Merge branch 'dev' for release 6.3.26

CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## Next release
 
+## v6.3.26 2024 June 5
+
+- improvement: add uid_attribute for saml provider
+
 ## v6.3.25 2024 May 28
 
 - Fix a bug: member wallet amount calculation error in the excel export

app/controllers/api/auth_providers_controller.rb

@@ -109,7 +109,8 @@ def provider_params
       params.require(:auth_provider)
             .permit(:id, :name, :providable_type,
                     providable_attributes: %i[id sp_entity_id idp_sso_service_url profile_url idp_cert_fingerprint idp_cert
-                                              idp_slo_service_url authn_requests_signed want_assertions_signed sp_certificate sp_private_key],
+                                              idp_slo_service_url authn_requests_signed want_assertions_signed sp_certificate
+                                              sp_private_key uid_attribute],
                     auth_provider_mappings_attributes: [:id, :local_model, :local_field, :api_field, :api_endpoint, :api_data_type,
                                                         :_destroy, { transformation: [:type, :format, :true_value, :false_value,
                                                                                       { mapping: %i[from to] }] }])

app/frontend/src/javascript/components/authentication-provider/saml-form.tsx

@@ -65,6 +65,11 @@ export const SamlForm = <TFieldValues extends FieldValues, TContext extends obje
                  label={t('app.admin.authentication.saml_form.idp_slo_service_url')}
                  tooltip={t('app.admin.authentication.saml_form.idp_slo_service_url_help')}
                  formState={formState} />
+      <FormInput id="providable_attributes.uid_attribute"
+                 register={register}
+                 label={t('app.admin.authentication.saml_form.uid_attribute')}
+                 tooltip={t('app.admin.authentication.saml_form.uid_attribute_help')}
+                 formState={formState} />
       <FormSwitch id="providable_attributes.authn_requests_signed" control={control}
                   formState={formState}
                   label={t('app.admin.authentication.saml_form.authn_requests_signed')} />

app/frontend/src/javascript/models/authentication-provider.ts

@@ -76,7 +76,8 @@ export interface SamlProvider {
   sp_certificate: string,
   sp_private_key: string,
   authn_requests_signed: boolean,
-  want_assertions_signed: boolean
+  want_assertions_signed: boolean,
+  uid_attribute: string,
 }
 
 export interface MappingFields {

app/views/api/auth_providers/show.json.jbuilder

@@ -24,6 +24,6 @@ end
 if @provider.providable_type == SamlProvider.name
   json.providable_attributes do
     json.extract! @provider.providable, :id, :sp_entity_id, :idp_sso_service_url, :profile_url, :idp_cert_fingerprint, :idp_cert, :idp_slo_service_url,
-                  :authn_requests_signed, :want_assertions_signed, :sp_certificate, :sp_private_key
+                  :authn_requests_signed, :want_assertions_signed, :sp_certificate, :sp_private_key, :uid_attribute
   end
 end

app/views/auth_provider/provider.json.jbuilder

@@ -24,6 +24,6 @@ end
 if provider.providable_type == 'SamlProvider'
   json.providable_attributes do
     json.extract! provider.providable, :id, :sp_entity_id, :idp_sso_service_url, :profile_url, :idp_cert_fingerprint, :idp_cert, :idp_slo_service_url,
-                  :authn_requests_signed, :want_assertions_signed, :sp_certificate, :sp_private_key
+                  :authn_requests_signed, :want_assertions_signed, :sp_certificate, :sp_private_key, :uid_attribute
   end
 end

config/initializers/devise.rb

@@ -255,6 +255,7 @@
                       idp_cert_fingerprint: active_provider.providable.idp_cert_fingerprint,
                       certificate: active_provider.providable.sp_certificate,
                       private_key: active_provider.providable.sp_private_key,
+                      uid_attribute: (active_provider.providable.respond_to?(:uid_attribute) && active_provider.providable.uid_attribute.present?) ? active_provider.providable.uid_attribute : nil,
                       security: OneLogin::RubySaml::Settings::DEFAULTS[:security].merge({
                         authn_requests_signed: active_provider.providable.authn_requests_signed,
                         want_assertions_signed: active_provider.providable.want_assertions_signed

config/locales/app.admin.de.yml

@@ -57,35 +57,35 @@ de:
         disable_machine: "Maschine deaktivieren"
         disabled_help: "Wenn deaktiviert, ist die Maschine nicht reservierbar und erscheint standardmäßig nicht in der Liste der Maschinen."
         reservable: "Kann diese Maschine reserviert werden?"
-        reservable_help: "When disabled, the machine will be shown in the default list of machines, but without the reservation button. If you already have created some availability slots for this machine, you may want to remove them: do it from the admin agenda."
+        reservable_help: "Wenn deaktiviert, wird die Maschine in der Standardliste der Maschinen angezeigt, aber ohne die Schaltfläche Reservierung. Wenn Sie bereits einige Verfügbarkeitsplätze für diese Maschine erstellt haben, können Sie diese aus der Admin-Agenda entfernen."
         save: "Speichern"
-        create_success: "The machine was created successfully"
-        update_success: "The machine was updated successfully"
+        create_success: "Die Maschine wurde erfolgreich erstellt"
+        update_success: "Die Maschine wurde erfolgreich aktualisiert"
       training_form:
-        ACTION_title: "{ACTION, select, create{New} other{Update the}} training"
-        beware_when_creating_a_training_its_reservation_prices_are_initialized_to_zero: "Beware, when creating a training, its reservation prices are initialized at zero."
-        dont_forget_to_change_them_before_creating_slots_for_this_training: "Don't forget to change them before creating slots for this training."
+        ACTION_title: "{ACTION, select, create{Neu} other{Aktualisiere die}} Schulung"
+        beware_when_creating_a_training_its_reservation_prices_are_initialized_to_zero: "Vorsicht bei der Erstellung einer Schulung, die Reservierungspreise werden bei Null initialisiert."
+        dont_forget_to_change_them_before_creating_slots_for_this_training: "Vergesse nicht, sie anzupassen, bevor du die Schulung aktivierst."
         description: "Beschreibung"
         name: "Name"
-        illustration: "Visual"
-        illustration_recommendation: "Maximum display size: 932 * 700 px (unconstrained ratio). The image may be cropped in list view. Only the description page displays the full image."
-        add_a_new_training: "Add a new training"
-        validate_your_training: "Validate your training"
+        illustration: "Ansicht"
+        illustration_recommendation: "Maximale Anzeigegröße: 932 * 700 px (uneingeschränktes Verhältnis). Das Bild kann in der Listenansicht zugeschnitten werden. Nur die Beschreibungsseite zeigt das vollständige Bild an."
+        add_a_new_training: "Neue Schulung hinzufügen"
+        validate_your_training: "Schulung bestätigen"
         settings: "Einstellungen"
-        associated_machines: "Associated machines"
-        associated_machines_help: "If you associate a machine to this training, the members will need to successfully pass this training before being able to reserve the machine."
-        default_seats: "Default number of seats"
-        public_page: "Show in training lists"
+        associated_machines: "Verknüpfte Maschinen"
+        associated_machines_help: "Wenn du eine Maschine mit dieser Schulung verbindest, müssen die Mitglieder diese Ausbildung erfolgreich absolvieren, bevor sie die Maschine reservieren können."
+        default_seats: "Standardanzahl der Sitzplätze"
+        public_page: "In Schulungslisten anzeigen"
         public_help: "Wenn diese Option deaktiviert ist, wird verhindert, dass das Training in der Trainingliste erscheint."
-        disable_training: "Disable the training"
-        disabled_help: "When disabled, the training won't be reservable and won't appear by default in the trainings list."
-        automatic_cancellation: "Automatic cancellation"
-        automatic_cancellation_info: "If you edit specific conditions here, the general cancellation conditions will no longer be taken into account. You will be notified if a session is cancelled. Credit notes and refunds will be automatic if the wallet is enabled. Otherwise you will have to do it manually."
-        automatic_cancellation_switch: "Activate automatic cancellation for this training"
-        automatic_cancellation_threshold: "Minimum number of registrations to maintain a session"
-        automatic_cancellation_deadline: "Deadline, in hours, before automatic cancellation"
-        authorization_validity: "Authorisations validity period"
-        authorization_validity_info: "You can define a specific validity period in months for this training. The general conditions will no longer be taken into account."
+        disable_training: "Schulung deaktivieren"
+        disabled_help: "Wenn deaktiviert, ist die Schulung nicht reservierbar und erscheint standardmäßig nicht in der Schulungsliste."
+        automatic_cancellation: "Automatische Stornierung"
+        automatic_cancellation_info: "Wenn Sie hier bestimmte Bedingungen ändern, werden die allgemeinen Stornierungsbedingungen nicht mehr berücksichtigt. Sie werden benachrichtigt, wenn eine Sitzung abgebrochen wird. Kreditnotizen und Rückerstattungen werden automatisch aktiviert, wenn die Brieftasche aktiviert ist. Andernfalls müssen Sie dies manuell tun."
+        automatic_cancellation_switch: "Automatische Stornierung für diese Schulung aktivieren"
+        automatic_cancellation_threshold: "Mindestanzahl der Anmeldungen für eine Sitzung"
+        automatic_cancellation_deadline: "Deadline, in Stunden vor der automatischen Stornierung"
+        authorization_validity: "Gültigkeitsdauer der Autorisierung"
+        authorization_validity_info: "Sie können eine bestimmte Gültigkeitsdauer in Monaten für diese Ausbildung festlegen, wobei die allgemeinen Bedingungen nicht mehr berücksichtigt werden."
         authorization_validity_switch: "Activate an authorization validity period"
         authorization_validity_period: "Validity period in months"
         validation_rule: "Authorisations cancellation rule"
@@ -288,7 +288,7 @@ de:
         space: "Space reservation"
         prepaid_pack: "Pack of prepaid-hours"
         product: "Product of the store"
-        error: "Erroneous invoices"
+        error: "Falsche Rechnungen"
         error_help: "As part of a maintenance operation, it may exceptionally happen that invoices, that have been generated by mistake due to a bug in the software, are discovered. As these invoices cannot be deleted, they will be exported to the account defined here. Please manually cancel these invoices."
         advanced_accounting: "Advanced accounting"
         enable_advanced: "Enable the advanced accounting"
@@ -930,7 +930,7 @@ de:
         important_notes: "Wichtige Hinweise"
         address_and_legal_information: "Adresse und rechtliche Informationen"
         invoice_reference: "Rechnungsnummer"
-        invoice_reference_is_required: "Invoice reference is required."
+        invoice_reference_is_required: "Rechnungsreferenz ist erforderlich."
         text: "Text"
         year: "Jahr"
         month: "Monat"
@@ -1576,6 +1576,8 @@ de:
           want_assertions_signed: "Want assertions signed"
           sp_certificate: "Service provider certificate"
           sp_private_key: "Service provider private key"
+          uid_attribute: "Name ID attribute"
+          uid_attribute_help: "The attribute of the SAML response that contains the user's unique identifier. If unset, the name identifier returned by the IdP is used."
         provider_form:
           name: "Name"
           authentication_type: "Authentifizierungsart"

config/locales/app.admin.en.yml

@@ -1576,6 +1576,8 @@ en:
           want_assertions_signed: "Want assertions signed"
           sp_certificate: "Service provider certificate"
           sp_private_key: "Service provider private key"
+          uid_attribute: "Name ID attribute"
+          uid_attribute_help: "The attribute of the SAML response that contains the user's unique identifier. If unset, the name identifier returned by the IdP is used."
         provider_form:
           name: "Name"
           authentication_type: "Authentication type"

config/locales/app.admin.es-MX.yml

@@ -1576,6 +1576,8 @@ es-MX:
           want_assertions_signed: "Want assertions signed"
           sp_certificate: "Service provider certificate"
           sp_private_key: "Service provider private key"
+          uid_attribute: "Name ID attribute"
+          uid_attribute_help: "The attribute of the SAML response that contains the user's unique identifier. If unset, the name identifier returned by the IdP is used."
         provider_form:
           name: "Nombre"
           authentication_type: "Tipo de autenticación"

config/locales/app.admin.es.yml

@@ -1576,6 +1576,8 @@ es:
           want_assertions_signed: "Want assertions signed"
           sp_certificate: "Service provider certificate"
           sp_private_key: "Service provider private key"
+          uid_attribute: "Name ID attribute"
+          uid_attribute_help: "The attribute of the SAML response that contains the user's unique identifier. If unset, the name identifier returned by the IdP is used."
         provider_form:
           name: "Nombre"
           authentication_type: "Tipo de autenticación"

config/locales/app.admin.fr.yml

@@ -1576,6 +1576,8 @@ fr:
           want_assertions_signed: "Exiger des Assertions signées"
           sp_certificate: "Certificat du SP"
           sp_private_key: "Clé privée du SP"
+          uid_attribute: "Identifiant unique"
+          uid_attribute_help: "L'attribut de la réponse SAML qui contient l'identifiant unique de l'utilisateur. Si non défini, l'identifiant de nom retourné par l'IdP est utilisé."
         provider_form:
           name: "Nom"
           authentication_type: "Type d'authentification"

config/locales/app.admin.it.yml

@@ -1576,6 +1576,8 @@ it:
           want_assertions_signed: "Want assertions signed"
           sp_certificate: "Service provider certificate"
           sp_private_key: "Service provider private key"
+          uid_attribute: "Name ID attribute"
+          uid_attribute_help: "The attribute of the SAML response that contains the user's unique identifier. If unset, the name identifier returned by the IdP is used."
         provider_form:
           name: "Nome"
           authentication_type: "Tipo di autenticazione"

config/locales/app.admin.no.yml

@@ -1576,6 +1576,8 @@
           want_assertions_signed: "Want assertions signed"
           sp_certificate: "Service provider certificate"
           sp_private_key: "Service provider private key"
+          uid_attribute: "Name ID attribute"
+          uid_attribute_help: "The attribute of the SAML response that contains the user's unique identifier. If unset, the name identifier returned by the IdP is used."
         provider_form:
           name: "Name"
           authentication_type: "Authentication type"

config/locales/app.admin.pt.yml

@@ -1576,6 +1576,8 @@ pt:
           want_assertions_signed: "Want assertions signed"
           sp_certificate: "Service provider certificate"
           sp_private_key: "Service provider private key"
+          uid_attribute: "Name ID attribute"
+          uid_attribute_help: "The attribute of the SAML response that contains the user's unique identifier. If unset, the name identifier returned by the IdP is used."
         provider_form:
           name: "Nome"
           authentication_type: "Tipo de autenticação"

config/locales/app.admin.sv.yml

@@ -1576,6 +1576,8 @@ sv:
           want_assertions_signed: "Want assertions signed"
           sp_certificate: "Service provider certificate"
           sp_private_key: "Service provider private key"
+          uid_attribute: "Name ID attribute"
+          uid_attribute_help: "The attribute of the SAML response that contains the user's unique identifier. If unset, the name identifier returned by the IdP is used."
         provider_form:
           name: "Namn"
           authentication_type: "Autentiseringstyp"

config/locales/app.admin.zu.yml

@@ -1576,6 +1576,8 @@ zu:
           want_assertions_signed: "crwdns38202:0crwdne38202:0"
           sp_certificate: "crwdns38204:0crwdne38204:0"
           sp_private_key: "crwdns38206:0crwdne38206:0"
+          uid_attribute: "crwdns38216:0crwdne38216:0"
+          uid_attribute_help: "crwdns38218:0crwdne38218:0"
         provider_form:
           name: "crwdns26204:0crwdne26204:0"
           authentication_type: "crwdns26206:0crwdne26206:0"

config/locales/de.yml

@@ -83,8 +83,8 @@ de:
     matching_between_User_uid_and_API_required: "Um diesen Provider hinzuzufügen, muss die Übereinstimmung zwischen User.uid und der API festgelegt werden."
   #PDF invoices generation
   invoices:
-    refund_invoice_reference: "Beleg der Rechnungsrückerstattungung: %{REF}"
-    invoice_reference: "Rechnungsbezug: %{REF}"
+    refund_invoice_reference: "Beleg der Rechnungsrückerstattung: %{REF}"
+    invoice_reference: "Rechnungsnummer: %{REF}"
     code: "Code: %{CODE}"
     order_number: "Bestellnummer: %{NUMBER}"
     invoice_issued_on_DATE: "Rechnung ausgestellt am %{DATE}"
@@ -729,8 +729,8 @@ de:
     store_hidden: "Shop für die Öffentlichkeit versteckt"
     advanced_accounting: "Erweiterte Buchhaltung"
     external_id: "externe Id"
-    prevent_invoices_zero: "prevent building invoices at 0"
-    invoice_VAT-name: "VAT name"
+    prevent_invoices_zero: "Keine Rechnungserstellung bei 0€"
+    invoice_VAT-name: "Ust-Name"
     trainings_auto_cancel: "Trainings automatic cancellation"
     trainings_auto_cancel_threshold: "Minimum participants for automatic cancellation"
     trainings_auto_cancel_deadline: "Automatic cancellation deadline"

db/migrate/20240605085829_add_uid_attribute_to_saml_provider.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class AddUidAttributeToSamlProvider < ActiveRecord::Migration[7.0]
+  def change
+    add_column :saml_providers, :uid_attribute, :string
+  end
+end