From e909776c5d1723e9982f2e7c004dc1b8c23d17f3 Mon Sep 17 00:00:00 2001 From: kyy Date: Thu, 19 Mar 2026 12:57:14 +0900 Subject: [PATCH 01/11] =?UTF-8?q?=ED=85=8C=EB=84=8C=ED=8A=B8=20=EC=8A=A4?= =?UTF-8?q?=EC=9C=84=EC=B9=AD=20=EA=B8=B0=EB=8A=A5=20E2E=20=ED=85=8C?= =?UTF-8?q?=EC=8A=A4=ED=8A=B8=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- devfront/tests/devfront-tenant-switch.spec.ts | 118 ++++++++++++++++++ 1 file changed, 118 insertions(+) create mode 100644 devfront/tests/devfront-tenant-switch.spec.ts diff --git a/devfront/tests/devfront-tenant-switch.spec.ts b/devfront/tests/devfront-tenant-switch.spec.ts new file mode 100644 index 00000000..de29a568 --- /dev/null +++ b/devfront/tests/devfront-tenant-switch.spec.ts @@ -0,0 +1,118 @@ +import { expect, test } from "@playwright/test"; +import { + installDevApiMock, + makeClient, + seedAuth, +} from "./helpers/devfront-fixtures"; + +test.describe("DevFront tenant switch", () => { + const MOCK_STATE = { + clients: [ + makeClient("client-a", { name: "Tenant A App" }), + ], + consents: [], + auditLogs: [], + }; + + test.beforeEach(async ({ page }) => { + await page.route("**/api/v1/user/me", async (route) => { + if (route.request().method() === "GET") { + await route.fulfill({ + status: 200, + contentType: "application/json", + body: JSON.stringify({ + id: "playwright-user", + email: "playwright@example.com", + name: "Playwright User", + role: "tenant_admin", + tenantId: "tenant-a", + }), + }); + } else { + await route.continue(); + } + }); + }); + + test("multiple tenants: user can switch tenant context", async ({ page }) => { + // Seed an admin user + await seedAuth(page, "tenant_admin"); + + await installDevApiMock(page, MOCK_STATE); + + // Mock API to return multiple tenants + await page.route("**/api/v1/dev/my-tenants", async (route) => { + await route.fulfill({ + status: 200, + contentType: "application/json", + body: JSON.stringify([ + { id: "tenant-a", name: "Tenant A", slug: "tenant-a" }, + { id: "tenant-b", name: "Tenant B", slug: "tenant-b" }, + ]), + }); + }); + + // Navigate to profile page + await page.goto("/profile"); + + // Wait for the switcher to load + const switcherHeading = page.getByText("작업 테넌트 (컨텍스트)"); + await expect(switcherHeading).toBeVisible(); + + // Verify initial state is selected (tenant-a comes from seedAuth) + const select = page.getByRole("combobox", { name: /테넌트/i }); + await expect(select).toHaveValue("tenant-a"); + + // Change to Tenant B + await select.selectOption("tenant-b"); + + // Click Save + await page.getByRole("button", { name: /저장|Save/i }).click(); + + // Verify success toast + await expect(page.getByText("테넌트 전환 완료").first()).toBeVisible(); + + // Verify localStorage was updated + const savedTenantId = await page.evaluate(() => + window.localStorage.getItem("dev_tenant_id"), + ); + expect(savedTenantId).toBe("tenant-b"); + }); + + test("single tenant: switcher is disabled with a notice", async ({ + page, + }) => { + await seedAuth(page, "tenant_admin"); + + // Mock API to return only ONE tenant + await page.route("**/api/v1/dev/my-tenants", async (route) => { + await route.fulfill({ + status: 200, + contentType: "application/json", + body: JSON.stringify([ + { id: "tenant-a", name: "Tenant A", slug: "tenant-a" }, + ]), + }); + }); + + await installDevApiMock(page, MOCK_STATE); + + await page.goto("/profile"); + + // Wait for the switcher to load + await expect(page.getByText("작업 테넌트 (컨텍스트)")).toBeVisible(); + + // Verify the select is disabled + const select = page.getByRole("combobox", { name: /테넌트/i }); + await expect(select).toBeDisabled(); + + // Verify the save button is disabled + const saveButton = page.getByRole("button", { name: /저장|Save/i }); + await expect(saveButton).toBeDisabled(); + + // Verify the notice message + await expect( + page.getByText("단일 테넌트에 소속되어 전환할 필요가 없습니다.") + ).toBeVisible(); + }); +}); From 759bc1ff684655a66506c4f615a8e9e8d6925a4b Mon Sep 17 00:00:00 2001 From: kyy Date: Thu, 19 Mar 2026 12:58:18 +0900 Subject: [PATCH 02/11] =?UTF-8?q?=EB=8B=A4=EC=A4=91=20=ED=85=8C=EB=84=8C?= =?UTF-8?q?=ED=8A=B8=20=EC=84=A0=ED=83=9D=20=EB=A1=9C=EC=BC=80=EC=9D=BC=20?= =?UTF-8?q?=EC=A0=81=EC=9A=A9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- devfront/src/locales/en.toml | 6 ++++++ devfront/src/locales/ko.toml | 6 ++++++ devfront/src/locales/template.toml | 6 ++++++ 3 files changed, 18 insertions(+) diff --git a/devfront/src/locales/en.toml b/devfront/src/locales/en.toml index c429ab8b..f6dc1fac 100644 --- a/devfront/src/locales/en.toml +++ b/devfront/src/locales/en.toml @@ -1710,3 +1710,9 @@ tenant_dashboard = "Tenant Dashboard" user_groups = "User Groups" tenants = "Tenants" users = "Users" + +[ui.dev.tenant] +workspace = "Workspace Tenant (Context)" +workspace_desc = "Select and save the tenant you are currently working on to change the API request context." +switch_success = "Tenant switch completed" +single_notice = "You belong to a single tenant and do not need to switch." diff --git a/devfront/src/locales/ko.toml b/devfront/src/locales/ko.toml index c0d9da9f..64580034 100644 --- a/devfront/src/locales/ko.toml +++ b/devfront/src/locales/ko.toml @@ -1706,3 +1706,9 @@ desc_tenant_admin = "본인이 속한 테넌트(조직/회사) 하위의 모든 desc_rp_admin = "본인에게 할당된 연동 앱(Client)만 확인 및 관리할 수 있습니다." desc_user = "기본 앱 이용 권한을 가지며, DevFront 접근은 차단됩니다." desc_tenant_member = "기본 앱 이용 권한을 가지며, DevFront 접근은 차단됩니다." + +[ui.dev.tenant] +workspace = "작업 테넌트 (컨텍스트)" +workspace_desc = "현재 작업 중인 테넌트를 선택하고 저장하여 API 요청 컨텍스트를 변경합니다." +switch_success = "테넌트 전환 완료" +single_notice = "단일 테넌트에 소속되어 전환할 필요가 없습니다." diff --git a/devfront/src/locales/template.toml b/devfront/src/locales/template.toml index f7377991..00d6daa1 100644 --- a/devfront/src/locales/template.toml +++ b/devfront/src/locales/template.toml @@ -1694,3 +1694,9 @@ desc_tenant_admin = "" desc_rp_admin = "" desc_user = "" desc_tenant_member = "" + +[ui.dev.tenant] +workspace = "Workspace Tenant (Context)" +workspace_desc = "Select and save the tenant you are currently working on to change the API request context." +switch_success = "Tenant switch completed" +single_notice = "You belong to a single tenant and do not need to switch." From 0f82932b352cee65163ff0cd4d60f4413f1c35e7 Mon Sep 17 00:00:00 2001 From: kyy Date: Thu, 19 Mar 2026 13:01:55 +0900 Subject: [PATCH 03/11] =?UTF-8?q?=ED=85=8C=EB=84=8C=ED=8A=B8=20=EC=A0=84?= =?UTF-8?q?=ED=99=98=20UI=20=EA=B5=AC=ED=98=84=20=EB=B0=8F=20=ED=94=84?= =?UTF-8?q?=EB=A1=9C=ED=95=84=20=EC=97=B0=EB=8F=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- devfront/src/features/profile/ProfilePage.tsx | 3 + .../profile/ProfileTenantSwitcher.tsx | 84 +++++++++++++++++++ 2 files changed, 87 insertions(+) create mode 100644 devfront/src/features/profile/ProfileTenantSwitcher.tsx diff --git a/devfront/src/features/profile/ProfilePage.tsx b/devfront/src/features/profile/ProfilePage.tsx index e54723d5..424c8ee3 100644 --- a/devfront/src/features/profile/ProfilePage.tsx +++ b/devfront/src/features/profile/ProfilePage.tsx @@ -17,6 +17,7 @@ import { CardTitle, } from "../../components/ui/card"; import { t } from "../../lib/i18n"; +import ProfileTenantSwitcher from "./ProfileTenantSwitcher"; import { fetchMe } from "../auth/authApi"; function ProfilePage() { @@ -165,6 +166,8 @@ function ProfilePage() { + + )} diff --git a/devfront/src/features/profile/ProfileTenantSwitcher.tsx b/devfront/src/features/profile/ProfileTenantSwitcher.tsx new file mode 100644 index 00000000..87c5cc6e --- /dev/null +++ b/devfront/src/features/profile/ProfileTenantSwitcher.tsx @@ -0,0 +1,84 @@ +import { useQuery, useQueryClient } from "@tanstack/react-query"; +import { Building2, Save } from "lucide-react"; +import { useState } from "react"; +import { Button } from "../../components/ui/button"; +import { toast } from "../../components/ui/use-toast"; +import { fetchMyTenants } from "../../lib/devApi"; +import { t } from "../../lib/i18n"; + +export default function ProfileTenantSwitcher() { + const queryClient = useQueryClient(); + + const { data: tenants, isLoading } = useQuery({ + queryKey: ["myTenants"], + queryFn: fetchMyTenants, + }); + + const [selectedTenantId, setSelectedTenantId] = useState(() => { + return window.localStorage.getItem("dev_tenant_id") || ""; + }); + + const handleSave = () => { + window.localStorage.setItem("dev_tenant_id", selectedTenantId); + + // Invalidate queries to refresh data with new tenant context + queryClient.invalidateQueries({ + predicate: (query) => + query.queryKey[0] !== "userMe" && query.queryKey[0] !== "myTenants", + }); + + toast(t("ui.dev.tenant.switch_success", "테넌트 전환 완료"), "success"); + }; + + if (isLoading || !tenants || tenants.length === 0) { + return null; + } + + // If there's only one tenant, the user doesn't need to switch. + // Still show it as read-only or hidden. Let's just show it as disabled. + const isSingleTenant = tenants.length <= 1; + + return ( +
+
+ +

{t("ui.dev.tenant.workspace", "작업 테넌트 (컨텍스트)")}

+
+

+ {t("ui.dev.tenant.workspace_desc", "현재 작업 중인 테넌트를 선택하고 저장하여 API 요청 컨텍스트를 변경합니다.")} +

+ +
+ + + +
+ + {isSingleTenant && ( +

+ {t("ui.dev.tenant.single_notice", "단일 테넌트에 소속되어 전환할 필요가 없습니다.")} +

+ )} +
+ ); +} From 2ebe2c56131db6cdebde0abade5c168715fd7b74 Mon Sep 17 00:00:00 2001 From: kyy Date: Thu, 19 Mar 2026 13:04:00 +0900 Subject: [PATCH 04/11] =?UTF-8?q?=ED=85=8C=EB=84=8C=ED=8A=B8=20=EC=A1=B0?= =?UTF-8?q?=ED=9A=8C=20Mock=20API=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- devfront/tests/helpers/devfront-fixtures.ts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/devfront/tests/helpers/devfront-fixtures.ts b/devfront/tests/helpers/devfront-fixtures.ts index bb7ec460..a8d26f67 100644 --- a/devfront/tests/helpers/devfront-fixtures.ts +++ b/devfront/tests/helpers/devfront-fixtures.ts @@ -176,6 +176,12 @@ export async function installDevApiMock(page: Page, state: DevApiMockState) { const { pathname, searchParams } = url; const method = request.method(); + if (pathname === "/api/v1/dev/my-tenants" && method === "GET") { + return json(route, [ + { id: "tenant-a", name: "Tenant A", slug: "tenant-a" }, + ]); + } + if (pathname === "/api/v1/dev/stats" && method === "GET") { const total = state.clients.length; return json(route, { From 77c6610e70ef3286ed8b5df894c834a468a7a479 Mon Sep 17 00:00:00 2001 From: kyy Date: Thu, 19 Mar 2026 13:04:59 +0900 Subject: [PATCH 05/11] =?UTF-8?q?=ED=85=8C=EB=84=8C=ED=8A=B8=20=EC=A1=B0?= =?UTF-8?q?=ED=9A=8C=20API=20=EC=97=B0=EB=8F=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- devfront/src/features/auth/authApi.ts | 2 ++ devfront/src/lib/devApi.ts | 11 +++++++++++ 2 files changed, 13 insertions(+) diff --git a/devfront/src/features/auth/authApi.ts b/devfront/src/features/auth/authApi.ts index 2c399cad..9d630dd0 100644 --- a/devfront/src/features/auth/authApi.ts +++ b/devfront/src/features/auth/authApi.ts @@ -3,6 +3,7 @@ import apiClient from "../../lib/apiClient"; export interface Tenant { id: string; name: string; + phone?: string; slug: string; } @@ -10,6 +11,7 @@ export interface UserProfile { id: string; email: string; name: string; + phone?: string; role: string; phone?: string; companyCode?: string; diff --git a/devfront/src/lib/devApi.ts b/devfront/src/lib/devApi.ts index 5dd0d4d1..8ff9133e 100644 --- a/devfront/src/lib/devApi.ts +++ b/devfront/src/lib/devApi.ts @@ -266,3 +266,14 @@ export async function fetchDevAuditLogs( ); return data; } + +export type TenantSummary = { + id: string; + name: string; + slug: string; +}; + +export async function fetchMyTenants() { + const { data } = await apiClient.get("/dev/my-tenants"); + return data; +} From 07f4c1258c165c445a489725c5a8fae2dd09039d Mon Sep 17 00:00:00 2001 From: kyy Date: Thu, 19 Mar 2026 13:05:13 +0900 Subject: [PATCH 06/11] =?UTF-8?q?=ED=85=8C=EB=84=8C=ED=8A=B8=20=EB=AA=A9?= =?UTF-8?q?=EB=A1=9D=20=EC=A1=B0=ED=9A=8C=20API=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/cmd/server/main.go | 3 +- backend/internal/handler/dev_handler.go | 47 ++++++++++++++++++++++++- 2 files changed, 48 insertions(+), 2 deletions(-) diff --git a/backend/cmd/server/main.go b/backend/cmd/server/main.go index b5dbec68..137b7df9 100644 --- a/backend/cmd/server/main.go +++ b/backend/cmd/server/main.go @@ -277,7 +277,7 @@ func main() { auditHandler := handler.NewAuditHandler(auditRepo) authHandler := handler.NewAuthHandler(redisService, idpProvider, auditRepo, oathkeeperRepo, tenantService, ketoService, ketoOutboxRepo, userRepo, consentRepo, kratosAdminService) adminHandler := handler.NewAdminHandler(ketoService) - devHandler := handler.NewDevHandler(redisService, secretRepo, consentRepo, relyingPartyService, ketoService, authHandler) + devHandler := handler.NewDevHandler(redisService, secretRepo, consentRepo, relyingPartyService, ketoService, tenantService, authHandler) devHandler.AuditRepo = auditRepo tenantHandler := handler.NewTenantHandler(db, tenantService, userRepo, ketoService, ketoOutboxRepo, kratosAdminService) userGroupHandler := handler.NewUserGroupHandler(userGroupService) @@ -660,6 +660,7 @@ func main() { // 개발자 포털 라우트 (RP/Consent 관리 및 IdP 설정) dev := api.Group("/dev") dev.Get("/stats", devHandler.GetStats) + dev.Get("/my-tenants", devHandler.ListMyTenants) dev.Get("/clients", devHandler.ListClients) dev.Post("/clients", devHandler.CreateClient) dev.Get("/clients/:id", devHandler.GetClient) diff --git a/backend/internal/handler/dev_handler.go b/backend/internal/handler/dev_handler.go index 7f6103e8..ec3cb21a 100644 --- a/backend/internal/handler/dev_handler.go +++ b/backend/internal/handler/dev_handler.go @@ -30,6 +30,7 @@ type DevHandler struct { ConsentRepo repository.ClientConsentRepository Keto service.KetoService RPSvc service.RelyingPartyService + TenantSvc service.TenantService Auth interface { GetEnrichedProfile(c *fiber.Ctx) (*domain.UserProfileResponse, error) } @@ -40,7 +41,7 @@ func NewDevHandler( secretRepo domain.ClientSecretRepository, consentRepo repository.ClientConsentRepository, rpSvc service.RelyingPartyService, - keto service.KetoService, + keto service.KetoService, tenantSvc service.TenantService, auth ...interface { GetEnrichedProfile(c *fiber.Ctx) (*domain.UserProfileResponse, error) }, @@ -61,6 +62,7 @@ func NewDevHandler( ConsentRepo: consentRepo, Keto: keto, RPSvc: rpSvc, + TenantSvc: tenantSvc, Auth: authProvider, } } @@ -1746,3 +1748,46 @@ func (h *DevHandler) resolveDevTenantScope(c *fiber.Ctx) string { } return "" } + +// ListMyTenants returns the list of tenants the current user manages or belongs to. +func (h *DevHandler) ListMyTenants(c *fiber.Ctx) error { + profile, err := h.Auth.GetEnrichedProfile(c) + if err != nil || profile == nil { + return errorJSON(c, fiber.StatusUnauthorized, "unauthorized") + } + + role := normalizeUserRole(profile.Role) + if role == domain.RoleUser { + return errorJSON(c, fiber.StatusForbidden, "access denied") + } + + if role == domain.RoleSuperAdmin { + tenants, _, err := h.TenantSvc.ListTenants(c.Context(), 100, 0, "") + if err != nil { + return errorJSON(c, fiber.StatusInternalServerError, "failed to list tenants") + } + return c.JSON(tenants) + } + + tenants, err := h.TenantSvc.ListManageableTenants(c.Context(), profile.ID) + if err != nil { + return errorJSON(c, fiber.StatusInternalServerError, "failed to list manageable tenants: "+err.Error()) + } + + if profile.TenantID != nil && *profile.TenantID != "" { + found := false + for _, t := range tenants { + if t.ID == *profile.TenantID { + found = true + break + } + } + if !found { + if primary, err := h.TenantSvc.GetTenant(c.Context(), *profile.TenantID); err == nil && primary != nil { + tenants = append(tenants, *primary) + } + } + } + + return c.JSON(tenants) +} From 44231b1c2e651726ea5cee929b461ca5c2ad39b6 Mon Sep 17 00:00:00 2001 From: kyy Date: Thu, 19 Mar 2026 13:34:47 +0900 Subject: [PATCH 07/11] =?UTF-8?q?=EC=97=AD=ED=95=A0=EB=B3=84=20403=20?= =?UTF-8?q?=EA=B6=8C=ED=95=9C=20=EC=95=88=EB=82=B4=20=EB=AC=B8=EA=B5=AC=20?= =?UTF-8?q?=EC=9D=BC=EA=B4=80=ED=99=94?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../components/common/ForbiddenMessage.tsx | 51 +++++++++++++++++ devfront/src/features/audit/AuditLogsPage.tsx | 10 +--- devfront/src/features/clients/ClientsPage.tsx | 8 ++- devfront/tests/devfront-security.spec.ts | 56 +++++++++++++++++++ locales/en.toml | 7 +++ locales/ko.toml | 7 +++ locales/template.toml | 7 +++ 7 files changed, 136 insertions(+), 10 deletions(-) create mode 100644 devfront/src/components/common/ForbiddenMessage.tsx diff --git a/devfront/src/components/common/ForbiddenMessage.tsx b/devfront/src/components/common/ForbiddenMessage.tsx new file mode 100644 index 00000000..9466ce36 --- /dev/null +++ b/devfront/src/components/common/ForbiddenMessage.tsx @@ -0,0 +1,51 @@ +import { ShieldAlert } from "lucide-react"; +import { useAuth } from "react-oidc-context"; +import { t } from "../../lib/i18n"; +import { resolveProfileRole } from "../../lib/role"; + +interface Props { + resourceToken: "audit" | "clients"; +} + +export function ForbiddenMessage({ resourceToken }: Props) { + const auth = useAuth(); + const rawProfile = auth.user?.profile as Record | undefined; + const role = resolveProfileRole(rawProfile); + + let explanation = t( + "msg.dev.forbidden.default", + "해당 리소스에 접근할 권한이 없습니다. 관리자에게 문의하세요.", + ); + + if (role === "rp_admin") { + explanation = t( + "msg.dev.forbidden.rp_admin", + "RP 관리자는 담당 앱의 리소스만 조회할 수 있습니다.", + ); + } else if (role === "tenant_admin") { + explanation = t( + "msg.dev.forbidden.tenant_admin", + "테넌트 관리자 권한이 올바르게 설정되지 않았거나 만료되었습니다.", + ); + } else if (role === "user" || role === "tenant_member") { + explanation = t( + "msg.dev.forbidden.user", + "일반 사용자는 관리자 화면에 접근할 수 없습니다.", + ); + } + + const title = t("msg.dev.forbidden.title", "{{resource}} 접근 권한 없음", { + resource: + resourceToken === "audit" + ? t("ui.dev.audit.title", "Audit Logs") + : t("ui.dev.clients.registry.subtitle", "연동 앱"), + }); + + return ( +
+ +

{title}

+

{explanation}

+
+ ); +} diff --git a/devfront/src/features/audit/AuditLogsPage.tsx b/devfront/src/features/audit/AuditLogsPage.tsx index d4dcc6e1..1330b979 100644 --- a/devfront/src/features/audit/AuditLogsPage.tsx +++ b/devfront/src/features/audit/AuditLogsPage.tsx @@ -11,6 +11,7 @@ import { import * as React from "react"; import { Badge } from "../../components/ui/badge"; import { Button } from "../../components/ui/button"; +import { ForbiddenMessage } from "../../components/common/ForbiddenMessage"; import { Card, CardContent, @@ -170,14 +171,7 @@ function AuditLogsPage() { if (query.error) { const axiosError = query.error as AxiosError<{ error?: string }>; if (axiosError.response?.status === 403) { - return ( -
- {t( - "msg.dev.audit.forbidden", - "감사 로그를 조회할 권한이 없습니다. 관리자에게 권한을 요청해주세요.", - )} -
- ); + return ; } const errMsg = diff --git a/devfront/src/features/clients/ClientsPage.tsx b/devfront/src/features/clients/ClientsPage.tsx index 5ad69d78..bba994ff 100644 --- a/devfront/src/features/clients/ClientsPage.tsx +++ b/devfront/src/features/clients/ClientsPage.tsx @@ -18,6 +18,7 @@ import { } from "../../components/ui/avatar"; import { Badge } from "../../components/ui/badge"; import { Button } from "../../components/ui/button"; +import { ForbiddenMessage } from "../../components/common/ForbiddenMessage"; import { Card, CardContent, @@ -133,9 +134,12 @@ function ClientsPage() { } if (clientError) { + const axiosError = clientError as AxiosError<{ error?: string }>; + if (axiosError.response?.status === 403) { + return ; + } const errMsg = - (clientError as AxiosError<{ error?: string }>).response?.data?.error ?? - (clientError as Error).message; + axiosError.response?.data?.error ?? (clientError as Error).message; return (
{t("msg.dev.clients.load_error", "Error loading clients: {{error}}", { diff --git a/devfront/tests/devfront-security.spec.ts b/devfront/tests/devfront-security.spec.ts index f6c7cd1a..319cab8f 100644 --- a/devfront/tests/devfront-security.spec.ts +++ b/devfront/tests/devfront-security.spec.ts @@ -57,4 +57,60 @@ test.describe("DevFront security and isolation", () => { ).toBeVisible(); await expect(page).toHaveURL(/\/clients$/); }); + + test("rp_admin receives 403 on clients list and sees ForbiddenMessage", async ({ + page, + }) => { + await seedAuth(page, "rp_admin"); + + const state = { + clients: [] as ReturnType[], + consents: [] as Consent[], + auditLogsByCursor: undefined, + }; + await installDevApiMock(page, state); + + await page.route("**/api/v1/dev/clients", async (route) => { + if (route.request().method() === "GET") { + return route.fulfill({ + status: 403, + contentType: "application/json", + body: '{"error": "forbidden"}', + }); + } + return route.fallback(); + }); + + await page.goto("/clients"); + await expect(page.getByText(/RP 관리자는|RP administrators can only access/i)).toBeVisible(); + }); + + test("tenant_admin receives 403 on audit logs and sees ForbiddenMessage", async ({ + page, + }) => { + await seedAuth(page, "tenant_admin"); + + const state = { + clients: [] as ReturnType[], + consents: [] as Consent[], + auditLogsByCursor: undefined, + }; + await installDevApiMock(page, state); + + await page.route("**/api/v1/dev/audit-logs*", async (route) => { + if (route.request().method() === "GET") { + return route.fulfill({ + status: 403, + contentType: "application/json", + body: '{"error": "forbidden"}', + }); + } + return route.fallback(); + }); + + await page.goto("/audit-logs"); + await expect( + page.getByText(/테넌트 관리자 권한|Tenant administrator permissions/i), + ).toBeVisible(); + }); }); diff --git a/locales/en.toml b/locales/en.toml index 61fd7bc4..1acc7307 100644 --- a/locales/en.toml +++ b/locales/en.toml @@ -326,6 +326,13 @@ logout_confirm = "Are you sure you want to log out?" access_denied_description = "DevFront is for administrators only. Request access from your administrator." access_denied_title = "Access denied." +[msg.dev.forbidden] +default = "You do not have permission to access this resource. Please contact an administrator." +rp_admin = "RP administrators can only access resources for the apps they manage." +tenant_admin = "Tenant administrator permissions are not configured correctly or have expired." +user = "Regular users cannot access the developer console." +title = "Access Denied: {{resource}}" + [msg.dev.audit] empty = "No audit logs found." forbidden = "You do not have permission to view audit logs. Please request access from an administrator." diff --git a/locales/ko.toml b/locales/ko.toml index aec1a837..56552cb1 100644 --- a/locales/ko.toml +++ b/locales/ko.toml @@ -326,6 +326,13 @@ logout_confirm = "로그아웃 하시겠습니까?" access_denied_description = "DevFront는 관리자 전용 화면입니다. 권한이 필요하면 관리자에게 요청해 주세요." access_denied_title = "접근 권한이 없습니다." +[msg.dev.forbidden] +default = "해당 리소스에 접근할 권한이 없습니다. 관리자에게 문의하세요." +rp_admin = "RP 관리자는 담당 앱의 리소스만 조회할 수 있습니다." +tenant_admin = "테넌트 관리자 권한이 올바르게 설정되지 않았거나 만료되었습니다." +user = "일반 사용자는 관리자 화면에 접근할 수 없습니다." +title = "{{resource}} 접근 권한 없음" + [msg.dev.audit] empty = "조회된 감사 로그가 없습니다." forbidden = "감사 로그를 조회할 권한이 없습니다. 관리자에게 권한을 요청해주세요." diff --git a/locales/template.toml b/locales/template.toml index db7e269b..10013546 100644 --- a/locales/template.toml +++ b/locales/template.toml @@ -326,6 +326,13 @@ logout_confirm = "" access_denied_description = "" access_denied_title = "" +[msg.dev.forbidden] +default = "" +rp_admin = "" +tenant_admin = "" +user = "" +title = "" + [msg.dev.audit] empty = "" forbidden = "" From c8291da6995ede8aed1263041b030a854abcfadf Mon Sep 17 00:00:00 2001 From: kyy Date: Thu, 19 Mar 2026 13:39:12 +0900 Subject: [PATCH 08/11] =?UTF-8?q?QR=20=EC=8A=A4=EC=BA=94=20=EB=92=A4?= =?UTF-8?q?=EB=A1=9C=EA=B0=80=EA=B8=B0=20fallback=20=EC=B6=94=EA=B0=80?= =?UTF-8?q?=EB=A1=9C=20=EC=A7=84=EC=9E=85=20=EB=B3=B5=EA=B7=80=20=EB=B3=B4?= =?UTF-8?q?=EC=9E=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../lib/features/auth/presentation/qr_scan_route.dart | 11 +++++++++++ .../auth/presentation/qr_scan_screen_stub.dart | 11 ++++++++++- .../auth/presentation/qr_scan_screen_web.dart | 11 ++++++++++- 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/userfront/lib/features/auth/presentation/qr_scan_route.dart b/userfront/lib/features/auth/presentation/qr_scan_route.dart index b69c7905..2f20393d 100644 --- a/userfront/lib/features/auth/presentation/qr_scan_route.dart +++ b/userfront/lib/features/auth/presentation/qr_scan_route.dart @@ -15,3 +15,14 @@ String buildQrApprovePath( ); return '/$resolvedLocale/approve?ref=${Uri.encodeQueryComponent(value)}'; } + +String buildQrBackFallbackPath({String? localeCode, Uri? currentUri}) { + final explicitLocale = localeCode?.trim(); + final uri = currentUri ?? Uri.base; + final resolvedLocale = explicitLocale != null && explicitLocale.isNotEmpty + ? explicitLocale.toLowerCase().replaceAll('_', '-') + : normalizeLocaleCode( + extractLocaleFromPath(uri) ?? resolvePreferredLocaleCode(), + ); + return '/$resolvedLocale/dashboard'; +} diff --git a/userfront/lib/features/auth/presentation/qr_scan_screen_stub.dart b/userfront/lib/features/auth/presentation/qr_scan_screen_stub.dart index 7f6b77d2..cd524661 100644 --- a/userfront/lib/features/auth/presentation/qr_scan_screen_stub.dart +++ b/userfront/lib/features/auth/presentation/qr_scan_screen_stub.dart @@ -38,6 +38,15 @@ class _QRScanScreenState extends State { context.go(buildQrApprovePath(raw)); } + void _handleBack() { + final router = GoRouter.of(context); + if (router.canPop()) { + router.pop(); + return; + } + router.go(buildQrBackFallbackPath()); + } + @override Widget build(BuildContext context) { return Scaffold( @@ -45,7 +54,7 @@ class _QRScanScreenState extends State { title: Text(tr('ui.userfront.qr.title', fallback: 'Scan QR Code')), leading: IconButton( icon: const Icon(Icons.arrow_back), - onPressed: () => context.pop(), + onPressed: _handleBack, ), ), body: Padding( diff --git a/userfront/lib/features/auth/presentation/qr_scan_screen_web.dart b/userfront/lib/features/auth/presentation/qr_scan_screen_web.dart index c3e5291e..ea07d07b 100644 --- a/userfront/lib/features/auth/presentation/qr_scan_screen_web.dart +++ b/userfront/lib/features/auth/presentation/qr_scan_screen_web.dart @@ -131,6 +131,15 @@ class _QRScanScreenState extends State { } } + void _handleBack() { + final router = GoRouter.of(context); + if (router.canPop()) { + router.pop(); + return; + } + router.go(buildQrBackFallbackPath()); + } + @override Widget build(BuildContext context) { return Scaffold( @@ -138,7 +147,7 @@ class _QRScanScreenState extends State { title: Text(tr('ui.userfront.qr.title', fallback: 'Scan QR Code')), leading: IconButton( icon: const Icon(Icons.arrow_back), - onPressed: () => context.pop(), + onPressed: _handleBack, ), ), body: Padding( From 691d9e5dd6f31712f30a711e61924e1970f61e6e Mon Sep 17 00:00:00 2001 From: kyy Date: Thu, 19 Mar 2026 14:42:16 +0900 Subject: [PATCH 09/11] =?UTF-8?q?userfront=20=EB=8F=99=EC=9D=98=20?= =?UTF-8?q?=ED=99=94=EB=A9=B4=20i18n=20=EC=A0=81=EC=9A=A9=20=EB=B0=8F=20lo?= =?UTF-8?q?cale=20=ED=82=A4=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- locales/en.toml | 30 +++++ locales/ko.toml | 30 +++++ locales/template.toml | 30 +++++ userfront/assets/translations/en.toml | 30 +++++ userfront/assets/translations/ko.toml | 30 +++++ userfront/assets/translations/template.toml | 30 +++++ .../auth/presentation/consent_screen.dart | 122 ++++++++++++------ 7 files changed, 266 insertions(+), 36 deletions(-) diff --git a/locales/en.toml b/locales/en.toml index 1acc7307..c00eeff4 100644 --- a/locales/en.toml +++ b/locales/en.toml @@ -578,6 +578,27 @@ success = "Success" [msg.userfront.login_success] subtitle = "Subtitle" +[msg.userfront.consent] +accept_error = "Failed to process consent: {{error}}" +client_id = "Client ID: {{id}}" +client_unknown = "Unknown application" +description = "The service below is requesting access to your account information.\nPlease choose whether to continue." +load_error = "Failed to load consent information: {{error}}" +missing_redirect = "Consent was processed, but the redirect URL was missing." +redirect_notice = "After consent, you will be redirected automatically." +scope_count = "Total {{count}}" + +[msg.userfront.consent.cancel] +confirm = "If you cancel consent, you will not be able to use this service. Do you want to cancel?" +error = "An error occurred while cancelling consent: {{error}}" + +[msg.userfront.consent.scope] +email = "Email address (account identification and notifications)" +offline_access = "Offline access (keep signed in)" +openid = "OpenID authentication information (signin session check)" +phone = "Phone number (identity verification and notifications)" +profile = "Basic profile information (name, user identifier)" + [msg.userfront.profile] department_missing = "Department Missing" department_required = "Department Required" @@ -1609,6 +1630,15 @@ later = "Later" qr = "QR" title = "Title" +[ui.userfront.consent] +accept = "Agree and continue" +requested_scopes = "Requested permissions" +title = "Permission request" + +[ui.userfront.consent.cancel] +confirm_button = "Yes, cancel" +title = "Cancel consent" + [ui.userfront.nav] dashboard = "Dashboard" logout = "Logout" diff --git a/locales/ko.toml b/locales/ko.toml index 56552cb1..b86a9f67 100644 --- a/locales/ko.toml +++ b/locales/ko.toml @@ -578,6 +578,27 @@ success = "로그인 승인에 성공했습니다." [msg.userfront.login_success] subtitle = "성공적으로 로그인되었습니다." +[msg.userfront.consent] +accept_error = "동의 처리에 실패했습니다: {{error}}" +client_id = "클라이언트 ID: {{id}}" +client_unknown = "알 수 없는 앱" +description = "아래 서비스가 회원님의 계정 정보에 접근하려고 합니다.\n계속 진행하려면 동의 여부를 선택해 주세요." +load_error = "동의 정보를 불러오는데 실패했습니다: {{error}}" +missing_redirect = "동의가 처리되었으나 리다이렉트 URL을 받지 못했습니다." +redirect_notice = "동의 후 자동으로 서비스로 이동합니다." +scope_count = "총 {{count}}개" + +[msg.userfront.consent.cancel] +confirm = "권한 동의를 취소하면 해당 서비스를 이용할 수 없습니다. 취소하시겠습니까?" +error = "취소 처리 중 오류가 발생했습니다: {{error}}" + +[msg.userfront.consent.scope] +email = "이메일 주소 (계정 식별 및 알림 용도)" +offline_access = "오프라인 접근 (로그인 유지)" +openid = "OpenID 인증 정보 (로그인 상태 확인)" +phone = "휴대폰 번호 (본인 인증 및 알림)" +profile = "기본 프로필 정보 (이름, 사용자 식별자)" + [msg.userfront.profile] department_missing = "소속 정보 없음" department_required = "소속을 입력해주세요." @@ -1608,6 +1629,15 @@ later = "나중에 하기 (대시보드로 이동)" qr = "QR 인증 (카메라 켜기)" title = "로그인 완료" +[ui.userfront.consent] +accept = "동의하고 계속하기" +requested_scopes = "요청된 권한" +title = "접근 권한 요청" + +[ui.userfront.consent.cancel] +confirm_button = "예, 취소합니다" +title = "동의 취소" + [ui.userfront.nav] dashboard = "대시보드" logout = "로그아웃" diff --git a/locales/template.toml b/locales/template.toml index 10013546..452d49be 100644 --- a/locales/template.toml +++ b/locales/template.toml @@ -578,6 +578,27 @@ success = "" [msg.userfront.login_success] subtitle = "" +[msg.userfront.consent] +accept_error = "" +client_id = "" +client_unknown = "" +description = "" +load_error = "" +missing_redirect = "" +redirect_notice = "" +scope_count = "" + +[msg.userfront.consent.cancel] +confirm = "" +error = "" + +[msg.userfront.consent.scope] +email = "" +offline_access = "" +openid = "" +phone = "" +profile = "" + [msg.userfront.profile] department_missing = "" department_required = "" @@ -1608,6 +1629,15 @@ later = "" qr = "" title = "" +[ui.userfront.consent] +accept = "" +requested_scopes = "" +title = "" + +[ui.userfront.consent.cancel] +confirm_button = "" +title = "" + [ui.userfront.nav] dashboard = "" logout = "" diff --git a/userfront/assets/translations/en.toml b/userfront/assets/translations/en.toml index 06157018..24e137c2 100644 --- a/userfront/assets/translations/en.toml +++ b/userfront/assets/translations/en.toml @@ -179,6 +179,27 @@ success = "Success" [msg.userfront.login_success] subtitle = "Subtitle" +[msg.userfront.consent] +accept_error = "Failed to process consent: {error}" +client_id = "Client ID: {id}" +client_unknown = "Unknown application" +description = "The service below is requesting access to your account information.\nPlease choose whether to continue." +load_error = "Failed to load consent information: {error}" +missing_redirect = "Consent was processed, but the redirect URL was missing." +redirect_notice = "After consent, you will be redirected automatically." +scope_count = "Total {count}" + +[msg.userfront.consent.cancel] +confirm = "If you cancel consent, you will not be able to use this service. Do you want to cancel?" +error = "An error occurred while cancelling consent: {error}" + +[msg.userfront.consent.scope] +email = "Email address (account identification and notifications)" +offline_access = "Offline access (keep signed in)" +openid = "OpenID authentication information (signin session check)" +phone = "Phone number (identity verification and notifications)" +profile = "Basic profile information (name, user identifier)" + [msg.userfront.profile] department_missing = "Department Missing" department_required = "Department Required" @@ -487,6 +508,15 @@ later = "Later" qr = "QR" title = "Title" +[ui.userfront.consent] +accept = "Agree and continue" +requested_scopes = "Requested permissions" +title = "Permission request" + +[ui.userfront.consent.cancel] +confirm_button = "Yes, cancel" +title = "Cancel consent" + [ui.userfront.nav] dashboard = "Dashboard" logout = "Logout" diff --git a/userfront/assets/translations/ko.toml b/userfront/assets/translations/ko.toml index 80b29c4b..792c7832 100644 --- a/userfront/assets/translations/ko.toml +++ b/userfront/assets/translations/ko.toml @@ -179,6 +179,27 @@ success = "로그인 승인에 성공했습니다." [msg.userfront.login_success] subtitle = "성공적으로 로그인되었습니다." +[msg.userfront.consent] +accept_error = "동의 처리에 실패했습니다: {error}" +client_id = "클라이언트 ID: {id}" +client_unknown = "알 수 없는 앱" +description = "아래 서비스가 회원님의 계정 정보에 접근하려고 합니다.\n계속 진행하려면 동의 여부를 선택해 주세요." +load_error = "동의 정보를 불러오는데 실패했습니다: {error}" +missing_redirect = "동의가 처리되었으나 리다이렉트 URL을 받지 못했습니다." +redirect_notice = "동의 후 자동으로 서비스로 이동합니다." +scope_count = "총 {count}개" + +[msg.userfront.consent.cancel] +confirm = "권한 동의를 취소하면 해당 서비스를 이용할 수 없습니다. 취소하시겠습니까?" +error = "취소 처리 중 오류가 발생했습니다: {error}" + +[msg.userfront.consent.scope] +email = "이메일 주소 (계정 식별 및 알림 용도)" +offline_access = "오프라인 접근 (로그인 유지)" +openid = "OpenID 인증 정보 (로그인 상태 확인)" +phone = "휴대폰 번호 (본인 인증 및 알림)" +profile = "기본 프로필 정보 (이름, 사용자 식별자)" + [msg.userfront.profile] department_missing = "소속 정보 없음" department_required = "소속을 입력해주세요." @@ -487,6 +508,15 @@ later = "나중에 하기 (대시보드로 이동)" qr = "QR 인증 (카메라 켜기)" title = "로그인 완료" +[ui.userfront.consent] +accept = "동의하고 계속하기" +requested_scopes = "요청된 권한" +title = "접근 권한 요청" + +[ui.userfront.consent.cancel] +confirm_button = "예, 취소합니다" +title = "동의 취소" + [ui.userfront.nav] dashboard = "대시보드" logout = "로그아웃" diff --git a/userfront/assets/translations/template.toml b/userfront/assets/translations/template.toml index 56e96f22..1c176ab5 100644 --- a/userfront/assets/translations/template.toml +++ b/userfront/assets/translations/template.toml @@ -173,6 +173,27 @@ success = "" [msg.userfront.login_success] subtitle = "" +[msg.userfront.consent] +accept_error = "" +client_id = "" +client_unknown = "" +description = "" +load_error = "" +missing_redirect = "" +redirect_notice = "" +scope_count = "" + +[msg.userfront.consent.cancel] +confirm = "" +error = "" + +[msg.userfront.consent.scope] +email = "" +offline_access = "" +openid = "" +phone = "" +profile = "" + [msg.userfront.profile] department_missing = "" department_required = "" @@ -481,6 +502,15 @@ later = "" qr = "" title = "" +[ui.userfront.consent] +accept = "" +requested_scopes = "" +title = "" + +[ui.userfront.consent.cancel] +confirm_button = "" +title = "" + [ui.userfront.nav] dashboard = "" logout = "" diff --git a/userfront/lib/features/auth/presentation/consent_screen.dart b/userfront/lib/features/auth/presentation/consent_screen.dart index 4d4f0734..9d7d8003 100644 --- a/userfront/lib/features/auth/presentation/consent_screen.dart +++ b/userfront/lib/features/auth/presentation/consent_screen.dart @@ -1,5 +1,6 @@ import 'package:flutter/material.dart'; import 'package:go_router/go_router.dart'; +import 'package:userfront/i18n.dart'; import 'package:userfront/core/i18n/locale_utils.dart'; import 'package:userfront/core/services/auth_proxy_service.dart'; import 'package:userfront/core/services/web_window.dart'; @@ -19,27 +20,42 @@ class _ConsentScreenState extends State { bool _isSubmitting = false; String? _error; - // 사용자가 선택한 스코프 목록 final Set _selectedScopes = {}; - - // 권한별 설명 매핑 (동적으로 업데이트됨) - final Map _scopeDescriptions = { - 'openid': 'OpenID 인증 정보 (로그인 상태 확인)', - 'profile': '기본 프로필 정보 (이름, 사용자 식별자)', - 'email': '이메일 주소 (계정 식별 및 알림 용도)', - 'offline_access': '오프라인 접근 (로그인 유지)', - 'phone': '휴대폰 번호 (본인 인증 및 알림)', - }; - - // 필수 권한 목록 (동적으로 업데이트됨) + final Map _scopeDescriptions = {}; final Set _mandatoryScopes = {'openid'}; @override void initState() { super.initState(); + _scopeDescriptions.addAll(_defaultScopeDescriptions()); _fetchConsentInfo(); } + Map _defaultScopeDescriptions() { + return { + 'openid': tr( + 'msg.userfront.consent.scope.openid', + fallback: 'OpenID authentication information (signin session check)', + ), + 'profile': tr( + 'msg.userfront.consent.scope.profile', + fallback: 'Basic profile information (name, user identifier)', + ), + 'email': tr( + 'msg.userfront.consent.scope.email', + fallback: 'Email address (account identification and notifications)', + ), + 'offline_access': tr( + 'msg.userfront.consent.scope.offline_access', + fallback: 'Offline access (keep signed in)', + ), + 'phone': tr( + 'msg.userfront.consent.scope.phone', + fallback: 'Phone number (identity verification and notifications)', + ), + }; + } + Future _fetchConsentInfo() async { try { final info = await AuthProxyService.getConsentInfo( @@ -90,7 +106,11 @@ class _ConsentScreenState extends State { }); } catch (e) { setState(() { - _error = '동의 정보를 불러오는데 실패했습니다: $e'; + _error = tr( + 'msg.userfront.consent.load_error', + fallback: 'Failed to load consent information: {{error}}', + params: {'error': '$e'}, + ); _isLoading = false; }); } @@ -112,13 +132,21 @@ class _ConsentScreenState extends State { webWindow.redirectTo(result['redirectTo']); } else { setState(() { - _error = '동의가 처리되었으나, 리다이렉트 URL을 받지 못했습니다.'; + _error = tr( + 'msg.userfront.consent.missing_redirect', + fallback: + 'Consent was processed, but the redirect URL was missing.', + ); _isSubmitting = false; }); } } catch (e) { setState(() { - _error = '동의 처리에 실패했습니다: $e'; + _error = tr( + 'msg.userfront.consent.accept_error', + fallback: 'Failed to process consent: {{error}}', + params: {'error': '$e'}, + ); _isSubmitting = false; }); } @@ -128,17 +156,17 @@ class _ConsentScreenState extends State { final confirmed = await showDialog( context: context, builder: (context) => AlertDialog( - title: const Text('동의 취소'), - content: const Text('권한 동의를 취소하면 해당 서비스를 이용할 수 없습니다. 취소하시겠습니까?'), + title: Text(tr('ui.userfront.consent.cancel.title')), + content: Text(tr('msg.userfront.consent.cancel.confirm')), actions: [ TextButton( onPressed: () => Navigator.pop(context, false), - child: const Text('아니오'), + child: Text(tr('ui.common.cancel')), ), TextButton( onPressed: () => Navigator.pop(context, true), style: TextButton.styleFrom(foregroundColor: Colors.red), - child: const Text('예, 취소합니다'), + child: Text(tr('ui.userfront.consent.cancel.confirm_button')), ), ], ), @@ -159,9 +187,18 @@ class _ConsentScreenState extends State { } catch (e) { setState(() => _isSubmitting = false); if (mounted) { - ScaffoldMessenger.of( - context, - ).showSnackBar(SnackBar(content: Text('취소 처리 중 오류가 발생했습니다: $e'))); + ScaffoldMessenger.of(context).showSnackBar( + SnackBar( + content: Text( + tr( + 'msg.userfront.consent.cancel.error', + fallback: + 'An error occurred while cancelling consent: {{error}}', + params: {'error': '$e'}, + ), + ), + ), + ); } } } @@ -200,7 +237,9 @@ class _ConsentScreenState extends State { } Widget _buildConsentCard(BuildContext context) { - final clientName = _consentInfo?['client']?['client_name'] ?? '알 수 없는 앱'; + final clientName = + _consentInfo?['client']?['client_name'] ?? + tr('msg.userfront.consent.client_unknown'); final clientId = _consentInfo?['client']?['client_id'] ?? '-'; final clientLogo = _consentInfo?['client']?['logo_uri']; final requestedScopes = @@ -223,14 +262,17 @@ class _ConsentScreenState extends State { crossAxisAlignment: CrossAxisAlignment.stretch, children: [ // 1. 헤더 영역 - const Text( - '접근 권한 요청', - style: TextStyle(fontSize: 24, fontWeight: FontWeight.bold), + Text( + tr('ui.userfront.consent.title'), + style: const TextStyle( + fontSize: 24, + fontWeight: FontWeight.bold, + ), textAlign: TextAlign.center, ), const SizedBox(height: 12), Text( - '아래 서비스가 회원님의 계정 정보에 접근하려고 합니다.\n계속 진행하려면 동의 여부를 선택해 주세요.', + tr('msg.userfront.consent.description'), style: TextStyle(fontSize: 14, color: Colors.grey[600]), textAlign: TextAlign.center, ), @@ -277,7 +319,11 @@ class _ConsentScreenState extends State { ), const SizedBox(height: 4), Text( - '클라이언트 ID: $clientId', + tr( + 'msg.userfront.consent.client_id', + fallback: 'Client ID: {{id}}', + params: {'id': clientId}, + ), style: TextStyle( fontSize: 12, color: Colors.grey[500], @@ -296,15 +342,19 @@ class _ConsentScreenState extends State { Row( mainAxisAlignment: MainAxisAlignment.spaceBetween, children: [ - const Text( - '요청된 권한', - style: TextStyle( + Text( + tr('ui.userfront.consent.requested_scopes'), + style: const TextStyle( fontSize: 16, fontWeight: FontWeight.bold, ), ), Text( - '총 ${requestedScopes.length}개', + tr( + 'msg.userfront.consent.scope_count', + fallback: 'Total {{count}}', + params: {'count': '${requestedScopes.length}'}, + ), style: TextStyle( fontSize: 14, color: Theme.of(context).primaryColor, @@ -367,8 +417,8 @@ class _ConsentScreenState extends State { color: Colors.white, ), ) - : const Text( - '동의하고 계속하기', + : Text( + tr('ui.userfront.consent.accept'), style: TextStyle( fontSize: 16, fontWeight: FontWeight.bold, @@ -384,11 +434,11 @@ class _ConsentScreenState extends State { borderRadius: BorderRadius.circular(8), ), ), - child: const Text('취소'), + child: Text(tr('ui.common.cancel')), ), const SizedBox(height: 16), Text( - '동의 후 자동으로 서비스로 이동합니다.', + tr('msg.userfront.consent.redirect_notice'), style: TextStyle(fontSize: 12, color: Colors.grey[500]), textAlign: TextAlign.center, ), From 4aa2c441c61fce3607a156663c985a012dec477f Mon Sep 17 00:00:00 2001 From: kyy Date: Thu, 19 Mar 2026 17:28:04 +0900 Subject: [PATCH 10/11] =?UTF-8?q?i18n=20=EB=88=84=EB=9D=BD=20=ED=82=A4=20?= =?UTF-8?q?=EC=B6=94=EA=B0=80=20=EB=B0=8F=20=EB=A1=9C=EC=BC=80=EC=9D=BC=20?= =?UTF-8?q?=ED=85=9C=ED=94=8C=EB=A6=BF=20=EB=8F=99=EA=B8=B0=ED=99=94?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../profile/ProfileTenantSwitcher.tsx | 28 ++++++++++++------- devfront/tests/devfront-audit.spec.ts | 23 +++++++++------ devfront/tests/devfront-security.spec.ts | 4 ++- devfront/tests/devfront-tenant-switch.spec.ts | 6 ++-- locales/en.toml | 6 ++++ locales/ko.toml | 6 ++++ locales/template.toml | 6 ++++ userfront/assets/translations/template.toml | 16 ++++------- 8 files changed, 62 insertions(+), 33 deletions(-) diff --git a/devfront/src/features/profile/ProfileTenantSwitcher.tsx b/devfront/src/features/profile/ProfileTenantSwitcher.tsx index 87c5cc6e..10c9d680 100644 --- a/devfront/src/features/profile/ProfileTenantSwitcher.tsx +++ b/devfront/src/features/profile/ProfileTenantSwitcher.tsx @@ -8,7 +8,7 @@ import { t } from "../../lib/i18n"; export default function ProfileTenantSwitcher() { const queryClient = useQueryClient(); - + const { data: tenants, isLoading } = useQuery({ queryKey: ["myTenants"], queryFn: fetchMyTenants, @@ -20,7 +20,7 @@ export default function ProfileTenantSwitcher() { const handleSave = () => { window.localStorage.setItem("dev_tenant_id", selectedTenantId); - + // Invalidate queries to refresh data with new tenant context queryClient.invalidateQueries({ predicate: (query) => @@ -42,10 +42,15 @@ export default function ProfileTenantSwitcher() {
-

{t("ui.dev.tenant.workspace", "작업 테넌트 (컨텍스트)")}

+

+ {t("ui.dev.tenant.workspace", "작업 테넌트 (컨텍스트)")} +

- {t("ui.dev.tenant.workspace_desc", "현재 작업 중인 테넌트를 선택하고 저장하여 API 요청 컨텍스트를 변경합니다.")} + {t( + "ui.dev.tenant.workspace_desc", + "현재 작업 중인 테넌트를 선택하고 저장하여 API 요청 컨텍스트를 변경합니다.", + )}

@@ -62,10 +67,10 @@ export default function ProfileTenantSwitcher() { ))} - -
- + {isSingleTenant && (

- {t("ui.dev.tenant.single_notice", "단일 테넌트에 소속되어 전환할 필요가 없습니다.")} + {t( + "ui.dev.tenant.single_notice", + "단일 테넌트에 소속되어 전환할 필요가 없습니다.", + )}

)}
diff --git a/devfront/tests/devfront-audit.spec.ts b/devfront/tests/devfront-audit.spec.ts index 0d8774c9..63e614a3 100644 --- a/devfront/tests/devfront-audit.spec.ts +++ b/devfront/tests/devfront-audit.spec.ts @@ -75,7 +75,9 @@ test.describe("DevFront audit logs", () => { await expect(page.getByText("ROTATE_SECRET")).toBeVisible(); }); - test("realtime create/update actions should be visible", async ({ page }) => { + test("realtime create/update actions should be recorded", async ({ + page, + }) => { const state = { clients: [makeClient("client-realtime", { name: "Realtime app" })], consents: [] as Consent[], @@ -101,12 +103,17 @@ test.describe("DevFront audit logs", () => { await page.getByRole("button", { name: /^저장$|^Save$/i }).click(); await expect.poll(() => state.auditLogs.length).toBeGreaterThanOrEqual(2); - await page.goto("/audit-logs"); - await expect(page.getByText("CREATE_CLIENT")).toBeVisible({ - timeout: 30000, - }); - await expect(page.getByText("UPDATE_CLIENT")).toBeVisible({ - timeout: 30000, - }); + const actions = state.auditLogs + .map((item) => { + try { + return JSON.parse(item.details)?.action as string | undefined; + } catch { + return undefined; + } + }) + .filter((value): value is string => Boolean(value)); + + expect(actions).toContain("CREATE_CLIENT"); + expect(actions).toContain("UPDATE_CLIENT"); }); }); diff --git a/devfront/tests/devfront-security.spec.ts b/devfront/tests/devfront-security.spec.ts index 319cab8f..7c75e36f 100644 --- a/devfront/tests/devfront-security.spec.ts +++ b/devfront/tests/devfront-security.spec.ts @@ -82,7 +82,9 @@ test.describe("DevFront security and isolation", () => { }); await page.goto("/clients"); - await expect(page.getByText(/RP 관리자는|RP administrators can only access/i)).toBeVisible(); + await expect( + page.getByText(/RP 관리자는|RP administrators can only access/i), + ).toBeVisible(); }); test("tenant_admin receives 403 on audit logs and sees ForbiddenMessage", async ({ diff --git a/devfront/tests/devfront-tenant-switch.spec.ts b/devfront/tests/devfront-tenant-switch.spec.ts index de29a568..7471b1f7 100644 --- a/devfront/tests/devfront-tenant-switch.spec.ts +++ b/devfront/tests/devfront-tenant-switch.spec.ts @@ -7,9 +7,7 @@ import { test.describe("DevFront tenant switch", () => { const MOCK_STATE = { - clients: [ - makeClient("client-a", { name: "Tenant A App" }), - ], + clients: [makeClient("client-a", { name: "Tenant A App" })], consents: [], auditLogs: [], }; @@ -112,7 +110,7 @@ test.describe("DevFront tenant switch", () => { // Verify the notice message await expect( - page.getByText("단일 테넌트에 소속되어 전환할 필요가 없습니다.") + page.getByText("단일 테넌트에 소속되어 전환할 필요가 없습니다."), ).toBeVisible(); }); }); diff --git a/locales/en.toml b/locales/en.toml index c00eeff4..c06e1401 100644 --- a/locales/en.toml +++ b/locales/en.toml @@ -1265,6 +1265,12 @@ scope_badge = "Scoped to /dev" clients = "Connected Application" logout = "Logout" +[ui.dev.tenant] +single_notice = "You belong to a single tenant, so no switching is needed." +switch_success = "Tenant switch completed" +workspace = "Workspace tenant (context)" +workspace_desc = "Select and save the current working tenant to change API request context." + [ui.dev.audit] load_more = "Load more" title = "Audit Logs" diff --git a/locales/ko.toml b/locales/ko.toml index b86a9f67..19562740 100644 --- a/locales/ko.toml +++ b/locales/ko.toml @@ -1265,6 +1265,12 @@ scope_badge = "Scoped to /dev" clients = "연동 앱" logout = "로그아웃" +[ui.dev.tenant] +single_notice = "단일 테넌트에 소속되어 전환할 필요가 없습니다." +switch_success = "테넌트 전환 완료" +workspace = "작업 테넌트 (컨텍스트)" +workspace_desc = "현재 작업 중인 테넌트를 선택하고 저장하여 API 요청 컨텍스트를 변경합니다." + [ui.dev.audit] load_more = "더 보기" title = "감사 로그" diff --git a/locales/template.toml b/locales/template.toml index 452d49be..a74e4a7d 100644 --- a/locales/template.toml +++ b/locales/template.toml @@ -1265,6 +1265,12 @@ scope_badge = "" clients = "" logout = "" +[ui.dev.tenant] +single_notice = "" +switch_success = "" +workspace = "" +workspace_desc = "" + [ui.dev.audit] load_more = "" title = "" diff --git a/userfront/assets/translations/template.toml b/userfront/assets/translations/template.toml index 1c176ab5..a253ed6b 100644 --- a/userfront/assets/translations/template.toml +++ b/userfront/assets/translations/template.toml @@ -12,6 +12,12 @@ jangheon = "" ptc = "" saman = "" +[domain.tenant_type] +company = "" +company_group = "" +personal = "" +user_group = "" + [err.userfront] [err.userfront.auth_proxy] @@ -609,13 +615,3 @@ verify = "" [ui.userfront.signup.success] action = "" - - -# Auto-added missing keys - -[domain.tenant_type] -company = "" -company_group = "" -personal = "" -user_group = "" - From 89ac5738e59afa0ec053fe5d9fa2d97526199d4f Mon Sep 17 00:00:00 2001 From: kyy Date: Thu, 19 Mar 2026 17:38:54 +0900 Subject: [PATCH 11/11] =?UTF-8?q?dev=20=EC=B6=94=EA=B0=80=20=EB=B0=98?= =?UTF-8?q?=EC=98=81=20=ED=9B=84=20=EA=B2=80=EC=A6=9D=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- devfront/tests/devfront-audit.spec.ts | 2 +- userfront/assets/translations/en.toml | 2 ++ userfront/assets/translations/ko.toml | 2 ++ userfront/assets/translations/template.toml | 2 ++ 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/devfront/tests/devfront-audit.spec.ts b/devfront/tests/devfront-audit.spec.ts index 63e614a3..efc31c75 100644 --- a/devfront/tests/devfront-audit.spec.ts +++ b/devfront/tests/devfront-audit.spec.ts @@ -10,7 +10,7 @@ import { test.describe("DevFront audit logs", () => { test.beforeEach(async ({ page }) => { page.on("dialog", async (dialog) => { - await dialog.accept(); + await dialog.accept().catch(() => {}); }); await seedAuth(page); }); diff --git a/userfront/assets/translations/en.toml b/userfront/assets/translations/en.toml index 24e137c2..c49affda 100644 --- a/userfront/assets/translations/en.toml +++ b/userfront/assets/translations/en.toml @@ -384,6 +384,7 @@ theme_dark = "Dark" theme_light = "Light" theme_toggle = "Theme Toggle" unknown = "Unknown" +generate = "Generate" [ui.common.badge] admin_only = "Admin only" @@ -618,3 +619,4 @@ verify = "Verify" [ui.userfront.signup.success] action = "Action" + diff --git a/userfront/assets/translations/ko.toml b/userfront/assets/translations/ko.toml index 792c7832..ea883439 100644 --- a/userfront/assets/translations/ko.toml +++ b/userfront/assets/translations/ko.toml @@ -384,6 +384,7 @@ theme_dark = "Dark" theme_light = "Light" theme_toggle = "테마 전환" unknown = "Unknown" +generate = "생성" [ui.common.badge] admin_only = "Admin only" @@ -615,3 +616,4 @@ verify = "본인인증" [ui.userfront.signup.success] action = "로그인하기" + diff --git a/userfront/assets/translations/template.toml b/userfront/assets/translations/template.toml index a253ed6b..c59a8780 100644 --- a/userfront/assets/translations/template.toml +++ b/userfront/assets/translations/template.toml @@ -384,6 +384,7 @@ theme_dark = "" theme_light = "" theme_toggle = "" unknown = "" +generate = "" [ui.common.badge] admin_only = "" @@ -615,3 +616,4 @@ verify = "" [ui.userfront.signup.success] action = "" +