cacert/oidc-idp
9
0
Fork 0
Code Issues Pull requests Projects Releases 8 Wiki Activity

Enforce email address selection

Browse source 
This commit makes sure that an email address is selected when the user
presents a client certificate with multiple email addresses.
This commit is contained in:
Jan Dittberner 2023-08-03 10:45:21 +02:00
parent 55530d23e4
commit e2de4243a9
5 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changelog.md
View file

@ -8,6 +8,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## Unreleased ## Unreleased
### Changed ### Changed
- improve formatting and german translation of login page - improve formatting and german translation of login page
- enforce selection of an email address for multi-address client certificates
## [0.2.0] - 2023-07-29 ## [0.2.0] - 2023-07-29
### Added ### Added

4
internal/services/i18n.go
View file

@ -121,6 +121,10 @@ func AddMessages(catalog *MessageCatalog) error {
ID: "HintChooseAnIdentityForAuthentication", ID: "HintChooseAnIdentityForAuthentication",
Other: "Choose an identity for authentication.", Other: "Choose an identity for authentication.",
} }
messages["NoEmailAddressSelected"] = &i18n.Message{
ID: "NoEmailAddressSelected",
Other: "You did not select an email address. Please select an email address to continue.",
}
messages["NoEmailsInClientCertificateTitle"] = &i18n.Message{ messages["NoEmailsInClientCertificateTitle"] = &i18n.Message{
ID: "NoEmailsInClientCertificateTitle", ID: "NoEmailsInClientCertificateTitle",
Other: "No email addresses in client certificate", Other: "No email addresses in client certificate",

4
translations/active.de.toml
View file

@ -85,6 +85,10 @@ other = "In Deinem Anmelde-Request fehlt der notwendige `login_challenge`-Parame
hash = "sha1-b039c647fea0e42bcb0c877c58da499d082f5319" hash = "sha1-b039c647fea0e42bcb0c877c58da499d082f5319"
other = "Kein Challenge-Parameter im Anmelde-Request" other = "Kein Challenge-Parameter im Anmelde-Request"
[NoEmailAddressSelected]
hash = "sha1-09fdefe67eae9915e32b18c50baf985d5bd27d36"
other = "Du hast keine E-Mail-Adresse ausgewählt. Bitte wähle eine E-Mail-Adresse, um die Anmeldung fortzusetzen."
[NoEmailsInClientCertificateExplanation] [NoEmailsInClientCertificateExplanation]
hash = "sha1-ab76bd1bed709ebb19a1b9e48c611271551f3343" hash = "sha1-ab76bd1bed709ebb19a1b9e48c611271551f3343"
other = "Das genutzte Client-Zertifikate enthielt keine E-Mail-Adressen.\nEine E-Mail-Adresse ist erforderlich, um dich anzumelden." other = "Das genutzte Client-Zertifikate enthielt keine E-Mail-Adressen.\nEine E-Mail-Adresse ist erforderlich, um dich anzumelden."

1
translations/active.en.toml
View file

@ -16,6 +16,7 @@ LogoutSuccessfulText = "You have been logged out successfully."
LogoutSuccessfulTitle = "Logout successful" LogoutSuccessfulTitle = "Logout successful"
NoChallengeInRequestExplanation = "Your authentication request did not contain the necessary `login_challenge` parameter. You can find more information about this parameter in [the ORY Hydra documentation](https://www.ory.sh/docs/oauth2-oidc/custom-login-consent/flow)." NoChallengeInRequestExplanation = "Your authentication request did not contain the necessary `login_challenge` parameter. You can find more information about this parameter in [the ORY Hydra documentation](https://www.ory.sh/docs/oauth2-oidc/custom-login-consent/flow)."
NoChallengeInRequestTitle = "No challenge parameter in your authentication request" NoChallengeInRequestTitle = "No challenge parameter in your authentication request"
NoEmailAddressSelected = "You did not select an email address. Please select an email address to continue."
NoEmailsInClientCertificateExplanation = "The presented client certificate does not contain any email address value.\nAn email address is required to authenticate yourself." NoEmailsInClientCertificateExplanation = "The presented client certificate does not contain any email address value.\nAn email address is required to authenticate yourself."
NoEmailsInClientCertificateTitle = "No email addresses in client certificate" NoEmailsInClientCertificateTitle = "No email addresses in client certificate"
Scope-email-Description = "Access your email address." Scope-email-Description = "Access your email address."

5
ui/templates/client_certificate.gohtml
View file

@ -4,6 +4,11 @@
<h1 class="h3 mb-3">{{ .Title }}</h1> <h1 class="h3 mb-3">{{ .Title }}</h1>
<p class="text-left">{{ .IntroText }}</p> <p class="text-left">{{ .IntroText }}</p>
<p class="text-left">{{ .EmailChoiceText }}</p> <p class="text-left">{{ .EmailChoiceText }}</p>
{{ with .FlashMessage }}
<div class="alert alert-{{ .Type }}" role="alert">
{{ .Message }}
</div>
{{ end }}
<div class="mb-3"> <div class="mb-3">
{{ if eq (len .emails) 1 }} {{ if eq (len .emails) 1 }}
{{ $email_address := index .emails 0 }} {{ $email_address := index .emails 0 }}