oidc-idp/internal/services/i18n.go

/*
Copyright 2020-2023 CAcert Inc.
SPDX-License-Identifier: Apache-2.0

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    https://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package services

import (
	"bytes"
	"errors"
	"fmt"

	log "github.com/sirupsen/logrus"
	"github.com/yuin/goldmark"

	"code.cacert.org/cacert/oidc-idp/translations"

	"github.com/BurntSushi/toml"
	"github.com/nicksnyder/go-i18n/v2/i18n"
	"golang.org/x/text/language"
)

func AddMessages(catalog *MessageCatalog) error {
	messages := make(map[string]*i18n.Message)
	messages["unknown"] = &i18n.Message{
		ID:    "ErrorUnknown",
		Other: "Unknown error",
	}
	messages["AuthServerErrorTitle"] = &i18n.Message{
		ID:    "AuthServerErrorTitle",
		Other: "Authorization server returned an error",
	}
	messages["AuthServerErrorExplanation"] = &i18n.Message{
		ID: "AuthServerErrorExplanation",
		Other: "A request that your browser sent to the authorization server caused an error." +
			" The authorization server returned details about the error that are printed below.",
	}
	messages["TitleRequestConsent"] = &i18n.Message{
		ID:    "TitleRequestConsent",
		Other: "Application requests your consent",
	}
	messages["LabelSubmit"] = &i18n.Message{
		ID:    "LabelSubmit",
		Other: "Submit",
	}
	messages["LabelConsent"] = &i18n.Message{
		ID:    "LabelConsent",
		Other: "I hereby agree that the application may get the requested permissions.",
	}
	messages["IntroConsentRequested"] = &i18n.Message{
		ID: "IntroConsentRequested",
		Other: "The <strong>{{ .client }}</strong> application requested your consent for the following set of " +
			"permissions:",
	}
	messages["IntroConsentMoreInformation"] = &i18n.Message{
		ID: "IntroConsentMoreInformation",
		Other: "You can find more information about <strong>{{ .client }}</strong> at " +
			"<a href=\"{{ .clientLink }}\">its description page</a>.",
	}
	messages["ClaimsInformation"] = &i18n.Message{
		ID:    "ClaimsInformation",
		Other: "In addition the application wants access to the following information:",
	}
	messages["WrongOrLockedUserOrInvalidPassword"] = &i18n.Message{
		ID:    "WrongOrLockedUserOrInvalidPassword",
		Other: "You entered an invalid username or password or your account has been locked.",
	}
	messages["CertLoginIntroText"] = &i18n.Message{
		ID:    "CertLoginIntroText",
		Other: "The application <strong>{{ .ClientName }}</strong> requests a login.",
	}
	messages["EmailChoiceText"] = &i18n.Message{
		ID:  "EmailChoiceText",
		One: "You have presented a valid client certificate for the following email address:",
		Other: "You have presented a valid client certificate for multiple email addresses. " +
			"Please choose which one you want to present to the application:",
	}
	messages["LoginTitle"] = &i18n.Message{
		ID:    "LoginTitle",
		Other: "Authenticate with a client certificate",
	}
	messages["CertLoginRequestText"] = &i18n.Message{
		ID:    "CertLoginRequestText",
		Other: "Do you want to use the chosen identity from the certificate for authentication?",
	}
	messages["LabelAcceptCertLogin"] = &i18n.Message{
		ID:          "LabelAcceptCertLogin",
		Description: "Label for a button to accept certificate login",
		Other:       "Yes, please use this identity",
	}
	messages["LabelRejectCertLogin"] = &i18n.Message{
		ID:          "LabelRejectCertLogin",
		Description: "Label for a button to reject certificate login",
		Other:       "No, please send me back",
	}
	messages["LoginDeniedByUser"] = &i18n.Message{
		ID:    "LoginDeniedByUser",
		Other: "Login has been denied by the user.",
	}
	messages["LogoutSuccessfulTitle"] = &i18n.Message{
		ID:    "LogoutSuccessfulTitle",
		Other: "Logout successful",
	}
	messages["LogoutSuccessfulText"] = &i18n.Message{
		ID:    "LogoutSuccessfulText",
		Other: "You have been logged out successfully.",
	}
	messages["HintChooseAnIdentityForAuthentication"] = &i18n.Message{
		ID:    "HintChooseAnIdentityForAuthentication",
		Other: "Choose an identity for authentication.",
	}
	messages["NoEmailsInClientCertificateTitle"] = &i18n.Message{
		ID:    "NoEmailsInClientCertificateTitle",
		Other: "No email addresses in client certificate",
	}
	messages["NoEmailsInClientCertificateExplanation"] = &i18n.Message{
		ID: "NoEmailsInClientCertificateExplanation",
		Other: `The presented client certificate does not contain any email address value.
An email address is required to authenticate yourself.`,
	}
	messages["NoChallengeInRequestTitle"] = &i18n.Message{
		ID:    "NoChallengeInRequestTitle",
		Other: "No challenge parameter in your authentication request",
	}
	messages["NoChallengeInRequestExplanation"] = &i18n.Message{
		ID: "NoChallengeInRequestExplanation",
		Other: "Your authentication request did not contain the necessary `login_challenge` parameter." +
			" You can find more information about this parameter in" +
			" [the ORY Hydra documentation](https://www.ory.sh/docs/oauth2-oidc/custom-login-consent/flow).",
	}

	catalog.AddMessages(messages)

	return nil
}

type MessageCatalog struct {
	messages map[string]*i18n.Message
	logger   *log.Logger
}

func (m *MessageCatalog) AddMessages(messages map[string]*i18n.Message) {
	for key, value := range messages {
		m.messages[key] = value
	}
}

func (m *MessageCatalog) LookupErrorMessage(
	tag string,
	field string,
	value interface{},
	localizer *i18n.Localizer,
) string {
	fieldTag := fmt.Sprintf("%s-%s", field, tag)

	message, ok := m.messages[fieldTag]
	if !ok {
		m.logger.WithField("field_tag", fieldTag).Info("no specific error message for field and tag")

		message, ok = m.messages[tag]
		if !ok {
			m.logger.WithField("tag", tag).Info("no specific error message for tag")

			message, ok = m.messages["unknown"]
			if !ok {
				m.logger.Warn("no default translation found")

				return tag
			}
		}
	}

	translation, err := localizer.Localize(&i18n.LocalizeConfig{
		DefaultMessage: message,
		TemplateData: map[string]interface{}{
			"Value": value,
		},
	})
	if err != nil {
		m.logger.WithError(err).Error("localization failed")

		return tag
	}

	return translation
}

func (m *MessageCatalog) LookupMessage(
	id string,
	templateData map[string]interface{},
	localizer *i18n.Localizer,
) string {
	if message, ok := m.messages[id]; ok {
		translation, err := localizer.Localize(&i18n.LocalizeConfig{
			DefaultMessage: message,
			TemplateData:   templateData,
		})
		if err != nil {
			return m.handleLocalizeError(id, translation, err)
		}

		return translation
	}

	m.logger.WithField("id", id).Warn("no translation found for id")

	return id
}

func (m *MessageCatalog) LookupMarkdownMessage(
	id string,
	templateData map[string]interface{},
	localizer *i18n.Localizer,
) string {
	if message, ok := m.messages[id]; ok {
		translation, err := localizer.Localize(&i18n.LocalizeConfig{
			DefaultMessage: message,
			TemplateData:   templateData,
		})
		if err != nil {
			return m.handleLocalizeError(id, translation, err)
		}

		buf := &bytes.Buffer{}

		err = goldmark.Convert([]byte(translation), buf)
		if err != nil {
			return m.handleLocalizeError(id, translation, fmt.Errorf("markdown conversion error: %w", err))
		}

		return buf.String()
	}

	m.logger.WithField("id", id).Warn("no translation found for id")

	return id
}

func (m *MessageCatalog) LookupMessagePlural(
	id string,
	templateData map[string]interface{},
	localizer *i18n.Localizer,
	count int,
) string {
	if message, ok := m.messages[id]; ok {
		translation, err := localizer.Localize(&i18n.LocalizeConfig{
			DefaultMessage: message,
			TemplateData:   templateData,
			PluralCount:    count,
		})
		if err != nil {
			return m.handleLocalizeError(id, translation, err)
		}

		return translation
	}

	m.logger.WithField("id", id).Warn("no translation found for id")

	return id
}

func (m *MessageCatalog) handleLocalizeError(id string, translation string, err error) string {
	var messageNotFound *i18n.MessageNotFoundErr

	if errors.As(err, &messageNotFound) {
		m.logger.WithError(err).WithField("message", id).Warn("message not found")

		if translation != "" {
			return translation
		}
	} else {
		m.logger.WithError(err).WithField("message", id).Error("translation error")
	}

	return id
}

func InitI18n(logger *log.Logger, languages []string) (*i18n.Bundle, *MessageCatalog) {
	bundle := i18n.NewBundle(language.English)
	bundle.RegisterUnmarshalFunc("toml", toml.Unmarshal)

	for _, lang := range languages {
		bundleName := fmt.Sprintf("active.%s.toml", lang)

		bundleBytes, err := translations.Bundles.ReadFile(bundleName)
		if err != nil {
			logger.WithField("bundle", bundleName).Warn("message bundle not found")

			continue
		}

		bundle.MustParseMessageFileBytes(bundleBytes, bundleName)
	}

	catalog := initMessageCatalog(logger)

	return bundle, catalog
}

func initMessageCatalog(logger *log.Logger) *MessageCatalog {
	messages := make(map[string]*i18n.Message)
	messages["ErrorTitle"] = &i18n.Message{
		ID:    "ErrorTitle",
		Other: "An error has occurred",
	}

	return &MessageCatalog{messages: messages, logger: logger}
}