Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found
Select Git revision

Target

Select target project
  • uffd/uffd
  • rixx/uffd
  • thies/uffd
  • leona/uffd
  • enbewe/uffd
  • strifel/uffd
  • thies/uffd-2
7 results
Select Git revision
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 1062 additions and 42 deletions
uffd/selfservice/templates/selfservice/passwordreset.mail.txt uffd/templates/selfservice/passwordreset.mail.txt
View file @ 98fe5690
Hi {{ user.displayname }},
you have requested a password reset. To reset your password, visit the following url:
{{ url_for('selfservice.token_password', token=token, _external=True) }}
{{ url_for('selfservice.token_password', token_id=token.id, token=token.token, _external=True) }}
**The link is valid for 48h**
......
uffd/selfservice/templates/selfservice/self.html uffd/templates/selfservice/self.html
View file @ 98fe5690
......@@ -9,36 +9,122 @@
</div>
{% endif %}
<div class="row mt-3">
<div class="row">
<div class="col-12 col-md-5">
<h5>{{_("Profile")}}</h5>
<p>{{_("Your profile information is used by all services that are integrated into the Single-Sign-On. Your e-mail address is also used for password recovery.")}}</p>
<p>{{_("Changes may take serveral minutes to be visible in all services.")}}</p>
<p>{{_("Your profile information is used by all services that are integrated into the Single-Sign-On.")}}</p>
<p>{{_("Changes may take several minutes to be visible in all services.")}}</p>
</div>
<div class="col-12 col-md-7">
<form class="form" action="{{ url_for("selfservice.update_profile") }}" method="POST">
<div class="form-row">
<div class="form-group col-12 col-md-9">
<label>{{_("Login Name")}}</label>
<input type="text" class="form-control" value="{{ user.loginname }}" readonly>
</div>
<div class="form-group col-12 col-md-3">
<label>{{_("User ID")}}</label>
<input type="text" class="form-control" value="{{ user.uid }}" readonly>
</div>
<div class="form-group">
<label>{{_("Login Name")}}</label>
<input type="text" class="form-control" value="{{ user.loginname }}" readonly>
</div>
<div class="form-group">
<label>{{_("Display Name")}}</label>
<input type="text" class="form-control" id="user-displayname" name="displayname" value="{{ user.displayname }}">
</div>
<button type="submit" class="btn btn-primary btn-block">{{_("Update Profile")}}</button>
</form>
</div>
</div>
<hr>
<div class="row">
<div class="col-12 col-md-5">
<h5>{{_("E-Mail Addresses")}}</h5>
<p>{{_("Add and delete addresses associated with your account. You will need to verify new addresses by opening a link set to them.")}}</p>
</div>
<div class="col-12 col-md-7">
<form method="POST" action="{{ url_for('selfservice.add_email') }}" class="form mb-2">
<div class="row m-0">
<label class="sr-only" for="new-email-address">{{_("Email")}}</label>
<input type="email" autocomplete="email" class="form-control mb-2 col-12 col-lg-auto mr-2" style="width: 20em;" id="new-email-address" name="address" placeholder="{{_("New E-Mail Address")}}" required>
<button type="submit" class="btn btn-primary mb-2 col">{{_("Add address")}}</button>
</div>
</form>
<table class="table mb-0">
<tbody>
{% for email in user.all_emails|sort(attribute='id') %}
<tr>
<td class="pl-0">
{{ email.address }}
{% if email == user.primary_email %}
<span class="badge badge-primary">{{ _('primary') }}</span>
{% elif not email.verified %}
<span class="badge badge-danger">{{ _('unverified') }}</span>
{% endif %}
</td>
<td class="pt-2 pb-1 pr-0">
<form method="POST" action="{{ url_for('selfservice.delete_email', email_id=email.id) }}" onsubmit='return confirm({{_("Are you sure?")|tojson|e}});'>
<button type="submit" class="btn btn-sm btn-danger float-right ml-1 mb-1"{% if email == user.primary_email %} disabled title="{{ _('Cannot delete primary e-mail address') }}"{% endif %}>{{_("Delete")}}</button>
</form>
{% if not email.verified %}
<a href="{{ url_for('selfservice.retry_email_verification', email_id=email.id) }}" class="btn btn-sm btn-primary float-right mb-1">{{_("Retry verification")}}</a>
{% endif %}
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
<hr>
{% set service_users_with_email_prefs = user.service_users|selectattr('has_email_preferences')|list %}
{% set collapse_email_prefs = service_users_with_email_prefs|length > 2 %}
<div class="row">
<div class="col-12 col-md-5">
<h5>{{_("E-Mail Preferences")}}</h5>
<p>
{{ _("Choose your primary e-mail address and the address password recovery e-mails will be sent to.") }}
{% if service_users_with_email_prefs %}
{{ _("You can also select different addresses for different services.") }}
{% endif %}
</p>
<p>{{ _("Adresses must be verified before you can select them here.") }}</p>
</div>
<div class="col-12 col-md-7">
<form class="form" action="{{ url_for("selfservice.update_email_preferences") }}" method="POST">
<div class="form-group">
<label>{{_("Primary Address")}}</label>
<select name="primary_email" class="form-control">
{% for email in user.all_emails if email.verified %}
<option value="{{ email.id }}" {{ 'selected' if email == user.primary_email }}>{{ email.address }}</option>
{% endfor %}
</select>
</div>
<div class="form-group">
<label>{{_("E-Mail Address")}}</label>
<input type="email" class="form-control" id="user-mail" name="mail" value="{{ user.mail }}" required>
<small class="form-text text-muted">
{{_("We will send you a confirmation mail to this address if you change it")}}
</small>
<label>{{_("Address for Password Reset E-Mails")}}</label>
<select name="recovery_email" class="form-control">
<option value="primary" {{ 'selected' if not user.recovery_email }}>{{ _('Use primary address') }}</option>
{% for email in user.all_emails if email.verified %}
<option value="{{ email.id }}" {{ 'selected' if email == user.recovery_email }}>{{ email.address }}</option>
{% endfor %}
</select>
</div>
<button type="submit" class="btn btn-primary btn-block">{{_("Update Profile")}}</button>
{% for service_user in service_users_with_email_prefs %}
{% if collapse_email_prefs and loop.index == 2 %}
<div id="collapsed-email-prefs">
{% endif %}
<div class="form-group">
<label>{{ _('Address for Service "%(name)s"', name=service_user.service.name) }}</label>
<select name="service_{{ service_user.service.id }}_email" class="form-control">
<option value="primary" {{ 'selected' if not service_user.service_email }}>{{ _('Use primary address') }}</option>
{% for email in user.all_emails if email.verified %}
<option value="{{ email.id }}" {{ 'selected' if email == service_user.service_email }}>{{ email.address }}</option>
{% endfor %}
</select>
</div>
{% endfor %}
{% if collapse_email_prefs %}
</div>
<button type="button" class="btn btn-sm btn-link pl-0 mb-1 showmore" data-target="#collapsed-email-prefs" style="display: none;" aria-expanded="false" aria-controls="collapsed-email-prefs">{{ _("Show more settings ...") }}</button>
{% endif %}
<button type="submit" class="btn btn-primary btn-block">{{_("Update E-Mail Preferences")}}</button>
</form>
</div>
</div>
......@@ -53,13 +139,13 @@
<div class="col-12 col-md-7">
<form class="form" action="{{ url_for("selfservice.change_password") }}" method="POST">
<div class="form-group">
<input type="password" class="form-control" id="user-password1" name="password1" placeholder="{{_("New Password")}}" required>
<input type="password" autocomplete="new-password" class="form-control" id="user-password1" name="password1" placeholder="{{_("New Password")}}" minlength={{ User.PASSWORD_MINLEN }} maxlength={{ User.PASSWORD_MAXLEN }} pattern="{{ User.PASSWORD_REGEX }}" required>
<small class="form-text text-muted">
{{_('At least 8 and at most 256 characters, no other special requirements.')}}
{{ User.PASSWORD_DESCRIPTION|safe }}
</small>
</div>
<div class="form-group">
<input type="password" class="form-control" id="user-password2" name="password2" placeholder="{{_("Repeat Password")}}" required>
<input type="password" autocomplete="new-password" class="form-control" id="user-password2" name="password2" placeholder="{{_("Repeat Password")}}" required>
</div>
<button type="submit" class="btn btn-primary btn-block">{{_("Change Password")}}</button>
</form>
......@@ -81,7 +167,56 @@
{{ _("Two-factor authentication is currently <strong>disabled</strong>.")|safe }}
{% endif %}
</p>
<a class="btn btn-primary btn-block" href="{{ url_for('mfa.setup') }}">{{_("Manage two-factor authentication")}}</a>
<a class="btn btn-primary btn-block" href="{{ url_for('selfservice.setup_mfa') }}">{{_("Manage two-factor authentication")}}</a>
</div>
</div>
<hr>
<div class="row mt-3">
<div class="col-12 col-md-5">
<h5>{{_("Active Sessions")}}</h5>
<p>{{_("Your active login sessions on this device and other devices.")}}</p>
<p>{{_("Revoke a session to log yourself out on another device. Note that this is limited to the Single-Sign-On session and <b>does not affect login sessions on services.</b>")}}</p>
</div>
<div class="col-12 col-md-7">
<table class="table">
<thead>
<tr>
<th scope="col">{{_("Last used")}}</th>
<th scope="col">{{_("Device")}}</th>
<th scope="col"></th>
</tr>
</thead>
<tbody>
<tr>
<td>{{_("Just now")}}</td>
<td>{{ request.session.user_agent_browser }} on {{ request.session.user_agent_platform }} ({{ request.session.ip_address }})</td>
<td></td>
</tr>
{% for session in user.sessions|sort(attribute='last_used', reverse=True) if not session.expired and session != request.session %}
<tr>
<td>
{% set last_used_rel = session.last_used - datetime.utcnow() %}
{% if -last_used_rel.total_seconds() <= 60 %}
{{_("Just now")}}
{% else %}
{{ last_used_rel|timedeltaformat(add_direction=True, granularity='minute') }}
{% endif %}
</td>
<td>{{ session.user_agent_browser }} on {{ session.user_agent_platform }} ({{ session.ip_address }})</td>
<td>
{% if session != request.session %}
<form action="{{ url_for("selfservice.revoke_session", session_id=session.id) }}" method="POST" onsubmit='return confirm({{_("Are you sure?")|tojson|e}});'>
<button type="submit" class="btn btn-sm btn-danger float-right">{{_("Revoke")}}</button>
</form>
{% endif %}
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
......@@ -92,15 +227,12 @@
<h5>{{_("Roles")}}</h5>
<p>{{_("Aside from a set of base permissions, your roles determine the permissions of your account.")}}</p>
{% if config['SERVICES'] %}
<p>{{_("See <a href=\"%(services_url)s\">Services</a> for an overview of your current permissions.", services_url=url_for('services.index'))}}</p>
<p>{{_("See <a href=\"%(services_url)s\">Services</a> for an overview of your current permissions.", services_url=url_for('service.overview'))}}</p>
{% endif %}
</div>
<div class="col-12 col-md-7">
{% if config['ENABLE_INVITE'] %}
<p>{{_("Administrators and role moderators can invite you to new roles.")}}</p>
{% else %}
<p>{{_("Administrators can add new roles to your account.")}}</p>
{% endif %}
<table class="table">
<thead>
<tr>
......@@ -119,11 +251,9 @@
</td>
<td>{{ role.description }}</td>
<td>
{% if config['ENABLE_ROLESELFSERVICE'] %}
<form action="{{ url_for("selfservice.leave_role", roleid=role.id) }}" method="POST" onsubmit='return confirm({{_("Are you sure?")|tojson|e}});'>
<button type="submit" class="btn btn-sm btn-danger float-right">{{_("Leave")}}</button>
</form>
{% endif %}
</td>
</tr>
{% endfor %}
......@@ -134,7 +264,20 @@
{% endif %}
</tbody>
</table>
</div>
</div>
<script>
$(".showmore").each(function () {
$(this).show()
$($(this).data("target")).hide()
})
$(".showmore").on("click", function () {
$(this).slideUp(200)
$(this).prop("ariaExpanded", true)
$($(this).data("target")).slideDown()
})
</script>
{% endblock %}
uffd/templates/selfservice/set_password.html 0 → 100644
View file @ 98fe5690
{% extends 'base_narrow.html' %}
{% block body %}
<form action="{{ url_for("selfservice.token_password", token_id=token.id, token=token.token) }}" method="POST" onInput="password2.setCustomValidity(password1.value != password2.value ? 'Passwords do not match.' : '') ">
<div class="col-12">
<h2 class="text-center">{{_("Reset password")}}</h2>
</div>
<div class="form-group col-12">
<label for="user-password1">{{_("New Password")}}</label>
<input type="password" autocomplete="new-password" class="form-control" id="user-password1" name="password1" tabindex="2" minlength={{ User.PASSWORD_MINLEN }} maxlength={{ User.PASSWORD_MAXLEN }} pattern="{{ User.PASSWORD_REGEX }}" required>
<small class="form-text text-muted">
{{ User.PASSWORD_DESCRIPTION|safe }}
</small>
</div>
<div class="form-group col-12">
<label for="user-password2">{{_("Repeat Password")}}</label>
<input type="password" autocomplete="new-password" class="form-control" id="user-password2" name="password2" tabindex="3" required>
</div>
<div class="form-group col-12">
<button type="submit" class="btn btn-primary btn-block" tabindex="3">{{_("Set password")}}</button>
</div>
</form>
{% endblock %}
uffd/mfa/templates/mfa/setup.html uffd/templates/selfservice/setup_mfa.html
View file @ 98fe5690
......@@ -28,11 +28,11 @@ mfa_enabled: The user has setup at least one two-factor method. Two-factor authe
{% if mfa_setup or mfa_enabled %}
<div class="clearfix">
{% if mfa_enabled %}
<form class="form float-right" action="{{ url_for('mfa.disable') }}">
<form class="form float-right" action="{{ url_for('selfservice.disable_mfa') }}">
<button type="submit" class="btn btn-danger mb-2">{{_("Disable two-factor authentication")}}</button>
</form>
{% else %}
<form class="form float-right" action="{{ url_for('mfa.disable_confirm') }}" method="POST">
<form class="form float-right" action="{{ url_for('selfservice.disable_mfa_confirm') }}" method="POST">
<button type="submit" class="btn btn-light mb-2">{{_("Reset two-factor configuration")}}</button>
</form>
{% endif %}
......@@ -56,7 +56,7 @@ mfa_enabled: The user has setup at least one two-factor method. Two-factor authe
</div>
<div class="col-12 col-md-7">
<form class="form" action="{{ url_for('mfa.setup_recovery') }}" method="POST">
<form class="form" action="{{ url_for('selfservice.setup_mfa_recovery') }}" method="POST">
{% if mfa_init %}
<button type="submit" class="btn btn-primary mb-2 col">
{{_("Generate recovery codes to enable two-factor authentication")}}
......@@ -93,7 +93,7 @@ mfa_enabled: The user has setup at least one two-factor method. Two-factor authe
</div>
<div class="col-12 col-md-7">
<form class="form mb-2" action="{{ url_for('mfa.setup_totp') }}">
<form class="form mb-2" action="{{ url_for('selfservice.setup_mfa_totp') }}" autocomplete="off">
<div class="row m-0">
<label class="sr-only" for="totp-name">{{_("Name")}}</label>
<input type="text" name="name" class="form-control mb-2 col-12 col-lg-auto mr-2" style="width: 15em;" id="totp-name" placeholder="{{_("Name")}}" required {{ 'disabled' if mfa_init }}>
......@@ -113,8 +113,8 @@ mfa_enabled: The user has setup at least one two-factor method. Two-factor authe
{% for method in request.user.mfa_totp_methods %}
<tr>
<td>{{ method.name }}</td>
<td>{{ method.created.strftime('%b %d, %Y') }}</td>
<td><a class="btn btn-sm btn-danger float-right" href="{{ url_for('mfa.delete_totp', id=method.id) }}">{{_("Delete")}}</a></td>
<td>{{ method.created|dateformat }}</td>
<td><a class="btn btn-sm btn-danger float-right" href="{{ url_for('selfservice.delete_mfa_totp', id=method.id) }}">{{_("Delete")}}</a></td>
</tr>
{% endfor %}
{% if not request.user.mfa_totp_methods %}
......@@ -152,7 +152,7 @@ mfa_enabled: The user has setup at least one two-factor method. Two-factor authe
</div>
</noscript>
<div id="webauthn-alert" class="alert alert-warning d-none" role="alert"></div>
<form id="webauthn-form" class="form mb-2">
<form id="webauthn-form" autocomplete="off" class="form mb-2">
<div class="row m-0">
<label class="sr-only" for="webauthn-name">{{_("Name")}}</label>
<input type="text" class="form-control mb-2 col-12 col-lg-auto mr-2" style="width: 15em;" id="webauthn-name" placeholder="{{_("Name")}}" required disabled>
......@@ -175,8 +175,8 @@ mfa_enabled: The user has setup at least one two-factor method. Two-factor authe
{% for method in request.user.mfa_webauthn_methods %}
<tr>
<td>{{ method.name }}</td>
<td>{{ method.created.strftime('%b %d, %Y') }}</td>
<td><a class="btn btn-sm btn-danger float-right" href="{{ url_for('mfa.delete_webauthn', id=method.id) }}">{{_("Delete")}}</a></td>
<td>{{ method.created|dateformat }}</td>
<td><a class="btn btn-sm btn-danger float-right" href="{{ url_for('selfservice.delete_mfa_webauthn', id=method.id) }}">{{_("Delete")}}</a></td>
</tr>
{% endfor %}
{% if not request.user.mfa_webauthn_methods %}
......@@ -196,21 +196,21 @@ mfa_enabled: The user has setup at least one two-factor method. Two-factor authe
$('#webauthn-form').on('submit', function(e) {
$('#webauthn-alert').addClass('d-none');
$('#webauthn-spinner').removeClass('d-none');
$('#webauthn-btn-text').text('Contacting server');
$('#webauthn-btn-text').text({{ _('Contacting server')|tojson }});
$('#webauthn-btn').prop('disabled', true);
fetch({{ url_for('mfa.setup_webauthn_begin')|tojson }}, {
fetch({{ url_for('selfservice.setup_mfa_webauthn_begin')|tojson }}, {
method: 'POST',
}).then(function(response) {
if (response.ok)
return response.arrayBuffer();
if (response.status == 403)
throw new Error('You need to generate recovery codes first');
throw new Error('Server error');
throw new Error({{ _('You need to generate recovery codes first')|tojson }});
throw new Error({{ _('Server error')|tojson }});
}).then(CBOR.decode).then(function(options) {
$('#webauthn-btn-text').text('Waiting for response from your device');
$('#webauthn-btn-text').text({{ _('Waiting for device')|tojson }});
return navigator.credentials.create(options);
}).then(function(attestation) {
return fetch({{ url_for('mfa.setup_webauthn_complete')|tojson }}, {
return fetch({{ url_for('selfservice.setup_mfa_webauthn_complete')|tojson }}, {
method: 'POST',
headers: {'Content-Type': 'application/cbor'},
body: CBOR.encode({
......@@ -222,34 +222,34 @@ $('#webauthn-form').on('submit', function(e) {
}).then(function(response) {
if (response.ok) {
$('#webauthn-spinner').addClass('d-none');
$('#webauthn-btn-text').text('Success');
window.location = {{ url_for('mfa.setup')|tojson }};
$('#webauthn-btn-text').text({{ _('Success')|tojson }});
window.location = {{ url_for('selfservice.setup_mfa')|tojson }};
} else {
throw new Error('Response from authenticator rejected');
throw new Error({{ _('Invalid response from device')|tojson }});
}
}, function(err) {
console.log(err);
/* various webauthn errors */
if (err.name == 'NotAllowedError')
$('#webauthn-alert').text('Registration timed out, was aborted or not allowed');
$('#webauthn-alert').text({{ _('Registration timed out, was aborted or not allowed')|tojson }});
else if (err.name == 'InvalidStateError')
$('#webauthn-alert').text('You attempted to register a device that is already registered');
$('#webauthn-alert').text({{ _('Device already registered')|tojson }});
else if (err.name == 'AbortError')
$('#webauthn-alert').text('Registration was aborted');
$('#webauthn-alert').text({{ _('Registration was aborted')|tojson }});
else if (err.name == 'NotSupportedError')
$('#webauthn-alert').text('U2F and FIDO2 devices are not supported by your browser');
$('#webauthn-alert').text({{ _('U2F and FIDO2 devices are not supported by your browser')|tojson }});
/* errors from fetch() */
else if (err.name == 'TypeError')
$('#webauthn-alert').text('Could not connect to server');
$('#webauthn-alert').text({{ _('Could not connect to server')|tojson }});
/* our own errors */
else if (err.name == 'Error')
$('#webauthn-alert').text(err.message);
/* fallback */
else
$('#webauthn-alert').text('Registration failed ('+err+')');
$('#webauthn-alert').text({{ _('Registration failed')|tojson }}+' ('+err+')');
$('#webauthn-alert').removeClass('d-none');
$('#webauthn-spinner').addClass('d-none');
$('#webauthn-btn-text').text('Retry registration');
$('#webauthn-btn-text').text({{ _('Retry registration')|tojson }});
$('#webauthn-btn').prop('disabled', false);
});
return false;
......@@ -261,7 +261,7 @@ if (typeof(PublicKeyCredential) != "undefined") {
$('#webauthn-name').prop('disabled', false);
{% endif %}
} else {
$('#webauthn-alert').text('U2F and FIDO2 devices are not supported by your browser');
$('#webauthn-alert').text({{ _('U2F and FIDO2 devices are not supported by your browser')|tojson }});
$('#webauthn-alert').removeClass('d-none');
}
......
uffd/mfa/templates/mfa/setup_recovery.html uffd/templates/selfservice/setup_mfa_recovery.html
View file @ 98fe5690
......@@ -12,7 +12,7 @@
<div class="text-monospace">
<ul>
{% for method in methods %}
<li>{{ method.code }}</li>
<li>{{ method.code_value }}</li>
{% endfor %}
</ul>
</div>
......@@ -23,8 +23,8 @@
</p>
<div class="btn-toolbar">
<a class="ml-auto mb-2 btn btn-primary d-print-none" href="{{ url_for('mfa.setup') }}">Continue</a>
<a class="ml-2 mb-2 btn btn-light d-print-none" href="{{ methods|map(attribute='code')|join('\n')|datauri }}" download="uffd-recovery-codes">
<a class="ml-auto mb-2 btn btn-primary d-print-none" href="{{ url_for('selfservice.setup_mfa') }}">{{_("Continue")}}</a>
<a class="ml-2 mb-2 btn btn-light d-print-none" href="{{ methods|map(attribute='code_value')|join('\n')|datauri }}" download="uffd-recovery-codes">
{{_("Download codes")}}
</a>
<button class="ml-2 mb-2 btn btn-light d-print-none" type="button" onClick="window.print()">{{_("Print codes")}}</button>
......
uffd/mfa/templates/mfa/setup_totp.html uffd/templates/selfservice/setup_mfa_totp.html
View file @ 98fe5690
......@@ -32,9 +32,9 @@
</div>
</div>
<form action="{{ url_for('mfa.setup_totp_finish', name=name) }}" method="POST" class="form">
<form action="{{ url_for('selfservice.setup_mfa_totp_finish', name=name) }}" method="POST" autocomplete="off" class="form">
<div class="row m-0">
<input type="text" name="code" class="form-control mb-2 mr-2 col-auto col-md" id="code" placeholder="Code" required autofocus>
<input type="text" name="code" class="form-control mb-2 mr-2 col-auto col-md" id="code" placeholder="{{_('Code')}}" required autofocus>
<button type="submit" class="btn btn-primary mb-2 col col-md-auto">{{_("Verify and complete setup")}}</button>
</div>
</form>
......
uffd/templates/service/api.html 0 → 100644
View file @ 98fe5690
{% extends 'base.html' %}
{% block body %}
<div class="row">
<form action="{{ url_for('service.api_submit', service_id=service.id, id=client.id) }}" method="POST" autocomplete="off" class="form col-12 px-0">
<div class="form-group col">
<p class="text-right">
<a href="{{ url_for('service.show', id=service.id) }}" class="btn btn-secondary">{{ _('Cancel') }}</a>
{% if client.id %}
<a class="btn btn-danger" href="{{ url_for('service.api_delete', service_id=service.id, id=client.id) }}" onClick='return confirm({{_("Are you sure?")|tojson}});'>
<i class="fa fa-trash" aria-hidden="true"></i> {{_('Delete')}}
</a>
{% endif %}
<button type="submit" class="btn btn-primary"><i class="fa fa-save" aria-hidden="true"></i> {{ _('Save') }}</button>
</p>
</div>
<div class="form-group col">
<label for="client-auth-username">{{ _('Authentication Username') }}</label>
<input type="text" class="form-control" id="client-auth-username" name="auth_username" value="{{ client.auth_username or '' }}" required>
</div>
<div class="form-group col">
<label for="client-auth-password">{{ _('Authentication Password') }}</label>
{% if client.id %}
<input type="password" autocomplete="new-password" class="form-control" id="client-auth-password" name="auth_password" placeholder="●●●●●●●●">
{% else %}
<input type="password" autocomplete="new-password" class="form-control" id="client-auth-password" name="auth_password" required>
{% endif %}
</div>
<div class="form-group col">
<h6>{{ _('Permissions') }}</h6>
<div class="form-check">
<input class="form-check-input" type="checkbox" id="client-perm-users" name="perm_users" value="1" aria-label="enabled" {{ 'checked' if client.perm_users }}>
<label class="form-check-label" for="client-perm-users"><b>users</b>: {{_('Access user and group data')}}</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" id="client-perm-checkpassword" name="perm_checkpassword" value="1" aria-label="enabled" {{ 'checked' if client.perm_checkpassword }}>
<label class="form-check-label" for="client-perm-checkpassword"><b>checkpassword</b>: {{_('Verify user passwords')}}</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" id="client-perm-mail-aliases" name="perm_mail_aliases" value="1" aria-label="enabled" {{ 'checked' if client.perm_mail_aliases }}>
<label class="form-check-label" for="client-perm-mail-aliases"><b>mail_aliases</b>: {{_('Access mail aliases')}}</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" id="client-perm-remailer" name="perm_remailer" value="1" aria-label="enabled" {{ 'checked' if client.perm_remailer }}>
<label class="form-check-label" for="client-perm-remailer"><b>remailer</b>: {{_('Resolve remailer addresses')}}</label>
{% if not remailer.configured %}
<i class="fas fa-exclamation-triangle text-warning" data-toggle="tooltip" data-placement="top" title="{{ _('This option has no effect: Remailer config options are unset') }}"></i>
{% endif %}
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" id="client-perm-metrics" name="perm_metrics" value="1" aria-label="enabled" {{ 'checked' if client.perm_metrics }}>
<label class="form-check-label" for="client-perm-metrics"><b>metrics</b>: {{_('Access uffd metrics')}}</label>
</div>
</div>
</form>
</div>
<script>
$(function () {
$('[data-toggle="tooltip"]').tooltip()
})
</script>
{% endblock %}
uffd/templates/service/index.html 0 → 100644
View file @ 98fe5690
{% extends 'base.html' %}
{% block body %}
<div class="row">
<div class="col">
<p class="text-right">
<a class="btn btn-primary" href="{{ url_for('service.show') }}">
<i class="fa fa-plus" aria-hidden="true"></i> {{_("New")}}
</a>
</p>
<table class="table table-striped table-sm">
<thead>
<tr>
<th scope="col">{{ _('Name') }}</th>
</tr>
</thead>
<tbody>
{% for service in services|sort(attribute="name") %}
<tr>
<td>
<a href="{{ url_for("service.show", id=service.id) }}">
{{ service.name }}
</a>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
{% endblock %}
uffd/templates/service/oauth2.html 0 → 100644
View file @ 98fe5690
{% extends 'base.html' %}
{% block body %}
<div class="row">
<form action="{{ url_for('service.oauth2_submit', service_id=service.id, db_id=client.db_id) }}" method="POST" autocomplete="off" class="form col-12 px-0">
<div class="form-group col">
<p class="text-right">
<a href="{{ url_for('service.show', id=service.id) }}" class="btn btn-secondary">{{ _('Cancel') }}</a>
{% if client.db_id %}
<a class="btn btn-danger" href="{{ url_for('service.oauth2_delete', service_id=service.id, db_id=client.db_id) }}" onClick='return confirm({{_("Are you sure?")|tojson}});'>
<i class="fa fa-trash" aria-hidden="true"></i> {{_('Delete')}}
</a>
{% endif %}
<button type="submit" class="btn btn-primary"><i class="fa fa-save" aria-hidden="true"></i> {{ _('Save') }}</button>
</p>
</div>
<div class="form-group col">
<label for="client-client-id">{{ _('Client ID') }}</label>
<input type="text" class="form-control" id="client-client-id" name="client_id" value="{{ client.client_id or '' }}" required>
</div>
<div class="form-group col">
<label for="client-client-secret">{{ _('Client Secret') }}</label>
{% if client.db_id %}
<input type="password" autocomplete="new-password" class="form-control" id="client-client-secret" name="client_secret" placeholder="●●●●●●●●">
{% else %}
<input type="password" autocomplete="new-password" class="form-control" id="client-client-secret" name="client_secret" required>
{% endif %}
</div>
<div class="form-group col">
<label for="client-redirect-uris">{{ _('Redirect URIs') }}</label>
<textarea rows="3" class="form-control" id="client-redirect-uris" name="redirect_uris">{{ client.redirect_uris|join('\n') }}</textarea>
<small class="form-text text-muted">
{{ _('One URI per line') }}
</small>
</div>
<div class="form-group col">
<label for="client-logout-uris">{{ _('Logout URIs') }}</label>
<textarea rows="3" class="form-control" id="client-logout-uris" name="logout_uris" placeholder="GET https://example.com/logout">
{%- for logout_uri in client.logout_uris %}
{{ logout_uri.method }} {{ logout_uri.uri }}{{ '\n' if not loop.last }}
{%- endfor %}
</textarea>
<small class="form-text text-muted">
{{ _('One URI per line, prefixed with space-separated method (GET/POST)') }}
</small>
</div>
</form>
</div>
{% endblock %}
uffd/services/templates/services/overview.html uffd/templates/service/overview.html
View file @ 98fe5690
......@@ -4,8 +4,19 @@
{% set iconstyle = 'style="width: 1.8em;"'|safe %}
{% if not user %}
<div class="alert alert-warning" role="alert">{{_("Some services may not be publicly listed! Log in to see all services you have access to.")}}</div>
{% if not request.user %}
<div class="alert alert-warning" role="alert">
<div class="row">
<div class="col-12 col-md-9 col-lg-10 col-xl-10">
{{ _("Some services may not be publicly listed! Log in to see all services you have access to.") }}
</div>
<div class="col-12 col-md-3 col-lg-2 col-xl-2 text-center text-md-right text-lg-right text-xl-right">
<a class="btn btn-primary" href="{{ url_for("session.login", ref=request.full_path) }}">
<i class="fa fa-sign-in-alt" aria-hidden="true"></i> {{ _("Login") }}
</a>
</div>
</div>
</div>
{% endif %}
{% if banner %}
......@@ -22,7 +33,7 @@
<div class="card-body">
{% if service.logo_url %}
{% if service.url and service.has_access %}<a href="{{ service.url }}" class="text-reset">{% endif %}
<img alt="Logo for {{ service.title }}" src="{{ service.logo_url }}" style="width: 100%; height: 10em; object-fit: contain; {{ 'filter: grayscale(100%);' if not service.has_access }}">
<img alt="{{ _("Logo for %(service_title)s", service_title=service.title) }}" src="{{ service.logo_url }}" style="width: 100%; height: 10em; object-fit: contain; {{ 'filter: grayscale(100%);' if not service.has_access }}">
{% if service.url and service.has_access %}</a>{% endif %}
{% endif %}
<h5 class="card-title">
......@@ -59,6 +70,12 @@
</div>
{% endmacro %}
{% if request.user and request.user.is_in_group(config['ACL_ADMIN_GROUP']) %}
<div class="text-right mt-2">
<a href="{{ url_for('service.index') }}" class="btn btn-primary">{{ _('Manage OAuth2 and API clients') }}</a>
</div>
{% endif %}
<div class="row row-cols-1 row-cols-md-2 row-cols-lg-3 row-cols-xl-4 mt-2">
{% for service in services if service.has_access %}
{{ service_card(service) }}
......
uffd/templates/service/show.html 0 → 100644
View file @ 98fe5690
{% extends 'base.html' %}
{% block body %}
<div class="row">
<form action="{{ url_for('service.edit_submit', id=service.id) }}" method="POST" autocomplete="off" class="form col-12 px-0">
<div class="form-group col">
<p class="text-right">
<a href="{{ url_for('service.index') }}" class="btn btn-secondary">{{ _('Cancel') }}</a>
{% if service.id %}
<a class="btn btn-danger" href="{{ url_for('service.delete', id=service.id) }}" onClick='return confirm({{_("Are you sure?")|tojson}});'>
<i class="fa fa-trash" aria-hidden="true"></i> {{_('Delete')}}
</a>
{% endif %}
<button type="submit" class="btn btn-primary"><i class="fa fa-save" aria-hidden="true"></i> {{ _('Save') }}</button>
</p>
</div>
<div class="form-group col">
<label for="service-name">{{ _('Name') }}</label>
<input type="text" class="form-control" id="service-name" name="name" value="{{ service.name or '' }}" required>
</div>
<div class="form-group col">
<label for="access-group">{{ _('Access Restriction') }}</label>
<select class="form-control" id="access-group" name="access-group">
<option value="" class="text-muted">{{ _('No user has access') }}</option>
<option value="all" class="text-muted" {{ 'selected' if not service.limit_access }}>{{ _('All users have access (legacy)') }}</option>
{% for group in all_groups %}
<option value="{{ group.id }}" {{ 'selected' if group == service.access_group and service.limit_access }}>{{ _('Members of group "%(group_name)s" have access', group_name=group.name) }}</option>
{% endfor %}
</select>
</div>
<div class="form-group col">
<div class="form-check">
<input class="form-check-input" type="checkbox" id="hide-deactivated-users" name="hide_deactivated_users" value="1" aria-label="enabled" {{ 'checked' if service.hide_deactivated_users }}>
<label class="form-check-label" for="hide-deactivated-users">{{ _('Hide deactivated users from service') }}</label>
</div>
</div>
<div class="form-group col">
<div class="form-check">
<input class="form-check-input" type="checkbox" id="service-enable-email-preferences" name="enable_email_preferences" value="1" aria-label="enabled" {{ 'checked' if service.enable_email_preferences }}>
<label class="form-check-label" for="service-enable-email-preferences">{{ _('Allow users with access to select a different e-mail address for this service') }}</label>
<small class="form-text text-muted">
{{ _('If disabled, the service always uses the primary e-mail address.') }}
</small>
</div>
</div>
<div class="form-group col">
<label for="remailer-mode">
{{ _('Hide e-mail addresses with remailer') }}
{% if not remailer.configured %}
<i class="fas fa-exclamation-triangle text-warning" data-toggle="tooltip" data-placement="top" title="{{ _('This option has no effect: Remailer config options are unset') }}"></i>
{% endif %}
</label>
<select class="form-control" id="remailer-mode" name="remailer-mode">
<option value="{{ RemailerMode.DISABLED.name }}" {{ 'selected' if service.remailer_mode == RemailerMode.DISABLED }}>
{{ _('Remailer disabled') }}
</option>
<option value="{{ RemailerMode.ENABLED_V2.name }}" {{ 'selected' if service.remailer_mode == RemailerMode.ENABLED_V2 }}>
{{ _('Remailer enabled') }}
</option>
<option value="{{ RemailerMode.ENABLED_V1.name }}" {{ 'selected' if service.remailer_mode == RemailerMode.ENABLED_V1 }}>
{{ _('Remailer enabled (deprecated, case-sensitive format)') }}
</option>
</select>
<small class="form-text text-muted">
{{ _('Some services notify users about changes to their e-mail address. Modifying this setting immediatly affects the e-mail addresses of all users and can cause masses of notification e-mails.') }}
</small>
</div>
<div class="form-group col">
<p class="mb-2">
{{ _('Overwrite remailer setting for specific users') }}
</p>
<div class="input-group" id="remailer-mode-overwrite">
<input class="form-control" name="remailer-overwrite-users" placeholder="{{ _('Login names') }}" value="{{ remailer_overwrites|map(attribute='user')|map(attribute='loginname')|sort|join(', ') }}">
<select class="form-control" name="remailer-overwrite-mode">
{% set remailer_overwrite_mode = remailer_overwrites|map(attribute='remailer_overwrite_mode')|first or RemailerMode.ENABLED_V2 %}
<option value="{{ RemailerMode.DISABLED.name }}" {{ 'selected' if remailer_overwrite_mode == RemailerMode.DISABLED }}>
{{ _('Remailer disabled') }}
</option>
<option value="{{ RemailerMode.ENABLED_V2.name }}" {{ 'selected' if remailer_overwrite_mode == RemailerMode.ENABLED_V2 }}>
{{ _('Remailer enabled') }}
</option>
<option value="{{ RemailerMode.ENABLED_V1.name }}" {{ 'selected' if remailer_overwrite_mode == RemailerMode.ENABLED_V1 }}>
{{ _('Remailer enabled (deprecated, case-sensitive format)') }}
</option>
</select>
</div>
<small class="form-text text-muted">
{{ _('Useful for testing remailer before enabling it for all users. Specify users as a comma-seperated list of login names.') }}
</small>
</div>
</form>
{% if service.id %}
<div class="col-12">
<hr>
<h5>OAuth2 Clients</h5>
<p class="text-right">
<a class="btn btn-primary" href="{{ url_for('service.oauth2_show', service_id=service.id) }}">
<i class="fa fa-plus" aria-hidden="true"></i> {{_("New")}}
</a>
</p>
<table class="table table-striped table-sm">
<thead>
<tr>
<th scope="col">{{ _('Client ID') }}</th>
</tr>
</thead>
<tbody>
{% for client in service.oauth2_clients|sort(attribute='client_id') %}
<tr>
<td>
<a href="{{ url_for("service.oauth2_show", service_id=service.id, db_id=client.db_id) }}">
{{ client.client_id }}
</a>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
<div class="col-12">
<hr>
<h5>API Clients</h5>
<p class="text-right">
<a class="btn btn-primary" href="{{ url_for('service.api_show', service_id=service.id) }}">
<i class="fa fa-plus" aria-hidden="true"></i> {{_("New")}}
</a>
</p>
<table class="table table-striped table-sm">
<thead>
<tr>
<th scope="col">{{ _('Name') }}</th>
<th scope="col">{{ _('Permissions') }}</th>
</tr>
</thead>
<tbody>
{% for client in service.api_clients|sort(attribute='auth_username') %}
<tr>
<td>
<a href="{{ url_for("service.api_show", service_id=service.id, id=client.id) }}">
{{ client.auth_username }}
</a>
</td>
<td>
{% for perm in ['users', 'checkpassword', 'mail_aliases', 'remailer'] if client.has_permission(perm) %}
{{ perm }}{{ ',' if not loop.last }}
{% endfor %}
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
{% endif %}
</div>
<script>
$(function () {
$('[data-toggle="tooltip"]').tooltip()
})
</script>
{% endblock %}
uffd/templates/session/deviceauth.html 0 → 100644
View file @ 98fe5690
{% extends 'base_narrow.html' %}
{% block body %}
{% if not initiation %}
<form action="{{ url_for("session.deviceauth") }}" autocomplete="off">
{% elif not confirmation %}
<form action="{{ url_for("session.deviceauth_submit") }}" method="POST" autocomplete="off">
{% else %}
<form action="{{ url_for("session.deviceauth_finish") }}" method="POST" autocomplete="off">
{% endif %}
<div class="col-12">
<h2 class="text-center">{{_('Authorize Device Login')}}</h2>
</div>
<div class="form-group col-12">
<p>{{_('Log into a service on another device without entering your password.')}}</p>
</div>
<div class="form-group col-12">
<label for="initiation-code">{{_('Initiation Code')}}</label>
{% if not initiation %}
<input type="text" class="form-control" id="initiation-code" name="initiation-code" value="{{ initiation_code or '' }}" required="required" tabindex = "1" autofocus>
{% else %}
<input type="text" class="form-control" id="initiation-code" name="initiation-code" value="{{ initiation.code }}" readonly>
{% endif %}
</div>
{% if confirmation %}
<div class="form-group col-12">
<label for="confirmation-code">{{_('Confirmation Code')}}</label>
<input type="text" class="form-control" id="confirmation-code" name="confirmation-code" value="{{ confirmation.code }}" readonly>
</div>
{% endif %}
{% if not initiation %}
<div class="form-group col-12">
<p>{{_('Start logging into a service on the other device and chose "Device Login" on the login page. Enter the displayed initiation code in the box above.')}}</p>
</div>
<div class="form-group col-12">
<button type="submit" class="btn btn-primary btn-block" tabindex = "2">{{_('Continue')}}</button>
</div>
<div class="form-group col-12">
<a href="{{ url_for('index') }}" class="btn btn-secondary btn-block" tabindex="0">{{_('Cancel')}}</a>
</div>
{% elif not confirmation %}
<div class="form-group col-12">
<p>{{_('Authorize the login for service <b>%(service_name)s</b>?', service_name=initiation.description|e)|safe}}</p>
</div>
<div class="form-group col-12">
<button type="submit" class="btn btn-primary btn-block" tabindex = "2">{{_('Authorize Login')}}</button>
</div>
<div class="form-group col-12">
<a href="{{ url_for('index') }}" class="btn btn-secondary btn-block" tabindex="0">{{_('Cancel')}}</a>
</div>
{% else %}
<div class="form-group col-12">
<p>{{_('Enter the confirmation code on the other device and complete the login. Click <em>Finish</em> afterwards.')|safe}}</p>
</div>
<div class="form-group col-12">
<button type="submit" class="btn btn-primary btn-block" tabindex = "2">{{_('Finish')}}</button>
</div>
{% endif %}
</form>
{% endblock %}
uffd/templates/session/devicelogin.html 0 → 100644
View file @ 98fe5690
{% extends 'base_narrow.html' %}
{% block body %}
<form action="{{ url_for("session.devicelogin_submit", ref=ref) }}" method="POST" autocomplete="off">
<div class="col-12">
<h2 class="text-center">{{_('Device Login')}}</h2>
</div>
<div class="form-group col-12">
<p>{{_('Use a login session on another device (e.g. your laptop) to log into a service without entering your password.')}}</p>
</div>
{% if initiation %}
<div class="form-group col-12">
<label for="initiation-code">{{_('Initiation Code')}}</label>
<input type="text" class="form-control" id="initiation-code" name="initiation-code" value="{{ initiation.code }}" readonly>
</div>
<input type="hidden" class="form-control" id="initiation-secret" name="initiation-secret" value="{{ initiation.secret }}">
<div class="form-group col-12">
<label for="confirmation-code">{{_('Confirmation Code')}}</label>
<input type="text" class="form-control" id="confirmation-code" name="confirmation-code" required="required" tabindex = "1" autofocus>
</div>
<div class="form-group col-12">
<p>{{_('Open <code><a href="%(deviceauth_url)s">%(deviceauth_url)s</a></code> on the other device and enter the initiation code there. Then enter the confirmation code in the box above.', deviceauth_url=url_for('session.deviceauth', _external=True)|e)|safe}}</p>
</div>
<div class="form-group col-12">
<button type="submit" class="btn btn-primary btn-block" tabindex = "3">{{_('Continue')}}</button>
</div>
{% endif %}
<div class="form-group col-12">
<a href="{{ url_for('session.login', ref=ref, devicelogin=True) }}" class="btn btn-secondary btn-block" tabindex="0">{{_('Cancel')}}</a>
</div>
</form>
{% endblock %}
uffd/templates/session/login.html 0 → 100644
View file @ 98fe5690
{% extends 'base_narrow.html' %}
{% block body %}
<form action="{{ url_for("session.login", ref=ref) }}" method="POST">
<div class="col-12">
<h2 class="text-center">{{_("Login")}}</h2>
</div>
{% if config['LOGIN_BANNER'] %}
<p>{{ config['LOGIN_BANNER'] }}</p>
{% endif %}
<div class="form-group col-12">
<label for="user-loginname">{{_("Login Name")}}</label>
<input type="text" autocomplete="username" class="form-control" id="user-loginname" name="loginname" required="required" tabindex="1" autofocus>
</div>
<div class="form-group col-12">
<label for="user-password1">{{_("Password")}}</label>
<input type="password" autocomplete="current-password" class="form-control" id="user-password1" name="password" required="required" tabindex="2">
</div>
<div class="form-group col-12">
<button type="submit" class="btn btn-primary btn-block" tabindex="3">{{_("Login")}}</button>
</div>
{% if request.values.get('devicelogin') %}
<div class="text-center text-muted mb-3">{{_("- or -")}}</div>
<div class="form-group col-12">
<a href="{{ url_for('session.devicelogin_start', ref=ref) }}" class="btn btn-primary btn-block" tabindex="0">{{_("Login with another device")}}</a>
</div>
{% endif %}
<div class="clearfix col-12">
{% if config['SELF_SIGNUP'] %}
<a href="{{ url_for("signup.signup_start") }}" class="float-left">{{_("Register")}}</a>
{% endif %}
<a href="{{ url_for("selfservice.forgot_password") }}" class="float-right">{{_("Forgot Password?")}}</a>
</div>
</form>
{% endblock %}
uffd/mfa/templates/mfa/auth.html uffd/templates/session/mfa_auth.html
View file @ 98fe5690
{% extends 'base.html' %}
{% extends 'base_narrow.html' %}
{% block body %}
<form action="{{ url_for("mfa.auth_finish", ref=ref) }}" method="POST">
<div class="row mt-2 justify-content-center">
<div class="col-lg-6 col-md-10" style="background: #f7f7f7; box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3); padding: 30px;">
<div class="text-center">
<img alt="branding logo" src="{{ config.get("BRANDING_LOGO_URL") }}" class="col-lg-8 col-md-12" >
</div>
<div class="col-12 mb-3">
<h2 class="text-center">{{_("Two-Factor Authentication")}}</h2>
</div>
{% if request.user_pre_mfa.mfa_webauthn_methods %}
<noscript>
<div class="form-group col-12">
<div id="webauthn-nojs" class="alert alert-warning" role="alert">{{_("Enable javascript for authentication with U2F/FIDO2 devices")}}</div>
</div>
</noscript>
<div id="webauthn-unsupported" class="form-group col-12 d-none">
<div class="alert alert-warning" role="alert">{{_("Authentication with U2F/FIDO2 devices is not supported by your browser")}}</div>
</div>
<div class="form-group col-12 d-none webauthn-group">
<div id="webauthn-alert" class="alert alert-warning d-none" role="alert"></div>
<button type="button" id="webauthn-btn" class="btn btn-primary btn-block">
<span id="webauthn-spinner" class="spinner-border spinner-border-sm d-none" role="status" aria-hidden="true"></span>
<span id="webauthn-btn-text">{{_("Authenticate with U2F/FIDO2 device")}}</span>
</button>
</div>
<div class="text-center text-muted d-none webauthn-group mb-3">- {{_("or")}} -</div>
{% endif %}
<div class="form-group col-12 mb-2">
<input type="text" class="form-control" id="mfa-code" name="code" required="required" placeholder="{{_("Code from your authenticator app or recovery code")}}" autocomplete="off" autofocus>
</div>
<div class="form-group col-12">
<button type="submit" class="btn btn-primary btn-block">{{_("Verify")}}</button>
</div>
<form action="{{ url_for("session.mfa_auth_finish", ref=ref) }}" method="POST" autocomplete="off">
<div class="col-12 mb-3">
<h2 class="text-center">{{_("Two-Factor Authentication")}}</h2>
</div>
{% if request.user_pre_mfa.mfa_webauthn_methods %}
<noscript>
<div class="form-group col-12">
<a href="{{ url_for("session.logout") }}" class="btn btn-secondary btn-block">{{_("Cancel")}}</a>
<div id="webauthn-nojs" class="alert alert-warning" role="alert">{{_("Enable javascript for authentication with U2F/FIDO2 devices")}}</div>
</div>
</noscript>
<div id="webauthn-unsupported" class="form-group col-12 d-none">
<div class="alert alert-warning" role="alert">{{_("Authentication with U2F/FIDO2 devices is not supported by your browser")}}</div>
</div>
<div class="form-group col-12 d-none webauthn-group">
<div id="webauthn-alert" class="alert alert-warning d-none" role="alert"></div>
<button type="button" id="webauthn-btn" class="btn btn-primary btn-block">
<span id="webauthn-spinner" class="spinner-border spinner-border-sm d-none" role="status" aria-hidden="true"></span>
<span id="webauthn-btn-text">{{_("Authenticate with U2F/FIDO2 device")}}</span>
</button>
</div>
<div class="text-center text-muted d-none webauthn-group mb-3">- {{_("or")}} -</div>
{% endif %}
<div class="form-group col-12 mb-2">
<input type="text" class="form-control" id="mfa-code" name="code" required="required" placeholder="{{_("Code from your authenticator app or recovery code")}}" autofocus>
</div>
<div class="form-group col-12">
<button type="submit" class="btn btn-primary btn-block">{{_("Verify")}}</button>
</div>
<div class="form-group col-12">
<a href="{{ url_for("session.logout") }}" class="btn btn-secondary btn-block">{{_("Cancel")}}</a>
</div>
</div>
</form>
{% if webauthn_supported and request.user_pre_mfa.mfa_webauthn_methods %}
......@@ -48,27 +40,27 @@
function begin_webauthn() {
$('#webauthn-alert').addClass('d-none');
$('#webauthn-spinner').removeClass('d-none');
$('#webauthn-btn-text').text('Fetching credential data');
$('#webauthn-btn-text').text({{ _('Contacting server')|tojson }});
$('#webauthn-btn').prop('disabled', true);
fetch({{ url_for('mfa.auth_webauthn_begin')|tojson }}, {
fetch({{ url_for('session.mfa_auth_webauthn_begin')|tojson }}, {
method: 'POST',
}).then(function(response) {
if (response.ok) {
return response.arrayBuffer();
} else if (response.status == 403) {
window.location = {{ request.url|tojson }}; /* reload */
throw new Error('Session timed out');
throw new Error({{ _('Session timed out')|tojson }});
} else if (response.status == 404) {
throw new Error('You have not registered any U2F/FIDO2 devices for your account');
throw new Error({{ _('You have not registered any U2F/FIDO2 devices for your account')|tojson }});
} else {
throw new Error('Server error');
throw new Error({{ _('Server error')|tojson }});
}
}).then(CBOR.decode).then(function(options) {
$('#webauthn-btn-text').text('Waiting for response from your device');
$('#webauthn-btn-text').text({{ _('Waiting for device')|tojson }});
return navigator.credentials.get(options);
}).then(function(assertion) {
$('#webauthn-btn-text').text('Verifing response');
return fetch({{ url_for('mfa.auth_webauthn_complete')|tojson }}, {
$('#webauthn-btn-text').text({{ _('Verifing response')|tojson }});
return fetch({{ url_for('session.mfa_auth_webauthn_complete')|tojson }}, {
method: 'POST',
headers: {'Content-Type': 'application/cbor'},
body: CBOR.encode({
......@@ -81,37 +73,37 @@ function begin_webauthn() {
}).then(function(response) {
if (response.ok) {
$('#webauthn-spinner').addClass('d-none');
$('#webauthn-btn-text').text('Success, redirecting');
$('#webauthn-btn-text').text({{ _('Success, redirecting')|tojson }});
window.location = {{ (ref or url_for('index'))|tojson }};
} else if (response.status == 403) {
window.location = {{ request.url|tojson }}; /* reload */
throw new Error('Session timed out');
throw new Error({{ _('Session timed out')|tojson }});
} else {
throw new Error('Response from authenticator rejected');
throw new Error({{ _('Invalid response from device')|tojson }});
}
}).catch(function(err) {
console.log(err);
/* various webauthn errors */
if (err.name == 'NotAllowedError')
$('#webauthn-alert').text('Authentication timed out, was aborted or not allowed');
$('#webauthn-alert').text({{ _('Authentication timed out, was aborted or not allowed')|tojson }});
else if (err.name == 'InvalidStateError')
$('#webauthn-alert').text('Device is not registered for your account');
$('#webauthn-alert').text({{ _('Device is not registered for your account')|tojson }});
else if (err.name == 'AbortError')
$('#webauthn-alert').text('Authentication was aborted');
$('#webauthn-alert').text({{ _('Authentication was aborted')|tojson }});
else if (err.name == 'NotSupportedError')
$('#webauthn-alert').text('U2F and FIDO2 devices are not supported by your browser');
$('#webauthn-alert').text({{ _('U2F and FIDO2 devices are not supported by your browser')|tojson }});
/* errors from fetch() */
else if (err.name == 'TypeError')
$('#webauthn-alert').text('Could not connect to server');
$('#webauthn-alert').text({{ _('Could not connect to server')|tojson }});
/* our own errors */
else if (err.name == 'Error')
$('#webauthn-alert').text(err.message);
/* fallback */
else
$('#webauthn-alert').text('Authentication failed ('+err+')');
$('#webauthn-alert').text({{ _('Authentication failed ')|tojson }}+'('+err+')');
$('#webauthn-alert').removeClass('d-none');
$('#webauthn-spinner').addClass('d-none');
$('#webauthn-btn-text').text('Try FIDO token again');
$('#webauthn-btn-text').text({{ _('Retry authenticate with U2F/FIDO2 device')|tojson }});
$('#webauthn-btn').prop('disabled', false);
});
}
......
uffd/templates/signup/confirm.html 0 → 100644
View file @ 98fe5690
{% extends 'base_narrow.html' %}
{% block body %}
<form action="{{ url_for(".signup_confirm_submit", signup_id=signup.id, token=signup.token) }}" method="POST">
<div class="col-12">
<h2 class="text-center">{{_('Complete Registration')}}</h2>
</div>
<div class="form-group col-12">
<label for="user-password1">{{_('Please enter your password to complete the account registration')}}</label>
<input type="password" autocomplete="current-password" class="form-control" id="user-password1" name="password" required="required">
</div>
<div class="form-group col-12">
<button type="submit" class="btn btn-primary btn-block">{{_('Complete Account Registration')}}</button>
</div>
</form>
{% endblock %}
uffd/signup/templates/signup/mail.txt uffd/templates/signup/mail.txt
View file @ 98fe5690
......@@ -4,7 +4,7 @@ an account was created on the {{ config.ORGANISATION_NAME }} infrastructure with
Please visit the following url to complete the account registration:
{{ url_for('signup.signup_confirm', token=signup.token, _external=True) }}
{{ url_for('signup.signup_confirm', signup_id=signup.id, token=signup.token, _external=True) }}
**The link is valid for 48h**
......
uffd/signup/templates/signup/start.html uffd/templates/signup/start.html
View file @ 98fe5690
{% extends 'base.html' %}
{% extends 'base_narrow.html' %}
{% block body %}
<form action="{{ url_for('.signup_submit') }}" method="POST" onInput="password2.setCustomValidity(password1.value != password2.value ? 'Passwords do not match.' : '') ">
<div class="row mt-2 justify-content-center">
<div class="col-lg-6 col-md-10" style="background: #f7f7f7; box-shadow: 0px 2px 2px rgba(0, 0, 0, 0.3); padding: 30px;">
<div class="text-center">
<img alt="branding logo" src="{{ config.get("BRANDING_LOGO_URL") }}" class="col-lg-8 col-md-12" >
</div>
<div class="col-12">
<h2 class="text-center">{{_('Account Registration')}}</h2>
</div>
{% if error %}
<div class="form-group col-12">
<div class="alert alert-danger" role="alert">{{ error }}</div>
</div>
{% endif %}
<div class="form-group col-12">
<label for="user-loginname">{{_('Login Name')}}</label>
<div class="js-only-input-group">
<input type="text" class="form-control" id="user-loginname" name="loginname" aria-describedby="loginname-feedback" value="{{ request.form.loginname }}" minlength=1 maxlength=32 pattern="[a-z0-9_-]*" required>
<div class="js-only-input-group-append d-none">
<button class="btn btn-outline-secondary rounded-right" type="button" id="check-loginname">{{_('Check')}}</button>
</div>
<div id="loginname-feedback" class="invalid-feedback"></div>
<div class="col-12">
<h2 class="text-center">{{_('Account Registration')}}</h2>
</div>
<div class="form-group col-12">
<label for="user-loginname">{{_('Login Name')}}</label>
<div class="js-only-input-group">
<input type="text" autocomplete="username" class="form-control" id="user-loginname" name="loginname" aria-describedby="loginname-feedback" value="{{ request.form.loginname }}" minlength=1 maxlength=32 pattern="[a-z0-9_-]*" required>
<div class="js-only-input-group-append d-none">
<button class="btn btn-outline-secondary rounded-right" type="button" id="check-loginname">{{_('Check')}}</button>
</div>
<small class="form-text text-muted">
{{_('At least one and at most 32 lower-case characters, digits, dashes ("-") or underscores ("_"). <b>Cannot be changed later!</b>')|safe}}
</small>
</div>
<div class="form-group col-12">
<label for="user-displayname">{{_('Display Name')}}</label>
<input type="text" class="form-control" id="user-displayname" name="displayname" value="{{ request.form.displayname }}" minlength=1 maxlength=128 required>
<small class="form-text text-muted">
{{_('At least one and at most 128 characters, no other special requirements.')}}
</small>
</div>
<div class="form-group col-12">
<label for="user-mail">{{_('E-Mail Address')}}</label>
<input type="email" class="form-control" id="user-mail" name="mail" value="{{ request.form.mail }}" required>
<small class="form-text text-muted">
{{_('We will send a confirmation mail to this address that you need to complete the registration.')}}
</small>
</div>
<div class="form-group col-12">
<label for="user-password1">{{_('Password')}}</label>
<input type="password" class="form-control" id="user-password1" name="password1" minlength=8 maxlength=256 required>
<small class="form-text text-muted">
{{_("At least 8 and at most 256 characters, no other special requirements. But please don't be stupid, do use a password manager.")}}
</small>
</div>
<div class="form-group col-12">
<label for="user-password2">{{_('Repeat Password')}}</label>
<input type="password" class="form-control" id="user-password2" name="password2" required>
</div>
<div class="form-group col-12">
<button type="submit" class="btn btn-primary btn-block">{{_('Create Account')}}</button>
<div id="loginname-feedback" class="invalid-feedback"></div>
</div>
<small class="form-text text-muted">
{{_('At least one and at most 32 lower-case characters, digits, dashes ("-") or underscores ("_"). <b>Cannot be changed later!</b>')|safe}}
</small>
</div>
<div class="form-group col-12">
<label for="user-displayname">{{_('Display Name')}}</label>
<input type="text" autocomplete="nickname" class="form-control" id="user-displayname" name="displayname" value="{{ request.form.displayname }}" minlength=1 maxlength=128 required>
<small class="form-text text-muted">
{{_('At least one and at most 128 characters, no other special requirements.')}}
</small>
</div>
<div class="form-group col-12">
<label for="user-mail">{{_('E-Mail Address')}}</label>
<input type="email" autocomplete="email" class="form-control" id="user-mail" name="mail" value="{{ request.form.mail }}" required>
<small class="form-text text-muted">
{{_('We will send a confirmation mail to this address that you need to complete the registration.')}}
</small>
</div>
<div class="form-group col-12">
<label for="user-password1">{{_('Password')}}</label>
<input type="password" autocomplete="new-password" class="form-control" id="user-password1" name="password1" minlength={{ User.PASSWORD_MINLEN }} maxlength={{ User.PASSWORD_MAXLEN }} pattern="{{ User.PASSWORD_REGEX }}" required>
<small class="form-text text-muted">
{{ User.PASSWORD_DESCRIPTION|safe }}
</small>
</div>
<div class="form-group col-12">
<label for="user-password2">{{_('Repeat Password')}}</label>
<input type="password" autocomplete="new-password" class="form-control" id="user-password2" name="password2" required>
</div>
<div class="form-group col-12">
<button type="submit" class="btn btn-primary btn-block">{{_('Create Account')}}</button>
</div>
</div>
</form>
<script>
......
uffd/templates/signup/submitted.html 0 → 100644
View file @ 98fe5690
{% extends 'base_narrow.html' %}
{% block body %}
<div class="col-12 mb-3">
<h2 class="text-center">{{_('Confirm your E-Mail Address')}}</h2>
</div>
<p>{{_('We sent a confirmation mail to <b>%(signup_mail)s</b>. You need to confirm your mail address within 48 hours to complete the account registration.', signup_mail=signup.mail|e)|safe}}</p>
<p>{{_("If you mistyped your mail address or don't receive the confirmation mail for another reason, retry the registration procedure from the beginning.")}}</p>
{% endblock %}
uffd/user/templates/user/list.html uffd/templates/user/list.html
View file @ 98fe5690
......@@ -21,18 +21,21 @@
</tr>
</thead>
<tbody>
{% for user in users|sort(attribute="uid") %}
<tr id="user-{{ user.uid }}">
{% for user in users|sort(attribute="unix_uid") %}
<tr id="user-{{ user.id }}">
<th scope="row">
{{ user.uid }}
{{ user.unix_uid }}
</th>
<td>
<a href="{{ url_for("user.show", uid=user.uid) }}">
<a href="{{ url_for("user.show", id=user.id) }}">
{{ user.loginname }}
</a>
{% if user.is_service_user %}
<span class="badge badge-secondary">{{_('service')}}</span>
{% endif %}
{% if user.is_deactivated %}
<span class="badge badge-danger">{{ _('deactivated') }}</span>
{% endif %}
</td>
<td>
{{ user.displayname }}
......@@ -71,8 +74,8 @@ testuser2,foobaadsfr@example.com,5;2
</pre>
<textarea rows="10" class="form-control" name="csv"></textarea>
<div class="form-check mt-2">
<input class="form-check-input" type="checkbox" id="ignore-loginname-blacklist" name="ignore-loginname-blacklist" value="1" aria-label="enabled">
<label class="form-check-label" for="ignore-loginname-blacklist">{{_("Ignore login name blacklist")}}</label>
<input class="form-check-input" type="checkbox" id="ignore-loginname-blocklist" name="ignore-loginname-blocklist" value="1" aria-label="enabled">
<label class="form-check-label" for="ignore-loginname-blocklist">{{_("Ignore login name blocklist")}}</label>
</div>
</div>
<div class="modal-footer">
......

Impressum - Datenschutzerklärung