From 9b2620751539e9613bc7835fdf70c5d517a81807 Mon Sep 17 00:00:00 2001 From: Yohann D'ANELLO Date: Thu, 17 Jun 2021 20:56:59 +0200 Subject: [PATCH] Rework templates for OAuth2 Signed-off-by: Yohann D'ANELLO --- .../templates/member/manage_auth_tokens.html | 116 ++++++++++++++---- .../templates/permission/scopes.html | 8 +- apps/permission/views.py | 2 +- locale/fr/LC_MESSAGES/django.po | 73 +++++++++-- .../oauth2_provider/application_detail.html | 10 +- .../oauth2_provider/application_list.html | 7 ++ .../templates/oauth2_provider/authorize.html | 10 +- 7 files changed, 185 insertions(+), 41 deletions(-) diff --git a/apps/member/templates/member/manage_auth_tokens.html b/apps/member/templates/member/manage_auth_tokens.html index 014686f1..0f6a64ec 100644 --- a/apps/member/templates/member/manage_auth_tokens.html +++ b/apps/member/templates/member/manage_auth_tokens.html @@ -5,32 +5,98 @@ SPDX-License-Identifier: GPL-3.0-or-later {% load i18n %} {% block content %} -
-

À quoi sert un jeton d'authentification ?

+
+
+
+
+

{% trans "Token authentication" %}

+
+
+
+

À quoi sert un jeton d'authentification ?

- Un jeton vous permet de vous connecter à l'API de la Note Kfet.
- Il suffit pour cela d'ajouter en en-tête de vos requêtes Authorization: Token <TOKEN> - pour pouvoir vous identifier.

+ Un jeton vous permet de vous connecter à l'API de la Note Kfet via votre propre compte + depuis un client externe.
+ Il suffit pour cela d'ajouter en en-tête de vos requêtes Authorization: Token <TOKEN> + pour pouvoir vous identifier.

- Une documentation de l'API arrivera ultérieurement. + La documentation de l'API est disponible ici : + {{ request.scheme }}://{{ request.get_host }}/doc/api/. +
+ +
+ {%trans 'Token' %} : + {% if 'show' in request.GET %} + {{ token.key }} (cacher) + {% else %} + caché (montrer) + {% endif %} +
+ {%trans 'Created' %} : {{ token.created }} +
+ +
+ {% trans "Warning" %} : regénérer le jeton va révoquer tout accès autorisé à l'API via ce jeton ! +
+
+
+ + + +
+
+
+ +
+
+
+

{% trans "OAuth2 authentication" %}

+
+
+
+

+ La Note Kfet implémente également le protocole OAuth2, afin de + permettre à des applications tierces d'interagir avec la Note en récoltant des informations + (de connexion par exemple) voir en permettant des modifications à distance, par exemple lorsqu'il + s'agit d'avoir un site marchand sur lequel faire des transactions via la Note Kfet. +

+ +

+ L'usage de ce protocole est recommandé pour tout usage non personnel, car permet de mieux cibler + les droits dont on a besoin, en restreignant leur usage par jeton généré. +

+ +

+ La documentation vis-à-vis de l'usage de ce protocole est disponible ici : + {{ request.scheme }}://{{ request.get_host }}/doc/external_services/oauth2/. +

+
+ + Liste des URL à communiquer à votre application : + + +
+
+ {% trans "Show my applications" %} +
+
+
- -
- {%trans 'Token' %} : - {% if 'show' in request.GET %} - {{ token.key }} (cacher) - {% else %} - caché (montrer) - {% endif %} -
- {%trans 'Created' %} : {{ token.created }} -
- -
- Attention : regénérer le jeton va révoquer tout accès autorisé à l'API via ce jeton ! -
- - - - {% endblock %} \ No newline at end of file diff --git a/apps/permission/templates/permission/scopes.html b/apps/permission/templates/permission/scopes.html index 26a5feda..31a4395e 100644 --- a/apps/permission/templates/permission/scopes.html +++ b/apps/permission/templates/permission/scopes.html @@ -57,16 +57,16 @@ let scope = "" for (let element of elements) { if (element.checked) { - scope += element.value + "%20" + scope += element.value + " " } } - scope = scope.substr(0, scope.length - 3) + scope = scope.substr(0, scope.length - 1) document.getElementById("url-{{ app.name.lower }}").innerHTML = 'Scopes : ' + scope - + '
{{ request.scheme }}://{{ request.get_host }}{% url 'oauth2_provider:authorize' %}?client_id={{ app.client_id }}&response_type=code&scope=' - + scope + '' + + scope.replaceAll(' ', '%20') + '' } } {% endfor %} diff --git a/apps/permission/views.py b/apps/permission/views.py index 9bee5295..8f498478 100644 --- a/apps/permission/views.py +++ b/apps/permission/views.py @@ -157,7 +157,7 @@ class ScopesView(LoginRequiredMixin, TemplateView): scopes = PermissionScopes() context["scopes"] = {} all_scopes = scopes.get_all_scopes() - for app in Application.objects.filter(Q(user=self.request.user) | Q(client_type='public')).all(): + for app in Application.objects.filter(user=self.request.user).all(): available_scopes = scopes.get_available_scopes(app) context["scopes"][app] = OrderedDict() items = [(k, v) for (k, v) in all_scopes.items() if k in available_scopes] diff --git a/locale/fr/LC_MESSAGES/django.po b/locale/fr/LC_MESSAGES/django.po index 3a6f2d3a..241b9853 100644 --- a/locale/fr/LC_MESSAGES/django.po +++ b/locale/fr/LC_MESSAGES/django.po @@ -1053,18 +1053,50 @@ msgstr "Changer le mot de passe" msgid "API token" msgstr "Accès API" -#: apps/member/templates/member/manage_auth_tokens.html:19 +#: apps/member/templates/member/manage_auth_tokens.html:12 +msgid "Token authentication" +msgstr "Authentification par jeton" + +#: apps/member/templates/member/manage_auth_tokens.html:28 msgid "Token" msgstr "Jeton" -#: apps/member/templates/member/manage_auth_tokens.html:26 +#: apps/member/templates/member/manage_auth_tokens.html:35 msgid "Created" msgstr "Créé le" -#: apps/member/templates/member/manage_auth_tokens.html:34 +#: apps/member/templates/member/manage_auth_tokens.html:39 +msgid "Warning" +msgstr "Attention" + +#: apps/member/templates/member/manage_auth_tokens.html:44 msgid "Regenerate token" msgstr "Regénérer le jeton" +#: apps/member/templates/member/manage_auth_tokens.html:53 +msgid "OAuth2 authentication" +msgstr "Authentification OAuth2" + +#: apps/member/templates/member/manage_auth_tokens.html:79 +msgid "Authorization:" +msgstr "Autorisation :" + +#: apps/member/templates/member/manage_auth_tokens.html:83 +msgid "Token:" +msgstr "Jeton :" + +#: apps/member/templates/member/manage_auth_tokens.html:87 +msgid "Revoke Token:" +msgstr "Révoquer le jeton :" + +#: apps/member/templates/member/manage_auth_tokens.html:91 +msgid "Introspect Token:" +msgstr "Introspection :" + +#: apps/member/templates/member/manage_auth_tokens.html:97 +msgid "Show my applications" +msgstr "Voir mes applications" + #: apps/member/templates/member/picture_update.html:35 msgid "Nevermind" msgstr "Annuler" @@ -1482,7 +1514,7 @@ msgstr "Pas de motif spécifié" #: apps/wei/tables.py:74 apps/wei/tables.py:114 #: apps/wei/templates/wei/weiregistration_confirm_delete.html:31 #: note_kfet/templates/oauth2_provider/application_confirm_delete.html:18 -#: note_kfet/templates/oauth2_provider/application_detail.html:31 +#: note_kfet/templates/oauth2_provider/application_detail.html:39 #: note_kfet/templates/oauth2_provider/authorized-token-delete.html:12 msgid "Delete" msgstr "Supprimer" @@ -1493,7 +1525,7 @@ msgstr "Supprimer" #: apps/wei/templates/wei/bus_detail.html:20 #: apps/wei/templates/wei/busteam_detail.html:20 #: apps/wei/templates/wei/busteam_detail.html:40 -#: note_kfet/templates/oauth2_provider/application_detail.html:30 +#: note_kfet/templates/oauth2_provider/application_detail.html:38 msgid "Edit" msgstr "Éditer" @@ -1808,17 +1840,17 @@ msgid "Available scopes" msgstr "Scopes disponibles" #: apps/permission/templates/permission/scopes.html:42 -#: note_kfet/templates/oauth2_provider/application_list.html:18 +#: note_kfet/templates/oauth2_provider/application_list.html:24 msgid "No applications defined" msgstr "Pas d'application définie" #: apps/permission/templates/permission/scopes.html:43 -#: note_kfet/templates/oauth2_provider/application_list.html:19 +#: note_kfet/templates/oauth2_provider/application_list.html:25 msgid "Click here" msgstr "Cliquez ici" #: apps/permission/templates/permission/scopes.html:43 -#: note_kfet/templates/oauth2_provider/application_list.html:19 +#: note_kfet/templates/oauth2_provider/application_list.html:25 msgid "if you want to register a new one" msgstr "si vous voulez en enregistrer une nouvelle" @@ -3180,6 +3212,17 @@ msgid "Redirect Uris" msgstr "URIs de redirection" #: note_kfet/templates/oauth2_provider/application_detail.html:29 +#, python-format +msgid "" +"You can go here to generate authorization " +"link templates and convert permissions to scope numbers with the permissions " +"that you want to grant for your application." +msgstr "" +"Vous pouvez aller pour générer des modèles " +"de liens d'autorisation et convertir des permissions en identifiants de " +"scopes avec les permissions que vous souhaitez attribuer à votre application." + +#: note_kfet/templates/oauth2_provider/application_detail.html:37 #: note_kfet/templates/oauth2_provider/application_form.html:23 msgid "Go Back" msgstr "Retour en arrière" @@ -3192,10 +3235,22 @@ msgstr "Modifier l'application" msgid "Your applications" msgstr "Vos applications" -#: note_kfet/templates/oauth2_provider/application_list.html:24 +#: note_kfet/templates/oauth2_provider/application_list.html:11 +msgid "" +"You can find on this page the list of the applications that you already " +"registered." +msgstr "" +"Vous pouvez trouver sur cette page la liste des applications que vous avez " +"déjà enregistrées." + +#: note_kfet/templates/oauth2_provider/application_list.html:30 msgid "New Application" msgstr "Nouvelle application" +#: note_kfet/templates/oauth2_provider/application_list.html:31 +msgid "Authorized Tokens" +msgstr "Jetons autorisés" + #: note_kfet/templates/oauth2_provider/application_registration_form.html:5 msgid "Register a new application" msgstr "Enregistrer une nouvelle application" diff --git a/note_kfet/templates/oauth2_provider/application_detail.html b/note_kfet/templates/oauth2_provider/application_detail.html index 183ac9b8..5d3cc008 100644 --- a/note_kfet/templates/oauth2_provider/application_detail.html +++ b/note_kfet/templates/oauth2_provider/application_detail.html @@ -12,7 +12,7 @@
{% trans "Client secret" %}
-
+
{% trans "Client type" %}
{{ application.client_type }}
@@ -24,6 +24,14 @@
+
+ {% url 'permission:scopes' as scopes_url %} + {% blocktrans trimmed %} + You can go here to generate authorization link templates and convert + permissions to scope numbers with the permissions that you want to grant for your application. + {% endblocktrans %} +
+
{% trans "Go Back" %} diff --git a/note_kfet/templates/oauth2_provider/application_list.html b/note_kfet/templates/oauth2_provider/application_list.html index 1c17879c..0238b345 100644 --- a/note_kfet/templates/oauth2_provider/application_list.html +++ b/note_kfet/templates/oauth2_provider/application_list.html @@ -7,6 +7,12 @@

{% trans "Your applications" %}

+
+ {% blocktrans trimmed %} + You can find on this page the list of the applications that you already registered. + {% endblocktrans %} +
+ {% if applications %}
    {% for application in applications %} @@ -22,6 +28,7 @@
{% trans "New Application" %} + {% trans "Authorized Tokens" %}
{% endblock content %} diff --git a/note_kfet/templates/oauth2_provider/authorize.html b/note_kfet/templates/oauth2_provider/authorize.html index 16c9f3b6..b6cbb836 100644 --- a/note_kfet/templates/oauth2_provider/authorize.html +++ b/note_kfet/templates/oauth2_provider/authorize.html @@ -38,4 +38,12 @@ {% endif %} -{% endblock %} \ No newline at end of file +{% endblock %} + +{% block extrajavascript %} + +{% endblock %}