Fix changelog upper/lowercase for 11.2.1.1

Update 11.2.1
chores: add make_changelog script
2024-09-03 20:06:27 +02:00 · 2024-05-20 00:43:30 +02:00 · 2024-05-20 00:27:57 +02:00 · 2024-05-20 00:25:46 +02:00 · 2024-05-08 01:31:29 +02:00 · 2024-05-08 01:11:39 +02:00
62 changed files with 2558 additions and 700 deletions
--- a/README.md
+++ b/README.md
@ -1,7 +1,7 @@
 SSOwat
 ======

-A simple LDAP SSO for nginx, written in Lua
+A simple LDAP SSO for NGINX, written in Lua.

 <a href="https://translate.yunohost.org/engage/yunohost/?utm_source=widget">
 <img src="https://translate.yunohost.org/widgets/yunohost/-/287x66-white.png" alt="Translation status" />
@ -10,25 +10,25 @@ A simple LDAP SSO for nginx, written in Lua
 Issues
 ------

- [Please report issues on YunoHost bugtracker](https://github.com/YunoHost/issues).
+- [Please report issues to the YunoHost bugtracker](https://github.com/YunoHost/issues).

 Requirements
 ------------

- Nginx-extras from Debian wheezy-backports
- lua-json
- lua-ldap
- lua-filesystem
- lua-socket
- lua-rex-pcre
+- `nginx-extras` from Debian wheezy-backports
+- `lua-json`
+- `lua-ldap`
+- `lua-filesystem`
+- `lua-socket`
+- `lua-rex-pcre`

 **OR**

- Nginx "Openresty" flavored : http://openresty.org/
- lua-ldap
- lua-filesystem
- lua-socket
- lua-rex-pcre
+- "OpenResty" flavored NGINX: https://openresty.org/
+- `lua-ldap`
+- `lua-filesystem`
+- `lua-socket`
+- `lua-rex-pcre`

 Installation
 ------------
@ -36,14 +36,14 @@ Installation
 * Fetch the repository

 ```bash
-git clone https://github.com/Kloadut/SSOwat /etc/ssowat
+git clone https://github.com/YunoHost/SSOwat /etc/ssowat
 ```


-Nginx configuration
+NGINX configuration
 -------------------

-* Add SSOwat's Nginx configuration (`http{}` scope)
+* Add SSOwat's NGINX configuration (`http{}` scope)

 ```bash
 nano /etc/nginx/conf.d/ssowat.conf
@ -72,104 +72,180 @@ If you use YunoHost, you may want to edit the `/etc/ssowat/conf.json.persistent`

 ## Available parameters

-These are the SSOwat's configuration parameters. Only `portal_domain` is required, but it is recommended to know the others to fully understand what you can do with SSOwat.
+Only the `portal_domain` SSOwat configuration parameters is required, but it is recommended to know the others to fully understand what you can do with it.

-#### portal_domain
+---------------

-Domain of the authentication portal. It has to be a domain, IP addresses will not work with SSOwat (**Required**)
+### portal_domain

-#### portal_path
+Domain of the authentication portal. It has to be a domain, IP addresses will not work with SSOwat (**Required**).
+
+---------------
+
+### portal_path

 URI of the authentication portal (**default**: `/ssowat/`). This path **must** end with “`/`”.

-#### portal_port
+---------------

-Web port of the authentication portal (**default**: `443` for `https`, `80` for `http`)
+### portal_port

-#### portal_scheme
+Web port of the authentication portal (**default**: `443` for `https`, `80` for `http`).

-Whether authentication should use secure connection or not (**default**: `https`)
+---------------

-#### domains
+### portal_scheme

-List of handled domains (**default**: similar to `portal_domain`)
+Whether authentication should use secure connection or not (**default**: `https`).

-#### ldap_host
+---------------

-LDAP server hostname (**default**: `localhost`)
+### domains

-#### ldap_group
+List of handled domains (**default**: similar to `portal_domain`).

-LDAP group to search in (**default**: `ou=users,dc=yunohost,dc=org`)
+---------------

-#### ldap_identifier
+### ldap_host

-LDAP user identifier (**default**: `uid`)
+LDAP server hostname (**default**: `localhost`).

-#### ldap_attributes
+---------------

-User's attributes to fetch from LDAP (**default**: `["uid", "givenname", "sn", "cn", "homedirectory", "mail", "maildrop"]`)
+### ldap_group

-#### ldap_enforce_crypt
+LDAP group to search in (**default**: `ou=users,dc=yunohost,dc=org`).

-Let SSOwat re-encrypt weakly-encrypted LDAP passwords into the safer sha-512 (crypt) (**default**: `true`)
+---------------

-#### allow_mail_authentication
+### ldap_identifier

-Whether users can authenticate with their mail address (**default**: `true`)
+LDAP user identifier (**default**: `uid`).

-#### login_arg
+---------------

-URI argument to use for cross-domain authentication (**default**: `sso_login`)
+### ldap_attributes

-#### additional_headers
+User's attributes to fetch from LDAP (**default**: `["uid", "givenname", "sn", "cn", "homedirectory", "mail", "maildrop"]`).

-Array of additionnal HTTP headers to set once user is authenticated (**default**: `{ "Remote-User": "uid" }`)
+---------------

-#### session_timeout
+### ldap_enforce_crypt

-The session expiracy time limit in seconds, since the last connection (**default**: `86400` / one day)
+Let SSOwat re-encrypt weakly-encrypted LDAP passwords into the safer sha-512 (crypt) (**default**: `true`).

-#### session_max_timeout
+---------------

-The session expiracy time limit in seconds (**default**: `604800` / one week)
+### allow_mail_authentication

-#### protected_urls
+Whether users can authenticate with their mail address (**default**: `true`).

-List of priorily protected URLs and/or URIs (**by default, every URL is protected**)
+---------------

-#### protected_regex
+### login_arg

-List of regular expressions to be matched against URLs **and** URIs to protect them
+URI argument to use for cross-domain authentication (**default**: `sso_login`).

-#### skipped_urls
+---------------

-List of URLs and/or URIs that will not be affected by SSOwat. This must be a JSON array, and SSOwat automatically adds itself to this array.
+### additional_headers

-#### skipped_regex
+Array of additionnal HTTP headers to set once user is authenticated (**default**: `{ "Remote-User": "uid" }`).

-List of regular expressions to be matched against URLs **and** URIs to ignore them
+---------------

-#### unprotected_urls
+### session_timeout

-List of URLs and/or URIs that will not be affected by SSOwat **unless user is authenticated**
+The session expiracy time limit in seconds, since the last connection (**default**: `86400` / one day).

-#### unprotected_regex
+---------------

-List of regular expressions to be matched against URLs **and** URIs to ignore them **unless user is authenticated**
+### session_max_timeout

-#### redirected_urls
+The session expiracy time limit in seconds (**default**: `604800` / one week).

-Array of URLs and/or URIs to redirect and their redirect URI/URL (**example**: `{ "/": "example.org/subpath" }`)
+---------------

-#### redirected_regex
+### redirected_urls

-Array of regular expressions to be matched against URLS **and** URIs and their redirect URI/URL (**example**: `{ "example.org/megusta$": "example.org/subpath" }`)
+Array of URLs and/or URIs to redirect and their redirect URI/URL (**example**: `{ "/": "example.org/subpath" }`).
+
+---------------
+
+### redirected_regex
+
+Array of regular expressions to be matched against URLs **and** URIs and their redirect URI/URL (**example**: `{ "example.org/megusta$": "example.org/subpath" }`).
+
+---------------
+
+### default_language
+
+Language code used by default in views (**default**: `en`).
+
+---------------
+
+### permissions
+
+The list of permissions depicted as follows:
+
+```json
+"myapp.main": {
+    "auth_header": true,
+    "label": "MyApp",
+    "public": true,
+    "show_tile": true,
+    "uris": [
+        "example.tld/myapp"
+    ],
+    "users": [
+        "JaneDoe",
+        "JohnDoe"
+    ]
+},
+"myapp.admin": {
+    "auth_header": true,
+    "label": "MyApp (admin)",
+    "public": false,
+    "show_tile": false,
+    "uris": [
+        "example.tld/myapp/admin"
+    ],
+    "users": [
+        "JaneDoe"
+    ]
+},
+"myapp.api": {
+    "auth_header": false,
+    "label": "MyApp (api)",
+    "public": true,
+    "show_tile": false,
+    "uris": [
+        "re:domain%.tld/%.well%-known/.*"
+    ],
+    "users": []
+}
+```
+
+#### auth_header
+
+Does the SSO add an authentication header that allows certain apps to connect automatically? (**True by default**)
+
+#### label
+
+A user-friendly name displayed in the portal and in the administration panel to manage permission. (**By convention it is of the form: Name of the app (specificity of this permission)**)
+
+#### public
+
+Can a person who is not connected to the SSO have access to this authorization?
+
+#### show_tile
+
+Display or not the tile in the user portal.
+
+#### uris
+
+A list of url attatched to this permission, a regex url start with `re:`.

 #### users

-2-level array containing usernames and their allowed URLs along with an App name (**example**: `{ "kload": { "kload.fr/myapp/": "My App" } }`)
-
-#### default_language
-
-Language code used by default in views (**default**: `en`)
+A list of users which is allowed to access to this permission. If `public`.
--- a/access.lua
+++ b/access.lua
@ -16,18 +16,20 @@ if not srvkey then
    cache:add("srvkey", srvkey)
 end

-- Initialize and get configuration
-local conf = config.get_config()
-
 -- Import helpers
 local hlp = require "helpers"

-- Import Perl regular expressions library
-local rex = require "rex_pcre"
+-- Initialize and get configuration
+hlp.refresh_config()
+local conf = hlp.get_config()
+
+-- Load logging module
+local logger = require("log")

 -- Just a note for the client to know that he passed through the SSO
 ngx.header["X-SSO-WAT"] = "You've just been SSOed"

+local is_logged_in = hlp.refresh_logged_in()

 --
 -- 1. LOGIN
@ -47,7 +49,7 @@ if ngx.var.host ~= conf["portal_domain"] and ngx.var.request_method == "GET" the
        user = cache:get("CDA|"..cda_key)
        if user then
            hlp.set_auth_cookie(user, ngx.var.host)
-            ngx.log(ngx.NOTICE, "Cross-domain authentication: "..user.." connected on "..ngx.var.host)
+            logger.info("Cross-domain authentication: "..user.." connected on "..ngx.var.host)
            cache:delete("CDA|"..cda_key)
        end

@ -65,7 +67,7 @@ end
 -- If the URL matches the portal URL, serve a portal file or proceed to a
 -- portal operation
 --
-if ngx.var.host == conf["portal_domain"]
+if (ngx.var.host == conf["portal_domain"] or is_logged_in)
   and hlp.string.starts(ngx.var.uri, string.sub(conf["portal_path"], 1, -2))
 then

@ -88,11 +90,12 @@ then
        -- Logout is also called via a `GET` method
        -- TODO: change this ?
        if uri_args.action and uri_args.action == 'logout' then
+            logger.debug("Logging out")
            return hlp.logout()

        -- If the `r` URI argument is set, it means that we want to
        -- be redirected (typically after a login phase)
-        elseif hlp.is_logged_in() and uri_args.r then
+        elseif is_logged_in and uri_args.r then
            -- Decode back url
            back_url = ngx.decode_base64(uri_args.r)

@ -100,17 +103,16 @@ then
            -- pass some additional headers
            if string.match(back_url, "(.*)\n") then
                hlp.flash("fail", hlp.t("redirection_error_invalid_url"))
-                ngx.log(ngx.ERR, "Redirection url is invalid")
+                logger.error("Redirection url is invalid")
                return hlp.redirect(conf.portal_url)
            end

            -- Get managed domains
-            conf = config.get_config()
            local managed_domain = false
            for _, domain in ipairs(conf["domains"]) do
                local escaped_domain = domain:gsub("-", "%%-") -- escape dash for pattern matching
                if string.match(back_url, "^http[s]?://"..escaped_domain.."/") then
-                    ngx.log(ngx.INFO, "Redirection to a managed domain found")
+                    logger.debug("Redirection to a managed domain found")
                    managed_domain = true
                    break
                end
@ -120,7 +122,7 @@ then
            -- redirect to portal home page
            if not managed_domain then
                hlp.flash("fail", hlp.t("redirection_error_unmanaged_domain"))
-                ngx.log(ngx.ERR, "Redirection to an external domain aborted")
+                logger.error("Redirection to an external domain aborted")
                return hlp.redirect(conf.portal_url)
            end

@ -144,7 +146,7 @@ then

        -- In case we want to serve portal login or assets for portal, just
        -- serve it
-        elseif hlp.is_logged_in()
+        elseif is_logged_in
            or ngx.var.uri == conf["portal_path"]
            or (hlp.string.starts(ngx.var.uri, conf["portal_path"].."assets")
               and (not ngx.var.http_referer
@ -162,6 +164,7 @@ then
        -- If all the previous cases have failed, redirect to portal
        else
            hlp.flash("info", hlp.t("please_login"))
+            logger.debug("User should log in to be able to access "..ngx.var.uri)
            -- Force the scheme to HTTPS. This is to avoid an issue with redirection loop
            -- when trying to access http://main.domain.tld/ (SSOwat finds that user aint
            -- logged in, therefore redirects to SSO, which redirects to the back_url, which
@ -180,37 +183,56 @@ then
            if hlp.string.ends(ngx.var.uri, conf["portal_path"].."password.html")
            or hlp.string.ends(ngx.var.uri, conf["portal_path"].."edit.html")
            then
+               logger.debug("User attempts to edit its information")
               return hlp.edit_user()
            else
+               logger.debug("User attempts to log in")
               return hlp.login()
            end
        else
            -- Redirect to portal
            hlp.flash("fail", hlp.t("please_login_from_portal"))
+            logger.debug("Invalid POST request not coming from the portal url...")
            return hlp.redirect(conf.portal_url)
        end
    end
 end

+--
+-- 2 ... continued : portal assets that are available on every domains
+--
+-- For example: `https://whatever.org/ynhpanel.js` will serve the
+-- `/yunohost/sso/assets/js/ynhpanel.js` file.
+--
+
+if is_logged_in then
+    assets = {
+                   ["/ynh_portal.js"] = "js/ynh_portal.js",
+                   ["/ynh_userinfo.json"] = "ynh_userinfo.json",
+                   ["/ynh_overlay.css"] = "css/ynh_overlay.css"
+             }
+    theme_dir = "/usr/share/ssowat/portal/assets/themes/"..conf.theme
+    local pfile = io.popen('find "'..theme_dir..'" -not -path "*/\\.*" -type f -exec realpath --relative-to "'..theme_dir..'" {} \\;')
+    for filename in pfile:lines() do
+        assets["/ynhtheme/"..filename] = "themes/"..conf.theme.."/"..filename
+    end
+    pfile:close()
+
+    for shortcut, full in pairs(assets) do
+        if ngx.var.uri == shortcut then
+            logger.debug("Serving static asset "..full)
+            return hlp.serve("/yunohost/sso/assets/"..full, "static_asset")
+        end
+    end
+end
+

 --
-- 3. Redirected URLs
+-- 3. REDIRECTED URLS
 --
 -- If the URL matches one of the `redirected_urls` in the configuration file,
 -- just redirect to the target URL/URI
 --
-- A match function that uses PCRE regex as default
-- If '%.' is found in the regex, we assume it's a LUA regex (legacy code)
-function match(s, regex)
-    if not string.find(regex, '%%%.') then
-        if rex.match(s, regex) then
-            return true
-        end
-    elseif string.match(s,regex) then
-        return true
-    end
-    return false
-end

 function detect_redirection(redirect_url)
    if hlp.string.starts(redirect_url, "http://")
@ -228,6 +250,7 @@ if conf["redirected_urls"] then
        if url == ngx.var.host..ngx.var.uri..hlp.uri_args_string()
        or url == ngx.var.scheme.."://"..ngx.var.host..ngx.var.uri..hlp.uri_args_string()
        or url == ngx.var.uri..hlp.uri_args_string() then
+            logger.debug("Requested URI is in redirected_urls")
            detect_redirection(redirect_url)
        end
    end
@ -235,217 +258,122 @@ end

 if conf["redirected_regex"] then
    for regex, redirect_url in pairs(conf["redirected_regex"]) do
-        if match(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), regex)
-        or match(ngx.var.scheme.."://"..ngx.var.host..ngx.var.uri..hlp.uri_args_string(), regex)
-        or match(ngx.var.uri..hlp.uri_args_string(), regex) then
+        if hlp.match(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), regex)
+        or hlp.match(ngx.var.scheme.."://"..ngx.var.host..ngx.var.uri..hlp.uri_args_string(), regex)
+        or hlp.match(ngx.var.uri..hlp.uri_args_string(), regex) then
+            logger.debug("Requested URI is in redirected_regex")
            detect_redirection(redirect_url)
        end
    end
 end

-
 --
-- 4. Protected URLs
+-- 4. IDENTIFY THE RELEVANT PERMISSION
 --
-- If the URL matches one of the `protected_urls` in the configuration file,
-- we have to protect it even if the URL is also set in the `unprotected_urls`.
-- It could be useful if you want to unprotect every URL except a few
-- particular ones.
+-- In particular, the conf is filled with permissions such as:
+--
+--        "foobar": {
+--            "auth_header": false,
+--            "label": "Foobar permission",
+--            "public": false,
+--            "show_tile": true,
+--            "uris": [
+--                "yolo.test/foobar",
+--                "re:^[^/]*/%.well%-known/foobar/.*$",
+--            ],
+--            "users": ["alice", "bob"]
+--        }
+--
+--
+-- And we find the best matching permission by trying to match the request uri
+-- against all the uris rules/regexes from the conf and keep the longest matching one.
 --

-function is_protected()
-    if not conf["protected_urls"] then
-        conf["protected_urls"] = {}
-    end
-    if not conf["protected_regex"] then
-        conf["protected_regex"] = {}
-    end
+permission = nil
+longest_url_match = ""

-    for _, url in ipairs(conf["protected_urls"]) do
-        if hlp.string.starts(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), url)
-        or hlp.string.starts(ngx.var.uri..hlp.uri_args_string(), url) then
-            return true
-        end
-    end
-    for _, regex in ipairs(conf["protected_regex"]) do
-        if match(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), regex)
-        or match(ngx.var.uri..hlp.uri_args_string(), regex) then
-            return true
-        end
-    end
+ngx_full_url = ngx.var.host..ngx.var.uri

-    return false
-end
+for permission_name, permission_infos in pairs(conf["permissions"]) do
+    if next(permission_infos['uris']) ~= nil then
+        for _, url in pairs(permission_infos['uris']) do
+            if string.starts(url, "re:") then
+                url = string.sub(url, 4, string.len(url))
+            end
+            -- We want to match the beginning of the url
+            if not string.starts(url, "^") then
+                url = "^"..url
+            end

-
--
-- 5. Skipped URLs
--
-- If the URL matches one of the `skipped_urls` in the configuration file,
-- it means that the URL should not be protected by the SSO and no header
-- has to be sent, even if the user is already authenticated.
--
-
-if conf["skipped_urls"] then
-    for _, url in ipairs(conf["skipped_urls"]) do
-        if (hlp.string.starts(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), url)
-        or  hlp.string.starts(ngx.var.uri..hlp.uri_args_string(), url))
-        and not is_protected() then
-            return hlp.pass()
-        end
-    end
-end
-
-if conf["skipped_regex"] then
-    for _, regex in ipairs(conf["skipped_regex"]) do
-        if (match(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), regex)
-        or  match(ngx.var.uri..hlp.uri_args_string(), regex))
-        and not is_protected() then
-            return hlp.pass()
+            local m = hlp.match(ngx_full_url, url)
+            if m ~= nil and string.len(m) > string.len(longest_url_match) then
+                longest_url_match = m
+                permission = permission_infos
+                permission["id"] = permission_name
+            end
        end
    end
 end


--
-- 6. Specific files (used in YunoHost)
--
-- We want to serve specific portal assets right at the root of the domain.
--
-- For example: `https://mydomain.org/ynhpanel.js` will serve the
-- `/yunohost/sso/assets/js/ynhpanel.js` file.
--
+---
+--- 5. CHECK CLIENT-PROVIDED AUTH HEADER (should almost never happen?)
+---

-function scandir(directory, callback)
-    -- FIXME : this sometime fails (randomly...)
-    -- because of 'interrupted system call'
-    -- use find (and not ls) to list only files recursively and with their full path relative to the asked directory
-    local pfile = io.popen('cd "'..directory..'" && find * -type f')
-    for filename in pfile:lines() do
-        callback(filename)
+if permission ~= nil then
+    perm_user_remote_user_var_in_nginx_conf = permission["use_remote_user_var_in_nginx_conf"]
+    if perm_user_remote_user_var_in_nginx_conf == nil or perm_user_remote_user_var_in_nginx_conf == true then
+        is_logged_in_with_basic_auth = hlp.validate_or_clear_basic_auth_header_provided_by_client()
+
+        -- NB: is_logged_in_with_basic_auth can be false, true or nil
+        if is_logged_in_with_basic_auth == false then
+            return ngx.exit(ngx.HTTP_UNAUTHORIZED)
+        elseif is_logged_in_with_basic_auth == true then
+            is_logged_in = true
+        end
    end
-    pfile:close()
 end

-function serveAsset(shortcut, full)
-  if string.match(ngx.var.uri, "^"..shortcut.."$") then
-      hlp.serve("/yunohost/sso/assets/"..full, "static_asset")
-  end
-end
+--
+--
+-- 6. APPLY PERMISSION
+--
+--

-function serveThemeFile(filename)
-  serveAsset("/ynhtheme/"..filename, "themes/"..conf.theme.."/"..filename)
-end
+-- 1st case : client has access

-if hlp.is_logged_in() then
-    -- serve ynhpanel files
-    serveAsset("/ynh_portal.js", "js/ynh_portal.js")
-    serveAsset("/ynh_overlay.css", "css/ynh_overlay.css")
-    -- serve theme's files
-    -- FIXME? I think it would be better here not to use an absolute path
-    -- but I didn't succeed to figure out where is the current location of the script
-    -- if you call it from "portal/assets/themes/" the ls fails
-    scandir("/usr/share/ssowat/portal/assets/themes/"..conf.theme, serveThemeFile)
+if hlp.has_access(permission) then

-    -- If user has no access to this URL, redirect him to the portal
-    if not hlp.has_access() then
-        return hlp.redirect(conf.portal_url)
+    if is_logged_in then
+        -- If the user is logged in, refresh_cache
+        hlp.refresh_user_cache()
+
+        -- If Basic Authorization header are enable for this permission,
+        -- add it to the response
+        if permission["auth_header"] then
+            hlp.set_headers()
+        else
+            hlp.clear_headers()
+        end
+    else
+        hlp.clear_headers()
    end

-    -- If the user is authenticated and has access to the URL, set the headers
-    -- and let it be
-    hlp.set_headers()
    return hlp.pass()
-end

+-- 2nd case : no access ... redirect to portal / login form
+else

-
--
-- 7. Unprotected URLs
--
-- If the URL matches one of the `unprotected_urls` in the configuration file,
-- it means that the URL should not be protected by the SSO *but* headers have
-- to be sent if the user is already authenticated.
--
-- It means that you can let anyone access to an app, but if a user has already
-- been authenticated on the portal, he can have his authentication headers
-- passed to the app.
--
-
-if conf["unprotected_urls"] then
-    for _, url in ipairs(conf["unprotected_urls"]) do
-        if (hlp.string.starts(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), url)
-        or  hlp.string.starts(ngx.var.uri..hlp.uri_args_string(), url))
-        and not is_protected() then
-            if hlp.is_logged_in() then
-                hlp.set_headers()
-            end
-            return hlp.pass()
-        end
-    end
-end
-
-if conf["unprotected_regex"] then
-    for _, regex in ipairs(conf["unprotected_regex"]) do
-        if (match(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), regex)
-        or  match(ngx.var.uri..hlp.uri_args_string(), regex))
-        and not is_protected() then
-            if hlp.is_logged_in() then
-                hlp.set_headers()
-            end
-            return hlp.pass()
-        end
-    end
-end
-
-
-
--
-- 8. Basic HTTP Authentication
--
-- If the `Authorization` header is set before reaching the SSO, we want to
-- match user and password against the user database.
--
-- It allows you to bypass the cookie-based procedure with a per-request
-- authentication. Very usefull when you are trying to reach a specific URL
-- via cURL for example.
--
-
-local auth_header = ngx.req.get_headers()["Authorization"]
-
-if auth_header then
-    _, _, b64_cred = string.find(auth_header, "^Basic%s+(.+)$")
-    _, _, user, password = string.find(ngx.decode_base64(b64_cred), "^(.+):(.+)$")
-    user = hlp.authenticate(user, password)
-    if user then
-        hlp.set_headers(user)
-
-        -- If user has no access to this URL, redirect him to the portal
-        if not hlp.has_access(user) then
-            return hlp.redirect(conf.portal_url)
+    if is_logged_in then
+        return hlp.redirect(conf.portal_url)
+    else
+        -- Only display this if HTTPS. For HTTP, we can't know if the user really is
+        -- logged in or not, because the cookie is available only in HTTP...
+        if ngx.var.scheme == "https" then
+            hlp.flash("info", hlp.t("please_login"))
        end

-        return hlp.pass()
+        local back_url = "https://" .. ngx.var.host .. ngx.var.uri .. hlp.uri_args_string()
+        return hlp.redirect(conf.portal_url.."?r="..ngx.encode_base64(back_url))
    end
 end
-
-
--
-- 9. Redirect to login
--
-- If no previous rule has matched, just redirect to the portal login.
-- The default is to protect every URL by default.
--
-
-- Only display this if HTTPS. For HTTP, we can't know if the user really is
-- logged in or not, because the cookie is available only in HTTP...
-if ngx.var.scheme == "https" then
-    hlp.flash("info", hlp.t("please_login"))
-end
-
-- Force the scheme to HTTPS. This is to avoid an issue with redirection loop
-- when trying to access http://main.domain.tld/ (SSOwat finds that user aint
-- logged in, therefore redirects to SSO, which redirects to the back_url, which
-- redirect to SSO, ..)
-local back_url = "https://" .. ngx.var.host .. ngx.var.uri .. hlp.uri_args_string()
-return hlp.redirect(conf.portal_url.."?r="..ngx.encode_base64(back_url))
--- a/conf.json.example
+++ b/conf.json.example
@ -1,31 +1,69 @@
 {
-   "portal_scheme": "https",
-   "portal_domain": "example.com",
-   "portal_path": "/ssowat/",
-   "theme": "default",
-   "domains": [
-        "example.com",
+    "additional_headers": {
+        "Auth-User": "uid",
+        "Email": "mail",
+        "Name": "cn",
+        "Remote-User": "uid"
+    },
+    "domains": [
+        "example.tld",
        "example.org"
    ],
-   "skipped_urls": [
-       "example.com/megusta",
-       "example.org/somuchwin"
-    ],
-   "unprotected_urls": ["example.com/yunoprotect"],
-   "additional_headers": {
-       "Auth-User": "uid",
-       "Remote-User": "uid",
-       "Email": "mail",
-       "Name": "cn"
-   },
-   "users": {
-       "myuser": {
-          "example.com/myapp": "My App",
-          "example.com/myapp2": "My second App"
-       },
-       "myuser2": {
-          "example.org/myapp": "My other domain App",
-          "example.com/myapp2": "My second App"
-       }
-   }
-}
+    "permissions": {
+        "core_skipped": {
+            "auth_header": false,
+            "label": "Core permissions - skipped",
+            "public": true,
+            "show_tile": false,
+            "uris": [
+                "example.tld/yunohost/admin",
+                "example.tld/yunohost/api",
+                "re:^[^/]*/%.well%-known/ynh%-diagnosis/.*$",
+                "re:^[^/]*/%.well%-known/acme%-challenge/.*$",
+                "re:^[^/]*/%.well%-known/autoconfig/mail/config%-v1%.1%.xml.*$"
+            ],
+            "users": []
+        },
+        "myapp.admin": {
+            "auth_header": true,
+            "label": "MyApp (admin)",
+            "public": false,
+            "show_tile": false,
+            "uris": [
+               "example.tld/myapp/admin"
+            ],
+            "users": [
+                "JaneDoe"
+            ]
+        },
+        "myapp.api": {
+            "auth_header": false,
+            "label": "MyApp (api)",
+            "public": true,
+            "show_tile": false,
+            "uris": [
+                "re:domain%.tld/%.well%-known/.*"
+            ],
+            "users": []
+        },
+        "myapp.main": {
+            "auth_header": true,
+            "label": "MyApp",
+            "public": true,
+            "show_tile": true,
+            "uris": [
+                "example.tld/myapp"
+            ],
+            "users": [
+                "JaneDoe",
+                "JohnDoe"
+            ]
+        }
+    },
+    "portal_domain": "example.tld",
+    "portal_path": "/yunohost/sso/",
+    "redirected_regex": {
+        "example.tld/yunohost[\\/]?$": "https://example.tld/yunohost/sso/"
+    },
+    "redirected_urls": {}
+}
--- a/config.lua
+++ b/config.lua
@ -6,33 +6,74 @@

 module('config', package.seeall)

+local config_attributes = nil
+local config_persistent_attributes = nil
+
+local conf = {}
+
+function compare_attributes(file_attributes1, file_attributes2)
+    if file_attributes1 == nil and file_attributes2 == nil then
+        return true
+    elseif file_attributes1 == nil and file_attributes2 ~= nil or file_attributes1 ~= nil and file_attributes2 == nil then
+        return false
+    end
+    return file_attributes1["modification"] == file_attributes2["modification"] and file_attributes1["size"] == file_attributes2["size"]
+end
+
+function update_language()
+    -- Set the prefered language from the `Accept-Language` header
+    conf.lang = ngx.req.get_headers()["Accept-Language"]
+
+    if conf.lang then
+        conf.lang = string.sub(conf.lang, 1, 2)
+    end
+end
+
 function get_config()

-    -- Load the configuration file
-    local conf_file = assert(io.open(conf_path, "r"), "Configuration file is missing")
-    local conf = json.decode(conf_file:read("*all"))
+    -- Get config files attributes (timestamp modification and size)
+    local new_config_attributes = lfs.attributes(conf_path, {"modification", "size"})
+    local new_config_persistent_attributes = lfs.attributes(conf_path..".persistent", {"modification", "size"})

+    if compare_attributes(new_config_attributes, config_attributes) and compare_attributes(new_config_persistent_attributes, config_persistent_attributes) then
+        update_language()
+        return conf
+    -- If the file is being written, its size may be 0 and reloading fails, return the last valid config
+    elseif new_config_attributes == nil or new_config_attributes["size"] == 0 then
+        update_language()
+        return conf
+    end
+
+    -- If the timestamp of the modification or the size is different, reload the configuration.
+    config_attributes = new_config_attributes
+    config_persistent_attributes = new_config_persistent_attributes
+    
+    local conf_file = assert(io.open(conf_path, "r"), "Configuration file is missing")
+    conf = json.decode(conf_file:read("*all"))
+    conf_file:close()

    -- Load additional rules from the `.persistent` configuration file.
    -- The `.persistent` file contains rules that will overwrite previous rules.
    -- It typically enables you to set custom rules.
    local persistent_conf_file = io.open(conf_path..".persistent", "r")
    if persistent_conf_file ~= nil then
-        for k, v in pairs(json.decode(persistent_conf_file:read("*all"))) do
+        perm_conf = json.decode(persistent_conf_file:read("*all"))
+        persistent_conf_file:close()
+        for k, v in pairs(perm_conf) do

-           -- If the configuration key already exists and is a table, merge it
-           if conf[k] and type(v) == "table" then
-               for subk, subv in pairs(v) do
-                   if type(subk) == "number" then
-                       table.insert(conf[k], subv)
-                   else
-                       conf[k][subk] = subv
-                   end
-               end
+            -- If the configuration key already exists and is a table, merge it
+            if conf[k] and type(v) == "table" then
+                for subk, subv in pairs(v) do
+                    if type(subk) == "number" then
+                        table.insert(conf[k], subv)
+                    else
+                        conf[k][subk] = subv
+                    end
+                end

            -- Else just take the persistent rule's value
            else
-               conf[k] = v
+                conf[k] = v
            end
        end
    end
@ -55,7 +96,9 @@ function get_config()
        ldap_attributes           = {"uid", "givenname", "sn", "cn", "homedirectory", "mail", "maildrop"},
        allow_mail_authentication = true,
        default_language          = "en",
-        theme                     = "default"
+        theme                     = "default",
+        logging                   = "fatal", -- Only log fatal messages by default (so apriori nothing)
+        permissions               = {}
    }


@ -81,15 +124,9 @@ function get_config()


    -- Always skip the portal to avoid redirection looping.
-    table.insert(conf["skipped_urls"], conf["portal_domain"]..conf["portal_path"])
+    table.insert(conf["permissions"]["core_skipped"]["uris"], conf["portal_domain"]..conf["portal_path"])

-
-    -- Set the prefered language from the `Accept-Language` header
-    conf.lang = ngx.req.get_headers()["Accept-Language"]
-
-    if conf.lang then
-        conf.lang = string.sub(conf.lang, 1, 2)
-    end
+    update_language()

    return conf
 end
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,436 @@
+ssowat (11.2.1.1) stable; urgency=low
+
+  - [i18n] Translations updated for Catalan, French, German, Kabyle, Spanish, Swedish
+
+  Thanks to all contributors <3 ! (Alexandre Aubin, Bram, ButterflyOfFire, Carlos Solís, Christian Wehrli, Gregor, xaloc33)
+
+ -- OniriCorpe <oniricorpe@yunohost.org>  Mon, 20 May 2024 00:26:37 +0200
+
+ssowat (11.2) stable; urgency=low
+
+  - i18n: Translations updated for Chinese (Simplified), German, Indonesian, Japanese
+
+  Thanks to all contributors <3 ! (Christian Wehrli, motcha, Neko Nekowazarashi, Poesty Li)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 17 Jul 2023 16:34:25 +0200
+
+ssowat (11.1.4) stable; urgency=low
+
+  - Releasing as stable
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 01 Feb 2023 20:28:06 +0100
+
+ssowat (11.1.3) testing; urgency=low
+
+  - debian: have a proper postinst script that reload (not restart, omg) nginx... (beed8a5)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 30 Jan 2023 16:33:17 +0100
+
+ssowat (11.1.2.5) testing; urgency=low
+
+  - Fix auth_header parsing when password contains semicolon ([#204](https://github.com/yunohost/ssowat/pull/204))
+
+  Thanks to all contributors <3 ! (ewilly)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Thu, 19 Jan 2023 17:21:40 +0100
+
+ssowat (11.1.2.4) testing; urgency=low
+
+  - security: rework previous fixes to use the new use_remote_user_var_in_nginx_conf in ssowat conf introduced in yunohost 11.1.2 (8faa805)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Tue, 10 Jan 2023 00:03:31 +0100
+
+ssowat (11.1.2.3) testing; urgency=low
+
+  - Stupid typo (4e92965)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 09 Jan 2023 20:51:17 +0100
+
+ssowat (11.1.2.2) testing; urgency=low
+
+  - Iterate on previous security fixes: ignore Auth header on PROPFIND routes, and don't drop Auth header which are not Basic auth (92f1e05)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 09 Jan 2023 19:47:04 +0100
+
+ssowat (11.1.2.1) testing; urgency=low
+
+  - security: clear custom ssowat headers when user is not logged in ([#209](https://github.com/yunohost/ssowat/pull/209))
+  - security: Also check client-provided auth headers to prevent impersonation (7a2d0ed)
+
+  Thanks to all contributors <3 ! (selfhoster1312)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 09 Jan 2023 18:32:46 +0100
+
+ssowat (11.1.2) testing; urgency=low
+
+  - [fix] helpers.lua: openssl v3 support for hmac_sha512 ([#208](https://github.com/yunohost/ssowat/pull/208))
+  - [fix] password check, path to yunohost lib changed in 11.x (71f68b0)
+  - [i18n] Translations updated for Basque, German, Polish, Slovak, Spanish, Ukrainian
+
+  Thanks to all contributors <3 ! (Christian Wehrli, Cyril Romain, Grzegorz Cichocki, Jose Riha, quiwy, Tymofii-Lytvynenko, xabirequejo)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 06 Jan 2023 00:40:30 +0100
+
+ssowat (11.1.0) testing; urgency=low
+
+  - User info self-edit would not update displayName (which is supposed to be the same as cn) resulting in inconsistencies (e2996f1)
+  - [i18n] Translations updated for Basque, Galician, Slovak, Turkish
+
+  Thanks to all contributors <3 ! (José M, Jose Riha, Sedat Albayrak, xabirequejo)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Tue, 25 Oct 2022 22:47:20 +0200
+
+ssowat (11.0.9) stable; urgency=low
+
+  - Bump version for stable release
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sun, 07 Aug 2022 23:30:35 +0200
+
+ssowat (11.0.8) testing; urgency=low
+
+  - [i18n] Translations updated for Polish, Slovak, Telugu
+
+  Thanks to all contributors <3 ! (Alice Kile, Jose Riha, Radek Raczkowski)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sun, 07 Aug 2022 12:19:38 +0200
+
+ssowat (11.0.7) testing; urgency=low
+
+  - [i18n] Translations updated for Spanish
+
+  Thanks to all contributors <3 ! (JimScope, Alexandre Aubin)
+
+ -- tituspijean <titus+yunohost@pijean.ovh>  Tue, 17 May 2022 23:59:32 +0200
+
+ssowat (11.0.6) testing; urgency=low
+
+  - [i18n] Translations updated for Finnish, French, Galician, German, Kabyle, Turkish
+
+  Thanks to all contributors <3 ! (3ole, Alexandre Aubin, Eylul Dogruel, José M, Kayou, Mico Hauataluoma, Selyan Slimane Amiri, Tagada)
+
+ -- Kay0u <pierre@kayou.io>  Tue, 29 Mar 2022 14:26:27 +0200
+
+ssowat (11.0.2) testing; urgency=low
+
+  - [mod] debian: Misc updates in control file for bullseye (136e4f2)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 19 Jan 2022 21:24:38 +0100
+
+ssowat (4.4.0) testing; urgency=low
+
+  - Bump version for 4.4.0
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 19 Jan 2022 21:20:37 +0100
+
+ssowat (4.3.3.1) stable; urgency=low
+
+  - [i18n] Translations updated for Dutch, Finnish
+
+  Thanks to all contributors <3 ! (Boudewijn, Mico Hauataluoma)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 19 Jan 2022 21:20:37 +0100
+
+ssowat (4.3.3) stable; urgency=low
+
+  - [i18n] Translations updated for Dutch, German
+
+  Thanks to all contributors <3 ! (Boudewijn, Valentin von Guttenberg)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 29 Dec 2021 01:11:41 +0100
+
+ssowat (4.3.2.2) stable; urgency=low
+
+  - [fix] Another fix for the redirect url check (981960f)
+
+  Thanks to all contributors <3 ! (Kay0u)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Thu, 18 Nov 2021 01:09:53 +0100
+
+ssowat (4.3.2.1) stable; urgency=low
+
+  - [fix] unauthorized redirect url check not matching non-alphanumeric chars in domain name ([#197](https://github.com/YunoHost/ssowat/pull/197))
+
+  Thanks to all contributors <3 ! (Kayou)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 15 Nov 2021 19:54:43 +0100
+
+ssowat (4.3.2) stable; urgency=low
+
+  - Bump version for stable release
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 05 Nov 2021 02:39:22 +0100
+
+ssowat (4.3.1.1) testing; urgency=low
+
+  - [i18n] Translations updated for Basque, Russian, Slovenian, Spanish
+
+  Thanks to all contributors <3 ! (Jurij Podgoršek, Page Asgardius, punkrockgirl, Semen Turchikhin)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 03 Nov 2021 18:46:10 +0100
+
+ssowat (4.3.1) testing; urgency=low
+
+  - [i18n] Translations updated for Indonesian
+
+  Thanks to all contributors <3 ! (liimee)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 29 Sep 2021 22:39:28 +0200
+
+ssowat (4.3.0) testing; urgency=low
+
+  - [enh] Improve logging when failing to authenticate ssowat cookies (b28788d)
+  - [fix] python -> python3 in password check (07378df)
+  - [enh] Add new theme "Clouds" ([#139](https://github.com/YunoHost/ssowat/pull/139))
+  - [fix] ynh_portal.css: fix font urls ([#193](https://github.com/YunoHost/ssowat/pull/193))
+  - [fix] Prevent attacker from crafting redirections to external domains ([#193](https://github.com/YunoHost/ssowat/pull/193))
+  - [i18n] Translations updated for Indonesian, Persian, Portuguese, Ukrainian
+
+  Thanks to all contributors <3 ! (Cyril Romain, Éric Gaspar, Geoff Montel, liimee, ljf, Parviz Homayun, Tymofii-Lytvynenko)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sun, 19 Sep 2021 21:16:49 +0200
+
+ssowat (4.2.4) stable; urgency=low
+
+  - [fix] Misc issues regarding dash filename, mime types, ynh_userinfo.json ([#189](https://github.com/yunohost/ssowat/pull/189))
+  - [fix] Broken Yunohost tile/overlay on iPhone ([#186](https://github.com/yunohost/ssowat/pull/186))
+  - [enh] Save overlay positions accross navigation ([#187](https://github.com/yunohost/ssowat/pull/187))
+  - [enh] security: Improve randomness of tmp filename ([#190](https://github.com/yunohost/ssowat/pull/190))
+  - [i18n] Translations updated for Esperanto, Finnish, Galician, German, Italian
+
+  Thanks to all contributors <3 ! (amirale qt, Christian Wehrli, Flavio Cristoforetti, José M, ljf, Luca, Mico Hauataluoma)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sun, 08 Aug 2021 21:58:14 +0200
+
+ssowat (4.2.3) stable; urgency=low
+
+  - [i18n] Translations updated for Galician
+
+  Thanks to all contributors <3 ! (José M)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 24 May 2021 17:39:12 +0200
+
+ssowat (4.2.2) stable; urgency=low
+
+  - [i18n] Translations updated for Czech, Dutch, French, German, Occitan, Russian
+
+  Thanks to all contributors <3 ! (Christian Wehrli, Mathieu Massaviol, Miloš Kroulík, panomaki, ppr, Quentí, Tymur Valiiev)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 08 May 2021 15:13:04 +0200
+
+ssowat (4.2.1) testing; urgency=low
+
+  - Remove SSOwAuthRedirect ([#182](https://github.com/yunohost/ssowat/pull/182))
+  - Avoid a syscall for cookies ([#183](https://github.com/yunohost/ssowat/pull/183))
+
+  Thanks to all contributors <3 ! (Kay0u)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 17 Apr 2021 03:44:14 +0200
+
+ssowat (4.2.0) testing; urgency=low
+
+  - Bump version number for testing release
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Thu, 25 Mar 2021 01:00:00 +0100
+
+ssowat (4.1.3) stable; urgency=low
+
+  - [fix] Regression where users are not redirected to the ynh portal ([#179](https://github.com/YunoHost/ssowat/pull/179))
+
+  Thanks to all contributors <3 ! (Kayou)
+
+ -- Kay0u <pierre@kayou.io>  Wed, 20 Jan 2021 01:54:06 +0100
+
+ssowat (4.1.2) stable; urgency=low
+
+  - [doc] Update the sso doc with the new permissions system ([#178](https://github.com/yunohost/ssowat/pull/178))
+  - Stable release
+
+  Thanks to all contributors <3 ! (Kay0u)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 08 Jan 2021 03:16:11 +0100
+
+ssowat (4.1.1.1) testing; urgency=low
+
+  - [fix] Change SSOwat auth header to "Proxy-Authorization" to prevent conflict with the app auth header
+
+  Thanks to all contributors <3 ! (Kay0u)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sun, 27 Dec 2020 14:06:30 +0100
+
+ssowat (4.1.1) testing; urgency=low
+
+  - [fix] Skip Autorization Header that are not Basic ([#175](https://github.com/yunohost/ssowat/pull/175))
+  - [doc] Update example config (fec1e4c)
+  - [fix] Don't set header if auth_header is false ([#176](https://github.com/yunohost/ssowat/pull/176))
+
+  Thanks to all contributors <3 ! (Kay0u, Titoko)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 19 Dec 2020 01:53:55 +0100
+
+ssowat (4.1.0) testing; urgency=low
+
+  - [enh] Extends permission feature (SSOwat#161)
+  - Update translations for Czech, French (SSOwat#173, SSOwat#174)
+
+  Thanks to all contributors <3 ! (ericgaspar, miloskroulik, Aleks, Josué, Kay0u, miloskroulik)
+
+ -- Kay0u <pierre@kayou.io> Thu, 03 Dec 2020 16:19:03 +0100
+
+ssowat (4.0.5) stable; urgency=low
+
+  - Fix a refression from 3.7 which removed the logging message used by fail2ban to identify failed logging attempts
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org> Sat, 31 Oct 2020 13:57:02 +0100
+
+ssowat (4.0.4.1) stable; urgency=low
+
+  - Fix a refression from last release, language not properly updated in conf
+
+  Thanks to all contributors <3 ! (Kay0u, ljf)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org> Mon, 07 Sep 2020 18:58:21 +0200
+
+ssowat (4.0.4) stable; urgency=low
+
+  - Reload the conf only if files has been modified (#170)
+
+  Thanks to all contributors <3 ! (Kay0u)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 04 Sep 2020 14:43:34 +0200
+
+ssowat (4.0.3) stable; urgency=low
+
+  - Bump version number for stable release
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 29 Jul 2020 17:00:00 +0200
+
+ssowat (4.0.2~beta) testing; urgency=low
+
+  - Rebase on stretch-unstable and bump vrsion number for beta
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 19 Jun 2020 15:29:05 +0200
+
+ssowat (4.0.1~alpha) testing; urgency=low
+
+  - Bump version number for buster release
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 05 Jun 2020 17:26:35 +0200
+
+ssowat (3.8.0.3) stable; urgency=low
+
+  - [enh] Allow the user's password manager to automatically enter the password/username/new-password (1dae6e8)
+  - [fix] Closing the files when we're done reading them ([#160](https://github.com/YunoHost/SSOwat/pull/160))
+  - [fix] Clear cookies more properly ([#163](https://github.com/YunoHost/SSOwat/pull/163))
+
+  Thanks to all contributors <3 ! (Bram, E. Counasse, Kay0u, SilverViper)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 27 Jul 2020 17:50:44 +0200
+
+ssowat (3.8.0.2) stable; urgency=low
+
+  - [mod] Update author/maintainer information (6a14e78)
+  - [enh] README reworked (#165) (70c81c6)
+  - [fix] theme loading (#167, #168)
+
+  Thanks to all contributors <3 ! (Allan Nordhøy, Kay0u)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Thu, 18 Jun 2020 16:10:00 +0200
+
+ssowat (3.8.0.1) stable; urgency=low
+
+  - [i18n] Improved translations for Chinese (Simplified), Dutch, Greek, Nepali, Polish, Spanish
+
+  Thanks to all contributors (amirale qt) <3 !
+
+ -- Kay0u <pierre@kayou.io>  Wed, 20 May 2020 19:04:19 +0000
+
+ssowat (3.8.0) testing; urgency=low
+
+  - Avoid unnecessarily reloading the config file (#159)
+
+  Thanks to all contributors <3 ! (Kay0u)
+
+ -- Kay0u <pierre@kayou.io>  Thu, 09 Apr 2020 20:24:15 +0000
+
+ssowat (3.7.1.1) stable; urgency=low
+
+  - [fix] Fix an error 500 when accessing SSO through http
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 15 Apr 2020 01:45:00  +0000
+
+ssowat (3.7.1) stable; urgency=low
+
+  - [fix] Don't set auth headers if user don't have access (#158)
+
+  Thanks to all contributors <3 ! (Josue)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Thu, 9 Apr 2020 15:23:00  +0000
+
+ssowat (3.7.0.3) stable; urgency=low
+
+  Bumping version number for stable release
+
+ -- Kay0u <pierre@kayou.io>  Thu, 26 Mar 2020 22:00:21 +0000
+
+ssowat (3.7.0.2) testing; urgency=low
+
+  - [fix] Match undefined function (SSOwat#151)
+  - [fix] Cohabitation between the old and the new permission system (SSOwat#156)
+
+  - [i18n] Improved translations for French, Basque, Hindi, Turkish, Bengali (Bangladesh), Arabic, Hungarian, Polish, Catalan, Dutch, Portuguese, Italian, German, Swedish, Russian, Esperanto, Occitan, Nepali
+
+  Thanks to all contributors (amirale qt, Quenti, Filip Bengtsson, elie gavoty, xaloc33, ButterflyOfFire, Kay0u) <3 !
+
+ -- Kay0u <pierre@kayou.io>  Sun, 15 Mar 2020 15:48:58 +0000
+
+ssowat (3.7.0.1) testing; urgency=low
+
+  - [mod] Check skipped_urls before protected_urls (#149)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Tue, 03 Dec 2019 12:07:00  +0000
+
+ssowat (3.7.0) testing; urgency=low
+
+  - [enh] Rework handling of protected vs. user-specific rules for permission mechanism (SSOwat#147)
+  - [enh] Messages improvements, string cleaning, language rework... (SSOwat#143)
+  - [i18n] Improved translations for French, Esperanto, Germain, Norwegian Bokmål
+  - [enh] Add debug logs to SSOwat (SSOwat#145)
+  - [fix] Misc micro bugfixes or improvements (SSOwat#140, SSOwat#141)
+  - [enh] READMEs improvements (SSOwat/ee67b6f)
+
+  Thanks to all contributors <3 ! (accross all repo: Yunohost, Moulinette, SSOwat, Yunohost-admin) : advocatux, Aksel K., Aleks, Allan N., amirale qt, Armin P., Bram, ButterflyOfFire, Carles S. A., chema o. r., decentral1se, Emmanuel V., Etienne M., Filip B., Geoff M., htsr, Jibec, Josué, Julien J., Kayou, liberodark, ljf, lucaskev, Lukas D., madtibo, Martin D., Mélanie C., nr 458 h, pitfd, ppr, Quentí, sidddy, troll, tufek yamero, xaloc33, yalh76
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Thu, 31 Oct 2019 18:25:00  +0000
+
+ssowat (3.6.4) stable; urgency=low
+
+  Bumping version number for stable release
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Tue, 04 Jul 2019 23:30:00  +0000
+
+ssowat (3.6.1) testing; urgency=low
+
+  - [fix] Prevent duplicate portal button when app uses iframes (#137)
+
+  Thanks to all contributors <3 ! (opi)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Tue, 04 Jun 2019 13:20:00  +0000
+
+ssowat (3.6.0) testing; urgency=low
+
+  - [fix] Allow access to portal for other domains than main domain (#136)
+  - [i18n] Improve translation for Spanish
+
+  Thanks to all contributors (Josue, advocatux) <3 !
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org> Wed, 22 May 2019 19:50:00 +0000
+
+ssowat (3.5.2.1) stable; urgency=low
+
+  - [fix] Small issue where portal overlay caused a blink during app page loading
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org> Wed, 10 Apr 2019 19:27:00 +0000
+
 ssowat (3.5.2) stable; urgency=low

  - Release as stable !
--- a/debian/compat
+++ b/debian/compat
@ -1 +0,0 @@
-8
--- a/debian/control
+++ b/debian/control
@ -1,14 +1,14 @@
 Source: ssowat
 Section: net
 Priority: extra
-Maintainer: Adrien Beudin <beudbeud@yunohost.org>
-Build-Depends: debhelper (>=8.0.0)
+Maintainer: YunoHost Contributors <contrib@yunohost.org>
+Build-Depends: debhelper (>=8.0.0), debhelper-compat (= 13)
 Standards-Version: 3.9.1

 Package: ssowat
 Architecture: all
-Depends: nginx-extras (>=1.6.2), lua-ldap, lua-json, lua-rex-pcre, whois
-Homepage: http://www.yunohost.org
-Description: SSOWAT
- Websso for yunohost 
-
+Depends: nginx-extras (>=1.6.2), lua-ldap, lua-json, lua-rex-pcre, lua-filesystem, lua-socket, whois
+Homepage: https://yunohost.org
+Description: user portal with single sign-on designed for Yunohost
+ A minimalist user portal with single sign-on, designed to be
+ interfaced with Yunohost.
--- a/debian/install
+++ b/debian/install
@ -3,6 +3,7 @@ access.lua /usr/share/ssowat
 helpers.lua /usr/share/ssowat
 config.lua /usr/share/ssowat
 lustache.lua /usr/share/ssowat
+log.lua /usr/share/ssowat
 lustache /usr/share/ssowat
 portal /usr/share/ssowat
 conf.json.example /etc/ssowat
--- a/debian/postinst
+++ b/debian/postinst
@ -1,5 +1,34 @@
 #!/bin/bash

-yunohost app ssowatconf > /dev/null 2>&1
-service nginx restart > /dev/null 2>&1
+set -e
+
+do_configure() {
+    systemctl reload nginx || true
+}
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+case "$1" in
+    configure)
+        do_configure
+    ;;
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+#DEBHELPER#
+
 exit 0
--- a/helpers.lua
+++ b/helpers.lua
@ -9,6 +9,34 @@ module('helpers', package.seeall)

 local cache = ngx.shared.cache
 local conf = config.get_config()
+local logger = require("log")
+
+-- url parser, c.f. https://rosettacode.org/wiki/URL_parser#Lua
+local url_parser = require "socket.url"
+
+-- Import Perl regular expressions library
+local rex = require "rex_pcre"
+
+local is_logged_in = false
+
+function refresh_config()
+    conf = config.get_config()
+end
+
+function get_config()
+    return conf
+end
+
+-- The 'match' function uses PCRE regex as default
+-- If '%.' is found in the regex, we assume it's a LUA regex (legacy code)
+-- 'match' returns the matched text.
+function match(s, regex)
+    if not string.find(regex, '%%%.') then
+        return rex.match(s, regex)
+    else
+        return string.match(s,regex)
+    end
+end

 -- Read a FS stored file
 function read_file(file)
@ -84,14 +112,15 @@ function hmac_sha512(key, message)
        -- this is really dirty and probably leak the key and the message in the process list
        -- but if someone got there I guess we really have other problems so this is acceptable
        -- and also this is way better than the previous situation
-        local pipe = io.popen("echo -n '" ..message:gsub("'", "'\\''").. "' | openssl sha512 -hmac '" ..key:gsub("'", "'\\''").. "'")
+        local pipe = io.popen("echo -n '" ..message:gsub("'", "'\\''").. "' | openssl dgst -sha512 -hmac '" ..key:gsub("'", "'\\''").. "'")

        -- openssl returns something like this:
        -- root@yunohost:~# echo -n "qsd" | openssl sha512 -hmac "key"
-        -- (stdin)= f1c2b1658fe64c5a3d16459f2f4eea213e4181905c190235b060ab2a4e7d6a41c15ea2c246828537a1e32ae524b7a7ed309e6d296089194c3e3e3efb98c1fbe3
+        -- SHA2-512(stdin)= f1c2b1658fe64c5a3d16459f2f4eea213e4181905c190235b060ab2a4e7d6a41c15ea2c246828537a1e32ae524b7a7ed309e6d296089194c3e3e3efb98c1fbe3
        --
-        -- so we need to remove the "(stdin)= " at the beginning
-        local hash = pipe:read():sub(string.len("(stdin)= ") + 1)
+        -- so we need to remove the "SHA2-512(stdin)= " at the beginning ("(stdin)= " on older openssl version)
+        local line = pipe:read()
+        local hash = line:sub(line:find("=") + 2)
        pipe:close()

        cache:set(cache_key, hash, conf["session_timeout"])
@ -148,31 +177,29 @@ function set_auth_cookie(user, domain)
               "|"..session_key)
    local cookie_str = "; Domain=."..domain..
                       "; Path=/"..
-                       "; Expires="..os.date("%a, %d %b %Y %X UTC", expire)..
+                       "; Expires="..ngx.cookie_time(expire)..
                       "; Secure"..
                       "; HttpOnly"..
-                       "; SameSite=Lax ;;"
+                       "; SameSite=Lax"

    ngx.header["Set-Cookie"] = {
        "SSOwAuthUser="..user..cookie_str,
        "SSOwAuthHash="..hash..cookie_str,
        "SSOwAuthExpire="..expire..cookie_str
    }
+    logger.info("Hash "..hash.." generated for "..user.."@"..ngx.var.remote_addr)
 end


 -- Expires the 3 session cookies
 function delete_cookie()
-    conf = config.get_config()
-
-    local expired_time = "Thu, 01 Jan 1970 00:00:00 UTC"
    for _, domain in ipairs(conf["domains"]) do
        local cookie_str = "; Domain=."..domain..
                           "; Path=/"..
-                           "; Expires="..expired_time..
+                           "; Expires="..ngx.cookie_time(0)..
                           "; Secure"..
                           "; HttpOnly"..
-                           "; SameSite=Lax ;;"
+                           "; SameSite=Lax"
        ngx.header["Set-Cookie"] = {
            "SSOwAuthUser="..cookie_str,
            "SSOwAuthHash="..cookie_str,
@ -182,28 +209,19 @@ function delete_cookie()
 end


-- Expires the redirection cookie
-function delete_redirect_cookie()
-    local expired_time = "Thu, 01 Jan 1970 00:00:00 UTC"
-    local cookie_str = "; Path="..conf["portal_path"]..
-                       "; Expires="..expired_time..
-                       "; Secure"..
-                       "; HttpOnly"..
-                       "; SameSite=Lax ;;"
-    ngx.header["Set-Cookie"] = "SSOwAuthRedirect=;" ..cookie_str
-end
-
-
 -- Validate authentification
 --
 -- Check if the session cookies are set, and rehash server + client information
 -- to match the session hash.
 --
-function is_logged_in()
+function refresh_logged_in()
    local expireTime = ngx.var.cookie_SSOwAuthExpire
    local user = ngx.var.cookie_SSOwAuthUser
    local authHash = ngx.var.cookie_SSOwAuthHash

+    authUser = nil
+    is_logged_in = false
+
    if expireTime and expireTime ~= ""
    and authHash and authHash ~= ""
    and user and user ~= ""
@ -215,13 +233,98 @@ function is_logged_in()
            if session_key and session_key ~= "" then
                -- Check cache
                if cache:get(user.."-password") then
-                    authUser = user
                    local hash = hmac_sha512(srvkey,
-                            authUser..
+                            user..
                            "|"..expireTime..
                            "|"..session_key)
-                    return hash == authHash
+                    is_logged_in = hash == authHash
+                    if is_logged_in then
+                        authUser = user
+                        return true
+                    else
+                        failReason = "Hash not matching"
+                    end
+                else
+                    failReason = "No {user}-password entry in cache"
                end
+            else
+                failReason = "No session key"
+            end
+        else
+            failReason = "Cookie expired"
+        end
+        logger.debug("SSOwat cookies rejected for "..user.."@"..ngx.var.remote_addr.." : "..failReason)
+        return false
+    end
+
+    return is_logged_in
+end
+
+function validate_or_clear_basic_auth_header_provided_by_client()
+
+    -- Ignore if no Auth header
+    local auth_header = ngx.req.get_headers()["Authorization"]
+    if auth_header == nil then
+        return nil
+    end
+
+    -- Ignore if not a Basic auth header
+    _, _, b64_cred = string.find(auth_header, "^Basic%s+(.+)$")
+    if b64_cred == nil then
+        return nil
+    end
+
+    -- Try to authenticate the user,
+    -- or remove the Auth header if not valid
+    _, _, user, password = string.find(ngx.decode_base64(b64_cred), "^([^:]+):(.+)$")
+    user = authenticate(user, password)
+    if user then
+        logger.debug("User got authenticated through basic auth")
+        authUser = user
+        return true
+    else
+        ngx.req.clear_header("Authorization")
+        return false -- ngx.exit(ngx.HTTP_UNAUTHORIZED)
+    end
+
+end
+
+
+
+-- Check whether a user is allowed to access a URL using the `permissions` directive
+-- of the configuration file
+function has_access(permission, user)
+    user = user or authUser
+
+    if permission == nil then
+        logger.debug("No permission matching request for "..ngx.var.uri)
+        return false
+    end
+
+    -- Public access
+    if user == nil or permission["public"] then
+        user = user or "A visitor"
+        logger.debug(user.." tries to access "..ngx.var.uri.." (corresponding perm: "..permission["id"]..")")
+        return permission["public"]
+    end
+
+    logger.debug("User "..user.." tries to access "..ngx.var.uri.." (corresponding perm: "..permission["id"]..")")
+
+    -- The user has permission to access the content if he is in the list of allowed users
+    if element_is_in_table(user, permission["users"]) then
+        logger.debug("User "..user.." can access "..ngx.var.host..ngx.var.uri..uri_args_string())
+        return true
+    else
+        logger.debug("User "..user.." cannot access "..ngx.var.uri)
+        return false
+    end
+end
+
+function element_is_in_table(element, table)
+    if table then
+        for _, el in pairs(table) do
+            if el == element then
+                return true
            end
        end
    end
@ -229,44 +332,10 @@ function is_logged_in()
    return false
 end

-
-- Check whether a user is allowed to access a URL using the `users` directive
-- of the configuration file
-function has_access(user, url)
-    user = user or authUser
-    url = url or ngx.var.host..ngx.var.uri
-
-    if not conf["users"][user] then
-        conf = config.get_config()
-    end
-
-    -- If there are no `users` directive, or if the user has no ACL set, he can
-    -- access the URL by default
-    if not conf["users"] or not conf["users"][user] then
-        return true
-    end
-
-    -- Loop through user's ACLs and return if the URL is authorized.
-    for u, _ in pairs(conf["users"][user]) do
-
-        -- Replace the original domain by a local one if you are connected from
-        -- a non-global domain name.
-        if ngx.var.host == conf["local_portal_domain"] then
-            u = string.gsub(u, conf["original_portal_domain"], conf["local_portal_domain"])
-        end
-
-        if string.starts(url, string.sub(u, 1, -2)) then return true end
-    end
-    return false
-end
-
-
 -- Authenticate a user against the LDAP database using a username or an email
 -- address.
 -- Reminder: conf["ldap_identifier"] is "uid" by default
 function authenticate(user, password)
-    conf = config.get_config()
-
    -- Try to find the username from an email address by openning an anonymous
    -- LDAP connection and check if the email address exists
    if conf["allow_mail_authentication"] and string.find(user, "@") then
@ -279,10 +348,10 @@ function authenticate(user, password)
            attrs = {conf["ldap_identifier"]}
        } do
            if attribs[conf["ldap_identifier"]] then
-                ngx.log(ngx.NOTICE, "Use email: "..user)
+                logger.debug("Use email: "..user)
                user = attribs[conf["ldap_identifier"]]
            else
-                ngx.log(ngx.ERR, "Unknown email: "..user)
+                logger.error("Unknown email: "..user)
                return false
            end
        end
@ -307,11 +376,15 @@ function authenticate(user, password)
        end
        cache:add(user.."-password", password, conf["session_timeout"])
        ngx.log(ngx.NOTICE, "Connected as: "..user)
+        logger.info("User "..user.." successfully authenticated from "..ngx.var.remote_addr)
        return user

    -- Else, the username/email or the password is wrong
    else
+        -- N.B. : the ngx.log is important and is related to the regex used by
+        -- the fail2ban rule to detect (and ban) failed login attempts
        ngx.log(ngx.ERR, "Connection failed for: "..user)
+        logger.error("Authentication failure for user "..user.." from "..ngx.var.remote_addr)
        return false
    end
 end
@ -333,7 +406,31 @@ end
 -- Set the authentication headers in order to pass credentials to the
 -- application underneath.
 function set_headers(user)
+    local user = user or authUser
+    -- Set `Authorization` header to enable HTTP authentification
+    ngx.req.set_header("Authorization", "Basic "..ngx.encode_base64(
+      user..":"..cache:get(user.."-password")
+    ))

+    -- Set optionnal additional headers (typically to pass email address)
+    for k, v in pairs(conf["additional_headers"]) do
+        ngx.req.set_header(k, cache:get(user.."-"..v))
+    end
+
+end
+
+-- Removes the authentication headers. Call me when:
+--   - app is public and user is not authenticated
+--   - app requests that no authentication headers be sent
+-- Prevents user from pretending to be someone else on public apps
+function clear_headers()
+    -- NB: Basic Auth header is cleared in validate_or_clear_basic_auth_header_provided_by_client
+    for k, v in pairs(conf["additional_headers"]) do
+        ngx.req.clear_header(k)
+    end
+end
+
+function refresh_user_cache(user)
    -- We definitely don't want to pass credentials on a non-encrypted
    -- connection.
    if ngx.var.scheme ~= "https" then
@ -361,13 +458,13 @@ function set_headers(user)
        -- If the ldap connection fail (because the password was changed).
        -- Logout the user and invalid the password
        if not ldap then
-            ngx.log(ngx.NOTICE, "LDAP connection failed. Disconnect user : ".. user)
+            logger.debug("LDAP connection failed. Disconnect user : ".. user)
            cache:delete(authUser.."-password")
            flash("info", t("please_login"))
            local back_url = ngx.var.scheme .. "://" .. ngx.var.host .. ngx.var.uri .. uri_args_string()
            return redirect(conf.portal_url.."?r="..ngx.encode_base64(back_url))
        end
-        ngx.log(ngx.NOTICE, "Reloading LDAP values for: "..user)
+        logger.debug("Reloading LDAP values for: "..user)
        for dn, attribs in ldap:search {
            base = conf["ldap_identifier"].."=".. user ..","..conf["ldap_group"],
            scope = "base",
@ -388,19 +485,10 @@ function set_headers(user)
    else
        -- Else, just revalidate session for another day by default
        password = cache:get(user.."-password")
-        cache:set(user.."-password", password, conf["session_timeout"])
+        -- Here we don't use set method to avoid strange logout
+        -- See https://github.com/YunoHost/issues/issues/1830
+        cache:replace(user.."-password", password, conf["session_timeout"])
    end
-
-    -- Set `authorization` header to enable HTTP authentification
-    ngx.req.set_header("Authorization", "Basic "..ngx.encode_base64(
-      user..":"..cache:get(user.."-password")
-    ))
-
-    -- Set optionnal additional headers (typically to pass email address)
-    for k, v in pairs(conf["additional_headers"]) do
-        ngx.req.set_header(k, cache:get(user.."-"..v))
-    end
-
 end


@ -438,11 +526,14 @@ end
 -- Takes an URI, and returns file content with the proper HTTP headers.
 -- It is used to render the SSOwat portal *only*.
 function serve(uri, cache)
+
+    logger.debug("Serving portal uri "..uri)
+
    rel_path = string.gsub(uri, conf["portal_path"], "/")

    -- Load login.html as index
    if rel_path == "/" then
-        if is_logged_in() then
+        if is_logged_in then
            rel_path = "/portal.html"
        else
            rel_path = "/login.html"
@ -475,13 +566,24 @@ function serve(uri, cache)
        png  = "image/png",
        svg  = "image/svg+xml",
        ico  = "image/vnd.microsoft.icon",
-        woff = "application/x-font-woff",
+        woff = "font/woff",
+        woff2 = "font/woff2",
+        ttf = "font/ttf",
        json = "application/json"
    }

+    -- Allow .ms to specify mime type
+    mime = ext
+    if ext == "ms" then
+        subext = string.match(file, "^.+%.(.+)%.ms$")
+        if subext then
+            mime = subext
+        end
+    end
+
    -- Set Content-Type
-    if mime_types[ext] then
-        ngx.header["Content-Type"] = mime_types[ext]
+    if mime_types[mime] then
+        ngx.header["Content-Type"] = mime_types[mime]
    else
        ngx.header["Content-Type"] = "text/plain"
    end
@ -495,9 +597,10 @@ function serve(uri, cache)
    elseif ext == "ms" then
        local data = get_data_for(file)
        content = lustache:render(content, data)
-    elseif ext == "json" then
+    elseif uri == "/ynh_userinfo.json" then
        local data = get_data_for(file)
        content = json.encode(data)
+        cache = "dynamic"
    end

    -- Reset flash messages
@ -525,7 +628,6 @@ end
 -- title, the flash notifications' content and the translated strings.
 function get_data_for(view)
    local user = authUser
-    conf = config.get_config()

    -- For the login page we only need the page title
    if view == "login.html" then
@ -538,46 +640,55 @@ function get_data_for(view)
    elseif view == "portal.html"
        or view == "edit.html"
        or view == "password.html"
-        or view == "ynhpanel.json" then
+        or view == "ynh_userinfo.json" then

        -- Invalidate cache before loading these views.
        -- Needed if the LDAP db is changed outside ssowat (from the cli for example).
        -- Not doing it for ynhpanel.json only for performance reasons,
        --   so the panel could show wrong first name, last name or main email address
-        if view ~= "ynhpanel.json" then
-            delete_user_info_cache(user)
-        end
+        -- TODO: What if we remove info during logout?
+        --if view ~= "ynhpanel.json" then
+        --    delete_user_info_cache(user)
+        --end

        -- Be sure cache is loaded
-        set_headers(user)
+        if user then
+            refresh_user_cache(user)

-        local mails = get_mails(user)
-        data = {
-            connected  = true,
-            theme      = conf.theme,
-            portal_url = conf.portal_url,
-            uid        = user,
-            cn         = cache:get(user.."-cn"),
-            sn         = cache:get(user.."-sn"),
-            givenName  = cache:get(user.."-givenName"),
-            mail       = mails["mail"],
-            mailalias  = mails["mailalias"],
-            maildrop   = mails["maildrop"],
-            app = {}
-        }
+            local mails = get_mails(user)
+            data = {
+                connected  = true,
+                theme      = conf.theme,
+                portal_url = conf.portal_url,
+                uid        = user,
+                cn         = cache:get(user.."-cn"),
+                sn         = cache:get(user.."-sn"),
+                givenName  = cache:get(user.."-givenName"),
+                mail       = mails["mail"],
+                mailalias  = mails["mailalias"],
+                maildrop   = mails["maildrop"],
+                app = {}
+            }

-        local sorted_apps = {}
+            local sorted_apps = {}

-        -- Add user's accessible URLs using the ACLs.
-        -- It is typically used to build the app list.
-        for url, name in pairs(conf["users"][user]) do
+            -- Add user's accessible URLs using the ACLs.
+            -- It is typically used to build the app list.
+            for permission_name, permission in pairs(conf["permissions"]) do
+                -- We want to display a tile, and uris is not empty
+                if permission['show_tile'] and next(permission['uris']) ~= nil and element_is_in_table(user, permission["users"]) then
+                    url = permission['uris'][1]
+                    name = permission['label']

-            if ngx.var.host == conf["local_portal_domain"] then
-                url = string.gsub(url, conf["original_portal_domain"], conf["local_portal_domain"])
+                    if ngx.var.host == conf["local_portal_domain"] then
+                        url = string.gsub(url, conf["original_portal_domain"], conf["local_portal_domain"])
+                    end
+
+                    table.insert(sorted_apps, name)
+                    table.sort(sorted_apps)
+                    table.insert(data["app"], index_of(sorted_apps, name), { url = url, name = name })
+                end
            end
-            table.insert(sorted_apps, name)
-            table.sort(sorted_apps)
-            table.insert(data["app"], index_of(sorted_apps, name), { url = url, name = name })
        end
    end

@ -601,7 +712,6 @@ end
 -- if it's not the case, it migrates the password to this new hash algorithm
 function ensure_user_password_uses_strong_hash(ldap, user, password)
    local current_hashed_password = nil
-    conf = config.get_config()

    for dn, attrs in ldap:search {
        base = conf['ldap_group'],
@ -627,8 +737,7 @@ end
 -- Read result of a command after given it securely the password
 function secure_cmd_password(cmd, password, start)
    -- Check password validity
-    math.randomseed( os.time() )
-    local tmp_file = "/tmp/ssowat_"..math.random()
+    local tmp_file = os.tmpname()
    local w_pwd = io.popen("("..cmd..") | tee -a "..tmp_file, 'w')
    w_pwd:write(password)
    -- This second write is just to validate the password question
@ -651,15 +760,13 @@ end
 -- It has to update cached information and edit the LDAP user entry
 -- according to the changes detected.
 function edit_user()
-    conf = config.get_config()
-
    -- We need these calls since we are in a POST request
    ngx.req.read_body()
    local args = ngx.req.get_post_args()

    -- Ensure that user is logged in and has passed information
    -- before continuing.
-    if is_logged_in() and args
+    if is_logged_in and args
    then

        -- Set HTTP status to 201
@ -677,7 +784,7 @@ function edit_user()
                -- and the new password against the confirmation field's content
                if args.newpassword == args.confirm then
                    -- Check password validity
-                    local result_msg = secure_cmd_password("python /usr/lib/moulinette/yunohost/utils/password.py", args.newpassword)
+                    local result_msg = secure_cmd_password("python3 /usr/lib/python3/dist-packages/yunohost/utils/password.py", args.newpassword)
                    validation_error = true
                    if result_msg == nil or result_msg == "" then
                        validation_error = nil
@ -875,6 +982,7 @@ function edit_user()

                 -- No problem so far, we can write modifications to the LDAP
                 if ldap:modify(dn, {'=', cn = cn,
+                                          displayName = cn,
                                          givenName = args.givenName,
                                          sn = args.sn,
                                          mail = mails,
@ -882,7 +990,7 @@ function edit_user()
                 then
                     delete_user_info_cache(user)
                     -- Ugly trick to force cache reloading
-                     set_headers(user)
+                     refresh_user_cache(user)
                     flash("win", t("information_updated"))
                     return redirect(conf.portal_url.."portal.html")

@ -928,14 +1036,6 @@ function login()
    -- Forward the `r` URI argument if it exists to redirect
    -- the user properly after a successful login.
    if uri_args.r then
-        -- If `uri_args.r` contains line break, someone is probably trying to
-        -- pass some additional headers
-        if string.match(uri_args.r, "(.*)\n") then
-            flash("fail", t("redirection_error_invalid_url"))
-            ngx.log(ngx.ERR, "Redirection url is invalid")
-            return redirect(conf.portal_url)
-        end
-
        return redirect(conf.portal_url.."?r="..uri_args.r)
    else
        return redirect(conf.portal_url)
@ -952,12 +1052,14 @@ function logout()
    local args = ngx.req.get_uri_args()

    -- Delete user cookie if logged in (that should always be the case)
-    if is_logged_in() then
+    if is_logged_in then
        delete_cookie()
        cache:delete("session_"..authUser)
        cache:delete(authUser.."-"..conf["ldap_identifier"]) -- Ugly trick to reload cache
        cache:delete(authUser.."-password")
+        delete_user_info_cache(authUser)
        flash("info", t("logged_out"))
+        is_logged_in = false
    end

    -- Redirect with the `r` URI argument if it exists or redirect to portal
@ -971,14 +1073,41 @@ end

 -- Set cookie and redirect (needed to properly set cookie)
 function redirect(url)
-    ngx.log(ngx.NOTICE, "Redirect to: "..url)
+    logger.debug("Redirecting to "..url)
+    -- For security reason we don't allow to redirect onto unknown domain
+    -- And if `uri_args.r` contains line break, someone is probably trying to
+    -- pass some additional headers
+
+    -- This should cover the following cases:
+    -- https://malicious.domain.tld/foo/bar
+    -- http://malicious.domain.tld/foo/bar
+    -- https://malicious.domain.tld:1234/foo
+    -- malicious.domain.tld/foo/bar
+    -- (/foo/bar, in which case no need to make sure it's prefixed with https://)
+    if not string.starts(url, "/") and not string.starts(url, "http://") and not string.starts(url, "https://") then
+        url = "https://"..url
+    end
+    local is_known_domain = string.starts(url, "/")
+    for _, domain in ipairs(conf["domains"]) do
+        if is_known_domain then
+          break
+        end
+        -- Replace - character to %- because - is a special char for regex in lua
+        domain = string.gsub(domain, "%-","%%-")
+        is_known_domain = is_known_domain or url:match("^https?://"..domain.."/?") ~= nil
+    end
+    if string.match(url, "(.*)\n") or not is_known_domain then
+        logger.debug("Unauthorized redirection to "..url)
+        flash("fail", t("redirection_error_invalid_url"))
+        url = conf.portal_url
+    end
    return ngx.redirect(url)
 end


 -- Set cookie and go on with the response (needed to properly set cookie)
 function pass()
-    delete_redirect_cookie()
+    logger.debug("Allowing to pass through "..ngx.var.uri)

    -- When we are in the SSOwat portal, we need a default `content-type`
    if string.ends(ngx.var.uri, "/")
--- a/init.lua
+++ b/init.lua
@ -8,6 +8,10 @@
 -- another.
 --

+-- Path of the configuration
+conf_path = "/etc/ssowat/conf.json"
+log_file = "/var/log/nginx/ssowat.log"
+
 -- Remove prepending '@' & trailing 'init.lua'
 script_path = string.sub(debug.getinfo(1).source, 2, -9)

@ -23,6 +27,11 @@ local socket = require "socket"
 local config = require "config"
 lustache = require "lustache"

+-- Make sure the log file exists and we can write in it
+io.popen("touch "..log_file)
+io.popen("chown www-data "..log_file)
+io.popen("chmod u+w "..log_file)
+
 -- Persistent shared table
 flashs = {}
 i18n = {}
@ -36,7 +45,11 @@ end

 -- Efficient function to get a random string
 function random_string()
-    local random_bytes = io.open("/dev/urandom"):read(64);
+    local length = 64
+    local random_bytes = io.open("/dev/urandom"):read(length);
+    if string.len(random_bytes) ~= length then
+        error("Not enough random bytes read")
+    end
    return tohex(random_bytes);
 end

@ -50,8 +63,5 @@ for file in lfs.dir(locale_dir) do
    end
 end 

-- Path of the configuration
-conf_path = "/etc/ssowat/conf.json"
-
 -- You should see that in your Nginx error logs by default
 ngx.log(ngx.INFO, "SSOwat ready")
--- a/log.lua
+++ b/log.lua
@ -0,0 +1,84 @@
+--
+-- log.lua
+--
+-- Copyright (c) 2016 rxi
+--
+-- This library is free software; you can redistribute it and/or modify it
+-- under the terms of the MIT license. See LICENSE for details.
+--
+
+local log = { _version = "0.1.0" }
+local conf = config.get_config()
+
+log.usecolor = true
+log.level = conf.logging
+
+local modes = {
+  { name = "trace", color = "\27[34m", },
+  { name = "debug", color = "\27[36m", },
+  { name = "info",  color = "\27[32m", },
+  { name = "warn",  color = "\27[33m", },
+  { name = "error", color = "\27[31m", },
+  { name = "fatal", color = "\27[35m", },
+}
+
+
+local levels = {}
+for i, v in ipairs(modes) do
+  levels[v.name] = i
+end
+
+
+local round = function(x, increment)
+  increment = increment or 1
+  x = x / increment
+  return (x > 0 and math.floor(x + .5) or math.ceil(x - .5)) * increment
+end
+
+
+local _tostring = tostring
+
+local tostring = function(...)
+  local t = {}
+  for i = 1, select('#', ...) do
+    local x = select(i, ...)
+    if type(x) == "number" then
+      x = round(x, .01)
+    end
+    t[#t + 1] = _tostring(x)
+  end
+  return table.concat(t, " ")
+end
+
+
+for i, x in ipairs(modes) do
+  local nameupper = x.name:upper()
+  log[x.name] = function(...)
+
+    -- Return early if we're below the log level
+    if i < levels[log.level] then
+      return
+    end
+
+    local msg = tostring(...)
+    local info = debug.getinfo(2, "Sl")
+
+    -- Output to console
+    print(string.format("%s[%-6s%s]%s %s",
+                        log.usecolor and x.color or "",
+                        nameupper,
+                        os.date("%H:%M:%S"),
+                        log.usecolor and "\27[0m" or "",
+                        msg))
+
+    -- Output to log file
+    local fp = io.open(log_file, "a")
+    local str = string.format("[%-6s%s] %s\n",
+                            nameupper, os.date(), msg)
+    fp:write(str)
+    fp:close()
+  end
+end
+
+
+return log
--- a/maintenance/make_changelog.sh
+++ b/maintenance/make_changelog.sh
@ -0,0 +1,37 @@
+VERSION="11.2.1"
+RELEASE="stable"
+REPO=$(basename $(git rev-parse --show-toplevel))
+REPO_URL=$(git remote get-url origin)
+ME=$(git config --get user.name)
+EMAIL=$(git config --get user.email)
+
+LAST_RELEASE=$(git tag --list 'debian/11.*'  --sort="v:refname" | tail -n 1)
+
+echo "$REPO ($VERSION) $RELEASE; urgency=low"
+echo ""
+
+git log $LAST_RELEASE.. -n 10000 --first-parent --pretty=tformat:'  - %b%s (%h)' \
+| sed -E "s&Merge .*#([0-9]+).*\$& \([#\1]\(http://github.com/YunoHost/$REPO/pull/\1\)\)&g" \
+| sed -E "/Co-authored-by: .* <.*>/d" \
+| grep -v "Translations update from Weblate" \
+| tac
+
+TRANSLATIONS=$(git log $LAST_RELEASE... -n 10000 --pretty=format:"%s"  \
+               | grep "Translated using Weblate" \
+               | sed -E "s/Translated using Weblate \((.*)\)/\1/g"  \
+               | sort | uniq | tr '\n' ', ' | sed -e 's/,$//g' -e 's/,/, /g')
+[[ -z "$TRANSLATIONS" ]] || echo "  - [i18n] Translations updated for $TRANSLATIONS"
+
+echo ""
+CONTRIBUTORS=$(git log -n10 --pretty=format:'%Cred%h%Creset %C(bold blue)(%an) %Creset%Cgreen(%cr)%Creset - %s %C(yellow)%d%Creset' --abbrev-commit $LAST_RELEASE... -n 10000 --pretty=format:"%an" \
+               | sort | uniq  | grep -v "$ME" | grep -v 'yunohost-bot' | grep -vi 'weblate' \
+               | tr '\n' ', ' | sed -e 's/,$//g' -e 's/,/, /g')
+[[ -z "$CONTRIBUTORS" ]] || echo "  Thanks to all contributors <3 ! ($CONTRIBUTORS)"
+echo ""
+echo " -- $ME <$EMAIL>  $(date -R)"
+echo ""
+
+
+
+# PR links can be converted to regular texts using : sed -E 's@\[(#[0-9]*)\]\([^ )]*\)@\1@g'
+# Or readded with sed -E 's@#([0-9]*)@[YunoHost#\1](https://github.com/yunohost/yunohost/pull/\1)@g' | sed -E 's@\((\w+)\)@([YunoHost/\1](https://github.com/yunohost/yunohost/commit/\1))@g'
--- a/portal/assets/css/ynh_overlay.css
+++ b/portal/assets/css/ynh_overlay.css
@ -20,9 +20,12 @@
 html.ynh-panel-active {
  /* Disable any scrolling on app */
  overflow: hidden;
+
 }

-body {/*overflow-y: scroll;*/}
+body {
+  overflow-y: auto;
+}

 #ynh-overlay-switch,
 #ynh-overlay-switch *,
@ -70,14 +73,14 @@ body {/*overflow-y: scroll;*/}

 /* Background */
 #ynh-overlay {
-  visibility: hidden;
+  overflow-y: hidden;
  position: fixed;
  top:0;
  left: 0;
  width: 100%;
  height: 100%;
  z-index: 9999999;
-  display: block;
+  display: none;
  border: none;
  color:#fff;
  background: #41444F;
@ -176,4 +179,4 @@ body {/*overflow-y: scroll;*/}
    width: 80px;
    height: 75px;
  }
-}
+}
--- a/portal/assets/css/ynh_portal.css
+++ b/portal/assets/css/ynh_portal.css
--- a/portal/assets/js/ynh_portal.js
+++ b/portal/assets/js/ynh_portal.js
@ -18,6 +18,23 @@ if (typeof(console) === 'undefined') {
    console.log = console.error = console.info = console.debug = console.warn = console.trace = console.dir = console.dirxml = console.group = console.groupEnd = console.time = console.timeEnd = console.assert = console.profile = function() {};
 }

+/* Cookies utilities */
+function setCookie(cName, cValue, expDays) {
+        let date = new Date();
+        date.setTime(date.getTime() + (expDays * 24 * 60 * 60 * 1000));
+        const expires = "expires=" + date.toUTCString();
+        document.cookie = cName + "=" + cValue + "; " + expires + "; path=/";
+}
+function getCookie(cName) {
+      const name = cName + "=";
+      const cDecoded = decodeURIComponent(document.cookie); //to be careful
+      const cArr = cDecoded .split('; ');
+      let res;
+      cArr.forEach(val => {
+          if (val.indexOf(name) === 0) res = val.substring(name.length);
+      })
+      return res;
+}

 /* Array utilities
  https://github.com/Darklg/JavaScriptUtilities/blob/master/assets/js/vanilla-js/libs/vanilla-arrays.js
@ -179,6 +196,9 @@ function make_element_draggable(id) {
      dragged = true;
      selected.style.left = (x_pos - x_elem) + 'px';
      selected.style.top = (y_pos - y_elem) + 'px';
+      // Store positions in cookies
+      setCookie('ynh_overlay_top', selected.style.top, 30);
+      setCookie('ynh_overlay_left', selected.style.left, 30);
    }
  };

@ -229,7 +249,10 @@ window.addEvent(document, 'DOMContentLoaded', function() {

    if (in_app)
    {
-        init_portal_button_and_overlay();
+        // Do not load inside an app iframe (Roundcube visualisation panel for example).
+        if (window.frameElement == null) {
+            init_portal_button_and_overlay();
+        }
    }
    else
    {
@ -262,15 +285,20 @@ function init_portal_button_and_overlay()
  var portalOverlay = document.createElement('iframe');
  portalOverlay.src = "/yunohost/sso/portal.html";
  portalOverlay.setAttribute("id","ynh-overlay");
-  portalOverlay.setAttribute("style","visibility: hidden;"); // make sure the overlay is invisible already when loading it
+  portalOverlay.setAttribute("style","display: none;"); // make sure the overlay is invisible already when loading it
+  // portalOverlay.setAttribute("class","ynh-fadeOut"); // set overlay as masked when loading it
  document.body.insertBefore(portalOverlay, null);
-  Element.addClass(portalOverlay, 'ynh-fadeOut');

  // Inject portal button
  var portalButton = document.createElement('a');
  portalButton.setAttribute('id', 'ynh-overlay-switch');
  portalButton.setAttribute('href', '/yunohost/sso/');
  portalButton.setAttribute('class', 'disableAjax');
+  // Checks if cookies exist and apply positioning
+  if (getCookie('ynh_overlay_top') != null && getCookie('ynh_overlay_left') != null) {
+      portalButton.style.top = getCookie('ynh_overlay_top');
+      portalButton.style.left = getCookie('ynh_overlay_left');
+  }
  document.body.insertBefore(portalButton, null);
  // Make portal button draggable, for user convenience
  make_element_draggable('ynh-overlay-switch');
@ -283,11 +311,13 @@ function init_portal_button_and_overlay()
      Element.toggleClass(document.querySelector('html'), 'ynh-panel-active');
      Element.toggleClass(portalOverlay, 'ynh-active');

-      if (portalOverlay.classList.contains('ynh-active')) {
+      if (Element.hasClass(portalOverlay, 'ynh-active')) {
+          portalOverlay.setAttribute("style","display: block;");
          meta_viewport.setAttribute('content', meta_viewport_content);
          Element.addClass(portalOverlay, 'ynh-fadeIn');
          Element.removeClass(portalOverlay, 'ynh-fadeOut');
      } else {
+          portalOverlay.setAttribute("style","display: none;");
          meta_viewport.setAttribute('content', "width=device-width");
          Element.removeClass(portalOverlay, 'ynh-fadeIn');
          Element.addClass(portalOverlay, 'ynh-fadeOut');
@ -339,6 +369,7 @@ function init_portal()
  });
 }

+
 function tweak_portal_when_in_iframe()
 {
    // Set class to body to show we're in overlay
@ -367,4 +398,4 @@ function tweak_portal_when_in_iframe()
            window.parent.location.href = logoutButton.getAttribute("href");
        });
    }
-}
+}
--- a/portal/assets/themes/unsplash/cloud.png
+++ b/portal/assets/themes/unsplash/cloud.png
--- a/portal/assets/themes/unsplash/custom_overlay.css
+++ b/portal/assets/themes/unsplash/custom_overlay.css
@ -0,0 +1,17 @@
+/*
+===============================================================================
+ This file may contain extra CSS rules loaded on all apps page (*if* the app
+ nginx's conf does include the appropriate snippet) for the small YunoHost
+ button in bottom-right corner + portal overlay.
+
+ The yunohost button corresponds to : #ynh-overlay-switch
+ The yunohost portal overlay / iframe corresponds to : #ynh-overlay
+
+ BE CAREFUL that you should *not* add too-general rules that apply to
+ non-yunohost elements (for instance all 'a' or 'p' elements...) as it will
+ likely break app's rendering
+===============================================================================
+*/
+#ynh-overlay-switch {
+  background-image: url("./cloud.png");
+}
--- a/portal/assets/themes/unsplash/custom_portal.css
+++ b/portal/assets/themes/unsplash/custom_portal.css
@ -0,0 +1,78 @@
+/*
+===============================================================================
+ This file contain extra CSS rules to customize the YunoHost user portal and
+ can be used to customize app tiles, buttons, etc...
+===============================================================================
+*/
+
+/* Make page texts white */
+.user-container h2,
+.user-container small,
+.user-container .user-mail,
+.user-container .user-mail,
+.content .footer a,
+a.app-tile,
+#ynh-logout {
+  color: white !important;
+}
+
+body {
+  color: white !important;
+  text-shadow: 3px 4px 4px rgba(0,0,0,.4), -1px -1px 6px rgba(0,0,0,0.2);
+}
+
+.ynh-user-portal {
+  background-image: url('https://source.unsplash.com/random/featured/?nature') !important;
+  background-repeat: no-repeat;
+  background-size: cover;
+  width: 100%;
+  height: 100%;
+}
+
+/* Apps colors */
+.app-tile {
+  background-color: rgba(255, 255, 255, 0.5) !important;
+}
+
+.app-tile:hover:after,
+.app-tile:focus:after,
+.app-tile:hover:before,
+.app-tile:focus:before {
+    background: rgba(255, 255, 255, 0.5) !important;
+}
+
+/* Use a custom logo image */
+#ynh-logo {
+  z-index: 10;
+  background-image: url("./cloud.png");
+}
+
+/* Round the form */
+.login-form label:before {
+	border-top-left-radius: 5em ;
+	border-bottom-left-radius: 5em ;
+}
+
+.login-form * {
+	border-radius: 5em;
+}
+
+/* Make form black */
+
+.login-form label::before {
+	background: #000; 
+	color: #FFF;
+}
+
+.login-form .form-group * {
+	background: #000; 
+	color: #FFF;
+}
+
+.icon {
+	background: #000;
+}
+
+.messages {
+	border-radius: .5em;
+}
--- a/portal/locales/ar.json
+++ b/portal/locales/ar.json
@ -4,12 +4,12 @@
    "username": "إسم المستخدم",
    "password": "كلمة السر",
    "fullname": "الإسم الكامل",
-    "mail_addresses": "عناوين البريد",
-    "mail_forward": "تحويل البريد",
+    "mail_addresses": "عناوين البريد الإلكترونية",
+    "mail_forward": "عناوين توجيه البريد الإلكتروني",
    "new_mail": "newmail@mydomain.org",
    "new_forward": "newforward@myforeigndomain.org",
    "add_mail": "إضافة عنوان بريد إلكتروني مستعار",
-    "add_forward": "إضافة تحويل إلى بريد آخر",
+    "add_forward": "إضافة عنوان آخر لتوجيه البريد",
    "ok": "موافق",
    "cancel": "إلغاء",
    "change_password": "تعديل كلمة السر",
@ -17,19 +17,19 @@
    "current_password": "كلمة السر الحالية",
    "new_password": "كلمة السر الجديدة",
    "confirm": "تأكيد",
-    "login": "تسجيل الدخول",
+    "login": "لِج",
    "logout": "الخروج",
-    "password_changed": "تم تعديل كلمة السر بنجاح",
-    "password_changed_error": "طرأ هناك خطأ أثناء عملية تعديل كلمة السر",
-    "password_not_match": "كلمات السر الجديدة غير متطابقة",
+    "password_changed": "تم تغيير الكلمة السرية",
+    "password_changed_error": "لا يمكن تعديل الكلمة السرية",
+    "password_not_match": "كلمات السر غير متطابقة",
    "wrong_current_password": "كلمة السر الحالية خاطئة",
-    "invalid_mail": "عنوان البريد غير صالح",
+    "invalid_mail": "عنوان البريد الإلكتروني غير صالح",
    "invalid_domain": "النطاق غير صالح في",
    "invalid_mailforward": "عنوان بريد التحويل غير صالح",
-    "mail_already_used": "عنوان البريد الإلكتروني مُستعمل مِن قَبل :",
+    "mail_already_used": "عنوان البريد الإلكتروني مُستعمل مِن قَبل",
    "information_updated": "تم تحديث المعلومات",
-    "user_saving_fail": "طرأ هناك خطأ أثناء عملية تعديل المعلومات",
-    "missing_required_fields": "هناك حقول مطلوبة تركتها فارغة",
+    "user_saving_fail": "لا يمكن حفظ معلومات المستخدم",
+    "missing_required_fields": "يُرجى ملئ الخانات المطلوبة",
    "wrong_username_password": "إسم المستخدم أو كلمة السر خاطئة",
    "logged_out": "تم تسجيل خروجك",
    "please_login": "يرجى تسجيل الدخول قصد النفاذ إلى هذا المحتوى",
@ -40,5 +40,10 @@
    "footerlink_documentation": "الدليل",
    "footerlink_support": "المساعدة",
    "footerlink_administration": "الإدارة",
-    "password_too_simple_1": "يجب أن يكون طول الكلمة السرية على الأقل 8 حروف"
+    "password_too_simple_1": "يجب أن يكون طول الكلمة السرية على الأقل 8 حروف",
+    "good_practices_about_user_password": "اختر كلمة مرور مكونة مِن 8 أحرف على الأقل - مع العِلم أنّه مِن الممارسات الجيدة استخدام الأطول (أي عبارة مرور) و/أو إستخدام أنواع مختلفة من الأحرف (الحروف الكبيرة والصغيرة والأرقان والحروف الخاصة).",
+    "password_too_simple_4": "يجب أن يكون طول الكلمة السرية 12 حرفًا على الأقل وأن تحتوي على أرقام وحروف علوية ودنيا وحروف رمزية",
+    "password_too_simple_3": "يجب أن يكون طول كلمة المرور 8 حروف على الأقل وأن تحتوي على أرقام وحروف علوية ودنيا وحروف رمزية",
+    "password_too_simple_2": "يجب أن يكون طول كلمة المرور 8 حروف على الأقل وأن تحتوي على أرقام وحروف علوية ودنيا",
+    "password_listed": "إنّ الكلمة السرية هذه من بين أكثر الكلمات السرية إستخداما في العالم. الرجاء إختيار شيء فريد مِن نوعه."
 }
--- a/portal/locales/bn_BD.json
+++ b/portal/locales/bn_BD.json
@ -1 +1,49 @@
-{}
+{
+    "footerlink_administration": "প্রশাসন",
+    "footerlink_support": "সমর্থন",
+    "footerlink_documentation": "নথিপত্র",
+    "footerlink_edit": "আমার প্রোফাইল সম্পাদনা করুন",
+    "redirection_error_unmanaged_domain": "পুনঃনির্দেশ ত্রুটি: নিয়ন্ত্রণহীন ডোমেন",
+    "redirection_error_invalid_url": "পুনঃনির্দেশ ত্রুটি: অবৈধ ইউআরএল",
+    "please_login_from_portal": "পোর্টাল থেকে লগ ইন করুন",
+    "please_login": "এই সামগ্রীতে অ্যাক্সেস করতে লগ ইন করুন",
+    "logged_out": "প্রস্থান",
+    "wrong_username_password": "ভুল ব্যবহারকারী নাম বা পাসওয়ার্ড",
+    "missing_required_fields": "প্রয়োজনীয় ক্ষেত্রগুলি পূরণ করুন",
+    "user_saving_fail": "নতুন ব্যবহারকারীর তথ্য সংরক্ষণ করা যায়নি",
+    "information_updated": "তথ্য আপডেট হয়েছে",
+    "mail_already_used": "ই-মেইল ঠিকানা ইতিমধ্যে ব্যবহৃত",
+    "invalid_mailforward": "অবৈধ ইমেল ফরোয়ার্ডিং ঠিকানা",
+    "invalid_domain": "এতে অবৈধ ডোমেন",
+    "invalid_mail": "অকার্যকর ইমেইল ঠিকানা",
+    "wrong_current_password": "বর্তমান পাসওয়ার্ডটি ভুল",
+    "good_practices_about_user_password": "কমপক্ষে 8 টি অক্ষরের ব্যবহারকারীর পাসওয়ার্ডটি চয়ন করুন - যদিও এটি দীর্ঘতর (যেমন একটি পাসফ্রেজ) এবং / অথবা বিভিন্ন ধরণের অক্ষর (বড় হাতের অক্ষর, ছোট হাতের অক্ষর এবং বিশেষ অক্ষর) ব্যবহার করা ভাল অনুশীলন।",
+    "password_too_simple_4": "পাসওয়ার্ডটিতে কমপক্ষে 12 টি অক্ষর দীর্ঘ হওয়া দরকার এবং এতে অঙ্ক, উপরের, নিম্ন এবং বিশেষ অক্ষরগুলি থাকে",
+    "password_too_simple_3": "পাসওয়ার্ডটিতে কমপক্ষে 8 টি অক্ষর দীর্ঘ হওয়া দরকার এবং এতে অঙ্ক, উপরের, নিম্ন এবং বিশেষ অক্ষরগুলি থাকে",
+    "password_too_simple_2": "পাসওয়ার্ডটিতে কমপক্ষে 8 টি অক্ষর দীর্ঘ হওয়া দরকার এবং এতে অঙ্ক, উপরের এবং নীচের অক্ষরগুলি থাকে",
+    "password_too_simple_1": "পাসওয়ার্ডটি কমপক্ষে 8 টি অক্ষরের দীর্ঘ হওয়া দরকার",
+    "password_listed": "এই পাসওয়ার্ডটি বিশ্বের সর্বাধিক ব্যবহৃত পাসওয়ার্ডগুলির মধ্যে রয়েছে। দয়া করে কিছুটা অনন্য কিছু চয়ন করুন।",
+    "password_not_match": "পাসওয়ার্ড মেলে না",
+    "password_changed_error": "পাসওয়ার্ড পরিবর্তন করা যায়নি",
+    "password_changed": "পাসওয়ার্ড পরিবর্তন",
+    "logout": "প্রস্থান",
+    "login": "প্রবেশ করুন",
+    "confirm": "নিশ্চিত করুন",
+    "new_password": "নতুন পাসওয়ার্ড",
+    "current_password": "বর্তমান পাসওয়ার্ড",
+    "edit": "সম্পাদন করা",
+    "change_password": "পাসওয়ার্ড পরিবর্তন করুন",
+    "cancel": "বাতিল",
+    "ok": "ঠিক আছে",
+    "add_forward": "একটি ইমেল ফরোয়ার্ডিং ঠিকানা যুক্ত করুন",
+    "add_mail": "একটি ইমেল ওরফে যুক্ত করুন",
+    "new_forward": "newforward@myforeigndomain.org",
+    "new_mail": "newmail@mydomain.org",
+    "mail_forward": "ই-মেইল ফরওয়ার্ডিং ঠিকানা",
+    "mail_addresses": "ইমেইল ঠিকানা",
+    "fullname": "পুরো নাম",
+    "password": "পাসওয়ার্ড",
+    "username": "ব্যবহারকারীর নাম",
+    "information": "আপনার তথ্য",
+    "portal": "ইউনোহোস্ট পোর্টাল"
+}
--- a/portal/locales/ca.json
+++ b/portal/locales/ca.json
@ -4,7 +4,7 @@
    "username": "Nom d'usuari",
    "password": "Contrasenya",
    "fullname": "Nom complet",
-    "mail_addresses": "Correu electrònic",
+    "mail_addresses": "Adreces de correu electrònic",
    "new_mail": "nou_correu@domini.org",
    "add_mail": "Afegir un àlies de correu electrònic",
    "ok": "OK",
@ -16,34 +16,34 @@
    "confirm": "Confirmar",
    "login": "Iniciar sessió",
    "logout": "Tancar sessió",
-    "password_changed": "Contrasenya canviada correctament",
-    "password_changed_error": "S'ha produit un error al canviar la contrasenya",
-    "password_not_match": "Les noves contrasenyes no coincideixen",
+    "password_changed": "Contrasenya canviada",
+    "password_changed_error": "No s'ha pogut canviar la contrasenya",
+    "password_not_match": "Les contrasenyes no coincideixen",
    "wrong_current_password": "La contrasenya actual és incorrecta",
    "invalid_mail": "El correu electrònic no és vàlid",
    "invalid_domain": "Domini invàlid a",
-    "mail_already_used": "El correu electrònic ja utilitzat:",
+    "mail_already_used": "El correu electrònic ja utilitzat",
    "information_updated": "Informació actualitzada",
-    "user_saving_fail": "S'ha produit un error al modificar les dades de l'usuari",
-    "missing_required_fields": "Falten camps obligatoris",
+    "user_saving_fail": "No s'han pogut enregistrar les noves dades de l'usuari",
+    "missing_required_fields": "Ompliu els camps obligatoris",
    "wrong_username_password": "Contrasenya o nom d'usuari incorrectes",
    "logged_out": "Sessió tancada",
    "please_login": "Inicieu sessió per accedir a aquest contingut",
    "please_login_from_portal": "Si us plau, inicieu sessió des del portal",
-    "redirection_error_invalid_url": "Error de redirecció: url invàlida",
+    "redirection_error_invalid_url": "Error de redirecció: URL no vàlida",
    "redirection_error_unmanaged_domain": "Error de redirecció: domini no gestionat",
    "footerlink_edit": "Editar el meu perfil",
    "footerlink_documentation": "Documentació",
    "footerlink_support": "Ajuda",
    "footerlink_administration": "Administració",
-    "mail_forward": "E-mail de reenviament",
+    "mail_forward": "Correu electrònic de reenviament",
    "new_forward": "noureenviament@dominiextern.org",
-    "add_forward": "Afegir un E-mail de reenviament",
-    "invalid_mailforward": "E-mail de reenviament invàlid",
+    "add_forward": "Afegir un correu electrònic de reenviament",
+    "invalid_mailforward": "Correu electrònic de reenviament invàlid",
    "password_listed": "Aquesta contrasenya és una de les més utilitzades en el món. Si us plau utilitzeu-ne una més única.",
    "password_too_simple_1": "La contrasenya ha de tenir un mínim de 8 caràcters",
    "password_too_simple_2": "La contrasenya ha de tenir un mínim de 8 caràcters i ha de contenir dígits, majúscules i minúscules",
    "password_too_simple_3": "La contrasenya ha de tenir un mínim de 8 caràcters i tenir dígits, majúscules, minúscules i caràcters especials",
    "password_too_simple_4": "La contrasenya ha de tenir un mínim de 12 caràcters i tenir dígits, majúscules, minúscules i caràcters especials",
-    "good_practices_about_user_password": "Esteu a punt de definir una nova contrasenya d'usuari. La contrasenya ha de tenir un mínim de 8 caràcters ; tot i que és de bona pràctica utilitzar una contrasenya més llarga (és a dir una frase de contrasenya) i/o utilitzar diferents tipus de caràcters (majúscules, minúscules, dígits i caràcters especials)."
+    "good_practices_about_user_password": "Tria una contrasenya d'un mínim de 8 caràcters - tot i que és de bona pràctica utilitzar contrasenyes més llargues (com per exemple una frase) i/o utilitzar diferents tipus de caràcters (majúscules, minúscules, dígits i caràcters especials)."
 }
--- a/portal/locales/ckb.json
+++ b/portal/locales/ckb.json
@ -0,0 +1 @@
+{}
--- a/portal/locales/cs.json
+++ b/portal/locales/cs.json
@ -0,0 +1,49 @@
+{
+    "add_mail": "Přidat e-mail alias",
+    "new_forward": "newforward@myforeigndomain.org",
+    "new_mail": "newmail@mydomain.org",
+    "mail_forward": "E-mail pro přeposílání",
+    "mail_addresses": "E-mailová adresa",
+    "fullname": "Jméno a příjmení",
+    "password": "Heslo",
+    "username": "Uživatelské jméno",
+    "information": "Vaše údaje",
+    "portal": "YunoHost Portál",
+    "footerlink_administration": "Administrace",
+    "footerlink_support": "Podpora",
+    "footerlink_documentation": "Dokumentace",
+    "footerlink_edit": "Upravit svůj profil",
+    "redirection_error_unmanaged_domain": "Chyba přesměrování: Doména není spravována",
+    "redirection_error_invalid_url": "Chyba přesměrování: Neplatné URL",
+    "please_login_from_portal": "Prosím přihlašte se z portálu",
+    "please_login": "Pro přístup k obsahu se prosím přihlašte",
+    "logged_out": "Jste odhlášen/a",
+    "wrong_username_password": "Chybné uživatelské jméno nebo heslo",
+    "missing_required_fields": "Vyplňte povinné údaje",
+    "user_saving_fail": "Nelze uložit uživatelské údaje",
+    "information_updated": "Údaje upraveny",
+    "mail_already_used": "Tato e-mailová adresa se už používá",
+    "invalid_mailforward": "Neplatná e-mailová adresa pro přeposílání",
+    "invalid_domain": "Neplatná doména v",
+    "invalid_mail": "Neplatná e-mailová adresa",
+    "wrong_current_password": "Současné heslo je chybné",
+    "good_practices_about_user_password": "Vyberte si heslo aspoň 8 znaků dlouhé - dobrou praxí je ale používat delší frázi a používat různé druhy znaků (velká a malá písmena, číslice a speciální znaky).",
+    "password_too_simple_4": "Heslo musí být aspoň 12 znaků dlouhé a obsahovat čísla, velká a malá písmena a speciální znaky",
+    "password_too_simple_3": "Heslo musí být aspoň 8 znaků dlouhé a obsahovat čísla, velká a malá písmena a speciální znaky",
+    "password_too_simple_2": "Heslo musí být aspoň 8 znaků dlouhé a obsahovat číslici, velká a malá písmena",
+    "password_too_simple_1": "Heslo musí být aspoň 8 znaků dlouhé",
+    "password_listed": "Toto heslo je jedním z nejpoužívanějších na světě. Zvolte si prosím něco jediněčnějšího.",
+    "password_not_match": "Hesla se neshodují",
+    "password_changed_error": "Heslo nebylo změněno",
+    "password_changed": "Heslo změněno",
+    "logout": "Odhlásit se",
+    "login": "Přihlásit se",
+    "confirm": "Potvrdit",
+    "new_password": "Nové heslo",
+    "current_password": "Současné heslo",
+    "edit": "Upravit",
+    "change_password": "Změnit heslo",
+    "cancel": "Storno",
+    "ok": "OK",
+    "add_forward": "Přidat e-mailovou adresu pro přeposílání"
+}
--- a/portal/locales/da.json
+++ b/portal/locales/da.json
@ -0,0 +1 @@
+{}
--- a/portal/locales/de.json
+++ b/portal/locales/de.json
@ -1,6 +1,6 @@
 {
-    "add_forward": "E-Mail Weiterleitung hinzufügen",
-    "add_mail": "E-Mail Alias hinzufügen",
+    "add_forward": "E-Mail-Weiterleitung hinzufügen",
+    "add_mail": "E-Mail-Alias hinzufügen",
    "cancel": "Abbrechen",
    "change_password": "Passwort ändern",
    "confirm": "Bestätigen",
@ -11,33 +11,39 @@
    "footerlink_edit": "Mein Profil bearbeiten",
    "footerlink_support": "Support",
    "fullname": "Vollständiger Name",
-    "information": "Deine Informationen",
-    "information_updated": "Informationen wurden aktualisiert",
-    "invalid_domain": "Ungültige Domain angegeben",
-    "invalid_mail": "Ungültige E-Mail Adresse",
-    "invalid_mailforward": "Ungültige E-Mail Weiterleitung",
-    "logged_out": "Ausgeloggt",
+    "information": "Ihre Informationen",
+    "information_updated": "Informationen aktualisiert",
+    "invalid_domain": "Ungültige Domäne angegeben",
+    "invalid_mail": "Ungültige E-Mail-Adresse",
+    "invalid_mailforward": "Ungültige E-Mail-Weiterleitung",
+    "logged_out": "Abgemeldet",
    "login": "Anmelden",
    "logout": "Abmelden",
-    "mail_addresses": "E-Mail Adressen",
-    "mail_already_used": "Diese E-Mail Adresse wird bereits verwendet:",
-    "mail_forward": "E-Mail Weiterleitung",
-    "missing_required_fields": "Benötigte Felder fehlen",
+    "mail_addresses": "E-Mail-Adressen",
+    "mail_already_used": "Diese E-Mail-Adresse wird bereits verwendet",
+    "mail_forward": "E-Mail-Weiterleitung",
+    "missing_required_fields": "Die notwendigen Felder müssen ausgefüllt werden",
    "new_forward": "neueweiterleitung@anderedomain.org",
-    "new_mail": "neuemail@meinedomain.org",
+    "new_mail": "neueadresse@meinedomain.org",
    "new_password": "Neues Passwort",
    "ok": "OK",
    "password": "Passwort",
-    "password_changed": "Passwort erfolgreich geändert",
-    "password_changed_error": "Beim Ändern des Passworts ist ein Fehler aufgetreten",
-    "password_not_match": "Die neuen Passwörter stimmen nicht überein",
-    "please_login": "Bitte logge dich ein, um auf diesen Inhalt zu zugreifen",
-    "please_login_from_portal": "Bitte logge dich am Portal ein",
-    "portal": "YunoHost Portal",
-    "user_saving_fail": "Ein Fehler trat beim Speichern der Änderungen auf",
+    "password_changed": "Passwort geändert",
+    "password_changed_error": "Passwort konnte nicht geändert werden",
+    "password_not_match": "Die Passwörter stimmen nicht überein",
+    "please_login": "Bitte melden Sie sich an, um auf diese Inhalte zuzugreifen",
+    "please_login_from_portal": "Bitte melden Sie sich über das Portal an",
+    "portal": "YunoHost-Portal",
+    "user_saving_fail": "Neue Kontoinformationen konnten nicht gespeichert werden",
    "username": "Benutzername",
    "wrong_current_password": "Aktuelles Passwort ist falsch",
-    "wrong_username_password": "Falscher Benutzername oder Passwort",
-    "redirection_error_invalid_url": "Fehler bei Weiterleitung: Ungültige URL",
-    "redirection_error_unmanaged_domain": "Fehler bei Weiterleitung: Nicht-verwaltete Domain"
+    "wrong_username_password": "Falscher Anmeldename oder Passwort",
+    "redirection_error_invalid_url": "Weiterleitungsfehler: Ungültige URL",
+    "redirection_error_unmanaged_domain": "Weiterleitungsfehler: Nicht-verwaltete Domain",
+    "good_practices_about_user_password": "Wählen Sie ein Benutzerpasswort mit mindestens 8 Zeichen - es ist jedoch empfehlenswert, ein längeres Passwort (z.B. eine Passphrase) und/oder verschiedene Arten von Zeichen (Groß- und Kleinschreibung, Ziffern und Sonderzeichen) zu verwenden.",
+    "password_too_simple_3": "Das Passwort muss mindestens 8 Zeichen lang sein und Grossbuchstaben, Kleinbuchstaben, Zahlen und Sonderzeichen enthalten",
+    "password_too_simple_2": "Das Passwort muss mindestens 8 Zeichen lang sein und Gross- und Kleinbuchstaben sowie Zahlen enthalten",
+    "password_listed": "Dieses Passwort zählt zu den meistgenutzten Passwörtern der Welt. Bitte wähle ein anderes, einzigartigeres Passwort.",
+    "password_too_simple_4": "Das Passwort muss mindestens 12 Zeichen lang sein und Grossbuchstaben, Kleinbuchstaben, Zahlen und Sonderzeichen enthalten",
+    "password_too_simple_1": "Das Passwort muss mindestens 8 Zeichen lang sein"
 }
--- a/portal/locales/el.json
+++ b/portal/locales/el.json
@ -1 +1,49 @@
-{}
+{
+    "footerlink_administration": "Διαχείριση",
+    "footerlink_support": "Υποστήριξη",
+    "footerlink_documentation": "Τεκμηρίωση",
+    "footerlink_edit": "Επεξεργασία του προφίλ μου",
+    "redirection_error_unmanaged_domain": "Σφάλμα ανακατεύθυνσης: Μη διαχειριζόμενος τομέας",
+    "redirection_error_invalid_url": "Σφάλμα ανακατεύθυνσης: Μη έγκυρο URL",
+    "please_login_from_portal": "Συνδεθείτε από την πύλη",
+    "please_login": "Συνδεθείτε για πρόσβαση σε αυτό το περιεχόμενο",
+    "logged_out": "Αποσυνδέθηκα",
+    "wrong_username_password": "Λάθος όνομα χρήστη ή κωδικός",
+    "missing_required_fields": "Συμπληρώστε τα απαιτούμενα πεδία",
+    "user_saving_fail": "Δεν ήταν δυνατή η αποθήκευση νέων πληροφοριών χρήστη",
+    "information_updated": "Οι πληροφορίες ενημερώθηκαν",
+    "mail_already_used": "Γίνεται ήδη χρήση της διεύθυνσης ηλεκτρονικού ταχυδρομείου",
+    "invalid_mailforward": "Μη έγκυρη διεύθυνση προώθησης e-mail",
+    "invalid_domain": "Μη έγκυρος τομέας στο",
+    "invalid_mail": "Μη έγκυρη διεύθυνση e-mail",
+    "wrong_current_password": "Ο τρέχων κωδικός πρόσβασης είναι λάθος",
+    "good_practices_about_user_password": "Διαλέξτε έναν κωδικό πρόσβασης χρήστη με τουλάχιστον 8 χαρακτήρες - αν και είναι καλή πρακτική να χρησιμοποιείτε μακρύτερους (δηλαδή μια φράση πρόσβασης) ή / και να χρησιμοποιείτε διάφορους τύπους χαρακτήρων (κεφαλαία, πεζά, ψηφία και ειδικούς χαρακτήρες).",
+    "password_too_simple_4": "Ο κωδικός πρόσβασης πρέπει να έχει μήκος τουλάχιστον 12 χαρακτήρων και περιέχει ψηφία, άνω, κάτω και ειδικούς χαρακτήρες",
+    "password_too_simple_3": "Ο κωδικός πρόσβασης πρέπει να έχει τουλάχιστον 8 χαρακτήρες και περιέχει ψηφία, άνω, κάτω και ειδικούς χαρακτήρες",
+    "password_too_simple_2": "Ο κωδικός πρόσβασης πρέπει να έχει τουλάχιστον 8 χαρακτήρες και περιέχει ψηφία, άνω και κάτω χαρακτήρες",
+    "password_too_simple_1": "Ο κωδικός πρόσβασης πρέπει να έχει τουλάχιστον 8 χαρακτήρες",
+    "password_listed": "Αυτός ο κωδικός πρόσβασης είναι από τους πιο χρησιμοποιούμενους κωδικούς πρόσβασης στον κόσμο. Επιλέξτε κάτι λίγο πιο μοναδικό.",
+    "password_not_match": "Οι κωδικοί πρόσβασης δεν ταιριάζουν",
+    "password_changed_error": "Δεν ήταν δυνατή η αλλαγή κωδικού πρόσβασης",
+    "password_changed": "Ο κωδικός άλλαξε",
+    "logout": "Αποσύνδεση",
+    "login": "Σύνδεση",
+    "confirm": "Επιβεβαιώνω",
+    "new_password": "Νέος Κωδικός",
+    "current_password": "Τρέχων κωδικός πρόσβασης",
+    "edit": "Επεξεργασία",
+    "change_password": "Αλλαξε κωδικό",
+    "cancel": "Ματαίωση",
+    "ok": "Εντάξει",
+    "add_forward": "Προσθέστε μια διεύθυνση προώθησης email",
+    "add_mail": "Προσθέστε ένα ψευδώνυμο email",
+    "new_forward": "νέοπροςταεμπρός@οξένοςτομέαςμου.org",
+    "new_mail": "νέοταχυδρομείο@οτομέαςμου.org",
+    "mail_forward": "Διεύθυνση προώθησης ηλεκτρονικού ταχυδρομείου",
+    "mail_addresses": "Διευθύνσεις ηλεκτρονικού ταχυδρομείου",
+    "fullname": "Πλήρες όνομα",
+    "password": "Κωδικός πρόσβασης",
+    "username": "Όνομα χρήστη",
+    "information": "Τα στοιχεία σας",
+    "portal": "Πύλη YunoHost"
+}
--- a/portal/locales/en.json
+++ b/portal/locales/en.json
@ -1,15 +1,15 @@
 {
   "portal": "YunoHost Portal",
-   "information": "Your information",
+   "information": "Your info",
   "username": "Username",
   "password": "Password",
-   "fullname": "Fullname",
-   "mail_addresses": "Mail addresses",
-   "mail_forward": "Mail forward",
+   "fullname": "Full name",
+   "mail_addresses": "E-mail addresses",
+   "mail_forward": "E-mail forwarding address",
   "new_mail": "newmail@mydomain.org",
   "new_forward": "newforward@myforeigndomain.org",
-   "add_mail": "Add a mail alias",
-   "add_forward": "Add a mail forward",
+   "add_mail": "Add an e-mail alias",
+   "add_forward": "Add an e-mail forwarding address",
   "ok": "OK",
   "cancel": "Cancel",
   "change_password": "Change password",
@ -17,30 +17,30 @@
   "current_password": "Current password",
   "new_password": "New password",
   "confirm": "Confirm",
-   "login": "Login",
-   "logout": "Logout",
-   "password_changed": "Password successfully changed",
-   "password_changed_error": "An error occurred on password changing",
-   "password_not_match": "New passwords don't match",
-   "password_listed": "This password is among the most used password in the world. Please choose something a bit more unique.",
-   "password_too_simple_1": "Password needs to be at least 8 characters long",
-   "password_too_simple_2": "Password needs to be at least 8 characters long and contains digit, upper and lower characters",
-   "password_too_simple_3": "Password needs to be at least 8 characters long and contains digit, upper, lower and special characters",
-   "password_too_simple_4": "Password needs to be at least 12 characters long and contains digit, upper, lower and special characters",
-   "good_practices_about_user_password": "You are now about to define a new user password. The password should be at least 8 characters - though it is good practice to use longer password (i.e. a passphrase) and/or to use various kind of characters (uppercase, lowercase, digits and special characters).",
-   "wrong_current_password": "Current password is wrong",
-   "invalid_mail": "Invalid mail address",
+   "login": "Log in",
+   "logout": "Log out",
+   "password_changed": "Password changed",
+   "password_changed_error": "Could not change password",
+   "password_not_match": "The passwords don't match",
+   "password_listed": "This password is among the most used passwords in the world. Please choose something a bit more unique.",
+   "password_too_simple_1": "The password needs to be at least 8 characters long",
+   "password_too_simple_2": "The password needs to be at least 8 characters long and contains digit, upper and lower characters",
+   "password_too_simple_3": "The password needs to be at least 8 characters long and contains digit, upper, lower and special characters",
+   "password_too_simple_4": "The password needs to be at least 12 characters long and contains digit, upper, lower and special characters",
+   "good_practices_about_user_password": "Pick a user password of at least 8 characters - though it is good practice to use longer ones (i.e. a passphrase) and/or use various kind of characters (uppercase, lowercase, digits and special characters).",
+   "wrong_current_password": "The current password is wrong",
+   "invalid_mail": "Invalid e-mail address",
   "invalid_domain": "Invalid domain in",
-   "invalid_mailforward": "Invalid mail forward address",
-   "mail_already_used": "Mail address already used:",
-   "information_updated": "Information updated",
-   "user_saving_fail": "An error occurred on user's modification saving",
-   "missing_required_fields": "Required fields are missing",
+   "invalid_mailforward": "Invalid e-mail forwarding address",
+   "mail_already_used": "E-mail address already in use",
+   "information_updated": "Info updated",
+   "user_saving_fail": "Could not save new user info",
+   "missing_required_fields": "Fill in the required fields",
   "wrong_username_password": "Wrong username or password",
   "logged_out": "Logged out",
   "please_login": "Please log in to access to this content",
   "please_login_from_portal": "Please log in from the portal",
-   "redirection_error_invalid_url": "Redirection error: Invalid url",
+   "redirection_error_invalid_url": "Redirection error: Invalid URL",
   "redirection_error_unmanaged_domain": "Redirection error: Unmanaged domain",
   "footerlink_edit": "Edit my profile",
   "footerlink_documentation": "Documentation",
--- a/portal/locales/eo.json
+++ b/portal/locales/eo.json
@ -13,8 +13,37 @@
    "portal": "Yunohost portalo",
    "fullname": "Plena nomo",
    "new_mail": "nova-adreso@mia-domajno.org",
-    "confirm": "Konfirmi",
-    "password_changed": "Pasvorto sukcese ŝanĝita",
-    "password_changed_error": "Eraro okazis dum ŝanĝo de pasvorto",
-    "password_not_match": "Novaj pasvortoj ne estas samaj"
+    "confirm": "Konfirmu",
+    "password_changed": "Pasvorto ŝanĝita",
+    "password_changed_error": "Ne povis ŝanĝi pasvorton",
+    "password_not_match": "La pasvortoj ne kongruas",
+    "footerlink_administration": "Administrado",
+    "footerlink_support": "Subteno",
+    "footerlink_documentation": "Dokumentado",
+    "footerlink_edit": "Redakti mian profilon",
+    "redirection_error_unmanaged_domain": "Redirekta eraro: Ne administrita domajno",
+    "redirection_error_invalid_url": "Redirekta eraro: Nevalida URL",
+    "please_login_from_portal": "Bonvolu ensaluti de la portalo",
+    "please_login": "Bonvolu ensaluti por aliri ĉi tiun enhavon",
+    "logged_out": "Ensalutinta",
+    "wrong_username_password": "Malĝusta uzantnomo aŭ pasvorto",
+    "missing_required_fields": "Plenigu la postulatajn kampojn",
+    "user_saving_fail": "Ne povis konservi novajn uzantinformojn",
+    "information_updated": "Informoj ĝisdatigitaj",
+    "mail_already_used": "Retpoŝtadreso jam en uzo",
+    "invalid_mailforward": "Nevalida retpoŝtadreso",
+    "invalid_domain": "Nevalida domajno en",
+    "invalid_mail": "Nevalida retpoŝta adreso",
+    "wrong_current_password": "Aktuala pasvorto estas malĝusta",
+    "good_practices_about_user_password": "Elektu uzantan pasvorton de almenaŭ 8 signoj - kvankam ĝi estas bona praktiko uzi pli longajn (I.E. Pasfraso) kaj / aŭ uzas diversajn specojn de karakteroj (majusklaj, minusklaj, ciferoj kaj specialaj signoj).",
+    "password_too_simple_4": "La pasvorto devas havi almenaŭ 12 signojn kaj enhavas ciferojn, suprajn, pli malaltajn kaj specialajn signojn",
+    "password_too_simple_3": "La pasvorto devas havi almenaŭ 8 signojn kaj enhavas ciferojn, suprajn, pli malaltajn kaj specialajn signojn",
+    "password_too_simple_2": "La pasvorto devas havi almenaŭ 8 signojn kaj enhavas ciferojn, suprajn kaj pli malaltajn signojn",
+    "password_too_simple_1": "Pasvorto devas esti almenaŭ 8 signojn longa",
+    "password_listed": "Ĉi tiu pasvorto estas inter la plej uzataj pasvortoj en la mondo. Bonvolu elekti ion pli unikan.",
+    "ok": "bone",
+    "add_forward": "Aldonu poŝton antaŭen",
+    "add_mail": "Aldonu poŝton alias",
+    "new_forward": "newforward@myforeigndomain.org",
+    "mail_forward": "Poŝti antaŭen"
 }
--- a/portal/locales/es.json
+++ b/portal/locales/es.json
@ -1,5 +1,5 @@
 {
-    "add_forward": "Añadir un reenvío de correo electrónico",
+    "add_forward": "Añadir una dirección de reenvío de correo electrónico",
    "add_mail": "Añadir un alias de correo electrónico",
    "cancel": "Cancelar",
    "change_password": "Cambiar contraseña",
@ -15,13 +15,13 @@
    "information_updated": "Información actualizada",
    "invalid_domain": "Dominio no válido en",
    "invalid_mail": "La dirección de correo electrónico no es válida",
-    "invalid_mailforward": "La dirección de reenvío no es válida",
+    "invalid_mailforward": "La dirección de reenvío de correo electrónico no es válida",
    "logged_out": "Sesión cerrada",
    "login": "Iniciar sesión",
    "logout": "Cerrar sesión",
    "mail_addresses": "Direcciones de correo electrónico",
-    "mail_already_used": "Dirección de correo electrónico ya está en uso:",
-    "mail_forward": "Reenviar correo electrónico",
+    "mail_already_used": "Dirección de correo electrónico ya está en uso",
+    "mail_forward": "Dirección de reenvío de correo electrónico",
    "missing_required_fields": "Faltan campos obligatorios",
    "new_forward": "nuevoreenvio@midominioexterior.org",
    "new_mail": "nuevomail@midominio.org",
@ -39,5 +39,11 @@
    "wrong_current_password": "La contraseña actual es incorrecta",
    "wrong_username_password": "Nombre de usuario o contraseña incorrectos",
    "redirection_error_invalid_url": "Error de redirección: url inválido",
-    "redirection_error_unmanaged_domain": "Error de redirección: Dominio no gestionado"
+    "redirection_error_unmanaged_domain": "Error de redirección: Dominio no gestionado",
+    "password_listed": "Esta contraseña se encuentra entre las contraseñas más utilizadas en el mundo. Por favor, elija algo un poco más único.",
+    "password_too_simple_1": "La contraseña debe tener al menos 8 caracteres de longitud",
+    "password_too_simple_2": "La contraseña debe tener al menos 8 caracteres de longitud y contiene dígitos, mayúsculas y minúsculas",
+    "password_too_simple_3": "La contraseña debe ser de al menos 8 caracteres de longitud e incluir un número y caracteres en mayúsculas, minúsculas y caracteres especiales",
+    "password_too_simple_4": "La contraseña debe ser de al menos 12 caracteres de longitud e incluir un número, mayúsculas, minúsculas y caracteres especiales",
+    "good_practices_about_user_password": "Está a punto de establecer una nueva contraseña de usuario. La contraseña debería de ser de al menos 8 caracteres, aunque es una buena práctica usar una contraseña más larga (es decir, una frase de paso) y/o usar varias clases de caracteres (mayúsculas, minúsculas, dígitos y caracteres especiales)."
 }
--- a/portal/locales/eu.json
+++ b/portal/locales/eu.json
@ -1 +1,49 @@
-{}
+{
+    "footerlink_administration": "Administrazioa",
+    "footerlink_support": "Laguntza",
+    "footerlink_documentation": "Dokumentazioa",
+    "footerlink_edit": "Editatu profila",
+    "redirection_error_unmanaged_domain": "Birzuzenketa errorea: kudeatu gabeko domeinua",
+    "redirection_error_invalid_url": "Birbideraketa errorea: URL okerra",
+    "please_login_from_portal": "Hasi saioa atarian",
+    "please_login": "Hasi saioa edukira sartzeko",
+    "logged_out": "Saioa amaituta",
+    "wrong_username_password": "Erabiltzaile-izen edo pasahitz okerra",
+    "missing_required_fields": "Bete beharreko eremuak",
+    "user_saving_fail": "Ezinezkoa izan da erabiltzailearen informazio berria gordetzea",
+    "information_updated": "Informazioa eguneratu da",
+    "mail_already_used": "Helbide elektroniko hori erabiltzen ari zara dagoeneko",
+    "invalid_mailforward": "Birbidalketarako helbide okerra",
+    "invalid_domain": "Domeinu okerra",
+    "invalid_mail": "Helbide elektronikoa ez da zuzena",
+    "wrong_current_password": "Oraingo pasahitza okerra da",
+    "good_practices_about_user_password": "Aukeratu gutxienez 8 karaktere dituen erabiltzaile-pasahitz bat — baina gomendioa pasahitz luzeagoak erabiltzea da (adibidez, esaldi bat) edota karaktere desberdinak erabiltzea (larriak, txikiak, zenbakiak eta karaktere bereziak).",
+    "password_too_simple_4": "Pasahitzak 12 karaktere izan behar ditu gutxienez eta zenbakiren bat, hizki larriren bat, txikiren bat eta karaktere bereziren bat izan behar ditu",
+    "password_too_simple_3": "Pasahitzak 8 karaktere izan behar ditu gutxienez eta zenbakiak, hizki larriak, hizki txikiak eta karaktere bereziak izan behar ditu",
+    "password_too_simple_2": "Pasahitzak 8 karaktere izan behar ditu gutxienez eta zenbakiak, hizki larriak eta hizki txikiak izan behar ditu",
+    "password_too_simple_1": "Pasahitzak 8 karaktere izan behar ditu gutxienez",
+    "password_listed": "Pasahitz hau munduko pasahitz erabilienen artean dago. Aukeratu bereziagoa den zerbait.",
+    "password_not_match": "Pasahitzak ez datoz bat",
+    "password_changed_error": "Ezin izan da pasahitza aldatu",
+    "password_changed": "Pasahitza aldatu da",
+    "logout": "Amaitu saioa",
+    "login": "Hasi saioa",
+    "confirm": "Berretsi",
+    "new_password": "Pasahitz berria",
+    "current_password": "Oraingo pasahitza",
+    "edit": "Editatu",
+    "change_password": "Aldatu pasahitza",
+    "cancel": "Utzi",
+    "ok": "Ados",
+    "add_forward": "Gehitu helbide elektronikoa birbidaltzeko e-maila",
+    "add_mail": "Gehitu e-mail ezizen bat",
+    "new_forward": "birbidalketaberria@nirekanpokodomeinua.eus",
+    "new_mail": "postaberria@niredomeinua.eus",
+    "mail_forward": "Birbidalketarako posta elektronikoa",
+    "mail_addresses": "Helbide elektronikoak",
+    "fullname": "Izen osoa",
+    "password": "Pasahitza",
+    "username": "Erabiltzaile-izena",
+    "information": "Zure informazioa",
+    "portal": "YunoHost ataria"
+}
--- a/portal/locales/fa.json
+++ b/portal/locales/fa.json
@ -0,0 +1,49 @@
+{
+    "cancel": "لغو",
+    "logged_out": "خارج شده",
+    "password": "کلمه عبور",
+    "ok": "خوب",
+    "footerlink_administration": "مدیریت",
+    "footerlink_support": "پشتیبانی",
+    "footerlink_documentation": "مستندات",
+    "footerlink_edit": "ویرایش پروفایل من",
+    "redirection_error_unmanaged_domain": "خطای تغییر مسیر: دامنه مدیریت نشده",
+    "redirection_error_invalid_url": "خطای تغییر مسیر: نشانی اینترنتی نامعتبر است",
+    "please_login_from_portal": "لطفاً از درگاه پورتال وارد شوید",
+    "please_login": "لطفاً برای دسترسی به این محتوا وارد شوید",
+    "wrong_username_password": "نام کاربری یا رمز عبور اشتباه است",
+    "missing_required_fields": "فیلدهای مورد نیاز را پر کنید",
+    "user_saving_fail": "اطلاعات کاربر جدید ذخیره نشد",
+    "information_updated": "اطلاعات به روز شد",
+    "mail_already_used": "آدرس پست الکترونیکی قبلاً استفاده می شود",
+    "invalid_mailforward": "آدرس ارسال ایمیل نامعتبر است",
+    "invalid_domain": "دامنه نامعتبر در",
+    "invalid_mail": "آدرس ایمیل نامعتبر است",
+    "wrong_current_password": "رمز فعلی اشتباه است",
+    "good_practices_about_user_password": "گذرواژه کاربر متشکل ازانواع مختلف کاراکترها (بزرگ ، کوچک ، رقم و کاراکتر های خاص)را حداقل با 8 کاراکتر انتخاب کنید - هرچند استفاده از کلمات طولانی تر تمرین خوبی است (مانند عبارت عبور).",
+    "password_too_simple_4": "رمز عبور باید شامل اعداد ، حروف کوچک و بزرگ و کاراکترهای خاص باشد، و حداقل 12 کاراکتر طول داشته باشد",
+    "password_too_simple_3": "رمز عبور باید شامل اعداد ، حروف کوچک و بزرگ و کاراکترهای خاص باشد، و حداقل 8 کاراکتر طول داشته باشد",
+    "password_too_simple_2": "رمز عبور باید شامل اعداد و حروف کوچک و بزرگ، و حداقل 8 کاراکتر طول داشته باشد",
+    "password_too_simple_1": "رمز عبور باید حداقل 8 کاراکتر باشد",
+    "password_listed": "لطفاً گذرواژه کمی منحصر به فردتری انتخاب کنید. این رمز عبور جزو پر استفاده ترین رمزهای عبور جهان بشمار میرود.",
+    "password_not_match": "گذرواژه ها مطابقت ندارند",
+    "password_changed_error": "رمز عبور تغییر نکرد",
+    "password_changed": "رمز عبور تغییر کرد",
+    "logout": "خروج",
+    "login": "ورود به سیستم",
+    "confirm": "تائید کردن",
+    "new_password": "رمز عبور جدید",
+    "current_password": "رمز عبور فعلی",
+    "edit": "ویرایش",
+    "change_password": "تغییر رمز عبور",
+    "add_forward": "آدرس هدایت ایمیل را اضافه کنید",
+    "add_mail": "یک نام مستعار ایمیل اضافه کنید",
+    "new_forward": "newforward@myforeigndomain.org",
+    "new_mail": "newmail@mydomain.org",
+    "mail_forward": "آدرس ارسال به جلو ایمیل",
+    "mail_addresses": "آدرس ایمیل",
+    "fullname": "نام و نام خانوادگی",
+    "username": "نام کاربری",
+    "information": "اطلاعات شما",
+    "portal": "پورتال YunoHost"
+}
--- a/portal/locales/fi.json
+++ b/portal/locales/fi.json
@ -0,0 +1,49 @@
+{
+    "cancel": "Peruuta",
+    "portal": "YunoHost-portaali",
+    "password": "Salasana",
+    "ok": "OK",
+    "information": "Sinun tiedot",
+    "username": "Käyttäjänimi",
+    "fullname": "Koko nimi",
+    "mail_addresses": "Sähköpostiosoitteet",
+    "mail_forward": "Sähköpostin välitysosoite",
+    "new_mail": "uusiosoite@minundomain.fi",
+    "new_forward": "uusivälitys@minunulkopuolinendomain.fi",
+    "add_mail": "Lisää sähköposti-alias",
+    "add_forward": "Lisää sähköpostin välitysosoite",
+    "change_password": "Vaihda salasana",
+    "edit": "Muokkaa",
+    "current_password": "Nykyinen salasana",
+    "new_password": "Uusi salasana",
+    "confirm": "Vahvista",
+    "login": "Kirjaudu sisään",
+    "logout": "Kirjaudu ulos",
+    "password_changed": "Salasana vaihdettu",
+    "password_changed_error": "Salasanaa ei voitu vaihtaa",
+    "password_not_match": "Salasanat eivät täsmänneet",
+    "password_listed": "Tämä salasana on yksi maailman käytetyimmistä salasanoista. Valitse jotain hieman ainutlaatuisempaa.",
+    "password_too_simple_1": "Salasanan pitää olla ainakin 8 merkin pituinen",
+    "password_too_simple_2": "Salasanan on oltava vähintään 8 merkkiä pitkä ja sen on sisällettävä numeroita, isoja ja pieniä merkkejä",
+    "wrong_current_password": "Nykyinen salasana on väärin",
+    "invalid_mail": "Virheellinen sähköpostiosoite",
+    "invalid_domain": "Virheellinen domain",
+    "invalid_mailforward": "Virheellinen välityssähköpostiosoite",
+    "mail_already_used": "Sähköpostiosoite on jo käytössä",
+    "information_updated": "Tiedot päivitetty",
+    "user_saving_fail": "Uuden käyttäjän tietoja ei voitu tallentaa",
+    "missing_required_fields": "Täytä pakolliset kentät",
+    "wrong_username_password": "Väärä käyttäjänimi tai salasana",
+    "logged_out": "Kirjauduttu ulos",
+    "please_login": "Kirjaudu sisään päästäksesi käsiksi tähän sisältöön",
+    "please_login_from_portal": "Kirjaudu sisään portaalista",
+    "redirection_error_invalid_url": "Uudelleenohjausvirhe: Virheellinen URL-osoite",
+    "redirection_error_unmanaged_domain": "Uudelleenohjausvirhe: Hallitsematon domain",
+    "footerlink_edit": "Muokkaa profiiliani",
+    "footerlink_documentation": "Dokumentaatio",
+    "footerlink_support": "Tuki",
+    "footerlink_administration": "Ylläpito",
+    "password_too_simple_3": "Salasanan on oltava vähintään 8 merkkiä pitkä ja sen on sisällettävä numeroita, isoja ja pieniä merkkejä",
+    "password_too_simple_4": "Salasanan on oltava vähintään 12 merkkiä pitkä ja sen on sisällettävä numeroita, isoja ja pieniä merkkejä",
+    "good_practices_about_user_password": "Valitse vähintään kahdeksan merkkiä pitkä salasana - on kuitenkin hyvä käyttää pidempiä salasanoja (esim. salasanalause) ja/tai erilaisia merkkejä (isoja ja pieniä kirjaimia, numeroita ja erikoismerkkejä)."
+}
--- a/portal/locales/fr.json
+++ b/portal/locales/fr.json
@ -11,8 +11,8 @@
    "footerlink_edit": "Éditer mon profil",
    "footerlink_support": "Support",
    "fullname": "Nom complet",
-    "information": "Vos informations",
-    "information_updated": "Informations mises à jour",
+    "information": "Vos infos",
+    "information_updated": "Info mises à jour",
    "invalid_domain": "Nom de domaine invalide dans",
    "invalid_mail": "Adresse de courriel invalide",
    "invalid_mailforward": "Adresse courriel de transfert invalide",
@ -20,30 +20,30 @@
    "login": "Connexion",
    "logout": "Déconnexion",
    "mail_addresses": "Adresses de courriel",
-    "mail_already_used": "Adresse de courriel déjà utilisée :",
+    "mail_already_used": "Adresse de courriel déjà utilisée",
    "mail_forward": "Adresses de transfert",
-    "missing_required_fields": "Champs requis manquants",
+    "missing_required_fields": "Remplir les champs obligatoires",
    "new_forward": "nouveau_transfert@domainedistant.org",
    "new_mail": "nouvelle_adresse@domaine.org",
    "new_password": "Nouveau mot de passe",
    "ok": "OK",
    "password": "Mot de passe",
-    "password_changed": "Mot de passe modifié avec succès",
-    "password_changed_error": "Une erreur s’est produite lors du changement de mot de passe",
-    "password_not_match": "Les nouveaux mots de passe ne correspondent pas",
+    "password_changed": "Mot de passe modifié",
+    "password_changed_error": "Impossible de changer le mot de passe",
+    "password_not_match": "Les mots de passe ne correspondent pas",
    "please_login": "Veuillez vous identifier pour accéder à cette page",
    "please_login_from_portal": "Veuillez vous identifier depuis le portail",
    "portal": "Portail YunoHost",
-    "user_saving_fail": "Une erreur s’est produite lors de la modification des informations",
-    "username": "Nom d’utilisateur",
+    "user_saving_fail": "Impossible d'enregistrer les nouvelles informations de compte",
+    "username": "Nom du compte",
    "wrong_current_password": "Le mot de passe actuel est incorrect",
-    "wrong_username_password": "Nom d’utilisateur ou mot de passe incorrect",
-    "redirection_error_invalid_url": "Erreur de redirection : URL invalide",
-    "redirection_error_unmanaged_domain": "Erreur de redirection : domaine non géré",
+    "wrong_username_password": "Nom de compte ou mot de passe incorrect",
+    "redirection_error_invalid_url": "Erreur de redirection : URL invalide",
+    "redirection_error_unmanaged_domain": "Erreur de redirection : domaine non géré",
    "password_listed": "Ce mot de passe est l'un des mots de passe les plus utilisés dans le monde. Veuillez choisir quelque chose d'un peu plus singulier.",
    "password_too_simple_1": "Le mot de passe doit comporter au moins 8 caractères",
    "password_too_simple_2": "Le mot de passe doit comporter au moins 8 caractères et contenir des chiffres, des majuscules et des minuscules",
    "password_too_simple_3": "Le mot de passe doit comporter au moins 8 caractères et contenir des chiffres, des majuscules, des minuscules et des caractères spéciaux",
    "password_too_simple_4": "Le mot de passe doit comporter au moins 12 caractères et contenir des chiffres, des majuscules, des minuscules et des caractères spéciaux",
-    "good_practices_about_user_password": "Vous êtes maintenant sur le point de définir un nouveau mot de passe utilisateur. Le mot de passe doit comporter au moins 8 caractères — bien qu’il soit recommandé d’utiliser un mot de passe plus long (c’est-à-dire une phrase secrète) et/ou d’utiliser différents types de caractères (majuscules, minuscules, chiffres et caractères spéciaux)."
+    "good_practices_about_user_password": "Choisissez un mot de passe d’au moins 8 caractères, bien qu'il soit recommandé d'utiliser un mot de passe plus long (c'est-à-dire une phrase secrète) et/ou une combinaison de caractères (majuscules, minuscules, chiffres et caractères spéciaux)."
 }
--- a/portal/locales/gl.json
+++ b/portal/locales/gl.json
@ -0,0 +1,49 @@
+{
+    "footerlink_administration": "Administración",
+    "footerlink_support": "Axuda",
+    "footerlink_documentation": "Documentación",
+    "footerlink_edit": "Editar o meu perfil",
+    "redirection_error_unmanaged_domain": "Erro na redirección: Dominio non xestionado",
+    "redirection_error_invalid_url": "Erro na redirección: URL non válido",
+    "please_login_from_portal": "Conéctate desde o portal",
+    "please_login": "Conéctate para acceder a este contido",
+    "logged_out": "Sesión pechada",
+    "wrong_username_password": "Credenciais incorrectas",
+    "missing_required_fields": "Completa os campos requeridos",
+    "user_saving_fail": "Non se gardou a info da nova usuaria",
+    "information_updated": "Info actualizada",
+    "mail_already_used": "Xa está en uso o enderezo de email",
+    "invalid_mailforward": "Enderezo de reenvío de email non válido",
+    "invalid_domain": "Dominio non válido",
+    "invalid_mail": "Enderezo de email non válido",
+    "wrong_current_password": "O contrasinal actual é incorrecto",
+    "good_practices_about_user_password": "Elixe un contrasinal con 8 caracteres como mínimo - é recomendable que sexa longo (ex. unha frase) e utilizar varios tipos de caracteres (maiúsculas, minúsculas, díxitos e caracteres especiais).",
+    "password_too_simple_4": "O contrasinal debe ter 12 caracteres como mínimo e ter díxitos, maiúsculas e minúsculas e caracteres especiais",
+    "password_too_simple_3": "O contrasinal debe ter 8 caracteres como mínimo e ter díxitos, maiúsculas e minúsculas e caracteres especiais",
+    "password_too_simple_2": "O contrasinal debe ter 8 caracteres como mínimo e ter díxitos e caracteres en maiúsculas e minúsculas",
+    "password_too_simple_1": "O contrasinal ten que ter 8 caracteres como mínimo",
+    "password_listed": "Este contrasinal é un dos máis utilizados no mundo. Mellor elixe un que sexa máis orixinal.",
+    "password_not_match": "Os contrasinais non concordan",
+    "password_changed_error": "Non se cambiou o contrasinal",
+    "password_changed": "Contrasinal cambiado",
+    "logout": "Pechar sesión",
+    "login": "Acceder",
+    "confirm": "Confirmar",
+    "new_password": "Novo contrasinal",
+    "current_password": "Contrasinal actual",
+    "edit": "Editar",
+    "change_password": "Cambiar contrasinal",
+    "cancel": "Cancelar",
+    "ok": "Ok",
+    "add_forward": "Engadir un enderezo de reenvío de email",
+    "add_mail": "Engadir un alias de email",
+    "new_forward": "novoreenvio@omeudominioexterno.org",
+    "new_mail": "novomail@omeudominio.org",
+    "mail_forward": "Enderezo de reenvío de email",
+    "mail_addresses": "Enderezos de email",
+    "fullname": "Nome completo",
+    "password": "Contrasinal",
+    "username": "Identificador",
+    "information": "A túa info",
+    "portal": "Portal YunoHost"
+}
--- a/portal/locales/he.json
+++ b/portal/locales/he.json
@ -0,0 +1 @@
+{}
--- a/portal/locales/hi.json
+++ b/portal/locales/hi.json
@ -1,4 +1,49 @@
 {
    "logged_out": "लॉग आउट",
-    "password": "पासवर्ड"
+    "password": "पासवर्ड",
+    "footerlink_administration": "प्रशासन",
+    "footerlink_support": "समर्थन",
+    "footerlink_documentation": "प्रलेखन",
+    "footerlink_edit": "मेरे प्रोफ़ाइल संपादित करे",
+    "redirection_error_unmanaged_domain": "पुनर्निर्देशन त्रुटि: अप्रबंधित डोमेन",
+    "redirection_error_invalid_url": "पुनर्निर्देशन त्रुटि: अमान्य URL",
+    "please_login_from_portal": "कृपया पोर्टल से लॉग इन करें",
+    "please_login": "कृपया इस सामग्री तक पहुंचने के लिए लॉग इन करें",
+    "wrong_username_password": "उपयोगकर्ता का गलत नाम और पासवर्ड",
+    "missing_required_fields": "आवश्यक फ़ील्ड भरें",
+    "user_saving_fail": "नई उपयोगकर्ता जानकारी को सहेज नहीं सका",
+    "information_updated": "जानकारी अपडेट की गई",
+    "mail_already_used": "यह ईमेल अड्रेस पहले से ही उपयोग में है",
+    "invalid_mailforward": "अमान्य ई-मेल अग्रेषण पता",
+    "invalid_domain": "में अमान्य डोमेन",
+    "invalid_mail": "अमान्य ईमेल पता",
+    "wrong_current_password": "वर्तमान पासवर्ड गलत है",
+    "good_practices_about_user_password": "कम से कम 8 वर्णों का एक उपयोगकर्ता पासवर्ड चुनें - हालाँकि यह लंबे लोगों (यानी एक पासफ़्रेज़) और / या विभिन्न प्रकार के वर्ण (अपरकेस, लोअरकेस, अंक और विशेष वर्ण) का उपयोग करने के लिए अच्छा अभ्यास है।",
+    "password_too_simple_4": "पासवर्ड को कम से कम 12 वर्णों का होना चाहिए और इसमें अंक, ऊपरी, निचले और विशेष वर्ण शामिल होने चाहिए",
+    "password_too_simple_3": "पासवर्ड को कम से कम 8 वर्ण लंबा होना चाहिए और इसमें अंक, ऊपरी, निचले और विशेष वर्ण शामिल हैं",
+    "password_too_simple_2": "पासवर्ड को कम से कम 8 वर्ण लंबा होना चाहिए और इसमें अंक, ऊपरी और निचले वर्ण शामिल हैं",
+    "password_too_simple_1": "पासवर्ड को कम से कम 8 वर्ण लंबा होना चाहिए",
+    "password_listed": "यह पासवर्ड दुनिया में सबसे ज्यादा इस्तेमाल किए जाने वाले पासवर्ड में से है। कृपया कुछ और अनोखा चुनें।",
+    "password_not_match": "पासवर्ड मेल नहीं खाते",
+    "password_changed_error": "पासवर्ड नहीं बदल सका",
+    "password_changed": "पासवर्ड बदला गया",
+    "logout": "लोग आउट",
+    "login": "लॉग इन करें",
+    "confirm": "की पुष्टि करें",
+    "new_password": "नया पासवर्ड",
+    "current_password": "वर्तमान पासवर्ड",
+    "edit": "संपादित करें",
+    "change_password": "पासवर्ड बदलें",
+    "cancel": "रद्द करना",
+    "ok": "ठीक है",
+    "add_forward": "एक ई-मेल अग्रेषण पता जोड़ें",
+    "add_mail": "एक ईमेल उपनाम जोड़ें",
+    "new_forward": "newforward@myforeigndomain.org",
+    "new_mail": "newmail@mydomain.org",
+    "mail_forward": "ई-मेल अग्रेषण पता",
+    "mail_addresses": "ईमेल पता",
+    "fullname": "पूरा नाम",
+    "username": "उपयोगकर्ता नाम",
+    "information": "आपकी जानकारी",
+    "portal": "यूनोहास्ट पोर्टल"
 }
--- a/portal/locales/hu.json
+++ b/portal/locales/hu.json
@ -1 +1,49 @@
-{}
+{
+    "footerlink_administration": "Adminisztráció",
+    "footerlink_support": "Támogatás",
+    "footerlink_documentation": "Dokumentáció",
+    "footerlink_edit": "Profilom szerkesztése",
+    "redirection_error_unmanaged_domain": "Átirányítási hiba: Nem kezelt domain",
+    "redirection_error_invalid_url": "Átirányítási hiba: érvénytelen URL",
+    "please_login_from_portal": "Kérjük, jelentkezzen be a portálról",
+    "please_login": "Kérjük, jelentkezzen be, hogy hozzáférjen ehhez a tartalomhoz",
+    "logged_out": "Kilépett",
+    "wrong_username_password": "Rossz felhasználónév vagy jelszó",
+    "missing_required_fields": "Töltse ki a kötelező mezőket",
+    "user_saving_fail": "Nem sikerült menteni az új felhasználói információkat",
+    "information_updated": "Az információ frissítve",
+    "mail_already_used": "Az e-mail cím már használatban van",
+    "invalid_mailforward": "Érvénytelen e-mail továbbító cím",
+    "invalid_domain": "Érvénytelen domain itt",
+    "invalid_mail": "Érvénytelen e-mail cím",
+    "wrong_current_password": "A jelenlegi jelszó helytelen",
+    "good_practices_about_user_password": "Válasszon legalább 8 karakterből álló felhasználói jelszót - jó gyakorlat azonban hosszabb jelszó használata (azaz egy jelmondat) és/vagy különféle karakterek (nagybetűk, kisbetűk, számjegyek és speciális karakterek) használata.",
+    "password_too_simple_4": "A jelszónak legalább 12 karakter hosszúnak kell lennie, és tartalmaznia kell számjegy, felső, alsó és speciális karaktereket",
+    "password_too_simple_3": "A jelszónak legalább 8 karakter hosszúnak kell lennie, és tartalmaznia kell számjegy, felső, alsó és speciális karaktereket",
+    "password_too_simple_2": "A jelszónak legalább 8 karakter hosszúnak kell lennie, és számjegyű, felső és alsó karaktereket kell tartalmaznia",
+    "password_too_simple_1": "A jelszónak legalább 8 karakter hosszúnak kell lennie",
+    "password_listed": "Ez a jelszó a világ egyik leggyakrabban használt jelszava. Kérjük, válasszon egy kicsit egyediabbat.",
+    "password_not_match": "A jelszavak nem egyeznek",
+    "password_changed_error": "Nem sikerült megváltoztatni a jelszót",
+    "password_changed": "A jelszó megváltozott",
+    "logout": "Kijelentkezés",
+    "login": "Belépés",
+    "confirm": "megerősít",
+    "new_password": "Új jelszó",
+    "current_password": "Jelenlegi jelszó",
+    "edit": "Ezerkesztése",
+    "change_password": "Jelszó módosítása",
+    "cancel": "Megszünteti",
+    "ok": "Rendben",
+    "add_forward": "Adjon hozzá egy e-mail továbbító címet",
+    "add_mail": "Adjon hozzá egy e-mail álnevet",
+    "new_forward": "newforward@myforeigndomain.org",
+    "new_mail": "newmail@mydomain.org",
+    "mail_forward": "E-mail továbbítási cím",
+    "mail_addresses": "Email címek",
+    "fullname": "Teljes név",
+    "password": "Jelszó",
+    "username": "Felhasználónév",
+    "information": "Az Ön adata",
+    "portal": "YunoHost portál"
+}
--- a/portal/locales/id.json
+++ b/portal/locales/id.json
@ -0,0 +1,49 @@
+{
+    "cancel": "Batal",
+    "portal": "Portal YunoHost",
+    "information": "Info Anda",
+    "username": "Nama Pengguna",
+    "password": "Kata sandi",
+    "fullname": "Nama Lengkap",
+    "mail_addresses": "Alamat surel",
+    "mail_forward": "Alamat surel terusan",
+    "new_mail": "surelbaru@domainku.org",
+    "new_forward": "terusanbaru@domainlainku.org",
+    "add_mail": "Buat surel alias",
+    "add_forward": "Buat alamat surel terusan",
+    "ok": "Oke",
+    "change_password": "Ubah kata sandi",
+    "edit": "Sunting",
+    "current_password": "Kata sandi saat ini",
+    "new_password": "Kata sandi baru",
+    "confirm": "Konfirmasi",
+    "login": "Masuk",
+    "logout": "Keluar",
+    "password_changed": "Kata sandi diubah",
+    "password_changed_error": "Tidak dapat mengubah kata sandi",
+    "password_not_match": "Kata sandi tidak sama",
+    "password_listed": "Kata sandi ini merupakan salah satu kata sandi yang paling sering digunakan di dunia. Coba pilih sesuatu yang lebih unik.",
+    "password_too_simple_1": "Panjang kata sandi harus paling tidak 8 karakter",
+    "wrong_current_password": "Kata sandi saat ini salah",
+    "invalid_mail": "Alamat surel tidak valid",
+    "mail_already_used": "Alamat surel sudah digunakan",
+    "information_updated": "Info diperbarui",
+    "user_saving_fail": "Tidak dapat menyimpan info baru pengguna",
+    "wrong_username_password": "Nama pengguna atau kata sandi salah",
+    "logged_out": "Berhasil keluar",
+    "please_login": "Masuk untuk mengakses konten ini",
+    "please_login_from_portal": "Silakan masuk dari portal",
+    "redirection_error_invalid_url": "Kesalahan pengalihan: URL tidak valid",
+    "redirection_error_unmanaged_domain": "Kesalahan pengalihan: Domain tak dikelola",
+    "footerlink_edit": "Sunting profil saya",
+    "footerlink_documentation": "Dokumentasi",
+    "footerlink_support": "Dukungan",
+    "footerlink_administration": "Administrasi",
+    "password_too_simple_2": "Kata sandi harus sekurang-kurangnya 8 karakter dan memiliki angka, huruf kapital dan huruf kecil",
+    "password_too_simple_3": "Kata sandi harus sekurang-kurangnya 8 karakter dan memiliki angka, huruf kapital, huruf kecil, dan karakter spesial",
+    "password_too_simple_4": "Kata sandi harus sekurang-kurangnya 12 karakter dan memiliki angka, huruf kapital, huruf kecil, dan karakter spesial",
+    "good_practices_about_user_password": "Pilih kata sandi sekurang-kurangnya 8 karakter - meskipun memang adalah hal yang baik jika menggunakan yang lebih panjang (cth. parafrasa) dan/atau menggunakan berbagai macam karakter (kapital, huruf kecil, angka, dan karakter lainnya).",
+    "invalid_domain": "Domain tidak valid di",
+    "invalid_mailforward": "Alamat surel terusan tidak valid",
+    "missing_required_fields": "Isi bidang yang diperlukan"
+}
--- a/portal/locales/it.json
+++ b/portal/locales/it.json
@ -1,5 +1,5 @@
 {
-    "add_forward": "Aggiungi un inoltro email",
+    "add_forward": "Aggiungi un indirizzo di inoltro e-mail",
    "add_mail": "Aggiungi un alias email",
    "cancel": "Annulla",
    "change_password": "Cambia password",
@ -10,40 +10,40 @@
    "footerlink_documentation": "Documentazione",
    "footerlink_edit": "Modifica il mio profilo",
    "footerlink_support": "Supporto",
-    "fullname": "Nome completo",
+    "fullname": "Nome e cognome",
    "information": "Le tue informazioni",
    "information_updated": "Informazioni aggiornate",
    "invalid_domain": "Dominio non valido in",
    "invalid_mail": "Indirizzo email non valido",
-    "invalid_mailforward": "Indirizzo di inoltro email non valido",
+    "invalid_mailforward": "Indirizzo di inoltro e-mail non valido",
    "logged_out": "Disconnesso",
    "login": "Accedi",
    "logout": "Esci",
-    "mail_addresses": "Indirizzo email",
-    "mail_already_used": "Indirizzo email già utilizzato:",
-    "mail_forward": "Email di inoltro",
-    "missing_required_fields": "Campi obbligatori non compilati",
+    "mail_addresses": "Indirizzi email",
+    "mail_already_used": "Indirizzo email già in uso",
+    "mail_forward": "Indirizzo di inoltro e-mail",
+    "missing_required_fields": "Compila i campi richiesti",
    "new_forward": "nuovoinoltro@miodominiodifferente.org",
    "new_mail": "nuovaemail@miodominio.org",
    "new_password": "Nuova password",
    "ok": "OK",
    "password": "Password",
-    "password_changed": "Password cambiata con successo",
-    "password_changed_error": "Si è verificato un errore durante il cambio password",
-    "password_not_match": "Le nuove password non corrispondono",
+    "password_changed": "Password cambiata",
+    "password_changed_error": "Impossibile cambiare la password",
+    "password_not_match": "Le password non corrispondono",
    "please_login": "Per favore, accedi per visualizzare il contenuto",
    "please_login_from_portal": "Per favore, accedi dal portale",
    "portal": "Portale YunoHost",
-    "user_saving_fail": "Si è verificato un errore durante il salvataggio delle modifiche dell'utente",
+    "user_saving_fail": "Impossibile salvare le informazioni sul nuovo utente",
    "username": "Nome utente",
    "wrong_current_password": "La password attuale è sbagliata",
    "wrong_username_password": "Nome utente o password sbagliati",
-    "redirection_error_invalid_url": "Errore di redirezionamento: URL non valido",
+    "redirection_error_invalid_url": "Errore di reindirizzamento: URL non valido",
    "redirection_error_unmanaged_domain": "Errore di redirezionamento: dominio non gestito",
-    "password_listed": "Questa password è una tra le più utilizzate al mondo. Per favore scegline una più unica.",
-    "password_too_simple_1": "La password deve essere lunga almeno 8 caratteri",
-    "password_too_simple_2": "La password deve essere lunga almeno 8 caratteri e contenere numeri, maiuscole e minuscole",
-    "password_too_simple_3": "La password deve essere lunga almeno 8 caratteri e contenere numeri, maiuscole e minuscole e simboli",
-    "password_too_simple_4": "La password deve essere lunga almeno 12 caratteri e contenere numeri, maiuscole e minuscole",
-    "good_practices_about_user_password": "Ora stai per impostare una nuova password utente. La password dovrebbe essere di almeno 8 caratteri - anche se è buona pratica utilizzare password più lunghe (es. una sequenza di parole) e/o utilizzare vari tipi di caratteri (maiuscole, minuscole, numeri e simboli)."
+    "password_listed": "Questa password è tra le password più utilizzate al mondo. Scegli qualcosa di un po 'più unico.",
+    "password_too_simple_1": "La password deve contenere almeno 8 caratteri",
+    "password_too_simple_2": "La password deve contenere almeno 8 caratteri e contiene cifre, caratteri superiori e inferiori",
+    "password_too_simple_3": "La password deve contenere almeno 8 caratteri e contiene caratteri numerici, superiori, inferiori e speciali",
+    "password_too_simple_4": "La password deve contenere almeno 12 caratteri e contiene caratteri numerici, superiori, inferiori e speciali",
+    "good_practices_about_user_password": "Scegli una password utente di almeno 8 caratteri, anche se è buona norma utilizzare quelli più lunghi (ad esempio una passphrase) e / o utilizzare vari tipi di caratteri (lettere maiuscole, minuscole, cifre e caratteri speciali)."
 }
--- a/portal/locales/ja.json
+++ b/portal/locales/ja.json
@ -0,0 +1,49 @@
+{
+    "portal": "YunoHost ポータル",
+    "information": "あなたの情報",
+    "username": "ユーザー名",
+    "password": "パスワード",
+    "fullname": "フルネーム",
+    "mail_addresses": "電子メールアドレス",
+    "mail_forward": "電子メール転送アドレス",
+    "new_mail": "newmail@mydomain.org",
+    "add_mail": "電子メール エイリアスを追加",
+    "add_forward": "電子メール転送アドレスを追加",
+    "ok": "OK",
+    "change_password": "パスワード変更",
+    "edit": "編集",
+    "new_password": "新しいパスワード",
+    "confirm": "確認",
+    "logout": "ログアウト",
+    "password_changed": "パスワードが変更されました",
+    "password_not_match": "パスワードが一致しません",
+    "password_too_simple_1": "パスワードは8文字以上である必要があります",
+    "password_too_simple_2": "パスワードは8文字以上で、数字/大文字/小文字の全てを含む必要があります",
+    "password_too_simple_3": "パスワードは8文字以上で、数字/大文字/小文字/特殊文字の全てを含む必要があります",
+    "password_too_simple_4": "パスワードは12文字以上で、数字/大文字/小文字/特殊文字の全てを含む必要があります",
+    "wrong_current_password": "現在のパスワードが間違っています",
+    "invalid_mail": "不正な電子メールアドレス",
+    "invalid_domain": "不正なドメイン",
+    "invalid_mailforward": "不正な電子メール転送アドレス",
+    "mail_already_used": "電子メールアドレスは既に使われています",
+    "information_updated": "情報が更新されました",
+    "user_saving_fail": "新しいユーザー情報を保存できませんでした",
+    "missing_required_fields": "必須フィールドに入力してください",
+    "wrong_username_password": "ユーザー名かパスワードが間違っています",
+    "logged_out": "ログアウトしました",
+    "please_login": "このコンテンツにアクセスするにはログインしてください",
+    "please_login_from_portal": "ポータルからログインしてください",
+    "redirection_error_invalid_url": "リダイレクションエラー: 不正なURL",
+    "redirection_error_unmanaged_domain": "リダイレクションエラー: 管理されていないドメイン",
+    "footerlink_edit": "プロフィールを編集する",
+    "footerlink_documentation": "ドキュメント",
+    "footerlink_support": "サポート",
+    "footerlink_administration": "管理",
+    "cancel": "キャンセル",
+    "new_forward": "newforward@myforeigndomain.org",
+    "current_password": "現在のパスワード",
+    "login": "ログイン",
+    "password_changed_error": "パスワードは変更できませんでした",
+    "password_listed": "このパスワードは世界で最も使われているパスワードのひとつです。もう少しユニークなものを選んでください。",
+    "good_practices_about_user_password": "ユーザーパスワードは最低でも8文字、より長いもの（パスフレーズなど）にしたり、さまざまな種類の文字（大文字、小文字、数字、特殊文字）を使うことが望ましいです。"
+}
--- a/portal/locales/kab.json
+++ b/portal/locales/kab.json
@ -0,0 +1,18 @@
+{
+    "username": "Isem n useqdac",
+    "password": "Awal n uɛeddi",
+    "fullname": "Isem inek ummid",
+    "ok": "Ih",
+    "cancel": "Sefsex",
+    "change_password": "Beddel awal n uffir",
+    "edit": "Édition",
+    "current_password": "Awal n uɛeddi amiran",
+    "new_password": "Awal uffir amaynut",
+    "confirm": "Sentem",
+    "login": "Qqen",
+    "logout": "Senser",
+    "logged_out": "Yeffeɣ",
+    "footerlink_documentation": "Tasemlit",
+    "footerlink_support": "Tallalt",
+    "footerlink_administration": "Tadbelt"
+}
--- a/portal/locales/ko.json
+++ b/portal/locales/ko.json
@ -0,0 +1 @@
+{}
--- a/portal/locales/lt.json
+++ b/portal/locales/lt.json
@ -0,0 +1 @@
+{}
--- a/portal/locales/mk.json
+++ b/portal/locales/mk.json
@ -0,0 +1 @@
+{}
--- a/portal/locales/nb_NO.json
+++ b/portal/locales/nb_NO.json
@ -0,0 +1,29 @@
+{
+    "footerlink_administration": "Administrasjon",
+    "footerlink_support": "Støtte",
+    "footerlink_documentation": "Dokumentasjon",
+    "footerlink_edit": "Rediger min profil",
+    "redirection_error_unmanaged_domain": "Videresendingsfeil: Uhåndtert domene",
+    "redirection_error_invalid_url": "Videresendingsfeil: Ugyldig nettadresse",
+    "please_login_from_portal": "Logg inn fra portalen",
+    "please_login": "Logg inn for å få tilgang til dette innholdet",
+    "logged_out": "Utlogget",
+    "wrong_username_password": "Feil brukernavn eller passord",
+    "information_updated": "Info oppdatert",
+    "invalid_domain": "Ugyldig domene i",
+    "wrong_current_password": "Nåværende passord er feil",
+    "password_changed": "Passord endret",
+    "logout": "Logg ut",
+    "login": "Logg inn",
+    "confirm": "Bekreft",
+    "new_password": "Nytt passord",
+    "current_password": "Nåværende passord",
+    "edit": "Rediger",
+    "change_password": "Endre passord",
+    "cancel": "Avbryt",
+    "ok": "OK",
+    "password": "Passord",
+    "username": "Brukernavn",
+    "information": "Din informasjon",
+    "portal": "YunoHost-portal"
+}
--- a/portal/locales/ne.json
+++ b/portal/locales/ne.json
@ -0,0 +1,49 @@
+{
+    "footerlink_administration": "प्रशासन",
+    "footerlink_support": "समर्थन",
+    "footerlink_documentation": "कागजात",
+    "footerlink_edit": "मेरो प्रोफाइल सम्पादन गर्नुहोस्",
+    "redirection_error_unmanaged_domain": "पुनर्निर्देशन त्रुटि: अव्यवस्थित डोमेन",
+    "redirection_error_invalid_url": "रिडिरेसन त्रुटि: अवैध URL",
+    "please_login_from_portal": "कृपया पोर्टलबाट लग ईन गर्नुहोस्",
+    "please_login": "यस सामग्री पहुँच गर्न कृपया लग इन गर्नुहोस्",
+    "logged_out": "लग आउट",
+    "wrong_username_password": "गलत प्रयोगकर्ता नाम वा पासवर्ड",
+    "missing_required_fields": "आवश्यक फिल्डहरू भर्नुहोस्",
+    "user_saving_fail": "नयाँ प्रयोगकर्ता जानकारी बचत गर्न सकेन",
+    "information_updated": "जानकारी अपडेट गरियो",
+    "mail_already_used": "इ-मेल ठेगाना पहिले नै प्रयोगमा छ",
+    "invalid_mailforward": "अवैध ईमेल फर्वार्डिंग ठेगाना",
+    "invalid_domain": "अमान्य डोमेन भित्र",
+    "invalid_mail": "अवैध ईमेल ठेगाना",
+    "wrong_current_password": "हालको पासवर्ड गलत छ",
+    "good_practices_about_user_password": "कम्तिमा characters क्यारेक्टरहरूको प्रयोगकर्ता पासवर्ड छान्नुहोस् - यद्यपि यो लामो अभ्यास (अर्थात पासफ्रेज) प्रयोग गर्न राम्रो अभ्यास हो र / वा विभिन्न प्रकारका वर्णहरू (अपरकेस, लोअरकेस, अंक र विशेष क्यारेक्टर) प्रयोग गर्नुहोस्।",
+    "password_too_simple_4": "पासवर्ड कम्तिमा १२ वर्ण लामो हुनु पर्छ र अंक, माथिल्लो, तल्लो र विशेष क्यारेक्टर समावेश गर्दछ",
+    "password_too_simple_3": "पासवर्ड कम्तिमा characters वर्ण लामो हुनु पर्छ र अंक, माथिल्लो, तल्लो र विशेष क्यारेक्टर समावेश गर्दछ",
+    "password_too_simple_2": "पासवर्ड कम्तिमा characters क्यारेक्टर लामो हुनुपर्दछ र अंक, माथिल्लो र तल्लो वर्णहरू समावेश गर्दछ",
+    "password_too_simple_1": "पासवर्ड कम्तिमा characters अक्षर लामो हुनु आवश्यक छ",
+    "password_listed": "यो पासवर्ड विश्व मा सबै भन्दा बढी प्रयोग भएको पासवर्ड बीच हो। कृपया केहि अलि बढी अनौंठो छनौट गर्नुहोस्।",
+    "password_not_match": "पासवर्ड मेल खाँदैन",
+    "password_changed_error": "पासवर्ड परिवर्तन गर्न सकेन",
+    "password_changed": "पासवर्ड परिवर्तन भयो",
+    "logout": "बाहिर निस्कनु",
+    "login": "लग - इन",
+    "confirm": "पुष्टि गर्नुहोस्",
+    "new_password": "नया पासवर्ड",
+    "current_password": "वर्तमान पासवर्ड",
+    "edit": "सम्पादन गर्नुहोस्",
+    "change_password": "पासवर्ड परिवर्तन गर्नुहोस्",
+    "cancel": "रद्द गर्नुहोस्",
+    "ok": "ठिक छ",
+    "add_forward": "एक ईमेल अग्रेषण ठेगाना जोड्नुहोस्",
+    "add_mail": "ईमेल उपनाम थप्नुहोस्",
+    "new_forward": "नयाँअगाडी@माईफोरिगेन्डोमाइन.org",
+    "new_mail": "नयाँमेल@माईडोमेन.org",
+    "mail_forward": "इ-मेल फर्वार्डिंग ठेगाना",
+    "mail_addresses": "इ-मेल ठेगानाहरू",
+    "fullname": "पुरा नाम",
+    "password": "पासवर्ड",
+    "username": "प्रयोगकर्ता नाम",
+    "information": "तपाईको जानकारी",
+    "portal": "YunoHost पोर्टल"
+}
--- a/portal/locales/nl.json
+++ b/portal/locales/nl.json
@ -1,41 +1,49 @@
 {
-    "add_forward": "Voeg een email forward toe",
-    "add_mail": "Voeg een emailalias toe",
+    "add_forward": "Voeg een e-mail doorstuuradres toe",
+    "add_mail": "Voeg een e-mailalias toe",
    "cancel": "Annuleren",
    "change_password": "Verander wachtwoord",
-    "confirm": "Bevestigen",
+    "confirm": "Bevestig",
    "current_password": "Huidig wachtwoord",
    "edit": "Bewerken",
    "footerlink_administration": "Administratie",
    "footerlink_documentation": "Documentatie",
    "footerlink_edit": "Bewerk mijn profiel",
    "footerlink_support": "Ondersteuning",
-    "fullname": "Volledige naam",
-    "information": "Uw informatie",
+    "fullname": "Voor- en achternaam",
+    "information": "Uw gegevens",
    "information_updated": "Informatie bijgewerkt",
-    "invalid_domain": "Ongeldig domein",
-    "invalid_mail": "Ongeldig emailadres",
-    "invalid_mailforward": "Ongeldig email-forward adres",
+    "invalid_domain": "Ongeldig domein in",
+    "invalid_mail": "Ongeldig e-mailadres",
+    "invalid_mailforward": "Ongeldig email-doorstuuradres",
    "logged_out": "Uitgelogd",
    "login": "Inloggen",
    "logout": "Uitloggen",
-    "mail_addresses": "Emailadressen",
-    "mail_already_used": "Emailadres al gebruikt:",
-    "mail_forward": "Email forward",
-    "missing_required_fields": "Verplichte velden zijn niet ingevuld",
-    "new_forward": "nieuwe_forward@mijndomein.org",
+    "mail_addresses": "E-mailadressen",
+    "mail_already_used": "E-mailadres al in gebruik",
+    "mail_forward": "E-mail doorstuuradres",
+    "missing_required_fields": "De verplichte velden moeten ingevuld worden",
+    "new_forward": "nieuw_doorstuuradres@mijndomein.org",
    "new_mail": "nieuwe_email@mijndomein.org",
    "new_password": "Nieuw wachtwoord",
    "ok": "OK",
    "password": "Wachtwoord",
-    "password_changed": "Wachtwoord successvol verandert",
-    "password_changed_error": "Er is een fout opgetreden bij het veranderen van het wachtwoord",
-    "password_not_match": "Nieuwe wachtwoorden zijn niet gelijk",
+    "password_changed": "Wachtwoord veranderd",
+    "password_changed_error": "Kon wachtwoord niet veranderen",
+    "password_not_match": "De wachtwoorden komen niet overeen",
    "please_login": "Log in om toegang te krijgen tot deze inhoud",
    "please_login_from_portal": "Log in vanaf het portaal",
    "portal": "YunoHost Portaal",
-    "user_saving_fail": "Er is een fout opgetreden bij het opslaan van wijzigingen aan gebruiker",
+    "user_saving_fail": "De nieuwe gebruikersinformatie kon niet opgeslagen worden",
    "username": "Gebruikersnaam",
-    "wrong_current_password": "Huidig wachtwoord is verkeerd",
-    "wrong_username_password": "Verkeerde gebruikersnaam of wachtwoord"
+    "wrong_current_password": "Het huidige wachtwoord is fout",
+    "wrong_username_password": "Verkeerde gebruikersnaam of wachtwoord",
+    "password_too_simple_2": "Het wachtwoord moet minimaal 8 tekens lang zijn en moet cijfers, hoofdletters en kleine letters bevatten",
+    "password_too_simple_1": "Het wachtwoord moet minimaal 8 tekens lang zijn",
+    "password_listed": "Dit wachtwoord is een van de meest gebruikte wachtwoorden ter wereld. Kies alstublieft iets wat minder voor de hand ligt.",
+    "redirection_error_unmanaged_domain": "Omleidingsfout: onbeheerd domein",
+    "redirection_error_invalid_url": "Omleidingsfout: ongeldige URL",
+    "good_practices_about_user_password": "Kies een gebruikerswachtwoord van minimaal 8 tekens - hoewel het een goede gewoonte is om langere (bijvoorbeeld een wachtwoordzin) te gebruiken en/of verschillende soorten tekens te gebruiken (hoofdletters, kleine letters, cijfers en speciale tekens).",
+    "password_too_simple_4": "Het wachtwoord moet minimaal 12 tekens lang zijn en moet cijfers, hoofdletters, kleine letters en speciale tekens bevatten",
+    "password_too_simple_3": "Het wachtwoord moet minimaal 8 tekens lang zijn en moet cijfers, hoofdletters, kleine letters en speciale tekens bevatten"
 }
--- a/portal/locales/oc.json
+++ b/portal/locales/oc.json
@ -8,7 +8,7 @@
    "mail_forward": "Adreças de transferiment",
    "new_mail": "novela_adreça@domeni.org",
    "new_forward": "novel_transferiment@domenialonhat.org",
-    "add_mail": "Ajustar una adreça de corrièl",
+    "add_mail": "Ajustar un alias d’adreça electronica",
    "add_forward": "Ajustar una adreça de transferiment",
    "ok": "OK",
    "cancel": "Anullar",
@ -26,15 +26,15 @@
    "invalid_mail": "Adreça de corrièl invalida",
    "invalid_domain": "Nom de domeni invalid dins",
    "invalid_mailforward": "Adreça de transferiment invalida",
-    "mail_already_used": "Adreça ja utilizada :",
+    "mail_already_used": "Adreça ja utilizada",
    "information_updated": "Informacions actualizadas",
-    "user_saving_fail": "Una error s’es producha en enregistrar los cambiaments",
-    "missing_required_fields": "Camps requesits mancants",
+    "user_saving_fail": "Enregistrament impossible de las nòvas informacions utilizaire",
+    "missing_required_fields": "Garnissètz los camps requesits",
    "wrong_username_password": "Nom d’utilizaire o senhal incorrècte",
    "logged_out": "Desconnectat",
    "please_login": "Mercé de vos identificar per accedir a la pagina",
    "please_login_from_portal": "Mercés de vos identificar dins del portal",
-    "redirection_error_invalid_url": "Error de redireccion : url invalida",
+    "redirection_error_invalid_url": "Error de redireccion : URL invalida",
    "redirection_error_unmanaged_domain": "Error de redireccion : domeni pas gerit",
    "footerlink_edit": "Editar lo perfil",
    "footerlink_documentation": "Documentacion",
@ -42,8 +42,8 @@
    "footerlink_administration": "Administracion",
    "password_listed": "Aqueste senhal es un dels mai utilizats al monde. Se vos plai utilizatz-ne un mai unic.",
    "password_too_simple_1": "Lo senhal deu conténer almens 8 caractèrs",
-    "password_too_simple_2": "Lo senhal deu conténer almens 8 caractèrs e numbres, majusculas e minusculas",
+    "password_too_simple_2": "Lo senhal deu conténer almens 8 caractèrs e nombres, majusculas e minusculas",
    "password_too_simple_3": "Lo senhal deu conténer almens 8 caractèrs e nombres, majusculas e minusculas e caractèrs especials",
-    "password_too_simple_4": "Lo senhal deu conténer almens 12 caractèrs, de nombre, majusculas, minisculas e caractèrs specials",
-    "good_practices_about_user_password": "Sètz a mand de definir un nòu senhal d’utilizaire. Lo nòu senhal deu conténer almens 8 caractèrs, es de bon far d’utilizar un senhal mai long (es a dire una frasa de senhal) e/o utilizar mantuns tipes de caractèrs (majusculas, minusculas, nombres e caractèrs especials)."
+    "password_too_simple_4": "Lo senhal deu conténer almens 12 caractèrs, de nombre, majusculas, minusculas e caractèrs especials",
+    "good_practices_about_user_password": "Causissètz un senhal d’almens 8 caractèrs, es de bon far d’utilizar un senhal mai long (es a dire una frasa de senhal) e/o utilizar mantun tipe de caractèrs (majusculas, minusculas, nombres e caractèrs especials)."
 }
--- a/portal/locales/pl.json
+++ b/portal/locales/pl.json
@ -1,29 +1,49 @@
 {
-    "add_mail": "Dodaj dodatkowy email",
+    "add_mail": "Dodaj alias e-mail",
    "cancel": "Anuluj",
    "change_password": "Zmień hasło",
    "confirm": "Potwierdź",
-    "current_password": "Aktualne  hasło",
+    "current_password": "Aktualne hasło",
    "edit": "Edytuj",
    "footerlink_administration": "Panel administracyjny",
    "footerlink_documentation": "Dokumentacja",
    "footerlink_edit": "Edytuj mój profil",
    "footerlink_support": "Pomoc techniczna",
-    "fullname": "Imię i nazwisko",
-    "information": "Your information",
-    "logged_out": "Wylogowany",
-    "login": "Zaloguj",
+    "fullname": "Pełne imię i nazwisko",
+    "information": "Twoje informacje",
+    "logged_out": "Wylogowano",
+    "login": "Zaloguj Się",
    "logout": "Wyloguj",
-    "mail_addresses": "Adresy E-mail",
-    "mail_already_used": "Ten adres e-mail aktualnie w użyciu:",
+    "mail_addresses": "Adresy e-mail",
+    "mail_already_used": "Adres e mailowy jest już używany",
    "new_forward": "newforward@myforeigndomain.org",
    "new_mail": "nowymail@domena.org",
    "new_password": "Nowe hasło",
    "ok": "OK",
    "password": "Hasło",
-    "password_changed": "Hasło zmienione",
+    "password_changed": "Hasło zostało zmienione",
    "please_login": "Proszę się zalogować by uzyskać dostęp do tej strony",
-    "portal": "YunoHost Portal",
+    "portal": "Portal YunoHost",
    "username": "Nazwa użytkownika",
-    "wrong_username_password": "Zła nazwa użytkownika lub hasło"
+    "wrong_username_password": "Zła nazwa użytkownika lub hasło",
+    "redirection_error_unmanaged_domain": "Błąd przekierowania: domena niezarządzana",
+    "redirection_error_invalid_url": "Błąd przekierowania: nieprawidłowy adres URL",
+    "please_login_from_portal": "Zaloguj się z portalu",
+    "missing_required_fields": "Wypełnij wymagane pola",
+    "user_saving_fail": "Nie można zapisać nowych informacji o użytkowniku",
+    "information_updated": "Informacje zaktualizowane",
+    "invalid_mailforward": "Nieprawidłowy adres e-mail do przekazania",
+    "invalid_domain": "Nieprawidłowa domena w",
+    "invalid_mail": "Niepoprawny adres email",
+    "wrong_current_password": "Obecne hasło jest nieprawidłowe",
+    "good_practices_about_user_password": "Wybierz hasło użytkownika składające się z co najmniej 8 znaków — chociaż dobrą praktyką jest używanie dłuższych i / lub stosowanie różnego rodzaju znaków (wielkie i małe litery, cyfry i znaki specjalne).",
+    "password_too_simple_4": "Hasło musi mieć co najmniej 12 znaków i zawierać cyfrę, duże i małe litery oraz znaki specjalne",
+    "password_too_simple_3": "Hasło musi mieć co najmniej 8 znaków i zawierać cyfrę, duże i małe litery oraz znaki specjalne",
+    "password_too_simple_2": "Hasło musi mieć co najmniej 8 znaków i zawierać cyfrę, górny i dolny znak",
+    "password_too_simple_1": "Hasło musi mieć co najmniej 8 znaków",
+    "password_listed": "To hasło jest jednym z najczęściej używanych haseł na świecie. Wybierz coś bardziej wyjątkowego.",
+    "password_not_match": "Hasła się nie zgadzają",
+    "password_changed_error": "Nie można zmienić hasła",
+    "add_forward": "Dodaj adres e-mail do przekazywania",
+    "mail_forward": "Adres do przekazywania wiadomości e-mail"
 }
--- a/portal/locales/pt.json
+++ b/portal/locales/pt.json
@ -1,6 +1,6 @@
 {
-    "add_forward": "Adicionar reencaminhamento de mensagem",
-    "add_mail": "Adicionar nova etiqueta a mensagens",
+    "add_forward": "Adicionar um endereço de encaminhamento de email",
+    "add_mail": "Adicionar um alias de email",
    "cancel": "Cancelar",
    "change_password": "Alterar senha",
    "confirm": "Confirmar",
@ -12,32 +12,38 @@
    "footerlink_support": "Suporte",
    "fullname": "Nome completo",
    "information": "Suas informações",
-    "information_updated": "Informação atualizada",
+    "information_updated": "Informações atualizadas",
    "invalid_domain": "Domínio inválido em",
-    "invalid_mail": "Endereço de correio inválido",
-    "invalid_mailforward": "Endereço de correio para reencaminhamento inválido",
+    "invalid_mail": "Endereço de email invalido",
+    "invalid_mailforward": "Endereço de encaminhamento de email inválido",
    "logged_out": "Sessão terminada",
-    "login": "Iniciar sessão",
-    "logout": "Terminar sessão",
-    "mail_addresses": "Correio eletrónico",
-    "mail_already_used": "O endereço de email já está usado:",
-    "mail_forward": "Reencaminhar mensagem",
-    "missing_required_fields": "Campos obrigatórios em falta",
+    "login": "Entrar",
+    "logout": "Sair",
+    "mail_addresses": "Endereço de e-mail",
+    "mail_already_used": "Endereço de email já está em uso",
+    "mail_forward": "Endereço de encaminhamento de email",
+    "missing_required_fields": "Preencha os campos obrigatórios",
    "new_forward": "novoreenvio@dominioexterno.org",
    "new_mail": "novomail@meudominio.org",
    "new_password": "Nova senha",
    "ok": "Confirmar",
    "password": "Senha",
-    "password_changed": "Senha alterada com êxito",
-    "password_changed_error": "Ocorreu um erro durante a alteração da senha",
-    "password_not_match": "As senhas novas não coincidem",
+    "password_changed": "Senha alterada",
+    "password_changed_error": "Não foi possível alterar a senha",
+    "password_not_match": "As senhas não correspondem",
    "please_login": "Por favor inicie sessão para aceder a este conteúdo",
    "please_login_from_portal": "Por favor inicie sessão no portal",
    "portal": "Portal YunoHost",
-    "user_saving_fail": "Um erro ocorreu ao guardar as modificações do utilizador",
+    "user_saving_fail": "Não foi possível salvar as novas informações do usuário",
    "username": "Nome de utilizador",
-    "wrong_current_password": "Senha atual está errada",
+    "wrong_current_password": "A senha atual está incorreta",
    "wrong_username_password": "Nome de utilizador e senha errados",
-    "redirection_error_invalid_url": "Erro de redirecionamento: url inválida",
-    "redirection_error_unmanaged_domain": "Erro de redirecionamento: Dominio não gerenciado"
+    "redirection_error_invalid_url": "Erro de redirecionamento: URL inválido",
+    "redirection_error_unmanaged_domain": "Erro de redirecionamento: Dominio não gerenciado",
+    "good_practices_about_user_password": "Escolha uma senha de usuário com pelo menos 8 caracteres - embora seja uma boa prática usar palavras mais longas (ou seja, uma senha) e/ou usar vários tipos de caracteres (maiúsculas, minúsculas, dígitos e caracteres especiais).",
+    "password_too_simple_4": "A senha precisa ter pelo menos 12 caracteres e conter dígitos, caracteres superior, inferior e caracteres especiais",
+    "password_too_simple_3": "A senha precisa ter pelo menos 8 caracteres e conter dígitos, caracteres superior, inferior e caracteres especiais",
+    "password_too_simple_2": "A senha precisa ter pelo menos 8 caracteres e conter dígitos, caracteres superior e inferior",
+    "password_too_simple_1": "A senha precisa ter pelo menos 8 caracteres",
+    "password_listed": "Essa senha está entre as senhas mais usadas no mundo. Por favor, escolha algo um pouco mais exclusivo."
 }
--- a/portal/locales/pt_BR.json
+++ b/portal/locales/pt_BR.json
@ -0,0 +1 @@
+{}
--- a/portal/locales/ru.json
+++ b/portal/locales/ru.json
@ -1,43 +1,49 @@
 {
-    "portal": "YunoHost Портал",
+    "portal": "Портал YunoHost",
    "information": "Ваша информация",
    "username": "Имя пользователя",
    "password": "Пароль",
    "fullname": "Полное имя",
-    "mail_addresses": "Адреса почты",
+    "mail_addresses": "Адрес электронной почты",
    "ok": "ОК",
-    "cancel": "Отменить",
+    "cancel": "Отмена",
    "change_password": "Сменить пароль",
    "edit": "Редактировать",
    "current_password": "Действующий пароль",
    "new_password": "Новый пароль",
    "confirm": "Подтвердить",
-    "login": "Логин",
+    "login": "Авторизоваться",
    "logout": "Выйти",
-    "password_changed": "Пароль успешно изменен",
-    "password_changed_error": "Во время смены пароля произошла ошибка",
-    "invalid_mail": "Неверный адрес почты",
-    "invalid_mailforward": "Неправильный адрес переадресации почты",
-    "mail_already_used": "Этот адрес почты уже используется:",
+    "password_changed": "Пароль изменён",
+    "password_changed_error": "Не удалось сменить пароль",
+    "invalid_mail": "Неверный адрес электронной почты",
+    "invalid_mailforward": "Неверный адрес пересылки электронной почты",
+    "mail_already_used": "Адрес электронной почты уже используется",
    "information_updated": "Информация обновлена",
-    "user_saving_fail": "Возникла ошибка во время сохранения изменений",
-    "mail_forward": "Переслать",
+    "user_saving_fail": "Не удалось сохранить информацию о новом пользователе",
+    "mail_forward": "Адрес пересылки электронной почты",
    "new_mail": "newmail@mydomain.org",
    "new_forward": "newforward@myforeigndomain.org",
-    "add_mail": "Добавить алиас адреса почты",
-    "add_forward": "Добавить адрес для пересылки почты",
-    "password_not_match": "Новые пароли неправильные",
-    "wrong_current_password": "Неправильный пароль",
+    "add_mail": "Добавьте псевдоним электронной почты",
+    "add_forward": "Добавить адрес пересылки электронной почты",
+    "password_not_match": "Пароли не совпадают",
+    "wrong_current_password": "Неверный текущий пароль",
    "invalid_domain": "Неправильный домен",
-    "missing_required_fields": "Отсутствуют необходимые поля",
+    "missing_required_fields": "Заполните обязательные поля",
    "wrong_username_password": "Неправильное имя пользователя или пароль",
    "logged_out": "Вы вышли из системы",
    "please_login": "Пожалуйста, войдите",
    "please_login_from_portal": "Пожалуйста, войдите в портал",
-    "redirection_error_invalid_url": "Ошибка переадресации: неправильный url",
+    "redirection_error_invalid_url": "Ошибка перенаправления: неверный URL",
    "redirection_error_unmanaged_domain": "Ошибка перенаправления: неуправляемый домен",
    "footerlink_edit": "Редактировать профиль",
    "footerlink_documentation": "Документация",
    "footerlink_support": "Поддержка",
-    "footerlink_administration": "Администрация"
+    "footerlink_administration": "Администрирование",
+    "good_practices_about_user_password": "Выберите пароль пользователя длиной не менее 8 символов, хотя рекомендуется использовать более длинные (например, парольную фразу) и / или использовать символы различного типа (прописные, строчные буквы, цифры и специальные символы).",
+    "password_too_simple_4": "Пароль должен содержать не менее 12 символов и включать цифры, заглавные и строчные буквы и специальные символы",
+    "password_too_simple_3": "Пароль должен содержать не менее 8 символов и содержать цифры, заглавные и строчные буквы и специальные символы",
+    "password_too_simple_2": "Пароль должен содержать не менее 8 символов и включать цифры, заглавные и строчные буквы",
+    "password_too_simple_1": "Пароль должен быть не менее 8 символов",
+    "password_listed": "Этот пароль является одним из наиболее часто используемых паролей в мире. Пожалуйста, выберите что-то более уникальное."
 }
--- a/portal/locales/sk.json
+++ b/portal/locales/sk.json
@ -0,0 +1,49 @@
+{
+    "information": "Vaše údaje",
+    "username": "Meno používateľa",
+    "password": "Heslo",
+    "fullname": "Meno a priezvisko",
+    "mail_forward": "E-mail pre preposielanie",
+    "new_mail": "novymail@mojadomena.org",
+    "new_forward": "novepreposielanie@mojadalsiadomena.org",
+    "add_mail": "Pridať e-mailovú prezývku/alias",
+    "add_forward": "Pridať e-mailovú adresu pre preposielanie",
+    "ok": "OK",
+    "cancel": "Zrušiť",
+    "change_password": "Zmeniť heslo",
+    "edit": "Upraviť",
+    "current_password": "Aktuálne heslo",
+    "new_password": "Nové heslo",
+    "confirm": "Potvrdiť",
+    "login": "Prihlásiť sa",
+    "logout": "Odhlásiť sa",
+    "password_changed": "Heslo bolo zmenené",
+    "password_changed_error": "Heslo nebolo zmenené",
+    "password_not_match": "Heslá sa nezhodujú",
+    "portal": "Portál YunoHost",
+    "mail_addresses": "E-mailová adresa",
+    "password_listed": "Toto heslo je jedným z najpoužívanejších na svete. Vyberte, prosím, niečo jedinečnejšie.",
+    "password_too_simple_1": "Heslo sa musí skladať z aspoň 8 znakov",
+    "password_too_simple_2": "Heslo musí obsahovať aspoň 8 znakov a musí sa v ňom nachádzať aspoň jedno číslo, veľké a malé písmeno",
+    "password_too_simple_3": "Heslo musí obsahovať aspoň 8 znakov a musí sa v ňom nachádzať aspoň jedno číslo, veľké, malé písmeno a špeciálny znak",
+    "wrong_current_password": "Aktuálne heslo je nesprávne",
+    "invalid_mail": "Neplatná e-mailová adresa",
+    "invalid_domain": "Neplatná doména v",
+    "invalid_mailforward": "Neplatná e-mailová adresa pre preposielanie",
+    "mail_already_used": "Táto e-mailová adresa sa už používa",
+    "information_updated": "Údaje boli upravené",
+    "user_saving_fail": "Nepodarilo sa uložiť údaje o používateľovi",
+    "missing_required_fields": "Vyplňte požadované údaje",
+    "wrong_username_password": "Chybné meno používateľa alebo heslo",
+    "logged_out": "Boli ste odhlásený",
+    "please_login": "Pre zobrazenie obsahu sa, prosím, prihláste",
+    "please_login_from_portal": "Prosím, prihláste sa z portálu",
+    "redirection_error_invalid_url": "Chyba presmerovania: Neplatná adresa URL",
+    "redirection_error_unmanaged_domain": "Chyba presmerovania: Neregistrovaná doména",
+    "footerlink_edit": "Upraviť môj profil",
+    "footerlink_documentation": "Dokumentácia",
+    "footerlink_support": "Podpora",
+    "footerlink_administration": "Správa",
+    "password_too_simple_4": "Heslo musí obsahovať aspoň 12 znakov a musí sa v ňom nachádzať aspoň jedno číslo, veľké, malé písmeno a špeciálny znak",
+    "good_practices_about_user_password": "Vyberte si heslo, ktoré má aspoň 8 znakov - dobrou praxou je však používať dlhšie názvy a kombinovať pri tom rôzne typy znakov (veľké a malé písmená, číslice a špeciálne znaky)."
+}
--- a/portal/locales/sl.json
+++ b/portal/locales/sl.json
@ -0,0 +1,3 @@
+{
+    "cancel": "Prekliči"
+}
--- a/portal/locales/sv.json
+++ b/portal/locales/sv.json
@ -1 +1,49 @@
-{}
+{
+    "footerlink_administration": "Administration",
+    "footerlink_support": "Support",
+    "footerlink_documentation": "Dokumentation",
+    "footerlink_edit": "Redigera min profil",
+    "logged_out": "Utloggad",
+    "wrong_username_password": "Fel användarnamn eller lösenord",
+    "missing_required_fields": "Fyll i de obligatoriska fälten",
+    "user_saving_fail": "Kunde inte spara ny användarinformation",
+    "information_updated": "Informationen har uppdaterats",
+    "mail_already_used": "E-postadressen används redan",
+    "invalid_domain": "Ogiltig domän i",
+    "invalid_mail": "E-postadressen är ogiltig",
+    "wrong_current_password": "Det nuvarande lösenordet stämmer inte",
+    "password_too_simple_4": "Lösenordet måste bestå av minst tolv tecken och innehålla både siffror, små och stora bokstäver samt specialtecken",
+    "password_too_simple_3": "Lösenordet måste bestå av minst åtta tecken och innehålla både siffror, små och stora bokstäver samt specialtecken",
+    "password_too_simple_2": "Lösenordet måste bestå av minst åtta tecken och innehålla både siffror, små och stora bokstäver",
+    "password_too_simple_1": "Lösenordet måste bestå av minst åtta tecken",
+    "password_listed": "Det här lösenordet är ett av de mest använda i världen. Välj gärna någonting lite mer unikt.",
+    "password_not_match": "Lösenorden stämmer inte överens",
+    "password_changed_error": "Kunde inte ändra lösenordet",
+    "password_changed": "Lösenordet har ändrats",
+    "logout": "Logga ut",
+    "login": "Logga in",
+    "confirm": "Bekräfta",
+    "new_password": "Nytt lösenord",
+    "current_password": "Nuvarande lösenord",
+    "edit": "Redigera",
+    "change_password": "Byt lösenord",
+    "cancel": "Avbryt",
+    "ok": "Ok",
+    "add_forward": "Lägg till en e-postadress för vidarebefordran",
+    "add_mail": "Lägg till ett e-postalias",
+    "new_forward": "ny_vidarebefordring@min_fjarr-doman.org",
+    "new_mail": "ny_adress@min_doman.org",
+    "mail_forward": "E-postadress för vidarebefordring",
+    "mail_addresses": "E-postadresser",
+    "fullname": "Fullständigt namn",
+    "password": "Lösenord",
+    "username": "Användarnamn",
+    "information": "Din information",
+    "portal": "YunoHost-portal",
+    "redirection_error_unmanaged_domain": "Omdirigeringsfel: Okontrollerad domän",
+    "redirection_error_invalid_url": "Omdirigeringsfel: Ogiltig URL",
+    "please_login_from_portal": "Logga in från portalen",
+    "please_login": "Logga in för att få tillgång till det här innehållet",
+    "invalid_mailforward": "Ogiltig e-post vidarebefordringsadress",
+    "good_practices_about_user_password": "Välj ett användarlösenord på minst åtta tecken - även om det är bra att använda längre (dvs ett lösenord) och / eller använda olika typer av tecken (versaler gemener, siffror och specialtecken)."
+}
--- a/portal/locales/te.json
+++ b/portal/locales/te.json
@ -0,0 +1,3 @@
+{
+    "cancel": "రద్దు చేయండి"
+}
--- a/portal/locales/tr.json
+++ b/portal/locales/tr.json
@ -1,7 +1,7 @@
 {
-    "add_forward": "E-posta yönlendirmesi ekle",
-    "add_mail": "E-posta alias'ı ekle",
-    "cancel": "İptal",
+    "add_forward": "Bir e-posta yönlendirme adresi ekleyin",
+    "add_mail": "Bir e-posta takma adı ekleyin",
+    "cancel": "İptal et",
    "change_password": "Parolayı değiştir",
    "confirm": "Onayla",
    "current_password": "Mevcut parola",
@ -10,32 +10,40 @@
    "footerlink_documentation": "Belgelendirme",
    "footerlink_edit": "Profilimi düzenle",
    "footerlink_support": "Destek",
-    "fullname": "İsim",
-    "information": "Bilgileriniz",
-    "information_updated": "Bilgileriniz güncellendi",
+    "fullname": "Ad Soyad",
+    "information": "Bilginiz",
+    "information_updated": "Bilgi güncellendi",
    "invalid_domain": "Geçersiz domain",
    "invalid_mail": "Geçersiz e-posta adresi",
-    "invalid_mailforward": "Geçersiz e-posta yönlendirme adresi",
+    "invalid_mailforward": "Geçersiz e-posta iletme adresi",
    "logged_out": "Çıkış yapıldı",
-    "login": "Giriş yap",
-    "logout": "Çıkış yap",
-    "mail_addresses": "E-posta adresleri",
-    "mail_already_used": "Mail adresi zaten kullanılıyor :",
-    "mail_forward": "E-posta yönlendirme",
-    "missing_required_fields": "Gerekli alanlar eksik",
+    "login": "Oturum aç",
+    "logout": "Çıkış Yap",
+    "mail_addresses": "E-mail adresleri",
+    "mail_already_used": "E-posta adresi zaten kullanımda",
+    "mail_forward": "E-posta yönlendirme adresi",
+    "missing_required_fields": "Gerekli alanları doldurun",
    "new_forward": "newforward@myforeigndomain.org",
    "new_mail": "newmail@mydomain.org",
    "new_password": "Yeni parola",
    "ok": "Tamam",
    "password": "Parola",
-    "password_changed": "Parola başarıyla değiştirildi",
-    "password_changed_error": "Parola değiştirirken hata oluştu",
-    "password_not_match": "Parolalar uyuşmuyor",
+    "password_changed": "şifre değişti",
+    "password_changed_error": "Şifre değiştirilemedi",
+    "password_not_match": "Şifreler uyuşmuyor",
    "please_login": "Bu içeriğe erişmek için lütfen giriş yapınız",
    "please_login_from_portal": "Lütfen portaldan giriş yapınız",
    "portal": "YunoHost Portalı",
-    "user_saving_fail": "Değişiklikler kaydedilirken hata oluştu",
+    "user_saving_fail": "Yeni kullanıcı bilgisi kaydedilemedi",
    "username": "Kullanıcı adı",
-    "wrong_current_password": "Mevcut parola yanlış",
-    "wrong_username_password": "Yanlış kullanıcı adı veya parola"
+    "wrong_current_password": "Geçerli şifre yanlış",
+    "wrong_username_password": "Yanlış kullanıcı adı veya parola",
+    "redirection_error_unmanaged_domain": "Yönlendirme hatası: Yönetilmeyen alan",
+    "redirection_error_invalid_url": "Yönlendirme hatası: Geçersiz URL",
+    "good_practices_about_user_password": "En az 8 karakterden oluşan bir kullanıcı şifresi seçin - daha uzun olanları (örneğin bir şifre) ve / veya çeşitli karakterleri (büyük harf, küçük harf, rakam ve özel karakterler) kullanmak daha iyidir.",
+    "password_too_simple_4": "Şifrenin en az 12 karakter uzunluğunda olması ve rakam, büyük ve küçük harfler, özel karakterler içermesi gerekir",
+    "password_too_simple_3": "Şifrenin en az 8 karakter uzunluğunda olması ve rakam, büyük ve küçük harfler, özel karakterler içermesi gerekir",
+    "password_too_simple_2": "Şifrenin en az 8 karakter uzunluğunda olması ve rakam, üst ve alt karakterler içermesi gerekir",
+    "password_too_simple_1": "Şifre en az 8 karakter uzunluğunda olmalı",
+    "password_listed": "Bu şifre dünyada en çok kullanılan şifreler arasındadır. Lütfen biraz daha benzersiz bir şey seçin."
 }
--- a/portal/locales/uk.json
+++ b/portal/locales/uk.json
@ -0,0 +1,49 @@
+{
+    "cancel": "Скасувати",
+    "logged_out": "Ви вийшли з системи",
+    "footerlink_administration": "Адміністрування",
+    "footerlink_support": "Підтримка",
+    "footerlink_documentation": "Документація",
+    "footerlink_edit": "Редагувати мій профіль",
+    "redirection_error_unmanaged_domain": "Помилка перенаправлення: Некерований домен",
+    "redirection_error_invalid_url": "Помилка перенаправлення: Недійсна URL-адреса",
+    "please_login_from_portal": "Увійдіть у систему з порталу",
+    "please_login": "Увійдіть, щоб отримати доступ до цього вмісту",
+    "wrong_username_password": "Неправильне ім'я користувача або пароль",
+    "missing_required_fields": "Заповніть необхідні поля",
+    "user_saving_fail": "Не вдалося зберегти нові відомості користувача",
+    "information_updated": "Відомості оновлено",
+    "mail_already_used": "Адреса е-пошти вже використовується",
+    "invalid_mailforward": "Недійсна адреса переадресації е-пошти",
+    "invalid_domain": "Недійсний домен у",
+    "invalid_mail": "Недійсна адреса е-пошти",
+    "wrong_current_password": "Поточний пароль неправильний",
+    "good_practices_about_user_password": "Виберіть пароль користувача щонайменше 8 символів - хоча це хороша практика використовувати довші (тобто фрази-гасла) та/або використовувати різні символи (великі, малі, числа та спеціальні символи).",
+    "password_too_simple_4": "Пароль повинен бути щонайменше 12 символів довжиною і містити числа, верхній, нижній регістри та спеціальні символи",
+    "password_too_simple_3": "Пароль повинен бути щонайменше 8 символів довжиною і містити числа, верхній, нижній регістри та спеціальні символи",
+    "password_too_simple_2": "Пароль повинен бути щонайменше 8 символів довжиною і містити числа, верхній та нижній регістри",
+    "password_too_simple_1": "Пароль має складатися не менше ніж з 8 символів",
+    "password_listed": "Цей пароль є одним з найбільш використовуваних паролів у світі. Будь ласка, виберіть щось трохи більш неповторюване.",
+    "password_not_match": "Паролі не збігаються",
+    "password_changed_error": "Не вдалося змінити пароль",
+    "password_changed": "Пароль змінено",
+    "logout": "Вийти",
+    "login": "Увійти",
+    "confirm": "Підтвердити",
+    "new_password": "Новий пароль",
+    "current_password": "Поточний пароль",
+    "edit": "Редагувати",
+    "change_password": "Змінити пароль",
+    "add_forward": "Додайте адресу переадресації е-пошти",
+    "add_mail": "Додайте аліас е-пошти",
+    "new_forward": "novapereadresaciya@myforeigndomain.org",
+    "new_mail": "novaeposhta@mydomain.org",
+    "mail_forward": "Адреса переадресації е-пошти",
+    "mail_addresses": "Адреси е-пошти",
+    "fullname": "Повне ім'я",
+    "username": "Ім'я користувача",
+    "information": "Ваші відомості",
+    "portal": "Портал YunoHost",
+    "password": "Пароль",
+    "ok": "Гаразд"
+}
--- a/portal/locales/zh_Hans.json
+++ b/portal/locales/zh_Hans.json
@ -1 +1,49 @@
-{}
+{
+    "footerlink_administration": "管理",
+    "footerlink_support": "支持",
+    "footerlink_documentation": "文档",
+    "footerlink_edit": "编辑我的个人资料",
+    "redirection_error_unmanaged_domain": "重定向错误：非托管域",
+    "redirection_error_invalid_url": "重定向错误：无效的 URL",
+    "please_login_from_portal": "请从门户登录",
+    "please_login": "请登录以访问此内容",
+    "logged_out": "登出",
+    "wrong_username_password": "错误的用户名或密码",
+    "missing_required_fields": "填写必填项",
+    "user_saving_fail": "无法保存新的用户信息",
+    "information_updated": "信息已更新",
+    "mail_already_used": "电子邮件地址已被使用",
+    "invalid_mailforward": "无效的电子邮件转发地址",
+    "invalid_domain": "无效的域",
+    "invalid_mail": "无效的邮件地址",
+    "wrong_current_password": "当前密码错误",
+    "good_practices_about_user_password": "选择至少8个字符的用户密码-尽管使用较长的用户密码（即密码短语）和/或使用各种字符（大写，小写，数字和特殊字符）是一种很好的做法。",
+    "password_too_simple_4": "密码长度至少为12个字符，并且包含数字，大写，小写和特殊字符",
+    "password_too_simple_3": "密码长度至少为8个字符，并且包含数字，大写，小写和特殊字符",
+    "password_too_simple_2": "密码长度至少为8个字符，并且包含数字，大写和小写字符",
+    "password_too_simple_1": "密码长度至少为8个字符",
+    "password_listed": "该密码是世界上最常用的密码之一。 请选择一些更独特的东西。",
+    "password_not_match": "密码不匹配",
+    "password_changed_error": "无法更改密码",
+    "password_changed": "密码已更改",
+    "logout": "登出",
+    "login": "登录",
+    "confirm": "确认",
+    "new_password": "新密码",
+    "current_password": "当前密码",
+    "edit": "编辑",
+    "change_password": "更改密码",
+    "cancel": "取消",
+    "ok": "ОК",
+    "add_forward": "添加电子邮件转发地址",
+    "add_mail": "添加电子邮件别名",
+    "new_forward": "新转发@我的外部域.org",
+    "new_mail": "新邮件@我的域.org",
+    "mail_forward": "邮件转发地址",
+    "mail_addresses": "电子邮件地址",
+    "fullname": "全名",
+    "password": "密码",
+    "username": "用户名",
+    "information": "您的资料",
+    "portal": "YunoHost 门户"
+}
--- a/portal/login.html
+++ b/portal/login.html
@ -2,11 +2,11 @@
 <form class="login-form" name="input" action="" method="post">
  <div class="form-group">
    <label class="icon icon-user" for="user"><span class="element-invisible">{{t_username}}</span></label>
-    <input id="user" type="text" name="user" placeholder="{{t_username}}" class="form-text" autofocus required>
+    <input id="user" type="text" name="user" placeholder="{{t_username}}" class="form-text" autocomplete="username" autofocus required>
  </div>
  <div class="form-group">
    <label class="icon icon-lock" for="password"><span class="element-invisible">{{t_password}}</span></label>
-    <input id="password" type="password" name="password" placeholder="{{t_password}}" class="form-text" required>
+    <input id="password" type="password" name="password" placeholder="{{t_password}}" class="form-text" autocomplete="current-password" required>
  </div>
  <input type="submit" value="{{t_login}}" class="btn classic-btn large-btn">
 </form>
--- a/portal/password.html
+++ b/portal/password.html
@ -20,14 +20,14 @@
    <div class="form-section">
      <div class="form-group">
        <label for="currentpassword">{{t_current_password}}</label>
-        <input type="password" class="form-text" id="currentpassword" name="currentpassword" placeholder="•••••" required>
+        <input type="password" class="form-text" id="currentpassword" name="currentpassword" placeholder="•••••" autocomplete="current-password" required>
      </div>
    </div>
    <div class="form-section">
      <div class="form-group">
        <label for="newpassword">{{t_new_password}}</label>
-        <input type="password" class="form-text" id="newpassword" name="newpassword" placeholder="•••••" required>
-        <input type="password" class="form-text" id="confirm" name="confirm" placeholder="{{t_confirm}}" required>
+        <input type="password" class="form-text" id="newpassword" name="newpassword" placeholder="•••••" autocomplete="new-password" required>
+        <input type="password" class="form-text" id="confirm" name="confirm" placeholder="{{t_confirm}}" autocomplete="new-password" required>
      </div>
      <div class="btn-group">
        <a role="button" href="portal.html" class="btn large-btn btn-default">{{t_cancel}}</a>