From 93723a7e463c59705036554feb2507830d42669a Mon Sep 17 00:00:00 2001
From: Guillaume Rousse <guillaume.rousse@renater.fr>
Date: Thu, 13 Dec 2018 14:58:46 +0100
Subject: [PATCH] add warning about unique access to accounts list
---
lib/AccountManager/App.pm | 15 +++++++++++----
lib/AccountManager/L10N/fr.pm | 9 +++++----
templates/web/edugain/create_accounts.tt2.html | 8 +++++---
templates/web/renater/create_accounts.tt2.html | 8 +++++---
4 files changed, 26 insertions(+), 14 deletions(-)
diff --git a/lib/AccountManager/App.pm b/lib/AccountManager/App.pm
index d184458..2287d82 100644
--- a/lib/AccountManager/App.pm
+++ b/lib/AccountManager/App.pm
@@ -644,6 +644,14 @@ sub req_create_accounts {
$entityid,
);
+ my $download_url = sprintf(
+ "%s?action=download_accounts&entityid=%s&token=%s&key=%s",
+ $self->{configuration}->{app}->{url},
+ $entityid,
+ $download_token->secret(),
+ $key
+ );
+
$self->respond(
template => 'create_accounts.tt2.html',
data => {
@@ -656,10 +664,9 @@ sub req_create_accounts {
entityid => $entityid,
url => $sp->information_url(),
},
- email => $email,
- key => $key,
- token => $download_token->secret(),
- days => $validity_period,
+ email => $email,
+ download_url => $download_url,
+ days => $validity_period,
}
);
}
diff --git a/lib/AccountManager/L10N/fr.pm b/lib/AccountManager/L10N/fr.pm
index d37bd2d..076be42 100644
--- a/lib/AccountManager/L10N/fr.pm
+++ b/lib/AccountManager/L10N/fr.pm
@@ -75,10 +75,6 @@ msgstr "URL du challenge: %1"
msgid "Complete email challenge"
msgstr "Validez le challenge e-mail"
-#: templates/web/edugain/create_accounts.tt2.html:14 templates/web/renater/create_accounts.tt2.html:16
-msgid "Download in CSV format"
-msgstr "Télécharger au format CSV"
-
#: templates/web/edugain/errors.tt2.html:6 templates/web/renater/errors.tt2.html:6
msgid "Error:"
msgstr "Erreur:"
@@ -205,6 +201,11 @@ msgstr "Cette information est nécessaire"
msgid "This is an email challenge automatically sent to you by %1."
msgstr "Ceci est un message envoyé automatiquement par %1."
+#. (download.url)
+#: templates/web/renater/create_accounts.tt2.html:17
+msgid "This page won't be accessible again, you should either keep it open in your web browser, or <a href=\"%1\">download accounts in CSV format</a>."
+msgstr "Il ne sera pas possible de ré-accéder à cette page, vous devriez soit la garder ouverte dans votre navigateur, ou <a href=\"%1\">télécharger les comptes au format CSV</a>."
+
#: templates/web/edugain/select_email.tt2.html:27 templates/web/renater/select_email.tt2.html:27
msgid "Those email addresses have been extracted from your service metadata."
msgstr "Ces addresses e-mail ont été extraites des métadonnées pour votre service."
diff --git a/templates/web/edugain/create_accounts.tt2.html b/templates/web/edugain/create_accounts.tt2.html
index 40f47d5..fba6a15 100644
--- a/templates/web/edugain/create_accounts.tt2.html
+++ b/templates/web/edugain/create_accounts.tt2.html
@@ -7,11 +7,13 @@
<h2>[% lh.maketext("Test accounts created") %]</h2>
<p>
-[% lh.maketext("You can now use these test accounts to login at your <a href=\"[_1]\">service provider</a>.", sp.url) %]
-[% lh.maketext("To do so, select <strong>[_1]</strong> when choosing an identity provider.", idp.name) %]
+ [% lh.maketext("You can now use these test accounts to login at your <a href=\"[_1]\">service provider</a>.", sp.url) %]
+ [% lh.maketext("To do so, select <strong>[_1]</strong> when choosing an identity provider.", idp.name) %]
</p>
-<p><a class="button" href="[% app.url %]?action=download_accounts&entityid=[% sp.entityid %]&token=[% token %]&key=[% key %]">[% lh.maketext("Download in CSV format") %]</a></p>
+<p class="callout warning">
+ [% lh.maketext("This page won't be accessible again, you should either keep it open in your web browser, or <a href=\"[_1]\">download accounts in CSV format</a>.", download_url) %]
+</p>
<div class="accounts row">
[% FOREACH account IN accounts %]
diff --git a/templates/web/renater/create_accounts.tt2.html b/templates/web/renater/create_accounts.tt2.html
index 6156615..0a32f65 100644
--- a/templates/web/renater/create_accounts.tt2.html
+++ b/templates/web/renater/create_accounts.tt2.html
@@ -9,11 +9,13 @@
<h2>[% lh.maketext("Test accounts created") %]</h2>
<p>
-[% lh.maketext("You can now use these test accounts to login at your <a href=\"[_1]\">service provider</a>.", sp.url) %]
-[% lh.maketext("To do so, select <strong>[_1]</strong> when choosing an identity provider.", idp.name) %]
+ [% lh.maketext("You can now use these test accounts to login at your <a href=\"[_1]\">service provider</a>.", sp.url) %]
+ [% lh.maketext("To do so, select <strong>[_1]</strong> when choosing an identity provider.", idp.name) %]
</p>
-<p><a class="button" href="[% app.url %]?action=download_accounts&entityid=[% sp.entityid %]&token=[% token %]&key=[% key %]">[% lh.maketext("Download in CSV format") %]</a></p>
+<p class="callout alert-callout-border warning">
+ [% lh.maketext("This page won't be accessible again, you should either keep it open in your web browser, or <a href=\"[_1]\">download accounts in CSV format</a>.", download_url) %]
+</p>
<div class="accounts row">
[% FOREACH account IN accounts %]
--
GitLab