habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

providers: allow previewing mappings for other users (#8297)

Browse Source 
* rework access check to do better validation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* providers: allow previewing mappings for other users

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix ui

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Revert "rework access check to do better validation"

This reverts commit 81077a7e7b.

* prepare

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L
2024-01-29 13:58:51 +01:00
committed by GitHub
parent 09873558ae
commit 0c4dee8f9f
22 changed files with 309 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
authentik/core/migrations/0033_alter_user_options.py Normal file
View File

@ -0,0 +1,27 @@
# Generated by Django 5.0.1 on 2024-01-29 12:50
from django.db import migrations
class Migration(migrations.Migration):
dependencies = [
("authentik_core", "0032_group_roles"),
]
operations = [
migrations.AlterModelOptions(
name="user",
options={
"permissions": [
("reset_user_password", "Reset Password"),
("impersonate", "Can impersonate other users"),
("assign_user_permissions", "Can assign permissions to users"),
("unassign_user_permissions", "Can unassign permissions from users"),
("preview_user", "Can preview user data sent to providers"),
("view_user_applications", "View applications the user has access to"),
],
"verbose_name": "User",
"verbose_name_plural": "Users",
},
),
]

2
authentik/core/models.py
View File

@ -284,6 +284,8 @@ class User(SerializerModel, GuardianUserMixin, AbstractUser):
("impersonate", _("Can impersonate other users")), ("impersonate", _("Can impersonate other users")),
("assign_user_permissions", _("Can assign permissions to users")), ("assign_user_permissions", _("Can assign permissions to users")),
("unassign_user_permissions", _("Can unassign permissions from users")), ("unassign_user_permissions", _("Can unassign permissions from users")),
("preview_user", _("Can preview user data sent to providers")),
("view_user_applications", _("View applications the user has access to")),
] ]
authentik_signals_ignored_fields = [ authentik_signals_ignored_fields = [
# Logged by the events `password_set` # Logged by the events `password_set`

33
authentik/providers/oauth2/api/providers.py
View File

@ -1,8 +1,13 @@
"""OAuth2Provider API Views""" """OAuth2Provider API Views"""
from copy import copy
from django.urls import reverse from django.urls import reverse
from django.utils import timezone from django.utils import timezone
from drf_spectacular.utils import OpenApiResponse, extend_schema from drf_spectacular.types import OpenApiTypes
from drf_spectacular.utils import OpenApiParameter, OpenApiResponse, extend_schema
from guardian.shortcuts import get_objects_for_user
from rest_framework.decorators import action from rest_framework.decorators import action
from rest_framework.exceptions import ValidationError
from rest_framework.fields import CharField from rest_framework.fields import CharField
from rest_framework.generics import get_object_or_404 from rest_framework.generics import get_object_or_404
from rest_framework.request import Request from rest_framework.request import Request
@ -141,23 +146,45 @@ class OAuth2ProviderViewSet(UsedByMixin, ModelViewSet):
200: PropertyMappingPreviewSerializer(), 200: PropertyMappingPreviewSerializer(),
400: OpenApiResponse(description="Bad request"), 400: OpenApiResponse(description="Bad request"),
}, },
parameters=[
OpenApiParameter(
name="for_user",
location=OpenApiParameter.QUERY,
type=OpenApiTypes.INT,
)
],
) )
@action(detail=True, methods=["GET"]) @action(detail=True, methods=["GET"])
def preview_user(self, request: Request, pk: int) -> Response: def preview_user(self, request: Request, pk: int) -> Response:
"""Preview user data for provider""" """Preview user data for provider"""
provider: OAuth2Provider = self.get_object() provider: OAuth2Provider = self.get_object()
for_user = request.user
if "for_user" in request.query_params:
try:
for_user = (
get_objects_for_user(request.user, "authentik_core.preview_user")
.filter(pk=request.query_params.get("for_user"))
.first()
)
if not for_user:
raise ValidationError({"for_user": "User not found"})
except ValueError:
raise ValidationError({"for_user": "input must be numerical"})
scope_names = ScopeMapping.objects.filter(provider=provider).values_list( scope_names = ScopeMapping.objects.filter(provider=provider).values_list(
"scope_name", flat=True "scope_name", flat=True
) )
new_request = copy(request._request)
new_request.user = for_user
temp_token = IDToken.new( temp_token = IDToken.new(
provider, provider,
AccessToken( AccessToken(
user=request.user, user=for_user,
provider=provider, provider=provider,
_scope=" ".join(scope_names), _scope=" ".join(scope_names),
auth_time=timezone.now(), auth_time=timezone.now(),
), ),
request, new_request,
) )
serializer = PropertyMappingPreviewSerializer(instance={"preview": temp_token.to_dict()}) serializer = PropertyMappingPreviewSerializer(instance={"preview": temp_token.to_dict()})
return Response(serializer.data) return Response(serializer.data)

27
authentik/providers/saml/api/providers.py
View File

@ -1,4 +1,5 @@
"""SAMLProvider API Views""" """SAMLProvider API Views"""
from copy import copy
from xml.etree.ElementTree import ParseError # nosec from xml.etree.ElementTree import ParseError # nosec
from defusedxml.ElementTree import fromstring from defusedxml.ElementTree import fromstring
@ -9,6 +10,7 @@ from django.urls import reverse
from django.utils.translation import gettext_lazy as _ from django.utils.translation import gettext_lazy as _
from drf_spectacular.types import OpenApiTypes from drf_spectacular.types import OpenApiTypes
from drf_spectacular.utils import OpenApiParameter, OpenApiResponse, extend_schema from drf_spectacular.utils import OpenApiParameter, OpenApiResponse, extend_schema
from guardian.shortcuts import get_objects_for_user
from rest_framework.decorators import action from rest_framework.decorators import action
from rest_framework.fields import CharField, FileField, SerializerMethodField from rest_framework.fields import CharField, FileField, SerializerMethodField
from rest_framework.parsers import MultiPartParser from rest_framework.parsers import MultiPartParser
@ -277,12 +279,35 @@ class SAMLProviderViewSet(UsedByMixin, ModelViewSet):
200: PropertyMappingPreviewSerializer(), 200: PropertyMappingPreviewSerializer(),
400: OpenApiResponse(description="Bad request"), 400: OpenApiResponse(description="Bad request"),
}, },
parameters=[
OpenApiParameter(
name="for_user",
location=OpenApiParameter.QUERY,
type=OpenApiTypes.INT,
)
],
) )
@action(detail=True, methods=["GET"]) @action(detail=True, methods=["GET"])
def preview_user(self, request: Request, pk: int) -> Response: def preview_user(self, request: Request, pk: int) -> Response:
"""Preview user data for provider""" """Preview user data for provider"""
provider: SAMLProvider = self.get_object() provider: SAMLProvider = self.get_object()
processor = AssertionProcessor(provider, request._request, AuthNRequest()) for_user = request.user
if "for_user" in request.query_params:
try:
for_user = (
get_objects_for_user(request.user, "authentik_core.preview_user")
.filter(pk=request.query_params.get("for_user"))
.first()
)
if not for_user:
raise ValidationError({"for_user": "User not found"})
except ValueError:
raise ValidationError({"for_user": "input must be numerical"})
new_request = copy(request._request)
new_request.user = for_user
processor = AssertionProcessor(provider, new_request, AuthNRequest())
attributes = processor.get_attributes() attributes = processor.get_attributes()
name_id = processor.get_name_id() name_id = processor.get_name_id()
data = [] data = []

16
schema.yml
View File

@ -2931,14 +2931,8 @@ paths:
schema: schema:
$ref: '#/components/schemas/PolicyTestResult' $ref: '#/components/schemas/PolicyTestResult'
description: '' description: ''
'404':
description: for_user user not found
'400': '400':
content: description: Bad request
application/json:
schema:
$ref: '#/components/schemas/ValidationError'
description: ''
'403': '403':
content: content:
application/json: application/json:
@ -16042,6 +16036,10 @@ paths:
operationId: providers_oauth2_preview_user_retrieve operationId: providers_oauth2_preview_user_retrieve
description: Preview user data for provider description: Preview user data for provider
parameters: parameters:
- in: query
name: for_user
schema:
type: integer
- in: path - in: path
name: id name: id
schema: schema:
@ -17409,6 +17407,10 @@ paths:
operationId: providers_saml_preview_user_retrieve operationId: providers_saml_preview_user_retrieve
description: Preview user data for provider description: Preview user data for provider
parameters: parameters:
- in: query
name: for_user
schema:
type: integer
- in: path - in: path
name: id name: id
schema: schema:

68
web/src/admin/providers/oauth2/OAuth2ProviderViewPage.ts
View File

@ -1,5 +1,6 @@
import "@goauthentik/admin/providers/RelatedApplicationButton"; import "@goauthentik/admin/providers/RelatedApplicationButton";
import "@goauthentik/admin/providers/oauth2/OAuth2ProviderForm"; import "@goauthentik/admin/providers/oauth2/OAuth2ProviderForm";
import renderDescriptionList from "@goauthentik/app/components/DescriptionList";
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
import { EVENT_REFRESH } from "@goauthentik/common/constants"; import { EVENT_REFRESH } from "@goauthentik/common/constants";
import { convertToTitle } from "@goauthentik/common/utils"; import { convertToTitle } from "@goauthentik/common/utils";
@ -30,11 +31,14 @@ import PFGrid from "@patternfly/patternfly/layouts/Grid/grid.css";
import PFBase from "@patternfly/patternfly/patternfly-base.css"; import PFBase from "@patternfly/patternfly/patternfly-base.css";
import { import {
CoreApi,
CoreUsersListRequest,
OAuth2Provider, OAuth2Provider,
OAuth2ProviderSetupURLs, OAuth2ProviderSetupURLs,
PropertyMappingPreview, PropertyMappingPreview,
ProvidersApi, ProvidersApi,
RbacPermissionsAssignedByUsersListModelEnum, RbacPermissionsAssignedByUsersListModelEnum,
User,
} from "@goauthentik/api"; } from "@goauthentik/api";
@customElement("ak-provider-oauth2-view") @customElement("ak-provider-oauth2-view")
@ -59,6 +63,9 @@ export class OAuth2ProviderViewPage extends AKElement {
@state() @state()
preview?: PropertyMappingPreview; preview?: PropertyMappingPreview;
@state()
previewUser?: User;
static get styles(): CSSResult[] { static get styles(): CSSResult[] {
return [ return [
PFBase, PFBase,
@ -83,6 +90,15 @@ export class OAuth2ProviderViewPage extends AKElement {
}); });
} }
fetchPreview(): void {
new ProvidersApi(DEFAULT_CONFIG)
.providersOauth2PreviewUserRetrieve({
id: this.provider?.pk || 0,
forUser: this.previewUser?.pk,
})
.then((preview) => (this.preview = preview));
}
render(): TemplateResult { render(): TemplateResult {
if (!this.provider) { if (!this.provider) {
return html``; return html``;
@ -107,11 +123,7 @@ export class OAuth2ProviderViewPage extends AKElement {
slot="page-preview" slot="page-preview"
data-tab-title="${msg("Preview")}" data-tab-title="${msg("Preview")}"
@activate=${() => { @activate=${() => {
new ProvidersApi(DEFAULT_CONFIG) this.fetchPreview();
.providersOauth2PreviewUserRetrieve({
id: this.provider?.pk || 0,
})
.then((preview) => (this.preview = preview));
}} }}
> >
${this.renderTabPreview()} ${this.renderTabPreview()}
@ -354,8 +366,50 @@ export class OAuth2ProviderViewPage extends AKElement {
class="pf-c-page__main-section pf-m-no-padding-mobile pf-l-grid pf-m-gutter" class="pf-c-page__main-section pf-m-no-padding-mobile pf-l-grid pf-m-gutter"
> >
<div class="pf-c-card"> <div class="pf-c-card">
<div class="pf-c-card__title"> <div class="pf-c-card__title">${msg("JWT payload")}</div>
${msg("Example JWT payload (for currently authenticated user)")} <div class="pf-c-card__body">
${renderDescriptionList(
[
[
msg("Preview for user"),
html`
<ak-search-select
.fetchObjects=${async (query?: string): Promise<User[]> => {
const args: CoreUsersListRequest = {
ordering: "username",
};
if (query !== undefined) {
args.search = query;
}
const users = await new CoreApi(
DEFAULT_CONFIG,
).coreUsersList(args);
return users.results;
}}
.renderElement=${(user: User): string => {
return user.username;
}}
.renderDescription=${(user: User): TemplateResult => {
return html`${user.name}`;
}}
.value=${(user: User | undefined): number | undefined => {
return user?.pk;
}}
.selected=${(user: User): boolean => {
return user.pk === this.previewUser?.pk;
}}
?blankable=${true}
@ak-change=${(ev: CustomEvent) => {
this.previewUser = ev.detail.value;
this.fetchPreview();
}}
>
</ak-search-select>
`,
],
],
{ horizontal: true },
)}
</div> </div>
<div class="pf-c-card__body"> <div class="pf-c-card__body">
${this.preview ${this.preview

73
web/src/admin/providers/saml/SAMLProviderViewPage.ts
View File

@ -1,5 +1,6 @@
import "@goauthentik/admin/providers/RelatedApplicationButton"; import "@goauthentik/admin/providers/RelatedApplicationButton";
import "@goauthentik/admin/providers/saml/SAMLProviderForm"; import "@goauthentik/admin/providers/saml/SAMLProviderForm";
import renderDescriptionList from "@goauthentik/app/components/DescriptionList";
import "@goauthentik/app/elements/rbac/ObjectPermissionsPage"; import "@goauthentik/app/elements/rbac/ObjectPermissionsPage";
import { DEFAULT_CONFIG } from "@goauthentik/common/api/config"; import { DEFAULT_CONFIG } from "@goauthentik/common/api/config";
import { EVENT_REFRESH } from "@goauthentik/common/constants"; import { EVENT_REFRESH } from "@goauthentik/common/constants";
@ -34,11 +35,14 @@ import PFBase from "@patternfly/patternfly/patternfly-base.css";
import { import {
CertificateKeyPair, CertificateKeyPair,
CoreApi,
CoreUsersListRequest,
CryptoApi, CryptoApi,
ProvidersApi, ProvidersApi,
RbacPermissionsAssignedByUsersListModelEnum, RbacPermissionsAssignedByUsersListModelEnum,
SAMLMetadata, SAMLMetadata,
SAMLProvider, SAMLProvider,
User,
} from "@goauthentik/api"; } from "@goauthentik/api";
interface SAMLPreviewAttribute { interface SAMLPreviewAttribute {
@ -96,6 +100,9 @@ export class SAMLProviderViewPage extends AKElement {
@state() @state()
verifier?: CertificateKeyPair; verifier?: CertificateKeyPair;
@state()
previewUser?: User;
static get styles(): CSSResult[] { static get styles(): CSSResult[] {
return [ return [
PFBase, PFBase,
@ -120,6 +127,17 @@ export class SAMLProviderViewPage extends AKElement {
}); });
} }
fetchPreview(): void {
new ProvidersApi(DEFAULT_CONFIG)
.providersSamlPreviewUserRetrieve({
id: this.provider?.pk || 0,
forUser: this.previewUser?.pk,
})
.then((preview) => {
this.preview = preview.preview as SAMLPreviewAttribute;
});
}
renderRelatedObjects(): TemplateResult { renderRelatedObjects(): TemplateResult {
const relatedObjects = []; const relatedObjects = [];
if (this.provider?.assignedApplicationName) { if (this.provider?.assignedApplicationName) {
@ -203,13 +221,7 @@ export class SAMLProviderViewPage extends AKElement {
slot="page-preview" slot="page-preview"
data-tab-title="${msg("Preview")}" data-tab-title="${msg("Preview")}"
@activate=${() => { @activate=${() => {
new ProvidersApi(DEFAULT_CONFIG) this.fetchPreview();
.providersSamlPreviewUserRetrieve({
id: this.provider?.pk || 0,
})
.then((preview) => {
this.preview = preview.preview as SAMLPreviewAttribute;
});
}} }}
> >
${this.renderTabPreview()} ${this.renderTabPreview()}
@ -494,6 +506,47 @@ export class SAMLProviderViewPage extends AKElement {
> >
<div class="pf-c-card"> <div class="pf-c-card">
<div class="pf-c-card__title">${msg("Example SAML attributes")}</div> <div class="pf-c-card__title">${msg("Example SAML attributes")}</div>
<div class="pf-c-card__body">
${renderDescriptionList([
[
"Preview for user",
html`
<ak-search-select
.fetchObjects=${async (query?: string): Promise<User[]> => {
const args: CoreUsersListRequest = {
ordering: "username",
};
if (query !== undefined) {
args.search = query;
}
const users = await new CoreApi(
DEFAULT_CONFIG,
).coreUsersList(args);
return users.results;
}}
.renderElement=${(user: User): string => {
return user.username;
}}
.renderDescription=${(user: User): TemplateResult => {
return html`${user.name}`;
}}
.value=${(user: User | undefined): number | undefined => {
return user?.pk;
}}
.selected=${(user: User): boolean => {
return user.pk === this.previewUser?.pk;
}}
?blankable=${true}
@ak-change=${(ev: CustomEvent) => {
this.previewUser = ev.detail.value;
this.fetchPreview();
}}
>
</ak-search-select>
`,
],
])}
</div>
<div class="pf-c-card__body"> <div class="pf-c-card__body">
<dl class="pf-c-description-list pf-m-2-col-on-lg"> <dl class="pf-c-description-list pf-m-2-col-on-lg">
<div class="pf-c-description-list__group"> <div class="pf-c-description-list__group">
@ -519,11 +572,7 @@ export class SAMLProviderViewPage extends AKElement {
</dt> </dt>
<dd class="pf-c-description-list__description"> <dd class="pf-c-description-list__description">
<div class="pf-c-description-list__text"> <div class="pf-c-description-list__text">
<ul class="pf-c-list"> <ul class="pf-c-list"></ul>
${attr.Value.map((value) => {
return html` <li><pre>${value}</pre></li> `;
})}
</ul>
</div> </div>
</dd> </dd>
</div>`; </div>`;

18
web/src/components/DescriptionList.ts
View File

@ -1,3 +1,5 @@
import { first } from "@goauthentik/app/common/utils";
import { TemplateResult, html, nothing } from "lit"; import { TemplateResult, html, nothing } from "lit";
import { classMap } from "lit/directives/class-map.js"; import { classMap } from "lit/directives/class-map.js";
import { map } from "lit/directives/map.js"; import { map } from "lit/directives/map.js";
@ -7,10 +9,10 @@ export type DescriptionPair = [string, DescriptionDesc];
export type DescriptionRecord = { term: string; desc: DescriptionDesc }; export type DescriptionRecord = { term: string; desc: DescriptionDesc };
interface DescriptionConfig { interface DescriptionConfig {
horizontal: boolean; horizontal?: boolean;
compact: boolean; compact?: boolean;
twocolumn: boolean; twocolumn?: boolean;
threecolumn: boolean; threecolumn?: boolean;
} }
const isDescriptionRecordCollection = (v: Array<unknown>): v is DescriptionRecord[] => const isDescriptionRecordCollection = (v: Array<unknown>): v is DescriptionRecord[] =>
@ -78,10 +80,10 @@ export function renderDescriptionList(
) { ) {
const checkedTerms = alignTermType(terms); const checkedTerms = alignTermType(terms);
const classes = classMap({ const classes = classMap({
"pf-m-horizontal": config.horizontal, "pf-m-horizontal": first(config.horizontal, false),
"pf-m-compact": config.compact, "pf-m-compact": first(config.compact, false),
"pf-m-2-col-on-lg": config.twocolumn, "pf-m-2-col-on-lg": first(config.twocolumn, false),
"pf-m-3-col-on-lg": config.threecolumn, "pf-m-3-col-on-lg": first(config.threecolumn, false),
}); });
return html` return html`

1
web/src/elements/charts/Chart.ts
View File

@ -168,6 +168,7 @@ export abstract class AKChart<T> extends AKElement {
getOptions(): ChartOptions { getOptions(): ChartOptions {
return { return {
maintainAspectRatio: false, maintainAspectRatio: false,
responsive: true,
scales: { scales: {
x: { x: {
type: "time", type: "time",

9
web/xliff/de.xlf
View File

@ -1544,9 +1544,6 @@
<source>JWKS URL</source> <source>JWKS URL</source>
<target>JWKS URL</target> <target>JWKS URL</target>
</trans-unit> </trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
</trans-unit>
<trans-unit id="sc6e8a34361c7c272"> <trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source> <source>Forward auth (domain-level)</source>
<target>Authentifizierung weiterleiten (Domänenebene)</target> <target>Authentifizierung weiterleiten (Domänenebene)</target>
@ -6387,6 +6384,12 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit> </trans-unit>
<trans-unit id="s17032e57ba222d2f"> <trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source> <source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit> </trans-unit>
</body> </body>
</file> </file>

10
web/xliff/en.xlf
View File

@ -1617,10 +1617,6 @@
<source>JWKS URL</source> <source>JWKS URL</source>
<target>JWKS URL</target> <target>JWKS URL</target>
</trans-unit> </trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
<target>Example JWT payload (for currently authenticated user)</target>
</trans-unit>
<trans-unit id="sc6e8a34361c7c272"> <trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source> <source>Forward auth (domain-level)</source>
<target>Forward auth (domain-level)</target> <target>Forward auth (domain-level)</target>
@ -6658,6 +6654,12 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit> </trans-unit>
<trans-unit id="s17032e57ba222d2f"> <trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source> <source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit> </trans-unit>
</body> </body>
</file> </file>

9
web/xliff/es.xlf
View File

@ -1516,9 +1516,6 @@
<trans-unit id="s59f5eda30a904b75"> <trans-unit id="s59f5eda30a904b75">
<source>JWKS URL</source> <source>JWKS URL</source>
</trans-unit> </trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
</trans-unit>
<trans-unit id="sc6e8a34361c7c272"> <trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source> <source>Forward auth (domain-level)</source>
<target>Autenticación directa (nivel de dominio)</target> <target>Autenticación directa (nivel de dominio)</target>
@ -6303,6 +6300,12 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit> </trans-unit>
<trans-unit id="s17032e57ba222d2f"> <trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source> <source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit> </trans-unit>
</body> </body>
</file> </file>

11
web/xliff/fr.xlf
View File

@ -2014,11 +2014,6 @@
<source>JWKS URL</source> <source>JWKS URL</source>
<target>URL JWKS</target> <target>URL JWKS</target>
</trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
<target>Exemple de charge utile JWT (pour l'utilisateur actuellement authentifié)</target>
</trans-unit> </trans-unit>
<trans-unit id="sc6e8a34361c7c272"> <trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source> <source>Forward auth (domain-level)</source>
@ -8383,6 +8378,12 @@ Les liaisons avec les groupes/utilisateurs sont vérifiées par rapport à l'uti
</trans-unit> </trans-unit>
<trans-unit id="s17032e57ba222d2f"> <trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source> <source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit> </trans-unit>
</body> </body>
</file> </file>

11
web/xliff/ko.xlf
View File

@ -2008,11 +2008,6 @@
<source>JWKS URL</source> <source>JWKS URL</source>
<target>JWKS URL</target> <target>JWKS URL</target>
</trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
<target>JWT 페이로드 예시(현재 인가된 사용자의 경우)</target>
</trans-unit> </trans-unit>
<trans-unit id="sc6e8a34361c7c272"> <trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source> <source>Forward auth (domain-level)</source>
@ -8253,6 +8248,12 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit> </trans-unit>
<trans-unit id="s17032e57ba222d2f"> <trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source> <source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit> </trans-unit>
</body> </body>
</file> </file>

11
web/xliff/nl.xlf
View File

@ -1996,11 +1996,6 @@
<source>JWKS URL</source> <source>JWKS URL</source>
<target>JWKS-URL</target> <target>JWKS-URL</target>
</trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
<target>Voorbeeld JWT-payload (voor momenteel geauthenticeerde gebruiker)</target>
</trans-unit> </trans-unit>
<trans-unit id="sc6e8a34361c7c272"> <trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source> <source>Forward auth (domain-level)</source>
@ -8096,6 +8091,12 @@ Bindingen naar groepen/gebruikers worden gecontroleerd tegen de gebruiker van de
</trans-unit> </trans-unit>
<trans-unit id="s17032e57ba222d2f"> <trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source> <source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit> </trans-unit>
</body> </body>
</file> </file>

10
web/xliff/pl.xlf
View File

@ -1561,10 +1561,6 @@
<source>JWKS URL</source> <source>JWKS URL</source>
<target>URL JWKS</target> <target>URL JWKS</target>
</trans-unit> </trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
<target>Przykładowy ładunek JWT (dla aktualnie uwierzytelnionego użytkownika)</target>
</trans-unit>
<trans-unit id="sc6e8a34361c7c272"> <trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source> <source>Forward auth (domain-level)</source>
<target>Forward auth (na poziomie domeny)</target> <target>Forward auth (na poziomie domeny)</target>
@ -6510,6 +6506,12 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit> </trans-unit>
<trans-unit id="s17032e57ba222d2f"> <trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source> <source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit> </trans-unit>
</body> </body>
</file> </file>

11
web/xliff/pseudo-LOCALE.xlf
View File

@ -1997,11 +1997,6 @@
<source>JWKS URL</source> <source>JWKS URL</source>
<target>ĵŴĶŚ ŨŔĹ</target> <target>ĵŴĶŚ ŨŔĹ</target>
</trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
<target>Ēxàmƥĺē ĵŴŢ ƥàŷĺōàď (ƒōŕ ćũŕŕēńţĺŷ àũţĥēńţĩćàţēď ũśēŕ)</target>
</trans-unit> </trans-unit>
<trans-unit id="sc6e8a34361c7c272"> <trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source> <source>Forward auth (domain-level)</source>
@ -8230,4 +8225,10 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="s17032e57ba222d2f"> <trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source> <source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit> </trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit>
</body></file></xliff> </body></file></xliff>

9
web/xliff/tr.xlf
View File

@ -1515,9 +1515,6 @@
<trans-unit id="s59f5eda30a904b75"> <trans-unit id="s59f5eda30a904b75">
<source>JWKS URL</source> <source>JWKS URL</source>
</trans-unit> </trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
</trans-unit>
<trans-unit id="sc6e8a34361c7c272"> <trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source> <source>Forward auth (domain-level)</source>
<target>İleri kimlik doğrulama (alan düzeyi)</target> <target>İleri kimlik doğrulama (alan düzeyi)</target>
@ -6296,6 +6293,12 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit> </trans-unit>
<trans-unit id="s17032e57ba222d2f"> <trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source> <source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit> </trans-unit>
</body> </body>
</file> </file>

9
web/xliff/zh-CN.xlf
View File

@ -1483,9 +1483,6 @@
<trans-unit id="s59f5eda30a904b75"> <trans-unit id="s59f5eda30a904b75">
<source>JWKS URL</source> <source>JWKS URL</source>
</trans-unit> </trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
</trans-unit>
<trans-unit id="scb489a1a173ac3f0"> <trans-unit id="scb489a1a173ac3f0">
<source>Yes</source> <source>Yes</source>
</trans-unit> </trans-unit>
@ -5206,6 +5203,12 @@ Bindings to groups/users are checked against the user of the event.</source>
<trans-unit id="s17032e57ba222d2f"> <trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source> <source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit> </trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit>
</body> </body>
</file> </file>
</xliff> </xliff>

19
web/xliff/zh-Hans.xlf
View File

@ -2015,11 +2015,6 @@
<source>JWKS URL</source> <source>JWKS URL</source>
<target>JWKS URL</target> <target>JWKS URL</target>
</trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
<target>示例 JWT 载荷(当前经过身份验证的用户)</target>
</trans-unit> </trans-unit>
<trans-unit id="sc6e8a34361c7c272"> <trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source> <source>Forward auth (domain-level)</source>
@ -8366,10 +8361,6 @@ Bindings to groups/users are checked against the user of the event.</source>
<source>Selected Applications</source> <source>Selected Applications</source>
<target>已选应用</target> <target>已选应用</target>
</trans-unit> </trans-unit>
<trans-unit id="s862505f29064fc72">
<source>This option configures the footer links on the flow executor pages. It must be a valid YAML or JSON list and can be used as follows:</source>
<target>此选项配置流程执行器页面上的页脚链接。必须为有效的 YAML 或 JSON 列表,可以使用以下值:</target>
</trans-unit>
<trans-unit id="sb2275335377069aa"> <trans-unit id="sb2275335377069aa">
<source>This feature requires an enterprise license.</source> <source>This feature requires an enterprise license.</source>
</trans-unit> </trans-unit>
@ -8408,6 +8399,16 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit> </trans-unit>
<trans-unit id="s17032e57ba222d2f"> <trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source> <source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="s862505f29064fc72">
<source>This option configures the footer links on the flow executor pages. It must be a valid YAML or JSON list and can be used as follows:</source>
<target>此选项配置流程执行器页面上的页脚链接。必须为有效的 YAML 或 JSON 列表,可以使用以下值:</target>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit> </trans-unit>
</body> </body>
</file> </file>

9
web/xliff/zh-Hant.xlf
View File

@ -1529,9 +1529,6 @@
<trans-unit id="s59f5eda30a904b75"> <trans-unit id="s59f5eda30a904b75">
<source>JWKS URL</source> <source>JWKS URL</source>
</trans-unit> </trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
</trans-unit>
<trans-unit id="sc6e8a34361c7c272"> <trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source> <source>Forward auth (domain-level)</source>
<target>转发身份验证(域级)</target> <target>转发身份验证(域级)</target>
@ -6344,6 +6341,12 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit> </trans-unit>
<trans-unit id="s17032e57ba222d2f"> <trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source> <source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit> </trans-unit>
</body> </body>
</file> </file>

11
web/xliff/zh_TW.xlf
View File

@ -1998,11 +1998,6 @@
<source>JWKS URL</source> <source>JWKS URL</source>
<target>JWKS 網址</target> <target>JWKS 網址</target>
</trans-unit>
<trans-unit id="s453b0c150a7ca58e">
<source>Example JWT payload (for currently authenticated user)</source>
<target>範例 JWT 酬載(給目前已認證的使用者)</target>
</trans-unit> </trans-unit>
<trans-unit id="sc6e8a34361c7c272"> <trans-unit id="sc6e8a34361c7c272">
<source>Forward auth (domain-level)</source> <source>Forward auth (domain-level)</source>
@ -8214,6 +8209,12 @@ Bindings to groups/users are checked against the user of the event.</source>
</trans-unit> </trans-unit>
<trans-unit id="s17032e57ba222d2f"> <trans-unit id="s17032e57ba222d2f">
<source>Permissions assigned to this role which affect all object instances of a given type.</source> <source>Permissions assigned to this role which affect all object instances of a given type.</source>
</trans-unit>
<trans-unit id="sb9b51124d1b3dca0">
<source>JWT payload</source>
</trans-unit>
<trans-unit id="sbd065743a0c599e3">
<source>Preview for user</source>
</trans-unit> </trans-unit>
</body> </body>
</file> </file>