From 44c8b7d9ea31971c02e6d10a137dd8c23017b27b Mon Sep 17 00:00:00 2001
From: Jin <22962980+JYC333@users.noreply.github.com>
Date: Fri, 28 Mar 2025 03:44:40 +0100
Subject: [PATCH] =?UTF-8?q?feat:=20=F0=9F=8E=B8=20improve=20oauth=20option?=
 =?UTF-8?q?=20page?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../options/multi_factor_authentication.ts    | 37 ++++++++++++-------
 src/public/translations/cn/translation.json   | 18 +++++----
 src/public/translations/en/translation.json   | 14 ++++---
 3 files changed, 42 insertions(+), 27 deletions(-)

diff --git a/src/public/app/widgets/type_widgets/options/multi_factor_authentication.ts b/src/public/app/widgets/type_widgets/options/multi_factor_authentication.ts
index 3a03a639e..927a9209a 100644
--- a/src/public/app/widgets/type_widgets/options/multi_factor_authentication.ts
+++ b/src/public/app/widgets/type_widgets/options/multi_factor_authentication.ts
@@ -91,13 +91,17 @@ const TPL_WEB = `
         </div>
 
         <div class="oauth-options" style="display: none;">
+            <p class="form-text">${t("multi_factor_authentication.oauth_description")}</p>
+            <div class="alert alert-warning" role="alert" style="font-weight: bold; color: red !important;">
+                ${t("multi_factor_authentication.oauth_description_warning")}
+            </div>
+            <div class="alert alert-warning missing-vars" role="alert" style="font-weight: bold; color: red !important; display: none;"></div>
+            <hr />
             <div class="col-md-6">
                 <span><b>${t("multi_factor_authentication.oauth_user_account")}</b></span><span class="user-account-name"> ${t("multi_factor_authentication.oauth_user_not_logged_in")}</span>
                 <br>
                 <span><b>${t("multi_factor_authentication.oauth_user_email")}</b></span><span class="user-account-email"> ${t("multi_factor_authentication.oauth_user_not_logged_in")}</span>
             </div>
-
-            <p class="form-text">${t("multi_factor_authentication.oauth_description")}</p>
         </div>
     </div>
 </div>
@@ -114,6 +118,7 @@ interface OAuthStatus {
     enabled: boolean;
     name?: string;
     email?: string;
+    missingVars?: string[];
 }
 
 interface TOTPStatus {
@@ -128,17 +133,17 @@ interface RecoveryKeysResponse {
 }
 
 export default class MultiFactorAuthenticationOptions extends OptionsWidget {
-    private $generateTotpButton!: JQuery<HTMLElement>;
-    private $generateRecoveryCodeButton!: JQuery<HTMLElement>;
-    private $UserAccountName!: JQuery<HTMLElement>;
-    private $UserAccountEmail!: JQuery<HTMLElement>;
-    private $recoveryKeys: JQuery<HTMLElement>[] = [];
-    private $protectedSessionTimeout!: JQuery<HTMLElement>;
     private $mfaEnabledCheckbox!: JQuery<HTMLElement>;
     private $mfaOptions!: JQuery<HTMLElement>;
     private $mfaMethodRadios!: JQuery<HTMLElement>;
     private $totpOptions!: JQuery<HTMLElement>;
+    private $generateTotpButton!: JQuery<HTMLElement>;
+    private $generateRecoveryCodeButton!: JQuery<HTMLElement>;
+    private $recoveryKeys: JQuery<HTMLElement>[] = [];
     private $oauthOptions!: JQuery<HTMLElement>;
+    private $UserAccountName!: JQuery<HTMLElement>;
+    private $UserAccountEmail!: JQuery<HTMLElement>;
+    private $missingVars!: JQuery<HTMLElement>;
 
     doRender() {
         const template = utils.isElectron() ? TPL_ELECTRON : TPL_WEB;
@@ -155,6 +160,7 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
             this.$oauthOptions = this.$widget.find(".oauth-options");
             this.$UserAccountName = this.$widget.find(".user-account-name");
             this.$UserAccountEmail = this.$widget.find(".user-account-email");
+            this.$missingVars = this.$widget.find(".missing-vars");
 
             this.$recoveryKeys = [];
             for (let i = 0; i < 8; i++) {
@@ -169,11 +175,6 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
                 await this.generateKey();
             });
 
-            this.$protectedSessionTimeout = this.$widget.find(".protected-session-timeout-in-seconds");
-            this.$protectedSessionTimeout.on("change", () => {
-                this.updateOption("protectedSessionTimeout", this.$protectedSessionTimeout.val());
-            });
-
             this.displayRecoveryKeys();
 
             this.$mfaEnabledCheckbox.on("change", () => {
@@ -305,6 +306,15 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
                 if (result.enabled) {
                     if (result.name) this.$UserAccountName.text(result.name);
                     if (result.email) this.$UserAccountEmail.text(result.email);
+                    this.$missingVars.hide();
+                } else {
+                    this.$UserAccountName.text(t("multi_factor_authentication.oauth_user_not_logged_in"));
+                    this.$UserAccountEmail.text(t("multi_factor_authentication.oauth_user_not_logged_in"));
+                    if (result.missingVars && result.missingVars.length > 0) {
+                        this.$missingVars.show();
+                        const missingVarsList = result.missingVars.map(v => `"${v}"`).join(", ");
+                        this.$missingVars.html(`${t("multi_factor_authentication.oauth_missing_vars")}: ${missingVarsList}`);
+                    }
                 }
             });
 
@@ -313,7 +323,6 @@ export default class MultiFactorAuthenticationOptions extends OptionsWidget {
                     this.$generateTotpButton.text(t("multi_factor_authentication.totp_secret_regenerate"));
                 }
             });
-            this.$protectedSessionTimeout.val(Number(options.protectedSessionTimeout));
         }
     }
 }
diff --git a/src/public/translations/cn/translation.json b/src/public/translations/cn/translation.json
index 4fef624d0..9e11925c4 100644
--- a/src/public/translations/cn/translation.json
+++ b/src/public/translations/cn/translation.json
@@ -1300,14 +1300,11 @@
     "password_changed_success": "密码已更改。按 OK 后 Trilium 将重载。"
   },
   "multi_factor_authentication": {
-    "title": "多因素认证",
+    "title": "多因素认证（MFA）",
     "description": "多因素认证（MFA）为您的账户添加了额外的安全层。除了输入密码登录外，MFA还要求您提供一个或多个额外的验证信息来验证您的身份。这样，即使有人获得了您的密码，没有第二个验证信息他们也无法访问您的账户。这就像给您的门添加了一把额外的锁，让他人更难闯入。",
+    "mfa_enabled": "启用多因素认证",
+    "mfa_method": "MFA 方法",
     "electron_disabled": "当前桌面版本不支持多因素认证。",
-    "oauth_title": "OAuth/OpenID 认证",
-    "oauth_user_account": "用户账号：",
-    "oauth_user_email": "用户邮箱：",
-    "oauth_user_not_logged_in": "未登录！",
-    "oauth_description": "OpenID 是一种标准化的方式，允许您使用其他服务（如 Google）的账号来登录网站，以验证您的身份。",
     "totp_title": "基于时间的一次性密码（TOTP）",
     "totp_description": "TOTP（基于时间的一次性密码）是一种安全功能，它会生成一个每30秒变化的唯一临时代码。您需要使用这个代码和您的密码一起登录账户，这使得他人更难访问您的账户。",
     "totp_secret_title": "生成 TOTP 密钥",
@@ -1323,7 +1320,14 @@
     "recovery_keys_error": "生成恢复代码时出错",
     "recovery_keys_no_key_set": "未设置恢复代码",
     "recovery_keys_generate": "生成恢复代码",
-    "recovery_keys_regenerate": "重新生成恢复代码"
+    "recovery_keys_regenerate": "重新生成恢复代码",
+    "oauth_title": "OAuth/OpenID 认证",
+    "oauth_description": "OpenID 是一种标准化方式，允许您使用其他服务（如 Google）的账户登录网站，以验证您的身份。请参阅这些 <a href=\"https://developers.google.com/identity/openid-connect/openid-connect\">指南</a> 通过 Google 设置 OpenID 服务。",
+    "oauth_description_warning": "要启用 OAuth/OpenID，您需要设置 config.ini 文件中的 OAuth/OpenID 基础 URL、客户端 ID 和客户端密钥。",
+    "oauth_missing_vars": "缺少变量：",
+    "oauth_user_account": "用户账号：",
+    "oauth_user_email": "用户邮箱：",
+    "oauth_user_not_logged_in": "未登录！"
   },
   "shortcuts": {
     "keyboard_shortcuts": "快捷键",
diff --git a/src/public/translations/en/translation.json b/src/public/translations/en/translation.json
index b5b524f59..0f038a1e9 100644
--- a/src/public/translations/en/translation.json
+++ b/src/public/translations/en/translation.json
@@ -1316,11 +1316,6 @@
     "mfa_enabled": "Enable Multi-Factor Authentication",
     "mfa_method": "MFA Method",
     "electron_disabled": "Multi-Factor Authentication is not supported in the desktop build currently.",
-    "oauth_title": "OAuth/OpenID",
-    "oauth_user_account": "User Account:",
-    "oauth_user_email": "User Email:",
-    "oauth_user_not_logged_in": "Not logged in!",
-    "oauth_description": "OpenID is a standardized way to let you log into websites using an account from another service, like Google, to verify your identity.",
     "totp_title": "Time-based One-Time Password (TOTP)",
     "totp_description": "TOTP (Time-Based One-Time Password) is a security feature that generates a unique, temporary code which changes every 30 seconds. You use this code, along with your password to log into your account, making it much harder for anyone else to access it.",
     "totp_secret_title": "Generate TOTP Secret",
@@ -1336,7 +1331,14 @@
     "recovery_keys_error": "Error generating recovery codes",
     "recovery_keys_no_key_set": "No recovery codes set",
     "recovery_keys_generate": "Generate Recovery Codes",
-    "recovery_keys_regenerate": "Regenerate Recovery Codes"
+    "recovery_keys_regenerate": "Regenerate Recovery Codes",
+    "oauth_title": "OAuth/OpenID",
+    "oauth_description": "OpenID is a standardized way to let you log into websites using an account from another service, like Google, to verify your identity. Follow these <a href=\"https://developers.google.com/identity/openid-connect/openid-connect\">instructions</a> to setup an OpenID service through google.",
+    "oauth_description_warning": "To enable OAuth/OpenID, you need to set the OAuth/OpenID base URL, client ID and client secret in the config.ini file.",
+    "oauth_missing_vars": "Missing variables: ",
+    "oauth_user_account": "User Account:",
+    "oauth_user_email": "User Email:",
+    "oauth_user_not_logged_in": "Not logged in!"
   },
   "shortcuts": {
     "keyboard_shortcuts": "Keyboard Shortcuts",