: ../../docstring of canaille.core.models.User.title:1 -#: 96571ab69f47443087e9de7cdf2af3ef +#: d210c0de6da84b4f8336209ae9719f87 msgid "The user's title, such as \"Vice President\"." msgstr "" #: ../../docstring of canaille.core.models.User.user_name:1 -#: 5a41c74aee6040d78b20e68feedbe91d +#: 3fdb69a67da040b1bfb2682e3c8b99d4 msgid "A service provider's unique identifier for the user, typically used by the user to directly authenticate to the service provider." msgstr "" #: ../../docstring of canaille.core.models.User.user_name:4 -#: 305c46ac8a734b4fb513c2da9c0bd78d +#: 1028aa46fd5b4dc2b9315aabf36ab31c msgid "Often displayed to the user as their unique identifier within the system (as opposed to \"id\" or \"externalId\", which are generally opaque and not user-friendly identifiers). Each User MUST include a non-empty userName value. This identifier MUST be unique across the service provider's entire set of Users. This attribute is REQUIRED and is case insensitive." msgstr "" #: ../../canaille/core/models.py:docstring of canaille.core.models.User.writable_fields:1 -#: f99945951b7f476484908fef5eb9bee4 +#: 6f4310b43c8c41af8069664ccee7283a msgid "The fields the user can write according to the :class:`configuration `." msgstr "" +#: ../../canaille/core/models.py:docstring of canaille.core.models.string_code:1 +#: fc53171fc0944808ba403af52c2ba136 +msgid "Add leading 0 if the code length does not match the defined length." +msgstr "" + +#: ../../canaille/core/models.py:docstring of canaille.core.models.string_code:3 +#: ae60e7010ca94353a14a569775471e8e +msgid "For instance, parameter ``digit=6``, but ``code=123``, this method would return ``000123``::" +msgstr "" + #: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.AuthorizationCode:1 -#: 470216f2acc344a9bc4fe9408cf38b4c +#: a121e077c37d4a8cab594a0629893230 msgid "OpenID Connect temporary authorization code definition." msgstr "" #: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Client:1 -#: b0248a05ffa44100bfcf4e84de0e154b +#: 176b8928ffc54ed0b7a4b727cdf50387 msgid "OpenID Connect client definition, based on the `OAuth 2.0 Dynamic Client Registration protocols `_ and the `OpenID Connect RP-Initiated Logout `_ specifications." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.client_id:3 -#: 9630f3464163481993a425c28c308969 +#: 501569fe51a94e8b9cfee76865f5720a msgid "OAuth 2.0 client identifier string. It SHOULD NOT be currently valid for any other registered client, though an authorization server MAY issue the same client identifier to multiple instances of a registered client at its discretion." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.client_id_issued_at:1 #: ../../docstring of canaille.oidc.basemodels.Client.client_secret:1 #: ../../docstring of canaille.oidc.basemodels.Client.post_logout_redirect_uris:1 -#: 05d209d5010c49c99c2e88fd070c5595 -#: b2cf2367cc664e0dbd0d237edd72509a -#: 9da6221c08544d5b9c043002d77e9a04 +#: 155223b8bff641ed9a0375b3d458c5c9 +#: 155223b8bff641ed9a0375b3d458c5c9 +#: 155223b8bff641ed9a0375b3d458c5c9 msgid "OPTIONAL." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.client_id_issued_at:3 -#: fb189c4d73054f559edc1f71e252013c +#: 8f9ab854501246b68994edefd2c22365 msgid "Time at which the client identifier was issued. The time is represented as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC until the date/time of issuance." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.client_name:1 -#: 90b1171c71784152b30c868ce6a69e92 +#: 8610eab8370a4184937f0d1169b54c51 msgid "Human-readable string name of the client to be presented to the end-user during authorization." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.client_name:4 -#: 2f438f6285d3455f81459326d3ed2a3d +#: ce9a8c14a98f4a31b17100c0ca14c199 msgid "If omitted, the authorization server MAY display the raw \"client_id\" value to the end-user instead. It is RECOMMENDED that clients always send this field. The value of this field MAY be internationalized, as described in Section 2.2." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.client_secret:3 -#: b659e17a18ae49d6b460ce4bfd3ef720 +#: f737139e11a14b14be8545e1a2c5c0f6 msgid "OAuth 2.0 client secret string. If issued, this MUST be unique for each \"client_id\" and SHOULD be unique for multiple instances of a client using the same \"client_id\". This value is used by confidential clients to authenticate to the token endpoint, as described in OAuth 2.0 [RFC6749], Section 2.3.1." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.client_secret_expires_at:1 -#: fe3efeb714e642038fddaee69b85a240 +#: 01979509cf224c5b8ba2127719435fc8 msgid "REQUIRED if \"client_secret\" is issued." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.client_secret_expires_at:3 -#: 8224ead887464588a9b93fc320780f69 +#: 48959dbf918e45ba9c37a50f77a0adf9 msgid "Time at which the client secret will expire or 0 if it will not expire. The time is represented as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC until the date/time of expiration." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.client_uri:1 -#: c7ec8c5c04bd41fa87825f3d6f4e71b3 +#: 20f5972c57c540f6ab8392896c84be8c msgid "URL string of a web page providing information about the client." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.client_uri:3 -#: 8be313c7ec5848419e7a0062beefd60c +#: 30041d9b4c124152a5c0443ff9b2191c msgid "If present, the server SHOULD display this URL to the end-user in a clickable fashion. It is RECOMMENDED that clients always send this field. The value of this field MUST point to a valid web page. The value of this field MAY be internationalized, as described in Section 2.2." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.contacts:1 -#: 133418eefb1d484ba26f492838063c04 +#: 5cce7321f5e5400589f9393258dc3a4a msgid "Array of strings representing ways to contact people responsible for this client, typically email addresses." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.contacts:4 -#: 4c4d89f737af445da4e7eb5882887e00 +#: af06fcccdc594f869be314af985cf14c msgid "The authorization server MAY make these contact addresses available to end-users for support requests for the client. See Section 6 for information on Privacy Considerations." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.grant_types:1 -#: 5105e93451e946fea6c3fd0b09c19683 +#: b4a5975375c641eaa946ccd90ce211a6 msgid "Array of OAuth 2.0 grant type strings that the client can use at the token endpoint. These grant types are defined as follows:" msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.grant_types:4 -#: 471bb398e08d45d588f320d2c25cb025 +#: bbc3935e899e47f3bafe281f1d888251 msgid "\"authorization_code\": The authorization code grant type defined in OAuth 2.0, Section 4.1." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.grant_types:7 -#: c1785e60703f46e5a3a6e7131ba26894 +#: 64449ef0ca7f424c9fab46a991d69d96 msgid "\"implicit\": The implicit grant type defined in OAuth 2.0, Section 4.2." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.grant_types:10 -#: 99ec3801466340bd83367ab92a351ac3 +#: f236e27b48c94daf906f45e1448426c6 msgid "\"password\": The resource owner password credentials grant type defined in OAuth 2.0, Section 4.3." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.grant_types:13 -#: a62c7b8185ee4863aec423c5fe445ae5 +#: 9e81137e52f94762be9551134791deaf msgid "\"client_credentials\": The client credentials grant type defined in OAuth 2.0, Section 4.4." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.grant_types:16 -#: 2fd298fce6974e4da2f670da31280955 +#: e7293d36a66346228115f0e7a1db1628 msgid "\"refresh_token\": The refresh token grant type defined in OAuth 2.0, Section 6." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.grant_types:19 -#: 2fb0f1de8f46429eb46970d53c954d91 +#: 8fcedc410abe4cb4ba32399205c1fdb4 msgid "\"urn:ietf:params:oauth:grant-type:jwt-bearer\": The JWT Bearer Token Grant Type defined in OAuth JWT Bearer Token Profiles [RFC7523]." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.grant_types:23 -#: dd4f8e0551e048d599a3f95740ea3cf1 +#: 45a990b4f0c3428ca6b0f466163b444d msgid "\"urn:ietf:params:oauth:grant-type:saml2-bearer\": The SAML 2.0 Bearer Assertion Grant defined in OAuth SAML 2 Bearer Token Profiles [RFC7522]." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.grant_types:27 -#: 241768369988480b8f79cae93fa06ff4 +#: da938e538dfb4cbcb06eb0257bae0c5d msgid "If the token endpoint is used in the grant type, the value of this parameter MUST be the same as the value of the \"grant_type\" parameter passed to the token endpoint defined in the grant type definition. Authorization servers MAY allow for other values as defined in the grant type extension process described in OAuth 2.0, Section 4.5. If omitted, the default behavior is that the client will use only the \"authorization_code\" Grant Type." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.jwk:1 -#: 779d5b8c355f4e469d0880100f197dbd +#: 61a94c54874e45c7b6d6a0080b303c06 msgid "Client's JSON Web Key Set [RFC7517] document value, which contains the client's public keys." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.jwk:4 -#: 786a840808f042fdb3a97eb1bd7f7a98 +#: 878eeb4b93db4411b3227ebfce480fb2 msgid "The value of this field MUST be a JSON object containing a valid JWK Set. These keys can be used by higher-level protocols that use signing or encryption. This parameter is intended to be used by clients that cannot use the \"jwks_uri\" parameter, such as native clients that cannot host public URLs. The \"jwks_uri\" and \"jwks\" parameters MUST NOT both be present in the same request or response." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.jwks_uri:1 -#: 29bbb97b4b0545df84cf23ec1e6b14cf +#: bdc8f6ae5aa54e2e8cd3968ba2b834e5 msgid "URL string referencing the client's JSON Web Key (JWK) Set [RFC7517] document, which contains the client's public keys." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.jwks_uri:4 -#: 4021b5fbeabb464d938a3903ef7e718b +#: f0514e0625524e80b9d71112f8f845fd msgid "The value of this field MUST point to a valid JWK Set document. These keys can be used by higher-level protocols that use signing or encryption. For instance, these keys might be used by some applications for validating signed requests made to the token endpoint when using JWTs for client authentication [RFC7523]. Use of this parameter is preferred over the \"jwks\" parameter, as it allows for easier key rotation. The \"jwks_uri\" and \"jwks\" parameters MUST NOT both be present in the same request or response." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.logo_uri:1 -#: 723f17b9b9df481394bcff341b2730b1 +#: a8573dc1a7474be593d58ac595763de8 msgid "URL string that references a logo for the client." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.logo_uri:3 -#: 6b1a034be4f248e98f185c7a0ef2c3b5 +#: a2ca19d94ea94ee8b9938118fc25f1fa msgid "If present, the server SHOULD display this image to the end-user during approval. The value of this field MUST point to a valid image file. The value of this field MAY be internationalized, as described in Section 2.2." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.policy_uri:1 -#: 92446c1f45fc4da9bf18fed32b046f26 +#: 14d06cf8a7e34fedad15b82247d69d39 msgid "URL string that points to a human-readable privacy policy document that describes how the deployment organization collects, uses, retains, and discloses personal data." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.policy_uri:5 #: ../../docstring of canaille.oidc.basemodels.Client.tos_uri:5 -#: 470f3a6ebe5a470d97207d2d724d7a50 -#: d5127be355104a9b8e44b59d71a4e3ce +#: 1ea0d5026129456fbbc197bfce61c98e +#: 1ea0d5026129456fbbc197bfce61c98e msgid "The authorization server SHOULD display this URL to the end-user if it is provided. The value of this field MUST point to a valid web page. The value of this field MAY be internationalized, as described in Section 2.2." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.post_logout_redirect_uris:3 -#: 80775602163f4c4eae2aa73101fb4a59 +#: 50f7bef11f5244e4b91bdd115c92c874 msgid "Array of URLs supplied by the RP to which it MAY request that the End-User's User Agent be redirected using the post_logout_redirect_uri parameter after a logout has been performed. These URLs SHOULD use the https scheme and MAY contain port, path, and query parameter components; however, they MAY use the http scheme, provided that the Client Type is confidential, as defined in Section 2.1 of OAuth 2.0 [RFC6749], and provided the OP allows the use of http RP URIs." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.redirect_uris:1 -#: 9864218626a9495d837ca07ecabe2e83 +#: e6a72fe3893b4db4adc05a9684a6dc4a msgid "Array of redirection URI strings for use in redirect-based flows such as the authorization code and implicit flows." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.redirect_uris:4 -#: a1f4e7a342764daf9b91f5c582e0d704 +#: d8400c42df344766b3fa56e4d0973700 msgid "As required by Section 2 of OAuth 2.0 [RFC6749], clients using flows with redirection MUST register their redirection URI values. Authorization servers that support dynamic registration for redirect-based flows MUST implement support for this metadata value." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.response_types:1 -#: 2b675d8a76b64442baaf96288a99145f +#: 8be6e16541944c6f9cad4f83c72a13b5 msgid "Array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint. These response types are defined as follows:" msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.response_types:5 -#: 3f19f3d3bf244c669c336230f4e548e5 +#: 460f3e0ea3674308963d0510ac0d6444 msgid "\"code\": The authorization code response type defined in OAuth 2.0, Section 4.1." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.response_types:8 -#: 8be17e9ef4c642a0a227974a40450da2 +#: a6be11c01465486aa6fc6d52b002b3c6 msgid "\"token\": The implicit response type defined in OAuth 2.0, Section 4.2." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.response_types:11 -#: 3be1d7f3ab82407ebcf77c9ad6294934 +#: 0629b093e32248559987eb03c2802856 msgid "If the authorization endpoint is used by the grant type, the value of this parameter MUST be the same as the value of the \"response_type\" parameter passed to the authorization endpoint defined in the grant type definition. Authorization servers MAY allow for other values as defined in the grant type extension process is described in OAuth 2.0, Section 4.5. If omitted, the default is that the client will use only the \"code\" response type." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.scope:1 -#: 99bf5a0735f3490eb63943c7926eb165 +#: c8200e01d757418294c72a8c1f4dd013 msgid "String containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.scope:5 -#: d9c4d3be73ae454fbc08c0452c4cafba +#: 6b5bfcb30b5443cea8e88e0e0074c1ff msgid "The semantics of values in this list are service specific. If omitted, an authorization server MAY register a client with a default set of scopes." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.software_id:1 -#: ee3bd26091c94945b33584e781c19370 +#: c16d3f6118f24f639ffa8f395fb26d51 msgid "A unique identifier string (e.g., a Universally Unique Identifier (UUID)) assigned by the client developer or software publisher used by registration endpoints to identify the client software to be dynamically registered." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.software_id:6 -#: 8fd0e02b12354b72b7175ade2536eac3 +#: dae7107648bc4e498d3924fdff934e29 msgid "Unlike \"client_id\", which is issued by the authorization server and SHOULD vary between instances, the \"software_id\" SHOULD remain the same for all instances of the client software. The \"software_id\" SHOULD remain the same across multiple updates or versions of the same piece of software. The value of this field is not intended to be human readable and is usually opaque to the client and authorization server." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.software_version:1 -#: 2d69ee9b36d244ec98fb0ca3135ac74f +#: c620c60307f64b08a6322573b5dd0561 msgid "A version identifier string for the client software identified by \"software_id\"." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.software_version:4 -#: 0da082aab3354aad8196b87ea111796f +#: e0c0f27106824081827201c50fb85ae7 msgid "The value of the \"software_version\" SHOULD change on any update to the client software identified by the same \"software_id\". The value of this field is intended to be compared using string equality matching and no other comparison semantics are defined by this specification. The value of this field is outside the scope of this specification, but it is not intended to be human readable and is usually opaque to the client and authorization server. The definition of what constitutes an update to client software that would trigger a change to this value is specific to the software itself and is outside the scope of this specification." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.token_endpoint_auth_method:1 -#: e666c285e9d0483a8b06ed07b9596fd1 +#: c226846c2d1c4874bf900ddd10cf4144 msgid "String indicator of the requested authentication method for the token endpoint. Values defined by this specification are:" msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.token_endpoint_auth_method:4 -#: 75019e0ffa134fe0a48fc885130c97ee +#: aca79c0bc52744e0aedf325049fa2b15 msgid "\"none\": The client is a public client as defined in OAuth 2.0, Section 2.1, and does not have a client secret." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.token_endpoint_auth_method:7 -#: 6d1fcab0de3a41e18101687e93c45444 +#: e63eaadeb384412199ed4f6ed7053e47 msgid "\"client_secret_post\": The client uses the HTTP POST parameters as defined in OAuth 2.0, Section 2.3.1." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.token_endpoint_auth_method:10 -#: 75493a43244c4357842d2fdfa745f330 +#: 271a83d28e854ac0ba72171a974b346b msgid "\"client_secret_basic\": The client uses HTTP Basic as defined in OAuth 2.0, Section 2.3.1." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.token_endpoint_auth_method:13 -#: 070320a7585e4d9ba744cbaed1593208 +#: 20907504b16b4d2785df51328c1ef639 msgid "Additional values can be defined via the IANA \"OAuth Token Endpoint Authentication Methods\" registry established in Section 4.2. Absolute URIs can also be used as values for this parameter without being registered. If unspecified or omitted, the default is \"client_secret_basic\", denoting the HTTP Basic authentication scheme as specified in Section 2.3.1 of OAuth 2.0." msgstr "" #: ../../docstring of canaille.oidc.basemodels.Client.tos_uri:1 -#: 95cc7b66c6da48e5a189a32abaa9c24e +#: 00b5b754a5c5419f92fab486003e081a msgid "URL string that points to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client." msgstr "" #: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Consent:1 -#: bf6c359aadbc4404ba1967b1b8d26255 +#: a05f59c629e3458fbbf64e91e88819bf msgid "Long-term user consent to an application." msgstr "" #: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Token:1 -#: a20eaa516c854599a62222141346d76b +#: 7b57192679024787a3be94302cb00b86 msgid "OpenID Connect token definition." msgstr "" #: ../tutorial/databases.rst:4 -#: 2934007ee99c4b5096855dd9bf47208b +#: 5748f2a24c36444993b0ac2c8ce280bb msgid "Canaille can read and save data in different databases. This page presents the different database backends and their specificities:" msgstr "" #: ../tutorial/databases.rst:10 -#: 4d8d9b1634cf47eca9c118b3af6173df +#: 5d24828b6f5649039d526b7fb689db99 msgid "Canaille comes with a lightweight inmemory backend by default. It is used when no other backend has been configured." msgstr "" #: ../tutorial/databases.rst:13 -#: 5383f833c2634382a279cf9c2e9efff5 +#: afdd59c782fc4a28851af9f8a3c24428 msgid "This backend is only for test purpose and should not be used in production environments." msgstr "" #: ../tutorial/databases.rst:18 -#: 5c04f9416e954990a51ad770b994755d +#: 883a0e443e914abb8edfe20bf57f1296 msgid "Canaille can use any database supported by `SQLAlchemy `_, such as sqlite, postgresql or mariadb." msgstr "" #: ../tutorial/databases.rst:21 -#: 5cef0f1dda384284a256492c7b8dfcca +#: 70e3f1710abf4134b85427a21dedeaa4 msgid "It is used when the ``CANAILLE_SQL`` configuration parameter is defined. For instance:" msgstr "" #: ../tutorial/databases.rst:29 -#: cedc3bb2dba0427b93cf11791b189c96 +#: 30971ee8de5542819657f07c3e215be2 msgid "You can find more details on the SQL configuration in the :class:`dedicated section `." msgstr "" #: ../tutorial/databases.rst:34 -#: fd9f8f823d184c72840274fd13de5b91 +#: da789ef60396408eb64b22001aaaf8fe msgid "Canaille can use OpenLDAP as its main database. It is used when the ``CANAILLE_LDAP`` configuration parameter is defined. For instance:" msgstr "" #: ../tutorial/databases.rst:52 -#: fcbc8501c455465daa5142894408bb38 +#: c64cf1c4f3664390a27dbef6f154878e +msgid "If you want to use TOTP/HOTP authentication, you will need to add the ``oathHOTPToken`` class to the user :" +msgstr "" + +#: ../tutorial/databases.rst:58 +#: aa4b16bc9b7946d7904708e1f424f53f msgid "You can find more details on the LDAP configuration in the :class:`dedicated section `." msgstr "" -#: ../tutorial/databases.rst:55 -#: 2c710def18bc46539b2962ee1bde2bf6 -msgid "Currently, only the ``inetOrgPerson`` and ``groupOfNames`` schemas have been tested. If you want to use different schemas or LDAP servers, adaptations may be needed. Patches are welcome." +#: ../tutorial/databases.rst:61 +#: faa136c2f11c4d79b3bbe652a901e785 +msgid "Currently, only the ``inetOrgPerson``, ``oathHOTPToken`` and ``groupOfNames`` schemas have been tested. If you want to use different schemas or LDAP servers, adaptations may be needed. Patches are welcome." msgstr "" -#: ../tutorial/databases.rst:60 -#: b7014bf888504dcc865871e8275190f6 +#: ../tutorial/databases.rst:66 +#: 21591edbced444b499d300486e257a91 msgid "OpenLDAP overlays integration" msgstr "" -#: ../tutorial/databases.rst:62 -#: a67abbc0745e4c7e9353697969a4fbab +#: ../tutorial/databases.rst:68 +#: 33eaffdc103c4d709fb434da45ecca39 msgid "Canaille can integrate with several OpenLDAP overlays:" msgstr "" -#: ../tutorial/databases.rst:65 -#: b1eebe57d90648b3b24cb48cb49c5436 +#: ../tutorial/databases.rst:71 +#: b542d311f0444aef936af14660f9ddd3 msgid "memberof / refint" msgstr "" -#: ../tutorial/databases.rst:67 -#: 6bb596696373483ab0a52f0e8169ab9e +#: ../tutorial/databases.rst:73 +#: e3756a8fbe1d4c469d6df3b4504b73d9 msgid "`memberof `_ and `refint `_ overlays are needed for the Canaille group membership to work correctly." msgstr "" -#: ../tutorial/databases.rst:71 -#: ../tutorial/databases.rst:94 -#: bff8a12ffd4b4d179d6938a046810186 -#: 1e58076e5c2148f8a2c71c79bb51c74a +#: ../tutorial/databases.rst:77 +#: ../tutorial/databases.rst:100 +#: ../tutorial/databases.rst:123 +#: 9b7b5412ee544d7bbb97fc1e30152585 +#: 9b7b5412ee544d7bbb97fc1e30152585 +#: 9b7b5412ee544d7bbb97fc1e30152585 msgid "Here is a configuration example compatible with canaille:" msgstr "" -#: ../tutorial/databases.rst:73 -#: d8858049d6d44b7cae4cbd659f9f8ba2 +#: ../tutorial/databases.rst:79 +#: 1b8c284120b44c859cc9bd56b4c8e123 msgid "memberof-config.ldif" msgstr "" -#: ../tutorial/databases.rst:77 -#: 830059290ddc4cf1b2249c45fc303b98 +#: ../tutorial/databases.rst:83 +#: 3fc7e3d6f94f47579174c1ebcb598f6a msgid "refint-config.ldif" msgstr "" -#: ../tutorial/databases.rst:81 -#: ../tutorial/databases.rst:104 -#: 4070700e524f481ba82662576453c6b3 -#: 41e7874f5db94dda8cd74ebed2fddc7c +#: ../tutorial/databases.rst:87 +#: ../tutorial/databases.rst:110 +#: 39d5ac83d9724a36af9b2185453d86f3 +#: 39d5ac83d9724a36af9b2185453d86f3 msgid "You can adapt and load those configuration files with:" msgstr "" -#: ../tutorial/databases.rst:90 -#: e37e96d3eac048e191b4da59788b6096 +#: ../tutorial/databases.rst:96 +#: 359072b68f5d4338830ee414e509d7c2 msgid "ppolicy" msgstr "" -#: ../tutorial/databases.rst:92 -#: 88ed660b0098483fa77e880febad6b52 +#: ../tutorial/databases.rst:98 +#: a589837a0cf14ad3b8f8116f78356f76 msgid "If the `ppolicy `_ overlay is configured and the ``pwdEndTime`` attribute is available (since OpenLDAP 2.6), then account locking support will be enabled in canaille. To allow users to manage account expiration, they need to have a *write* permission on the :attr:`~canaille.core.models.User.lock_date` attribute." msgstr "" -#: ../tutorial/databases.rst:96 -#: 0194f8cb96554ed9a209784cd1a5a10e +#: ../tutorial/databases.rst:102 +#: fe864493f65b47008ba79f9154931883 msgid "ppolicy-config.ldif" msgstr "" -#: ../tutorial/databases.rst:100 -#: 09776d76a5c54f6eb7d79e15a0dbed82 +#: ../tutorial/databases.rst:106 +#: da19de8897bd448aaa8a8f6450974789 msgid "ppolicy.ldif" msgstr "" +#: ../tutorial/databases.rst:119 +#: ccb4fa4c948c461580569a7ec7a55885 +msgid "otp" +msgstr "" + +#: ../tutorial/databases.rst:121 +#: 9b6afdb7651743a78e1955ef59319e29 +msgid "If the `otp `_ overlay is configured, you will be able to add one-time password authentication in canaille." +msgstr "" + +#: ../tutorial/databases.rst:125 +#: fe864493f65b47008ba79f9154931883 +msgid "otp-config.ldif" +msgstr "" + +#: ../tutorial/databases.rst:129 +#: 39d5ac83d9724a36af9b2185453d86f3 +msgid "You can adapt and load this configuration file with:" +msgstr "" + +#: ../tutorial/databases.rst:136 +#: b0815f933dae41f8a18ffc5c389a8796 +msgid "You will also need to add the ``oathHOTPToken`` class to the user:" +msgstr "" + #: ../tutorial/deployment.rst:2 -#: f396d7b4fa884f55bf66b57b6c046fdb +#: 968d6daab5054d1bbbaac721a53f21e6 msgid "Deployment" msgstr "" #: ../tutorial/deployment.rst:5 -#: 2cbff8a64b41470396973c1f66482110 +#: 341af181b96a4e449f124bb22e58723a msgid "Application service" msgstr "" #: ../tutorial/deployment.rst:7 -#: d60be98207bd489299d7492480a091c5 +#: 856f5e097bd34696b59aa74f451a1a33 msgid "After having finished Canaille installation you have to run it in a WSGI application server. Here are some WSGI server configuration examples you can pick. Do not forget to update the paths." msgstr "" #: ../tutorial/deployment.rst:11 -#: cf41e4599bea477a8b6742ed38c09555 +#: c2fc01d884054c2c9e9f3cf5b1e7fe01 msgid "gunicorn" msgstr "" #: ../tutorial/deployment.rst:15 -#: 9f4888747a6d4f5d85d9b94bc2814aff +#: 0734bfeb3d07400d85abe6f2412c506c msgid "Write a gunicorn configuration sample file." msgstr "" #: ../tutorial/deployment.rst:18 -#: beb61a6d85dc407c923f0a1797571b4b +#: 12db5d68d59f42958e64d74cf0a8a852 msgid "uwsgi" msgstr "" #: ../tutorial/deployment.rst:42 -#: 804b59080cfb46a5bece65e9dfe52ae4 +#: 7f42a8052b034e1e949f7308c1e80068 msgid "Webserver" msgstr "" #: ../tutorial/deployment.rst:44 -#: 3fd8ef72a9db483aaa18397b136708a4 +#: 261287d315864e4e958aab6892250086 msgid "Now you have to plug your WSGI application server to your webserver so it is accessible on the internet. Here are some webserver configuration examples you can pick:" msgstr "" #: ../tutorial/deployment.rst:48 -#: 40d9837c5cdd4c9faf94797e578e409d +#: 05ce956efe26448abaa00732f791ac5d msgid "Nginx" msgstr "" #: ../tutorial/deployment.rst:114 -#: 5407fc49df8b4871a993d95ebe6b216e +#: 71a5e5d57a9547909ea4a78f80883422 msgid "Apache" msgstr "" #: ../tutorial/deployment.rst:153 -#: 9e1ca64c07984a218f094949ed99bc6e +#: c0216d38c6e74ed08fd2478d61524206 msgid "Recurrent jobs" msgstr "" #: ../tutorial/deployment.rst:155 -#: 283551b28f2d465a830885e57a802334 +#: 24d5e0ff3df449e49ec973125318f628 msgid "You might want to clean up your database to avoid it growing too much. You can regularly delete expired tokens and authorization codes with:" msgstr "" #: ../tutorial/deployment.rst:164 -#: 3a91c9769ca04ed289ef4e08d71c84e0 +#: 615cedede7b348a39bef43b8a0296fb0 msgid "Webfinger" msgstr "" #: ../tutorial/deployment.rst:166 -#: c0c2aa060ee743e797e0e0e69ed34aad +#: 59c6373efd6040f2bc60ce6617810901 msgid "You may want to configure a `WebFinger`_ endpoint on your main website to allow the automatic discovery of your Canaille installation based on the account name of one of your users. For instance, suppose your domain is ``mydomain.example`` and your Canaille domain is ``auth.mydomain.example`` and there is a user ``john.doe``. A third-party application could require to authenticate the user and ask them for a user account. The user would give their account ``john.doe@mydomain.example``, then the application would perform a WebFinger request at ``https://mydomain.example/.well-known/webfinger`` and the response would contain the address of the authentication server ``https://auth.mydomain.example``. With this information the third party application can redirect the user to the Canaille authentication page." msgstr "" #: ../tutorial/deployment.rst:168 -#: d4f07f118d4443bcbd44e55144cf4d1f +#: ee64a42bf4104da2a68499149292566d msgid "The difficulty here is that the WebFinger endpoint must be hosted at the top-level domain (i.e. ``mydomain.example``) while the authentication server might be hosted on a sublevel (i.e. ``auth.mydomain.example``). Canaille provides a WebFinger endpoint, but if it is not hosted at the top-level domain, a web redirection is required on the ``/.well-known/webfinger`` path." msgstr "" #: ../tutorial/deployment.rst:170 -#: b305def4f6e74643b1c47e5491e46126 +#: a1aa4ace653f416eb673a5ac6f536199 msgid "Here are configuration examples for Nginx or Apache:" msgstr "" #: ../tutorial/deployment.rst:172 -#: f07e30950c0443ea830fb6d01181cbce +#: 54696b09f9de48daa0d752cab9cbbe60 msgid "Nginx webfinger configuration for a top level domain" msgstr "" #: ../tutorial/deployment.rst:181 -#: f166862da12146e286d09f1189b44637 +#: 7277d41cdb83400ab68d06861f1bba9b msgid "Apache webfinger configuration for a top level domain" msgstr "" #: ../tutorial/deployment.rst:191 -#: ed7f25a6ab90437984c0249217556b7a +#: 6c673a0168dc4f159d40898328555d97 msgid "Create the first user" msgstr "" #: ../tutorial/deployment.rst:193 -#: e983e9c5998a475e9472c54742b25c9f +#: 665633a1bc5a4185b3ac592a8e0d023d msgid "Once canaille is installed, soon enough you will need to add users. To create your first user you can use the :ref:`canaille create ` CLI." msgstr "" #: ../tutorial/index.rst:2 -#: 40de96b13f0b46ba88769f9f0c91bece +#: df05343770804349af328d9b3651f059 msgid "Tutorial" msgstr "" #: ../tutorial/install.rst:2 -#: 990b0c4570294a4c914942072b835544 +#: a0eef22998554712a838c86b94681306 msgid "Installation" msgstr "" #: ../tutorial/install.rst:6 -#: 1f5645b8ce114b08abc62b4f03e8d613 +#: 366d1de010774522b5947172c22d1d64 msgid "Canaille is under heavy development and may not fit a production environment yet." msgstr "" #: ../tutorial/install.rst:8 -#: a76d3b71c19b4667a34e1d4b68261499 +#: 7ec1652a0617445681d3b44ab4ef6607 msgid "The installation of canaille consist in several steps, some of which you can do manually or with command line tool:" msgstr "" #: ../tutorial/install.rst:11 -#: de05573555224e75869a68ac41471c97 +#: 39b5cccca7ae4928abc5ecac4466a670 msgid "Get the code" msgstr "" #: ../tutorial/install.rst:13 -#: 8d5ce5f2ad284774a673cad8e1be2cc5 +#: dd49fb118bd94e00810d55ca2e8e3c23 msgid "As the moment there is no distribution package for canaille. However, it can be installed with the ``pip`` package manager. Let us choose a place for the canaille environment, like ``/opt/canaille/env``." msgstr "" #: ../tutorial/install.rst:24 -#: 5e8dbf51cc8e401d8e7f2738c4c1e500 +#: 8f98f8e76182487aba2f150e7af39150 msgid "Extras" msgstr "" #: ../tutorial/install.rst:26 -#: ff09c579e2834394992e462c1a7830e6 +#: 364aff7067fe4ab0aea19ad6024893b1 msgid "Canaille provides different package options:" msgstr "" #: ../tutorial/install.rst:28 -#: fba9a7d4ab8f42c1ba19ec58827c49bb +#: 0b64d33198cf4965bf5ccec22054fc9b msgid "`front` provides all the things needed to produce the user interface;" msgstr "" #: ../tutorial/install.rst:29 -#: 3c368569b3434d0c8821fcc5aa2a9fcd +#: 4f47aa89080f491e8f179aadf57a32e4 msgid "`oidc` provides the dependencies to perform OAuth2/OIDC authentication;" msgstr "" #: ../tutorial/install.rst:30 -#: d2fa3adf12b04e879e8eb1ad5a86d131 +#: 07d747ece341493cbfdbaacd17b9640d msgid "`ldap` provides the dependencies to enable the LDAP backend;" msgstr "" #: ../tutorial/install.rst:31 -#: 9f0ac2527c844d26999ac4722b7a3062 +#: bebbbd7c0b5b4694b70dd571d6087a25 msgid "`sqlite` provides the dependencies to enable the SQLite backend;" msgstr "" #: ../tutorial/install.rst:32 -#: 9f8652296fdd460d9d0885fd934a924f +#: 1052d038f4154a29a0e27fd5c83f9abf msgid "`postgresql` provides the dependencies to enable the PostgreSQL backend;" msgstr "" #: ../tutorial/install.rst:33 -#: dba3b5d89e9e46c6b3774b01bf2ae122 +#: 0696511547b64f22b36c1b3c5ade382a msgid "`mysql` provides the dependencies to enable the MySQL backend;" msgstr "" #: ../tutorial/install.rst:34 -#: 3284b40cd5ff4177a9369e471dcd1de2 +#: 7ec9ca47bc1a487caeb4d706f0cabeec msgid "`sentry` provides sentry integration to watch Canaille exceptions;" msgstr "" #: ../tutorial/install.rst:35 -#: dfd39313c050407193deac1f01f23e54 -msgid "`all` provides all the extras above." +#: 4e77c88c68b1404cbf1502574bc495af +msgid "`otp` provides the dependencies to enable one-time password authentication;" +msgstr "" + +#: ../tutorial/install.rst:36 +#: e81b3959980b47898233e6a778b6cfa4 +msgid "`sms` provides the dependencies to enable sms sending;" msgstr "" #: ../tutorial/install.rst:37 -#: 3d0f7f47cc1a469e9762578aed91f002 +#: 4355ba8d8f744ad6b49f6859e36d5276 +msgid "`all` provides all the extras above." +msgstr "" + +#: ../tutorial/install.rst:39 +#: 2ad6fc294ad44e87a5c1b4389a8c280c msgid "They can be installed with:" msgstr "" -#: ../tutorial/install.rst:44 -#: b7732a260ca84ba3a4130bd6cb0d1619 +#: ../tutorial/install.rst:46 +#: 59d5ecfe460d412ba993a785c0c20744 msgid "Configure" msgstr "" -#: ../tutorial/install.rst:46 -#: 86df5b7acf954ddfbb2982dbe0a51da1 +#: ../tutorial/install.rst:48 +#: 2bebd03f31724f66a8fc72e10fd4c00f msgid "Choose a path where to store your configuration file. You can pass any configuration path with the ``CONFIG`` environment variable." msgstr "" -#: ../tutorial/install.rst:54 -#: 042753d9c5704f21b0da35d38a17a620 +#: ../tutorial/install.rst:56 +#: 6f15d23d18c245dc9d341399328f752e msgid "You should then edit your configuration file to adapt the values to your needs. Look at the configuration details in the :doc:`configuration <../references/configuration>` page." msgstr "" -#: ../tutorial/install.rst:57 -#: a87138181fe64cd9891206619cad6d2d +#: ../tutorial/install.rst:59 +#: ede066e9fd9345ac86aa519c3bc66495 msgid "Install" msgstr "" -#: ../tutorial/install.rst:59 -#: 2a7cde9a8ef54f6fb6b527734b5e471d +#: ../tutorial/install.rst:61 +#: a888acd5f78142a88927d4585568a24a msgid "The :ref:`install command ` will apply most of the things needed to get Canaille working. Depending on the configured :doc:`database ` it will create the SQL tables, or install the LDAP schemas for instance." msgstr "" -#: ../tutorial/install.rst:68 -#: faefbbda355349e19671492f478d3153 +#: ../tutorial/install.rst:70 +#: 1d9b520266704354910e893daaa1ac22 msgid "Check" msgstr "" -#: ../tutorial/install.rst:70 -#: ab77edb446f44686bf26ef04fbf3dc7d +#: ../tutorial/install.rst:72 +#: da69d39139ef46eabe3e65ee743ad414 msgid "After a manual installation, you can check your configuration file using the :ref:`check command `:" msgstr "" +#: ../tutorial/provisioning.rst:2 +#: fad9f07edb234ac5b4edf0f1a2850469 +msgid "Provisioning" +msgstr "" + +#: ../tutorial/provisioning.rst:4 +#: b34dc5e4480d4812abe1d615b40724ce +msgid "Canaille partially implemnet the :rfc:`SCIM <7642>` provisioning protocol at the ``/scim/v2`` endpoint." +msgstr "" + +#: ../tutorial/provisioning.rst:6 +#: b435649989a5462fb58feedb7deff9e7 +msgid "At the moment, only the server part is implemented. It allows client applications to manage user profiles directly in Canaille." +msgstr "" + +#: ../tutorial/provisioning.rst:9 +#: cca65894cd064a69b7c8a4dc2b4bc5b2 +msgid "To allow clients to access the SCIM API, the client must have the ``client_credentials`` grant type configured. This allows clients to ask an authentication token on their own behalf and use this token to perform queries. Currently, user tokens are not supported." +msgstr "" + +#: ../tutorial/provisioning.rst:15 +#: 5540926bcd3a4ff59b5c440933d22e93 +msgid "Some SCIM :ref:`features and endpoints ` are not implemented. In addition to these, Canaille will implement in the future:" +msgstr "" + +#: ../tutorial/provisioning.rst:18 +#: df30885f79fd424fb426110529797eeb +msgid "Access control for clients on the SCIM API endpoint, to finely manage permissions depending on clients." +msgstr "" + +#: ../tutorial/provisioning.rst:19 +#: e37b47a3e64940adbfecfffc6245bb5f +msgid "Client-side implementation, to broadcast user and groups modifications among all the clients." +msgstr "" + #: ../tutorial/troubleshooting.rst:2 -#: d5cca3688aea45bb9ed015f84d324407 +#: a2179a1e932c44c59ec327cabf7a8b0e msgid "Troubleshooting" msgstr "" #: ../tutorial/troubleshooting.rst:5 -#: 584a62a0d78b4af391bfc8bd916e3934 +#: 46107d829fdc4718adf7b92192756f96 msgid "The web interface throws useless error messages" msgstr "" #: ../tutorial/troubleshooting.rst:7 -#: acc3175f98324e73b0154a833f4291de +#: 86ab63d58f8848b2a40435a2f048c12f msgid "Unless the current user has admin :class:`permissions `, or the installation is in :attr:`~canaille.app.configuration.RootSettings.DEBUG` mode, error messages won't be too technical. For instance, you can see *The request you made is invalid*. To enable detailed error messages, you can **temporarily** enable the :attr:`~canaille.app.configuration.RootSettings.DEBUG` configuration parameter." msgstr "" #: ../tutorial/troubleshooting.rst:12 -#: 358b28e47d4a4b48ba2bde7ddd4bc5f3 +#: 988d674332bb4633b860095fe99420df msgid "How to manually install LDAP schemas?" msgstr "" #: ../tutorial/troubleshooting.rst:16 -#: 5e241c1fdd044454a5a27a9d4d609a6c +#: 7be9fb2994f6417889820aac3fce6560 msgid "Schema installation can be automatically done using the :ref:`install command `." msgstr "" #: ../tutorial/troubleshooting.rst:18 -#: fa20dff6817848489fee9434d3e8c154 +#: c8c1648f65d348d0a7d601357a849604 msgid "As of OpenLDAP 2.4, two configuration methods are available:" msgstr "" #: ../tutorial/troubleshooting.rst:20 -#: 536b6d4fabea43d48240f3b1b4e256c6 +#: f37f56f196174ae895e792a933dfbea6 msgid "The `deprecated `_ one, based on a configuration file (generally ``/etc/ldap/slapd.conf``);" msgstr "" #: ../tutorial/troubleshooting.rst:21 -#: 2681e5ed98de4633ab3e958980570c61 +#: ae332fd671574a54b9f1ff1cce9ae3e0 msgid "The new one, based on a configuration directory (generally ``/etc/ldap/slapd.d``)." msgstr "" #: ../tutorial/troubleshooting.rst:23 -#: e623df73a33a4425874322d64990dd09 +#: b9fe35e9d0654a4b831845bf9f027a33 msgid "Depending on the configuration method you use with your OpenLDAP installation, you need to chose how to add the canaille schemas:" msgstr "" #: ../tutorial/troubleshooting.rst:26 -#: 7fa64ce5f9834bfc8a84a6b147776135 +#: 45557c5a90314b65aca27329fe4f334b msgid "Old fashion: Copy the schemas in your filesystem" msgstr "" #: ../tutorial/troubleshooting.rst:35 -#: 89ec7d1a5b9c488898dd0aeec512eb0f +#: 4aa6e1b3b0154c4ca91a982f719c08b5 msgid "New fashion: Use slapadd to add the schemas" msgstr "" #: ../tutorial/troubleshooting.rst:37 -#: cf355b0d0d224146b9aa9bde63c3285b +#: 6ba05a570b0043078256af9a016309c4 msgid "Be careful to stop your ldap server before running ``slapadd``" msgstr "" #: ../tutorial/troubleshooting.rst:46 -#: b688808b89a1486ea46f0a30671f0772 +#: 87adc4ca4b22405e948a90409bde21b0 msgid "How to manually generate the OIDC keypair?" msgstr "" #: ../tutorial/troubleshooting.rst:50 -#: fe622e23c48a4ec0ba3a9e00e24cfb88 +#: 6770309338724a4aac6439943e58b66a msgid "The keypair generation can be automatically done using the :ref:`install command `." msgstr "" #: ../tutorial/troubleshooting.rst:52 -#: 2467c8ae6d2a4ba19056d44a89656984 +#: 2fad5ba8eca14ba293b910f7c82f5b34 msgid "Canaille needs a key pair to sign OIDC tokens. You can customize those commands, as long as they match the ``JWT`` section of your configuration file." msgstr "" #: ../usecases.rst:4 -#: dde73820d8ff46128f0ae5a245d4f212 +#: 0012c5a2aeb84b40b7ccb861a1f8ea07 msgid "Use cases" msgstr "" #: ../usecases.rst:6 -#: 936471ec6e494f839a45d1a5048ddbe9 +#: 8fce8afa30574f348ea6a4b5169592b6 msgid "Canaille is a lightweight IAM for simple needs. Here are a few use cases you might recognize in, where Canaille would fit your needs." msgstr "" #: ../usecases.rst:10 -#: 0c06bc8fc0754db6bdfbae05fe718b2e +#: e00eb880854f4c38a94285e1986b96d2 msgid "OpenID Connect provider on top of a LDAP directory" msgstr "" #: ../usecases.rst:12 -#: 0ec337c5784a4dc296538609b9d75dd6 +#: 354d32ad706d463ab06aa17efae022cc msgid "Your organization has an historic :ref:`LDAP directory ` and you want to add a :ref:`OpenID Connect ` :abbr:`SSO (Single Sign-On)` layer on top of it, so users can use all your application while signin-in only once, without any data migration." msgstr "" #: ../usecases.rst:15 -#: 35bb9bbb50064dc7a5383c9d5371adfd +#: c80ba39e4d3d49aeb126a3a4b0cbf6ee msgid "Profile edition of LDAP users" msgstr "" #: ../usecases.rst:17 -#: 87226e31a4ef425585e8de20647d72a3 +#: f7042aa80b384749a2a1c93cdf9fb3b6 msgid "Your organization has a :ref:`LDAP directory ` and you want to provide a way to your users to :ref:`edit their personal information ` by themselves, without requiring any administrator intervention." msgstr "" #: ../usecases.rst:20 -#: 22ec6d0c58ed413b80cd6aca23f637b6 +#: 2175f903fd7049408fb6f8bca3817ec0 msgid "Password recovery with a LDAP directory" msgstr "" #: ../usecases.rst:22 -#: 46f418970c7640f9ace069002ed337bd +#: ee7ae8f8496c4ddd95b00953f0da7fc9 msgid "Your organization has an historic :ref:`LDAP directory ` and you want to provide a way to your users to :ref:`recover their password ` when they cannot remember it, without any administrator intervention." msgstr "" #: ../usecases.rst:25 -#: f44f325b29594fc7b31521d259e27d5f +#: b270514f0fac465d9792c85a85c84525 msgid "A lightweight IAM for unit testing" msgstr "" #: ../usecases.rst:27 -#: c9f537fbf3cd4b3cb0e6d140b8a2327b +#: 88822c2e151f43a0b5dabed7616604b7 msgid "You are :ref:`developing ` an application relying on OAuth2 or OpenID Connect to authenticate the users. You don't want to mock the calls to the identity provider in your unit tests, but you want to :ref:`perform real OAuth2/OIDC requests `, and test your application against different identity provider tunings." msgstr "" #: ../usecases.rst:30 -#: 5b9b8e07b9154150a105088cc630ce6a +#: fe21632ea9034d16b4f5da19efa0b5ac msgid "A lightweight IAM for developing" msgstr "" #: ../usecases.rst:32 -#: 7a4ff703b94e4706b5123edb0c2abe51 +#: 5f85f539d8cf4500889c40f6774d6e55 msgid "You are :ref:`developing ` an application relying on OAuth2 or OpenID Connect to authenticate the users. You need a :ref:`IAM server to develop ` locally, but your old computer cannot bear launching a full Keycloak in a Docker container." msgstr "" #: ../usecases.rst:35 -#: e594e15fba204d65a3f483c36e7c0aab +#: f94e9269e0d84b20998a5dc33d17bca7 msgid "A lightweight IAM for CIs" msgstr "" #: ../usecases.rst:37 -#: ff03e5a191564f90af81c7d210a3de24 +#: c59dd6c6c59a45b6b8cc4497275c35c1 msgid "You are :ref:`developing ` an application relying on OAuth2 or OpenID Connect to authenticate the users. You need a IAM server that could can populate with custom data, and integrate in your :ref:`continuous integration environment `." msgstr "" #: ../usecases.rst:40 -#: 8a37de08f6594334a3ba6ed2f9a3b71e +#: 30c0a6e8cd2f4ec1837b2147176bed17 msgid "A CLI to quickly edit LDAP directory users" msgstr "" #: ../usecases.rst:42 -#: b9d55e6eeca547aabb9bbfef3998f6d2 +#: 884abc047ac34822b7b8fcd98ddb3f88 msgid "Your organization has an historic :ref:`LDAP directory `. You are tired to deal with *ldif* syntax to manage your users and group and would prefer a simple human-readable CLI." msgstr "" diff --git a/doc/tutorial/index.rst b/doc/tutorial/index.rst index 27abe826..30f25ad9 100644 --- a/doc/tutorial/index.rst +++ b/doc/tutorial/index.rst @@ -7,4 +7,5 @@ Tutorial install deployment databases + provisioning troubleshooting diff --git a/doc/tutorial/provisioning.rst b/doc/tutorial/provisioning.rst new file mode 100644 index 00000000..9f0e2081 --- /dev/null +++ b/doc/tutorial/provisioning.rst @@ -0,0 +1,19 @@ +Provisioning +############ + +Canaille partially implemnet the :rfc:`SCIM <7642>` provisioning protocol at the ``/scim/v2`` endpoint. + +At the moment, only the server part is implemented. +It allows client applications to manage user profiles directly in Canaille. + +To allow clients to access the SCIM API, the client must have the ``client_credentials`` grant type configured. +This allows clients to ask an authentication token on their own behalf and use this token to perform queries. +Currently, user tokens are not supported. + +.. todo:: + + Some SCIM :ref:`features and endpoints ` are not implemented. + In addition to these, Canaille will implement in the future: + + - Access control for clients on the SCIM API endpoint, to finely manage permissions depending on clients. + - Client-side implementation, to broadcast user and groups modifications among all the clients. diff --git a/tests/scim/conftest.py b/tests/scim/conftest.py index bd939752..1f967112 100644 --- a/tests/scim/conftest.py +++ b/tests/scim/conftest.py @@ -71,4 +71,5 @@ def scim_client(app, oidc_client, oidc_token): Client(app), scim_prefix=bp.url_prefix, environ={"headers": {"Authorization": f"Bearer {oidc_token.access_token}"}}, + check_response_status_codes=False, ) diff --git a/tests/scim/test_authentication.py b/tests/scim/test_authentication.py deleted file mode 100644 index 12a1e88f..00000000 --- a/tests/scim/test_authentication.py +++ /dev/null @@ -1,45 +0,0 @@ -import datetime - -import pytest -from scim2_client import SCIMResponseErrorObject -from scim2_client.engines.werkzeug import TestSCIMClient -from werkzeug.security import gen_salt -from werkzeug.test import Client - -from canaille.app import models -from canaille.scim.endpoints import bp - - -def test_authentication_failure(app): - """Test authentication with an invalid token.""" - scim_client = TestSCIMClient( - Client(app), - scim_prefix=bp.url_prefix, - environ={"headers": {"Authorization": "Bearer invalid"}}, - ) - with pytest.raises(SCIMResponseErrorObject): - scim_client.discover() - - -def test_authentication_with_an_user_token(app, backend, oidc_client, user): - """Test authentication with an user token.""" - scim_token = models.Token( - token_id=gen_salt(48), - access_token=gen_salt(48), - subject=user, - audience=[oidc_client], - client=oidc_client, - refresh_token=gen_salt(48), - scope=["openid", "profile"], - issue_date=datetime.datetime.now(datetime.timezone.utc), - lifetime=3600, - ) - backend.save(scim_token) - - scim_client = TestSCIMClient( - Client(app), - scim_prefix=bp.url_prefix, - environ={"headers": {"Authorization": f"Bearer {scim_token.access_token}"}}, - ) - with pytest.raises(SCIMResponseErrorObject): - scim_client.discover() diff --git a/tests/scim/test_errors.py b/tests/scim/test_errors.py new file mode 100644 index 00000000..26f96105 --- /dev/null +++ b/tests/scim/test_errors.py @@ -0,0 +1,76 @@ +import datetime + +from scim2_client.engines.werkzeug import TestSCIMClient +from scim2_models import Error +from scim2_models import Resource +from werkzeug.security import gen_salt +from werkzeug.test import Client + +from canaille.app import models +from canaille.scim.endpoints import bp +from canaille.scim.endpoints import get_resource_types +from canaille.scim.endpoints import get_schemas +from canaille.scim.endpoints import get_service_provider_config + + +def test_authentication_failure(app): + """Test authentication with an invalid token.""" + resource_models = [ + Resource.from_schema(schema) for schema in get_schemas().values() + ] + scim_client = TestSCIMClient( + Client(app), + scim_prefix=bp.url_prefix, + environ={"headers": {"Authorization": "Bearer invalid"}}, + service_provider_config=get_service_provider_config(), + resource_types=get_resource_types().values(), + resource_models=resource_models, + ) + User = scim_client.get_resource_model("User") + error = scim_client.query(User, raise_scim_errors=False) + assert isinstance(error, Error) + assert not error.scim_type + assert error.status == 401 + + +def test_authentication_with_an_user_token(app, backend, oidc_client, user): + """Test authentication with an user token.""" + scim_token = models.Token( + token_id=gen_salt(48), + access_token=gen_salt(48), + subject=user, + audience=[oidc_client], + client=oidc_client, + refresh_token=gen_salt(48), + scope=["openid", "profile"], + issue_date=datetime.datetime.now(datetime.timezone.utc), + lifetime=3600, + ) + backend.save(scim_token) + + resource_models = [ + Resource.from_schema(schema) for schema in get_schemas().values() + ] + scim_client = TestSCIMClient( + Client(app), + scim_prefix=bp.url_prefix, + environ={"headers": {"Authorization": f"Bearer {scim_token.access_token}"}}, + service_provider_config=get_service_provider_config(), + resource_types=get_resource_types().values(), + resource_models=resource_models, + ) + User = scim_client.get_resource_model("User") + error = scim_client.query(User, raise_scim_errors=False) + assert isinstance(error, Error) + assert not error.scim_type + assert error.status == 401 + + +def test_invalid_payload(app, backend, scim_client): + # TODO: push this test in scim2-tester + scim_client.discover() + User = scim_client.get_resource_model("User") + error = scim_client.create(User(), raise_scim_errors=False) + assert isinstance(error, Error) + assert error.scim_type == "invalidValue" + assert error.status == 400 diff --git a/tests/scim/test_scim_tester.py b/tests/scim/test_scim_tester.py index 3693d708..e6dd92e7 100644 --- a/tests/scim/test_scim_tester.py +++ b/tests/scim/test_scim_tester.py @@ -1,13 +1,7 @@ -import pytest +from scim2_tester import Status from scim2_tester import check_server -def test_scim_tester(scim_client, backend): - # currently the tester create empty groups because it cannot handle references - # but LDAP does not support empty groups - # https://github.com/python-scim/scim2-tester/issues/15 - - if "ldap" in backend.__class__.__module__: - pytest.skip() - - check_server(scim_client, raise_exceptions=True) +def test_scim_tester(scim_client): + results = check_server(scim_client, raise_exceptions=True) + assert all(result.status == Status.SUCCESS for result in results) diff --git a/uv.lock b/uv.lock index d17d33ce..7f8e0e91 100644 --- a/uv.lock +++ b/uv.lock @@ -1636,38 +1636,38 @@ wheels = [ [[package]] name = "scim2-client" -version = "0.5.0" +version = "0.5.1" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "scim2-models" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/4f/d0/06a2a68c8b6a840fd8020ebfaf0141e1eadff0a24b4a2ba87c1d0fb9607d/scim2_client-0.5.0.tar.gz", hash = "sha256:f485864c0148cbbddd6a4120a4b3c2553ca89a8076d5cf7bdfa8ad6aba2c1e6e", size = 85783 } +sdist = { url = "https://files.pythonhosted.org/packages/60/a0/208fb622495b174cfa11f9e856c19db73f2bbf3859519704cd35ff39dfce/scim2_client-0.5.1.tar.gz", hash = "sha256:836451f91baf8f0f3c7061dcc043e892d4e607c55c5803e779adc112b4bc2722", size = 85832 } wheels = [ - { url = "https://files.pythonhosted.org/packages/4b/e3/195d64ace80effcb948773914b72a8705565afbd02471ac827b28dfa977a/scim2_client-0.5.0-py3-none-any.whl", hash = "sha256:9f290aafea88d4220372a4902a17b3e7ea4dbdae69dfe9489b938d8d7a7ac827", size = 22500 }, + { url = "https://files.pythonhosted.org/packages/c8/9f/66b3c5a61b156856f1019538757063a96e9cdd11b9d4f812505148c66d29/scim2_client-0.5.1-py3-none-any.whl", hash = "sha256:bf5566da5704228d24eebc89cd8a2adb038b19099956996d1e450a1d40df2d14", size = 22507 }, ] [[package]] name = "scim2-models" -version = "0.2.10" +version = "0.3.0" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "pydantic", extra = ["email"] }, ] -sdist = { url = "https://files.pythonhosted.org/packages/d6/ab/30c537635c2f4591db3a74acc90d8bd5a87107a01645f6c5a64c9f9e7619/scim2_models-0.2.10.tar.gz", hash = "sha256:1cbdaab551ec9fd06b3eaf4d1540f7c60cf065fdd6932ee5493e109d33163e2f", size = 131248 } +sdist = { url = "https://files.pythonhosted.org/packages/d9/42/e7f986b1ebfba7f8b6105764aec0a8c526100b0d8bfd9e28cf08432ad693/scim2_models-0.3.0.tar.gz", hash = "sha256:a1db62385e7820e67c94fd758246815397eb3b3bd1bca797a2a3ef346e81d827", size = 132910 } wheels = [ - { url = "https://files.pythonhosted.org/packages/97/8c/ec957904e8e2d3f8cfa83c65f144aaa72527a816a485881eb7d5fb75968c/scim2_models-0.2.10-py3-none-any.whl", hash = "sha256:a8576a6c7a87bcfce9c5851f58ea1361ccbb6c53452cc96e70a2dda571cedcea", size = 39925 }, + { url = "https://files.pythonhosted.org/packages/6a/ed/708165169928aae94a0596a557e4c674bcc781e429802fb951b9af1d21b1/scim2_models-0.3.0-py3-none-any.whl", hash = "sha256:1ff78d93b9ed0a4d89f04835777e1cee796e0d1881e71f8242a86af2ec9f0612", size = 40663 }, ] [[package]] name = "scim2-tester" -version = "0.1.10" +version = "0.1.13" source = { registry = "https://pypi.org/simple" } dependencies = [ { name = "scim2-client" }, ] -sdist = { url = "https://files.pythonhosted.org/packages/25/e5/d2b682ab9c46da87622271126b7be53ab82650144bff50b2243f5593bca0/scim2_tester-0.1.10.tar.gz", hash = "sha256:bcfb8bd16d3f2101ae2ebdeb24e1865b6ed21b9120ad1ecb13f4a2628e26973c", size = 67237 } +sdist = { url = "https://files.pythonhosted.org/packages/ac/c7/fa5672d24d68da5e1060e4f02ab946d7569457d1a5d969e72c0f6c9e78c6/scim2_tester-0.1.13.tar.gz", hash = "sha256:2697f1ca8938e9f4425b76803856f4053108fbe3aee65a1bff446ca178339319", size = 68200 } wheels = [ - { url = "https://files.pythonhosted.org/packages/4f/53/6e0bb75472cd621dc447c7cc93a45c0d4d0756e63d9f56ee9ea705710c1c/scim2_tester-0.1.10-py3-none-any.whl", hash = "sha256:9dfc8dfdab00d4d89d4ce8d4b0330c74eadfa482a52b66927c342cdef35547de", size = 17619 }, + { url = "https://files.pythonhosted.org/packages/8a/4f/d81e4983089bf458c59a1dd85d8524adf77b5b0d9e7aba3f9f2057da0343/scim2_tester-0.1.13-py3-none-any.whl", hash = "sha256:88d1832c4d13b369184e2a0c1a1aed6b107679b591e47eab73441ba382cb5add", size = 18879 }, ] [[package]] @@ -2138,27 +2138,26 @@ wheels = [ [[package]] name = "uv" -version = "0.5.7" +version = "0.5.8" source = { registry = "https://pypi.org/simple" } -sdist = { url = "https://files.pythonhosted.org/packages/ca/1c/8c40ec75c26656bec9ada97833a437b49fd443b5d6dfd61d6dda8ad90cbe/uv-0.5.7.tar.gz", hash = "sha256:4d22a5046a6246af85c92257d110ed8fbcd98b16824e4efa9d825d001222b2cb", size = 2356161 } +sdist = { url = "https://files.pythonhosted.org/packages/14/31/24c4d8d0d15f5a596fefb39a45e5628e2a4ac4b9c0a6044b4710d118673a/uv-0.5.8.tar.gz", hash = "sha256:2ee40bc9c08fea0e71092838c0fc36df83f741807d8be9acf2fd4c4757b3171e", size = 2494559 } wheels = [ - { url = "https://files.pythonhosted.org/packages/d6/15/4d05061146ef1ff909458f75812633944a144ebadf73ccd38bef127adc6a/uv-0.5.7-py3-none-linux_armv6l.whl", hash = "sha256:fb4a3ccbe13072b98919413ac8378dd3e2b5480352f75c349a4f71f423801485", size = 14208956 }, - { url = "https://files.pythonhosted.org/packages/ba/8f/dc99e8f026da8b3c74661ca60d424472b8fc73854be8dd0375c9a487474b/uv-0.5.7-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:a4fc62749bda8e7ae62212b1d85cdf6c7bad41918b3c8ac5a6d730dd093d793d", size = 14205195 }, - { url = "https://files.pythonhosted.org/packages/fe/67/fba55047c34ceae31cf92f6286a8517749d8c86a2151620fccb4dfb01cba/uv-0.5.7-py3-none-macosx_11_0_arm64.whl", hash = "sha256:78c3c040e52c09a410b9788656d6e760d557f223058537081cb03a3e25ce89de", size = 13178700 }, - { url = "https://files.pythonhosted.org/packages/5c/af/476c4d3486690e3cd6a9d1e040e350aefcd374b6adf919228594c9e0d9d2/uv-0.5.7-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.musllinux_1_1_aarch64.whl", hash = "sha256:76b514c79136e779cccf90cce5d60f317a0d42074e9f4c059f198ef435f2f6ab", size = 13438725 }, - { url = "https://files.pythonhosted.org/packages/a0/18/ab89b12e695e069f6a181f66fd22dfa66b3bb5b7508938a4d4a3bff6d214/uv-0.5.7-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:a45648db157d2aaff859fe71ec738efea09b972b8864feb2fd61ef856a15b24f", size = 13987146 }, - { url = "https://files.pythonhosted.org/packages/60/72/0eedd9b4d25657124ee5715ec08a0b278716905dd4c2a79b2af5e742c421/uv-0.5.7-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c1e7b5bcc8b380e333e948c01f6f4c6203067b5de60a05f8ed786332af7a9132", size = 14513180 }, - { url = "https://files.pythonhosted.org/packages/9c/b3/feef463577bb31f692b2e52fdce76865d297fe1a4ae48d2bad855b255a67/uv-0.5.7-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:737a06b15c4e6b8ab7dd0a577ba766380bda4c18ba4ecfcfff37d336f1b03a00", size = 15216614 }, - { url = "https://files.pythonhosted.org/packages/99/dd/90e3360402610e1f687fc52c1c0b12906530986c7fe87d63414e0b8ac045/uv-0.5.7-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:ba25eb99891b95b5200d5e369b788d443fae370b097e7268a71e9ba753f2af3f", size = 15005351 }, - { url = "https://files.pythonhosted.org/packages/f2/c5/1fd7eafa61d2659ab4b27314e01eaa2cd62acb0f3a8bceb6420d38f3137f/uv-0.5.7-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:747c011da9f631354a1c89b62b19b8572e040d3fe01c6fb8d650facc7a09fdbb", size = 19537320 }, - { url = "https://files.pythonhosted.org/packages/12/77/36eb833476111af75ecc624d103662aba650b2b3c47abf4df5917697a5b1/uv-0.5.7-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a141b40444c4184efba9fdc10abb3c1cff32154c7f8b0ad46ddc180d65a82d90", size = 14678070 }, - { url = "https://files.pythonhosted.org/packages/a9/c6/7a70672f383ec639d178e0b1481048f181c05bbe372f23a66853a02e0346/uv-0.5.7-py3-none-manylinux_2_28_aarch64.whl", hash = "sha256:46b03a9a78438219fb3060c096773284e2f22417a9c1f8fdd602f0650b3355c2", size = 13637987 }, - { url = "https://files.pythonhosted.org/packages/98/d1/a7c80c0a582344cf63ad17c8c344c9194a2f4475f6b522adbdb3b8cb6ac6/uv-0.5.7-py3-none-musllinux_1_1_armv7l.whl", hash = "sha256:13961a8116515eb288c4f91849fba11ebda0dfeec44cc356e388b3b03b2dbbe1", size = 13974519 }, - { url = "https://files.pythonhosted.org/packages/84/23/55ef8f1fdd750aa1a123dac92bac249cbf8268bd9ab5b63b33580cd4dc23/uv-0.5.7-py3-none-musllinux_1_1_i686.whl", hash = "sha256:071b57c934bdee8d7502a70e9ea0739a10e9b2d1d0c67e923a09e7a23d9a181b", size = 14241488 }, - { url = "https://files.pythonhosted.org/packages/e8/42/0cb96aa85849e55f3dcf4080fec1c13e75eb6179cbff630e4ded22b455f6/uv-0.5.7-py3-none-musllinux_1_1_ppc64le.whl", hash = "sha256:1c5b89c64fb627f52f1e9c9bbc4dcc7bae29c4c5ab8eff46da3c966bbd4caed2", size = 16082215 }, - { url = "https://files.pythonhosted.org/packages/c5/d0/51e588ef932160f113a379781b7edf781d2a7e4667ff4a26b1f3146df359/uv-0.5.7-py3-none-musllinux_1_1_x86_64.whl", hash = "sha256:b79e32438390add793bebc41b0729054e375be30bc53f124ee212d9c97affc39", size = 14809685 }, - { url = "https://files.pythonhosted.org/packages/cc/2b/5cc8622473e61b252211811ee6cb0471ac060dc4a36391747217a717a19a/uv-0.5.7-py3-none-win32.whl", hash = "sha256:d0600d2b2fbd9a9446bfbb7f03d88bc3d0293b949ce40e326429dd4fe246c926", size = 14074020 }, - { url = "https://files.pythonhosted.org/packages/e1/e0/2ce3eb10fab05d900b3434dce09f59f5ac0689e52ca4979e3bfd32e71b61/uv-0.5.7-py3-none-win_amd64.whl", hash = "sha256:27c630780e1856a70fbeb267e1ed6835268a1b50963ab9a984fafa4184389def", size = 15842701 }, + { url = "https://files.pythonhosted.org/packages/da/46/7a1310877b6ae012461c0bcc72629ee34a7c78749235ebf67d7856f24a91/uv-0.5.8-py3-none-linux_armv6l.whl", hash = "sha256:defd5da3685f43f74698634ffc197aaf9b836b8ba0de0e57b34d7bc74d856fa9", size = 14287864 }, + { url = "https://files.pythonhosted.org/packages/0f/b5/d02c8ce6bf46d648e9ef912308718a30ecff631904ba03acd11e5ec6412d/uv-0.5.8-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:e146062e4cc39db334cbde38d56d2c6301dd9cf6739ce07ce5a4d71b4cbc2d00", size = 14290268 }, + { url = "https://files.pythonhosted.org/packages/fb/5e/7277f92ee0aa8549e41152d9a0a7863d84e7b7b8de9b08cb397bfe1e37f6/uv-0.5.8-py3-none-macosx_11_0_arm64.whl", hash = "sha256:0f2bcdd00a49ad1669e217a2787448cac1653c9968d74bfa3732f3c25ca26f69", size = 13255149 }, + { url = "https://files.pythonhosted.org/packages/08/5b/72be4ba38e8e6cd2be60e97fd799629228afd3f46404767b0e1cfcf1236e/uv-0.5.8-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.musllinux_1_1_aarch64.whl", hash = "sha256:c91d0a2b8218af2aa0385b867da8c13a620db22077686793c7231f012cb40619", size = 13541600 }, + { url = "https://files.pythonhosted.org/packages/4d/cb/92485fea5f3fffb0f93820fe808b56ceeef1020ae234f8e2ba64f091ed4e/uv-0.5.8-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:8058ab06d2f69355694f6e9a36edc45164474c516b4e2895bd67f8232d9022ed", size = 14090419 }, + { url = "https://files.pythonhosted.org/packages/ac/b0/09a3a3d93299728485121b975a84b893aebdb6b712f65f43491bba7f82d0/uv-0.5.8-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:c56022edc0f61febbdef89e6f699a0e991932c493b7293635b4814e102d040d2", size = 14638200 }, + { url = "https://files.pythonhosted.org/packages/3c/52/1082d3ca50d336035b5ef6c54caa4936aa2a6ad050ea61fca3068dd986b3/uv-0.5.8-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:84f26ce1736d075d1df34f7c3f6b0b728cecd9a4da3e5160d5d887587830e7ce", size = 15336063 }, + { url = "https://files.pythonhosted.org/packages/06/b5/d9d9a95646ca2404da11fa8f1e9953827ad793d8b92b65bb870f4c0de541/uv-0.5.8-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:a7956787658fb9253fba49741886409402a48039bee64b1697397d27284919af", size = 15068797 }, + { url = "https://files.pythonhosted.org/packages/96/18/f92f7bf7b8769f8010ae4a9b545a0a183a806133174f65c46996e23c8268/uv-0.5.8-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:5989bbbbca072edc1875036c76aed74ec3dfc4741de7d1f060e181717efea6ac", size = 19540106 }, + { url = "https://files.pythonhosted.org/packages/a4/d8/757959dc58abfbf09afe024fbcf1ffb639b8537ea830d09a99d0300ee53c/uv-0.5.8-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2b3076c79746d4f83257c9dea5ba0833b0711aeff8e6695670eadd140a0cf67f", size = 14760582 }, + { url = "https://files.pythonhosted.org/packages/be/20/8b97777fbe6b983a845237c3132e4b540b9dcde73c2bc7c7c6f96ff46f29/uv-0.5.8-py3-none-manylinux_2_28_aarch64.whl", hash = "sha256:aa03c338e19456d3a6544a94293bd2905837ae22720cc161c83ea0fd13c3b09f", size = 13738416 }, + { url = "https://files.pythonhosted.org/packages/b4/fe/fd462516eeb6d58acf5736ea4e7b1b397454344d99c9a0c279bb96436c7b/uv-0.5.8-py3-none-musllinux_1_1_armv7l.whl", hash = "sha256:8a8cbe1ffa0ef5c2f1c90622e07211a8f93f48daa2be1bd4592bb8cda52b0285", size = 14044658 }, + { url = "https://files.pythonhosted.org/packages/be/d0/215c4fcd68e02f39c50557829365e75e60de2c246884753f1382bd75513e/uv-0.5.8-py3-none-musllinux_1_1_i686.whl", hash = "sha256:365eb6bbb551c5623a73b1ed530f4e69083016f70f0cf5ca1a30ec66413bcda2", size = 14359764 }, + { url = "https://files.pythonhosted.org/packages/41/3e/3d96e9c41cee4acf16aee39f4cae81f5651754ac6ca383be2031efc90eeb/uv-0.5.8-py3-none-musllinux_1_1_x86_64.whl", hash = "sha256:56715389d240ac989af2188cd3bfc2b603d31b42330e915dacfe113b34d8e65b", size = 14943042 }, + { url = "https://files.pythonhosted.org/packages/51/3e/3826d2e7c653649eec649262d5548b7ed6bdb5af7bed2a8bb5a127ac67bd/uv-0.5.8-py3-none-win32.whl", hash = "sha256:f8ade0430b6618ae0e21e52f61f6f3943dd6f3184ef6dc4491087b27940427f9", size = 14201492 }, + { url = "https://files.pythonhosted.org/packages/2f/d3/8ab1383ceccbc9f31bb9a265f90dfda4f6214229768ea9608df8a8c66e15/uv-0.5.8-py3-none-win_amd64.whl", hash = "sha256:4a3325af8ed1effa7076967472c063b0000d609fd6f561c7751e43bab30297f1", size = 15995992 }, ] [[package]]