Commit graph

1242 commits

Author SHA1 Message Date
sebastien
0fc5afb0bd changes flash message category to info because, informing the admin is not a success but an information for the user 2024-11-19 16:11:23 +01:00
sebastien
3725ab2ea5 updates config.sample.toml correct display style 2024-11-19 15:54:52 +01:00
sebastien
e16d7394a9 updates pybabel translation 2024-11-19 15:44:02 +01:00
sebastien
033fd423e5 Merge branch '179-check-passwords-on-compromised-password-databases' of gitlab.com:yaal/canaille into 179-check-passwords-on-compromised-password-databases 2024-11-19 15:43:08 +01:00
sebastien
bcacef8414 updates pybabel translation 2024-11-19 15:40:52 +01:00
sebastien yaal
734f2a85ac Merge branch 'main' into '179-check-passwords-on-compromised-password-databases'
# Conflicts:
#   canaille/translations/messages.pot
2024-11-19 14:38:12 +00:00
sebastien
aaa17c2545 hotfix update previous commit 2024-11-19 14:48:56 +01:00
sebastien
bfff1bcdc1 refacto form test: separating htmx request and form submit 2024-11-19 14:46:38 +01:00
sebastien
d9f01fef6e hotfix 2024-11-19 13:56:07 +01:00
sebastien
b49f1df395 Adds configuration variable for hibp api url 2024-11-19 11:20:25 +01:00
sebastien
d18b555204 adds new log when HIBP API call fails 2024-11-19 09:11:02 +01:00
gallegonovato
b7f4d93159
Translated using Weblate (Spanish)
Currently translated at 100.0% (381 of 381 strings)

Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/es/
2024-11-16 14:00:35 +01:00
sebastien
4487f66e9a updates pybabel translations 2024-11-15 16:28:52 +01:00
sebastien
9b8f8e9cd4 updates configuration and config.sample and demo config files toinclude new parameters. adds new tests for configuration condition. 2024-11-15 16:28:21 +01:00
Hosted Weblate
e0a390bf0a
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/
2024-11-15 12:51:26 +01:00
sebastien
d10497d3d2 updates pybabel translation 2024-11-15 12:34:42 +01:00
sebastien
d6dfd439f3 adds tests for ENABLE_PASSWORD_COMPROMISSION_CHECK config 2024-11-14 16:10:43 +01:00
sebastien
ec43d9157f avoids api call from tests 2024-11-14 15:32:31 +01:00
sebastien
2787252d81 the only receiver of mail when the request on HIBP api have failed is current_app.config[CANAILLE][ADMIN_EMAIL] defined in config. 2024-11-13 16:24:35 +01:00
sebastien
738ea3a5ac adds description on ENABLE_PASSWORD_COMPROMISSION_CHECK config setting 2024-11-13 16:22:50 +01:00
sebastien
4c146cc970 changes flash message when the password is compromised. 2024-11-13 16:21:52 +01:00
sebastien
ae9c1309b9 adds pre-visualization mail buttons when api request on HIBP have failed in canaille/core/templates/mails/admin.html 2024-11-13 16:20:30 +01:00
sebastien
2a57a05155 adds configuration option set by default False to check password compromise 2024-11-13 16:12:50 +01:00
Éloi Rivard
08e0dd47bd
fix: disable the mail sending test when no SMTP server is configured 2024-11-13 10:58:11 +01:00
sebastien
1522f05348 updates pybabel translation 2024-11-12 16:53:11 +01:00
sebastien
ea24f96e85 adds new config variable in case there is no default admin group in ACL/ADMIN/FILTER 2024-11-12 16:50:00 +01:00
sebastien
62ceadb64f refacto : isolate function to avoid import loops and clarify the role of the function (not in core because 'utils', not in mail to ovaid loop, not in form because not form) 2024-11-12 16:48:15 +01:00
sebastien
d41a4d1063 updates after merge main in branch 2024-11-12 09:41:03 +01:00
sebastien yaal
7b7ec74b9f Merge branch 'main' into '179-check-passwords-on-compromised-password-databases'
# Conflicts:
#   CHANGES.rst
2024-11-12 08:34:10 +00:00
sebastien
88986147d3 updates pybabel translations 2024-11-12 09:19:38 +01:00
sebastien
8284a41234 refacto for tests 2024-11-12 09:17:22 +01:00
sebastien
8104bbf03e adds new condition to help with tests and inform correctly the user with sending mail to admins if compromise password check failed 2024-11-08 15:19:11 +01:00
sebastien
f173a66793 adds new tests for compromised_password_check_failure situation. 2024-11-07 15:51:21 +01:00
Éloi Rivard
a012814eca
chore: enable flake8-bugbear ruff rules 2024-11-07 11:44:29 +01:00
sebastien
9844818280 Merge branch '179-check-passwords-on-compromised-password-databases' of gitlab.com:yaal/canaille into 179-check-passwords-on-compromised-password-databases 2024-11-07 10:34:12 +01:00
sebastien
e6a9f2dcc6 Merge branch 'main' of gitlab.com:yaal/canaille into 179-check-passwords-on-compromised-password-databases 2024-11-07 09:15:29 +01:00
Éloi Rivard
6c4ef023cb
fix: disable zxcvbn for Python 3.13
https://github.com/fief-dev/zxcvbn-rs-py/issues/2
2024-11-06 19:23:43 +01:00
sebastien
289176a086 replaces 'pwned' by 'compromised' 2024-11-06 15:57:51 +01:00
Éloi Rivard
6a6350e368
fix: with LDAP backend, edition the admin group would fail
The `match_filter` method evaluate filters, and queries objects from their ids.
The value was stored in the `filter` arg, but being a dict it was
re-used during the following calls of `match_filter`.
After editing the `admin` group (by adding or removing an user), a new page is displayed, and as always it checks the user permissions.
The user permission check would call `match_filter` then compare an
updated version of the admin group (with one less or one new user) with
an unfortunate *cached* version in the `match_filter` `filter` arg.
With the SQL or the memory backend the comparision would be successful,
but it is not with the LDAP backend.
This resulted in permission loss for users after editing the `admin`
group. Being a method default value edited, it would remain until the
Canaille service was reloaded.

Related to https://stackoverflow.com/questions/1132941/least-astonishment-and-the-mutable-default-argument
2024-11-06 15:00:57 +01:00
sebastien
56f0c9b51b hotfix api url following manual failed request tests 2024-11-06 13:51:50 +01:00
sebastien
025da08fd3 adds flash message for user when password compromise investigation failed. 2024-11-06 13:05:32 +01:00
sebastien
fa3a5f6616 gets the emails of each admin to send them the compromised_password_check_failure_mail 2024-11-06 12:56:35 +01:00
Éloi Rivard
fe8e1160ab
refactor: move session related methods in a dedicated file 2024-11-06 09:10:43 +01:00
sebastien
9708809714 updates file names, variable names to be clearer. 2024-11-05 16:18:45 +01:00
sebastien
ca7f718353 adds mail sending to admin if failure of api HIBP request to check if password is compromised 2024-11-05 15:43:15 +01:00
sebastien
093397256b fix url typo 2024-11-04 11:15:32 +01:00
sebastien
0acbb40ecd consumes haveibeenpwned API directly 2024-11-04 08:55:55 +01:00
sebastien yaal
f4e222a24c
Translated using Weblate (French)
Currently translated at 100.0% (380 of 380 strings)

Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/fr/
2024-11-01 10:00:27 +01:00
gallegonovato
8af6263b2f
Translated using Weblate (Spanish)
Currently translated at 100.0% (380 of 380 strings)

Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/es/
2024-10-29 23:11:51 +01:00
Hosted Weblate
161293bf53
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/
2024-10-28 22:17:56 +01:00
sebastien yaal
a4bd03f71c feat: password strength indicator 2024-10-28 21:17:47 +00:00
Éloi Rivard
6b5e3e1a8e
fix: py310 unit tests
For some reasons, list["Client"] does not resolve the ForwardRef in
python 3.10 as it does with typing.List["Client"], which in the end
breaks the memory backend model accessors.
2024-10-28 21:41:55 +01:00
Éloi Rivard
0b51b01031
refactor: apply ruff migrations for python 3.10+ 2024-10-28 09:13:00 +01:00
Éloi Rivard
3a3cd304b8
tests: refactor logging tests
add restaure 100% coverage
2024-10-27 21:46:47 +01:00
Éloi Rivard
52031dd2c4
refactor: move logging machinery in its own dedicated file 2024-10-27 13:54:14 +01:00
Félix Rohrlich
603eab0b3c refactor : added proper security logging level and refactored change email logging 2024-10-21 11:17:55 +02:00
Félix Rohrlich
038e6c094e feat: Added security logs for email update, forgotten password mail, token emission/refresh/revokation, new consent, consent revokation #177 2024-10-14 14:04:39 +02:00
Félix Rohrlich
545fb2d342 feat: change password events are logged in #177 2024-10-09 15:55:01 +02:00
Éloi Rivard
3c0c2e53db
chore: update to htmx 2.0.3 2024-10-07 14:18:30 +02:00
Éloi Rivard
86623f6690
refactor: remove useless de-indexation code in MemoryBackend
de-indexation was already achieved with the previous loop
2024-09-19 17:39:24 +02:00
Éloi Rivard
b14cc2b5ad
refactor: separate the loading of User permissions 2024-09-18 10:00:58 +02:00
Éloi Rivard
813640fef9
refactor: User.can_read do not call private vars
so they get a chance to be loaded if needed
2024-09-17 19:58:07 +02:00
Éloi Rivard
c28a1e9351
fix: display a 500 error when SMTP configuration is defined but null
this improves tests coverage
2024-09-15 17:58:03 +02:00
Éloi Rivard
001d635295
tests: missing client_id on OIDC authorization page 2024-09-13 15:08:23 +02:00
Éloi Rivard
5149b96731
Translated using Weblate (French)
Currently translated at 100.0% (377 of 377 strings)

Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/fr/
2024-09-13 08:47:36 +00:00
gallegonovato
b9be62b0cf
Translated using Weblate (Spanish)
Currently translated at 100.0% (377 of 377 strings)

Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/es/
2024-09-13 08:47:36 +00:00
Hosted Weblate
20a7a7d1c9
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/
2024-09-13 08:47:35 +00:00
Éloi Rivard
37ecb7a2ba
chore: use pyproject.toml with babel to extract strings 2024-09-12 19:29:59 +02:00
Éloi Rivard
cfabcc485c
chore: automitaclly fix typos 2024-09-11 09:33:42 +02:00
Moha684
269d238a28
Translated using Weblate (Breton)
Currently translated at 10.8% (41 of 377 strings)

Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/br/
2024-08-08 21:09:20 +02:00
Moha684
67ce98b84b
Translated using Weblate (Spanish)
Currently translated at 100.0% (377 of 377 strings)

Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/es/
2024-08-08 21:09:19 +02:00
Moha684
5efef5c74b
Added translation using Weblate (Breton) 2024-08-07 21:02:48 +02:00
Éloi Rivard
35fab7d321
fix: LDAP backend rdn_value could try to strip a None value 2024-07-25 17:39:40 +02:00
Éloi Rivard
e5328837fd
chore: pre-commit upgrade 2024-07-25 16:47:45 +02:00
Sascha
9e1b5e2a58
Translated using Weblate (German)
Currently translated at 100.0% (377 of 377 strings)

Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/de/
2024-06-26 13:09:23 +02:00
Éloi Rivard
0cbaa3b3bc
feat: more blocks for theming firstlogin, forgotten-password and
reset-password pages
2024-05-21 18:08:44 +02:00
Éloi Rivard
61da0683bd
feat: more blocks for theming login and password pages 2024-05-21 17:17:48 +02:00
Éloi Rivard
18a711ef7d
doc: features and use cases documentation 2024-05-21 11:07:07 +02:00
Éloi Rivard
b46102bb75
fix: crash for passwordless users at login when no SMTP server was configured 2024-05-14 23:15:41 +02:00
Éloi Rivard
3fb5d0149d
fix: SMTP feature can be disabled again 2024-05-14 23:04:32 +02:00
Éloi Rivard
43f9f328a5
refactor: factorize features definition 2024-05-14 22:53:47 +02:00
Brunelie Lauret
069d23d262 Fix colors in dark theme for better readability 2024-05-14 10:15:18 +02:00
Éloi Rivard
194147d84e
doc: actually, document enums without any dependency 2024-05-14 09:32:32 +02:00
Éloi Rivard
345177f519
doc: user enum_tools instead of sphinx-auto-enum 2024-05-14 09:05:46 +02:00
Éloi Rivard
25f2b6dedd
feat: model management commands 2024-05-13 14:16:14 +02:00
Éloi Rivard
5beee67a61
fix: User group deletion without reading User.groups with LDAP backend 2024-05-12 22:28:32 +02:00
Éloi Rivard
4791d27569
doc: CLI documentation improvements 2024-05-12 11:33:22 +02:00
Éloi Rivard
b16630063b
fix: check command when SMTP configuration is not defined 2024-05-12 10:42:41 +02:00
Éloi Rivard
98e5849a65
fix: remove useless Flask CLI options 2024-05-08 10:31:34 +02:00
Éloi Rivard
3df1b9d7c7
doc: fix doc building 2024-05-08 10:08:46 +02:00
Éloi Rivard
17a994bd9f
doc: fix doc warnings 2024-05-08 09:33:52 +02:00
Éloi Rivard
4e99eaecea
tests: remove SQLAlchemy warnings on double deletions 2024-05-07 16:19:50 +02:00
Éloi Rivard
e44b2bf469
tests: fix CI 2024-05-03 22:35:57 +02:00
Éloi Rivard
851b383117
refactor: move listify from MemoryBackend to MemoryBackend 2024-05-03 22:25:21 +02:00
Éloi Rivard
cc9ed335cc
refactor: move MemoryBackend indexation logic into MemoryBackend 2024-05-03 22:25:21 +02:00
Éloi Rivard
16c3021a8f
refactor: Rename BaseBackend in Backend 2024-05-03 22:25:20 +02:00
Éloi Rivard
6ff591b91c
refactor: Move __html__ from BackendModel to Model 2024-05-03 22:25:20 +02:00
Éloi Rivard
b2d5f8d3a1
refactor: move BackendModel.update to Backend.update 2024-05-03 22:25:20 +02:00
Éloi Rivard
473a262ea2
refactor: move BackendModel.reload to Backend.reload 2024-05-03 22:25:20 +02:00
Éloi Rivard
2ccdaeadf6
refactor: move BackendModel.delete to Backend.delete 2024-05-03 22:22:08 +02:00
Éloi Rivard
09588e0f48
refactor: move BackendModel.save to Backend.save 2024-05-03 22:22:06 +02:00
Éloi Rivard
44573713ed
refactor: move BackendModel.get to Backend.get 2024-05-03 21:54:03 +02:00
Éloi Rivard
ccde88b1bf
refactor: BackendModel.get() is now Backend.instance 2024-05-03 21:46:28 +02:00
Éloi Rivard
fa6488bcd1
refactor: move BackendModel.fuzzy to Backend.fuzzy 2024-05-03 21:42:55 +02:00
Éloi Rivard
8425b2a3b8
refactor: move BackendModel.query to Backend.query 2024-05-03 21:42:54 +02:00
Éloi Rivard
93fa708b1c
refactor: move LDAPObjectQuery in its own file 2024-05-03 21:36:15 +02:00
Éloi Rivard
222d7676ca
Translated using Weblate (French)
Currently translated at 100.0% (377 of 377 strings)

Co-authored-by: Éloi Rivard <eloi.rivard@nubla.fr>
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/fr/
Translation: Canaille/Canaille
2024-05-02 19:09:09 +02:00
gallegonovato
95fb442546
Translated using Weblate (Spanish)
Currently translated at 100.0% (377 of 377 strings)

Co-authored-by: gallegonovato <fran-carro@hotmail.es>
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/es/
Translation: Canaille/Canaille
2024-05-02 19:09:07 +02:00
Hosted Weblate
a3a8281ffb
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/
Translation: Canaille/Canaille
2024-05-01 18:40:09 +02:00
Éloi Rivard
98b26ee6f3
fix: translatable f-string 2024-05-01 18:39:59 +02:00
Éloi Rivard
340daa21f8
Translated using Weblate (French)
Currently translated at 100.0% (375 of 375 strings)

Co-authored-by: Éloi Rivard <eloi.rivard@nubla.fr>
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/fr/
Translation: Canaille/Canaille
2024-04-29 20:07:19 +02:00
gallegonovato
82bd37f240
Translated using Weblate (Spanish)
Currently translated at 100.0% (375 of 375 strings)

Co-authored-by: gallegonovato <fran-carro@hotmail.es>
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/es/
Translation: Canaille/Canaille
2024-04-29 20:07:17 +02:00
Hosted Weblate
fec5f58244
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/
2024-04-28 19:49:26 +02:00
Éloi Rivard
69019763d4
feat: group member removal can be achieved from the group edition page 2024-04-28 19:47:57 +02:00
Éloi Rivard
69b565e1ad
refactor: LDAP backend tolerates double deletions 2024-04-28 16:18:36 +02:00
Éloi Rivard
867de91740
Translated using Weblate (French)
Currently translated at 100.0% (369 of 369 strings)

Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/fr/
2024-04-28 15:07:27 +02:00
gallegonovato
00269075c4
Translated using Weblate (Spanish)
Currently translated at 100.0% (369 of 369 strings)

Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/es/
2024-04-28 15:07:25 +02:00
Éloi Rivard
e3ab3e0f7d
chore: bump to htmx 1.9.12 2024-04-28 09:31:39 +02:00
Éloi Rivard
288ad161d3
tests: test mail attachments mimetypes 2024-04-27 14:36:34 +02:00
Hosted Weblate
6ac4aadb02
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/
2024-04-27 14:08:08 +02:00
Éloi Rivard
22d7c3e336
chore: extract translatable strings 2024-04-27 14:07:55 +02:00
Éloi Rivard
ebcaaeaded
tests: fix GHA
For some reasons, webp mimetypes failed to be guessed on GHA.
2024-04-27 14:06:20 +02:00
Éloi Rivard
dc89a20b11
chore: configure ruff 2024-04-23 22:12:04 +02:00
Éloi Rivard
256566df94
refactor: Model identifier_attributes are fixed. 2024-04-22 20:04:24 +02:00
Éloi Rivard
afa0a6ff1e
feat: env_prefix create_app variable can select the environment var prefix 2024-04-22 18:10:49 +02:00
Éloi Rivard
7fc887a492
feat: ENV_FILE configuration variable can customize the .env file 2024-04-22 16:37:31 +02:00
Éloi Rivard
9c86f5e9af
refactor: Use annotations to mark model attributes 2024-04-21 11:48:39 +02:00
Éloi Rivard
acf8acf29f
fix: locked users cannot use OIDC authorization codes 2024-04-17 13:05:14 +02:00
Éloi Rivard
382dbcaf1a
feat: add 'autocomplete' tag on the password form 2024-04-17 12:36:39 +02:00
Éloi Rivard
fc8c0da912
fix: locked users cannot use refresh tokens 2024-04-17 12:07:11 +02:00
Éloi Rivard
31423cde1a
refactor: split oidc.authorize endpoint in several smaller functions 2024-04-17 11:56:44 +02:00
Éloi Rivard
6601abaeb4
refactor: memory model clears its cache when reading a model 2024-04-17 10:51:53 +02:00
Éloi Rivard
0ba1c93152
chore: add typing to Model._attributes 2024-04-17 09:03:54 +02:00
Éloi Rivard
d811c3473d
refactor: use one single Faker object to generate users 2024-04-16 21:43:34 +02:00
Éloi Rivard
fa6949e5c6
tests: speed up tests
by avoiding to create more faker.Faker objects than necessary
2024-04-16 21:25:20 +02:00
Éloi Rivard
f9989a960b
feat: locked users cannot be impersonated 2024-04-12 12:12:08 +02:00
Éloi Rivard
d9d5c85b51
refactor: memory backend clears its cache on save() calls 2024-04-12 10:55:24 +02:00
Éloi Rivard
6e26656cc4
tests: move test_model_references_set_unsaved_object to the ldap tests directory 2024-04-12 10:49:56 +02:00
Éloi Rivard
d8b5c837d7
Translated using Weblate (French)
Currently translated at 100.0% (368 of 368 strings)

Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/fr/
2024-04-10 11:01:48 +02:00
gallegonovato
c2f6a1d176
Translated using Weblate (Spanish)
Currently translated at 100.0% (368 of 368 strings)

Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/es/
2024-04-10 11:01:47 +02:00
Éloi Rivard
42dc023288
fix: display the menu bar on error pages 2024-04-09 22:06:08 +02:00
Éloi Rivard
7ad592c4de
fix: compatibility with old session IDs 2024-04-09 15:45:47 +02:00
Éloi Rivard
4037c296cf
fix: JAVASCRIPT and HTMX configuration settings were ignored 2024-04-09 12:07:00 +02:00
Éloi Rivard
f3bcdafb23
fix: clean the session cookie after logout 2024-04-09 11:56:51 +02:00
Hosted Weblate
7244f900a5
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/
2024-04-09 10:04:43 +02:00
Éloi Rivard
920395c27f
feat: sign in/out events are logged in #177 2024-04-09 10:04:26 +02:00
Éloi Rivard
053156ec18
feat: additional messages on password endpoint errors
when attempt_login is not found on the session, add a warning to be
displayed on the login page after redirection
2024-04-09 09:20:38 +02:00
Hosted Weblate
18f1229f85
Update translation files
Updated by "Update PO files to match POT (msgmerge)" hook in Weblate.

Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/
2024-04-08 14:56:52 +02:00
Éloi Rivard
3e5161e72b
Translated using Weblate (French)
Currently translated at 100.0% (366 of 366 strings)

Translation: Canaille/Canaille
Translate-URL: https://hosted.weblate.org/projects/canaille/canaille/fr/
2024-04-08 14:56:52 +02:00
Éloi Rivard
5aaccca4cf
fix: display an error message when trying to remove the last user from a group 2024-04-08 14:44:15 +02:00