Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • uffd/uffd
  • rixx/uffd
  • thies/uffd
  • leona/uffd
  • enbewe/uffd
  • strifel/uffd
  • thies/uffd-2
7 results
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 1369 additions and 0 deletions
uffd/user/templates/group_list.html uffd/templates/rolemod/list.html
View file @ 98fe5690
......@@ -3,27 +3,23 @@
{% block body %}
<div class="row">
<div class="col">
<table class="table table-striped">
<table class="table table-striped table-sm">
<thead>
<tr>
<th scope="col">gid</th>
<th scope="col">name</th>
<th scope="col">description</th>
<th scope="col">{{_('Name')}}</th>
<th scope="col">{{_('Description')}}</th>
</tr>
</thead>
<tbody>
{% for group in groups|sort(attribute="gid") %}
<tr id="group-{{ group.gid }}">
{% for role in roles|sort(attribute='name') %}
<tr id="role-{{ role.id }}">
<th scope="row">
{{ group.gid }}
</th>
<td>
<a href="{{ url_for("group.show", gid=group.gid) }}">
{{ group.name }}
<a href="{{ url_for('rolemod.show', role_id=role.id) }}">
{{ role.name or '<empty name>' }}
</a>
</td>
</th>
<td>
{{ group.description }}
{{ role.description }}
</td>
</tr>
{% endfor %}
......
uffd/templates/rolemod/show.html 0 → 100644
View file @ 98fe5690
{% extends 'base.html' %}
{% block body %}
<form method="POST" action="{{ url_for("rolemod.update", role_id=role.id) }}">
<div class="float-sm-right pb-2">
<a href="{{ url_for("invite.new", **{"role-%d"%role.id: 1}) }}" class="btn btn-primary mr-2"><i class="fa fa-link" aria-hidden="true"></i> {{_('Invite Members')}}</a>
<button type="submit" class="btn btn-primary"><i class="fa fa-save" aria-hidden="true"></i> {{_('Save')}}</button>
<a href="{{ url_for("rolemod.index") }}" class="btn btn-secondary">{{_('Cancel')}}</a>
</div>
<ul class="nav nav-tabs pt-2 border-0" id="tablist" role="tablist">
<li class="nav-item">
<a class="nav-link active" id="overview-tab" data-toggle="tab" href="#overview" role="tab" aria-controls="overview" aria-selected="true">{{_('Overview')}}</a>
</li>
<li class="nav-item">
<a class="nav-link" id="members-tab" data-toggle="tab" href="#members" role="tab" aria-controls="members" aria-selected="false">{{_('Members')}} <span class="badge badge-pill badge-secondary">{{ role.members|length }}</span></a>
</li>
</ul>
<div class="tab-content border mb-2 pt-2" id="tabcontent">
<div class="tab-pane fade show active" id="overview" role="tabpanel" aria-labelledby="overview-tab">
<div class="form-group col">
<label for="role-name">{{_('Role name')}}</label>
<input type="text" class="form-control" id="role-name" value="{{ role.name }}" readonly>
</div>
<div class="form-group col">
<label for="role-description">{{_('Description')}}</label>
<textarea class="form-control" id="role-description" rows="5" name="description">{{ role.description }}</textarea>
</div>
<div class="form-group col">
<label>{{_('Moderators:')}}</label>
<ul>
{% for moderator in role.moderator_group.members %}
<li>{{ moderator.displayname }} ({{ moderator.loginname }})</li>
{% endfor %}
</ul>
</div>
</div>
<div class="tab-pane fade" id="members" role="tabpanel" aria-labelledby="members-tab">
<div class="col">
<span>{{_('Role members:')}}</span>
<table class="table table-striped table-sm">
<thead>
<tr>
<th scope="col">{{_('Name')}}</th>
<th scope="col"></th>
</tr>
</thead>
<tbody>
{% for member in role.members|sort(attribute="loginname") %}
<tr>
<td>{{ member.displayname }} ({{ member.loginname }})</td>
<td class="text-right">
<a class="btn btn-danger py-0" href="{{ url_for('rolemod.delete_member', role_id=role.id, member_id=member.id) }}">{{_('Remove')}}</a>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
</form>
{% endblock %}
uffd/templates/selfservice/disable_mfa.html 0 → 100644
View file @ 98fe5690
{% extends 'base.html' %}
{% block body %}
<p>
{{_("When you proceed, all recovery codes, registered authenticator applications and devices will be invalidated.
You can later generate new recovery codes and setup your applications and devices again.")}}
</p>
<form class="form" action="{{ url_for('selfservice.disable_mfa_confirm') }}" method="POST">
<button type="submit" class="btn btn-danger btn-block">{{_("Disable two-factor authentication")}}</button>
</form>
{% endblock %}
uffd/templates/selfservice/forgot_password.html 0 → 100644
View file @ 98fe5690
{% extends 'base_narrow.html' %}
{% block body %}
<form action="{{ url_for("selfservice.forgot_password") }}" method="POST">
<div class="col-12">
<h2 class="text-center">{{_("Forgot password")}}</h2>
</div>
<div class="form-group col-12">
<label for="user-loginname">{{_("Login Name")}}</label>
<input type="text" autocomplete="username" class="form-control" id="user-loginname" name="loginname" required="required" tabindex="1">
</div>
<div class="form-group col-12">
<label for="user-mail">{{_("Mail Address")}}</label>
<input type="email" autocomplete="email" class="form-control" id="user-mail" name="mail" required="required" tabindex="2">
</div>
<div class="form-group col-12">
<button type="submit" class="btn btn-primary btn-block" tabindex="3">{{_("Send password reset mail")}}</button>
</div>
</form>
{% endblock %}
uffd/templates/selfservice/mailverification.mail.txt 0 → 100644
View file @ 98fe5690
Hi {{ user.displayname }},
you have requested to change your mail address. To confirm the change, please visit the following url:
{{ url_for('selfservice.verify_email', email_id=email.id, secret=secret, _external=True) }}
**The link is valid for 48h**
uffd/templates/selfservice/newuser.mail.txt 0 → 100644
View file @ 98fe5690
Hi {{ user.displayname }},
welcome to the {{ config.ORGANISATION_NAME }} infrastructure! An account was created for you.
Please visit the following url to set your password:
{{ url_for('selfservice.token_password', token_id=token.id, token=token.token, _external=True) }}
**The link is valid for 48h**
{% if config.WELCOME_TEXT %}
{{ config.WELCOME_TEXT }}
{% endif -%}
If you think the account was created by mistake, please contact the administrators at {{ config.ORGANISATION_CONTACT }}.
uffd/templates/selfservice/passwordreset.mail.txt 0 → 100644
View file @ 98fe5690
Hi {{ user.displayname }},
you have requested a password reset. To reset your password, visit the following url:
{{ url_for('selfservice.token_password', token_id=token.id, token=token.token, _external=True) }}
**The link is valid for 48h**
If you did not request a password reset, please ignore this message.
uffd/templates/selfservice/self.html 0 → 100644
View file @ 98fe5690
{% extends 'base.html' %}
{% block body %}
{% if not user.mfa_enabled and user.compute_groups() != user.compute_groups(ignore_mfa=True) %}
<div class="alert alert-warning" role="alert">
{{_("Some permissions require you to setup two-factor authentication.
These permissions are not in effect until you do that.")}}
</div>
{% endif %}
<div class="row">
<div class="col-12 col-md-5">
<h5>{{_("Profile")}}</h5>
<p>{{_("Your profile information is used by all services that are integrated into the Single-Sign-On.")}}</p>
<p>{{_("Changes may take several minutes to be visible in all services.")}}</p>
</div>
<div class="col-12 col-md-7">
<form class="form" action="{{ url_for("selfservice.update_profile") }}" method="POST">
<div class="form-group">
<label>{{_("Login Name")}}</label>
<input type="text" class="form-control" value="{{ user.loginname }}" readonly>
</div>
<div class="form-group">
<label>{{_("Display Name")}}</label>
<input type="text" class="form-control" id="user-displayname" name="displayname" value="{{ user.displayname }}">
</div>
<button type="submit" class="btn btn-primary btn-block">{{_("Update Profile")}}</button>
</form>
</div>
</div>
<hr>
<div class="row">
<div class="col-12 col-md-5">
<h5>{{_("E-Mail Addresses")}}</h5>
<p>{{_("Add and delete addresses associated with your account. You will need to verify new addresses by opening a link set to them.")}}</p>
</div>
<div class="col-12 col-md-7">
<form method="POST" action="{{ url_for('selfservice.add_email') }}" class="form mb-2">
<div class="row m-0">
<label class="sr-only" for="new-email-address">{{_("Email")}}</label>
<input type="email" autocomplete="email" class="form-control mb-2 col-12 col-lg-auto mr-2" style="width: 20em;" id="new-email-address" name="address" placeholder="{{_("New E-Mail Address")}}" required>
<button type="submit" class="btn btn-primary mb-2 col">{{_("Add address")}}</button>
</div>
</form>
<table class="table mb-0">
<tbody>
{% for email in user.all_emails|sort(attribute='id') %}
<tr>
<td class="pl-0">
{{ email.address }}
{% if email == user.primary_email %}
<span class="badge badge-primary">{{ _('primary') }}</span>
{% elif not email.verified %}
<span class="badge badge-danger">{{ _('unverified') }}</span>
{% endif %}
</td>
<td class="pt-2 pb-1 pr-0">
<form method="POST" action="{{ url_for('selfservice.delete_email', email_id=email.id) }}" onsubmit='return confirm({{_("Are you sure?")|tojson|e}});'>
<button type="submit" class="btn btn-sm btn-danger float-right ml-1 mb-1"{% if email == user.primary_email %} disabled title="{{ _('Cannot delete primary e-mail address') }}"{% endif %}>{{_("Delete")}}</button>
</form>
{% if not email.verified %}
<a href="{{ url_for('selfservice.retry_email_verification', email_id=email.id) }}" class="btn btn-sm btn-primary float-right mb-1">{{_("Retry verification")}}</a>
{% endif %}
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
<hr>
{% set service_users_with_email_prefs = user.service_users|selectattr('has_email_preferences')|list %}
{% set collapse_email_prefs = service_users_with_email_prefs|length > 2 %}
<div class="row">
<div class="col-12 col-md-5">
<h5>{{_("E-Mail Preferences")}}</h5>
<p>
{{ _("Choose your primary e-mail address and the address password recovery e-mails will be sent to.") }}
{% if service_users_with_email_prefs %}
{{ _("You can also select different addresses for different services.") }}
{% endif %}
</p>
<p>{{ _("Adresses must be verified before you can select them here.") }}</p>
</div>
<div class="col-12 col-md-7">
<form class="form" action="{{ url_for("selfservice.update_email_preferences") }}" method="POST">
<div class="form-group">
<label>{{_("Primary Address")}}</label>
<select name="primary_email" class="form-control">
{% for email in user.all_emails if email.verified %}
<option value="{{ email.id }}" {{ 'selected' if email == user.primary_email }}>{{ email.address }}</option>
{% endfor %}
</select>
</div>
<div class="form-group">
<label>{{_("Address for Password Reset E-Mails")}}</label>
<select name="recovery_email" class="form-control">
<option value="primary" {{ 'selected' if not user.recovery_email }}>{{ _('Use primary address') }}</option>
{% for email in user.all_emails if email.verified %}
<option value="{{ email.id }}" {{ 'selected' if email == user.recovery_email }}>{{ email.address }}</option>
{% endfor %}
</select>
</div>
{% for service_user in service_users_with_email_prefs %}
{% if collapse_email_prefs and loop.index == 2 %}
<div id="collapsed-email-prefs">
{% endif %}
<div class="form-group">
<label>{{ _('Address for Service "%(name)s"', name=service_user.service.name) }}</label>
<select name="service_{{ service_user.service.id }}_email" class="form-control">
<option value="primary" {{ 'selected' if not service_user.service_email }}>{{ _('Use primary address') }}</option>
{% for email in user.all_emails if email.verified %}
<option value="{{ email.id }}" {{ 'selected' if email == service_user.service_email }}>{{ email.address }}</option>
{% endfor %}
</select>
</div>
{% endfor %}
{% if collapse_email_prefs %}
</div>
<button type="button" class="btn btn-sm btn-link pl-0 mb-1 showmore" data-target="#collapsed-email-prefs" style="display: none;" aria-expanded="false" aria-controls="collapsed-email-prefs">{{ _("Show more settings ...") }}</button>
{% endif %}
<button type="submit" class="btn btn-primary btn-block">{{_("Update E-Mail Preferences")}}</button>
</form>
</div>
</div>
<hr>
<div class="row mt-3">
<div class="col-12 col-md-5">
<h5>{{_("Password")}}</h5>
<p>{{_("Your login password for the Single-Sign-On. Only enter it on the Single-Sign-On login page! No other legit websites will ask you for this password. We do not ever need your password to assist you.")}}</p>
</div>
<div class="col-12 col-md-7">
<form class="form" action="{{ url_for("selfservice.change_password") }}" method="POST">
<div class="form-group">
<input type="password" autocomplete="new-password" class="form-control" id="user-password1" name="password1" placeholder="{{_("New Password")}}" minlength={{ User.PASSWORD_MINLEN }} maxlength={{ User.PASSWORD_MAXLEN }} pattern="{{ User.PASSWORD_REGEX }}" required>
<small class="form-text text-muted">
{{ User.PASSWORD_DESCRIPTION|safe }}
</small>
</div>
<div class="form-group">
<input type="password" autocomplete="new-password" class="form-control" id="user-password2" name="password2" placeholder="{{_("Repeat Password")}}" required>
</div>
<button type="submit" class="btn btn-primary btn-block">{{_("Change Password")}}</button>
</form>
</div>
</div>
<hr>
<div class="row mt-3">
<div class="col-12 col-md-5">
<h5>{{_("Two-Factor Authentication")}}</h5>
<p>{{_("Setting up Two-Factor Authentication (2FA) adds an additional step to the Single-Sign-On login and increases the security of your account significantly.")}}</p>
</div>
<div class="col-12 col-md-7">
<p>
{% if user.mfa_enabled %}
{{ _("Two-factor authentication is currently <strong>enabled</strong>.")|safe }}
{% else %}
{{ _("Two-factor authentication is currently <strong>disabled</strong>.")|safe }}
{% endif %}
</p>
<a class="btn btn-primary btn-block" href="{{ url_for('selfservice.setup_mfa') }}">{{_("Manage two-factor authentication")}}</a>
</div>
</div>
<hr>
<div class="row mt-3">
<div class="col-12 col-md-5">
<h5>{{_("Active Sessions")}}</h5>
<p>{{_("Your active login sessions on this device and other devices.")}}</p>
<p>{{_("Revoke a session to log yourself out on another device. Note that this is limited to the Single-Sign-On session and <b>does not affect login sessions on services.</b>")}}</p>
</div>
<div class="col-12 col-md-7">
<table class="table">
<thead>
<tr>
<th scope="col">{{_("Last used")}}</th>
<th scope="col">{{_("Device")}}</th>
<th scope="col"></th>
</tr>
</thead>
<tbody>
<tr>
<td>{{_("Just now")}}</td>
<td>{{ request.session.user_agent_browser }} on {{ request.session.user_agent_platform }} ({{ request.session.ip_address }})</td>
<td></td>
</tr>
{% for session in user.sessions|sort(attribute='last_used', reverse=True) if not session.expired and session != request.session %}
<tr>
<td>
{% set last_used_rel = session.last_used - datetime.utcnow() %}
{% if -last_used_rel.total_seconds() <= 60 %}
{{_("Just now")}}
{% else %}
{{ last_used_rel|timedeltaformat(add_direction=True, granularity='minute') }}
{% endif %}
</td>
<td>{{ session.user_agent_browser }} on {{ session.user_agent_platform }} ({{ session.ip_address }})</td>
<td>
{% if session != request.session %}
<form action="{{ url_for("selfservice.revoke_session", session_id=session.id) }}" method="POST" onsubmit='return confirm({{_("Are you sure?")|tojson|e}});'>
<button type="submit" class="btn btn-sm btn-danger float-right">{{_("Revoke")}}</button>
</form>
{% endif %}
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
<hr>
<div class="row mt-3">
<div class="col-12 col-md-5">
<h5>{{_("Roles")}}</h5>
<p>{{_("Aside from a set of base permissions, your roles determine the permissions of your account.")}}</p>
{% if config['SERVICES'] %}
<p>{{_("See <a href=\"%(services_url)s\">Services</a> for an overview of your current permissions.", services_url=url_for('service.overview'))}}</p>
{% endif %}
</div>
<div class="col-12 col-md-7">
<p>{{_("Administrators and role moderators can invite you to new roles.")}}</p>
<table class="table">
<thead>
<tr>
<th scope="col">{{_("Name")}}</th>
<th scope="col">{{_("Description")}}</th>
<th scope="col"></th>
</tr>
</thead>
<tbody>
{% for role in user.roles|sort(attribute='name') %}
<tr>
<td>{{ role.name }}
{% if not user.mfa_enabled and role.groups.values()|selectattr('requires_mfa')|list %}
<i class="fas fa-exclamation-triangle text-warning" title="{{_("Some permissions in this role require you to setup two-factor authentication")}}"></i>
{% endif %}
</td>
<td>{{ role.description }}</td>
<td>
<form action="{{ url_for("selfservice.leave_role", roleid=role.id) }}" method="POST" onsubmit='return confirm({{_("Are you sure?")|tojson|e}});'>
<button type="submit" class="btn btn-sm btn-danger float-right">{{_("Leave")}}</button>
</form>
</td>
</tr>
{% endfor %}
{% if not user.roles %}
<tr class="table-secondary">
<td colspan=3 class="text-center">{{_("You currently don't have any roles")}}</td>
</tr>
{% endif %}
</tbody>
</table>
</div>
</div>
<script>
$(".showmore").each(function () {
$(this).show()
$($(this).data("target")).hide()
})
$(".showmore").on("click", function () {
$(this).slideUp(200)
$(this).prop("ariaExpanded", true)
$($(this).data("target")).slideDown()
})
</script>
{% endblock %}
uffd/templates/selfservice/set_password.html 0 → 100644
View file @ 98fe5690
{% extends 'base_narrow.html' %}
{% block body %}
<form action="{{ url_for("selfservice.token_password", token_id=token.id, token=token.token) }}" method="POST" onInput="password2.setCustomValidity(password1.value != password2.value ? 'Passwords do not match.' : '') ">
<div class="col-12">
<h2 class="text-center">{{_("Reset password")}}</h2>
</div>
<div class="form-group col-12">
<label for="user-password1">{{_("New Password")}}</label>
<input type="password" autocomplete="new-password" class="form-control" id="user-password1" name="password1" tabindex="2" minlength={{ User.PASSWORD_MINLEN }} maxlength={{ User.PASSWORD_MAXLEN }} pattern="{{ User.PASSWORD_REGEX }}" required>
<small class="form-text text-muted">
{{ User.PASSWORD_DESCRIPTION|safe }}
</small>
</div>
<div class="form-group col-12">
<label for="user-password2">{{_("Repeat Password")}}</label>
<input type="password" autocomplete="new-password" class="form-control" id="user-password2" name="password2" tabindex="3" required>
</div>
<div class="form-group col-12">
<button type="submit" class="btn btn-primary btn-block" tabindex="3">{{_("Set password")}}</button>
</div>
</form>
{% endblock %}
uffd/mfa/templates/setup.html uffd/templates/selfservice/setup_mfa.html
View file @ 98fe5690
......@@ -8,27 +8,32 @@ mfa_enabled: The user has setup at least one two-factor method. Two-factor authe
#}
{% set mfa_enabled = totp_methods or webauthn_methods %}
{% set mfa_init = not recovery_methods and not mfa_enabled %}
{% set mfa_setup = recovery_methods and not mfa_enabled %}
{% set mfa_enabled = request.user.mfa_enabled %}
{% set mfa_init = not request.user.mfa_recovery_codes and not mfa_enabled %}
{% set mfa_setup = request.user.mfa_recovery_codes and not mfa_enabled %}
{% block body %}
<p>Two-factor authentication is currently <strong>{{ 'enabled' if mfa_enabled else 'disabled' }}</strong>.
<p>
{% if mfa_enabled %}
{{ _("Two-factor authentication is currently <strong>enabled</strong>.")|safe }}
{% else %}
{{ _("Two-factor authentication is currently <strong>disabled</strong>.")|safe }}
{% endif %}
{% if mfa_init %}
You need to generate recovery codes and setup at least one authentication method to enable two-factor authentication.
{{_("You need to generate recovery codes and setup at least one authentication method to enable two-factor authentication.")}}
{% elif mfa_setup %}
You need to setup at least one authentication method to enable two-factor authentication.
{{_("You need to setup at least one authentication method to enable two-factor authentication.")}}
{% endif %}
</p>
{% if mfa_setup or mfa_enabled %}
<div class="clearfix">
{% if mfa_enabled %}
<form class="form float-right" action="{{ url_for('mfa.disable') }}">
<button type="submit" class="btn btn-danger mb-2">Disable two-factor authentication</button>
<form class="form float-right" action="{{ url_for('selfservice.disable_mfa') }}">
<button type="submit" class="btn btn-danger mb-2">{{_("Disable two-factor authentication")}}</button>
</form>
{% else %}
<form class="form float-right" action="{{ url_for('mfa.disable_confirm') }}" method="POST">
<button type="submit" class="btn btn-light mb-2">Reset two-factor configuration</button>
<form class="form float-right" action="{{ url_for('selfservice.disable_mfa_confirm') }}" method="POST">
<button type="submit" class="btn btn-light mb-2">{{_("Reset two-factor configuration")}}</button>
</form>
{% endif %}
</div>
......@@ -38,29 +43,37 @@ You need to setup at least one authentication method to enable two-factor authen
<div class="row mt-3">
<div class="col-12 col-md-5">
<h4>Recovery Codes</h4>
<p>Recovery codes allow you to login and setup new two-factor methods when you lost your registered second factor.</p>
<h4>{{_("Recovery Codes")}}</h4>
<p>
{{_("Recovery codes allow you to login and setup new two-factor methods when you lost your registered second factor.")}}
</p>
<p>
{% if mfa_init %}<strong>{% endif %}
You need to setup recovery codes before you can setup up authenticator apps or U2F/FIDO2 devices.
{{_("You need to setup recovery codes before you can setup up authenticator apps or U2F/FIDO2 devices.")}}
{% if mfa_init %}</strong>{% endif %}
Each code can only be used once.
{{_("Each code can only be used once.")}}
</p>
</div>
<div class="col-12 col-md-7">
<form class="form" action="{{ url_for('mfa.setup_recovery') }}" method="POST">
<form class="form" action="{{ url_for('selfservice.setup_mfa_recovery') }}" method="POST">
{% if mfa_init %}
<button type="submit" class="btn btn-primary mb-2 col">Generate recovery codes to enable two-factor authentication</button>
<button type="submit" class="btn btn-primary mb-2 col">
{{_("Generate recovery codes to enable two-factor authentication")}}
</button>
{% else %}
<button type="submit" class="btn btn-primary mb-2 col">Generate new recovery codes</button>
<button type="submit" class="btn btn-primary mb-2 col">
{{_("Generate new recovery codes")}}
</button>
{% endif %}
</form>
{% if recovery_methods %}
<p>{{ recovery_methods|length }} recovery codes remain</p>
{% elif not recovery_methods and mfa_enabled %}
<p><strong>You have no remaining recovery codes.</strong></p>
{% if request.user.mfa_recovery_codes %}
<p>{{ request.user.mfa_recovery_codes|length }} recovery codes remain</p>
{% elif not request.user.mfa_recovery_codes and mfa_enabled %}
<p>
<strong>{{_("You have no remaining recovery codes.")}}</strong>
</p>
{% endif %}
</div>
</div>
......@@ -69,40 +82,44 @@ You need to setup at least one authentication method to enable two-factor authen
<div class="row mt-3">
<div class="col-12 col-md-5">
<h4>Authenticator Apps (TOTP)</h4>
<p>Use an authenticator application on your mobile device as a second factor.</p>
<p>The authenticator app generates a 6-digit one-time code each time you login.
Compatible apps are freely available for most phones.</p>
<h4>{{_("Authenticator Apps (TOTP)")}}</h4>
<p>
{{_("Use an authenticator application on your mobile device as a second factor.")}}
</p>
<p>
{{_("The authenticator app generates a 6-digit one-time code each time you login.
Compatible apps are freely available for most phones.")}}
</p>
</div>
<div class="col-12 col-md-7">
<form class="form mb-2" action="{{ url_for('mfa.setup_totp') }}">
<form class="form mb-2" action="{{ url_for('selfservice.setup_mfa_totp') }}" autocomplete="off">
<div class="row m-0">
<label class="sr-only" for="totp-name">Name</label>
<input type="text" name="name" class="form-control mb-2 col-12 col-lg-auto mr-2" style="width: 15em;" id="totp-name" placeholder="Name" required {{ 'disabled' if mfa_init }}>
<button type="submit" id="totp-submit" class="btn btn-primary mb-2 col" {{ 'disabled' if mfa_init }}>Setup new app</button>
<label class="sr-only" for="totp-name">{{_("Name")}}</label>
<input type="text" name="name" class="form-control mb-2 col-12 col-lg-auto mr-2" style="width: 15em;" id="totp-name" placeholder="{{_("Name")}}" required {{ 'disabled' if mfa_init }}>
<button type="submit" id="totp-submit" class="btn btn-primary mb-2 col" {{ 'disabled' if mfa_init }}>{{_("Setup new app")}}</button>
</div>
</form>
<table class="table">
<thead>
<tr>
<th scope="col">Name</th>
<th scope="col">Registered On</th>
<th scope="col">{{_("Name")}}</th>
<th scope="col">{{_("Registered On")}}</th>
<th scope="col"></th>
</tr>
</thead>
<tbody>
{% for method in totp_methods %}
{% for method in request.user.mfa_totp_methods %}
<tr>
<td>{{ method.name }}</td>
<td>{{ method.created.strftime('%b %d, %Y') }}</td>
<td><a class="btn btn-sm btn-danger float-right" href="{{ url_for('mfa.delete_totp', id=method.id) }}">Delete</a></td>
<td>{{ method.created|dateformat }}</td>
<td><a class="btn btn-sm btn-danger float-right" href="{{ url_for('selfservice.delete_mfa_totp', id=method.id) }}">{{_("Delete")}}</a></td>
</tr>
{% endfor %}
{% if not totp_methods %}
{% if not request.user.mfa_totp_methods %}
<tr class="table-secondary">
<td colspan=3 class="text-center">No authenticator apps registered yet</td>
<td colspan=3 class="text-center">{{_("No authenticator apps registered yet")}}</td>
</tr>
{% endif %}
</tbody>
......@@ -114,27 +131,34 @@ You need to setup at least one authentication method to enable two-factor authen
<div class="row">
<div class="col-12 col-md-5">
<h4>U2F and FIDO2 Devices</h4>
<p>Use an U2F or FIDO2 compatible hardware security key as a second factor.</p>
<p>U2F and FIDO2 devices are not supported by all browsers and can be particularly difficult to use on mobile devices.
<strong>It is strongly recommended to also setup an authenticator app</strong> to be able to login on all browsers.</p>
<h4>{{_("U2F and FIDO2 Devices")}}</h4>
<p>
{{_("Use an U2F or FIDO2 compatible hardware security key as a second factor.")}}
</p>
<p>
{{_("U2F and FIDO2 devices are not supported by all browsers and can be particularly difficult to use on mobile
devices. <strong>It is strongly recommended to also setup an authenticator app</strong> to be able to login on all
browsers.")}}
</p>
</div>
<div class="col-12 col-md-7">
{% if not webauthn_supported %}
<div class="alert alert-warning" role="alert">U2F/FIDO2 support not enabled</div>
<div class="alert alert-warning" role="alert">{{_("U2F/FIDO2 support not enabled")}}</div>
{% endif %}
<noscript>
<div class="alert alert-warning" role="alert">Enable javascript in your browser to use U2F and FIDO2 devices!</div>
<div class="alert alert-warning" role="alert">
{{_("Enable javascript in your browser to use U2F and FIDO2 devices!")}}
</div>
</noscript>
<div id="webauthn-alert" class="alert alert-warning d-none" role="alert"></div>
<form id="webauthn-form" class="form mb-2">
<form id="webauthn-form" autocomplete="off" class="form mb-2">
<div class="row m-0">
<label class="sr-only" for="webauthn-name">Name</label>
<input type="text" class="form-control mb-2 col-12 col-lg-auto mr-2" style="width: 15em;" id="webauthn-name" placeholder="Name" required disabled>
<label class="sr-only" for="webauthn-name">{{_("Name")}}</label>
<input type="text" class="form-control mb-2 col-12 col-lg-auto mr-2" style="width: 15em;" id="webauthn-name" placeholder="{{_("Name")}}" required disabled>
<button type="submit" id="webauthn-btn" class="btn btn-primary mb-2 col" disabled>
<span id="webauthn-spinner" class="spinner-border spinner-border-sm d-none" role="status" aria-hidden="true"></span>
<span id="webauthn-btn-text">Setup new device</span>
<span id="webauthn-btn-text">{{_("Setup new device")}}</span>
</button>
</div>
</form>
......@@ -142,22 +166,22 @@ You need to setup at least one authentication method to enable two-factor authen
<table class="table">
<thead>
<tr>
<th scope="col">Name</th>
<th scope="col">Registered On</th>
<th scope="col">{{_("Name")}}</th>
<th scope="col">{{_("Registered On")}}</th>
<th scope="col"></th>
</tr>
</thead>
<tbody>
{% for method in webauthn_methods %}
{% for method in request.user.mfa_webauthn_methods %}
<tr>
<td>{{ method.name }}</td>
<td>{{ method.created.strftime('%b %d, %Y') }}</td>
<td><a class="btn btn-sm btn-danger float-right" href="{{ url_for('mfa.delete_webauthn', id=method.id) }}">Delete</a></td>
<td>{{ method.created|dateformat }}</td>
<td><a class="btn btn-sm btn-danger float-right" href="{{ url_for('selfservice.delete_mfa_webauthn', id=method.id) }}">{{_("Delete")}}</a></td>
</tr>
{% endfor %}
{% if not webauthn_methods %}
{% if not request.user.mfa_webauthn_methods %}
<tr class="table-secondary">
<td colspan=3 class="text-center">No U2F/FIDO2 devices registered yet</td>
<td colspan=3 class="text-center">{{_("No U2F/FIDO2 devices registered yet")}}</td>
</tr>
{% endif %}
</tbody>
......@@ -172,21 +196,21 @@ You need to setup at least one authentication method to enable two-factor authen
$('#webauthn-form').on('submit', function(e) {
$('#webauthn-alert').addClass('d-none');
$('#webauthn-spinner').removeClass('d-none');
$('#webauthn-btn-text').text('Contacting server');
$('#webauthn-btn-text').text({{ _('Contacting server')|tojson }});
$('#webauthn-btn').prop('disabled', true);
fetch({{ url_for('mfa.setup_webauthn_begin')|tojson }}, {
fetch({{ url_for('selfservice.setup_mfa_webauthn_begin')|tojson }}, {
method: 'POST',
}).then(function(response) {
if (response.ok)
return response.arrayBuffer();
if (response.status == 403)
throw new Error('You need to generate recovery codes first');
throw new Error('Server error');
throw new Error({{ _('You need to generate recovery codes first')|tojson }});
throw new Error({{ _('Server error')|tojson }});
}).then(CBOR.decode).then(function(options) {
$('#webauthn-btn-text').text('Waiting for response from your device');
$('#webauthn-btn-text').text({{ _('Waiting for device')|tojson }});
return navigator.credentials.create(options);
}).then(function(attestation) {
return fetch({{ url_for('mfa.setup_webauthn_complete')|tojson }}, {
return fetch({{ url_for('selfservice.setup_mfa_webauthn_complete')|tojson }}, {
method: 'POST',
headers: {'Content-Type': 'application/cbor'},
body: CBOR.encode({
......@@ -198,34 +222,34 @@ $('#webauthn-form').on('submit', function(e) {
}).then(function(response) {
if (response.ok) {
$('#webauthn-spinner').addClass('d-none');
$('#webauthn-btn-text').text('Success');
window.location = {{ url_for('mfa.setup')|tojson }};
$('#webauthn-btn-text').text({{ _('Success')|tojson }});
window.location = {{ url_for('selfservice.setup_mfa')|tojson }};
} else {
throw new Error('Response from authenticator rejected');
throw new Error({{ _('Invalid response from device')|tojson }});
}
}, function(err) {
console.log(err);
/* various webauthn errors */
if (err.name == 'NotAllowedError')
$('#webauthn-alert').text('Registration timed out, was aborted or not allowed');
$('#webauthn-alert').text({{ _('Registration timed out, was aborted or not allowed')|tojson }});
else if (err.name == 'InvalidStateError')
$('#webauthn-alert').text('You attempted to register a device that is already registered');
$('#webauthn-alert').text({{ _('Device already registered')|tojson }});
else if (err.name == 'AbortError')
$('#webauthn-alert').text('Registration was aborted');
$('#webauthn-alert').text({{ _('Registration was aborted')|tojson }});
else if (err.name == 'NotSupportedError')
$('#webauthn-alert').text('U2F and FIDO2 devices are not supported by your browser');
$('#webauthn-alert').text({{ _('U2F and FIDO2 devices are not supported by your browser')|tojson }});
/* errors from fetch() */
else if (err.name == 'TypeError')
$('#webauthn-alert').text('Could not connect to server');
$('#webauthn-alert').text({{ _('Could not connect to server')|tojson }});
/* our own errors */
else if (err.name == 'Error')
$('#webauthn-alert').text(err.message);
/* fallback */
else
$('#webauthn-alert').text('Registration failed ('+err+')');
$('#webauthn-alert').text({{ _('Registration failed')|tojson }}+' ('+err+')');
$('#webauthn-alert').removeClass('d-none');
$('#webauthn-spinner').addClass('d-none');
$('#webauthn-btn-text').text('Retry registration');
$('#webauthn-btn-text').text({{ _('Retry registration')|tojson }});
$('#webauthn-btn').prop('disabled', false);
});
return false;
......@@ -237,7 +261,7 @@ if (typeof(PublicKeyCredential) != "undefined") {
$('#webauthn-name').prop('disabled', false);
{% endif %}
} else {
$('#webauthn-alert').text('U2F and FIDO2 devices are not supported by your browser');
$('#webauthn-alert').text({{ _('U2F and FIDO2 devices are not supported by your browser')|tojson }});
$('#webauthn-alert').removeClass('d-none');
}
......
uffd/mfa/templates/setup_recovery.html uffd/templates/selfservice/setup_mfa_recovery.html
View file @ 98fe5690
......@@ -2,24 +2,32 @@
{% block body %}
<h1 class="d-none d-print-block">Recovery Codes</h1>
<h1 class="d-none d-print-block">{{_("Recovery Codes")}}</h1>
<p>Recovery codes allow you to login when you lose access to your authenticator app or U2F/FIDO device. Each code can only be used once.</p>
<p>
{{_("Recovery codes allow you to login when you lose access to your authenticator app or U2F/FIDO device. Each code can
only be used once.")}}
</p>
<div class="text-monospace">
<ul>
{% for method in methods %}
<li>{{ method.code }}</li>
<li>{{ method.code_value }}</li>
{% endfor %}
</ul>
</div>
<p>These are your new recovery codes. Make sure to store them in a safe place or you risk losing access to your account. All previous recovery codes are now invalid.</p>
<p>
{{_("These are your new recovery codes. Make sure to store them in a safe place or you risk losing access to your
account. All previous recovery codes are now invalid.")}}
</p>
<div class="btn-toolbar">
<a class="ml-auto mb-2 btn btn-primary d-print-none" href="{{ url_for('mfa.setup') }}">Continue</a>
<a class="ml-2 mb-2 btn btn-light d-print-none" href="{{ methods|map(attribute='code')|join('\n')|datauri }}" download="uffd-recovery-codes">Download codes</a>
<button class="ml-2 mb-2 btn btn-light d-print-none" type="button" onClick="window.print()">Print codes</button>
<a class="ml-auto mb-2 btn btn-primary d-print-none" href="{{ url_for('selfservice.setup_mfa') }}">{{_("Continue")}}</a>
<a class="ml-2 mb-2 btn btn-light d-print-none" href="{{ methods|map(attribute='code_value')|join('\n')|datauri }}" download="uffd-recovery-codes">
{{_("Download codes")}}
</a>
<button class="ml-2 mb-2 btn btn-light d-print-none" type="button" onClick="window.print()">{{_("Print codes")}}</button>
</div>
{% endblock %}
uffd/mfa/templates/setup_totp.html uffd/templates/selfservice/setup_mfa_totp.html
View file @ 98fe5690
......@@ -2,7 +2,10 @@
{% block body %}
<p>Install an authenticator application on your mobile device like FreeOTP or Google Authenticator and scan this QR code. On Apple devices you can use an app called "Authenticator".</p>
<p>
{{_("Install an authenticator application on your mobile device like FreeOTP or Google Authenticator and scan this QR
code. On Apple devices you can use an app called \"Authenticator\".")}}
</p>
<div class="row">
<div class="mx-auto col-9 col-md-4 mb-3">
......@@ -11,24 +14,28 @@
</a>
</div>
<div class="col-12 col-md-8">
<p>If you are on your mobile device and cannot scan the code, you can click on it to open it with your authenticator app. If that does not work, enter the following details manually into your authenticator app:</p>
<p>
Issuer: {{ method.issuer }}<br>
Account: {{ method.accountname }}<br>
Secret: {{ method.key }}<br>
Type: TOTP (time-based)<br>
Digits: 6<br>
Hash algorithm: SHA1<br>
Interval/period: 30 seconds
{{_("If you are on your mobile device and cannot scan the code, you can click on it to open it with your
authenticator app. If that does not work, enter the following details manually into your authenticator
app:")}}
</p>
<p>
{{_("Issuer")}}: {{ method.issuer }}<br>
{{_("Account")}}: {{ method.accountname }}<br>
{{_("Secret")}}: {{ method.key }}<br>
{{_("Type")}}: TOTP (time-based)<br>
{{_("Digits")}}: 6<br>
{{_("Hash algorithm")}}: SHA1<br>
{{_("Interval/period")}}: 30 {{_("seconds")}}
</p>
</div>
</div>
<form action="{{ url_for('mfa.setup_totp_finish', name=name) }}" method="POST" class="form">
<form action="{{ url_for('selfservice.setup_mfa_totp_finish', name=name) }}" method="POST" autocomplete="off" class="form">
<div class="row m-0">
<input type="text" name="code" class="form-control mb-2 mr-2 col-auto col-md" id="code" placeholder="Code" required autofocus>
<button type="submit" class="btn btn-primary mb-2 col col-md-auto">Verify and complete setup</button>
<input type="text" name="code" class="form-control mb-2 mr-2 col-auto col-md" id="code" placeholder="{{_('Code')}}" required autofocus>
<button type="submit" class="btn btn-primary mb-2 col col-md-auto">{{_("Verify and complete setup")}}</button>
</div>
</form>
......
uffd/templates/service/api.html 0 → 100644
View file @ 98fe5690
{% extends 'base.html' %}
{% block body %}
<div class="row">
<form action="{{ url_for('service.api_submit', service_id=service.id, id=client.id) }}" method="POST" autocomplete="off" class="form col-12 px-0">
<div class="form-group col">
<p class="text-right">
<a href="{{ url_for('service.show', id=service.id) }}" class="btn btn-secondary">{{ _('Cancel') }}</a>
{% if client.id %}
<a class="btn btn-danger" href="{{ url_for('service.api_delete', service_id=service.id, id=client.id) }}" onClick='return confirm({{_("Are you sure?")|tojson}});'>
<i class="fa fa-trash" aria-hidden="true"></i> {{_('Delete')}}
</a>
{% endif %}
<button type="submit" class="btn btn-primary"><i class="fa fa-save" aria-hidden="true"></i> {{ _('Save') }}</button>
</p>
</div>
<div class="form-group col">
<label for="client-auth-username">{{ _('Authentication Username') }}</label>
<input type="text" class="form-control" id="client-auth-username" name="auth_username" value="{{ client.auth_username or '' }}" required>
</div>
<div class="form-group col">
<label for="client-auth-password">{{ _('Authentication Password') }}</label>
{% if client.id %}
<input type="password" autocomplete="new-password" class="form-control" id="client-auth-password" name="auth_password" placeholder="●●●●●●●●">
{% else %}
<input type="password" autocomplete="new-password" class="form-control" id="client-auth-password" name="auth_password" required>
{% endif %}
</div>
<div class="form-group col">
<h6>{{ _('Permissions') }}</h6>
<div class="form-check">
<input class="form-check-input" type="checkbox" id="client-perm-users" name="perm_users" value="1" aria-label="enabled" {{ 'checked' if client.perm_users }}>
<label class="form-check-label" for="client-perm-users"><b>users</b>: {{_('Access user and group data')}}</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" id="client-perm-checkpassword" name="perm_checkpassword" value="1" aria-label="enabled" {{ 'checked' if client.perm_checkpassword }}>
<label class="form-check-label" for="client-perm-checkpassword"><b>checkpassword</b>: {{_('Verify user passwords')}}</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" id="client-perm-mail-aliases" name="perm_mail_aliases" value="1" aria-label="enabled" {{ 'checked' if client.perm_mail_aliases }}>
<label class="form-check-label" for="client-perm-mail-aliases"><b>mail_aliases</b>: {{_('Access mail aliases')}}</label>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" id="client-perm-remailer" name="perm_remailer" value="1" aria-label="enabled" {{ 'checked' if client.perm_remailer }}>
<label class="form-check-label" for="client-perm-remailer"><b>remailer</b>: {{_('Resolve remailer addresses')}}</label>
{% if not remailer.configured %}
<i class="fas fa-exclamation-triangle text-warning" data-toggle="tooltip" data-placement="top" title="{{ _('This option has no effect: Remailer config options are unset') }}"></i>
{% endif %}
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" id="client-perm-metrics" name="perm_metrics" value="1" aria-label="enabled" {{ 'checked' if client.perm_metrics }}>
<label class="form-check-label" for="client-perm-metrics"><b>metrics</b>: {{_('Access uffd metrics')}}</label>
</div>
</div>
</form>
</div>
<script>
$(function () {
$('[data-toggle="tooltip"]').tooltip()
})
</script>
{% endblock %}
uffd/templates/service/index.html 0 → 100644
View file @ 98fe5690
{% extends 'base.html' %}
{% block body %}
<div class="row">
<div class="col">
<p class="text-right">
<a class="btn btn-primary" href="{{ url_for('service.show') }}">
<i class="fa fa-plus" aria-hidden="true"></i> {{_("New")}}
</a>
</p>
<table class="table table-striped table-sm">
<thead>
<tr>
<th scope="col">{{ _('Name') }}</th>
</tr>
</thead>
<tbody>
{% for service in services|sort(attribute="name") %}
<tr>
<td>
<a href="{{ url_for("service.show", id=service.id) }}">
{{ service.name }}
</a>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
{% endblock %}
uffd/templates/service/oauth2.html 0 → 100644
View file @ 98fe5690
{% extends 'base.html' %}
{% block body %}
<div class="row">
<form action="{{ url_for('service.oauth2_submit', service_id=service.id, db_id=client.db_id) }}" method="POST" autocomplete="off" class="form col-12 px-0">
<div class="form-group col">
<p class="text-right">
<a href="{{ url_for('service.show', id=service.id) }}" class="btn btn-secondary">{{ _('Cancel') }}</a>
{% if client.db_id %}
<a class="btn btn-danger" href="{{ url_for('service.oauth2_delete', service_id=service.id, db_id=client.db_id) }}" onClick='return confirm({{_("Are you sure?")|tojson}});'>
<i class="fa fa-trash" aria-hidden="true"></i> {{_('Delete')}}
</a>
{% endif %}
<button type="submit" class="btn btn-primary"><i class="fa fa-save" aria-hidden="true"></i> {{ _('Save') }}</button>
</p>
</div>
<div class="form-group col">
<label for="client-client-id">{{ _('Client ID') }}</label>
<input type="text" class="form-control" id="client-client-id" name="client_id" value="{{ client.client_id or '' }}" required>
</div>
<div class="form-group col">
<label for="client-client-secret">{{ _('Client Secret') }}</label>
{% if client.db_id %}
<input type="password" autocomplete="new-password" class="form-control" id="client-client-secret" name="client_secret" placeholder="●●●●●●●●">
{% else %}
<input type="password" autocomplete="new-password" class="form-control" id="client-client-secret" name="client_secret" required>
{% endif %}
</div>
<div class="form-group col">
<label for="client-redirect-uris">{{ _('Redirect URIs') }}</label>
<textarea rows="3" class="form-control" id="client-redirect-uris" name="redirect_uris">{{ client.redirect_uris|join('\n') }}</textarea>
<small class="form-text text-muted">
{{ _('One URI per line') }}
</small>
</div>
<div class="form-group col">
<label for="client-logout-uris">{{ _('Logout URIs') }}</label>
<textarea rows="3" class="form-control" id="client-logout-uris" name="logout_uris" placeholder="GET https://example.com/logout">
{%- for logout_uri in client.logout_uris %}
{{ logout_uri.method }} {{ logout_uri.uri }}{{ '\n' if not loop.last }}
{%- endfor %}
</textarea>
<small class="form-text text-muted">
{{ _('One URI per line, prefixed with space-separated method (GET/POST)') }}
</small>
</div>
</form>
</div>
{% endblock %}
uffd/templates/service/overview.html 0 → 100644
View file @ 98fe5690
{% extends 'base.html' %}
{% block body %}
{% set iconstyle = 'style="width: 1.8em;"'|safe %}
{% if not request.user %}
<div class="alert alert-warning" role="alert">
<div class="row">
<div class="col-12 col-md-9 col-lg-10 col-xl-10">
{{ _("Some services may not be publicly listed! Log in to see all services you have access to.") }}
</div>
<div class="col-12 col-md-3 col-lg-2 col-xl-2 text-center text-md-right text-lg-right text-xl-right">
<a class="btn btn-primary" href="{{ url_for("session.login", ref=request.full_path) }}">
<i class="fa fa-sign-in-alt" aria-hidden="true"></i> {{ _("Login") }}
</a>
</div>
</div>
</div>
{% endif %}
{% if banner %}
<div class="card">
<div class="card-body">
{{ banner|safe }}
</div>
</div>
{% endif %}
{% macro service_card(service) %}
<div class="col mb-4">
<div class="card h-100 {{ 'text-muted' if not service.has_access }}">
<div class="card-body">
{% if service.logo_url %}
{% if service.url and service.has_access %}<a href="{{ service.url }}" class="text-reset">{% endif %}
<img alt="{{ _("Logo for %(service_title)s", service_title=service.title) }}" src="{{ service.logo_url }}" style="width: 100%; height: 10em; object-fit: contain; {{ 'filter: grayscale(100%);' if not service.has_access }}">
{% if service.url and service.has_access %}</a>{% endif %}
{% endif %}
<h5 class="card-title">
{% if service.url and service.has_access %}
<a href="{{ service.url }}" class="text-reset">{{ service.title }}</a>
{% else %}
{{ service.title }}
{% endif %}
</h5>
{% if service.subtitle %}
<h6 class="card-subtitle mb-2 text-muted">{{ service.subtitle }}</h6>
{% endif %}
{% if service.description %}
<p class="card-text">{{ service.description }}</p>
{% endif %}
</div>
<div class="list-group list-group-flush">
{% if not service.has_access %}
<div class="list-group-item"><i class="fas fa-shield-alt" {{ iconstyle }}></i> {{_("No access")}}</div>
{% elif service.permission %}
<div class="list-group-item"><i class="fas fa-shield-alt" {{ iconstyle }}></i> {{ service.permission }}</div>
{% endif %}
{% for group in service.groups %}
<div class="list-group-item"><i class="fas fa-users" {{ iconstyle }}></i> {{ group.name }}</div>
{% endfor %}
{% for info in service.infos %}
<a href="#" class="list-group-item list-group-item-action" data-toggle="modal" data-target="#info-modal-{{ info.id }}"><i class="fas fa-info-circle" {{ iconstyle }}></i> {{ info.button_text }}</a>
{% endfor %}
{% for link in service.links %}
<a href="{{ link.url }}" class="list-group-item list-group-item-action"><i class="fas fa-external-link-alt" {{ iconstyle }}></i> {{ link.title }}</a>
{% endfor %}
</div>
</div>
</div>
{% endmacro %}
{% if request.user and request.user.is_in_group(config['ACL_ADMIN_GROUP']) %}
<div class="text-right mt-2">
<a href="{{ url_for('service.index') }}" class="btn btn-primary">{{ _('Manage OAuth2 and API clients') }}</a>
</div>
{% endif %}
<div class="row row-cols-1 row-cols-md-2 row-cols-lg-3 row-cols-xl-4 mt-2">
{% for service in services if service.has_access %}
{{ service_card(service) }}
{% endfor %}
{% for service in services if not service.has_access %}
{{ service_card(service) }}
{% endfor %}
</div>
{% for service in services %}
{% for info in service.infos %}
<div class="modal" tabindex="-1" id="info-modal-{{ info.id }}">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">{{ info.title }}</h5>
<button type="button" class="close" data-dismiss="modal" aria-label="{{_("Close")}}">
<span aria-hidden="true">&times;</span>
</button>
</div>
<div class="modal-body">
{{ info.html|safe }}
</div>
</div>
</div>
</div>
{% endfor %}
{% endfor %}
{% endblock %}
uffd/templates/service/show.html 0 → 100644
View file @ 98fe5690
{% extends 'base.html' %}
{% block body %}
<div class="row">
<form action="{{ url_for('service.edit_submit', id=service.id) }}" method="POST" autocomplete="off" class="form col-12 px-0">
<div class="form-group col">
<p class="text-right">
<a href="{{ url_for('service.index') }}" class="btn btn-secondary">{{ _('Cancel') }}</a>
{% if service.id %}
<a class="btn btn-danger" href="{{ url_for('service.delete', id=service.id) }}" onClick='return confirm({{_("Are you sure?")|tojson}});'>
<i class="fa fa-trash" aria-hidden="true"></i> {{_('Delete')}}
</a>
{% endif %}
<button type="submit" class="btn btn-primary"><i class="fa fa-save" aria-hidden="true"></i> {{ _('Save') }}</button>
</p>
</div>
<div class="form-group col">
<label for="service-name">{{ _('Name') }}</label>
<input type="text" class="form-control" id="service-name" name="name" value="{{ service.name or '' }}" required>
</div>
<div class="form-group col">
<label for="access-group">{{ _('Access Restriction') }}</label>
<select class="form-control" id="access-group" name="access-group">
<option value="" class="text-muted">{{ _('No user has access') }}</option>
<option value="all" class="text-muted" {{ 'selected' if not service.limit_access }}>{{ _('All users have access (legacy)') }}</option>
{% for group in all_groups %}
<option value="{{ group.id }}" {{ 'selected' if group == service.access_group and service.limit_access }}>{{ _('Members of group "%(group_name)s" have access', group_name=group.name) }}</option>
{% endfor %}
</select>
</div>
<div class="form-group col">
<div class="form-check">
<input class="form-check-input" type="checkbox" id="hide-deactivated-users" name="hide_deactivated_users" value="1" aria-label="enabled" {{ 'checked' if service.hide_deactivated_users }}>
<label class="form-check-label" for="hide-deactivated-users">{{ _('Hide deactivated users from service') }}</label>
</div>
</div>
<div class="form-group col">
<div class="form-check">
<input class="form-check-input" type="checkbox" id="service-enable-email-preferences" name="enable_email_preferences" value="1" aria-label="enabled" {{ 'checked' if service.enable_email_preferences }}>
<label class="form-check-label" for="service-enable-email-preferences">{{ _('Allow users with access to select a different e-mail address for this service') }}</label>
<small class="form-text text-muted">
{{ _('If disabled, the service always uses the primary e-mail address.') }}
</small>
</div>
</div>
<div class="form-group col">
<label for="remailer-mode">
{{ _('Hide e-mail addresses with remailer') }}
{% if not remailer.configured %}
<i class="fas fa-exclamation-triangle text-warning" data-toggle="tooltip" data-placement="top" title="{{ _('This option has no effect: Remailer config options are unset') }}"></i>
{% endif %}
</label>
<select class="form-control" id="remailer-mode" name="remailer-mode">
<option value="{{ RemailerMode.DISABLED.name }}" {{ 'selected' if service.remailer_mode == RemailerMode.DISABLED }}>
{{ _('Remailer disabled') }}
</option>
<option value="{{ RemailerMode.ENABLED_V2.name }}" {{ 'selected' if service.remailer_mode == RemailerMode.ENABLED_V2 }}>
{{ _('Remailer enabled') }}
</option>
<option value="{{ RemailerMode.ENABLED_V1.name }}" {{ 'selected' if service.remailer_mode == RemailerMode.ENABLED_V1 }}>
{{ _('Remailer enabled (deprecated, case-sensitive format)') }}
</option>
</select>
<small class="form-text text-muted">
{{ _('Some services notify users about changes to their e-mail address. Modifying this setting immediatly affects the e-mail addresses of all users and can cause masses of notification e-mails.') }}
</small>
</div>
<div class="form-group col">
<p class="mb-2">
{{ _('Overwrite remailer setting for specific users') }}
</p>
<div class="input-group" id="remailer-mode-overwrite">
<input class="form-control" name="remailer-overwrite-users" placeholder="{{ _('Login names') }}" value="{{ remailer_overwrites|map(attribute='user')|map(attribute='loginname')|sort|join(', ') }}">
<select class="form-control" name="remailer-overwrite-mode">
{% set remailer_overwrite_mode = remailer_overwrites|map(attribute='remailer_overwrite_mode')|first or RemailerMode.ENABLED_V2 %}
<option value="{{ RemailerMode.DISABLED.name }}" {{ 'selected' if remailer_overwrite_mode == RemailerMode.DISABLED }}>
{{ _('Remailer disabled') }}
</option>
<option value="{{ RemailerMode.ENABLED_V2.name }}" {{ 'selected' if remailer_overwrite_mode == RemailerMode.ENABLED_V2 }}>
{{ _('Remailer enabled') }}
</option>
<option value="{{ RemailerMode.ENABLED_V1.name }}" {{ 'selected' if remailer_overwrite_mode == RemailerMode.ENABLED_V1 }}>
{{ _('Remailer enabled (deprecated, case-sensitive format)') }}
</option>
</select>
</div>
<small class="form-text text-muted">
{{ _('Useful for testing remailer before enabling it for all users. Specify users as a comma-seperated list of login names.') }}
</small>
</div>
</form>
{% if service.id %}
<div class="col-12">
<hr>
<h5>OAuth2 Clients</h5>
<p class="text-right">
<a class="btn btn-primary" href="{{ url_for('service.oauth2_show', service_id=service.id) }}">
<i class="fa fa-plus" aria-hidden="true"></i> {{_("New")}}
</a>
</p>
<table class="table table-striped table-sm">
<thead>
<tr>
<th scope="col">{{ _('Client ID') }}</th>
</tr>
</thead>
<tbody>
{% for client in service.oauth2_clients|sort(attribute='client_id') %}
<tr>
<td>
<a href="{{ url_for("service.oauth2_show", service_id=service.id, db_id=client.db_id) }}">
{{ client.client_id }}
</a>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
<div class="col-12">
<hr>
<h5>API Clients</h5>
<p class="text-right">
<a class="btn btn-primary" href="{{ url_for('service.api_show', service_id=service.id) }}">
<i class="fa fa-plus" aria-hidden="true"></i> {{_("New")}}
</a>
</p>
<table class="table table-striped table-sm">
<thead>
<tr>
<th scope="col">{{ _('Name') }}</th>
<th scope="col">{{ _('Permissions') }}</th>
</tr>
</thead>
<tbody>
{% for client in service.api_clients|sort(attribute='auth_username') %}
<tr>
<td>
<a href="{{ url_for("service.api_show", service_id=service.id, id=client.id) }}">
{{ client.auth_username }}
</a>
</td>
<td>
{% for perm in ['users', 'checkpassword', 'mail_aliases', 'remailer'] if client.has_permission(perm) %}
{{ perm }}{{ ',' if not loop.last }}
{% endfor %}
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
{% endif %}
</div>
<script>
$(function () {
$('[data-toggle="tooltip"]').tooltip()
})
</script>
{% endblock %}
uffd/templates/session/deviceauth.html 0 → 100644
View file @ 98fe5690
{% extends 'base_narrow.html' %}
{% block body %}
{% if not initiation %}
<form action="{{ url_for("session.deviceauth") }}" autocomplete="off">
{% elif not confirmation %}
<form action="{{ url_for("session.deviceauth_submit") }}" method="POST" autocomplete="off">
{% else %}
<form action="{{ url_for("session.deviceauth_finish") }}" method="POST" autocomplete="off">
{% endif %}
<div class="col-12">
<h2 class="text-center">{{_('Authorize Device Login')}}</h2>
</div>
<div class="form-group col-12">
<p>{{_('Log into a service on another device without entering your password.')}}</p>
</div>
<div class="form-group col-12">
<label for="initiation-code">{{_('Initiation Code')}}</label>
{% if not initiation %}
<input type="text" class="form-control" id="initiation-code" name="initiation-code" value="{{ initiation_code or '' }}" required="required" tabindex = "1" autofocus>
{% else %}
<input type="text" class="form-control" id="initiation-code" name="initiation-code" value="{{ initiation.code }}" readonly>
{% endif %}
</div>
{% if confirmation %}
<div class="form-group col-12">
<label for="confirmation-code">{{_('Confirmation Code')}}</label>
<input type="text" class="form-control" id="confirmation-code" name="confirmation-code" value="{{ confirmation.code }}" readonly>
</div>
{% endif %}
{% if not initiation %}
<div class="form-group col-12">
<p>{{_('Start logging into a service on the other device and chose "Device Login" on the login page. Enter the displayed initiation code in the box above.')}}</p>
</div>
<div class="form-group col-12">
<button type="submit" class="btn btn-primary btn-block" tabindex = "2">{{_('Continue')}}</button>
</div>
<div class="form-group col-12">
<a href="{{ url_for('index') }}" class="btn btn-secondary btn-block" tabindex="0">{{_('Cancel')}}</a>
</div>
{% elif not confirmation %}
<div class="form-group col-12">
<p>{{_('Authorize the login for service <b>%(service_name)s</b>?', service_name=initiation.description|e)|safe}}</p>
</div>
<div class="form-group col-12">
<button type="submit" class="btn btn-primary btn-block" tabindex = "2">{{_('Authorize Login')}}</button>
</div>
<div class="form-group col-12">
<a href="{{ url_for('index') }}" class="btn btn-secondary btn-block" tabindex="0">{{_('Cancel')}}</a>
</div>
{% else %}
<div class="form-group col-12">
<p>{{_('Enter the confirmation code on the other device and complete the login. Click <em>Finish</em> afterwards.')|safe}}</p>
</div>
<div class="form-group col-12">
<button type="submit" class="btn btn-primary btn-block" tabindex = "2">{{_('Finish')}}</button>
</div>
{% endif %}
</form>
{% endblock %}
uffd/templates/session/devicelogin.html 0 → 100644
View file @ 98fe5690
{% extends 'base_narrow.html' %}
{% block body %}
<form action="{{ url_for("session.devicelogin_submit", ref=ref) }}" method="POST" autocomplete="off">
<div class="col-12">
<h2 class="text-center">{{_('Device Login')}}</h2>
</div>
<div class="form-group col-12">
<p>{{_('Use a login session on another device (e.g. your laptop) to log into a service without entering your password.')}}</p>
</div>
{% if initiation %}
<div class="form-group col-12">
<label for="initiation-code">{{_('Initiation Code')}}</label>
<input type="text" class="form-control" id="initiation-code" name="initiation-code" value="{{ initiation.code }}" readonly>
</div>
<input type="hidden" class="form-control" id="initiation-secret" name="initiation-secret" value="{{ initiation.secret }}">
<div class="form-group col-12">
<label for="confirmation-code">{{_('Confirmation Code')}}</label>
<input type="text" class="form-control" id="confirmation-code" name="confirmation-code" required="required" tabindex = "1" autofocus>
</div>
<div class="form-group col-12">
<p>{{_('Open <code><a href="%(deviceauth_url)s">%(deviceauth_url)s</a></code> on the other device and enter the initiation code there. Then enter the confirmation code in the box above.', deviceauth_url=url_for('session.deviceauth', _external=True)|e)|safe}}</p>
</div>
<div class="form-group col-12">
<button type="submit" class="btn btn-primary btn-block" tabindex = "3">{{_('Continue')}}</button>
</div>
{% endif %}
<div class="form-group col-12">
<a href="{{ url_for('session.login', ref=ref, devicelogin=True) }}" class="btn btn-secondary btn-block" tabindex="0">{{_('Cancel')}}</a>
</div>
</form>
{% endblock %}
uffd/templates/session/login.html 0 → 100644
View file @ 98fe5690
{% extends 'base_narrow.html' %}
{% block body %}
<form action="{{ url_for("session.login", ref=ref) }}" method="POST">
<div class="col-12">
<h2 class="text-center">{{_("Login")}}</h2>
</div>
{% if config['LOGIN_BANNER'] %}
<p>{{ config['LOGIN_BANNER'] }}</p>
{% endif %}
<div class="form-group col-12">
<label for="user-loginname">{{_("Login Name")}}</label>
<input type="text" autocomplete="username" class="form-control" id="user-loginname" name="loginname" required="required" tabindex="1" autofocus>
</div>
<div class="form-group col-12">
<label for="user-password1">{{_("Password")}}</label>
<input type="password" autocomplete="current-password" class="form-control" id="user-password1" name="password" required="required" tabindex="2">
</div>
<div class="form-group col-12">
<button type="submit" class="btn btn-primary btn-block" tabindex="3">{{_("Login")}}</button>
</div>
{% if request.values.get('devicelogin') %}
<div class="text-center text-muted mb-3">{{_("- or -")}}</div>
<div class="form-group col-12">
<a href="{{ url_for('session.devicelogin_start', ref=ref) }}" class="btn btn-primary btn-block" tabindex="0">{{_("Login with another device")}}</a>
</div>
{% endif %}
<div class="clearfix col-12">
{% if config['SELF_SIGNUP'] %}
<a href="{{ url_for("signup.signup_start") }}" class="float-left">{{_("Register")}}</a>
{% endif %}
<a href="{{ url_for("selfservice.forgot_password") }}" class="float-right">{{_("Forgot Password?")}}</a>
</div>
</form>
{% endblock %}

Impressum - Datenschutzerklärung