2024-09-03 20:06:27 +02:00
48 changed files with 252 additions and 1252 deletions
--- a/README.md
+++ b/README.md
@ -74,178 +74,102 @@ If you use YunoHost, you may want to edit the `/etc/ssowat/conf.json.persistent`
 Only the `portal_domain` SSOwat configuration parameters is required, but it is recommended to know the others to fully understand what you can do with it.
---------------
+#### portal_domain
 ### portal_domain
 Domain of the authentication portal. It has to be a domain, IP addresses will not work with SSOwat (**Required**).
---------------
+#### portal_path
 ### portal_path
 URI of the authentication portal (**default**: `/ssowat/`). This path **must** end with “`/`”.
---------------
+#### portal_port
 ### portal_port
 Web port of the authentication portal (**default**: `443` for `https`, `80` for `http`).
---------------
+#### portal_scheme
 ### portal_scheme
 Whether authentication should use secure connection or not (**default**: `https`).
---------------
+#### domains
 ### domains
 List of handled domains (**default**: similar to `portal_domain`).
---------------
+#### ldap_host
 ### ldap_host
 LDAP server hostname (**default**: `localhost`).
---------------
+#### ldap_group
 ### ldap_group
 LDAP group to search in (**default**: `ou=users,dc=yunohost,dc=org`).
---------------
+#### ldap_identifier
 ### ldap_identifier
 LDAP user identifier (**default**: `uid`).
---------------
+#### ldap_attributes
 ### ldap_attributes
 User's attributes to fetch from LDAP (**default**: `["uid", "givenname", "sn", "cn", "homedirectory", "mail", "maildrop"]`).
---------------
+#### ldap_enforce_crypt
 ### ldap_enforce_crypt
 Let SSOwat re-encrypt weakly-encrypted LDAP passwords into the safer sha-512 (crypt) (**default**: `true`).
---------------
+#### allow_mail_authentication
 ### allow_mail_authentication
 Whether users can authenticate with their mail address (**default**: `true`).
---------------
+#### login_arg
 ### login_arg
 URI argument to use for cross-domain authentication (**default**: `sso_login`).
---------------
+#### additional_headers
 ### additional_headers
 Array of additionnal HTTP headers to set once user is authenticated (**default**: `{ "Remote-User": "uid" }`).
---------------
+#### session_timeout
 ### session_timeout
 The session expiracy time limit in seconds, since the last connection (**default**: `86400` / one day).
---------------
+#### session_max_timeout
 ### session_max_timeout
 The session expiracy time limit in seconds (**default**: `604800` / one week).
---------------
+#### protected_urls
-### redirected_urls
+List of priorily protected URLs and/or URIs (**by default, every URL is protected**).
 #### protected_regex
 List of regular expressions to be matched against URLs **and** URIs to protect them.
 #### skipped_urls
 List of URLs and/or URIs that will not be affected by SSOwat. This must be a JSON array, and SSOwat automatically adds itself to it.
 #### skipped_regex
 List of regular expressions to be matched against URLs **and** URIs to ignore them.
 #### unprotected_urls
 List of URLs and/or URIs that will not be affected by SSOwat **unless a user is authenticated**.
 #### unprotected_regex
 List of regular expressions to be matched against URLs **and** URIs to ignore them **unless a user is authenticated**.
 #### redirected_urls
 Array of URLs and/or URIs to redirect and their redirect URI/URL (**example**: `{ "/": "example.org/subpath" }`).
---------------
+#### redirected_regex
 ### redirected_regex
 Array of regular expressions to be matched against URLs **and** URIs and their redirect URI/URL (**example**: `{ "example.org/megusta$": "example.org/subpath" }`).
 ---------------
 ### default_language
 Language code used by default in views (**default**: `en`).
 ---------------
 ### permissions
 The list of permissions depicted as follows:
 ```json
 "myapp.main": {
    "auth_header": true,
    "label": "MyApp",
    "public": true,
    "show_tile": true,
    "uris": [
        "example.tld/myapp"
    ],
    "users": [
        "JaneDoe",
        "JohnDoe"
    ]
 },
 "myapp.admin": {
    "auth_header": true,
    "label": "MyApp (admin)",
    "public": false,
    "show_tile": false,
    "uris": [
        "example.tld/myapp/admin"
    ],
    "users": [
        "JaneDoe"
    ]
 },
 "myapp.api": {
    "auth_header": false,
    "label": "MyApp (api)",
    "public": true,
    "show_tile": false,
    "uris": [
        "re:domain%.tld/%.well%-known/.*"
    ],
    "users": []
 }
 ```
 #### auth_header
 Does the SSO add an authentication header that allows certain apps to connect automatically? (**True by default**)
 #### label
 A user-friendly name displayed in the portal and in the administration panel to manage permission. (**By convention it is of the form: Name of the app (specificity of this permission)**)
 #### public
 Can a person who is not connected to the SSO have access to this authorization?
 #### show_tile
 Display or not the tile in the user portal.
 #### uris
 A list of url attatched to this permission, a regex url start with `re:`.
 #### users
-A list of users which is allowed to access to this permission. If `public`.
+2-level array containing usernames and their allowed URLs along with an app name (**example**: `{ "kload": { "kload.fr/myapp/": "My App" } }`).
 #### default_language
 Language code used by default in views (**default**: `en`).
--- a/access.lua
+++ b/access.lua
@ -208,18 +208,17 @@ end
 if is_logged_in then
    assets = {
                   ["/ynh_portal.js"] = "js/ynh_portal.js",
                   ["/ynh_userinfo.json"] = "ynh_userinfo.json",
                   ["/ynh_overlay.css"] = "css/ynh_overlay.css"
             }
    theme_dir = "/usr/share/ssowat/portal/assets/themes/"..conf.theme
-    local pfile = io.popen('find "'..theme_dir..'" -not -path "*/\\.*" -type f -exec realpath --relative-to "'..theme_dir..'" {} \\;')
+    local pfile = io.popen('find "'..theme_dir..'" -type f -exec realpath --relative-to "'..theme_dir..'" {} \\;')
    for filename in pfile:lines() do
        assets["/ynhtheme/"..filename] = "themes/"..conf.theme.."/"..filename
    end
    pfile:close()
    for shortcut, full in pairs(assets) do
-        if ngx.var.uri == shortcut then
+        if string.match(ngx.var.uri, "^"..shortcut.."$") then
            logger.debug("Serving static asset "..full)
            return hlp.serve("/yunohost/sso/assets/"..full, "static_asset")
        end
@ -292,20 +291,14 @@ end
 permission = nil
 longest_url_match = ""
 ngx_full_url = ngx.var.host..ngx.var.uri
 for permission_name, permission_infos in pairs(conf["permissions"]) do
    if next(permission_infos['uris']) ~= nil then
        for _, url in pairs(permission_infos['uris']) do
            if string.starts(url, "re:") then
                url = string.sub(url, 4, string.len(url))
            end
            -- We want to match the beginning of the url
            if not string.starts(url, "^") then
                url = "^"..url
            end
-            local m = hlp.match(ngx_full_url, url)
+            local m = hlp.match(ngx.var.host..ngx.var.uri..hlp.uri_args_string(), url)
            if m ~= nil and string.len(m) > string.len(longest_url_match) then
                longest_url_match = m
                permission = permission_infos
@ -315,28 +308,9 @@ for permission_name, permission_infos in pairs(conf["permissions"]) do
    end
 end
 ---
 --- 5. CHECK CLIENT-PROVIDED AUTH HEADER (should almost never happen?)
 ---
 if permission ~= nil then
    perm_user_remote_user_var_in_nginx_conf = permission["use_remote_user_var_in_nginx_conf"]
    if perm_user_remote_user_var_in_nginx_conf == nil or perm_user_remote_user_var_in_nginx_conf == true then
        is_logged_in_with_basic_auth = hlp.validate_or_clear_basic_auth_header_provided_by_client()
        -- NB: is_logged_in_with_basic_auth can be false, true or nil
        if is_logged_in_with_basic_auth == false then
            return ngx.exit(ngx.HTTP_UNAUTHORIZED)
        elseif is_logged_in_with_basic_auth == true then
            is_logged_in = true
        end
    end
 end
 --
 --
-- 6. APPLY PERMISSION
+-- 5. APPLY PERMISSION
 --
 --
@ -352,11 +326,7 @@ if hlp.has_access(permission) then
        -- add it to the response
        if permission["auth_header"] then
            hlp.set_headers()
        else
            hlp.clear_headers()
        end
    else
        hlp.clear_headers()
    end
    return hlp.pass()
--- a/conf.json.example
+++ b/conf.json.example
@ -26,7 +26,7 @@
        },
        "myapp.admin": {
            "auth_header": true,
-            "label": "MyApp (admin)",
+            "label": "MyApp (api)",
            "public": false,
            "show_tile": false,
            "uris": [
--- a/debian/changelog
+++ b/debian/changelog
@ -1,262 +1,3 @@
 ssowat (11.2.1.1) stable; urgency=low
  - [i18n] Translations updated for Catalan, French, German, Kabyle, Spanish, Swedish
  Thanks to all contributors <3 ! (Alexandre Aubin, Bram, ButterflyOfFire, Carlos Solís, Christian Wehrli, Gregor, xaloc33)
 -- OniriCorpe <oniricorpe@yunohost.org>  Mon, 20 May 2024 00:26:37 +0200
 ssowat (11.2) stable; urgency=low
  - i18n: Translations updated for Chinese (Simplified), German, Indonesian, Japanese
  Thanks to all contributors <3 ! (Christian Wehrli, motcha, Neko Nekowazarashi, Poesty Li)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 17 Jul 2023 16:34:25 +0200
 ssowat (11.1.4) stable; urgency=low
  - Releasing as stable
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 01 Feb 2023 20:28:06 +0100
 ssowat (11.1.3) testing; urgency=low
  - debian: have a proper postinst script that reload (not restart, omg) nginx... (beed8a5)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 30 Jan 2023 16:33:17 +0100
 ssowat (11.1.2.5) testing; urgency=low
  - Fix auth_header parsing when password contains semicolon ([#204](https://github.com/yunohost/ssowat/pull/204))
  Thanks to all contributors <3 ! (ewilly)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Thu, 19 Jan 2023 17:21:40 +0100
 ssowat (11.1.2.4) testing; urgency=low
  - security: rework previous fixes to use the new use_remote_user_var_in_nginx_conf in ssowat conf introduced in yunohost 11.1.2 (8faa805)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Tue, 10 Jan 2023 00:03:31 +0100
 ssowat (11.1.2.3) testing; urgency=low
  - Stupid typo (4e92965)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 09 Jan 2023 20:51:17 +0100
 ssowat (11.1.2.2) testing; urgency=low
  - Iterate on previous security fixes: ignore Auth header on PROPFIND routes, and don't drop Auth header which are not Basic auth (92f1e05)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 09 Jan 2023 19:47:04 +0100
 ssowat (11.1.2.1) testing; urgency=low
  - security: clear custom ssowat headers when user is not logged in ([#209](https://github.com/yunohost/ssowat/pull/209))
  - security: Also check client-provided auth headers to prevent impersonation (7a2d0ed)
  Thanks to all contributors <3 ! (selfhoster1312)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 09 Jan 2023 18:32:46 +0100
 ssowat (11.1.2) testing; urgency=low
  - [fix] helpers.lua: openssl v3 support for hmac_sha512 ([#208](https://github.com/yunohost/ssowat/pull/208))
  - [fix] password check, path to yunohost lib changed in 11.x (71f68b0)
  - [i18n] Translations updated for Basque, German, Polish, Slovak, Spanish, Ukrainian
  Thanks to all contributors <3 ! (Christian Wehrli, Cyril Romain, Grzegorz Cichocki, Jose Riha, quiwy, Tymofii-Lytvynenko, xabirequejo)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 06 Jan 2023 00:40:30 +0100
 ssowat (11.1.0) testing; urgency=low
  - User info self-edit would not update displayName (which is supposed to be the same as cn) resulting in inconsistencies (e2996f1)
  - [i18n] Translations updated for Basque, Galician, Slovak, Turkish
  Thanks to all contributors <3 ! (José M, Jose Riha, Sedat Albayrak, xabirequejo)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Tue, 25 Oct 2022 22:47:20 +0200
 ssowat (11.0.9) stable; urgency=low
  - Bump version for stable release
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Sun, 07 Aug 2022 23:30:35 +0200
 ssowat (11.0.8) testing; urgency=low
  - [i18n] Translations updated for Polish, Slovak, Telugu
  Thanks to all contributors <3 ! (Alice Kile, Jose Riha, Radek Raczkowski)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Sun, 07 Aug 2022 12:19:38 +0200
 ssowat (11.0.7) testing; urgency=low
  - [i18n] Translations updated for Spanish
  Thanks to all contributors <3 ! (JimScope, Alexandre Aubin)
 -- tituspijean <titus+yunohost@pijean.ovh>  Tue, 17 May 2022 23:59:32 +0200
 ssowat (11.0.6) testing; urgency=low
  - [i18n] Translations updated for Finnish, French, Galician, German, Kabyle, Turkish
  Thanks to all contributors <3 ! (3ole, Alexandre Aubin, Eylul Dogruel, José M, Kayou, Mico Hauataluoma, Selyan Slimane Amiri, Tagada)
 -- Kay0u <pierre@kayou.io>  Tue, 29 Mar 2022 14:26:27 +0200
 ssowat (11.0.2) testing; urgency=low
  - [mod] debian: Misc updates in control file for bullseye (136e4f2)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 19 Jan 2022 21:24:38 +0100
 ssowat (4.4.0) testing; urgency=low
  - Bump version for 4.4.0
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 19 Jan 2022 21:20:37 +0100
 ssowat (4.3.3.1) stable; urgency=low
  - [i18n] Translations updated for Dutch, Finnish
  Thanks to all contributors <3 ! (Boudewijn, Mico Hauataluoma)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 19 Jan 2022 21:20:37 +0100
 ssowat (4.3.3) stable; urgency=low
  - [i18n] Translations updated for Dutch, German
  Thanks to all contributors <3 ! (Boudewijn, Valentin von Guttenberg)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 29 Dec 2021 01:11:41 +0100
 ssowat (4.3.2.2) stable; urgency=low
  - [fix] Another fix for the redirect url check (981960f)
  Thanks to all contributors <3 ! (Kay0u)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Thu, 18 Nov 2021 01:09:53 +0100
 ssowat (4.3.2.1) stable; urgency=low
  - [fix] unauthorized redirect url check not matching non-alphanumeric chars in domain name ([#197](https://github.com/YunoHost/ssowat/pull/197))
  Thanks to all contributors <3 ! (Kayou)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 15 Nov 2021 19:54:43 +0100
 ssowat (4.3.2) stable; urgency=low
  - Bump version for stable release
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 05 Nov 2021 02:39:22 +0100
 ssowat (4.3.1.1) testing; urgency=low
  - [i18n] Translations updated for Basque, Russian, Slovenian, Spanish
  Thanks to all contributors <3 ! (Jurij Podgoršek, Page Asgardius, punkrockgirl, Semen Turchikhin)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 03 Nov 2021 18:46:10 +0100
 ssowat (4.3.1) testing; urgency=low
  - [i18n] Translations updated for Indonesian
  Thanks to all contributors <3 ! (liimee)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 29 Sep 2021 22:39:28 +0200
 ssowat (4.3.0) testing; urgency=low
  - [enh] Improve logging when failing to authenticate ssowat cookies (b28788d)
  - [fix] python -> python3 in password check (07378df)
  - [enh] Add new theme "Clouds" ([#139](https://github.com/YunoHost/ssowat/pull/139))
  - [fix] ynh_portal.css: fix font urls ([#193](https://github.com/YunoHost/ssowat/pull/193))
  - [fix] Prevent attacker from crafting redirections to external domains ([#193](https://github.com/YunoHost/ssowat/pull/193))
  - [i18n] Translations updated for Indonesian, Persian, Portuguese, Ukrainian
  Thanks to all contributors <3 ! (Cyril Romain, Éric Gaspar, Geoff Montel, liimee, ljf, Parviz Homayun, Tymofii-Lytvynenko)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Sun, 19 Sep 2021 21:16:49 +0200
 ssowat (4.2.4) stable; urgency=low
  - [fix] Misc issues regarding dash filename, mime types, ynh_userinfo.json ([#189](https://github.com/yunohost/ssowat/pull/189))
  - [fix] Broken Yunohost tile/overlay on iPhone ([#186](https://github.com/yunohost/ssowat/pull/186))
  - [enh] Save overlay positions accross navigation ([#187](https://github.com/yunohost/ssowat/pull/187))
  - [enh] security: Improve randomness of tmp filename ([#190](https://github.com/yunohost/ssowat/pull/190))
  - [i18n] Translations updated for Esperanto, Finnish, Galician, German, Italian
  Thanks to all contributors <3 ! (amirale qt, Christian Wehrli, Flavio Cristoforetti, José M, ljf, Luca, Mico Hauataluoma)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Sun, 08 Aug 2021 21:58:14 +0200
 ssowat (4.2.3) stable; urgency=low
  - [i18n] Translations updated for Galician
  Thanks to all contributors <3 ! (José M)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 24 May 2021 17:39:12 +0200
 ssowat (4.2.2) stable; urgency=low
  - [i18n] Translations updated for Czech, Dutch, French, German, Occitan, Russian
  Thanks to all contributors <3 ! (Christian Wehrli, Mathieu Massaviol, Miloš Kroulík, panomaki, ppr, Quentí, Tymur Valiiev)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 08 May 2021 15:13:04 +0200
 ssowat (4.2.1) testing; urgency=low
  - Remove SSOwAuthRedirect ([#182](https://github.com/yunohost/ssowat/pull/182))
  - Avoid a syscall for cookies ([#183](https://github.com/yunohost/ssowat/pull/183))
  Thanks to all contributors <3 ! (Kay0u)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 17 Apr 2021 03:44:14 +0200
 ssowat (4.2.0) testing; urgency=low
  - Bump version number for testing release
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Thu, 25 Mar 2021 01:00:00 +0100
 ssowat (4.1.3) stable; urgency=low
  - [fix] Regression where users are not redirected to the ynh portal ([#179](https://github.com/YunoHost/ssowat/pull/179))
  Thanks to all contributors <3 ! (Kayou)
 -- Kay0u <pierre@kayou.io>  Wed, 20 Jan 2021 01:54:06 +0100
 ssowat (4.1.2) stable; urgency=low
  - [doc] Update the sso doc with the new permissions system ([#178](https://github.com/yunohost/ssowat/pull/178))
  - Stable release
  Thanks to all contributors <3 ! (Kay0u)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 08 Jan 2021 03:16:11 +0100
 ssowat (4.1.1.1) testing; urgency=low
  - [fix] Change SSOwat auth header to "Proxy-Authorization" to prevent conflict with the app auth header
  Thanks to all contributors <3 ! (Kay0u)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Sun, 27 Dec 2020 14:06:30 +0100
 ssowat (4.1.1) testing; urgency=low
  - [fix] Skip Autorization Header that are not Basic ([#175](https://github.com/yunohost/ssowat/pull/175))
--- a/debian/compat
+++ b/debian/compat
@ -0,0 +1 @@
 8
--- a/debian/control
+++ b/debian/control
@ -2,12 +2,12 @@ Source: ssowat
 Section: net
 Priority: extra
 Maintainer: YunoHost Contributors <contrib@yunohost.org>
-Build-Depends: debhelper (>=8.0.0), debhelper-compat (= 13)
+Build-Depends: debhelper (>=8.0.0)
 Standards-Version: 3.9.1
 Package: ssowat
 Architecture: all
-Depends: nginx-extras (>=1.6.2), lua-ldap, lua-json, lua-rex-pcre, lua-filesystem, lua-socket, whois
+Depends: nginx-extras (>=1.6.2), lua-ldap, lua-json, lua-rex-pcre, whois
 Homepage: https://yunohost.org
 Description: user portal with single sign-on designed for Yunohost
 A minimalist user portal with single sign-on, designed to be
--- a/debian/postinst
+++ b/debian/postinst
@ -1,34 +1,5 @@
 #!/bin/bash
-set -e
+yunohost app ssowatconf > /dev/null 2>&1
-
+service nginx restart > /dev/null 2>&1
 do_configure() {
    systemctl reload nginx || true
 }
 # summary of how this script can be called:
 #        * <postinst> `configure' <most-recently-configured-version>
 #        * <old-postinst> `abort-upgrade' <new version>
 #        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
 #          <new-version>
 #        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
 #          <failed-install-package> <version> `removing'
 #          <conflicting-package> <version>
 # for details, see http://www.debian.org/doc/debian-policy/ or
 # the debian-policy package
 case "$1" in
    configure)
        do_configure
    ;;
    abort-upgrade|abort-remove|abort-deconfigure)
    ;;
    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
 esac
 #DEBHELPER#
 exit 0
--- a/helpers.lua
+++ b/helpers.lua
@ -112,15 +112,14 @@ function hmac_sha512(key, message)
        -- this is really dirty and probably leak the key and the message in the process list
        -- but if someone got there I guess we really have other problems so this is acceptable
        -- and also this is way better than the previous situation
-        local pipe = io.popen("echo -n '" ..message:gsub("'", "'\\''").. "' | openssl dgst -sha512 -hmac '" ..key:gsub("'", "'\\''").. "'")
+        local pipe = io.popen("echo -n '" ..message:gsub("'", "'\\''").. "' | openssl sha512 -hmac '" ..key:gsub("'", "'\\''").. "'")
        -- openssl returns something like this:
        -- root@yunohost:~# echo -n "qsd" | openssl sha512 -hmac "key"
-        -- SHA2-512(stdin)= f1c2b1658fe64c5a3d16459f2f4eea213e4181905c190235b060ab2a4e7d6a41c15ea2c246828537a1e32ae524b7a7ed309e6d296089194c3e3e3efb98c1fbe3
+        -- (stdin)= f1c2b1658fe64c5a3d16459f2f4eea213e4181905c190235b060ab2a4e7d6a41c15ea2c246828537a1e32ae524b7a7ed309e6d296089194c3e3e3efb98c1fbe3
        --
-        -- so we need to remove the "SHA2-512(stdin)= " at the beginning ("(stdin)= " on older openssl version)
+        -- so we need to remove the "(stdin)= " at the beginning
-        local line = pipe:read()
+        local hash = pipe:read():sub(string.len("(stdin)= ") + 1)
        local hash = line:sub(line:find("=") + 2)
        pipe:close()
        cache:set(cache_key, hash, conf["session_timeout"])
@ -177,7 +176,7 @@ function set_auth_cookie(user, domain)
               "|"..session_key)
    local cookie_str = "; Domain=."..domain..
                       "; Path=/"..
-                       "; Expires="..ngx.cookie_time(expire)..
+                       "; Expires="..os.date("%a, %d %b %Y %X UTC", expire)..
                       "; Secure"..
                       "; HttpOnly"..
                       "; SameSite=Lax"
@ -193,10 +192,11 @@ end
 -- Expires the 3 session cookies
 function delete_cookie()
    local expired_time = "Thu, 01 Jan 1970 00:00:00 UTC"
    for _, domain in ipairs(conf["domains"]) do
        local cookie_str = "; Domain=."..domain..
                           "; Path=/"..
-                           "; Expires="..ngx.cookie_time(0)..
+                           "; Expires="..expired_time..
                           "; Secure"..
                           "; HttpOnly"..
                           "; SameSite=Lax"
@ -209,6 +209,18 @@ function delete_cookie()
 end
 -- Expires the redirection cookie
 function delete_redirect_cookie()
    local expired_time = "Thu, 01 Jan 1970 00:00:00 UTC"
    local cookie_str = "; Path="..conf["portal_path"]..
                       "; Expires="..expired_time..
                       "; Secure"..
                       "; HttpOnly"..
                       "; SameSite=Lax"
    ngx.header["Set-Cookie"] = "SSOwAuthRedirect=" ..cookie_str
 end
 -- Validate authentification
 --
 -- Check if the session cookies are set, and rehash server + client information
@ -220,7 +232,6 @@ function refresh_logged_in()
    local authHash = ngx.var.cookie_SSOwAuthHash
    authUser = nil
    is_logged_in = false
    if expireTime and expireTime ~= ""
    and authHash and authHash ~= ""
@ -238,58 +249,56 @@ function refresh_logged_in()
                            "|"..expireTime..
                            "|"..session_key)
                    is_logged_in = hash == authHash
-                    if is_logged_in then
+                    if not is_logged_in then
-                        authUser = user
+                        logger.info("Hash "..authHash.." rejected for "..user.."@"..ngx.var.remote_addr)
                        return true
                    else
-                        failReason = "Hash not matching"
+                        authUser = user
                    end
-                else
+                    return is_logged_in
                    failReason = "No {user}-password entry in cache"
                end
            else
                failReason = "No session key"
            end
        else
            failReason = "Cookie expired"
        end
        logger.debug("SSOwat cookies rejected for "..user.."@"..ngx.var.remote_addr.." : "..failReason)
        return false
    end
-    return is_logged_in
+    -- If client set the `Authorization` header before reaching the SSO,
-end
+    -- we want to match user and password against the user database.
    --
    -- It allows to bypass the cookie-based procedure with a per-request
    -- authentication. This is useful to authenticate on the SSO during
    -- curl requests for example.
 function validate_or_clear_basic_auth_header_provided_by_client()
    -- Ignore if no Auth header
    local auth_header = ngx.req.get_headers()["Authorization"]
-    if auth_header == nil then
+
-        return nil
+    if auth_header then
-    end
+        _, _, b64_cred = string.find(auth_header, "^Basic%s+(.+)$")
-
+        if b64_cred == nil then
-    -- Ignore if not a Basic auth header
+            is_logged_in = false
-    _, _, b64_cred = string.find(auth_header, "^Basic%s+(.+)$")
+            return is_logged_in
-    if b64_cred == nil then
+        end
-        return nil
+        _, _, user, password = string.find(ngx.decode_base64(b64_cred), "^(.+):(.+)$")
-    end
+        user = authenticate(user, password)
-
+        if user then
-    -- Try to authenticate the user,
+            logger.debug("User got authenticated through basic auth")
-    -- or remove the Auth header if not valid
+            authUser = user
-    _, _, user, password = string.find(ngx.decode_base64(b64_cred), "^([^:]+):(.+)$")
+            is_logged_in = true
-    user = authenticate(user, password)
+        else
-    if user then
+            is_logged_in = false
-        logger.debug("User got authenticated through basic auth")
+        end
-        authUser = user
+        return is_logged_in
        return true
    else
        ngx.req.clear_header("Authorization")
        return false -- ngx.exit(ngx.HTTP_UNAUTHORIZED)
    end
    is_logged_in = false
    return false
 end
-
+function log_access(user, uri)
  local key = "ACC|"..user.."|"..uri
  local block = cache:get(key)
  if block == nil then
    logger.info("User "..user.."@"..ngx.var.remote_addr.." accesses "..uri)
    cache:set(key, "block", 60)
  end
 end
 -- Check whether a user is allowed to access a URL using the `permissions` directive
 -- of the configuration file
@ -313,6 +322,7 @@ function has_access(permission, user)
    -- The user has permission to access the content if he is in the list of allowed users
    if element_is_in_table(user, permission["users"]) then
        logger.debug("User "..user.." can access "..ngx.var.host..ngx.var.uri..uri_args_string())
        log_access(user, ngx.var.host..ngx.var.uri..uri_args_string())
        return true
    else
        logger.debug("User "..user.." cannot access "..ngx.var.uri)
@ -376,7 +386,7 @@ function authenticate(user, password)
        end
        cache:add(user.."-password", password, conf["session_timeout"])
        ngx.log(ngx.NOTICE, "Connected as: "..user)
-        logger.info("User "..user.." successfully authenticated from "..ngx.var.remote_addr)
+        logger.info("User "..user.." succesfully authenticated from "..ngx.var.remote_addr)
        return user
    -- Else, the username/email or the password is wrong
@ -407,7 +417,7 @@ end
 -- application underneath.
 function set_headers(user)
    local user = user or authUser
-    -- Set `Authorization` header to enable HTTP authentification
+    -- Set `authorization` header to enable HTTP authentification
    ngx.req.set_header("Authorization", "Basic "..ngx.encode_base64(
      user..":"..cache:get(user.."-password")
    ))
@ -419,16 +429,6 @@ function set_headers(user)
 end
 -- Removes the authentication headers. Call me when:
 --   - app is public and user is not authenticated
 --   - app requests that no authentication headers be sent
 -- Prevents user from pretending to be someone else on public apps
 function clear_headers()
    -- NB: Basic Auth header is cleared in validate_or_clear_basic_auth_header_provided_by_client
    for k, v in pairs(conf["additional_headers"]) do
        ngx.req.clear_header(k)
    end
 end
 function refresh_user_cache(user)
    -- We definitely don't want to pass credentials on a non-encrypted
@ -485,9 +485,7 @@ function refresh_user_cache(user)
    else
        -- Else, just revalidate session for another day by default
        password = cache:get(user.."-password")
-        -- Here we don't use set method to avoid strange logout
+        cache:set(user.."-password", password, conf["session_timeout"])
        -- See https://github.com/YunoHost/issues/issues/1830
        cache:replace(user.."-password", password, conf["session_timeout"])
    end
 end
@ -566,24 +564,13 @@ function serve(uri, cache)
        png  = "image/png",
        svg  = "image/svg+xml",
        ico  = "image/vnd.microsoft.icon",
-        woff = "font/woff",
+        woff = "application/x-font-woff",
        woff2 = "font/woff2",
        ttf = "font/ttf",
        json = "application/json"
    }
    -- Allow .ms to specify mime type
    mime = ext
    if ext == "ms" then
        subext = string.match(file, "^.+%.(.+)%.ms$")
        if subext then
            mime = subext
        end
    end
    -- Set Content-Type
-    if mime_types[mime] then
+    if mime_types[ext] then
-        ngx.header["Content-Type"] = mime_types[mime]
+        ngx.header["Content-Type"] = mime_types[ext]
    else
        ngx.header["Content-Type"] = "text/plain"
    end
@ -597,10 +584,9 @@ function serve(uri, cache)
    elseif ext == "ms" then
        local data = get_data_for(file)
        content = lustache:render(content, data)
-    elseif uri == "/ynh_userinfo.json" then
+    elseif ext == "json" then
        local data = get_data_for(file)
        content = json.encode(data)
        cache = "dynamic"
    end
    -- Reset flash messages
@ -640,7 +626,7 @@ function get_data_for(view)
    elseif view == "portal.html"
        or view == "edit.html"
        or view == "password.html"
-        or view == "ynh_userinfo.json" then
+        or view == "ynhpanel.json" then
        -- Invalidate cache before loading these views.
        -- Needed if the LDAP db is changed outside ssowat (from the cli for example).
@ -737,7 +723,8 @@ end
 -- Read result of a command after given it securely the password
 function secure_cmd_password(cmd, password, start)
    -- Check password validity
-    local tmp_file = os.tmpname()
+    math.randomseed( os.time() )
    local tmp_file = "/tmp/ssowat_"..math.random()
    local w_pwd = io.popen("("..cmd..") | tee -a "..tmp_file, 'w')
    w_pwd:write(password)
    -- This second write is just to validate the password question
@ -784,7 +771,7 @@ function edit_user()
                -- and the new password against the confirmation field's content
                if args.newpassword == args.confirm then
                    -- Check password validity
-                    local result_msg = secure_cmd_password("python3 /usr/lib/python3/dist-packages/yunohost/utils/password.py", args.newpassword)
+                    local result_msg = secure_cmd_password("python /usr/lib/moulinette/yunohost/utils/password.py", args.newpassword)
                    validation_error = true
                    if result_msg == nil or result_msg == "" then
                        validation_error = nil
@ -982,7 +969,6 @@ function edit_user()
                 -- No problem so far, we can write modifications to the LDAP
                 if ldap:modify(dn, {'=', cn = cn,
                                          displayName = cn,
                                          givenName = args.givenName,
                                          sn = args.sn,
                                          mail = mails,
@ -1036,6 +1022,14 @@ function login()
    -- Forward the `r` URI argument if it exists to redirect
    -- the user properly after a successful login.
    if uri_args.r then
        -- If `uri_args.r` contains line break, someone is probably trying to
        -- pass some additional headers
        if string.match(uri_args.r, "(.*)\n") then
            flash("fail", t("redirection_error_invalid_url"))
            logger.debug("Redirection url is invalid")
            return redirect(conf.portal_url)
        end
        return redirect(conf.portal_url.."?r="..uri_args.r)
    else
        return redirect(conf.portal_url)
@ -1074,39 +1068,13 @@ end
 -- Set cookie and redirect (needed to properly set cookie)
 function redirect(url)
    logger.debug("Redirecting to "..url)
    -- For security reason we don't allow to redirect onto unknown domain
    -- And if `uri_args.r` contains line break, someone is probably trying to
    -- pass some additional headers
    -- This should cover the following cases:
    -- https://malicious.domain.tld/foo/bar
    -- http://malicious.domain.tld/foo/bar
    -- https://malicious.domain.tld:1234/foo
    -- malicious.domain.tld/foo/bar
    -- (/foo/bar, in which case no need to make sure it's prefixed with https://)
    if not string.starts(url, "/") and not string.starts(url, "http://") and not string.starts(url, "https://") then
        url = "https://"..url
    end
    local is_known_domain = string.starts(url, "/")
    for _, domain in ipairs(conf["domains"]) do
        if is_known_domain then
          break
        end
        -- Replace - character to %- because - is a special char for regex in lua
        domain = string.gsub(domain, "%-","%%-")
        is_known_domain = is_known_domain or url:match("^https?://"..domain.."/?") ~= nil
    end
    if string.match(url, "(.*)\n") or not is_known_domain then
        logger.debug("Unauthorized redirection to "..url)
        flash("fail", t("redirection_error_invalid_url"))
        url = conf.portal_url
    end
    return ngx.redirect(url)
 end
 -- Set cookie and go on with the response (needed to properly set cookie)
 function pass()
    delete_redirect_cookie()
    logger.debug("Allowing to pass through "..ngx.var.uri)
    -- When we are in the SSOwat portal, we need a default `content-type`
--- a/maintenance/make_changelog.sh
+++ b/maintenance/make_changelog.sh
@ -1,37 +0,0 @@
 VERSION="11.2.1"
 RELEASE="stable"
 REPO=$(basename $(git rev-parse --show-toplevel))
 REPO_URL=$(git remote get-url origin)
 ME=$(git config --get user.name)
 EMAIL=$(git config --get user.email)
 LAST_RELEASE=$(git tag --list 'debian/11.*'  --sort="v:refname" | tail -n 1)
 echo "$REPO ($VERSION) $RELEASE; urgency=low"
 echo ""
 git log $LAST_RELEASE.. -n 10000 --first-parent --pretty=tformat:'  - %b%s (%h)' \
 | sed -E "s&Merge .*#([0-9]+).*\$& \([#\1]\(http://github.com/YunoHost/$REPO/pull/\1\)\)&g" \
 | sed -E "/Co-authored-by: .* <.*>/d" \
 | grep -v "Translations update from Weblate" \
 | tac
 TRANSLATIONS=$(git log $LAST_RELEASE... -n 10000 --pretty=format:"%s"  \
               | grep "Translated using Weblate" \
               | sed -E "s/Translated using Weblate \((.*)\)/\1/g"  \
               | sort | uniq | tr '\n' ', ' | sed -e 's/,$//g' -e 's/,/, /g')
 [[ -z "$TRANSLATIONS" ]] || echo "  - [i18n] Translations updated for $TRANSLATIONS"
 echo ""
 CONTRIBUTORS=$(git log -n10 --pretty=format:'%Cred%h%Creset %C(bold blue)(%an) %Creset%Cgreen(%cr)%Creset - %s %C(yellow)%d%Creset' --abbrev-commit $LAST_RELEASE... -n 10000 --pretty=format:"%an" \
               | sort | uniq  | grep -v "$ME" | grep -v 'yunohost-bot' | grep -vi 'weblate' \
               | tr '\n' ', ' | sed -e 's/,$//g' -e 's/,/, /g')
 [[ -z "$CONTRIBUTORS" ]] || echo "  Thanks to all contributors <3 ! ($CONTRIBUTORS)"
 echo ""
 echo " -- $ME <$EMAIL>  $(date -R)"
 echo ""
 # PR links can be converted to regular texts using : sed -E 's@\[(#[0-9]*)\]\([^ )]*\)@\1@g'
 # Or readded with sed -E 's@#([0-9]*)@[YunoHost#\1](https://github.com/yunohost/yunohost/pull/\1)@g' | sed -E 's@\((\w+)\)@([YunoHost/\1](https://github.com/yunohost/yunohost/commit/\1))@g'
--- a/portal/assets/css/ynh_overlay.css
+++ b/portal/assets/css/ynh_overlay.css
@ -20,12 +20,9 @@
 html.ynh-panel-active {
  /* Disable any scrolling on app */
  overflow: hidden;
 }
-body {
+body {/*overflow-y: scroll;*/}
  overflow-y: auto;
 }
 #ynh-overlay-switch,
 #ynh-overlay-switch *,
@ -73,14 +70,14 @@ body {
 /* Background */
 #ynh-overlay {
-  overflow-y: hidden;
+  visibility: hidden;
  position: fixed;
  top:0;
  left: 0;
  width: 100%;
  height: 100%;
  z-index: 9999999;
-  display: none;
+  display: block;
  border: none;
  color:#fff;
  background: #41444F;
@ -179,4 +176,4 @@ body {
    width: 80px;
    height: 75px;
  }
-}
+}
--- a/portal/assets/css/ynh_portal.css
+++ b/portal/assets/css/ynh_portal.css
--- a/portal/assets/js/ynh_portal.js
+++ b/portal/assets/js/ynh_portal.js
@ -18,23 +18,6 @@ if (typeof(console) === 'undefined') {
    console.log = console.error = console.info = console.debug = console.warn = console.trace = console.dir = console.dirxml = console.group = console.groupEnd = console.time = console.timeEnd = console.assert = console.profile = function() {};
 }
 /* Cookies utilities */
 function setCookie(cName, cValue, expDays) {
        let date = new Date();
        date.setTime(date.getTime() + (expDays * 24 * 60 * 60 * 1000));
        const expires = "expires=" + date.toUTCString();
        document.cookie = cName + "=" + cValue + "; " + expires + "; path=/";
 }
 function getCookie(cName) {
      const name = cName + "=";
      const cDecoded = decodeURIComponent(document.cookie); //to be careful
      const cArr = cDecoded .split('; ');
      let res;
      cArr.forEach(val => {
          if (val.indexOf(name) === 0) res = val.substring(name.length);
      })
      return res;
 }
 /* Array utilities
  https://github.com/Darklg/JavaScriptUtilities/blob/master/assets/js/vanilla-js/libs/vanilla-arrays.js
@ -196,9 +179,6 @@ function make_element_draggable(id) {
      dragged = true;
      selected.style.left = (x_pos - x_elem) + 'px';
      selected.style.top = (y_pos - y_elem) + 'px';
      // Store positions in cookies
      setCookie('ynh_overlay_top', selected.style.top, 30);
      setCookie('ynh_overlay_left', selected.style.left, 30);
    }
  };
@ -285,8 +265,7 @@ function init_portal_button_and_overlay()
  var portalOverlay = document.createElement('iframe');
  portalOverlay.src = "/yunohost/sso/portal.html";
  portalOverlay.setAttribute("id","ynh-overlay");
-  portalOverlay.setAttribute("style","display: none;"); // make sure the overlay is invisible already when loading it
+  portalOverlay.setAttribute("style","visibility: hidden;"); // make sure the overlay is invisible already when loading it
  // portalOverlay.setAttribute("class","ynh-fadeOut"); // set overlay as masked when loading it
  document.body.insertBefore(portalOverlay, null);
  // Inject portal button
@ -294,11 +273,6 @@ function init_portal_button_and_overlay()
  portalButton.setAttribute('id', 'ynh-overlay-switch');
  portalButton.setAttribute('href', '/yunohost/sso/');
  portalButton.setAttribute('class', 'disableAjax');
  // Checks if cookies exist and apply positioning
  if (getCookie('ynh_overlay_top') != null && getCookie('ynh_overlay_left') != null) {
      portalButton.style.top = getCookie('ynh_overlay_top');
      portalButton.style.left = getCookie('ynh_overlay_left');
  }
  document.body.insertBefore(portalButton, null);
  // Make portal button draggable, for user convenience
  make_element_draggable('ynh-overlay-switch');
@ -312,12 +286,10 @@ function init_portal_button_and_overlay()
      Element.toggleClass(portalOverlay, 'ynh-active');
      if (Element.hasClass(portalOverlay, 'ynh-active')) {
          portalOverlay.setAttribute("style","display: block;");
          meta_viewport.setAttribute('content', meta_viewport_content);
          Element.addClass(portalOverlay, 'ynh-fadeIn');
          Element.removeClass(portalOverlay, 'ynh-fadeOut');
      } else {
          portalOverlay.setAttribute("style","display: none;");
          meta_viewport.setAttribute('content', "width=device-width");
          Element.removeClass(portalOverlay, 'ynh-fadeIn');
          Element.addClass(portalOverlay, 'ynh-fadeOut');
@ -369,7 +341,6 @@ function init_portal()
  });
 }
 function tweak_portal_when_in_iframe()
 {
    // Set class to body to show we're in overlay
@ -398,4 +369,4 @@ function tweak_portal_when_in_iframe()
            window.parent.location.href = logoutButton.getAttribute("href");
        });
    }
-}
+}
--- a/portal/assets/themes/unsplash/cloud.png
+++ b/portal/assets/themes/unsplash/cloud.png
--- a/portal/assets/themes/unsplash/custom_overlay.css
+++ b/portal/assets/themes/unsplash/custom_overlay.css
@ -1,17 +0,0 @@
 /*
 ===============================================================================
 This file may contain extra CSS rules loaded on all apps page (*if* the app
 nginx's conf does include the appropriate snippet) for the small YunoHost
 button in bottom-right corner + portal overlay.
 The yunohost button corresponds to : #ynh-overlay-switch
 The yunohost portal overlay / iframe corresponds to : #ynh-overlay
 BE CAREFUL that you should *not* add too-general rules that apply to
 non-yunohost elements (for instance all 'a' or 'p' elements...) as it will
 likely break app's rendering
 ===============================================================================
 */
 #ynh-overlay-switch {
  background-image: url("./cloud.png");
 }
--- a/portal/assets/themes/unsplash/custom_portal.css
+++ b/portal/assets/themes/unsplash/custom_portal.css
@ -1,78 +0,0 @@
 /*
 ===============================================================================
 This file contain extra CSS rules to customize the YunoHost user portal and
 can be used to customize app tiles, buttons, etc...
 ===============================================================================
 */
 /* Make page texts white */
 .user-container h2,
 .user-container small,
 .user-container .user-mail,
 .user-container .user-mail,
 .content .footer a,
 a.app-tile,
 #ynh-logout {
  color: white !important;
 }
 body {
  color: white !important;
  text-shadow: 3px 4px 4px rgba(0,0,0,.4), -1px -1px 6px rgba(0,0,0,0.2);
 }
 .ynh-user-portal {
  background-image: url('https://source.unsplash.com/random/featured/?nature') !important;
  background-repeat: no-repeat;
  background-size: cover;
  width: 100%;
  height: 100%;
 }
 /* Apps colors */
 .app-tile {
  background-color: rgba(255, 255, 255, 0.5) !important;
 }
 .app-tile:hover:after,
 .app-tile:focus:after,
 .app-tile:hover:before,
 .app-tile:focus:before {
    background: rgba(255, 255, 255, 0.5) !important;
 }
 /* Use a custom logo image */
 #ynh-logo {
  z-index: 10;
  background-image: url("./cloud.png");
 }
 /* Round the form */
 .login-form label:before {
 	border-top-left-radius: 5em ;
 	border-bottom-left-radius: 5em ;
 }
 .login-form * {
 	border-radius: 5em;
 }
 /* Make form black */
 .login-form label::before {
 	background: #000; 
 	color: #FFF;
 }
 .login-form .form-group * {
 	background: #000; 
 	color: #FFF;
 }
 .icon {
 	background: #000;
 }
 .messages {
 	border-radius: .5em;
 }
--- a/portal/locales/ca.json
+++ b/portal/locales/ca.json
@ -45,5 +45,5 @@
    "password_too_simple_2": "La contrasenya ha de tenir un mínim de 8 caràcters i ha de contenir dígits, majúscules i minúscules",
    "password_too_simple_3": "La contrasenya ha de tenir un mínim de 8 caràcters i tenir dígits, majúscules, minúscules i caràcters especials",
    "password_too_simple_4": "La contrasenya ha de tenir un mínim de 12 caràcters i tenir dígits, majúscules, minúscules i caràcters especials",
-    "good_practices_about_user_password": "Tria una contrasenya d'un mínim de 8 caràcters - tot i que és de bona pràctica utilitzar contrasenyes més llargues (com per exemple una frase) i/o utilitzar diferents tipus de caràcters (majúscules, minúscules, dígits i caràcters especials)."
+    "good_practices_about_user_password": "Trieu una contrasenya d'un mínim de 8 caràcters ; tot i que és de bona pràctica utilitzar una contrasenya més llarga (és a dir una frase de contrasenya) i/o utilitzar diferents tipus de caràcters (majúscules, minúscules, dígits i caràcters especials)."
 }
--- a/portal/locales/ckb.json
+++ b/portal/locales/ckb.json
@ -1 +0,0 @@
 {}
--- a/portal/locales/cs.json
+++ b/portal/locales/cs.json
@ -8,42 +8,5 @@
    "password": "Heslo",
    "username": "Uživatelské jméno",
    "information": "Vaše údaje",
-    "portal": "YunoHost Portál",
+    "portal": "YunoHost Portál"
    "footerlink_administration": "Administrace",
    "footerlink_support": "Podpora",
    "footerlink_documentation": "Dokumentace",
    "footerlink_edit": "Upravit svůj profil",
    "redirection_error_unmanaged_domain": "Chyba přesměrování: Doména není spravována",
    "redirection_error_invalid_url": "Chyba přesměrování: Neplatné URL",
    "please_login_from_portal": "Prosím přihlašte se z portálu",
    "please_login": "Pro přístup k obsahu se prosím přihlašte",
    "logged_out": "Jste odhlášen/a",
    "wrong_username_password": "Chybné uživatelské jméno nebo heslo",
    "missing_required_fields": "Vyplňte povinné údaje",
    "user_saving_fail": "Nelze uložit uživatelské údaje",
    "information_updated": "Údaje upraveny",
    "mail_already_used": "Tato e-mailová adresa se už používá",
    "invalid_mailforward": "Neplatná e-mailová adresa pro přeposílání",
    "invalid_domain": "Neplatná doména v",
    "invalid_mail": "Neplatná e-mailová adresa",
    "wrong_current_password": "Současné heslo je chybné",
    "good_practices_about_user_password": "Vyberte si heslo aspoň 8 znaků dlouhé - dobrou praxí je ale používat delší frázi a používat různé druhy znaků (velká a malá písmena, číslice a speciální znaky).",
    "password_too_simple_4": "Heslo musí být aspoň 12 znaků dlouhé a obsahovat čísla, velká a malá písmena a speciální znaky",
    "password_too_simple_3": "Heslo musí být aspoň 8 znaků dlouhé a obsahovat čísla, velká a malá písmena a speciální znaky",
    "password_too_simple_2": "Heslo musí být aspoň 8 znaků dlouhé a obsahovat číslici, velká a malá písmena",
    "password_too_simple_1": "Heslo musí být aspoň 8 znaků dlouhé",
    "password_listed": "Toto heslo je jedním z nejpoužívanějších na světě. Zvolte si prosím něco jediněčnějšího.",
    "password_not_match": "Hesla se neshodují",
    "password_changed_error": "Heslo nebylo změněno",
    "password_changed": "Heslo změněno",
    "logout": "Odhlásit se",
    "login": "Přihlásit se",
    "confirm": "Potvrdit",
    "new_password": "Nové heslo",
    "current_password": "Současné heslo",
    "edit": "Upravit",
    "change_password": "Změnit heslo",
    "cancel": "Storno",
    "ok": "OK",
    "add_forward": "Přidat e-mailovou adresu pro přeposílání"
 }
--- a/portal/locales/da.json
+++ b/portal/locales/da.json
@ -1 +0,0 @@
 {}
--- a/portal/locales/de.json
+++ b/portal/locales/de.json
@ -1,6 +1,6 @@
 {
-    "add_forward": "E-Mail-Weiterleitung hinzufügen",
+    "add_forward": "E-Mail Weiterleitung hinzufügen",
-    "add_mail": "E-Mail-Alias hinzufügen",
+    "add_mail": "E-Mail Alias hinzufügen",
    "cancel": "Abbrechen",
    "change_password": "Passwort ändern",
    "confirm": "Bestätigen",
@ -13,18 +13,18 @@
    "fullname": "Vollständiger Name",
    "information": "Ihre Informationen",
    "information_updated": "Informationen aktualisiert",
-    "invalid_domain": "Ungültige Domäne angegeben",
+    "invalid_domain": "Ungültige Domain angegeben",
-    "invalid_mail": "Ungültige E-Mail-Adresse",
+    "invalid_mail": "Ungültige E-Mail Adresse",
-    "invalid_mailforward": "Ungültige E-Mail-Weiterleitung",
+    "invalid_mailforward": "Ungültige E-Mail Weiterleitung",
    "logged_out": "Abgemeldet",
    "login": "Anmelden",
    "logout": "Abmelden",
-    "mail_addresses": "E-Mail-Adressen",
+    "mail_addresses": "E-Mail Adressen",
-    "mail_already_used": "Diese E-Mail-Adresse wird bereits verwendet",
+    "mail_already_used": "Diese E-Mail Adresse wird bereits verwendet",
-    "mail_forward": "E-Mail-Weiterleitung",
+    "mail_forward": "E-Mail Weiterleitung",
    "missing_required_fields": "Die notwendigen Felder müssen ausgefüllt werden",
    "new_forward": "neueweiterleitung@anderedomain.org",
-    "new_mail": "neueadresse@meinedomain.org",
+    "new_mail": "neuemail@meinedomain.org",
    "new_password": "Neues Passwort",
    "ok": "OK",
    "password": "Passwort",
@ -33,17 +33,17 @@
    "password_not_match": "Die Passwörter stimmen nicht überein",
    "please_login": "Bitte melden Sie sich an, um auf diese Inhalte zuzugreifen",
    "please_login_from_portal": "Bitte melden Sie sich über das Portal an",
-    "portal": "YunoHost-Portal",
+    "portal": "YunoHost Portal",
-    "user_saving_fail": "Neue Kontoinformationen konnten nicht gespeichert werden",
+    "user_saving_fail": "Neue Benutzerinformationen konnten nicht gespeichert werden",
    "username": "Benutzername",
    "wrong_current_password": "Aktuelles Passwort ist falsch",
-    "wrong_username_password": "Falscher Anmeldename oder Passwort",
+    "wrong_username_password": "Falscher Benutzername oder Passwort",
-    "redirection_error_invalid_url": "Weiterleitungsfehler: Ungültige URL",
+    "redirection_error_invalid_url": "Fehler bei Weiterleitung: Ungültige URL",
-    "redirection_error_unmanaged_domain": "Weiterleitungsfehler: Nicht-verwaltete Domain",
+    "redirection_error_unmanaged_domain": "Fehler bei Weiterleitung: Nicht-verwaltete Domain",
-    "good_practices_about_user_password": "Wählen Sie ein Benutzerpasswort mit mindestens 8 Zeichen - es ist jedoch empfehlenswert, ein längeres Passwort (z.B. eine Passphrase) und/oder verschiedene Arten von Zeichen (Groß- und Kleinschreibung, Ziffern und Sonderzeichen) zu verwenden.",
+    "good_practices_about_user_password": "Wählen Sie ein Benutzerpasswort mit mindestens 8 Zeichen. Das Passwort sollte mindestens 8 Zeichen lang sein - es ist jedoch empfehlenswert, ein längeres Passwort (z.B. eine Passphrase) und/oder verschiedene Arten von Zeichen (Groß- und Kleinschreibung, Ziffern und Sonderzeichen) zu verwenden.",
-    "password_too_simple_3": "Das Passwort muss mindestens 8 Zeichen lang sein und Grossbuchstaben, Kleinbuchstaben, Zahlen und Sonderzeichen enthalten",
+    "password_too_simple_3": "Das Passwort muss mindestens 8 Zeichen mit große Buchstaben, kleine Buchstaben, Zahlen und Sonderzeichen enthalten",
-    "password_too_simple_2": "Das Passwort muss mindestens 8 Zeichen lang sein und Gross- und Kleinbuchstaben sowie Zahlen enthalten",
+    "password_too_simple_2": "Das Passwort muss mindestens 8 Zeichen mit große Buchstaben, kleine Buchstaben und Zahlen enthalten",
-    "password_listed": "Dieses Passwort zählt zu den meistgenutzten Passwörtern der Welt. Bitte wähle ein anderes, einzigartigeres Passwort.",
+    "password_listed": "Dieses Passwort zählt zu den meistgenutzten Passwort der Welt . Bitte wählen Sie ein anderes einzigartigeres Passwort.",
-    "password_too_simple_4": "Das Passwort muss mindestens 12 Zeichen lang sein und Grossbuchstaben, Kleinbuchstaben, Zahlen und Sonderzeichen enthalten",
+    "password_too_simple_4": "Das Passwort muss mindestens 12 Zeichen mit große Buchstaben, kleine Buchstaben, Zahlen und Sonderzeichen enthalten",
    "password_too_simple_1": "Das Passwort muss mindestens 8 Zeichen lang sein"
 }
--- a/portal/locales/eo.json
+++ b/portal/locales/eo.json
@ -13,7 +13,7 @@
    "portal": "Yunohost portalo",
    "fullname": "Plena nomo",
    "new_mail": "nova-adreso@mia-domajno.org",
-    "confirm": "Konfirmu",
+    "confirm": "Konfirmi",
    "password_changed": "Pasvorto ŝanĝita",
    "password_changed_error": "Ne povis ŝanĝi pasvorton",
    "password_not_match": "La pasvortoj ne kongruas",
@ -35,12 +35,12 @@
    "invalid_domain": "Nevalida domajno en",
    "invalid_mail": "Nevalida retpoŝta adreso",
    "wrong_current_password": "Aktuala pasvorto estas malĝusta",
-    "good_practices_about_user_password": "Elektu uzantan pasvorton de almenaŭ 8 signoj - kvankam ĝi estas bona praktiko uzi pli longajn (I.E. Pasfraso) kaj / aŭ uzas diversajn specojn de karakteroj (majusklaj, minusklaj, ciferoj kaj specialaj signoj).",
+    "good_practices_about_user_password": "Elektu uzanton pasvorton de almenaŭ 8 signoj - kvankam estas bone praktiki uzi pli longajn (t.e. pasfrazon) kaj / aŭ uzi diversajn specojn de signoj (majuskloj, minuskloj, ciferoj kaj specialaj signoj).",
-    "password_too_simple_4": "La pasvorto devas havi almenaŭ 12 signojn kaj enhavas ciferojn, suprajn, pli malaltajn kaj specialajn signojn",
+    "password_too_simple_4": "Pasvorto bezonas almenaŭ 12 signojn kaj enhavas ciferojn, majusklojn, minusklojn kaj specialajn signojn",
-    "password_too_simple_3": "La pasvorto devas havi almenaŭ 8 signojn kaj enhavas ciferojn, suprajn, pli malaltajn kaj specialajn signojn",
+    "password_too_simple_3": "Pasvorto bezonas almenaŭ 8 signojn kaj enhavas ciferojn, majusklojn, minusklojn kaj specialajn signojn",
-    "password_too_simple_2": "La pasvorto devas havi almenaŭ 8 signojn kaj enhavas ciferojn, suprajn kaj pli malaltajn signojn",
+    "password_too_simple_2": "Pasvorto bezonas almenaŭ 8 signojn kaj enhavas ciferojn, majusklojn kaj minusklojn",
    "password_too_simple_1": "Pasvorto devas esti almenaŭ 8 signojn longa",
-    "password_listed": "Ĉi tiu pasvorto estas inter la plej uzataj pasvortoj en la mondo. Bonvolu elekti ion pli unikan.",
+    "password_listed": "Ĉi tiu pasvorto estas inter la plej uzataj pasvortoj en la mondo. Bonvolu elekti ion iom pli unikan.",
    "ok": "bone",
    "add_forward": "Aldonu poŝton antaŭen",
    "add_mail": "Aldonu poŝton alias",
--- a/portal/locales/es.json
+++ b/portal/locales/es.json
@ -1,5 +1,5 @@
 {
-    "add_forward": "Añadir una dirección de reenvío de correo electrónico",
+    "add_forward": "Añadir un reenvío de correo electrónico",
    "add_mail": "Añadir un alias de correo electrónico",
    "cancel": "Cancelar",
    "change_password": "Cambiar contraseña",
@ -15,13 +15,13 @@
    "information_updated": "Información actualizada",
    "invalid_domain": "Dominio no válido en",
    "invalid_mail": "La dirección de correo electrónico no es válida",
-    "invalid_mailforward": "La dirección de reenvío de correo electrónico no es válida",
+    "invalid_mailforward": "La dirección de reenvío no es válida",
    "logged_out": "Sesión cerrada",
    "login": "Iniciar sesión",
    "logout": "Cerrar sesión",
    "mail_addresses": "Direcciones de correo electrónico",
    "mail_already_used": "Dirección de correo electrónico ya está en uso",
-    "mail_forward": "Dirección de reenvío de correo electrónico",
+    "mail_forward": "Reenviar correo electrónico",
    "missing_required_fields": "Faltan campos obligatorios",
    "new_forward": "nuevoreenvio@midominioexterior.org",
    "new_mail": "nuevomail@midominio.org",
@ -40,10 +40,10 @@
    "wrong_username_password": "Nombre de usuario o contraseña incorrectos",
    "redirection_error_invalid_url": "Error de redirección: url inválido",
    "redirection_error_unmanaged_domain": "Error de redirección: Dominio no gestionado",
-    "password_listed": "Esta contraseña se encuentra entre las contraseñas más utilizadas en el mundo. Por favor, elija algo un poco más único.",
+    "password_listed": "Esta contraseña es una de las más usadas en el mundo. Elija algo un poco más único.",
    "password_too_simple_1": "La contraseña debe tener al menos 8 caracteres de longitud",
    "password_too_simple_2": "La contraseña debe tener al menos 8 caracteres de longitud y contiene dígitos, mayúsculas y minúsculas",
-    "password_too_simple_3": "La contraseña debe ser de al menos 8 caracteres de longitud e incluir un número y caracteres en mayúsculas, minúsculas y caracteres especiales",
+    "password_too_simple_3": "La contraseña debe tener al menos 8 caracteres de longitud y contiene dígitos, mayúsculas, minúsculas y caracteres especiales",
-    "password_too_simple_4": "La contraseña debe ser de al menos 12 caracteres de longitud e incluir un número, mayúsculas, minúsculas y caracteres especiales",
+    "password_too_simple_4": "La contraseña debe tener al menos 12 caracteres de longitud y contiene dígitos, mayúsculas, minúsculas y caracteres especiales",
    "good_practices_about_user_password": "Está a punto de establecer una nueva contraseña de usuario. La contraseña debería de ser de al menos 8 caracteres, aunque es una buena práctica usar una contraseña más larga (es decir, una frase de paso) y/o usar varias clases de caracteres (mayúsculas, minúsculas, dígitos y caracteres especiales)."
 }
--- a/portal/locales/eu.json
+++ b/portal/locales/eu.json
@ -1,33 +1,33 @@
 {
    "footerlink_administration": "Administrazioa",
-    "footerlink_support": "Laguntza",
+    "footerlink_support": "Laguntzarako",
-    "footerlink_documentation": "Dokumentazioa",
+    "footerlink_documentation": "dokumentazioa",
-    "footerlink_edit": "Editatu profila",
+    "footerlink_edit": "Birzuzenketa errorea: kudeatu gabeko domeinua",
    "redirection_error_unmanaged_domain": "Birzuzenketa errorea: kudeatu gabeko domeinua",
-    "redirection_error_invalid_url": "Birbideraketa errorea: URL okerra",
+    "redirection_error_invalid_url": "Birzuzenketa errorea: URL baliogabea",
-    "please_login_from_portal": "Hasi saioa atarian",
+    "please_login_from_portal": "Mesedez, sartu atarian",
-    "please_login": "Hasi saioa edukira sartzeko",
+    "please_login": "Mesedez, hasi saioa edukira sartzeko",
-    "logged_out": "Saioa amaituta",
+    "logged_out": "Saioa amaitu",
-    "wrong_username_password": "Erabiltzaile-izen edo pasahitz okerra",
+    "wrong_username_password": "Erabiltzaile-izena edo pasahitza okerra",
-    "missing_required_fields": "Bete beharreko eremuak",
+    "missing_required_fields": "Bete beharrezko eremuak",
-    "user_saving_fail": "Ezinezkoa izan da erabiltzailearen informazio berria gordetzea",
+    "user_saving_fail": "Ezin izan da erabiltzailearen informazio berria gorde",
    "information_updated": "Informazioa eguneratu da",
-    "mail_already_used": "Helbide elektroniko hori erabiltzen ari zara dagoeneko",
+    "mail_already_used": "Dagoeneko erabiltzen ari zaren helbide elektronikoa",
-    "invalid_mailforward": "Birbidalketarako helbide okerra",
+    "invalid_mailforward": "Posta elektronikoz birbidaltzeko helbide baliogabea",
-    "invalid_domain": "Domeinu okerra",
+    "invalid_domain": "Helbide elektronikoa baliogabea",
-    "invalid_mail": "Helbide elektronikoa ez da zuzena",
+    "invalid_mail": "Helbide elektronikoa baliogabea",
-    "wrong_current_password": "Oraingo pasahitza okerra da",
+    "wrong_current_password": "Uneko pasahitza okerra da",
-    "good_practices_about_user_password": "Aukeratu gutxienez 8 karaktere dituen erabiltzaile-pasahitz bat — baina gomendioa pasahitz luzeagoak erabiltzea da (adibidez, esaldi bat) edota karaktere desberdinak erabiltzea (larriak, txikiak, zenbakiak eta karaktere bereziak).",
+    "good_practices_about_user_password": "Aukeratu erabiltzaile baten pasahitza gutxienez 8 karaktereekin - nahiz eta praktika ona izan luzeagoak erabiltzea (hau da, pasahitz bat) eta / edo hainbat karaktere erabiltzea (maiuskulak, minuskulak, digituak eta karaktere bereziak).",
-    "password_too_simple_4": "Pasahitzak 12 karaktere izan behar ditu gutxienez eta zenbakiren bat, hizki larriren bat, txikiren bat eta karaktere bereziren bat izan behar ditu",
+    "password_too_simple_4": "Pasahitzak gutxienez 12 karaktere luze izan behar ditu eta zenbakiak, goikoak, behekoak eta karaktere bereziak ditu",
-    "password_too_simple_3": "Pasahitzak 8 karaktere izan behar ditu gutxienez eta zenbakiak, hizki larriak, hizki txikiak eta karaktere bereziak izan behar ditu",
+    "password_too_simple_3": "Pasahitzak gutxienez 8 karaktere luze izan behar ditu eta digitu, goiko, beheko eta karaktere bereziak ditu",
-    "password_too_simple_2": "Pasahitzak 8 karaktere izan behar ditu gutxienez eta zenbakiak, hizki larriak eta hizki txikiak izan behar ditu",
+    "password_too_simple_2": "Pasahitzak gutxienez 8 karaktere luze behar ditu eta digituak, goiko eta beheko karaktereak ditu",
-    "password_too_simple_1": "Pasahitzak 8 karaktere izan behar ditu gutxienez",
+    "password_too_simple_1": "Pasahitzak gutxienez 8 karaktere izan behar ditu",
-    "password_listed": "Pasahitz hau munduko pasahitz erabilienen artean dago. Aukeratu bereziagoa den zerbait.",
+    "password_listed": "Pasahitz hau munduko pasahitz erabilienen artean dago. Mesedez, aukeratu zerbait bereziagoa.",
    "password_not_match": "Pasahitzak ez datoz bat",
    "password_changed_error": "Ezin izan da pasahitza aldatu",
    "password_changed": "Pasahitza aldatu da",
-    "logout": "Amaitu saioa",
+    "logout": "Saioa amaitu",
-    "login": "Hasi saioa",
+    "login": "Saioa hasi",
    "confirm": "Berretsi",
    "new_password": "Pasahitz berria",
    "current_password": "Oraingo pasahitza",
@ -35,15 +35,15 @@
    "change_password": "Aldatu pasahitza",
    "cancel": "Utzi",
    "ok": "Ados",
-    "add_forward": "Gehitu helbide elektronikoa birbidaltzeko e-maila",
+    "add_forward": "Gehitu helbide elektronikoa birbidaltzeko helbidea",
-    "add_mail": "Gehitu e-mail ezizen bat",
+    "add_mail": "Gehitu e-posta alias bat",
-    "new_forward": "birbidalketaberria@nirekanpokodomeinua.eus",
+    "new_forward": "aurreraberria@nireatzerrikodomeinua.org",
-    "new_mail": "postaberria@niredomeinua.eus",
+    "new_mail": "postaberria@mydomeinua.org",
-    "mail_forward": "Birbidalketarako posta elektronikoa",
+    "mail_forward": "Posta elektronikoa birbidaltzeko helbidea",
    "mail_addresses": "Helbide elektronikoak",
    "fullname": "Izen osoa",
    "password": "Pasahitza",
-    "username": "Erabiltzaile-izena",
+    "username": "Erabiltzaile izena",
    "information": "Zure informazioa",
    "portal": "YunoHost ataria"
 }
--- a/portal/locales/fa.json
+++ b/portal/locales/fa.json
@ -1,49 +0,0 @@
 {
    "cancel": "لغو",
    "logged_out": "خارج شده",
    "password": "کلمه عبور",
    "ok": "خوب",
    "footerlink_administration": "مدیریت",
    "footerlink_support": "پشتیبانی",
    "footerlink_documentation": "مستندات",
    "footerlink_edit": "ویرایش پروفایل من",
    "redirection_error_unmanaged_domain": "خطای تغییر مسیر: دامنه مدیریت نشده",
    "redirection_error_invalid_url": "خطای تغییر مسیر: نشانی اینترنتی نامعتبر است",
    "please_login_from_portal": "لطفاً از درگاه پورتال وارد شوید",
    "please_login": "لطفاً برای دسترسی به این محتوا وارد شوید",
    "wrong_username_password": "نام کاربری یا رمز عبور اشتباه است",
    "missing_required_fields": "فیلدهای مورد نیاز را پر کنید",
    "user_saving_fail": "اطلاعات کاربر جدید ذخیره نشد",
    "information_updated": "اطلاعات به روز شد",
    "mail_already_used": "آدرس پست الکترونیکی قبلاً استفاده می شود",
    "invalid_mailforward": "آدرس ارسال ایمیل نامعتبر است",
    "invalid_domain": "دامنه نامعتبر در",
    "invalid_mail": "آدرس ایمیل نامعتبر است",
    "wrong_current_password": "رمز فعلی اشتباه است",
    "good_practices_about_user_password": "گذرواژه کاربر متشکل ازانواع مختلف کاراکترها (بزرگ ، کوچک ، رقم و کاراکتر های خاص)را حداقل با 8 کاراکتر انتخاب کنید - هرچند استفاده از کلمات طولانی تر تمرین خوبی است (مانند عبارت عبور).",
    "password_too_simple_4": "رمز عبور باید شامل اعداد ، حروف کوچک و بزرگ و کاراکترهای خاص باشد، و حداقل 12 کاراکتر طول داشته باشد",
    "password_too_simple_3": "رمز عبور باید شامل اعداد ، حروف کوچک و بزرگ و کاراکترهای خاص باشد، و حداقل 8 کاراکتر طول داشته باشد",
    "password_too_simple_2": "رمز عبور باید شامل اعداد و حروف کوچک و بزرگ، و حداقل 8 کاراکتر طول داشته باشد",
    "password_too_simple_1": "رمز عبور باید حداقل 8 کاراکتر باشد",
    "password_listed": "لطفاً گذرواژه کمی منحصر به فردتری انتخاب کنید. این رمز عبور جزو پر استفاده ترین رمزهای عبور جهان بشمار میرود.",
    "password_not_match": "گذرواژه ها مطابقت ندارند",
    "password_changed_error": "رمز عبور تغییر نکرد",
    "password_changed": "رمز عبور تغییر کرد",
    "logout": "خروج",
    "login": "ورود به سیستم",
    "confirm": "تائید کردن",
    "new_password": "رمز عبور جدید",
    "current_password": "رمز عبور فعلی",
    "edit": "ویرایش",
    "change_password": "تغییر رمز عبور",
    "add_forward": "آدرس هدایت ایمیل را اضافه کنید",
    "add_mail": "یک نام مستعار ایمیل اضافه کنید",
    "new_forward": "newforward@myforeigndomain.org",
    "new_mail": "newmail@mydomain.org",
    "mail_forward": "آدرس ارسال به جلو ایمیل",
    "mail_addresses": "آدرس ایمیل",
    "fullname": "نام و نام خانوادگی",
    "username": "نام کاربری",
    "information": "اطلاعات شما",
    "portal": "پورتال YunoHost"
 }
--- a/portal/locales/fi.json
+++ b/portal/locales/fi.json
@ -1,49 +0,0 @@
 {
    "cancel": "Peruuta",
    "portal": "YunoHost-portaali",
    "password": "Salasana",
    "ok": "OK",
    "information": "Sinun tiedot",
    "username": "Käyttäjänimi",
    "fullname": "Koko nimi",
    "mail_addresses": "Sähköpostiosoitteet",
    "mail_forward": "Sähköpostin välitysosoite",
    "new_mail": "uusiosoite@minundomain.fi",
    "new_forward": "uusivälitys@minunulkopuolinendomain.fi",
    "add_mail": "Lisää sähköposti-alias",
    "add_forward": "Lisää sähköpostin välitysosoite",
    "change_password": "Vaihda salasana",
    "edit": "Muokkaa",
    "current_password": "Nykyinen salasana",
    "new_password": "Uusi salasana",
    "confirm": "Vahvista",
    "login": "Kirjaudu sisään",
    "logout": "Kirjaudu ulos",
    "password_changed": "Salasana vaihdettu",
    "password_changed_error": "Salasanaa ei voitu vaihtaa",
    "password_not_match": "Salasanat eivät täsmänneet",
    "password_listed": "Tämä salasana on yksi maailman käytetyimmistä salasanoista. Valitse jotain hieman ainutlaatuisempaa.",
    "password_too_simple_1": "Salasanan pitää olla ainakin 8 merkin pituinen",
    "password_too_simple_2": "Salasanan on oltava vähintään 8 merkkiä pitkä ja sen on sisällettävä numeroita, isoja ja pieniä merkkejä",
    "wrong_current_password": "Nykyinen salasana on väärin",
    "invalid_mail": "Virheellinen sähköpostiosoite",
    "invalid_domain": "Virheellinen domain",
    "invalid_mailforward": "Virheellinen välityssähköpostiosoite",
    "mail_already_used": "Sähköpostiosoite on jo käytössä",
    "information_updated": "Tiedot päivitetty",
    "user_saving_fail": "Uuden käyttäjän tietoja ei voitu tallentaa",
    "missing_required_fields": "Täytä pakolliset kentät",
    "wrong_username_password": "Väärä käyttäjänimi tai salasana",
    "logged_out": "Kirjauduttu ulos",
    "please_login": "Kirjaudu sisään päästäksesi käsiksi tähän sisältöön",
    "please_login_from_portal": "Kirjaudu sisään portaalista",
    "redirection_error_invalid_url": "Uudelleenohjausvirhe: Virheellinen URL-osoite",
    "redirection_error_unmanaged_domain": "Uudelleenohjausvirhe: Hallitsematon domain",
    "footerlink_edit": "Muokkaa profiiliani",
    "footerlink_documentation": "Dokumentaatio",
    "footerlink_support": "Tuki",
    "footerlink_administration": "Ylläpito",
    "password_too_simple_3": "Salasanan on oltava vähintään 8 merkkiä pitkä ja sen on sisällettävä numeroita, isoja ja pieniä merkkejä",
    "password_too_simple_4": "Salasanan on oltava vähintään 12 merkkiä pitkä ja sen on sisällettävä numeroita, isoja ja pieniä merkkejä",
    "good_practices_about_user_password": "Valitse vähintään kahdeksan merkkiä pitkä salasana - on kuitenkin hyvä käyttää pidempiä salasanoja (esim. salasanalause) ja/tai erilaisia merkkejä (isoja ja pieniä kirjaimia, numeroita ja erikoismerkkejä)."
 }
--- a/portal/locales/fr.json
+++ b/portal/locales/fr.json
@ -34,16 +34,16 @@
    "please_login": "Veuillez vous identifier pour accéder à cette page",
    "please_login_from_portal": "Veuillez vous identifier depuis le portail",
    "portal": "Portail YunoHost",
-    "user_saving_fail": "Impossible d'enregistrer les nouvelles informations de compte",
+    "user_saving_fail": "Impossible d'enregistrer les nouvelles informations utilisateur",
-    "username": "Nom du compte",
+    "username": "Nom d’utilisateur",
    "wrong_current_password": "Le mot de passe actuel est incorrect",
-    "wrong_username_password": "Nom de compte ou mot de passe incorrect",
+    "wrong_username_password": "Nom d’utilisateur ou mot de passe incorrect",
-    "redirection_error_invalid_url": "Erreur de redirection : URL invalide",
+    "redirection_error_invalid_url": "Erreur de redirection : URL invalide",
-    "redirection_error_unmanaged_domain": "Erreur de redirection : domaine non géré",
+    "redirection_error_unmanaged_domain": "Erreur de redirection : domaine non géré",
    "password_listed": "Ce mot de passe est l'un des mots de passe les plus utilisés dans le monde. Veuillez choisir quelque chose d'un peu plus singulier.",
    "password_too_simple_1": "Le mot de passe doit comporter au moins 8 caractères",
    "password_too_simple_2": "Le mot de passe doit comporter au moins 8 caractères et contenir des chiffres, des majuscules et des minuscules",
    "password_too_simple_3": "Le mot de passe doit comporter au moins 8 caractères et contenir des chiffres, des majuscules, des minuscules et des caractères spéciaux",
    "password_too_simple_4": "Le mot de passe doit comporter au moins 12 caractères et contenir des chiffres, des majuscules, des minuscules et des caractères spéciaux",
-    "good_practices_about_user_password": "Choisissez un mot de passe d’au moins 8 caractères, bien qu'il soit recommandé d'utiliser un mot de passe plus long (c'est-à-dire une phrase secrète) et/ou une combinaison de caractères (majuscules, minuscules, chiffres et caractères spéciaux)."
+    "good_practices_about_user_password": "Choisissez un mot de passe utilisateur d’au moins 8 caractères - bien qu’il soit judicieux d’utiliser des mots plus longs (par exemple une phrase secrète) et / ou d’utiliser différents types de caractères (majuscules, minuscules, chiffres et caractères spéciaux)."
 }
--- a/portal/locales/gl.json
+++ b/portal/locales/gl.json
@ -1,49 +0,0 @@
 {
    "footerlink_administration": "Administración",
    "footerlink_support": "Axuda",
    "footerlink_documentation": "Documentación",
    "footerlink_edit": "Editar o meu perfil",
    "redirection_error_unmanaged_domain": "Erro na redirección: Dominio non xestionado",
    "redirection_error_invalid_url": "Erro na redirección: URL non válido",
    "please_login_from_portal": "Conéctate desde o portal",
    "please_login": "Conéctate para acceder a este contido",
    "logged_out": "Sesión pechada",
    "wrong_username_password": "Credenciais incorrectas",
    "missing_required_fields": "Completa os campos requeridos",
    "user_saving_fail": "Non se gardou a info da nova usuaria",
    "information_updated": "Info actualizada",
    "mail_already_used": "Xa está en uso o enderezo de email",
    "invalid_mailforward": "Enderezo de reenvío de email non válido",
    "invalid_domain": "Dominio non válido",
    "invalid_mail": "Enderezo de email non válido",
    "wrong_current_password": "O contrasinal actual é incorrecto",
    "good_practices_about_user_password": "Elixe un contrasinal con 8 caracteres como mínimo - é recomendable que sexa longo (ex. unha frase) e utilizar varios tipos de caracteres (maiúsculas, minúsculas, díxitos e caracteres especiais).",
    "password_too_simple_4": "O contrasinal debe ter 12 caracteres como mínimo e ter díxitos, maiúsculas e minúsculas e caracteres especiais",
    "password_too_simple_3": "O contrasinal debe ter 8 caracteres como mínimo e ter díxitos, maiúsculas e minúsculas e caracteres especiais",
    "password_too_simple_2": "O contrasinal debe ter 8 caracteres como mínimo e ter díxitos e caracteres en maiúsculas e minúsculas",
    "password_too_simple_1": "O contrasinal ten que ter 8 caracteres como mínimo",
    "password_listed": "Este contrasinal é un dos máis utilizados no mundo. Mellor elixe un que sexa máis orixinal.",
    "password_not_match": "Os contrasinais non concordan",
    "password_changed_error": "Non se cambiou o contrasinal",
    "password_changed": "Contrasinal cambiado",
    "logout": "Pechar sesión",
    "login": "Acceder",
    "confirm": "Confirmar",
    "new_password": "Novo contrasinal",
    "current_password": "Contrasinal actual",
    "edit": "Editar",
    "change_password": "Cambiar contrasinal",
    "cancel": "Cancelar",
    "ok": "Ok",
    "add_forward": "Engadir un enderezo de reenvío de email",
    "add_mail": "Engadir un alias de email",
    "new_forward": "novoreenvio@omeudominioexterno.org",
    "new_mail": "novomail@omeudominio.org",
    "mail_forward": "Enderezo de reenvío de email",
    "mail_addresses": "Enderezos de email",
    "fullname": "Nome completo",
    "password": "Contrasinal",
    "username": "Identificador",
    "information": "A túa info",
    "portal": "Portal YunoHost"
 }
--- a/portal/locales/he.json
+++ b/portal/locales/he.json
@ -1 +0,0 @@
 {}
--- a/portal/locales/id.json
+++ b/portal/locales/id.json
@ -1,49 +0,0 @@
 {
    "cancel": "Batal",
    "portal": "Portal YunoHost",
    "information": "Info Anda",
    "username": "Nama Pengguna",
    "password": "Kata sandi",
    "fullname": "Nama Lengkap",
    "mail_addresses": "Alamat surel",
    "mail_forward": "Alamat surel terusan",
    "new_mail": "surelbaru@domainku.org",
    "new_forward": "terusanbaru@domainlainku.org",
    "add_mail": "Buat surel alias",
    "add_forward": "Buat alamat surel terusan",
    "ok": "Oke",
    "change_password": "Ubah kata sandi",
    "edit": "Sunting",
    "current_password": "Kata sandi saat ini",
    "new_password": "Kata sandi baru",
    "confirm": "Konfirmasi",
    "login": "Masuk",
    "logout": "Keluar",
    "password_changed": "Kata sandi diubah",
    "password_changed_error": "Tidak dapat mengubah kata sandi",
    "password_not_match": "Kata sandi tidak sama",
    "password_listed": "Kata sandi ini merupakan salah satu kata sandi yang paling sering digunakan di dunia. Coba pilih sesuatu yang lebih unik.",
    "password_too_simple_1": "Panjang kata sandi harus paling tidak 8 karakter",
    "wrong_current_password": "Kata sandi saat ini salah",
    "invalid_mail": "Alamat surel tidak valid",
    "mail_already_used": "Alamat surel sudah digunakan",
    "information_updated": "Info diperbarui",
    "user_saving_fail": "Tidak dapat menyimpan info baru pengguna",
    "wrong_username_password": "Nama pengguna atau kata sandi salah",
    "logged_out": "Berhasil keluar",
    "please_login": "Masuk untuk mengakses konten ini",
    "please_login_from_portal": "Silakan masuk dari portal",
    "redirection_error_invalid_url": "Kesalahan pengalihan: URL tidak valid",
    "redirection_error_unmanaged_domain": "Kesalahan pengalihan: Domain tak dikelola",
    "footerlink_edit": "Sunting profil saya",
    "footerlink_documentation": "Dokumentasi",
    "footerlink_support": "Dukungan",
    "footerlink_administration": "Administrasi",
    "password_too_simple_2": "Kata sandi harus sekurang-kurangnya 8 karakter dan memiliki angka, huruf kapital dan huruf kecil",
    "password_too_simple_3": "Kata sandi harus sekurang-kurangnya 8 karakter dan memiliki angka, huruf kapital, huruf kecil, dan karakter spesial",
    "password_too_simple_4": "Kata sandi harus sekurang-kurangnya 12 karakter dan memiliki angka, huruf kapital, huruf kecil, dan karakter spesial",
    "good_practices_about_user_password": "Pilih kata sandi sekurang-kurangnya 8 karakter - meskipun memang adalah hal yang baik jika menggunakan yang lebih panjang (cth. parafrasa) dan/atau menggunakan berbagai macam karakter (kapital, huruf kecil, angka, dan karakter lainnya).",
    "invalid_domain": "Domain tidak valid di",
    "invalid_mailforward": "Alamat surel terusan tidak valid",
    "missing_required_fields": "Isi bidang yang diperlukan"
 }
--- a/portal/locales/it.json
+++ b/portal/locales/it.json
@ -17,8 +17,8 @@
    "invalid_mail": "Indirizzo email non valido",
    "invalid_mailforward": "Indirizzo di inoltro e-mail non valido",
    "logged_out": "Disconnesso",
-    "login": "Accedi",
+    "login": "Accesso",
-    "logout": "Esci",
+    "logout": "Disconnettersi",
    "mail_addresses": "Indirizzi email",
    "mail_already_used": "Indirizzo email già in uso",
    "mail_forward": "Indirizzo di inoltro e-mail",
--- a/portal/locales/ja.json
+++ b/portal/locales/ja.json
@ -1,49 +0,0 @@
 {
    "portal": "YunoHost ポータル",
    "information": "あなたの情報",
    "username": "ユーザー名",
    "password": "パスワード",
    "fullname": "フルネーム",
    "mail_addresses": "電子メールアドレス",
    "mail_forward": "電子メール転送アドレス",
    "new_mail": "newmail@mydomain.org",
    "add_mail": "電子メール エイリアスを追加",
    "add_forward": "電子メール転送アドレスを追加",
    "ok": "OK",
    "change_password": "パスワード変更",
    "edit": "編集",
    "new_password": "新しいパスワード",
    "confirm": "確認",
    "logout": "ログアウト",
    "password_changed": "パスワードが変更されました",
    "password_not_match": "パスワードが一致しません",
    "password_too_simple_1": "パスワードは8文字以上である必要があります",
    "password_too_simple_2": "パスワードは8文字以上で、数字/大文字/小文字の全てを含む必要があります",
    "password_too_simple_3": "パスワードは8文字以上で、数字/大文字/小文字/特殊文字の全てを含む必要があります",
    "password_too_simple_4": "パスワードは12文字以上で、数字/大文字/小文字/特殊文字の全てを含む必要があります",
    "wrong_current_password": "現在のパスワードが間違っています",
    "invalid_mail": "不正な電子メールアドレス",
    "invalid_domain": "不正なドメイン",
    "invalid_mailforward": "不正な電子メール転送アドレス",
    "mail_already_used": "電子メールアドレスは既に使われています",
    "information_updated": "情報が更新されました",
    "user_saving_fail": "新しいユーザー情報を保存できませんでした",
    "missing_required_fields": "必須フィールドに入力してください",
    "wrong_username_password": "ユーザー名かパスワードが間違っています",
    "logged_out": "ログアウトしました",
    "please_login": "このコンテンツにアクセスするにはログインしてください",
    "please_login_from_portal": "ポータルからログインしてください",
    "redirection_error_invalid_url": "リダイレクションエラー: 不正なURL",
    "redirection_error_unmanaged_domain": "リダイレクションエラー: 管理されていないドメイン",
    "footerlink_edit": "プロフィールを編集する",
    "footerlink_documentation": "ドキュメント",
    "footerlink_support": "サポート",
    "footerlink_administration": "管理",
    "cancel": "キャンセル",
    "new_forward": "newforward@myforeigndomain.org",
    "current_password": "現在のパスワード",
    "login": "ログイン",
    "password_changed_error": "パスワードは変更できませんでした",
    "password_listed": "このパスワードは世界で最も使われているパスワードのひとつです。もう少しユニークなものを選んでください。",
    "good_practices_about_user_password": "ユーザーパスワードは最低でも8文字、より長いもの（パスフレーズなど）にしたり、さまざまな種類の文字（大文字、小文字、数字、特殊文字）を使うことが望ましいです。"
 }
--- a/portal/locales/kab.json
+++ b/portal/locales/kab.json
@ -1,18 +0,0 @@
 {
    "username": "Isem n useqdac",
    "password": "Awal n uɛeddi",
    "fullname": "Isem inek ummid",
    "ok": "Ih",
    "cancel": "Sefsex",
    "change_password": "Beddel awal n uffir",
    "edit": "Édition",
    "current_password": "Awal n uɛeddi amiran",
    "new_password": "Awal uffir amaynut",
    "confirm": "Sentem",
    "login": "Qqen",
    "logout": "Senser",
    "logged_out": "Yeffeɣ",
    "footerlink_documentation": "Tasemlit",
    "footerlink_support": "Tallalt",
    "footerlink_administration": "Tadbelt"
 }
--- a/portal/locales/ko.json
+++ b/portal/locales/ko.json
@ -1 +0,0 @@
 {}
--- a/portal/locales/lt.json
+++ b/portal/locales/lt.json
@ -1 +0,0 @@
 {}
--- a/portal/locales/mk.json
+++ b/portal/locales/mk.json
@ -1 +0,0 @@
 {}
--- a/portal/locales/nl.json
+++ b/portal/locales/nl.json
@ -3,47 +3,47 @@
    "add_mail": "Voeg een e-mailalias toe",
    "cancel": "Annuleren",
    "change_password": "Verander wachtwoord",
-    "confirm": "Bevestig",
+    "confirm": "Bevestigen",
    "current_password": "Huidig wachtwoord",
    "edit": "Bewerken",
    "footerlink_administration": "Administratie",
    "footerlink_documentation": "Documentatie",
    "footerlink_edit": "Bewerk mijn profiel",
    "footerlink_support": "Ondersteuning",
-    "fullname": "Voor- en achternaam",
+    "fullname": "Voor-en achternaam",
    "information": "Uw gegevens",
    "information_updated": "Informatie bijgewerkt",
-    "invalid_domain": "Ongeldig domein in",
+    "invalid_domain": "Ongeldig domein",
-    "invalid_mail": "Ongeldig e-mailadres",
+    "invalid_mail": "Ongeldig emailadres",
-    "invalid_mailforward": "Ongeldig email-doorstuuradres",
+    "invalid_mailforward": "Ongeldig email-forward adres",
    "logged_out": "Uitgelogd",
    "login": "Inloggen",
    "logout": "Uitloggen",
    "mail_addresses": "E-mailadressen",
    "mail_already_used": "E-mailadres al in gebruik",
    "mail_forward": "E-mail doorstuuradres",
-    "missing_required_fields": "De verplichte velden moeten ingevuld worden",
+    "missing_required_fields": "Verplichte velden zijn niet ingevuld",
-    "new_forward": "nieuw_doorstuuradres@mijndomein.org",
+    "new_forward": "nieuwe_forward@mijndomein.org",
    "new_mail": "nieuwe_email@mijndomein.org",
    "new_password": "Nieuw wachtwoord",
    "ok": "OK",
    "password": "Wachtwoord",
-    "password_changed": "Wachtwoord veranderd",
+    "password_changed": "wachtwoord veranderd",
    "password_changed_error": "Kon wachtwoord niet veranderen",
    "password_not_match": "De wachtwoorden komen niet overeen",
    "please_login": "Log in om toegang te krijgen tot deze inhoud",
    "please_login_from_portal": "Log in vanaf het portaal",
    "portal": "YunoHost Portaal",
-    "user_saving_fail": "De nieuwe gebruikersinformatie kon niet opgeslagen worden",
+    "user_saving_fail": "Er is een fout opgetreden bij het opslaan van wijzigingen aan gebruiker",
    "username": "Gebruikersnaam",
-    "wrong_current_password": "Het huidige wachtwoord is fout",
+    "wrong_current_password": "Huidig wachtwoord is verkeerd",
    "wrong_username_password": "Verkeerde gebruikersnaam of wachtwoord",
-    "password_too_simple_2": "Het wachtwoord moet minimaal 8 tekens lang zijn en moet cijfers, hoofdletters en kleine letters bevatten",
+    "password_too_simple_2": "Het wachtwoord moet minimaal 8 tekens lang zijn en cijfers, hoofdletters en kleine letters bevatten",
    "password_too_simple_1": "Het wachtwoord moet minimaal 8 tekens lang zijn",
-    "password_listed": "Dit wachtwoord is een van de meest gebruikte wachtwoorden ter wereld. Kies alstublieft iets wat minder voor de hand ligt.",
+    "password_listed": "Dit wachtwoord is een van de meest gebruikte wachtwoorden ter wereld. Kies alstublieft iets uniekers.",
    "redirection_error_unmanaged_domain": "Omleidingsfout: onbeheerd domein",
    "redirection_error_invalid_url": "Omleidingsfout: ongeldige URL",
-    "good_practices_about_user_password": "Kies een gebruikerswachtwoord van minimaal 8 tekens - hoewel het een goede gewoonte is om langere (bijvoorbeeld een wachtwoordzin) te gebruiken en/of verschillende soorten tekens te gebruiken (hoofdletters, kleine letters, cijfers en speciale tekens).",
+    "good_practices_about_user_password": "Kies een gebruikerswachtwoord van minimaal 8 tekens - hoewel het een goede gewoonte is om langere (dat wil zeggen een wachtwoordzin) te gebruiken en / of verschillende soorten tekens te gebruiken (hoofdletters, kleine letters, cijfers en speciale tekens).",
-    "password_too_simple_4": "Het wachtwoord moet minimaal 12 tekens lang zijn en moet cijfers, hoofdletters, kleine letters en speciale tekens bevatten",
+    "password_too_simple_4": "Het wachtwoord moet minimaal 12 tekens lang zijn en cijfers, bovenste, onderste en speciale tekens bevatten",
-    "password_too_simple_3": "Het wachtwoord moet minimaal 8 tekens lang zijn en moet cijfers, hoofdletters, kleine letters en speciale tekens bevatten"
+    "password_too_simple_3": "Het wachtwoord moet minimaal 8 tekens lang zijn en cijfers, bovenste, onderste en speciale tekens bevatten"
 }
--- a/portal/locales/oc.json
+++ b/portal/locales/oc.json
@ -45,5 +45,5 @@
    "password_too_simple_2": "Lo senhal deu conténer almens 8 caractèrs e nombres, majusculas e minusculas",
    "password_too_simple_3": "Lo senhal deu conténer almens 8 caractèrs e nombres, majusculas e minusculas e caractèrs especials",
    "password_too_simple_4": "Lo senhal deu conténer almens 12 caractèrs, de nombre, majusculas, minusculas e caractèrs especials",
-    "good_practices_about_user_password": "Causissètz un senhal d’almens 8 caractèrs, es de bon far d’utilizar un senhal mai long (es a dire una frasa de senhal) e/o utilizar mantun tipe de caractèrs (majusculas, minusculas, nombres e caractèrs especials)."
+    "good_practices_about_user_password": "Causissètz un senhal d’almens 8 caractèrs, es de bon far d’utilizar un senhal mai long (es a dire una frasa de senhal) e/o utilizar mantuns tipes de caractèrs (majusculas, minusculas, nombres e caractèrs especials)."
 }
--- a/portal/locales/pl.json
+++ b/portal/locales/pl.json
@ -3,7 +3,7 @@
    "cancel": "Anuluj",
    "change_password": "Zmień hasło",
    "confirm": "Potwierdź",
-    "current_password": "Aktualne hasło",
+    "current_password": "Aktualne  hasło",
    "edit": "Edytuj",
    "footerlink_administration": "Panel administracyjny",
    "footerlink_documentation": "Dokumentacja",
@ -36,9 +36,9 @@
    "invalid_domain": "Nieprawidłowa domena w",
    "invalid_mail": "Niepoprawny adres email",
    "wrong_current_password": "Obecne hasło jest nieprawidłowe",
-    "good_practices_about_user_password": "Wybierz hasło użytkownika składające się z co najmniej 8 znaków — chociaż dobrą praktyką jest używanie dłuższych i / lub stosowanie różnego rodzaju znaków (wielkie i małe litery, cyfry i znaki specjalne).",
+    "good_practices_about_user_password": "Wybierz hasło użytkownika składające się z co najmniej 8 znaków - chociaż dobrą praktyką jest używanie dłuższych (np. Hasło) i / lub stosowanie różnego rodzaju znaków (wielkie litery, małe litery, cyfry i znaki specjalne).",
-    "password_too_simple_4": "Hasło musi mieć co najmniej 12 znaków i zawierać cyfrę, duże i małe litery oraz znaki specjalne",
+    "password_too_simple_4": "Hasło musi mieć co najmniej 12 znaków i zawierać cyfry, górne, dolne i znaki specjalne",
-    "password_too_simple_3": "Hasło musi mieć co najmniej 8 znaków i zawierać cyfrę, duże i małe litery oraz znaki specjalne",
+    "password_too_simple_3": "Hasło musi mieć co najmniej 8 znaków i zawierać cyfry, górne, dolne i znaki specjalne",
    "password_too_simple_2": "Hasło musi mieć co najmniej 8 znaków i zawierać cyfrę, górny i dolny znak",
    "password_too_simple_1": "Hasło musi mieć co najmniej 8 znaków",
    "password_listed": "To hasło jest jednym z najczęściej używanych haseł na świecie. Wybierz coś bardziej wyjątkowego.",
--- a/portal/locales/pt.json
+++ b/portal/locales/pt.json
@ -40,7 +40,7 @@
    "wrong_username_password": "Nome de utilizador e senha errados",
    "redirection_error_invalid_url": "Erro de redirecionamento: URL inválido",
    "redirection_error_unmanaged_domain": "Erro de redirecionamento: Dominio não gerenciado",
-    "good_practices_about_user_password": "Escolha uma senha de usuário com pelo menos 8 caracteres - embora seja uma boa prática usar palavras mais longas (ou seja, uma senha) e/ou usar vários tipos de caracteres (maiúsculas, minúsculas, dígitos e caracteres especiais).",
+    "good_practices_about_user_password": "Escolha uma senha de usuário com pelo menos 8 caracteres - embora seja uma boa prática usar palavras mais longas (ou seja, uma senha) e / ou usar vários tipos de caracteres (maiúsculas, minúsculas, dígitos e caracteres especiais).",
    "password_too_simple_4": "A senha precisa ter pelo menos 12 caracteres e conter dígitos, caracteres superior, inferior e caracteres especiais",
    "password_too_simple_3": "A senha precisa ter pelo menos 8 caracteres e conter dígitos, caracteres superior, inferior e caracteres especiais",
    "password_too_simple_2": "A senha precisa ter pelo menos 8 caracteres e conter dígitos, caracteres superior e inferior",
--- a/portal/locales/pt_BR.json
+++ b/portal/locales/pt_BR.json
@ -1 +0,0 @@
 {}
--- a/portal/locales/ru.json
+++ b/portal/locales/ru.json
@ -1,12 +1,12 @@
 {
-    "portal": "Портал YunoHost",
+    "portal": "YunoHost Портал",
    "information": "Ваша информация",
    "username": "Имя пользователя",
    "password": "Пароль",
    "fullname": "Полное имя",
    "mail_addresses": "Адрес электронной почты",
    "ok": "ОК",
-    "cancel": "Отмена",
+    "cancel": "Отменить",
    "change_password": "Сменить пароль",
    "edit": "Редактировать",
    "current_password": "Действующий пароль",
@ -14,7 +14,7 @@
    "confirm": "Подтвердить",
    "login": "Авторизоваться",
    "logout": "Выйти",
-    "password_changed": "Пароль изменён",
+    "password_changed": "пароль изменен",
    "password_changed_error": "Не удалось сменить пароль",
    "invalid_mail": "Неверный адрес электронной почты",
    "invalid_mailforward": "Неверный адрес пересылки электронной почты",
@ -39,11 +39,11 @@
    "footerlink_edit": "Редактировать профиль",
    "footerlink_documentation": "Документация",
    "footerlink_support": "Поддержка",
-    "footerlink_administration": "Администрирование",
+    "footerlink_administration": "Администрация",
-    "good_practices_about_user_password": "Выберите пароль пользователя длиной не менее 8 символов, хотя рекомендуется использовать более длинные (например, парольную фразу) и / или использовать символы различного типа (прописные, строчные буквы, цифры и специальные символы).",
+    "good_practices_about_user_password": "Выберите пароль пользователя длиной не менее 8 символов, хотя рекомендуется использовать более длинные (например, парольную фразу) и / или использовать символы различного типа (прописные, строчные, цифры и специальные символы).",
-    "password_too_simple_4": "Пароль должен содержать не менее 12 символов и включать цифры, заглавные и строчные буквы и специальные символы",
+    "password_too_simple_4": "Пароль должен содержать не менее 12 символов и содержать цифры, верхние, нижние и специальные символы",
-    "password_too_simple_3": "Пароль должен содержать не менее 8 символов и содержать цифры, заглавные и строчные буквы и специальные символы",
+    "password_too_simple_3": "Пароль должен содержать не менее 8 символов и содержать цифры, верхние, нижние и специальные символы",
-    "password_too_simple_2": "Пароль должен содержать не менее 8 символов и включать цифры, заглавные и строчные буквы",
+    "password_too_simple_2": "Пароль должен содержать не менее 8 символов и содержать цифры, верхние и нижние символы",
    "password_too_simple_1": "Пароль должен быть не менее 8 символов",
    "password_listed": "Этот пароль является одним из наиболее часто используемых паролей в мире. Пожалуйста, выберите что-то более уникальное."
 }
--- a/portal/locales/sk.json
+++ b/portal/locales/sk.json
@ -1,49 +0,0 @@
 {
    "information": "Vaše údaje",
    "username": "Meno používateľa",
    "password": "Heslo",
    "fullname": "Meno a priezvisko",
    "mail_forward": "E-mail pre preposielanie",
    "new_mail": "novymail@mojadomena.org",
    "new_forward": "novepreposielanie@mojadalsiadomena.org",
    "add_mail": "Pridať e-mailovú prezývku/alias",
    "add_forward": "Pridať e-mailovú adresu pre preposielanie",
    "ok": "OK",
    "cancel": "Zrušiť",
    "change_password": "Zmeniť heslo",
    "edit": "Upraviť",
    "current_password": "Aktuálne heslo",
    "new_password": "Nové heslo",
    "confirm": "Potvrdiť",
    "login": "Prihlásiť sa",
    "logout": "Odhlásiť sa",
    "password_changed": "Heslo bolo zmenené",
    "password_changed_error": "Heslo nebolo zmenené",
    "password_not_match": "Heslá sa nezhodujú",
    "portal": "Portál YunoHost",
    "mail_addresses": "E-mailová adresa",
    "password_listed": "Toto heslo je jedným z najpoužívanejších na svete. Vyberte, prosím, niečo jedinečnejšie.",
    "password_too_simple_1": "Heslo sa musí skladať z aspoň 8 znakov",
    "password_too_simple_2": "Heslo musí obsahovať aspoň 8 znakov a musí sa v ňom nachádzať aspoň jedno číslo, veľké a malé písmeno",
    "password_too_simple_3": "Heslo musí obsahovať aspoň 8 znakov a musí sa v ňom nachádzať aspoň jedno číslo, veľké, malé písmeno a špeciálny znak",
    "wrong_current_password": "Aktuálne heslo je nesprávne",
    "invalid_mail": "Neplatná e-mailová adresa",
    "invalid_domain": "Neplatná doména v",
    "invalid_mailforward": "Neplatná e-mailová adresa pre preposielanie",
    "mail_already_used": "Táto e-mailová adresa sa už používa",
    "information_updated": "Údaje boli upravené",
    "user_saving_fail": "Nepodarilo sa uložiť údaje o používateľovi",
    "missing_required_fields": "Vyplňte požadované údaje",
    "wrong_username_password": "Chybné meno používateľa alebo heslo",
    "logged_out": "Boli ste odhlásený",
    "please_login": "Pre zobrazenie obsahu sa, prosím, prihláste",
    "please_login_from_portal": "Prosím, prihláste sa z portálu",
    "redirection_error_invalid_url": "Chyba presmerovania: Neplatná adresa URL",
    "redirection_error_unmanaged_domain": "Chyba presmerovania: Neregistrovaná doména",
    "footerlink_edit": "Upraviť môj profil",
    "footerlink_documentation": "Dokumentácia",
    "footerlink_support": "Podpora",
    "footerlink_administration": "Správa",
    "password_too_simple_4": "Heslo musí obsahovať aspoň 12 znakov a musí sa v ňom nachádzať aspoň jedno číslo, veľké, malé písmeno a špeciálny znak",
    "good_practices_about_user_password": "Vyberte si heslo, ktoré má aspoň 8 znakov - dobrou praxou je však používať dlhšie názvy a kombinovať pri tom rôzne typy znakov (veľké a malé písmená, číslice a špeciálne znaky)."
 }
--- a/portal/locales/sl.json
+++ b/portal/locales/sl.json
@ -1,3 +0,0 @@
 {
    "cancel": "Prekliči"
 }
--- a/portal/locales/sv.json
+++ b/portal/locales/sv.json
@ -45,5 +45,5 @@
    "please_login_from_portal": "Logga in från portalen",
    "please_login": "Logga in för att få tillgång till det här innehållet",
    "invalid_mailforward": "Ogiltig e-post vidarebefordringsadress",
-    "good_practices_about_user_password": "Välj ett användarlösenord på minst åtta tecken - även om det är bra att använda längre (dvs ett lösenord) och / eller använda olika typer av tecken (versaler gemener, siffror och specialtecken)."
+    "good_practices_about_user_password": "Välj ett användarlösenord på minst åtta tecken - även om det är bra att använda längre (dvs ett lösenord) och / eller använda olika typer av tecken (versaler, versaler, siffror och specialtecken)."
 }
--- a/portal/locales/te.json
+++ b/portal/locales/te.json
@ -1,3 +0,0 @@
 {
    "cancel": "రద్దు చేయండి"
 }
--- a/portal/locales/tr.json
+++ b/portal/locales/tr.json
@ -1,7 +1,7 @@
 {
    "add_forward": "Bir e-posta yönlendirme adresi ekleyin",
    "add_mail": "Bir e-posta takma adı ekleyin",
-    "cancel": "İptal et",
+    "cancel": "İptal etmek",
    "change_password": "Parolayı değiştir",
    "confirm": "Onayla",
    "current_password": "Mevcut parola",
@ -40,9 +40,9 @@
    "wrong_username_password": "Yanlış kullanıcı adı veya parola",
    "redirection_error_unmanaged_domain": "Yönlendirme hatası: Yönetilmeyen alan",
    "redirection_error_invalid_url": "Yönlendirme hatası: Geçersiz URL",
-    "good_practices_about_user_password": "En az 8 karakterden oluşan bir kullanıcı şifresi seçin - daha uzun olanları (örneğin bir şifre) ve / veya çeşitli karakterleri (büyük harf, küçük harf, rakam ve özel karakterler) kullanmak daha iyidir.",
+    "good_practices_about_user_password": "En az 8 karakterden oluşan bir kullanıcı şifresi seçin - daha uzun olanları (örneğin bir şifre) ve / veya çeşitli karakterleri (büyük harf, küçük harf, rakam ve özel karakterler) kullanmak iyi bir uygulamadır.",
-    "password_too_simple_4": "Şifrenin en az 12 karakter uzunluğunda olması ve rakam, büyük ve küçük harfler, özel karakterler içermesi gerekir",
+    "password_too_simple_4": "Şifrenin en az 12 karakter uzunluğunda olması ve rakam, üst, alt ve özel karakterler içermesi gerekir",
-    "password_too_simple_3": "Şifrenin en az 8 karakter uzunluğunda olması ve rakam, büyük ve küçük harfler, özel karakterler içermesi gerekir",
+    "password_too_simple_3": "Şifrenin en az 8 karakter uzunluğunda olması ve rakam, üst, alt ve özel karakterler içermesi gerekir",
    "password_too_simple_2": "Şifrenin en az 8 karakter uzunluğunda olması ve rakam, üst ve alt karakterler içermesi gerekir",
    "password_too_simple_1": "Şifre en az 8 karakter uzunluğunda olmalı",
    "password_listed": "Bu şifre dünyada en çok kullanılan şifreler arasındadır. Lütfen biraz daha benzersiz bir şey seçin."
--- a/portal/locales/uk.json
+++ b/portal/locales/uk.json
@ -1,49 +0,0 @@
 {
    "cancel": "Скасувати",
    "logged_out": "Ви вийшли з системи",
    "footerlink_administration": "Адміністрування",
    "footerlink_support": "Підтримка",
    "footerlink_documentation": "Документація",
    "footerlink_edit": "Редагувати мій профіль",
    "redirection_error_unmanaged_domain": "Помилка перенаправлення: Некерований домен",
    "redirection_error_invalid_url": "Помилка перенаправлення: Недійсна URL-адреса",
    "please_login_from_portal": "Увійдіть у систему з порталу",
    "please_login": "Увійдіть, щоб отримати доступ до цього вмісту",
    "wrong_username_password": "Неправильне ім'я користувача або пароль",
    "missing_required_fields": "Заповніть необхідні поля",
    "user_saving_fail": "Не вдалося зберегти нові відомості користувача",
    "information_updated": "Відомості оновлено",
    "mail_already_used": "Адреса е-пошти вже використовується",
    "invalid_mailforward": "Недійсна адреса переадресації е-пошти",
    "invalid_domain": "Недійсний домен у",
    "invalid_mail": "Недійсна адреса е-пошти",
    "wrong_current_password": "Поточний пароль неправильний",
    "good_practices_about_user_password": "Виберіть пароль користувача щонайменше 8 символів - хоча це хороша практика використовувати довші (тобто фрази-гасла) та/або використовувати різні символи (великі, малі, числа та спеціальні символи).",
    "password_too_simple_4": "Пароль повинен бути щонайменше 12 символів довжиною і містити числа, верхній, нижній регістри та спеціальні символи",
    "password_too_simple_3": "Пароль повинен бути щонайменше 8 символів довжиною і містити числа, верхній, нижній регістри та спеціальні символи",
    "password_too_simple_2": "Пароль повинен бути щонайменше 8 символів довжиною і містити числа, верхній та нижній регістри",
    "password_too_simple_1": "Пароль має складатися не менше ніж з 8 символів",
    "password_listed": "Цей пароль є одним з найбільш використовуваних паролів у світі. Будь ласка, виберіть щось трохи більш неповторюване.",
    "password_not_match": "Паролі не збігаються",
    "password_changed_error": "Не вдалося змінити пароль",
    "password_changed": "Пароль змінено",
    "logout": "Вийти",
    "login": "Увійти",
    "confirm": "Підтвердити",
    "new_password": "Новий пароль",
    "current_password": "Поточний пароль",
    "edit": "Редагувати",
    "change_password": "Змінити пароль",
    "add_forward": "Додайте адресу переадресації е-пошти",
    "add_mail": "Додайте аліас е-пошти",
    "new_forward": "novapereadresaciya@myforeigndomain.org",
    "new_mail": "novaeposhta@mydomain.org",
    "mail_forward": "Адреса переадресації е-пошти",
    "mail_addresses": "Адреси е-пошти",
    "fullname": "Повне ім'я",
    "username": "Ім'я користувача",
    "information": "Ваші відомості",
    "portal": "Портал YunoHost",
    "password": "Пароль",
    "ok": "Гаразд"
 }
--- a/portal/locales/zh_Hans.json
+++ b/portal/locales/zh_Hans.json
@ -1,7 +1,7 @@
 {
    "footerlink_administration": "管理",
    "footerlink_support": "支持",
-    "footerlink_documentation": "文档",
+    "footerlink_documentation": "文献资料",
    "footerlink_edit": "编辑我的个人资料",
    "redirection_error_unmanaged_domain": "重定向错误：非托管域",
    "redirection_error_invalid_url": "重定向错误：无效的 URL",
@ -34,16 +34,16 @@
    "edit": "编辑",
    "change_password": "更改密码",
    "cancel": "取消",
-    "ok": "ОК",
+    "ok": "好",
    "add_forward": "添加电子邮件转发地址",
    "add_mail": "添加电子邮件别名",
-    "new_forward": "新转发@我的外部域.org",
+    "new_forward": "新前进@我的外国域名.org",
-    "new_mail": "新邮件@我的域.org",
+    "new_mail": "新邮件@我的域名.org",
    "mail_forward": "邮件转发地址",
    "mail_addresses": "电子邮件地址",
    "fullname": "全名",
    "password": "密码",
    "username": "用户名",
    "information": "您的资料",
-    "portal": "YunoHost 门户"
+    "portal": "YunoHost门户"
 }