diff options
| author | Vivien Kraus <vivien@planete-kraus.eu> | 2021-05-09 22:26:23 +0200 |
|---|---|---|
| committer | Vivien Kraus <vivien@planete-kraus.eu> | 2021-06-05 16:16:23 +0200 |
| commit | d9f183614b1516834f648cc0269cd62a49154c18 (patch) | |
| tree | 40c1490b8e0eb521ba6d68c80b1e43c1c7aceded | |
| parent | bb3b41cd36d1eb88f6a44aaa9a3667599d1b657b (diff) | |
Define the web pages for the authorization endpoint
| -rw-r--r-- | doc/webid-oidc.texi | 6 | ||||
| -rw-r--r-- | po/ChangeLog | 4 | ||||
| -rw-r--r-- | po/POTFILES.in | 1 | ||||
| -rw-r--r-- | po/fr.po | 490 | ||||
| -rw-r--r-- | po/webid-oidc.pot | 364 | ||||
| -rw-r--r-- | src/scm/webid-oidc/Makefile.am | 11 | ||||
| -rw-r--r-- | src/scm/webid-oidc/authorization-page-unsafe.scm | 185 | ||||
| -rw-r--r-- | src/scm/webid-oidc/authorization-page.scm | 59 | ||||
| -rw-r--r-- | src/scm/webid-oidc/errors.scm | 14 | ||||
| -rw-r--r-- | tests/Makefile.am | 5 | ||||
| -rw-r--r-- | tests/unknown-client-locale.scm | 29 |
11 files changed, 822 insertions, 346 deletions
diff --git a/doc/webid-oidc.texi b/doc/webid-oidc.texi index c9c164a..423459d 100644 --- a/doc/webid-oidc.texi +++ b/doc/webid-oidc.texi @@ -740,6 +740,12 @@ The refresh token was issued for @var{jkt}, but it is used with @var{key}. @end deftp +@deftp {exception type} &unknown-client-locale @var{web-locale} @var{c-locale} +The @var{web-locale} of the client, translated to C as @var{c-locale}, +cannot be set. This exception is always continuable; if the handler +returns, then the page will be served in the english locale. +@end deftp + @node GNU Free Documentation License @appendix GNU Free Documentation License diff --git a/po/ChangeLog b/po/ChangeLog index 6a7ac81..582b2ee 100644 --- a/po/ChangeLog +++ b/po/ChangeLog @@ -1,3 +1,7 @@ +2021-02-07 Vivien Kraus <vivien@planete-kraus.eu> + + * POTFILES.in: list the authorization page generator. + 2020-11-25 Vivien Kraus <vivien@planete-kraus.eu> * POTFILES.in: Put the random submodule in the list. diff --git a/po/POTFILES.in b/po/POTFILES.in index a4f4569..6ffff1e 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -7,3 +7,4 @@ src/jwk/libwebidoidc-jwk.c src/jwk/generate-key.c src/hash/libwebidoidc-hash.c src/scm/webid-oidc/errors.scm +src/scm/webid-oidc/authorization-page-unsafe.scm @@ -2,7 +2,7 @@ msgid "" msgstr "" "Project-Id-Version: webid-oidc 0.0.0\n" "Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n" -"POT-Creation-Date: 2021-06-05 16:15+0200\n" +"POT-Creation-Date: 2021-06-05 16:16+0200\n" "PO-Revision-Date: 2021-06-05 11:07+0200\n" "Last-Translator: Vivien Kraus <vivien@planete-kraus.eu>\n" "Language-Team: French <vivien@planete-kraus.eu>\n" @@ -126,101 +126,101 @@ msgstr "Utilisation : generate-random [NOMBRE D'OCTETS]\n" msgid "Usage: generate-key [NUMBER OF BITS | CURVE]\n" msgstr "Utilisation : generate-key [NOMBRE DE BITS | COURBE]\n" -#: src/scm/webid-oidc/errors.scm:788 +#: src/scm/webid-oidc/errors.scm:799 msgid "that’s how it is" msgstr "c’est comme ça" -#: src/scm/webid-oidc/errors.scm:793 +#: src/scm/webid-oidc/errors.scm:804 #, scheme-format msgid "the value ~s is not a base64 string (because ~a)" msgstr "la valeur ~s n’est pas une chaîne base64 (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:796 +#: src/scm/webid-oidc/errors.scm:807 #, scheme-format msgid "the value ~s is not JSON (because ~a)" msgstr "la valeur ~s n’est pas du JSON (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:799 +#: src/scm/webid-oidc/errors.scm:810 #, scheme-format msgid "the value ~s is not Turtle (because ~a)" msgstr "la valeur ~s n’est pas du Turtle (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:802 +#: src/scm/webid-oidc/errors.scm:813 #, scheme-format msgid "the value ~s does not identify an elleptic curve" msgstr "la valeur ~s n’identifie pas une courbe elliptique" -#: src/scm/webid-oidc/errors.scm:807 +#: src/scm/webid-oidc/errors.scm:818 #, scheme-format msgid "the value ~s does not identify a JWK (because ~a)" msgstr "la valeur ~s n’identifie pas une JWK (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:809 +#: src/scm/webid-oidc/errors.scm:820 #, scheme-format msgid "the value ~s does not identify a JWK" msgstr "la valeur ~s n’identifie pas une JWK" -#: src/scm/webid-oidc/errors.scm:814 +#: src/scm/webid-oidc/errors.scm:825 #, scheme-format msgid "the value ~s does not identify a public JWK (because ~a)" msgstr "la valeur ~s n’identifie pas une JWK publique (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:816 +#: src/scm/webid-oidc/errors.scm:827 #, scheme-format msgid "the value ~s does not identify a public JWK" msgstr "la valeur ~s n’identifie pas une JWK publique" -#: src/scm/webid-oidc/errors.scm:821 +#: src/scm/webid-oidc/errors.scm:832 #, scheme-format msgid "the value ~s does not identify a private JWK (because ~a)" msgstr "la valeur ~s n’identifie pas une JWK privée (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:823 +#: src/scm/webid-oidc/errors.scm:834 #, scheme-format msgid "the value ~s does not identify a private JWK" msgstr "la valeur ~s n’identifie pas une JWK privée" -#: src/scm/webid-oidc/errors.scm:828 +#: src/scm/webid-oidc/errors.scm:839 #, scheme-format msgid "the value ~s does not identify a JWKS (because ~a)" msgstr "la valeur ~s n’identifie pas un JWKS (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:830 +#: src/scm/webid-oidc/errors.scm:841 #, scheme-format msgid "the value ~s does not identify a JWKS" msgstr "la valeur ~s n’identifie pas un JWKS" -#: src/scm/webid-oidc/errors.scm:833 +#: src/scm/webid-oidc/errors.scm:844 #, scheme-format msgid "the value ~s does not identify a hash algorithm" msgstr "la valeur ~s n’identifie pas un algorithme de hachage" -#: src/scm/webid-oidc/errors.scm:836 +#: src/scm/webid-oidc/errors.scm:847 #, scheme-format msgid "the value ~s is not an alist or misses key ~s" msgstr "la valeur ~s n’est pas une alist ou il manque la clé ~s" -#: src/scm/webid-oidc/errors.scm:839 +#: src/scm/webid-oidc/errors.scm:850 #, scheme-format msgid "the value ~s is not a JWS header (because ~a)" msgstr "la valeur ~s n’est pas un header JWS (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:842 +#: src/scm/webid-oidc/errors.scm:853 #, scheme-format msgid "the value ~s is not a JWS payload (because ~a)" msgstr "la valeur ~s n’est pas un contenu JWS (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:845 +#: src/scm/webid-oidc/errors.scm:856 #, scheme-format msgid "the value ~s is not a JWS (because ~a)" msgstr "la valeur ~s n’est pas un JWS (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:848 +#: src/scm/webid-oidc/errors.scm:859 #, scheme-format msgid "the string ~s cannot be split in 3 parts with ~s" msgstr "la chaîne ~s ne peut pas être découpée en 3 parties avec ~s" -#: src/scm/webid-oidc/errors.scm:851 +#: src/scm/webid-oidc/errors.scm:862 #, scheme-format msgid "" "all key candidates failed to verify signature ~s with algorithm ~s and " @@ -229,17 +229,17 @@ msgstr "" "aucune clé candidate n’a pu vérifier la signature ~s avec l’algorithme ~s et " "le contenu ~a (il y en avait ~a : ~s)" -#: src/scm/webid-oidc/errors.scm:854 +#: src/scm/webid-oidc/errors.scm:865 #, scheme-format msgid "I cannot decode JWS ~a (because ~a)" msgstr "je n’ai pas pu décoder le JWS encodé par ~a (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:857 +#: src/scm/webid-oidc/errors.scm:868 #, scheme-format msgid "I cannot encode JWS ~a (because ~a)" msgstr "je n’ai pas pu encoder le JWS ~a (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:860 +#: src/scm/webid-oidc/errors.scm:871 #, scheme-format msgid "" "the server request unexpectedly failed with code ~a and reason phrase ~s" @@ -247,336 +247,338 @@ msgstr "" "la requête au serveur a échoué de façon inattendue avec un code ~a et une " "raison ~s" -#: src/scm/webid-oidc/errors.scm:865 +#: src/scm/webid-oidc/errors.scm:876 #, scheme-format msgid "the header ~a should not have the value ~s" msgstr "l’en-tête ~a ne devrait pas avoir la valeur ~s" -#: src/scm/webid-oidc/errors.scm:867 +#: src/scm/webid-oidc/errors.scm:878 #, scheme-format msgid "the header ~a should be present" msgstr "l’en-tête ~a devrait être présent" -#: src/scm/webid-oidc/errors.scm:870 +#: src/scm/webid-oidc/errors.scm:881 #, scheme-format msgid "the server response wasn't expected: ~s (because ~a)" msgstr "la réponse du serveur est inattendue : ~s (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:876 +#: src/scm/webid-oidc/errors.scm:887 #, scheme-format msgid "the value ~s is not an OIDC configuration (because ~a)" msgstr "la valeur ~s n’est pas une configuration OIDC (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:881 +#: src/scm/webid-oidc/errors.scm:892 #, scheme-format msgid "the webid field is incorrect: ~s" msgstr "le champ webid est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:882 +#: src/scm/webid-oidc/errors.scm:893 msgid "the webid field is missing" msgstr "le champ webid est manquant" -#: src/scm/webid-oidc/errors.scm:886 +#: src/scm/webid-oidc/errors.scm:897 #, scheme-format msgid "the sub field is incorrect: ~s" msgstr "le champ sub est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:887 +#: src/scm/webid-oidc/errors.scm:898 msgid "the sub field is missing" msgstr "le champ sub est manquant" -#: src/scm/webid-oidc/errors.scm:891 +#: src/scm/webid-oidc/errors.scm:902 #, scheme-format msgid "the iss field is incorrect: ~s" msgstr "le champ iss est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:892 +#: src/scm/webid-oidc/errors.scm:903 msgid "the iss field is missing" msgstr "le champ iss est manquant" -#: src/scm/webid-oidc/errors.scm:896 +#: src/scm/webid-oidc/errors.scm:907 #, scheme-format msgid "the aud field is incorrect: ~s" msgstr "le champ aud est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:897 +#: src/scm/webid-oidc/errors.scm:908 msgid "the aud field is missing" msgstr "le champ aud est manquant" -#: src/scm/webid-oidc/errors.scm:901 +#: src/scm/webid-oidc/errors.scm:912 #, scheme-format msgid "the iat field is incorrect: ~s" msgstr "le champ iat est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:902 +#: src/scm/webid-oidc/errors.scm:913 msgid "the iat field is missing" msgstr "le champ iat est manquant" -#: src/scm/webid-oidc/errors.scm:906 +#: src/scm/webid-oidc/errors.scm:917 #, scheme-format msgid "the exp field is incorrect: ~s" msgstr "le champ exp est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:907 +#: src/scm/webid-oidc/errors.scm:918 msgid "the exp field is missing" msgstr "le champ exp est manquant" -#: src/scm/webid-oidc/errors.scm:911 +#: src/scm/webid-oidc/errors.scm:922 #, scheme-format msgid "the cnf/jkt field is incorrect: ~s" msgstr "le champ cnf/jkt est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:912 +#: src/scm/webid-oidc/errors.scm:923 msgid "the cnf/jkt field is missing" msgstr "le champ cnf/jkt est manquant" -#: src/scm/webid-oidc/errors.scm:916 +#: src/scm/webid-oidc/errors.scm:927 #, scheme-format msgid "the client-id field is incorrect: ~s" msgstr "le champ client-id est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:917 +#: src/scm/webid-oidc/errors.scm:928 msgid "the client-id field is missing" msgstr "le champ client-id est manquant" -#: src/scm/webid-oidc/errors.scm:921 +#: src/scm/webid-oidc/errors.scm:932 +#: src/scm/webid-oidc/authorization-page-unsafe.scm:133 #, scheme-format msgid "the redirect_uris field is incorrect: ~s" msgstr "le champ redirect_uris est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:922 +#: src/scm/webid-oidc/errors.scm:933 +#: src/scm/webid-oidc/authorization-page-unsafe.scm:134 msgid "the redirect_uris field is missing" msgstr "le champ redirect_uris est manquant" -#: src/scm/webid-oidc/errors.scm:926 +#: src/scm/webid-oidc/errors.scm:937 #, scheme-format msgid "the typ field is incorrect: ~s" msgstr "le champ typ est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:927 +#: src/scm/webid-oidc/errors.scm:938 msgid "the typ field is missing" msgstr "le champ typ est manquant" -#: src/scm/webid-oidc/errors.scm:931 +#: src/scm/webid-oidc/errors.scm:942 #, scheme-format msgid "the jwk field is incorrect: ~s (because ~a)" msgstr "le champ jwk est incorrect : ~s (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:933 +#: src/scm/webid-oidc/errors.scm:944 msgid "the jwk field is missing" msgstr "le champ jwk est manquant" -#: src/scm/webid-oidc/errors.scm:937 +#: src/scm/webid-oidc/errors.scm:948 #, scheme-format msgid "the jti field is incorrect: ~s" msgstr "le champ jti est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:938 +#: src/scm/webid-oidc/errors.scm:949 msgid "the jti field is missing" msgstr "le champ jti est manquant" -#: src/scm/webid-oidc/errors.scm:942 +#: src/scm/webid-oidc/errors.scm:953 #, scheme-format msgid "the nonce field is incorrect: ~s" msgstr "le champ nonce est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:943 +#: src/scm/webid-oidc/errors.scm:954 msgid "the nonce field is missing" msgstr "le champ nonce est manquant" -#: src/scm/webid-oidc/errors.scm:947 +#: src/scm/webid-oidc/errors.scm:958 #, scheme-format msgid "the htm field is incorrect: ~s" msgstr "le champ htm est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:948 +#: src/scm/webid-oidc/errors.scm:959 msgid "the htm field is missing" msgstr "le champ htm est manquant" -#: src/scm/webid-oidc/errors.scm:952 +#: src/scm/webid-oidc/errors.scm:963 #, scheme-format msgid "the htu field is incorrect: ~s" msgstr "le champ htu est incorrect : ~s" -#: src/scm/webid-oidc/errors.scm:953 +#: src/scm/webid-oidc/errors.scm:964 msgid "the htu field is missing" msgstr "le champ htu est manquant" -#: src/scm/webid-oidc/errors.scm:955 +#: src/scm/webid-oidc/errors.scm:966 #, scheme-format msgid "~s is not an access token (because ~a)" msgstr "~s n’est pas un jeton d’accès (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:958 +#: src/scm/webid-oidc/errors.scm:969 #, scheme-format msgid "~s is not an access token header (because ~a)" msgstr "~s n’est pas un en-tête de jeton d’accès (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:961 +#: src/scm/webid-oidc/errors.scm:972 #, scheme-format msgid "~s is not an access token payload (because ~a)" msgstr "~s n’est pas un contenu de jeton d’accès (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:964 +#: src/scm/webid-oidc/errors.scm:975 #, scheme-format msgid "~s is not a DPoP proof (because ~a)" msgstr "~s n’est pas une preuve DPoP (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:967 +#: src/scm/webid-oidc/errors.scm:978 #, scheme-format msgid "~s is not a DPoP proof header (because ~a)" msgstr "~s n’est pas un en-tête de preuve DPoP (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:970 +#: src/scm/webid-oidc/errors.scm:981 #, scheme-format msgid "~s is not a DPoP proof payload (because ~a)" msgstr "~s n’est pas un contenu de preuve DPoP (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:973 +#: src/scm/webid-oidc/errors.scm:984 #, scheme-format msgid "I cannot fetch the issuer configuration of ~a (because ~a)" msgstr "" "je n’ai pas pu récupérer la configuration de l’émetteur ~a (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:980 +#: src/scm/webid-oidc/errors.scm:991 #, scheme-format msgid "I cannot fetch the JWKS of ~a at ~a (because ~a)" msgstr "je n’ai pas pu récupérer le JWKS de ~a à ~a (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:991 +#: src/scm/webid-oidc/errors.scm:1002 #, scheme-format msgid "the HTTP method is signed for ~s, but ~s was requested" msgstr "la méthode HTTP a été signée pour ~s, mais ~s a été demandé" -#: src/scm/webid-oidc/errors.scm:994 +#: src/scm/webid-oidc/errors.scm:1005 #, scheme-format msgid "the HTTP uri is signed for ~a, but ~a was requested" msgstr "l’uri HTTP a été signé pour ~a, mais ~a a été demandé" -#: src/scm/webid-oidc/errors.scm:997 +#: src/scm/webid-oidc/errors.scm:1008 #, scheme-format msgid "the date is ~a, but the DPoP proof is signed in the future at ~a" msgstr "la date est ~a, mais la preuve DPoP a été signée dans le futur à ~a" -#: src/scm/webid-oidc/errors.scm:1001 +#: src/scm/webid-oidc/errors.scm:1012 #, scheme-format msgid "the date is ~a, but the DPoP proof was signed too long ago at ~a" msgstr "" "la date est ~a, mais la preuve DPoP a été signée il y a trop longtemps à ~a" -#: src/scm/webid-oidc/errors.scm:1010 +#: src/scm/webid-oidc/errors.scm:1021 #, scheme-format msgid "the key ~s does not hash to ~a" msgstr "la clé ~s ne donne pas un hash de ~a" -#: src/scm/webid-oidc/errors.scm:1012 +#: src/scm/webid-oidc/errors.scm:1023 #, scheme-format msgid "the key confirmation of ~s failed (because ~a)" msgstr "la confirmation de clé de ~s a échoué (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:1014 +#: src/scm/webid-oidc/errors.scm:1025 #, scheme-format msgid "the key confirmation of ~s failed" msgstr "la confirmation de la clé ~s a échoué" -#: src/scm/webid-oidc/errors.scm:1016 +#: src/scm/webid-oidc/errors.scm:1027 #, scheme-format msgid "the jti ~s has already been found (because ~a)" msgstr "le jti ~s a déjà été trouvé (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:1019 +#: src/scm/webid-oidc/errors.scm:1030 #, scheme-format msgid "I cannot decode ~s as an access token (because ~a)" msgstr "je n’ai pas pu décoder ~s comme jeton d’accès (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:1022 +#: src/scm/webid-oidc/errors.scm:1033 #, scheme-format msgid "I cannot encode ~s as an access token with key ~s (because ~a)" msgstr "" "je n’ai pas pu encoder ~s comme un jeton d’accès avec la clé ~s (parce que " "~a)" -#: src/scm/webid-oidc/errors.scm:1025 +#: src/scm/webid-oidc/errors.scm:1036 #, scheme-format msgid "I cannot decode ~s as a DPoP proof (because ~a)" msgstr "je n’ai pas pu décoder ~s comme preuve DPoP (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:1028 +#: src/scm/webid-oidc/errors.scm:1039 #, scheme-format msgid "I cannot encode ~s as a DPoP proof (because ~a)" msgstr "je n’ai pas pu encoder ~s comme une preuve DPoP (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:1031 +#: src/scm/webid-oidc/errors.scm:1042 #, scheme-format msgid "I could not fetch a RDF graph at ~a (because ~a)" msgstr "je n’ai pas pu récupérer de graphe RDF à ~a (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:1034 +#: src/scm/webid-oidc/errors.scm:1045 #, scheme-format msgid "~s is not a client manifest (because ~a)" msgstr "~s n’est pas un manifeste client (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:1037 +#: src/scm/webid-oidc/errors.scm:1048 #, scheme-format msgid "~s does not authorize redirection URI ~a" msgstr "~s n’autorise pas l’URI de redirection ~a" -#: src/scm/webid-oidc/errors.scm:1040 +#: src/scm/webid-oidc/errors.scm:1051 msgid "I cannot serve a public manifest" msgstr "je ne peux pas servir un manifeste public" -#: src/scm/webid-oidc/errors.scm:1042 +#: src/scm/webid-oidc/errors.scm:1053 #, scheme-format msgid "~a does not have a client manifest registration triple" msgstr "~a n’a pas de triplet d’enregistrement de manifeste client" -#: src/scm/webid-oidc/errors.scm:1045 +#: src/scm/webid-oidc/errors.scm:1056 #, scheme-format msgid "the client manifest at ~a is advertised for ~a" msgstr "le manifeste client ~a est publié pour ~a" -#: src/scm/webid-oidc/errors.scm:1048 +#: src/scm/webid-oidc/errors.scm:1059 #, scheme-format msgid "I could not fetch the client manifest of ~a (because ~a)" msgstr "je n’ai pas pu récupérer le manifeste client de ~a (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:1051 +#: src/scm/webid-oidc/errors.scm:1062 #, scheme-format msgid "~s is not an authorization code (because ~a)" msgstr "~s n’est pas un code d’autorisation (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:1054 +#: src/scm/webid-oidc/errors.scm:1065 #, scheme-format msgid "~s is not an authorization code header (because ~a)" msgstr "~s n’est pas un en-tête de code d’autorisation (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:1057 +#: src/scm/webid-oidc/errors.scm:1068 #, scheme-format msgid "~s is not an authorization code payload (because ~a)" msgstr "~s n’est pas un contenu de code d’autorisation (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:1060 +#: src/scm/webid-oidc/errors.scm:1071 #, scheme-format msgid "the current time is ~a, and the authorization code expired at ~a" msgstr "" "la date est actuellement ~a, et le code d’autorisation a expiré à la date ~a" -#: src/scm/webid-oidc/errors.scm:1064 +#: src/scm/webid-oidc/errors.scm:1075 #, scheme-format msgid "I cannot decode ~s as an authorization code (because ~a)" msgstr "je n’ai pas pu décoder ~s comme un code d’autorisation (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:1067 +#: src/scm/webid-oidc/errors.scm:1078 #, scheme-format msgid "I cannot encode ~s as an authorization code (because ~a)" msgstr "je n’ai pas pu encoder ~s comme un code d’autorisation (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:1070 +#: src/scm/webid-oidc/errors.scm:1081 #, scheme-format msgid "there is no such refresh token as ~s" msgstr "il n’y a pas de jeton de rafraîchissement ~s" -#: src/scm/webid-oidc/errors.scm:1073 +#: src/scm/webid-oidc/errors.scm:1084 #, scheme-format msgid "" "the refresh token is bound to a key confirmed as ~s, but it is used with key " @@ -585,95 +587,241 @@ msgstr "" "Le jeton de rafraîchissement est lié à une clé confirmée par ~s, mais il est " "utilisé avec la clé ~s" -#: src/scm/webid-oidc/errors.scm:1076 +#: src/scm/webid-oidc/errors.scm:1087 #, scheme-format msgid "I cannot decode ~s as an ID token (because ~a)" msgstr "je n’ai pas pu décoder ~s comme jeton d’identité (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:1079 +#: src/scm/webid-oidc/errors.scm:1090 #, scheme-format msgid "I cannot encode ~s as an ID token (because ~a)" msgstr "je n’ai pas pu encoder ~s comme un jeton d’identité (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:1082 +#: src/scm/webid-oidc/errors.scm:1093 #, scheme-format msgid "~s is not an ID token (because ~a)" msgstr "~s n’est pas un jeton d’identité (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:1085 +#: src/scm/webid-oidc/errors.scm:1096 #, scheme-format msgid "~s is not an ID token header (because ~a)" msgstr "~s n’est pas un en-tête de jeton d’identité (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:1088 +#: src/scm/webid-oidc/errors.scm:1099 #, scheme-format msgid "~s is not an ID token payload (because ~a)" msgstr "~s n’est pas un contenu de jeton d’identité (parce que ~a)" -#: src/scm/webid-oidc/errors.scm:1093 +#: src/scm/webid-oidc/errors.scm:1102 +#, scheme-format +msgid "" +"I couldn’t set the locale to ~s as an approximation of the client locale ~s" +msgstr "" +"je n’ai pas pu définir la locale à ~s comme approximation de la locale du " +"client ~s" + +#: src/scm/webid-oidc/errors.scm:1107 msgid "that’s it" msgstr "c’est tout" -#: src/scm/webid-oidc/errors.scm:1097 +#: src/scm/webid-oidc/errors.scm:1111 #, scheme-format msgid "~a and ~a" msgstr "~a et ~a" -#: src/scm/webid-oidc/errors.scm:1100 +#: src/scm/webid-oidc/errors.scm:1114 #, scheme-format msgid "~a, ~a" msgstr "~a, ~a" -#: src/scm/webid-oidc/errors.scm:1104 +#: src/scm/webid-oidc/errors.scm:1118 #, scheme-format msgid "the signature ~a does not match key ~s with payload ~a" msgstr "la signature ~a ne correspond pas à la clé ~s avec le contenu ~a" -#: src/scm/webid-oidc/errors.scm:1107 +#: src/scm/webid-oidc/errors.scm:1121 msgid "there is an undefined variable" msgstr "il y a une variable non définie" -#: src/scm/webid-oidc/errors.scm:1109 +#: src/scm/webid-oidc/errors.scm:1123 #, scheme-format msgid "the origin is ~a" msgstr "l’origine est ~a" -#: src/scm/webid-oidc/errors.scm:1112 +#: src/scm/webid-oidc/errors.scm:1126 #, scheme-format msgid "a message is attached: ~a" msgstr "un message est attaché : ~a" -#: src/scm/webid-oidc/errors.scm:1115 +#: src/scm/webid-oidc/errors.scm:1129 #, scheme-format msgid "the values ~s are problematic" msgstr "les valeurs ~s sont problématiques" -#: src/scm/webid-oidc/errors.scm:1118 +#: src/scm/webid-oidc/errors.scm:1132 msgid "there is a kind and args" msgstr "il y a un type et des arguments" -#: src/scm/webid-oidc/errors.scm:1120 +#: src/scm/webid-oidc/errors.scm:1134 msgid "there is an assertion failure" msgstr "il y a un échec d’assertion" -#: src/scm/webid-oidc/errors.scm:1122 +#: src/scm/webid-oidc/errors.scm:1136 #, scheme-format msgid "the program quits with code ~a" msgstr "le programme quitte avec le code ~a" -#: src/scm/webid-oidc/errors.scm:1125 +#: src/scm/webid-oidc/errors.scm:1139 msgid "the program cannot recover from this exception" msgstr "le programme ne peut pas récupérer après cette exception" -#: src/scm/webid-oidc/errors.scm:1127 +#: src/scm/webid-oidc/errors.scm:1141 msgid "there is an error" msgstr "il y a une erreur" -#: src/scm/webid-oidc/errors.scm:1129 +#: src/scm/webid-oidc/errors.scm:1143 #, scheme-format msgid "Unhandled exception type ~a." msgstr "Type d’exception non pris en charge ~a." +#: src/scm/webid-oidc/authorization-page-unsafe.scm:29 +msgid "xml-lang|en" +msgstr "fr" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:45 +msgid "page-title|Authorization" +msgstr "Autorisation" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:50 +msgid "Authorize this anonymous application?" +msgstr "Autoriser cette application anonyme ?" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:51 +#, scheme-format +msgid "Authorize <a href=~s>~a</a>?" +msgstr "Autoriser <a href=~s>~a</a> ?" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:53 +msgid "Do you want to authorize this application to represent you?" +msgstr "Voulez-vous autoriser cette application à vous représenter ?" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:63 +msgid "Please retry your password:" +msgstr "Veuillez réessayer votre mot de passe :" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:64 +msgid "Please enter your password:" +msgstr "Veuillez entrer votre mot de passe :" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:69 +msgid "Allow" +msgstr "Autoriser" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:75 +msgid "Bad request" +msgstr "Requête invalide" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:80 +msgid "The application did not set the <emph>client_id</emph> parameter." +msgstr "L'application n'a pas spécifié le paramètre <emph>client_id</emph>." + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:85 +msgid "The application did not set the <emph>redirect_uri</emph> parameter." +msgstr "L'application n'a pas spécifié le paramètre <emph>redirect_uri</emph>." + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:98 +#, scheme-format +msgid "the value ~s is not a base64 string." +msgstr "la valeur ~s n’est pas une chaîne base64." + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:101 +msgid "the following value is not JSON:" +msgstr "la valeur suivante n’est pas du JSON :" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:104 +msgid "the following value is not Turtle:" +msgstr "la valeur suivante n’est pas du Turtle :" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:107 +#, scheme-format +msgid "" +"the server request unexpectedly failed with code ~a and reason phrase ~s." +msgstr "" +"la requête au serveur a échoué de façon inattendue avec un code ~a et une " +"raison ~s." + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:112 +#, scheme-format +msgid "the header ~a should not have the value ~s.\n" +msgstr "l’en-tête ~a ne devrait pas avoir la valeur ~s.\n" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:114 +#, scheme-format +msgid "the header ~a should be present." +msgstr "l’en-tête ~a devrait être présent." + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:118 +msgid "the server response wasn’t expected:" +msgstr "la réponse du serveur est inattendue :" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:127 +#, scheme-format +msgid "the client_id field is incorrect: ~s" +msgstr "le champ client_id est incorrect : ~s" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:128 +msgid "the client_id field is missing" +msgstr "le champ client_id est manquant" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:137 +#, scheme-format +msgid "I could not fetch a RDF graph at ~a;" +msgstr "je n’ai pas pu récupérer de graphe RDF à ~a;" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:141 +msgid "this is not a client manifest:" +msgstr "ceci n’est pas un manifeste client :" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:146 +#, scheme-format +msgid "the manifest does not authorize redirection URI ~a:" +msgstr "le manifeste n’autorise pas l’URI de redirection ~a :" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:151 +#, scheme-format +msgid "the client manifest at ~a is advertised for ~a;" +msgstr "le manifeste client ~a est publié pour ~a ;" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:156 +#, scheme-format +msgid "I could not fetch the client manifest of ~a;" +msgstr "je n’ai pas pu récupérer le manifeste client de ~a ;" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:161 +msgid "I could not issue an authorization code for you;" +msgstr "je n’ai pas pu émettre un code d’autorisation pour vous ;" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:169 +msgid "" +"The application you are trying to authorize behaved unexpectedly. Here is " +"the explanation of the error:" +msgstr "" +"L’application que vous essayez d’autoriser se comporte de façon inattendue. " +"Ci-après une explication de l’erreur :" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:178 +msgid "Redirecting..." +msgstr "Redirection..." + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:183 +#, scheme-format +msgid "" +"<a href=~s>~a</a> can now log in on your behalf. You still need to adjust " +"permissions." +msgstr "" +"<a href=~s>~a</a> peut maintenant s'identifier en votre nom. Vous devez " +"toujours ajuster ses permissions." + #, scheme-format #~ msgid "the grant type ~s is not supported" #~ msgstr "le type d’octroi ~s n’est pas supporté " @@ -685,14 +833,6 @@ msgstr "Type d’exception non pris en charge ~a." #~ msgstr "il n’y a pas de jeton de rafraîchissement dans la requête" #, scheme-format -#~ msgid "" -#~ "I couldn’t set the locale to ~s as an approximation of the client locale " -#~ "~s" -#~ msgstr "" -#~ "je n’ai pas pu définir la locale à ~s comme approximation de la locale du " -#~ "client ~s" - -#, scheme-format #~ msgid "~s does not admit ~s as an identity provider" #~ msgstr "~s n’admet pas ~s comme fournisseur d’identité" @@ -1007,116 +1147,6 @@ msgstr "Type d’exception non pris en charge ~a." #~ "La locale du client ~s ne peut pas être approchée par la locale système " #~ "~s (parce que ~a), on utilise C.\n" -#~ msgid "xml-lang|en" -#~ msgstr "fr" - -#~ msgid "page-title|Authorization" -#~ msgstr "Autorisation" - -#~ msgid "Authorize this anonymous application?" -#~ msgstr "Autoriser cette application anonyme ?" - -#, scheme-format -#~ msgid "Authorize <a href=~s>~a</a>?" -#~ msgstr "Autoriser <a href=~s>~a</a> ?" - -#~ msgid "Do you want to authorize this application to represent you?" -#~ msgstr "Voulez-vous autoriser cette application à vous représenter ?" - -#~ msgid "Please retry your password:" -#~ msgstr "Veuillez réessayer votre mot de passe :" - -#~ msgid "Please enter your password:" -#~ msgstr "Veuillez entrer votre mot de passe :" - -#~ msgid "Allow" -#~ msgstr "Autoriser" - -#~ msgid "Bad request" -#~ msgstr "Requête invalide" - -#~ msgid "The application did not set the <emph>client_id</emph> parameter." -#~ msgstr "L'application n'a pas spécifié le paramètre <emph>client_id</emph>." - -#~ msgid "The application did not set the <emph>redirect_uri</emph> parameter." -#~ msgstr "" -#~ "L'application n'a pas spécifié le paramètre <emph>redirect_uri</emph>." - -#, scheme-format -#~ msgid "the value ~s is not a base64 string." -#~ msgstr "la valeur ~s n’est pas une chaîne base64." - -#~ msgid "the following value is not JSON:" -#~ msgstr "la valeur suivante n’est pas du JSON :" - -#~ msgid "the following value is not Turtle:" -#~ msgstr "la valeur suivante n’est pas du Turtle :" - -#, scheme-format -#~ msgid "" -#~ "the server request unexpectedly failed with code ~a and reason phrase ~s." -#~ msgstr "" -#~ "la requête au serveur a échoué de façon inattendue avec un code ~a et une " -#~ "raison ~s." - -#, scheme-format -#~ msgid "the header ~a should not have the value ~s.\n" -#~ msgstr "l’en-tête ~a ne devrait pas avoir la valeur ~s.\n" - -#, scheme-format -#~ msgid "the header ~a should be present." -#~ msgstr "l’en-tête ~a devrait être présent." - -#~ msgid "the server response wasn’t expected:" -#~ msgstr "la réponse du serveur est inattendue :" - -#, scheme-format -#~ msgid "the client_id field is incorrect: ~s" -#~ msgstr "le champ client_id est incorrect : ~s" - -#~ msgid "the client_id field is missing" -#~ msgstr "le champ client_id est manquant" - -#, scheme-format -#~ msgid "I could not fetch a RDF graph at ~a;" -#~ msgstr "je n’ai pas pu récupérer de graphe RDF à ~a;" - -#~ msgid "this is not a client manifest:" -#~ msgstr "ceci n’est pas un manifeste client :" - -#, scheme-format -#~ msgid "the manifest does not authorize redirection URI ~a:" -#~ msgstr "le manifeste n’autorise pas l’URI de redirection ~a :" - -#, scheme-format -#~ msgid "the client manifest at ~a is advertised for ~a;" -#~ msgstr "le manifeste client ~a est publié pour ~a ;" - -#, scheme-format -#~ msgid "I could not fetch the client manifest of ~a;" -#~ msgstr "je n’ai pas pu récupérer le manifeste client de ~a ;" - -#~ msgid "I could not issue an authorization code for you;" -#~ msgstr "je n’ai pas pu émettre un code d’autorisation pour vous ;" - -#~ msgid "" -#~ "The application you are trying to authorize behaved unexpectedly. Here is " -#~ "the explanation of the error:" -#~ msgstr "" -#~ "L’application que vous essayez d’autoriser se comporte de façon " -#~ "inattendue. Ci-après une explication de l’erreur :" - -#~ msgid "Redirecting..." -#~ msgstr "Redirection..." - -#, scheme-format -#~ msgid "" -#~ "<a href=~s>~a</a> can now log in on your behalf. You still need to adjust " -#~ "permissions." -#~ msgstr "" -#~ "<a href=~s>~a</a> peut maintenant s'identifier en votre nom. Vous devez " -#~ "toujours ajuster ses permissions." - #, scheme-format #~ msgid "~a: authentication failure: ~a\n" #~ msgstr "~a : échec d’authentificationn : ~a\n" diff --git a/po/webid-oidc.pot b/po/webid-oidc.pot index 29a9bb6..c9da413 100644 --- a/po/webid-oidc.pot +++ b/po/webid-oidc.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: webid-oidc SNAPSHOT\n" "Report-Msgid-Bugs-To: vivien@planete-kraus.eu\n" -"POT-Creation-Date: 2021-06-05 16:15+0200\n" +"POT-Creation-Date: 2021-06-05 16:16+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -122,539 +122,679 @@ msgstr "" msgid "Usage: generate-key [NUMBER OF BITS | CURVE]\n" msgstr "" -#: src/scm/webid-oidc/errors.scm:788 +#: src/scm/webid-oidc/errors.scm:799 msgid "that’s how it is" msgstr "" -#: src/scm/webid-oidc/errors.scm:793 +#: src/scm/webid-oidc/errors.scm:804 #, scheme-format msgid "the value ~s is not a base64 string (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:796 +#: src/scm/webid-oidc/errors.scm:807 #, scheme-format msgid "the value ~s is not JSON (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:799 +#: src/scm/webid-oidc/errors.scm:810 #, scheme-format msgid "the value ~s is not Turtle (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:802 +#: src/scm/webid-oidc/errors.scm:813 #, scheme-format msgid "the value ~s does not identify an elleptic curve" msgstr "" -#: src/scm/webid-oidc/errors.scm:807 +#: src/scm/webid-oidc/errors.scm:818 #, scheme-format msgid "the value ~s does not identify a JWK (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:809 +#: src/scm/webid-oidc/errors.scm:820 #, scheme-format msgid "the value ~s does not identify a JWK" msgstr "" -#: src/scm/webid-oidc/errors.scm:814 +#: src/scm/webid-oidc/errors.scm:825 #, scheme-format msgid "the value ~s does not identify a public JWK (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:816 +#: src/scm/webid-oidc/errors.scm:827 #, scheme-format msgid "the value ~s does not identify a public JWK" msgstr "" -#: src/scm/webid-oidc/errors.scm:821 +#: src/scm/webid-oidc/errors.scm:832 #, scheme-format msgid "the value ~s does not identify a private JWK (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:823 +#: src/scm/webid-oidc/errors.scm:834 #, scheme-format msgid "the value ~s does not identify a private JWK" msgstr "" -#: src/scm/webid-oidc/errors.scm:828 +#: src/scm/webid-oidc/errors.scm:839 #, scheme-format msgid "the value ~s does not identify a JWKS (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:830 +#: src/scm/webid-oidc/errors.scm:841 #, scheme-format msgid "the value ~s does not identify a JWKS" msgstr "" -#: src/scm/webid-oidc/errors.scm:833 +#: src/scm/webid-oidc/errors.scm:844 #, scheme-format msgid "the value ~s does not identify a hash algorithm" msgstr "" -#: src/scm/webid-oidc/errors.scm:836 +#: src/scm/webid-oidc/errors.scm:847 #, scheme-format msgid "the value ~s is not an alist or misses key ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:839 +#: src/scm/webid-oidc/errors.scm:850 #, scheme-format msgid "the value ~s is not a JWS header (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:842 +#: src/scm/webid-oidc/errors.scm:853 #, scheme-format msgid "the value ~s is not a JWS payload (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:845 +#: src/scm/webid-oidc/errors.scm:856 #, scheme-format msgid "the value ~s is not a JWS (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:848 +#: src/scm/webid-oidc/errors.scm:859 #, scheme-format msgid "the string ~s cannot be split in 3 parts with ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:851 +#: src/scm/webid-oidc/errors.scm:862 #, scheme-format msgid "" "all key candidates failed to verify signature ~s with algorithm ~s and " "payload ~a (there were ~a: ~s)" msgstr "" -#: src/scm/webid-oidc/errors.scm:854 +#: src/scm/webid-oidc/errors.scm:865 #, scheme-format msgid "I cannot decode JWS ~a (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:857 +#: src/scm/webid-oidc/errors.scm:868 #, scheme-format msgid "I cannot encode JWS ~a (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:860 +#: src/scm/webid-oidc/errors.scm:871 #, scheme-format msgid "" "the server request unexpectedly failed with code ~a and reason phrase ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:865 +#: src/scm/webid-oidc/errors.scm:876 #, scheme-format msgid "the header ~a should not have the value ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:867 +#: src/scm/webid-oidc/errors.scm:878 #, scheme-format msgid "the header ~a should be present" msgstr "" -#: src/scm/webid-oidc/errors.scm:870 +#: src/scm/webid-oidc/errors.scm:881 #, scheme-format msgid "the server response wasn't expected: ~s (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:876 +#: src/scm/webid-oidc/errors.scm:887 #, scheme-format msgid "the value ~s is not an OIDC configuration (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:881 +#: src/scm/webid-oidc/errors.scm:892 #, scheme-format msgid "the webid field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:882 +#: src/scm/webid-oidc/errors.scm:893 msgid "the webid field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:886 +#: src/scm/webid-oidc/errors.scm:897 #, scheme-format msgid "the sub field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:887 +#: src/scm/webid-oidc/errors.scm:898 msgid "the sub field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:891 +#: src/scm/webid-oidc/errors.scm:902 #, scheme-format msgid "the iss field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:892 +#: src/scm/webid-oidc/errors.scm:903 msgid "the iss field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:896 +#: src/scm/webid-oidc/errors.scm:907 #, scheme-format msgid "the aud field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:897 +#: src/scm/webid-oidc/errors.scm:908 msgid "the aud field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:901 +#: src/scm/webid-oidc/errors.scm:912 #, scheme-format msgid "the iat field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:902 +#: src/scm/webid-oidc/errors.scm:913 msgid "the iat field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:906 +#: src/scm/webid-oidc/errors.scm:917 #, scheme-format msgid "the exp field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:907 +#: src/scm/webid-oidc/errors.scm:918 msgid "the exp field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:911 +#: src/scm/webid-oidc/errors.scm:922 #, scheme-format msgid "the cnf/jkt field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:912 +#: src/scm/webid-oidc/errors.scm:923 msgid "the cnf/jkt field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:916 +#: src/scm/webid-oidc/errors.scm:927 #, scheme-format msgid "the client-id field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:917 +#: src/scm/webid-oidc/errors.scm:928 msgid "the client-id field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:921 +#: src/scm/webid-oidc/errors.scm:932 +#: src/scm/webid-oidc/authorization-page-unsafe.scm:133 #, scheme-format msgid "the redirect_uris field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:922 +#: src/scm/webid-oidc/errors.scm:933 +#: src/scm/webid-oidc/authorization-page-unsafe.scm:134 msgid "the redirect_uris field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:926 +#: src/scm/webid-oidc/errors.scm:937 #, scheme-format msgid "the typ field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:927 +#: src/scm/webid-oidc/errors.scm:938 msgid "the typ field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:931 +#: src/scm/webid-oidc/errors.scm:942 #, scheme-format msgid "the jwk field is incorrect: ~s (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:933 +#: src/scm/webid-oidc/errors.scm:944 msgid "the jwk field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:937 +#: src/scm/webid-oidc/errors.scm:948 #, scheme-format msgid "the jti field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:938 +#: src/scm/webid-oidc/errors.scm:949 msgid "the jti field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:942 +#: src/scm/webid-oidc/errors.scm:953 #, scheme-format msgid "the nonce field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:943 +#: src/scm/webid-oidc/errors.scm:954 msgid "the nonce field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:947 +#: src/scm/webid-oidc/errors.scm:958 #, scheme-format msgid "the htm field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:948 +#: src/scm/webid-oidc/errors.scm:959 msgid "the htm field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:952 +#: src/scm/webid-oidc/errors.scm:963 #, scheme-format msgid "the htu field is incorrect: ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:953 +#: src/scm/webid-oidc/errors.scm:964 msgid "the htu field is missing" msgstr "" -#: src/scm/webid-oidc/errors.scm:955 +#: src/scm/webid-oidc/errors.scm:966 #, scheme-format msgid "~s is not an access token (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:958 +#: src/scm/webid-oidc/errors.scm:969 #, scheme-format msgid "~s is not an access token header (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:961 +#: src/scm/webid-oidc/errors.scm:972 #, scheme-format msgid "~s is not an access token payload (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:964 +#: src/scm/webid-oidc/errors.scm:975 #, scheme-format msgid "~s is not a DPoP proof (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:967 +#: src/scm/webid-oidc/errors.scm:978 #, scheme-format msgid "~s is not a DPoP proof header (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:970 +#: src/scm/webid-oidc/errors.scm:981 #, scheme-format msgid "~s is not a DPoP proof payload (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:973 +#: src/scm/webid-oidc/errors.scm:984 #, scheme-format msgid "I cannot fetch the issuer configuration of ~a (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:980 +#: src/scm/webid-oidc/errors.scm:991 #, scheme-format msgid "I cannot fetch the JWKS of ~a at ~a (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:991 +#: src/scm/webid-oidc/errors.scm:1002 #, scheme-format msgid "the HTTP method is signed for ~s, but ~s was requested" msgstr "" -#: src/scm/webid-oidc/errors.scm:994 +#: src/scm/webid-oidc/errors.scm:1005 #, scheme-format msgid "the HTTP uri is signed for ~a, but ~a was requested" msgstr "" -#: src/scm/webid-oidc/errors.scm:997 +#: src/scm/webid-oidc/errors.scm:1008 #, scheme-format msgid "the date is ~a, but the DPoP proof is signed in the future at ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:1001 +#: src/scm/webid-oidc/errors.scm:1012 #, scheme-format msgid "the date is ~a, but the DPoP proof was signed too long ago at ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:1010 +#: src/scm/webid-oidc/errors.scm:1021 #, scheme-format msgid "the key ~s does not hash to ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:1012 +#: src/scm/webid-oidc/errors.scm:1023 #, scheme-format msgid "the key confirmation of ~s failed (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:1014 +#: src/scm/webid-oidc/errors.scm:1025 #, scheme-format msgid "the key confirmation of ~s failed" msgstr "" -#: src/scm/webid-oidc/errors.scm:1016 +#: src/scm/webid-oidc/errors.scm:1027 #, scheme-format msgid "the jti ~s has already been found (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:1019 +#: src/scm/webid-oidc/errors.scm:1030 #, scheme-format msgid "I cannot decode ~s as an access token (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:1022 +#: src/scm/webid-oidc/errors.scm:1033 #, scheme-format msgid "I cannot encode ~s as an access token with key ~s (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:1025 +#: src/scm/webid-oidc/errors.scm:1036 #, scheme-format msgid "I cannot decode ~s as a DPoP proof (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:1028 +#: src/scm/webid-oidc/errors.scm:1039 #, scheme-format msgid "I cannot encode ~s as a DPoP proof (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:1031 +#: src/scm/webid-oidc/errors.scm:1042 #, scheme-format msgid "I could not fetch a RDF graph at ~a (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:1034 +#: src/scm/webid-oidc/errors.scm:1045 #, scheme-format msgid "~s is not a client manifest (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:1037 +#: src/scm/webid-oidc/errors.scm:1048 #, scheme-format msgid "~s does not authorize redirection URI ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:1040 +#: src/scm/webid-oidc/errors.scm:1051 msgid "I cannot serve a public manifest" msgstr "" -#: src/scm/webid-oidc/errors.scm:1042 +#: src/scm/webid-oidc/errors.scm:1053 #, scheme-format msgid "~a does not have a client manifest registration triple" msgstr "" -#: src/scm/webid-oidc/errors.scm:1045 +#: src/scm/webid-oidc/errors.scm:1056 #, scheme-format msgid "the client manifest at ~a is advertised for ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:1048 +#: src/scm/webid-oidc/errors.scm:1059 #, scheme-format msgid "I could not fetch the client manifest of ~a (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:1051 +#: src/scm/webid-oidc/errors.scm:1062 #, scheme-format msgid "~s is not an authorization code (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:1054 +#: src/scm/webid-oidc/errors.scm:1065 #, scheme-format msgid "~s is not an authorization code header (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:1057 +#: src/scm/webid-oidc/errors.scm:1068 #, scheme-format msgid "~s is not an authorization code payload (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:1060 +#: src/scm/webid-oidc/errors.scm:1071 #, scheme-format msgid "the current time is ~a, and the authorization code expired at ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:1064 +#: src/scm/webid-oidc/errors.scm:1075 #, scheme-format msgid "I cannot decode ~s as an authorization code (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:1067 +#: src/scm/webid-oidc/errors.scm:1078 #, scheme-format msgid "I cannot encode ~s as an authorization code (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:1070 +#: src/scm/webid-oidc/errors.scm:1081 #, scheme-format msgid "there is no such refresh token as ~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:1073 +#: src/scm/webid-oidc/errors.scm:1084 #, scheme-format msgid "" "the refresh token is bound to a key confirmed as ~s, but it is used with key " "~s" msgstr "" -#: src/scm/webid-oidc/errors.scm:1076 +#: src/scm/webid-oidc/errors.scm:1087 #, scheme-format msgid "I cannot decode ~s as an ID token (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:1079 +#: src/scm/webid-oidc/errors.scm:1090 #, scheme-format msgid "I cannot encode ~s as an ID token (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:1082 +#: src/scm/webid-oidc/errors.scm:1093 #, scheme-format msgid "~s is not an ID token (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:1085 +#: src/scm/webid-oidc/errors.scm:1096 #, scheme-format msgid "~s is not an ID token header (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:1088 +#: src/scm/webid-oidc/errors.scm:1099 #, scheme-format msgid "~s is not an ID token payload (because ~a)" msgstr "" -#: src/scm/webid-oidc/errors.scm:1093 +#: src/scm/webid-oidc/errors.scm:1102 +#, scheme-format +msgid "" +"I couldn’t set the locale to ~s as an approximation of the client locale ~s" +msgstr "" + +#: src/scm/webid-oidc/errors.scm:1107 msgid "that’s it" msgstr "" -#: src/scm/webid-oidc/errors.scm:1097 +#: src/scm/webid-oidc/errors.scm:1111 #, scheme-format msgid "~a and ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:1100 +#: src/scm/webid-oidc/errors.scm:1114 #, scheme-format msgid "~a, ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:1104 +#: src/scm/webid-oidc/errors.scm:1118 #, scheme-format msgid "the signature ~a does not match key ~s with payload ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:1107 +#: src/scm/webid-oidc/errors.scm:1121 msgid "there is an undefined variable" msgstr "" -#: src/scm/webid-oidc/errors.scm:1109 +#: src/scm/webid-oidc/errors.scm:1123 #, scheme-format msgid "the origin is ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:1112 +#: src/scm/webid-oidc/errors.scm:1126 #, scheme-format msgid "a message is attached: ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:1115 +#: src/scm/webid-oidc/errors.scm:1129 #, scheme-format msgid "the values ~s are problematic" msgstr "" -#: src/scm/webid-oidc/errors.scm:1118 +#: src/scm/webid-oidc/errors.scm:1132 msgid "there is a kind and args" msgstr "" -#: src/scm/webid-oidc/errors.scm:1120 +#: src/scm/webid-oidc/errors.scm:1134 msgid "there is an assertion failure" msgstr "" -#: src/scm/webid-oidc/errors.scm:1122 +#: src/scm/webid-oidc/errors.scm:1136 #, scheme-format msgid "the program quits with code ~a" msgstr "" -#: src/scm/webid-oidc/errors.scm:1125 +#: src/scm/webid-oidc/errors.scm:1139 msgid "the program cannot recover from this exception" msgstr "" -#: src/scm/webid-oidc/errors.scm:1127 +#: src/scm/webid-oidc/errors.scm:1141 msgid "there is an error" msgstr "" -#: src/scm/webid-oidc/errors.scm:1129 +#: src/scm/webid-oidc/errors.scm:1143 #, scheme-format msgid "Unhandled exception type ~a." msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:29 +msgid "xml-lang|en" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:45 +msgid "page-title|Authorization" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:50 +msgid "Authorize this anonymous application?" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:51 +#, scheme-format +msgid "Authorize <a href=~s>~a</a>?" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:53 +msgid "Do you want to authorize this application to represent you?" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:63 +msgid "Please retry your password:" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:64 +msgid "Please enter your password:" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:69 +msgid "Allow" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:75 +msgid "Bad request" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:80 +msgid "The application did not set the <emph>client_id</emph> parameter." +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:85 +msgid "The application did not set the <emph>redirect_uri</emph> parameter." +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:98 +#, scheme-format +msgid "the value ~s is not a base64 string." +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:101 +msgid "the following value is not JSON:" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:104 +msgid "the following value is not Turtle:" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:107 +#, scheme-format +msgid "" +"the server request unexpectedly failed with code ~a and reason phrase ~s." +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:112 +#, scheme-format +msgid "the header ~a should not have the value ~s.\n" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:114 +#, scheme-format +msgid "the header ~a should be present." +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:118 +msgid "the server response wasn’t expected:" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:127 +#, scheme-format +msgid "the client_id field is incorrect: ~s" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:128 +msgid "the client_id field is missing" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:137 +#, scheme-format +msgid "I could not fetch a RDF graph at ~a;" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:141 +msgid "this is not a client manifest:" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:146 +#, scheme-format +msgid "the manifest does not authorize redirection URI ~a:" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:151 +#, scheme-format +msgid "the client manifest at ~a is advertised for ~a;" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:156 +#, scheme-format +msgid "I could not fetch the client manifest of ~a;" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:161 +msgid "I could not issue an authorization code for you;" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:169 +msgid "" +"The application you are trying to authorize behaved unexpectedly. Here is " +"the explanation of the error:" +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:178 +msgid "Redirecting..." +msgstr "" + +#: src/scm/webid-oidc/authorization-page-unsafe.scm:183 +#, scheme-format +msgid "" +"<a href=~s>~a</a> can now log in on your behalf. You still need to adjust " +"permissions." +msgstr "" diff --git a/src/scm/webid-oidc/Makefile.am b/src/scm/webid-oidc/Makefile.am index 56b50ec..57bd1b1 100644 --- a/src/scm/webid-oidc/Makefile.am +++ b/src/scm/webid-oidc/Makefile.am @@ -13,7 +13,10 @@ dist_webidoidcmod_DATA += \ %reldir%/client-manifest.scm \ %reldir%/authorization-code.scm \ %reldir%/refresh-token.scm \ - %reldir%/oidc-id-token.scm + %reldir%/oidc-id-token.scm \ + %reldir%/authorization-page.scm \ + %reldir%/authorization-page-unsafe.scm + webidoidcgo_DATA += \ %reldir%/errors.go \ %reldir%/stubs.go \ @@ -29,4 +32,8 @@ webidoidcgo_DATA += \ %reldir%/client-manifest.go \ %reldir%/authorization-code.go \ %reldir%/refresh-token.go \ - %reldir%/oidc-id-token.go + %reldir%/oidc-id-token.go \ + %reldir%/authorization-page.go \ + %reldir%/authorization-page-unsafe.go + +EXTRA_DIST += %reldir%/ChangeLog diff --git a/src/scm/webid-oidc/authorization-page-unsafe.scm b/src/scm/webid-oidc/authorization-page-unsafe.scm new file mode 100644 index 0000000..f969caf --- /dev/null +++ b/src/scm/webid-oidc/authorization-page-unsafe.scm @@ -0,0 +1,185 @@ +(define-module (webid-oidc authorization-page-unsafe) + #:use-module (webid-oidc errors) + #:use-module (sxml simple) + #:use-module (web uri) + #:use-module (web response) + #:use-module (ice-9 i18n) + #:use-module (ice-9 exceptions) + #:use-module (ice-9 string-fun)) + +(define (G_ text) + (let ((out (gettext text))) + (if (string=? out text) + ;; No translation, disambiguate + (car (reverse (string-split text #\|))) + out))) + +(define (str->sxml str) + (cdadr + (xml->sxml + (string-append "<protect>" str "</protect>")))) + +(define (make-page title . body) + (with-output-to-string + (lambda () + (sxml->xml + `(*TOP* + (*PI* xml "version=\"1.0\" encoding=\"utf-8\"") + (html (@ (xmlns "http://www.w3.org/1999/xhtml") + (xml:lang ,(G_ "xml-lang|en"))) + (head + (title ,title)) + (body + ,@body))))))) + +(define-public (authorization-page credential-invalid? + client-id post-uri) + (when (uri? client-id) + (set! client-id (uri->string client-id))) + (when (string? post-uri) + (set! post-uri (string->uri post-uri))) + (values (build-response + #:headers `((content-type application/xhtml+xml))) + + (make-page + (G_ "page-title|Authorization") + (if (equal? + (string->uri client-id) + (string->uri + "http://www.w3.org/ns/solid/terms#PublicOidcClient")) + `(h1 ,@(str->sxml (G_ "Authorize this anonymous application?"))) + `(h1 ,@(str->sxml (format #f (G_ "Authorize <a href=~s>~a</a>?") + client-id client-id)))) + `(p ,@(str->sxml (G_ "Do you want to authorize this application to represent you?"))) + `(form (@ (action ,(uri->string post-uri)) + (method "POST")) + (div + (label (@ (for "password") + ,@(if credential-invalid? + '((class "authz-page-credential-error")) + '())) + ,@(str->sxml + (if credential-invalid? + (G_ "Please retry your password:") + (G_ "Please enter your password:")))) + (input (@ (type "password") + (name "password") + (id "password")))) + (input (@ (type "submit") + (value ,(G_ "Allow")))))))) + +(define (bad-request . body) + (values (build-response #:code 400 + #:reason-phrase "Bad Request" + #:headers '((content-type application/xhtml+xml))) + (apply make-page (G_ "Bad request") body))) + +(define-public (error-no-client-id) + (bad-request + `(p ,@(str->sxml + (G_ "The application did not set the <emph>client_id</emph> parameter."))))) + +(define-public (error-no-redirect-uri) + (bad-request + `(p ,@(str->sxml + (G_ "The application did not set the <emph>redirect_uri</emph> parameter."))))) + +(define (wrap-error err) + (if (record? err) + (let* ((type (record-type-descriptor err)) + (get + (lambda (slot) + ((record-accessor type slot) err))) + (recurse + (lambda (err) + (wrap-error err)))) + (case (record-type-name type) + ((¬-base64) + `((li ,(format #f (G_ "the value ~s is not a base64 string.") + (get 'value))))) + ((¬-json) + `((li ,(format #f (G_ "the following value is not JSON:")) + (pre ,(get 'value))))) + ((¬-turtle) + `((li ,(format #f (G_ "the following value is not Turtle:")) + (pre ,(get 'value))))) + ((&response-failed-unexpectedly) + `((li ,(format #f (G_ "the server request unexpectedly failed with code ~a and reason phrase ~s.") + (get 'response-code) (get 'response-reason-phrase))))) + ((&unexpected-header-value) + `((li ,(let ((value (get 'value))) + (if value + (format #f (G_ "the header ~a should not have the value ~s.\n") + (get 'header) value) + (format #f (G_ "the header ~a should be present.") + (get 'header))))))) + ((&unexpected-response) + (cons + `(li ,(format #f (G_ "the server response wasn’t expected:")) + (pre ,(call-with-output-string + (lambda (port) + (write-response (get 'response) port))))) + (recurse (get 'cause)))) + ((&incorrect-client-id-field) + (let ((value (get 'value))) + `((li + ,(if value + (format #f (G_ "the client_id field is incorrect: ~s") value) + (G_ "the client_id field is missing")))))) + ((&incorrect-redirect-uris-field) + (let ((value (get 'value))) + `((li + ,(if value + (format #f (G_ "the redirect_uris field is incorrect: ~s") value) + (G_ "the redirect_uris field is missing")))))) + ((&cannot-fetch-linked-data) + (cons + `(li ,(format #f (G_ "I could not fetch a RDF graph at ~a;") (uri->string (get 'uri)))) + (recurse (get 'cause)))) + ((¬-a-client-manifest) + (cons + `(li ,(format #f (G_ "this is not a client manifest:")) + (pre ,(format #f "~s" (get 'value)))) + (recurse (get 'cause)))) + ((&unauthorized-redirection-uri) + (cons + `(li ,(format #f (G_ "the manifest does not authorize redirection URI ~a:") + (uri->string (get 'uri))) + (pre ,(format #f "~s" (get 'manifest)))) + (recurse (get 'cause)))) + ((&inconsistent-client-manifest-id) + `((li ,(format #f (G_ "the client manifest at ~a is advertised for ~a;") + (uri->string (get 'id)) + (uri->string (get 'advertised-id)))))) + ((&cannot-fetch-client-manifest) + (cons + `(li ,(format #f (G_ "I could not fetch the client manifest of ~a;") + (uri->string (get 'id)))) + (recurse (get 'cause)))) + ((¬-an-authorization-code-payload) + (cons + `(li ,(format #f (G_ "I could not issue an authorization code for you;"))) + (recurse (get 'cause)))) + (else + (raise-exception err)))) + (throw err))) + +(define-public (error-application error) + (bad-request + `(p ,(G_ "The application you are trying to authorize behaved unexpectedly. Here is the explanation of the error:") + (ol ,@(wrap-error error))))) + +(define-public (redirection client-id uri) + (values (build-response + #:code 302 + #:headers `((location . ,uri) + (content-type application/xhtml+xml))) + (make-page + (G_ "Redirecting...") + `(h1 "Authorization granted, you are being redirected") + `(p ,@(str->sxml + (format + #f + (G_ "<a href=~s>~a</a> can now log in on your behalf. You still need to adjust permissions.") + (uri->string client-id) + (uri->string client-id))))))) diff --git a/src/scm/webid-oidc/authorization-page.scm b/src/scm/webid-oidc/authorization-page.scm new file mode 100644 index 0000000..b2c2f1f --- /dev/null +++ b/src/scm/webid-oidc/authorization-page.scm @@ -0,0 +1,59 @@ +(define-module (webid-oidc authorization-page) + #:use-module (webid-oidc errors) + #:use-module ((webid-oidc authorization-page-unsafe) #:prefix unsafe:) + #:use-module (ice-9 i18n) + #:use-module (ice-9 string-fun) + #:use-module (ice-9 receive) + #:use-module (ice-9 threads)) + +(define locale-mutex + (make-mutex)) + +(define-syntax with-locale + (syntax-rules () + ((with-locale web-locale . job) + (let ((locale-with-underscore + (if (equal? web-locale "C") + ;; For the unit tests + "C" + (string-append + (string-replace-substring web-locale "-" "_") + ".UTF-8"))) + (previous-locale (setlocale LC_ALL))) + (dynamic-wind + (lambda () + (lock-mutex locale-mutex)) + (lambda () + (dynamic-wind + (lambda () + (with-exception-handler + (lambda (error) + (raise-unknown-client-locale web-locale locale-with-underscore) + (setlocale LC_ALL "C")) + (lambda () + (setlocale LC_ALL locale-with-underscore)) + #:unwind? #t)) + (lambda () . job) + (lambda () + (setlocale LC_ALL previous-locale)))) + (lambda () + (unlock-mutex locale-mutex))))))) + +(define-public (authorization-page + locale credential-invalid? client-id post-uri) + (with-locale + locale + (unsafe:authorization-page credential-invalid? + client-id post-uri))) + +(define-public (error-no-client-id locale) + (with-locale locale (unsafe:error-no-client-id))) + +(define-public (error-no-redirect-uri locale) + (with-locale locale (unsafe:error-no-redirect-uri))) + +(define-public (error-application locale error) + (with-locale locale (unsafe:error-application error))) + +(define-public (redirection locale client-id uri) + (with-locale locale (unsafe:redirection client-id uri))) diff --git a/src/scm/webid-oidc/errors.scm b/src/scm/webid-oidc/errors.scm index b0e9a19..714e0be 100644 --- a/src/scm/webid-oidc/errors.scm +++ b/src/scm/webid-oidc/errors.scm @@ -777,6 +777,17 @@ (raise-exception ((record-constructor &cannot-encode-id-token) id-token key cause))) +(define-public &unknown-client-locale + (make-exception-type + '&unknown-client-locale + &external-error + '(web-locale c-locale))) + +(define-public (raise-unknown-client-locale web-locale c-locale) + (raise-exception + ((record-constructor &unknown-client-locale) web-locale c-locale) + #:continuable? #t)) + (define*-public (error->str err #:key (max-depth #f)) (if (record? err) (let* ((type (record-type-descriptor err)) @@ -1087,6 +1098,9 @@ ((¬-an-id-token-payload) (format #f (G_ "~s is not an ID token payload (because ~a)") (get 'value) (recurse (get 'cause)))) + ((&unknown-client-locale) + (format #f (G_ "I couldn’t set the locale to ~s as an approximation of the client locale ~s") + (get 'c-locale) (get 'web-locale))) ((&compound-exception) (let ((components (get 'components))) (if (null? components) diff --git a/tests/Makefile.am b/tests/Makefile.am index 1a23201..6a0eb0d 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -29,9 +29,10 @@ TESTS = %reldir%/load-library.scm \ %reldir%/client-manifest-fraudulent.scm \ %reldir%/refresh-token.scm \ %reldir%/too-many-refresh-tokens.scm \ - %reldir%/refresh-token-with-wrong-key.scm + %reldir%/refresh-token-with-wrong-key.scm \ + %reldir%/unknown-client-locale.scm -EXTRA_DIST += $(TESTS) +EXTRA_DIST += $(TESTS) %reldir%/ChangeLog TEST_EXTENSIONS = .scm diff --git a/tests/unknown-client-locale.scm b/tests/unknown-client-locale.scm new file mode 100644 index 0000000..fcd84da --- /dev/null +++ b/tests/unknown-client-locale.scm @@ -0,0 +1,29 @@ +(use-modules (webid-oidc authorization-page) + (webid-oidc testing) + (webid-oidc errors) + (web uri) + (srfi srfi-19) + (web response) + (ice-9 optargs) + (ice-9 receive)) + +(with-test-environment + "unknown-client-locale" + (lambda () + (let ((problem-acknowledged #f)) + (receive (response response-body) + (with-exception-handler + (lambda (error) + (unless ((record-predicate &unknown-client-locale) error) + (format (current-error-port) "Huh... ~a\n" (error->str error)) + (exit 1)) + (set! problem-acknowledged #t)) + (lambda () + (authorization-page "qdfkljsmfklsjmf" #f + (string->uri "https://example.com") + (string->uri "https://example.com")))) + (unless (eqv? (response-code response) 200) + (exit 2)) + (unless problem-acknowledged + (exit 3)) + (format (current-error-port) "~a" response-body))))) |