diff --git a/app/controllers/api/v1/App.controller.js b/app/controllers/api/v1/App.controller.js index f0435fe..145b417 100644 --- a/app/controllers/api/v1/App.controller.js +++ b/app/controllers/api/v1/App.controller.js @@ -25,12 +25,12 @@ class AppController extends Controller { if ( !application || !application.active ) return res.status(404) - .message('Application not found with that ID.') + .message(req.T('api:application_not_found')) .api() if ( !req.user.can(`app:${application.id}:view`) ) return res.status(401) - .message('Insufficient permissions.') + .message(req.T('api:insufficient_permissions')) .api() return res.api(await application.to_api()) @@ -41,28 +41,28 @@ class AppController extends Controller { if ( !req.user.can('app:create') ) return res.status(401) - .message('Insufficient permissions.') + .message(req.T('api:insufficient_permissions')) .api() const required_fields = ['name', 'identifier'] for ( const field of required_fields ) { if ( !req.body[field] ) return res.status(400) - .message(`Missing required field: ${field}`) + .message(`${req.T('api:missing_field')} ${field}`) .api() } // Make sure the identifier is properly formatted if ( !(new RegExp('^[a-zA-Z0-9_]*$')).test(req.body.identifier) ) return res.status(400) - .message('Improperly formatted field: identifier (alphanumeric with underscores only)') + .message(`${req.T('api:improper_field')} identifier ${req.T('api:alphanum_underscores')}`) .api() // Make sure the identifier is unique const existing_app = await Application.findOne({ identifier: req.body.identifier }) if ( existing_app ) return res.status(400) - .message('An Application with that identifier already exists.') + .message(req.T('api:application_already_exists')) .api() const application = new Application({ @@ -80,12 +80,12 @@ class AppController extends Controller { const client = await LDAPClient.findById(id) if ( !client || !client.active || !req.user.can(`ldap:client:${client.id}:view`) ) return res.status(400) - .message(`Invalid ldap_client_id: ${id}`) + .message(`${req.T('api:invalid_ldap_client_id')} ${id}`) .api() const other_assoc_app = await Application.findOne({ ldap_client_ids: client.id }) if ( other_assoc_app ) - return res.status(400) + return res.status(400) // TODO translate this .message(`The LDAP client ${client.name} is already associated with an existing application (${other_assoc_app.name}).`) .api() } @@ -102,12 +102,12 @@ class AppController extends Controller { const client = await OAuthClient.findById(id) if ( !client || !client.active || !req.user.can(`oauth:client:${client.id}:view`) ) return res.status(400) - .message(`Invalid oauth_client_id: ${id}`) + .message(`${req.T('api:invalid_oauth_client_id')} ${id}`) .api() const other_assoc_app = await Application.findOne({ oauth_client_ids: client.id }) if ( other_assoc_app ) - return res.status(400) + return res.status(400) // TODO translate this .message(`The OAuth2 client ${client.name} is already associated with an existing application (${other_assoc_app.name}).`) .api() } @@ -124,12 +124,12 @@ class AppController extends Controller { const provider = await ServiceProvider.findById(id) if ( !provider || !provider.active || !req.user.can(`saml:provider:${provider.id}:view`) ) return res.status(400) - .message(`Invalid saml_service_provider_id: ${id}`) + .message(`${req.T('api:invalid_saml_service_provider_id')} ${id}`) .api() const other_assoc_app = await Application.findOne({ saml_service_provider_ids: provider.id }) if ( other_assoc_app ) - return res.status(400) + return res.status(400) // TODO translate this .message(`The SAML service provider ${provider.name} is already associated with an existing application (${other_assoc_app.name}).`) .api() } @@ -147,33 +147,33 @@ class AppController extends Controller { if ( !application || !application.active ) return res.status(404) - .message('Application not found with that ID.') + .message(req.T('api:application_not_found')) .api() if ( !req.user.can(`app:${application.id}:update`) ) return res.status(401) - .message('Insufficient permissions.') + .message(req.T('api:insufficient_permissions')) .api() const required_fields = ['name', 'identifier'] for ( const field of required_fields ) { if ( !req.body[field] ) return res.status(400) - .message(`Missing required field: ${field}`) + .message(`${req.T('api:missing_field')} ${field}`) .api() } // Make sure the identifier is properly formatted if ( !(new RegExp('^[a-zA-Z0-9_]*$')).test(req.body.identifier) ) return res.status(400) - .message('Improperly formatted field: identifier (alphanumeric with underscores only)') + .message(`${req.T('api:improper_field')} identifier ${req.T('api:alphanum_underscores')}`) .api() // Make sure the identifier is unique const existing_app = await Application.findOne({ identifier: req.body.identifier }) if ( existing_app && existing_app.id !== application.id ) return res.status(400) - .message('An Application with that identifier already exists.') + .message(req.T('api:application_already_exists')) .api() // Verify LDAP client IDs @@ -185,12 +185,12 @@ class AppController extends Controller { const client = await LDAPClient.findById(id) if ( !client || !client.active || !req.user.can(`ldap:client:${client.id}:view`) ) return res.status(400) - .message(`Invalid ldap_client_id: ${id}`) + .message(`${req.T('api:invalid_ldap_client_id')} ${id}`) .api() const other_assoc_app = await Application.findOne({ ldap_client_ids: client.id }) if ( other_assoc_app && other_assoc_app.id !== application.id ) - return res.status(400) + return res.status(400) // TODO translate this .message(`The LDAP client ${client.name} is already associated with an existing application (${other_assoc_app.name}).`) .api() } @@ -207,12 +207,12 @@ class AppController extends Controller { const client = await OAuthClient.findById(id) if ( !client || !client.active || !req.user.can(`oauth:client:${client.id}:view`) ) return res.status(400) - .message(`Invalid oauth_client_id: ${id}`) + .message(`${req.T('api:invalid_oauth_client_id')} ${id}`) .api() const other_assoc_app = await Application.findOne({ oauth_client_ids: client.id }) if ( other_assoc_app && other_assoc_app.id !== application.id ) - return res.status(400) + return res.status(400) // TODO translate this .message(`The OAuth2 client ${client.name} is already associated with an existing application (${other_assoc_app.name}).`) .api() } @@ -229,12 +229,12 @@ class AppController extends Controller { const provider = await ServiceProvider.findById(id) if ( !provider || !provider.active || !req.user.can(`saml:provider:${provider.id}:view`) ) return res.status(400) - .message(`Invalid saml_service_provider_id: ${id}`) + .message(`${req.T('api:invalid_saml_service_provider_id')} ${id}`) .api() const other_assoc_app = await Application.findOne({ saml_service_provider_ids: provider.id }) if ( other_assoc_app && other_assoc_app.id !== application.id ) - return res.status(400) + return res.status(400) // TODO translate this .message(`The SAML service provider ${provider.name} is already associated with an existing application (${other_assoc_app.name}).`) .api() } @@ -255,12 +255,12 @@ class AppController extends Controller { if ( !application || !application.active ) return res.status(404) - .message('Application not found with that ID.') + .message(req.T('api:application_not_found')) .api() if ( !req.user.can(`app:${application.id}:delete`) ) return res.status(401) - .message('Insufficient permissions.') + .message(req.T('api:insufficient_permissions')) .api() application.active = false diff --git a/app/controllers/api/v1/Auth.controller.js b/app/controllers/api/v1/Auth.controller.js index 9930ff3..a2fa8da 100644 --- a/app/controllers/api/v1/Auth.controller.js +++ b/app/controllers/api/v1/Auth.controller.js @@ -20,7 +20,7 @@ class AuthController extends Controller { async get_traps(req, res, next) { const trap_config = this.configs.get('traps') - const data = [{ name: '(None)', trap: '', redirect_to: '/' }] + const data = [{ name: req.T('auth:none'), trap: '', redirect_to: '/' }] for ( const name in trap_config.types ) { if ( !trap_config.types.hasOwnProperty(name) ) continue data.push({ @@ -44,18 +44,18 @@ class AuthController extends Controller { for ( const field of required_fields ) { if ( !req.body[field] ) return res.status(400) - .message(`Missing required field: ${field}`) + .message(`${req.T('api:missing_field')} ${field}`) .api() } if ( !req.body.uid.match(/^([A-Z]|[a-z]|[0-9]|_|-|\.)+$/) ) return res.status(400) - .message('Invalid field: uid (should be alphanumeric with "_", "-", and "." allowed)') + .message(`${req.T('api:improper_field')} uid ${req.T('api:alphanum_underscores')}`) .api() if ( !email_validator.validate(req.body.email) ) return res.status(400) - .message('Invalid field: email') + .message(`${req.T('api:improper_field')} email`) .api() for ( const field of unique_fields ) { @@ -64,7 +64,7 @@ class AuthController extends Controller { const match_user = await User.findOne(params) if ( match_user ) return res.status(400) - .message(`A user already exists with that ${field}.`) + .message(`${req.T('auth:user_exists_with_field')} ${field}`) .api() } @@ -91,12 +91,12 @@ class AuthController extends Controller { || req.user.mfa_token.recovery_codes.length < 1 ) return res.status(400) - .message('Your user is not configured to use MFA, or has no recovery codes.') + .message(req.T('auth:no_mfa_or_recovery')) .api() if ( !req.body.code ) return res.status(400) - .message('Missing required field: code') + .message(`${req.T('api:missing_field')} code`) .api() const success = await req.user.mfa_token.attempt_recovery(req.body.code) @@ -176,7 +176,7 @@ class AuthController extends Controller { if ( !group || !group.active ) return res.status(404) - .message('Group not found with that ID.') + .message(req.T('api:group_not_found')) .api() if ( !req.user.can(`auth:group:${group.id}:view`) ) @@ -196,12 +196,12 @@ class AuthController extends Controller { if ( !user ) return res.status(404) - .message('User not found with that ID.') + .message(req.T('api:user_not_found')) .api() if ( !req.user.can(`auth:user:${user.id}:view`) ) return res.status(401) - .message('Insufficient permissions.') + .message(req.T('api:insufficient_permissions')) .api() return res.api(await user.to_api()) @@ -210,12 +210,12 @@ class AuthController extends Controller { async create_group(req, res, next) { if ( !req.user.can(`auth:group:create`) ) return res.status(401) - .message('Insufficient permissions.') + .message(req.T('api:insufficient_permissions')) .api() if ( !req.body.name ) return res.status(400) - .message('Missing required field: name') + .message(`${req.T('api:missing_field')} name`) .api() const Group = this.models.get('auth:Group') @@ -224,7 +224,7 @@ class AuthController extends Controller { const existing_group = await Group.findOne({ name: req.body.name }) if ( existing_group ) return res.status(400) - .message('A group with that name already exists.') + .message(req.T('api:group_already_exists')) .api() const group = new Group({ name: req.body.name }) @@ -238,7 +238,7 @@ class AuthController extends Controller { const user = await User.findById(user_id) if ( !user ) return res.status(400) - .message('Invalid user_id.') + .message(`${req.T('common:invalid')} user_id.`) .api() } @@ -252,14 +252,14 @@ class AuthController extends Controller { async create_user(req, res, next) { if ( !req.user.can('auth:user:create') ) return res.status(401) - .message('Insufficient permissions.') + .message(req.T('api:insufficient_permissions')) .api() const required_fields = ['uid', 'first_name', 'last_name', 'email', 'password'] for ( const field of required_fields ) { if ( !req.body[field] ) return res.status(400) - .message(`Missing required field: ${field}`) + .message(`${req.T('api:missing_field')} ${field}`) .api() } @@ -272,7 +272,7 @@ class AuthController extends Controller { const existing_user = await User.findOne(filter) if ( existing_user ) return res.status(400) - .message(`A user already exists with that ${field}`) + .message(`${req.T('auth:user_exists_with_field')} ${field}`) .api() } @@ -281,7 +281,7 @@ class AuthController extends Controller { const result = zxcvbn(req.body.password) if ( result.score < min_score ) return res.status(400) - .message(`Password does not meet the minimum complexity score of ${min_score}.`) + .message(req.T('auth:password_complexity_fail').replace('MIN_SCORE', min_score)) .api() const user = new User({ @@ -297,7 +297,7 @@ class AuthController extends Controller { if ( req.body.trap ) { if ( !req.trap.trap_exists(req.body.trap) ) return res.status(400) - .message('Invalid trap type.') + .message(req.T('auth:invalid_trap')) .api() user.trap = req.body.trap @@ -315,24 +315,24 @@ class AuthController extends Controller { const group = await Group.findById(req.params.id) if ( !group ) return res.status(404) - .message('Group not found with that ID.') + .message(req.T('api:group_not_found')) .api() if ( !req.user.can(`auth:group:${group.id}:update`) ) return res.status(401) - .message('Insufficient permissions.') + .message(req.T('api:insufficient_permissions')) .api() if ( !req.body.name ) return res.status(400) - .message('Missing required field: name') + .message(`${req.T('api:missing_field')} name`) .api() // Make sure the group name is unique const existing_group = await Group.findOne({ name: req.body.name }) if ( existing_group && existing_group.id !== group.id ) return res.status(400) - .message('A group with that name already exists.') + .message(req.T('api:group_already_exists')) .api() // Validate user_ids @@ -343,7 +343,7 @@ class AuthController extends Controller { const user = await User.findById(user_id) if ( !user ) return res.status(400) - .message('Invalid user_id.') + .message(`${req.T('common:invalid')} user_id.`) .api() } @@ -363,19 +363,19 @@ class AuthController extends Controller { if ( !user ) return res.status(404) - .message('User not found with that ID.') + .message(req.T('api:user_not_found')) .api() if ( !req.user.can(`auth:user:${user.id}:update`) ) return res.status(401) - .message('Insufficient permissions.') + .message(req.T('api:insufficient_permissions')) .api() const required_fields = ['uid', 'first_name', 'last_name', 'email'] for ( const field of required_fields ) { if ( !req.body[field] ) return res.status(400) - .message(`Missing required field: ${field}`) + .message(`${req.T('api:missing_field')} ${field}`) .api() } @@ -387,7 +387,7 @@ class AuthController extends Controller { const existing_user = await User.findOne(filter) if ( existing_user && existing_user.id !== user.id ) return res.status(400) - .message(`A user already exists with that ${field}`) + .message(`${req.T('auth:user_exists_with_field')} ${field}`) .api() } @@ -397,7 +397,7 @@ class AuthController extends Controller { const result = zxcvbn(req.body.password) if (result.score < min_score) return res.status(400) - .message(`Password does not meet the minimum complexity score of ${min_score}.`) + .message(req.T('auth:password_complexity_fail').replace('MIN_SCORE', min_score)) .api() await user.reset_password(req.body.password, 'api') @@ -416,7 +416,7 @@ class AuthController extends Controller { if ( req.body.trap ) { if ( !req.trap.trap_exists(req.body.trap) ) return res.status(400) - .message('Invalid trap type.') + .message(req.T('auth:invalid_trap')) .api() user.trap = req.body.trap @@ -433,12 +433,12 @@ class AuthController extends Controller { if ( !group ) return res.status(404) - .message('Group not found with that ID.') + .message(req.T('api:group_not_found')) .api() if ( !req.user.can(`auth:group:${group.id}:delete`) ) return res.status(401) - .message('Insufficient permissions.') + .message(req.T('api:insufficient_permissions')) .api() group.active = false @@ -452,12 +452,12 @@ class AuthController extends Controller { if ( !user ) return res.status(404) - .message('User not found with that ID.') + .message(req.T('api:user_not_found')) .api() if ( !req.user.can(`auth:user:${user.id}:delete`) ) return res.status(401) - .message('Insufficient permissions.') + .message(req.T('api:insufficient_permissions')) .api() // check if the user is an LDAP client. if so, delete the client @@ -493,7 +493,7 @@ class AuthController extends Controller { if ( !req.body.username && !req.body.email ) return res.status(400) - .message('Please provide one of: username, email') + .message(`${req.T('api:provide_one')} username, email`) .api() const data = {} @@ -529,7 +529,7 @@ class AuthController extends Controller { const errors = await flitter.validate_login(req.body) if ( errors && errors.length > 0 ) return res.status(400) - .message(`Unable to complete authentication: one or more errors occurred`) + .message(req.T('auth:unable_to_complete')) .api({ errors }) const login_args = await flitter.get_login_args(req.body) @@ -537,9 +537,9 @@ class AuthController extends Controller { if ( !user ) return res.status(200) - .message(`Invalid username or password.`) + .message(req.T('auth:invalid_un_or_pw')) .api({ - message: `Invalid username or password.`, + message: req.T('auth:invalid_un_or_pw'), success: false, }) @@ -549,9 +549,9 @@ class AuthController extends Controller { const client = await Client.findOne({ user_id: user.id }) if ( client ) return res.status(200) - .message(`Invalid username or password.`) + .message(req.T('auth:invalid_un_or_pw')) .api({ - message: `Invalid username or password.`, + message: req.T('auth:invalid_un_or_pw'), success: false, }) @@ -585,7 +585,7 @@ class AuthController extends Controller { } } else { return res.status(401) - .message(`Unable to grant trust. Grant token is invalid.`) + .message(req.T('auth:unable_to_grant_trust')) .api() } } @@ -600,7 +600,7 @@ class AuthController extends Controller { async get_mfa_recovery(req, res, next) { if ( !req.user.mfa_enabled ) return res.status(400) - .message('Your user does not have MFA enabled.') + .message(req.T('auth:no_mfa')) .api() const token = req.user.mfa_token @@ -617,7 +617,7 @@ class AuthController extends Controller { async generate_mfa_recovery(req, res, next) { if ( !req.user.mfa_enabled ) return res.status(400) - .message('Your user does not have MFA enabled.') + .message(req.T('auth:no_mfa')) .api() const token = req.user.mfa_token @@ -631,7 +631,7 @@ class AuthController extends Controller { async generate_mfa_key(req, res, next) { if ( req.user.mfa_enabled ) return res.status(400) - .message(`MFA already configured for user. Cannot fetch key.`) + .message(req.T('auth:already_has_mfa')) .api() const MFAToken = this.models.get('auth:MFAToken') @@ -654,7 +654,7 @@ class AuthController extends Controller { async attempt_mfa(req, res, next) { if ( !req.user.mfa_token ) return res.status(400) - .message(`The user does not have MFA configured.`) + .message(req.T('auth:no_mfa')) .api() const code = req.body.verify_code @@ -682,7 +682,7 @@ class AuthController extends Controller { async enable_mfa(req, res, next) { if ( !req.user.mfa_token ) return res.status(400) - .message(`The user does not have an MFA token configured.`) + .message(req.T('auth:no_mfa')) .api() req.user.mfa_enabled = true @@ -700,7 +700,7 @@ class AuthController extends Controller { async disable_mfa(req, res, next) { if ( !req.user.mfa_enabled ) return res.status(400) - .message('The user does not have MFA enabled.') + .message(req.T('auth:no_mfa')) .api() req.user.mfa_enabled = false diff --git a/app/controllers/api/v1/IAM.controller.js b/app/controllers/api/v1/IAM.controller.js index 3276e5f..53e4fad 100644 --- a/app/controllers/api/v1/IAM.controller.js +++ b/app/controllers/api/v1/IAM.controller.js @@ -10,7 +10,7 @@ class IAMController extends Controller { if ( !req.body.entity_id && !req.body.target_id ) return res.status(400) - .message('Missing one or more required fields: entity_id, target_id') + .message(`${req.T('api:missing_field', true)} entity_id, target_id`) .api() return res.api(await Policy.check_entity_access(req.body.entity_id, req.body.target_id)) @@ -22,7 +22,7 @@ class IAMController extends Controller { if ( !req.body.target_id ) return res.status(400) - .message('Missing required field: target_id') + .message(`${req.T('api:missing_field')} target_id`) .api() let user = req.user @@ -31,12 +31,12 @@ class IAMController extends Controller { if ( !user ) return res.status(404) - .message('User not found with that ID.') + .message(req.T('api:user_not_found')) .api() if ( !req.user.can(`auth:user:${user.id}:view`) ) return res.status(401) - .message('Insufficient permissions.') + .message(req.T('api:insufficient_permissions')) .api() return res.api(await Policy.check_user_access(user, req.body.target_id)) @@ -62,12 +62,12 @@ class IAMController extends Controller { if ( !policy ) return res.status(404) - .message('Policy not found with that ID.') + .message(req.T('iam:policy_not_found')) .api() if ( !req.user.can(`iam:policy:${policy.id}:view`) ) return res.status(401) - .message('Insufficient permissions.') + .message(req.T('api:insufficient_permissions')) .api() return res.api(await policy.to_api()) @@ -80,13 +80,13 @@ class IAMController extends Controller { for ( const field of required_fields ) { if ( !req.body[field] ) return res.status(400) - .message(`Missing required field: ${field}`) + .message(`${req.T('api:missing_field')} ${field}`) .api() } if ( !['user', 'group'].includes(req.body.entity_type) ) return res.status(400) - .message('Invalid entity_type. Must be one of: user, group.') + .message(`${req.T('iam:invalid_entity')} user, group`) .api() // Make sure the entity_id is valid @@ -95,25 +95,25 @@ class IAMController extends Controller { const user = await User.findById(req.body.entity_id) if ( !user || !req.user.can(`auth:user:${user.id}:view`) ) return res.status(400) - .message('Invalid entity_id.') + .message(`${req.T('common:invalid')} entity_id.`) .api() } else if ( req.body.entity_type === 'group' ) { const Group = this.models.get('auth:Group') const group = await Group.findById(req.body.entity_id) if ( !group || !group.active || !req.user.can(`auth:group:${group.id}:view`) ) return res.status(400) - .message('Invalid entity_id.') + .message(`${req.T('common:invalid')} entity_id.`) .api() } if ( !['allow', 'deny'].includes(req.body.access_type) ) return res.status(400) - .message('Invalid access_type. Must be one of: allow, deny.') + .message(`${req.T('common:invalid')} access_type. ${req.T('api:must_one')} allow, deny.`) .api() if ( !['application', 'api_scope'].includes(req.body.target_type) ) return res.status(400) - .message('Invalid target_type. Must be one of: application.') + .message(`${req.T('common:invalid')} target_type. ${req.T('api:must_one')} application, api_scope.`) .api() // Make sure the target_id is valid @@ -122,13 +122,13 @@ class IAMController extends Controller { const app = await Application.findById(req.body.target_id) if ( !app || !app.active || !req.user.can(`app:${app.id}:view`) ) return res.status(400) - .message('Invalid target_id.') + .message(`${req.T('common:invalid')} target_id.`) .api() } else if ( req.body.target_type === 'api_scope' ) { const api_scopes = this.canon.get('controller::api:v1:Reflect.api_scopes')() if ( !api_scopes.includes(req.body.target_id) ) return res.status(400) - .message('Invalid target_id.') + .message(`${req.T('common:invalid')} target_id.`) .api() } @@ -152,25 +152,25 @@ class IAMController extends Controller { if ( !policy || !policy.active ) return res.status(404) - .message('Policy not found with that ID.') + .message(req.T('iam:policy_not_found')) .api() if ( !req.user.can(`iam:policy:${policy.id}:update`) ) return res.status(401) - .message('Insufficient permissions.') + .message(req.T('api:insufficient_permissions')) .api() const required_fields = ['entity_type', 'entity_id', 'access_type', 'target_type', 'target_id'] for ( const field of required_fields ) { if ( !req.body[field] ) return res.status(400) - .message(`Missing required field: ${field}`) + .message(`${req.T('api:missing_field')} ${field}`) .api() } if ( !['user', 'group'].includes(req.body.entity_type) ) return res.status(400) - .message('Invalid entity_type. Must be one of: user, group.') + .message(`${req.T('common:invalid')} entity_type. ${req.T('api:must_one')} user, group.`) .api() // Make sure the entity_id is valid @@ -179,25 +179,25 @@ class IAMController extends Controller { const user = await User.findById(req.body.entity_id) if ( !user || !req.user.can(`auth:user:${user.id}:view`) ) return res.status(400) - .message('Invalid entity_id.') + .message(`${req.T('common:invalid')} entity_id.`) .api() } else if ( req.body.entity_type === 'group' ) { const Group = this.models.get('auth:Group') const group = await Group.findById(req.body.entity_id) if ( !group || !group.active || !req.user.can(`auth:group:${group.id}:view`) ) return res.status(400) - .message('Invalid entity_id.') + .message(`${req.T('common:invalid')} entity_id.`) .api() } if ( !['allow', 'deny'].includes(req.body.access_type) ) return res.status(400) - .message('Invalid access_type. Must be one of: allow, deny.') + .message(`${req.T('common:invalid')} access_type. ${req.T('api:must_one')} allow, deny.`) .api() if ( !['application', 'api_scope'].includes(req.body.target_type) ) return res.status(400) - .message('Invalid target_type. Must be one of: application.') + .message(`${req.T('common:invalid')} target_type. ${req.T('api:must_one')} application, api_scope.`) .api() // Make sure the target_id is valid @@ -206,13 +206,13 @@ class IAMController extends Controller { const app = await Application.findById(req.body.target_id) if ( !app || !app.active || !req.user.can(`app:${app.id}:view`) ) return res.status(400) - .message('Invalid target_id.') + .message(`${req.T('common:invalid')} target_id.`) .api() } else if ( req.body.target_type === 'api_scope' ) { const api_scopes = this.canon.get('controller::api:v1:Reflect.api_scopes')() if ( !api_scopes.includes(req.body.target_id) ) return res.status(400) - .message('Invalid target_id.') + .message(`${req.T('common:invalid')} target_id.`) .api() } @@ -231,12 +231,12 @@ class IAMController extends Controller { if ( !policy || !policy.active ) return res.status(404) - .message('Policy not found with that ID.') + .message(req.T('iam:policy_not_found')) .api() if ( !req.user.can(`iam:policy:${policy.id}:delete`) ) return res.status(401) - .message('Insufficient permissions.') + .message(req.T('api:insufficient_permissions')) .api() policy.active = false diff --git a/locale/en_US/api.locale.js b/locale/en_US/api.locale.js new file mode 100644 index 0000000..87f0f04 --- /dev/null +++ b/locale/en_US/api.locale.js @@ -0,0 +1,23 @@ +module.exports = exports = { + application_not_found: 'Application not found with that ID.', + application_already_exists: 'An Application with that identifier already exists.', + + group_not_found: 'Group not found with that ID.', + group_already_exists: 'A group with that name already exists.', + + user_not_found: 'User not found with that ID.', + + invalid_ldap_client_id: 'Invalid ldap_client_id:', + invalid_oauth_client_id: 'Invalid oauth_client_id:', + invalid_saml_service_provider_id: 'Invalid saml_service_provider_id:', + + insufficient_permissions: 'Insufficient permissions.', + missing_field: { + one: 'Missing required field:', + many: 'Missing one or more required fields:', + }, + improper_field: 'Improperly formatted field:', + alphanum_underscores: '(alphanumeric/underscores)', + provide_one: 'Please provide one of:', + must_one: 'Must be one of:', +} diff --git a/locale/en_US/auth.locale.js b/locale/en_US/auth.locale.js new file mode 100644 index 0000000..4fbef18 --- /dev/null +++ b/locale/en_US/auth.locale.js @@ -0,0 +1,14 @@ +module.exports = exports = { + none: '(None)', + user_exists_with_field: 'A user already exists with the field: ', + no_mfa_or_recovery: 'Your user is not configured to use MFA, or has no recovery codes.', + no_mfa: 'Your user is not configured to use MFA.', + already_has_mfa: 'MFA is already configured for your user.', + password_complexity_fail: 'Password does not meet the minimum complexity score of MIN_SCORE.', + invalid_trap: 'Invalid trap type.', + + unable_to_grant_trust: 'Unable to grant trust. Grant token is invalid.', + + invalid_un_or_pw: 'Invalid username or password.', + unable_to_complete: 'Unable to complete authentication: one or more errors occurred', +} diff --git a/locale/en_US/common.locale.js b/locale/en_US/common.locale.js index df7e22a..7993850 100644 --- a/locale/en_US/common.locale.js +++ b/locale/en_US/common.locale.js @@ -4,4 +4,6 @@ module.exports = exports = { new_to_flitter: 'New to Flitter?', start_here: 'Start Here.', log_out: 'Log out', + + invalid: 'Invalid', } diff --git a/locale/en_US/iam.locale.js b/locale/en_US/iam.locale.js new file mode 100644 index 0000000..12cf723 --- /dev/null +++ b/locale/en_US/iam.locale.js @@ -0,0 +1,4 @@ +module.exports = exports = { + policy_not_found: 'Policy not found with that ID.', + invalid_entity: 'Invalid entity_type. Must be one of:' +}