diff --git a/apps/authentication/backends/oidc/backends.py b/apps/authentication/backends/oidc/backends.py index 450de565c..8d4f2f629 100644 --- a/apps/authentication/backends/oidc/backends.py +++ b/apps/authentication/backends/oidc/backends.py @@ -103,9 +103,8 @@ class OIDCAuthCodeBackend(OIDCBaseBackend): # Prepares the token payload that will be used to request an authentication token to the # token endpoint of the OIDC provider. logger.debug(log_prompt.format('Prepares token payload')) - - """ The reason for need not client_id and client_secret in token_payload. - + """ + The reason for need not client_id and client_secret in token_payload. OIDC protocol indicate client's token_endpoint_auth_method only accept one type in - client_secret_basic - client_secret_post @@ -113,25 +112,35 @@ class OIDCAuthCodeBackend(OIDCBaseBackend): - private_key_jwt - none If the client offer more than one auth method type to OIDC, OIDC will auth client failed. - OIDC default use client_secret_basic, this type only need in headers add Authorization=Basic xxx. + OIDC default use client_secret_basic, + this type only need in headers add Authorization=Basic xxx. + More info see: https://github.com/jumpserver/jumpserver/issues/8165 - + More info see: https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication """ token_payload = { - # 'client_id': settings.AUTH_OPENID_CLIENT_ID, - # 'client_secret': settings.AUTH_OPENID_CLIENT_SECRET, 'grant_type': 'authorization_code', 'code': code, 'redirect_uri': build_absolute_uri( request, path=reverse(settings.AUTH_OPENID_AUTH_LOGIN_CALLBACK_URL_NAME) ) } - - # Prepares the token headers that will be used to request an authentication token to the - # token endpoint of the OIDC provider. - logger.debug(log_prompt.format('Prepares token headers')) - basic_token = "{}:{}".format(settings.AUTH_OPENID_CLIENT_ID, settings.AUTH_OPENID_CLIENT_SECRET) - headers = {"Authorization": "Basic {}".format(base64.b64encode(basic_token.encode()).decode())} + if settings.AUTH_OPENID_CLIENT_AUTH_METHOD == 'client_secret_post': + token_payload.update({ + 'client_id': settings.AUTH_OPENID_CLIENT_ID, + 'client_secret': settings.AUTH_OPENID_CLIENT_SECRET, + }) + headers = None + else: + # Prepares the token headers that will be used to request an authentication token to the + # token endpoint of the OIDC provider. + logger.debug(log_prompt.format('Prepares token headers')) + basic_token = "{}:{}".format( + settings.AUTH_OPENID_CLIENT_ID, settings.AUTH_OPENID_CLIENT_SECRET + ) + headers = { + "Authorization": "Basic {}".format(base64.b64encode(basic_token.encode()).decode()) + } # Calls the token endpoint. logger.debug(log_prompt.format('Call the token endpoint')) diff --git a/apps/jumpserver/conf.py b/apps/jumpserver/conf.py index fa4a211d4..18b998ab2 100644 --- a/apps/jumpserver/conf.py +++ b/apps/jumpserver/conf.py @@ -187,6 +187,8 @@ class Config(dict): 'BASE_SITE_URL': None, 'AUTH_OPENID_CLIENT_ID': 'client-id', 'AUTH_OPENID_CLIENT_SECRET': 'client-secret', + # https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication + 'AUTH_OPENID_CLIENT_AUTH_METHOD': 'client_secret_basic', 'AUTH_OPENID_SHARE_SESSION': True, 'AUTH_OPENID_IGNORE_SSL_VERIFICATION': True, diff --git a/apps/jumpserver/settings/auth.py b/apps/jumpserver/settings/auth.py index e07883d55..fb067078f 100644 --- a/apps/jumpserver/settings/auth.py +++ b/apps/jumpserver/settings/auth.py @@ -55,6 +55,7 @@ AUTH_OPENID = CONFIG.AUTH_OPENID BASE_SITE_URL = CONFIG.BASE_SITE_URL AUTH_OPENID_CLIENT_ID = CONFIG.AUTH_OPENID_CLIENT_ID AUTH_OPENID_CLIENT_SECRET = CONFIG.AUTH_OPENID_CLIENT_SECRET +AUTH_OPENID_CLIENT_AUTH_METHOD = CONFIG.AUTH_OPENID_CLIENT_AUTH_METHOD AUTH_OPENID_PROVIDER_ENDPOINT = CONFIG.AUTH_OPENID_PROVIDER_ENDPOINT AUTH_OPENID_PROVIDER_AUTHORIZATION_ENDPOINT = CONFIG.AUTH_OPENID_PROVIDER_AUTHORIZATION_ENDPOINT AUTH_OPENID_PROVIDER_TOKEN_ENDPOINT = CONFIG.AUTH_OPENID_PROVIDER_TOKEN_ENDPOINT diff --git a/apps/locale/ja/LC_MESSAGES/django.mo b/apps/locale/ja/LC_MESSAGES/django.mo index afbb57bf7..7feeaece9 100644 --- a/apps/locale/ja/LC_MESSAGES/django.mo +++ b/apps/locale/ja/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:8f5891533a7cdfa3938ef057364f22b1df73685d423f9fa55bc46cd17439e56e -size 125915 +oid sha256:e70a491494af861945bde8a0b03c9b6e78dde7016446236ead362362b76b09a8 +size 125713 diff --git a/apps/locale/ja/LC_MESSAGES/django.po b/apps/locale/ja/LC_MESSAGES/django.po index dfb2f3c56..a0b05f272 100644 --- a/apps/locale/ja/LC_MESSAGES/django.po +++ b/apps/locale/ja/LC_MESSAGES/django.po @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-04-20 16:35+0800\n" +"POT-Creation-Date: 2022-04-29 12:49+0800\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -88,7 +88,7 @@ msgstr "ログイン確認" #: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37 #: audits/models.py:60 audits/models.py:85 audits/serializers.py:100 #: authentication/models.py:51 orgs/models.py:214 perms/models/base.py:84 -#: rbac/builtin.py:110 rbac/models/rolebinding.py:40 +#: rbac/builtin.py:118 rbac/models/rolebinding.py:41 #: terminal/backends/command/models.py:20 #: terminal/backends/command/serializers.py:12 terminal/models/session.py:44 #: terminal/notifications.py:91 terminal/notifications.py:139 @@ -1360,7 +1360,7 @@ msgstr "監査" #: audits/models.py:27 audits/models.py:57 #: authentication/templates/authentication/_access_key_modal.html:65 -#: rbac/tree.py:168 +#: rbac/tree.py:228 msgid "Delete" msgstr "削除" @@ -1413,11 +1413,11 @@ msgstr "ファイル転送ログ" #: audits/models.py:55 #: authentication/templates/authentication/_access_key_modal.html:22 -#: rbac/tree.py:165 +#: rbac/tree.py:225 msgid "Create" msgstr "作成" -#: audits/models.py:56 rbac/tree.py:167 templates/_csv_import_export.html:18 +#: audits/models.py:56 rbac/tree.py:227 templates/_csv_import_export.html:18 #: templates/_csv_update_modal.html:6 msgid "Update" msgstr "更新" @@ -2181,7 +2181,7 @@ msgstr "コードエラー" #: authentication/templates/authentication/_msg_reset_password.html:3 #: authentication/templates/authentication/_msg_rest_password_success.html:2 #: authentication/templates/authentication/_msg_rest_public_key_success.html:2 -#: jumpserver/conf.py:299 ops/tasks.py:145 ops/tasks.py:148 +#: jumpserver/conf.py:301 ops/tasks.py:145 ops/tasks.py:148 #: perms/templates/perms/_msg_item_permissions_expire.html:3 #: perms/templates/perms/_msg_permed_items_expire.html:3 #: users/templates/users/_msg_account_expire_reminder.html:4 @@ -2642,11 +2642,11 @@ msgstr "特殊文字を含むべきではない" msgid "The mobile phone number format is incorrect" msgstr "携帯電話番号の形式が正しくありません" -#: jumpserver/conf.py:298 +#: jumpserver/conf.py:300 msgid "Create account successfully" msgstr "アカウントを正常に作成" -#: jumpserver/conf.py:300 +#: jumpserver/conf.py:302 msgid "Your account has been created successfully" msgstr "アカウントが正常に作成されました" @@ -2901,12 +2901,12 @@ msgstr "" msgid "The organization have resource ({}) cannot be deleted" msgstr "組織のリソース ({}) は削除できません" -#: orgs/apps.py:7 rbac/tree.py:114 +#: orgs/apps.py:7 rbac/tree.py:115 msgid "App organizations" msgstr "アプリ組織" #: orgs/mixins/models.py:46 orgs/mixins/serializers.py:25 orgs/models.py:80 -#: orgs/models.py:211 rbac/const.py:7 rbac/models/rolebinding.py:47 +#: orgs/models.py:211 rbac/const.py:7 rbac/models/rolebinding.py:48 #: rbac/serializers/rolebinding.py:40 settings/serializers/auth/ldap.py:59 #: tickets/serializers/ticket/ticket.py:77 msgid "Organization" @@ -2920,7 +2920,7 @@ msgstr "グローバル組織" msgid "Can view root org" msgstr "グローバル組織を表示できます" -#: orgs/models.py:216 rbac/models/role.py:46 rbac/models/rolebinding.py:43 +#: orgs/models.py:216 rbac/models/role.py:46 rbac/models/rolebinding.py:44 #: users/models/user.py:671 msgid "Role" msgstr "ロール" @@ -3133,27 +3133,27 @@ msgstr "{} 少なくとも1つのシステムロール" msgid "RBAC" msgstr "RBAC" -#: rbac/builtin.py:101 +#: rbac/builtin.py:109 msgid "SystemAdmin" msgstr "システム管理者" -#: rbac/builtin.py:104 +#: rbac/builtin.py:112 msgid "SystemAuditor" msgstr "システム監査人" -#: rbac/builtin.py:107 +#: rbac/builtin.py:115 msgid "SystemComponent" msgstr "システムコンポーネント" -#: rbac/builtin.py:113 +#: rbac/builtin.py:121 msgid "OrgAdmin" msgstr "組織管理者" -#: rbac/builtin.py:116 +#: rbac/builtin.py:124 msgid "OrgAuditor" msgstr "監査員を組織する" -#: rbac/builtin.py:119 +#: rbac/builtin.py:127 msgid "OrgUser" msgstr "組織ユーザー" @@ -3185,7 +3185,7 @@ msgstr "ファイルマネージャを表示できます" msgid "Permission" msgstr "権限" -#: rbac/models/role.py:31 rbac/models/rolebinding.py:37 +#: rbac/models/role.py:31 rbac/models/rolebinding.py:38 msgid "Scope" msgstr "スコープ" @@ -3205,22 +3205,22 @@ msgstr "システムの役割" msgid "Organization role" msgstr "組織の役割" -#: rbac/models/rolebinding.py:52 +#: rbac/models/rolebinding.py:53 msgid "Role binding" msgstr "ロールバインディング" -#: rbac/models/rolebinding.py:151 +#: rbac/models/rolebinding.py:159 msgid "" "User last role in org, can not be delete, you can remove user from org " "instead" msgstr "" "ユーザーの最後のロールは削除できません。ユーザーを組織から削除できます。" -#: rbac/models/rolebinding.py:158 +#: rbac/models/rolebinding.py:166 msgid "Organization role binding" msgstr "組織の役割バインディング" -#: rbac/models/rolebinding.py:173 +#: rbac/models/rolebinding.py:181 msgid "System role binding" msgstr "システムロールバインディング" @@ -3244,91 +3244,91 @@ msgstr "ロール表示" msgid "Has bound this role" msgstr "この役割をバインドしました" -#: rbac/tree.py:19 rbac/tree.py:20 +#: rbac/tree.py:20 rbac/tree.py:21 msgid "All permissions" msgstr "すべての権限" -#: rbac/tree.py:26 +#: rbac/tree.py:27 msgid "Console view" msgstr "コンソールビュー" -#: rbac/tree.py:27 +#: rbac/tree.py:28 msgid "Workbench view" msgstr "ワークスペースビュー" -#: rbac/tree.py:28 +#: rbac/tree.py:29 msgid "Audit view" msgstr "監査ビュー" -#: rbac/tree.py:29 settings/models.py:140 +#: rbac/tree.py:30 settings/models.py:140 msgid "System setting" msgstr "システム設定" -#: rbac/tree.py:30 +#: rbac/tree.py:31 msgid "Other" msgstr "その他" -#: rbac/tree.py:38 +#: rbac/tree.py:39 msgid "Accounts" msgstr "アカウント" -#: rbac/tree.py:42 +#: rbac/tree.py:43 msgid "Session audits" msgstr "セッション監査" -#: rbac/tree.py:52 +#: rbac/tree.py:53 msgid "Cloud import" msgstr "クラウドインポート" -#: rbac/tree.py:53 +#: rbac/tree.py:54 msgid "Backup account" msgstr "バックアップアカウント" -#: rbac/tree.py:54 +#: rbac/tree.py:55 msgid "Gather account" msgstr "アカウントを集める" -#: rbac/tree.py:55 +#: rbac/tree.py:56 msgid "App change auth" msgstr "応用改密" -#: rbac/tree.py:56 +#: rbac/tree.py:57 msgid "Asset change auth" msgstr "資産の改ざん" -#: rbac/tree.py:57 +#: rbac/tree.py:58 msgid "Terminal setting" msgstr "ターミナル設定" -#: rbac/tree.py:58 +#: rbac/tree.py:59 msgid "My assets" msgstr "私の資産" -#: rbac/tree.py:59 +#: rbac/tree.py:60 msgid "My apps" msgstr "マイアプリ" -#: rbac/tree.py:115 +#: rbac/tree.py:116 msgid "Ticket comment" msgstr "チケットコメント" -#: rbac/tree.py:116 tickets/models/ticket.py:163 +#: rbac/tree.py:117 tickets/models/ticket.py:163 msgid "Ticket" msgstr "チケット" -#: rbac/tree.py:117 +#: rbac/tree.py:118 msgid "Common setting" msgstr "共通設定" -#: rbac/tree.py:118 +#: rbac/tree.py:119 msgid "View permission tree" msgstr "権限ツリーの表示" -#: rbac/tree.py:119 +#: rbac/tree.py:120 msgid "Execute batch command" msgstr "バッチ実行コマンド" -#: rbac/tree.py:166 +#: rbac/tree.py:226 msgid "View" msgstr "表示" @@ -3454,7 +3454,7 @@ msgstr "ログインリダイレクトの有効化msg" msgid "Enable CAS Auth" msgstr "CAS 認証の有効化" -#: settings/serializers/auth/cas.py:11 settings/serializers/auth/oidc.py:32 +#: settings/serializers/auth/cas.py:11 settings/serializers/auth/oidc.py:40 msgid "Server url" msgstr "サービス側アドレス" @@ -3556,79 +3556,83 @@ msgstr "クライアントID" msgid "Client Secret" msgstr "クライアント秘密" -#: settings/serializers/auth/oidc.py:20 +#: settings/serializers/auth/oidc.py:26 +msgid "Client authentication method" +msgstr "クライアント認証方式" + +#: settings/serializers/auth/oidc.py:28 msgid "Share session" msgstr "セッションの共有" -#: settings/serializers/auth/oidc.py:22 +#: settings/serializers/auth/oidc.py:30 msgid "Ignore ssl verification" msgstr "Ssl検証を無視する" -#: settings/serializers/auth/oidc.py:29 +#: settings/serializers/auth/oidc.py:37 msgid "Use Keycloak" msgstr "Keycloakを使用する" -#: settings/serializers/auth/oidc.py:35 +#: settings/serializers/auth/oidc.py:43 msgid "Realm name" msgstr "レルム名" -#: settings/serializers/auth/oidc.py:41 +#: settings/serializers/auth/oidc.py:49 msgid "Enable OPENID Auth" msgstr "OIDC認証の有効化" -#: settings/serializers/auth/oidc.py:43 +#: settings/serializers/auth/oidc.py:51 msgid "Provider endpoint" msgstr "プロバイダーエンドポイント" -#: settings/serializers/auth/oidc.py:46 +#: settings/serializers/auth/oidc.py:54 msgid "Provider auth endpoint" msgstr "認証エンドポイントアドレス" -#: settings/serializers/auth/oidc.py:49 +#: settings/serializers/auth/oidc.py:57 msgid "Provider token endpoint" msgstr "プロバイダートークンエンドポイント" -#: settings/serializers/auth/oidc.py:52 +#: settings/serializers/auth/oidc.py:60 msgid "Provider jwks endpoint" msgstr "プロバイダーjwksエンドポイント" -#: settings/serializers/auth/oidc.py:55 +#: settings/serializers/auth/oidc.py:63 msgid "Provider userinfo endpoint" msgstr "プロバイダーuserinfoエンドポイント" -#: settings/serializers/auth/oidc.py:58 +#: settings/serializers/auth/oidc.py:66 msgid "Provider end session endpoint" msgstr "プロバイダーのセッション終了エンドポイント" -#: settings/serializers/auth/oidc.py:61 +#: settings/serializers/auth/oidc.py:69 msgid "Provider sign alg" msgstr "プロビダーサインalg" -#: settings/serializers/auth/oidc.py:64 +#: settings/serializers/auth/oidc.py:72 msgid "Provider sign key" msgstr "プロバイダ署名キー" -#: settings/serializers/auth/oidc.py:66 +#: settings/serializers/auth/oidc.py:74 msgid "Scopes" msgstr "スコープ" -#: settings/serializers/auth/oidc.py:68 +#: settings/serializers/auth/oidc.py:76 msgid "Id token max age" msgstr "IDトークンの最大年齢" -#: settings/serializers/auth/oidc.py:71 +#: settings/serializers/auth/oidc.py:79 msgid "Id token include claims" msgstr "IDトークンにはクレームが含まれます" -#: settings/serializers/auth/oidc.py:73 +#: settings/serializers/auth/oidc.py:81 msgid "Use state" msgstr "使用状態" -#: settings/serializers/auth/oidc.py:74 +#: settings/serializers/auth/oidc.py:82 msgid "Use nonce" msgstr "Nonceを使用" -#: settings/serializers/auth/oidc.py:76 settings/serializers/auth/saml2.py:33 +#: settings/serializers/auth/oidc.py:84 settings/serializers/auth/saml2.py:33 msgid "Always update user" msgstr "常にユーザーを更新" @@ -4513,9 +4517,7 @@ msgstr "ホームページ" msgid "Cancel" msgstr "キャンセル" -#: templates/resource_download.html:18 templates/resource_download.html:24 -#: templates/resource_download.html:25 templates/resource_download.html:30 -#: templates/resource_download.html:40 +#: templates/resource_download.html:18 templates/resource_download.html:30 msgid "Client" msgstr "クライアント" @@ -4544,19 +4546,11 @@ msgstr "" "MacOSは、Windowsに付属のRDPアセットを接続するためにクライアントをダウンロード" "する必要があります" -#: templates/resource_download.html:42 -msgid "" -"Windows needs to download the client to connect SSH assets, and the MacOS " -"system uses its own terminal" -msgstr "" -"WindowsはクライアントをダウンロードしてSSH資産に接続する必要があり、macOSシス" -"テムは独自のTerminalを採用している。" - -#: templates/resource_download.html:53 +#: templates/resource_download.html:41 msgid "Windows Remote application publisher tools" msgstr "Windowsリモートアプリケーション発行者ツール" -#: templates/resource_download.html:54 +#: templates/resource_download.html:42 msgid "" "Jmservisor is the program used to pull up remote applications in Windows " "Remote Application publisher" @@ -6732,3 +6726,10 @@ msgstr "究極のエディション" #: xpack/plugins/license/models.py:77 msgid "Community edition" msgstr "コミュニティ版" + +#~ msgid "" +#~ "Windows needs to download the client to connect SSH assets, and the MacOS " +#~ "system uses its own terminal" +#~ msgstr "" +#~ "WindowsはクライアントをダウンロードしてSSH資産に接続する必要があり、macOS" +#~ "システムは独自のTerminalを採用している。" diff --git a/apps/locale/zh/LC_MESSAGES/django.mo b/apps/locale/zh/LC_MESSAGES/django.mo index 58ce5f865..c651fb2c5 100644 --- a/apps/locale/zh/LC_MESSAGES/django.mo +++ b/apps/locale/zh/LC_MESSAGES/django.mo @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:c6cf24f38fd82ad87d6062c4b36a771cb9fdeb76975b8b60f335a5a4fd9fd30c -size 104169 +oid sha256:95e9f6addbdb6811647fd2bb5ae64bfc2572a80702c371eab0a1bb041a1e8476 +size 104032 diff --git a/apps/locale/zh/LC_MESSAGES/django.po b/apps/locale/zh/LC_MESSAGES/django.po index 049fb5daa..e091a35c8 100644 --- a/apps/locale/zh/LC_MESSAGES/django.po +++ b/apps/locale/zh/LC_MESSAGES/django.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: JumpServer 0.3.3\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2022-04-20 16:35+0800\n" +"POT-Creation-Date: 2022-04-29 12:49+0800\n" "PO-Revision-Date: 2021-05-20 10:54+0800\n" "Last-Translator: ibuler \n" "Language-Team: JumpServer team\n" @@ -87,7 +87,7 @@ msgstr "登录复核" #: assets/models/cmd_filter.py:30 assets/models/label.py:15 audits/models.py:37 #: audits/models.py:60 audits/models.py:85 audits/serializers.py:100 #: authentication/models.py:51 orgs/models.py:214 perms/models/base.py:84 -#: rbac/builtin.py:110 rbac/models/rolebinding.py:40 +#: rbac/builtin.py:118 rbac/models/rolebinding.py:41 #: terminal/backends/command/models.py:20 #: terminal/backends/command/serializers.py:12 terminal/models/session.py:44 #: terminal/notifications.py:91 terminal/notifications.py:139 @@ -1348,7 +1348,7 @@ msgstr "日志审计" #: audits/models.py:27 audits/models.py:57 #: authentication/templates/authentication/_access_key_modal.html:65 -#: rbac/tree.py:168 +#: rbac/tree.py:228 msgid "Delete" msgstr "删除" @@ -1401,11 +1401,11 @@ msgstr "文件管理" #: audits/models.py:55 #: authentication/templates/authentication/_access_key_modal.html:22 -#: rbac/tree.py:165 +#: rbac/tree.py:225 msgid "Create" msgstr "创建" -#: audits/models.py:56 rbac/tree.py:167 templates/_csv_import_export.html:18 +#: audits/models.py:56 rbac/tree.py:227 templates/_csv_import_export.html:18 #: templates/_csv_update_modal.html:6 msgid "Update" msgstr "更新" @@ -2160,7 +2160,7 @@ msgstr "代码错误" #: authentication/templates/authentication/_msg_reset_password.html:3 #: authentication/templates/authentication/_msg_rest_password_success.html:2 #: authentication/templates/authentication/_msg_rest_public_key_success.html:2 -#: jumpserver/conf.py:299 ops/tasks.py:145 ops/tasks.py:148 +#: jumpserver/conf.py:301 ops/tasks.py:145 ops/tasks.py:148 #: perms/templates/perms/_msg_item_permissions_expire.html:3 #: perms/templates/perms/_msg_permed_items_expire.html:3 #: users/templates/users/_msg_account_expire_reminder.html:4 @@ -2612,11 +2612,11 @@ msgstr "不能包含特殊字符" msgid "The mobile phone number format is incorrect" msgstr "手机号格式不正确" -#: jumpserver/conf.py:298 +#: jumpserver/conf.py:300 msgid "Create account successfully" msgstr "创建账号成功" -#: jumpserver/conf.py:300 +#: jumpserver/conf.py:302 msgid "Your account has been created successfully" msgstr "你的账号已创建成功" @@ -2865,12 +2865,12 @@ msgstr "LDAP 同步设置组织为当前组织,请切换其他组织后再进 msgid "The organization have resource ({}) cannot be deleted" msgstr "组织存在资源 ({}) 不能被删除" -#: orgs/apps.py:7 rbac/tree.py:114 +#: orgs/apps.py:7 rbac/tree.py:115 msgid "App organizations" msgstr "组织管理" #: orgs/mixins/models.py:46 orgs/mixins/serializers.py:25 orgs/models.py:80 -#: orgs/models.py:211 rbac/const.py:7 rbac/models/rolebinding.py:47 +#: orgs/models.py:211 rbac/const.py:7 rbac/models/rolebinding.py:48 #: rbac/serializers/rolebinding.py:40 settings/serializers/auth/ldap.py:59 #: tickets/serializers/ticket/ticket.py:77 msgid "Organization" @@ -2884,7 +2884,7 @@ msgstr "全局组织" msgid "Can view root org" msgstr "可以查看全局组织" -#: orgs/models.py:216 rbac/models/role.py:46 rbac/models/rolebinding.py:43 +#: orgs/models.py:216 rbac/models/role.py:46 rbac/models/rolebinding.py:44 #: users/models/user.py:671 msgid "Role" msgstr "角色" @@ -3095,27 +3095,27 @@ msgstr "{} 至少有一个系统角色" msgid "RBAC" msgstr "RBAC" -#: rbac/builtin.py:101 +#: rbac/builtin.py:109 msgid "SystemAdmin" msgstr "系统管理员" -#: rbac/builtin.py:104 +#: rbac/builtin.py:112 msgid "SystemAuditor" msgstr "系统审计员" -#: rbac/builtin.py:107 +#: rbac/builtin.py:115 msgid "SystemComponent" msgstr "系统组件" -#: rbac/builtin.py:113 +#: rbac/builtin.py:121 msgid "OrgAdmin" msgstr "组织管理员" -#: rbac/builtin.py:116 +#: rbac/builtin.py:124 msgid "OrgAuditor" msgstr "组织审计员" -#: rbac/builtin.py:119 +#: rbac/builtin.py:127 msgid "OrgUser" msgstr "组织用户" @@ -3147,7 +3147,7 @@ msgstr "文件管理" msgid "Permission" msgstr "权限" -#: rbac/models/role.py:31 rbac/models/rolebinding.py:37 +#: rbac/models/role.py:31 rbac/models/rolebinding.py:38 msgid "Scope" msgstr "范围" @@ -3167,21 +3167,21 @@ msgstr "系统角色" msgid "Organization role" msgstr "组织角色" -#: rbac/models/rolebinding.py:52 +#: rbac/models/rolebinding.py:53 msgid "Role binding" msgstr "角色绑定" -#: rbac/models/rolebinding.py:151 +#: rbac/models/rolebinding.py:159 msgid "" "User last role in org, can not be delete, you can remove user from org " "instead" msgstr "用户最后一个角色,不能删除,你可以将用户从组织移除" -#: rbac/models/rolebinding.py:158 +#: rbac/models/rolebinding.py:166 msgid "Organization role binding" msgstr "组织角色绑定" -#: rbac/models/rolebinding.py:173 +#: rbac/models/rolebinding.py:181 msgid "System role binding" msgstr "系统角色绑定" @@ -3205,91 +3205,91 @@ msgstr "角色显示" msgid "Has bound this role" msgstr "已经绑定" -#: rbac/tree.py:19 rbac/tree.py:20 +#: rbac/tree.py:20 rbac/tree.py:21 msgid "All permissions" msgstr "所有权限" -#: rbac/tree.py:26 +#: rbac/tree.py:27 msgid "Console view" msgstr "控制台" -#: rbac/tree.py:27 +#: rbac/tree.py:28 msgid "Workbench view" msgstr "工作台" -#: rbac/tree.py:28 +#: rbac/tree.py:29 msgid "Audit view" msgstr "审计台" -#: rbac/tree.py:29 settings/models.py:140 +#: rbac/tree.py:30 settings/models.py:140 msgid "System setting" msgstr "系统设置" -#: rbac/tree.py:30 +#: rbac/tree.py:31 msgid "Other" msgstr "其它" -#: rbac/tree.py:38 +#: rbac/tree.py:39 msgid "Accounts" msgstr "账号管理" -#: rbac/tree.py:42 +#: rbac/tree.py:43 msgid "Session audits" msgstr "会话审计" -#: rbac/tree.py:52 +#: rbac/tree.py:53 msgid "Cloud import" msgstr "云同步" -#: rbac/tree.py:53 +#: rbac/tree.py:54 msgid "Backup account" msgstr "备份账号" -#: rbac/tree.py:54 +#: rbac/tree.py:55 msgid "Gather account" msgstr "收集账号" -#: rbac/tree.py:55 +#: rbac/tree.py:56 msgid "App change auth" msgstr "应用改密" -#: rbac/tree.py:56 +#: rbac/tree.py:57 msgid "Asset change auth" msgstr "资产改密" -#: rbac/tree.py:57 +#: rbac/tree.py:58 msgid "Terminal setting" msgstr "终端设置" -#: rbac/tree.py:58 +#: rbac/tree.py:59 msgid "My assets" msgstr "我的资产" -#: rbac/tree.py:59 +#: rbac/tree.py:60 msgid "My apps" msgstr "我的应用" -#: rbac/tree.py:115 +#: rbac/tree.py:116 msgid "Ticket comment" msgstr "工单评论" -#: rbac/tree.py:116 tickets/models/ticket.py:163 +#: rbac/tree.py:117 tickets/models/ticket.py:163 msgid "Ticket" msgstr "工单管理" -#: rbac/tree.py:117 +#: rbac/tree.py:118 msgid "Common setting" msgstr "一般设置" -#: rbac/tree.py:118 +#: rbac/tree.py:119 msgid "View permission tree" msgstr "查看授权树" -#: rbac/tree.py:119 +#: rbac/tree.py:120 msgid "Execute batch command" msgstr "执行批量命令" -#: rbac/tree.py:166 +#: rbac/tree.py:226 msgid "View" msgstr "查看" @@ -3415,7 +3415,7 @@ msgstr "启用登录跳转提示" msgid "Enable CAS Auth" msgstr "启用 CAS 认证" -#: settings/serializers/auth/cas.py:11 settings/serializers/auth/oidc.py:32 +#: settings/serializers/auth/cas.py:11 settings/serializers/auth/oidc.py:40 msgid "Server url" msgstr "服务端地址" @@ -3517,79 +3517,83 @@ msgstr "客户端 ID" msgid "Client Secret" msgstr "客户端密钥" -#: settings/serializers/auth/oidc.py:20 +#: settings/serializers/auth/oidc.py:26 +msgid "Client authentication method" +msgstr "客户端认证方式" + +#: settings/serializers/auth/oidc.py:28 msgid "Share session" msgstr "共享会话" -#: settings/serializers/auth/oidc.py:22 +#: settings/serializers/auth/oidc.py:30 msgid "Ignore ssl verification" msgstr "忽略 SSL 证书验证" -#: settings/serializers/auth/oidc.py:29 +#: settings/serializers/auth/oidc.py:37 msgid "Use Keycloak" msgstr "使用 Keycloak" -#: settings/serializers/auth/oidc.py:35 +#: settings/serializers/auth/oidc.py:43 msgid "Realm name" msgstr "域" -#: settings/serializers/auth/oidc.py:41 +#: settings/serializers/auth/oidc.py:49 msgid "Enable OPENID Auth" msgstr "启用 OIDC 认证" -#: settings/serializers/auth/oidc.py:43 +#: settings/serializers/auth/oidc.py:51 msgid "Provider endpoint" msgstr "端点地址" -#: settings/serializers/auth/oidc.py:46 +#: settings/serializers/auth/oidc.py:54 msgid "Provider auth endpoint" msgstr "授权端点地址" -#: settings/serializers/auth/oidc.py:49 +#: settings/serializers/auth/oidc.py:57 msgid "Provider token endpoint" msgstr "token 端点地址" -#: settings/serializers/auth/oidc.py:52 +#: settings/serializers/auth/oidc.py:60 msgid "Provider jwks endpoint" msgstr "jwks 端点地址" -#: settings/serializers/auth/oidc.py:55 +#: settings/serializers/auth/oidc.py:63 msgid "Provider userinfo endpoint" msgstr "用户信息端点地址" -#: settings/serializers/auth/oidc.py:58 +#: settings/serializers/auth/oidc.py:66 msgid "Provider end session endpoint" msgstr "注销会话端点地址" -#: settings/serializers/auth/oidc.py:61 +#: settings/serializers/auth/oidc.py:69 msgid "Provider sign alg" msgstr "签名算法" -#: settings/serializers/auth/oidc.py:64 +#: settings/serializers/auth/oidc.py:72 msgid "Provider sign key" msgstr "签名 Key" -#: settings/serializers/auth/oidc.py:66 +#: settings/serializers/auth/oidc.py:74 msgid "Scopes" msgstr "连接范围" -#: settings/serializers/auth/oidc.py:68 +#: settings/serializers/auth/oidc.py:76 msgid "Id token max age" msgstr "令牌有效时间" -#: settings/serializers/auth/oidc.py:71 +#: settings/serializers/auth/oidc.py:79 msgid "Id token include claims" msgstr "声明" -#: settings/serializers/auth/oidc.py:73 +#: settings/serializers/auth/oidc.py:81 msgid "Use state" msgstr "使用状态" -#: settings/serializers/auth/oidc.py:74 +#: settings/serializers/auth/oidc.py:82 msgid "Use nonce" msgstr "临时使用" -#: settings/serializers/auth/oidc.py:76 settings/serializers/auth/saml2.py:33 +#: settings/serializers/auth/oidc.py:84 settings/serializers/auth/saml2.py:33 msgid "Always update user" msgstr "总是更新用户信息" @@ -4446,9 +4450,7 @@ msgstr "首页" msgid "Cancel" msgstr "取消" -#: templates/resource_download.html:18 templates/resource_download.html:24 -#: templates/resource_download.html:25 templates/resource_download.html:30 -#: templates/resource_download.html:40 +#: templates/resource_download.html:18 templates/resource_download.html:30 msgid "Client" msgstr "客户端" @@ -4474,17 +4476,11 @@ msgid "" "Windows" msgstr "macOS 需要下载客户端来连接 RDP 资产,Windows 系统默认安装了该程序" -#: templates/resource_download.html:42 -msgid "" -"Windows needs to download the client to connect SSH assets, and the MacOS " -"system uses its own terminal" -msgstr "Windows 需要下载客户端来连接SSH资产,macOS系统采用自带的Terminal" - -#: templates/resource_download.html:53 +#: templates/resource_download.html:41 msgid "Windows Remote application publisher tools" msgstr "Windows 远程应用发布服务器工具" -#: templates/resource_download.html:54 +#: templates/resource_download.html:42 msgid "" "Jmservisor is the program used to pull up remote applications in Windows " "Remote Application publisher" @@ -6640,3 +6636,8 @@ msgstr "旗舰版" #: xpack/plugins/license/models.py:77 msgid "Community edition" msgstr "社区版" + +#~ msgid "" +#~ "Windows needs to download the client to connect SSH assets, and the MacOS " +#~ "system uses its own terminal" +#~ msgstr "Windows 需要下载客户端来连接SSH资产,macOS系统采用自带的Terminal" diff --git a/apps/settings/serializers/auth/oidc.py b/apps/settings/serializers/auth/oidc.py index 21f0f989e..a3777fb25 100644 --- a/apps/settings/serializers/auth/oidc.py +++ b/apps/settings/serializers/auth/oidc.py @@ -17,6 +17,14 @@ class CommonSettingSerializer(serializers.Serializer): AUTH_OPENID_CLIENT_SECRET = serializers.CharField( required=False, max_length=1024, write_only=True, label=_('Client Secret') ) + AUTH_OPENID_CLIENT_AUTH_METHOD = serializers.ChoiceField( + default='client_secret_basic', + choices=( + ('client_secret_basic', 'Client Secret Basic'), + ('client_secret_post', 'Client Secret Post') + ), + label=_('Client authentication method') + ) AUTH_OPENID_SHARE_SESSION = serializers.BooleanField(required=False, label=_('Share session')) AUTH_OPENID_IGNORE_SSL_VERIFICATION = serializers.BooleanField( required=False, label=_('Ignore ssl verification')