globuzma/canaille-globuzma
1
0
Fork 0
forked from Github-Mirrors/canaille
Code Pull requests Activity
canaille-globuzma/doc/locales/doc.pot
Éloi Rivard 9a50291f43
doc: SCIM implementation details
2024-12-19 15:13:35 +01:00

6812 lines
234 KiB
Text
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# SOME DESCRIPTIVE TITLE.
# Copyright (C) 2024, Yaal Coop
# This file is distributed under the same license as the canaille package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: canaille 0.0.56\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-12-19 15:13+0100\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#: ../development/changelog.rst:2
#: 939119e221dc48ccadef61738f593f75
msgid "Release notes"
msgstr ""
#: ../development/changelog.rst:4
#: 5c86e0ddf13b4a11afae719b4a8c4213
msgid "All notable changes to this project will be documented in there."
msgstr ""
#: ../development/changelog.rst:6
#: 61e5050f997c46568da55c6829f11531
msgid "The format is based on `Keep a Changelog <https://keepachangelog.com/en/1.0.0/>`_, and this project adheres to `Semantic Versioning <https://semver.org/spec/v2.0.0.html>`_."
msgstr ""
#: ../../CHANGES.rst:2
#: 206f6798b58b44e9ade1689d820c7552
msgid "[0.0.57] - Unreleased"
msgstr ""
#: ../../CHANGES.rst:5
#: ../../CHANGES.rst:37
#: ../../CHANGES.rst:65
#: ../../CHANGES.rst:84
#: ../../CHANGES.rst:91
#: ../../CHANGES.rst:110
#: ../../CHANGES.rst:170
#: ../../CHANGES.rst:196
#: ../../CHANGES.rst:211
#: ../../CHANGES.rst:260
#: ../../CHANGES.rst:286
#: ../../CHANGES.rst:305
#: ../../CHANGES.rst:313
#: ../../CHANGES.rst:322
#: ../../CHANGES.rst:348
#: ../../CHANGES.rst:383
#: ../../CHANGES.rst:409
#: ../../CHANGES.rst:458
#: ../../CHANGES.rst:486
#: ../../CHANGES.rst:516
#: ../../CHANGES.rst:572
#: ../../CHANGES.rst:605
#: ../../CHANGES.rst:626
#: ../../CHANGES.rst:636
#: ../../CHANGES.rst:659
#: ../../CHANGES.rst:726
#: ../../CHANGES.rst:764
#: ../../CHANGES.rst:781
#: ../../CHANGES.rst:817
#: 5b2ae28202d249e39370b51c82a35bda
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
#: a10a871fc6ea42e8a52a1aa323001a53
msgid "Added"
msgstr ""
#: ../../CHANGES.rst:6
#: 7aeacbe0b4fa48c79db52ed0cf7229fd
msgid "Intruder lockout :issue:`173`"
msgstr ""
#: ../../CHANGES.rst:7
#: ce5db69d7e134a938f544bc4c14c2dbc
msgid ":attr:`~canaille.core.configuration.CoreSettings.ENABLE_INTRUDER_LOCKOUT` :issue:`173`"
msgstr ""
#: ../../CHANGES.rst:9
#: 0952593cb9c24691baaf0bbbeafbefd0
msgid "Multi-factor authentication :issue:`47`"
msgstr ""
#: ../../CHANGES.rst:10
#: 4eaf987f0daa4715826a62f691583866
msgid ":attr:`~canaille.core.configuration.CoreSettings.OTP_METHOD` and :attr:`~canaille.core.configuration.CoreSettings.EMAIL_OTP` and :attr:`~canaille.core.configuration.CoreSettings.SMS_OTP` and :attr:`~canaille.core.configuration.CoreSettings.SMPP` :issue:`47`"
msgstr ""
#: ../../CHANGES.rst:15
#: ba76f44c46d54198af2dcd0692442ce2
msgid "Password compromission check :issue:`179`"
msgstr ""
#: ../../CHANGES.rst:16
#: 4eaf987f0daa4715826a62f691583866
msgid ":attr:`~canaille.core.configuration.CoreSettings.ADMIN_EMAIL` and :attr:`~canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_COMPROMISSION_CHECK` and :attr:`~canaille.core.configuration.CoreSettings.PASSWORD_COMPROMISSION_CHECK_API_URL` :issue:`179`"
msgstr ""
#: ../../CHANGES.rst:20
#: c3938df1d7fc47aa9e9e686b32366a0a
msgid "Implement OIDC client_credentials flow. :issue:`207`"
msgstr ""
#: ../../CHANGES.rst:21
#: 7412b825ef54497db43d6f157d46fb6b
msgid "Button in the client admin page to create client tokens."
msgstr ""
#: ../../CHANGES.rst:22
#: 6f16cdf0ce864a20b13344f84e6dfefb
msgid "Basic SCIM implementation. :issue:`116` :pr:`197`"
msgstr ""
#: ../../CHANGES.rst:25
#: ../../CHANGES.rst:45
#: ../../CHANGES.rst:58
#: ../../CHANGES.rst:70
#: ../../CHANGES.rst:95
#: ../../CHANGES.rst:103
#: ../../CHANGES.rst:151
#: ../../CHANGES.rst:177
#: ../../CHANGES.rst:229
#: ../../CHANGES.rst:266
#: ../../CHANGES.rst:335
#: ../../CHANGES.rst:353
#: ../../CHANGES.rst:391
#: ../../CHANGES.rst:430
#: ../../CHANGES.rst:465
#: ../../CHANGES.rst:508
#: ../../CHANGES.rst:612
#: ../../CHANGES.rst:666
#: ../../CHANGES.rst:698
#: ../../CHANGES.rst:712
#: 51ebea9760e04f049db58a8d1e2fdd09
#: 51ebea9760e04f049db58a8d1e2fdd09
#: 51ebea9760e04f049db58a8d1e2fdd09
#: 51ebea9760e04f049db58a8d1e2fdd09
#: 51ebea9760e04f049db58a8d1e2fdd09
#: 51ebea9760e04f049db58a8d1e2fdd09
#: 51ebea9760e04f049db58a8d1e2fdd09
#: 51ebea9760e04f049db58a8d1e2fdd09
#: 51ebea9760e04f049db58a8d1e2fdd09
#: 51ebea9760e04f049db58a8d1e2fdd09
#: 51ebea9760e04f049db58a8d1e2fdd09
#: 51ebea9760e04f049db58a8d1e2fdd09
#: 51ebea9760e04f049db58a8d1e2fdd09
#: 51ebea9760e04f049db58a8d1e2fdd09
#: 51ebea9760e04f049db58a8d1e2fdd09
#: 51ebea9760e04f049db58a8d1e2fdd09
#: 51ebea9760e04f049db58a8d1e2fdd09
#: 51ebea9760e04f049db58a8d1e2fdd09
#: 51ebea9760e04f049db58a8d1e2fdd09
#: 51ebea9760e04f049db58a8d1e2fdd09
msgid "Changed"
msgstr ""
#: ../../CHANGES.rst:26
#: 5085714dd09e40dcbf2540a73162985c
msgid "PostgreSQL and MySQL extras does not rely on libraries that need to be compiled."
msgstr ""
#: ../../CHANGES.rst:27
#: 9108b999fecf4abf910d338c13fd0fc0
msgid "``.env`` files are not loaded by default. The ``ENV_FILE`` env var must be passed so ``.env`` files are loaded."
msgstr ""
#: ../../CHANGES.rst:30
#: 56edbd9989cf41c4b9b58dfd5e108991
msgid "[0.0.56] - 2024-11-07"
msgstr ""
#: ../../CHANGES.rst:33
#: ../../CHANGES.rst:75
#: ../../CHANGES.rst:114
#: ../../CHANGES.rst:122
#: ../../CHANGES.rst:130
#: ../../CHANGES.rst:137
#: ../../CHANGES.rst:144
#: ../../CHANGES.rst:158
#: ../../CHANGES.rst:188
#: ../../CHANGES.rst:201
#: ../../CHANGES.rst:219
#: ../../CHANGES.rst:238
#: ../../CHANGES.rst:246
#: ../../CHANGES.rst:272
#: ../../CHANGES.rst:280
#: ../../CHANGES.rst:300
#: ../../CHANGES.rst:330
#: ../../CHANGES.rst:362
#: ../../CHANGES.rst:370
#: ../../CHANGES.rst:396
#: ../../CHANGES.rst:416
#: ../../CHANGES.rst:440
#: ../../CHANGES.rst:450
#: ../../CHANGES.rst:471
#: ../../CHANGES.rst:479
#: ../../CHANGES.rst:502
#: ../../CHANGES.rst:525
#: ../../CHANGES.rst:537
#: ../../CHANGES.rst:546
#: ../../CHANGES.rst:555
#: ../../CHANGES.rst:564
#: ../../CHANGES.rst:584
#: ../../CHANGES.rst:591
#: ../../CHANGES.rst:641
#: ../../CHANGES.rst:649
#: ../../CHANGES.rst:674
#: ../../CHANGES.rst:682
#: ../../CHANGES.rst:690
#: ../../CHANGES.rst:703
#: ../../CHANGES.rst:717
#: ../../CHANGES.rst:749
#: ../../CHANGES.rst:772
#: ../../CHANGES.rst:803
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
#: ada79906de064c77a4cff6eda5238016
msgid "Fixed"
msgstr ""
#: ../../CHANGES.rst:34
#: 3d50d62c605c4973956375e2229be4f1
msgid "With LDAP backend, updating another user groups could result in a permission lost for the editor. :issue:`202`"
msgstr ""
#: ../../CHANGES.rst:38
#: ce5db69d7e134a938f544bc4c14c2dbc
msgid ":attr:`~canaille.core.configuration.CoreSettings.MAX_PASSWORD_LENGTH` and :attr:`~canaille.core.configuration.CoreSettings.MIN_PASSWORD_LENGTH` configuration options :issue:`174`"
msgstr ""
#: ../../CHANGES.rst:40
#: 0952593cb9c24691baaf0bbbeafbefd0
msgid "Password strength visual indicator. :issue:`174`"
msgstr ""
#: ../../CHANGES.rst:41
#: 34660cc568ac402485a0ae2a226c3ed9
msgid "Security events logs. :issue:`177`"
msgstr ""
#: ../../CHANGES.rst:42
#: 74390b590e9e4714bff818c8d9d95630
msgid "Support for Python 3.13. :pr:`186`"
msgstr ""
#: ../../CHANGES.rst:46
#: 962e298f8c7c44a8b3b0f450eb596537
msgid "Update to `HTMX` 2.0.3. :pr:`184`"
msgstr ""
#: ../../CHANGES.rst:47
#: ab78bee0981041d3ade7f68673ab3f12
msgid "Migrate the Python project management tool from poetry to uv. :pr:`187`"
msgstr ""
#: ../../CHANGES.rst:48
#: 7cb284d8934d4df7b96b3d995f0ae69a
msgid "The ``sql`` package extra is now split between ``sqlite``, ``postgresql`` and ``mysql``."
msgstr ""
#: ../../CHANGES.rst:51
#: ../../CHANGES.rst:401
#: ../../CHANGES.rst:809
#: 06fd8459f24443f5bc2dd961a2174774
#: 06fd8459f24443f5bc2dd961a2174774
#: 06fd8459f24443f5bc2dd961a2174774
msgid "Removed"
msgstr ""
#: ../../CHANGES.rst:52
#: 7dbb1818231144988378efbcc14e0335
msgid "End support for Python 3.9. :pr:`179`"
msgstr ""
#: ../../CHANGES.rst:55
#: bb731fcd74024f44b0b679df8fd1de3b
msgid "[0.0.55] - 2024-08-30"
msgstr ""
#: ../../CHANGES.rst:59
#: e3f7e5b1ec3d471bbaad41ad6afbd38e
msgid "Use poetry-core build backend. :pr:`178`"
msgstr ""
#: ../../CHANGES.rst:62
#: 97d86f7b7b6d4df3a78b00068c114b55
msgid "[0.0.54] - 2024-07-25"
msgstr ""
#: ../../CHANGES.rst:66
#: 0f6a7830c88b4121b1141a68853d36fd
msgid "Group member removal can be achieved from the group edition page. :issue:`192`"
msgstr ""
#: ../../CHANGES.rst:67
#: 761788b232b74eb089dd20c1a57bcf2a
msgid "Model management commands. :issue:`117` :issue:`54`"
msgstr ""
#: ../../CHANGES.rst:71
#: 1e28ba0fab8947bfbb7b10fc9dfca645
msgid "Model `identifier_attributes` are fixed."
msgstr ""
#: ../../CHANGES.rst:72
#: 72287f1ba34c4cc8b2cf0b4af47bbd53
msgid "Bump to `HTMX` 1.9.12. :pr:`172`"
msgstr ""
#: ../../CHANGES.rst:77
#: 72071aa06de847d29dcd9500881409d0
msgid "Dark theme colors for better readability."
msgstr ""
#: ../../CHANGES.rst:78
#: 600f70e2aecd4eba9ddee16500df48db
msgid "Crash for passwordless users at login when no SMTP server was configured."
msgstr ""
#: ../../CHANGES.rst:81
#: 09953502ecec43198af93b4c10d5dc3e
msgid "[0.0.53] - 2024-04-22"
msgstr ""
#: ../../CHANGES.rst:85
#: 4627291987094c60b1acc76d520719b4
msgid "`env_prefix` `create_app`` variable can select the environment var prefix."
msgstr ""
#: ../../CHANGES.rst:88
#: f21535ae9e6643708c8459143e861870
msgid "[0.0.52] - 2024-04-22"
msgstr ""
#: ../../CHANGES.rst:92
#: c9c3eb7bdd894b96b0adf60e33691fd4
msgid "`env_file` create_app variable can customize/disable the .env file."
msgstr ""
#: ../../CHANGES.rst:96
#: 7cda9bf8a22540d0b3233546e130847f
msgid "Locked users cannot be impersonated anymore."
msgstr ""
#: ../../CHANGES.rst:97
#: 965223cd352948c8a77f1b4ce2b50ce4
msgid "Minimum Python requirement is 3.9."
msgstr ""
#: ../../CHANGES.rst:100
#: de227140ea8e4d629ffd4189dbd43460
msgid "[0.0.51] - 2024-04-09"
msgstr ""
#: ../../CHANGES.rst:104
#: 79f55debd9964020a684739fd256ef14
msgid "Display the menu bar on error pages."
msgstr ""
#: ../../CHANGES.rst:107
#: 27a5f8ea8faa41deaf71ae8564fd43a5
msgid "[0.0.50] - 2024-04-09"
msgstr ""
#: ../../CHANGES.rst:111
#: 8d78dcd06ac84e7d9075dbb55d08b68c
msgid "Sign in/out events are logged in. :issue:`177`"
msgstr ""
#: ../../CHANGES.rst:115
#: f54c1f04263c4f19bf7c01a9e9fb1533
msgid "`HTMX` and `JAVASCRIPT` configuration settings."
msgstr ""
#: ../../CHANGES.rst:116
#: aac9f0d6bc274a6998bed8663e581445
msgid "Compatibility with old sessions IDs."
msgstr ""
#: ../../CHANGES.rst:119
#: 6c309d659a9d4b00897c0c86136117f2
msgid "[0.0.49] - 2024-04-08"
msgstr ""
#: ../../CHANGES.rst:123
#: e40c5385bf174d4dbdeb1e6c8f2bbca9
msgid "LDAP user group removal."
msgstr ""
#: ../../CHANGES.rst:124
#: db426dd917e9449ea1571f6d90fb59cb
msgid "Display an error message when trying to remove the last user from a group."
msgstr ""
#: ../../CHANGES.rst:127
#: aa9c1e96a9d84eb388b2ad22b0b9fa86
msgid "[0.0.48] - 2024-04-08"
msgstr ""
#: ../../CHANGES.rst:131
#: 3bbde6f2fc244902955a6b16a1d9bdc6
msgid "LDAP ``objectClass`` guessing exception."
msgstr ""
#: ../../CHANGES.rst:134
#: f55a477d72624ef691e7a783940c3208
msgid "[0.0.47] - 2024-04-08"
msgstr ""
#: ../../CHANGES.rst:138
#: aa6227db351548d1a883af36de508805
msgid "Lazy permission loading exception."
msgstr ""
#: ../../CHANGES.rst:141
#: 665fb2129c5f4c498a9eca30a7625d69
msgid "[0.0.46] - 2024-04-08"
msgstr ""
#: ../../CHANGES.rst:145
#: a736243f81d845d5a13e66303db4632d
msgid "Saving an object with the LDAP backend keeps the ``objectClass`` un-managed by Canaille. :pr:`171`"
msgstr ""
#: ../../CHANGES.rst:148
#: 23d50243f242497eafeb43190b191910
msgid "[0.0.45] - 2024-04-04"
msgstr ""
#: ../../CHANGES.rst:152
#: 8ca38c12afde4e1d881f0f631dee2180
msgid "Internal indexation mechanism of ``MemoryModel``."
msgstr ""
#: ../../CHANGES.rst:155
#: 0ec8aaff2a864d52beaead02de313d2f
msgid "[0.0.44] - 2024-03-29"
msgstr ""
#: ../../CHANGES.rst:159
#: 23af820d08664c0dbf3229567505e6a9
msgid "Fix the default LDAP ``USER_FILTER`` value."
msgstr ""
#: ../../CHANGES.rst:160
#: 695d4f4fe29a4f07960244b87ee1db21
msgid "Fix the OIDC feature detection."
msgstr ""
#: ../../CHANGES.rst:163
#: e7f1b082e81e4486b09fc76512e49dc5
msgid "[0.0.43] - 2024-03-29"
msgstr ""
#: ../../CHANGES.rst:167
#: ../../CHANGES.rst:426
#: 5cd7f27a291e46298c9a3aa6ee0e5cf0
#: 5cd7f27a291e46298c9a3aa6ee0e5cf0
msgid "Configuration files must be updated."
msgstr ""
#: ../../CHANGES.rst:172
#: d7d284cc9b424ec69d5240b428964d52
msgid "Add ``created`` and ``last_modified`` datetime for all models."
msgstr ""
#: ../../CHANGES.rst:173
#: 19050fc882664743866b11a49ca7e398
msgid "Sitemap to the documentation. :pr:`169`"
msgstr ""
#: ../../CHANGES.rst:174
#: bd7c56451cfa479fb3b8d19275045b6e
msgid "Configuration management with `pydantic-settings`. :issue:`138` :pr:`170`"
msgstr ""
#: ../../CHANGES.rst:179
#: d3e65f7666664d4f8ca54f02bf597c71
msgid "Use default Python logging configuration format. :issue:`188` :pr:`165`"
msgstr ""
#: ../../CHANGES.rst:180
#: ae5e4441862443b9aac1e26cf19a8908
msgid "Bump to `HTMX` 1.99.11. :pr:`166`"
msgstr ""
#: ../../CHANGES.rst:181
#: e487c2a78a354c6e85ec43fda9f59c4d
msgid "Use the standard tomllib Python module instead of `toml` starting from Python 3.11. :pr:`167`"
msgstr ""
#: ../../CHANGES.rst:182
#: e80e66bd46e14c0fae82950444ba043b
msgid "Use shibuya as the documentation theme :pr:`168`"
msgstr ""
#: ../../CHANGES.rst:185
#: 0eb0c4eec73848d283d54626e8538c61
msgid "[0.0.42] - 2023-12-29"
msgstr ""
#: ../../CHANGES.rst:190
#: 8e57897d767b4603a54db28c97416ee8
msgid "Avoid to fail on imports if ``cryptography`` is missing."
msgstr ""
#: ../../CHANGES.rst:193
#: f4ff69324e6e4a24b2f5aabf9ee71655
msgid "[0.0.41] - 2023-12-25"
msgstr ""
#: ../../CHANGES.rst:198
#: 39dd9ec6c6c2415fa90973a715a08d9f
msgid "OIDC support for the ``create`` value of the ``prompt`` parameter. :issue:`185` :pr:`164`"
msgstr ""
#: ../../CHANGES.rst:203
#: 7d59a023c9bc4a9b94f4339112602d32
msgid "Correctly set up :attr:`~canaille.oidc.basemodels.Client.audience` during OIDC dynamic registration."
msgstr ""
#: ../../CHANGES.rst:204
#: 1e194b3a94034c65936a18174d1078c5
msgid "``post_logout_redirect_uris`` was ignored during OIDC dynamic registration."
msgstr ""
#: ../../CHANGES.rst:205
#: d9f10cf1c5b3401d95f461f57dbfbece
msgid "Group field error prevented the registration form validation."
msgstr ""
#: ../../CHANGES.rst:208
#: 6653ebc2588a4ad8989581ca1060f1d9
msgid "[0.0.40] - 2023-12-22"
msgstr ""
#: ../../CHANGES.rst:213
#: 1eb728d8f35e4e57bd9b4284c7dd677b
msgid "The ``THEME`` setting can be a relative path."
msgstr ""
#: ../../CHANGES.rst:216
#: 37f2ef92582741e2985bab37fb6495df
msgid "[0.0.39] - 2023-12-15"
msgstr ""
#: ../../CHANGES.rst:221
#: b46f180dbba54aafb438013586a4100f
msgid "Crash when no ACL were defined."
msgstr ""
#: ../../CHANGES.rst:222
#: 958f8c3ecc57438e835053b3a7d87721
msgid "OIDC Userinfo endpoint is also available in POST."
msgstr ""
#: ../../CHANGES.rst:223
#: c37693d772f44c64b03f3baee793c0a1
msgid "Fix redirection after password reset. :issue:`159`"
msgstr ""
#: ../../CHANGES.rst:226
#: 9f0b57bb752141079ef51cc0833d3597
msgid "[0.0.38] - 2023-12-15"
msgstr ""
#: ../../CHANGES.rst:231
#: b208dfe943e64175906f965703dc33dd
msgid "Convert all the `PNG` pictures in `Webp`. :pr:`162`"
msgstr ""
#: ../../CHANGES.rst:232
#: 3827e636cee240479b1fcedbc86bdfde
msgid "Update to Flask 3. :issue:`161` :pr:`163`"
msgstr ""
#: ../../CHANGES.rst:235
#: acb7a5113f214b84b7f8fd21b48e22de
msgid "[0.0.37] - 2023-12-01"
msgstr ""
#: ../../CHANGES.rst:240
#: a22ebfb72b3d4c8c8285d99f4a18ed88
msgid "Handle 4xx and 5xx error codes with HTMX. :issue:`171` :pr:`161`"
msgstr ""
#: ../../CHANGES.rst:243
#: 5033ceb76b61492896a738cbabdf0e1a
msgid "[0.0.36] - 2023-12-01"
msgstr ""
#: ../../CHANGES.rst:248
#: df785fb08515480b8205eb8d521d699b
msgid "Avoid crashing when LDAP groups references unexisting users."
msgstr ""
#: ../../CHANGES.rst:249
#: e24d3cf2b5344f3196d44717249eeac9
msgid "Password reset and initialization mails were only sent to the preferred user email address."
msgstr ""
#: ../../CHANGES.rst:251
#: 279eb5763cb9437e98472ba23ef09cb9
msgid "Password reset and initialization mails were not sent at all the user addresses if one email address could not be reached."
msgstr ""
#: ../../CHANGES.rst:253
#: 8dbbbb93c0d9468db5756b74091a0346
msgid "Password comparison was too permissive on login."
msgstr ""
#: ../../CHANGES.rst:254
#: 2d5c6dab823a45df94ab7061b78fa140
msgid "Encrypt passwords in the SQL backend."
msgstr ""
#: ../../CHANGES.rst:257
#: 09acf9167bb14934ac3e4b763914df5c
msgid "[0.0.35] - 2023-11-25"
msgstr ""
#: ../../CHANGES.rst:262
#: b616ae34c6084446b826cbb4bea285ce
msgid "Refresh token grant supports other client authentication methods. :pr:`157`"
msgstr ""
#: ../../CHANGES.rst:263
#: 5e0cc8d4b2f9482cb0dd7d15578824ca
msgid "Implement a SQLAlchemy backend. :issue:`30` :pr:`158`"
msgstr ""
#: ../../CHANGES.rst:268
#: 1379d1aee7ee46fca1a78b6015f8d450
msgid "Model attributes cardinality is closer to SCIM model. :pr:`155`"
msgstr ""
#: ../../CHANGES.rst:269
#: 08f54a2189ba47dbb2e65e442181d6fd
msgid "Bump to `HTMX` 1.9.9. :pr:`159`"
msgstr ""
#: ../../CHANGES.rst:274
#: 001465c19ae140678ce9a78eb0ae7ff5
msgid "Disable `HTMX` boosting during the OIDC dance. :pr:`160`"
msgstr ""
#: ../../CHANGES.rst:277
#: e063fae1c9984dc0af421058e9bfb500
msgid "[0.0.34] - 2023-10-02"
msgstr ""
#: ../../CHANGES.rst:282
#: 3aadd82912d6401f8fddc3655ad594b9
msgid "Canaille installations without account lockabilty could not delete users. :pr:`153`"
msgstr ""
#: ../../CHANGES.rst:288
#: 52c2946196324ed2bfacac3fb518a6a1
msgid "If users register or authenticate during a OAuth Authorization phase, they get redirected back to that page afterwards. :issue:`168` :pr:`151`"
msgstr ""
#: ../../CHANGES.rst:291
#: e0bb3561373b4651b98fcc1df2e5db94
msgid "The `flask-babel` and `pytz` libraries are now part of the `front` packaging extras."
msgstr ""
#: ../../CHANGES.rst:292
#: 9cc1748f2a624399ae9983904d6765fc
msgid "Bump to `fomantic-ui` 2.9.3. :pr:`152`"
msgstr ""
#: ../../CHANGES.rst:293
#: ec7e3985dc034f43bc0e2411086928e7
msgid "Bump to `HTMX` 1.9.6. :pr:`154`"
msgstr ""
#: ../../CHANGES.rst:294
#: 768b97eabcb04396a1c3f7e3691c3ed2
msgid "Support for Python 3.12. :pr:`155`"
msgstr ""
#: ../../CHANGES.rst:297
#: 4664970b84d545e18a553f8191bc6e8b
msgid "[0.0.33] - 2023-08-26"
msgstr ""
#: ../../CHANGES.rst:302
#: 3456a02cbd894fccb45ffc1108226c5a
msgid "OIDC jwks endpoint do not return empty `kid` claim."
msgstr ""
#: ../../CHANGES.rst:307
#: fd6c83b8455f4402b82ffe670e6c83c1
msgid "Documentation details on the Canaille models."
msgstr ""
#: ../../CHANGES.rst:310
#: 1f3135eb404e412787af9b4f971ea523
msgid "[0.0.32] - 2023-08-17"
msgstr ""
#: ../../CHANGES.rst:315
#: fe7a0cb646094a3d9b2428f7b7d2f3d4
msgid "Additional inmemory backend. :issue:`30` :pr:`149`"
msgstr ""
#: ../../CHANGES.rst:316
#: 82523d1da67a46089ffd899f134486dd
msgid "Installation extras. :issue:`167` :pr:`150`"
msgstr ""
#: ../../CHANGES.rst:319
#: 9b5b3399c9fd4f3bbc8e152ee37e7910
msgid "[0.0.31] - 2023-08-15"
msgstr ""
#: ../../CHANGES.rst:324
#: b2ebe664d67047a5882a33ac5c75875b
msgid "Configuration option to disable the forced usage of OIDC `nonce` parameter. :pr:`143`"
msgstr ""
#: ../../CHANGES.rst:325
#: 463b404944d9465fa6a17d3d3c0ea106
msgid "Validate phone numbers with a regex. :pr:`146`"
msgstr ""
#: ../../CHANGES.rst:326
#: 0effe02b658f49698ab59c14e9103fbe
msgid "Email verification. :issue:`41` :pr:`147`"
msgstr ""
#: ../../CHANGES.rst:327
#: ca5e445840644c90980662464ea67abc
msgid "Account registration. :issue:`55` :pr:`133` :pr:`148`"
msgstr ""
#: ../../CHANGES.rst:332
#: 3792c9999c5a44c892129bce1c222552
msgid "The `check` command uses the default configuration values."
msgstr ""
#: ../../CHANGES.rst:337
#: 6e0b77065c024ebb96f30998294a3b8d
msgid "Modals do not need use Javascript at the moment. :issue:`158` :pr:`144`"
msgstr ""
#: ../../CHANGES.rst:340
#: e513ff9194cb493fb3273e811b5b96d0
msgid "[0.0.30] - 2023-07-06"
msgstr ""
#: ../../CHANGES.rst:344
#: 7bd32f1cc1c24ce9a6a7a4f3d7fd6024
msgid "Configuration files must be updated. Check the new format with ``git diff 0.0.29 0.0.30 canaille/conf/config.sample.toml``"
msgstr ""
#: ../../CHANGES.rst:350
#: a3f5487d18624886a2adee2c28346eae
msgid "Configuration option to disable Javascript. :pr:`141`"
msgstr ""
#: ../../CHANGES.rst:355
#: e6ab42f3565b415f85d7778e5ac18966
msgid "The configuration parameter ``USER_FILTER`` is parsed with Jinja."
msgstr ""
#: ../../CHANGES.rst:356
#: de4e44a5b6324f389effc64a28a69c5d
msgid "Configuration use ``PRIVATE_KEY_FILE`` instead of ``PRIVATE_KEY`` and ``PUBLIC_KEY_FILE`` instead of ``PUBLIC_KEY``."
msgstr ""
#: ../../CHANGES.rst:359
#: 812f9e5828dd4912bc832214d5ae721d
msgid "[0.0.29] - 2023-06-30"
msgstr ""
#: ../../CHANGES.rst:364
#: 81bf1e1132f44c5399805dc865372873
msgid "Disabled `HTMX` boosting on OIDC forms to avoid errors."
msgstr ""
#: ../../CHANGES.rst:367
#: 0b442eaa0f7f44919f3793aac59d4b4d
msgid "[0.0.28] - 2023-06-30"
msgstr ""
#: ../../CHANGES.rst:372
#: 3b645ba8d22642f7ae36a9401a170414
msgid "A template variable was misnamed."
msgstr ""
#: ../../CHANGES.rst:375
#: 1c8d7269601c4cbf8c6952063000a5f1
msgid "[0.0.27] - 2023-06-29"
msgstr ""
#: ../../CHANGES.rst:379
#: 3082667648f14f86a48ba1f4c71c6bf1
msgid "Configuration files must be updated. Check the new format with ``git diff 0.0.26 0.0.27 canaille/conf/config.sample.toml``"
msgstr ""
#: ../../CHANGES.rst:385
#: d37a0bf60d6a407094dca1df32907bc3
msgid "Configuration entries can be loaded from files if the entry key has a *_FILE* suffix and the entry value is the path to the file. :issue:`134` :pr:`134`"
msgstr ""
#: ../../CHANGES.rst:387
#: b198cedfd2dc4b1ca5caffb7281b2b77
msgid "Field list support. :issue:`115` :pr:`136`"
msgstr ""
#: ../../CHANGES.rst:388
#: bda5916225d046aa92eee4df020d31d7
msgid "Pages are boosted with `HTMX`. :issue:`144` :issue:`145` :pr:`137`"
msgstr ""
#: ../../CHANGES.rst:393
#: f0103671112e414da54f464537b92886
msgid "Bump to jquery 3.7.0. :pr:`138`"
msgstr ""
#: ../../CHANGES.rst:398
#: a3de7cd9d0b74333bbe2252c30b27d24
msgid "Profile edition when the user RDN was not ``uid``. :issue:`148` :pr:`139`"
msgstr ""
#: ../../CHANGES.rst:403
#: a8ee95c286e44ee190211fc2e7792b41
msgid "Stop support for Python 3.7. :pr:`131`"
msgstr ""
#: ../../CHANGES.rst:406
#: 031ef0bde1a142fda5313115f399b305
msgid "[0.0.26] - 2023-06-03"
msgstr ""
#: ../../CHANGES.rst:411
#: 8cd815265cd245d8ae32992c885e4c63
msgid "Implemented account expiration based on OpenLDAP ppolicy overlay. Needs OpenLDAP 2.5+. :issue:`13` :pr:`118`"
msgstr ""
#: ../../CHANGES.rst:413
#: f7ab79e41d1c400fa0f5be534df749eb
msgid "Timezone configuration entry. :issue:`137` :pr:`130`"
msgstr ""
#: ../../CHANGES.rst:418
#: 01a6b5ffbd164e11a7d13c2a720b6230
msgid "Avoid setting ``None`` in JWT claims when they have no value."
msgstr ""
#: ../../CHANGES.rst:419
#: 1b9beda783b14033b13b34bb69dcf94e
msgid "Display password recovery button on OIDC login page. :pr:`129`"
msgstr ""
#: ../../CHANGES.rst:422
#: 98f294fe9c78448e92a9340f14812660
msgid "[0.0.25] - 2023-05-05"
msgstr ""
#: ../../CHANGES.rst:427
#: b9e80a38348a4fabb577d17c476ef787
msgid "Check the new format with ``git diff 0.0.25 0.0.24 canaille/conf/config.sample.toml``"
msgstr ""
#: ../../CHANGES.rst:432
#: d72e485b1606403e895166193d518a26
msgid "Renamed user model attributes to match SCIM naming convention. :pr:`123`"
msgstr ""
#: ../../CHANGES.rst:433
#: f53dae9936ca4478b6575167779eb297
msgid "Moved OIDC related configuration entries in ``OIDC``."
msgstr ""
#: ../../CHANGES.rst:434
#: c097b3593a1f42d882167cef3925368a
msgid "Moved ``LDAP`` configuration entry to ``BACKENDS.LDAP``."
msgstr ""
#: ../../CHANGES.rst:435
#: 88b8faa16b314ab3bc05c8a24dc7432e
msgid "Bumped to `HTMX` 1.9.0. :pr:`124`"
msgstr ""
#: ../../CHANGES.rst:436
#: 391a6692f5de4897ac370fc253b7caf4
msgid "ACL filters are no more LDAP filters but user attribute mappings. :pr:`125`"
msgstr ""
#: ../../CHANGES.rst:437
#: 286baa01210c47ee8a9c71a8c51e72fb
msgid "Bumped to `HTMX` 1.9.2. :pr:`127`"
msgstr ""
#: ../../CHANGES.rst:442
#: 2f5e152512fe493c9e5f291f3dc47ca3
msgid "``OIDC.JWT.MAPPING`` configuration entry is really optional now."
msgstr ""
#: ../../CHANGES.rst:443
#: 646ffd29b1694f58a41036fec066e023
msgid "Fixed empty model attributes registration. :pr:`125`"
msgstr ""
#: ../../CHANGES.rst:444
#: 8ef81a1e8e584cab90c6401a07c88b81
msgid "Password initialization mails were not correctly sent. :pr:`128`"
msgstr ""
#: ../../CHANGES.rst:447
#: e9729b8de309453a862cb61a500d83a6
msgid "[0.0.24] - 2023-04-07"
msgstr ""
#: ../../CHANGES.rst:452
#: e25900ea2cb9451f9def4f1230cf311b
msgid "Fixed avatar update. :pr:`122`"
msgstr ""
#: ../../CHANGES.rst:455
#: 6b0ff68eb4d048f9a87c723077b6a917
msgid "[0.0.23] - 2023-04-05"
msgstr ""
#: ../../CHANGES.rst:460
#: 45d12b8c7b044a6aa129a826cb589403
msgid "Organization field. :pr:`116`"
msgstr ""
#: ../../CHANGES.rst:461
#: 7554a21c2da44a10ae7044507e7e8ef1
msgid "ETag and Last-Modified headers on user photos. :pr:`116`"
msgstr ""
#: ../../CHANGES.rst:462
#: 56e3c78c43bc4ebfb789357d53401f12
msgid "Dynamic form validation. :pr:`120`"
msgstr ""
#: ../../CHANGES.rst:467
#: eef201e52d6e487fb83b276678dcf6ad
msgid "UX rework. Submenu addition. :pr:`114`"
msgstr ""
#: ../../CHANGES.rst:468
#: f6dfc94a3486418cb94ebe88c6078543
msgid "Properly handle LDAP date timezones. :pr:`117`"
msgstr ""
#: ../../CHANGES.rst:473
#: c81b6adf5d6e40e8b0aeb2898e40c692
msgid "CSRF protection on every forms. :pr:`119`"
msgstr ""
#: ../../CHANGES.rst:476
#: 41e5cc643b4e4c35b9d04ed3c6eba537
msgid "[0.0.22] - 2023-03-13"
msgstr ""
#: ../../CHANGES.rst:480
#: e510bec507814d5387a49ba6117ef0a7
msgid "The `Faker` library is not imported anymore when the `clean` command is called."
msgstr ""
#: ../../CHANGES.rst:483
#: 9af418bca29f4c169f5720ea8e14e9ac
msgid "[0.0.21] - 2023-03-12"
msgstr ""
#: ../../CHANGES.rst:488
#: 6c81ccf5040343cebb06fe34cc66221e
msgid "Display TOS and policy URI on the consent list page. :pr:`102`"
msgstr ""
#: ../../CHANGES.rst:489
#: 4d19d14961744e028504787840181114
msgid "Admin token deletion. :pr:`100` :pr:`101`"
msgstr ""
#: ../../CHANGES.rst:490
#: cf00a4a47f2a4463a3cc06dd126d589d
msgid "Revoked consents can be restored. :pr:`103`"
msgstr ""
#: ../../CHANGES.rst:491
#: 06108983455940049911e3b8892f8735
msgid "Pre-consented clients are displayed in the user consent list, and their consents can be revoked. :issue:`69` :pr:`103`"
msgstr ""
#: ../../CHANGES.rst:493
#: 2f26c80f733b42f99df3af94c8774ad5
msgid "A ``populate`` command can be used to fill the database with random users generated with faker. :pr:`105`"
msgstr ""
#: ../../CHANGES.rst:495
#: 64049d3aa81141f3b29778b9f2f3d188
msgid "SMTP SSL support. :pr:`108`"
msgstr ""
#: ../../CHANGES.rst:496
#: 6f16cdf0ce864a20b13344f84e6dfefb
msgid "Server side pagination. :issue:`114` :pr:`111`"
msgstr ""
#: ../../CHANGES.rst:497
#: 7aeacbe0b4fa48c79db52ed0cf7229fd
msgid "Department number support. :issue:`129`"
msgstr ""
#: ../../CHANGES.rst:498
#: e5bb989cd1fe472cb845dfe3de958f55
msgid "Address edition support (but not in the OIDC claims yet). :pr:`112`"
msgstr ""
#: ../../CHANGES.rst:499
#: 1140843546bf41dd826bf71bea29ff23
msgid "Title edition support. :pr:`113`"
msgstr ""
#: ../../CHANGES.rst:504
#: d9bd3caa1f4f47ebb304efd457802ca1
msgid "Client deletion also deletes related :class:`~canaille.oidc.basemodels.Consent`, :class:`~canaille.oidc.basemodels.Token` and :class:`~canaille.oidc.basemodels.AuthorizationCode` objects. :issue:`126` :pr:`98`"
msgstr ""
#: ../../CHANGES.rst:510
#: ac1feaf507284b65bab96bc30457d263
msgid "Removed the `DataTables` Javascript library."
msgstr ""
#: ../../CHANGES.rst:513
#: d0d7087c87844d069df327a34667ef31
msgid "[0.0.20] - 2023-01-28"
msgstr ""
#: ../../CHANGES.rst:518
#: 6254c6b37dea417d908d7679fa0c2df5
msgid "Spanish translation. :pr:`85` :pr:`88`"
msgstr ""
#: ../../CHANGES.rst:519
#: 3a8a7c3e462e4388a29c87ea44bbca31
msgid "Dedicated connectivity test email. :pr:`89`"
msgstr ""
#: ../../CHANGES.rst:520
#: 6c73a2cff39a4b8caacfca57f27ba60b
msgid "Update to jquery 3.6.3. :pr:`90`"
msgstr ""
#: ../../CHANGES.rst:521
#: 2a31509ad04a41d4a9ceab66e4447c61
msgid "Update to fomantic-ui 2.9.1. :pr:`90`"
msgstr ""
#: ../../CHANGES.rst:522
#: 1b8798a48e73416383644caadcb8c9d0
msgid "Update to DataTables 1.13.1. :pr:`90`"
msgstr ""
#: ../../CHANGES.rst:527
#: 43bb3fea7c22470bb734e723ae6ec2dc
msgid "Fix typos and grammar errors. :pr:`84`"
msgstr ""
#: ../../CHANGES.rst:528
#: 28f37a5212944339bb10de4c91b1555d
msgid "Fix wording and punctuations. :pr:`86`"
msgstr ""
#: ../../CHANGES.rst:529
#: 3511a582ca4d4dd5b57f04e945ff2615
msgid "Fix HTML lang tag. :issue:`122` :pr:`87`"
msgstr ""
#: ../../CHANGES.rst:530
#: 227f6ecacee547eab969399f3543c1a9
msgid "Automatically trims the HTML translated strings. :pr:`91`"
msgstr ""
#: ../../CHANGES.rst:531
#: ce4262a979b34e588c4d99db8ec9fae6
msgid "Fixed dynamic registration scope management. :issue:`123` :pr:`93`"
msgstr ""
#: ../../CHANGES.rst:534
#: 3326dbb8be62452d8140320a39612093
msgid "[0.0.19] - 2023-01-14"
msgstr ""
#: ../../CHANGES.rst:539
#: c15def45121b4d30ab4c57c640f5da6a
msgid "Ensures the token `expires_in` claim and the `access_token` `exp` claim have the same value. :pr:`83`"
msgstr ""
#: ../../CHANGES.rst:543
#: 2e2f24525dba4a819e97e6589907d0a5
msgid "[0.0.18] - 2022-12-28"
msgstr ""
#: ../../CHANGES.rst:548
#: 82745fec4b984965b3d0b81bed5a3941
msgid "OIDC end_session was not returning the ``state`` parameter in the ``post_logout_redirect_uri``. :pr:`82`"
msgstr ""
#: ../../CHANGES.rst:552
#: 3bd062d77c0048d3816421ed0de978e6
msgid "[0.0.17] - 2022-12-26"
msgstr ""
#: ../../CHANGES.rst:557
#: 4f0e0feb2cca4a8eb54473f5764cfcc7
msgid "Fixed group deletion button. :pr:`80`"
msgstr ""
#: ../../CHANGES.rst:558
#: b6fc018fb2dc41ecaf43a313cf5330b9
msgid "Fixed post requests in oidc clients views. :pr:`81`"
msgstr ""
#: ../../CHANGES.rst:561
#: 0e9699c0d5a74e689fdb73d2ac431d28
msgid "[0.0.16] - 2022-12-15"
msgstr ""
#: ../../CHANGES.rst:566
#: a43af598d338438ea64a3352a866610c
msgid "Fixed LDAP operational attributes handling."
msgstr ""
#: ../../CHANGES.rst:569
#: 11d5f04851c847e6b3939176add7c1e2
msgid "[0.0.15] - 2022-12-15"
msgstr ""
#: ../../CHANGES.rst:574
#: ce751d2ad6e44f438e092afbdcfe72ce
msgid "User can chose their display name. :pr:`77`"
msgstr ""
#: ../../CHANGES.rst:575
#: 008bcd50172d46429d218c6afbd7bc0f
msgid "Bumped to Authlib 1.2. :pr:`78`"
msgstr ""
#: ../../CHANGES.rst:576
#: 3edcc407205b44918ab63920f9734a50
msgid "Implemented :rfc:`RFC7592 <7592>` OAuth 2.0 Dynamic Client Registration Management Protocol. :pr:`79`"
msgstr ""
#: ../../CHANGES.rst:578
#: e327d602ecac448f8f73a848047f6319
msgid "Add the ``nonce`` parameter to the ``claims_supported`` server metadata list."
msgstr ""
#: ../../CHANGES.rst:581
#: 74ad576932584357834751ca5edd823a
msgid "[0.0.14] - 2022-11-29"
msgstr ""
#: ../../CHANGES.rst:585
#: 1205e961f8944bbb8dbc519bbfdf4993
msgid "Fixed translation catalogs packaging."
msgstr ""
#: ../../CHANGES.rst:588
#: fc089f22a3a14548b469d6c4668bb3dc
msgid "[0.0.13] - 2022-11-21"
msgstr ""
#: ../../CHANGES.rst:593
#: ea1f503e84f04965b18a569cf25d2941
msgid "Fixed a bug on the contacts field in the admin client form following the LDAP schema update of 0.0.12."
msgstr ""
#: ../../CHANGES.rst:595
#: 95a73e92dd77499c9109135edf0040cf
msgid "Fixed a bug happening during RP initiated logout on clients without `post_logout_redirect_uri` defined."
msgstr ""
#: ../../CHANGES.rst:597
#: 5648d45162744cf4956d8d9c7d9bbf3d
msgid "Gitlab CI fix. :pr:`64`"
msgstr ""
#: ../../CHANGES.rst:598
#: 1b490834cff04cb99ff4b83f9e5dd758
msgid "Fixed `client_secret` display on the client administration page. :pr:`65`"
msgstr ""
#: ../../CHANGES.rst:599
#: 5d7cd051df4c45eb9b8e2beea6ec9659
msgid "Fixed non-square logo CSS. :pr:`67`"
msgstr ""
#: ../../CHANGES.rst:600
#: 16e68eaca761436eb1add2beea510963
msgid "Fixed schema path on installation. :pr:`68`"
msgstr ""
#: ../../CHANGES.rst:601
#: 5d87e6344c9d474c821419beb33a1d56
msgid "Fixed RFC7591 ``software_statement`` claim support. :pr:`70`"
msgstr ""
#: ../../CHANGES.rst:602
#: b65b8f602a7d4440936987b7c0143cf7
msgid "Fixed client preconsent disabling. :pr:`72`"
msgstr ""
#: ../../CHANGES.rst:607
#: 05f32b1852b34334be85dc02f3bc2689
msgid "Python 3.11 support. :pr:`61`"
msgstr ""
#: ../../CHANGES.rst:608
#: 33289ea27c844082832e8eea78498d86
msgid "``apparmor`` slapd configuration instructions in the documentation page for contributions. :pr:`66`"
msgstr ""
#: ../../CHANGES.rst:609
#: d12ad2a4e17244f8b2719ba9d0749597
msgid "``preferredLanguage`` attribute support. :pr:`75`"
msgstr ""
#: ../../CHANGES.rst:614
#: dac1b885aa8243af874405b4ccce52f2
msgid "Replaced the use of the deprecated `FLASK_ENV` environment variable by `FLASK_DEBUG`."
msgstr ""
#: ../../CHANGES.rst:616
#: b6ca7ce41fa346b8bb3fa325f1e1ac0d
msgid "Dynamically generate the server metadata. Users won't have to copy and manually edit ``oauth-authorizationserver.json`` and ``openid-configuration.json``. :pr:`71`"
msgstr ""
#: ../../CHANGES.rst:619
#: ae1b6570238e43f1ac83a511fece3cf5
msgid "The `FROM_ADDR` configuration option is not mandatory anymore. :pr:`73`"
msgstr ""
#: ../../CHANGES.rst:620
#: cba8b0fae91a4dfe9f0e05ddb541f667
msgid "The `JWT.ISS` configuration option is not mandatory anymore. :pr:`74`"
msgstr ""
#: ../../CHANGES.rst:623
#: 36caf034f254408aa020410594ab0cce
msgid "[0.0.12] - 2022-10-24"
msgstr ""
#: ../../CHANGES.rst:628
#: 319c8b51be714d25ab11b9a83241970d
msgid "Basic WebFinger endpoint. :pr:`59`"
msgstr ""
#: ../../CHANGES.rst:629
#: 97c9f28850884353be68c0ada430c443
msgid "Bumped to FomanticUI 2.9.0."
msgstr ""
#: ../../CHANGES.rst:630
#: c3938df1d7fc47aa9e9e686b32366a0a
msgid "Implemented Dynamic Client Registration. :pr:`60`"
msgstr ""
#: ../../CHANGES.rst:633
#: 5fbfc5c654b0443bac204c4743931636
msgid "[0.0.11] - 2022-08-11"
msgstr ""
#: ../../CHANGES.rst:638
#: d3758c7b32f54dc38b34ab4f54a526ba
msgid "Default theme has a dark variant. :pr:`57`"
msgstr ""
#: ../../CHANGES.rst:643
#: eac5e673605c44bebeab671117d02935
msgid "Fixed missing ``canaille`` binary. :pr:`58`"
msgstr ""
#: ../../CHANGES.rst:646
#: be7d08fe65be48d09396c1c7af7f0e49
msgid "[0.0.10] - 2022-07-07"
msgstr ""
#: ../../CHANGES.rst:651
#: f2759b5afad84126b4041f583edb72eb
msgid "Online demo. :pr:`55`"
msgstr ""
#: ../../CHANGES.rst:652
#: e3d980415ffb4cccb2272b1cf96719cc
msgid "The consent page was displaying scopes not supported by clients. :pr:`56`"
msgstr ""
#: ../../CHANGES.rst:653
#: d936dc556a9f4503b0802988273649d3
msgid "Fixed end session when user are already disconnected."
msgstr ""
#: ../../CHANGES.rst:656
#: 1732d28f09b24b89854f21bfe7942840
msgid "[0.0.9] - 2022-06-05"
msgstr ""
#: ../../CHANGES.rst:661
#: a298893156394c80b5f843c7193b0ca8
msgid "``DISABLE_PASSWORD_RESET`` configuration option to disable password recovery. :pr:`46`"
msgstr ""
#: ../../CHANGES.rst:662
#: c831a4847472435881495bdc121788f9
msgid "``edit_self`` ACL permission to control user self edition. :pr:`47`"
msgstr ""
#: ../../CHANGES.rst:663
#: 312e6a546170436ea1fa95b58e7d91e1
msgid "`RP-initiated logout` implementation. :pr:`54`"
msgstr ""
#: ../../CHANGES.rst:668
#: 797b8359f6a449e5ba16bcc78088768f
msgid "Bumped to Authlib 1. :pr:`48`"
msgstr ""
#: ../../CHANGES.rst:669
#: 4d9126ad1c3742759d3d204f1cf76dac
msgid "Various documentation improvements. :pr:`50`"
msgstr ""
#: ../../CHANGES.rst:670
#: 36dc25439ee04162b5a0a808de0e823e
msgid "Use poetry instead of setuptools as project management tool. :pr:`51`"
msgstr ""
#: ../../CHANGES.rst:671
#: f1fc01004b2f41349cbe787739c40b03
msgid "Additional tests for the OIDC ``nonce`` parameter. :pr:`52`"
msgstr ""
#: ../../CHANGES.rst:675
#: 0183302671b24cb0b537b104dc58a9ea
msgid "``HIDE_INVALID_LOGIN`` behavior and default value."
msgstr ""
#: ../../CHANGES.rst:676
#: 781578064d2347228773e4f950d612b2
msgid "Compiled translation catalogs are not versioned anymore. :pr:`49` :pr:`53`"
msgstr ""
#: ../../CHANGES.rst:679
#: d816db34635d4549985bb9d94d9a7862
msgid "[0.0.8] - 2022-03-15"
msgstr ""
#: ../../CHANGES.rst:684
#: 5c82cce323c6462687804d2c7f006f8d
msgid "Fixed dependencies."
msgstr ""
#: ../../CHANGES.rst:687
#: e6ab77996ddc43dab6022173bbd8eae0
msgid "[0.0.7] - 2022-03-15"
msgstr ""
#: ../../CHANGES.rst:692
#: db3701add4984f8c8dd764706a9639fd
msgid "Fixed spaces and escaped special char in LDAP ``cn/dn`` attributes. :pr:`43`"
msgstr ""
#: ../../CHANGES.rst:695
#: 099a78c093eb4078914a63b9f15403b7
msgid "[0.0.6] - 2022-03-08"
msgstr ""
#: ../../CHANGES.rst:700
#: 4598be258efa4e99ab34d7bd5648a824
msgid "Access token are JWT. :pr:`38`"
msgstr ""
#: ../../CHANGES.rst:705
#: 19eb39b5f802426f9c1380f0d3c0dfbb
msgid "Default groups on invitations. :pr:`41`"
msgstr ""
#: ../../CHANGES.rst:706
#: 81b3f2d331284cd1bd5d5a148b5d3b77
msgid "LDAP schemas are shipped within the Canaille package. :pr:`42`"
msgstr ""
#: ../../CHANGES.rst:709
#: bc34ed5400c7449886a6d25b679c7ae2
msgid "[0.0.5] - 2022-02-17"
msgstr ""
#: ../../CHANGES.rst:714
#: 45fc46e1672846778b27bc8766c1aeae
msgid "LDAP model objects have new identifiers. :pr:`37`"
msgstr ""
#: ../../CHANGES.rst:719
#: 8973b4acdebf481783a30266f9502cc2
msgid "Admin menu dropdown display. :pr:`39`"
msgstr ""
#: ../../CHANGES.rst:720
#: b5deb21feb4d45e58f0b010788916ecd
msgid "``GROUP_ID_ATTRIBUTE`` configuration typo. :pr:`40`"
msgstr ""
#: ../../CHANGES.rst:723
#: 3dad472d941b4b5392930e039a934df2
msgid "[0.0.4] - 2022-02-16"
msgstr ""
#: ../../CHANGES.rst:728
#: 3086c540c13844a3b626a211f86a856b
msgid "Client pre-authorization. :pr:`11`"
msgstr ""
#: ../../CHANGES.rst:729
#: b621896643ca409cac8c3007137ed084
msgid "LDAP permissions check with the check command. :pr:`12`"
msgstr ""
#: ../../CHANGES.rst:730
#: ac5232266c154c829a210031f4d8a1bc
msgid "Update consents when a scope required is larger than the scope of an already given consent. :pr:`13`"
msgstr ""
#: ../../CHANGES.rst:732
#: 7af42dde14864ada93162b9ea16e7cd4
msgid "Theme customization. :pr:`15`"
msgstr ""
#: ../../CHANGES.rst:733
#: b8096ecde48d430b91666fa493e4fffe
msgid "Logging configuration. :pr:`16`"
msgstr ""
#: ../../CHANGES.rst:734
#: 0db8075af2664c10be1433c0426592e5
msgid "Installation command. :pr:`17`"
msgstr ""
#: ../../CHANGES.rst:735
#: 5a0d7f3aca6b446fba5f0d36512be8c1
msgid "Invitation links. :pr:`18`"
msgstr ""
#: ../../CHANGES.rst:736
#: 900b1cb1421848c78ccd8559ce8aa513
msgid "Advanced permissions. :pr:`20`"
msgstr ""
#: ../../CHANGES.rst:737
#: be2815e3ce9b44f6aeb64d24d7cd75ee
msgid "An option to not use OIDC. :pr:`23`"
msgstr ""
#: ../../CHANGES.rst:738
#: 6fe21ccaf0474887a8c6c04e69154ada
msgid "Disable some features when no SMTP server is configured. :pr:`24`"
msgstr ""
#: ../../CHANGES.rst:739
#: 7fcdcf093e8849e59445af91ec4cfab6
msgid "Login placeholder dynamically generated according to the configuration. :pr:`25`"
msgstr ""
#: ../../CHANGES.rst:740
#: 9bebc076e1b64cb3be67690a3e46e808
msgid "Added an option to tune object IDs. :pr:`26`"
msgstr ""
#: ../../CHANGES.rst:741
#: 983fa51b51db46409b73d0ba279c76d5
msgid "Avatar support. :pr:`27`"
msgstr ""
#: ../../CHANGES.rst:742
#: 94758b3cf72342d2948e727f6deb10a7
msgid "Dynamical and configurable JWT claims. :pr:`28`"
msgstr ""
#: ../../CHANGES.rst:743
#: 33402d7e6d47455cbfc52aeb276a12f2
msgid "UI improvements. :pr:`29`"
msgstr ""
#: ../../CHANGES.rst:744
#: 181fed73a01445ea9865aadc802e9642
msgid "Invitation links expiration. :pr:`30`"
msgstr ""
#: ../../CHANGES.rst:745
#: eeaa39f7f6c842d39c1d8d40c6e4fbf8
msgid "Invitees can choose their IDs. :pr:`31`"
msgstr ""
#: ../../CHANGES.rst:746
#: 8123032bb5d341ec82aa2b0ac8caf886
msgid "LDAP backend refactoring. :pr:`35`"
msgstr ""
#: ../../CHANGES.rst:751
#: c9a12647745f472890eff2ceb165a8b8
msgid "Fixed ghost members in a group. :pr:`14`"
msgstr ""
#: ../../CHANGES.rst:752
#: 834311277daf401e9c654cfe0751d4f2
msgid "Fixed email sender names. :pr:`19`"
msgstr ""
#: ../../CHANGES.rst:753
#: 5fa1016aa05747ca84948a30c452d5a4
msgid "Fixed filter being not escaped. :pr:`21`"
msgstr ""
#: ../../CHANGES.rst:754
#: a221c0e18ffd40e3986f7d20f6eac01a
msgid "Demo script good practices. :pr:`32`"
msgstr ""
#: ../../CHANGES.rst:755
#: 7e90135fab824314847bb5f4e9ab0664
msgid "Binary path for Debian. :pr:`33`"
msgstr ""
#: ../../CHANGES.rst:756
#: 39205a39be2c4d4bbc2359ba32796266
msgid "Last name was not mandatory in the forms while this was mandatory in the LDAP server. :pr:`34`"
msgstr ""
#: ../../CHANGES.rst:758
#: bef3030603fa42ccaeffb936e450cfeb
msgid "Spelling typos. :pr:`36`"
msgstr ""
#: ../../CHANGES.rst:761
#: 2dc8f2d4014f4eb9805a19921e4e336a
msgid "[0.0.3] - 2021-10-13"
msgstr ""
#: ../../CHANGES.rst:766
#: f0b73ca5d1da4a728d770d11887f9754
msgid "Two-steps sign-in. :issue:`49`"
msgstr ""
#: ../../CHANGES.rst:767
#: d8353e939a4341fdb9d8b51ac4e03c75
msgid "Tokens can have several audiences. :issue:`62` :pr:`9`"
msgstr ""
#: ../../CHANGES.rst:768
#: a8bf6576f8214a6299aadf379a50f282
msgid "Configuration check command. :issue:`66` :pr:`8`"
msgstr ""
#: ../../CHANGES.rst:769
#: 05a103a6101241a9afbfeffb28b04ee2
msgid "Groups management. :issue:`12` :pr:`6`"
msgstr ""
#: ../../CHANGES.rst:774
#: f9681903b632489e99eb53fdf5301bb7
msgid "Introspection access bugfix. :issue:`63` :pr:`10`"
msgstr ""
#: ../../CHANGES.rst:775
#: 08202024eda84dd2b15e255de912389d
msgid "Introspection sub claim. :issue:`64` :pr:`7`"
msgstr ""
#: ../../CHANGES.rst:778
#: c8cf3465674b4ecb94bf3a4548fc5601
msgid "[0.0.2] - 2021-01-06"
msgstr ""
#: ../../CHANGES.rst:783
#: a52712c92f57496f9cbaf32727c9a2df
msgid "Login page is responsive. :issue:`1`"
msgstr ""
#: ../../CHANGES.rst:784
#: 3e40e18b9ffa4afd9036177b6d1a0393
msgid "Adapt mobile keyboards to login page fields. :issue:`2`"
msgstr ""
#: ../../CHANGES.rst:785
#: cf124fc4d201473f9a1d604b092c8c0a
msgid "Password recovery interface. :issue:`3`"
msgstr ""
#: ../../CHANGES.rst:786
#: 6a024dfd785b44f09e231f0f3b6a1bdd
msgid "User profile interface. :issue:`4`"
msgstr ""
#: ../../CHANGES.rst:787
#: 295718a0674c41749936c9ee63d895b2
msgid "Renamed the project *Canaille*. :issue:`5`"
msgstr ""
#: ../../CHANGES.rst:788
#: 5572ba58f8934db484ed5914858c1f61
msgid "Command to remove old tokens. :issue:`17`"
msgstr ""
#: ../../CHANGES.rst:789
#: da0ebb8c52d34d209bbbc13ec7a1902a
msgid "Improved password recovery email. :issue:`14` :issue:`26`"
msgstr ""
#: ../../CHANGES.rst:790
#: 2eca9a011ae64f8788ff5b22428f2b63
msgid "Use Flask `SERVER_NAME` configuration variable instead of `URL`. :issue:`24`"
msgstr ""
#: ../../CHANGES.rst:791
#: 42eb9a40233047e4a8d632b8b60a4220
msgid "Improved consents page. :issue:`27`"
msgstr ""
#: ../../CHANGES.rst:792
#: 4511807efd4b4f6ea558d2632d914cae
msgid "Admin user page. :issue:`8`"
msgstr ""
#: ../../CHANGES.rst:793
#: 9928a9d6301649a2bb80e54f26506c4e
msgid "Project logo. :pr:`29`"
msgstr ""
#: ../../CHANGES.rst:794
#: 4403f90b28a249c2b38248bf0c9f77f7
msgid "User account self-deletion can be enabled in the configuration with `SELF_DELETION`. :issue:`35`"
msgstr ""
#: ../../CHANGES.rst:795
#: 21fd51a849844a03b830dc97bc05ab0c
msgid "Admins can impersonate users. :issue:`39`"
msgstr ""
#: ../../CHANGES.rst:796
#: 31d73c9489164e0e92e62ac84bc8c22a
msgid "Forgotten page UX improvement. :pr:`43`"
msgstr ""
#: ../../CHANGES.rst:797
#: 2b400ada80514bc68dd82d954fff040d
msgid "Admins can remove clients. :pr:`45`"
msgstr ""
#: ../../CHANGES.rst:798
#: 2355c3ec7d674d50ace6ac3ad2065627
msgid "Option `HIDE_INVALID_LOGIN` that can be unactivated to let the user know if the login he attempt to sign in with exists or not. :pr:`48`"
msgstr ""
#: ../../CHANGES.rst:800
#: ad8e32ede8504576b73db0b8b7bf303a
msgid "Password initialization mail. :pr:`51`"
msgstr ""
#: ../../CHANGES.rst:805
#: 0f2d8650e76545438f92a8ca420e65e9
msgid "Form translations. :issue:`19` :issue:`23`"
msgstr ""
#: ../../CHANGES.rst:806
#: 6f367157d7464c9492c0f8a528dbd11f
msgid "Avoid to use Google Fonts. :issue:`21`"
msgstr ""
#: ../../CHANGES.rst:811
#: ae2646eead6a4983998e7b76396f3862
msgid "'My tokens' page. :issue:`22`"
msgstr ""
#: ../../CHANGES.rst:814
#: b2a9ee20e0214e2eb650a3c0c80c6a8f
msgid "[0.0.1] - 2020-10-21"
msgstr ""
#: ../../CHANGES.rst:819
#: 974217beadfa4205ad58a4fff852a8d4
msgid "Initial release."
msgstr ""
#: ../../CONTRIBUTING.rst:2
#: a96f68b7ad98474ba59c1cc935c2fab4
msgid "Contributions"
msgstr ""
#: ../../CONTRIBUTING.rst:4
#: f190f6b5c4a1498eadcb7fae2bcdf493
msgid "Contributions are welcome!"
msgstr ""
#: ../../CONTRIBUTING.rst:6
#: 26f13dddd093492789f21e4db847d7a9
msgid "The repository is hosted at `gitlab.com/yaal/canaille <https://gitlab.com/yaal/canaille>`_."
msgstr ""
#: ../../CONTRIBUTING.rst:9
#: 25361fdaed76435db19183cb37a4ee83
msgid "Discuss"
msgstr ""
#: ../../CONTRIBUTING.rst:11
#: b8e752ea3b8f4591a9c8616ed7f0d9af
msgid "If you want to implement a feature or a bugfix, please start by discussing it with us on the `bugtracker <https://gitlab.com/yaal/canaille/-/issues>`_ or the `matrix room <https://matrix.to/#/#canaille-discuss:yaal.coop>`_."
msgstr ""
#: ../../CONTRIBUTING.rst:16
#: 5e0c1113f29742f89b251b5903f73e36
msgid "Development environment"
msgstr ""
#: ../../CONTRIBUTING.rst:18
#: 710016d6c25b4193925b83445146a358
msgid "You can either run the demo locally or with Docker."
msgstr ""
#: ../../CONTRIBUTING.rst:20
#: 62ee7de4d731446fa1b2df4e3805803b
msgid "The only tool required for local development is `uv`. Make sure to have uv `installed on your computer <https://docs.astral.sh/uv/getting-started/installation/>`_ to be able to hack Canaille."
msgstr ""
#: ../../CONTRIBUTING.rst:24
#: b95dab6a28fb472bba445e43148ff6bc
msgid "Initialize your development environment with:"
msgstr ""
#: ../../CONTRIBUTING.rst:26
#: 8724e2b7dec24128988b2a3ffb199a4d
msgid "``uv sync --extra front --extra oidc`` to have a minimal working development environment. This will allow you to run the tests with ``uv pytest --backend memory``."
msgstr ""
#: ../../CONTRIBUTING.rst:27
#: ef925e13845f4ec1abf9cae0f0e64140
msgid "``uv sync --extra front --extra oidc --extra sqlite`` to have a minimal working development environment with SQLite backend support. This will allow you to run the tests with ``uv pytest --backend sql``."
msgstr ""
#: ../../CONTRIBUTING.rst:28
#: 2a07d0fc832b4178be5633d02a0f1d07
msgid "``uv sync --extra front --extra oidc --extra ldap`` to have a minimal working development environment with LDAP backend support. This will allow you to run the tests with ``uv pytest --backend ldap``."
msgstr ""
#: ../../CONTRIBUTING.rst:29
#: 77b8e98fabe140a28382d44b936baa18
msgid "``uv sync --all-extras`` if you want to have everything at your fingertips. Note that it may compile some Python dependencies that would expect things to be installed on your system; Some dependencies of Canaille might need to be compiled, so you probably want to check that `GCC` and `cargo` are available on your computer."
msgstr ""
#: ../../CONTRIBUTING.rst:32
#: a69af4c344d546e4abf52e4a3aa35cf8
msgid "After having launched the demo you have access to several services:"
msgstr ""
#: ../../CONTRIBUTING.rst:34
#: dda88353032541b9a70440211ee1a89b
msgid "A canaille server at `localhost:5000 <http://localhost:5000>`_"
msgstr ""
#: ../../CONTRIBUTING.rst:35
#: 5d2493dbe0924c578cbce67b64f80d14
msgid "A dummy client at `localhost:5001 <http://localhost:5001>`_"
msgstr ""
#: ../../CONTRIBUTING.rst:36
#: 595602fe39c040259d1e0346e45efdb7
msgid "Another dummy client at `localhost:5002 <http://localhost:5002>`_"
msgstr ""
#: ../../CONTRIBUTING.rst:38
#: 6de7e48182d648f89fe8b2c0b30634fd
msgid "The canaille server has some default users:"
msgstr ""
#: ../../CONTRIBUTING.rst:40
#: 05cc64bd64b3425f8c727e448bac1904
msgid "A regular user which login and password are **user**;"
msgstr ""
#: ../../CONTRIBUTING.rst:41
#: 526ece6f767c4728a86ccc832ed77f3e
msgid "A moderator user which login and password are **moderator**;"
msgstr ""
#: ../../CONTRIBUTING.rst:42
#: bb69c0dfc3e64ceeba0152302e50d5d2
msgid "An admin user which admin and password are **admin**;"
msgstr ""
#: ../../CONTRIBUTING.rst:43
#: c188d453c64c47869a6c1bba24c32639
msgid "A new user which login is **james**. This user has no password yet, and his first attempt to log-in would result in sending a password initialization email (if a smtp server is configured)."
msgstr ""
#: ../development/specifications.rst:106
#: ../../CONTRIBUTING.rst:48
#: f9d8d16e7fd1478ea154c65fddc0c109
#: 30174a5d8c1f479eaf739cfb67550caa
msgid "Backends"
msgstr ""
#: ../../CONTRIBUTING.rst:50
#: 0ec216a61a0f4d0c81ef8859f4b8e775
msgid "Canaille comes with several backends:"
msgstr ""
#: ../../CONTRIBUTING.rst:52
#: d49ccb7bb5d349b3b97dcb367e9f50db
msgid "a lightweight test purpose `memory` backend"
msgstr ""
#: ../../CONTRIBUTING.rst:53
#: 2b5961e3d4d34b41a03f5f4e1b305f14
msgid "a `sql` backend, based on sqlalchemy"
msgstr ""
#: ../../CONTRIBUTING.rst:54
#: 3db6bec104534cbbb972fef81e090786
msgid "a production-ready `LDAP` backend"
msgstr ""
#: ../../CONTRIBUTING.rst:57
#: b800e3599701462b8ad5f4449e0a62b4
msgid "Docker environment"
msgstr ""
#: ../../CONTRIBUTING.rst:59
#: 39ea2b50603a473cb167b4e1a6a135ca
msgid "If you want to develop with docker, your browser needs to be able to reach the `canaille` container. The docker-compose file exposes the right ports, but front requests are from outside the docker network: the `canaille` url that makes sense for docker, points nowhere from your browser. As exposed ports are on `localhost`, you need to tell your computer that `canaille` url means `localhost`."
msgstr ""
#: ../../CONTRIBUTING.rst:64
#: dd86e0f0a4204a77ba9927f1768aa33e
msgid "To do that, you can add the following line to your `/etc/hosts`:"
msgstr ""
#: ../../CONTRIBUTING.rst:70
#: 5572861cc5114b9b9e7f520fee49b975
msgid "To launch containers, use:"
msgstr ""
#: ../development/specifications.rst:108
#: ../tutorial/databases.rst:16
#: ../../CONTRIBUTING.rst:73
#: ../../CONTRIBUTING.rst:108
#: 7a0d8968fcbe4d8693ac6cf593f51106
#: fafde474a9ed41dab483dfb87f46dda3
#: f210968f704646b2a4b35d9f6a5baa90
#: e8a3d979968c4e05ab1fb5630eb8fc6b
msgid "SQL"
msgstr ""
#: ../../CONTRIBUTING.rst:74
#: ../../CONTRIBUTING.rst:109
#: a1183f0e179942889b697fccf6fde014
#: f12297286ea648a7a4f8723cd900dd74
msgid "With the SQL backend, the demo instance will load and save data in a local sqlite database."
msgstr ""
#: ../../CONTRIBUTING.rst:76
#: ../../CONTRIBUTING.rst:111
#: 2f256843b3974bfe82ebbd54b22758a0
#: 03535ba511ef42feb8d6fb77934fb88b
msgid "Run the demo instance with the SQL backend"
msgstr ""
#: ../tutorial/databases.rst:8
#: ../../CONTRIBUTING.rst:83
#: ../../CONTRIBUTING.rst:117
#: 3216b8433f1847809573eaaa434fe9a7
#: 6323f7ec77464e2ba7d399f7ccc6f590
#: d63a7ad080eb47be9529226d4685cf76
msgid "Memory"
msgstr ""
#: ../../CONTRIBUTING.rst:84
#: ../../CONTRIBUTING.rst:118
#: 96e1856006aa4151b406b7f7922e84ff
#: 74b6ac7aa3c144f9be537b2c60010548
msgid "With the memory backend, all data is lost when Canaille stops."
msgstr ""
#: ../../CONTRIBUTING.rst:86
#: ../../CONTRIBUTING.rst:120
#: 6751970e321642cb9cfabd3395bdf82b
#: b4933b104b004ed39073970b595e9b5f
msgid "Run the demo instance with the memory backend"
msgstr ""
#: ../development/specifications.rst:108
#: ../tutorial/databases.rst:32
#: ../../CONTRIBUTING.rst:93
#: ../../CONTRIBUTING.rst:126
#: fdfa320e4c4445e5a0c5443e647c0835
#: 44d5d5bd5737458d81975f70b3477b17
#: bbe1b4e1618b44fb9651929f4e459099
#: 2794653a6dd64b5f8a13bc552aa7acc9
msgid "LDAP"
msgstr ""
#: ../../CONTRIBUTING.rst:94
#: ../../CONTRIBUTING.rst:127
#: c8a1e8a894ef4fa9a4ea60027c3b73a1
#: 8733bd5bbf5b4744ab8896570d709291
msgid "With the LDAP backend, all data is lost when Canaille stops."
msgstr ""
#: ../../CONTRIBUTING.rst:96
#: ../../CONTRIBUTING.rst:129
#: ac813d37940b4d189a3957eeba2ffb08
#: 73ef2cc1d55f45acbe1568f8da59c158
msgid "Run the demo instance with the LDAP backend"
msgstr ""
#: ../../CONTRIBUTING.rst:105
#: 80000162aaf447eda038a20ae12973c7
msgid "Local environment"
msgstr ""
#: ../../CONTRIBUTING.rst:135
#: 8b346e3f0ae84b289a7e819279283718
msgid "If you want to run the demo locally with the LDAP backend, you need to have `OpenLDAP <https://www.openldap.org/>`_ installed on your system. It is generally shipped under the ``slapd`` or ``openldap`` package name."
msgstr ""
#: ../../CONTRIBUTING.rst:140
#: ad84a2866902456b8f29498783fd665b
msgid "On Debian or Ubuntu systems, the OpenLDAP `slapd` binary usage might be restricted by apparmor, and thus makes the tests and the demo fail. This can be mitigated by removing apparmor restrictions on `slapd`."
msgstr ""
#: ../../CONTRIBUTING.rst:150
#: cdab025ce1dc48fa97161a955423b957
msgid "Populate the database"
msgstr ""
#: ../../CONTRIBUTING.rst:152
#: 319a37a58be44aac8e617f300e3c3afb
msgid "The demo database comes populated with some random users and groups. If you need more, you can generate users and groups with the ``populate`` command:"
msgstr ""
#: ../../CONTRIBUTING.rst:163
#: 4bf45406e18a4505999dca7b84c4e8f0
msgid "Adapt to use either the `ldap` or the `sql` configuration file. Note that this will not work with the memory backend."
msgstr ""
#: ../../CONTRIBUTING.rst:166
#: 62c234c473324a82a1038d3f4610a338
msgid "Unit tests"
msgstr ""
#: ../../CONTRIBUTING.rst:168
#: 314f0cc4c01c47f4bca6c87e7460b03b
msgid "To run the tests, you just can run `uv run pytest` and/or `uv run tox` to test all the supported python environments. Everything must be green before patches get merged."
msgstr ""
#: ../../CONTRIBUTING.rst:171
#: b9dc93b982bf4fc98eddf47c5730b09c
msgid "To test a specific backend you can pass ``--backend memory``, ``--backend sql`` or ``--backend ldap`` to pytest and tox."
msgstr ""
#: ../../CONTRIBUTING.rst:173
#: 13c7913d62db412bb4e66637a79cd789
msgid "The test coverage is 100%, patches won't be accepted if not entirely covered. You can check the test coverage with ``uv run pytest --cov --cov-report=html`` or ``uv run tox -e coverage -- --cov-report=html``. You can check the HTML coverage report in the newly created `htmlcov` directory."
msgstr ""
#: ../../CONTRIBUTING.rst:178
#: 6a901706012a4004b1dbb87ef68c803a
msgid "Code style"
msgstr ""
#: ../../CONTRIBUTING.rst:180
#: 9fa3a042eca848fe9b9af832c325142c
msgid "We use `ruff <https://docs.astral.sh/ruff/>`_ along with other tools to format our code. Please run ``uv run tox -e style`` on your patches before submitting them. In order to perform a style check and correction at each commit you can use our `pre-commit <https://pre-commit.com/>`_ configuration with ``uv run pre-commit install``."
msgstr ""
#: ../../CONTRIBUTING.rst:186
#: 831a60fcf8ee4e37828421e71b2931c0
msgid "Front"
msgstr ""
#: ../../CONTRIBUTING.rst:188
#: f9ab478278ef4d39bee37c056fb937f2
msgid "The interface is built upon the `Fomantic UI <https://fomantic-ui.com/>`_ CSS framework. The dynamical parts of the interface use `htmx <https://htmx.org/>`_."
msgstr ""
#: ../../CONTRIBUTING.rst:191
#: 115550e00eb74a80828b6acae2948606
msgid "Using Javascript in the interface is tolerated, but the whole website MUST be accessible for browsers without Javascript support, and without any feature loss."
msgstr ""
#: ../../CONTRIBUTING.rst:193
#: 4d3ab5a48a9d49a6aaef6c5c583e938d
msgid "Because of Fomantic UI we have a dependency to jQuery, however new contributions should not depend on jQuery at all. See the `related issue <https://gitlab.com/yaal/canaille/-/issues/130>`_."
msgstr ""
#: ../index.rst:71
#: ../../CONTRIBUTING.rst:198
#: 03d0d76bba134693bed77e50d1911dd9
#: 84410d2758484c01b8b48461c40d0a7c
msgid "Documentation"
msgstr ""
#: ../../CONTRIBUTING.rst:200
#: 5eb4ba179d0444fd9647504055935495
msgid "The documentation is generated when the tests run:"
msgstr ""
#: ../../CONTRIBUTING.rst:206
#: 7f28cb743dcb44d9b66a31febcc8a6d0
msgid "You can also run sphinx by hand, that should be faster since it avoids the tox environment initialization:"
msgstr ""
#: ../../CONTRIBUTING.rst:212
#: 4e73e6c26d164591bd5edf84fc921cc4
msgid "The generated documentation is located at ``build/sphinx/html/en``."
msgstr ""
#: ../../CONTRIBUTING.rst:215
#: 3fd3b7e2ec184cf8b2a81f87177f48fb
msgid "Code translation"
msgstr ""
#: ../../canaille/translations/README.rst:1
#: 3f134d116261469d8e6e9a05b5c47b47
msgid "Translations are done with `Weblate <https://hosted.weblate.org/projects/canaille/canaille>`__."
msgstr ""
#: ../../canaille/translations/README.rst:3
#: f5045b02a67f426188352a5d6ff207e1
msgid "The following commands are there as documentation, only the message extraction is needed for contributors. All the other steps are automatically done with Weblate."
msgstr ""
#: readme.rst:6
#: ../../canaille/translations/README.rst:8
#: readme.rst:6
#: 24b270040aba498184edc6fd3b60c94e
#: 2056f7130ccd40b7b3b34c0c572a6578
#: 41a918a2d4a74a5b9b2817c613ca08f4
msgid "Message extraction"
msgstr ""
#: readme.rst:8
#: ../../canaille/translations/README.rst:10
#: readme.rst:8
#: 3d0d46dbb4b849429d1b20c8d4655b71
#: ca03937bab89437aaca273df6d905a44
#: 5743021622e04712918dcadbabc6c7f7
msgid "After you have edited translatable strings, you should extract the messages with:"
msgstr ""
#: readme.rst:15
#: ../../canaille/translations/README.rst:17
#: readme.rst:15
#: 33a52dea69f84cdd8031217438609b01
#: 1bdb41af37fb4b29970caa32ceb9f68e
#: fcdbb11edc8c403dba19ddcc30f0c74a
msgid "Language addition"
msgstr ""
#: readme.rst:17
#: ../../canaille/translations/README.rst:19
#: readme.rst:17
#: 85155247ccbe4cdda3c379b515fd2413
#: 04039c23ea56483b9ccf96d20f26f2bd
#: ba0855443a6f465d9274426f59f251de
msgid "You can add a new language manually with the following command, however this should not be needed as Weblate takes car of this:"
msgstr ""
#: ../../canaille/translations/README.rst:26
#: d186ca49fae24bbd9d3c28120601a60e
msgid "Catalog update"
msgstr ""
#: ../../canaille/translations/README.rst:28
#: 0ed1087f30a74059b6c7e0e06de6573d
msgid "You can update the catalogs with the following command, however this should not be needed as Weblate automatically update language catalogs when it detects new strings or when someone translate some existing strings. Weblate pushes happen every 24h."
msgstr ""
#: ../../canaille/translations/README.rst:36
#: ddf0e21cf51b4dc79d6250343d97b0d1
msgid "Catalog compilation"
msgstr ""
#: ../../canaille/translations/README.rst:38
#: 6ef8340ccc2c46ea99f8d0de91ee483a
msgid "You can compile the catalogs with the following command, however this should not be needed as catalogs are automatically compiled before running the unit tests, before launching the demo and before compiling the Canaille python package:"
msgstr ""
#: ../../CONTRIBUTING.rst:221
#: 1de2a285415949c49cad5e827186884c
msgid "Documentation translation"
msgstr ""
#: readme.rst:1
#: readme.rst:1
#: 3f134d116261469d8e6e9a05b5c47b47
#: 82307c31bbd04c86b438e8a4e005cbfd
msgid "Translations are done with `Weblate <https://hosted.weblate.org/projects/canaille/documentation>`__."
msgstr ""
#: readme.rst:3
#: readme.rst:3
#: e68bab4e55074d099971067e8585e7bc
#: 36d72bb59c6442f0ac0078ec35cff7db
msgid "The following commands are there as documentation, only the message extraction and the language addition is needed for contributors."
msgstr ""
#: readme.rst:24
#: readme.rst:24
#: 2249c8bd3ebb4123b1b85e55d501a414
#: 592956cc63d849ad8f23d530a03daa2a
msgid "Build the documentation in another language"
msgstr ""
#: ../../CONTRIBUTING.rst:226
#: ccb55b67aa5c4d8baf4a4a56eb19fe8c
msgid "Publish a new release"
msgstr ""
#: ../../CONTRIBUTING.rst:228
#: a2df8944754246d4a92c6e7f76b8273a
msgid "Check that dependencies are up to date with ``uv sync --all-extras --upgrade`` and update dependencies accordingly in separated commits;"
msgstr ""
#: ../../CONTRIBUTING.rst:229
#: 4d2be841e11345a7a9f62a7f7e0d46b3
msgid "Check that tests are still green for every supported python version, and that coverage is still at 100%, by running ``uv run tox``;"
msgstr ""
#: ../../CONTRIBUTING.rst:230
#: 69338c8be69e45659eada1ffe5c0f67c
msgid "Check that the demo environments are still working, both the local and the Docker one;"
msgstr ""
#: ../../CONTRIBUTING.rst:231
#: 8bba3fab5e164ade8916c47fb38a9c19
msgid "Check that the :ref:`development/changelog:Release notes` section is correctly filled up;"
msgstr ""
#: ../../CONTRIBUTING.rst:232
#: 7be3604476174714a93fb5c8673febf7
msgid "Increase the version number in ``pyproject.toml``;"
msgstr ""
#: ../../CONTRIBUTING.rst:233
#: e8b5c52d84d94d809eb6fd08e9a61939
msgid "Commit with ``git commit``;"
msgstr ""
#: ../../CONTRIBUTING.rst:234
#: 70de3f18c0d144c8b5e6ad264629491e
msgid "Build with ``uv build``;"
msgstr ""
#: ../../CONTRIBUTING.rst:235
#: 54bbdc2762b14df98894d94d760597b9
msgid "Publish on test PyPI with ``uv publish --publish-url https://test.pypi.org/legacy/``;"
msgstr ""
#: ../../CONTRIBUTING.rst:236
#: 327a4abb66b14f95821cf861312ff6be
msgid "Install the test package somewhere with ``pip install --extra-index-url https://test.pypi.org/simple --upgrade canaille``. Check that everything looks fine;"
msgstr ""
#: ../../CONTRIBUTING.rst:237
#: 270ce1780553422780cddbbca1791bbd
msgid "Publish on production PyPI ``uv publish``;"
msgstr ""
#: ../../CONTRIBUTING.rst:238
#: 35cf31b173f34bb2b6ffc0d5cb0931a9
msgid "Tag the commit with ``git tag XX.YY.ZZ``;"
msgstr ""
#: ../../CONTRIBUTING.rst:239
#: 673bf114db3945dbbe806b281a6bc1d6
msgid "Push the release commit and the new tag on the repository with ``git push --tags``."
msgstr ""
#: ../development/index.rst:2
#: ../tutorial/theming.rst:41
#: 82f9846032eb48449059b9b21039acf3
#: 1b49afddeaf547cd9922f390497279d8
msgid "Development"
msgstr ""
#: ../development/specifications.rst:2
#: 68b9e4a665f74983994ec7f7820a6555
msgid "Specifications"
msgstr ""
#: ../development/specifications.rst:4
#: a91f12df80654d7a9159894525f0a1fa
msgid "This page details which specifications are implemented in Canaille, and compares Canaille with other well-known identity providers."
msgstr ""
#: ../development/specifications.rst:7
#: 798ff9024fa049a5889c4e9f725985f4
msgid "State of the specs in Canaille"
msgstr ""
#: ../development/specifications.rst:10
#: faec5be28e9d4a0380914450cb563d74
msgid "OAuth2"
msgstr ""
#: ../development/specifications.rst:12
#: bc158a2abfdf4e669db0bf71ac12e539
msgid "✅ `RFC6749: OAuth 2.0 Framework <https://tools.ietf.org/html/rfc6749>`_"
msgstr ""
#: ../development/specifications.rst:13
#: 41aacf25a278469488576916b0dc1100
msgid "✅ `RFC6750: OAuth 2.0 Bearer Tokens <https://tools.ietf.org/html/rfc6750>`_"
msgstr ""
#: ../development/specifications.rst:14
#: c84b09e12da74d1e9bb498f4abd41cef
msgid "✅ `RFC7009: OAuth 2.0 Token Revocation <https://tools.ietf.org/html/rfc7009>`_"
msgstr ""
#: ../development/specifications.rst:15
#: 319878f12ee94c71bcd20839b8e9cdf2
msgid "❌ `RFC7523: JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants <https://tools.ietf.org/html/rfc7523>`_"
msgstr ""
#: ../development/specifications.rst:16
#: 7c8c430d14b04548a82b1f6c5b41edef
msgid "✅ `RFC7591: OAuth 2.0 Dynamic Client Registration Protocol <https://tools.ietf.org/html/rfc7591>`_"
msgstr ""
#: ../development/specifications.rst:17
#: a0eeca49247d4d0a858fbd68b8feae7a
msgid "✅ `RFC7592: OAuth 2.0 Dynamic Client Registration Management Protocol <https://tools.ietf.org/html/rfc7592>`_"
msgstr ""
#: ../development/specifications.rst:18
#: 6ba8732c85c743c3ac3f63b40fbf3aa2
msgid "✅ `RFC7636: Proof Key for Code Exchange by OAuth Public Clients <https://tools.ietf.org/html/rfc7636>`_"
msgstr ""
#: ../development/specifications.rst:19
#: 338bb06b2df547edbe50a150b4d8c146
msgid "✅ `RFC7662: OAuth 2.0 Token Introspection <https://tools.ietf.org/html/rfc7662>`_"
msgstr ""
#: ../development/specifications.rst:20
#: 1663509c8aa249af8ec326ae877e7044
msgid "✅ `RFC8414: OAuth 2.0 Authorization Server Metadata <https://tools.ietf.org/html/rfc8414>`_"
msgstr ""
#: ../development/specifications.rst:21
#: 37a881c253ff4c87b340587a85546041
msgid "❌ `RFC8428: OAuth 2.0 Device Authorization Grant <https://tools.ietf.org/html/rfc8428>`_"
msgstr ""
#: ../development/specifications.rst:22
#: 5398a841990f4e6ea8b40b97e9a32097
msgid "❌ `RFC8693: OAuth 2.0 Token Exchange <https://tools.ietf.org/html/rfc8693>`_"
msgstr ""
#: ../development/specifications.rst:23
#: 2045b4c2c1bf4d808e03894e4b365fb8
msgid "❌ `RFC8705: OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens <https://tools.ietf.org/html/rfc8705>`_"
msgstr ""
#: ../development/specifications.rst:24
#: 107a0959842641af8fa7f1382928f2e1
msgid "❌ `RFC8707: Resource Indicators for OAuth 2.0 <https://tools.ietf.org/html/rfc8707>`_"
msgstr ""
#: ../development/specifications.rst:25
#: b6b8eaed434f47bfb07f5d077c670b22
msgid "❌ `RFC9068: JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens <https://tools.ietf.org/html/rfc9068>`_"
msgstr ""
#: ../development/specifications.rst:26
#: 48f411a150274d74b09dd3111d70d4ef
msgid "❌ `RFC9101: OAuth 2.0 JWT-Secured Authorization Request (JAR) <https://tools.ietf.org/html/rfc9101>`_"
msgstr ""
#: ../development/specifications.rst:27
#: 68ff3ad36aa1400e85a6f6703f5d75ae
msgid "❌ `RFC9126: OAuth 2.0 Pushed Authorization Requests <https://tools.ietf.org/html/rfc9126>`_"
msgstr ""
#: ../development/specifications.rst:28
#: 312945002b5f49a5ac6e6d797e9322d0
msgid "❌ `RFC9207: OAuth 2.0 Authorization Server Issuer Identification <https://tools.ietf.org/html/rfc9207>`_"
msgstr ""
#: ../development/specifications.rst:29
#: 6f0f83d947a3442c84f44b67f11184b3
msgid "❌ `RFC9394: OAuth 2.0 Rich Authorization Requests <https://www.rfc-editor.org/rfc/rfc9396.html>`_"
msgstr ""
#: ../development/specifications.rst:30
#: f11bf858bc1342a781c9139f05938eae
msgid "❌ `OAuth2 Multiple Response Types <https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html>`_"
msgstr ""
#: ../development/specifications.rst:31
#: d2e5d74b4dd94d85a5d431f60f875dbc
msgid "❌ `OAuth2 Form Post Response Mode <https://openid.net/specs/oauth-v2-form-post-response-mode-1_0.html>`_"
msgstr ""
#: ../development/specifications.rst:34
#: ../features.rst:230
#: 8f72523ff51c4575b94efb2d3ce15f6b
#: f36365f798bf4a29a1c762d3d984b773
msgid "OpenID Connect"
msgstr ""
#: ../development/specifications.rst:36
#: cf8887ca156c4c1c9888a84fc8065530
msgid "✅ `OpenID Connect Core <https://openid.net/specs/openid-connect-core-1_0.html>`_"
msgstr ""
#: ../development/specifications.rst:37
#: 5c4310f0f040430fbc2a843183e96fd8
msgid "✅ `OpenID Connect Discovery <https://openid.net/specs/openid-connect-discovery-1_0.html>`_"
msgstr ""
#: ../development/specifications.rst:38
#: 5d5801df6b9c4bf4a6a02e97b8ced460
msgid "✅ `OpenID Connect Dynamic Client Registration <https://openid.net/specs/openid-connect-registration-1_0.html>`_"
msgstr ""
#: ../development/specifications.rst:39
#: 7d48e73edb044c8e85e6210edc4c327b
msgid "✅ `OpenID Connect RP Initiated Logout <https://openid.net/specs/openid-connect-rpinitiated-1_0.html>`_"
msgstr ""
#: ../development/specifications.rst:40
#: cdef4546f7dc4de8865f7a1302d4ba5d
msgid "❌ `OpenID Connect Session Management <https://openid.net/specs/openid-connect-session-1_0.html>`_"
msgstr ""
#: ../development/specifications.rst:41
#: 21aa2648b1f64ffeabe2a6123a75c27d
msgid "❌ `OpenID Connect Front Channel Logout <https://openid.net/specs/openid-connect-frontchannel-1_0.html>`_"
msgstr ""
#: ../development/specifications.rst:42
#: dac849b7b0ae48afb3e07330a4155e85
msgid "❌ `OpenID Connect Back Channel Logout <https://openid.net/specs/openid-connect-backchannel-1_0.html>`_"
msgstr ""
#: ../development/specifications.rst:43
#: 9465d51e2c23461486052de55942bbea
msgid "❌ `OpenID Connect Back Channel Authentication Flow <https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html>`_"
msgstr ""
#: ../development/specifications.rst:44
#: b4f2991cded34e7190e7e7185828536c
msgid "❌ `OpenID Connect Core Error Code unmet_authentication_requirements <https://openid.net/specs/openid-connect-unmet-authentication-requirements-1_0.html>`_"
msgstr ""
#: ../development/specifications.rst:45
#: 1cb0fe5d644c49b2a1c6c7af780c407a
msgid "✅ `Initiating User Registration via OpenID Connect 1.0 <https://openid.net/specs/openid-connect-prompt-create-1_0.html>`_"
msgstr ""
#: ../development/specifications.rst:46
#: 7c15c3d629b44469bb0feba2b79e0522
msgid "❌ `OpenID Connect Profile for SCIM Services <https://openid.net/specs/openid-connect-scim-profile-1_0.html>`_"
msgstr ""
#: ../development/specifications.rst:49
#: ../development/specifications.rst:108
#: 81a42181f7ed4f43b5fc6af1bae15e65
#: 81a42181f7ed4f43b5fc6af1bae15e65
msgid "SCIM"
msgstr ""
#: ../development/specifications.rst:51
#: c3e061fe92e4451ea24e50dacd112c46
msgid "Canaille provides a basic SCIM server implementation."
msgstr ""
#: ../development/specifications.rst:53
#: aefb1b937f7a4e35a4eae6d8648c6303
msgid "🟠 `RFC7642: System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirements <https://www.rfc-editor.org/rfc/rfc7642>`_"
msgstr ""
#: ../development/specifications.rst:54
#: 6193cd6fb48643e99f0e2018dbdaba83
msgid "🟠 `RFC7643: System for Cross-domain Identity Management: Core Schema <https://www.rfc-editor.org/rfc/rfc7642>`_"
msgstr ""
#: ../development/specifications.rst:55
#: 9b124b409b3041f5bdefedf9b0593d06
msgid "🟠 `RFC7644: System for Cross-domain Identity Management: Protocol <https://www.rfc-editor.org/rfc/rfc7642>`_"
msgstr ""
#: ../development/specifications.rst:57
#: e6062c405e8948d38ec280a762370179
msgid "Client-side implementation (i.e. broadcasting changes on users and groups among clients) and advanced features will be implemented in the future."
msgstr ""
#: ../development/specifications.rst:60
#: da7a2a26dbfb494abca9e21b3178087e
msgid "What's implemented"
msgstr ""
#: ../development/specifications.rst:62
#: ../development/specifications.rst:83
#: f00bbd829f164b10bea0b4a04ac7123d
#: e66e2017457c4526a39df9630674c5ac
msgid "Endpoints:"
msgstr ""
#: ../development/specifications.rst:64
#: 0eb744fd5a6c4e60a41e71982f000800
msgid "/Users (GET, POST)"
msgstr ""
#: ../development/specifications.rst:65
#: f537052ae8b94a3a83c0e84c52855dc7
msgid "/Users/<user_id> (GET, PUT, DELETE)"
msgstr ""
#: ../development/specifications.rst:66
#: 3b4e9d3e1079430b97611c8dadee4395
msgid "/Groups (GET, POST)"
msgstr ""
#: ../development/specifications.rst:67
#: 3e673b4744e945b89c77ced8145f54fc
msgid "/Groups/<user_id> (GET, PUT, DELETE)"
msgstr ""
#: ../development/specifications.rst:68
#: c279b1a6193b4de49c1ac392b9c9f1f8
msgid "/ServiceProviderConfig (GET)"
msgstr ""
#: ../development/specifications.rst:69
#: 833aa61f227c44bebf4cab293e712391
msgid "/Schemas (GET)"
msgstr ""
#: ../development/specifications.rst:70
#: 437a13d677eb4961a96df34b5f5081dc
msgid "/Schemas/<schema_id> (GET)"
msgstr ""
#: ../development/specifications.rst:71
#: 31b2a6d444504b8c88257b25f6fd6467
msgid "/ResourceTypes (GET)"
msgstr ""
#: ../development/specifications.rst:72
#: e9a55c28a7944c5fbaa20d14508ac6ed
msgid "/ResourceTypes/<resource_type_id> (GET)"
msgstr ""
#: ../development/specifications.rst:74
#: 7bd6fb34cea64198b21ae7f53d85a6a5
msgid "Features:"
msgstr ""
#: ../development/specifications.rst:76
#: bb39dc2c17084a99bfe91991bff98c65
msgid ":rfc:`pagination <7644#section-3.4.2.4>`"
msgstr ""
#: ../development/specifications.rst:81
#: da7a2a26dbfb494abca9e21b3178087e
msgid "What is not implemented yet"
msgstr ""
#: ../development/specifications.rst:85
#: 3f5bbff2d4e645e2bac778dfde9ed8dc
msgid "/Users (PATCH)"
msgstr ""
#: ../development/specifications.rst:86
#: b04a230b285c4f929df30d29d39f4adc
msgid "/Groups (PATCH)"
msgstr ""
#: ../development/specifications.rst:87
#: a9624bebc96e4cde8a86dca7891fc608
msgid ":rfc:`/Me <7644#section-3.11>` (GET, POST, PUT, PATCH, DELETE)"
msgstr ""
#: ../development/specifications.rst:88
#: 0d99d94d47e2444bb6f01c2ec9473a56
msgid ":rfc:`/Bulk <7644#section-3.11>` (POST)"
msgstr ""
#: ../development/specifications.rst:89
#: 506274526a7647ceb7d2e5261bbf9651
msgid ":rfc:`/.search <7644#section-3.4.3>` (POST)"
msgstr ""
#: ../development/specifications.rst:91
#: ../features.rst:9
#: 5939a5db19484022bdfaec1794dc1516
#: f057b88a8b504465b8ed8e332fd5a830
msgid "Features"
msgstr ""
#: ../development/specifications.rst:93
#: 6296feda85f44091a6fc410094a96b28
msgid ":rfc:`filtering <7644#section-3.4.2.2>`"
msgstr ""
#: ../development/specifications.rst:94
#: 85a81b4268b44d729dfb8c5e7de75331
msgid ":rfc:`sorting <7644#section-3.4.2.3>`"
msgstr ""
#: ../development/specifications.rst:95
#: 48122d4760344fb9ae3744592a4391d1
msgid ":rfc:`attributes selection <7644#section-3.4.2.5>`"
msgstr ""
#: ../development/specifications.rst:96
#: 2b86a717dda044408341557e54acab93
msgid ":rfc:`ETags <7644#section-3.14>`"
msgstr ""
#: ../development/specifications.rst:99
#: efa9edcb4c094b339af9010d82b9f505
msgid "Comparison with other providers"
msgstr ""
#: ../development/specifications.rst:101
#: cb82439c48684c8d919147a88247f36f
msgid "Here is a feature comparison with other OpenID Connect server software."
msgstr ""
#: ../development/specifications.rst:103
#: 47f5af9436b14ce8afaae2e08adceb8d
msgid "Canaille voluntarily only implements the OpenID Connect protocol to keep its codebase simple."
msgstr ""
#: ../development/specifications.rst:106
#: 230957da07d14930aac58e75241f769b
msgid "Software"
msgstr ""
#: ../development/specifications.rst:106
#: 1e53a394ee3f4824ac843953a1c6f6a4
msgid "Project"
msgstr ""
#: ../development/specifications.rst:106
#: da7a2a26dbfb494abca9e21b3178087e
msgid "Protocols implementations"
msgstr ""
#: ../development/specifications.rst:108
#: 54e482c6722046fc9cad9abdf6501ebf
msgid "FLOSS"
msgstr ""
#: ../development/specifications.rst:108
#: 27466fe335f14fc58651275455bc3b85
msgid "Language"
msgstr ""
#: ../development/specifications.rst:108
#: a62b0ccd1e3642f1922043446575891c
msgid "LOC"
msgstr ""
#: ../development/specifications.rst:108
#: ../references/templates.rst:48
#: 8a0ae563aeb34a48afdd436dfb90bdfb
#: 4b6df1748181411bbbbebcb6bae09d86
msgid "OIDC"
msgstr ""
#: ../development/specifications.rst:108
#: 988a35af2eef476299eb83b8ae5a3849
msgid "SAML"
msgstr ""
#: ../development/specifications.rst:108
#: 32c77efb6cff4149868aa5ae1ea6e9d4
msgid "CAS"
msgstr ""
#: ../development/specifications.rst:110
#: f48994303e73429c9073af002d2cbe8b
msgid "Canaille"
msgstr ""
#: ../development/specifications.rst:110
#: ../development/specifications.rst:112
#: ../development/specifications.rst:114
#: ../development/specifications.rst:116
#: ../development/specifications.rst:118
#: ../development/specifications.rst:120
#: ../development/specifications.rst:122
#: ../development/specifications.rst:124
#: ../development/specifications.rst:126
#: ../development/specifications.rst:128
#: ../development/specifications.rst:130
#: ../development/specifications.rst:132
#: 4384675732a44a5699eadf3db840ea68
#: cecfeb6d9fb7420ca837b206d1d6764c
#: a2b336de60474811a85371ac9b8fc936
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: f1e4ba474c2545f788b426e174b25269
#: cecfeb6d9fb7420ca837b206d1d6764c
#: 45623bf338bb42e8b4a3f1276d08dbf8
#: cecfeb6d9fb7420ca837b206d1d6764c
#: 5c1d5b1b5b9947169a6512526bf1354c
#: bca0227caf0541afac9dde2ef357f96a
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: 99c49b778a0248848dc909e7e9de6327
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: 646e26dbbb6d4c158ff400b6c7ac4752
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: 047de5aa45d14d57a0f7c65c16a25060
#: 374cb94f40a9471e95364d0dca1f9a0c
#: 726b27f2dcf347c0b5421f3e41bf3dba
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: 9fc1f509353c4f6cab3f7c3b21883cf6
#: eea6bc914188401e8e132b973e250a62
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: 92e87b99f7a1479aaa8dbca7200356e4
#: 6f79ec5e229a4675b9b9a8c0d2700567
#: cdd868b8d08c488f9f47c95e0acf3f1b
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: b36371c9f8004f0788446980ea23685a
#: fc2c732457544aeab7c028832e170afd
#: 47f38426ae2d4daf866ba55ca0fb065c
#: 764feb42eb4f4c218bc5764f8d1076f3
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: a80e2f550fd842f3bdf85a6b83f985cd
#: d2a83a7da92c4f599843afcaacff9727
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
#: cecfeb6d9fb7420ca837b206d1d6764c
msgid "✅"
msgstr ""
#: ../development/specifications.rst:110
#: ../development/specifications.rst:116
#: c38bff66a17c471fabb1344102a537ea
#: c38bff66a17c471fabb1344102a537ea
msgid "Python"
msgstr ""
#: ../development/specifications.rst:110
#: 2898d3796e7c4b88b8b7a9f519d2fc45
msgid "10k"
msgstr ""
#: ../development/specifications.rst:110
#: ../development/specifications.rst:112
#: ../development/specifications.rst:114
#: ../development/specifications.rst:116
#: ../development/specifications.rst:118
#: ../development/specifications.rst:120
#: ../development/specifications.rst:122
#: ../development/specifications.rst:126
#: ../development/specifications.rst:130
#: ../development/specifications.rst:132
#: 3a76f65f9cc740a5ac8954efd498ae76
#: 3a76f65f9cc740a5ac8954efd498ae76
#: 3a76f65f9cc740a5ac8954efd498ae76
#: 3a76f65f9cc740a5ac8954efd498ae76
#: 3a76f65f9cc740a5ac8954efd498ae76
#: 3a76f65f9cc740a5ac8954efd498ae76
#: 3a76f65f9cc740a5ac8954efd498ae76
#: 3a76f65f9cc740a5ac8954efd498ae76
#: 3a76f65f9cc740a5ac8954efd498ae76
#: fff8dea44f12432098ca99ba6d1b5c2e
#: 3a76f65f9cc740a5ac8954efd498ae76
#: 3a76f65f9cc740a5ac8954efd498ae76
#: 3a76f65f9cc740a5ac8954efd498ae76
#: 3a76f65f9cc740a5ac8954efd498ae76
#: 3a76f65f9cc740a5ac8954efd498ae76
#: 3a76f65f9cc740a5ac8954efd498ae76
#: 3a76f65f9cc740a5ac8954efd498ae76
#: 3a76f65f9cc740a5ac8954efd498ae76
msgid "❌"
msgstr ""
#: ../development/specifications.rst:110
#: 5cfccc6b8c584d5cbdd54736cddb3502
msgid "🟠"
msgstr ""
#: ../development/specifications.rst:112
#: d9d78032f92a41c7bf30d755415a3cbb
msgid "`Auth0`_"
msgstr ""
#: ../development/specifications.rst:112
#: ../development/specifications.rst:122
#: ../development/specifications.rst:124
#: ../development/specifications.rst:132
#: 517701d2d9ae411db882f60fd1747fd0
#: 517701d2d9ae411db882f60fd1747fd0
#: 517701d2d9ae411db882f60fd1747fd0
#: 517701d2d9ae411db882f60fd1747fd0
#: 517701d2d9ae411db882f60fd1747fd0
#: 517701d2d9ae411db882f60fd1747fd0
#: 517701d2d9ae411db882f60fd1747fd0
#: 517701d2d9ae411db882f60fd1747fd0
#: 517701d2d9ae411db882f60fd1747fd0
msgid "❔"
msgstr ""
#: ../development/specifications.rst:114
#: 1682bb5887184cd9bff0b61796d76876
msgid "`Authelia`_"
msgstr ""
#: ../development/specifications.rst:114
#: ../development/specifications.rst:118
#: ../development/specifications.rst:126
#: d82982be3ee7475a983ce04e39624c7b
#: d82982be3ee7475a983ce04e39624c7b
#: d82982be3ee7475a983ce04e39624c7b
msgid "Go"
msgstr ""
#: ../development/specifications.rst:114
#: ../development/specifications.rst:126
#: 44c24ba16cb6419abd4d3af84403a709
#: 44c24ba16cb6419abd4d3af84403a709
msgid "50k"
msgstr ""
#: ../development/specifications.rst:116
#: 9110311d7f6e48b38ba0b32706d706e8
msgid "`Authentic2`_"
msgstr ""
#: ../development/specifications.rst:116
#: d5b5b77fa7e544278f1e017ebe7b9b73
msgid "65k"
msgstr ""
#: ../development/specifications.rst:118
#: 0f7c8328ceb74a3286d140ea99595441
msgid "`Authentik`_"
msgstr ""
#: ../development/specifications.rst:118
#: 9b22f0bb6f364ffba33f4906e6bca29d
msgid "55k"
msgstr ""
#: ../development/specifications.rst:120
#: 935dcdae37fe48a68e5dfb04ab8f64f8
msgid "`CAS`_"
msgstr ""
#: ../development/specifications.rst:120
#: ../development/specifications.rst:124
#: ../development/specifications.rst:128
#: a9de8918cec743a1a9d325a74233ece4
#: a9de8918cec743a1a9d325a74233ece4
#: a9de8918cec743a1a9d325a74233ece4
msgid "Java"
msgstr ""
#: ../development/specifications.rst:120
#: fd1f63cd853f44e885dd67b3a6094f9a
msgid "360k"
msgstr ""
#: ../development/specifications.rst:122
#: f10eb07a326744518a2f6b631cb88d15
msgid "`Connect2id`_"
msgstr ""
#: ../development/specifications.rst:124
#: 4c26496dd0e544ef97d8d345c3d9169f
msgid "`Gluu`_"
msgstr ""
#: ../development/specifications.rst:126
#: b505e8661bf24fe287f1fc77d1326ab2
msgid "`Hydra`_"
msgstr ""
#: ../development/specifications.rst:128
#: 53abb4819cbf4fb7ad273fa25556814e
msgid "`Keycloak`_"
msgstr ""
#: ../development/specifications.rst:128
#: 5d8e6ef889ba4715986a7a237b753297
msgid "600k"
msgstr ""
#: ../development/specifications.rst:130
#: 30fe26bf61584e29ac73c07d679ba6a5
msgid "`LemonLDAP`_"
msgstr ""
#: ../development/specifications.rst:130
#: 12a5b8832f2b4831a41af30522055343
msgid "Perl"
msgstr ""
#: ../development/specifications.rst:130
#: 42f8e0deef9246a5a4f9a3cb69a5966f
msgid "130k"
msgstr ""
#: ../development/specifications.rst:132
#: 8bcf4b8cde474ff49b0e8bbc96e52986
msgid "`Okta`_"
msgstr ""
#: ../features.rst:11
#: ede71f0291474638a54b3c73dbf2e4bf
msgid "Here are the different features that Canaille provides. You can enable any of those features with the :doc:`configuration <references/configuration>` to fit any :doc:`use cases <usecases>` you may meet. Check our :ref:`roadmap <features:Roadmap>` to see what is coming next."
msgstr ""
#: ../features.rst:15
#: cf814f15959a43cfaa0392cd83755fce
msgid "Users can interact with Canaille through its :ref:`web interface <features:Web interface>` and administrators can also use its :ref:`command line interface <feature_cli>`. Canaille can handle data stored in different :ref:`database backends <feature_databases>`."
msgstr ""
#: ../features.rst:19
#: 02e100abc6e44fe49224f9e4046dc49e
msgid "User and group management"
msgstr ""
#: ../features.rst:21
#: 09d69566150048b4a17d192bfc4d5112
msgid "Canaille web interface can be used either in :doc:`production environments <tutorial/deployment>` or locally for development purposes."
msgstr ""
#: ../features.rst:26
#: ../index.rst:27
#: 4a8e8cfdbaaf4d86a28840ef0939d7d9
#: 947ce49c0ff9406fb81b5e3cc5329c24
msgid "Profile management"
msgstr ""
#: ../features.rst:28
#: ../features.rst:238
#: d4de0b07d24e47b9aba16e48ed9cbe27
#: 542fdff284144a8c805b4824d03d6b76
msgid "Profile"
msgstr ""
#: ../features.rst:33
#: c59d37a518514008bc2c6f2c18dd6326
msgid "Canaille provides an interface to manage user profiles."
msgstr ""
#: ../features.rst:35
#: 8b67e3a00af440328b615d2921dc27a6
msgid "The exact list of displayed fields, and whether they are :attr:`writable <canaille.core.configuration.ACLSettings.WRITE>` or :attr:`read-only <canaille.core.configuration.ACLSettings.READ>` depends on the user :class:`Access Control List settings (ACL) <canaille.core.configuration.ACLSettings>`."
msgstr ""
#: ../features.rst:37
#: eb4ca5b563c44281aefc8d4ad4c549e8
msgid "Depending on their ACL :class:`permissions <canaille.core.configuration.Permission>`, users can either be allowed to edit their own profile, edit any user profile, or do nothing at all."
msgstr ""
#: ../features.rst:42
#: e4d34befed5941bab9161eb3c0330fad
msgid "Email confirmation"
msgstr ""
#: ../features.rst:44
#: 28a9397d838e4ffaaf5c8f8558416355
msgid "If the :attr:`email confirmation feature <canaille.core.configuration.CoreSettings.EMAIL_CONFIRMATION>` is enabled, any modification or addition of a profile email will send a confirmation mail to the new address. The mail will contain a link that users will need to click on to confirm their email address."
msgstr ""
#: ../features.rst:46
#: d3563178a13d42268ae8a3f0cb15b90f
msgid "Users with :attr:`user management permission <canaille.core.configuration.Permission.MANAGE_USERS>` can set user emails without confirmation though."
msgstr ""
#: ../features.rst:51
#: 280cf35bfcbe4a25b39bb567780bafdb
msgid "Group management"
msgstr ""
#: ../features.rst:53
#: ../features.rst:140
#: 1d74522e450c43f5adec93c195b5a356
#: ca799065d4684b54940c65062bed411b
msgid "Group edition"
msgstr ""
#: ../features.rst:58
#: 1471f707ae604de8b2b0222ca43eb2c2
msgid "In a similar fashion than :ref:`profile management <feature_profile_management>` Canaille provides an interface to manage user groups."
msgstr ""
#: ../features.rst:60
#: 08eb7bac987947149589e0b40c938b0c
msgid "The group management is quite simple at the moment and consists in a group name and description, and the list of its members. Group membership can be use as :attr:`ACL Filter <canaille.core.configuration.ACLSettings.FILTER>` to define user permissions."
msgstr ""
#: ../features.rst:63
#: ../features.rst:83
#: ../features.rst:149
#: ../tutorial/deployment.rst:13
#: ../tutorial/provisioning.rst:9
#: 4ca7b990ff9c429aa56f1ec0ab57aef9
#: 2cf4c2bbf0ab431f857b4fe0f7b840a0
#: 1382b05cef654b76b8fb57324f33b950
#: 757f761fb4724713bdc1308505431bfb
#: 12614607f99a412c9cf9f161db77c3ac
msgid "Todo"
msgstr ""
#: ../features.rst:64
#: 89199041503f41d3b7cad73267f4cf96
msgid "At the moment adding an user to a group can only be achieved by the user settings page, but we are :issue:`working to improve this <192>`."
msgstr ""
#: ../features.rst:66
#: fcdf9f9d5f1e4723b46a2ca1fc89539e
msgid "Group management can be enable with a :attr:`dedicated user permission <canaille.core.configuration.Permission.MANAGE_GROUPS>`."
msgstr ""
#: ../features.rst:69
#: 95eff978c7994138a3200e090c84471d
msgid "Due to limitations in the :ref:`LDAP backend <tutorial/databases:LDAP>`, groups must have at least one member. Thus it is not possible to remove the last user of a group without removing the group."
msgstr ""
#: ../features.rst:75
#: ../index.rst:34
#: 177c53d2c6094d43875d87ca2a55ed98
#: 937baa96f2514cdaad76f4d28816abe7
msgid "User authentication"
msgstr ""
#: ../features.rst:77
#: d461efae4b9d41e4b7dba32a75588df0
msgid "Unless their account is :ref:`locked <feature_account_locking>`, users can authenticate with a login and a password."
msgstr ""
#: ../features.rst:81
#: 3c53cd1507ce48c780297457fc4efd97
msgid "For security reasons, it won't be told to users if they try to sign in with an unexisting logging, unless explicitly :attr:`set in the configuration <canaille.core.configuration.CoreSettings.HIDE_INVALID_LOGINS>`."
msgstr ""
#: ../features.rst:83
#: 80eee19145c64fbc9ea0c26464fab965
msgid ":ref:`LDAP backend <tutorial/databases:LDAP>` users can define which :class:`user field <canaille.core.models.User>` should be used as the login (such as :attr:`~canaille.core.models.User.user_name` or :attr:`~canaille.core.models.User.emails`) using a :attr:`configuration parameter <canaille.backends.ldap.configuration.LDAPSettings.USER_FILTER>`, but other backends can only login using :attr:`~canaille.core.models.User.user_name`. We are :issue:`working to improve this <196>`."
msgstr ""
#: ../features.rst:88
#: 560be09061014d5485f75f3c90d3790c
msgid "User registration"
msgstr ""
#: ../features.rst:90
#: 4780fab4d36744c6991df9ae3919e4a0
msgid "Users can create accounts on Canaille if the :attr:`registration feature <canaille.core.configuration.CoreSettings.ENABLE_REGISTRATION>` is enabled. They will be able to fill a registration form with the fields detailed in the default :class:`ACL settings <canaille.core.configuration.ACLSettings>`."
msgstr ""
#: ../features.rst:92
#: f1e0991feda34f918887bf7653c16801
msgid "If :attr:`email confirmation <canaille.core.configuration.CoreSettings.EMAIL_CONFIRMATION>` is also enabled, users will be sent a confirmation link to their email address, on which they will need to click in order to finalize their registration."
msgstr ""
#: ../features.rst:97
#: ../features.rst:99
#: 6edf18a1ecff4430baaed61db6717c23
#: a2293ea9f6564b6b8bc9c02c5a8f0f40
msgid "User invitation"
msgstr ""
#: ../features.rst:104
#: 7f4e56bdbb9842beba1644e2fabad41f
msgid "If a :class:`mail server <canaille.core.configuration.SMTPSettings>` is configured, users with :attr:`user management permission <canaille.core.configuration.Permission.MANAGE_USERS>` can create an invitation link for one user."
msgstr ""
#: ../features.rst:106
#: 05145189cce34c4d80a56aa785cee5f5
msgid "The link goes to a registration form, even if regular :ref:`user registration <feature_user_registration>` is disabled."
msgstr ""
#: ../features.rst:108
#: 24a4d13134934174aaedf461e03f2363
msgid "It can be automatically sent by email to the new user."
msgstr ""
#: ../features.rst:113
#: a05444b5846248f9aebaa28b316be1b8
msgid "Account locking"
msgstr ""
#: ../features.rst:115
#: 1c40bbaf596c4a28993904e4aab8b076
msgid "If Canaille is plugged to a :ref:`backend <feature_databases>` that supports it, user accounts can be locked by users with :attr:`user management permission <canaille.core.configuration.Permission.MANAGE_USERS>`. The lock date can be set instantly or at a given date in the future."
msgstr ""
#: ../features.rst:118
#: e6053c7a0e4c4feabd77b2aa14c50018
msgid "At the moment a user account is locked:"
msgstr ""
#: ../features.rst:120
#: 1614c2a9020a4da58427064a8b480050
msgid "their open sessions will be closed;"
msgstr ""
#: ../features.rst:121
#: bd083a39c3e94f20b0ca06eb45a6ee68
msgid "they won't be able to sign in again;"
msgstr ""
#: ../features.rst:122
#: 3f671916358b469d91fb687a638b5c39
msgid "no new OIDC token will be issued;"
msgstr ""
#: ../features.rst:124
#: 2cc679d736b341e4bde79d159d806618
msgid "User accounts must be manually unlocked by an administrator for the users to regain access to those actions."
msgstr ""
#: ../features.rst:129
#: fb080216984840ba99f095aece85255d
msgid "Account deletion"
msgstr ""
#: ../features.rst:131
#: 1339699fc6974a4e8e1ab03633a79a69
msgid "Users with the :attr:`account deletion permission <canaille.core.configuration.Permission.DELETE_ACCOUNT>` are allowed to delete their own account."
msgstr ""
#: ../features.rst:133
#: 65b2e1806f3a437aa8b5238f022e0352
msgid "Users that also have the :attr:`user management permission <canaille.core.configuration.Permission.MANAGE_USERS>` are also allowed to delete other users accounts."
msgstr ""
#: ../features.rst:138
#: 278ed12bce6b4b318f677aa6d22138f5
msgid "Password recovery"
msgstr ""
#: ../features.rst:145
#: c2409768ec7a46d584ed1ed235e7a4d0
msgid "If a :class:`mail server <canaille.core.configuration.SMTPSettings>` is configured and the :attr:`password recovery feature <canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_RECOVERY>` is enabled, then users can ask for a password reset email if they cannot remember their password."
msgstr ""
#: ../features.rst:147
#: 7dbfa07474cd40c7a7c17748fbb21a07
msgid "The email will be sent to the email addresses filled in their profile, and will contain a link that will allow them to choose a new password. ."
msgstr ""
#: ../features.rst:151
#: 410c54a611eb4b1c8a372b80f744f941
msgid "Check that password recovery is disabled on locked accounts."
msgstr ""
#: ../features.rst:156
#: 2c4f6c64da0c42eab5520711fca1dc46
msgid "Password reset"
msgstr ""
#: ../features.rst:158
#: 383eb7a045cd41f0909ad9aad2601065
msgid "If a :class:`mail server <canaille.core.configuration.SMTPSettings>` is configured, :attr:`user management permission <canaille.core.configuration.Permission.MANAGE_USERS>` can send password reset mails to users. The mails contains a link that allow users to choose a new password without having to retrieve the old one."
msgstr ""
#: ../features.rst:164
#: 7be9af4a393e4203b3da626d93d71d69
msgid "Password initialization"
msgstr ""
#: ../features.rst:166
#: 02bd8f9a76fd4b66a8f803288246c0ef
msgid "User :attr:`passwords <canaille.core.models.User.password>` are optional. If a :class:`mail server <canaille.core.configuration.SMTPSettings>` is configured, when users with no password attempt to sign in, they are invited to click a button that will send them a password initialization mail. The mail contains a link that leads to a form that allows users to choose a password."
msgstr ""
#: ../features.rst:173
#: 4f60c7a56e5544afa1bbaee9df0805e0
msgid "Password compromission check"
msgstr ""
#: ../features.rst:175
#: 3dc13b94cd014d6f976426da9840a3d6
msgid "If :attr:`password compromission check feature <canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_COMPROMISSION_CHECK>` is enabled, Canaille will check for password compromise on HIBP (https://haveibeenpwned.com/) every time a new password is register. You will need to set an :attr:`admin email <canaille.core.configuration.CoreSettings.ADMIN_EMAIL>`."
msgstr ""
#: ../features.rst:180
#: d0049b96f7c1401a91d968aa93715930
msgid "Multi-factor authentication"
msgstr ""
#: ../features.rst:182
#: c480b36838b64abbbe3986a7295613d5
msgid "If the :attr:`one-time password feature <canaille.core.configuration.CoreSettings.OTP_METHOD>` is set, then users will need to authenticate themselves using a one-time password via an authenticator app. Two options are supported : \"TOTP\" for time one-time password, and \"HOTP\" for HMAC-based one-time password. In case of lost token, TOTP/HOTP authentication can be reset by users with :attr:`user management permission <canaille.core.configuration.Permission.MANAGE_USERS>`. If a :class:`mail server <canaille.core.configuration.SMTPSettings>` is configured and the :attr:`email one-time password feature <canaille.core.configuration.CoreSettings.EMAIL_OTP>` is enabled, then users will need to authenticate themselves via a one-time password sent to their primary email address. If a :class:`smpp server <canaille.core.configuration.SMPPSettings>` is configured and the :attr:`sms one-time password feature <canaille.core.configuration.CoreSettings.SMS_OTP>` is enabled, then users will need to authenticate themselves via a one-time password sent to their primary phone number."
msgstr ""
#: ../features.rst:191
#: e4387f0454dd483eb1c33ce14ef1d9ea
msgid "Intruder lockout"
msgstr ""
#: ../features.rst:193
#: d3dfb927254b40cc83b40c956e7e91e1
msgid "If the :attr:`intruder lockout feature <canaille.core.configuration.CoreSettings.ENABLE_INTRUDER_LOCKOUT>` is enabled, then users will have to wait for an increasingly long time between each failed login attempt."
msgstr ""
#: ../features.rst:196
#: a9118911f6a341a3b529fd8882c4e3e4
msgid "Web interface"
msgstr ""
#: ../features.rst:201
#: 277603f8de354f15857ad0068f148115
msgid "Internationalization"
msgstr ""
#: ../features.rst:203
#: 6bc7d90be4bf486d8a2e84a48cc76b66
msgid "Translation state"
msgstr ""
#: ../features.rst:208
#: a1f40124b57e452a85abf8af401dc2b1
msgid "Canaile will display in your :attr:`preferred language <canaille.core.models.User.preferred_language>` if available, or your browser language if available (and if it is not you can :ref:`help us with the translation <development/contributing:Code translation>`). If you prefer, you can also :attr:`force a language <canaille.core.configuration.CoreSettings.FAVICON>` for every users."
msgstr ""
#: ../features.rst:214
#: 8bf0ddac3fee4b4f931bd704bbb167dc
msgid "Lightweight"
msgstr ""
#: ../features.rst:216
#: 3774910a87b34b9dba3b6c28a1e6ba68
msgid "The web interface is lightweight, so everything should load quickly. There is a few Javascript here and there to smooth the experience, but no Javascript at all is needed to use Canaille."
msgstr ""
#: ../features.rst:220
#: 0da766448075460d9360204e6975a0f4
msgid "Customizable"
msgstr ""
#: ../features.rst:222
#: 737f45bc79a542ee903e8349947c3b5f
msgid "The default theme should be good enough for most usages. It has a dark theme, display well on mobile, and let you choose a :attr:`logo <canaille.core.configuration.CoreSettings.LOGO>` and a :attr:`favicon <canaille.core.configuration.CoreSettings.FAVICON>`."
msgstr ""
#: ../features.rst:225
#: 36b615461b0c49e9aca81c65a60c3308
msgid "If you need more you can also use a :attr:`custom theme <canaille.core.configuration.CoreSettings.THEME>`."
msgstr ""
#: ../features.rst:232
#: 02908b4590a0462cac7afbc2fd17d7f6
msgid "Canaille implements a :ref:`subset<development/specifications:State of the specs in Canaille>` of the OAuth2/OpenID Connect specifications . This allows to provide :abbr:`SSO (Single Sign-On)` and :abbr:`SLO (Single Log-On)` to applications plugged to Canaille."
msgstr ""
#: ../features.rst:236
#: f8c59847b97049d19a13ccaa6539f863
msgid "Consent management"
msgstr ""
#: ../features.rst:244
#: 8e7afe2e2e6943feb664ab03ae9da770
msgid "Users can give their consent to application requesting access to their personal information, and then revoke those consent at their will."
msgstr ""
#: ../features.rst:248
#: c7a8da519165448ebc4e1c53eb25f207
msgid "Application management"
msgstr ""
#: ../features.rst:250
#: 2e65c0c497da4a77bc85c9500a074047
msgid "Users with the right :attr:`permission <canaille.core.configuration.Permission.MANAGE_OIDC>` can manager OIDC clients through the web interface."
msgstr ""
#: ../features.rst:252
#: bafe35db98f749d99557feec3ceaf4e7
msgid "In some cases, it might be useful to avoid the consent page for some trusted applications, so clients can be pre-consented."
msgstr ""
#: ../features.rst:255
#: 76b48b09fc1c44038a697dfa816afbcc
msgid "Discovery"
msgstr ""
#: ../features.rst:257
#: f251fff6b3374ecd9fde5bdebced6313
msgid "Canaille implements the :doc:`Discovery specifications <development/specifications>` so most of the applications plugged to Canaille can auto-configure themselves."
msgstr ""
#: ../features.rst:260
#: 4fac1fe3bcd346aeb34e8c600df0d542
msgid "Dynamic Client Registration"
msgstr ""
#: ../features.rst:262
#: f53321a9a89d40c0b7fdc48be51240a4
msgid "Canaille implements the :doc:`Dynamic Client Registration specifications <development/specifications>`, so when the :attr:`feature is enabled <canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_OPEN>`, clients can register themselves on Canaille without an administrator intervention."
msgstr ""
#: ../features.rst:265
#: ec8846e6d8404a8185860b509814e54c
msgid "System administration"
msgstr ""
#: ../features.rst:270
#: ../references/commands.rst:2
#: 511d3810fbd4411dbf14065b1f014256
#: a07ec9235c4347858a3f9dd667ade4b6
msgid "Command Line Interface"
msgstr ""
#: ../features.rst:272
#: 446a668dea4548ffb184afa168ed6115
msgid "Canaille comes with a :abbr:`CLI (Command Line Interface)` to help administrators in hosting and management."
msgstr ""
#: ../features.rst:274
#: 1b76ec06f2f841ccb8396a5345014ffd
msgid "There are tools to :ref:`check your configuration <cli_check>` or to :ref:`install missing parts <cli_install>`. You can use the CLI to :ref:`create <cli_create>`, :ref:`read <cli_get>`, :ref:`update <cli_set>` and :ref:`delete <cli_delete>` models such as :class:`users <canaille.core.models.User>`, :class:`groups <canaille.core.models.Group>` or :class:`OIDC clients <canaille.oidc.basemodels.Client>`."
msgstr ""
#: ../features.rst:277
#: 9f10d5a6354c4cda8b1a4e652c129231
msgid "There are also tools to :ref:`fill your database <cli_populate>` with random objects, for tests purpose for instance."
msgstr ""
#: ../features.rst:282
#: ../tutorial/databases.rst:2
#: 3f06ed32b21149799d58c75cad1db5ff
#: fbfabda71be84552b6583acdaa13af3e
msgid "Databases"
msgstr ""
#: ../features.rst:284
#: 004f29ea7eb74ee2912627a929e87f1c
msgid "Canaille can handle data from the most :ref:`common SQL databases <tutorial/databases:SQL>` such as PostgreSQL, MariaDB or SQLite, as well as :ref:`OpenLDAP <tutorial/databases:LDAP>`. It also comes with a no-dependency :ref:`in-memory database <tutorial/databases:Memory>` that can be used in unit tests suites."
msgstr ""
#: ../features.rst:290
#: 8add6581a16b4877a66ba7c8827152ca
msgid "Logging"
msgstr ""
#: ../features.rst:292
#: 1179b565c1de4b11a03ca824cce52977
msgid "Canaille writes :attr:`logs <canaille.core.configuration.CoreSettings.LOGGING>` for every important event happening, to help administrators understand what is going on and debug funky situations."
msgstr ""
#: ../features.rst:294
#: a6282bdfca0b4e2c8ecfd02478d3623d
msgid "The following security events are logged with the log level \"security\" for easy retrieval :"
msgstr ""
#: ../features.rst:296
#: 49f7ec7627e7414aa616f1060c33d110
msgid "Authentication attempt"
msgstr ""
#: ../features.rst:297
#: a26713f492ff4f14a2e3a881e7ab19f1
msgid "Password update"
msgstr ""
#: ../features.rst:298
#: ca7c103705f14293950cc12dedd96378
msgid "Email update"
msgstr ""
#: ../features.rst:299
#: 0e01ba62ff054e4e849ae1d4c1f6fdee
msgid "Forgotten password mail sent to user"
msgstr ""
#: ../features.rst:300
#: 0e01ba62ff054e4e849ae1d4c1f6fdee
msgid "One-time password mail sent to user"
msgstr ""
#: ../features.rst:301
#: d0049b96f7c1401a91d968aa93715930
msgid "Multi-factor authentication reset"
msgstr ""
#: ../features.rst:302
#: 8f4e5a1567114749b944d391c43ad2bb
msgid "Token emission"
msgstr ""
#: ../features.rst:303
#: 04cf77b4e9514ab7805b4f4156209cff
msgid "Token refresh"
msgstr ""
#: ../features.rst:304
#: ec6501d110694e58b6181468d6154bda
msgid "Token revokation"
msgstr ""
#: ../features.rst:305
#: 76f7ecd101a541d3a1dbb7b3090db868
msgid "New consent given for client application"
msgstr ""
#: ../features.rst:306
#: 100d9e39db3644c78ed000b9d27342a4
msgid "Consent revokation"
msgstr ""
#: ../features.rst:311
#: 267852d80a8f4235af2ca961f8de8f09
msgid "Development and testing tool"
msgstr ""
#: ../features.rst:316
#: 3dd5b1afcdf74705a07096fb3d7fd788
msgid "Unit-testing tool"
msgstr ""
#: ../features.rst:318
#: 8c74a6c31d294bcb85e4fd0db0bb40fd
msgid "Thanks to its lightweight :ref:`in-memory database <tutorial/databases:Memory>` and its curated :ref:`dependency list <tutorial/install:Get the code>`, Canaille can be used in the unit test suite of your application, so you can check how it behaves against a real world OpenID Connect server. If you work with python you might want to check :doc:`pytest-iam:index`."
msgstr ""
#: ../features.rst:321
#: 197c22656e1b44b89c3587f95b3bb5c8
msgid "Development server"
msgstr ""
#: ../features.rst:323
#: 5f930c719ffe484d9680e8d7f3169e54
msgid "It can also being launched in your development environment, if you find that launching a Keycloak in a Docker container is too heavy for your little web application."
msgstr ""
#: ../features.rst:328
#: e9cc836cf3d54a32ad7b1d691826bc39
msgid "Continuous Integration tools"
msgstr ""
#: ../features.rst:330
#: a4c714c1c0d44b7ab7a10dff7105a725
msgid "It also fits well in continuous integration scenarios. Thanks to its :ref:`CLI <feature_cli>`, you can prepare data in Canaille, let your application interact with it, and then check the side effects."
msgstr ""
#: ../features.rst:333
#: cef90af6922045ccb06933f9c96c6f6e
msgid "Roadmap"
msgstr ""
#: ../features.rst:336
#: 35efac03aaf843308e6941fa96ff921b
msgid "Bêta version"
msgstr ""
#: ../features.rst:338
#: 390267ac81744daf95a62fffcd0af834
msgid "To go out of the current Alpha version we want to achieve the following tasks:"
msgstr ""
#: ../features.rst:340
#: 16cbac25ee2f420abda2992cd351559c
msgid ":issue:`Configuration validation using pydantic <138>`"
msgstr ""
#: ../features.rst:343
#: 9f7d9a2a96974645bd8fc63a44d1a2c8
msgid "Stable version"
msgstr ""
#: ../features.rst:345
#: 2736b944f850403f9592ba3265b6f986
msgid "Before we push Canaille in stable version we want to achieve the following tasks:"
msgstr ""
#: ../features.rst:348
#: 4a9ef596fb13405185ef106cd2dda007
msgid "Security"
msgstr ""
#: ../features.rst:350
#: a09c2af5ad3e424eba893efd02faf213
msgid ":issue:`Password hashing configuration <175>`"
msgstr ""
#: ../features.rst:351
#: 3001ee87077c4479b3f3c8b3b5aecd33
msgid ":issue:`Authentication logging policy <177>`"
msgstr ""
#: ../features.rst:352
#: e4387f0454dd483eb1c33ce14ef1d9ea
msgid ":issue:`Intruder lockout <173>`"
msgstr ""
#: ../features.rst:353
#: e38560428a8f48528d9f02a5e00197fb
msgid ":issue:`Password expiry policy <176>`"
msgstr ""
#: ../features.rst:354
#: de013ed91c4443d190d9783c5cff060a
msgid ":issue:`Multi-factor authentication: Email <47>`"
msgstr ""
#: ../features.rst:355
#: d0049b96f7c1401a91d968aa93715930
msgid ":issue:`Multi-factor authentication: SMS <47>`"
msgstr ""
#: ../features.rst:356
#: e5e2f43901ae4d00bd1c675076fb846d
msgid ":issue:`Multi-factor authentication: OTP <47>`"
msgstr ""
#: ../features.rst:359
#: 277364ce7ca04a169409ad5acf68d075
msgid "Packaging"
msgstr ""
#: ../features.rst:361
#: dece9c7d75d441cdbdce48eb7a4bebcf
msgid ":issue:`Nix package <190>`"
msgstr ""
#: ../features.rst:362
#: a53f52a497344bb6b889fa63de7d9c26
msgid ":issue:`Docker / OCI package <59>`"
msgstr ""
#: ../features.rst:365
#: 6a738414fcb944ac9c4d5b61a53f0d11
msgid "And beyond"
msgstr ""
#: ../features.rst:367
#: 66a95c24a32940118517f6bb3bf27838
msgid ":issue:`OpenID Connect certification <182>`"
msgstr ""
#: ../features.rst:368
#: 73307b368d454e338ff4bbd05657bbcc
msgid ":issue:`SCIM support <116>`"
msgstr ""
#: ../index.rst:15
#: 8d018998cb4b4ff38d92f2a73326716e
msgid "Lightweight Identity and Authorization Management"
msgstr ""
#: ../index.rst:19
#: 55ed7b7eb88e42f78ef42eb5b55a3555
msgid "**Canaille** is a French word meaning *rascal*. It is roughly pronounced **Can I?**, as in *Can I access your data?* Canaille is a lightweight identity and authorization management software. It aims to be very light, simple to install and simple to maintain. Its main features are :"
msgstr ""
#: ../index.rst:31
#: d12af997fa5e48da987d2ecfcb4f149f
msgid "User profile and groups management, Basic permissions"
msgstr ""
#: ../index.rst:38
#: ea53cfd918924c97a6726cfd357f5ce5
msgid "Authentication, registration, email confirmation, \"I forgot my password\" emails"
msgstr ""
#: ../index.rst:40
#: 127cca0af1054bf08a8ce05d1c55d539
msgid "SSO"
msgstr ""
#: ../index.rst:44
#: f4b6d7b278ba480da9d7c964849ba988
msgid "OpenID Connect identity provider"
msgstr ""
#: ../index.rst:46
#: be1ff5f7d2ca468fa300f595696d9c10
msgid "Multi-database support"
msgstr ""
#: ../index.rst:50
#: 92a7a7f6ee474890bf705bd67945dd9e
msgid "PostgreSQL, Mariadb and OpenLDAP first-class citizenship"
msgstr ""
#: ../index.rst:52
#: b1569cdc9eef44d68ed3b52496ef75b3
msgid "Customization"
msgstr ""
#: ../index.rst:56
#: 68415646dbfa4be79d953583749246fe
msgid "Put Canaille at yours colors by choosing a logo or use a custom theme!"
msgstr ""
#: ../index.rst:58
#: 2a6a4e752e494f65b7766a082624d1a4
msgid "Developers friendliness"
msgstr ""
#: ../index.rst:62
#: 42693164646349bcbe9f680b08cd904b
msgid "Canaille can easily fit in your unit tests suite or in your Continuous Integration."
msgstr ""
#: ../index.rst:66
#: bc563a309b784f2cbc15399c3ad8f51c
msgid ":doc:`Full feature list <features>` :doc:`Common use cases <usecases>`"
msgstr ""
#: ../references/commands.rst:4
#: aebb427c91ed41da9c0b7ecdfcaf590a
msgid "Canaille provide several commands to help administrator manage their data."
msgstr ""
#: ../references/commands.rst:6
#: b907889f6d0d4dabb1a963c60758fedf
msgid "Generally, some configuration has to be loaded by `Canaille`. This can be achieved by :ref:`configuration loading method<references/configuration:Load the configuration>` available, but most of the time a ``CONFIG`` environment variable is used. For the sake of readability, it is omitted in the following examples."
msgstr ""
#: ../../canaille check:1
#: e48a730fe9c94efcb41a272f5478ed19
msgid "Test the configuration file."
msgstr ""
#: ../../canaille check:1
#: 41aae9c8d46743aba9e79f57c079d0c7
msgid "Attempt to reach the database and the SMTP server with the provided credentials."
msgstr ""
#: ../../canaille clean:1
#: e4dceb9281e14cf0adbd56154fffbc04
msgid "Remove expired tokens and authorization codes."
msgstr ""
#: ../../canaille install:1
#: fade86f4801a403dab35e0e1cf5bb2a9
msgid "Installs canaille elements from the configuration."
msgstr ""
#: ../../canaille install:1
#: 59f7082a6fc74329965dacbbd4b29d74
msgid "For instance, depending on the configuration, this can generate OIDC keys or install LDAP schemas."
msgstr ""
#: ../../canaille populate:1
#: 10dd1f2f8dfd4382ba79586e84d228b6
msgid "Populate the database with generated random data."
msgstr ""
#: ../references/commands.rst:0
#: eef93c8f7efa4bcca26a9984edfec552
#: ab621caa7a2c4d8fa849e7797625d3ba
#: f8d114457ca741bf800ee8c4b3f942a1
#: 6fbad5feee934277bdbbbd04f071fe34
#: b61fa1c2360748b999a9aced4bd164ab
#: 7c65f97affff43a2a78f72e6d2a8b2bf
#: 20f752045a96446387d44095a57eca5c
#: 14304e9889da477c8a93cf9b9dd6c1e5
#: bb0e8261f2454b65aa180dd68ad176d8
#: 16a6ff9805e447789f9cee87d357b936
#: a7c4100a940e41fe9440ad6b0bbd28dd
#: 296c95633a584e4e924f2f36676c1c2f
#: e0d5e5ab4bf9456aa3c194dbb343ffd8
#: 230b27138fe641e19ac2bda6f21d1507
#: 682d03c24b1349d1be236737cf9c8478
#: 0201087fa2f8445c9c291d4cc4ba3700
#: a537cbb030a84e5b96ca899c18aaef63
#: aa0eedc786284ae49d37dab255457175
#: 1715de5f32c34e7cab8f1379549071f9
#: f9c437d0c28c4079995fd7bc83ed2ec9
msgid "Options"
msgstr ""
#: ../../canaille populate:1
#: 94ba9e16305a484ea1415b3237723cf1
msgid "Number of items to create"
msgstr ""
#: ../../canaille populate groups:1
#: 379afc690fa147acb76c519bccb010a6
msgid "Populate the database with generated random groups."
msgstr ""
#: ../../canaille populate groups:1
#: da4cf29b95b846119a772e8d9f73f96b
msgid "The maximum number of users that will randomly be affected in the group"
msgstr ""
#: ../../canaille populate users:1
#: b87d2b5df82a46e0a11fccb84a997ab9
msgid "Populate the database with generated random users."
msgstr ""
#: ../../canaille get:1
#: ce45ebf26cf149d3b0fd406e1ed2b5a9
msgid "Read information about models."
msgstr ""
#: ../../canaille get:1
#: 00dbea345e914dafb4a736214b895b1c
msgid "Options can be used to filter models::"
msgstr ""
#: ../../canaille get:1
#: 43207b9c3af4494e9714cbf6ff2c473d
msgid "Displays the matching models in JSON format in the standard output."
msgstr ""
#: ../../canaille get authorizationcode:1
#: 8f0d2152f80d49e8be0e904a850cacdd
msgid "Search for authorizationcodes and display the matching models as JSON."
msgstr ""
#: ../../canaille get client:1
#: bef20cbd666c49ff993234428725ddd3
msgid "Search for clients and display the matching models as JSON."
msgstr ""
#: ../../canaille get consent:1
#: 173ac74323844b969fdb2ce7bb9632c7
msgid "Search for consents and display the matching models as JSON."
msgstr ""
#: ../../canaille get group:1
#: 8cc4308278af4625bc3d625a22ea5aa3
msgid "Search for groups and display the matching models as JSON."
msgstr ""
#: ../../canaille get token:1
#: 5307294d0c7a49d6ad21d0d505f11aab
msgid "Search for tokens and display the matching models as JSON."
msgstr ""
#: ../../canaille get user:1
#: db01fd1777f4431793d3885c834b7680
msgid "Search for users and display the matching models as JSON."
msgstr ""
#: ../../canaille set:1
#: cec2b45a156b461faacc323380171e6f
msgid "Update models."
msgstr ""
#: ../../canaille set:1
#: e5fc377719b04495a57faa42a87be86a
msgid "The command takes an model ID and edit one or several attributes::"
msgstr ""
#: ../../canaille set:1
#: 4e8bb50216e741f0bb44ecc365265370
msgid "Displays the edited model in JSON format in the standard output."
msgstr ""
#: ../../canaille set authorizationcode:1
#: 03d1eebac72e42b58b3aef5a429dee1b
msgid "Update a authorizationcode and display the edited model in JSON format in the standard output."
msgstr ""
#: ../../canaille delete authorizationcode:1
#: ../../canaille set authorizationcode:1
#: ddbdb0447cd34e59b5e1c6f9f852c619
#: 4abf794613df4e5c8472ce2a6e7dc989
msgid "IDENTIFIER should be a authorizationcode id or authorization_code_id"
msgstr ""
#: ../references/commands.rst:0
#: f2adfafce0754af79d2770a34dae5309
#: 283f0c7412de4a97bb4e7954f008ff3e
#: 46a35e9dcc73463db8ff772da3638b31
#: fae552d2703d4a2186332c0847506798
#: 4fafb5c0151f445c9c573b6472b4d0f5
#: 3115c2cba5f04f9094165896feac1cc9
#: e3c459094f734f6382847753305e76aa
#: 4e8a2cd6e1224733b644484774cf0621
#: 6f97567dcca64c4a92c0b869a6ce337d
#: fea5ce77581940eabec5498e9347643b
#: 7b57a6d1d40d40eaa51b6bba807602b5
#: 0c5b1219cf2c4d97bc0cf7717c7b4ef3
#: db2adb3cef774a07b40893884737f7d0
msgid "Arguments"
msgstr ""
#: ../../canaille delete authorizationcode:1
#: ../../canaille delete client:1
#: ../../canaille delete consent:1
#: ../../canaille delete group:1
#: ../../canaille delete token:1
#: ../../canaille delete user:1
#: ../../canaille reset-otp:1
#: ../../canaille set authorizationcode:1
#: ../../canaille set client:1
#: ../../canaille set consent:1
#: ../../canaille set group:1
#: ../../canaille set token:1
#: ../../canaille set user:1
#: c0f3d574bd3640aca180dbe7695f53e9
#: 61c7448c4a41497a8b923a636124b2be
#: e523b87636874d088f2ef6e7c2d8c79a
#: 3e12bc882bce4c71928c127525ee8358
#: ef0be6baac8a4a44bd4a317601ea2018
#: f60f6b4edba24b98a79df93768b3041f
#: c1192e9d2ddc429f911056db63d54e6c
#: 4e3ae120210c4d62bfd1cc1d7c199f7a
#: 3b9c5a9904f74f9e8308a21d4ee8da42
#: a6ecc5cf2bb54dfe98d8553f7f49c5d6
#: 6492e2a92bac400c990cc3182c8b1cb0
#: ca2ec2ca915e40438b1b18eb27c46670
#: b4375f9e9c624b5f8667c31b65446bcf
msgid "Required argument"
msgstr ""
#: ../../canaille set client:1
#: f2b0a1421fdf46d684fbe616a1771b62
msgid "Update a client and display the edited model in JSON format in the standard output."
msgstr ""
#: ../../canaille delete client:1
#: ../../canaille set client:1
#: 04f98ee9b5254ad58f59cba6824a2ef0
#: db9ef2c5ffc342fe858b000bc05fbcc8
msgid "IDENTIFIER should be a client id or client_id"
msgstr ""
#: ../../canaille set consent:1
#: d8dbf4d59a0e4afcac26174972d6804c
msgid "Update a consent and display the edited model in JSON format in the standard output."
msgstr ""
#: ../../canaille delete consent:1
#: ../../canaille set consent:1
#: ecded87087fb4018854b4d14a277df8f
#: bfebd623b59243cb8efe4178994c8209
msgid "IDENTIFIER should be a consent id or consent_id"
msgstr ""
#: ../../canaille set group:1
#: 1f36d3e6d60343989097aac3e4424ed4
msgid "Update a group and display the edited model in JSON format in the standard output."
msgstr ""
#: ../../canaille delete group:1
#: ../../canaille set group:1
#: 772ff82f2ff54593b9ef8dc8e0af8d4f
#: f5e84ce4a1dc4bcdbf5a660209e2d7d9
msgid "IDENTIFIER should be a group id or display_name"
msgstr ""
#: ../../canaille set token:1
#: 6534c48546d94e76a03c8ea1521c5cd4
msgid "Update a token and display the edited model in JSON format in the standard output."
msgstr ""
#: ../../canaille delete token:1
#: ../../canaille set token:1
#: edecbc4f0f9946c48834bf53a5fbf0f8
#: 3dacc05a5d1240ea812eb792ed737810
msgid "IDENTIFIER should be a token id or token_id"
msgstr ""
#: ../../canaille set user:1
#: da1f8e5fba5f40ad8f20a017e886aa02
msgid "Update a user and display the edited model in JSON format in the standard output."
msgstr ""
#: ../../canaille delete user:1
#: ../../canaille reset-otp:1
#: ../../canaille set user:1
#: bf3b446f2eda4b26a9ef702f4c6dd0b9
#: 881aab67b4fb4777a160e9affc77be0c
#: 16e4d79ff89a42ea92ea157e3c46c583
msgid "IDENTIFIER should be a user id or user_name"
msgstr ""
#: ../../canaille create:1
#: 563f23f330bc43ed951ca8812fa0c2fc
msgid "Create models."
msgstr ""
#: ../../canaille create:1
#: 9d4c06295f304ac093848a3de8b716bb
msgid "The model attributes can be passed as command options::"
msgstr ""
#: ../../canaille create:1
#: 63735ef4eb924ae1ab2a244a018dc3be
msgid "Displays the created model in JSON format in the standard output."
msgstr ""
#: ../../canaille create authorizationcode:1
#: a96e7d0b6bed4a7bb8e0257b08600be1
msgid "Create a new authorizationcode and display the created model in JSON format in the standard output."
msgstr ""
#: ../../canaille create client:1
#: 41428e12aeae44479602c0f92a840d2c
msgid "Create a new client and display the created model in JSON format in the standard output."
msgstr ""
#: ../../canaille create consent:1
#: 994455a2e844478bbffe389520751a33
msgid "Create a new consent and display the created model in JSON format in the standard output."
msgstr ""
#: ../../canaille create group:1
#: c3b6e110307b45c4b7e8ce07a66a4cf9
msgid "Create a new group and display the created model in JSON format in the standard output."
msgstr ""
#: ../../canaille create token:1
#: 3774f3cf8635474fb6ba63ac1b57aa1b
msgid "Create a new token and display the created model in JSON format in the standard output."
msgstr ""
#: ../../canaille create user:1
#: ae4b9357629c41f2bd3443048f12f734
msgid "Create a new user and display the created model in JSON format in the standard output."
msgstr ""
#: ../../canaille delete:1
#: 416fbf5d468742f6af7aa3afe222389c
msgid "Delete models."
msgstr ""
#: ../../canaille delete:1
#: 05ea570bc20b42c9943f9073f58c19f9
msgid "The command takes a model ID and deletes it::"
msgstr ""
#: ../../canaille delete authorizationcode:1
#: e73a91f3f9d347d082621014cb60fd7f
msgid "Delete a authorizationcode."
msgstr ""
#: ../../canaille delete client:1
#: d376d0088bff46ca817210c0ae84ccec
msgid "Delete a client."
msgstr ""
#: ../../canaille delete consent:1
#: 2cd2f844ba974bbaa3c2a84cd7fa1a68
msgid "Delete a consent."
msgstr ""
#: ../../canaille delete group:1
#: bf80244164a54ae887b7caadf7914dc1
msgid "Delete a group."
msgstr ""
#: ../../canaille delete token:1
#: 3bf34916fadf48139dbcf439545c4276
msgid "Delete a token."
msgstr ""
#: ../../canaille delete user:1
#: 22a78b7140094b6ebe34988f5b37fec3
msgid "Delete a user."
msgstr ""
#: ../../canaille reset-otp:1
#: 7c6ec1734fad47e29b224fb85e9a66f3
msgid "Reset one-time password authentication for a user and display the edited user in JSON format in the standard output."
msgstr ""
#: ../references/configuration.rst:2
#: ../tutorial/provisioning.rst:18
#: e23c84272ce74d1d87f815825cb4a488
#: a3b2c9fd78c647f3bb92429d2cdba945
msgid "Configuration"
msgstr ""
#: ../references/configuration.rst:5
#: 90eeb71ed1294fd7bc6bf7f8c8ed5c8c
msgid "Load the configuration"
msgstr ""
#: ../references/configuration.rst:7
#: f2621ade958b4ffb9815fa8322ca64e5
msgid "Canaille can be configured either by a environment variables, environment file, or by a configuration file."
msgstr ""
#: ../references/configuration.rst:10
#: 37d9f514da104c6aa15bf83cb6303487
msgid "Configuration file"
msgstr ""
#: ../references/configuration.rst:14
#: 88467c2beaea43a19228f85c1f398494
msgid "The configuration can be written in `toml` configuration file which path is passed in the :envvar:`CONFIG` environment variable."
msgstr ""
#: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:11
#: ../references/configuration.rst:16
#: ../references/configuration.rst:98
#: ../tutorial/databases.rst:23
#: ../tutorial/databases.rst:37
#: ../tutorial/databases.rst:138
#: 1b8aaa7b767b49eb9a81d6663fb6c1e8
#: bb4c8f23d29248f5abfd0d96af2d80bf
#: ee90ce99e8a4449fbb7cb28d559147b5
#: 84cfcdaa79ef439cb013e00e3c4cd792
#: cb517d061c4a4d16ae4a868999611801
#: 3fc7e3d6f94f47579174c1ebcb598f6a
msgid "config.toml"
msgstr ""
#: ../references/configuration.rst:28
#: 4f4e3b14ad79434b93659ff0d99e92d5
msgid "You can have a look at the :ref:`example file <references/configuration:Example file>` for inspiration."
msgstr ""
#: ../references/configuration.rst:31
#: 52e72a243eda4c6d8c20601ec11d21ea
msgid "Environment variables"
msgstr ""
#: ../references/configuration.rst:33
#: 5a5db358ab214e86b11ce341a71a4abb
msgid "In addition, parameters that have not been set in the configuration file can be read from environment variables. The way environment variables are parsed can be read from the `pydantic-settings documentation <https://docs.pydantic.dev/latest/concepts/pydantic_settings/#parsing-environment-variable-values>`_."
msgstr ""
#: ../references/configuration.rst:38
#: 9c85a8e682a74e9d9d8c3aa79e2d02ba
msgid "For environment vars, the separator between sections and variables is a double underscore: ``__``. For instance, the ``NAME`` var in the ``CANAILLE`` section shown above is ``CANAILLE__NAME``."
msgstr ""
#: ../references/configuration.rst:42
#: 26c9129f81c54386966cffd31c323f14
msgid "Environment file"
msgstr ""
#: ../references/configuration.rst:44
#: 54056c93ac3b40e882bf20789d72fded
msgid "Any environment variable can also be written in an environment file, which path should be passed in the ``ENV_FILE`` environment variable. For instance, set ``ENV_FILE=.env`` to load a ``.env`` file."
msgstr ""
#: ../references/configuration.rst:47
#: ../tutorial/theming.rst:45
#: ba796d7f6bdb4ef5a32865f844ead63e
#: cf54ed67d4094faa9ef11380aadb0c27
msgid ".env"
msgstr ""
#: ../references/configuration.rst:65
#: 3c2136aab27c4650acf0d25ced3636e2
msgid "Configuration methods priority"
msgstr ""
#: ../references/configuration.rst:67
#: 6e85c7ec407f4fc68adff17adb6652b2
msgid "If a same configuration option is defined by different ways, here is how Canaille will choose which one to use:"
msgstr ""
#: ../references/configuration.rst:69
#: 8857be48d8f54be7aa8d350d5346887a
msgid "environment vars have priority over the environment file and the configuration file;"
msgstr ""
#: ../references/configuration.rst:70
#: d946c715e1c34f55acfe97acc96cab68
msgid "environment file will have priority over the configuration file."
msgstr ""
#: ../references/configuration.rst:73
#: ../references/templates.rst:0
#: 369d25ff21b042fbabf703be7b66e138
#: a55c7bc43a6948feab832fd4fdb4bf22
#: 9fb39cd0dab645c8b439db06c9df3b39
#: cd28600ca07546a792b91808abe41356
#: 55077a4ae9d64cf990a0036ca1b8d21c
#: b223abee37654b58b4f870cfe3b384b8
#: 5352005d8a73485e8af823fd69867f3c
#: 4dd300d2bd32416ca74ca72c1455af9e
#: 0c20513692734621a3281e6b3b26373a
#: 0988997d549c4b16b71ee421abbd84d8
#: 719ccc3b51424282be41acd9b3812154
#: 168e88c04ad747aa86523d7279763ca1
#: fa0fbd4031a5441ab0069ab0ae9b3acd
#: 446f7050c3fd409aa78ea17463e98757
#: bbf7c3d936d142a9a4c6ba9fe44afb10
#: cc2c8226284941a3891c26c204040932
#: a3b738664d794a67908ec1e1a99c1bef
#: dac084b31d574855967a090900da0439
#: d62e67323a454533b11577fd12796e2c
#: 073ebd83febf476db6b98cf67bed2133
#: 24260aa2753047ceab0ee7a03ed7eb63
#: 05ec3f39586642e5b0bfcf242339d33c
#: e496179b059c4dfdb1fae2b4f8191418
#: d3309b6036194c6c98482cfe18b00421
#: c7504dbab90d4060abb02a1aba124ce0
#: abd3a21d400e403e94c685427cbe7ef0
msgid "Parameters"
msgstr ""
#: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:1
#: 2226ecd0f90440d58a4089df736be757
msgid "The top-level namespace contains the configuration settings unrelated to Canaille."
msgstr ""
#: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:4
#: f53fd6edbc9148c781006d112688f022
msgid "The configuration parameters from the following libraries can be used:"
msgstr ""
#: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:6
#: 0a1ba7d3d9d24c598640a87301549190
msgid ":doc:`Flask <flask:config>`"
msgstr ""
#: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:7
#: 6288bee773454f6fb13d7c3c43c0acfe
msgid ":doc:`Flask-WTF <flask-wtf:config>`"
msgstr ""
#: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:8
#: 8dc449c88676405aa689c232c0c17eaa
msgid ":doc:`Flask-Babel <flask-babel:index>`"
msgstr ""
#: ../../canaille/app/configuration.py:docstring of canaille.app.configuration.RootSettings:9
#: f0f21a8b4661490ea85203669e05fe2a
msgid ":doc:`Authlib <authlib:flask/2/authorization-server>`"
msgstr ""
#: ../../docstring of canaille.app.configuration.RootSettings.DEBUG:1
#: aee2c3dead184d3ab7655e0df3b9f66c
msgid "The Flask :external:py:data:`DEBUG` configuration setting."
msgstr ""
#: ../../docstring of canaille.app.configuration.RootSettings.DEBUG:3
#: da1c3a1146284b0597c12fab8ac713a9
msgid "This enables debug options."
msgstr ""
#: ../../docstring of canaille.app.configuration.RootSettings.DEBUG:7
#: 22813fdeb3ad46729bf6d91f1a6a799b
msgid "This is useful for development but should be absolutely avoided in production environments."
msgstr ""
#: ../../docstring of canaille.app.configuration.RootSettings.PREFERRED_URL_SCHEME:1
#: 8d9650f0f1c34ab7b888fce27cfcc459
msgid "The Flask :external:py:data:`PREFERRED_URL_SCHEME` configuration setting."
msgstr ""
#: ../../docstring of canaille.app.configuration.RootSettings.PREFERRED_URL_SCHEME:4
#: 33538d7dda284e2da14720d9ecf5b81f
msgid "This sets the url scheme by which canaille will be served."
msgstr ""
#: ../../docstring of canaille.app.configuration.RootSettings.SECRET_KEY:1
#: ca299cb1b21a4aff913e478725dee516
msgid "The Flask :external:py:data:`SECRET_KEY` configuration setting."
msgstr ""
#: ../../docstring of canaille.app.configuration.RootSettings.SECRET_KEY:3
#: e0e842ea56e7409da386c9fa3b44f45f
msgid "You MUST change this."
msgstr ""
#: ../../docstring of canaille.app.configuration.RootSettings.SERVER_NAME:1
#: 8aaa9ab83eb245a996e82b25f47a18be
msgid "The Flask :external:py:data:`SERVER_NAME` configuration setting."
msgstr ""
#: ../../docstring of canaille.app.configuration.RootSettings.SERVER_NAME:3
#: a7a33ff93b6d471e9395fffab55b8497
msgid "This sets domain name on which canaille will be served."
msgstr ""
#: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.CoreSettings:1
#: 49b29a899f644466acba509b0b3e9f00
msgid "The settings from the ``CANAILLE`` namespace."
msgstr ""
#: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.CoreSettings:3
#: 63104b7fc45e4ef39f55f96c7a093f33
msgid "Those are all the configuration parameters that controls the behavior of Canaille."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.ACL:1
#: 1c134db317ea498d8b595a7a3b2f610e
msgid "Mapping of permission groups. See :class:`ACLSettings` for more details."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.ACL:3
#: c2f72f20b39c4706b4e5ba01db79eb2c
msgid "The ACL name can be freely chosen. For example:"
msgstr ""
#: ../../docstring of canaille.backends.sql.configuration.SQLSettings.DATABASE_URI:4
#: ../../docstring of canaille.core.configuration.ACLSettings.PERMISSIONS:6
#: ../../docstring of canaille.core.configuration.CoreSettings.ACL:5
#: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:12
#: 7f4c9bc691c14d29b0465e0af9e49012
#: 7e37e8d6e156472e9a7a39fac9d88ff2
#: 7e37e8d6e156472e9a7a39fac9d88ff2
#: 7e37e8d6e156472e9a7a39fac9d88ff2
msgid "..code-block:: toml"
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.ACL:7
#: c5d39ea293234d4aa11c0494ddc011b6
msgid "[CANAILLE.ACL.DEFAULT] PERMISSIONS = [\"edit_self\", \"use_oidc\"] READ = [\"user_name\", \"groups\"] WRITE = [\"given_name\", \"family_name\"]"
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.ACL:12
#: 27f179210a5a4bae899d38bc6d1963c0
msgid "[CANAILLE.ACL.ADMIN] WRITE = [\"user_name\", \"groups\"]"
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.ADMIN_EMAIL:1
#: da428b02fcc6465ca83593370a8c52c1
msgid "Administration email contact."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.ADMIN_EMAIL:3
#: 80265b26992742b4a55529bb9514ef19
msgid "In certain special cases (example : questioning about password corruption), it is necessary to provide an administration contact email."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.EMAIL_CONFIRMATION:1
#: aae582f58bfa47f2a6f5b32a1b5c3ead
msgid "If :py:data:`True`, users will need to click on a confirmation link sent by email when they want to add a new email."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.EMAIL_CONFIRMATION:4
#: 35bd824b2f8d4040898ed4dbdb7e599d
msgid "By default, this is true if ``SMTP`` is configured, else this is false. If explicitly set to true and ``SMTP`` is disabled, the email field will be read-only."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.EMAIL_OTP:1
#: 15d696ce895d4517964f6a9fe0269d30
msgid "If :py:data:`True`, then users will need to authenticate themselves via a one-time password sent to their primary email address."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.ENABLE_INTRUDER_LOCKOUT:1
#: 15d696ce895d4517964f6a9fe0269d30
msgid "If :py:data:`True`, then users will have to wait for an increasingly long time between each failed login attempt."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_COMPROMISSION_CHECK:1
#: 2bb9ee1a4a1f4c3dac7cd54259173873
msgid "If :py:data:`True`, Canaille will check if passwords appears in compromission databases such as `HIBP <https://haveibeenpwned.com>`_ when users choose a new one."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.ENABLE_PASSWORD_RECOVERY:1
#: 9b83a2bb7e5a45358efb53447ed21cda
msgid "If :py:data:`False`, then users cannot ask for a password recovery link by email."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.ENABLE_REGISTRATION:1
#: ad8746125fae4336a86e7a5a47949ea4
msgid "If :py:data:`True`, then users can freely create an account at this instance."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.ENABLE_REGISTRATION:4
#: 4519e48effe84001a82418bf3a2da190
msgid "If email verification is available, users must confirm their email before the account is created."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.FAVICON:1
#: ad1dce6bc9dd49608f1556cebf0f44fe
msgid "You favicon."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.FAVICON:3
#: 36086dc79c1b485fa6594ef442028011
msgid "If unset and :attr:`LOGO` is set, then the logo will be used."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.HIDE_INVALID_LOGINS:1
#: 15d696ce895d4517964f6a9fe0269d30
msgid "If :py:data:`True`, when users try to sign in with an invalid login, a message is shown indicating that the password is wrong, but does not give a clue whether the login exists or not."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.HIDE_INVALID_LOGINS:5
#: 8203d7591b394141b0beec099e5a0c8d
msgid "If :py:data:`False`, when a user tries to sign in with an invalid login, a message is shown indicating that the login does not exist."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.HTMX:1
#: fca447a64b184732b6664c3c20ade0ce
msgid "Accelerates webpages loading with asynchronous requests."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.INVITATION_EXPIRATION:1
#: c3295518c8ce46359cb5fc8012267002
msgid "The validity duration of registration invitations, in seconds."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.INVITATION_EXPIRATION:3
#: cca98367f271454987d915c9da1deecc
msgid "Defaults to 2 days."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.JAVASCRIPT:1
#: f10d5dbbd4054185b5caff2aa7b4602c
msgid "Enables Javascript to smooth the user experience."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.LANGUAGE:1
#: caa7570c19d343d8a5350b38ab890a08
msgid "If a language code is set, it will be used for every user."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.LANGUAGE:3
#: 2f02910686974fa68a6b3af15a9e1c42
msgid "If unset, the language is guessed according to the users browser."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:1
#: aad50a21706943fda6f1cde1c79762fb
msgid "Configures the logging output using the python logging configuration format:"
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:3
#: 75bb9ce97f514d3eb50ed11a5fcaf986
msgid "If :data:`None`, everything is logged in the standard error output. The log level is :data:`~logging.DEBUG` if the :attr:`~canaille.app.configuration.RootSettings.DEBUG` setting is :py:data:`True`, else this is :py:data:`~logging.INFO`."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:6
#: a8552f90740e4287bd06aab66b4dc85d
msgid "If this is a :class:`dict`, it is passed to :func:`logging.config.dictConfig`:"
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:7
#: 1987a5781d6e42af97e3df073b29599b
msgid "If this is a :class:`str`, it is expected to be a file path that will be passed to :func:`logging.config.fileConfig`."
msgstr ""
#: ../../docstring of canaille.core.configuration.ACLSettings.PERMISSIONS:4
#: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:10
#: edd8ec5aad1047688bbbc5613d9896f5
#: edd8ec5aad1047688bbbc5613d9896f5
msgid "For example:"
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:14
#: 397db3f41bce4260b537ae55755badaf
msgid "[CANAILLE.LOGGING] version = 1 formatters.default.format = \"[%(asctime)s] %(levelname)s in %(module)s: %(message)s\" root = {level = \"INFO\", handlers = [\"canaille\"]}"
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.LOGGING:19
#: 623ab6abfdc84ec38448df94e0562f97
msgid "[CANAILLE.LOGGING.handlers.canaille] class = \"logging.handlers.WatchedFileHandler\" filename = \"/var/log/canaille.log\" formatter = \"default\""
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.LOGO:1
#: 40c46d3aa7bb4e81a857540a99eb3df9
msgid "The logo of your organization, this is useful to make your organization recognizable on login screens."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.MAX_PASSWORD_LENGTH:1
#: 04c3b3e362a74164bd49cbedad027ea8
msgid "User password maximum length."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.MAX_PASSWORD_LENGTH:3
#: a40eddffe3bc4c46ac7624a5f7d40c8f
msgid "There is a technical of 4096 characters with the SQL backend. If the value is 0, :data:`None`, or greater than 4096, then 4096 will be retained."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.MIN_PASSWORD_LENGTH:1
#: 129e3bbcdb1c40bbb45933fe156f00b1
msgid "User password minimum length."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.MIN_PASSWORD_LENGTH:3
#: 1f84fb34d6234361b2c215fda0d8a6d9
msgid "If 0 or :data:`None`, password won't have a minimum length."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.NAME:1
#: befe22deda144065bcee73d9d0404dea
msgid "Your organization name."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.NAME:3
#: 0a659d2aa1994859a59506e97a715ea7
msgid "Used for display purpose."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.OTP_METHOD:1
#: c0ade835e0164d5e9dcb405ff53f299e
msgid "If OTP_METHOD is defined, then users will need to authenticate themselves using a one-time password (OTP) via an authenticator app. If set to ``TOTP``, the application will use time one-time passwords, If set to ``HOTP``, the application will use HMAC-based one-time passwords."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.PASSWORD_COMPROMISSION_CHECK_API_URL:1
#: 6ab659ea03d349d88fef1b5cdc9da5f8
msgid "Have i been pwned api url for compromission checks."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.SENTRY_DSN:1
#: 42626c8f0fa24a3fbfc131099bae6302
msgid "A `Sentry <https://sentry.io>`_ DSN to collect the exceptions."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.SENTRY_DSN:3
#: b29a9995f9b04c71a953d7ea902bd1f5
msgid "This is useful for tracking errors in test and production environments."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.SMPP:1
#: 78b26880da2746c583f686747b26f179
msgid "The settings related to SMPP configuration."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.SMPP:3
#: 24787179b702424697f1fe11214d1f9c
msgid "If unset, sms-related features like sms one-time passwords won't be enabled."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.SMS_OTP:1
#: 15d696ce895d4517964f6a9fe0269d30
msgid "If :py:data:`True`, then users will need to authenticate themselves via a one-time password sent to their primary phone number."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.SMTP:1
#: 78b26880da2746c583f686747b26f179
msgid "The settings related to SMTP and mail configuration."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.SMTP:3
#: 24787179b702424697f1fe11214d1f9c
msgid "If unset, mail-related features like password recovery won't be enabled."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.THEME:1
#: 65f9f8cf44c347b9b18a9bd8e3624c6b
msgid "The name of a theme in the 'theme' directory, or a path to a theme."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.THEME:3
#: a930cadcbbaf40e59f78c34a6fea099e
msgid "Defaults to ``default``. Theming is done with `flask-themer <https://github.com/tktech/flask-themer>`_."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.TIMEZONE:1
#: 60a19e875a924f2ca2f466cc2a3de293
msgid "The timezone in which datetimes will be displayed to the users (e.g. ``CEST``)."
msgstr ""
#: ../../docstring of canaille.core.configuration.CoreSettings.TIMEZONE:4
#: 3674c492480c4bc8877913002b54efa1
msgid "If unset, the server timezone will be used."
msgstr ""
#: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.SMTPSettings:1
#: 0513a51a39d44f719e5bf3b7abfe7224
msgid "The SMTP configuration. Belong in the ``CANAILLE.SMTP`` namespace. If unset, mail related features will be disabled, such as mail verification or password recovery emails."
msgstr ""
#: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.SMTPSettings:5
#: 2b30db6216b44d98973d7401cd778e03
msgid "By default, Canaille will try to send mails from localhost without authentication."
msgstr ""
#: ../../docstring of canaille.core.configuration.SMTPSettings.FROM_ADDR:1
#: 60a234eca526445b86c8669fbfda12c5
msgid "The sender for Canaille mails."
msgstr ""
#: ../../docstring of canaille.core.configuration.SMTPSettings.FROM_ADDR:3
#: 0ed3035ba98243e3814d51329ceac05f
msgid "Some mail provider might require a valid sender address."
msgstr ""
#: ../../docstring of canaille.core.configuration.SMTPSettings.HOST:1
#: 734742323e1a40e482a2433adbed3cf9
msgid "The SMTP host."
msgstr ""
#: ../../docstring of canaille.core.configuration.SMTPSettings.LOGIN:1
#: 6b56c482d9274a7d9b308055ce3d8b07
msgid "The SMTP login."
msgstr ""
#: ../../docstring of canaille.core.configuration.SMTPSettings.PASSWORD:1
#: 8ca424cbdc7647a99400ae460510a183
msgid "The SMTP password."
msgstr ""
#: ../../docstring of canaille.core.configuration.SMTPSettings.PORT:1
#: f581660baf5a4637974640c3d253692f
msgid "The SMTP port."
msgstr ""
#: ../../docstring of canaille.core.configuration.SMTPSettings.SSL:1
#: 129075d9b7284662b50893663f3b3c74
msgid "Whether to use SSL to connect to the SMTP server."
msgstr ""
#: ../../docstring of canaille.core.configuration.SMTPSettings.TLS:1
#: b34e44fef5b24697bab696419b926d6d
msgid "Whether to use TLS to connect to the SMTP server."
msgstr ""
#: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.SMPPSettings:1
#: 0513a51a39d44f719e5bf3b7abfe7224
msgid "The SMPP configuration. Belong in the ``CANAILLE.SMPP`` namespace. If not set, sms related features such as sms one-time passwords will be disabled."
msgstr ""
#: ../../docstring of canaille.core.configuration.SMPPSettings.HOST:1
#: 734742323e1a40e482a2433adbed3cf9
msgid "The SMPP host."
msgstr ""
#: ../../docstring of canaille.core.configuration.SMPPSettings.LOGIN:1
#: 6b56c482d9274a7d9b308055ce3d8b07
msgid "The SMPP login."
msgstr ""
#: ../../docstring of canaille.core.configuration.SMPPSettings.PASSWORD:1
#: 8ca424cbdc7647a99400ae460510a183
msgid "The SMPP password."
msgstr ""
#: ../../docstring of canaille.core.configuration.SMPPSettings.PORT:1
#: 0780176282814cd1ad4ceb1567e2f160
msgid "The SMPP port. Use 8775 for SMPP over TLS (recommended)."
msgstr ""
#: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.ACLSettings:1
#: ddbf39ff35684a7c8be7dd8442348d9b
msgid "Access Control List settings. Belong in the ``CANAILLE.ACL`` namespace."
msgstr ""
#: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.ACLSettings:3
#: fb2bf8e9b559475fa0da8a5a9a716d1b
msgid "You can define access controls that define what users can do on canaille. An access control consists in a :attr:`FILTER` to match users, a list of :attr:`PERMISSIONS` matched users will be able to perform, and fields users will be able to :attr:`READ` and :attr:`WRITE`. Users matching several filters will cumulate permissions."
msgstr ""
#: ../../docstring of canaille.core.configuration.ACLSettings.FILTER:1
#: 44a6412c07e74f10991a803bec3ffd5b
msgid ":attr:`FILTER` can be:"
msgstr ""
#: ../../docstring of canaille.core.configuration.ACLSettings.FILTER:3
#: a46c99d48a184f8f9cbbd60fd0113bd9
msgid ":py:data:`None`, in which case all the users will match this access control"
msgstr ""
#: ../../docstring of canaille.core.configuration.ACLSettings.FILTER:4
#: 3b80807a79704eb9b5c53f31319a334f
msgid "a mapping where keys are user attributes name and the values those user attribute values. All the values must be matched for the user to be part of the access control."
msgstr ""
#: ../../docstring of canaille.core.configuration.ACLSettings.FILTER:7
#: 53ad291e288c490abd5b1e854132a0ef
msgid "a list of those mappings. If a user values match at least one mapping, then the user will be part of the access control"
msgstr ""
#: ../../docstring of canaille.core.configuration.ACLSettings.FILTER:10
#: eb01b4eb724941cab7f44d69c0627b1e
msgid "Here are some examples::"
msgstr ""
#: ../../docstring of canaille.core.configuration.ACLSettings.PERMISSIONS:1
#: 75a4d0c394fa4aebbb48d077e63aa0f0
msgid "A list of :class:`Permission` users in the access control will be able to manage."
msgstr ""
#: ../../docstring of canaille.core.configuration.ACLSettings.PERMISSIONS:8
#: 721eb691ae3e4151a5eaf811c2a1b01c
msgid "PERMISSIONS = [\"manage_users\", \"manage_groups\", \"manage_oidc\", \"delete_account\", \"impersonate_users\"]"
msgstr ""
#: ../../docstring of canaille.core.configuration.ACLSettings.READ:1
#: d3e143b82c304e238a797124231f644f
msgid "A list of :class:`~canaille.core.models.User` attributes that users in the ACL will be able to read."
msgstr ""
#: ../../docstring of canaille.core.configuration.ACLSettings.WRITE:1
#: cd5c4a6863b3455795388ea58d2f8ff1
msgid "A list of :class:`~canaille.core.models.User` attributes that users in the ACL will be able to edit."
msgstr ""
#: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.Permission:1
#: d0fc68105eb54d359eb01628902767b5
msgid "The permissions that can be assigned to users."
msgstr ""
#: ../../canaille/core/configuration.py:docstring of canaille.core.configuration.Permission:3
#: 8f3355f64e2c490ab0e8b4765dca8781
msgid "The permissions are intended to be used in :attr:`ACLSettings <canaille.core.configuration.ACLSettings.PERMISSIONS>`."
msgstr ""
#: ../../docstring of canaille.core.configuration.Permission.DELETE_ACCOUNT:1
#: 500cfd5a09554ac0b3efb8801a314e38
msgid "Allows users to delete their account."
msgstr ""
#: ../../docstring of canaille.core.configuration.Permission.DELETE_ACCOUNT:3
#: cca431c321484569862b3a05616c7907
msgid "If used with :attr:`~canaille.core.configuration.Permission.MANAGE_USERS`, users can delete any account."
msgstr ""
#: ../../docstring of canaille.core.configuration.Permission.EDIT_SELF:1
#: 6dc188b41f5440319e87c333aea28060
msgid "Allows users to edit their own profile."
msgstr ""
#: ../../docstring of canaille.core.configuration.Permission.IMPERSONATE_USERS:1
#: 113e6c4d2b714be79d746c84a0bde30a
msgid "Allows users to take the identity of another user."
msgstr ""
#: ../../docstring of canaille.core.configuration.Permission.MANAGE_GROUPS:1
#: 9531fd7773fe46f78f3da23f5d7e6f02
msgid "Allows group edition and creation."
msgstr ""
#: ../../docstring of canaille.core.configuration.Permission.MANAGE_OIDC:1
#: 6a14ecfbecc7402b90c1f984af552750
msgid "Allows OpenID Connect client managements."
msgstr ""
#: ../../docstring of canaille.core.configuration.Permission.MANAGE_USERS:1
#: 7d115497bd7e4284b71cee12f6012e06
msgid "Allows other users management."
msgstr ""
#: ../../docstring of canaille.core.configuration.Permission.USE_OIDC:1
#: 5e48261fd5c9437eb453e703f93703b5
msgid "Allows OpenID Connect authentication."
msgstr ""
#: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.OIDCSettings:1
#: 63057e3d73a14c63bbe40bc95a0e4c84
msgid "OpenID Connect settings."
msgstr ""
#: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.OIDCSettings:3
#: 035105e6e931419a8302feadec577ed6
msgid "Belong in the ``CANAILLE_OIDC`` namespace."
msgstr ""
#: ../../docstring of canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_OPEN:1
#: fba0c11bf0f648909450d12e1ceffdb9
msgid "Whether a token is needed for the RFC7591 dynamical client registration."
msgstr ""
#: ../../docstring of canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_OPEN:3
#: f5ba930ce26f4588b539da7703aafd4d
msgid "If :py:data:`True`, no token is needed to register a client. If :py:data:`False`, dynamical client registration needs a token defined in :attr:`DYNAMIC_CLIENT_REGISTRATION_TOKENS`."
msgstr ""
#: ../../docstring of canaille.oidc.configuration.OIDCSettings.DYNAMIC_CLIENT_REGISTRATION_TOKENS:1
#: 092b15419a354a5888a9f80ab6194696
msgid "A list of tokens that can be used for dynamic client registration."
msgstr ""
#: ../../docstring of canaille.oidc.configuration.OIDCSettings.JWT:1
#: 9cd2e236fdb14317b0ffed9a3d2608bb
msgid "JSON Web Token settings."
msgstr ""
#: ../../docstring of canaille.oidc.configuration.OIDCSettings.REQUIRE_NONCE:1
#: fa7308da6bb547ae821995b6d7995ad1
msgid "Force the nonce exchange during the authentication flows."
msgstr ""
#: ../../docstring of canaille.oidc.configuration.OIDCSettings.REQUIRE_NONCE:3
#: 0c8ebdd95ff84eca839a0b3e755815e8
msgid "This adds security but may not be supported by all clients."
msgstr ""
#: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.JWTSettings:1
#: 37bc9fb542044bd794610b97da9255f3
msgid "JSON Web Token settings. Belong in the ``CANAILLE_OIDC.JWT`` namespace."
msgstr ""
#: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.JWTSettings:3
#: 13ef6c0a21924214b46130443a178a3b
msgid "You can generate a RSA keypair with::"
msgstr ""
#: ../../docstring of canaille.oidc.configuration.JWTSettings.ALG:1
#: d2bc59d1182f47bea20962eb0acc5690
msgid "The key algorithm."
msgstr ""
#: ../../docstring of canaille.oidc.configuration.JWTSettings.EXP:1
#: f282a838950942ea9e15a209546aece5
msgid "The time the JWT will be valid, in seconds."
msgstr ""
#: ../../docstring of canaille.oidc.configuration.JWTSettings.ISS:1
#: 8ad74727c039426d84a5df7154d85088
msgid "The URI of the identity provider."
msgstr ""
#: ../../docstring of canaille.oidc.configuration.JWTSettings.KTY:1
#: cc46bfa52a58479ebeeabc645f0efbee
msgid "The key type."
msgstr ""
#: ../../docstring of canaille.oidc.configuration.JWTSettings.PRIVATE_KEY:1
#: 521a0d91f9c54a45b362036aeabf476b
msgid "The private key."
msgstr ""
#: ../../docstring of canaille.oidc.configuration.JWTSettings.PRIVATE_KEY:3
#: ../../docstring of canaille.oidc.configuration.JWTSettings.PUBLIC_KEY:3
#: 8f11d684881944cd8a2e7a7bcbb48c48
#: 8f11d684881944cd8a2e7a7bcbb48c48
msgid "If :py:data:`None` and debug mode is enabled, then an in-memory key will be used."
msgstr ""
#: ../../docstring of canaille.oidc.configuration.JWTSettings.PUBLIC_KEY:1
#: f0f19ad86cb94cc7b63447e2a6d6ef56
msgid "The public key."
msgstr ""
#: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.JWTMappingSettings:1
#: 1380be8739ba4fbab5425af1c0253066
msgid "Mapping between the user model and the JWT fields."
msgstr ""
#: ../../canaille/oidc/configuration.py:docstring of canaille.oidc.configuration.JWTMappingSettings:3
#: 6f4c5c2cbd07499c972d2f1ab29ffa1e
msgid "Fields are evaluated with jinja. A ``user`` var is available."
msgstr ""
#: ../../canaille/scim/configuration.py:docstring of canaille.scim.configuration.SCIMSettings:1
#: a52a23313e76499f8eb015c9a754c440
msgid "SCIM settings."
msgstr ""
#: ../../canaille/backends/sql/configuration.py:docstring of canaille.backends.sql.configuration.SQLSettings:1
#: 8a43c250075c4918b0ce4204fa803047
msgid "Settings related to the SQL backend."
msgstr ""
#: ../../canaille/backends/sql/configuration.py:docstring of canaille.backends.sql.configuration.SQLSettings:3
#: 038af6ccc90c4711bf2630c27656a810
msgid "Belong in the ``CANAILLE_SQL`` namespace."
msgstr ""
#: ../../docstring of canaille.backends.sql.configuration.SQLSettings.DATABASE_URI:1
#: 1aacc345a8b74b12af594ae00bb018d6
msgid "The SQL server URI. For example:"
msgstr ""
#: ../../docstring of canaille.backends.sql.configuration.SQLSettings.DATABASE_URI:6
#: 677e3555144149ed9ca260747ac80af7
msgid "DATABASE_URI = \"postgresql://user:password@localhost/database_name\""
msgstr ""
#: ../../canaille/backends/ldap/configuration.py:docstring of canaille.backends.ldap.configuration.LDAPSettings:1
#: 3f3caf7b34464a66a3616e93568df5d0
msgid "Settings related to the LDAP backend."
msgstr ""
#: ../../canaille/backends/ldap/configuration.py:docstring of canaille.backends.ldap.configuration.LDAPSettings:3
#: dfa0746894e344faa806b939a64e1bc4
msgid "Belong in the ``CANAILLE_LDAP`` namespace."
msgstr ""
#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.BIND_DN:1
#: 6bfbb516f18341ccb29ba837eee1182e
msgid "The LDAP bind DN."
msgstr ""
#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.BIND_PW:1
#: 2f6f3c3c7b4946898c03f95709e8ada4
msgid "The LDAP bind password."
msgstr ""
#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.GROUP_BASE:1
#: 6d51a73361254d7b83fce929ae2b6b37
msgid "The LDAP node under which groups will be looked for and saved."
msgstr ""
#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.GROUP_BASE:3
#: 59bb594131944870a7bdbffcec6cb47b
msgid "For instance `\"ou=groups,dc=mydomain,dc=tld\"`."
msgstr ""
#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.GROUP_CLASS:1
#: 6ef1fa2af1cb49d48dc49e16da349186
msgid "The object class to use for creating new groups."
msgstr ""
#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.GROUP_NAME_ATTRIBUTE:1
#: 6b02bb2acfa949848ac24822ba9e65a2
msgid "The attribute to use to identify a group."
msgstr ""
#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.GROUP_RDN:1
#: d4b05df5c7c44d4aa00e29be5efbe08b
msgid "The attribute to identify an object in the Group DN."
msgstr ""
#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.ROOT_DN:1
#: 1dfee889fb7348d39a4fd73315b92f0f
msgid "The LDAP root DN."
msgstr ""
#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.TIMEOUT:1
#: bf016c8880b2441ebc1f7eb63c472e1f
msgid "The LDAP connection timeout."
msgstr ""
#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.URI:1
#: f2d63d56281a4ac9bf59a566fca49efb
msgid "The LDAP server URI."
msgstr ""
#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_BASE:1
#: 2b9e8a84a0a741dba1b0eb8183d14a91
msgid "The LDAP node under which users will be looked for and saved."
msgstr ""
#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_BASE:3
#: 7e3ac032d5bd418482f13ab7c81d1515
msgid "For instance `ou=users,dc=mydomain,dc=tld`."
msgstr ""
#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_CLASS:1
#: 5791e76405f94f38b07650cf43719cf8
msgid "The object class to use for creating new users."
msgstr ""
#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_FILTER:1
#: d5ccfe3b5d7e438389f98cad6718a9d0
msgid "Filter to match users on sign in."
msgstr ""
#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_FILTER:3
#: 737d190e512f480a9227e6fe72f96c26
msgid "For instance ``(|(uid={{ login }})(mail={{ login }}))``. Jinja syntax is supported and a ``login`` variable is available, containing the value passed in the login field."
msgstr ""
#: ../../docstring of canaille.backends.ldap.configuration.LDAPSettings.USER_RDN:1
#: b7d504ef3c74424abeccc8ad35072d0f
msgid "The attribute to identify an object in the User DN."
msgstr ""
#: ../references/configuration.rst:94
#: d0a193b9740940ceac9bbb0b609c7b38
msgid "Example file"
msgstr ""
#: ../references/configuration.rst:96
#: 380ab48a596a497789c004a25fd645c8
msgid "Here is a configuration file example:"
msgstr ""
#: ../references/index.rst:2
#: 7aedfd273422477bb60f319eb4c1eb09
msgid "References"
msgstr ""
#: ../references/models.rst:2
#: 40ab2b878a534ca38780473aa8c0dd24
msgid "Data models"
msgstr ""
#: ../references/models.rst:4
#: fc86419b230d4b3ea107617213675e38
msgid "This reference details the data models used by Canaille. This is mostly useful for developers."
msgstr ""
#: ../../canaille/app/features.py:docstring of canaille.app.features.Features:1
#: ../../canaille/backends/models.py:docstring of canaille.backends.models.BackendModel:1
#: ../../canaille/backends/models.py:docstring of canaille.backends.models.Model:1
#: af7b8f2e8eae457f8451e659c3213675
#: 0d1f4ecf6c974902b15375ec2f545d11
#: c1c3e9ca21a04c1d851e4a75082b1c90
msgid "Bases: :py:class:`object`"
msgstr ""
#: ../../canaille/backends/models.py:docstring of canaille.backends.models.BackendModel:1
#: 5c4d9070fe3a46a695c06ef143b7b3e0
msgid "The backend model abstract class."
msgstr ""
#: ../../canaille/backends/models.py:docstring of canaille.backends.models.BackendModel:3
#: 51d88470412841bdb28daefe752259c8
msgid "It details all the methods and attributes that are expected to be implemented for every model and for every backend."
msgstr ""
#: ../../canaille/backends/models.py:docstring of canaille.backends.models.Model:1
#: 91a5b49dc4f54e4ba3acea5e80114ad6
msgid "The model abstract class."
msgstr ""
#: ../../canaille/backends/models.py:docstring of canaille.backends.models.Model:3
#: 05f702c2e3324742a9840c46621f02e7
msgid "It details all the common attributes shared by every models."
msgstr ""
#: ../../docstring of canaille.backends.models.Model.created:1
#: 55c80d78a6514379b68db68d53d08628
msgid "The :class:`~datetime.datetime` that the resource was added to the service provider."
msgstr ""
#: ../../docstring of canaille.backends.models.Model.id:1
#: 6c1d3282e98e4d7b96213c626e92665a
msgid "A unique identifier for a SCIM resource as defined by the service provider. Id will be :data:`None` until the ``Backend.save`` method is called."
msgstr ""
#: ../../docstring of canaille.backends.models.Model.id:5
#: 64c1848034b34d2086fa0d50e1b94a98
msgid "Each representation of the resource MUST include a non-empty \"id\" value. This identifier MUST be unique across the SCIM service provider's entire set of resources. It MUST be a stable, non- reassignable identifier that does not change when the same resource is returned in subsequent requests. The value of the \"id\" attribute is always issued by the service provider and MUST NOT be specified by the client. The string \"bulkId\" is a reserved keyword and MUST NOT be used within any unique identifier value. The attribute characteristics are \"caseExact\" as \"true\", a mutability of \"readOnly\", and a \"returned\" characteristic of \"always\". See Section 9 for additional considerations regarding privacy."
msgstr ""
#: ../../canaille/backends/models.py:docstring of canaille.backends.models.Model.identifier:1
#: bd6bdb35102f4e4d803a072d6c012255
msgid "Returns a unique value that will be used to identify the model instance."
msgstr ""
#: ../../canaille/backends/models.py:docstring of canaille.backends.models.Model.identifier:4
#: 3ee0208a12e4453abe733d48f8046054
msgid "This value will be used in URLs in canaille, so it should be unique and short."
msgstr ""
#: ../../docstring of canaille.backends.models.Model.last_modified:1
#: 339106d4e64c4cce82c7b4eb3e783713
msgid "The most recent :class:`~datetime.datetime` that the details of this resource were updated at the service provider."
msgstr ""
#: ../../docstring of canaille.backends.models.Model.last_modified:4
#: c7d7e9d90b744b41ac4899977c14174f
msgid "If this resource has never been modified since its initial creation, the value MUST be the same as the value of :attr:`~canaille.backends.models.Model.created`."
msgstr ""
#: ../../canaille/core/models.py:docstring of canaille.core.models.Group:1
#: ../../canaille/core/models.py:docstring of canaille.core.models.User:1
#: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.AuthorizationCode:1
#: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Client:1
#: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Consent:1
#: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Token:1
#: d3ae97f457864dbf953ac9a3cfc043e2
#: c8d3896a864d4331a8d5532b312376db
#: c1c3e9ca21a04c1d851e4a75082b1c90
#: c1c3e9ca21a04c1d851e4a75082b1c90
#: c1c3e9ca21a04c1d851e4a75082b1c90
#: c1c3e9ca21a04c1d851e4a75082b1c90
msgid "Bases: :py:class:`~canaille.backends.models.Model`"
msgstr ""
#: ../../canaille/core/models.py:docstring of canaille.core.models.Group:1
#: fcf6434c92de4c0e9ae1790f19a43d8c
msgid "User model, based on the `SCIM Group schema <https://datatracker.ietf.org/doc/html/rfc7643#section-4.2>`_."
msgstr ""
#: ../../docstring of canaille.core.models.Group.display_name:1
#: 6ae4c021384e45b3b90ca7840c9caa48
msgid "A human-readable name for the Group."
msgstr ""
#: ../../docstring of canaille.core.models.Group.display_name:3
#: ../../docstring of canaille.oidc.basemodels.Client.client_id:1
#: 94bf457053a8408a80e8157f385e6127
#: 8ef14562e7c1440e89a45a65c05b07c4
msgid "REQUIRED."
msgstr ""
#: ../../docstring of canaille.core.models.Group.members:1
#: 0b61dbdad02b48bbb9a9ace3f9ce130a
msgid "A list of members of the Group."
msgstr ""
#: ../../docstring of canaille.core.models.Group.members:3
#: 4f5d6c5417ce40c39617fed66f507f2d
msgid "While values MAY be added or removed, sub-attributes of members are \"immutable\". The \"value\" sub-attribute contains the value of an \"id\" attribute of a SCIM resource, and the \"$ref\" sub-attribute must be the URI of a SCIM resource such as a \"User\", or a \"Group\". The intention of the \"Group\" type is to allow the service provider to support nested groups. Service providers MAY require clients to provide a non-empty value by setting the \"required\" attribute characteristic of a sub-attribute of the \"members\" attribute in the \"Group\" resource schema."
msgstr ""
#: ../../canaille/core/models.py:docstring of canaille.core.models.User:1
#: ea9a3214f2fe40079b36d4acc3993d0b
msgid "User model, based on the `SCIM User schema <https://datatracker.ietf.org/doc/html/rfc7643#section-4.1>`_, `Entreprise User Schema Extension <https://datatracker.ietf.org/doc/html/rfc7643#section-4.3>`_ and `SCIM Password Management Extension <https://datatracker.ietf.org/doc/html/draft-hunt-scim-password-mgmt-00.html>`_ draft. Attribute description is based on SCIM and put there for information purpose. The description may not fit the current implementation in Canaille."
msgstr ""
#: ../../canaille/core/models.py:docstring of canaille.core.models.User.can:1
#: 50465e6a043e4772901bbc25136c15c7
msgid "Whether or not the user has the :class:`~canaille.core.configuration.Permission` according to the :class:`configuration <canaille.core.configuration.ACLSettings>`."
msgstr ""
#: ../../docstring of canaille.core.models.User.department:1
#: 300ebcf15c3d4ee8b50478aa38113f2f
msgid "Identifies the name of a department."
msgstr ""
#: ../../docstring of canaille.core.models.User.display_name:1
#: 44d18f2b6f5147d7bb381e18daf093e3
msgid "The name of the user, suitable for display to end-users."
msgstr ""
#: ../../docstring of canaille.core.models.User.display_name:3
#: c04b6da17ce14862afd1911eb9fda1fd
msgid "Each user returned MAY include a non-empty displayName value. The name SHOULD be the full name of the User being described, if known (e.g., \"Babs Jensen\" or \"Ms. Barbara J Jensen, III\") but MAY be a username or handle, if that is all that is available (e.g., \"bjensen\"). The value provided SHOULD be the primary textual label by which this User is normally displayed by the service provider when presenting it to end-users."
msgstr ""
#: ../../docstring of canaille.core.models.User.emails:1
#: c7a7d69b175742f692f41bfdff6d3957
msgid "Email addresses for the User."
msgstr ""
#: ../../docstring of canaille.core.models.User.emails:3
#: 63f46cb0c21a4fa4b8b0a720c8d14248
msgid "The value SHOULD be specified according to [RFC5321]. Service providers SHOULD canonicalize the value according to [RFC5321], e.g., \"bjensen@example.com\" instead of \"bjensen@EXAMPLE.COM\". The \"display\" sub-attribute MAY be used to return the canonicalized representation of the email value. The \"type\" sub-attribute is used to provide a classification meaningful to the (human) user. The user interface should encourage the use of basic values of \"work\", \"home\", and \"other\" and MAY allow additional type values to be used at the discretion of SCIM clients."
msgstr ""
#: ../../docstring of canaille.core.models.User.employee_number:1
#: 3c9e8a305a2e45188d1991241730c384
msgid "A string identifier, typically numeric or alphanumeric, assigned to a person, typically based on order of hire or association with an organization."
msgstr ""
#: ../../docstring of canaille.core.models.User.family_name:1
#: dd49515b6ca4486487bbb848d32ec95d
msgid "The family name of the User, or last name in most Western languages (e.g., \"Jensen\" given the full name \"Ms. Barbara Jane Jensen, III\")."
msgstr ""
#: ../../docstring of canaille.core.models.User.formatted_address:1
#: f80305cee214421eb76ae29dd6697765
msgid "The full mailing address, formatted for display or use with a mailing label."
msgstr ""
#: ../../docstring of canaille.core.models.User.formatted_address:4
#: 85a0ba3e7b064d75b6bb0f9135fb23c1
msgid "This attribute MAY contain newlines."
msgstr ""
#: ../../docstring of canaille.core.models.User.formatted_name:1
#: 4e458944ffe74d00bfc78e91f7f4b925
msgid "The full name, including all middle names, titles, and suffixes as appropriate, formatted for display (e.g., \"Ms. Barbara Jane Jensen, III\")."
msgstr ""
#: ../../docstring of canaille.core.models.User.given_name:1
#: f44fded253494128a007b56f7303dc14
msgid "The given name of the User, or first name in most Western languages (e.g., \"Barbara\" given the full name \"Ms. Barbara Jane Jensen, III\")."
msgstr ""
#: ../../docstring of canaille.core.models.User.groups:1
#: e31e09adf6404439bf17d6aab21fff32
msgid "A list of groups to which the user belongs, either through direct membership, through nested groups, or dynamically calculated."
msgstr ""
#: ../../docstring of canaille.core.models.User.groups:4
#: c05221c0bcca4718bfa6fdb9519fe95e
msgid "The values are meant to enable expression of common group-based or role-based access control models, although no explicit authorization model is defined. It is intended that the semantics of group membership and any behavior or authorization granted as a result of membership are defined by the service provider. The canonical types \"direct\" and \"indirect\" are defined to describe how the group membership was derived. Direct group membership indicates that the user is directly associated with the group and SHOULD indicate that clients may modify membership through the \"Group\" resource. Indirect membership indicates that user membership is transitive or dynamic and implies that clients cannot modify indirect group membership through the \"Group\" resource but MAY modify direct group membership through the \"Group\" resource, which may influence indirect memberships. If the SCIM service provider exposes a \"Group\" resource, the \"value\" sub-attribute MUST be the \"id\", and the \"$ref\" sub-attribute must be the URI of the corresponding \"Group\" resources to which the user belongs. Since this attribute has a mutability of \"readOnly\", group membership changes MUST be applied via the \"Group\" Resource (Section 4.2). This attribute has a mutability of \"readOnly\"."
msgstr ""
#: ../../canaille/core/models.py:docstring of canaille.core.models.User.has_password:1
#: 995c5dd87f84486b866861819560cddf
msgid "Check whether a password has been set for the user."
msgstr ""
#: ../../docstring of canaille.core.models.User.hotp_counter:1
#: b20ebcdbcb5844738f1587b2713c1ee3
msgid "HMAC-based One Time Password counter, used for multi-factor authentication."
msgstr ""
#: ../../docstring of canaille.core.models.User.last_otp_login:1
#: aeffd6550ea64663ab67d8acca53691b
msgid "A DateTime indicating when the user last logged in with a one-time password. This attribute is currently used to check whether the user has activated one-time password authentication or not."
msgstr ""
#: ../../docstring of canaille.core.models.User.locality:1
#: 6392444bc3f54ec2b7a2e6d76dcebfd9
msgid "The city or locality component."
msgstr ""
#: ../../docstring of canaille.core.models.User.lock_date:1
#: 52b1f476fb584fa89da42a63597ba27d
msgid "A DateTime indicating when the resource was locked."
msgstr ""
#: ../../canaille/core/models.py:docstring of canaille.core.models.User.locked:1
#: 11adeee0c9264a899a29f6650947d5f9
msgid "Whether the user account has been locked or has expired."
msgstr ""
#: ../../docstring of canaille.core.models.User.one_time_password:1
#: 6e8fc6e79f3d45ac804673abaed8ae41
msgid "One time password used for email or sms multi-factor authentication."
msgstr ""
#: ../../docstring of canaille.core.models.User.one_time_password_emission_date:1
#: 51fa37f2cd494b699222475514856ecf
msgid "A DateTime indicating when the user last emitted an email or sms one-time password."
msgstr ""
#: ../../docstring of canaille.core.models.User.organization:1
#: 7f2c3e4f3c354bedbccde4710263b02f
msgid "Identifies the name of an organization."
msgstr ""
#: ../../docstring of canaille.core.models.User.password:1
#: 072e6b6f57ea480eb08da8b2014e78fc
msgid "This attribute is intended to be used as a means to set, replace, or compare (i.e., filter for equality) a password. The cleartext value or the hashed value of a password SHALL NOT be returnable by a service provider. If a service provider holds the value locally, the value SHOULD be hashed. When a password is set or changed by the client, the cleartext password SHOULD be processed by the service provider as follows:"
msgstr ""
#: ../../docstring of canaille.core.models.User.password:9
#: ad7fb50b57bf4a0eaf4e0e96899afad2
msgid "Prepare the cleartext value for international language comparison. See Section 7.8 of [RFC7644]."
msgstr ""
#: ../../docstring of canaille.core.models.User.password:12
#: 46d03fb43b2e40cc9f2ad6ea3dd511ff
msgid "Validate the value against server password policy. Note: The definition and enforcement of password policy are beyond the scope of this document."
msgstr ""
#: ../../docstring of canaille.core.models.User.password:16
#: 72ece62774ba4f9c9ef5ddf163d12af4
msgid "Ensure that the value is encrypted (e.g., hashed). See Section 9.2 for acceptable hashing and encryption handling when storing or persisting for provisioning workflow reasons."
msgstr ""
#: ../../docstring of canaille.core.models.User.password:20
#: 094d9a68c6b743f3af8832f6fe75e71e
msgid "A service provider that immediately passes the cleartext value on to another system or programming interface MUST pass the value directly over a secured connection (e.g., Transport Layer Security (TLS)). If the value needs to be temporarily persisted for a period of time (e.g., because of a workflow) before provisioning, then the value MUST be protected by some method, such as encryption."
msgstr ""
#: ../../docstring of canaille.core.models.User.password:28
#: a4f2fcdde65c4774a2cb672677275686
msgid "Testing for an equality match MAY be supported if there is an existing stored hashed value. When testing for equality, the service provider:"
msgstr ""
#: ../../docstring of canaille.core.models.User.password:32
#: 7595e72df7db44f9b6c42796e830f12b
msgid "Prepares the filter value for international language comparison. See Section 7.8 of [RFC7644]."
msgstr ""
#: ../../docstring of canaille.core.models.User.password:35
#: 61b66fa2e8814634889657f8d0edfab0
msgid "Generates the salted hash of the filter value and tests for a match with the locally held value."
msgstr ""
#: ../../docstring of canaille.core.models.User.password:38
#: a7cfcbc3765b4f78a7155e4dd9415a1e
msgid "The mutability of the password attribute is \"writeOnly\", indicating that the value MUST NOT be returned by a service provider in any form (the attribute characteristic \"returned\" is \"never\")."
msgstr ""
#: ../../docstring of canaille.core.models.User.password_failure_timestamps:1
#: ae677c1e699f4289b01cf2530330c875
msgid "This attribute stores the timestamps of the user's failed authentications."
msgstr ""
#: ../../docstring of canaille.core.models.User.password_failure_timestamps:4
#: f4dd54faf1544da184cd25a715de429a
msgid "It's currently used by the intruder lockout delay system."
msgstr ""
#: ../../docstring of canaille.core.models.User.phone_numbers:1
#: 9c94598375724785b44ef15df37f51e4
msgid "Phone numbers for the user."
msgstr ""
#: ../../docstring of canaille.core.models.User.phone_numbers:3
#: 5dd8841664b34a61b816f4809063e0c2
msgid "The value SHOULD be specified according to the format defined in [RFC3966], e.g., 'tel:+1-201-555-0123'. Service providers SHOULD canonicalize the value according to [RFC3966] format, when appropriate. The \"display\" sub-attribute MAY be used to return the canonicalized representation of the phone number value. The sub- attribute \"type\" often has typical values of \"work\", \"home\", \"mobile\", \"fax\", \"pager\", and \"other\" and MAY allow more types to be defined by the SCIM clients."
msgstr ""
#: ../../docstring of canaille.core.models.User.photo:1
#: 291043b969b54c499248e5cd4137ba46
msgid "A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) that points to a resource location representing the user's image."
msgstr ""
#: ../../docstring of canaille.core.models.User.photo:5
#: d20c5f4d9f154642a7e5197897542d16
msgid "The resource MUST be a file (e.g., a GIF, JPEG, or PNG image file) rather than a web page containing an image. Service providers MAY return the same image in different sizes, although it is recognized that no standard for describing images of various sizes currently exists. Note that this attribute SHOULD NOT be used to send down arbitrary photos taken by this user; instead, profile photos of the user that are suitable for display when describing the user should be sent. Instead of the standard canonical values for type, this attribute defines the following canonical values to represent popular photo sizes: \"photo\" and \"thumbnail\"."
msgstr ""
#: ../../docstring of canaille.core.models.User.postal_code:1
#: 43d41ad405ca4db99f51e8c857e137e3
msgid "The zip code or postal code component."
msgstr ""
#: ../../docstring of canaille.core.models.User.preferred_language:1
#: c8f7b6dd86d646f191246ff0070da604
msgid "Indicates the user's preferred written or spoken languages and is generally used for selecting a localized user interface."
msgstr ""
#: ../../docstring of canaille.core.models.User.preferred_language:4
#: 7bf574c66b664d229948814478d62a8a
msgid "The value indicates the set of natural languages that are preferred. The format of the value is the same as the HTTP Accept-Language header field (not including \"Accept-Language:\") and is specified in Section 5.3.5 of [RFC7231]. The intent of this value is to enable cloud applications to perform matching of language tags [RFC4647] to the user's language preferences, regardless of what may be indicated by a user agent (which might be shared), or in an interaction that does not involve a user (such as in a delegated OAuth 2.0 [RFC6749] style interaction) where normal HTTP Accept-Language header negotiation cannot take place."
msgstr ""
#: ../../docstring of canaille.core.models.User.profile_url:1
#: 1cb9deea306246f8a148e8cd469da0d8
msgid "A URI that is a uniform resource locator (as defined in Section 1.1.3 of [RFC3986]) and that points to a location representing the user's online profile (e.g., a web page)."
msgstr ""
#: ../../docstring of canaille.core.models.User.profile_url:5
#: 84b648830c3148ecb4e74a368b850c23
msgid "URIs are canonicalized per Section 6.2 of [RFC3986]."
msgstr ""
#: ../../canaille/core/models.py:docstring of canaille.core.models.User.readable_fields:1
#: 58a2e21fdb434721a2f63d42d309bdf5
msgid "The fields the user can read according to the :class:`configuration <canaille.core.configuration.ACLSettings>` configuration."
msgstr ""
#: ../../canaille/core/models.py:docstring of canaille.core.models.User.readable_fields:4
#: 13d48165549548f4b93daef3011da021
msgid "This does not include the :attr:`writable <canaille.core.models.User.writable_fields>` fields."
msgstr ""
#: ../../docstring of canaille.core.models.User.region:1
#: 6f59b77e31f04e928a5ba62b1e24e768
msgid "The state or region component."
msgstr ""
#: ../../docstring of canaille.core.models.User.secret_token:1
#: 976966fe6b494fa7881ec2bb7c992d48
msgid "Unique token generated for each user, used for multi-factor authentication."
msgstr ""
#: ../../docstring of canaille.core.models.User.street:1
#: 499ca20e98174187b6a7e067dc8bb99d
msgid "The full street address component, which may include house number, street name, P.O."
msgstr ""
#: ../../docstring of canaille.core.models.User.street:4
#: 9da29eeb9a7749388ec24a3d730cdcca
msgid "box, and multi-line extended street address information. This attribute MAY contain newlines."
msgstr ""
#: ../../docstring of canaille.core.models.User.title:1
#: d210c0de6da84b4f8336209ae9719f87
msgid "The user's title, such as \"Vice President\"."
msgstr ""
#: ../../docstring of canaille.core.models.User.user_name:1
#: 3fdb69a67da040b1bfb2682e3c8b99d4
msgid "A service provider's unique identifier for the user, typically used by the user to directly authenticate to the service provider."
msgstr ""
#: ../../docstring of canaille.core.models.User.user_name:4
#: 1028aa46fd5b4dc2b9315aabf36ab31c
msgid "Often displayed to the user as their unique identifier within the system (as opposed to \"id\" or \"externalId\", which are generally opaque and not user-friendly identifiers). Each User MUST include a non-empty userName value. This identifier MUST be unique across the service provider's entire set of Users. This attribute is REQUIRED and is case insensitive."
msgstr ""
#: ../../canaille/core/models.py:docstring of canaille.core.models.User.writable_fields:1
#: 6f4310b43c8c41af8069664ccee7283a
msgid "The fields the user can write according to the :class:`configuration <canaille.core.configuration.ACLSettings>`."
msgstr ""
#: ../../canaille/core/models.py:docstring of canaille.core.models.string_code:1
#: fc53171fc0944808ba403af52c2ba136
msgid "Add leading 0 if the code length does not match the defined length."
msgstr ""
#: ../../canaille/core/models.py:docstring of canaille.core.models.string_code:3
#: ae60e7010ca94353a14a569775471e8e
msgid "For instance, parameter ``digit=6``, but ``code=123``, this method would return ``000123``::"
msgstr ""
#: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.AuthorizationCode:1
#: a121e077c37d4a8cab594a0629893230
msgid "OpenID Connect temporary authorization code definition."
msgstr ""
#: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Client:1
#: 176b8928ffc54ed0b7a4b727cdf50387
msgid "OpenID Connect client definition, based on the `OAuth 2.0 Dynamic Client Registration protocols <https://datatracker.ietf.org/doc/html/rfc7591.html>`_ and the `OpenID Connect RP-Initiated Logout <https://openid.net/specs/openid-connect-rpinitiated-1_0.html>`_ specifications."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.client_id:3
#: 501569fe51a94e8b9cfee76865f5720a
msgid "OAuth 2.0 client identifier string. It SHOULD NOT be currently valid for any other registered client, though an authorization server MAY issue the same client identifier to multiple instances of a registered client at its discretion."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.client_id_issued_at:1
#: ../../docstring of canaille.oidc.basemodels.Client.client_secret:1
#: ../../docstring of canaille.oidc.basemodels.Client.post_logout_redirect_uris:1
#: 155223b8bff641ed9a0375b3d458c5c9
#: 155223b8bff641ed9a0375b3d458c5c9
#: 155223b8bff641ed9a0375b3d458c5c9
msgid "OPTIONAL."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.client_id_issued_at:3
#: 8f9ab854501246b68994edefd2c22365
msgid "Time at which the client identifier was issued. The time is represented as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC until the date/time of issuance."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.client_name:1
#: 8610eab8370a4184937f0d1169b54c51
msgid "Human-readable string name of the client to be presented to the end-user during authorization."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.client_name:4
#: ce9a8c14a98f4a31b17100c0ca14c199
msgid "If omitted, the authorization server MAY display the raw \"client_id\" value to the end-user instead. It is RECOMMENDED that clients always send this field. The value of this field MAY be internationalized, as described in Section 2.2."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.client_secret:3
#: f737139e11a14b14be8545e1a2c5c0f6
msgid "OAuth 2.0 client secret string. If issued, this MUST be unique for each \"client_id\" and SHOULD be unique for multiple instances of a client using the same \"client_id\". This value is used by confidential clients to authenticate to the token endpoint, as described in OAuth 2.0 [RFC6749], Section 2.3.1."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.client_secret_expires_at:1
#: 01979509cf224c5b8ba2127719435fc8
msgid "REQUIRED if \"client_secret\" is issued."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.client_secret_expires_at:3
#: 48959dbf918e45ba9c37a50f77a0adf9
msgid "Time at which the client secret will expire or 0 if it will not expire. The time is represented as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC until the date/time of expiration."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.client_uri:1
#: 20f5972c57c540f6ab8392896c84be8c
msgid "URL string of a web page providing information about the client."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.client_uri:3
#: 30041d9b4c124152a5c0443ff9b2191c
msgid "If present, the server SHOULD display this URL to the end-user in a clickable fashion. It is RECOMMENDED that clients always send this field. The value of this field MUST point to a valid web page. The value of this field MAY be internationalized, as described in Section 2.2."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.contacts:1
#: 5cce7321f5e5400589f9393258dc3a4a
msgid "Array of strings representing ways to contact people responsible for this client, typically email addresses."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.contacts:4
#: af06fcccdc594f869be314af985cf14c
msgid "The authorization server MAY make these contact addresses available to end-users for support requests for the client. See Section 6 for information on Privacy Considerations."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.grant_types:1
#: b4a5975375c641eaa946ccd90ce211a6
msgid "Array of OAuth 2.0 grant type strings that the client can use at the token endpoint. These grant types are defined as follows:"
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.grant_types:4
#: bbc3935e899e47f3bafe281f1d888251
msgid "\"authorization_code\": The authorization code grant type defined in OAuth 2.0, Section 4.1."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.grant_types:7
#: 64449ef0ca7f424c9fab46a991d69d96
msgid "\"implicit\": The implicit grant type defined in OAuth 2.0, Section 4.2."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.grant_types:10
#: f236e27b48c94daf906f45e1448426c6
msgid "\"password\": The resource owner password credentials grant type defined in OAuth 2.0, Section 4.3."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.grant_types:13
#: 9e81137e52f94762be9551134791deaf
msgid "\"client_credentials\": The client credentials grant type defined in OAuth 2.0, Section 4.4."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.grant_types:16
#: e7293d36a66346228115f0e7a1db1628
msgid "\"refresh_token\": The refresh token grant type defined in OAuth 2.0, Section 6."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.grant_types:19
#: 8fcedc410abe4cb4ba32399205c1fdb4
msgid "\"urn:ietf:params:oauth:grant-type:jwt-bearer\": The JWT Bearer Token Grant Type defined in OAuth JWT Bearer Token Profiles [RFC7523]."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.grant_types:23
#: 45a990b4f0c3428ca6b0f466163b444d
msgid "\"urn:ietf:params:oauth:grant-type:saml2-bearer\": The SAML 2.0 Bearer Assertion Grant defined in OAuth SAML 2 Bearer Token Profiles [RFC7522]."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.grant_types:27
#: da938e538dfb4cbcb06eb0257bae0c5d
msgid "If the token endpoint is used in the grant type, the value of this parameter MUST be the same as the value of the \"grant_type\" parameter passed to the token endpoint defined in the grant type definition. Authorization servers MAY allow for other values as defined in the grant type extension process described in OAuth 2.0, Section 4.5. If omitted, the default behavior is that the client will use only the \"authorization_code\" Grant Type."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.jwk:1
#: 61a94c54874e45c7b6d6a0080b303c06
msgid "Client's JSON Web Key Set [RFC7517] document value, which contains the client's public keys."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.jwk:4
#: 878eeb4b93db4411b3227ebfce480fb2
msgid "The value of this field MUST be a JSON object containing a valid JWK Set. These keys can be used by higher-level protocols that use signing or encryption. This parameter is intended to be used by clients that cannot use the \"jwks_uri\" parameter, such as native clients that cannot host public URLs. The \"jwks_uri\" and \"jwks\" parameters MUST NOT both be present in the same request or response."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.jwks_uri:1
#: bdc8f6ae5aa54e2e8cd3968ba2b834e5
msgid "URL string referencing the client's JSON Web Key (JWK) Set [RFC7517] document, which contains the client's public keys."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.jwks_uri:4
#: f0514e0625524e80b9d71112f8f845fd
msgid "The value of this field MUST point to a valid JWK Set document. These keys can be used by higher-level protocols that use signing or encryption. For instance, these keys might be used by some applications for validating signed requests made to the token endpoint when using JWTs for client authentication [RFC7523]. Use of this parameter is preferred over the \"jwks\" parameter, as it allows for easier key rotation. The \"jwks_uri\" and \"jwks\" parameters MUST NOT both be present in the same request or response."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.logo_uri:1
#: a8573dc1a7474be593d58ac595763de8
msgid "URL string that references a logo for the client."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.logo_uri:3
#: a2ca19d94ea94ee8b9938118fc25f1fa
msgid "If present, the server SHOULD display this image to the end-user during approval. The value of this field MUST point to a valid image file. The value of this field MAY be internationalized, as described in Section 2.2."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.policy_uri:1
#: 14d06cf8a7e34fedad15b82247d69d39
msgid "URL string that points to a human-readable privacy policy document that describes how the deployment organization collects, uses, retains, and discloses personal data."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.policy_uri:5
#: ../../docstring of canaille.oidc.basemodels.Client.tos_uri:5
#: 1ea0d5026129456fbbc197bfce61c98e
#: 1ea0d5026129456fbbc197bfce61c98e
msgid "The authorization server SHOULD display this URL to the end-user if it is provided. The value of this field MUST point to a valid web page. The value of this field MAY be internationalized, as described in Section 2.2."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.post_logout_redirect_uris:3
#: 50f7bef11f5244e4b91bdd115c92c874
msgid "Array of URLs supplied by the RP to which it MAY request that the End-User's User Agent be redirected using the post_logout_redirect_uri parameter after a logout has been performed. These URLs SHOULD use the https scheme and MAY contain port, path, and query parameter components; however, they MAY use the http scheme, provided that the Client Type is confidential, as defined in Section 2.1 of OAuth 2.0 [RFC6749], and provided the OP allows the use of http RP URIs."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.redirect_uris:1
#: e6a72fe3893b4db4adc05a9684a6dc4a
msgid "Array of redirection URI strings for use in redirect-based flows such as the authorization code and implicit flows."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.redirect_uris:4
#: d8400c42df344766b3fa56e4d0973700
msgid "As required by Section 2 of OAuth 2.0 [RFC6749], clients using flows with redirection MUST register their redirection URI values. Authorization servers that support dynamic registration for redirect-based flows MUST implement support for this metadata value."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.response_types:1
#: 8be6e16541944c6f9cad4f83c72a13b5
msgid "Array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint. These response types are defined as follows:"
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.response_types:5
#: 460f3e0ea3674308963d0510ac0d6444
msgid "\"code\": The authorization code response type defined in OAuth 2.0, Section 4.1."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.response_types:8
#: a6be11c01465486aa6fc6d52b002b3c6
msgid "\"token\": The implicit response type defined in OAuth 2.0, Section 4.2."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.response_types:11
#: 0629b093e32248559987eb03c2802856
msgid "If the authorization endpoint is used by the grant type, the value of this parameter MUST be the same as the value of the \"response_type\" parameter passed to the authorization endpoint defined in the grant type definition. Authorization servers MAY allow for other values as defined in the grant type extension process is described in OAuth 2.0, Section 4.5. If omitted, the default is that the client will use only the \"code\" response type."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.scope:1
#: c8200e01d757418294c72a8c1f4dd013
msgid "String containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.scope:5
#: 6b5bfcb30b5443cea8e88e0e0074c1ff
msgid "The semantics of values in this list are service specific. If omitted, an authorization server MAY register a client with a default set of scopes."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.software_id:1
#: c16d3f6118f24f639ffa8f395fb26d51
msgid "A unique identifier string (e.g., a Universally Unique Identifier (UUID)) assigned by the client developer or software publisher used by registration endpoints to identify the client software to be dynamically registered."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.software_id:6
#: dae7107648bc4e498d3924fdff934e29
msgid "Unlike \"client_id\", which is issued by the authorization server and SHOULD vary between instances, the \"software_id\" SHOULD remain the same for all instances of the client software. The \"software_id\" SHOULD remain the same across multiple updates or versions of the same piece of software. The value of this field is not intended to be human readable and is usually opaque to the client and authorization server."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.software_version:1
#: c620c60307f64b08a6322573b5dd0561
msgid "A version identifier string for the client software identified by \"software_id\"."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.software_version:4
#: e0c0f27106824081827201c50fb85ae7
msgid "The value of the \"software_version\" SHOULD change on any update to the client software identified by the same \"software_id\". The value of this field is intended to be compared using string equality matching and no other comparison semantics are defined by this specification. The value of this field is outside the scope of this specification, but it is not intended to be human readable and is usually opaque to the client and authorization server. The definition of what constitutes an update to client software that would trigger a change to this value is specific to the software itself and is outside the scope of this specification."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.token_endpoint_auth_method:1
#: c226846c2d1c4874bf900ddd10cf4144
msgid "String indicator of the requested authentication method for the token endpoint. Values defined by this specification are:"
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.token_endpoint_auth_method:4
#: aca79c0bc52744e0aedf325049fa2b15
msgid "\"none\": The client is a public client as defined in OAuth 2.0, Section 2.1, and does not have a client secret."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.token_endpoint_auth_method:7
#: e63eaadeb384412199ed4f6ed7053e47
msgid "\"client_secret_post\": The client uses the HTTP POST parameters as defined in OAuth 2.0, Section 2.3.1."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.token_endpoint_auth_method:10
#: 271a83d28e854ac0ba72171a974b346b
msgid "\"client_secret_basic\": The client uses HTTP Basic as defined in OAuth 2.0, Section 2.3.1."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.token_endpoint_auth_method:13
#: 20907504b16b4d2785df51328c1ef639
msgid "Additional values can be defined via the IANA \"OAuth Token Endpoint Authentication Methods\" registry established in Section 4.2. Absolute URIs can also be used as values for this parameter without being registered. If unspecified or omitted, the default is \"client_secret_basic\", denoting the HTTP Basic authentication scheme as specified in Section 2.3.1 of OAuth 2.0."
msgstr ""
#: ../../docstring of canaille.oidc.basemodels.Client.tos_uri:1
#: 00b5b754a5c5419f92fab486003e081a
msgid "URL string that points to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client."
msgstr ""
#: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Consent:1
#: a05f59c629e3458fbbf64e91e88819bf
msgid "Long-term user consent to an application."
msgstr ""
#: ../../canaille/oidc/basemodels.py:docstring of canaille.oidc.basemodels.Token:1
#: 7b57192679024787a3be94302cb00b86
msgid "OpenID Connect token definition."
msgstr ""
#: ../references/templates.rst:2
#: 4c788f59982340db8280e3706614cc90
msgid "Templates"
msgstr ""
#: ../references/templates.rst:4
#: facd58545ccb4a139db30dce66a02b3a
msgid "This references the template files, their role and the variables available in their contexts. The intended audience for this reference is designers wishing to build their custom Canaille theme."
msgstr ""
#: ../references/templates.rst:8
#: a99f50e0744344e7ba464e49aa8337b8
msgid "Base"
msgstr ""
#: ../references/templates.rst:10
#: 8361cbe15be741ffb7e74020bb6e79a9
msgid "Those templates are shared by all the pages rendered by Canaille."
msgstr ""
#: ../references/templates.rst:13
#: ../references/templates.rst:35
#: ../references/templates.rst:53
#: ac9a8311c80045b9834974690132919a
#: aa9f8bfc2f424ecd961f6adcd6902cb7
#: e8cdbb1ded7b4382a5d97fb105668725
msgid "Template files"
msgstr ""
#: ../../<autotemplate>:1
#: 6e712bfec752409fa99bb7108c7350fc
msgid "The main template inherited by almost every other templates."
msgstr ""
#: ../../<autotemplate>:1
#: 939fe78390fd4488b6d191a4a059b303
msgid "The current user, if logged in."
msgstr ""
#: ../../<autotemplate>:1
#: 4e821fc843f9401ebc6f7aeb3131b482
msgid "The features enabled and available in Canaille."
msgstr ""
#: ../../<autotemplate>:1
#: 6b3450f1df4348dc90aef0be151cee0e
msgid "The user locale."
msgstr ""
#: ../../<autotemplate>:1
#: c8491373402c44249f14b200405b4141
msgid "The Canaille instance defined in :attr:`~canaille.core.configuration.CoreSettings.NAME`."
msgstr ""
#: ../../<autotemplate>:1
#: 4be6447d7fe64b4fb7d6c2d772d7d326
msgid "The URL of the instance logo defined in :attr:`~canaille.core.configuration.CoreSettings.LOGO`."
msgstr ""
#: ../../<autotemplate>:1
#: 91fc3ab073c5407594f62365e4b1cb38
msgid "The URL of the instance favicon defined in :attr:`~canaille.core.configuration.CoreSettings.FAVICON`."
msgstr ""
#: ../../<autotemplate>:1
#: b6c5023424bc4dd6899a0690d0e38779
msgid "Whether the page is boosted by :attr:`~canaille.core.configuration.CoreSettings.HTMX`."
msgstr ""
#: ../../<autotemplate>:1
#: 55e5fa0c232a4ef883cf015e8d5a4347
msgid "Whether to display the menu or not."
msgstr ""
#: ../../<autotemplate>:1
#: 8e9e6abe43ef4a68a9da278aa387dc06
msgid "Whether the app has been launched in debug mode."
msgstr ""
#: ../../<autotemplate>:1
#: 4df38ef7c6074076bc60052859fa2a15
msgid "The error page. Displayed for all kinds of errors (not found, internal server error etc.)."
msgstr ""
#: ../../<autotemplate>:1
#: 1411710989954dd3804b154e27115ca1
msgid "The code of the HTTP error (404, 500, etc.)"
msgstr ""
#: ../../<autotemplate>:1
#: ca887df7e89e47db89f8a4d8f6e4e42c
msgid "The error code description."
msgstr ""
#: ../../<autotemplate>:1
#: fb3aa62200d54186b61f4ccbd8998dd4
msgid "An optional Font Awesome icon reference."
msgstr ""
#: ../../<autotemplate>:1
#: fcd700e5f3d34e10bbc200ed9b882fe8
msgid "Macros for Flask flash message rendering"
msgstr ""
#: ../../<autotemplate>:1
#: 18465501aa5d4a948626d7efc0a70f6d
msgid "Macros for form and form field rendering."
msgstr ""
#: ../../<autotemplate>:1
#: 883a3f7e6b3e402caff31d463fc36fab
msgid "Connects WTForms, Fomantic-UI and HTMX."
msgstr ""
#: ../../<autotemplate>:1
#: 96a46f691fb84dcba362be6347b1749a
msgid "Macros for rendering table paginated with HTMX."
msgstr ""
#: ../references/templates.rst:22
#: ../references/templates.rst:40
#: ../references/templates.rst:58
#: 1b9a26a2a8d342bc983f06669ebf1c0e
#: 184fe284232d4646a1b849fdd32788b3
#: 3a9702b724964682ab43768776af7f21
msgid "Forms"
msgstr ""
#: ../../canaille/app/forms.py:docstring of canaille.app.forms.TableForm:1
#: 06a9ea2b56ee4954a876d933a31b7e6b
msgid "Bases: :py:class:`~canaille.app.forms.I18NFormMixin`, :py:class:`~flask_wtf.form.FlaskForm`"
msgstr ""
#: ../../canaille/app/forms.py:docstring of canaille.app.forms.TableForm:1
#: 3551b1cf3cb24248aa3498b4b231c883
msgid "A form for table rendering of object collections."
msgstr ""
#: ../references/templates.rst:30
#: 945475e63fb1446ca20ccbc85938acf3
msgid "Core"
msgstr ""
#: ../references/templates.rst:32
#: bef14b05cbbf4eb7b3262866411719c6
msgid "The core templates are displayed in the authentication and profile edition pages."
msgstr ""
#: ../../<autotemplate>:1
#: 979f52826daf451499fa5441711d671e
msgid "The 'About' page. This is an informational page, displaying the project links."
msgstr ""
#: ../../<autotemplate>:1
#: 1df291710b304adca8c0307415df9cef
msgid "The current Canaille version."
msgstr ""
#: ../../<autotemplate>:1
#: c057577d7ddf43c7b1f3810e0c221825
msgid "The first login page."
msgstr ""
#: ../../<autotemplate>:1
#: 0f8b4e712d7e4b578320ddea2a6e0711
msgid "This page is displayed to users who do not have set a password yet."
msgstr ""
#: ../../<autotemplate>:1
#: f8b6df84b50d4c9d80bee25c0234899e
msgid "Password forgotten page."
msgstr ""
#: ../../<autotemplate>:1
#: 1b2e939a4de54d75b4b10768381ecf4a
msgid "This page displays a form asking for the email address of users who cannot remember their password."
msgstr ""
#: ../../<autotemplate>:1
#: 025bb88ff1694040bbdaabd3feaf8adf
msgid "Group edition page."
msgstr ""
#: ../../<autotemplate>:1
#: 10a0eb12b8954023afc3b579543c18c3
msgid "Displays the group edition or creation form."
msgstr ""
#: ../../<autotemplate>:1
#: 1607b273a418423b98dd86f2488e3acf
msgid ":data:`None` in a creation context. In edition context this is the edited group."
msgstr ""
#: ../../<autotemplate>:1
#: 8f4f48c95a19495da5f380dddd9823b6
msgid "The group edition/creation form."
msgstr ""
#: ../../<autotemplate>:1
#: 28ea1c41993f4d13965a27d0dd485434
msgid "The group list page."
msgstr ""
#: ../../<autotemplate>:1
#: ee0ede57db1547eca27127f5f0b4b0d7
msgid "A :class:`~canaille.core.models.Group` pagination form."
msgstr ""
#: ../../<autotemplate>:1
#: d0946bbb0bd14c34ace7504415be383b
msgid "The invitation form page."
msgstr ""
#: ../../<autotemplate>:1
#: 8d2816a3ca9b4c4db1e123e97bd3d703
msgid "Displays the invitation form to users with the invitation permission."
msgstr ""
#: ../../<autotemplate>:1
#: 52530a1438a04cad9867183b902dce3f
msgid "The invitation form."
msgstr ""
#: ../../<autotemplate>:1
#: 7c65879fd50f42edac36503f22d0a77c
msgid "The invitation acceptation page."
msgstr ""
#: ../../<autotemplate>:1
#: 638376e19d9d4ad29c5dd0df90548413
msgid "This page is displayed to users who have clicked on invitation links sent by mail (or by other media). It displays a basic account creation form."
msgstr ""
#: ../../<autotemplate>:1
#: beba7e227ee44e0b9b75e3ff3c94cffb
msgid "The account creation form."
msgstr ""
#: ../../<autotemplate>:1
#: 1478755843a6419a86a08984f2def5eb
msgid "The login page."
msgstr ""
#: ../../<autotemplate>:1
#: 51690f5de6e64897912da9fbba19cfda
msgid "This page displays a form to get the user identifier."
msgstr ""
#: ../../<autotemplate>:1
#: a382fd27c091419584a75c7cea4105e7
msgid "The login form."
msgstr ""
#: ../../<autotemplate>:1
#: a9d336cd316b4339995755030c71f4ec
msgid "User account creation page."
msgstr ""
#: ../../<autotemplate>:1
#: f1d396d2c7744168ab03d1a7ce3ab954
msgid "This template displays an account creation form. It is used in the registration page, and in the manual account creation page available for users with *user management* permission."
msgstr ""
#: ../../<autotemplate>:1
#: 6871d7b6d53245a8887745534bb8cd6c
msgid "The user creation form. Dynamically built according to the user :attr:`~canaille.core.configuration.ACLSettings.READ` and :attr:`~canaille.core.configuration.ACLSettings.WRITE` permissions. The available fields are those appearing in *READ* and *WRITE*, those only appearing in *READ* are read-only."
msgstr ""
#: ../../<autotemplate>:1
#: 4433b12a9add4030a4e83c379d531759
msgid "The profile edition template."
msgstr ""
#: ../../<autotemplate>:1
#: 7e862e4d756f4d0ca24ad5994ddcd64b
msgid "Displays a user profile edition form."
msgstr ""
#: ../../<autotemplate>:1
#: f6ffd74b080149bf9905fc9b858b7ee9
#: 1835991c6f8e406591faf14b00e0b9c6
msgid "The user that the form will edit."
msgstr ""
#: ../../<autotemplate>:1
#: 2afef360cbf3413fa4f29bfc0dd12d89
#: f746f01802b945848760adbd5b0d4ccd
msgid "The user profile edition form. Dynamically built according to the user :attr:`~canaille.core.configuration.ACLSettings.READ` and :attr:`~canaille.core.configuration.ACLSettings.WRITE` permissions. The available fields are those appearing in *READ* and *WRITE*, those only appearing in *READ* are read-only."
msgstr ""
#: ../../<autotemplate>:1
#: b0c585c59b424c869dbd3f78fd93c5ed
msgid "An email edition form. Used when the :attr:`~canaille.app.features.Features.has_email_confirmation` feature is enabled."
msgstr ""
#: ../../<autotemplate>:1
#: 5ad4180a6c0f48838b56b7ba8ea114df
msgid "The profile settings template."
msgstr ""
#: ../../<autotemplate>:1
#: 163fedb57c024466ba3948be789d0b72
msgid "Displays the user settings edition form."
msgstr ""
#: ../../<autotemplate>:1
#: acc888c8021545ea836e3fef2e7c4130
msgid "Whether the editor is allowed to delete the account of the edited user."
msgstr ""
#: ../../<autotemplate>:1
#: 48393f84068944fcb9fb7cec3eb5d199
msgid "The password reset template."
msgstr ""
#: ../../<autotemplate>:1
#: 54bdbc4897d34edeae6fde67f414b16a
msgid "Displays a password reset form."
msgstr ""
#: ../../<autotemplate>:1
#: fc90fe2d8abe4d36985657a79eb3b077
msgid "The password reset form."
msgstr ""
#: ../../<autotemplate>:1
#: 4ae8342eb6464239b064f1ccde0faaa3
msgid "The user associated with the URL."
msgstr ""
#: ../../<autotemplate>:1
#: 1baffe6e5e814360bb640371ad60cac3
msgid "The secret link hash."
msgstr ""
#: ../../<autotemplate>:1
#: bcb43c5de438464b8b760b1cf1f17870
msgid "The multi-factor authentication initialization template."
msgstr ""
#: ../../<autotemplate>:1
#: 00cc4766c1614aec80db8a8d8bf11849
msgid "Display a QR-code and the OTP secret."
msgstr ""
#: ../../<autotemplate>:1
#: 09d47ae85f584199a8f344714c95d278
msgid "The user initializing the OTP."
msgstr ""
#: ../../<autotemplate>:1
#: bbed5e87f983475a86be5ec208d98c9e
msgid "The OTP secret."
msgstr ""
#: ../../<autotemplate>:1
#: 6aadc7a696fa4f9895b710bc5a79c247
msgid "A QR-code image representing the OTP secret."
msgstr ""
#: ../../<autotemplate>:1
#: 8fdf2ab2f3ec4a5c9470bd666ec71165
msgid "The users list."
msgstr ""
#: ../../<autotemplate>:1
#: 673d9ae747324fa8972b9cc35261ecdc
msgid "Displays a paginated list of :class:`~canaille.core.models.User`."
msgstr ""
#: ../../<autotemplate>:1
#: ca3a4357e2714750a83ca5a423b5cd13
#: 69ff288df1234788a6c8bd64d644a4ca
#: 236b5f5517d447fa86c71e5280396360
#: b2d63892fd3b4bb09698bcb62b4a67ce
msgid "The paginated list form."
msgstr ""
#: ../../<autotemplate>:1
#: e35a8d9d144d4f4f8027308df29a923b
msgid "The multi-factor authentication code verification template."
msgstr ""
#: ../../<autotemplate>:1
#: e7343293162a47f8959a7976321ae6fe
msgid "Displays a form that asks for the multi-factor authentication code."
msgstr ""
#: ../../<autotemplate>:1
#: 848a17c1ad644233b4f6775f39681e17
msgid "The code verification form."
msgstr ""
#: ../../<autotemplate>:1
#: 25d25aa8e4b44ed0ae2cad3db8b61414
msgid "The username of the user attempting to log-in."
msgstr ""
#: ../../<autotemplate>:1
#: 40b5acf3ff7d4b1c8e3d17873cd23ca6
msgid "The authentication factor method."
msgstr ""
#: ../../canaille/core/endpoints/forms.py:docstring of canaille.core.endpoints.forms.CreateGroupForm:1
#: ../../canaille/core/endpoints/forms.py:docstring of canaille.core.endpoints.forms.DeleteGroupMemberForm:1
#: ../../canaille/core/endpoints/forms.py:docstring of canaille.core.endpoints.forms.EditGroupForm:1
#: ../../canaille/core/endpoints/forms.py:docstring of canaille.core.endpoints.forms.EmailConfirmationForm:1
#: ../../canaille/core/endpoints/forms.py:docstring of canaille.core.endpoints.forms.FirstLoginForm:1
#: ../../canaille/core/endpoints/forms.py:docstring of canaille.core.endpoints.forms.ForgottenPasswordForm:1
#: ../../canaille/core/endpoints/forms.py:docstring of canaille.core.endpoints.forms.InvitationForm:1
#: ../../canaille/core/endpoints/forms.py:docstring of canaille.core.endpoints.forms.JoinForm:1
#: ../../canaille/core/endpoints/forms.py:docstring of canaille.core.endpoints.forms.LoginForm:1
#: ../../canaille/core/endpoints/forms.py:docstring of canaille.core.endpoints.forms.PasswordForm:1
#: ../../canaille/core/endpoints/forms.py:docstring of canaille.core.endpoints.forms.PasswordResetForm:1
#: ../../canaille/core/endpoints/forms.py:docstring of canaille.core.endpoints.forms.TwoFactorForm:1
#: ../../canaille/oidc/endpoints/forms.py:docstring of canaille.oidc.endpoints.forms.AuthorizeForm:1
#: ../../canaille/oidc/endpoints/forms.py:docstring of canaille.oidc.endpoints.forms.ClientAddForm:1
#: ../../canaille/oidc/endpoints/forms.py:docstring of canaille.oidc.endpoints.forms.LogoutForm:1
#: ../../canaille/oidc/endpoints/forms.py:docstring of canaille.oidc.endpoints.forms.TokenRevokationForm:1
#: 34613e34d07c4c39b8e6afbc8c0baba8
#: 5576170fcb2a49059e78e64ce5141835
#: d8982e51545d4e4fabc7d2243da159eb
#: 563531e11eb84e72a6ad7d2fc8cb9988
#: 41bfed24cf244dd793485e9652d15959
#: 29a75d9dbb634569b7371f13ea8b383b
#: 7934845fe95a4ad3a08bec5581e59d88
#: e4faba81b43b4ebbb577b238e8645262
#: f3dd539bb83b43f8a47b3d6e049cfbb7
#: fa20b06d2c0844418e1da409e86da59c
#: 6811888036c840ffa62cdca6507f07c4
#: f6f607cb02474039a4f8e9dda8aa7bfb
#: 0ea30096b9fe4f05863d9240858cf64f
#: b02d791ed89c4596b8be274d6f61c729
#: 6e3187beb8164e27b5c52a3775c40963
#: d89578bbdbe44c99bc178db03e5ea600
msgid "Bases: :py:class:`~canaille.app.forms.Form`"
msgstr ""
#: ../../canaille/core/endpoints/forms.py:docstring of canaille.core.endpoints.forms.CreateGroupForm:1
#: a0f2bee3e8c641749e0071f8153e6407
msgid "The group creation form."
msgstr ""
#: ../../canaille/core/endpoints/forms.py:docstring of canaille.core.endpoints.forms.EditGroupForm:1
#: cde12e17e7ba4d5d92190cade8939b1c
msgid "The group edition form."
msgstr ""
#: ../../canaille/core/endpoints/forms.py:docstring of canaille.core.endpoints.forms.InvitationForm:1
#: 0da4f947d5cf44eb99d4504d1eb952ba
msgid "The user invitation form."
msgstr ""
#: ../references/templates.rst:50
#: 13810cd50256469884ba89a8eafd1bf8
msgid "The OIDC process are displayed in the OIDC consent pages."
msgstr ""
#: ../../<autotemplate>:1
#: a93e6a645c4843d381565c2923e8d0ce
msgid "The list of authorizations."
msgstr ""
#: ../../<autotemplate>:1
#: b6f19eca0ccf4d1c8fc695f9b1d9f1a4
msgid "Displays a paginated list of :class:`~canaille.oidc.basemodels.AuthorizationCode`."
msgstr ""
#: ../../<autotemplate>:1
#: 4c9bc2607e924e4581aa46607336a840
msgid "Authorization details template."
msgstr ""
#: ../../<autotemplate>:1
#: b5479f45faa14695b64b04a6b44000b3
msgid "Displays details about an :class:`~canaille.oidc.basemodels.AuthorizationCode`."
msgstr ""
#: ../../<autotemplate>:1
#: 7c89cde145294acf9a5723a077c5bc15
msgid "The detailed authorization."
msgstr ""
#: ../../<autotemplate>:1
#: 5dda81f8b0f94025a53662601636dff3
msgid "Consent request template."
msgstr ""
#: ../../<autotemplate>:1
#: d254d5aa848a4858bcb16ed0e2d854e7
msgid "This templates is displayed to users accessing a new application that requests to access to personal information. It lists the personal information requested by the application, and offers the user to accept or decline."
msgstr ""
#: ../../<autotemplate>:1
#: 1971d5d569d24224915c904298df51f5
msgid "The user whose consent is asked."
msgstr ""
#: ../../<autotemplate>:1
#: e26315210e18439090ccab390392173e
msgid "The OIDC grant."
msgstr ""
#: ../../<autotemplate>:1
#: 28e3e52f5d13488fb42d6446033ad577
msgid "The client addition template."
msgstr ""
#: ../../<autotemplate>:1
#: 74a13f58dad04bac9a30683859ad85c6
msgid "Displays a form to create a new :class:`~canaille.oidc.basemodels.Client`."
msgstr ""
#: ../../<autotemplate>:1
#: 0d8bdc8c2adc4d9daa20cc33cfadd48b
#: b6dec07e895342c6904b1500f7144bc3
msgid "The client creation form."
msgstr ""
#: ../../<autotemplate>:1
#: 68010fedf65f454abbedadbf6ec560b0
msgid "The client edition template."
msgstr ""
#: ../../<autotemplate>:1
#: ccbffcf83c4c42e09ab947ca0e0dc2a8
msgid "Displays a form to edit a :class:`~canaille.oidc.basemodels.Client`."
msgstr ""
#: ../../<autotemplate>:1
#: 4b9aed0542ff452f9817ce3a91e5a334
msgid "The edited client."
msgstr ""
#: ../../<autotemplate>:1
#: d3d45377f29a429ca66ec3ca69d8c794
msgid "The list of OIDC clients."
msgstr ""
#: ../../<autotemplate>:1
#: a2c3f61ac81e407898abfe07dd066e60
msgid "Displays a paginated list of :class:`~canaille.oidc.basemodels.Client`."
msgstr ""
#: ../../<autotemplate>:1
#: ebc1fbe38e844fdd97fb8a74c0ea798a
msgid "The OIDC logout template."
msgstr ""
#: ../../<autotemplate>:1
#: a1842044005d49b4806b740360c623d7
msgid "Used during OIDC RP-initiated logout, when an user confirmation is needed."
msgstr ""
#: ../../<autotemplate>:1
#: 54c1371a6e8c49bd8cd47a5f557d78e2
msgid "The logout form."
msgstr ""
#: ../../<autotemplate>:1
#: 62b38596ea684351aef9e53f121329e5
msgid "The client requesting the logout."
msgstr ""
#: ../../<autotemplate>:1
#: af38180c9bdc4bd580ca9d0702ee48f3
msgid "The preconsented applications list."
msgstr ""
#: ../../<autotemplate>:1
#: 3ef8a4ae66fa419d839de54deb6f80aa
msgid "Display a list of trusted clients for which it is implied that users don't need to explicitly give their consent."
msgstr ""
#: ../../<autotemplate>:1
#: 4c2a8d818ba449aabb54c49cd50fb04a
msgid "Description of the OIDC scopes."
msgstr ""
#: ../../<autotemplate>:1
#: 21232c26e39e4fe39caa345d9422c403
msgid "The scopes to hide."
msgstr ""
#: ../../<autotemplate>:1
#: e2e636d23ecd4f9e9cd48abd4e36f82c
msgid "The list of implicitly consented clients."
msgstr ""
#: ../../<autotemplate>:1
#: e881d65a62cb498b825ba356453ec3c6
msgid "The number of consents."
msgstr ""
#: ../../<autotemplate>:1
#: d1787fefbf964e82ba7893e17b0ac2ab
msgid "The number of preconsented clients."
msgstr ""
#: ../../<autotemplate>:1
#: f3a2bc4f0b984f44a76ee005a9af4821
msgid "The list of tokens."
msgstr ""
#: ../../<autotemplate>:1
#: 92da1ee51fad4754835604fef0685626
msgid "Displays a paginated list of :class:`~canaille.oidc.basemodels.Token`."
msgstr ""
#: ../../<autotemplate>:1
#: 042e45babf7e428996636bc87c880ee5
msgid "The token edition template."
msgstr ""
#: ../../<autotemplate>:1
#: c41796c860ac41e9a0f6d2cb145158bb
msgid "Displays the details of a token :class:`~canaille.oidc.basemodels.Token`."
msgstr ""
#: ../../<autotemplate>:1
#: b2f4c67385114855b7d1783467fbaaa2
msgid "A token revokation form."
msgstr ""
#: ../tutorial/databases.rst:4
#: 5748f2a24c36444993b0ac2c8ce280bb
msgid "Canaille can read and save data in different databases. This page presents the different database backends and their specificities:"
msgstr ""
#: ../tutorial/databases.rst:10
#: 5d24828b6f5649039d526b7fb689db99
msgid "Canaille comes with a lightweight inmemory backend by default. It is used when no other backend has been configured."
msgstr ""
#: ../tutorial/databases.rst:13
#: afdd59c782fc4a28851af9f8a3c24428
msgid "This backend is only for test purpose and should not be used in production environments."
msgstr ""
#: ../tutorial/databases.rst:18
#: 883a0e443e914abb8edfe20bf57f1296
msgid "Canaille can use any database supported by `SQLAlchemy <https://www.sqlalchemy.org/>`_, such as sqlite, postgresql or mariadb."
msgstr ""
#: ../tutorial/databases.rst:21
#: 70e3f1710abf4134b85427a21dedeaa4
msgid "It is used when the ``CANAILLE_SQL`` configuration parameter is defined. For instance:"
msgstr ""
#: ../tutorial/databases.rst:29
#: 30971ee8de5542819657f07c3e215be2
msgid "You can find more details on the SQL configuration in the :class:`dedicated section <canaille.backends.sql.configuration.SQLSettings>`."
msgstr ""
#: ../tutorial/databases.rst:34
#: da789ef60396408eb64b22001aaaf8fe
msgid "Canaille can use OpenLDAP as its main database. It is used when the ``CANAILLE_LDAP`` configuration parameter is defined. For instance:"
msgstr ""
#: ../tutorial/databases.rst:52
#: c64cf1c4f3664390a27dbef6f154878e
msgid "If you want to use TOTP/HOTP authentication, you will need to add the ``oathHOTPToken`` class to the user:"
msgstr ""
#: ../tutorial/databases.rst:58
#: aa4b16bc9b7946d7904708e1f424f53f
msgid "You can find more details on the LDAP configuration in the :class:`dedicated section <canaille.backends.ldap.configuration.LDAPSettings>`."
msgstr ""
#: ../tutorial/databases.rst:61
#: faa136c2f11c4d79b3bbe652a901e785
msgid "Currently, only the ``inetOrgPerson``, ``oathHOTPToken`` and ``groupOfNames`` schemas have been tested. If you want to use different schemas or LDAP servers, adaptations may be needed. Patches are welcome."
msgstr ""
#: ../tutorial/databases.rst:66
#: 21591edbced444b499d300486e257a91
msgid "OpenLDAP overlays integration"
msgstr ""
#: ../tutorial/databases.rst:68
#: 33eaffdc103c4d709fb434da45ecca39
msgid "Canaille can integrate with several OpenLDAP overlays:"
msgstr ""
#: ../tutorial/databases.rst:71
#: b542d311f0444aef936af14660f9ddd3
msgid "memberof / refint"
msgstr ""
#: ../tutorial/databases.rst:73
#: e3756a8fbe1d4c469d6df3b4504b73d9
msgid "`memberof <https://www.openldap.org/doc/admin26/overlays.html#Reverse%20Group%20Membership%20Maintenance>`_ and `refint <https://www.openldap.org/doc/admin26/overlays.html#Referential%20Integrity>`_ overlays are needed for the Canaille group membership to work correctly."
msgstr ""
#: ../tutorial/databases.rst:77
#: ../tutorial/databases.rst:100
#: ../tutorial/databases.rst:123
#: 9b7b5412ee544d7bbb97fc1e30152585
#: 9b7b5412ee544d7bbb97fc1e30152585
#: 9b7b5412ee544d7bbb97fc1e30152585
msgid "Here is a configuration example compatible with canaille:"
msgstr ""
#: ../tutorial/databases.rst:79
#: 1b8c284120b44c859cc9bd56b4c8e123
msgid "memberof-config.ldif"
msgstr ""
#: ../tutorial/databases.rst:83
#: 3fc7e3d6f94f47579174c1ebcb598f6a
msgid "refint-config.ldif"
msgstr ""
#: ../tutorial/databases.rst:87
#: ../tutorial/databases.rst:110
#: 39d5ac83d9724a36af9b2185453d86f3
#: 39d5ac83d9724a36af9b2185453d86f3
msgid "You can adapt and load those configuration files with:"
msgstr ""
#: ../tutorial/databases.rst:96
#: 359072b68f5d4338830ee414e509d7c2
msgid "ppolicy"
msgstr ""
#: ../tutorial/databases.rst:98
#: a589837a0cf14ad3b8f8116f78356f76
msgid "If the `ppolicy <https://www.ietf.org/archive/id/draft-behera-ldap-password-policy-11.html>`_ overlay is configured and the ``pwdEndTime`` attribute is available (since OpenLDAP 2.6), then account locking support will be enabled in canaille. To allow users to manage account expiration, they need to have a *write* permission on the :attr:`~canaille.core.models.User.lock_date` attribute."
msgstr ""
#: ../tutorial/databases.rst:102
#: fe864493f65b47008ba79f9154931883
msgid "ppolicy-config.ldif"
msgstr ""
#: ../tutorial/databases.rst:106
#: da19de8897bd448aaa8a8f6450974789
msgid "ppolicy.ldif"
msgstr ""
#: ../tutorial/databases.rst:119
#: ccb4fa4c948c461580569a7ec7a55885
msgid "otp"
msgstr ""
#: ../tutorial/databases.rst:121
#: 9b6afdb7651743a78e1955ef59319e29
msgid "If the `otp <https://www.openldap.org/software/man.cgi?query=slapo-otp>`_ overlay is configured, you will be able to add one-time password authentication in canaille."
msgstr ""
#: ../tutorial/databases.rst:125
#: fe864493f65b47008ba79f9154931883
msgid "otp-config.ldif"
msgstr ""
#: ../tutorial/databases.rst:129
#: 39d5ac83d9724a36af9b2185453d86f3
msgid "You can adapt and load this configuration file with:"
msgstr ""
#: ../tutorial/databases.rst:136
#: b0815f933dae41f8a18ffc5c389a8796
msgid "You will also need to add the ``oathHOTPToken`` class to the user:"
msgstr ""
#: ../tutorial/deployment.rst:2
#: 968d6daab5054d1bbbaac721a53f21e6
msgid "Deployment"
msgstr ""
#: ../tutorial/deployment.rst:5
#: 341af181b96a4e449f124bb22e58723a
msgid "Application service"
msgstr ""
#: ../tutorial/deployment.rst:7
#: 856f5e097bd34696b59aa74f451a1a33
msgid "After having finished Canaille installation you have to run it in a WSGI application server. Here are some WSGI server configuration examples you can pick. Do not forget to update the paths."
msgstr ""
#: ../tutorial/deployment.rst:11
#: c2fc01d884054c2c9e9f3cf5b1e7fe01
msgid "gunicorn"
msgstr ""
#: ../tutorial/deployment.rst:15
#: 0734bfeb3d07400d85abe6f2412c506c
msgid "Write a gunicorn configuration sample file."
msgstr ""
#: ../tutorial/deployment.rst:18
#: 12db5d68d59f42958e64d74cf0a8a852
msgid "uwsgi"
msgstr ""
#: ../tutorial/deployment.rst:42
#: 7f42a8052b034e1e949f7308c1e80068
msgid "Webserver"
msgstr ""
#: ../tutorial/deployment.rst:44
#: 261287d315864e4e958aab6892250086
msgid "Now you have to plug your WSGI application server to your webserver so it is accessible on the internet. Here are some webserver configuration examples you can pick:"
msgstr ""
#: ../tutorial/deployment.rst:48
#: 05ce956efe26448abaa00732f791ac5d
msgid "Nginx"
msgstr ""
#: ../tutorial/deployment.rst:114
#: 71a5e5d57a9547909ea4a78f80883422
msgid "Apache"
msgstr ""
#: ../tutorial/deployment.rst:153
#: c0216d38c6e74ed08fd2478d61524206
msgid "Recurrent jobs"
msgstr ""
#: ../tutorial/deployment.rst:155
#: 24d5e0ff3df449e49ec973125318f628
msgid "You might want to clean up your database to avoid it growing too much. You can regularly delete expired tokens and authorization codes with:"
msgstr ""
#: ../tutorial/deployment.rst:164
#: 615cedede7b348a39bef43b8a0296fb0
msgid "Webfinger"
msgstr ""
#: ../tutorial/deployment.rst:166
#: 59c6373efd6040f2bc60ce6617810901
msgid "You may want to configure a `WebFinger`_ endpoint on your main website to allow the automatic discovery of your Canaille installation based on the account name of one of your users. For instance, suppose your domain is ``mydomain.example`` and your Canaille domain is ``auth.mydomain.example`` and there is a user ``john.doe``. A third-party application could require to authenticate the user and ask them for a user account. The user would give their account ``john.doe@mydomain.example``, then the application would perform a WebFinger request at ``https://mydomain.example/.well-known/webfinger`` and the response would contain the address of the authentication server ``https://auth.mydomain.example``. With this information the third party application can redirect the user to the Canaille authentication page."
msgstr ""
#: ../tutorial/deployment.rst:168
#: ee64a42bf4104da2a68499149292566d
msgid "The difficulty here is that the WebFinger endpoint must be hosted at the top-level domain (i.e. ``mydomain.example``) while the authentication server might be hosted on a sublevel (i.e. ``auth.mydomain.example``). Canaille provides a WebFinger endpoint, but if it is not hosted at the top-level domain, a web redirection is required on the ``/.well-known/webfinger`` path."
msgstr ""
#: ../tutorial/deployment.rst:170
#: a1aa4ace653f416eb673a5ac6f536199
msgid "Here are configuration examples for Nginx or Apache:"
msgstr ""
#: ../tutorial/deployment.rst:172
#: 54696b09f9de48daa0d752cab9cbbe60
msgid "Nginx webfinger configuration for a top level domain"
msgstr ""
#: ../tutorial/deployment.rst:181
#: 7277d41cdb83400ab68d06861f1bba9b
msgid "Apache webfinger configuration for a top level domain"
msgstr ""
#: ../tutorial/deployment.rst:191
#: 6c673a0168dc4f159d40898328555d97
msgid "Create the first user"
msgstr ""
#: ../tutorial/deployment.rst:193
#: 665633a1bc5a4185b3ac592a8e0d023d
msgid "Once canaille is installed, soon enough you will need to add users. To create your first user you can use the :ref:`canaille create <cli_create>` CLI."
msgstr ""
#: ../tutorial/index.rst:2
#: df05343770804349af328d9b3651f059
msgid "Tutorial"
msgstr ""
#: ../tutorial/install.rst:2
#: a0eef22998554712a838c86b94681306
msgid "Installation"
msgstr ""
#: ../tutorial/install.rst:6
#: 366d1de010774522b5947172c22d1d64
msgid "Canaille is under heavy development and may not fit a production environment yet."
msgstr ""
#: ../tutorial/install.rst:8
#: 7ec1652a0617445681d3b44ab4ef6607
msgid "The installation of canaille consist in several steps, some of which you can do manually or with command line tool:"
msgstr ""
#: ../tutorial/install.rst:11
#: 39b5cccca7ae4928abc5ecac4466a670
msgid "Get the code"
msgstr ""
#: ../tutorial/install.rst:13
#: dd49fb118bd94e00810d55ca2e8e3c23
msgid "As the moment there is no distribution package for canaille. However, it can be installed with the ``pip`` package manager. Let us choose a place for the canaille environment, like ``/opt/canaille/env``."
msgstr ""
#: ../tutorial/install.rst:24
#: 8f98f8e76182487aba2f150e7af39150
msgid "Extras"
msgstr ""
#: ../tutorial/install.rst:26
#: 364aff7067fe4ab0aea19ad6024893b1
msgid "Canaille provides different package options:"
msgstr ""
#: ../tutorial/install.rst:28
#: 0b64d33198cf4965bf5ccec22054fc9b
msgid "`front` provides all the things needed to produce the user interface;"
msgstr ""
#: ../tutorial/install.rst:29
#: 4f47aa89080f491e8f179aadf57a32e4
msgid "`oidc` provides the dependencies to perform OAuth2/OIDC authentication;"
msgstr ""
#: ../tutorial/install.rst:30
#: 07d747ece341493cbfdbaacd17b9640d
msgid "`ldap` provides the dependencies to enable the LDAP backend;"
msgstr ""
#: ../tutorial/install.rst:31
#: bebbbd7c0b5b4694b70dd571d6087a25
msgid "`sqlite` provides the dependencies to enable the SQLite backend;"
msgstr ""
#: ../tutorial/install.rst:32
#: 1052d038f4154a29a0e27fd5c83f9abf
msgid "`postgresql` provides the dependencies to enable the PostgreSQL backend;"
msgstr ""
#: ../tutorial/install.rst:33
#: 0696511547b64f22b36c1b3c5ade382a
msgid "`mysql` provides the dependencies to enable the MySQL backend;"
msgstr ""
#: ../tutorial/install.rst:34
#: 7ec9ca47bc1a487caeb4d706f0cabeec
msgid "`sentry` provides sentry integration to watch Canaille exceptions;"
msgstr ""
#: ../tutorial/install.rst:35
#: 4e77c88c68b1404cbf1502574bc495af
msgid "`otp` provides the dependencies to enable one-time password authentication;"
msgstr ""
#: ../tutorial/install.rst:36
#: e81b3959980b47898233e6a778b6cfa4
msgid "`sms` provides the dependencies to enable sms sending;"
msgstr ""
#: ../tutorial/install.rst:37
#: 4355ba8d8f744ad6b49f6859e36d5276
msgid "`all` provides all the extras above."
msgstr ""
#: ../tutorial/install.rst:39
#: 2ad6fc294ad44e87a5c1b4389a8c280c
msgid "They can be installed with:"
msgstr ""
#: ../tutorial/install.rst:46
#: 59d5ecfe460d412ba993a785c0c20744
msgid "Configure"
msgstr ""
#: ../tutorial/install.rst:48
#: 2bebd03f31724f66a8fc72e10fd4c00f
msgid "Choose a path where to store your configuration file. You can pass any configuration path with the ``CONFIG`` environment variable."
msgstr ""
#: ../tutorial/install.rst:56
#: 6f15d23d18c245dc9d341399328f752e
msgid "You should then edit your configuration file to adapt the values to your needs. Look at the configuration details in the :doc:`configuration <../references/configuration>` page."
msgstr ""
#: ../tutorial/install.rst:59
#: ede066e9fd9345ac86aa519c3bc66495
msgid "Install"
msgstr ""
#: ../tutorial/install.rst:61
#: a888acd5f78142a88927d4585568a24a
msgid "The :ref:`install command <cli_install>` will apply most of the things needed to get Canaille working. Depending on the configured :doc:`database <databases>` it will create the SQL tables, or install the LDAP schemas for instance."
msgstr ""
#: ../tutorial/install.rst:70
#: 1d9b520266704354910e893daaa1ac22
msgid "Check"
msgstr ""
#: ../tutorial/install.rst:72
#: da69d39139ef46eabe3e65ee743ad414
msgid "After a manual installation, you can check your configuration file using the :ref:`check command <cli_install>`:"
msgstr ""
#: ../tutorial/provisioning.rst:2
#: fad9f07edb234ac5b4edf0f1a2850469
msgid "Provisioning"
msgstr ""
#: ../tutorial/provisioning.rst:4
#: b34dc5e4480d4812abe1d615b40724ce
msgid "Canaille partially implement the :rfc:`SCIM <7642>` provisioning protocol at the ``/scim/v2`` endpoint."
msgstr ""
#: ../tutorial/provisioning.rst:6
#: b435649989a5462fb58feedb7deff9e7
msgid "At the moment, only the server part is implemented. It allows client applications to manage user profiles directly in Canaille."
msgstr ""
#: ../tutorial/provisioning.rst:11
#: 5540926bcd3a4ff59b5c440933d22e93
msgid "Some SCIM :ref:`features and endpoints <scim_unimplemented>` are not implemented. In addition to these, Canaille will implement in the future:"
msgstr ""
#: ../tutorial/provisioning.rst:14
#: df30885f79fd424fb426110529797eeb
msgid "Access control for clients on the SCIM API endpoint, to finely manage permissions depending on clients."
msgstr ""
#: ../tutorial/provisioning.rst:15
#: e37b47a3e64940adbfecfffc6245bb5f
msgid "Client-side implementation, to broadcast user and groups modifications among all the clients."
msgstr ""
#: ../tutorial/provisioning.rst:20
#: cca65894cd064a69b7c8a4dc2b4bc5b2
msgid "To allow clients to access the SCIM API, the client must have the ``client_credentials`` grant type configured. This allows clients to ask an authentication token on their own behalf and use this token to perform queries. Currently, user tokens are not supported."
msgstr ""
#: ../tutorial/provisioning.rst:24
#: 7dc6ae431db5465aa6c1f6b104ef027b
msgid "Then the :attr:`CANAILLE_SCIM.ENABLE_SERVER <canaille.scim.configuration.SCIMSettings.ENABLE_SERVER>` configuration parameter must be enabled."
msgstr ""
#: ../tutorial/provisioning.rst:33
#: 5cbe19dfab2848509d2ecb1670f762af
msgid "Implementation details"
msgstr ""
#: ../tutorial/provisioning.rst:35
#: 18971a7e6bd84e8a813c8dd48feb4060
msgid "Due to technical reasons, the Canaille *User* and *Group* resources implementation subtly differs from the :rfc:`RFC7643 <7643>` definitions:"
msgstr ""
#: ../tutorial/provisioning.rst:37
#: ee13305a62da466097f8be31dcd58cbc
msgid "``User.userName`` is immutable (while it is read-write in RFC7643)."
msgstr ""
#: ../tutorial/provisioning.rst:38
#: 65f9f9f8c43d45f38c16ee9a1fa4bebd
msgid "``User.name.familyName`` is required (while it is optional in RFC7643)."
msgstr ""
#: ../tutorial/provisioning.rst:39
#: 5f60bb02615b4cbda2ebebed1334f087
msgid "``Group.displayName`` is required (while it is optional in RFC7643)."
msgstr ""
#: ../tutorial/provisioning.rst:40
#: 7d53ff82185640b79b3254af1c5ea824
msgid "``Group.members`` is required (while it is optional in RFC7643), i.e. groups cannot be empty."
msgstr ""
#: ../tutorial/provisioning.rst:43
#: 28d3fec6f2f94f219904c4cfed944c03
msgid "Debugging"
msgstr ""
#: ../tutorial/provisioning.rst:45
#: 40c8e2548c5a4f9183a842044ecae152
msgid "To check what data are exposed through the Canaille SCIM API, you need a *client token* and a SCIM client application. To generate a client token, you can simply manually create a token from the button on the client administration page. Then, we recommend the use of :doc:`scim2-cli:index` to interact with the API:"
msgstr ""
#: ../tutorial/provisioning.rst:49
#: 64800b3ed0e04be0a59b95f3da2dffe3
msgid "scim2-cli usage example"
msgstr ""
#: ../tutorial/theming.rst:2
#: 07dd676f278c44e3b1263e9afdebfc25
msgid "Theming"
msgstr ""
#: ../tutorial/theming.rst:4
#: 7ea6047471dd43e89c2ed87579b965e3
msgid "Canaille comes with a default theme based on `Fomantic UI <https://fomantic-ui.com/>`__ but any part of the UI can be slightly modified or even entierely rewritten if needed."
msgstr ""
#: ../tutorial/theming.rst:7
#: 3ffd0598489b46bdadc078f3a6f5ac40
msgid "Custom templates"
msgstr ""
#: ../tutorial/theming.rst:9
#: 9dc5dde77f144803be650a110ae46f79
msgid "To use a custom theme, set the :attr:`~canaille.core.configuration.CoreSettings.THEME` to a path to a directory where you will host your custom templates."
msgstr ""
#: ../tutorial/theming.rst:11
#: 225c0a63ef7443368da6d8f99c9d3fc9
msgid "Then in this directory, create new files for templates you want to override. The exhaustive list of templates is available in the :doc:`reference <../references/templates>`. You must respect the template file paths. So for instance if you want to customize the *about page*, you need to do it in a ``core/about.html`` file. You can inherit from the origin template by using the Jinja ``extend`` directive."
msgstr ""
#: ../tutorial/theming.rst:15
#: e59413935c4c4947b00e419d6e7eb2aa
msgid "core/about.html"
msgstr ""
#: ../tutorial/theming.rst:26
#: cdf094c2bf964e69b59a467298d39266
msgid "Custom style sheets"
msgstr ""
#: ../tutorial/theming.rst:28
#: bf6bfe83391d443590898ce01670c8ca
msgid "If you simply want to put your custom style sheets in the default theme, you can just push it in the ``base.html`` template. Put your file in a ``static`` subdirectory of your theme, for instance ``static/css/custom.css`` and reference it with ``theme_static``."
msgstr ""
#: ../tutorial/theming.rst:31
#: 386ecd9d792e47768914612ebf3c8931
msgid "base.html"
msgstr ""
#: ../tutorial/theming.rst:43
#: 43e2b83c38d845c4b121529d5bca8e89
msgid "To write your custom theme and check how it is rendered, you can put the path to your theme in a ``.env`` file and run the Canaille demo instance, as described in the :ref:`contributing guide <local_environment>`"
msgstr ""
#: ../tutorial/theming.rst:50
#: 282912adb49347b48bb2a8a0525ff3c9
msgid "Run the demo instance"
msgstr ""
#: ../tutorial/troubleshooting.rst:2
#: a2179a1e932c44c59ec327cabf7a8b0e
msgid "Troubleshooting"
msgstr ""
#: ../tutorial/troubleshooting.rst:5
#: 46107d829fdc4718adf7b92192756f96
msgid "The web interface throws useless error messages"
msgstr ""
#: ../tutorial/troubleshooting.rst:7
#: 86ab63d58f8848b2a40435a2f048c12f
msgid "Unless the current user has admin :class:`permissions <canaille.core.configuration.Permission>`, or the installation is in :attr:`~canaille.app.configuration.RootSettings.DEBUG` mode, error messages won't be too technical. For instance, you can see *The request you made is invalid*. To enable detailed error messages, you can **temporarily** enable the :attr:`~canaille.app.configuration.RootSettings.DEBUG` configuration parameter."
msgstr ""
#: ../tutorial/troubleshooting.rst:12
#: 988d674332bb4633b860095fe99420df
msgid "How to manually install LDAP schemas?"
msgstr ""
#: ../tutorial/troubleshooting.rst:16
#: 7be9fb2994f6417889820aac3fce6560
msgid "Schema installation can be automatically done using the :ref:`install command <cli_install>`."
msgstr ""
#: ../tutorial/troubleshooting.rst:18
#: c8c1648f65d348d0a7d601357a849604
msgid "As of OpenLDAP 2.4, two configuration methods are available:"
msgstr ""
#: ../tutorial/troubleshooting.rst:20
#: f37f56f196174ae895e792a933dfbea6
msgid "The `deprecated <https://www.openldap.org/doc/admin26/slapdconf2.html>`_ one, based on a configuration file (generally ``/etc/ldap/slapd.conf``);"
msgstr ""
#: ../tutorial/troubleshooting.rst:21
#: ae332fd671574a54b9f1ff1cce9ae3e0
msgid "The new one, based on a configuration directory (generally ``/etc/ldap/slapd.d``)."
msgstr ""
#: ../tutorial/troubleshooting.rst:23
#: b9fe35e9d0654a4b831845bf9f027a33
msgid "Depending on the configuration method you use with your OpenLDAP installation, you need to chose how to add the canaille schemas:"
msgstr ""
#: ../tutorial/troubleshooting.rst:26
#: 45557c5a90314b65aca27329fe4f334b
msgid "Old fashion: Copy the schemas in your filesystem"
msgstr ""
#: ../tutorial/troubleshooting.rst:35
#: 4aa6e1b3b0154c4ca91a982f719c08b5
msgid "New fashion: Use slapadd to add the schemas"
msgstr ""
#: ../tutorial/troubleshooting.rst:37
#: 6ba05a570b0043078256af9a016309c4
msgid "Be careful to stop your ldap server before running ``slapadd``"
msgstr ""
#: ../tutorial/troubleshooting.rst:46
#: 87adc4ca4b22405e948a90409bde21b0
msgid "How to manually generate the OIDC keypair?"
msgstr ""
#: ../tutorial/troubleshooting.rst:50
#: 6770309338724a4aac6439943e58b66a
msgid "The keypair generation can be automatically done using the :ref:`install command <cli_install>`."
msgstr ""
#: ../tutorial/troubleshooting.rst:52
#: 2fad5ba8eca14ba293b910f7c82f5b34
msgid "Canaille needs a key pair to sign OIDC tokens. You can customize those commands, as long as they match the ``JWT`` section of your configuration file."
msgstr ""
#: ../usecases.rst:4
#: 0012c5a2aeb84b40b7ccb861a1f8ea07
msgid "Use cases"
msgstr ""
#: ../usecases.rst:6
#: 8fce8afa30574f348ea6a4b5169592b6
msgid "Canaille is a lightweight IAM for simple needs. Here are a few use cases you might recognize in, where Canaille would fit your needs."
msgstr ""
#: ../usecases.rst:10
#: e00eb880854f4c38a94285e1986b96d2
msgid "OpenID Connect provider on top of a LDAP directory"
msgstr ""
#: ../usecases.rst:12
#: 354d32ad706d463ab06aa17efae022cc
msgid "Your organization has an historic :ref:`LDAP directory <feature_databases>` and you want to add a :ref:`OpenID Connect <feature_oidc>` :abbr:`SSO (Single Sign-On)` layer on top of it, so users can use all your application while signin-in only once, without any data migration."
msgstr ""
#: ../usecases.rst:15
#: c80ba39e4d3d49aeb126a3a4b0cbf6ee
msgid "Profile edition of LDAP users"
msgstr ""
#: ../usecases.rst:17
#: f7042aa80b384749a2a1c93cdf9fb3b6
msgid "Your organization has a :ref:`LDAP directory <feature_databases>` and you want to provide a way to your users to :ref:`edit their personal information <feature_profile_management>` by themselves, without requiring any administrator intervention."
msgstr ""
#: ../usecases.rst:20
#: 2175f903fd7049408fb6f8bca3817ec0
msgid "Password recovery with a LDAP directory"
msgstr ""
#: ../usecases.rst:22
#: ee7ae8f8496c4ddd95b00953f0da7fc9
msgid "Your organization has an historic :ref:`LDAP directory <feature_databases>` and you want to provide a way to your users to :ref:`recover their password <feature_password_recovery>` when they cannot remember it, without any administrator intervention."
msgstr ""
#: ../usecases.rst:25
#: b270514f0fac465d9792c85a85c84525
msgid "A lightweight IAM for unit testing"
msgstr ""
#: ../usecases.rst:27
#: 88822c2e151f43a0b5dabed7616604b7
msgid "You are :ref:`developing <feature_development>` an application relying on OAuth2 or OpenID Connect to authenticate the users. You don't want to mock the calls to the identity provider in your unit tests, but you want to :ref:`perform real OAuth2/OIDC requests <feature_testing>`, and test your application against different identity provider tunings."
msgstr ""
#: ../usecases.rst:30
#: fe21632ea9034d16b4f5da19efa0b5ac
msgid "A lightweight IAM for developing"
msgstr ""
#: ../usecases.rst:32
#: 5f85f539d8cf4500889c40f6774d6e55
msgid "You are :ref:`developing <feature_development>` an application relying on OAuth2 or OpenID Connect to authenticate the users. You need a :ref:`IAM server to develop <feature_development>` locally, but your old computer cannot bear launching a full Keycloak in a Docker container."
msgstr ""
#: ../usecases.rst:35
#: f94e9269e0d84b20998a5dc33d17bca7
msgid "A lightweight IAM for CIs"
msgstr ""
#: ../usecases.rst:37
#: c59dd6c6c59a45b6b8cc4497275c35c1
msgid "You are :ref:`developing <feature_development>` an application relying on OAuth2 or OpenID Connect to authenticate the users. You need a IAM server that could can populate with custom data, and integrate in your :ref:`continuous integration environment <feature_ci>`."
msgstr ""
#: ../usecases.rst:40
#: 30c0a6e8cd2f4ec1837b2147176bed17
msgid "A CLI to quickly edit LDAP directory users"
msgstr ""
#: ../usecases.rst:42
#: 884abc047ac34822b7b8fcd98ddb3f88
msgid "Your organization has an historic :ref:`LDAP directory <feature_databases>`. You are tired to deal with *ldif* syntax to manage your users and group and would prefer a simple human-readable CLI."
msgstr ""
View git blame Copy permalink