From 1c06fd50179c53228f50a473c8e12633f3a3b073 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Tue, 4 Oct 2022 17:26:38 +0200
Subject: [PATCH] configpanels: i18n for domain cert config panel

---
 locales/en.json          | 14 ++++++++++++++
 share/config_domain.toml |  5 -----
 src/certificate.py       | 25 ++++++++++++++++---------
 src/domain.py            | 12 +++++++++---
 src/utils/config.py      |  2 +-
 5 files changed, 40 insertions(+), 18 deletions(-)

diff --git a/locales/en.json b/locales/en.json
index 0f2ef7be8..ccbba1609 100644
--- a/locales/en.json
+++ b/locales/en.json
@@ -321,6 +321,20 @@
     "domain_config_mail_in": "Incoming emails",
     "domain_config_mail_out": "Outgoing emails",
     "domain_config_xmpp": "Instant messaging (XMPP)",
+    "domain_config_acme_eligible": "ACME eligibility",
+    "domain_config_acme_eligible_explain": "This domain doesn't seem ready for a Let's Encrypt certificate. Please check your DNS configuration and HTTP server reachability. The 'DNS records' and 'Web' section in <a href='#/diagnosis'>the diagnosis page</a> can help you understand what is misconfigured.",
+    "domain_config_cert_install": "Install Let's Encrypt certificate",
+    "domain_config_cert_issuer": "Certification authority",
+    "domain_config_cert_no_checks": "Ignore diagnosis checks",
+    "domain_config_cert_renew": "Renew Let's Encrypt certificate",
+    "domain_config_cert_renew_help":"Certificate will be automatically renewed during the last 15 days of validity. You can manually renew it if you want to. (Not recommended).",
+    "domain_config_cert_summary": "Certificate status",
+    "domain_config_cert_summary_expired": "CRITICAL: Current certificate is not valid! HTTPS won't work at all!",
+    "domain_config_cert_summary_selfsigned": "WARNING: Current certificate is self-signed. Browsers will display a spooky warning to new visitors!",
+    "domain_config_cert_summary_abouttoexpire": "Current certificate is about to expire. It should soon be renewed automatically.",
+    "domain_config_cert_summary_ok": "Okay, current certificate looks good!",
+    "domain_config_cert_summary_letsencrypt": "Great! You're using a valid Let's Encrypt certificate!",
+    "domain_config_cert_validity": "Validity",
     "domain_created": "Domain created",
     "domain_creation_failed": "Unable to create domain {domain}: {error}",
     "domain_deleted": "Domain deleted",
diff --git a/share/config_domain.toml b/share/config_domain.toml
index fd12d4506..28c394cf1 100644
--- a/share/config_domain.toml
+++ b/share/config_domain.toml
@@ -91,8 +91,6 @@ i18n = "domain_config"
         type = "alert"
         style = "warning"
         visible = "acme_eligible == false"
-        # FIXME: improve messaging ...
-        ask = "Uhoh, domain isnt ready for ACME challenge according to the diagnosis"
 
         [cert.cert.cert_no_checks]
         ask = "Ignore diagnosis checks"
@@ -101,7 +99,6 @@ i18n = "domain_config"
         visible = "acme_eligible == false"
 
         [cert.cert.cert_install]
-        ask = "Install Let's Encrypt certificate"
         type = "button"
         icon = "star"
         style = "success"
@@ -109,8 +106,6 @@ i18n = "domain_config"
         enabled = "acme_eligible || cert_no_checks"
 
         [cert.cert.cert_renew]
-        ask = "Renew Let's Encrypt certificate"
-        help = "The certificate should be automatically renewed by YunoHost a few days before it expires."
         type = "button"
         icon = "refresh"
         style = "warning"
diff --git a/src/certificate.py b/src/certificate.py
index 3be821b0e..7ef7f1d54 100644
--- a/src/certificate.py
+++ b/src/certificate.py
@@ -153,7 +153,7 @@ def _certificate_install_selfsigned(domain_list, force=False):
         if not force and os.path.isfile(current_cert_file):
             status = _get_status(domain)
 
-            if status["summary"] == "success":
+            if status["style"] == "success":
                 raise YunohostValidationError(
                     "certmanager_attempt_to_replace_valid_cert", domain=domain
                 )
@@ -559,9 +559,9 @@ def _fetch_and_enable_new_certificate(domain, no_checks=False):
     _enable_certificate(domain, new_cert_folder)
 
     # Check the status of the certificate is now good
-    status_summary = _get_status(domain)["summary"]
+    status_style = _get_status(domain)["style"]
 
-    if status_summary != "success":
+    if status_style != "success":
         raise YunohostError(
             "certmanager_certificate_fetching_or_enabling_failed", domain=domain
         )
@@ -663,18 +663,24 @@ def _get_status(domain):
         CA_type = "other"
 
     if days_remaining <= 0:
-        summary = "danger"
+        style = "danger"
+        summary = "expired"
     elif CA_type == "selfsigned":
-        summary = "warning"
+        style = "warning"
+        summary = "selfsigned"
     elif days_remaining < VALIDITY_LIMIT:
-        summary = "warning"
+        style = "warning"
+        summary = "abouttoexpire"
     elif CA_type == "other":
-        summary = "success"
+        style = "success"
+        summary = "ok"
     elif CA_type == "letsencrypt":
-        summary = "success"
+        style = "success"
+        summary = "letsencrypt"
     else:
         # shouldnt happen, because CA_type can be only selfsigned, letsencrypt, or other
-        summary = ""
+        style = ""
+        summary = "wat"
 
     return {
         "domain": domain,
@@ -682,6 +688,7 @@ def _get_status(domain):
         "CA_name": cert_issuer,
         "CA_type": CA_type,
         "validity": days_remaining,
+        "style": style,
         "summary": summary,
     }
 
diff --git a/src/domain.py b/src/domain.py
index 51c9fb7fb..f5f58b3cf 100644
--- a/src/domain.py
+++ b/src/domain.py
@@ -505,9 +505,14 @@ class DomainConfigPanel(ConfigPanel):
             from yunohost.certificate import certificate_status
             status = certificate_status([self.entity], full=True)["certificates"][self.entity]
 
-            toml["cert"]["status"]["cert_summary"]["style"] = status["summary"]
-            # FIXME: improve message
-            toml["cert"]["status"]["cert_summary"]["ask"] = f"Status is {status['summary']} ! (FIXME: improve message depending on summary / issuer / validity ..."
+            toml["cert"]["status"]["cert_summary"]["style"] = status["style"]
+
+            # i18n: domain_config_cert_summary_expired
+            # i18n: domain_config_cert_summary_selfsigned
+            # i18n: domain_config_cert_summary_abouttoexpire
+            # i18n: domain_config_cert_summary_ok
+            # i18n: domain_config_cert_summary_letsencrypt
+            toml["cert"]["status"]["cert_summary"]["ask"] = m18n.n(f"domain_config_cert_summary_{status['summary']}")
 
             # FIXME: Ugly hack to save the cert status and reinject it in _load_current_values ...
             self.cert_status = status
@@ -529,6 +534,7 @@ class DomainConfigPanel(ConfigPanel):
             self.values["cert_validity"] = self.cert_status["validity"]
             self.values["cert_issuer"] = self.cert_status["CA_type"]
             self.values["acme_eligible"] = self.cert_status["ACME_eligible"]
+            self.values["summary"] = self.cert_status["summary"]
 
 
 def domain_action_run(domain, action, args=None):
diff --git a/src/utils/config.py b/src/utils/config.py
index 869b2792d..9b35d7d3b 100644
--- a/src/utils/config.py
+++ b/src/utils/config.py
@@ -346,7 +346,7 @@ class ConfigPanel:
 
         # FIXME: should also check that there's indeed a key called action
         if not self.config:
-            raise YunohostValidationError("config_no_such_action", action=action)
+            raise YunohostValidationError(f"No action named {action}", raw_msg=True)
 
         # Import and parse pre-answered options
         logger.debug("Import and parse pre-answered options")