forked from fedi/mastodon
e8d41bc2fe
* feat: add possibility of adding WebAuthn security keys to use as 2FA This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor to the Settings page for editing the 2FA methods – now it will list the methods that are available to the user (TOTP and WebAuthn) and from there they'll be able to add or remove any of them. Also, it's worth mentioning that for enabling WebAuthn it's required to have TOTP enabled, so the first time that you go to the 2FA Settings page, you'll be asked to set it up. This work was inspired by the one donde by Github in their platform, and despite it could be approached in different ways, we decided to go with this one given that we feel that this gives a great UX. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: add request for WebAuthn as second factor at login if enabled This commits adds the feature for using WebAuthn as a second factor for login when enabled. If users have WebAuthn enabled, now a page requesting for the use of a WebAuthn credential for log in will appear, although a link redirecting to the old page for logging in using a two-factor code will also be present. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: add possibility of deleting WebAuthn Credentials Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: disable WebAuthn when an Admin disables 2FA for a user Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * feat: remove ability to disable TOTP leaving only WebAuthn as 2FA Following examples form other platforms like Github, we decided to make Webauthn 2FA secondary to 2FA with TOTP, so that we removed the possibility of removing TOTP authentication only, leaving users with just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA' in order to remove second factor auth. The reason for WebAuthn being secondary to TOPT is that in that way, users will still be able to log in using their code from their phone's application if they don't have their security keys with them – or maybe even lost them. * We had to change a little the flow for setting up TOTP, given that now it's possible to setting up again if you already had TOTP, in order to let users modify their authenticator app – given that now it's not possible for them to disable TOTP and set it up again with another authenticator app. So, basically, now instead of storing the new `otp_secret` in the user, we store it in the session until the process of set up is finished. This was because, as it was before, when users clicked on 'Edit' in the new two-factor methods lists page, but then went back without finishing the flow, their `otp_secret` had been changed therefore invalidating their previous authenticator app, making them unable to log in again using TOTP. Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com> * refactor: fix eslint errors The PR build was failing given that linting returning some errors. This commit attempts to fix them. * refactor: normalize i18n translations The build was failing given that i18n translations files were not normalized. This commits fixes that. * refactor: avoid having the webauthn gem locked to a specific version * refactor: use symbols for routes without '/' * refactor: avoid sending webauthn disabled email when 2FA is disabled When an admins disable 2FA for users, we were sending two mails to them, one notifying that 2FA was disabled and the other to notify that WebAuthn was disabled. As the second one is redundant since the first email includes it, we can remove it and send just one email to users. * refactor: avoid creating new env variable for webauthn_origin config * refactor: improve flash error messages for webauthn pages Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
196 lines
9.9 KiB
YAML
196 lines
9.9 KiB
YAML
---
|
|
en:
|
|
simple_form:
|
|
hints:
|
|
account_alias:
|
|
acct: Specify the username@domain of the account you want to move from
|
|
account_migration:
|
|
acct: Specify the username@domain of the account you want to move to
|
|
account_warning_preset:
|
|
text: You can use toot syntax, such as URLs, hashtags and mentions
|
|
title: Optional. Not visible to the recipient
|
|
admin_account_action:
|
|
include_statuses: The user will see which toots have caused the moderation action or warning
|
|
send_email_notification: The user will receive an explanation of what happened with their account
|
|
text_html: Optional. You can use toot syntax. You can <a href="%{path}">add warning presets</a> to save time
|
|
type_html: Choose what to do with <strong>%{acct}</strong>
|
|
warning_preset_id: Optional. You can still add custom text to end of the preset
|
|
announcement:
|
|
all_day: When checked, only the dates of the time range will be displayed
|
|
ends_at: Optional. Announcement will be automatically unpublished at this time
|
|
scheduled_at: Leave blank to publish the announcement immediately
|
|
starts_at: Optional. In case your announcement is bound to a specific time range
|
|
text: You can use toot syntax. Please be mindful of the space the announcement will take up on the user's screen
|
|
defaults:
|
|
autofollow: People who sign up through the invite will automatically follow you
|
|
avatar: PNG, GIF or JPG. At most %{size}. Will be downscaled to %{dimensions}px
|
|
bot: This account mainly performs automated actions and might not be monitored
|
|
context: One or multiple contexts where the filter should apply
|
|
current_password: For security purposes please enter the password of the current account
|
|
current_username: To confirm, please enter the username of the current account
|
|
digest: Only sent after a long period of inactivity and only if you have received any personal messages in your absence
|
|
discoverable: The profile directory is another way by which your account can reach a wider audience
|
|
email: You will be sent a confirmation e-mail
|
|
fields: You can have up to 4 items displayed as a table on your profile
|
|
header: PNG, GIF or JPG. At most %{size}. Will be downscaled to %{dimensions}px
|
|
inbox_url: Copy the URL from the frontpage of the relay you want to use
|
|
irreversible: Filtered toots will disappear irreversibly, even if filter is later removed
|
|
locale: The language of the user interface, e-mails and push notifications
|
|
locked: Requires you to manually approve followers
|
|
password: Use at least 8 characters
|
|
phrase: Will be matched regardless of casing in text or content warning of a toot
|
|
scopes: Which APIs the application will be allowed to access. If you select a top-level scope, you don't need to select individual ones.
|
|
setting_aggregate_reblogs: Do not show new boosts for toots that have been recently boosted (only affects newly-received boosts)
|
|
setting_default_sensitive: Sensitive media is hidden by default and can be revealed with a click
|
|
setting_display_media_default: Hide media marked as sensitive
|
|
setting_display_media_hide_all: Always hide media
|
|
setting_display_media_show_all: Always show media
|
|
setting_hide_network: Who you follow and who follows you will not be shown on your profile
|
|
setting_noindex: Affects your public profile and status pages
|
|
setting_show_application: The application you use to toot will be displayed in the detailed view of your toots
|
|
setting_use_blurhash: Gradients are based on the colors of the hidden visuals but obfuscate any details
|
|
setting_use_pending_items: Hide timeline updates behind a click instead of automatically scrolling the feed
|
|
username: Your username will be unique on %{domain}
|
|
whole_word: When the keyword or phrase is alphanumeric only, it will only be applied if it matches the whole word
|
|
domain_allow:
|
|
domain: This domain will be able to fetch data from this server and incoming data from it will be processed and stored
|
|
email_domain_block:
|
|
domain: This can be the domain name that shows up in the e-mail address, the MX record that domain resolves to, or IP of the server that MX record resolves to. Those will be checked upon user sign-up and the sign-up will be rejected.
|
|
with_dns_records: An attempt to resolve the given domain's DNS records will be made and the results will also be blocked
|
|
featured_tag:
|
|
name: 'You might want to use one of these:'
|
|
form_challenge:
|
|
current_password: You are entering a secure area
|
|
imports:
|
|
data: CSV file exported from another Mastodon server
|
|
invite_request:
|
|
text: This will help us review your application
|
|
sessions:
|
|
otp: 'Enter the two-factor code generated by your phone app or use one of your recovery codes:'
|
|
webauthn: If it's an USB key be sure to insert it and, if necessary, tap it.
|
|
tag:
|
|
name: You can only change the casing of the letters, for example, to make it more readable
|
|
user:
|
|
chosen_languages: When checked, only toots in selected languages will be displayed in public timelines
|
|
labels:
|
|
account:
|
|
fields:
|
|
name: Label
|
|
value: Content
|
|
account_alias:
|
|
acct: Handle of the old account
|
|
account_migration:
|
|
acct: Handle of the new account
|
|
account_warning_preset:
|
|
text: Preset text
|
|
title: Title
|
|
admin_account_action:
|
|
include_statuses: Include reported toots in the e-mail
|
|
send_email_notification: Notify the user per e-mail
|
|
text: Custom warning
|
|
type: Action
|
|
types:
|
|
disable: Disable login
|
|
none: Do nothing
|
|
silence: Silence
|
|
suspend: Suspend and irreversibly delete account data
|
|
warning_preset_id: Use a warning preset
|
|
announcement:
|
|
all_day: All-day event
|
|
ends_at: End of event
|
|
scheduled_at: Schedule publication
|
|
starts_at: Start of event
|
|
text: Announcement
|
|
defaults:
|
|
autofollow: Invite to follow your account
|
|
avatar: Avatar
|
|
bot: This is a bot account
|
|
chosen_languages: Filter languages
|
|
confirm_new_password: Confirm new password
|
|
confirm_password: Confirm password
|
|
context: Filter contexts
|
|
current_password: Current password
|
|
data: Data
|
|
discoverable: List this account on the directory
|
|
display_name: Display name
|
|
email: E-mail address
|
|
expires_in: Expire after
|
|
fields: Profile metadata
|
|
header: Header
|
|
inbox_url: URL of the relay inbox
|
|
irreversible: Drop instead of hide
|
|
locale: Interface language
|
|
locked: Lock account
|
|
max_uses: Max number of uses
|
|
new_password: New password
|
|
note: Bio
|
|
otp_attempt: Two-factor code
|
|
password: Password
|
|
phrase: Keyword or phrase
|
|
setting_advanced_layout: Enable advanced web interface
|
|
setting_aggregate_reblogs: Group boosts in timelines
|
|
setting_auto_play_gif: Auto-play animated GIFs
|
|
setting_boost_modal: Show confirmation dialog before boosting
|
|
setting_crop_images: Crop images in non-expanded toots to 16x9
|
|
setting_default_language: Posting language
|
|
setting_default_privacy: Posting privacy
|
|
setting_default_sensitive: Always mark media as sensitive
|
|
setting_delete_modal: Show confirmation dialog before deleting a toot
|
|
setting_display_media: Media display
|
|
setting_display_media_default: Default
|
|
setting_display_media_hide_all: Hide all
|
|
setting_display_media_show_all: Show all
|
|
setting_expand_spoilers: Always expand toots marked with content warnings
|
|
setting_hide_network: Hide your network
|
|
setting_noindex: Opt-out of search engine indexing
|
|
setting_reduce_motion: Reduce motion in animations
|
|
setting_show_application: Disclose application used to send toots
|
|
setting_system_font_ui: Use system's default font
|
|
setting_theme: Site theme
|
|
setting_trends: Show today's trends
|
|
setting_unfollow_modal: Show confirmation dialog before unfollowing someone
|
|
setting_use_blurhash: Show colorful gradients for hidden media
|
|
setting_use_pending_items: Slow mode
|
|
severity: Severity
|
|
sign_in_token_attempt: Security code
|
|
type: Import type
|
|
username: Username
|
|
username_or_email: Username or Email
|
|
whole_word: Whole word
|
|
email_domain_block:
|
|
with_dns_records: Include MX records and IPs of the domain
|
|
featured_tag:
|
|
name: Hashtag
|
|
interactions:
|
|
must_be_follower: Block notifications from non-followers
|
|
must_be_following: Block notifications from people you don't follow
|
|
must_be_following_dm: Block direct messages from people you don't follow
|
|
invite:
|
|
comment: Comment
|
|
invite_request:
|
|
text: Why do you want to join?
|
|
notification_emails:
|
|
digest: Send digest e-mails
|
|
favourite: Someone favourited your status
|
|
follow: Someone followed you
|
|
follow_request: Someone requested to follow you
|
|
mention: Someone mentioned you
|
|
pending_account: New account needs review
|
|
reblog: Someone boosted your status
|
|
report: New report is submitted
|
|
trending_tag: An unreviewed hashtag is trending
|
|
tag:
|
|
listable: Allow this hashtag to appear in searches and on the profile directory
|
|
name: Hashtag
|
|
trendable: Allow this hashtag to appear under trends
|
|
usable: Allow toots to use this hashtag
|
|
'no': 'No'
|
|
recommended: Recommended
|
|
required:
|
|
mark: "*"
|
|
text: required
|
|
title:
|
|
sessions:
|
|
webauthn: Use one of your security keys to sign in
|
|
'yes': 'Yes'
|