Templates

This references the template files, their role and the variables available in their contexts. The intended audience for this reference is designers wishing to build their custom Canaille theme.

Base

Those templates are shared by all the pages rendered by Canaille.

Template files

TEMPLATE base.html

The main template inherited by almost every other templates.

Parameters:
  • user (User) – The current user, if logged in.

  • features (Features) – The features enabled and available in Canaille.

  • locale (str) – The user locale.

  • website_name (str) – The Canaille instance defined in NAME.

  • logo_url (str) – The URL of the instance logo defined in LOGO.

  • favicon_url (str) – The URL of the instance favicon defined in FAVICON.

  • request_is_boosted (bool) – Whether the page is boosted by HTMX.

  • menu (bool) – Whether to display the menu or not.

  • debug (bool) – Whether the app has been launched in debug mode.

  • no_secret_key (bool) – Whether a SECRET_KEY has been defined.

TEMPLATE error.html

The error page. Displayed for all kinds of errors (not found, internal server error etc.).

Parameters:
  • error_code (int) – The code of the HTTP error (404, 500, etc.)

  • description (str) – The error code description.

  • icon (str) – An optional Font Awesome icon reference.

TEMPLATE macro/flask.html

Macros for Flask flash message rendering

TEMPLATE macro/form.html

Macros for form and form field rendering.

Connects WTForms, Fomantic-UI and HTMX.

TEMPLATE macro/table.html

Macros for rendering table paginated with HTMX.

Forms

class canaille.app.forms.TableForm(*args, **kwargs)[source]

Bases: I18NFormMixin, FlaskForm

A form for table rendering of object collections.

page = <UnboundField(IntegerField, (), {'default': 1})>
query = <UnboundField(StringField, (), {'default': ''})>
validate_page(field)[source]

Core

The core templates are displayed in the authentication and profile edition pages.

Template files

TEMPLATE core/about.html
../_images/6637f9b5112486965f03bde624716a6b.png

The ‘About’ page.

The ‘About’ page.

This is an informational page, displaying the project links.

Parameters:
  • version (str) – The current Canaille version.

TEMPLATE core/firstlogin.html
../_images/a392d40e5f2ffc1d449d7007d958a383.png

The first login page.

The first login page.

This page is displayed to users who do not have set a password yet.

TEMPLATE core/forgotten-password.html
../_images/522e116973bf1f30c397deebef0c0be8.png

The password reinitialization page.

Password forgotten page.

This page displays a form asking for the email address of users who cannot remember their password.

TEMPLATE core/group.html
../_images/3870ce8bdc4dc74fedf84deb9dc683f1.png

The group edition page.

Group edition page.

Displays the group edition or creation form.

Parameters:
TEMPLATE core/groups.html
../_images/b9d18469debed3f54bd96b8beeded2fe.png

The group list page.

The group list page.

Parameters:
TEMPLATE core/invite.html
../_images/3737ab175c2abe19386cb38876d67533.png

The invitation form page.

The invitation form page.

Displays the invitation form to users with the invitation permission.

Parameters:
TEMPLATE core/join.html

The invitation acceptation page.

This page is displayed to users who have clicked on invitation links sent by mail (or by other media). It displays a basic account creation form.

Parameters:
  • form (JoinForm) – The account creation form.

TEMPLATE core/login.html
../_images/f37818faa15de38895b052f55fd3325c.png

The login page.

The login page.

This page displays a form to get the user identifier.

Parameters:
TEMPLATE core/profile_add.html
../_images/878967d0b012b591b13f7178d47c2cc0.png

User account creation page.

This template displays an account creation form. It is used in the registration page, and in the manual account creation page available for users with user management permission.

Parameters:
  • form (FlaskForm) – The user creation form. Dynamically built according to the user READ and WRITE permissions. The available fields are those appearing in READ and WRITE, those only appearing in READ are read-only.

TEMPLATE core/profile_edit.html
../_images/6285fd5eb4da48f4add6b4020acf34c9.png

The user profile edition page.

The profile edition template.

Displays a user profile edition form.

Parameters:
  • edited_user (User) – The user that the form will edit.

  • profile_form (FlaskForm) – The user profile edition form. Dynamically built according to the user READ and WRITE permissions. The available fields are those appearing in READ and WRITE, those only appearing in READ are read-only.

  • emails_form (EmailConfirmationForm) – An email edition form. Used when the has_email_confirmation feature is enabled.

TEMPLATE core/profile_settings.html
../_images/d452bc4e507de5f7af1d081956b15d54.png

The user profile settings edition page.

The profile settings template.

Displays the user settings edition form.

Parameters:
  • edited_user (User) – The user that the form will edit.

  • form (FlaskForm) – The user profile edition form. Dynamically built according to the user READ and WRITE permissions. The available fields are those appearing in READ and WRITE, those only appearing in READ are read-only.

  • self_deletion (bool) – Whether the editor is allowed to delete the account of the edited user.

TEMPLATE core/reset-password.html
../_images/522e116973bf1f30c397deebef0c0be8.png

The password reset page.

The password reset template.

Displays a password reset form.

Parameters:
  • form (PasswordResetForm) – The password reset form.

  • user (User) – The user associated with the URL.

  • hash (str) – The secret link hash.

TEMPLATE core/setup-mfa.html

The multi-factor authentication initialization template.

Display a QR-code and the OTP secret.

Parameters:
  • user (User) – The user initializing the OTP.

  • secret (str) – The OTP secret.

  • qr_image (A base64 encoded str) – A QR-code image representing the OTP secret.

TEMPLATE core/users.html
../_images/e64ec42183328f8a03fd52d8ac0becc5.png

The users list.

Displays a paginated list of User.

Parameters:
TEMPLATE core/verify-mfa.html

The multi-factor authentication code verification template.

Displays a form that asks for the multi-factor authentication code.

Parameters:
  • form (TwoFactorForm) – The code verification form.

  • username (str) – The username of the user attempting to log-in.

  • method (str (TOTP, HOTP, EMAIL_OTP, SMS_OTP)) – The authentication factor method.

Forms

class canaille.core.endpoints.forms.CreateGroupForm(*args, **kwargs)[source]

Bases: Form

The group creation form.

description = <UnboundField(StringField, (l'Description',), {'validators': [<wtforms.validators.Optional object>]})>
display_name = <UnboundField(StringField, (l'Name',), {'validators': [<wtforms.validators.DataRequired object>, <function unique_group>], 'render_kw': {'placeholder': l'group'}})>
class canaille.core.endpoints.forms.DeleteGroupMemberForm(*args, **kwargs)[source]

Bases: Form

member = <UnboundField(StringField, (), {'filters': [<canaille.app.forms.IDToModel object>], 'validators': [<function existing_group_member>]})>
class canaille.core.endpoints.forms.EditGroupForm(*args, **kwargs)[source]

Bases: Form

The group edition form.

description = <UnboundField(StringField, (l'Description',), {'validators': [<wtforms.validators.Optional object>]})>
display_name = <UnboundField(StringField, (l'Name',), {'validators': [<wtforms.validators.DataRequired object>, <wtforms.validators.ReadOnly object>], 'render_kw': {'readonly': 'true'}})>
class canaille.core.endpoints.forms.EmailConfirmationForm(*args, **kwargs)[source]

Bases: Form

new_email = <UnboundField(EmailField, (l'New email address',), {'validators': [<wtforms.validators.DataRequired object>, <function email_validator>, <function unique_email>], 'render_kw': {'placeholder': l'jane.doe@example.com', 'spellcheck': 'false', 'autocorrect': 'off'}})>
old_emails = <UnboundField(FieldList, (<UnboundField(EmailField, (), {'validators': [<wtforms.validators.ReadOnly object>], 'description': l'This email will be used as a recovery address to reset the password if needed', 'render_kw': {'placeholder': l'jane.doe@example.com', 'spellcheck': 'false', 'autocorrect': 'off', 'readonly': 'true'}})>,), {'label': l'Email addresses'})>
class canaille.core.endpoints.forms.FirstLoginForm(*args, **kwargs)[source]

Bases: Form

class canaille.core.endpoints.forms.ForgottenPasswordForm(*args, **kwargs)[source]

Bases: Form

login = <UnboundField(StringField, (l'Login',), {'validators': [<wtforms.validators.DataRequired object>, <function existing_login>], 'render_kw': {'placeholder': l'jane.doe@example.com', 'spellcheck': 'false', 'autocorrect': 'off'}})>
class canaille.core.endpoints.forms.InvitationForm(*args, **kwargs)[source]

Bases: Form

The user invitation form.

email = <UnboundField(EmailField, (l'Email address',), {'validators': [<wtforms.validators.DataRequired object>, <function email_validator>, <function unique_email>], 'render_kw': {'placeholder': l'jane.doe@example.com', 'spellcheck': 'false', 'autocorrect': 'off'}})>
groups = <UnboundField(SelectMultipleField, (l'Groups',), {'choices': <function InvitationForm.<lambda>>, 'render_kw': {}, 'coerce': <canaille.app.forms.IDToModel object>})>
user_name = <UnboundField(StringField, (l'User name',), {'render_kw': {'placeholder': l'jdoe'}, 'validators': [<wtforms.validators.DataRequired object>, <function unique_user_name>]})>
user_name_editable = <UnboundField(BooleanField, (l'Username editable by the invitee',), {})>
class canaille.core.endpoints.forms.JoinForm(*args, **kwargs)[source]

Bases: Form

email = <UnboundField(EmailField, (l'Email address',), {'validators': [<wtforms.validators.DataRequired object>, <function email_validator>], 'render_kw': {'placeholder': l'jane.doe@example.com', 'spellcheck': 'false', 'autocorrect': 'off'}})>
validate_email(field)[source]
class canaille.core.endpoints.forms.LoginForm(*args, **kwargs)[source]

Bases: Form

login = <UnboundField(StringField, (l'Login',), {'validators': [<wtforms.validators.DataRequired object>, <function existing_login>], 'render_kw': {'placeholder': '', 'spellcheck': 'false', 'autocorrect': 'off', 'inputmode': 'email'}})>
class canaille.core.endpoints.forms.PasswordForm(*args, **kwargs)[source]

Bases: Form

password = <UnboundField(PasswordField, (l'Password',), {'validators': [<wtforms.validators.DataRequired object>], 'render_kw': {'autocomplete': 'current-password'}})>
class canaille.core.endpoints.forms.PasswordResetForm(*args, **kwargs)[source]

Bases: Form

confirmation = <UnboundField(PasswordField, (l'Password confirmation',), {'validators': [<wtforms.validators.EqualTo object>], 'render_kw': {'autocomplete': 'new-password'}})>
password = <UnboundField(PasswordField, (l'Password',), {'validators': [<wtforms.validators.DataRequired object>, <function password_length_validator>, <function password_too_long_validator>, <function compromised_password_validator>], 'render_kw': {'autocomplete': 'new-password', 'class': 'password_strength'}})>
class canaille.core.endpoints.forms.TwoFactorForm(*args, **kwargs)[source]

Bases: Form

otp = <UnboundField(StringField, (l'One-time password',), {'validators': [<wtforms.validators.DataRequired object>, <wtforms.validators.Length object>], 'render_kw': {'placeholder': l'123456', 'spellcheck': 'false', 'autocorrect': 'off'}})>
canaille.core.endpoints.forms.available_language_choices()[source]
canaille.core.endpoints.forms.build_profile_form(write_field_names, readonly_field_names, user=None)[source]

OIDC

The OIDC templates are displayed in the OIDC consent pages.

Template files

TEMPLATE oidc/authorization_list.html
../_images/8a0e54204cb9a8639677118795b4b3b3.png

The list of authorizations.

The list of authorizations.

Displays a paginated list of AuthorizationCode.

Parameters:
TEMPLATE oidc/authorization_view.html

Authorization details template.

Displays details about an AuthorizationCode.

Parameters:
TEMPLATE oidc/authorize.html
../_images/bb47b99d5ae9a036fb4ff78a86591655.png

The consent request dialog.

Consent request template.

This templates is displayed to users accessing a new application that requests to access to personal information. It lists the personal information requested by the application, and offers the user to accept or decline.

Parameters:
  • user (User) – The user whose consent is asked.

  • grant (An Authlib Grant) – The OIDC grant.

TEMPLATE oidc/client_add.html
../_images/66bfc63c5ec58fae589d933eff11a9fe.png

The client addition page.

The client addition template.

Displays a form to create a new Client.

Parameters:
TEMPLATE oidc/client_edit.html
../_images/23d2023bc1d7f2497ea345e143683007.png

The client addition page.

The client edition template.

Displays a form to edit a Client.

Parameters:
TEMPLATE oidc/client_list.html
../_images/b1e64dd35789c4119d6abda495d599bf.png

The list of OIDC clients.

Displays a paginated list of Client.

Parameters:
../_images/387866650b61566bc6a7b96cd11a6fb3.png

The consented applications list.

The consented applications list.

Display a list of clients for which users have given or revoked their consent.

Parameters:
  • scope_details (dict) – Description of the OIDC scopes.

  • ignored_scopes (list) – The scopes to hide.

  • nb_consents (int) – The number of consents.

  • nb_preconsents (int) – The number of preconsented clients.

TEMPLATE oidc/logout.html

The OIDC logout template.

Used during OIDC RP-initiated logout, when an user confirmation is needed.

Parameters:
  • form (LogoutForm.) – The logout form.

  • client (Client) – The client requesting the logout.

TEMPLATE oidc/preconsent_list.html
../_images/1bdd95ff386f9d6da2dd75cdffb7cd20.png

The preconsented applications list.

The preconsented applications list.

Display a list of trusted clients for which it is implied that users don’t need to explicitly give their consent.

Parameters:
  • scope_details (dict) – Description of the OIDC scopes.

  • ignored_scopes (list) – The scopes to hide.

  • preconsented (list [ Client ]) – The list of implicitly consented clients.

  • nb_consents (int) – The number of consents.

  • nb_preconsents (int) – The number of preconsented clients.

TEMPLATE oidc/token_list.html
../_images/9c3d4c2f097b8b5a025174b8a64d57b7.png

The list of tokens.

The list of tokens.

Displays a paginated list of Token.

Parameters:
TEMPLATE oidc/token_view.html
../_images/327f103cd223b02568bb60d772d51215.png

The token view page.

The token view template.

Displays the details of a token Token.

Parameters:

Forms

class canaille.oidc.endpoints.forms.AuthorizeForm(*args, **kwargs)[source]

Bases: Form

class canaille.oidc.endpoints.forms.ClientAddForm(*args, **kwargs)[source]

Bases: Form

audience = <UnboundField(SelectMultipleField, (l'Token audiences',), {'validators': [<wtforms.validators.Optional object>], 'choices': <function _client_audiences>, 'validate_choice': False, 'coerce': <canaille.app.forms.IDToModel object>})>
client_name = <UnboundField(StringField, (l'Name',), {'validators': [<wtforms.validators.DataRequired object>], 'render_kw': {'placeholder': 'Client Name'}})>
client_uri = <UnboundField(URLField, (l'URI',), {'validators': [<wtforms.validators.DataRequired object>, <function is_uri>], 'render_kw': {'placeholder': 'https://mydomain.example'}})>
contacts = <UnboundField(FieldList, (<UnboundField(EmailField, (l'Contacts',), {'validators': [<wtforms.validators.Optional object>, <function email_validator>], 'render_kw': {'placeholder': 'admin@mydomain.example'}})>,), {'min_entries': 1, 'validators': [<function unique_values>]})>
grant_types = <UnboundField(SelectMultipleField, (l'Grant types',), {'validators': [<wtforms.validators.DataRequired object>], 'choices': [('password', 'password'), ('authorization_code', 'authorization_code'), ('implicit', 'implicit'), ('hybrid', 'hybrid'), ('refresh_token', 'refresh_token'), ('client_credentials', 'client_credentials')], 'default': ['authorization_code', 'refresh_token']})>
jwk = <UnboundField(StringField, (l'JWK',), {'validators': [<wtforms.validators.Optional object>], 'render_kw': {'placeholder': ''}})>
jwks_uri = <UnboundField(URLField, (l'JKW URI',), {'validators': [<wtforms.validators.Optional object>, <function is_uri>], 'render_kw': {'placeholder': ''}})>
logo_uri = <UnboundField(URLField, (l'Logo URI',), {'validators': [<wtforms.validators.Optional object>, <function is_uri>], 'render_kw': {'placeholder': 'https://mydomain.example/logo.png'}})>
policy_uri = <UnboundField(URLField, (l'Policy URI',), {'validators': [<wtforms.validators.Optional object>, <function is_uri>], 'render_kw': {'placeholder': 'https://mydomain.example/policy.html'}})>
post_logout_redirect_uris = <UnboundField(FieldList, (<UnboundField(URLField, (l'Post logout redirect URIs',), {'validators': [<wtforms.validators.Optional object>, <function is_uri>], 'render_kw': {'placeholder': 'https://mydomain.example/you-have-been-disconnected'}})>,), {'min_entries': 1, 'validators': [<function unique_values>]})>
preconsent = <UnboundField(BooleanField, (l'Pre-consent',), {'validators': [<wtforms.validators.Optional object>], 'default': False})>
redirect_uris = <UnboundField(FieldList, (<UnboundField(URLField, (l'Redirect URIs',), {'validators': [<wtforms.validators.DataRequired object>, <function is_uri>], 'render_kw': {'placeholder': 'https://mydomain.example/callback'}})>,), {'min_entries': 1, 'validators': [<function unique_values>]})>
response_types = <UnboundField(SelectMultipleField, (l'Response types',), {'validators': [<wtforms.validators.DataRequired object>], 'choices': [('code', 'code'), ('token', 'token'), ('id_token', 'id_token')], 'default': ['code']})>
scope = <UnboundField(StringField, (l'Scope',), {'validators': [<wtforms.validators.Optional object>], 'default': 'openid profile email', 'render_kw': {'placeholder': 'openid profile'}})>
software_id = <UnboundField(StringField, (l'Software ID',), {'validators': [<wtforms.validators.Optional object>], 'render_kw': {'placeholder': 'xyz'}})>
software_version = <UnboundField(StringField, (l'Software Version',), {'validators': [<wtforms.validators.Optional object>], 'render_kw': {'placeholder': '1.0'}})>
token_endpoint_auth_method = <UnboundField(SelectField, (l'Token Endpoint Auth Method',), {'validators': [<wtforms.validators.DataRequired object>], 'choices': [('client_secret_basic', 'client_secret_basic'), ('client_secret_post', 'client_secret_post'), ('none', 'none')], 'default': 'client_secret_basic'})>
tos_uri = <UnboundField(URLField, (l'Terms of service URI',), {'validators': [<wtforms.validators.Optional object>, <function is_uri>], 'render_kw': {'placeholder': 'https://mydomain.example/tos.html'}})>
class canaille.oidc.endpoints.forms.LogoutForm(*args, **kwargs)[source]

Bases: Form

answer = <UnboundField(SubmitField, (), {})>
class canaille.oidc.endpoints.forms.TokenRevokationForm(*args, **kwargs)[source]

Bases: Form