vbatts/mastodon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
mastodon/config/locales/simple_form.en.yml
santiagorodriguez96 e8d41bc2fe
Add WebAuthn as an alternative 2FA method (#14466) 
* feat: add possibility of adding WebAuthn security keys to use as 2FA

This adds a basic UI for enabling WebAuthn 2FA. We did a little refactor
to the Settings page for editing the 2FA methods – now it will list the
methods that are available to the user (TOTP and WebAuthn) and from
there they'll be able to add or remove any of them.
Also, it's worth mentioning that for enabling WebAuthn it's required to
have TOTP enabled, so the first time that you go to the 2FA Settings
page, you'll be asked to set it up.
This work was inspired by the one donde by Github in their platform, and
despite it could be approached in different ways, we decided to go with
this one given that we feel that this gives a great UX.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add request for WebAuthn as second factor at login if enabled

This commits adds the feature for using WebAuthn as a second factor for
login when enabled.
If users have WebAuthn enabled, now a page requesting for the use of a
WebAuthn credential for log in will appear, although a link redirecting
to the old page for logging in using a two-factor code will also be
present.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: add possibility of deleting WebAuthn Credentials

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: disable WebAuthn when an Admin disables 2FA for a user

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* feat: remove ability to disable TOTP leaving only WebAuthn as 2FA

Following examples form other platforms like Github, we decided to make
Webauthn 2FA secondary to 2FA with TOTP, so that we removed the
possibility of removing TOTP authentication only, leaving users with
just WEbAuthn as 2FA. Instead, users will have to click on 'Disable 2FA'
in order to remove second factor auth.
The reason for WebAuthn being secondary to TOPT is that in that way,
users will still be able to log in using their code from their phone's
application if they don't have their security keys with them – or maybe
even lost them.

* We had to change a little the flow for setting up TOTP, given that now
  it's possible to setting up again if you already had TOTP, in order to
  let users modify their authenticator app – given that now it's not
  possible for them to disable TOTP and set it up again with another
  authenticator app.
  So, basically, now instead of storing the new `otp_secret` in the
  user, we store it in the session until the process of set up is
  finished.
  This was because, as it was before, when users clicked on 'Edit' in
  the new two-factor methods lists page, but then went back without
  finishing the flow, their `otp_secret` had been changed therefore
  invalidating their previous authenticator app, making them unable to
  log in again using TOTP.

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>

* refactor: fix eslint errors

The PR build was failing given that linting returning some errors.
This commit attempts to fix them.

* refactor: normalize i18n translations

The build was failing given that i18n translations files were not
normalized.
This commits fixes that.

* refactor: avoid having the webauthn gem locked to a specific version

* refactor: use symbols for routes without '/'

* refactor: avoid sending webauthn disabled email when 2FA is disabled

When an admins disable 2FA for users, we were sending two mails
to them, one notifying that 2FA was disabled and the other to notify
that WebAuthn was disabled.
As the second one is redundant since the first email includes it, we can
remove it and send just one email to users.

* refactor: avoid creating new env variable for webauthn_origin config

* refactor: improve flash error messages for webauthn pages

Co-authored-by: Facundo Padula <facundo.padula@cedarcode.com>
2020-08-24 16:46:27 +02:00

195 lines
9.9 KiB
YAML
Raw Blame History

---
en:
simple_form:
hints:
account_alias:
acct: Specify the username@domain of the account you want to move from
account_migration:
acct: Specify the username@domain of the account you want to move to
account_warning_preset:
text: You can use toot syntax, such as URLs, hashtags and mentions
title: Optional. Not visible to the recipient
admin_account_action:
include_statuses: The user will see which toots have caused the moderation action or warning
send_email_notification: The user will receive an explanation of what happened with their account
text_html: Optional. You can use toot syntax. You can <a href="%{path}">add warning presets</a> to save time
type_html: Choose what to do with <strong>%{acct}</strong>
warning_preset_id: Optional. You can still add custom text to end of the preset
announcement:
all_day: When checked, only the dates of the time range will be displayed
ends_at: Optional. Announcement will be automatically unpublished at this time
scheduled_at: Leave blank to publish the announcement immediately
starts_at: Optional. In case your announcement is bound to a specific time range
text: You can use toot syntax. Please be mindful of the space the announcement will take up on the user's screen
defaults:
autofollow: People who sign up through the invite will automatically follow you
avatar: PNG, GIF or JPG. At most %{size}. Will be downscaled to %{dimensions}px
bot: This account mainly performs automated actions and might not be monitored
context: One or multiple contexts where the filter should apply
current_password: For security purposes please enter the password of the current account
current_username: To confirm, please enter the username of the current account
digest: Only sent after a long period of inactivity and only if you have received any personal messages in your absence
discoverable: The profile directory is another way by which your account can reach a wider audience
email: You will be sent a confirmation e-mail
fields: You can have up to 4 items displayed as a table on your profile
header: PNG, GIF or JPG. At most %{size}. Will be downscaled to %{dimensions}px
inbox_url: Copy the URL from the frontpage of the relay you want to use
irreversible: Filtered toots will disappear irreversibly, even if filter is later removed
locale: The language of the user interface, e-mails and push notifications
locked: Requires you to manually approve followers
password: Use at least 8 characters
phrase: Will be matched regardless of casing in text or content warning of a toot
scopes: Which APIs the application will be allowed to access. If you select a top-level scope, you don't need to select individual ones.
setting_aggregate_reblogs: Do not show new boosts for toots that have been recently boosted (only affects newly-received boosts)
setting_default_sensitive: Sensitive media is hidden by default and can be revealed with a click
setting_display_media_default: Hide media marked as sensitive
setting_display_media_hide_all: Always hide media
setting_display_media_show_all: Always show media
setting_hide_network: Who you follow and who follows you will not be shown on your profile
setting_noindex: Affects your public profile and status pages
setting_show_application: The application you use to toot will be displayed in the detailed view of your toots
setting_use_blurhash: Gradients are based on the colors of the hidden visuals but obfuscate any details
setting_use_pending_items: Hide timeline updates behind a click instead of automatically scrolling the feed
username: Your username will be unique on %{domain}
whole_word: When the keyword or phrase is alphanumeric only, it will only be applied if it matches the whole word
domain_allow:
domain: This domain will be able to fetch data from this server and incoming data from it will be processed and stored
email_domain_block:
domain: This can be the domain name that shows up in the e-mail address, the MX record that domain resolves to, or IP of the server that MX record resolves to. Those will be checked upon user sign-up and the sign-up will be rejected.
with_dns_records: An attempt to resolve the given domain's DNS records will be made and the results will also be blocked
featured_tag:
name: 'You might want to use one of these:'
form_challenge:
current_password: You are entering a secure area
imports:
data: CSV file exported from another Mastodon server
invite_request:
text: This will help us review your application
sessions:
otp: 'Enter the two-factor code generated by your phone app or use one of your recovery codes:'
webauthn: If it's an USB key be sure to insert it and, if necessary, tap it.
tag:
name: You can only change the casing of the letters, for example, to make it more readable
user:
chosen_languages: When checked, only toots in selected languages will be displayed in public timelines
labels:
account:
fields:
name: Label
value: Content
account_alias:
acct: Handle of the old account
account_migration:
acct: Handle of the new account
account_warning_preset:
text: Preset text
title: Title
admin_account_action:
include_statuses: Include reported toots in the e-mail
send_email_notification: Notify the user per e-mail
text: Custom warning
type: Action
types:
disable: Disable login
none: Do nothing
silence: Silence
suspend: Suspend and irreversibly delete account data
warning_preset_id: Use a warning preset
announcement:
all_day: All-day event
ends_at: End of event
scheduled_at: Schedule publication
starts_at: Start of event
text: Announcement
defaults:
autofollow: Invite to follow your account
avatar: Avatar
bot: This is a bot account
chosen_languages: Filter languages
confirm_new_password: Confirm new password
confirm_password: Confirm password
context: Filter contexts
current_password: Current password
data: Data
discoverable: List this account on the directory
display_name: Display name
email: E-mail address
expires_in: Expire after
fields: Profile metadata
header: Header
inbox_url: URL of the relay inbox
irreversible: Drop instead of hide
locale: Interface language
locked: Lock account
max_uses: Max number of uses
new_password: New password
note: Bio
otp_attempt: Two-factor code
password: Password
phrase: Keyword or phrase
setting_advanced_layout: Enable advanced web interface
setting_aggregate_reblogs: Group boosts in timelines
setting_auto_play_gif: Auto-play animated GIFs
setting_boost_modal: Show confirmation dialog before boosting
setting_crop_images: Crop images in non-expanded toots to 16x9
setting_default_language: Posting language
setting_default_privacy: Posting privacy
setting_default_sensitive: Always mark media as sensitive
setting_delete_modal: Show confirmation dialog before deleting a toot
setting_display_media: Media display
setting_display_media_default: Default
setting_display_media_hide_all: Hide all
setting_display_media_show_all: Show all
setting_expand_spoilers: Always expand toots marked with content warnings
setting_hide_network: Hide your network
setting_noindex: Opt-out of search engine indexing
setting_reduce_motion: Reduce motion in animations
setting_show_application: Disclose application used to send toots
setting_system_font_ui: Use system's default font
setting_theme: Site theme
setting_trends: Show today's trends
setting_unfollow_modal: Show confirmation dialog before unfollowing someone
setting_use_blurhash: Show colorful gradients for hidden media
setting_use_pending_items: Slow mode
severity: Severity
sign_in_token_attempt: Security code
type: Import type
username: Username
username_or_email: Username or Email
whole_word: Whole word
email_domain_block:
with_dns_records: Include MX records and IPs of the domain
featured_tag:
name: Hashtag
interactions:
must_be_follower: Block notifications from non-followers
must_be_following: Block notifications from people you don't follow
must_be_following_dm: Block direct messages from people you don't follow
invite:
comment: Comment
invite_request:
text: Why do you want to join?
notification_emails:
digest: Send digest e-mails
favourite: Someone favourited your status
follow: Someone followed you
follow_request: Someone requested to follow you
mention: Someone mentioned you
pending_account: New account needs review
reblog: Someone boosted your status
report: New report is submitted
trending_tag: An unreviewed hashtag is trending
tag:
listable: Allow this hashtag to appear in searches and on the profile directory
name: Hashtag
trendable: Allow this hashtag to appear under trends
usable: Allow toots to use this hashtag
'no': 'No'
recommended: Recommended
required:
mark: "*"
text: required
title:
sessions:
webauthn: Use one of your security keys to sign in
'yes': 'Yes'
Reference in a new issue View git blame Copy permalink