Enforce email address selection

This commit makes sure that an email address is selected when the user presents a client certificate with multiple email addresses.
10 months ago · e2de4243a9
parent 55530d23e4
commit e2de4243a9
5 changed files with 15 additions and 0 deletions
--- a/changelog.md
+++ b/changelog.md
@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## Unreleased
 ### Changed
 - improve formatting and german translation of login page
+- enforce selection of an email address for multi-address client certificates

 ## [0.2.0] - 2023-07-29
 ### Added
--- a/internal/services/i18n.go
+++ b/internal/services/i18n.go
@ -121,6 +121,10 @@ func AddMessages(catalog *MessageCatalog) error {
 		ID:    "HintChooseAnIdentityForAuthentication",
 		Other: "Choose an identity for authentication.",
 	}
+	messages["NoEmailAddressSelected"] = &i18n.Message{
+		ID:    "NoEmailAddressSelected",
+		Other: "You did not select an email address. Please select an email address to continue.",
+	}
 	messages["NoEmailsInClientCertificateTitle"] = &i18n.Message{
 		ID:    "NoEmailsInClientCertificateTitle",
 		Other: "No email addresses in client certificate",
--- a/translations/active.de.toml
+++ b/translations/active.de.toml
@ -85,6 +85,10 @@ other = "In Deinem Anmelde-Request fehlt der notwendige `login_challenge`-Parame
 hash = "sha1-b039c647fea0e42bcb0c877c58da499d082f5319"
 other = "Kein Challenge-Parameter im Anmelde-Request"

+[NoEmailAddressSelected]
+hash = "sha1-09fdefe67eae9915e32b18c50baf985d5bd27d36"
+other = "Du hast keine E-Mail-Adresse ausgewählt. Bitte wähle eine E-Mail-Adresse, um die Anmeldung fortzusetzen."
+
 [NoEmailsInClientCertificateExplanation]
 hash = "sha1-ab76bd1bed709ebb19a1b9e48c611271551f3343"
 other = "Das genutzte Client-Zertifikate enthielt keine E-Mail-Adressen.\nEine E-Mail-Adresse ist erforderlich, um dich anzumelden."
--- a/translations/active.en.toml
+++ b/translations/active.en.toml
@ -16,6 +16,7 @@ LogoutSuccessfulText = "You have been logged out successfully."
 LogoutSuccessfulTitle = "Logout successful"
 NoChallengeInRequestExplanation = "Your authentication request did not contain the necessary `login_challenge` parameter. You can find more information about this parameter in [the ORY Hydra documentation](https://www.ory.sh/docs/oauth2-oidc/custom-login-consent/flow)."
 NoChallengeInRequestTitle = "No challenge parameter in your authentication request"
+NoEmailAddressSelected = "You did not select an email address. Please select an email address to continue."
 NoEmailsInClientCertificateExplanation = "The presented client certificate does not contain any email address value.\nAn email address is required to authenticate yourself."
 NoEmailsInClientCertificateTitle = "No email addresses in client certificate"
 Scope-email-Description = "Access your email address."
--- a/ui/templates/client_certificate.gohtml
+++ b/ui/templates/client_certificate.gohtml
@ -4,6 +4,11 @@
        <h1 class="h3 mb-3">{{ .Title }}</h1>
        <p class="text-left">{{ .IntroText }}</p>
        <p class="text-left">{{ .EmailChoiceText }}</p>
+        {{ with .FlashMessage }}
+            <div class="alert alert-{{ .Type }}" role="alert">
+                {{ .Message }}
+            </div>
+        {{ end }}
        <div class="mb-3">
            {{ if eq (len .emails) 1 }}
                {{ $email_address := index .emails 0 }}