From 1b38f2b78953382e3c3051d8df8cfc5f9ea5a380 Mon Sep 17 00:00:00 2001 From: aynsix Date: Mon, 15 Jan 2024 15:57:10 +0300 Subject: [PATCH 01/10] keycloak provider --- config/configuration.sample.yml | 22 +- .../Authentication/Provider/Openid.php | 794 ++++++++++++++++++ .../Controller/Root/LoginController.php | 4 +- .../Controller/PSExposeController.php | 3 +- .../Form/PSExposeConnectionType.php | 4 +- lib/classes/patch/418RC9PHRAS4007.php | 97 +++ lib/conf.d/configuration.yml | 26 +- resources/locales/messages.de.xlf | 182 ++-- resources/locales/messages.en.xlf | 182 ++-- resources/locales/messages.fr.xlf | 182 ++-- resources/locales/messages.nl.xlf | 168 ++-- resources/locales/validators.de.xlf | 2 +- resources/locales/validators.en.xlf | 2 +- resources/locales/validators.fr.xlf | 2 +- resources/locales/validators.nl.xlf | 2 +- .../Authentication/Provider/FactoryTest.php | 9 +- .../Fixtures/configuration-setup.yml | 11 +- .../Fixtures/configuration-with-hosts.yml | 11 +- .../Configuration/Fixtures/configuration.yml | 11 +- .../Fixtures/configuration-maintenance.yml | 11 +- .../PluginDir/TestPlugin/composer.lock | 18 + 21 files changed, 1321 insertions(+), 422 deletions(-) create mode 100644 lib/Alchemy/Phrasea/Authentication/Provider/Openid.php create mode 100644 lib/classes/patch/418RC9PHRAS4007.php create mode 100644 tests/Alchemy/Tests/Phrasea/Plugin/Fixtures/PluginDir/TestPlugin/composer.lock diff --git a/config/configuration.sample.yml b/config/configuration.sample.yml index c8922b4014..88fc327477 100644 --- a/config/configuration.sample.yml +++ b/config/configuration.sample.yml @@ -211,26 +211,24 @@ authentication: options: client-id: '' client-secret: '' - ps_auth_1: + openid-1: enabled: false display: false - title: 'PS Auth 1' - type: 'ps-auth' + title: 'openid 1' + type: openid options: client-id: '' client-secret: '' - base-url: 'https://api-auth.phrasea.local' - provider-type: 'oauth' - provider-name: 'v2' + base-url: 'https://keycloak.phrasea.local' + realm-name: phrasea icon-uri: null + birth-group: _firstlog + everyone-group: _everyone + metamodel: _metamodel + model-gpfx: _M_ + model-upfx: _U_ debug: false - birth-group: '_firstlog' - everyone-group: '_everyone' - metamodel: '_metamodel' - model-gpfx: '_M_' - model-upfx: '_U_' auto-logout: false - auto-connect-idp-name: null registration-fields: - name: company diff --git a/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php b/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php new file mode 100644 index 0000000000..a9af8d1e1e --- /dev/null +++ b/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php @@ -0,0 +1,794 @@ +config) && $this->config['debug'] === true) { + $bt = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS); + if ($bt[0]['file'] != $lastfile) { + file_put_contents('/var/alchemy/Phraseanet/logs/openid.log', sprintf("FILE %s \n", ($lastfile = $bt[0]['file'])), FILE_APPEND); + } + $s = sprintf("LINE (%d) : %s\n", $bt[0]['line'], $s); + file_put_contents('/var/alchemy/Phraseanet/logs/openid.log', $s, FILE_APPEND); + } + } + + public function __construct(UrlGenerator $urlGenerator, SessionInterface $session, array $config, Guzzle $client) + { + parent::__construct($urlGenerator, $session); + + $this->config = $config; + if(!array_key_exists('model-gpfx', $this->config)) { + $this->config['model-gpfx'] = '_G_'; + } + if(!array_key_exists('model-upfx', $this->config)) { + $this->config['model-upfx'] = '_U_'; + } + if(!array_key_exists('metamodel', $this->config)) { + $this->config['metamodel'] = '_metamodel'; + } + if(!array_key_exists('auto-logout', $this->config)) { + $this->config['auto-logout'] = false; + } + + $this->client = $client; + $this->iconUri = array_key_exists('icon-uri', $config) ? $config['icon-uri'] : null; // if not set, will fallback on default icon + } + + /** + * {@inheritdoc} + */ + public static function create(UrlGenerator $generator, SessionInterface $session, array $options): AbstractProvider + { + foreach (['client-id', 'client-secret', 'base-url', 'realm-name'] as $parm) { + if (!isset($options[$parm]) || (trim($options[$parm]) == '')) { + throw new InvalidArgumentException(sprintf('Missing Phraseanet "%s" parameter in conf/authentification/providers', $parm)); + } + } + + $guzzle = new Guzzle(); + $guzzle->setSslVerification(false, false, 0); + + return new self($generator, $session, $options, $guzzle); + } + + /** + * {@inheritdoc} + */ + public function getName(): string + { + return 'openid'; + } + + /** + * @param ClientInterface $client + * + * @return self + */ + public function setGuzzleClient(ClientInterface $client): self + { + $this->client = $client; + + return $this; + } + + /** + * @return ClientInterface + */ + public function getGuzzleClient() + { + return $this->client; + } + + /** + * {@inheritdoc} + */ + public function authenticate(array $params = array()): RedirectResponse + { + $this->debug(); + $this->session->invalidate(0); + + /* + * for oauth2 the callback url(s) MUST be fully static. One CAN register multiple possible urls, like + * - one for phraseanet home : already static + * - one for phraseanet oauth api + * - ... ? + * api client may want to include static/variable params to be used for final redirect (eg. parade), + * we pass those in session + * lib/Alchemy/Phrasea/Controller/Api/OAuth2Controller::authorizeCallbackAction(...) will restore params + */ + $this->session->set($this->getId() . ".parms", array_merge(['providerId' => $this->getId()], $params)); + $this->debug(sprintf("authenticate params saved : session[%s] = %s", + $this->getId() . ".parms", + var_export($params, true) + )); + + $params = ['providerId' => $this->getId()]; // the only required parm (constant) + $this->debug(sprintf("redirect_uri params (cleaned) = %s", var_export($params, true))); + + $redirect_uri = $this->generator->generate( + 'login_authentication_provider_callback', + $params, + UrlGeneratorInterface::ABSOLUTE_URL + ); + $this->debug(sprintf("redirect_uri = %s", $redirect_uri)); + + $state = $this->createState(); + + $this->session->set($this->getId() . '.provider.state', $state); + + $parms = [ + 'client_id' => $this->config['client-id'], + 'state' => $state, + 'scope' => 'openid', + 'redirect_uri' => $redirect_uri, + 'response_type' => "code" + ]; + + $url = sprintf("%s/realms/%s/protocol/openid-connect/auth?%s", + $this->config['base-url'], + urlencode($this->config['realm-name']), + http_build_query($parms, '', '&') + ); + + $this->debug(sprintf("go to url = %s", $url)); + + return new RedirectResponse($url); + } + + /** + * {@inheritdoc} + */ + public function logout() + { + $this->debug("logout ?"); + if($this->config['auto-logout']) { + + // too bad: getting the logout page is not enough... +// $url = "/logout"; +// $guzzleRequest = $this->client->get($url); +// $response = $guzzleRequest->send(); +// $this->debug($response->getBody()); +// return null; + + // ... we really need to redirect to it, which will prevent phr to redirect to his home + $url = sprintf("%s/realms/%s/protocol/openid-connect/logout", + $this->config['base-url'], + urlencode($this->config['realm-name']) + ); + + return new RedirectResponse($url); + } + + return null; + } + + public function logoutAndRedirect($redirect_uri) + { + $this->debug("logoutAndRedirect ?"); + if($this->config['auto-logout']) { + $url = sprintf("%s/realms/%s/protocol/openid-connect/logout?post_logout_redirect_uri=%s&id_token_hint=%s", + $this->config['base-url'], + urlencode($this->config['realm-name']), + urlencode($redirect_uri), + $this->session->get($this->getId() . '.provider.id_token') + ); + + return new RedirectResponse($url); + } + + return null; + } + + /** + * {@inheritdoc} + */ + public function onCallback(Request $request) + { + $this->debug(); + if (!$this->session->has($this->getId() . '.provider.state')) { + throw new NotAuthenticatedException('No state value in session ; CSRF try ?'); + } + $this->debug(); + if ($request->query->get('state') !== $this->session->remove($this->getId() . '.provider.state')) { + throw new NotAuthenticatedException('Invalid state value ; CSRF try ?'); + } + $this->debug(); + try { + $url = sprintf("%s/realms/%s/protocol/openid-connect/token", + $this->config['base-url'], + urlencode($this->config['realm-name']) + ); + + $guzzleRequest = $this->client->post($url); + + $guzzleRequest->addPostFields([ + 'grant_type' => "authorization_code", + 'code' => $request->query->get('code'), + 'redirect_uri' => $this->generator->generate( + 'login_authentication_provider_callback', + ['providerId' => $this->getId()], + UrlGeneratorInterface::ABSOLUTE_URL + ), + 'client_id' => $this->config['client-id'], + 'client_secret' => $this->config['client-secret'], + ]); + $guzzleRequest->setHeader('Accept', 'application/json'); + $this->debug(); + $response = $guzzleRequest->send(); + $this->debug(); + } + catch (GuzzleException $e) { + $this->debug($e->getMessage()); + throw new NotAuthenticatedException('Guzzle error while authentication', $e->getCode(), $e); + } + + if (200 !== $response->getStatusCode()) { + $this->debug(); + throw new NotAuthenticatedException('Error while getting access_token'); + } + + $this->debug(); + $data = @json_decode($response->getBody(true), true); + $this->debug(); + + if (JSON_ERROR_NONE !== json_last_error()) { + $this->debug(); + throw new NotAuthenticatedException('Error while decoding token response, unable to parse JSON.'); + } + + $this->debug(var_export($data, true)); + $this->session->remove($this->getId() . '.provider.state'); + $this->session->set($this->getId() . '.provider.access_token', $data['access_token']); + // id_token_hint used when logout + $this->session->set($this->getId() . '.provider.id_token', $data['id_token']); + + try { + $this->debug(); + + $uri = sprintf("%s/realms/%s/protocol/openid-connect/userinfo", + $this->config['base-url'], + urlencode($this->config['realm-name']) + ); + + $request = $this->client->get($uri); + $request->setHeader('Authorization', 'Bearer '. $data['access_token']); + + $this->debug(); + + $response = $request->send(); + $this->debug(); + } + catch (GuzzleException $e) { + $this->debug($e->getMessage()); + throw new NotAuthenticatedException('Guzzle error while authentication', $e->getCode(), $e); + } + + $this->debug(); + $data = @json_decode($response->getBody(true), true); + $this->debug(var_export($data, true)); + + if (200 !== $response->getStatusCode()) { + $this->debug(); + throw new NotAuthenticatedException('Error while retrieving user info, invalid status code.'); + } + + if (JSON_ERROR_NONE !== json_last_error()) { + $this->debug(); + throw new NotAuthenticatedException('Error while retrieving user info, unable to parse JSON.'); + } + + $this->debug(); + + $userName = $data['preferred_username']; + + if (!\Swift_Validate::email($userName) && isset($data['email'])) { + $userName = $data['email'];// login to be an email + } + + $userUA = $this->CreateUser([ + 'id' => $distantUserId = $data['sub'], + 'login' => $userName, + 'firstname' => isset($data['given_name']) ? $data['given_name'] : '', + 'lastname' => isset($data['family_name']) ? $data['family_name'] : '' , + 'email' => isset($data['email']) ? $data['email'] : '', + '_groups' => '' + ]); + + $userAuthProviderRepository = $this->getUsrAuthProviderRepository(); + $userAuthProvider = $userAuthProviderRepository + ->findWithProviderAndId($this->getId(), $distantUserId); + + if (!$userAuthProvider) { + $manager = $this->getEntityManager(); + + $usrAuthProvider = new UsrAuthProvider(); + $usrAuthProvider->setDistantId($distantUserId); + $usrAuthProvider->setProvider($this->getId()); + $usrAuthProvider->setUser($userUA); + + try { + $manager->persist($usrAuthProvider); + $manager->flush(); + } + catch (\Exception $e) { + // no-op + $this->debug(); + } + } + + $this->session->set($this->getId() . ".provider.id", $distantUserId); + $this->session->set($this->getId() . ".provider.username", $userName); + + $this->debug(sprintf("session->set('%s', '%s')", $this->getId() . ".provider.id", $distantUserId)); + $this->debug(sprintf("session->set('%s', '%s')", $this->getId() . ".provider.username", $userName)); + } + + /** + * {@inheritdoc} + */ + public function getToken(): Token + { + $this->debug(); + $distantUserId = $this->session->get($this->getId() . '.provider.id'); + $this->debug(sprintf("session->get('%s') ==> '%s')", $this->getId() . ".provider.id", $distantUserId)); + + if ('' === trim($distantUserId)) { + $this->debug(); + throw new NotAuthenticatedException($this->getId() . ' has not authenticated'); + } + + $this->debug(); + $token = new Token($this, $distantUserId); + $this->debug(); + + return $token; + } + + /** + * {@inheritdoc} + */ + public function getIdentity(): Identity + { + $this->debug(); + $identity = new Identity(); + + try { + $uri = sprintf("%s/realms/%s/protocol/openid-connect/userinfo", + $this->config['base-url'], + urlencode($this->config['realm-name']) + ); + + $request = $this->client->get($uri); + $request->setHeader('Authorization', 'Bearer '. $this->session->get($this->getId() . '.provider.access_token')); + + $response = $request->send(); + } + catch (GuzzleException $e) { + $this->debug(); + throw new NotAuthenticatedException('Error while retrieving user info', $e->getCode(), $e); + } + + if (200 !== $response->getStatusCode()) { + $this->debug(); + throw new NotAuthenticatedException('Error while retrieving user info'); + } + + $data = @json_decode($response->getBody(true), true); + + if (JSON_ERROR_NONE !== json_last_error()) { + $this->debug(); + throw new NotAuthenticatedException('Error while parsing json'); + } + + $this->debug(); + $identity->set(Identity::PROPERTY_EMAIL, isset($data['email']) ? $data['email'] : ''); + $identity->set(Identity::PROPERTY_ID, $data['sub']); + $identity->set(Identity::PROPERTY_USERNAME, $data['preferred_username']); + + $this->debug(); + return $identity; + } + + /** + * @param array $data + * @return User|null + * @throws Exception + */ + private function CreateUser(Array $data) + { + $userManipulator = $this->getUserManipulator(); + $userRepository = $this->getUserRepository(); + $ACLProvider = $this->getACLProvider(); + + $ret = null; + + $login = trim($data['login']); + + $this->debug(sprintf("login=%s \n", var_export($login, true))); + + if ($login == "") { + $this->debug("login is empty, user not created \n"); + } + + /** @var User $userUA */ + $userUA = $userRepository->findByLogin($login); + + if (!$userUA) { + // need to create the user + $this->debug(sprintf("creating user \"%s\" \n", $login)); + $tmp_email = str_replace(['.', '@'], ['_', '_'], $login) . "@nomail.eu"; + $userUA = $userManipulator->createUser($login, 'user_tmp_pwd', $tmp_email, false); + + + if ($userUA) { + $this->debug(sprintf("found user \"%s\" with id=%s \n", $login, $userUA->getId())); + + // if the id provider does NOT return groups, the new user will get "birth" privileges + if (!is_array($data['_groups']) && array_key_exists('birth-group', $this->config)) { + $data['_groups'] = [$this->config['birth-group']]; + } + } + else { + $this->debug(sprintf("failed to create user \"%s\" \n", $login)); + } + } + else { + // the user already exists + $this->debug(sprintf("found user \"%s\" with id=%s \n", $login, $userUA->getId())); + + // if the id provider does return groups, then revoke privileges + if (is_array($data['_groups'])) { + $appbox = $this->getAppbox(); + $all_base_ids = []; + foreach ($appbox->get_databoxes() as $databox) { + foreach ($databox->get_collections() as $collection) { + $all_base_ids[] = $collection->get_base_id(); + } + } + + $userACL = $ACLProvider->get($userUA); + $userACL->revoke_access_from_bases($all_base_ids)->revoke_unused_sbas_rights(); + $this->debug(sprintf("revoked from=%s \n", var_export($all_base_ids, true))); + } + } + + // here we should have a user + + if ($userUA) { + $this->debug(sprintf("User id=%s \n", $userUA->getId())); + + // apply groups + if (is_array($data['_groups'])) { + + $userACL = $ACLProvider->get($userUA); + + $models = []; + + // change groups to models + foreach ($data['_groups'] as $grp) { + $models[] = ['name' => $this->config['model-gpfx'] . $grp, 'autocreate' => true]; + } + + // add "everyone-group" + if(array_key_exists('everyone-group', $this->config)) { + $models[] = ['name' => $this->config['model-gpfx'] . $this->config['everyone-group'], 'autocreate' => true]; + } + + // add a specific model for the user + $models[] = ['name' => $this->config['model-upfx'] . $login, 'autocreate' => false]; + + $this->debug(sprintf("models=%s \n", var_export($models, true))); + + // if we need those (in case of creation of a model), they will be set only once + $metaModelUA = $metaModelBASES = $metaModelOwnerUA = null; + + foreach ($models as $model) { + + $this->debug(sprintf("searching model '%s' \n", $model['name'])); + + // we check if the model exits + $modelUA = $userRepository->findByLogin($model['name']); + + if (!$modelUA) { + if ($model['autocreate'] == true) { + $this->debug(sprintf("model '%s' not found \n", $model['name'])); + + // the model does not exist, so create it + // + // if not already known, get the metamodel + if ($metaModelUA === null) { + + $this->debug(sprintf("searching metamodel '%s'... \n", $this->config['metamodel'])); + + $metaModelUA = $userRepository->findByLogin($this->config['metamodel']); + + if ($metaModelUA) { + + $this->debug(sprintf("metaModelID=%s \n", print_r($metaModelUA->getId(), true))); + + // metamodel found, get some infos... + // ... get acl + $metaModelACL = $ACLProvider->get($metaModelUA); + // ... then list of bases + $metaModelBASES = $metaModelACL->get_granted_base(); + // ... in fact we simply need an array of base_ids, and base_id is the keys of the array, so switch + $metaModelBASES = array_keys($metaModelBASES); + + if ($metaModelUA->isTemplate()) { + $metaModelOwnerUA = $metaModelUA->getTemplateOwner(); + + $this->debug(sprintf("metamodel is a model, owner_id=%s \n", print_r($metaModelOwnerUA->getId(), true))); + } + + $this->debug(sprintf("metamodel granted on bases '%s' \n", print_r($metaModelBASES, true))); + } + else { + $this->debug("metamodel not found \n"); + + $metaModelUA = false; // don't search again + } + } + + // now we can create the model only if we found the metamodel + if ($metaModelUA) { + + $this->debug(sprintf("creating model '%s'... \n", $model['name'])); + + // create the model user... + $modelUA = $userManipulator->createUser($model['name'], 'model_pwd', null, false); + + $this->debug(sprintf("model '%s' created with modelID=%s... \n", $model['name'], print_r($modelUA->getId(), true))); + + if ($metaModelOwnerUA) { + $modelUA->setTemplateOwner($metaModelOwnerUA); + + $this->debug(sprintf("model '%s' set as model, owner_id=%s... \n", $model['name'], print_r($metaModelOwnerUA->getId(), true))); + } + + // ... then copy acl of every sbas + $modelACL = $ACLProvider->get($modelUA); + $modelACL->apply_model($metaModelUA, $metaModelBASES); + + $this->debug(sprintf(" ... and granted on bases %s \n", print_r($metaModelBASES, true))); + } + } + } + else { + // the model already exists + $this->debug(sprintf("model '%s' already exists, id=%s \n", $model['name'], print_r($modelUA->getId(), true))); + } + + // here we should have the model, except "user" models which are not automatically created + + if ($modelUA) { + $this->debug(sprintf(" ... modelID=%s \n", print_r($modelUA->getId(), true))); + + // here we have the model so get some infos about it + $modelACL = $ACLProvider->get($modelUA); + $modelBASES = $modelACL->get_granted_base(); + // ... in fact we simply need an array of base_ids, and base_id is the keys of the array, so switch + $modelBASES = array_keys($modelBASES); + + $this->debug(sprintf("model granted on bases '%s' \n", print_r($modelBASES, true))); + + // ... then copy acl of every sbas + $userACL->apply_model($modelUA, $modelBASES); + + $this->debug(sprintf("user '%s' granted on bases %s \n", $login, print_r($modelBASES, true))); + } + else { + $this->debug(sprintf("no model '%s' \n", $model['name'])); + } + } + + $userACL->inject_rights(); + } + + // now update infos of the user + if (!is_null($data['firstname']) && ($v = trim($data['firstname'])) != '') { + $userUA->setFirstName($v); + } + if (!is_null($data['firstname']) && ($v = trim($data['lastname'])) != '') { + $userUA->setLastName($v); + } + + $mail = ""; // mail is a special case + try { + if (($v = trim($data['email'])) != '') { + $mail = $v; + } + } + catch (Exception $e) { + // no-op + } + + if ($mail != $userUA->getEmail()) { + try { + $this->debug("unsetting former email of user"); + $userManipulator->setEmail($userUA, null); + if ($mail != "") { + $this->debug(sprintf("setting email '%s' to user", $mail)); + $dupUserUA = $userRepository->findByEmail($mail); + if ($dupUserUA == null) { + // ok we can set the mail + $userManipulator->setEmail($userUA, $mail); + $this->debug(sprintf("email '%s' set to user", $mail)); + } + else { + $this->debug(sprintf("warning : another user (id=%s) already has email '%s', email not set", $dupUserUA->getId(), $mail)); + } + } + } + catch (Exception $e) { + // no-op + $this->debug(var_export($e->getMessage(), true)); + } + } + else { + $this->debug(sprintf("email '%s' does not change\n", $mail)); + } + + // yes we are logged ! + /** @var RandomGenerator $randomGenerator */ + $randomGenerator = $this->getRandomGenerator(); + $password = $randomGenerator->generateString(16); + $userUA->setPassword($password); + + $this->debug(sprintf("returning user id=%s", $userUA->getId())); + + $ret = $userUA; // ->getId(); + } + + return $ret; + } + + + + /** + * {@inheritdoc} + */ + public function getIconURI() + { + return $this->iconUri ?: 'data:image/png;base64,' + . 'iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAAAAXNSR0IArs4c6QAA' + . 'AJZlWElmTU0AKgAAAAgABQESAAMAAAABAAEAAAEaAAUAAAABAAAASgEbAAUAAAAB' + . 'AAAAUgExAAIAAAARAAAAWodpAAQAAAABAAAAbAAAAAAAAABIAAAAAQAAAEgAAAAB' + . 'QWRvYmUgSW1hZ2VSZWFkeQAAAAOgAQADAAAAAQABAACgAgAEAAAAAQAAADCgAwAE' + . 'AAAAAQAAADAAAAAAXukGzAAAAAlwSFlzAAALEwAACxMBAJqcGAAAActpVFh0WE1M' + . 'OmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6' + . 'bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDUuNC4wIj4KICAgPHJkZjpSREYgeG1s' + . 'bnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgt' + . 'bnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAg' + . 'ICAgICAgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIgog' + . 'ICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYv' + . 'MS4wLyI+CiAgICAgICAgIDx4bXA6Q3JlYXRvclRvb2w+QWRvYmUgSW1hZ2VSZWFk' + . 'eTwveG1wOkNyZWF0b3JUb29sPgogICAgICAgICA8dGlmZjpPcmllbnRhdGlvbj4x' + . 'PC90aWZmOk9yaWVudGF0aW9uPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAg' + . 'PC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KKS7NPQAADE5JREFUaAXtWQuMVcUZ/uY8' + . '7vvui+WNAYHa2oqKiw/SWnaJ0ipqH4ZHmjTVGMFao00LVm2Dl9YXtVETpVYSX6m2' + . 'tYhajU210V0KPqi7CALKrggUWeS9uOzufZzH9PvPvXdZ1t27rJCUpM5y7pyZM2fm' + . '+/7/m3/ODMAX6QsLHJcF1HG9XeJlraEaFsOUJrW3w1MKukTzk+tR4zzYvRHpeli9' + . '605E+YR2Wp+CVbC2o+9DtF1bd6EyodsTiV+qup1p8QpBG/SGdyLAn7A+dAqGgC92' + . '2H4vrubVqpcaWi+v0u1/qWjteC7+o+Jz8QbJGMXy8eTHNQfEok3zYU1ZBkdAtN2L' + . 'WkNhSVkE52VyQE4rB9XlCCe1HU76SDvu24hgQWx6+g1prxsptRq4xzM/uq0mHQ4m' + . 'ic45sAB3Dt2P8crF3VEbs0kA7Wm4nLIG/2yxs+Nq3+30/Xg5LoDlrc6tMv/o2t5t' + . 'agp2ypjiEVXHdz5HGrQH6mup8wZGFY67ewHisSrrNm25N5fFYBG4L3h4BdEHZIjh' + . 'ZTCiZBPyoGzPM8O+ClV7hpfx00rpO40OLBHwBUmpwc6PY9ZhoHOCr2ugywmy7ebk' + . '1eForCUZMm5TviHgxYLSXx58MWiKiVS+oAw+U9pwO+CYpo4aFbjDT2KzXosrCdwX' + . '8CIrGYtvHVOS7ksmDq2a5tVQ5015nV87YpoXcu+tLPfOFcyO4Toq7FnKJi9THFBI' + . 'gln0NFI84AceMEKFPOzBsHyJSa4RosxCgHcYr5kWFqjJWCc9HOv8KElAp1KGSqUC' + . 'VG1zx41zTf+eaNybY1IOncpxKQlDhVyDOZiLRGj/AokCATUq2S2hQEYkYZKAsrrJ' + . 'SkjVRpxRLAP4Hh6m+RdxfuwPiGjNsKu6G0tdz9Svq4rg3wSiu6446zdZL95cZlhz' + . 'utKm39FleBSBxcuAY0E7ZvdFIRzpX26DS/woF/8FubDrTiI5y++E63vUVxl+rFW8' + . 'Jdd4xo3SQsBrneoXZ4/RujuELrD+aO3aKZWrX3mx7MVbR+5PUxFjznJgdNjKygK0' + . 'JGVDy8vkpPwLeXfZIEhKSI1OHOWBQEbiAXneOwWVY1wDO2wk+NBYuGlH1Q2zxw4Z' + . '+34RU+9X+mS2uK4uqP/9jQtOX521R7Ze9XgmcuF8rbeut732PQwzFYyNR6wuHvhM' + . 'ueAJCURi9fzF4QsTujcQqJHwfV8ZLsFH6vw269HM3/wZX1u88tUp0nZxQ0OfWPus' + . 'REND0H+6eUv65YUL8MhjK+y1Y85U6rqlCI/+JvytG+HniEyXUTr8SiuQERI9iUCz' + . 'jVha/BxcQiRPKBgg+BkCX1cD7iew7CgyQ36Hf2RvMua8q+3vNjbhvcO7u6RZw8qV' + . 'R17pcdc3gdraoIkqLzOGTr4A5oZm/eoNP8ELqzag9fzvIzT3bsbDELzWZmivnCEk' + . 'XiCSnw9wC/OCYsh3JCR6EAkqE/TkGE7aA7CM/TAqb8Fa+ync1DwCl6zbhFzmE315' + . 'PI6kbfeNMd/zQPHWh9vRBb8qqSomfx2fPvES/nnNXXhrZxpdM3+FyPSFUAdb4B3c' + . 'zvBRDe2GSMQIPFL0Rn7iitXF9Jw3BqWnBHgHTL0TVvlV2Jb4E+7cWYOaxq1o3P8R' + . 'ZnJJt1RYpX0GnwE++wb8lJBgTXGSSBrhSWMRN018suRhtJ9xNk676jKMnf0oQh+8' + . 'DmfD01BVxJicSAIHKC9a3OYk5ut56wv4EZRLK2yPXxCJ6Thgz8WLe4bgF9tbEXYP' + . '4tJwhN8mUXQGSwRDk7w7QBqQgLwvWCSiaMeF52pEzpkEK5PBfxb8Fu3f+RZOmVmH' + . 'IRPPBdY9A6f1LRjDRwgTzgcSURJxyikXmtIl+MRQZBIL8fqB8bi7ZR9Wd6zDxYkw' + . '14Y40lrCfWAyGfaYUkl9BStMj24CIiz7/NTUlEL4vDPhrWvBtnkPYPPbu9BxzrUI' + . 'X7QYhrsb/r4dbDiMchkOn+WItQ/msFvwjv8g5q2pxMxVa5HrbMXFsRhysoYF4HsM' + . 'doy3x+YBdiZOkNQz97uylE0C9sgKpP/wGpoffxtDbrkEo+qeQGRXI5yWh2DTqKFh' + . '1+BDcxqe3ODhzub3MDySRV1ZElnKsYvytAyDKpM5kh9jML+lCdAF2hLI0rM+CnxQ' + . 'psA1AeiuHIwpwxmZNA4sfhIHp07C6DnTMGr6Q2gbpfD8riSuf+dDTsj9mFpVDicU' + . 'x6eeRogh1mT3RaMMBnixbUkJFRvJAMVBjs5ZEl3JTHU8rg0Edf4ERLv2YuNPF+Hl' + . 'lgTu2jgS1z/9Ciabh3B2sgxtXOAckj7K2MVOiwMOIi/tgV4d5X1wtCdk7Py0I3iq' + . 'OZMJ4f3E6Wg44zyM35eFjnTwa2oiDnQoSqULUUtmFu1W4F7sTfo5ilSvsfsrDkgg' + . 'b5ziMEc8EQAQCXFYWzM6cfStoTFYExqJXaEo/M4OxLkGHabOpW0mV4bOQ2Wo1mmU' + . 'l3XRaR6r5Tvu88A+QmdAAtI0T6KQsyDzTURgMjRavNtjVaMpPAbvW0lEKakK7eEQ' + . '32I4p7EJMhSGHbbY3kRbV4IS8lBV0U6CJCL9ayHy+dKABIrgi93LtknsblMuh1U5' + . '1tLq79pVjPUWyn1uhbnt4naFLfKLmBIP2CFuYLhz4TPLkpU4gkOHy+H5WZSV7UfY' + . '4qcue8xv5nqPWBy577wkAVGr2F3A5JcYDkO5uASw0RyB9+yh6DAiqCJwiUCOMrne' + . '5YVR8BcUtw0IhWBaNmyGS4tlk5cQcbwY2g9XgSdHiMV3wzA4Z7QQCfwSjD7QT0kC' + . '8nJgD5rcDERj4GN+L2w2hmK3iqOS0YTRnNtKERLtJzGNN6TBm7y2xTPiAYtX3gN5' + . 'AiY9Y/ESMo4zGumuEYhEdpPoTr4rpgt398GbflNJAlxeGPR4oqB91YY4tmEItusk' + . 'EqxNqiyxUkjEabIsH2vSWj45fFlVC8t24IGAgM3N2hHQliVE8gQsMjfMMNeUr9AA' + . 'p1COW9nHTpbZTYntpLAqSYCvR3IMjs1uzNmCpEGLqXKdpX19ZBUlUbAyTAHP3sTw' + . 'dJnPWc7NifRPYDKJ6QHOAd0tISFCAkeREDIMtWY164dzA7bXUZGPTTe7MxJ0NC34' + . '/cyPDPnZ1NAQjH5I2f+u74x+sM6NRGzfUSE/62R9VzvUvOdxLvgOL94Hl1fIpezz' + . 'YpikCXt6wBYZ2SQe5LyXeUFiIcmDujClplzbtlTFsHMiMVywNxadtFEA1tbenrdI' + . 'L7R9EkjRiLyMZ7aub9m4682vluvMz3Ke86lLzbiegHbcAHxAgkSCOgEuJLgiS+5K' + . 'nO9BIABbBNqTSKHOCnkk4cUrhlkk5bpdB5fErAnj//69metSPB1J9SOlfiVUJCH5' + . 'ptY37p844sKnckjfYZuheaZvWYTNnbySI4+8EeRzopA8TnlXCNADBqUik1gsbHJN' + . 'OKJ7kRClxAMiw7K8SDxpyzOd63rWsIxbl3/7lC3SXYoHDP2Bl+d9ekAeSEoRPDPF' + . 'vZK9ZfeqfZtb/zXfcbwpWS9Tz7MOHk15BiXk0BtaJNVTSq7j5CVEnUcI3gqkc8QD' + . 'VsjWlmU7oWjMSFQOpXCcd7WXu+jZS8fOEvDzHmm02YEqBV4w9usBeVhIugnBqZxR' + . 'U1NjNjXVN7F++lnjZszxffOeiG2NE9nwkE1O7oL/2DB9A27GDaKReKBCPCCTOIg6' + . 'gRdcy7StaEW17XV17PHSnYtWXH7qMhmvtr7eGrpvn142e4qD+VJTOpX0QK9X/aam' + . 'JmcWZjGspIz12199Jhfb8eWcm77d9XI8KOL88Hk25bvctPHIMSsEuCaTQDyQEK1P' + . 'qeR1PlR07ut0572VVYkvrbhsLMFrJeAb6urc5bNn59fQXgD6Kg6GQPD+cixn5ym/' + . 'trbW2rRpU65p68u/9nx9WtZN/5maN/j9Y9IjdIdLleXnQNQO+ZSQE0lWmNFEuamz' + . 'mecYhU9fcfm4mx/7xtDDgVy4pRHwfYEsVTdoAsXOGhoaZDBFWdlNW1/asebDF37g' + . 'ec60nJt5h9X8aHYNHz4PIC0nFosZcerc8Jz12vdmPH/FqVc+P3NCS01B58vmUy7/' + . '25QyxCNFDDOm/vCaCbh096Kf36d/u+aAnrq8ee/cl7ZdV3w+66/alOhSLJ80eYFE' + . 'MZ7G70gtffCBlduXYslmHlHkk+i8eH/S5jU184Jo1BNgIBdqq2fdSX6fMmbNmmWK' + . 'XMCV9CQH+wW8/18L/BeSV1YkHS6B9wAAAABJRU5ErkJggg=='; + } + + public function getAccessToken() + { + return $this->session->get($this->getId() . '.provider.access_token'); + } + + public function getUserName() + { + return $this->session->get($this->getId() . ".provider.username"); + } + +} diff --git a/lib/Alchemy/Phrasea/Controller/Root/LoginController.php b/lib/Alchemy/Phrasea/Controller/Root/LoginController.php index e437aa18ec..a9b762f86e 100644 --- a/lib/Alchemy/Phrasea/Controller/Root/LoginController.php +++ b/lib/Alchemy/Phrasea/Controller/Root/LoginController.php @@ -502,9 +502,7 @@ public function logout(Request $request) // does the provider provides a logout redirection ? if($providerId && ($provider = $this->findProvider($providerId))) { if(method_exists($provider, 'logoutAndRedirect')) { - $redirectToPhr = $this->app->url('logout', [ - 'redirect' => $request->query->get("redirect") - ]); + $redirectToPhr = $this->app->url('logout'); $response = $provider->logoutAndRedirect($redirectToPhr); } else { diff --git a/lib/Alchemy/Phrasea/PhraseanetService/Controller/PSExposeController.php b/lib/Alchemy/Phrasea/PhraseanetService/Controller/PSExposeController.php index 7da8e5e3cf..060dda2065 100644 --- a/lib/Alchemy/Phrasea/PhraseanetService/Controller/PSExposeController.php +++ b/lib/Alchemy/Phrasea/PhraseanetService/Controller/PSExposeController.php @@ -206,7 +206,8 @@ public function listPublicationAction(PhraseaApplication $app, Request $request) if (!$session->has($passSessionName) && $providerId != null) { try { $provider = $this->getAuthenticationProviders()->get($providerId); - if ($provider->getType() == 'PsAuth' && $exposeConfiguration['auth_provider_name'] == $providerId) { + // class name + if ($provider->getType() == 'Openid' && $exposeConfiguration['auth_provider_name'] == $providerId) { $session->set($passSessionName, ['access_token' => $provider->getAccessToken()]); $session->set($this->getLoginSessionName($exposeName), $provider->getUserName()); diff --git a/lib/Alchemy/Phrasea/PhraseanetService/Form/PSExposeConnectionType.php b/lib/Alchemy/Phrasea/PhraseanetService/Form/PSExposeConnectionType.php index 49ec6f7556..c9ebd8887e 100644 --- a/lib/Alchemy/Phrasea/PhraseanetService/Form/PSExposeConnectionType.php +++ b/lib/Alchemy/Phrasea/PhraseanetService/Form/PSExposeConnectionType.php @@ -45,7 +45,7 @@ public function buildForm(FormBuilderInterface $builder, array $options) ] ]) ->add('auth_provider_name', ChoiceType::class, [ - 'label' => 'admin:phrasea-service-setting:tab:expose:: auth provider name with type ps-auth', + 'label' => 'admin:phrasea-service-setting:tab:expose:: auth provider name with type openid', 'required' => false, 'choice_list' => new ArrayChoiceList( $this->getEligibleProvider() @@ -117,7 +117,7 @@ private function getEligibleProvider() $values = array_keys( array_filter($this->app['conf']->get(['authentication', 'providers'], []), function ($provider) { - return ($provider['type'] == 'ps-auth' || $provider['type'] == 'PsAuth'); + return ($provider['type'] == 'openid'); }) ); diff --git a/lib/classes/patch/418RC9PHRAS4007.php b/lib/classes/patch/418RC9PHRAS4007.php new file mode 100644 index 0000000000..e83576314d --- /dev/null +++ b/lib/classes/patch/418RC9PHRAS4007.php @@ -0,0 +1,97 @@ +release; + } + + /** + * {@inheritdoc} + */ + public function getDoctrineMigrations() + { + return []; + } + + /** + * {@inheritdoc} + */ + public function require_all_upgrades() + { + return false; + } + + /** + * {@inheritdoc} + */ + public function concern() + { + return $this->concern; + } + + /** + * {@inheritdoc} + */ + public function apply(base $base, Application $app) + { + if ($base->get_base_type() === base::DATA_BOX) { + $this->patch_databox($base, $app); + } elseif ($base->get_base_type() === base::APPLICATION_BOX) { + $this->patch_appbox($base, $app); + } + + return true; + } + + private function patch_databox(databox $databox, Application $app) + { + } + + private function patch_appbox(base $appbox, Application $app) + { + /** @var PropertyAccess $conf */ + $conf = $app['conf']; + + $providers = $conf->get(['authentication', 'providers']); + $providersType = array_column($app['conf']->get(['authentication', 'providers']), 'type'); + + // set an example of setting if not exist + if (!in_array('openid', $providersType)) { + $providers['openid-1'] = [ + 'enabled' => false, + 'display' => false, + 'title' => 'openid 1', + 'type' => 'openid', + 'options' => [ + 'client-id' => 'client_id', + 'client-secret' => 'client_secret', + 'base-url' => 'https://keycloak.phrasea.local', + 'realm-name' => 'phrasea', + 'icon-uri' => null, + 'birth-group' => '_firstlog', + 'everyone-group' => '_everyone', + 'metamodel' => '_metamodel', + 'model-gpfx' => '_M_', + 'model-upfx' => '_U_', + 'auto-logout' => false + ] + ]; + + $conf->set(['authentication', 'providers'], $providers); + } + } +} diff --git a/lib/conf.d/configuration.yml b/lib/conf.d/configuration.yml index 7d4f72dc12..29f7c8d5c3 100644 --- a/lib/conf.d/configuration.yml +++ b/lib/conf.d/configuration.yml @@ -228,26 +228,24 @@ authentication: options: client-id: '' client-secret: '' - ps_auth_1: + openid-1: enabled: false display: false - title: 'PS Auth 1' - type: 'ps-auth' + title: 'openid 1' + type: openid options: client-id: '' client-secret: '' - base-url: 'https://api-auth.phrasea.local' - provider-type: 'oauth' - provider-name: 'v2' - icon-uri: null, - debug: false, - birth-group: '_firstlog' - everyone-group: '_everyone' - metamodel: '_metamodel' - model-gpfx: '_M_' - model-upfx: '_U_' + base-url: 'https://keycloak.phrasea.local' + realm-name: phrasea + icon-uri: null + birth-group: _firstlog + everyone-group: _everyone + metamodel: _metamodel + model-gpfx: _M_ + model-upfx: _U_ + debug: false auto-logout: false - auto-connect-idp-name: null registration-fields: - name: company diff --git a/resources/locales/messages.de.xlf b/resources/locales/messages.de.xlf index fc1cf15c35..dc81036292 100644 --- a/resources/locales/messages.de.xlf +++ b/resources/locales/messages.de.xlf @@ -1,14 +1,14 @@ - + - +
The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.
- - + + WorkerManager/Worker/DownloadAsyncWorker.php Form/Configuration/EmailFormType.php Form/Login/PhraseaAuthenticationForm.php @@ -130,12 +130,12 @@ %docs_not_orderable% documents ne peuvent pas etre commandes %docs_not_orderable% Dokumente können nicht bestellt werden - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig %docs_orderable% documents commandes %docs_orderable% bestellte Dokumente - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig %entry_length% documents @@ -196,7 +196,7 @@ Bridge/Dailymotion/element_informations.html.twig - %number% documents<br/>selectionnes + selectionnes]]> ausgewählt]]> Controller/Prod/QueryController.php @@ -645,7 +645,7 @@ Accuse de reception indisponible, vous n'avez pas declare d'adresse email Es ist nicht möglich, eine Empfangsbestätigung zu erhalten. Grund: eine fehlende E-Mail Adresse - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Action Forbidden : You are not the publisher @@ -1098,7 +1098,7 @@ An unexpected error occurred during authentication process, please contact an admin Ein Fehler ist bei Ihre Authentifizierung aufgetreten. Bitte wenden Sie sich an Ihren Systemadministrator - Controller/Root/LoginController.php + Controller/Root/LoginController.php An upload on %bridge_adapter% failed, the resaon is : %reason% @@ -1598,10 +1598,10 @@ By checking this box, you accept %beginning_link% Terms of Use %end_link% Wenn Sie dieses Kästchen anwählen, akzeptieren Sie die %beginning_link% Nutzungsbedingungen %end_link% - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig By default it is available for admins @@ -1759,7 +1759,7 @@ Certains champs sont obligatoires, veuillez les remplir Bitte füllen Sie die erforderlichen Felder aus - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Ces informations sont directement fournies par la norme de metadonnees de ce champ : %norm_name% @@ -1823,7 +1823,7 @@ Civility Anrede - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Clear @@ -2557,7 +2557,7 @@ Form/Configuration/ActionsFormType.php - Display & action settings + Anzeige und Handlung-Einstellungen admin/fields/templates.html.twig @@ -2640,10 +2640,10 @@ Documents indisponibles Dokument(e) nicht verfügbar - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Don't worry, You can modify your configuration later @@ -3206,8 +3206,8 @@ Export Exportieren - Controller/Prod/DownloadController.php - Controller/Prod/DownloadController.php + Controller/Prod/DownloadController.php + Controller/Prod/DownloadController.php Controller/Prod/DoDownloadController.php Controller/Prod/DoDownloadController.php Controller/Prod/LanguageController.php @@ -3776,9 +3776,9 @@ Include Business-fields in caption Geschäftsfelder in Beschriftung enthalten - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Indexable @@ -3953,9 +3953,9 @@ La sous resolution n'est pas disponible pour les documents suivants Unterauflösung für die folgende Dokumente ist nicht verfügbar - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig La taille maximale d'une video est de %duration% minutes. @@ -4094,7 +4094,7 @@ Les documents ne peuvent pas etre exportes Dokumente können nicht heruntergeladen werden web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Les elements ne peuvent etre uploades (problemes de type ou de droit) @@ -5042,7 +5042,7 @@ Phraseanet guest-access is disabled Phraseanet Gast Zugriff ist deaktiviert - Controller/Root/LoginController.php + Controller/Root/LoginController.php Phraseanet may require many binaries. @@ -5571,7 +5571,7 @@ Recevoir un accuse de reception a %my_email% Empfangsbestätigung zu %my_email% bekommen - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Rechercher dans un champ date @@ -6477,7 +6477,7 @@ Success Erfolg - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig api/auth/native_app_access_token.html.twig @@ -6634,7 +6634,7 @@ Terms of Use Nutzungsbedingungen Form/Login/PhraseaRegisterForm.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Terms of service @@ -7046,12 +7046,12 @@ Un document commande Ein bestelltes Dokument - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Un document ne peut etre commande Ein Dokument kann nicht bestellt werden - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Unable to add file to Phraseanet @@ -7067,7 +7067,7 @@ Unable to authenticate with %provider_name% Unmöglich, mit %provider_name% zu authentifizieren - Controller/Root/LoginController.php + Controller/Root/LoginController.php Controller/Api/OAuth2Controller.php @@ -7110,7 +7110,7 @@ Unable to retrieve provider identity unmöglich, Provider Identität abzurufen - Controller/Root/LoginController.php + Controller/Root/LoginController.php Controller/Api/OAuth2Controller.php @@ -7545,7 +7545,7 @@ Vous devez selectionner un type de sous definitions Sie müssen einen Typ von Unterauflösungen auswählen - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Vous devez specifier une adresse email et un mot de passe valides @@ -7570,7 +7570,7 @@ Vous etes maintenant deconnecte. A bientot. Sie sind nun erfolgreich abgemeldet. Bis bald! - Controller/Root/LoginController.php + Controller/Root/LoginController.php Vous n'avez pas assez de droits sur certains elements selectionnes @@ -7639,7 +7639,7 @@ Warning ! Warnung ! - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Warning, this database is not empty @@ -7801,7 +7801,7 @@ You can alternatively receive an email when the download is ready. Alternativ können Sie ein Download Link durch Email erhalten. - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig You can choose only one record @@ -7816,7 +7816,7 @@ You can not directly download more than %max_download% Mo ; time to package all documents is too long Sie können nicht mehr als %max_download% Mo herunterladen. - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig You can not edit this story @@ -7902,7 +7902,7 @@ You must agree to the Terms of Use to continue. Sie müssen die Nutzungsbedingungen akzeptieren, um fortzufahren - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig You must give a destination collection @@ -7989,7 +7989,7 @@ Your identity is not recognized. Ihre Identität wird nicht erkannt - Controller/Root/LoginController.php + Controller/Root/LoginController.php Your install might need to build some sub-definitions @@ -8598,7 +8598,7 @@ Adresse Core/Provider/RegistrationServiceProvider.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig admin/user/registrations.html.twig web/account/account.html.twig @@ -8613,7 +8613,7 @@ PLZ Core/Provider/RegistrationServiceProvider.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig web/account/account.html.twig @@ -8643,7 +8643,7 @@ E-Mail Event/Subscriber/RegistrationSubscriber.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/users.html.twig web/admin/connected-users.html.twig web/admin/editusers.html.twig @@ -8691,7 +8691,7 @@ Core/Provider/RegistrationServiceProvider.php Event/Subscriber/RegistrationSubscriber.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/connected-users.html.twig web/admin/editusers.html.twig admin/user/registrations.html.twig @@ -8713,7 +8713,7 @@ Beruf Core/Provider/RegistrationServiceProvider.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig admin/user/registrations.html.twig web/account/account.html.twig @@ -8724,7 +8724,7 @@ Core/Provider/RegistrationServiceProvider.php Event/Subscriber/RegistrationSubscriber.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig admin/user/registrations.html.twig web/account/account.html.twig @@ -8741,7 +8741,7 @@ Unternehmen Core/Provider/RegistrationServiceProvider.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/users.html.twig web/admin/connected-users.html.twig web/admin/editusers.html.twig @@ -8757,7 +8757,7 @@ admin::compte-utilisateur telephone Telefon Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/connected-users.html.twig web/admin/editusers.html.twig admin/user/registrations.html.twig @@ -8773,7 +8773,7 @@ Ort Core/Provider/RegistrationServiceProvider.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig web/account/account.html.twig @@ -8863,7 +8863,7 @@ admin::compte-utilisateur:sexe: madame Frau Core/Provider/RegistrationServiceProvider.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig web/account/account.html.twig @@ -8871,7 +8871,7 @@ admin::compte-utilisateur:sexe: mademoiselle Core/Provider/RegistrationServiceProvider.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig web/account/account.html.twig @@ -8879,7 +8879,7 @@ admin::compte-utilisateur:sexe: monsieur Herr Core/Provider/RegistrationServiceProvider.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig web/account/account.html.twig @@ -9914,9 +9914,9 @@ Expose Service in Prod aktivieren PhraseanetService/Form/PSExposeConfigurationType.php - - admin:phrasea-service-setting:tab:expose:: auth provider name with type ps-auth - Name des Authentifizierungsanbieters mit Typ ps-auth + + admin:phrasea-service-setting:tab:expose:: auth provider name with type openid + admin:phrasea-service-setting:tab:expose:: auth provider name with type openid PhraseanetService/Form/PSExposeConnectionType.php @@ -10153,10 +10153,10 @@ Abbrechen Controller/Prod/LanguageController.php Controller/Prod/LanguageController.php - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/thesaurus/export-text-dialog.html.twig web/thesaurus/import-dialog.html.twig web/thesaurus/thesaurus.html.twig @@ -10214,7 +10214,7 @@ boutton::commander Bestellen - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig boutton::creer @@ -10242,13 +10242,13 @@ boutton::envoyer Senden - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig boutton::essayer probieren - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig boutton::fermer @@ -10404,7 +10404,7 @@ boutton::telecharger Download - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/lightbox/sc_options_box.html.twig web/lightbox/feed_options_box.html.twig @@ -10624,12 +10624,12 @@ commande::deadline Termin - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig commande::utilisation prevue Verwendungszweck - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig prod/orders/order_item.html.twig @@ -10922,7 +10922,7 @@ export:: FTP FTP web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export:: commande @@ -10933,7 +10933,7 @@ export:: envoi par mail E-Mail web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export:: erreur : aucun document selectionne @@ -10944,12 +10944,12 @@ export:: telechargement Download web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export::export-email: email-invalid Das Format der Email Adresse scheint falsch zu sein - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export::ftp: reglages manuels @@ -10959,18 +10959,18 @@ export::mail: contenu du mail Textinhalt - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export::mail: destinataire zu - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export::mail: fichiers joint E-Mail Anhänge - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export::titre: nom original du document @@ -10985,12 +10985,12 @@ export:email:: acknowledgement info Empfangbestätigungen schaffen nur, wenn der Empfänger diese Funktion zulässt - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export:email:info:: email addresses separated by commas E-Mail Adressen durch Kommas getrennt - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig expose:: Choose a profile where to store mapping @@ -11562,18 +11562,18 @@ login::erreur: Erreur d'authentification Anmeldefehler - Controller/Root/LoginController.php + Controller/Root/LoginController.php Controller/Api/OAuth2Controller.php login::erreur: No available connection - Please contact sys-admin Fehler: Keine verfügbare Verbindung - Bitte kontaktieren Sie den Administrator - Controller/Root/LoginController.php + Controller/Root/LoginController.php login::erreur: Vous n'avez pas confirme votre email Zugriff nicht möglich. Sie haben Ihre E-Mail Adresse noch nicht bestätigt - Controller/Root/LoginController.php + Controller/Root/LoginController.php login::notification: Changements enregistres @@ -12384,7 +12384,7 @@ phraseanet:: prereglages Voreinstellungen - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig phraseanet:: presse-papier @@ -12468,7 +12468,7 @@ Controller/Root/AccountController.php - phraseanet::account: << your account can be deleted via admin interface >> + >]]> Ihr Benutzerkonto kann nur durch die Administration Anwendung gelöscht werden. web/account/account.html.twig @@ -13156,14 +13156,14 @@ prod::download: delete-marking-stamp prod::download: delete-marking-stamp - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig prod::download: report as spreadsheet Exceltabelle - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig prod::edit cannot edit multiple stories @@ -14628,7 +14628,7 @@ Vorsicht: die aktuelle Werte werden durch die neue Werte überschrieben reponses::document sans titre ohne Titel - classes/record/adapter.php + classes/record/adapter.php report:: (connexions) @@ -15630,7 +15630,7 @@ Vorsicht: die aktuelle Werte werden durch die neue Werte überschrieben web/thesaurus/thesaurus.html.twig - thesaurus:: Supprimer cette branche ?&#10;(les termes concernes remonteront en candidats a la prochaine indexation) + web/thesaurus/thesaurus.html.twig diff --git a/resources/locales/messages.en.xlf b/resources/locales/messages.en.xlf index 2c651a4f48..7628c47c46 100644 --- a/resources/locales/messages.en.xlf +++ b/resources/locales/messages.en.xlf @@ -1,14 +1,14 @@ - + - +
The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.
- - + + WorkerManager/Worker/DownloadAsyncWorker.php Form/Configuration/EmailFormType.php Form/Login/PhraseaAuthenticationForm.php @@ -130,12 +130,12 @@ %docs_not_orderable% documents ne peuvent pas etre commandes %docs_not_orderable% document(s) can't be ordered - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig %docs_orderable% documents commandes %docs_orderable% ordered document(s) - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig %entry_length% documents @@ -196,7 +196,7 @@ Bridge/Dailymotion/element_informations.html.twig - %number% documents<br/>selectionnes + selectionnes]]> selected]]> Controller/Prod/QueryController.php @@ -645,7 +645,7 @@ Accuse de reception indisponible, vous n'avez pas declare d'adresse email Unable to send an acknowledgement: Missing e-mail address. - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Action Forbidden : You are not the publisher @@ -1099,7 +1099,7 @@ An unexpected error occurred during authentication process, please contact an admin An unexpected error has occured during authentication process. Please contact an admin - Controller/Root/LoginController.php + Controller/Root/LoginController.php An upload on %bridge_adapter% failed, the resaon is : %reason% @@ -1599,10 +1599,10 @@ By checking this box, you accept %beginning_link% Terms of Use %end_link% By checking this box, you have read and agree to the %beginning_link% Terms of Use %end_link% - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig By default it is available for admins @@ -1760,7 +1760,7 @@ Certains champs sont obligatoires, veuillez les remplir Some fields must be completed - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Ces informations sont directement fournies par la norme de metadonnees de ce champ : %norm_name% @@ -1824,7 +1824,7 @@ Civility Title - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Clear @@ -2559,7 +2559,7 @@ Form/Configuration/ActionsFormType.php - Display & action settings + Display and action settings admin/fields/templates.html.twig @@ -2642,10 +2642,10 @@ Documents indisponibles Document(s) unavailable - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Don't worry, You can modify your configuration later @@ -3208,8 +3208,8 @@ Export Export - Controller/Prod/DownloadController.php - Controller/Prod/DownloadController.php + Controller/Prod/DownloadController.php + Controller/Prod/DownloadController.php Controller/Prod/DoDownloadController.php Controller/Prod/DoDownloadController.php Controller/Prod/LanguageController.php @@ -3778,9 +3778,9 @@ Include Business-fields in caption Include Business fields in captions - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Indexable @@ -3955,9 +3955,9 @@ La sous resolution n'est pas disponible pour les documents suivants Subviews unavailable for the following document(s) - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig La taille maximale d'une video est de %duration% minutes. @@ -4096,7 +4096,7 @@ Les documents ne peuvent pas etre exportes Documents can not be downloaded web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Les elements ne peuvent etre uploades (problemes de type ou de droit) @@ -5044,7 +5044,7 @@ Phraseanet guest-access is disabled Phraseanet guest-access is disabled. - Controller/Root/LoginController.php + Controller/Root/LoginController.php Phraseanet may require many binaries. @@ -5573,7 +5573,7 @@ Recevoir un accuse de reception a %my_email% Receive an acknowledgement at %my_email% - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Rechercher dans un champ date @@ -6479,7 +6479,7 @@ Success Success - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig api/auth/native_app_access_token.html.twig @@ -6636,7 +6636,7 @@ Terms of Use Terms of use Form/Login/PhraseaRegisterForm.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Terms of service @@ -7048,12 +7048,12 @@ Un document commande One document ordered. - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Un document ne peut etre commande One document can not be ordered. - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Unable to add file to Phraseanet @@ -7069,7 +7069,7 @@ Unable to authenticate with %provider_name% Unable to authenticate with %provider_name% - Controller/Root/LoginController.php + Controller/Root/LoginController.php Controller/Api/OAuth2Controller.php @@ -7112,7 +7112,7 @@ Unable to retrieve provider identity Unable to retrieve provider identity. - Controller/Root/LoginController.php + Controller/Root/LoginController.php Controller/Api/OAuth2Controller.php @@ -7547,7 +7547,7 @@ Vous devez selectionner un type de sous definitions Select type of subviews - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Vous devez specifier une adresse email et un mot de passe valides @@ -7572,7 +7572,7 @@ Vous etes maintenant deconnecte. A bientot. You are now disconnected. See you soon. - Controller/Root/LoginController.php + Controller/Root/LoginController.php Vous n'avez pas assez de droits sur certains elements selectionnes @@ -7641,7 +7641,7 @@ Warning ! Warning! - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Warning, this database is not empty @@ -7803,7 +7803,7 @@ You can alternatively receive an email when the download is ready. Alternatively, you can receive a download link by email? - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig You can choose only one record @@ -7818,7 +7818,7 @@ You can not directly download more than %max_download% Mo ; time to package all documents is too long You can't directly download more than %max_download% Mo. - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig You can not edit this story @@ -7904,7 +7904,7 @@ You must agree to the Terms of Use to continue. You must accept the Terms of Use to continue. - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig You must give a destination collection @@ -7991,7 +7991,7 @@ Your identity is not recognized. Your identity is not recognized. - Controller/Root/LoginController.php + Controller/Root/LoginController.php Your install might need to build some sub-definitions @@ -8600,7 +8600,7 @@ Address Core/Provider/RegistrationServiceProvider.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig admin/user/registrations.html.twig web/account/account.html.twig @@ -8615,7 +8615,7 @@ Zip code Core/Provider/RegistrationServiceProvider.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig web/account/account.html.twig @@ -8645,7 +8645,7 @@ E-mail Event/Subscriber/RegistrationSubscriber.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/users.html.twig web/admin/connected-users.html.twig web/admin/editusers.html.twig @@ -8693,7 +8693,7 @@ Core/Provider/RegistrationServiceProvider.php Event/Subscriber/RegistrationSubscriber.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/connected-users.html.twig web/admin/editusers.html.twig admin/user/registrations.html.twig @@ -8715,7 +8715,7 @@ Job Core/Provider/RegistrationServiceProvider.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig admin/user/registrations.html.twig web/account/account.html.twig @@ -8726,7 +8726,7 @@ Core/Provider/RegistrationServiceProvider.php Event/Subscriber/RegistrationSubscriber.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig admin/user/registrations.html.twig web/account/account.html.twig @@ -8743,7 +8743,7 @@ Company Core/Provider/RegistrationServiceProvider.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/users.html.twig web/admin/connected-users.html.twig web/admin/editusers.html.twig @@ -8759,7 +8759,7 @@ admin::compte-utilisateur telephone Phone Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/connected-users.html.twig web/admin/editusers.html.twig admin/user/registrations.html.twig @@ -8775,7 +8775,7 @@ City Core/Provider/RegistrationServiceProvider.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig web/account/account.html.twig @@ -8865,7 +8865,7 @@ admin::compte-utilisateur:sexe: madame Mrs. Core/Provider/RegistrationServiceProvider.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig web/account/account.html.twig @@ -8873,7 +8873,7 @@ admin::compte-utilisateur:sexe: mademoiselle Core/Provider/RegistrationServiceProvider.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig web/account/account.html.twig @@ -8881,7 +8881,7 @@ admin::compte-utilisateur:sexe: monsieur Mr. Core/Provider/RegistrationServiceProvider.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig web/account/account.html.twig @@ -9916,9 +9916,9 @@ Display Expose Service in Production PhraseanetService/Form/PSExposeConfigurationType.php - - admin:phrasea-service-setting:tab:expose:: auth provider name with type ps-auth - Auth provider name with type ps-auth + + admin:phrasea-service-setting:tab:expose:: auth provider name with type openid + admin:phrasea-service-setting:tab:expose:: auth provider name with type openid PhraseanetService/Form/PSExposeConnectionType.php @@ -10155,10 +10155,10 @@ Cancel Controller/Prod/LanguageController.php Controller/Prod/LanguageController.php - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/thesaurus/export-text-dialog.html.twig web/thesaurus/import-dialog.html.twig web/thesaurus/thesaurus.html.twig @@ -10216,7 +10216,7 @@ boutton::commander Order - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig boutton::creer @@ -10244,13 +10244,13 @@ boutton::envoyer Send - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig boutton::essayer Try - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig boutton::fermer @@ -10406,7 +10406,7 @@ boutton::telecharger Download - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/lightbox/sc_options_box.html.twig web/lightbox/feed_options_box.html.twig @@ -10626,12 +10626,12 @@ commande::deadline Deadline - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig commande::utilisation prevue Intended use - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig prod/orders/order_item.html.twig @@ -10924,7 +10924,7 @@ export:: FTP FTP web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export:: commande @@ -10935,7 +10935,7 @@ export:: envoi par mail E-Mail web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export:: erreur : aucun document selectionne @@ -10946,12 +10946,12 @@ export:: telechargement Download web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export::export-email: email-invalid The email address format seems incorrect - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export::ftp: reglages manuels @@ -10961,18 +10961,18 @@ export::mail: contenu du mail Content - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export::mail: destinataire To - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export::mail: fichiers joint Attachment(s) - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export::titre: nom original du document @@ -10987,12 +10987,12 @@ export:email:: acknowledgement info Acknowledgments only work if the recipient allows this feature - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export:email:info:: email addresses separated by commas Email addresses must be separated by commas - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig expose:: Choose a profile where to store mapping @@ -11564,18 +11564,18 @@ login::erreur: Erreur d'authentification Authentication error - Controller/Root/LoginController.php + Controller/Root/LoginController.php Controller/Api/OAuth2Controller.php login::erreur: No available connection - Please contact sys-admin No available connection. Please contact system administrator - Controller/Root/LoginController.php + Controller/Root/LoginController.php login::erreur: Vous n'avez pas confirme votre email Access denied, you have not confirmed your e-mail address. - Controller/Root/LoginController.php + Controller/Root/LoginController.php login::notification: Changements enregistres @@ -12386,7 +12386,7 @@ phraseanet:: prereglages Presets - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig phraseanet:: presse-papier @@ -12470,7 +12470,7 @@ Controller/Root/AccountController.php - phraseanet::account: << your account can be deleted via admin interface >> + >]]> Your rights do not allow to perform this action. Your account can only be deleted via the Administration interface. web/account/account.html.twig @@ -13158,14 +13158,14 @@ prod::download: delete-marking-stamp prod::download: delete-marking-stamp - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig prod::download: report as spreadsheet Excel spreadsheet - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig prod::edit cannot edit multiple stories @@ -14633,7 +14633,7 @@ It is possible to place several search areas reponses::document sans titre Untitled - classes/record/adapter.php + classes/record/adapter.php report:: (connexions) @@ -15635,7 +15635,7 @@ It is possible to place several search areas web/thesaurus/thesaurus.html.twig - thesaurus:: Supprimer cette branche ?&#10;(les termes concernes remonteront en candidats a la prochaine indexation) + web/thesaurus/thesaurus.html.twig diff --git a/resources/locales/messages.fr.xlf b/resources/locales/messages.fr.xlf index 43d6f1617c..1ea49e6352 100644 --- a/resources/locales/messages.fr.xlf +++ b/resources/locales/messages.fr.xlf @@ -1,14 +1,14 @@ - + - +
The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message.
- - + + WorkerManager/Worker/DownloadAsyncWorker.php Form/Configuration/EmailFormType.php Form/Login/PhraseaAuthenticationForm.php @@ -130,12 +130,12 @@ %docs_not_orderable% documents ne peuvent pas etre commandes %docs_not_orderable% documents ne peuvent être commandés - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig %docs_orderable% documents commandes %docs_orderable% documents commandés - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig %entry_length% documents @@ -196,7 +196,7 @@ Bridge/Dailymotion/element_informations.html.twig - %number% documents<br/>selectionnes + selectionnes]]> sélectionnés]]> Controller/Prod/QueryController.php @@ -645,7 +645,7 @@ Accuse de reception indisponible, vous n'avez pas declare d'adresse email Accusé de réception indisponible; vous n'avez pas déclaré d'adresse e-mail - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Action Forbidden : You are not the publisher @@ -1098,7 +1098,7 @@ An unexpected error occurred during authentication process, please contact an admin Une erreur est survenue lors de l'authentification. Veuillez contacter un Administrateur - Controller/Root/LoginController.php + Controller/Root/LoginController.php An upload on %bridge_adapter% failed, the resaon is : %reason% @@ -1598,10 +1598,10 @@ By checking this box, you accept %beginning_link% Terms of Use %end_link% En cochant cette case, vous acceptez les %beginning_link% conditions générales d'utilisation %end_link% - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig By default it is available for admins @@ -1759,7 +1759,7 @@ Certains champs sont obligatoires, veuillez les remplir Certains champs sont obligatoires, veuillez les compléter - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Ces informations sont directement fournies par la norme de metadonnees de ce champ : %norm_name% @@ -1823,7 +1823,7 @@ Civility Civilité - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Clear @@ -2557,7 +2557,7 @@ Form/Configuration/ActionsFormType.php - Display & action settings + Paramétrage d'affichage et d'action admin/fields/templates.html.twig @@ -2640,10 +2640,10 @@ Documents indisponibles Documents indisponibles - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Don't worry, You can modify your configuration later @@ -3206,8 +3206,8 @@ Export Exporter - Controller/Prod/DownloadController.php - Controller/Prod/DownloadController.php + Controller/Prod/DownloadController.php + Controller/Prod/DownloadController.php Controller/Prod/DoDownloadController.php Controller/Prod/DoDownloadController.php Controller/Prod/LanguageController.php @@ -3776,9 +3776,9 @@ Include Business-fields in caption Inclure les champs métier dans la notice - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Indexable @@ -3953,9 +3953,9 @@ La sous resolution n'est pas disponible pour les documents suivants La sous-résolution n'est pas disponible pour les documents suivants - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig La taille maximale d'une video est de %duration% minutes. @@ -4094,7 +4094,7 @@ Les documents ne peuvent pas etre exportes Les documents ne peuvent pas être exportés web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Les elements ne peuvent etre uploades (problemes de type ou de droit) @@ -5042,7 +5042,7 @@ Phraseanet guest-access is disabled L'accès invité de Phraseanet est désactivé. - Controller/Root/LoginController.php + Controller/Root/LoginController.php Phraseanet may require many binaries. @@ -5571,7 +5571,7 @@ Recevoir un accuse de reception a %my_email% Demander un accusé de réception à transmettre à l'adresse %my_email% - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Rechercher dans un champ date @@ -6477,7 +6477,7 @@ Success Succès - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig api/auth/native_app_access_token.html.twig @@ -6634,7 +6634,7 @@ Terms of Use Conditions générales d'utilisation Form/Login/PhraseaRegisterForm.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Terms of service @@ -7046,12 +7046,12 @@ Un document commande Un document commandé. - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Un document ne peut etre commande Un document ne peut être commandé. - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Unable to add file to Phraseanet @@ -7067,7 +7067,7 @@ Unable to authenticate with %provider_name% Impossible de s'authentifier avec %provider_name% - Controller/Root/LoginController.php + Controller/Root/LoginController.php Controller/Api/OAuth2Controller.php @@ -7110,7 +7110,7 @@ Unable to retrieve provider identity Impossible de récupérer l'identité auprès du fournisseur. - Controller/Root/LoginController.php + Controller/Root/LoginController.php Controller/Api/OAuth2Controller.php @@ -7545,7 +7545,7 @@ Vous devez selectionner un type de sous definitions Vous devez sélectionner un type de sous-définitions - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Vous devez specifier une adresse email et un mot de passe valides @@ -7570,7 +7570,7 @@ Vous etes maintenant deconnecte. A bientot. Vous êtes maintenant déconnecté. A bientôt. - Controller/Root/LoginController.php + Controller/Root/LoginController.php Vous n'avez pas assez de droits sur certains elements selectionnes @@ -7639,7 +7639,7 @@ Warning ! Attention ! - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Warning, this database is not empty @@ -7801,7 +7801,7 @@ You can alternatively receive an email when the download is ready. Alternativement, vous pouvez recevoir un lien de téléchargement par email ? - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig You can choose only one record @@ -7816,7 +7816,7 @@ You can not directly download more than %max_download% Mo ; time to package all documents is too long Vous ne pouvez pas télécharger directement plus de %max_download% Mo de données. - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig You can not edit this story @@ -7902,7 +7902,7 @@ You must agree to the Terms of Use to continue. Vous devez accepter les conditions générales d'utilisation pour poursuivre. - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig You must give a destination collection @@ -7989,7 +7989,7 @@ Your identity is not recognized. Votre identité n'est pas reconnue. - Controller/Root/LoginController.php + Controller/Root/LoginController.php Your install might need to build some sub-definitions @@ -8598,7 +8598,7 @@ Adresse Core/Provider/RegistrationServiceProvider.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig admin/user/registrations.html.twig web/account/account.html.twig @@ -8613,7 +8613,7 @@ Code postal Core/Provider/RegistrationServiceProvider.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig web/account/account.html.twig @@ -8643,7 +8643,7 @@ E-mail Event/Subscriber/RegistrationSubscriber.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/users.html.twig web/admin/connected-users.html.twig web/admin/editusers.html.twig @@ -8691,7 +8691,7 @@ Core/Provider/RegistrationServiceProvider.php Event/Subscriber/RegistrationSubscriber.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/connected-users.html.twig web/admin/editusers.html.twig admin/user/registrations.html.twig @@ -8713,7 +8713,7 @@ Poste Core/Provider/RegistrationServiceProvider.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig admin/user/registrations.html.twig web/account/account.html.twig @@ -8724,7 +8724,7 @@ Core/Provider/RegistrationServiceProvider.php Event/Subscriber/RegistrationSubscriber.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig admin/user/registrations.html.twig web/account/account.html.twig @@ -8741,7 +8741,7 @@ Société Core/Provider/RegistrationServiceProvider.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/users.html.twig web/admin/connected-users.html.twig web/admin/editusers.html.twig @@ -8757,7 +8757,7 @@ admin::compte-utilisateur telephone Téléphone Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/connected-users.html.twig web/admin/editusers.html.twig admin/user/registrations.html.twig @@ -8773,7 +8773,7 @@ Ville Core/Provider/RegistrationServiceProvider.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig web/account/account.html.twig @@ -8864,7 +8864,7 @@ Si vous recevez cet e-mail sans l'avoir sollicité, merci de l'ignorer ou de le admin::compte-utilisateur:sexe: madame Mme Core/Provider/RegistrationServiceProvider.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig web/account/account.html.twig @@ -8872,7 +8872,7 @@ Si vous recevez cet e-mail sans l'avoir sollicité, merci de l'ignorer ou de le admin::compte-utilisateur:sexe: mademoiselle Core/Provider/RegistrationServiceProvider.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig web/account/account.html.twig @@ -8880,7 +8880,7 @@ Si vous recevez cet e-mail sans l'avoir sollicité, merci de l'ignorer ou de le admin::compte-utilisateur:sexe: monsieur M. Core/Provider/RegistrationServiceProvider.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig web/account/account.html.twig @@ -9915,9 +9915,9 @@ Si vous recevez cet e-mail sans l'avoir sollicité, merci de l'ignorer ou de le Activer Expose Service dans Production PhraseanetService/Form/PSExposeConfigurationType.php - - admin:phrasea-service-setting:tab:expose:: auth provider name with type ps-auth - Nom du Auth provider de type ps-auth + + admin:phrasea-service-setting:tab:expose:: auth provider name with type openid + admin:phrasea-service-setting:tab:expose:: auth provider name with type openid PhraseanetService/Form/PSExposeConnectionType.php @@ -10154,10 +10154,10 @@ Si vous recevez cet e-mail sans l'avoir sollicité, merci de l'ignorer ou de le Annuler Controller/Prod/LanguageController.php Controller/Prod/LanguageController.php - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/thesaurus/export-text-dialog.html.twig web/thesaurus/import-dialog.html.twig web/thesaurus/thesaurus.html.twig @@ -10215,7 +10215,7 @@ Si vous recevez cet e-mail sans l'avoir sollicité, merci de l'ignorer ou de le boutton::commander Commander - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig boutton::creer @@ -10243,13 +10243,13 @@ Si vous recevez cet e-mail sans l'avoir sollicité, merci de l'ignorer ou de le boutton::envoyer Envoyer - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig boutton::essayer Essayer - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig boutton::fermer @@ -10405,7 +10405,7 @@ Si vous recevez cet e-mail sans l'avoir sollicité, merci de l'ignorer ou de le boutton::telecharger Télécharger - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/lightbox/sc_options_box.html.twig web/lightbox/feed_options_box.html.twig @@ -10625,12 +10625,12 @@ Si vous recevez cet e-mail sans l'avoir sollicité, merci de l'ignorer ou de le commande::deadline Date limite - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig commande::utilisation prevue Utilisation prévue - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig prod/orders/order_item.html.twig @@ -10923,7 +10923,7 @@ Si vous recevez cet e-mail sans l'avoir sollicité, merci de l'ignorer ou de le export:: FTP FTP web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export:: commande @@ -10934,7 +10934,7 @@ Si vous recevez cet e-mail sans l'avoir sollicité, merci de l'ignorer ou de le export:: envoi par mail E-Mail web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export:: erreur : aucun document selectionne @@ -10945,12 +10945,12 @@ Si vous recevez cet e-mail sans l'avoir sollicité, merci de l'ignorer ou de le export:: telechargement Téléchargement web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export::export-email: email-invalid Email invalide - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export::ftp: reglages manuels @@ -10960,18 +10960,18 @@ Si vous recevez cet e-mail sans l'avoir sollicité, merci de l'ignorer ou de le export::mail: contenu du mail Texte - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export::mail: destinataire A - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export::mail: fichiers joint Fichier(s) joint(s) - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export::titre: nom original du document @@ -10986,12 +10986,12 @@ Si vous recevez cet e-mail sans l'avoir sollicité, merci de l'ignorer ou de le export:email:: acknowledgement info Les accusés de réception ne fonctionnent que si le destinataire autorise cette fonctionnalité - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export:email:info:: email addresses separated by commas Ajouter les adresses email en les séparant par une virgule - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig expose:: Choose a profile where to store mapping @@ -11563,18 +11563,18 @@ Si vous recevez cet e-mail sans l'avoir sollicité, merci de l'ignorer ou de le login::erreur: Erreur d'authentification Erreur d'authentification - Controller/Root/LoginController.php + Controller/Root/LoginController.php Controller/Api/OAuth2Controller.php login::erreur: No available connection - Please contact sys-admin Connexion impossible, contactez un administrateur système - Controller/Root/LoginController.php + Controller/Root/LoginController.php login::erreur: Vous n'avez pas confirme votre email Accès impossible, vous n'avez pas confirmé votre adresse e-mail. - Controller/Root/LoginController.php + Controller/Root/LoginController.php login::notification: Changements enregistres @@ -12385,7 +12385,7 @@ Si vous recevez cet e-mail sans l'avoir sollicité, merci de l'ignorer ou de le phraseanet:: prereglages Préréglages - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig phraseanet:: presse-papier @@ -12469,7 +12469,7 @@ Si vous recevez cet e-mail sans l'avoir sollicité, merci de l'ignorer ou de le Controller/Root/AccountController.php - phraseanet::account: << your account can be deleted via admin interface >> + >]]> Vos droits ne vous permettent pas de réaliser cette action, votre compte ne peut être supprimé que via l'interface d'Administration. web/account/account.html.twig @@ -13157,14 +13157,14 @@ Si vous recevez cet e-mail sans l'avoir sollicité, merci de l'ignorer ou de le prod::download: delete-marking-stamp prod::download: delete-marking-stamp - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig prod::download: report as spreadsheet Tableau Excel - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig prod::edit cannot edit multiple stories @@ -14637,7 +14637,7 @@ Attention: les valeurs actuellement en place seront écrasées par ces nouvelles reponses::document sans titre Sans titre - classes/record/adapter.php + classes/record/adapter.php report:: (connexions) @@ -15639,7 +15639,7 @@ Attention: les valeurs actuellement en place seront écrasées par ces nouvelles web/thesaurus/thesaurus.html.twig - thesaurus:: Supprimer cette branche ?&#10;(les termes concernes remonteront en candidats a la prochaine indexation) + web/thesaurus/thesaurus.html.twig diff --git a/resources/locales/messages.nl.xlf b/resources/locales/messages.nl.xlf index 50cba8b353..a12f1664e6 100644 --- a/resources/locales/messages.nl.xlf +++ b/resources/locales/messages.nl.xlf @@ -1,6 +1,6 @@ - +
The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message. @@ -130,12 +130,12 @@ %docs_not_orderable% documents ne peuvent pas etre commandes %docs_not_orderable% documenten kunnen niet worden besteld - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig %docs_orderable% documents commandes %docs_orderable% documenten besteld - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig %entry_length% documents @@ -645,7 +645,7 @@ Accuse de reception indisponible, vous n'avez pas declare d'adresse email Ontvangstbevestiging niet beschikbaar is, u hebt geen emailadres opgegeven - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Action Forbidden : You are not the publisher @@ -1099,7 +1099,7 @@ An unexpected error occurred during authentication process, please contact an admin An unexpected error occurred during authentication process, please contact an admin - Controller/Root/LoginController.php + Controller/Root/LoginController.php An upload on %bridge_adapter% failed, the resaon is : %reason% @@ -1599,10 +1599,10 @@ By checking this box, you accept %beginning_link% Terms of Use %end_link% Door deze optie aan te klikken aanvaardt u %beginning_link% Gebruiksvoorwaarden %end_link% - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig By default it is available for admins @@ -1760,7 +1760,7 @@ Certains champs sont obligatoires, veuillez les remplir Sommige velden zijn verplicht, wilt u ze invullen - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Ces informations sont directement fournies par la norme de metadonnees de ce champ : %norm_name% @@ -1826,7 +1826,7 @@ Civility Beleefdheid - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Clear @@ -2644,10 +2644,10 @@ Documents indisponibles Documenten niet beschikbaar - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Don't worry, You can modify your configuration later @@ -3213,8 +3213,8 @@ Export Exporteer - Controller/Prod/DownloadController.php - Controller/Prod/DownloadController.php + Controller/Prod/DownloadController.php + Controller/Prod/DownloadController.php Controller/Prod/DoDownloadController.php Controller/Prod/DoDownloadController.php Controller/Prod/LanguageController.php @@ -3783,9 +3783,9 @@ Include Business-fields in caption Business-fields opnemen in caption - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Indexable @@ -3960,9 +3960,9 @@ La sous resolution n'est pas disponible pour les documents suivants De onder resolutie is niet beschikbaar voor de volgende documenten - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig La taille maximale d'une video est de %duration% minutes. @@ -4101,7 +4101,7 @@ Les documents ne peuvent pas etre exportes De documenten kunnen niet worden geëxporteerd web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Les elements ne peuvent etre uploades (problemes de type ou de droit) @@ -5049,7 +5049,7 @@ Phraseanet guest-access is disabled Gast toegang voor Phraseanet is niet actief - Controller/Root/LoginController.php + Controller/Root/LoginController.php Phraseanet may require many binaries. @@ -5578,7 +5578,7 @@ Recevoir un accuse de reception a %my_email% Ontvangen van een bevestigingsmail van ontvangst van %my_email% - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Rechercher dans un champ date @@ -6484,7 +6484,7 @@ Success Gelukt - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig api/auth/native_app_access_token.html.twig @@ -6641,7 +6641,7 @@ Terms of Use Gebruiksvoorwaarden Form/Login/PhraseaRegisterForm.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Terms of service @@ -7053,12 +7053,12 @@ Un document commande Een document bestelling - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Un document ne peut etre commande Eén document kan niet worden besteld - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Unable to add file to Phraseanet @@ -7074,7 +7074,7 @@ Unable to authenticate with %provider_name% Unable to authenticate with %provider_name% - Controller/Root/LoginController.php + Controller/Root/LoginController.php Controller/Api/OAuth2Controller.php @@ -7117,7 +7117,7 @@ Unable to retrieve provider identity Het is niet mogelijk om de identiteit van de provider te ontvangen - Controller/Root/LoginController.php + Controller/Root/LoginController.php Controller/Api/OAuth2Controller.php @@ -7552,7 +7552,7 @@ Vous devez selectionner un type de sous definitions U moet een type thumbnail selecteren - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Vous devez specifier une adresse email et un mot de passe valides @@ -7577,7 +7577,7 @@ Vous etes maintenant deconnecte. A bientot. U bent nu uitgelogd. Tot later. - Controller/Root/LoginController.php + Controller/Root/LoginController.php Vous n'avez pas assez de droits sur certains elements selectionnes @@ -7646,7 +7646,7 @@ Warning ! Waarschuwing ! - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig Warning, this database is not empty @@ -7808,7 +7808,7 @@ You can alternatively receive an email when the download is ready. Als alternatief kunt u een email ontvangen wanneer de download klaar is. - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig You can choose only one record @@ -7823,7 +7823,7 @@ You can not directly download more than %max_download% Mo ; time to package all documents is too long U kan niet meer dan %max_download% Mb downloaded ; tijd om alle documenten compresseren is te lang - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig You can not edit this story @@ -7909,7 +7909,7 @@ You must agree to the Terms of Use to continue. U moet de gebruiksvoorwaarden aanvaarden. - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig You must give a destination collection @@ -7996,7 +7996,7 @@ Your identity is not recognized. Uw identiteit werd niet herkend - Controller/Root/LoginController.php + Controller/Root/LoginController.php Your install might need to build some sub-definitions @@ -8605,7 +8605,7 @@ Adres Core/Provider/RegistrationServiceProvider.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig admin/user/registrations.html.twig web/account/account.html.twig @@ -8620,7 +8620,7 @@ Postcode Core/Provider/RegistrationServiceProvider.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig web/account/account.html.twig @@ -8650,7 +8650,7 @@ Email Event/Subscriber/RegistrationSubscriber.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/users.html.twig web/admin/connected-users.html.twig web/admin/editusers.html.twig @@ -8698,7 +8698,7 @@ Core/Provider/RegistrationServiceProvider.php Event/Subscriber/RegistrationSubscriber.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/connected-users.html.twig web/admin/editusers.html.twig admin/user/registrations.html.twig @@ -8720,7 +8720,7 @@ Postcode Core/Provider/RegistrationServiceProvider.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig admin/user/registrations.html.twig web/account/account.html.twig @@ -8731,7 +8731,7 @@ Core/Provider/RegistrationServiceProvider.php Event/Subscriber/RegistrationSubscriber.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig admin/user/registrations.html.twig web/account/account.html.twig @@ -8748,7 +8748,7 @@ Bedrijf Core/Provider/RegistrationServiceProvider.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/users.html.twig web/admin/connected-users.html.twig web/admin/editusers.html.twig @@ -8764,7 +8764,7 @@ admin::compte-utilisateur telephone Telefoon Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/connected-users.html.twig web/admin/editusers.html.twig admin/user/registrations.html.twig @@ -8780,7 +8780,7 @@ Star Core/Provider/RegistrationServiceProvider.php Controller/Admin/UserController.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig web/account/account.html.twig @@ -8870,7 +8870,7 @@ admin::compte-utilisateur:sexe: madame Mevrouw Core/Provider/RegistrationServiceProvider.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig web/account/account.html.twig @@ -8878,7 +8878,7 @@ admin::compte-utilisateur:sexe: mademoiselle Core/Provider/RegistrationServiceProvider.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig web/account/account.html.twig @@ -8886,7 +8886,7 @@ admin::compte-utilisateur:sexe: monsieur De heer Core/Provider/RegistrationServiceProvider.php - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/admin/editusers.html.twig web/account/account.html.twig @@ -9921,9 +9921,9 @@ admin:phrasea-service-setting:tab:expose:: activate Phraseanet-service expose PhraseanetService/Form/PSExposeConfigurationType.php - - admin:phrasea-service-setting:tab:expose:: auth provider name with type ps-auth - admin:phrasea-service-setting:tab:expose:: auth provider name with type ps-auth + + admin:phrasea-service-setting:tab:expose:: auth provider name with type openid + admin:phrasea-service-setting:tab:expose:: auth provider name with type openid PhraseanetService/Form/PSExposeConnectionType.php @@ -10160,10 +10160,10 @@ Annuleer Controller/Prod/LanguageController.php Controller/Prod/LanguageController.php - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/thesaurus/export-text-dialog.html.twig web/thesaurus/import-dialog.html.twig web/thesaurus/thesaurus.html.twig @@ -10221,7 +10221,7 @@ boutton::commander Bestellen - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig boutton::creer @@ -10249,13 +10249,13 @@ boutton::envoyer Verzenden - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig boutton::essayer Proberen - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig boutton::fermer @@ -10411,7 +10411,7 @@ boutton::telecharger Downloaden - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig web/lightbox/sc_options_box.html.twig web/lightbox/feed_options_box.html.twig @@ -10631,12 +10631,12 @@ commande::deadline Deadline - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig commande::utilisation prevue Utilisation gepland - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig prod/orders/order_item.html.twig @@ -10929,7 +10929,7 @@ export:: FTP FTP web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export:: commande @@ -10940,7 +10940,7 @@ export:: envoi par mail Verstuur per mail web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export:: erreur : aucun document selectionne @@ -10951,12 +10951,12 @@ export:: telechargement Download web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export::export-email: email-invalid export::export-email: email-invalid - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export::ftp: reglages manuels @@ -10966,18 +10966,18 @@ export::mail: contenu du mail Inhoud van de mail - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export::mail: destinataire Bestemmeling - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export::mail: fichiers joint Toegevoegde bestanden - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export::titre: nom original du document @@ -10992,12 +10992,12 @@ export:email:: acknowledgement info export:email:: acknowledgement info - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig export:email:info:: email addresses separated by commas export:email:info:: email addresses separated by commas - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig expose:: Choose a profile where to store mapping @@ -11569,18 +11569,18 @@ login::erreur: Erreur d'authentification Verificatiefout - Controller/Root/LoginController.php + Controller/Root/LoginController.php Controller/Api/OAuth2Controller.php login::erreur: No available connection - Please contact sys-admin Geen beschikbare verbinding - Neem contact op met sys-admin - Controller/Root/LoginController.php + Controller/Root/LoginController.php login::erreur: Vous n'avez pas confirme votre email U hebt uw email adres niet bevestigd - Controller/Root/LoginController.php + Controller/Root/LoginController.php login::notification: Changements enregistres @@ -12391,7 +12391,7 @@ phraseanet:: prereglages Voorinstellingen - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig phraseanet:: presse-papier @@ -13163,14 +13163,14 @@ prod::download: delete-marking-stamp prod::download: delete-marking-stamp - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig + web/common/dialog_export.html.twig prod::download: report as spreadsheet prod::download: report as spreadsheet - web/common/dialog_export.html.twig + web/common/dialog_export.html.twig prod::edit cannot edit multiple stories @@ -14634,7 +14634,7 @@ reponses::document sans titre Documenten zonder titel - classes/record/adapter.php + classes/record/adapter.php report:: (connexions) diff --git a/resources/locales/validators.de.xlf b/resources/locales/validators.de.xlf index f9aefc1ac7..2c156417d2 100644 --- a/resources/locales/validators.de.xlf +++ b/resources/locales/validators.de.xlf @@ -1,6 +1,6 @@ - +
The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message. diff --git a/resources/locales/validators.en.xlf b/resources/locales/validators.en.xlf index b0c65338a4..4b053e67f4 100644 --- a/resources/locales/validators.en.xlf +++ b/resources/locales/validators.en.xlf @@ -1,6 +1,6 @@ - +
The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message. diff --git a/resources/locales/validators.fr.xlf b/resources/locales/validators.fr.xlf index 951ff16eef..d374f05454 100644 --- a/resources/locales/validators.fr.xlf +++ b/resources/locales/validators.fr.xlf @@ -1,6 +1,6 @@ - +
The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message. diff --git a/resources/locales/validators.nl.xlf b/resources/locales/validators.nl.xlf index 3e4bbb54f4..e62208ebd1 100644 --- a/resources/locales/validators.nl.xlf +++ b/resources/locales/validators.nl.xlf @@ -1,6 +1,6 @@ - +
The source node in most cases contains the sample message as written by the developer. If it looks like a dot-delimitted string such as "form.label.firstname", then the developer has not provided a default message. diff --git a/tests/Alchemy/Tests/Phrasea/Authentication/Provider/FactoryTest.php b/tests/Alchemy/Tests/Phrasea/Authentication/Provider/FactoryTest.php index 8bbfd4e19b..a197c58409 100644 --- a/tests/Alchemy/Tests/Phrasea/Authentication/Provider/FactoryTest.php +++ b/tests/Alchemy/Tests/Phrasea/Authentication/Provider/FactoryTest.php @@ -98,16 +98,15 @@ public function provideNameAndOptions() 'Alchemy\Phrasea\Authentication\Provider\Viadeo' ], [ - 'ps-auth-foo', - 'ps-auth', + 'openid-foo', + 'openid', [ 'client-id' => 'id', 'client-secret' => 'secret', 'base-url' => 'https://api-auth.phrasea.local', - 'provider-type' => 'oauth', - 'provider-name' => 'v2', + 'realm-name' => 'phrasea', ], - 'Alchemy\Phrasea\Authentication\Provider\PsAuth' + 'Alchemy\Phrasea\Authentication\Provider\Openid' ] ]; } diff --git a/tests/Alchemy/Tests/Phrasea/Core/Configuration/Fixtures/configuration-setup.yml b/tests/Alchemy/Tests/Phrasea/Core/Configuration/Fixtures/configuration-setup.yml index a8640ec782..361cc8135d 100644 --- a/tests/Alchemy/Tests/Phrasea/Core/Configuration/Fixtures/configuration-setup.yml +++ b/tests/Alchemy/Tests/Phrasea/Core/Configuration/Fixtures/configuration-setup.yml @@ -168,17 +168,16 @@ authentication: options: client-id: '' client-secret: '' - ps_auth_1: + openid-1: enabled: false display: false - title: 'PS Auth 1' - type: 'ps-auth' + title: 'openid 1' + type: openid options: client-id: '' client-secret: '' - base-url: 'https://api-auth.phrasea.local' - provider-type: 'oauth' - provider-name: 'v2' + base-url: 'https://keycloak.phrasea.local' + realm-name: phrasea icon-uri: null registration-fields: - diff --git a/tests/Alchemy/Tests/Phrasea/Core/Configuration/Fixtures/configuration-with-hosts.yml b/tests/Alchemy/Tests/Phrasea/Core/Configuration/Fixtures/configuration-with-hosts.yml index 98664321ff..55d047e364 100644 --- a/tests/Alchemy/Tests/Phrasea/Core/Configuration/Fixtures/configuration-with-hosts.yml +++ b/tests/Alchemy/Tests/Phrasea/Core/Configuration/Fixtures/configuration-with-hosts.yml @@ -183,17 +183,16 @@ authentication: options: client-id: '' client-secret: '' - ps_auth_1: + openid-1: enabled: false display: false - title: 'PS Auth 1' - type: 'ps-auth' + title: 'openid 1' + type: openid options: client-id: '' client-secret: '' - base-url: 'https://api-auth.phrasea.local' - provider-type: 'oauth' - provider-name: 'v2' + base-url: 'https://keycloak.phrasea.local' + realm-name: phrasea icon-uri: null registration-fields: - diff --git a/tests/Alchemy/Tests/Phrasea/Core/Configuration/Fixtures/configuration.yml b/tests/Alchemy/Tests/Phrasea/Core/Configuration/Fixtures/configuration.yml index a8640ec782..361cc8135d 100644 --- a/tests/Alchemy/Tests/Phrasea/Core/Configuration/Fixtures/configuration.yml +++ b/tests/Alchemy/Tests/Phrasea/Core/Configuration/Fixtures/configuration.yml @@ -168,17 +168,16 @@ authentication: options: client-id: '' client-secret: '' - ps_auth_1: + openid-1: enabled: false display: false - title: 'PS Auth 1' - type: 'ps-auth' + title: 'openid 1' + type: openid options: client-id: '' client-secret: '' - base-url: 'https://api-auth.phrasea.local' - provider-type: 'oauth' - provider-name: 'v2' + base-url: 'https://keycloak.phrasea.local' + realm-name: phrasea icon-uri: null registration-fields: - diff --git a/tests/Alchemy/Tests/Phrasea/Core/Event/Subscriber/Fixtures/configuration-maintenance.yml b/tests/Alchemy/Tests/Phrasea/Core/Event/Subscriber/Fixtures/configuration-maintenance.yml index 0462e20ffa..8ee9599766 100644 --- a/tests/Alchemy/Tests/Phrasea/Core/Event/Subscriber/Fixtures/configuration-maintenance.yml +++ b/tests/Alchemy/Tests/Phrasea/Core/Event/Subscriber/Fixtures/configuration-maintenance.yml @@ -133,17 +133,16 @@ authentication: options: client-id: '' client-secret: '' - ps_auth_1: + openid-1: enabled: false display: false - title: 'PS Auth 1' - type: 'ps-auth' + title: 'openid 1' + type: openid options: client-id: '' client-secret: '' - base-url: 'https://api-auth.phrasea.local' - provider-type: 'oauth' - provider-name: 'v2' + base-url: 'https://keycloak.phrasea.local' + realm-name: phrasea icon-uri: null registration-fields: - diff --git a/tests/Alchemy/Tests/Phrasea/Plugin/Fixtures/PluginDir/TestPlugin/composer.lock b/tests/Alchemy/Tests/Phrasea/Plugin/Fixtures/PluginDir/TestPlugin/composer.lock new file mode 100644 index 0000000000..ebf4705ea7 --- /dev/null +++ b/tests/Alchemy/Tests/Phrasea/Plugin/Fixtures/PluginDir/TestPlugin/composer.lock @@ -0,0 +1,18 @@ +{ + "_readme": [ + "This file locks the dependencies of your project to a known state", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", + "This file is @generated automatically" + ], + "content-hash": "2f3a1ed4816797820ab9fdbc67c25cc8", + "packages": [], + "packages-dev": [], + "aliases": [], + "minimum-stability": "stable", + "stability-flags": [], + "prefer-stable": false, + "prefer-lowest": false, + "platform": [], + "platform-dev": [], + "plugin-api-version": "2.2.0" +} From 132e8fdcacf02505732c00bdba9f9f6ad6419001 Mon Sep 17 00:00:00 2001 From: aynsix Date: Wed, 17 Jan 2024 16:25:11 +0300 Subject: [PATCH 02/10] add readme --- doc/{ => others}/feedback_report.md | 0 doc/others/openid-sso.md | 54 +++++++++++++++++++ doc/{ => others}/stamper.md | 0 .../Authentication/Provider/Openid.php | 2 +- 4 files changed, 55 insertions(+), 1 deletion(-) rename doc/{ => others}/feedback_report.md (100%) create mode 100644 doc/others/openid-sso.md rename doc/{ => others}/stamper.md (100%) diff --git a/doc/feedback_report.md b/doc/others/feedback_report.md similarity index 100% rename from doc/feedback_report.md rename to doc/others/feedback_report.md diff --git a/doc/others/openid-sso.md b/doc/others/openid-sso.md new file mode 100644 index 0000000000..9d7270f64b --- /dev/null +++ b/doc/others/openid-sso.md @@ -0,0 +1,54 @@ +# openid configuration + +#### phraseanet configuration +To connect with an openid with phraseanet, add the following config in the configuration.yml file + + +```yaml +authentication: + providers: + openid-1: + enabled: true + display: true + title: ' openid 1' + type: openid + options: + client-id: 'client-id' + client-secret: 'client-secret' + base-url: 'https://keycloak.phrasea.local' + realm-name: phrasea + icon-uri: null + birth-group: _firstlog + everyone-group: _everyone + metamodel: _metamodel + # group model prefix + model-gpfx: _M_ + # user model prefix + model-upfx: _U_ + debug: false + # logout with phraseanet and also logout with keycloak + auto-logout: true + +``` + + +#### keycloak configuration + +- create a new client +- get clien-id and client-secret +- in the client setting: + + set the 'Valid redirect URIs' field with `https://{phraseanet-host}/login/provider/{provider-name}/callback/` + eg: https://phraseanet.phrasea.local/login/provider/openid-1/callback/ + + set the 'Valid post logout redirect URIs' field with `https://{phraseanet-host}/login/logout/` eg: https://phraseanet.phrasea.local/login/logout/ + +- Choose a client > client scopes > '.... dedicated' + + add a 'groups' mapper if not exist, > Add mapper > by configuration + + `Mapper type` => Group Membership + `Name` => groups + `Token Claim Name` => groups + `Full group path` => off + `Add to userinfo` => on diff --git a/doc/stamper.md b/doc/others/stamper.md similarity index 100% rename from doc/stamper.md rename to doc/others/stamper.md diff --git a/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php b/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php index a9af8d1e1e..383c10df97 100644 --- a/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php +++ b/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php @@ -339,7 +339,7 @@ public function onCallback(Request $request) 'firstname' => isset($data['given_name']) ? $data['given_name'] : '', 'lastname' => isset($data['family_name']) ? $data['family_name'] : '' , 'email' => isset($data['email']) ? $data['email'] : '', - '_groups' => '' + '_groups' => isset($data['groups']) ? $data['groups'] : '' ]); $userAuthProviderRepository = $this->getUsrAuthProviderRepository(); From 72866bdb479c1c952f5aa1dfd7f50b52ae1705f9 Mon Sep 17 00:00:00 2001 From: aynsix Date: Fri, 19 Jan 2024 14:09:53 +0300 Subject: [PATCH 03/10] comment regenarete password --- lib/Alchemy/Phrasea/Authentication/Provider/Openid.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php b/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php index 383c10df97..e3df13a35f 100644 --- a/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php +++ b/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php @@ -677,10 +677,10 @@ private function CreateUser(Array $data) } // yes we are logged ! - /** @var RandomGenerator $randomGenerator */ - $randomGenerator = $this->getRandomGenerator(); - $password = $randomGenerator->generateString(16); - $userUA->setPassword($password); +// /** @var RandomGenerator $randomGenerator */ +// $randomGenerator = $this->getRandomGenerator(); +// $password = $randomGenerator->generateString(16); +// $userUA->setPassword($password); $this->debug(sprintf("returning user id=%s", $userUA->getId())); From 2a1c53d1d22a79e35158408bd2e71785e34bb67c Mon Sep 17 00:00:00 2001 From: aynsix Date: Wed, 24 Jan 2024 18:31:45 +0300 Subject: [PATCH 04/10] add exclusive option to provider an column can_renew_passwor to user --- config/configuration.sample.yml | 1 + doc/others/openid-sso.md | 3 +++ .../Authentication/Provider/Openid.php | 16 +++++++++--- .../Authentication/RecoveryService.php | 2 +- .../Controller/Admin/UserController.php | 8 ++++++ .../ControllerProvider/Admin/Users.php | 1 + lib/Alchemy/Phrasea/Helper/User/Manage.php | 11 ++++++++ lib/Alchemy/Phrasea/Model/Entities/User.php | 24 +++++++++++++++++ lib/classes/patch/418RC9PHRAS4007.php | 1 + templates/web/admin/editusers.html.twig | 26 ++++++++++++++++++- 10 files changed, 87 insertions(+), 6 deletions(-) diff --git a/config/configuration.sample.yml b/config/configuration.sample.yml index 88fc327477..3975687c1e 100644 --- a/config/configuration.sample.yml +++ b/config/configuration.sample.yml @@ -221,6 +221,7 @@ authentication: client-secret: '' base-url: 'https://keycloak.phrasea.local' realm-name: phrasea + exclusive: false icon-uri: null birth-group: _firstlog everyone-group: _everyone diff --git a/doc/others/openid-sso.md b/doc/others/openid-sso.md index 9d7270f64b..7feb21499e 100644 --- a/doc/others/openid-sso.md +++ b/doc/others/openid-sso.md @@ -17,6 +17,9 @@ authentication: client-secret: 'client-secret' base-url: 'https://keycloak.phrasea.local' realm-name: phrasea + # if true, can only connect with this provider + # the user cannot connect with the default phraseanet login form + exclusive: false icon-uri: null birth-group: _firstlog everyone-group: _everyone diff --git a/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php b/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php index e3df13a35f..51d862b470 100644 --- a/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php +++ b/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php @@ -677,10 +677,18 @@ private function CreateUser(Array $data) } // yes we are logged ! -// /** @var RandomGenerator $randomGenerator */ -// $randomGenerator = $this->getRandomGenerator(); -// $password = $randomGenerator->generateString(16); -// $userUA->setPassword($password); + + if (isset($this->config['exclusive']) && $this->config['exclusive'] == true) { + // reset the password + // if it is an existing user, the user cannot login from the default phraseanet login + // cannot renew her password + + /** @var RandomGenerator $randomGenerator */ + $randomGenerator = $this->getRandomGenerator(); + $password = $randomGenerator->generateString(16); + $userUA->setPassword($password); + $userUA->setCanRenewPassword(false); + } $this->debug(sprintf("returning user id=%s", $userUA->getId())); diff --git a/lib/Alchemy/Phrasea/Authentication/RecoveryService.php b/lib/Alchemy/Phrasea/Authentication/RecoveryService.php index 5dea04a657..e4a92dad36 100644 --- a/lib/Alchemy/Phrasea/Authentication/RecoveryService.php +++ b/lib/Alchemy/Phrasea/Authentication/RecoveryService.php @@ -122,7 +122,7 @@ private function requestPasswordResetTokenByUser(User $user, $notifyUser = true) $receiver = Receiver::fromUser($user); $token = $this->tokenManipulator->createResetPasswordToken($user); - if ($notifyUser) { + if ($notifyUser && $user->canRenewPassword()) { $url = $this->urlGenerator->generate('login_renew_password', [ 'token' => $token->getValue() ], true); $mail = MailRequestPasswordUpdate::create($this->application, $receiver); diff --git a/lib/Alchemy/Phrasea/Controller/Admin/UserController.php b/lib/Alchemy/Phrasea/Controller/Admin/UserController.php index 97fa05db04..efaa4457ae 100644 --- a/lib/Alchemy/Phrasea/Controller/Admin/UserController.php +++ b/lib/Alchemy/Phrasea/Controller/Admin/UserController.php @@ -191,6 +191,14 @@ public function changeMailLockedAction(Request $request) return $this->app->json(['success' => true]); } + public function changeCanRenewPasswordAction(Request $request) + { + $helper = $this->getUserManageHelper($request); + $helper->setCanRenewPassword(); + + return $this->app->json(['success' => true]); + } + public function applyRightsAction(Request $request) { $data = ['error' => true]; diff --git a/lib/Alchemy/Phrasea/ControllerProvider/Admin/Users.php b/lib/Alchemy/Phrasea/ControllerProvider/Admin/Users.php index a9c4494810..9eb1133d86 100644 --- a/lib/Alchemy/Phrasea/ControllerProvider/Admin/Users.php +++ b/lib/Alchemy/Phrasea/ControllerProvider/Admin/Users.php @@ -53,6 +53,7 @@ public function connect(Application $app) $controllers->post('/delete/', 'controller.admin.users:deleteUserAction'); $controllers->post('/auth-failure/reset/', 'controller.admin.users:resetAuthFailureAction'); $controllers->post('/mail-locked/change/', 'controller.admin.users:changeMailLockedAction'); + $controllers->post('/can-renew-password/change/', 'controller.admin.users:changeCanRenewPasswordAction'); $controllers->post('/rights/apply/', 'controller.admin.users:applyRightsAction') ->bind('admin_users_rights_apply'); $controllers->post('/rights/quotas/', 'controller.admin.users:editQuotasRightsAction'); diff --git a/lib/Alchemy/Phrasea/Helper/User/Manage.php b/lib/Alchemy/Phrasea/Helper/User/Manage.php index 913810f236..ad1e6e7bc7 100644 --- a/lib/Alchemy/Phrasea/Helper/User/Manage.php +++ b/lib/Alchemy/Phrasea/Helper/User/Manage.php @@ -262,6 +262,17 @@ public function setMailLocked() $this->getObjectManager()->flush(); } + public function setCanRenewPassword() + { + /** @var UserRepository $userRepository */ + $userRepository = $this->app['repo.users']; + $user = $userRepository->find($this->request->request->get('user_id')); + $status = $this->request->request->get('action') == 'can-renew' ? true : false; + $user->setCanRenewPassword($status); + $this->getObjectManager()->persist($user); + $this->getObjectManager()->flush(); + } + /** * @return ObjectManager */ diff --git a/lib/Alchemy/Phrasea/Model/Entities/User.php b/lib/Alchemy/Phrasea/Model/Entities/User.php index 6db15b781f..57f4b9ab3e 100644 --- a/lib/Alchemy/Phrasea/Model/Entities/User.php +++ b/lib/Alchemy/Phrasea/Model/Entities/User.php @@ -276,6 +276,11 @@ class User */ private $lastInactivityEmail; + /** + * @ORM\Column(type="boolean", name="can_renew_password", options={"default" = 1}) + */ + private $canRenewPassword = true; + /** * Constructor */ @@ -740,6 +745,25 @@ public function setGuest($guest) return $this; } + /** + * @return bool + */ + public function canRenewPassword() + { + return $this->canRenewPassword; + } + + /** + * @param $canRenewPassword + * @return $this + */ + public function setCanRenewPassword($canRenewPassword) + { + $this->canRenewPassword = (Boolean) $canRenewPassword; + + return $this; + } + /** * @return boolean */ diff --git a/lib/classes/patch/418RC9PHRAS4007.php b/lib/classes/patch/418RC9PHRAS4007.php index e83576314d..43814ab676 100644 --- a/lib/classes/patch/418RC9PHRAS4007.php +++ b/lib/classes/patch/418RC9PHRAS4007.php @@ -81,6 +81,7 @@ private function patch_appbox(base $appbox, Application $app) 'client-secret' => 'client_secret', 'base-url' => 'https://keycloak.phrasea.local', 'realm-name' => 'phrasea', + 'exclusive' => false, 'icon-uri' => null, 'birth-group' => '_firstlog', 'everyone-group' => '_everyone', diff --git a/templates/web/admin/editusers.html.twig b/templates/web/admin/editusers.html.twig index 56743c3996..bd71bcdc28 100644 --- a/templates/web/admin/editusers.html.twig +++ b/templates/web/admin/editusers.html.twig @@ -582,7 +582,7 @@
- + Email unlocked
+
+ + + + +
+
{% set usrProviders = app['repo.usr-auth-providers'].findByUser(main_user) %} {% if usrProviders|length > 0 %} @@ -1508,6 +1517,21 @@ }); }); + $('input[type=radio][name="can-renew-password"]').change( function() { + let $this = $(this); + $.ajax({ + type: 'POST', + url: '/admin/users/can-renew-password/change/', + dataType: 'json', + data: { + user_id: {{ main_user.getId() }}, + action: $this.val() + }, + success: function (data) { + } + }); + }); + function listRecordAcl() { let expiredRight = 0; if ($("#expired-right").is(":checked")) From 77bcacc0c2fbb752c9a34c7ccf3deab7b0d116b8 Mon Sep 17 00:00:00 2001 From: aynsix Date: Thu, 25 Jan 2024 11:06:26 +0300 Subject: [PATCH 05/10] default exclusive false --- lib/conf.d/configuration.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/conf.d/configuration.yml b/lib/conf.d/configuration.yml index 29f7c8d5c3..2b073a436b 100644 --- a/lib/conf.d/configuration.yml +++ b/lib/conf.d/configuration.yml @@ -238,6 +238,7 @@ authentication: client-secret: '' base-url: 'https://keycloak.phrasea.local' realm-name: phrasea + exclusive: false icon-uri: null birth-group: _firstlog everyone-group: _everyone From 41a1cb10005d55d0a49875ba0c838320721e36d0 Mon Sep 17 00:00:00 2001 From: aynsix Date: Tue, 6 Feb 2024 13:04:28 +0300 Subject: [PATCH 06/10] always compatible with psauth --- .../Phrasea/PhraseanetService/Controller/PSExposeController.php | 2 +- .../Phrasea/PhraseanetService/Form/PSExposeConnectionType.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/Alchemy/Phrasea/PhraseanetService/Controller/PSExposeController.php b/lib/Alchemy/Phrasea/PhraseanetService/Controller/PSExposeController.php index 312bf9397f..473d941c8f 100644 --- a/lib/Alchemy/Phrasea/PhraseanetService/Controller/PSExposeController.php +++ b/lib/Alchemy/Phrasea/PhraseanetService/Controller/PSExposeController.php @@ -210,7 +210,7 @@ public function listPublicationAction(PhraseaApplication $app, Request $request) try { $provider = $this->getAuthenticationProviders()->get($providerId); // class name - if ($provider->getType() == 'Openid' && $exposeConfiguration['auth_provider_name'] == $providerId) { + if (($provider->getType() == 'Openid' || $provider->getType() == 'PsAuth') && $exposeConfiguration['auth_provider_name'] == $providerId) { $session->set($passSessionName, ['access_token' => $provider->getAccessToken()]); $session->set($this->getLoginSessionName($exposeName), $provider->getUserName()); diff --git a/lib/Alchemy/Phrasea/PhraseanetService/Form/PSExposeConnectionType.php b/lib/Alchemy/Phrasea/PhraseanetService/Form/PSExposeConnectionType.php index c9ebd8887e..e77b0dd5e0 100644 --- a/lib/Alchemy/Phrasea/PhraseanetService/Form/PSExposeConnectionType.php +++ b/lib/Alchemy/Phrasea/PhraseanetService/Form/PSExposeConnectionType.php @@ -117,7 +117,7 @@ private function getEligibleProvider() $values = array_keys( array_filter($this->app['conf']->get(['authentication', 'providers'], []), function ($provider) { - return ($provider['type'] == 'openid'); + return ($provider['type'] == 'openid' || $provider['type'] == 'ps-auth' || $provider['type'] == 'PsAuth'); }) ); From dbf78a54a868ea1c3e1abffd9d2309cfbebd34d1 Mon Sep 17 00:00:00 2001 From: Nicolas Maillat Date: Fri, 9 Feb 2024 15:29:36 +0100 Subject: [PATCH 07/10] bump image tag .env --- .env | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env b/.env index 70ebba3114..9880f8a5a0 100644 --- a/.env +++ b/.env @@ -140,7 +140,7 @@ PHRASEANET_DOCKER_REGISTRY=local # Docker images tag. # @run -PHRASEANET_DOCKER_TAG=4.1.8-rc8 +PHRASEANET_DOCKER_TAG=4.1.8-rc9 # Stack Name # An optionnal Name for the stack From a1ca88079ab8e1f2462b7b2fd448cdb7e082ab2e Mon Sep 17 00:00:00 2001 From: Nicolas Maillat Date: Fri, 9 Feb 2024 15:31:00 +0100 Subject: [PATCH 08/10] bump Version to 4.1.8-rc9 --- lib/Alchemy/Phrasea/Core/Version.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Alchemy/Phrasea/Core/Version.php b/lib/Alchemy/Phrasea/Core/Version.php index 2cd60149f6..e3e87358d5 100644 --- a/lib/Alchemy/Phrasea/Core/Version.php +++ b/lib/Alchemy/Phrasea/Core/Version.php @@ -17,7 +17,7 @@ class Version * @var string */ - private $number = '4.1.8-rc8'; + private $number = '4.1.8-rc9'; /** * @var string From d124ad6e5a07668fe9814bc4fea3eccc1f27ed61 Mon Sep 17 00:00:00 2001 From: aynsix Date: Thu, 28 Mar 2024 14:05:48 +0300 Subject: [PATCH 09/10] bump version to rc12 --- .env | 2 +- lib/Alchemy/Phrasea/Core/Version.php | 2 +- .../patch/{418RC9PHRAS4007.php => 418RC12PHRAS4007.php} | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) rename lib/classes/patch/{418RC9PHRAS4007.php => 418RC12PHRAS4007.php} (96%) diff --git a/.env b/.env index 2c743849b8..4b912851e2 100644 --- a/.env +++ b/.env @@ -143,7 +143,7 @@ PHRASEANET_DOCKER_REGISTRY=local # Docker images tag. # @run -PHRASEANET_DOCKER_TAG=4.1.8-rc11 +PHRASEANET_DOCKER_TAG=4.1.8-rc12 # Stack Name # An optionnal Name for the stack diff --git a/lib/Alchemy/Phrasea/Core/Version.php b/lib/Alchemy/Phrasea/Core/Version.php index bb493d5d38..0084834dce 100644 --- a/lib/Alchemy/Phrasea/Core/Version.php +++ b/lib/Alchemy/Phrasea/Core/Version.php @@ -17,7 +17,7 @@ class Version * @var string */ - private $number = '4.1.8-rc11'; + private $number = '4.1.8-rc12'; /** * @var string diff --git a/lib/classes/patch/418RC9PHRAS4007.php b/lib/classes/patch/418RC12PHRAS4007.php similarity index 96% rename from lib/classes/patch/418RC9PHRAS4007.php rename to lib/classes/patch/418RC12PHRAS4007.php index 43814ab676..b7f54b8f74 100644 --- a/lib/classes/patch/418RC9PHRAS4007.php +++ b/lib/classes/patch/418RC12PHRAS4007.php @@ -3,10 +3,10 @@ use Alchemy\Phrasea\Application; use Alchemy\Phrasea\Core\Configuration\PropertyAccess; -class patch_418RC9PHRAS4007 implements patchInterface +class patch_418RC12PHRAS4007 implements patchInterface { /** @var string */ - private $release = '4.1.8-rc9'; + private $release = '4.1.8-rc12'; /** @var array */ private $concern = [base::APPLICATION_BOX]; From 3b47e0dac6321e5fec1256a309e3773d22370405 Mon Sep 17 00:00:00 2001 From: aynsix Date: Thu, 18 Apr 2024 12:11:30 +0300 Subject: [PATCH 10/10] add autoconnect --- config/configuration.sample.yml | 1 + doc/others/openid-sso.md | 1 + .../Authentication/Provider/Openid.php | 24 +++++++++++++++---- lib/conf.d/configuration.yml | 1 + 4 files changed, 22 insertions(+), 5 deletions(-) diff --git a/config/configuration.sample.yml b/config/configuration.sample.yml index f437be7547..56a8bb887b 100644 --- a/config/configuration.sample.yml +++ b/config/configuration.sample.yml @@ -230,6 +230,7 @@ authentication: model-upfx: _U_ debug: false auto-logout: false + auto-connect-idp-name: null registration-fields: - name: company diff --git a/doc/others/openid-sso.md b/doc/others/openid-sso.md index 7feb21499e..a45651178c 100644 --- a/doc/others/openid-sso.md +++ b/doc/others/openid-sso.md @@ -31,6 +31,7 @@ authentication: debug: false # logout with phraseanet and also logout with keycloak auto-logout: true + auto-connect-idp-name: null ``` diff --git a/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php b/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php index 51d862b470..d98afd760b 100644 --- a/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php +++ b/lib/Alchemy/Phrasea/Authentication/Provider/Openid.php @@ -77,6 +77,9 @@ public function __construct(UrlGenerator $urlGenerator, SessionInterface $sessio if(!array_key_exists('auto-logout', $this->config)) { $this->config['auto-logout'] = false; } + if(!array_key_exists('auto-connect-idp-name', $this->config)) { + $this->config['auto-connect-idp-name'] = null; + } $this->client = $client; $this->iconUri = array_key_exists('icon-uri', $config) ? $config['icon-uri'] : null; // if not set, will fallback on default icon @@ -172,11 +175,22 @@ public function authenticate(array $params = array()): RedirectResponse 'response_type' => "code" ]; - $url = sprintf("%s/realms/%s/protocol/openid-connect/auth?%s", - $this->config['base-url'], - urlencode($this->config['realm-name']), - http_build_query($parms, '', '&') - ); + if($this->config['auto-connect-idp-name']) { + $url = sprintf("%s/realms/%s/protocol/openid-connect/auth?kc_idp_hint=%s&%s", + $this->config['base-url'], + urlencode($this->config['realm-name']), + urlencode($this->config['auto-connect-idp-name']), + http_build_query($parms, '', '&') + ); + } else { + $url = sprintf("%s/realms/%s/protocol/openid-connect/auth?%s", + $this->config['base-url'], + urlencode($this->config['realm-name']), + http_build_query($parms, '', '&') + ); + } + + $this->debug(sprintf("go to url = %s", $url)); diff --git a/lib/conf.d/configuration.yml b/lib/conf.d/configuration.yml index 2b073a436b..4439437723 100644 --- a/lib/conf.d/configuration.yml +++ b/lib/conf.d/configuration.yml @@ -247,6 +247,7 @@ authentication: model-upfx: _U_ debug: false auto-logout: false + auto-connect-idp-name: null registration-fields: - name: company