Starship/CoreID
1
0
Fork 0
Code Issues 8 Pull Requests Releases 34 Wiki Activity

Start implementation of flitter-i18n

Browse Source
This commit is contained in:
garrettmills 2020-05-30 18:00:12 -05:00
parent 8680242349
commit 86878efb52
No known key found for this signature in database
GPG Key ID: 6ACD58D6ADACFC6E
7 changed files with 141 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
app/controllers/api/v1/App.controller.js
View File

@ -25,12 +25,12 @@ class AppController extends Controller {
if ( !application || !application.active ) if ( !application || !application.active )
return res.status(404) return res.status(404)
.message('Application not found with that ID.') .message(req.T('api:application_not_found'))
.api() .api()
if ( !req.user.can(`app:${application.id}:view`) ) if ( !req.user.can(`app:${application.id}:view`) )
return res.status(401) return res.status(401)
.message('Insufficient permissions.') .message(req.T('api:insufficient_permissions'))
.api() .api()
return res.api(await application.to_api()) return res.api(await application.to_api())
@ -41,28 +41,28 @@ class AppController extends Controller {
if ( !req.user.can('app:create') ) if ( !req.user.can('app:create') )
return res.status(401) return res.status(401)
.message('Insufficient permissions.') .message(req.T('api:insufficient_permissions'))
.api() .api()
const required_fields = ['name', 'identifier'] const required_fields = ['name', 'identifier']
for ( const field of required_fields ) { for ( const field of required_fields ) {
if ( !req.body[field] ) if ( !req.body[field] )
return res.status(400) return res.status(400)
.message(`Missing required field: ${field}`) .message(`${req.T('api:missing_field')} ${field}`)
.api() .api()
} }
// Make sure the identifier is properly formatted // Make sure the identifier is properly formatted
if ( !(new RegExp('^[a-zA-Z0-9_]*$')).test(req.body.identifier) ) if ( !(new RegExp('^[a-zA-Z0-9_]*$')).test(req.body.identifier) )
return res.status(400) return res.status(400)
.message('Improperly formatted field: identifier (alphanumeric with underscores only)') .message(`${req.T('api:improper_field')} identifier ${req.T('api:alphanum_underscores')}`)
.api() .api()
// Make sure the identifier is unique // Make sure the identifier is unique
const existing_app = await Application.findOne({ identifier: req.body.identifier }) const existing_app = await Application.findOne({ identifier: req.body.identifier })
if ( existing_app ) if ( existing_app )
return res.status(400) return res.status(400)
.message('An Application with that identifier already exists.') .message(req.T('api:application_already_exists'))
.api() .api()
const application = new Application({ const application = new Application({
@ -80,12 +80,12 @@ class AppController extends Controller {
const client = await LDAPClient.findById(id) const client = await LDAPClient.findById(id)
if ( !client || !client.active || !req.user.can(`ldap:client:${client.id}:view`) ) if ( !client || !client.active || !req.user.can(`ldap:client:${client.id}:view`) )
return res.status(400) return res.status(400)
.message(`Invalid ldap_client_id: ${id}`) .message(`${req.T('api:invalid_ldap_client_id')} ${id}`)
.api() .api()
const other_assoc_app = await Application.findOne({ ldap_client_ids: client.id }) const other_assoc_app = await Application.findOne({ ldap_client_ids: client.id })
if ( other_assoc_app ) if ( other_assoc_app )
return res.status(400) return res.status(400) // TODO translate this
.message(`The LDAP client ${client.name} is already associated with an existing application (${other_assoc_app.name}).`) .message(`The LDAP client ${client.name} is already associated with an existing application (${other_assoc_app.name}).`)
.api() .api()
} }
@ -102,12 +102,12 @@ class AppController extends Controller {
const client = await OAuthClient.findById(id) const client = await OAuthClient.findById(id)
if ( !client || !client.active || !req.user.can(`oauth:client:${client.id}:view`) ) if ( !client || !client.active || !req.user.can(`oauth:client:${client.id}:view`) )
return res.status(400) return res.status(400)
.message(`Invalid oauth_client_id: ${id}`) .message(`${req.T('api:invalid_oauth_client_id')} ${id}`)
.api() .api()
const other_assoc_app = await Application.findOne({ oauth_client_ids: client.id }) const other_assoc_app = await Application.findOne({ oauth_client_ids: client.id })
if ( other_assoc_app ) if ( other_assoc_app )
return res.status(400) return res.status(400) // TODO translate this
.message(`The OAuth2 client ${client.name} is already associated with an existing application (${other_assoc_app.name}).`) .message(`The OAuth2 client ${client.name} is already associated with an existing application (${other_assoc_app.name}).`)
.api() .api()
} }
@ -124,12 +124,12 @@ class AppController extends Controller {
const provider = await ServiceProvider.findById(id) const provider = await ServiceProvider.findById(id)
if ( !provider || !provider.active || !req.user.can(`saml:provider:${provider.id}:view`) ) if ( !provider || !provider.active || !req.user.can(`saml:provider:${provider.id}:view`) )
return res.status(400) return res.status(400)
.message(`Invalid saml_service_provider_id: ${id}`) .message(`${req.T('api:invalid_saml_service_provider_id')} ${id}`)
.api() .api()
const other_assoc_app = await Application.findOne({ saml_service_provider_ids: provider.id }) const other_assoc_app = await Application.findOne({ saml_service_provider_ids: provider.id })
if ( other_assoc_app ) if ( other_assoc_app )
return res.status(400) return res.status(400) // TODO translate this
.message(`The SAML service provider ${provider.name} is already associated with an existing application (${other_assoc_app.name}).`) .message(`The SAML service provider ${provider.name} is already associated with an existing application (${other_assoc_app.name}).`)
.api() .api()
} }
@ -147,33 +147,33 @@ class AppController extends Controller {
if ( !application || !application.active ) if ( !application || !application.active )
return res.status(404) return res.status(404)
.message('Application not found with that ID.') .message(req.T('api:application_not_found'))
.api() .api()
if ( !req.user.can(`app:${application.id}:update`) ) if ( !req.user.can(`app:${application.id}:update`) )
return res.status(401) return res.status(401)
.message('Insufficient permissions.') .message(req.T('api:insufficient_permissions'))
.api() .api()
const required_fields = ['name', 'identifier'] const required_fields = ['name', 'identifier']
for ( const field of required_fields ) { for ( const field of required_fields ) {
if ( !req.body[field] ) if ( !req.body[field] )
return res.status(400) return res.status(400)
.message(`Missing required field: ${field}`) .message(`${req.T('api:missing_field')} ${field}`)
.api() .api()
} }
// Make sure the identifier is properly formatted // Make sure the identifier is properly formatted
if ( !(new RegExp('^[a-zA-Z0-9_]*$')).test(req.body.identifier) ) if ( !(new RegExp('^[a-zA-Z0-9_]*$')).test(req.body.identifier) )
return res.status(400) return res.status(400)
.message('Improperly formatted field: identifier (alphanumeric with underscores only)') .message(`${req.T('api:improper_field')} identifier ${req.T('api:alphanum_underscores')}`)
.api() .api()
// Make sure the identifier is unique // Make sure the identifier is unique
const existing_app = await Application.findOne({ identifier: req.body.identifier }) const existing_app = await Application.findOne({ identifier: req.body.identifier })
if ( existing_app && existing_app.id !== application.id ) if ( existing_app && existing_app.id !== application.id )
return res.status(400) return res.status(400)
.message('An Application with that identifier already exists.') .message(req.T('api:application_already_exists'))
.api() .api()
// Verify LDAP client IDs // Verify LDAP client IDs
@ -185,12 +185,12 @@ class AppController extends Controller {
const client = await LDAPClient.findById(id) const client = await LDAPClient.findById(id)
if ( !client || !client.active || !req.user.can(`ldap:client:${client.id}:view`) ) if ( !client || !client.active || !req.user.can(`ldap:client:${client.id}:view`) )
return res.status(400) return res.status(400)
.message(`Invalid ldap_client_id: ${id}`) .message(`${req.T('api:invalid_ldap_client_id')} ${id}`)
.api() .api()
const other_assoc_app = await Application.findOne({ ldap_client_ids: client.id }) const other_assoc_app = await Application.findOne({ ldap_client_ids: client.id })
if ( other_assoc_app && other_assoc_app.id !== application.id ) if ( other_assoc_app && other_assoc_app.id !== application.id )
return res.status(400) return res.status(400) // TODO translate this
.message(`The LDAP client ${client.name} is already associated with an existing application (${other_assoc_app.name}).`) .message(`The LDAP client ${client.name} is already associated with an existing application (${other_assoc_app.name}).`)
.api() .api()
} }
@ -207,12 +207,12 @@ class AppController extends Controller {
const client = await OAuthClient.findById(id) const client = await OAuthClient.findById(id)
if ( !client || !client.active || !req.user.can(`oauth:client:${client.id}:view`) ) if ( !client || !client.active || !req.user.can(`oauth:client:${client.id}:view`) )
return res.status(400) return res.status(400)
.message(`Invalid oauth_client_id: ${id}`) .message(`${req.T('api:invalid_oauth_client_id')} ${id}`)
.api() .api()
const other_assoc_app = await Application.findOne({ oauth_client_ids: client.id }) const other_assoc_app = await Application.findOne({ oauth_client_ids: client.id })
if ( other_assoc_app && other_assoc_app.id !== application.id ) if ( other_assoc_app && other_assoc_app.id !== application.id )
return res.status(400) return res.status(400) // TODO translate this
.message(`The OAuth2 client ${client.name} is already associated with an existing application (${other_assoc_app.name}).`) .message(`The OAuth2 client ${client.name} is already associated with an existing application (${other_assoc_app.name}).`)
.api() .api()
} }
@ -229,12 +229,12 @@ class AppController extends Controller {
const provider = await ServiceProvider.findById(id) const provider = await ServiceProvider.findById(id)
if ( !provider || !provider.active || !req.user.can(`saml:provider:${provider.id}:view`) ) if ( !provider || !provider.active || !req.user.can(`saml:provider:${provider.id}:view`) )
return res.status(400) return res.status(400)
.message(`Invalid saml_service_provider_id: ${id}`) .message(`${req.T('api:invalid_saml_service_provider_id')} ${id}`)
.api() .api()
const other_assoc_app = await Application.findOne({ saml_service_provider_ids: provider.id }) const other_assoc_app = await Application.findOne({ saml_service_provider_ids: provider.id })
if ( other_assoc_app && other_assoc_app.id !== application.id ) if ( other_assoc_app && other_assoc_app.id !== application.id )
return res.status(400) return res.status(400) // TODO translate this
.message(`The SAML service provider ${provider.name} is already associated with an existing application (${other_assoc_app.name}).`) .message(`The SAML service provider ${provider.name} is already associated with an existing application (${other_assoc_app.name}).`)
.api() .api()
} }
@ -255,12 +255,12 @@ class AppController extends Controller {
if ( !application || !application.active ) if ( !application || !application.active )
return res.status(404) return res.status(404)
.message('Application not found with that ID.') .message(req.T('api:application_not_found'))
.api() .api()
if ( !req.user.can(`app:${application.id}:delete`) ) if ( !req.user.can(`app:${application.id}:delete`) )
return res.status(401) return res.status(401)
.message('Insufficient permissions.') .message(req.T('api:insufficient_permissions'))
.api() .api()
application.active = false application.active = false

94
app/controllers/api/v1/Auth.controller.js
View File

@ -20,7 +20,7 @@ class AuthController extends Controller {
async get_traps(req, res, next) { async get_traps(req, res, next) {
const trap_config = this.configs.get('traps') const trap_config = this.configs.get('traps')
const data = [{ name: '(None)', trap: '', redirect_to: '/' }] const data = [{ name: req.T('auth:none'), trap: '', redirect_to: '/' }]
for ( const name in trap_config.types ) { for ( const name in trap_config.types ) {
if ( !trap_config.types.hasOwnProperty(name) ) continue if ( !trap_config.types.hasOwnProperty(name) ) continue
data.push({ data.push({
@ -44,18 +44,18 @@ class AuthController extends Controller {
for ( const field of required_fields ) { for ( const field of required_fields ) {
if ( !req.body[field] ) if ( !req.body[field] )
return res.status(400) return res.status(400)
.message(`Missing required field: ${field}`) .message(`${req.T('api:missing_field')} ${field}`)
.api() .api()
} }
if ( !req.body.uid.match(/^([A-Z]|[a-z]|[0-9]|_|-|\.)+$/) ) if ( !req.body.uid.match(/^([A-Z]|[a-z]|[0-9]|_|-|\.)+$/) )
return res.status(400) return res.status(400)
.message('Invalid field: uid (should be alphanumeric with "_", "-", and "." allowed)') .message(`${req.T('api:improper_field')} uid ${req.T('api:alphanum_underscores')}`)
.api() .api()
if ( !email_validator.validate(req.body.email) ) if ( !email_validator.validate(req.body.email) )
return res.status(400) return res.status(400)
.message('Invalid field: email') .message(`${req.T('api:improper_field')} email`)
.api() .api()
for ( const field of unique_fields ) { for ( const field of unique_fields ) {
@ -64,7 +64,7 @@ class AuthController extends Controller {
const match_user = await User.findOne(params) const match_user = await User.findOne(params)
if ( match_user ) if ( match_user )
return res.status(400) return res.status(400)
.message(`A user already exists with that ${field}.`) .message(`${req.T('auth:user_exists_with_field')} ${field}`)
.api() .api()
} }
@ -91,12 +91,12 @@ class AuthController extends Controller {
|| req.user.mfa_token.recovery_codes.length < 1 || req.user.mfa_token.recovery_codes.length < 1
) )
return res.status(400) return res.status(400)
.message('Your user is not configured to use MFA, or has no recovery codes.') .message(req.T('auth:no_mfa_or_recovery'))
.api() .api()
if ( !req.body.code ) if ( !req.body.code )
return res.status(400) return res.status(400)
.message('Missing required field: code') .message(`${req.T('api:missing_field')} code`)
.api() .api()
const success = await req.user.mfa_token.attempt_recovery(req.body.code) const success = await req.user.mfa_token.attempt_recovery(req.body.code)
@ -176,7 +176,7 @@ class AuthController extends Controller {
if ( !group || !group.active ) if ( !group || !group.active )
return res.status(404) return res.status(404)
.message('Group not found with that ID.') .message(req.T('api:group_not_found'))
.api() .api()
if ( !req.user.can(`auth:group:${group.id}:view`) ) if ( !req.user.can(`auth:group:${group.id}:view`) )
@ -196,12 +196,12 @@ class AuthController extends Controller {
if ( !user ) if ( !user )
return res.status(404) return res.status(404)
.message('User not found with that ID.') .message(req.T('api:user_not_found'))
.api() .api()
if ( !req.user.can(`auth:user:${user.id}:view`) ) if ( !req.user.can(`auth:user:${user.id}:view`) )
return res.status(401) return res.status(401)
.message('Insufficient permissions.') .message(req.T('api:insufficient_permissions'))
.api() .api()
return res.api(await user.to_api()) return res.api(await user.to_api())
@ -210,12 +210,12 @@ class AuthController extends Controller {
async create_group(req, res, next) { async create_group(req, res, next) {
if ( !req.user.can(`auth:group:create`) ) if ( !req.user.can(`auth:group:create`) )
return res.status(401) return res.status(401)
.message('Insufficient permissions.') .message(req.T('api:insufficient_permissions'))
.api() .api()
if ( !req.body.name ) if ( !req.body.name )
return res.status(400) return res.status(400)
.message('Missing required field: name') .message(`${req.T('api:missing_field')} name`)
.api() .api()
const Group = this.models.get('auth:Group') const Group = this.models.get('auth:Group')
@ -224,7 +224,7 @@ class AuthController extends Controller {
const existing_group = await Group.findOne({ name: req.body.name }) const existing_group = await Group.findOne({ name: req.body.name })
if ( existing_group ) if ( existing_group )
return res.status(400) return res.status(400)
.message('A group with that name already exists.') .message(req.T('api:group_already_exists'))
.api() .api()
const group = new Group({ name: req.body.name }) const group = new Group({ name: req.body.name })
@ -238,7 +238,7 @@ class AuthController extends Controller {
const user = await User.findById(user_id) const user = await User.findById(user_id)
if ( !user ) if ( !user )
return res.status(400) return res.status(400)
.message('Invalid user_id.') .message(`${req.T('common:invalid')} user_id.`)
.api() .api()
} }
@ -252,14 +252,14 @@ class AuthController extends Controller {
async create_user(req, res, next) { async create_user(req, res, next) {
if ( !req.user.can('auth:user:create') ) if ( !req.user.can('auth:user:create') )
return res.status(401) return res.status(401)
.message('Insufficient permissions.') .message(req.T('api:insufficient_permissions'))
.api() .api()
const required_fields = ['uid', 'first_name', 'last_name', 'email', 'password'] const required_fields = ['uid', 'first_name', 'last_name', 'email', 'password']
for ( const field of required_fields ) { for ( const field of required_fields ) {
if ( !req.body[field] ) if ( !req.body[field] )
return res.status(400) return res.status(400)
.message(`Missing required field: ${field}`) .message(`${req.T('api:missing_field')} ${field}`)
.api() .api()
} }
@ -272,7 +272,7 @@ class AuthController extends Controller {
const existing_user = await User.findOne(filter) const existing_user = await User.findOne(filter)
if ( existing_user ) if ( existing_user )
return res.status(400) return res.status(400)
.message(`A user already exists with that ${field}`) .message(`${req.T('auth:user_exists_with_field')} ${field}`)
.api() .api()
} }
@ -281,7 +281,7 @@ class AuthController extends Controller {
const result = zxcvbn(req.body.password) const result = zxcvbn(req.body.password)
if ( result.score < min_score ) if ( result.score < min_score )
return res.status(400) return res.status(400)
.message(`Password does not meet the minimum complexity score of ${min_score}.`) .message(req.T('auth:password_complexity_fail').replace('MIN_SCORE', min_score))
.api() .api()
const user = new User({ const user = new User({
@ -297,7 +297,7 @@ class AuthController extends Controller {
if ( req.body.trap ) { if ( req.body.trap ) {
if ( !req.trap.trap_exists(req.body.trap) ) if ( !req.trap.trap_exists(req.body.trap) )
return res.status(400) return res.status(400)
.message('Invalid trap type.') .message(req.T('auth:invalid_trap'))
.api() .api()
user.trap = req.body.trap user.trap = req.body.trap
@ -315,24 +315,24 @@ class AuthController extends Controller {
const group = await Group.findById(req.params.id) const group = await Group.findById(req.params.id)
if ( !group ) if ( !group )
return res.status(404) return res.status(404)
.message('Group not found with that ID.') .message(req.T('api:group_not_found'))
.api() .api()
if ( !req.user.can(`auth:group:${group.id}:update`) ) if ( !req.user.can(`auth:group:${group.id}:update`) )
return res.status(401) return res.status(401)
.message('Insufficient permissions.') .message(req.T('api:insufficient_permissions'))
.api() .api()
if ( !req.body.name ) if ( !req.body.name )
return res.status(400) return res.status(400)
.message('Missing required field: name') .message(`${req.T('api:missing_field')} name`)
.api() .api()
// Make sure the group name is unique // Make sure the group name is unique
const existing_group = await Group.findOne({ name: req.body.name }) const existing_group = await Group.findOne({ name: req.body.name })
if ( existing_group && existing_group.id !== group.id ) if ( existing_group && existing_group.id !== group.id )
return res.status(400) return res.status(400)
.message('A group with that name already exists.') .message(req.T('api:group_already_exists'))
.api() .api()
// Validate user_ids // Validate user_ids
@ -343,7 +343,7 @@ class AuthController extends Controller {
const user = await User.findById(user_id) const user = await User.findById(user_id)
if ( !user ) if ( !user )
return res.status(400) return res.status(400)
.message('Invalid user_id.') .message(`${req.T('common:invalid')} user_id.`)
.api() .api()
} }
@ -363,19 +363,19 @@ class AuthController extends Controller {
if ( !user ) if ( !user )
return res.status(404) return res.status(404)
.message('User not found with that ID.') .message(req.T('api:user_not_found'))
.api() .api()
if ( !req.user.can(`auth:user:${user.id}:update`) ) if ( !req.user.can(`auth:user:${user.id}:update`) )
return res.status(401) return res.status(401)
.message('Insufficient permissions.') .message(req.T('api:insufficient_permissions'))
.api() .api()
const required_fields = ['uid', 'first_name', 'last_name', 'email'] const required_fields = ['uid', 'first_name', 'last_name', 'email']
for ( const field of required_fields ) { for ( const field of required_fields ) {
if ( !req.body[field] ) if ( !req.body[field] )
return res.status(400) return res.status(400)
.message(`Missing required field: ${field}`) .message(`${req.T('api:missing_field')} ${field}`)
.api() .api()
} }
@ -387,7 +387,7 @@ class AuthController extends Controller {
const existing_user = await User.findOne(filter) const existing_user = await User.findOne(filter)
if ( existing_user && existing_user.id !== user.id ) if ( existing_user && existing_user.id !== user.id )
return res.status(400) return res.status(400)
.message(`A user already exists with that ${field}`) .message(`${req.T('auth:user_exists_with_field')} ${field}`)
.api() .api()
} }
@ -397,7 +397,7 @@ class AuthController extends Controller {
const result = zxcvbn(req.body.password) const result = zxcvbn(req.body.password)
if (result.score < min_score) if (result.score < min_score)
return res.status(400) return res.status(400)
.message(`Password does not meet the minimum complexity score of ${min_score}.`) .message(req.T('auth:password_complexity_fail').replace('MIN_SCORE', min_score))
.api() .api()
await user.reset_password(req.body.password, 'api') await user.reset_password(req.body.password, 'api')
@ -416,7 +416,7 @@ class AuthController extends Controller {
if ( req.body.trap ) { if ( req.body.trap ) {
if ( !req.trap.trap_exists(req.body.trap) ) if ( !req.trap.trap_exists(req.body.trap) )
return res.status(400) return res.status(400)
.message('Invalid trap type.') .message(req.T('auth:invalid_trap'))
.api() .api()
user.trap = req.body.trap user.trap = req.body.trap
@ -433,12 +433,12 @@ class AuthController extends Controller {
if ( !group ) if ( !group )
return res.status(404) return res.status(404)
.message('Group not found with that ID.') .message(req.T('api:group_not_found'))
.api() .api()
if ( !req.user.can(`auth:group:${group.id}:delete`) ) if ( !req.user.can(`auth:group:${group.id}:delete`) )
return res.status(401) return res.status(401)
.message('Insufficient permissions.') .message(req.T('api:insufficient_permissions'))
.api() .api()
group.active = false group.active = false
@ -452,12 +452,12 @@ class AuthController extends Controller {
if ( !user ) if ( !user )
return res.status(404) return res.status(404)
.message('User not found with that ID.') .message(req.T('api:user_not_found'))
.api() .api()
if ( !req.user.can(`auth:user:${user.id}:delete`) ) if ( !req.user.can(`auth:user:${user.id}:delete`) )
return res.status(401) return res.status(401)
.message('Insufficient permissions.') .message(req.T('api:insufficient_permissions'))
.api() .api()
// check if the user is an LDAP client. if so, delete the client // check if the user is an LDAP client. if so, delete the client
@ -493,7 +493,7 @@ class AuthController extends Controller {
if ( !req.body.username && !req.body.email ) if ( !req.body.username && !req.body.email )
return res.status(400) return res.status(400)
.message('Please provide one of: username, email') .message(`${req.T('api:provide_one')} username, email`)
.api() .api()
const data = {} const data = {}
@ -529,7 +529,7 @@ class AuthController extends Controller {
const errors = await flitter.validate_login(req.body) const errors = await flitter.validate_login(req.body)
if ( errors && errors.length > 0 ) if ( errors && errors.length > 0 )
return res.status(400) return res.status(400)
.message(`Unable to complete authentication: one or more errors occurred`) .message(req.T('auth:unable_to_complete'))
.api({ errors }) .api({ errors })
const login_args = await flitter.get_login_args(req.body) const login_args = await flitter.get_login_args(req.body)
@ -537,9 +537,9 @@ class AuthController extends Controller {
if ( !user ) if ( !user )
return res.status(200) return res.status(200)
.message(`Invalid username or password.`) .message(req.T('auth:invalid_un_or_pw'))
.api({ .api({
message: `Invalid username or password.`, message: req.T('auth:invalid_un_or_pw'),
success: false, success: false,
}) })
@ -549,9 +549,9 @@ class AuthController extends Controller {
const client = await Client.findOne({ user_id: user.id }) const client = await Client.findOne({ user_id: user.id })
if ( client ) if ( client )
return res.status(200) return res.status(200)
.message(`Invalid username or password.`) .message(req.T('auth:invalid_un_or_pw'))
.api({ .api({
message: `Invalid username or password.`, message: req.T('auth:invalid_un_or_pw'),
success: false, success: false,
}) })
@ -585,7 +585,7 @@ class AuthController extends Controller {
} }
} else { } else {
return res.status(401) return res.status(401)
.message(`Unable to grant trust. Grant token is invalid.`) .message(req.T('auth:unable_to_grant_trust'))
.api() .api()
} }
} }
@ -600,7 +600,7 @@ class AuthController extends Controller {
async get_mfa_recovery(req, res, next) { async get_mfa_recovery(req, res, next) {
if ( !req.user.mfa_enabled ) if ( !req.user.mfa_enabled )
return res.status(400) return res.status(400)
.message('Your user does not have MFA enabled.') .message(req.T('auth:no_mfa'))
.api() .api()
const token = req.user.mfa_token const token = req.user.mfa_token
@ -617,7 +617,7 @@ class AuthController extends Controller {
async generate_mfa_recovery(req, res, next) { async generate_mfa_recovery(req, res, next) {
if ( !req.user.mfa_enabled ) if ( !req.user.mfa_enabled )
return res.status(400) return res.status(400)
.message('Your user does not have MFA enabled.') .message(req.T('auth:no_mfa'))
.api() .api()
const token = req.user.mfa_token const token = req.user.mfa_token
@ -631,7 +631,7 @@ class AuthController extends Controller {
async generate_mfa_key(req, res, next) { async generate_mfa_key(req, res, next) {
if ( req.user.mfa_enabled ) if ( req.user.mfa_enabled )
return res.status(400) return res.status(400)
.message(`MFA already configured for user. Cannot fetch key.`) .message(req.T('auth:already_has_mfa'))
.api() .api()
const MFAToken = this.models.get('auth:MFAToken') const MFAToken = this.models.get('auth:MFAToken')
@ -654,7 +654,7 @@ class AuthController extends Controller {
async attempt_mfa(req, res, next) { async attempt_mfa(req, res, next) {
if ( !req.user.mfa_token ) if ( !req.user.mfa_token )
return res.status(400) return res.status(400)
.message(`The user does not have MFA configured.`) .message(req.T('auth:no_mfa'))
.api() .api()
const code = req.body.verify_code const code = req.body.verify_code
@ -682,7 +682,7 @@ class AuthController extends Controller {
async enable_mfa(req, res, next) { async enable_mfa(req, res, next) {
if ( !req.user.mfa_token ) if ( !req.user.mfa_token )
return res.status(400) return res.status(400)
.message(`The user does not have an MFA token configured.`) .message(req.T('auth:no_mfa'))
.api() .api()
req.user.mfa_enabled = true req.user.mfa_enabled = true
@ -700,7 +700,7 @@ class AuthController extends Controller {
async disable_mfa(req, res, next) { async disable_mfa(req, res, next) {
if ( !req.user.mfa_enabled ) if ( !req.user.mfa_enabled )
return res.status(400) return res.status(400)
.message('The user does not have MFA enabled.') .message(req.T('auth:no_mfa'))
.api() .api()
req.user.mfa_enabled = false req.user.mfa_enabled = false

52
app/controllers/api/v1/IAM.controller.js
View File

@ -10,7 +10,7 @@ class IAMController extends Controller {
if ( !req.body.entity_id && !req.body.target_id ) if ( !req.body.entity_id && !req.body.target_id )
return res.status(400) return res.status(400)
.message('Missing one or more required fields: entity_id, target_id') .message(`${req.T('api:missing_field', true)} entity_id, target_id`)
.api() .api()
return res.api(await Policy.check_entity_access(req.body.entity_id, req.body.target_id)) return res.api(await Policy.check_entity_access(req.body.entity_id, req.body.target_id))
@ -22,7 +22,7 @@ class IAMController extends Controller {
if ( !req.body.target_id ) if ( !req.body.target_id )
return res.status(400) return res.status(400)
.message('Missing required field: target_id') .message(`${req.T('api:missing_field')} target_id`)
.api() .api()
let user = req.user let user = req.user
@ -31,12 +31,12 @@ class IAMController extends Controller {
if ( !user ) if ( !user )
return res.status(404) return res.status(404)
.message('User not found with that ID.') .message(req.T('api:user_not_found'))
.api() .api()
if ( !req.user.can(`auth:user:${user.id}:view`) ) if ( !req.user.can(`auth:user:${user.id}:view`) )
return res.status(401) return res.status(401)
.message('Insufficient permissions.') .message(req.T('api:insufficient_permissions'))
.api() .api()
return res.api(await Policy.check_user_access(user, req.body.target_id)) return res.api(await Policy.check_user_access(user, req.body.target_id))
@ -62,12 +62,12 @@ class IAMController extends Controller {
if ( !policy ) if ( !policy )
return res.status(404) return res.status(404)
.message('Policy not found with that ID.') .message(req.T('iam:policy_not_found'))
.api() .api()
if ( !req.user.can(`iam:policy:${policy.id}:view`) ) if ( !req.user.can(`iam:policy:${policy.id}:view`) )
return res.status(401) return res.status(401)
.message('Insufficient permissions.') .message(req.T('api:insufficient_permissions'))
.api() .api()
return res.api(await policy.to_api()) return res.api(await policy.to_api())
@ -80,13 +80,13 @@ class IAMController extends Controller {
for ( const field of required_fields ) { for ( const field of required_fields ) {
if ( !req.body[field] ) if ( !req.body[field] )
return res.status(400) return res.status(400)
.message(`Missing required field: ${field}`) .message(`${req.T('api:missing_field')} ${field}`)
.api() .api()
} }
if ( !['user', 'group'].includes(req.body.entity_type) ) if ( !['user', 'group'].includes(req.body.entity_type) )
return res.status(400) return res.status(400)
.message('Invalid entity_type. Must be one of: user, group.') .message(`${req.T('iam:invalid_entity')} user, group`)
.api() .api()
// Make sure the entity_id is valid // Make sure the entity_id is valid
@ -95,25 +95,25 @@ class IAMController extends Controller {
const user = await User.findById(req.body.entity_id) const user = await User.findById(req.body.entity_id)
if ( !user || !req.user.can(`auth:user:${user.id}:view`) ) if ( !user || !req.user.can(`auth:user:${user.id}:view`) )
return res.status(400) return res.status(400)
.message('Invalid entity_id.') .message(`${req.T('common:invalid')} entity_id.`)
.api() .api()
} else if ( req.body.entity_type === 'group' ) { } else if ( req.body.entity_type === 'group' ) {
const Group = this.models.get('auth:Group') const Group = this.models.get('auth:Group')
const group = await Group.findById(req.body.entity_id) const group = await Group.findById(req.body.entity_id)
if ( !group || !group.active || !req.user.can(`auth:group:${group.id}:view`) ) if ( !group || !group.active || !req.user.can(`auth:group:${group.id}:view`) )
return res.status(400) return res.status(400)
.message('Invalid entity_id.') .message(`${req.T('common:invalid')} entity_id.`)
.api() .api()
} }
if ( !['allow', 'deny'].includes(req.body.access_type) ) if ( !['allow', 'deny'].includes(req.body.access_type) )
return res.status(400) return res.status(400)
.message('Invalid access_type. Must be one of: allow, deny.') .message(`${req.T('common:invalid')} access_type. ${req.T('api:must_one')} allow, deny.`)
.api() .api()
if ( !['application', 'api_scope'].includes(req.body.target_type) ) if ( !['application', 'api_scope'].includes(req.body.target_type) )
return res.status(400) return res.status(400)
.message('Invalid target_type. Must be one of: application.') .message(`${req.T('common:invalid')} target_type. ${req.T('api:must_one')} application, api_scope.`)
.api() .api()
// Make sure the target_id is valid // Make sure the target_id is valid
@ -122,13 +122,13 @@ class IAMController extends Controller {
const app = await Application.findById(req.body.target_id) const app = await Application.findById(req.body.target_id)
if ( !app || !app.active || !req.user.can(`app:${app.id}:view`) ) if ( !app || !app.active || !req.user.can(`app:${app.id}:view`) )
return res.status(400) return res.status(400)
.message('Invalid target_id.') .message(`${req.T('common:invalid')} target_id.`)
.api() .api()
} else if ( req.body.target_type === 'api_scope' ) { } else if ( req.body.target_type === 'api_scope' ) {
const api_scopes = this.canon.get('controller::api:v1:Reflect.api_scopes')() const api_scopes = this.canon.get('controller::api:v1:Reflect.api_scopes')()
if ( !api_scopes.includes(req.body.target_id) ) if ( !api_scopes.includes(req.body.target_id) )
return res.status(400) return res.status(400)
.message('Invalid target_id.') .message(`${req.T('common:invalid')} target_id.`)
.api() .api()
} }
@ -152,25 +152,25 @@ class IAMController extends Controller {
if ( !policy || !policy.active ) if ( !policy || !policy.active )
return res.status(404) return res.status(404)
.message('Policy not found with that ID.') .message(req.T('iam:policy_not_found'))
.api() .api()
if ( !req.user.can(`iam:policy:${policy.id}:update`) ) if ( !req.user.can(`iam:policy:${policy.id}:update`) )
return res.status(401) return res.status(401)
.message('Insufficient permissions.') .message(req.T('api:insufficient_permissions'))
.api() .api()
const required_fields = ['entity_type', 'entity_id', 'access_type', 'target_type', 'target_id'] const required_fields = ['entity_type', 'entity_id', 'access_type', 'target_type', 'target_id']
for ( const field of required_fields ) { for ( const field of required_fields ) {
if ( !req.body[field] ) if ( !req.body[field] )
return res.status(400) return res.status(400)
.message(`Missing required field: ${field}`) .message(`${req.T('api:missing_field')} ${field}`)
.api() .api()
} }
if ( !['user', 'group'].includes(req.body.entity_type) ) if ( !['user', 'group'].includes(req.body.entity_type) )
return res.status(400) return res.status(400)
.message('Invalid entity_type. Must be one of: user, group.') .message(`${req.T('common:invalid')} entity_type. ${req.T('api:must_one')} user, group.`)
.api() .api()
// Make sure the entity_id is valid // Make sure the entity_id is valid
@ -179,25 +179,25 @@ class IAMController extends Controller {
const user = await User.findById(req.body.entity_id) const user = await User.findById(req.body.entity_id)
if ( !user || !req.user.can(`auth:user:${user.id}:view`) ) if ( !user || !req.user.can(`auth:user:${user.id}:view`) )
return res.status(400) return res.status(400)
.message('Invalid entity_id.') .message(`${req.T('common:invalid')} entity_id.`)
.api() .api()
} else if ( req.body.entity_type === 'group' ) { } else if ( req.body.entity_type === 'group' ) {
const Group = this.models.get('auth:Group') const Group = this.models.get('auth:Group')
const group = await Group.findById(req.body.entity_id) const group = await Group.findById(req.body.entity_id)
if ( !group || !group.active || !req.user.can(`auth:group:${group.id}:view`) ) if ( !group || !group.active || !req.user.can(`auth:group:${group.id}:view`) )
return res.status(400) return res.status(400)
.message('Invalid entity_id.') .message(`${req.T('common:invalid')} entity_id.`)
.api() .api()
} }
if ( !['allow', 'deny'].includes(req.body.access_type) ) if ( !['allow', 'deny'].includes(req.body.access_type) )
return res.status(400) return res.status(400)
.message('Invalid access_type. Must be one of: allow, deny.') .message(`${req.T('common:invalid')} access_type. ${req.T('api:must_one')} allow, deny.`)
.api() .api()
if ( !['application', 'api_scope'].includes(req.body.target_type) ) if ( !['application', 'api_scope'].includes(req.body.target_type) )
return res.status(400) return res.status(400)
.message('Invalid target_type. Must be one of: application.') .message(`${req.T('common:invalid')} target_type. ${req.T('api:must_one')} application, api_scope.`)
.api() .api()
// Make sure the target_id is valid // Make sure the target_id is valid
@ -206,13 +206,13 @@ class IAMController extends Controller {
const app = await Application.findById(req.body.target_id) const app = await Application.findById(req.body.target_id)
if ( !app || !app.active || !req.user.can(`app:${app.id}:view`) ) if ( !app || !app.active || !req.user.can(`app:${app.id}:view`) )
return res.status(400) return res.status(400)
.message('Invalid target_id.') .message(`${req.T('common:invalid')} target_id.`)
.api() .api()
} else if ( req.body.target_type === 'api_scope' ) { } else if ( req.body.target_type === 'api_scope' ) {
const api_scopes = this.canon.get('controller::api:v1:Reflect.api_scopes')() const api_scopes = this.canon.get('controller::api:v1:Reflect.api_scopes')()
if ( !api_scopes.includes(req.body.target_id) ) if ( !api_scopes.includes(req.body.target_id) )
return res.status(400) return res.status(400)
.message('Invalid target_id.') .message(`${req.T('common:invalid')} target_id.`)
.api() .api()
} }
@ -231,12 +231,12 @@ class IAMController extends Controller {
if ( !policy || !policy.active ) if ( !policy || !policy.active )
return res.status(404) return res.status(404)
.message('Policy not found with that ID.') .message(req.T('iam:policy_not_found'))
.api() .api()
if ( !req.user.can(`iam:policy:${policy.id}:delete`) ) if ( !req.user.can(`iam:policy:${policy.id}:delete`) )
return res.status(401) return res.status(401)
.message('Insufficient permissions.') .message(req.T('api:insufficient_permissions'))
.api() .api()
policy.active = false policy.active = false

23
locale/en_US/api.locale.js Normal file
View File

@ -0,0 +1,23 @@
module.exports = exports = {
application_not_found: 'Application not found with that ID.',
application_already_exists: 'An Application with that identifier already exists.',
group_not_found: 'Group not found with that ID.',
group_already_exists: 'A group with that name already exists.',
user_not_found: 'User not found with that ID.',
invalid_ldap_client_id: 'Invalid ldap_client_id:',
invalid_oauth_client_id: 'Invalid oauth_client_id:',
invalid_saml_service_provider_id: 'Invalid saml_service_provider_id:',
insufficient_permissions: 'Insufficient permissions.',
missing_field: {
one: 'Missing required field:',
many: 'Missing one or more required fields:',
},
improper_field: 'Improperly formatted field:',
alphanum_underscores: '(alphanumeric/underscores)',
provide_one: 'Please provide one of:',
must_one: 'Must be one of:',
}

14
locale/en_US/auth.locale.js Normal file
View File

@ -0,0 +1,14 @@
module.exports = exports = {
none: '(None)',
user_exists_with_field: 'A user already exists with the field: ',
no_mfa_or_recovery: 'Your user is not configured to use MFA, or has no recovery codes.',
no_mfa: 'Your user is not configured to use MFA.',
already_has_mfa: 'MFA is already configured for your user.',
password_complexity_fail: 'Password does not meet the minimum complexity score of MIN_SCORE.',
invalid_trap: 'Invalid trap type.',
unable_to_grant_trust: 'Unable to grant trust. Grant token is invalid.',
invalid_un_or_pw: 'Invalid username or password.',
unable_to_complete: 'Unable to complete authentication: one or more errors occurred',
}

2
locale/en_US/common.locale.js
View File

@ -4,4 +4,6 @@ module.exports = exports = {
new_to_flitter: 'New to Flitter?', new_to_flitter: 'New to Flitter?',
start_here: 'Start Here.', start_here: 'Start Here.',
log_out: 'Log out', log_out: 'Log out',
invalid: 'Invalid',
} }

4
locale/en_US/iam.locale.js Normal file
View File

@ -0,0 +1,4 @@
module.exports = exports = {
policy_not_found: 'Policy not found with that ID.',
invalid_entity: 'Invalid entity_type. Must be one of:'
}