Fix permissions for user client id and secret.

backend/i18n/source/backend_en.json

@@ -1,12 +1,12 @@
 {
-  "annotations_AbsoluteUrl": "The field {name|lower} must be an absolute URL.",
+  "annotations_AbsoluteUrl": "The field '{name|lower}' must be an absolute URL.",
-  "annotations_Compare": "The field {name|lower} must be the same as {other|lower}.",
+  "annotations_Compare": "The field '{name|lower}' must be the same as {other|lower}.",
-  "annotations_EmailAddress": "The field {name|lower} is not a valid email address.",
+  "annotations_EmailAddress": "The field '{name|lower}' is not a valid email address.",
-  "annotations_Range": "The field {name|lower} must be between {min} and {max}.",
+  "annotations_Range": "The field '{name|lower}' must be between {min} and {max}.",
-  "annotations_RegularExpression": "The field {name|lower} is not.",
+  "annotations_RegularExpression": "The field '{name|lower}' is not.",
-  "annotations_Required": "The field {name|lower} is required.",
+  "annotations_Required": "The field '{name|lower}' is required.",
-  "annotations_StringLength": "The field {name|lower} must be a string with a maximum length of {max}.",
+  "annotations_StringLength": "The field '{name|lower}' must be a string with a maximum length of {max}.",
-  "annotations_StringLengthMinimum": "The field {name|lower} must be a string with a minimum length of {min} and a maximum length of {max}.",
+  "annotations_StringLengthMinimum": "The field '{name|lower}' must be a string with a minimum length of {min} and a maximum length of {max}.",
   "apps.clients.idAlreadyExists": "A client with the same id already exists.",
   "apps.contributors.cannotChangeYourself": "You cannot change your own role.",
   "apps.contributors.maxReached": "You have reached the maximum number of contributors for your plan.",

backend/i18n/source/backend_it.json

@@ -1,12 +1,12 @@
 {
-  "annotations_AbsoluteUrl": "Il campo {name|lower} deve essere un URL assoluto.",
+  "annotations_AbsoluteUrl": "Il campo '{name|lower}' deve essere un URL assoluto.",
-  "annotations_Compare": "Il campo {name|lower} deve essere uguale a {other|lower}.",
+  "annotations_Compare": "Il campo '{name|lower}' deve essere uguale a {other|lower}.",
-  "annotations_EmailAddress": "Il campo {name|lower} non è un indirizzo email valido.",
+  "annotations_EmailAddress": "Il campo '{name|lower}' non è un indirizzo email valido.",
-  "annotations_Range": "Il campo {name|lower} deve essere tra {min} e {max}.",
+  "annotations_Range": "Il campo '{name|lower}' deve essere tra {min} e {max}.",
-  "annotations_RegularExpression": "Il campo {name|lower} non è.",
+  "annotations_RegularExpression": "Il campo '{name|lower}' non è.",
   "annotations_Required": "Il campo è {name|lower} obbligatorio.",
-  "annotations_StringLength": "Il campo {name|lower} deve essere una stringa avente una lunghezza massima di {max}.",
+  "annotations_StringLength": "Il campo '{name|lower}' deve essere una stringa avente una lunghezza massima di {max}.",
-  "annotations_StringLengthMinimum": "Il campo {name|lower} deve essere una stringa avente lunghezza minima di {min} e massima di {max}.",
+  "annotations_StringLengthMinimum": "Il campo '{name|lower}' deve essere una stringa avente lunghezza minima di {min} e massima di {max}.",
   "apps.clients.idAlreadyExists": "Un client con lo stesso id esiste già.",
   "apps.contributors.cannotChangeYourself": "Non puoi cambiare il tuo ruolo.",
   "apps.contributors.maxReached": "Hai raggiunto il numero massimo di contributori previsto per il tuo piano.",
@@ -117,6 +117,7 @@
   "common.success": "Successo",
   "common.text": "Testo",
   "common.trigger": "Trigger",
+  "common.url": "URL",
   "common.warning": "Warning",
   "common.workflow": "Workflow",
   "common.workflowStep": "Step",

backend/i18n/source/backend_nl.json

@@ -1,12 +1,12 @@
 {
-  "annotations_AbsoluteUrl": "Het veld {name|lower} moet een absolute URL zijn.",
+  "annotations_AbsoluteUrl": "Het veld '{name|lower}' moet een absolute URL zijn.",
-  "annotations_Compare": "Het veld {name|lower} moet hetzelfde zijn als {other|lower}.",
+  "annotations_Compare": "Het veld '{name|lower}' moet hetzelfde zijn als {other|lower}.",
-  "annotations_EmailAddress": "Het veld {name|lower} is geen geldig e-mailadres.",
+  "annotations_EmailAddress": "Het veld '{name|lower}' is geen geldig e-mailadres.",
-  "annotations_Range": "Het veld {name|lower} moet tussen {min} en {max} zijn.",
+  "annotations_Range": "Het veld '{name|lower}' moet tussen {min} en {max} zijn.",
-  "annotations_RegularExpression": "Het veld {name|lower} is niet.",
+  "annotations_RegularExpression": "Het veld '{name|lower}' is niet.",
-  "annotations_Required": "Het veld {name|lower} is verplicht.",
+  "annotations_Required": "Het veld '{name|lower}' is verplicht.",
-  "annotations_StringLength": "Het veld {name|lower} moet een string zijn met een maximale lengte van {max}.",
+  "annotations_StringLength": "Het veld '{name|lower}' moet een string zijn met een maximale lengte van {max}.",
-  "annotations_StringLengthMinimum": "Het veld {name|lower} moet een string zijn met een minimum lengte van {min} en een maximum lengte van {max}.",
+  "annotations_StringLengthMinimum": "Het veld '{name|lower}' moet een string zijn met een minimum lengte van {min} en een maximum lengte van {max}.",
   "apps.clients.idAlreadyExists": "Er bestaat al een client met dezelfde id.",
   "apps.contributors.cannotChangeYourself": "Je kunt jouw eigen rol niet wijzigen.",
   "apps.contributors.maxReached": "Je heeft het maximale aantal bijdragers voor jouw plan bereikt.",
@@ -114,6 +114,7 @@
   "common.signup": "Aanmelden",
   "common.text": "Tekst",
   "common.trigger": "Trigger",
+  "common.url": "URL",
   "common.workflow": "Workflow",
   "common.workflowStep": "Stap",
   "common.workflowTransition": "Overgang",

backend/src/Squidex.Shared/Texts.it.resx

@@ -59,34 +59,34 @@
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.3500.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
   <data name="annotations_AbsoluteUrl" xml:space="preserve">
-    <value>Il campo {name|lower} deve essere un URL assoluto.</value>
+    <value>Il campo '{name|lower}' deve essere un URL assoluto.</value>
   </data>
   <data name="dotnet_annotations_AbsoluteUrl" xml:space="preserve">
-    <value>Il campo {0} deve essere un URL assoluto.</value>
+    <value>Il campo '{0}' deve essere un URL assoluto.</value>
   </data>
   <data name="annotations_Compare" xml:space="preserve">
-    <value>Il campo {name|lower} deve essere uguale a {other|lower}.</value>
+    <value>Il campo '{name|lower}' deve essere uguale a {other|lower}.</value>
   </data>
   <data name="dotnet_annotations_Compare" xml:space="preserve">
-    <value>Il campo {0} deve essere uguale a {1}.</value>
+    <value>Il campo '{0}' deve essere uguale a {1}.</value>
   </data>
   <data name="annotations_EmailAddress" xml:space="preserve">
-    <value>Il campo {name|lower} non è un indirizzo email valido.</value>
+    <value>Il campo '{name|lower}' non è un indirizzo email valido.</value>
   </data>
   <data name="dotnet_annotations_EmailAddress" xml:space="preserve">
-    <value>Il campo {0} non è un indirizzo email valido.</value>
+    <value>Il campo '{0}' non è un indirizzo email valido.</value>
   </data>
   <data name="annotations_Range" xml:space="preserve">
-    <value>Il campo {name|lower} deve essere tra {min} e {max}.</value>
+    <value>Il campo '{name|lower}' deve essere tra {min} e {max}.</value>
   </data>
   <data name="dotnet_annotations_Range" xml:space="preserve">
-    <value>Il campo {0} deve essere tra {1} e {2}.</value>
+    <value>Il campo '{0}' deve essere tra {1} e {2}.</value>
   </data>
   <data name="annotations_RegularExpression" xml:space="preserve">
-    <value>Il campo {name|lower} non è.</value>
+    <value>Il campo '{name|lower}' non è.</value>
   </data>
   <data name="dotnet_annotations_RegularExpression" xml:space="preserve">
-    <value>Il campo {0} non è.</value>
+    <value>Il campo '{0}' non è.</value>
   </data>
   <data name="annotations_Required" xml:space="preserve">
     <value>Il campo è {name|lower} obbligatorio.</value>
@@ -95,16 +95,16 @@
     <value>Il campo è {0} obbligatorio.</value>
   </data>
   <data name="annotations_StringLength" xml:space="preserve">
-    <value>Il campo {name|lower} deve essere una stringa avente una lunghezza massima di {max}.</value>
+    <value>Il campo '{name|lower}' deve essere una stringa avente una lunghezza massima di {max}.</value>
   </data>
   <data name="dotnet_annotations_StringLength" xml:space="preserve">
-    <value>Il campo {0} deve essere una stringa avente una lunghezza massima di {1}.</value>
+    <value>Il campo '{0}' deve essere una stringa avente una lunghezza massima di {1}.</value>
   </data>
   <data name="annotations_StringLengthMinimum" xml:space="preserve">
-    <value>Il campo {name|lower} deve essere una stringa avente lunghezza minima di {min} e massima di {max}.</value>
+    <value>Il campo '{name|lower}' deve essere una stringa avente lunghezza minima di {min} e massima di {max}.</value>
   </data>
   <data name="dotnet_annotations_StringLengthMinimum" xml:space="preserve">
-    <value>Il campo {0} deve essere una stringa avente lunghezza minima di {1} e massima di {2}.</value>
+    <value>Il campo '{0}' deve essere una stringa avente lunghezza minima di {1} e massima di {2}.</value>
   </data>
   <data name="apps.clients.idAlreadyExists" xml:space="preserve">
     <value>Un client con lo stesso id esiste già.</value>
@@ -604,9 +604,6 @@
   <data name="contents.validation.pattern" xml:space="preserve">
     <value>Deve seguire il pattern.</value>
   </data>
-  <data name="contents.validation.reference" xml:space="preserve">
-    <value>La geolocalizzazione può avere come campi solamente come latitudine e longitudine.</value>
-  </data>
   <data name="contents.validation.referenceNotFound" xml:space="preserve">
     <value>Contiene un collegamento '{id}' non valido.</value>
   </data>
@@ -631,9 +628,6 @@
   <data name="contents.validation.wordsBetween" xml:space="preserve">
     <value>Deve essere tra {min} e {max} parola(e).</value>
   </data>
-  <data name="contents.workflowErrorPublishing" xml:space="preserve">
-    <value>Il workflow del contenuto impedisce la pubblicazione.</value>
-  </data>
   <data name="contents.workflowErrorUpdate" xml:space="preserve">
     <value>Il workflow non consente le modifiche per lo stato {status}</value>
   </data>

backend/src/Squidex.Shared/Texts.nl.resx

@@ -59,52 +59,52 @@
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.3500.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
   <data name="annotations_AbsoluteUrl" xml:space="preserve">
-    <value>Het veld {name|lower} moet een absolute URL zijn.</value>
+    <value>Het veld '{name|lower}' moet een absolute URL zijn.</value>
   </data>
   <data name="dotnet_annotations_AbsoluteUrl" xml:space="preserve">
-    <value>Het veld {0} moet een absolute URL zijn.</value>
+    <value>Het veld '{0}' moet een absolute URL zijn.</value>
   </data>
   <data name="annotations_Compare" xml:space="preserve">
-    <value>Het veld {name|lower} moet hetzelfde zijn als {other|lower}.</value>
+    <value>Het veld '{name|lower}' moet hetzelfde zijn als {other|lower}.</value>
   </data>
   <data name="dotnet_annotations_Compare" xml:space="preserve">
-    <value>Het veld {0} moet hetzelfde zijn als {1}.</value>
+    <value>Het veld '{0}' moet hetzelfde zijn als {1}.</value>
   </data>
   <data name="annotations_EmailAddress" xml:space="preserve">
-    <value>Het veld {name|lower} is geen geldig e-mailadres.</value>
+    <value>Het veld '{name|lower}' is geen geldig e-mailadres.</value>
   </data>
   <data name="dotnet_annotations_EmailAddress" xml:space="preserve">
-    <value>Het veld {0} is geen geldig e-mailadres.</value>
+    <value>Het veld '{0}' is geen geldig e-mailadres.</value>
   </data>
   <data name="annotations_Range" xml:space="preserve">
-    <value>Het veld {name|lower} moet tussen {min} en {max} zijn.</value>
+    <value>Het veld '{name|lower}' moet tussen {min} en {max} zijn.</value>
   </data>
   <data name="dotnet_annotations_Range" xml:space="preserve">
-    <value>Het veld {0} moet tussen {1} en {2} zijn.</value>
+    <value>Het veld '{0}' moet tussen {1} en {2} zijn.</value>
   </data>
   <data name="annotations_RegularExpression" xml:space="preserve">
-    <value>Het veld {name|lower} is niet.</value>
+    <value>Het veld '{name|lower}' is niet.</value>
   </data>
   <data name="dotnet_annotations_RegularExpression" xml:space="preserve">
-    <value>Het veld {0} is niet.</value>
+    <value>Het veld '{0}' is niet.</value>
   </data>
   <data name="annotations_Required" xml:space="preserve">
-    <value>Het veld {name|lower} is verplicht.</value>
+    <value>Het veld '{name|lower}' is verplicht.</value>
   </data>
   <data name="dotnet_annotations_Required" xml:space="preserve">
-    <value>Het veld {0} is verplicht.</value>
+    <value>Het veld '{0}' is verplicht.</value>
   </data>
   <data name="annotations_StringLength" xml:space="preserve">
-    <value>Het veld {name|lower} moet een string zijn met een maximale lengte van {max}.</value>
+    <value>Het veld '{name|lower}' moet een string zijn met een maximale lengte van {max}.</value>
   </data>
   <data name="dotnet_annotations_StringLength" xml:space="preserve">
-    <value>Het veld {0} moet een string zijn met een maximale lengte van {1}.</value>
+    <value>Het veld '{0}' moet een string zijn met een maximale lengte van {1}.</value>
   </data>
   <data name="annotations_StringLengthMinimum" xml:space="preserve">
-    <value>Het veld {name|lower} moet een string zijn met een minimum lengte van {min} en een maximum lengte van {max}.</value>
+    <value>Het veld '{name|lower}' moet een string zijn met een minimum lengte van {min} en een maximum lengte van {max}.</value>
   </data>
   <data name="dotnet_annotations_StringLengthMinimum" xml:space="preserve">
-    <value>Het veld {0} moet een string zijn met een minimum lengte van {1} en een maximum lengte van {2}.</value>
+    <value>Het veld '{0}' moet een string zijn met een minimum lengte van {1} en een maximum lengte van {2}.</value>
   </data>
   <data name="apps.clients.idAlreadyExists" xml:space="preserve">
     <value>Er bestaat al een client met dezelfde id.</value>
@@ -604,9 +604,6 @@
   <data name="contents.validation.pattern" xml:space="preserve">
     <value>Moet het patroon volgen.</value>
   </data>
-  <data name="contents.validation.reference" xml:space="preserve">
-    <value>Geolocation can only have latitude and longitude property.</value>
-  </data>
   <data name="contents.validation.referenceNotFound" xml:space="preserve">
     <value>Bevat ongeldige referentie '{id}'.</value>
   </data>
@@ -631,9 +628,6 @@
   <data name="contents.validation.wordsBetween" xml:space="preserve">
     <value>Moet tussen {min} en {max} woord (en) bevatten.</value>
   </data>
-  <data name="contents.workflowErrorPublishing" xml:space="preserve">
-    <value>Contentworkflow verhindert publiceren.</value>
-  </data>
   <data name="contents.workflowErrorUpdate" xml:space="preserve">
     <value>De werkstroom staat geen updates toe met status {status}</value>
   </data>

backend/src/Squidex.Shared/Texts.resx

@@ -59,52 +59,52 @@
     <value>System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.3500.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</value>
   </resheader>
   <data name="annotations_AbsoluteUrl" xml:space="preserve">
-    <value>The field {name|lower} must be an absolute URL.</value>
+    <value>The field '{name|lower}' must be an absolute URL.</value>
   </data>
   <data name="dotnet_annotations_AbsoluteUrl" xml:space="preserve">
-    <value>The field {0} must be an absolute URL.</value>
+    <value>The field '{0}' must be an absolute URL.</value>
   </data>
   <data name="annotations_Compare" xml:space="preserve">
-    <value>The field {name|lower} must be the same as {other|lower}.</value>
+    <value>The field '{name|lower}' must be the same as {other|lower}.</value>
   </data>
   <data name="dotnet_annotations_Compare" xml:space="preserve">
-    <value>The field {0} must be the same as {1}.</value>
+    <value>The field '{0}' must be the same as {1}.</value>
   </data>
   <data name="annotations_EmailAddress" xml:space="preserve">
-    <value>The field {name|lower} is not a valid email address.</value>
+    <value>The field '{name|lower}' is not a valid email address.</value>
   </data>
   <data name="dotnet_annotations_EmailAddress" xml:space="preserve">
-    <value>The field {0} is not a valid email address.</value>
+    <value>The field '{0}' is not a valid email address.</value>
   </data>
   <data name="annotations_Range" xml:space="preserve">
-    <value>The field {name|lower} must be between {min} and {max}.</value>
+    <value>The field '{name|lower}' must be between {min} and {max}.</value>
   </data>
   <data name="dotnet_annotations_Range" xml:space="preserve">
-    <value>The field {0} must be between {1} and {2}.</value>
+    <value>The field '{0}' must be between {1} and {2}.</value>
   </data>
   <data name="annotations_RegularExpression" xml:space="preserve">
-    <value>The field {name|lower} is not.</value>
+    <value>The field '{name|lower}' is not.</value>
   </data>
   <data name="dotnet_annotations_RegularExpression" xml:space="preserve">
-    <value>The field {0} is not.</value>
+    <value>The field '{0}' is not.</value>
   </data>
   <data name="annotations_Required" xml:space="preserve">
-    <value>The field {name|lower} is required.</value>
+    <value>The field '{name|lower}' is required.</value>
   </data>
   <data name="dotnet_annotations_Required" xml:space="preserve">
-    <value>The field {0} is required.</value>
+    <value>The field '{0}' is required.</value>
   </data>
   <data name="annotations_StringLength" xml:space="preserve">
-    <value>The field {name|lower} must be a string with a maximum length of {max}.</value>
+    <value>The field '{name|lower}' must be a string with a maximum length of {max}.</value>
   </data>
   <data name="dotnet_annotations_StringLength" xml:space="preserve">
-    <value>The field {0} must be a string with a maximum length of {1}.</value>
+    <value>The field '{0}' must be a string with a maximum length of {1}.</value>
   </data>
   <data name="annotations_StringLengthMinimum" xml:space="preserve">
-    <value>The field {name|lower} must be a string with a minimum length of {min} and a maximum length of {max}.</value>
+    <value>The field '{name|lower}' must be a string with a minimum length of {min} and a maximum length of {max}.</value>
   </data>
   <data name="dotnet_annotations_StringLengthMinimum" xml:space="preserve">
-    <value>The field {0} must be a string with a minimum length of {1} and a maximum length of {2}.</value>
+    <value>The field '{0}' must be a string with a minimum length of {1} and a maximum length of {2}.</value>
   </data>
   <data name="apps.clients.idAlreadyExists" xml:space="preserve">
     <value>A client with the same id already exists.</value>
@@ -604,9 +604,6 @@
   <data name="contents.validation.pattern" xml:space="preserve">
     <value>Must follow the pattern.</value>
   </data>
-  <data name="contents.validation.reference" xml:space="preserve">
-    <value>Geolocation can only have latitude and longitude property.</value>
-  </data>
   <data name="contents.validation.referenceNotFound" xml:space="preserve">
     <value>Reference '{id}' not found.</value>
   </data>
@@ -631,9 +628,6 @@
   <data name="contents.validation.wordsBetween" xml:space="preserve">
     <value>Must have between {min} and {max} word(s).</value>
   </data>
-  <data name="contents.workflowErrorPublishing" xml:space="preserve">
-    <value>Content workflow prevents publishing.</value>
-  </data>
   <data name="contents.workflowErrorUpdate" xml:space="preserve">
     <value>The workflow does not allow updates at status {status}</value>
   </data>

backend/src/Squidex.Web/ApiModelValidationAttribute.cs

@@ -13,6 +13,7 @@ using Microsoft.AspNetCore.Mvc.ModelBinding;
 using Newtonsoft.Json;
 using Squidex.Infrastructure.Translations;
 using Squidex.Infrastructure.Validation;
+using Squidex.Text;
 
 namespace Squidex.Web
 {
@@ -50,11 +51,18 @@ namespace Squidex.Web
                         }
                         else
                         {
+                            var properties = Array.Empty<string>();
+
+                            if (!string.IsNullOrWhiteSpace(key))
+                            {
+                                properties = new[] { key.ToCamelCase() };
+                            }
+
                             foreach (var error in value.Errors)
                             {
                                 if (!string.IsNullOrWhiteSpace(error.ErrorMessage) && ShouldExpose(error))
                                 {
-                                    errors.Add(new ValidationError(error.ErrorMessage));
+                                    errors.Add(new ValidationError(error.ErrorMessage, properties));
                                 }
                                 else if (error.Exception is JsonException jsonException)
                                 {

backend/src/Squidex/Areas/Api/Controllers/Backups/Models/RestoreRequestDto.cs

@@ -16,7 +16,7 @@ namespace Squidex.Areas.Api.Controllers.Backups.Models
         /// The name of the app.
         /// </summary>
         [LocalizedRegularExpression("^[a-z0-9]+(\\-[a-z0-9]+)*$")]
-        public string Name { get; set; }
+        public string? Name { get; set; }
 
         /// <summary>
         /// The url to the restore file.

backend/src/Squidex/Areas/Api/Controllers/Backups/RestoreController.cs

@@ -21,6 +21,7 @@ namespace Squidex.Areas.Api.Controllers.Backups
     /// Manages backups for apps.
     /// </summary>
     [ApiExplorerSettings(GroupName = nameof(Backups))]
+    [ApiModelValidation(true)]
     public class RestoreController : ApiController
     {
         private readonly IBackupService backupService;

backend/src/Squidex/Areas/IdentityServer/Config/LazyClientStore.cs

@@ -7,6 +7,7 @@
 
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Threading.Tasks;
 using IdentityServer4;
 using IdentityServer4.Models;
@@ -107,10 +108,7 @@ namespace Squidex.Areas.IdentityServer.Config
                     Constants.RoleScope,
                     Constants.PermissionsScope
                 },
-                Claims = new List<ClientClaim>
+                Claims = GetClaims(user)
-                {
-                    new ClientClaim(OpenIdClaims.Subject, user.Id)
-                }
             };
         }
 
@@ -237,5 +235,19 @@ namespace Squidex.Areas.IdentityServer.Config
                 };
             }
         }
+
+        private static List<ClientClaim> GetClaims(IUser user)
+        {
+            var claims = new List<ClientClaim>
+            {
+                new ClientClaim(OpenIdClaims.Subject, user.Id)
+            };
+
+            claims.AddRange(
+                user.Claims.Where(x => x.Type == SquidexClaimTypes.Permissions)
+                    .Select(x => new ClientClaim(x.Type, x.Value)));
+
+            return claims;
+        }
     }
 }

backend/src/Squidex/Areas/IdentityServer/Controllers/Extensions.cs

@@ -22,6 +22,11 @@ namespace Squidex.Areas.IdentityServer.Controllers
         {
             var externalLogin = await signInManager.GetExternalLoginInfoAsync(expectedXsrf);
 
+            if (externalLogin == null)
+            {
+                throw new InvalidOperationException("Request from external provider cannot be handled.");
+            }
+
             var email = externalLogin.Principal.GetEmail();
 
             if (string.IsNullOrWhiteSpace(email))