diff --git a/invenio_oauthclient/admin.py b/invenio_oauthclient/admin.py index 7ec6fad..eeb352b 100644 --- a/invenio_oauthclient/admin.py +++ b/invenio_oauthclient/admin.py @@ -10,15 +10,11 @@ from flask_admin.contrib.sqla import ModelView from invenio_accounts.admin import user_identity_adminview +from invenio_i18n import lazy_gettext as _ from .models import RemoteAccount, RemoteToken -def _(x): - """Identity.""" - return x - - class RemoteAccountView(ModelView): """Flask-Admin view to manage remote accounts from invenio-oauthclient.""" diff --git a/invenio_oauthclient/contrib/cern.py b/invenio_oauthclient/contrib/cern.py index a84cd2c..61bcf0b 100644 --- a/invenio_oauthclient/contrib/cern.py +++ b/invenio_oauthclient/contrib/cern.py @@ -149,6 +149,7 @@ ) from invenio_db import db from invenio_i18n import gettext as _ +from invenio_i18n import lazy_gettext from invenio_oauthclient.errors import OAuthCERNRejectedAccountError from invenio_oauthclient.handlers.rest import response_handler @@ -204,8 +205,8 @@ """Cern oauth identityClass values that are allowed to be used.""" BASE_APP = dict( - title="CERN", - description="Connecting to CERN Organization.", + title=lazy_gettext("CERN"), + description=lazy_gettext("Connecting to CERN Organization."), icon="", logout_url="https://login.cern.ch/adfs/ls/?wa=wsignout1.0", params=dict( @@ -405,8 +406,10 @@ def _account_info(remote, resp): identity_class = resource.get("IdentityClass", [None])[0] if identity_class is None or identity_class not in valid_identities: raise OAuthCERNRejectedAccountError( - "Identity class {0} is not one of [{1}]".format( - identity_class, "".join(valid_identities) + _( + "Identity class %(identity_class)s is not one of [%(valid_identities)s]", + identity_class=identity_class, + valid_identities="".join(valid_identities), ), remote, resp, diff --git a/invenio_oauthclient/contrib/cern_openid.py b/invenio_oauthclient/contrib/cern_openid.py index 3aa71ac..12cdefd 100644 --- a/invenio_oauthclient/contrib/cern_openid.py +++ b/invenio_oauthclient/contrib/cern_openid.py @@ -77,6 +77,7 @@ ) from invenio_db import db from invenio_i18n import gettext as _ +from invenio_i18n import lazy_gettext from jwt import decode from invenio_oauthclient.errors import OAuthCERNRejectedAccountError @@ -99,8 +100,8 @@ """CERN OAuth application role values that are allowed to be used.""" BASE_APP = dict( - title="CERN", - description="Connecting to CERN Organization.", + title=lazy_gettext("CERN"), + description=lazy_gettext("Connecting to CERN Organization."), icon="", logout_url="https://auth.cern.ch/auth/realms/cern/protocol/" "openid-connect/logout", @@ -273,7 +274,11 @@ def _account_info(remote, resp): cern_roles = resource.get("cern_roles") if cern_roles is None or not set(cern_roles).issubset(valid_roles): raise OAuthCERNRejectedAccountError( - "User roles {0} are not one of {1}".format(cern_roles, valid_roles), + _( + "User roles %(cern_roles)s are not one of %(valid_roles)s", + cern_roles=cern_roles, + valid_roles=valid_roles, + ), remote, resp, ) diff --git a/invenio_oauthclient/contrib/github.py b/invenio_oauthclient/contrib/github.py index 345bda6..33bc5dd 100644 --- a/invenio_oauthclient/contrib/github.py +++ b/invenio_oauthclient/contrib/github.py @@ -73,6 +73,7 @@ from flask import current_app, redirect, url_for from flask_login import current_user from invenio_db import db +from invenio_i18n import lazy_gettext as _ from invenio_oauthclient import current_oauthclient from invenio_oauthclient.contrib.settings import OAuthSettingsHelper @@ -105,8 +106,8 @@ def __init__( ): """Constructor.""" super().__init__( - title or "GitHub", - description or "Software collaboration platform.", + title or _("GitHub"), + description or _("Software collaboration platform."), base_url or "https://api.github.com/", app_key or "GITHUB_APP_CREDENTIALS", icon=icon or "fa fa-github", @@ -261,7 +262,7 @@ def authorized(resp, remote): return redirect(url_for("invenio_oauthclient.login", remote_app="github")) elif resp["error"] in ["incorrect_client_credentials", "redirect_uri_mismatch"]: raise OAuthResponseError( - "Application mis-configuration in GitHub", remote, resp + _("Application mis-configuration in GitHub"), remote, resp ) return authorized_signup_handler(resp, remote) @@ -283,7 +284,7 @@ def authorized_rest(resp, remote): ) elif resp["error"] in ["incorrect_client_credentials", "redirect_uri_mismatch"]: raise OAuthResponseError( - "Application mis-configuration in GitHub", remote, resp + _("Application mis-configuration in GitHub"), remote, resp ) return authorized_signup_rest_handler(resp, remote) diff --git a/invenio_oauthclient/contrib/globus.py b/invenio_oauthclient/contrib/globus.py index 7552d63..939f39f 100644 --- a/invenio_oauthclient/contrib/globus.py +++ b/invenio_oauthclient/contrib/globus.py @@ -67,6 +67,7 @@ from flask import current_app, redirect, url_for from flask_login import current_user from invenio_db import db +from invenio_i18n import lazy_gettext as _ from invenio_oauthclient import current_oauthclient from invenio_oauthclient.contrib.settings import OAuthSettingsHelper @@ -91,8 +92,8 @@ def __init__( ): """Constructor.""" super().__init__( - title or "Globus", - description or "Research data management simplified.", + title or _("Globus"), + description or _("Research data management simplified."), base_url or "https://auth.globus.org/v2/", app_key or "GLOBUS_APP_CREDENTIALS", request_token_params={"scope": "openid email profile"}, @@ -164,7 +165,7 @@ def get_dict_from_response(response): """Check for errors in the response and return the resulting JSON.""" if getattr(response, "_resp") and response._resp.code > 400: raise OAuthResponseError( - "Application mis-configuration in Globus", None, response + _("Application mis-configuration in Globus"), None, response ) return response.data @@ -199,7 +200,7 @@ def get_user_id(remote, email): # If we got here the response was successful but the data was invalid. # It's likely the URL is wrong but possible the API has changed. raise OAuthResponseError( - "Failed to fetch user id, likely server " "mis-configuration", None, remote + _("Failed to fetch user id, likely server mis-configuration"), None, remote ) diff --git a/invenio_oauthclient/contrib/keycloak/helpers.py b/invenio_oauthclient/contrib/keycloak/helpers.py index f9b6530..a9479fd 100644 --- a/invenio_oauthclient/contrib/keycloak/helpers.py +++ b/invenio_oauthclient/contrib/keycloak/helpers.py @@ -11,6 +11,7 @@ import jwt from flask import current_app +from invenio_i18n import gettext as _ from ...errors import OAuthError, OAuthKeycloakUserInfoError @@ -27,9 +28,12 @@ def _generate_config_prefix(remote): app_name = remote.name if not is_app_name_valid(app_name): raise OAuthError( - f"Invalid app name {app_name}. " - "It should only contain letters, numbers, dashes " - "and underscores", + _( + "Invalid app name %(app_name)s. " + "It should only contain letters, numbers, dashes " + "and underscores", + app_name=app_name, + ), remote, ) return f"OAUTHCLIENT_{app_name.upper()}" diff --git a/invenio_oauthclient/contrib/openaire_aai.py b/invenio_oauthclient/contrib/openaire_aai.py index 6e3866f..737cf61 100644 --- a/invenio_oauthclient/contrib/openaire_aai.py +++ b/invenio_oauthclient/contrib/openaire_aai.py @@ -72,6 +72,7 @@ from flask import current_app, redirect, url_for from flask_login import current_user from invenio_db import db +from invenio_i18n import lazy_gettext as _ from invenio_oauthclient import current_oauthclient from invenio_oauthclient.contrib.keycloak import KeycloakSettingsHelper @@ -101,8 +102,8 @@ def __init__( "send_register_msg": True, } super().__init__( - title or "OpenAIRE", - description or "Open Science Services.", + title or _("OpenAIRE"), + description or _("Open Science Services."), base_url, app_key or "OPENAIRE_APP_CREDENTIALS", request_token_params={"scope": "openid profile email orcid"}, @@ -166,8 +167,8 @@ def get_rest_handlers(self): # Sandbox _openaire_aai_sandbox_app = KeycloakSettingsHelper( - title="OpenAIRE", - description="Open Science Services.", + title=_("OpenAIRE"), + description=_("Open Science Services."), base_url="https://beta.aai.openaire.eu", realm="openaire", scopes="openid profile email eduperson_entitlement orcid", diff --git a/invenio_oauthclient/contrib/orcid.py b/invenio_oauthclient/contrib/orcid.py index 2d711d1..39819ce 100644 --- a/invenio_oauthclient/contrib/orcid.py +++ b/invenio_oauthclient/contrib/orcid.py @@ -74,6 +74,7 @@ from flask import current_app, redirect, url_for from flask_login import current_user from invenio_db import db +from invenio_i18n import lazy_gettext as _ from invenio_oauthclient import current_oauthclient from invenio_oauthclient.contrib.settings import OAuthSettingsHelper @@ -109,8 +110,8 @@ def __init__( } super().__init__( - title or "ORCID", - description or "Connecting Research and Researchers.", + title or _("ORCID"), + description or _("Connecting Research and Researchers."), base_url or "https://pub.orcid.org/v1.2/", app_key or "ORCID_APP_CREDENTIALS", request_token_params={"scope": "/authenticate", "show_login": "true"}, diff --git a/invenio_oauthclient/handlers/rest.py b/invenio_oauthclient/handlers/rest.py index 08ba5f9..2ce7e8b 100644 --- a/invenio_oauthclient/handlers/rest.py +++ b/invenio_oauthclient/handlers/rest.py @@ -23,6 +23,7 @@ ) from flask_login import current_user from invenio_db import db +from invenio_i18n import gettext as _ from ..errors import ( AlreadyLinkedError, @@ -86,16 +87,20 @@ def _oauth_error_handler(remote, f, *args, **kwargs): return response_handler( remote, remote_app_config["error_redirect_url"], - payload=dict(message="Authorization with remote service failed.", code=400), + payload=dict( + message=_("Authorization with remote service failed."), code=400 + ), ) except OAuthRejectedRequestError: return response_handler( remote, remote_app_config["error_redirect_url"], - payload=dict(message="You rejected the authentication request.", code=400), + payload=dict( + message=_("You rejected the authentication request."), code=400 + ), ) except AlreadyLinkedError: - msg = "External service is already linked to another account." + msg = _("External service is already linked to another account.") return response_handler( remote, remote_app_config["error_redirect_url"], @@ -105,14 +110,14 @@ def _oauth_error_handler(remote, f, *args, **kwargs): return response_handler( remote, remote_app_config["error_redirect_url"], - payload=dict(message="Unauthorized.", code=401), + payload=dict(message=_("Unauthorized."), code=401), ) except OAuthClientAlreadyAuthorized: return response_handler( remote, remote_app_config["authorized_redirect_url"], payload=dict( - message="Successfully signed up.", + message=_("Successfully signed up."), code=200, ), ) @@ -121,14 +126,14 @@ def _oauth_error_handler(remote, f, *args, **kwargs): remote, remote_app_config["error_redirect_url"], payload=dict( - message="Token not found.", + message=_("Token not found."), code=400, ), ) except OAuthClientUserNotRegistered: abort(make_response(jsonify(message="Form validation error."), 400)) except OAuthClientTokenNotSet: - raise OAuthError("Could not create token for user.", remote) + raise OAuthError(_("Could not create token for user."), remote) except OAuthClientMustRedirectSignup as e: return redirect( url_for( @@ -208,7 +213,7 @@ def authorized_signup_handler(resp, remote, *args, **kwargs): """ remote_app_config = current_app.config["OAUTHCLIENT_REST_REMOTE_APPS"][remote.name] next_url = authorized_handler(resp, remote, *args, **kwargs) - response_payload = dict(message="Successfully authorized.", code=200) + response_payload = dict(message=_("Successfully authorized."), code=200) if next_url: response_payload["next_url"] = next_url @@ -238,7 +243,7 @@ def disconnect_handler(remote, *args, **kwargs): remote, redirect_url, payload=dict( - message="Successfully disconnected.", + message=_("Successfully disconnected."), code=200, ), ) @@ -282,7 +287,7 @@ def signup_handler(remote, *args, **kwargs): except OAuthClientUnAuthorized: abort(401) - response_payload = dict(message="Successfully signed up.", code=200) + response_payload = dict(message=_("Successfully signed up."), code=200) if next_url: response_payload["next_url"] = next_url return jsonify(response_payload) diff --git a/invenio_oauthclient/handlers/token.py b/invenio_oauthclient/handlers/token.py index c632a84..bbdd84a 100644 --- a/invenio_oauthclient/handlers/token.py +++ b/invenio_oauthclient/handlers/token.py @@ -13,6 +13,7 @@ from flask import current_app, session from flask_login import current_user from invenio_db import db +from invenio_i18n import gettext as _ from ..errors import OAuthClientError, OAuthRejectedRequestError, OAuthResponseError from ..models import RemoteToken @@ -58,7 +59,7 @@ def response_token_setter(remote, resp): :returns: The token. """ if resp is None: - raise OAuthRejectedRequestError("User rejected request.", remote, resp) + raise OAuthRejectedRequestError(_("User rejected request."), remote, resp) else: if "access_token" in resp: return oauth2_token_setter(remote, resp) @@ -67,11 +68,11 @@ def response_token_setter(remote, resp): elif "error" in resp: # Only OAuth2 specifies how to send error messages raise OAuthClientError( - "Authorization with remote service failed.", + _("Authorization with remote service failed."), remote, resp, ) - raise OAuthResponseError("Bad OAuth authorized request", remote, resp) + raise OAuthResponseError(_("Bad OAuth authorized request"), remote, resp) def oauth1_token_setter(remote, resp, token_type="", extra_data=None): diff --git a/invenio_oauthclient/handlers/ui.py b/invenio_oauthclient/handlers/ui.py index cf09b85..5ab0a67 100644 --- a/invenio_oauthclient/handlers/ui.py +++ b/invenio_oauthclient/handlers/ui.py @@ -153,7 +153,9 @@ def authorized_signup_handler(resp, remote, *args, **kwargs): do_flash( Markup( _( - f"A confirmation email has already been sent to {exc.user.email}. Didn't receive it? Click here to resend it." + 'A confirmation email has already been sent to %(email)s. Didn\'t receive it? Click here to resend it.', + email=exc.user.email, + url=url_for("security.send_confirmation"), ) ), category="success", diff --git a/invenio_oauthclient/handlers/utils.py b/invenio_oauthclient/handlers/utils.py index 4690f09..5efea03 100644 --- a/invenio_oauthclient/handlers/utils.py +++ b/invenio_oauthclient/handlers/utils.py @@ -14,6 +14,7 @@ from flask_login import current_user from invenio_accounts.models import Role from invenio_accounts.proxies import current_datastore +from invenio_i18n import gettext as _ from werkzeug.utils import import_string from ..models import RemoteAccount @@ -115,13 +116,19 @@ def create_or_update_roles(groups): existing_role = current_datastore.find_role_by_id(group["id"]) if existing_role and existing_role.is_managed: current_app.logger.exception( - f'Error while syncing roles: A managed role with id: ${group["id"]} already exists' + _( + "Error while syncing roles: A managed role with id: %(group_id)s already exists", + group_id=group["id"], + ) ) continue existing_role_by_name = current_datastore.find_role(group["name"]) if existing_role_by_name and existing_role_by_name.is_managed: current_app.logger.exception( - f'Error while syncing roles: A managed role with name: ${group["name"]} already exists' + _( + "Error while syncing roles: A managed role with name: %(group_name)s already exists", + group_name=group["name"], + ) ) continue if not existing_role: diff --git a/invenio_oauthclient/templates/semantic-ui/invenio_oauthclient/login_user.html b/invenio_oauthclient/templates/semantic-ui/invenio_oauthclient/login_user.html index a140fdd..9801b34 100644 --- a/invenio_oauthclient/templates/semantic-ui/invenio_oauthclient/login_user.html +++ b/invenio_oauthclient/templates/semantic-ui/invenio_oauthclient/login_user.html @@ -23,7 +23,7 @@ {%- if config.ACCOUNTS_LOCAL_LOGIN_ENABLED %}