From 75df94216ae98ef7ff39e701796fbb20090a2071 Mon Sep 17 00:00:00 2001 From: Camille Daniel Date: Thu, 8 Apr 2021 17:38:13 +0200 Subject: [PATCH 01/13] Add groups field on user profile (WIP) --- canaille/__init__.py | 12 +++++++----- canaille/account.py | 2 ++ canaille/forms.py | 1 + canaille/models.py | 22 ++++++++++++++++++++++ canaille/templates/profile.html | 3 +++ tests/conftest.py | 22 +++++++++++++++++++++- tests/test_groups.py | 9 +++++++++ tests/test_profile.py | 6 ++++-- 8 files changed, 69 insertions(+), 8 deletions(-) create mode 100644 tests/test_groups.py diff --git a/canaille/__init__.py b/canaille/__init__.py index 629e4282..d55e249a 100644 --- a/canaille/__init__.py +++ b/canaille/__init__.py @@ -23,7 +23,7 @@ from flask_babel import Babel from .flaskutils import current_user from .ldaputils import LDAPObject from .oauth2utils import config_oauth -from .models import User, Token, AuthorizationCode, Client, Consent +from .models import User, Token, AuthorizationCode, Client, Consent, Group try: # pragma: no cover import sentry_sdk @@ -123,10 +123,12 @@ def setup_app(app): try: LDAPObject.root_dn = app.config["LDAP"]["ROOT_DN"] - base = app.config["LDAP"]["USER_BASE"] - if base.endswith(app.config["LDAP"]["ROOT_DN"]): - base = base[: -len(app.config["LDAP"]["ROOT_DN"]) - 1] - User.base = base + user_base = app.config["LDAP"]["USER_BASE"] + if user_base.endswith(app.config["LDAP"]["ROOT_DN"]): + user_base = user_base[: -len(app.config["LDAP"]["ROOT_DN"]) - 1] + User.base = user_base + group_base = app.config["LDAP"]["GROUP_BASE"] + Group.base = group_base app.url_map.strict_slashes = False diff --git a/canaille/account.py b/canaille/account.py index 5a5296c5..3cfb23b5 100644 --- a/canaille/account.py +++ b/canaille/account.py @@ -272,6 +272,8 @@ def profile_edit(user, username): user[attribute.name] = data else: user[attribute.name] = [data] + elif attribute.name == "groups": + user.groups = attribute.data if ( not form["password1"].data or user.set_password(form["password1"].data) diff --git a/canaille/forms.py b/canaille/forms.py index ce475188..cfb80600 100644 --- a/canaille/forms.py +++ b/canaille/forms.py @@ -127,6 +127,7 @@ PROFILE_FORM_FIELDS = dict( "placeholder": _("1234"), }, ), + groups=wtforms.SelectMultipleField(_("Groups"), choices=["foo", "bar"]) ) diff --git a/canaille/models.py b/canaille/models.py index 81f23bb7..76ca69dc 100644 --- a/canaille/models.py +++ b/canaille/models.py @@ -16,6 +16,7 @@ class User(LDAPObject): id = "cn" admin = False moderator = False + _groups = [] @classmethod def get(cls, login=None, dn=None, filter=None, conn=None): @@ -114,6 +115,27 @@ class User(LDAPObject): return self.cn[0] + @property + def groups(self): + return self._groups + + @groups.setter + def groups(self, value): + self._groups = value + + +class Group(LDAPObject): + id = "cn" + + @classmethod + def available_groups(cls, conn=None): + conn = conn or cls.ldap() + groups = cls.filter(objectClass=current_app.config["LDAP"].get("GROUP_CLASS"), conn=conn) + Group.attr_type_by_name(conn=conn) + attribute = current_app.config["LDAP"].get("GROUP_NAME_ATTRIBUTE") + return [(group[attribute][0], group.dn) for group in groups] + + class Client(LDAPObject, ClientMixin): object_class = ["oauthClient"] base = "ou=clients,ou=oauth" diff --git a/canaille/templates/profile.html b/canaille/templates/profile.html index 14f8e599..2bd6414a 100644 --- a/canaille/templates/profile.html +++ b/canaille/templates/profile.html @@ -82,6 +82,9 @@ {% if "employeeNumber" in form %} {{ sui.render_field(form.employeeNumber) }} {% endif %} + {% if "groups" in form %} + {{ sui.render_field(form.groups) }} + {% endif %}

{% trans %}Account information{% endtrans %}

{% if "uid" in form %} diff --git a/tests/conftest.py b/tests/conftest.py index 9fc872a1..96e58385 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -9,7 +9,7 @@ from cryptography.hazmat.backends import default_backend as crypto_default_backe from flask_webtest import TestApp from werkzeug.security import gen_salt from canaille import create_app -from canaille.models import User, Client, Token, AuthorizationCode, Consent +from canaille.models import User, Client, Token, AuthorizationCode, Consent, Group from canaille.ldaputils import LDAPObject @@ -93,6 +93,10 @@ def slapd_server(): "dn: ou=users," + slapd.suffix, "objectClass: organizationalUnit", "ou: users", + "", + "dn: ou=groups," + slapd.suffix, + "objectClass: organizationalUnit", + "ou: groups", ] ) + "\n" @@ -100,6 +104,7 @@ def slapd_server(): LDAPObject.root_dn = slapd.suffix User.base = "ou=users" + Group.base = "ou=groups" yield slapd finally: @@ -143,7 +148,11 @@ def app(slapd_server, keypair_path): "userPassword", "telephoneNumber", "employeeNumber", + "groups", ], + "GROUP_BASE": "ou=groups", + "GROUP_CLASS": "groupOfNames", + "GROUP_NAME_ATTRIBUTE": "cn", }, "JWT": { "PUBLIC_KEY": public_key_path, @@ -338,3 +347,14 @@ def cleanups(slapd_connection): yield for consent in Consent.filter(conn=slapd_connection): consent.delete(conn=slapd_connection) + +@pytest.fixture +def foo_group(user, slapd_connection): + Group.ocs_by_name(slapd_connection) + g = Group( + objectClass = ["groupOfNames"], + member=[user.dn], + cn="foo", + ) + g.save(slapd_connection) + return g \ No newline at end of file diff --git a/tests/test_groups.py b/tests/test_groups.py new file mode 100644 index 00000000..ad84d148 --- /dev/null +++ b/tests/test_groups.py @@ -0,0 +1,9 @@ +from canaille.models import Group + +def test_no_group(app, slapd_connection): + with app.app_context(): + assert Group.available_groups(conn=slapd_connection) == [] + +def test_foo_group(app, slapd_connection, foo_group): + with app.app_context(): + assert Group.available_groups(conn=slapd_connection) == [("foo", foo_group.dn)] \ No newline at end of file diff --git a/tests/test_profile.py b/tests/test_profile.py index afe1984e..74db6a46 100644 --- a/tests/test_profile.py +++ b/tests/test_profile.py @@ -2,8 +2,9 @@ import mock from canaille.models import User -def test_profile(testclient, slapd_connection, logged_user): +def test_profile(testclient, slapd_connection, logged_user, foo_group): res = testclient.get("/profile/user", status=200) + assert res.form["groups"].options == [('foo', False, 'foo')] res.form["uid"] = "user" res.form["givenName"] = "given_name" @@ -11,7 +12,7 @@ def test_profile(testclient, slapd_connection, logged_user): res.form["mail"] = "email@mydomain.tld" res.form["telephoneNumber"] = "555-666-777" res.form["employeeNumber"] = 666 - + res.form["groups"] = ["foo", "bar"] res = res.form.submit(name="action", value="edit", status=200) assert "Profile updated successfuly." in res, str(res) @@ -23,6 +24,7 @@ def test_profile(testclient, slapd_connection, logged_user): assert ["email@mydomain.tld"] == logged_user.mail assert ["555-666-777"] == logged_user.telephoneNumber assert "666" == logged_user.employeeNumber + assert ["foo", "bar"] == logged_user.groups with testclient.app.app_context(): assert logged_user.check_password("correct horse battery staple") From 8d7bb821e7b6d6114b7386bb84bf6a425d0c1ea8 Mon Sep 17 00:00:00 2001 From: Camille Daniel Date: Thu, 8 Apr 2021 21:08:49 +0200 Subject: [PATCH 02/13] Groups field options are available groups --- canaille/forms.py | 5 +++-- tests/conftest.py | 13 ++++++++++++- tests/test_profile.py | 4 ++-- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/canaille/forms.py b/canaille/forms.py index cfb80600..feb86fe5 100644 --- a/canaille/forms.py +++ b/canaille/forms.py @@ -4,7 +4,7 @@ from flask import current_app from flask_babel import lazy_gettext as _ from flask_wtf import FlaskForm from flask_wtf.file import FileField, FileRequired -from .models import User +from .models import User, Group class LoginForm(FlaskForm): @@ -127,7 +127,6 @@ PROFILE_FORM_FIELDS = dict( "placeholder": _("1234"), }, ), - groups=wtforms.SelectMultipleField(_("Groups"), choices=["foo", "bar"]) ) @@ -139,4 +138,6 @@ def profile_form(field_names): for name in field_names if PROFILE_FORM_FIELDS.get(name) } + if "groups" in field_names: + fields["groups"] = wtforms.SelectMultipleField(_("Groups"), choices=[group[0] for group in Group.available_groups()]) return wtforms.form.BaseForm(fields) diff --git a/tests/conftest.py b/tests/conftest.py index 96e58385..c7936a8e 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -357,4 +357,15 @@ def foo_group(user, slapd_connection): cn="foo", ) g.save(slapd_connection) - return g \ No newline at end of file + return g + +@pytest.fixture +def groups(foo_group, admin, slapd_connection): + Group.ocs_by_name(slapd_connection) + bar_group = Group( + objectClass = ["groupOfNames"], + member=[admin.dn], + cn="bar", + ) + bar_group.save(slapd_connection) + return (foo_group, bar_group) \ No newline at end of file diff --git a/tests/test_profile.py b/tests/test_profile.py index 74db6a46..33270ffe 100644 --- a/tests/test_profile.py +++ b/tests/test_profile.py @@ -2,9 +2,9 @@ import mock from canaille.models import User -def test_profile(testclient, slapd_connection, logged_user, foo_group): +def test_profile(testclient, slapd_connection, logged_user, groups): res = testclient.get("/profile/user", status=200) - assert res.form["groups"].options == [('foo', False, 'foo')] + assert set(res.form["groups"].options) == set([("foo", False, "foo"), ("bar", False, "bar")]) res.form["uid"] = "user" res.form["givenName"] = "given_name" From 95329b3969f15b54a10c5547b16ac04c1047580f Mon Sep 17 00:00:00 2001 From: Camille Daniel Date: Thu, 6 May 2021 17:09:34 +0200 Subject: [PATCH 03/13] WIP --- canaille/account.py | 1 - canaille/forms.py | 2 +- canaille/models.py | 38 ++++++++++++++++++++++++++++++++++---- tests/conftest.py | 1 + tests/test_profile.py | 14 +++++++++----- 5 files changed, 45 insertions(+), 11 deletions(-) diff --git a/canaille/account.py b/canaille/account.py index 3cfb23b5..d32fb520 100644 --- a/canaille/account.py +++ b/canaille/account.py @@ -279,7 +279,6 @@ def profile_edit(user, username): not form["password1"].data or user.set_password(form["password1"].data) ) and request.form["action"] == "edit": flash(_("Profile updated successfuly."), "success") - user.save() return render_template( diff --git a/canaille/forms.py b/canaille/forms.py index feb86fe5..1de21609 100644 --- a/canaille/forms.py +++ b/canaille/forms.py @@ -139,5 +139,5 @@ def profile_form(field_names): if PROFILE_FORM_FIELDS.get(name) } if "groups" in field_names: - fields["groups"] = wtforms.SelectMultipleField(_("Groups"), choices=[group[0] for group in Group.available_groups()]) + fields["groups"] = wtforms.SelectMultipleField(_("Groups"), choices=[(group[1], group[0]) for group in Group.available_groups()]) return wtforms.form.BaseForm(fields) diff --git a/canaille/models.py b/canaille/models.py index 76ca69dc..5d8c996b 100644 --- a/canaille/models.py +++ b/canaille/models.py @@ -114,14 +114,32 @@ class User(LDAPObject): def name(self): return self.cn[0] - @property def groups(self): - return self._groups + if hasattr(self.changes, "memberOf"): + return [Group.get(group_dn) for group_dn in self.changes["memberOf"]] + elif hasattr(self.attrs, "memberOf"): + return [Group.get(group_dn) for group_dn in self.attrs["memberOf"]] + return [] + # return self._groups @groups.setter - def groups(self, value): - self._groups = value + def groups(self, values): + # self._groups = values + self.changes["memberOf"] = values + #MemberOf is a Virtual Attribute. This implies You can not monitor the MemberOf attribute for changes + #https://ldapwiki.com/wiki/MemberOf + # Cet attribut virtuel est utile dans le cas des groupes dynamiques + # groupes statiques versus dynamiques https://www.vincentliefooghe.net/content/ldap-les-types-groupes + # pour les groupes statiques c'est plus simple, on peut faire une recherche simple pour connaître tous les groupes affectés à un utlisateur + # mais groupes dynamiques plus adaptés au grands groupes + + # def save(self, conn=None): + # super().save(conn=None) + # for group in self.groups: + # if not self in group.members: + # group.members = [member.dn for member in group.members] + [self.dn] + # group.save() class Group(LDAPObject): @@ -135,6 +153,18 @@ class Group(LDAPObject): attribute = current_app.config["LDAP"].get("GROUP_NAME_ATTRIBUTE") return [(group[attribute][0], group.dn) for group in groups] + @property + def members(self): + if hasattr(self.changes, "member"): + return [User.get(user_dn) for user_dn in self.changes["member"]] + elif hasattr(self.attrs, "member"): + return [Group.get(user_dn) for user_dn in self.attrs["member"]] + return [] + + @members.setter + def members(self, values): + self.changes["member"] = values + class Client(LDAPObject, ClientMixin): object_class = ["oauthClient"] diff --git a/tests/conftest.py b/tests/conftest.py index c7936a8e..33725bea 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -153,6 +153,7 @@ def app(slapd_server, keypair_path): "GROUP_BASE": "ou=groups", "GROUP_CLASS": "groupOfNames", "GROUP_NAME_ATTRIBUTE": "cn", + "USER_GROUP_ATTRIBUTE": "memberOf", #USER_GROUP_SEARCH? }, "JWT": { "PUBLIC_KEY": public_key_path, diff --git a/tests/test_profile.py b/tests/test_profile.py index 33270ffe..245082b4 100644 --- a/tests/test_profile.py +++ b/tests/test_profile.py @@ -2,9 +2,11 @@ import mock from canaille.models import User -def test_profile(testclient, slapd_connection, logged_user, groups): +def test_profile(testclient, slapd_server, slapd_connection, logged_user, groups): res = testclient.get("/profile/user", status=200) - assert set(res.form["groups"].options) == set([("foo", False, "foo"), ("bar", False, "bar")]) + assert set(res.form["groups"].options) == set([("cn=foo,ou=groups,dc=slapd-test,dc=python-ldap,dc=org", False, "foo"), ("cn=bar,ou=groups,dc=slapd-test,dc=python-ldap,dc=org", False, "bar")]) + assert "memberOf: cn=foo,ou=groups,dc=slapd-test,dc=python-ldap,dc=org" in slapd_server.slapcat() + assert "memberOf: cn=bar,ou=groups,dc=slapd-test,dc=python-ldap,dc=org" not in slapd_server.slapcat() res.form["uid"] = "user" res.form["givenName"] = "given_name" @@ -12,19 +14,21 @@ def test_profile(testclient, slapd_connection, logged_user, groups): res.form["mail"] = "email@mydomain.tld" res.form["telephoneNumber"] = "555-666-777" res.form["employeeNumber"] = 666 - res.form["groups"] = ["foo", "bar"] + res.form["groups"] = ["cn=foo,ou=groups,dc=slapd-test,dc=python-ldap,dc=org", "cn=bar,ou=groups,dc=slapd-test,dc=python-ldap,dc=org"] res = res.form.submit(name="action", value="edit", status=200) assert "Profile updated successfuly." in res, str(res) - logged_user.reload(slapd_connection) + assert "memberOf: cn=foo,ou=groups,dc=slapd-test,dc=python-ldap,dc=org" in slapd_server.slapcat() + assert "memberOf: cn=bar,ou=groups,dc=slapd-test,dc=python-ldap,dc=org" in slapd_server.slapcat() + logged_user.reload(slapd_connection) assert ["user"] == logged_user.uid assert ["given_name"] == logged_user.givenName assert ["family_name"] == logged_user.sn assert ["email@mydomain.tld"] == logged_user.mail assert ["555-666-777"] == logged_user.telephoneNumber assert "666" == logged_user.employeeNumber - assert ["foo", "bar"] == logged_user.groups + assert groups == logged_user.groups with testclient.app.app_context(): assert logged_user.check_password("correct horse battery staple") From e07eb0eb507140f5f5d1887cf69f65c46829f52a Mon Sep 17 00:00:00 2001 From: Camille Daniel Date: Thu, 6 May 2021 19:12:14 +0200 Subject: [PATCH 04/13] Save user groups (WIP) --- canaille/models.py | 42 ++++++++++++++++------------------------- demo/conf/canaille.toml | 5 +++++ tests/test_groups.py | 6 ++++-- tests/test_profile.py | 8 ++++---- 4 files changed, 29 insertions(+), 32 deletions(-) diff --git a/canaille/models.py b/canaille/models.py index 5d8c996b..7a2699b5 100644 --- a/canaille/models.py +++ b/canaille/models.py @@ -116,17 +116,17 @@ class User(LDAPObject): @property def groups(self): - if hasattr(self.changes, "memberOf"): - return [Group.get(group_dn) for group_dn in self.changes["memberOf"]] - elif hasattr(self.attrs, "memberOf"): - return [Group.get(group_dn) for group_dn in self.attrs["memberOf"]] - return [] - # return self._groups + # if hasattr(self.changes, "memberOf"): + # return [Group.get(group_dn) for group_dn in self.changes["memberOf"]] + # elif hasattr(self.attrs, "memberOf"): + # return [Group.get(group_dn) for group_dn in self.attrs["memberOf"]] + # return [] + return [Group.get(dn=group_dn) for group_dn in self._groups] @groups.setter def groups(self, values): - # self._groups = values - self.changes["memberOf"] = values + self._groups = values + # self.changes["memberOf"] = values #MemberOf is a Virtual Attribute. This implies You can not monitor the MemberOf attribute for changes #https://ldapwiki.com/wiki/MemberOf # Cet attribut virtuel est utile dans le cas des groupes dynamiques @@ -134,12 +134,12 @@ class User(LDAPObject): # pour les groupes statiques c'est plus simple, on peut faire une recherche simple pour connaître tous les groupes affectés à un utlisateur # mais groupes dynamiques plus adaptés au grands groupes - # def save(self, conn=None): - # super().save(conn=None) - # for group in self.groups: - # if not self in group.members: - # group.members = [member.dn for member in group.members] + [self.dn] - # group.save() + def save(self, conn=None): + super().save(conn=conn) + for group in self.groups: + if not self.dn in group.member: + group.member = group.member + [self.dn] + group.save() class Group(LDAPObject): @@ -153,18 +153,8 @@ class Group(LDAPObject): attribute = current_app.config["LDAP"].get("GROUP_NAME_ATTRIBUTE") return [(group[attribute][0], group.dn) for group in groups] - @property - def members(self): - if hasattr(self.changes, "member"): - return [User.get(user_dn) for user_dn in self.changes["member"]] - elif hasattr(self.attrs, "member"): - return [Group.get(user_dn) for user_dn in self.attrs["member"]] - return [] - - @members.setter - def members(self, values): - self.changes["member"] = values - + def get_members(self, conn=None): + return [User.get(dn=user_dn, conn=conn) for user_dn in self.member] class Client(LDAPObject, ClientMixin): object_class = ["oauthClient"] diff --git a/demo/conf/canaille.toml b/demo/conf/canaille.toml index 01868a67..57217177 100644 --- a/demo/conf/canaille.toml +++ b/demo/conf/canaille.toml @@ -79,8 +79,13 @@ FIELDS = [ "telephoneNumber", "employeeNumber", # "jpegPhoto", + "groups", ] +GROUP_BASE = "ou=groups" +GROUP_CLASS = "groupOfNames" +GROUP_NAME_ATTRIBUTE = "cn" + # The jwt configuration. You can generate a RSA keypair with: # ssh-keygen -t rsa -b 4096 -m PEM -f private.pem # openssl rsa -in private.pem -pubout -outform PEM -out public.pem diff --git a/tests/test_groups.py b/tests/test_groups.py index ad84d148..38db7147 100644 --- a/tests/test_groups.py +++ b/tests/test_groups.py @@ -4,6 +4,8 @@ def test_no_group(app, slapd_connection): with app.app_context(): assert Group.available_groups(conn=slapd_connection) == [] -def test_foo_group(app, slapd_connection, foo_group): +def test_foo_group(app, slapd_connection, user, foo_group): with app.app_context(): - assert Group.available_groups(conn=slapd_connection) == [("foo", foo_group.dn)] \ No newline at end of file + assert Group.available_groups(conn=slapd_connection) == [("foo", foo_group.dn)] + assert foo_group.get_members(conn=slapd_connection) == [user] + assert user.groups == [foo_group] diff --git a/tests/test_profile.py b/tests/test_profile.py index 245082b4..7f98a54f 100644 --- a/tests/test_profile.py +++ b/tests/test_profile.py @@ -5,8 +5,8 @@ from canaille.models import User def test_profile(testclient, slapd_server, slapd_connection, logged_user, groups): res = testclient.get("/profile/user", status=200) assert set(res.form["groups"].options) == set([("cn=foo,ou=groups,dc=slapd-test,dc=python-ldap,dc=org", False, "foo"), ("cn=bar,ou=groups,dc=slapd-test,dc=python-ldap,dc=org", False, "bar")]) - assert "memberOf: cn=foo,ou=groups,dc=slapd-test,dc=python-ldap,dc=org" in slapd_server.slapcat() - assert "memberOf: cn=bar,ou=groups,dc=slapd-test,dc=python-ldap,dc=org" not in slapd_server.slapcat() + assert "memberOf: cn=foo,ou=groups,dc=slapd-test,dc=python-ldap,dc=org" not in slapd_server.slapcat().stdout.decode("utf-8") + assert "memberOf: cn=bar,ou=groups,dc=slapd-test,dc=python-ldap,dc=org" not in slapd_server.slapcat().stdout.decode("utf-8") res.form["uid"] = "user" res.form["givenName"] = "given_name" @@ -18,8 +18,8 @@ def test_profile(testclient, slapd_server, slapd_connection, logged_user, groups res = res.form.submit(name="action", value="edit", status=200) assert "Profile updated successfuly." in res, str(res) - assert "memberOf: cn=foo,ou=groups,dc=slapd-test,dc=python-ldap,dc=org" in slapd_server.slapcat() - assert "memberOf: cn=bar,ou=groups,dc=slapd-test,dc=python-ldap,dc=org" in slapd_server.slapcat() + assert "memberOf: cn=foo,ou=groups,dc=slapd-test,dc=python-ldap,dc=org" in slapd_server.slapcat().stdout.decode("utf-8") + assert "memberOf: cn=bar,ou=groups,dc=slapd-test,dc=python-ldap,dc=org" in slapd_server.slapcat().stdout.decode("utf-8") logged_user.reload(slapd_connection) assert ["user"] == logged_user.uid From f05e8094cb178602a5d6c2a9ec48df6f1b6437fa Mon Sep 17 00:00:00 2001 From: Camille Daniel Date: Thu, 3 Jun 2021 12:00:04 +0200 Subject: [PATCH 05/13] Set user groups --- canaille/account.py | 2 +- canaille/ldaputils.py | 6 ++++++ canaille/models.py | 44 ++++++++++++++++++++++++---------------- tests/conftest.py | 18 +++++++++++----- tests/test_groups.py | 29 +++++++++++++++++++++----- tests/test_ldap_utils.py | 7 +++++++ tests/test_profile.py | 21 +++++++++++-------- 7 files changed, 90 insertions(+), 37 deletions(-) create mode 100644 tests/test_ldap_utils.py diff --git a/canaille/account.py b/canaille/account.py index d32fb520..06ceb3e0 100644 --- a/canaille/account.py +++ b/canaille/account.py @@ -273,7 +273,7 @@ def profile_edit(user, username): else: user[attribute.name] = [data] elif attribute.name == "groups": - user.groups = attribute.data + user.set_groups(attribute.data) if ( not form["password1"].data or user.set_password(form["password1"].data) diff --git a/canaille/ldaputils.py b/canaille/ldaputils.py index 01cdc6eb..d86e653a 100644 --- a/canaille/ldaputils.py +++ b/canaille/ldaputils.py @@ -263,3 +263,9 @@ class LDAPObject: self.changes[name] = [value] else: self.changes[name] = value + + def __eq__(self, other): + return self.may == other.may and self.must == other.must and all(getattr(self, attr) == getattr(other, attr) for attr in self.may + self.must) + + def __hash__(self): + return hash(self.dn) \ No newline at end of file diff --git a/canaille/models.py b/canaille/models.py index 7a2699b5..58c88d7b 100644 --- a/canaille/models.py +++ b/canaille/models.py @@ -48,8 +48,15 @@ class User(LDAPObject): user.moderator = True + if user: + user.load_groups(conn=conn) + return user + def load_groups(self, conn=None): + group_filter = current_app.config["LDAP"].get("GROUP_FILTER").format(user=self) + self._groups = Group.filter(filter=group_filter, conn=conn) + @classmethod def authenticate(cls, login, password, signin=False): user = User.get(login) @@ -121,26 +128,19 @@ class User(LDAPObject): # elif hasattr(self.attrs, "memberOf"): # return [Group.get(group_dn) for group_dn in self.attrs["memberOf"]] # return [] + return self._groups return [Group.get(dn=group_dn) for group_dn in self._groups] - @groups.setter - def groups(self, values): - self._groups = values - # self.changes["memberOf"] = values - #MemberOf is a Virtual Attribute. This implies You can not monitor the MemberOf attribute for changes - #https://ldapwiki.com/wiki/MemberOf - # Cet attribut virtuel est utile dans le cas des groupes dynamiques - # groupes statiques versus dynamiques https://www.vincentliefooghe.net/content/ldap-les-types-groupes - # pour les groupes statiques c'est plus simple, on peut faire une recherche simple pour connaître tous les groupes affectés à un utlisateur - # mais groupes dynamiques plus adaptés au grands groupes - - def save(self, conn=None): - super().save(conn=conn) - for group in self.groups: - if not self.dn in group.member: - group.member = group.member + [self.dn] - group.save() - + def set_groups(self, values, conn=None): + before = self._groups + after = [v if isinstance(v, Group) else Group.get(dn=v, conn=conn) for v in values] + to_add = set(after) - set(before) + to_del = set(before) - set(after) + for group in to_add: + group.add_member(self, conn=conn) + for group in to_del: + group.remove_member(self, conn=conn) + self._groups = after class Group(LDAPObject): id = "cn" @@ -156,6 +156,14 @@ class Group(LDAPObject): def get_members(self, conn=None): return [User.get(dn=user_dn, conn=conn) for user_dn in self.member] + def add_member(self, user, conn=None): + self.member = self.member + [user.dn] + self.save(conn=conn) + + def remove_member(self, user, conn=None): + self.member = [m for m in self.member if m != user.dn] + self.save(conn=conn) + class Client(LDAPObject, ClientMixin): object_class = ["oauthClient"] base = "ou=clients,ou=oauth" diff --git a/tests/conftest.py b/tests/conftest.py index 33725bea..7030208b 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -153,7 +153,7 @@ def app(slapd_server, keypair_path): "GROUP_BASE": "ou=groups", "GROUP_CLASS": "groupOfNames", "GROUP_NAME_ATTRIBUTE": "cn", - "USER_GROUP_ATTRIBUTE": "memberOf", #USER_GROUP_SEARCH? + "GROUP_FILTER": "(member={user.dn})" }, "JWT": { "PUBLIC_KEY": public_key_path, @@ -350,7 +350,7 @@ def cleanups(slapd_connection): consent.delete(conn=slapd_connection) @pytest.fixture -def foo_group(user, slapd_connection): +def foo_group(app, user, slapd_connection): Group.ocs_by_name(slapd_connection) g = Group( objectClass = ["groupOfNames"], @@ -358,15 +358,23 @@ def foo_group(user, slapd_connection): cn="foo", ) g.save(slapd_connection) + with app.app_context(): + user.load_groups(conn=slapd_connection) return g @pytest.fixture -def groups(foo_group, admin, slapd_connection): +def bar_group(app, admin, slapd_connection): Group.ocs_by_name(slapd_connection) - bar_group = Group( + g = Group( objectClass = ["groupOfNames"], member=[admin.dn], cn="bar", ) - bar_group.save(slapd_connection) + g.save(slapd_connection) + with app.app_context(): + admin.load_groups(conn=slapd_connection) + return g + +@pytest.fixture +def groups(foo_group, bar_group, slapd_connection): return (foo_group, bar_group) \ No newline at end of file diff --git a/tests/test_groups.py b/tests/test_groups.py index 38db7147..c79b3459 100644 --- a/tests/test_groups.py +++ b/tests/test_groups.py @@ -1,11 +1,30 @@ -from canaille.models import Group +from canaille.models import Group, User def test_no_group(app, slapd_connection): with app.app_context(): assert Group.available_groups(conn=slapd_connection) == [] -def test_foo_group(app, slapd_connection, user, foo_group): +def test_set_groups(app, slapd_connection, user, foo_group, bar_group): with app.app_context(): - assert Group.available_groups(conn=slapd_connection) == [("foo", foo_group.dn)] - assert foo_group.get_members(conn=slapd_connection) == [user] - assert user.groups == [foo_group] + Group.attr_type_by_name(conn=slapd_connection) + a = User.attr_type_by_name(conn=slapd_connection) + + + user = User.get(dn=user.dn, conn=slapd_connection) + assert set(Group.available_groups(conn=slapd_connection)) == {("foo", foo_group.dn), ("bar", bar_group.dn)} + foo_dns = {g.dn for g in foo_group.get_members(conn=slapd_connection)} + assert user.dn in foo_dns + assert user.groups[0].dn == foo_group.dn + + user.set_groups([foo_group, bar_group], conn=slapd_connection) + bar_dns = {g.dn for g in bar_group.get_members(conn=slapd_connection)} + assert user.dn in bar_dns + + assert user.groups[1].dn == bar_group.dn + + user.set_groups([foo_group], conn=slapd_connection) + foo_dns = {g.dn for g in foo_group.get_members(conn=slapd_connection)} + bar_dns = {g.dn for g in bar_group.get_members(conn=slapd_connection)} + + assert user.dn in foo_dns + assert user.dn not in bar_dns diff --git a/tests/test_ldap_utils.py b/tests/test_ldap_utils.py new file mode 100644 index 00000000..77839eba --- /dev/null +++ b/tests/test_ldap_utils.py @@ -0,0 +1,7 @@ +from canaille.models import Group + +def test_equality(slapd_connection, foo_group, bar_group): + Group.attr_type_by_name(conn=slapd_connection) + assert foo_group != bar_group + foo_group2 = Group.get(dn=foo_group.dn, conn=slapd_connection) + assert foo_group == foo_group2 \ No newline at end of file diff --git a/tests/test_profile.py b/tests/test_profile.py index 7f98a54f..5a0968df 100644 --- a/tests/test_profile.py +++ b/tests/test_profile.py @@ -2,11 +2,12 @@ import mock from canaille.models import User -def test_profile(testclient, slapd_server, slapd_connection, logged_user, groups): +def test_profile(testclient, slapd_server, slapd_connection, logged_user, admin, foo_group, bar_group): res = testclient.get("/profile/user", status=200) assert set(res.form["groups"].options) == set([("cn=foo,ou=groups,dc=slapd-test,dc=python-ldap,dc=org", False, "foo"), ("cn=bar,ou=groups,dc=slapd-test,dc=python-ldap,dc=org", False, "bar")]) - assert "memberOf: cn=foo,ou=groups,dc=slapd-test,dc=python-ldap,dc=org" not in slapd_server.slapcat().stdout.decode("utf-8") - assert "memberOf: cn=bar,ou=groups,dc=slapd-test,dc=python-ldap,dc=org" not in slapd_server.slapcat().stdout.decode("utf-8") + assert logged_user.groups == [foo_group] + assert foo_group.member == [logged_user.dn] + assert bar_group.member == [admin.dn] res.form["uid"] = "user" res.form["givenName"] = "given_name" @@ -18,17 +19,21 @@ def test_profile(testclient, slapd_server, slapd_connection, logged_user, groups res = res.form.submit(name="action", value="edit", status=200) assert "Profile updated successfuly." in res, str(res) - assert "memberOf: cn=foo,ou=groups,dc=slapd-test,dc=python-ldap,dc=org" in slapd_server.slapcat().stdout.decode("utf-8") - assert "memberOf: cn=bar,ou=groups,dc=slapd-test,dc=python-ldap,dc=org" in slapd_server.slapcat().stdout.decode("utf-8") - - logged_user.reload(slapd_connection) + with testclient.app.app_context(): + logged_user = User.get(dn=logged_user.dn, conn=slapd_connection) assert ["user"] == logged_user.uid assert ["given_name"] == logged_user.givenName assert ["family_name"] == logged_user.sn assert ["email@mydomain.tld"] == logged_user.mail assert ["555-666-777"] == logged_user.telephoneNumber assert "666" == logged_user.employeeNumber - assert groups == logged_user.groups + + foo_group.reload(slapd_connection) + bar_group.reload(slapd_connection) + assert set(foo_group.member) == {logged_user.dn} + assert set(bar_group.member) == {admin.dn, logged_user.dn} + assert set(logged_user.groups) == {foo_group, bar_group} + with testclient.app.app_context(): assert logged_user.check_password("correct horse battery staple") From b6ef56ad20c44b817d514cb32b1981f34368ea42 Mon Sep 17 00:00:00 2001 From: Camille Daniel Date: Thu, 3 Jun 2021 12:28:45 +0200 Subject: [PATCH 06/13] Improve things --- canaille/account.py | 2 ++ canaille/conf/config.sample.toml | 6 ++++++ canaille/forms.py | 5 ++++- canaille/ldaputils.py | 11 +++++++++-- canaille/models.py | 20 +++++++++++--------- demo/conf/canaille.toml | 1 + tests/conftest.py | 13 ++++++++----- tests/test_groups.py | 8 ++++++-- tests/test_ldap_utils.py | 3 ++- tests/test_profile.py | 17 +++++++++++++---- 10 files changed, 62 insertions(+), 24 deletions(-) diff --git a/canaille/account.py b/canaille/account.py index 06ceb3e0..2948a7ee 100644 --- a/canaille/account.py +++ b/canaille/account.py @@ -252,6 +252,8 @@ def profile_edit(user, username): for k in fields if hasattr(user, k) } + if "groups" in fields: + data["groups"] = [g.dn for g in user.groups] form = profile_form(fields) form.process(CombinedMultiDict((request.files, request.form)) or None, data=data) form["uid"].render_kw["readonly"] = "true" diff --git a/canaille/conf/config.sample.toml b/canaille/conf/config.sample.toml index 15230c5b..b790651a 100644 --- a/canaille/conf/config.sample.toml +++ b/canaille/conf/config.sample.toml @@ -68,6 +68,11 @@ ADMIN_FILTER = "memberof=cn=admins,ou=groups,dc=mydomain,dc=tld" # USER_ADMIN_FILTER = "uid=moderator" USER_ADMIN_FILTER = "memberof=cn=moderators,ou=groups,dc=mydomain,dc=tld" +GROUP_BASE = "ou=groups" +GROUP_CLASS = "groupOfNames" +GROUP_NAME_ATTRIBUTE = "cn" +GROUP_USER_FILTER = "(member={user.dn})" + # The list of ldap fields you want to be editable by the # users. FIELDS = [ @@ -79,6 +84,7 @@ FIELDS = [ "telephoneNumber", "employeeNumber", # "jpegPhoto", + "groups", ] # The jwt configuration. You can generate a RSA keypair with: diff --git a/canaille/forms.py b/canaille/forms.py index 1de21609..14749247 100644 --- a/canaille/forms.py +++ b/canaille/forms.py @@ -139,5 +139,8 @@ def profile_form(field_names): if PROFILE_FORM_FIELDS.get(name) } if "groups" in field_names: - fields["groups"] = wtforms.SelectMultipleField(_("Groups"), choices=[(group[1], group[0]) for group in Group.available_groups()]) + fields["groups"] = wtforms.SelectMultipleField( + _("Groups"), + choices=[(group[1], group[0]) for group in Group.available_groups()], + ) return wtforms.form.BaseForm(fields) diff --git a/canaille/ldaputils.py b/canaille/ldaputils.py index d86e653a..05b0f304 100644 --- a/canaille/ldaputils.py +++ b/canaille/ldaputils.py @@ -265,7 +265,14 @@ class LDAPObject: self.changes[name] = value def __eq__(self, other): - return self.may == other.may and self.must == other.must and all(getattr(self, attr) == getattr(other, attr) for attr in self.may + self.must) + return ( + self.may == other.may + and self.must == other.must + and all( + getattr(self, attr) == getattr(other, attr) + for attr in self.may + self.must + ) + ) def __hash__(self): - return hash(self.dn) \ No newline at end of file + return hash(self.dn) diff --git a/canaille/models.py b/canaille/models.py index 58c88d7b..b1b85ae8 100644 --- a/canaille/models.py +++ b/canaille/models.py @@ -54,7 +54,9 @@ class User(LDAPObject): return user def load_groups(self, conn=None): - group_filter = current_app.config["LDAP"].get("GROUP_FILTER").format(user=self) + group_filter = ( + current_app.config["LDAP"].get("GROUP_USER_FILTER").format(user=self) + ) self._groups = Group.filter(filter=group_filter, conn=conn) @classmethod @@ -123,17 +125,13 @@ class User(LDAPObject): @property def groups(self): - # if hasattr(self.changes, "memberOf"): - # return [Group.get(group_dn) for group_dn in self.changes["memberOf"]] - # elif hasattr(self.attrs, "memberOf"): - # return [Group.get(group_dn) for group_dn in self.attrs["memberOf"]] - # return [] return self._groups - return [Group.get(dn=group_dn) for group_dn in self._groups] def set_groups(self, values, conn=None): before = self._groups - after = [v if isinstance(v, Group) else Group.get(dn=v, conn=conn) for v in values] + after = [ + v if isinstance(v, Group) else Group.get(dn=v, conn=conn) for v in values + ] to_add = set(after) - set(before) to_del = set(before) - set(after) for group in to_add: @@ -142,13 +140,16 @@ class User(LDAPObject): group.remove_member(self, conn=conn) self._groups = after + class Group(LDAPObject): id = "cn" @classmethod def available_groups(cls, conn=None): conn = conn or cls.ldap() - groups = cls.filter(objectClass=current_app.config["LDAP"].get("GROUP_CLASS"), conn=conn) + groups = cls.filter( + objectClass=current_app.config["LDAP"].get("GROUP_CLASS"), conn=conn + ) Group.attr_type_by_name(conn=conn) attribute = current_app.config["LDAP"].get("GROUP_NAME_ATTRIBUTE") return [(group[attribute][0], group.dn) for group in groups] @@ -164,6 +165,7 @@ class Group(LDAPObject): self.member = [m for m in self.member if m != user.dn] self.save(conn=conn) + class Client(LDAPObject, ClientMixin): object_class = ["oauthClient"] base = "ou=clients,ou=oauth" diff --git a/demo/conf/canaille.toml b/demo/conf/canaille.toml index 57217177..082a9642 100644 --- a/demo/conf/canaille.toml +++ b/demo/conf/canaille.toml @@ -85,6 +85,7 @@ FIELDS = [ GROUP_BASE = "ou=groups" GROUP_CLASS = "groupOfNames" GROUP_NAME_ATTRIBUTE = "cn" +GROUP_USER_FILTER = "(member={user.dn})" # The jwt configuration. You can generate a RSA keypair with: # ssh-keygen -t rsa -b 4096 -m PEM -f private.pem diff --git a/tests/conftest.py b/tests/conftest.py index 7030208b..5fcb2d1c 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -153,7 +153,7 @@ def app(slapd_server, keypair_path): "GROUP_BASE": "ou=groups", "GROUP_CLASS": "groupOfNames", "GROUP_NAME_ATTRIBUTE": "cn", - "GROUP_FILTER": "(member={user.dn})" + "GROUP_USER_FILTER": "(member={user.dn})", }, "JWT": { "PUBLIC_KEY": public_key_path, @@ -349,11 +349,12 @@ def cleanups(slapd_connection): for consent in Consent.filter(conn=slapd_connection): consent.delete(conn=slapd_connection) + @pytest.fixture def foo_group(app, user, slapd_connection): Group.ocs_by_name(slapd_connection) g = Group( - objectClass = ["groupOfNames"], + objectClass=["groupOfNames"], member=[user.dn], cn="foo", ) @@ -362,11 +363,12 @@ def foo_group(app, user, slapd_connection): user.load_groups(conn=slapd_connection) return g + @pytest.fixture def bar_group(app, admin, slapd_connection): Group.ocs_by_name(slapd_connection) g = Group( - objectClass = ["groupOfNames"], + objectClass=["groupOfNames"], member=[admin.dn], cn="bar", ) @@ -374,7 +376,8 @@ def bar_group(app, admin, slapd_connection): with app.app_context(): admin.load_groups(conn=slapd_connection) return g - + + @pytest.fixture def groups(foo_group, bar_group, slapd_connection): - return (foo_group, bar_group) \ No newline at end of file + return (foo_group, bar_group) diff --git a/tests/test_groups.py b/tests/test_groups.py index c79b3459..75ca8560 100644 --- a/tests/test_groups.py +++ b/tests/test_groups.py @@ -1,17 +1,21 @@ from canaille.models import Group, User + def test_no_group(app, slapd_connection): with app.app_context(): assert Group.available_groups(conn=slapd_connection) == [] + def test_set_groups(app, slapd_connection, user, foo_group, bar_group): with app.app_context(): Group.attr_type_by_name(conn=slapd_connection) a = User.attr_type_by_name(conn=slapd_connection) - user = User.get(dn=user.dn, conn=slapd_connection) - assert set(Group.available_groups(conn=slapd_connection)) == {("foo", foo_group.dn), ("bar", bar_group.dn)} + assert set(Group.available_groups(conn=slapd_connection)) == { + ("foo", foo_group.dn), + ("bar", bar_group.dn), + } foo_dns = {g.dn for g in foo_group.get_members(conn=slapd_connection)} assert user.dn in foo_dns assert user.groups[0].dn == foo_group.dn diff --git a/tests/test_ldap_utils.py b/tests/test_ldap_utils.py index 77839eba..f54792d6 100644 --- a/tests/test_ldap_utils.py +++ b/tests/test_ldap_utils.py @@ -1,7 +1,8 @@ from canaille.models import Group + def test_equality(slapd_connection, foo_group, bar_group): Group.attr_type_by_name(conn=slapd_connection) assert foo_group != bar_group foo_group2 = Group.get(dn=foo_group.dn, conn=slapd_connection) - assert foo_group == foo_group2 \ No newline at end of file + assert foo_group == foo_group2 diff --git a/tests/test_profile.py b/tests/test_profile.py index 5a0968df..f8b9097f 100644 --- a/tests/test_profile.py +++ b/tests/test_profile.py @@ -2,9 +2,16 @@ import mock from canaille.models import User -def test_profile(testclient, slapd_server, slapd_connection, logged_user, admin, foo_group, bar_group): +def test_profile( + testclient, slapd_server, slapd_connection, logged_user, admin, foo_group, bar_group +): res = testclient.get("/profile/user", status=200) - assert set(res.form["groups"].options) == set([("cn=foo,ou=groups,dc=slapd-test,dc=python-ldap,dc=org", False, "foo"), ("cn=bar,ou=groups,dc=slapd-test,dc=python-ldap,dc=org", False, "bar")]) + assert set(res.form["groups"].options) == set( + [ + ("cn=foo,ou=groups,dc=slapd-test,dc=python-ldap,dc=org", True, "foo"), + ("cn=bar,ou=groups,dc=slapd-test,dc=python-ldap,dc=org", False, "bar"), + ] + ) assert logged_user.groups == [foo_group] assert foo_group.member == [logged_user.dn] assert bar_group.member == [admin.dn] @@ -15,7 +22,10 @@ def test_profile(testclient, slapd_server, slapd_connection, logged_user, admin, res.form["mail"] = "email@mydomain.tld" res.form["telephoneNumber"] = "555-666-777" res.form["employeeNumber"] = 666 - res.form["groups"] = ["cn=foo,ou=groups,dc=slapd-test,dc=python-ldap,dc=org", "cn=bar,ou=groups,dc=slapd-test,dc=python-ldap,dc=org"] + res.form["groups"] = [ + "cn=foo,ou=groups,dc=slapd-test,dc=python-ldap,dc=org", + "cn=bar,ou=groups,dc=slapd-test,dc=python-ldap,dc=org", + ] res = res.form.submit(name="action", value="edit", status=200) assert "Profile updated successfuly." in res, str(res) @@ -34,7 +44,6 @@ def test_profile(testclient, slapd_server, slapd_connection, logged_user, admin, assert set(bar_group.member) == {admin.dn, logged_user.dn} assert set(logged_user.groups) == {foo_group, bar_group} - with testclient.app.app_context(): assert logged_user.check_password("correct horse battery staple") From 294b86a698ee969fe01b8ab212ccdce96e521e74 Mon Sep 17 00:00:00 2001 From: Camille Daniel Date: Thu, 3 Jun 2021 14:47:19 +0200 Subject: [PATCH 07/13] Only moderators and admin can edit user groups --- canaille/account.py | 17 ++++++++++++----- canaille/forms.py | 1 + tests/test_profile.py | 31 ++++++++++++++++++++++++------- 3 files changed, 37 insertions(+), 12 deletions(-) diff --git a/canaille/account.py b/canaille/account.py index 2948a7ee..efcc33e2 100644 --- a/canaille/account.py +++ b/canaille/account.py @@ -239,11 +239,13 @@ def profile_edition(user, username): abort(400) -def profile_edit(user, username): - menuitem = "profile" if username == user.uid[0] else "users" +def profile_edit(editor, username): + menuitem = "profile" if username == editor.uid[0] else "users" fields = current_app.config["LDAP"]["FIELDS"] - if username != user.uid[0]: + if username != editor.uid[0]: user = User.get(username) or abort(404) + else: + user = editor data = { k: getattr(user, k)[0] @@ -257,6 +259,8 @@ def profile_edit(user, username): form = profile_form(fields) form.process(CombinedMultiDict((request.files, request.form)) or None, data=data) form["uid"].render_kw["readonly"] = "true" + if "groups" in form and not editor.admin and not editor.moderator: + form["groups"].render_kw["disabled"] = "true" if request.form: if not form.validate(): @@ -264,7 +268,10 @@ def profile_edit(user, username): else: for attribute in form: - if attribute.name in user.may + user.must: + if ( + attribute.name in user.may + user.must + and not attribute.name == "uid" + ): if isinstance(attribute.data, FileStorage): data = attribute.data.stream.read() else: @@ -274,7 +281,7 @@ def profile_edit(user, username): user[attribute.name] = data else: user[attribute.name] = [data] - elif attribute.name == "groups": + elif attribute.name == "groups" and (editor.admin or editor.moderator): user.set_groups(attribute.data) if ( diff --git a/canaille/forms.py b/canaille/forms.py index 14749247..6160aa9f 100644 --- a/canaille/forms.py +++ b/canaille/forms.py @@ -142,5 +142,6 @@ def profile_form(field_names): fields["groups"] = wtforms.SelectMultipleField( _("Groups"), choices=[(group[1], group[0]) for group in Group.available_groups()], + render_kw={}, ) return wtforms.form.BaseForm(fields) diff --git a/tests/test_profile.py b/tests/test_profile.py index f8b9097f..778f3daf 100644 --- a/tests/test_profile.py +++ b/tests/test_profile.py @@ -15,8 +15,10 @@ def test_profile( assert logged_user.groups == [foo_group] assert foo_group.member == [logged_user.dn] assert bar_group.member == [admin.dn] + assert res.form["groups"].attrs["disabled"] + assert res.form["uid"].attrs["readonly"] - res.form["uid"] = "user" + res.form["uid"] = "toto" res.form["givenName"] = "given_name" res.form["sn"] = "family_name" res.form["mail"] = "email@mydomain.tld" @@ -40,9 +42,9 @@ def test_profile( foo_group.reload(slapd_connection) bar_group.reload(slapd_connection) - assert set(foo_group.member) == {logged_user.dn} - assert set(bar_group.member) == {admin.dn, logged_user.dn} - assert set(logged_user.groups) == {foo_group, bar_group} + assert logged_user.groups == [foo_group] + assert foo_group.member == [logged_user.dn] + assert bar_group.member == [admin.dn] with testclient.app.app_context(): assert logged_user.check_password("correct horse battery staple") @@ -127,7 +129,7 @@ def test_admin_bad_request(testclient, logged_moderator): def test_user_creation_edition_and_deletion( - testclient, slapd_connection, logged_moderator + testclient, slapd_connection, logged_moderator, foo_group, bar_group ): # The user does not exist. res = testclient.get("/users", status=200) @@ -148,14 +150,29 @@ def test_user_creation_edition_and_deletion( # User have been created res = res.form.submit(name="action", value="edit", status=302).follow(status=200) with testclient.app.app_context(): - assert "George" == User.get("george", conn=slapd_connection).givenName[0] + george = User.get("george", conn=slapd_connection) + assert "George" == george.givenName[0] + assert george.groups == [] assert "george" in testclient.get("/users", status=200).text + assert "disabled" not in res.form["groups"].attrs + res.form["givenName"] = "Georgio" + res.form["groups"] = [ + "cn=foo,ou=groups,dc=slapd-test,dc=python-ldap,dc=org", + "cn=bar,ou=groups,dc=slapd-test,dc=python-ldap,dc=org", + ] # User have been edited res = res.form.submit(name="action", value="edit", status=200) with testclient.app.app_context(): - assert "Georgio" == User.get("george", conn=slapd_connection).givenName[0] + george = User.get("george", conn=slapd_connection) + assert "Georgio" == george.givenName[0] + foo_group.reload(slapd_connection) + bar_group.reload(slapd_connection) + assert george.dn in set(foo_group.member) + assert george.dn in set(bar_group.member) + assert set(george.groups) == {foo_group, bar_group} + assert "george" in testclient.get("/users", status=200).text assert "george" in testclient.get("/users", status=200).text # User have been deleted. From f1ac9e140a2698337f65951b61ead9eec82d546b Mon Sep 17 00:00:00 2001 From: Camille Daniel Date: Thu, 3 Jun 2021 17:24:36 +0200 Subject: [PATCH 08/13] Add groups claim and scope --- .../oauth-authorization-server.sample.json | 2 +- .../conf/openid-configuration.sample.json | 2 +- canaille/oauth.py | 1 + canaille/oauth2utils.py | 5 ++ demo/client/__init__.py | 2 +- demo/client/templates/index.html | 5 +- demo/conf/oauth-authorization-server.json | 2 +- demo/conf/openid-configuration.json | 2 +- demo/ldif/bootstrap.ldif | 2 + tests/conftest.py | 11 +++- tests/test_authorization_code_flow.py | 8 +-- tests/test_hybrid_flow.py | 7 ++- tests/test_implicit_flow.py | 57 ++++++++++++++++++- tests/test_password_flow.py | 4 +- 14 files changed, 90 insertions(+), 20 deletions(-) diff --git a/canaille/conf/oauth-authorization-server.sample.json b/canaille/conf/oauth-authorization-server.sample.json index b365b625..7e4565c6 100644 --- a/canaille/conf/oauth-authorization-server.sample.json +++ b/canaille/conf/oauth-authorization-server.sample.json @@ -18,7 +18,7 @@ "https://mydomain.tld/oauth/register", "scopes_supported": ["openid", "profile", "email", "address", - "phone"], + "phone", "groups"], "response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "token id_token"], diff --git a/canaille/conf/openid-configuration.sample.json b/canaille/conf/openid-configuration.sample.json index bca02049..f4986470 100644 --- a/canaille/conf/openid-configuration.sample.json +++ b/canaille/conf/openid-configuration.sample.json @@ -22,7 +22,7 @@ "https://mydomain.tld/oauth/register", "scopes_supported": ["openid", "profile", "email", "address", - "phone"], + "phone", "groups"], "response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "token id_token"], diff --git a/canaille/oauth.py b/canaille/oauth.py index 978fc3ee..de3b24cc 100644 --- a/canaille/oauth.py +++ b/canaille/oauth.py @@ -27,6 +27,7 @@ CLAIMS = { "email": ("at", _("Your email address.")), "address": ("envelope open outline", _("Your postal address.")), "phone": ("phone", _("Your phone number.")), + "groups": ("users", _("Groups you are belonging to")), } diff --git a/canaille/oauth2utils.py b/canaille/oauth2utils.py index 856ef6ed..481bdb95 100644 --- a/canaille/oauth2utils.py +++ b/canaille/oauth2utils.py @@ -61,6 +61,8 @@ def generate_user_info(user, scope): fields += ["address"] if "phone" in scope: fields += ["phone_number", "phone_number_verified"] + if "groups" in scope: + fields += ["groups"] data = {} for field in fields: @@ -69,6 +71,9 @@ def generate_user_info(user, scope): data[field] = user.__getattr__(ldap_field_match) if isinstance(data[field], list): data[field] = data[field][0] + if field == "groups": + group_name_attr = current_app.config["LDAP"]["GROUP_NAME_ATTRIBUTE"] + data[field] = [getattr(g, group_name_attr)[0] for g in user.groups] return UserInfo(**data) diff --git a/demo/client/__init__.py b/demo/client/__init__.py index 437ec9d7..b2231164 100644 --- a/demo/client/__init__.py +++ b/demo/client/__init__.py @@ -17,7 +17,7 @@ def create_app(): server_metadata_url=get_well_known_url( app.config["OAUTH_AUTH_SERVER"], external=True ), - client_kwargs={"scope": "openid profile email"}, + client_kwargs={"scope": "openid profile email groups"}, ) @app.route("/") diff --git a/demo/client/templates/index.html b/demo/client/templates/index.html index 0f9455e6..fbc11288 100644 --- a/demo/client/templates/index.html +++ b/demo/client/templates/index.html @@ -53,7 +53,10 @@

{{ name }}

{% if user %} - Welcome {{ user.name }} +

Welcome {{ user.name }}

+ {% if user.groups %} +

You're a member of the following groups: {{ user.groups }}

+ {% endif %} {% else %} Welcome, please log-in. {% endif %} diff --git a/demo/conf/oauth-authorization-server.json b/demo/conf/oauth-authorization-server.json index 6f75b2ae..49ccc456 100644 --- a/demo/conf/oauth-authorization-server.json +++ b/demo/conf/oauth-authorization-server.json @@ -18,7 +18,7 @@ "http://localhost:5000/oauth/register", "scopes_supported": ["openid", "profile", "email", "address", - "phone"], + "phone", "groups"], "response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "token id_token"], diff --git a/demo/conf/openid-configuration.json b/demo/conf/openid-configuration.json index e6e732a1..060c5db3 100644 --- a/demo/conf/openid-configuration.json +++ b/demo/conf/openid-configuration.json @@ -22,7 +22,7 @@ "http://localhost:5000/oauth/register", "scopes_supported": ["openid", "profile", "email", "address", - "phone"], + "phone", "groups"], "response_types_supported": ["code", "token", "id_token", "code token", "code id_token", "token id_token"], diff --git a/demo/ldif/bootstrap.ldif b/demo/ldif/bootstrap.ldif index ca26a75a..ceaef211 100644 --- a/demo/ldif/bootstrap.ldif +++ b/demo/ldif/bootstrap.ldif @@ -94,6 +94,7 @@ oauthGrantType: refresh_token oauthScope: openid oauthScope: profile oauthScope: email +oauthScope: groups oauthResponseType: code oauthResponseType: id_token oauthTokenEndpointAuthMethod: client_secret_basic @@ -111,6 +112,7 @@ oauthGrantType: refresh_token oauthScope: openid oauthScope: profile oauthScope: email +oauthScope: groups oauthResponseType: code oauthResponseType: id_token oauthTokenEndpointAuthMethod: client_secret_basic diff --git a/tests/conftest.py b/tests/conftest.py index 5fcb2d1c..ae0cf300 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -215,7 +215,7 @@ def client(app, slapd_connection): "refresh_token", ], oauthResponseType=["code", "token", "id_token"], - oauthScope=["openid", "profile"], + oauthScope=["openid", "profile", "groups"], oauthTermsOfServiceURI="https://mydomain.tld/tos", oauthPolicyURI="https://mydomain.tld/policy", oauthJWKURI="https://mydomain.tld/jwk", @@ -361,7 +361,10 @@ def foo_group(app, user, slapd_connection): g.save(slapd_connection) with app.app_context(): user.load_groups(conn=slapd_connection) - return g + yield g + user._groups = [] + g.delete(conn=slapd_connection) + @pytest.fixture @@ -375,7 +378,9 @@ def bar_group(app, admin, slapd_connection): g.save(slapd_connection) with app.app_context(): admin.load_groups(conn=slapd_connection) - return g + yield g + admin._groups = [] + g.delete(conn=slapd_connection) @pytest.fixture diff --git a/tests/test_authorization_code_flow.py b/tests/test_authorization_code_flow.py index 8390a6e2..33d62619 100644 --- a/tests/test_authorization_code_flow.py +++ b/tests/test_authorization_code_flow.py @@ -47,7 +47,7 @@ def test_authorization_code_flow(testclient, slapd_connection, logged_user, clie headers={"Authorization": f"Bearer {access_token}"}, status=200, ) - assert {"name": "John Doe", "family_name": "Doe", "sub": "user"} == res.json + assert {"name": "John Doe", "family_name": "Doe", "sub": "user", "groups": []} == res.json def test_logout_login(testclient, slapd_connection, logged_user, client): @@ -105,7 +105,7 @@ def test_logout_login(testclient, slapd_connection, logged_user, client): headers={"Authorization": f"Bearer {access_token}"}, status=200, ) - assert {"name": "John Doe", "family_name": "Doe", "sub": "user"} == res.json + assert {"name": "John Doe", "family_name": "Doe", "sub": "user", "groups": []} == res.json def test_refresh_token(testclient, slapd_connection, logged_user, client): @@ -164,7 +164,7 @@ def test_refresh_token(testclient, slapd_connection, logged_user, client): headers={"Authorization": f"Bearer {access_token}"}, status=200, ) - assert {"name": "John Doe", "family_name": "Doe", "sub": "user"} == res.json + assert {"name": "John Doe", "family_name": "Doe", "sub": "user", "groups": []} == res.json def test_code_challenge(testclient, slapd_connection, logged_user, client): @@ -218,7 +218,7 @@ def test_code_challenge(testclient, slapd_connection, logged_user, client): headers={"Authorization": f"Bearer {access_token}"}, status=200, ) - assert {"name": "John Doe", "family_name": "Doe", "sub": "user"} == res.json + assert {"name": "John Doe", "family_name": "Doe", "sub": "user", "groups": []} == res.json client.oauthTokenEndpointAuthMethod = "client_secret_basic" client.save(slapd_connection) diff --git a/tests/test_hybrid_flow.py b/tests/test_hybrid_flow.py index 17148337..479a1cef 100644 --- a/tests/test_hybrid_flow.py +++ b/tests/test_hybrid_flow.py @@ -1,9 +1,10 @@ from authlib.jose import jwt from urllib.parse import urlsplit, parse_qs -from canaille.models import AuthorizationCode, Token +from canaille.models import AuthorizationCode, Token, User def test_oauth_hybrid(testclient, slapd_connection, user, client): + User.attr_type_by_name(slapd_connection) res = testclient.get( "/oauth/authorize", params=dict( @@ -41,7 +42,7 @@ def test_oauth_hybrid(testclient, slapd_connection, user, client): headers={"Authorization": f"Bearer {access_token}"}, status=200, ) - assert {"name": "John Doe", "family_name": "Doe", "sub": "user"} == res.json + assert {"name": "John Doe", "family_name": "Doe", "sub": "user", "groups": []} == res.json def test_oidc_hybrid(testclient, slapd_connection, logged_user, client, keypair): @@ -80,4 +81,4 @@ def test_oidc_hybrid(testclient, slapd_connection, logged_user, client, keypair) headers={"Authorization": f"Bearer {access_token}"}, status=200, ) - assert {"name": "John Doe", "family_name": "Doe", "sub": "user"} == res.json + assert {"name": "John Doe", "family_name": "Doe", "sub": "user", "groups": []} == res.json diff --git a/tests/test_implicit_flow.py b/tests/test_implicit_flow.py index e954a767..9fd2c50e 100644 --- a/tests/test_implicit_flow.py +++ b/tests/test_implicit_flow.py @@ -40,7 +40,7 @@ def test_oauth_implicit(testclient, slapd_connection, user, client): "/oauth/userinfo", headers={"Authorization": f"Bearer {access_token}"} ) assert "application/json" == res.content_type - assert {"name": "John Doe", "sub": "user", "family_name": "Doe"} == res.json + assert {"name": "John Doe", "sub": "user", "family_name": "Doe", "groups": []} == res.json client.oauthGrantType = ["code"] client.oauthTokenEndpointAuthMethod = "client_secret_basic" @@ -92,7 +92,60 @@ def test_oidc_implicit(testclient, keypair, slapd_connection, user, client): status=200, ) assert "application/json" == res.content_type - assert {"name": "John Doe", "sub": "user", "family_name": "Doe"} == res.json + assert {"name": "John Doe", "sub": "user", "family_name": "Doe", "groups": []} == res.json + + client.oauthGrantType = ["code"] + client.oauthTokenEndpointAuthMethod = "client_secret_basic" + client.save(slapd_connection) + + +def test_oidc_implicit_with_group(testclient, keypair, slapd_connection, user, client, foo_group): + client.oauthGrantType = ["token id_token"] + client.oauthTokenEndpointAuthMethod = "none" + + client.save(slapd_connection) + + res = testclient.get( + "/oauth/authorize", + params=dict( + response_type="id_token token", + client_id=client.oauthClientID, + scope="openid profile groups", + nonce="somenonce", + ), + ) + assert "text/html" == res.content_type + + res.form["login"] = "user" + res.form["password"] = "correct horse battery staple" + res = res.form.submit(status=302) + + res = res.follow(status=200) + assert "text/html" == res.content_type, res.json + + res = res.form.submit(name="answer", value="accept", status=302) + + assert res.location.startswith(client.oauthRedirectURIs[0]) + params = parse_qs(urlsplit(res.location).fragment) + + access_token = params["access_token"][0] + token = Token.get(access_token, conn=slapd_connection) + assert token is not None + + id_token = params["id_token"][0] + claims = jwt.decode(id_token, keypair[1]) + assert user.uid[0] == claims["sub"] + assert user.cn[0] == claims["name"] + assert [client.oauthClientID] == claims["aud"] + assert ["foo"] == claims["groups"] + + res = testclient.get( + "/oauth/userinfo", + headers={"Authorization": f"Bearer {access_token}"}, + status=200, + ) + assert "application/json" == res.content_type + assert {"name": "John Doe", "sub": "user", "family_name": "Doe", "groups": ["foo"]} == res.json client.oauthGrantType = ["code"] client.oauthTokenEndpointAuthMethod = "client_secret_basic" diff --git a/tests/test_password_flow.py b/tests/test_password_flow.py index 1a9294bf..07efe2d1 100644 --- a/tests/test_password_flow.py +++ b/tests/test_password_flow.py @@ -15,7 +15,7 @@ def test_password_flow(testclient, slapd_connection, user, client): status=200, ) - assert res.json["scope"] == "openid profile" + assert res.json["scope"] == "openid profile groups" assert res.json["token_type"] == "Bearer" access_token = res.json["access_token"] @@ -27,4 +27,4 @@ def test_password_flow(testclient, slapd_connection, user, client): headers={"Authorization": f"Bearer {access_token}"}, status=200, ) - assert {"name": "John Doe", "sub": "user", "family_name": "Doe"} == res.json + assert {"name": "John Doe", "sub": "user", "family_name": "Doe", "groups": []} == res.json From aed6b18aa8b64ebb654abb864be895ea6f79008f Mon Sep 17 00:00:00 2001 From: Camille Daniel Date: Thu, 1 Jul 2021 18:21:20 +0200 Subject: [PATCH 09/13] Show groups and enable group creation --- .gitignore | 1 + canaille/__init__.py | 2 ++ canaille/forms.py | 10 ++++++ canaille/groups.py | 62 ++++++++++++++++++++++++++++++++++ canaille/models.py | 5 +++ canaille/templates/base.html | 5 +++ canaille/templates/group.html | 58 +++++++++++++++++++++++++++++++ canaille/templates/groups.html | 19 +++++++++++ tests/conftest.py | 5 --- tests/test_groups.py | 44 ++++++++++++++++++++++-- 10 files changed, 203 insertions(+), 8 deletions(-) create mode 100644 canaille/groups.py create mode 100644 canaille/templates/group.html create mode 100644 canaille/templates/groups.html diff --git a/.gitignore b/.gitignore index b26f8a3a..e9d0a903 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,4 @@ canaille/conf/openid-configuration.json canaille/conf/*.pem canaille/conf/*.pub canaille/conf/*.key +.vscode \ No newline at end of file diff --git a/canaille/__init__.py b/canaille/__init__.py index d55e249a..e0ecfa64 100644 --- a/canaille/__init__.py +++ b/canaille/__init__.py @@ -11,6 +11,7 @@ import canaille.consents import canaille.commands.clean import canaille.oauth import canaille.account +import canaille.groups import canaille.well_known from cryptography.hazmat.primitives import serialization as crypto_serialization @@ -135,6 +136,7 @@ def setup_app(app): config_oauth(app) setup_ldap_tree(app) app.register_blueprint(canaille.account.bp) + app.register_blueprint(canaille.groups.bp, url_prefix="/groups") app.register_blueprint(canaille.oauth.bp, url_prefix="/oauth") app.register_blueprint(canaille.commands.clean.bp) app.register_blueprint(canaille.consents.bp, url_prefix="/consent") diff --git a/canaille/forms.py b/canaille/forms.py index 6160aa9f..8acebf03 100644 --- a/canaille/forms.py +++ b/canaille/forms.py @@ -145,3 +145,13 @@ def profile_form(field_names): render_kw={}, ) return wtforms.form.BaseForm(fields) + + +class GroupForm(FlaskForm): + name = wtforms.StringField( + _("Name"), + validators=[wtforms.validators.DataRequired()], + render_kw={ + "placeholder": _("group"), + }, + ) diff --git a/canaille/groups.py b/canaille/groups.py new file mode 100644 index 00000000..abb55904 --- /dev/null +++ b/canaille/groups.py @@ -0,0 +1,62 @@ +from flask import Blueprint, render_template, redirect, url_for, request, flash, current_app, abort +from flask_babel import gettext as _ + +from .flaskutils import moderator_needed +from .forms import GroupForm +from .models import Group + +bp = Blueprint("groups", __name__) + +@bp.route("/") +@moderator_needed() +def groups(user): + groups = Group.filter(objectClass=current_app.config["LDAP"]["GROUP_CLASS"]) + return render_template("groups.html", groups=groups, menuitem="groups") + +@bp.route("/add", methods=("GET", "POST")) +@moderator_needed() +def create_group(user): + form = GroupForm(request.form or None) + try: + if "name" in form: + del form["name"].render_kw["disabled"] + except KeyError: + pass + + if request.form: + if not form.validate(): + flash(_("Group creation failed."), "error") + else: + group = Group(objectClass=current_app.config["LDAP"]["GROUP_CLASS"]) + group.member = [user.dn] + group.cn = [form.name.data] + group.save() + return redirect(url_for("groups.groups")) + + return render_template( + "group.html", + form=form, + edited_group=None, + members=None + ) + +@bp.route("/", methods=("GET", "POST")) +@moderator_needed() +def group(user, groupname): + group = Group.get(groupname) or abort(404) + form = GroupForm(request.form or None, data={"name": group.name}) + form["name"].render_kw["disabled"] = "true" + + if request.form: + if form.validate(): + group.save() + else: + flash(_("Group edition failed."), "error") + + return render_template( + "group.html", + form=form, + edited_group=group, + members=group.get_members() + ) + diff --git a/canaille/models.py b/canaille/models.py index b1b85ae8..c0b655e4 100644 --- a/canaille/models.py +++ b/canaille/models.py @@ -154,6 +154,11 @@ class Group(LDAPObject): attribute = current_app.config["LDAP"].get("GROUP_NAME_ATTRIBUTE") return [(group[attribute][0], group.dn) for group in groups] + @property + def name(self): + attribute = current_app.config["LDAP"].get("GROUP_NAME_ATTRIBUTE") + return self[attribute][0] + def get_members(self, conn=None): return [User.get(dn=user_dn, conn=conn) for user_dn in self.member] diff --git a/canaille/templates/base.html b/canaille/templates/base.html index fabd8afe..ef4e43ac 100644 --- a/canaille/templates/base.html +++ b/canaille/templates/base.html @@ -47,6 +47,11 @@ {% trans %}Users{% endtrans %} + + + {% trans %}Groups{% endtrans %} + {% endif %} {% if user.admin %}
diff --git a/canaille/templates/group.html b/canaille/templates/group.html new file mode 100644 index 00000000..19856847 --- /dev/null +++ b/canaille/templates/group.html @@ -0,0 +1,58 @@ +{% extends 'base.html' %} +{% import 'fomanticui.j2' as sui %} +{% import 'flask.j2' as flask %} + +{% block content %} +{% if edited_group %} +
+

{% trans %}Members{% endtrans %}

+ +
+{% endif %} + +
+

+
+ {% if not edited_group %} + {% trans %}Group creation{% endtrans %} + {% else %} + {% trans %}Group edition{% endtrans %} + {% endif %} +
+ +
+ {% if not edited_group %} + {% trans %}Create a new group{% endtrans %} + {% else %} + {% trans %}Edit informations about a group{% endtrans %} + {% endif %} +
+

+ + {{ flask.messages() }} + +
+ {{ form.hidden_tag() if form.hidden_tag }} + {{ sui.render_field(form.name) }} + +
+
+{% endblock %} diff --git a/canaille/templates/groups.html b/canaille/templates/groups.html new file mode 100644 index 00000000..94d87286 --- /dev/null +++ b/canaille/templates/groups.html @@ -0,0 +1,19 @@ +{% extends 'base.html' %} + +{% block content %} +
+ {% trans %}Add a group{% endtrans %} +
+ +
+

{% trans %}Groups{% endtrans %}

+ +
+{% endblock %} \ No newline at end of file diff --git a/tests/conftest.py b/tests/conftest.py index 5ffb5155..0232b165 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -380,8 +380,3 @@ def bar_group(app, admin, slapd_connection): yield g admin._groups = [] g.delete(conn=slapd_connection) - - -@pytest.fixture -def groups(foo_group, bar_group, slapd_connection): - return (foo_group, bar_group) diff --git a/tests/test_groups.py b/tests/test_groups.py index 75ca8560..abbb7291 100644 --- a/tests/test_groups.py +++ b/tests/test_groups.py @@ -9,7 +9,7 @@ def test_no_group(app, slapd_connection): def test_set_groups(app, slapd_connection, user, foo_group, bar_group): with app.app_context(): Group.attr_type_by_name(conn=slapd_connection) - a = User.attr_type_by_name(conn=slapd_connection) + User.attr_type_by_name(conn=slapd_connection) user = User.get(dn=user.dn, conn=slapd_connection) assert set(Group.available_groups(conn=slapd_connection)) == { @@ -21,14 +21,52 @@ def test_set_groups(app, slapd_connection, user, foo_group, bar_group): assert user.groups[0].dn == foo_group.dn user.set_groups([foo_group, bar_group], conn=slapd_connection) + bar_dns = {g.dn for g in bar_group.get_members(conn=slapd_connection)} assert user.dn in bar_dns - assert user.groups[1].dn == bar_group.dn user.set_groups([foo_group], conn=slapd_connection) + foo_dns = {g.dn for g in foo_group.get_members(conn=slapd_connection)} bar_dns = {g.dn for g in bar_group.get_members(conn=slapd_connection)} - assert user.dn in foo_dns assert user.dn not in bar_dns + +def test_group_creation(testclient, slapd_connection, logged_moderator, foo_group): + # The group does not exist + res = testclient.get("/groups", status=200) + with testclient.app.app_context(): + assert Group.get("bar", conn=slapd_connection) is None + assert Group.get("foo", conn=slapd_connection) == foo_group + assert "bar" not in res.text + assert "foo" in res.text + + # Fill the form for a new group + res = testclient.get("/groups/add", status=200) + res.form["name"] = "bar" + + # Group has been created + res = res.form.submit(status=302).follow(status=200) + + with testclient.app.app_context(): + bar_group = Group.get("bar", conn=slapd_connection) + assert bar_group.name == "bar" + assert [member.dn for member in bar_group.get_members(conn=slapd_connection)] == [logged_moderator.dn] # Group cannot be empty so creator is added in it + assert "bar" in res.text + + # Group name can not be edited + res = testclient.get("/groups/bar", status=200) + res.form["name"] = "bar2" + + res = res.form.submit(status=200) + + with testclient.app.app_context(): + bar_group = Group.get("bar", conn=slapd_connection) + assert bar_group.name == "bar" + assert Group.get("bar2", conn=slapd_connection) is None + members = bar_group.get_members(conn=slapd_connection) + for member in members: + assert member.name in res.text + + # TODO: Group is deleted From 9780fc9eedb382dc4769bd576e2e16a1c589358d Mon Sep 17 00:00:00 2001 From: Camille Daniel Date: Thu, 29 Jul 2021 11:37:02 +0200 Subject: [PATCH 10/13] Enable group deletion --- canaille/groups.py | 14 ++++++++ canaille/static/js/{profile.js => confirm.js} | 0 canaille/templates/base.html | 6 ++-- canaille/templates/group.html | 34 ++++++++++++++++++- canaille/templates/groups.html | 3 ++ canaille/templates/profile.html | 2 +- canaille/templates/users.html | 2 ++ tests/test_groups.py | 15 ++++++-- 8 files changed, 68 insertions(+), 8 deletions(-) rename canaille/static/js/{profile.js => confirm.js} (100%) diff --git a/canaille/groups.py b/canaille/groups.py index abb55904..b369d939 100644 --- a/canaille/groups.py +++ b/canaille/groups.py @@ -44,6 +44,16 @@ def create_group(user): @moderator_needed() def group(user, groupname): group = Group.get(groupname) or abort(404) + + if request.method == "GET" or request.form.get("action") == "edit": + return edit_group(group) + + if request.form.get("action") == "delete": + return delete_group(group) + + abort(400) + +def edit_group(group): form = GroupForm(request.form or None, data={"name": group.name}) form["name"].render_kw["disabled"] = "true" @@ -60,3 +70,7 @@ def group(user, groupname): members=group.get_members() ) +def delete_group(group): + flash(_("The group %(group)s has been sucessfully deleted", group=group.name), "success") + group.delete() + return redirect(url_for("groups.groups")) diff --git a/canaille/static/js/profile.js b/canaille/static/js/confirm.js similarity index 100% rename from canaille/static/js/profile.js rename to canaille/static/js/confirm.js diff --git a/canaille/templates/base.html b/canaille/templates/base.html index ef4e43ac..62dd8b2c 100644 --- a/canaille/templates/base.html +++ b/canaille/templates/base.html @@ -48,9 +48,9 @@ {% trans %}Users{% endtrans %} - - {% trans %}Groups{% endtrans %} + href="{{ url_for('groups.groups') }}"> + + {% trans %}Groups{% endtrans %} {% endif %} {% if user.admin %} diff --git a/canaille/templates/group.html b/canaille/templates/group.html index 19856847..20602c42 100644 --- a/canaille/templates/group.html +++ b/canaille/templates/group.html @@ -2,7 +2,29 @@ {% import 'fomanticui.j2' as sui %} {% import 'flask.j2' as flask %} +{% block script %} + +{% endblock %} + {% block content %} +{% if edited_group %} +
+
+ + {% trans %}Group deletion{% endtrans %} +
+
+

+ {% trans %}Are you sure you want to delete this group? This action is unrevokable and all the data about this group will be removed.{% endtrans %} +

+
+
+
{% trans %}Cancel{% endtrans %}
+
{% trans %}Delete{% endtrans %}
+
+
+{% endif %} + {% if edited_group %}

{% trans %}Members{% endtrans %}

@@ -46,13 +68,23 @@ > {{ form.hidden_tag() if form.hidden_tag }} {{ sui.render_field(form.name) }} - + {% if edited_group %} + + {% endif %}
{% endblock %} diff --git a/canaille/templates/groups.html b/canaille/templates/groups.html index 94d87286..1eff5f5f 100644 --- a/canaille/templates/groups.html +++ b/canaille/templates/groups.html @@ -1,6 +1,9 @@ {% extends 'base.html' %} +{% import 'flask.j2' as flask %} {% block content %} +{{ flask.messages() }} +
{% trans %}Add a group{% endtrans %}
diff --git a/canaille/templates/profile.html b/canaille/templates/profile.html index 2bd6414a..0dbfcf3e 100644 --- a/canaille/templates/profile.html +++ b/canaille/templates/profile.html @@ -3,7 +3,7 @@ {% import 'flask.j2' as flask %} {% block script %} - + {% endblock %} {% block content %} diff --git a/canaille/templates/users.html b/canaille/templates/users.html index 3669b215..432d332a 100644 --- a/canaille/templates/users.html +++ b/canaille/templates/users.html @@ -1,4 +1,5 @@ {% extends 'base.html' %} +{% import 'flask.j2' as flask %} {% block style %} @@ -12,6 +13,7 @@ {% endblock %} {% block content %} +{{ flask.messages() }}
{% trans %}Add a user{% endtrans %} diff --git a/tests/test_groups.py b/tests/test_groups.py index abbb7291..70fd625a 100644 --- a/tests/test_groups.py +++ b/tests/test_groups.py @@ -33,7 +33,7 @@ def test_set_groups(app, slapd_connection, user, foo_group, bar_group): assert user.dn in foo_dns assert user.dn not in bar_dns -def test_group_creation(testclient, slapd_connection, logged_moderator, foo_group): +def test_moderator_can_create_edit_and_delete_group(testclient, slapd_connection, logged_moderator, foo_group): # The group does not exist res = testclient.get("/groups", status=200) with testclient.app.app_context(): @@ -59,7 +59,7 @@ def test_group_creation(testclient, slapd_connection, logged_moderator, foo_grou res = testclient.get("/groups/bar", status=200) res.form["name"] = "bar2" - res = res.form.submit(status=200) + res = res.form.submit(name="action", value="edit", status=200) with testclient.app.app_context(): bar_group = Group.get("bar", conn=slapd_connection) @@ -69,4 +69,13 @@ def test_group_creation(testclient, slapd_connection, logged_moderator, foo_grou for member in members: assert member.name in res.text - # TODO: Group is deleted + # Group is deleted + res = res.form.submit(name="action", value="delete", status=302).follow(status=200) + with testclient.app.app_context(): + assert Group.get("bar", conn=slapd_connection) is None + assert "The group bar has been sucessfully deleted" in res.text + +def test_simple_user_cannot_view_or_edit_groups(testclient, slapd_connection, logged_user, foo_group): + testclient.get("/groups", status=403) + testclient.get("/groups/add", status=403) + testclient.get("/groups/foo", status=403) From afb9cce2677d8e2f42a46225c183e94bbdc77501 Mon Sep 17 00:00:00 2001 From: Camille Daniel Date: Thu, 29 Jul 2021 11:50:13 +0200 Subject: [PATCH 11/13] Move flask.messages() to base.html to avoid forgotten pages and message displayed on the wrong page --- canaille/templates/about.html | 2 -- canaille/templates/admin/authorization_view.html | 3 --- canaille/templates/admin/client_add.html | 3 --- canaille/templates/admin/client_edit.html | 3 --- canaille/templates/admin/client_list.html | 3 --- canaille/templates/admin/token_view.html | 3 --- canaille/templates/base.html | 3 +++ canaille/templates/consent_list.html | 3 --- canaille/templates/firstlogin.html | 3 --- canaille/templates/forgotten-password.html | 3 --- canaille/templates/group.html | 3 --- canaille/templates/groups.html | 3 --- canaille/templates/login.html | 3 --- canaille/templates/password.html | 3 --- canaille/templates/profile.html | 3 --- canaille/templates/reset-password.html | 3 --- canaille/templates/users.html | 3 --- 17 files changed, 3 insertions(+), 47 deletions(-) diff --git a/canaille/templates/about.html b/canaille/templates/about.html index a369d4cd..d631471b 100644 --- a/canaille/templates/about.html +++ b/canaille/templates/about.html @@ -1,6 +1,5 @@ {% extends 'base.html' %} {% import 'fomanticui.j2' as sui %} -{% import 'flask.j2' as flask %} {% block content %}
@@ -8,7 +7,6 @@ {{ website_name }} - {{ flask.messages() }}

{{ _("About canaille") }} diff --git a/canaille/templates/admin/authorization_view.html b/canaille/templates/admin/authorization_view.html index 11192da5..3424a132 100644 --- a/canaille/templates/admin/authorization_view.html +++ b/canaille/templates/admin/authorization_view.html @@ -1,6 +1,5 @@ {% extends 'base.html' %} {% import 'fomanticui.j2' as sui %} -{% import 'flask.j2' as flask %} {% block content %}
@@ -8,8 +7,6 @@ {% trans %}View a authorization{% endtrans %}

- {{ flask.messages() }} -
    {% for attr in authorization.may %} diff --git a/canaille/templates/admin/client_add.html b/canaille/templates/admin/client_add.html index de08ce21..e628f4e2 100644 --- a/canaille/templates/admin/client_add.html +++ b/canaille/templates/admin/client_add.html @@ -1,6 +1,5 @@ {% extends 'base.html' %} {% import 'fomanticui.j2' as sui %} -{% import 'flask.j2' as flask %} {% block content %}
    @@ -8,8 +7,6 @@ {% trans %}Add a client{% endtrans %} - {{ flask.messages() }} -
    {{ sui.render_form(form, _("Confirm")) }}
    diff --git a/canaille/templates/admin/client_edit.html b/canaille/templates/admin/client_edit.html index 71d18ced..9edd16e3 100644 --- a/canaille/templates/admin/client_edit.html +++ b/canaille/templates/admin/client_edit.html @@ -1,6 +1,5 @@ {% extends 'base.html' %} {% import 'fomanticui.j2' as sui %} -{% import 'flask.j2' as flask %} {% block script %} @@ -26,8 +25,6 @@ {% trans %}Edit a client{% endtrans %} - {{ flask.messages() }} -
    diff --git a/canaille/templates/admin/client_list.html b/canaille/templates/admin/client_list.html index b4a61da4..0152d9a6 100644 --- a/canaille/templates/admin/client_list.html +++ b/canaille/templates/admin/client_list.html @@ -1,5 +1,4 @@ {% extends 'base.html' %} -{% import 'flask.j2' as flask %} {% block style %} @@ -14,8 +13,6 @@ {% block content %} -{{ flask.messages() }} -
    {% trans %}Add client{% endtrans %}
    diff --git a/canaille/templates/admin/token_view.html b/canaille/templates/admin/token_view.html index b7d567b4..2d8980c1 100644 --- a/canaille/templates/admin/token_view.html +++ b/canaille/templates/admin/token_view.html @@ -1,6 +1,5 @@ {% extends 'base.html' %} {% import 'fomanticui.j2' as sui %} -{% import 'flask.j2' as flask %} {% block content %}
    @@ -8,8 +7,6 @@ {% trans %}View a token{% endtrans %} - {{ flask.messages() }} -
      {% for attr in token.may %} diff --git a/canaille/templates/base.html b/canaille/templates/base.html index 62dd8b2c..4d8198dd 100644 --- a/canaille/templates/base.html +++ b/canaille/templates/base.html @@ -1,3 +1,5 @@ +{% import 'flask.j2' as flask %} + @@ -87,6 +89,7 @@
      + {{ flask.messages() }} {% block content %}{% endblock %}
      diff --git a/canaille/templates/consent_list.html b/canaille/templates/consent_list.html index f182b7c4..14380fd9 100644 --- a/canaille/templates/consent_list.html +++ b/canaille/templates/consent_list.html @@ -1,5 +1,4 @@ {% extends 'base.html' %} -{% import 'flask.j2' as flask %} {% block style %} @@ -23,8 +22,6 @@
    - {{ flask.messages() }} - {% if consents %}
    {% for consent in consents %} diff --git a/canaille/templates/firstlogin.html b/canaille/templates/firstlogin.html index 4c9103f3..b9cb948f 100644 --- a/canaille/templates/firstlogin.html +++ b/canaille/templates/firstlogin.html @@ -1,6 +1,5 @@ {% extends 'base.html' %} {% import 'fomanticui.j2' as sui %} -{% import 'flask.j2' as flask %} {% block content %}
    @@ -13,8 +12,6 @@
    - {{ flask.messages() }} -
    {% trans %} It seems this is the first time you are logging here. In order to finalize your diff --git a/canaille/templates/forgotten-password.html b/canaille/templates/forgotten-password.html index 436f2bfb..d2abfaca 100644 --- a/canaille/templates/forgotten-password.html +++ b/canaille/templates/forgotten-password.html @@ -1,6 +1,5 @@ {% extends 'base.html' %} {% import 'fomanticui.j2' as sui %} -{% import 'flask.j2' as flask %} {% block content %}
    @@ -13,8 +12,6 @@
    - {{ flask.messages() }} -
    {% trans %} After this form is sent, if the email address or the login you provided diff --git a/canaille/templates/group.html b/canaille/templates/group.html index 20602c42..a5973597 100644 --- a/canaille/templates/group.html +++ b/canaille/templates/group.html @@ -1,6 +1,5 @@ {% extends 'base.html' %} {% import 'fomanticui.j2' as sui %} -{% import 'flask.j2' as flask %} {% block script %} @@ -58,8 +57,6 @@
    - {{ flask.messages() }} - {% trans %}Add a group{% endtrans %}
    diff --git a/canaille/templates/login.html b/canaille/templates/login.html index 6fec377d..f3ad64c3 100644 --- a/canaille/templates/login.html +++ b/canaille/templates/login.html @@ -1,6 +1,5 @@ {% extends 'base.html' %} {% import 'fomanticui.j2' as sui %} -{% import 'flask.j2' as flask %} {% block content %}
    @@ -19,8 +18,6 @@
    {% trans %}Log-in and manage your authorizations.{% endtrans %}
    - {{ flask.messages() }} - @@ -19,8 +18,6 @@
    {% trans %}Please enter your password for this account.{% endtrans %}
    - {{ flask.messages() }} - @@ -52,8 +51,6 @@
    - {{ flask.messages() }} - @@ -13,8 +12,6 @@
    - {{ flask.messages() }} -
    {{ sui.render_form(form, _("Password reset"), action=url_for("account.reset", uid=uid, hash=hash)) }}
    diff --git a/canaille/templates/users.html b/canaille/templates/users.html index 432d332a..3adb6888 100644 --- a/canaille/templates/users.html +++ b/canaille/templates/users.html @@ -1,5 +1,4 @@ {% extends 'base.html' %} -{% import 'flask.j2' as flask %} {% block style %} @@ -13,8 +12,6 @@ {% endblock %} {% block content %} -{{ flask.messages() }} -
    {% trans %}Add a user{% endtrans %}
    From 08879a059dde9c202ca8d04c4a3246a77e50a865 Mon Sep 17 00:00:00 2001 From: Camille Daniel Date: Thu, 29 Jul 2021 16:00:21 +0200 Subject: [PATCH 12/13] Valid group name at creation and redirect to newly created group if valid --- canaille/forms.py | 6 ++++++ canaille/groups.py | 43 ++++++++++++++++++++++++++++--------------- tests/test_groups.py | 31 +++++++++++++++++++++++++------ 3 files changed, 59 insertions(+), 21 deletions(-) diff --git a/canaille/forms.py b/canaille/forms.py index 8acebf03..db535403 100644 --- a/canaille/forms.py +++ b/canaille/forms.py @@ -155,3 +155,9 @@ class GroupForm(FlaskForm): "placeholder": _("group"), }, ) + + def validate_name(self, field): + if Group.get(field.data): + raise wtforms.ValidationError( + _("The group '{group}' already exists").format(group=field.data) + ) diff --git a/canaille/groups.py b/canaille/groups.py index b369d939..0c7882f9 100644 --- a/canaille/groups.py +++ b/canaille/groups.py @@ -1,4 +1,13 @@ -from flask import Blueprint, render_template, redirect, url_for, request, flash, current_app, abort +from flask import ( + Blueprint, + render_template, + redirect, + url_for, + request, + flash, + current_app, + abort, +) from flask_babel import gettext as _ from .flaskutils import moderator_needed @@ -7,12 +16,14 @@ from .models import Group bp = Blueprint("groups", __name__) + @bp.route("/") @moderator_needed() def groups(user): groups = Group.filter(objectClass=current_app.config["LDAP"]["GROUP_CLASS"]) return render_template("groups.html", groups=groups, menuitem="groups") + @bp.route("/add", methods=("GET", "POST")) @moderator_needed() def create_group(user): @@ -31,20 +42,20 @@ def create_group(user): group.member = [user.dn] group.cn = [form.name.data] group.save() - return redirect(url_for("groups.groups")) + flash( + _("The group %(group)s has been sucessfully created", group=group.name), + "success", + ) + return redirect(url_for("groups.group", groupname=group.name)) + + return render_template("group.html", form=form, edited_group=None, members=None) - return render_template( - "group.html", - form=form, - edited_group=None, - members=None - ) @bp.route("/", methods=("GET", "POST")) @moderator_needed() def group(user, groupname): group = Group.get(groupname) or abort(404) - + if request.method == "GET" or request.form.get("action") == "edit": return edit_group(group) @@ -53,9 +64,10 @@ def group(user, groupname): abort(400) + def edit_group(group): form = GroupForm(request.form or None, data={"name": group.name}) - form["name"].render_kw["disabled"] = "true" + form["name"].render_kw["disabled"] = "true" if request.form: if form.validate(): @@ -64,13 +76,14 @@ def edit_group(group): flash(_("Group edition failed."), "error") return render_template( - "group.html", - form=form, - edited_group=group, - members=group.get_members() + "group.html", form=form, edited_group=group, members=group.get_members() ) + def delete_group(group): - flash(_("The group %(group)s has been sucessfully deleted", group=group.name), "success") + flash( + _("The group %(group)s has been sucessfully deleted", group=group.name), + "success", + ) group.delete() return redirect(url_for("groups.groups")) diff --git a/tests/test_groups.py b/tests/test_groups.py index 70fd625a..73531b35 100644 --- a/tests/test_groups.py +++ b/tests/test_groups.py @@ -21,19 +21,22 @@ def test_set_groups(app, slapd_connection, user, foo_group, bar_group): assert user.groups[0].dn == foo_group.dn user.set_groups([foo_group, bar_group], conn=slapd_connection) - + bar_dns = {g.dn for g in bar_group.get_members(conn=slapd_connection)} assert user.dn in bar_dns assert user.groups[1].dn == bar_group.dn user.set_groups([foo_group], conn=slapd_connection) - + foo_dns = {g.dn for g in foo_group.get_members(conn=slapd_connection)} bar_dns = {g.dn for g in bar_group.get_members(conn=slapd_connection)} assert user.dn in foo_dns assert user.dn not in bar_dns -def test_moderator_can_create_edit_and_delete_group(testclient, slapd_connection, logged_moderator, foo_group): + +def test_moderator_can_create_edit_and_delete_group( + testclient, slapd_connection, logged_moderator, foo_group +): # The group does not exist res = testclient.get("/groups", status=200) with testclient.app.app_context(): @@ -52,7 +55,11 @@ def test_moderator_can_create_edit_and_delete_group(testclient, slapd_connection with testclient.app.app_context(): bar_group = Group.get("bar", conn=slapd_connection) assert bar_group.name == "bar" - assert [member.dn for member in bar_group.get_members(conn=slapd_connection)] == [logged_moderator.dn] # Group cannot be empty so creator is added in it + assert [ + member.dn for member in bar_group.get_members(conn=slapd_connection) + ] == [ + logged_moderator.dn + ] # Group cannot be empty so creator is added in it assert "bar" in res.text # Group name can not be edited @@ -68,14 +75,26 @@ def test_moderator_can_create_edit_and_delete_group(testclient, slapd_connection members = bar_group.get_members(conn=slapd_connection) for member in members: assert member.name in res.text - + # Group is deleted res = res.form.submit(name="action", value="delete", status=302).follow(status=200) with testclient.app.app_context(): assert Group.get("bar", conn=slapd_connection) is None assert "The group bar has been sucessfully deleted" in res.text -def test_simple_user_cannot_view_or_edit_groups(testclient, slapd_connection, logged_user, foo_group): + +def test_cannot_create_already_existing_group( + testclient, slapd_connection, logged_moderator, foo_group +): + res = testclient.post("/groups/add", {"name": "foo"}, status=200) + + assert "Group creation failed." in res + assert "The group 'foo' already exists" in res + + +def test_simple_user_cannot_view_or_edit_groups( + testclient, slapd_connection, logged_user, foo_group +): testclient.get("/groups", status=403) testclient.get("/groups/add", status=403) testclient.get("/groups/foo", status=403) From d40f699370b8d12ebd50d94e0557c5040510d677 Mon Sep 17 00:00:00 2001 From: Camille Daniel Date: Thu, 29 Jul 2021 16:33:01 +0200 Subject: [PATCH 13/13] Translate groups pages --- .../translations/fr/LC_MESSAGES/messages.mo | Bin 15837 -> 17512 bytes .../translations/fr/LC_MESSAGES/messages.po | 306 +++++++++++------- canaille/translations/messages.pot | 292 +++++++++++------ 3 files changed, 382 insertions(+), 216 deletions(-) diff --git a/canaille/translations/fr/LC_MESSAGES/messages.mo b/canaille/translations/fr/LC_MESSAGES/messages.mo index 480fc2e90462a330d22a608eeab3e5105b087e76..04f175621a85011c605b152dc3df757a29a33d25 100644 GIT binary patch delta 4324 zcmajgdvKK18OQMxEqI(W=GK|?Xz?kFo4-GVC zKK&nl)0jT=PYg1KN6aZ~#t$)wiv}CB8eheFEX+2BDdus^G$vuT)8IF=19NddvWGc> zTJX=9g@5t=6gSZS5?gU?jxp=-GmPT>ETVa*aSxtDHZqS6@!X8WW}e1=>~D6{(4qIH z2aI_c$I<@{-h}6|7CZglM-TPJi%}V?!jX6vmSf2G1=Kok`(8m}G-d#w<}L{S;qfx3#Hp`PE5y351J+U8Gw|2%5le;|i8|3w`vJKvb$n2(w_ zDWCl7f!Pf7!h5j+SE4pJin_zo$TgZ4^41@pL}hF{>g3O(GP2tr|2dAOe*hJD2Ts5b zPzT5?@UAesfc$Hr0tU34r}&e5gtMI zG=E3U>%;La<|5@}CM9Uhqp<+B(Kb}XyKo}zK?QUgweVR~(S40daW)+}3bjFr?=)0^ z3sLJWM;%}V>R=9P-NY)t@gOR-52LF22~=kGpf=u*y5l!dnfeg*+IHd>c*P(8gvpwB z3AN#6)brO+#oYfE@8rXgGbBtojS7BPgsfpU`tI-^Fo*GW#yfC2=1|gl&F=Pn6i3rf z`o4>`^#6?|ILUekszcSp4^SC-2@CZ8AE2Q~kD-d`la@u#Re{tA_en+lB~ zCNm0km(x)xUxwOXC8}ua{NGzp>uo{Jdk%-Ozd1xhMRXD;<7HH&B^*l&EXQJOK)sf2 zs11LCx|-ji0y~3C@e5P{HMe>j&OqJyBGlV;H!i^6VuHV>&uzRy8ODsqujn5gV@!np zVWRk${)F*-)9DW^@)p`iG%B_q;bZuWZyxX1Ci>6gW*kEWE3kv8%p64pd=hyf%;yuy zzltJ*i;}sh6OQrw)wqrRw{a_;#qGGZlr*9#^X5H;N9pcD6<>e?(Uk^K8%9y%TTq#4 z!~Xb_a`LZKzsSHqJb^Rtebj_}DpLAL6T-R z;b43P6<7+j?ui5q-Ejx%PA~ZVYpBSxtGqypPytq;7MS6W&&6!|OOV?$51=-D9Jxhv z5S99Oe9xnHYr|4K4f{Dpf~N4<1J?a2mDI->@40i3+fY zj^5+B$dGZd5O?~%jvU^6jQT%dSdI4qE5~8I21oYJ%0r)4&Xk9V+ryGn+13?uDhN5kD#%QfdYIP z@5JN2gZSVpBi}*3G3F7pxEB@pah!>lPz#sw?rOdJk#CGykIKkPsPzw^GII=d<)>yO zyv7*@l$!TYsp>?%M*l&*6}QbahQpY}Xz@u@27Zak+#%G7-$Z5LeN@$7LIrjeM`H0E zWDw_L6>d+^xP`_s9D<#wqPdEiP{CJ5#j+F?&??mPPh%7hqE2+{Z0`e8jJk@cxCLip z1D-;CxT@#yPnPZelRTDnv2Wkik#M}ZZU5lIe(TcU8n2Zs$w1IcI-{AAd(~ zVWt;t+ojw*fACuFLtTUS4LOmp^%2*JHHJfGo=)H0wW}Or2$cH60XOLOcq$!l_Z+`> z z7UmVqcABUL*G{YV8Z%oRCs0C>)zz9}dNw`q=f+^6OOAW;vw(m z+_sHHA9Y>W)#AdoEyb&nD~ktaB)%JtM{U%Nxa+N>NvU@0#QjMWTEwz<`iQO#xwhGj z$80mXOzn$t87++gx74PWXr|`0NQ>5saLW<44|J~-aGT?eQ5zhWYFCklLpH$laBMEC zc$I1csl8GAU|hp2;l#T`(n8~$I2%UO)hYu{h}F76D@`^`xTRO77iU|jq-+3lx_@nZ zu4F|2>%I1pXS<#(EbUAz3CCO9?jxH;4rP&QPZx8K_#K;SuWty)Q|+Z@S-iQK7<6+4 z)}3OL+T3-t9)pW|oVYt1Jyx6G6}THUi#V2dg6`u*Nk=g1C4`J82bMk7t8Y^sn6%y0|mPg&;S4c delta 3035 zcmYM#3rv+|9LMqhQ9(pN@P;?^C?I(O;h>NxmnF z_SU@2d0&~A)XrR5nk&s~TIsB`OwE;4o33&>%dGE@^RC$Oe4gid&-*<8=l@)6S?akw zKlEMac5fJe+xgdrf3;Dn{r`6`*6bM7L)h74wz#9&N$RWO%pRs*8E@8(`t}4f9@%cJ z#}BX;hjucn!8KTgoZ5xp>ZI|nQoKO7-K7++cW)1ir zYTzNATRXIT*CJ$0E5r6U1vR&)+f2p42a(2EK*N)b1d$+I`o=t^~;VHh_Xs=tHt;`PdfA-1c#9`y<$o_NlH5 zP%~QRKHrSW#2(j!NX&Ku72r3h-?!}+$!rG<>4mNo6rmTjHW|pr^7v|lwpVUGkys*fo9ai9JhTn4y3*j70B`Ki22kyq?EYHwUYE!{oWSVqwRJzO(T0p_9lD@IMAEJQ&wD@S$wnCnzj zN^4M?ZVoE7&8UG_A<44cs3kdu91J^$KjC$^{Y}Z$+i{0BV4bQJeCF`}|u}f4`#MyN~K8g-YxB zA5I~UhN-AX9aIPJ<6u0CI!1R<1IBR%wFLc9fsMoptUwL40kxz%aR%>Z{VYLa9HS9_i?3qH5i(xR~enT^F&{mr{>;fDMW(Q33TH z6v;>qD$oK{$|s`Md=_d#Aq=VEH3}L=GpfxOz-XL<>Uf^p{wgZ< ztFZ&FM`E;Xs3rUii}5n5pA?RgewRL!^;b%U(J%}r;X}B{^%(l7cVI`!(MXI|hYDm3 zs-umlrP+>Jy2Gdd&!YzX1>^B|)O((+NPA2c`PU2+X;8-lkgQud#$eEOJ|<9Kj2gf} z4fqz4bvuX&_ycOd+t?BBx%C)krvMU>17m$rH)}zN!YdRCQ5}DZpW{{J#MoZ`r_l`0 zqV9*UQK#iPY9==@4sRmawZBjUXXHeVX)bDlb5QMz+ToA&#(PjRIDkp` z5o&<*_#j?I1=f@G;6PX&=HnFXk1Jev<8bO{1bqCm73fjdRaWtMpFGh2rYla!94CSI`R)U)8WYn&ni3)5Ua=Y4_I027hE+&qO z?3GgNO1%n6w#^&G#iV8FLd4E>D|=e4|*%Bs_L3%H`zp~L^ZKeKNf1}@N>ORkjPu}Bc z211?`0_HdbGUz-g<#@&IVs{+>y6!Qd50>Ffhv>bZ+=o kIa_j1M2!vBHPwf^jab|!yeWTQbof-!lkLKT#}s+~1+=kpYXATM diff --git a/canaille/translations/fr/LC_MESSAGES/messages.po b/canaille/translations/fr/LC_MESSAGES/messages.po index 20f6e4f8..dd17555b 100644 --- a/canaille/translations/fr/LC_MESSAGES/messages.po +++ b/canaille/translations/fr/LC_MESSAGES/messages.po @@ -3,24 +3,25 @@ # This file is distributed under the same license as the PROJECT project. # FIRST AUTHOR , 2020. # Éloi Rivard , 2020-2021. +# Camille , 2021. # msgid "" msgstr "" "Project-Id-Version: PROJECT VERSION\n" "Report-Msgid-Bugs-To: contact@yaal.fr\n" -"POT-Creation-Date: 2021-06-03 15:21+0200\n" -"PO-Revision-Date: 2021-06-03 15:22+0200\n" -"Last-Translator: Éloi Rivard \n" +"POT-Creation-Date: 2021-07-29 16:09+0200\n" +"PO-Revision-Date: 2021-07-29 16:31+0200\n" +"Last-Translator: Camille \n" "Language: fr\n" -"Language-Team: French \n" +"Language-Team: French \n" "Plural-Forms: nplurals=2; plural=(n > 1)\n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" "Generated-By: Babel 2.9.1\n" -"X-Generator: Gtranslator 40.0\n" +"X-Generator: Gtranslator 3.38.0\n" -#: canaille/account.py:62 canaille/account.py:87 canaille/oauth.py:58 +#: canaille/account.py:62 canaille/account.py:87 canaille/oauth.py:59 msgid "Login failed, please check your information" msgstr "La connexion a échoué, veuillez vérifier vos informations." @@ -155,9 +156,9 @@ msgstr "Identifiant" msgid "jdoe" msgstr "mdupont" -#: canaille/admin/clients.py:23 canaille/forms.py:82 -#: canaille/templates/admin/client_list.html:25 -#: canaille/templates/users.html:22 +#: canaille/admin/clients.py:23 canaille/forms.py:82 canaille/forms.py:152 +#: canaille/templates/admin/client_list.html:22 +#: canaille/templates/users.html:21 msgid "Name" msgstr "Nom" @@ -181,7 +182,7 @@ msgstr "Dupont" msgid "Email address" msgstr "Courriel" -#: canaille/forms.py:109 canaille/templates/users.html:24 +#: canaille/forms.py:109 canaille/templates/users.html:23 msgid "Phone number" msgstr "Numéro de téléphone" @@ -201,10 +202,37 @@ msgstr "Numéro" msgid "1234" msgstr "1234" -#: canaille/forms.py:143 +#: canaille/forms.py:143 canaille/templates/base.html:55 +#: canaille/templates/groups.html:9 msgid "Groups" msgstr "Groupes" +#: canaille/forms.py:155 +msgid "group" +msgstr "groupe" + +#: canaille/forms.py:162 +msgid "The group '{group}' already exists" +msgstr "Le group '{group}' existe déjà" + +#: canaille/groups.py:39 +msgid "Group creation failed." +msgstr "La création du groupe a échoué." + +#: canaille/groups.py:46 +#, python-format +msgid "The group %(group)s has been sucessfully created" +msgstr "Le groupe %(group)s a bien été créé" + +#: canaille/groups.py:76 +msgid "Group edition failed." +msgstr "L'édition du groupe a échoué." + +#: canaille/groups.py:85 +#, python-format +msgid "The group %(group)s has been sucessfully deleted" +msgstr "Le groupe %(group)s a bien été supprimé" + #: canaille/admin/mail.py:27 canaille/mails.py:27 msgid "Password reset on {website_name}" msgstr "Réinitialisation du mot de passe sur {website_name}" @@ -229,7 +257,11 @@ msgstr "Votre adresse postale." msgid "Your phone number." msgstr "Votre numéro de téléphone." -#: canaille/oauth.py:97 +#: canaille/oauth.py:30 +msgid "Groups you are belonging to" +msgstr "Les groupes dans lesquels vous êtes" + +#: canaille/oauth.py:98 msgid "You have been successfully logged out." msgstr "Vous avez été déconnectés." @@ -309,24 +341,24 @@ msgstr "Le client a été édité." msgid "The client has been deleted." msgstr "Le client a été supprimé." -#: canaille/templates/about.html:14 canaille/templates/base.html:90 +#: canaille/templates/about.html:12 canaille/templates/base.html:98 msgid "About canaille" msgstr "À propos de canaille" -#: canaille/templates/about.html:16 +#: canaille/templates/about.html:14 msgid "Free and open-source identity provider." msgstr "Fournisseur d'identité numérique libre" -#: canaille/templates/about.html:19 +#: canaille/templates/about.html:17 #, python-format msgid "Version %(version)s" msgstr "Version %(version)s" -#: canaille/templates/about.html:20 +#: canaille/templates/about.html:18 msgid "Source code" msgstr "Code source" -#: canaille/templates/about.html:21 +#: canaille/templates/about.html:19 msgid "Documentation" msgstr "Documentation" @@ -352,67 +384,67 @@ msgstr "Changer d'utilisateur" msgid "Accept" msgstr "Accepter" -#: canaille/templates/base.html:8 +#: canaille/templates/base.html:10 msgid "authorization interface" msgstr " - Interface de gestion des autorisations" -#: canaille/templates/base.html:37 canaille/templates/profile.html:38 +#: canaille/templates/base.html:39 canaille/templates/profile.html:37 msgid "My profile" msgstr "Mon profil" -#: canaille/templates/base.html:42 canaille/templates/consent_list.html:19 +#: canaille/templates/base.html:44 canaille/templates/consent_list.html:18 msgid "My consents" msgstr "Mes autorisations" -#: canaille/templates/base.html:48 +#: canaille/templates/base.html:50 msgid "Users" msgstr "Utilisateurs" -#: canaille/templates/base.html:58 +#: canaille/templates/base.html:65 msgid "Clients" msgstr "Clients" -#: canaille/templates/base.html:62 +#: canaille/templates/base.html:69 msgid "Tokens" msgstr "Jetons" -#: canaille/templates/base.html:66 +#: canaille/templates/base.html:73 msgid "Codes" msgstr "Codes" -#: canaille/templates/base.html:70 +#: canaille/templates/base.html:77 msgid "Consents" msgstr "Autorisations" -#: canaille/templates/base.html:77 +#: canaille/templates/base.html:84 msgid "Log out" msgstr "Déconnexion" -#: canaille/templates/consent_list.html:22 +#: canaille/templates/consent_list.html:21 msgid "Consult and revoke the authorization you gave to websites." msgstr "Consultez et révoquez les autorisation que vous avez données." -#: canaille/templates/consent_list.html:42 +#: canaille/templates/consent_list.html:39 msgid "From:" msgstr "À partir de :" -#: canaille/templates/consent_list.html:44 +#: canaille/templates/consent_list.html:41 msgid "Revoked:" msgstr "Révoqué le :" -#: canaille/templates/consent_list.html:47 +#: canaille/templates/consent_list.html:44 msgid "Has access to:" msgstr "A accès à :" -#: canaille/templates/consent_list.html:57 +#: canaille/templates/consent_list.html:54 msgid "Remove access" msgstr "Supprimer l'accès" -#: canaille/templates/consent_list.html:67 +#: canaille/templates/consent_list.html:64 msgid "Nothing here" msgstr "Rien ici" -#: canaille/templates/consent_list.html:68 +#: canaille/templates/consent_list.html:65 msgid "You did not authorize applications yet." msgstr "" "Vous n'avez pas encore autorisé d'application à accéder à votre profil." @@ -433,11 +465,11 @@ msgstr "Page non trouvée" msgid "Technical problem" msgstr "Problème technique" -#: canaille/templates/firstlogin.html:12 +#: canaille/templates/firstlogin.html:11 msgid "First login" msgstr "Première connexion" -#: canaille/templates/firstlogin.html:19 +#: canaille/templates/firstlogin.html:16 msgid "" "\n" " It seems this is the first time you are logging here. In order to " @@ -459,21 +491,21 @@ msgstr "" " Veuillez cliquer sur le bouton bleu ci-dessous pour envoyer le " "courriel." -#: canaille/templates/firstlogin.html:35 +#: canaille/templates/firstlogin.html:32 msgid "Send the initialization email" msgstr "Envoyer le courriel d'initialisation" -#: canaille/templates/firstlogin.html:36 -#: canaille/templates/forgotten-password.html:43 +#: canaille/templates/firstlogin.html:33 +#: canaille/templates/forgotten-password.html:40 msgid "Login page" msgstr "Page de connexion" -#: canaille/templates/forgotten-password.html:12 -#: canaille/templates/login.html:38 canaille/templates/password.html:35 +#: canaille/templates/forgotten-password.html:11 +#: canaille/templates/login.html:35 canaille/templates/password.html:32 msgid "Forgotten password" msgstr "Mot de passe oublié" -#: canaille/templates/forgotten-password.html:19 +#: canaille/templates/forgotten-password.html:16 msgid "" "\n" " After this form is sent, if the email address or the login you " @@ -490,51 +522,119 @@ msgstr "" " vous permettra de ré-initialiser votre mot de passe.\n" " " -#: canaille/templates/forgotten-password.html:38 -#: canaille/templates/profile.html:120 canaille/templates/profile.html:143 +#: canaille/templates/forgotten-password.html:35 +#: canaille/templates/profile.html:117 canaille/templates/profile.html:140 msgid "Send again" msgstr "Envoyer à nouveau" -#: canaille/templates/forgotten-password.html:40 +#: canaille/templates/forgotten-password.html:37 msgid "Send" msgstr "Envoyer" -#: canaille/templates/login.html:17 +#: canaille/templates/group.html:13 +msgid "Group deletion" +msgstr "Suppression d'un groupe" + +#: canaille/templates/group.html:17 +msgid "" +"Are you sure you want to delete this group? This action is unrevokable and " +"all the data about this group will be removed." +msgstr "" +"Êtes-vous sûrs de vouloir supprimer ce groupe ? Cette action est " +"irrévocable, et toutes les données de cet utilisateur seront supprimées." + +#: canaille/templates/admin/client_edit.html:18 +#: canaille/templates/group.html:21 canaille/templates/profile.html:25 +msgid "Cancel" +msgstr "Annuler" + +#: canaille/templates/admin/client_edit.html:19 +#: canaille/templates/group.html:22 canaille/templates/profile.html:26 +msgid "Delete" +msgstr "Supprimer" + +#: canaille/templates/group.html:29 +msgid "Members" +msgstr "Membres" + +#: canaille/templates/group.html:45 +msgid "Group creation" +msgstr "Nouveau groupe" + +#: canaille/templates/group.html:47 +msgid "Group edition" +msgstr "Édition d'un groupe" + +#: canaille/templates/group.html:53 +msgid "Create a new group" +msgstr "Création d'un nouveau groupe" + +#: canaille/templates/group.html:55 +msgid "Edit informations about a group" +msgstr "Éditez les informations d'un groupe" + +#: canaille/templates/group.html:70 +msgid "" +"Because group cannot be empty, you will be added to the group. You can " +"remove you later by editing your profile when you will have added other " +"members to the group." +msgstr "" +"Vous serez ajouté au groupe car le groupe ne peut pas être vide. Vous " +"pourrez vous retirer du groupe depuis l'édition de votre profil dès que vous " +"aurez ajouter d'autres membres dans le groupe." + +#: canaille/templates/group.html:75 +msgid "Create group" +msgstr "Créer le groupe" + +#: canaille/templates/group.html:77 canaille/templates/profile.html:154 +msgid "Submit" +msgstr "Valider" + +#: canaille/templates/group.html:82 +msgid "Delete group" +msgstr "Supprimer le groupe" + +#: canaille/templates/groups.html:5 +msgid "Add a group" +msgstr "Ajouter un groupe" + +#: canaille/templates/login.html:16 #, python-format msgid "Sign in at %(website)s" msgstr "Connexion à %(website)s" -#: canaille/templates/login.html:19 +#: canaille/templates/login.html:18 msgid "Log-in and manage your authorizations." msgstr "Connectez-vous et gérez vos autorisations." -#: canaille/templates/login.html:37 +#: canaille/templates/login.html:34 msgid "Continue" msgstr "Continuer" -#: canaille/templates/password.html:17 +#: canaille/templates/password.html:16 #, python-format msgid "Sign in as %(username)s" msgstr "Connexion en tant que %(username)s" -#: canaille/templates/password.html:19 +#: canaille/templates/password.html:18 msgid "Please enter your password for this account." msgstr "Veuillez entre votre mot de passe pour ce compte." -#: canaille/templates/password.html:34 +#: canaille/templates/password.html:31 msgid "Sign in" msgstr "Se connecter" -#: canaille/templates/password.html:36 +#: canaille/templates/password.html:33 #, python-format msgid "I am not %(username)s" msgstr "Je ne suis pas %(username)s" -#: canaille/templates/profile.html:14 +#: canaille/templates/profile.html:13 msgid "Account deletion" msgstr "Suppression d'un compte" -#: canaille/templates/profile.html:19 +#: canaille/templates/profile.html:18 msgid "" "Are you sure you want to delete this user? This action is unrevokable and " "all the data about this user will be removed." @@ -542,7 +642,7 @@ msgstr "" "Êtes-vous sûrs de vouloir supprimer cet utilisateur ? Cette action est " "irrévocable, et toutes les données de cet utilisateur seront supprimées." -#: canaille/templates/profile.html:21 +#: canaille/templates/profile.html:20 msgid "" "Are you sure you want to delete your account? This action is unrevokable and " "all your data will be removed forever." @@ -550,57 +650,47 @@ msgstr "" "Êtes-vous sûrs de vouloir supprimer votre compte ? Cette action est " "irrévocable et toutes vos données seront supprimées pour toujours." -#: canaille/templates/admin/client_edit.html:19 -#: canaille/templates/profile.html:26 -msgid "Cancel" -msgstr "Annuler" - -#: canaille/templates/admin/client_edit.html:20 -#: canaille/templates/profile.html:27 -msgid "Delete" -msgstr "Supprimer" - -#: canaille/templates/profile.html:36 +#: canaille/templates/profile.html:35 msgid "User creation" msgstr "Nouvel utilisateur" -#: canaille/templates/profile.html:40 +#: canaille/templates/profile.html:39 msgid "User profile edition" msgstr "Édition d'un profil utilisateur" -#: canaille/templates/profile.html:46 +#: canaille/templates/profile.html:45 msgid "Create a new user account" msgstr "Création d'un nouveau compte utilisateur" -#: canaille/templates/profile.html:48 +#: canaille/templates/profile.html:47 msgid "Edit your personal informations" msgstr "Éditez vos informations personnelles" -#: canaille/templates/profile.html:50 +#: canaille/templates/profile.html:49 msgid "Edit informations about an user" msgstr "Éditez les informations d'un utilisateur" -#: canaille/templates/profile.html:67 +#: canaille/templates/profile.html:64 msgid "Personal information" msgstr "Informations personnelles" -#: canaille/templates/profile.html:89 +#: canaille/templates/profile.html:86 msgid "Account information" msgstr "Informations sur le compte" -#: canaille/templates/profile.html:105 +#: canaille/templates/profile.html:102 msgid "User password is not mandatory" msgstr "Le mot de passe utilisateur n'est pas requis à la création" -#: canaille/templates/profile.html:107 +#: canaille/templates/profile.html:104 msgid "The user password can be set:" msgstr "Il pourra être renseigné :" -#: canaille/templates/profile.html:109 +#: canaille/templates/profile.html:106 msgid "by filling this form;" msgstr "en remplissant ce formulaire ;" -#: canaille/templates/profile.html:110 +#: canaille/templates/profile.html:107 msgid "" "by sending the user a password initialization mail, after the account " "creation;" @@ -608,7 +698,7 @@ msgstr "" "en envoyant un lien d'initialisation de mot de passe, par mail à " "l'utilisateur, après la création de son compte;" -#: canaille/templates/profile.html:111 canaille/templates/profile.html:134 +#: canaille/templates/profile.html:108 canaille/templates/profile.html:131 msgid "" "or simply waiting for the user to sign-in a first time, and then receive a " "password initialization mail." @@ -616,40 +706,40 @@ msgstr "" "ou simplement en attendant la première connexion de l'utilisateur, afin " "qu'il reçoive un lien d'initialisation de mot de passe par email." -#: canaille/templates/profile.html:124 +#: canaille/templates/profile.html:121 msgid "Send email" msgstr "Envoyer l'email" -#: canaille/templates/profile.html:128 +#: canaille/templates/profile.html:125 msgid "This user does not have a password yet" msgstr "L'utilisateur n'a pas encore de mot de passe" -#: canaille/templates/profile.html:130 +#: canaille/templates/profile.html:127 msgid "You can solve this by:" msgstr "Vous pouvez régler ceci en :" -#: canaille/templates/profile.html:132 +#: canaille/templates/profile.html:129 msgid "setting a password using this form;" msgstr "renseignant un mot de passe via ce formulaire ;" -#: canaille/templates/profile.html:133 +#: canaille/templates/profile.html:130 msgid "" "sending the user a password initialization mail, by clicking this button;" msgstr "" "envoyant un lien d'initialisation de mot de passe, par mail à l'utilisateur, " "en cliquant sur ce bouton;" -#: canaille/templates/profile.html:145 +#: canaille/templates/profile.html:142 msgid "Send mail" msgstr "Envoyer l'email" -#: canaille/templates/profile.html:149 -#: canaille/templates/reset-password.html:12 -#: canaille/templates/reset-password.html:19 +#: canaille/templates/profile.html:146 +#: canaille/templates/reset-password.html:11 +#: canaille/templates/reset-password.html:16 msgid "Password reset" msgstr "Réinitialisation du mot de passe" -#: canaille/templates/profile.html:151 +#: canaille/templates/profile.html:148 msgid "" "If the user has forgotten his password, you can send him a password reset " "email by clicking this button." @@ -657,27 +747,23 @@ msgstr "" "Si l'utilisateur a oublié son mot de passe, vous pouvez lui envoyer un email " "contenant un lien de réinitilisation en cliquant sur ce bouton." -#: canaille/templates/profile.html:157 -msgid "Submit" -msgstr "Valider" - -#: canaille/templates/profile.html:161 +#: canaille/templates/profile.html:158 msgid "Impersonate" msgstr "Prendre l'identité" -#: canaille/templates/profile.html:167 +#: canaille/templates/profile.html:164 msgid "Delete the user" msgstr "Supprimer l'utilisateur" -#: canaille/templates/profile.html:169 +#: canaille/templates/profile.html:166 msgid "Delete my account" msgstr "Supprimer mon compte" -#: canaille/templates/users.html:17 +#: canaille/templates/users.html:16 msgid "Add a user" msgstr "Nouvel utilisateur" -#: canaille/templates/users.html:23 +#: canaille/templates/users.html:22 msgid "Email" msgstr "Courriel" @@ -697,28 +783,28 @@ msgid "Subject" msgstr "Utilisateur" #: canaille/templates/admin/authorization_list.html:21 -#: canaille/templates/admin/client_list.html:27 +#: canaille/templates/admin/client_list.html:24 #: canaille/templates/admin/token_list.html:21 msgid "Created" msgstr "Créé" -#: canaille/templates/admin/authorization_view.html:8 +#: canaille/templates/admin/authorization_view.html:7 msgid "View a authorization" msgstr "Voir une autorisation" -#: canaille/templates/admin/client_add.html:8 +#: canaille/templates/admin/client_add.html:7 msgid "Add a client" msgstr "Ajouter un client" -#: canaille/templates/admin/client_add.html:14 +#: canaille/templates/admin/client_add.html:11 msgid "Confirm" msgstr "Confirmer" -#: canaille/templates/admin/client_edit.html:13 +#: canaille/templates/admin/client_edit.html:12 msgid "Client deletion" msgstr "Suppression d'un client" -#: canaille/templates/admin/client_edit.html:16 +#: canaille/templates/admin/client_edit.html:15 msgid "" "Are you sure you want to delete this client? This action is unrevokable and " "all the data about this client will be removed." @@ -726,39 +812,39 @@ msgstr "" "Êtes-vous sûrs de vouloir supprimer ce client ? Cette action est irrévocable " "et toutes les données à propos de ce client seront supprimées." -#: canaille/templates/admin/client_edit.html:26 +#: canaille/templates/admin/client_edit.html:25 msgid "Edit a client" msgstr "Éditer un client" -#: canaille/templates/admin/client_edit.html:35 +#: canaille/templates/admin/client_edit.html:32 msgid "ID" msgstr "ID" -#: canaille/templates/admin/client_edit.html:39 +#: canaille/templates/admin/client_edit.html:36 msgid "Secret" msgstr "Secret" -#: canaille/templates/admin/client_edit.html:43 +#: canaille/templates/admin/client_edit.html:40 msgid "Issued at" msgstr "Créé le" -#: canaille/templates/admin/client_edit.html:60 +#: canaille/templates/admin/client_edit.html:57 msgid "Edit" msgstr "Éditer" -#: canaille/templates/admin/client_edit.html:63 +#: canaille/templates/admin/client_edit.html:60 msgid "Delete the client" msgstr "Supprimer le client" -#: canaille/templates/admin/client_list.html:20 +#: canaille/templates/admin/client_list.html:17 msgid "Add client" msgstr "Ajouter un client" -#: canaille/templates/admin/client_list.html:26 +#: canaille/templates/admin/client_list.html:23 msgid "URL" msgstr "URL" -#: canaille/templates/admin/token_view.html:8 +#: canaille/templates/admin/token_view.html:7 msgid "View a token" msgstr "Voir un jeton" diff --git a/canaille/translations/messages.pot b/canaille/translations/messages.pot index 8dc9a3c4..1780db70 100644 --- a/canaille/translations/messages.pot +++ b/canaille/translations/messages.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PROJECT VERSION\n" "Report-Msgid-Bugs-To: EMAIL@ADDRESS\n" -"POT-Creation-Date: 2021-06-03 15:21+0200\n" +"POT-Creation-Date: 2021-07-29 16:09+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -17,7 +17,7 @@ msgstr "" "Content-Transfer-Encoding: 8bit\n" "Generated-By: Babel 2.9.1\n" -#: canaille/account.py:62 canaille/account.py:87 canaille/oauth.py:58 +#: canaille/account.py:62 canaille/account.py:87 canaille/oauth.py:59 msgid "Login failed, please check your information" msgstr "" @@ -144,9 +144,9 @@ msgstr "" msgid "jdoe" msgstr "" -#: canaille/admin/clients.py:23 canaille/forms.py:82 -#: canaille/templates/admin/client_list.html:25 -#: canaille/templates/users.html:22 +#: canaille/admin/clients.py:23 canaille/forms.py:82 canaille/forms.py:152 +#: canaille/templates/admin/client_list.html:22 +#: canaille/templates/users.html:21 msgid "Name" msgstr "" @@ -170,7 +170,7 @@ msgstr "" msgid "Email address" msgstr "" -#: canaille/forms.py:109 canaille/templates/users.html:24 +#: canaille/forms.py:109 canaille/templates/users.html:23 msgid "Phone number" msgstr "" @@ -190,10 +190,37 @@ msgstr "" msgid "1234" msgstr "" -#: canaille/forms.py:143 +#: canaille/forms.py:143 canaille/templates/base.html:55 +#: canaille/templates/groups.html:9 msgid "Groups" msgstr "" +#: canaille/forms.py:155 +msgid "group" +msgstr "" + +#: canaille/forms.py:162 +msgid "The group '{group}' already exists" +msgstr "" + +#: canaille/groups.py:39 +msgid "Group creation failed." +msgstr "" + +#: canaille/groups.py:46 +#, python-format +msgid "The group %(group)s has been sucessfully created" +msgstr "" + +#: canaille/groups.py:76 +msgid "Group edition failed." +msgstr "" + +#: canaille/groups.py:85 +#, python-format +msgid "The group %(group)s has been sucessfully deleted" +msgstr "" + #: canaille/admin/mail.py:27 canaille/mails.py:27 msgid "Password reset on {website_name}" msgstr "" @@ -218,7 +245,11 @@ msgstr "" msgid "Your phone number." msgstr "" -#: canaille/oauth.py:97 +#: canaille/oauth.py:30 +msgid "Groups you are belonging to" +msgstr "" + +#: canaille/oauth.py:98 msgid "You have been successfully logged out." msgstr "" @@ -298,24 +329,24 @@ msgstr "" msgid "The client has been deleted." msgstr "" -#: canaille/templates/about.html:14 canaille/templates/base.html:90 +#: canaille/templates/about.html:12 canaille/templates/base.html:98 msgid "About canaille" msgstr "" -#: canaille/templates/about.html:16 +#: canaille/templates/about.html:14 msgid "Free and open-source identity provider." msgstr "" -#: canaille/templates/about.html:19 +#: canaille/templates/about.html:17 #, python-format msgid "Version %(version)s" msgstr "" -#: canaille/templates/about.html:20 +#: canaille/templates/about.html:18 msgid "Source code" msgstr "" -#: canaille/templates/about.html:21 +#: canaille/templates/about.html:19 msgid "Documentation" msgstr "" @@ -341,67 +372,67 @@ msgstr "" msgid "Accept" msgstr "" -#: canaille/templates/base.html:8 +#: canaille/templates/base.html:10 msgid "authorization interface" msgstr "" -#: canaille/templates/base.html:37 canaille/templates/profile.html:38 +#: canaille/templates/base.html:39 canaille/templates/profile.html:37 msgid "My profile" msgstr "" -#: canaille/templates/base.html:42 canaille/templates/consent_list.html:19 +#: canaille/templates/base.html:44 canaille/templates/consent_list.html:18 msgid "My consents" msgstr "" -#: canaille/templates/base.html:48 +#: canaille/templates/base.html:50 msgid "Users" msgstr "" -#: canaille/templates/base.html:58 +#: canaille/templates/base.html:65 msgid "Clients" msgstr "" -#: canaille/templates/base.html:62 +#: canaille/templates/base.html:69 msgid "Tokens" msgstr "" -#: canaille/templates/base.html:66 +#: canaille/templates/base.html:73 msgid "Codes" msgstr "" -#: canaille/templates/base.html:70 +#: canaille/templates/base.html:77 msgid "Consents" msgstr "" -#: canaille/templates/base.html:77 +#: canaille/templates/base.html:84 msgid "Log out" msgstr "" -#: canaille/templates/consent_list.html:22 +#: canaille/templates/consent_list.html:21 msgid "Consult and revoke the authorization you gave to websites." msgstr "" -#: canaille/templates/consent_list.html:42 +#: canaille/templates/consent_list.html:39 msgid "From:" msgstr "" -#: canaille/templates/consent_list.html:44 +#: canaille/templates/consent_list.html:41 msgid "Revoked:" msgstr "" -#: canaille/templates/consent_list.html:47 +#: canaille/templates/consent_list.html:44 msgid "Has access to:" msgstr "" -#: canaille/templates/consent_list.html:57 +#: canaille/templates/consent_list.html:54 msgid "Remove access" msgstr "" -#: canaille/templates/consent_list.html:67 +#: canaille/templates/consent_list.html:64 msgid "Nothing here" msgstr "" -#: canaille/templates/consent_list.html:68 +#: canaille/templates/consent_list.html:65 msgid "You did not authorize applications yet." msgstr "" @@ -421,11 +452,11 @@ msgstr "" msgid "Technical problem" msgstr "" -#: canaille/templates/firstlogin.html:12 +#: canaille/templates/firstlogin.html:11 msgid "First login" msgstr "" -#: canaille/templates/firstlogin.html:19 +#: canaille/templates/firstlogin.html:16 msgid "" "\n" " It seems this is the first time you are logging here. In order to" @@ -438,21 +469,21 @@ msgid "" " " msgstr "" -#: canaille/templates/firstlogin.html:35 +#: canaille/templates/firstlogin.html:32 msgid "Send the initialization email" msgstr "" -#: canaille/templates/firstlogin.html:36 -#: canaille/templates/forgotten-password.html:43 +#: canaille/templates/firstlogin.html:33 +#: canaille/templates/forgotten-password.html:40 msgid "Login page" msgstr "" -#: canaille/templates/forgotten-password.html:12 -#: canaille/templates/login.html:38 canaille/templates/password.html:35 +#: canaille/templates/forgotten-password.html:11 +#: canaille/templates/login.html:35 canaille/templates/password.html:32 msgid "Forgotten password" msgstr "" -#: canaille/templates/forgotten-password.html:19 +#: canaille/templates/forgotten-password.html:16 msgid "" "\n" " After this form is sent, if the email address or the login you " @@ -463,181 +494,230 @@ msgid "" " " msgstr "" -#: canaille/templates/forgotten-password.html:38 -#: canaille/templates/profile.html:120 canaille/templates/profile.html:143 +#: canaille/templates/forgotten-password.html:35 +#: canaille/templates/profile.html:117 canaille/templates/profile.html:140 msgid "Send again" msgstr "" -#: canaille/templates/forgotten-password.html:40 +#: canaille/templates/forgotten-password.html:37 msgid "Send" msgstr "" -#: canaille/templates/login.html:17 +#: canaille/templates/group.html:13 +msgid "Group deletion" +msgstr "" + +#: canaille/templates/group.html:17 +msgid "" +"Are you sure you want to delete this group? This action is unrevokable " +"and all the data about this group will be removed." +msgstr "" + +#: canaille/templates/admin/client_edit.html:18 +#: canaille/templates/group.html:21 canaille/templates/profile.html:25 +msgid "Cancel" +msgstr "" + +#: canaille/templates/admin/client_edit.html:19 +#: canaille/templates/group.html:22 canaille/templates/profile.html:26 +msgid "Delete" +msgstr "" + +#: canaille/templates/group.html:29 +msgid "Members" +msgstr "" + +#: canaille/templates/group.html:45 +msgid "Group creation" +msgstr "" + +#: canaille/templates/group.html:47 +msgid "Group edition" +msgstr "" + +#: canaille/templates/group.html:53 +msgid "Create a new group" +msgstr "" + +#: canaille/templates/group.html:55 +msgid "Edit informations about a group" +msgstr "" + +#: canaille/templates/group.html:70 +msgid "" +"Because group cannot be empty, you will be added to the group. You can " +"remove you later by editing your profile when you will have added other " +"members to the group." +msgstr "" + +#: canaille/templates/group.html:75 +msgid "Create group" +msgstr "" + +#: canaille/templates/group.html:77 canaille/templates/profile.html:154 +msgid "Submit" +msgstr "" + +#: canaille/templates/group.html:82 +msgid "Delete group" +msgstr "" + +#: canaille/templates/groups.html:5 +msgid "Add a group" +msgstr "" + +#: canaille/templates/login.html:16 #, python-format msgid "Sign in at %(website)s" msgstr "" -#: canaille/templates/login.html:19 +#: canaille/templates/login.html:18 msgid "Log-in and manage your authorizations." msgstr "" -#: canaille/templates/login.html:37 +#: canaille/templates/login.html:34 msgid "Continue" msgstr "" -#: canaille/templates/password.html:17 +#: canaille/templates/password.html:16 #, python-format msgid "Sign in as %(username)s" msgstr "" -#: canaille/templates/password.html:19 +#: canaille/templates/password.html:18 msgid "Please enter your password for this account." msgstr "" -#: canaille/templates/password.html:34 +#: canaille/templates/password.html:31 msgid "Sign in" msgstr "" -#: canaille/templates/password.html:36 +#: canaille/templates/password.html:33 #, python-format msgid "I am not %(username)s" msgstr "" -#: canaille/templates/profile.html:14 +#: canaille/templates/profile.html:13 msgid "Account deletion" msgstr "" -#: canaille/templates/profile.html:19 +#: canaille/templates/profile.html:18 msgid "" "Are you sure you want to delete this user? This action is unrevokable and" " all the data about this user will be removed." msgstr "" -#: canaille/templates/profile.html:21 +#: canaille/templates/profile.html:20 msgid "" "Are you sure you want to delete your account? This action is unrevokable " "and all your data will be removed forever." msgstr "" -#: canaille/templates/admin/client_edit.html:19 -#: canaille/templates/profile.html:26 -msgid "Cancel" -msgstr "" - -#: canaille/templates/admin/client_edit.html:20 -#: canaille/templates/profile.html:27 -msgid "Delete" -msgstr "" - -#: canaille/templates/profile.html:36 +#: canaille/templates/profile.html:35 msgid "User creation" msgstr "" -#: canaille/templates/profile.html:40 +#: canaille/templates/profile.html:39 msgid "User profile edition" msgstr "" -#: canaille/templates/profile.html:46 +#: canaille/templates/profile.html:45 msgid "Create a new user account" msgstr "" -#: canaille/templates/profile.html:48 +#: canaille/templates/profile.html:47 msgid "Edit your personal informations" msgstr "" -#: canaille/templates/profile.html:50 +#: canaille/templates/profile.html:49 msgid "Edit informations about an user" msgstr "" -#: canaille/templates/profile.html:67 +#: canaille/templates/profile.html:64 msgid "Personal information" msgstr "" -#: canaille/templates/profile.html:89 +#: canaille/templates/profile.html:86 msgid "Account information" msgstr "" -#: canaille/templates/profile.html:105 +#: canaille/templates/profile.html:102 msgid "User password is not mandatory" msgstr "" -#: canaille/templates/profile.html:107 +#: canaille/templates/profile.html:104 msgid "The user password can be set:" msgstr "" -#: canaille/templates/profile.html:109 +#: canaille/templates/profile.html:106 msgid "by filling this form;" msgstr "" -#: canaille/templates/profile.html:110 +#: canaille/templates/profile.html:107 msgid "" "by sending the user a password initialization mail, after the account " "creation;" msgstr "" -#: canaille/templates/profile.html:111 canaille/templates/profile.html:134 +#: canaille/templates/profile.html:108 canaille/templates/profile.html:131 msgid "" "or simply waiting for the user to sign-in a first time, and then receive " "a password initialization mail." msgstr "" -#: canaille/templates/profile.html:124 +#: canaille/templates/profile.html:121 msgid "Send email" msgstr "" -#: canaille/templates/profile.html:128 +#: canaille/templates/profile.html:125 msgid "This user does not have a password yet" msgstr "" -#: canaille/templates/profile.html:130 +#: canaille/templates/profile.html:127 msgid "You can solve this by:" msgstr "" -#: canaille/templates/profile.html:132 +#: canaille/templates/profile.html:129 msgid "setting a password using this form;" msgstr "" -#: canaille/templates/profile.html:133 +#: canaille/templates/profile.html:130 msgid "sending the user a password initialization mail, by clicking this button;" msgstr "" -#: canaille/templates/profile.html:145 +#: canaille/templates/profile.html:142 msgid "Send mail" msgstr "" -#: canaille/templates/profile.html:149 -#: canaille/templates/reset-password.html:12 -#: canaille/templates/reset-password.html:19 +#: canaille/templates/profile.html:146 +#: canaille/templates/reset-password.html:11 +#: canaille/templates/reset-password.html:16 msgid "Password reset" msgstr "" -#: canaille/templates/profile.html:151 +#: canaille/templates/profile.html:148 msgid "" "If the user has forgotten his password, you can send him a password reset" " email by clicking this button." msgstr "" -#: canaille/templates/profile.html:157 -msgid "Submit" -msgstr "" - -#: canaille/templates/profile.html:161 +#: canaille/templates/profile.html:158 msgid "Impersonate" msgstr "" -#: canaille/templates/profile.html:167 +#: canaille/templates/profile.html:164 msgid "Delete the user" msgstr "" -#: canaille/templates/profile.html:169 +#: canaille/templates/profile.html:166 msgid "Delete my account" msgstr "" -#: canaille/templates/users.html:17 +#: canaille/templates/users.html:16 msgid "Add a user" msgstr "" -#: canaille/templates/users.html:23 +#: canaille/templates/users.html:22 msgid "Email" msgstr "" @@ -657,66 +737,66 @@ msgid "Subject" msgstr "" #: canaille/templates/admin/authorization_list.html:21 -#: canaille/templates/admin/client_list.html:27 +#: canaille/templates/admin/client_list.html:24 #: canaille/templates/admin/token_list.html:21 msgid "Created" msgstr "" -#: canaille/templates/admin/authorization_view.html:8 +#: canaille/templates/admin/authorization_view.html:7 msgid "View a authorization" msgstr "" -#: canaille/templates/admin/client_add.html:8 +#: canaille/templates/admin/client_add.html:7 msgid "Add a client" msgstr "" -#: canaille/templates/admin/client_add.html:14 +#: canaille/templates/admin/client_add.html:11 msgid "Confirm" msgstr "" -#: canaille/templates/admin/client_edit.html:13 +#: canaille/templates/admin/client_edit.html:12 msgid "Client deletion" msgstr "" -#: canaille/templates/admin/client_edit.html:16 +#: canaille/templates/admin/client_edit.html:15 msgid "" "Are you sure you want to delete this client? This action is unrevokable " "and all the data about this client will be removed." msgstr "" -#: canaille/templates/admin/client_edit.html:26 +#: canaille/templates/admin/client_edit.html:25 msgid "Edit a client" msgstr "" -#: canaille/templates/admin/client_edit.html:35 +#: canaille/templates/admin/client_edit.html:32 msgid "ID" msgstr "" -#: canaille/templates/admin/client_edit.html:39 +#: canaille/templates/admin/client_edit.html:36 msgid "Secret" msgstr "" -#: canaille/templates/admin/client_edit.html:43 +#: canaille/templates/admin/client_edit.html:40 msgid "Issued at" msgstr "" -#: canaille/templates/admin/client_edit.html:60 +#: canaille/templates/admin/client_edit.html:57 msgid "Edit" msgstr "" -#: canaille/templates/admin/client_edit.html:63 +#: canaille/templates/admin/client_edit.html:60 msgid "Delete the client" msgstr "" -#: canaille/templates/admin/client_list.html:20 +#: canaille/templates/admin/client_list.html:17 msgid "Add client" msgstr "" -#: canaille/templates/admin/client_list.html:26 +#: canaille/templates/admin/client_list.html:23 msgid "URL" msgstr "" -#: canaille/templates/admin/token_view.html:8 +#: canaille/templates/admin/token_view.html:7 msgid "View a token" msgstr ""