diff --git a/templates/zerver/authentication_backends/apple-error.html b/templates/zerver/authentication_backends/apple-error.html
deleted file mode 100644
index 3413772eb3..0000000000
--- a/templates/zerver/authentication_backends/apple-error.html
+++ /dev/null
@@ -1,28 +0,0 @@
-
- You are attempting to use the Apple auth backend, but it is
- not properly configured. To configure, please check the following:
-
-
- -
- You have registered
-
{{ root_domain_url }}/complete/apple/ as the callback URL
- for your Services ID in Apple’s developer console. You can enable “Sign
- in with Apple” for an app at
- Certificates,
- Identifiers & Profiles.
-
- -
- You have set
SOCIAL_AUTH_APPLE_SERVICES_ID,
- SOCIAL_AUTH_APPLE_APP_ID,
- SOCIAL_AUTH_APPLE_TEAM, and
- SOCIAL_AUTH_APPLE_KEY in
- {{ settings_path }}
- and stored the private key provided by Apple at
- /etc/zulip/apple-auth-key.p8 on the Zulip server, with
- proper permissions set.
-
- -
- Navigate back to the login page and attempt the “Sign in with Apple”
- flow again.
-
-
diff --git a/templates/zerver/authentication_backends/dev-not-supported-error.html b/templates/zerver/authentication_backends/dev-not-supported-error.html
deleted file mode 100644
index a41487b7e5..0000000000
--- a/templates/zerver/authentication_backends/dev-not-supported-error.html
+++ /dev/null
@@ -1,19 +0,0 @@
-
- You attempted to use the DevAuthBackend authentication method,
- which is used for logging in without a password in the Zulip development
- environment.
-
-This backend is not available for this realm, either because:
-
- - This Zulip server is configured as a production server.
- -
-
DevAuthBackend is disabled in
- AUTHENTICATION_BACKENDS in
- {{ settings_path }}.
-
- -
- You disabled this authentication backend in
- this realm’s
- authentication settings.
-
-
diff --git a/templates/zerver/authentication_backends/github-error.html b/templates/zerver/authentication_backends/github-error.html
deleted file mode 100644
index 2e14562450..0000000000
--- a/templates/zerver/authentication_backends/github-error.html
+++ /dev/null
@@ -1,23 +0,0 @@
-
- You are attempting to use the GitHub auth backend, but it
- is not properly configured. To configure, please check the following:
-
-
- -
- You have added
-
{{ root_domain_url }}/complete/github/ as the callback URL
- in the OAuth application in GitHub. You can create OAuth apps from
- GitHub’s developer
- site.
-
- -
- You have set
{{ client_id_key_name }} in
- {{ settings_path }} and
- social_auth_github_secret in
- {{ secrets_path }} with the values from your OAuth
- application.
-
- -
- Navigate back to the login page and attempt the GitHub auth flow again.
-
-
diff --git a/templates/zerver/authentication_backends/gitlab-error.html b/templates/zerver/authentication_backends/gitlab-error.html
deleted file mode 100644
index edddbc1848..0000000000
--- a/templates/zerver/authentication_backends/gitlab-error.html
+++ /dev/null
@@ -1,23 +0,0 @@
-
- You are attempting to use the GitLab auth backend, but it
- is not properly configured. To configure, please check the following:
-
-
- -
- You have added
-
{{ root_domain_url }}/complete/gitlab/ as the callback URL
- in the OAuth application in GitLab. You can register OAuth apps at
- GitLab
- applications.
-
- -
- You have set
{{ client_id_key_name }} in
- {{ settings_path }} and
- social_auth_gitlab_secret in
- {{ secrets_path }} with the values from your OAuth
- application.
-
- -
- Navigate back to the login page and attempt the GitLab auth flow again.
-
-
diff --git a/templates/zerver/authentication_backends/google-error.html b/templates/zerver/authentication_backends/google-error.html
deleted file mode 100644
index 7db36e0933..0000000000
--- a/templates/zerver/authentication_backends/google-error.html
+++ /dev/null
@@ -1,26 +0,0 @@
-
- You are attempting to use the Google auth backend, but it
- is not properly configured. To configure, please check the following:
-
-
- -
- You have created a Google OAuth2 client and enabled the Identity Toolkit
- API. You can create OAuth2 apps at
- the Google developer
- console.
-
- -
- You have configured your OAuth2 client to allow redirects to your
- server’s Google auth URL:
-
{{ root_domain_url }}/complete/google/.
-
- -
- You have set
{{ client_id_key_name }} in
- {{ settings_path }} and
- social_auth_google_secret in
- {{ secrets_path }}.
-
- -
- Navigate back to the login page and attempt the Google auth flow again.
-
-
diff --git a/templates/zerver/config_error.html b/templates/zerver/config_error.html
deleted file mode 100644
index cb2f9ef489..0000000000
--- a/templates/zerver/config_error.html
+++ /dev/null
@@ -1,121 +0,0 @@
-{% extends "zerver/portico.html" %}
-
-{% block title %}
-{{ _("Configuration error") }} | Zulip
-{% endblock %}
-
-{% block portico_content %}
-
-
-
-
-
 }})
-
-
-
{{ _("Configuration error") }}
-
- {% if error_name == "ldap" %}
- {% trans %}
- You are trying to log in using LDAP without creating an
- organization first. Please use EmailAuthBackend to create
- your organization and then try again.
- {% endtrans %}
- {% endif %}
-
- {% if error_name == "smtp" %}
-
- It appears there are problems with the
- email configuration.
-
- {% if not development_environment %}
-
- See /var/log/zulip/errors.log for more
- details on the error.
-
-
- You may also want to test your email configuration,
- as described in the
- Production installation docs.
-
- {% else %}
-
- Please have a look at our
- setup guide
- for forwarding emails sent in development
- environment to an email account.
-
- {% endif %}
- {% endif %}
-
- {% if error_name == "dev_not_supported" %}
- {% include "zerver/authentication_backends/dev-not-supported-error.html" %}
- {% endif %}
-
- {% if has_error_template %}
- {% if development_environment %}
- {% with %}
- {% set settings_path = secrets_path %}
- {% set client_id_key_name = "social_auth_" + error_name + "_key" %}
- {% include "zerver/authentication_backends/" + error_name + "-error.html" %}
- {% endwith %}
-
- For more information, have a look at
- the authentication
- setup guide for the development environment.
-
- {% else %}
- {% with %}
- {% set client_id_key_name = "SOCIAL_AUTH_" + error_name.upper() + "_KEY" %}
- {% include "zerver/authentication_backends/" + error_name + "-error.html" %}
- {% endwith %}
-
- For more information, have a look at
- our authentication
- setup guide and the comments in {{ settings_comments_path }}.
-
- {% endif %}
- {% endif %}
-
- {% if error_name == "saml" %}
-
- SAML authentication is either not enabled or misconfigured. Have a look at
- our setup guide.
-
- {% if development_environment %}
-
- See also the
- SAML guide
- for the development environment.
-
- {% endif %}
- {% endif %}
-
- {% if error_name == "remote_user_backend_disabled" %}
-
- Authentication via the REMOTE_USER header is
- disabled in `/etc/zulip/settings.py`.
-
- {% endif %}
- {% if error_name == "remote_user_header_missing" %}
-
- The REMOTE_USER header is not set.
-
- {% endif %}
- {% if error_name == "oidc" %}
- {# TODO: Improve the config error page for OIDC #}
-
- The OpenID Connect backend is not configured correctly.
-
- {% endif %}
-
-
After making your changes, remember to restart
- the Zulip server.
-
Refresh to try again or click here to go back to the login page.
-
-
-
-
-
-
+ You are attempting to use the Apple auth backend, but it is
+ not properly configured. To configure, please check the following:
+
+
+ -
+ You have registered
+
{{ root_domain_url }}/complete/apple/ as the callback URL
+ for your Services ID in Apple’s developer console. You can enable “Sign
+ in with Apple” for an app at
+ Certificates,
+ Identifiers & Profiles.
+
+ -
+ You have set
SOCIAL_AUTH_APPLE_SERVICES_ID,
+ SOCIAL_AUTH_APPLE_APP_ID,
+ SOCIAL_AUTH_APPLE_TEAM, and
+ SOCIAL_AUTH_APPLE_KEY in
+ {{ auth_settings_path }}
+ and stored the private key provided by Apple at
+ /etc/zulip/apple-auth-key.p8 on the Zulip server, with
+ proper permissions set.
+
+ -
+ Navigate back to the login page and attempt the “Sign in with Apple”
+ flow again.
+
+
+ {{ super() }}
+{% endblock %}
diff --git a/templates/zerver/config_error/container.html b/templates/zerver/config_error/container.html
new file mode 100644
index 0000000000..efa2698fe4
--- /dev/null
+++ b/templates/zerver/config_error/container.html
@@ -0,0 +1,28 @@
+{% extends "zerver/portico.html" %}
+
+{% block title %}
+{{ _("Configuration error") }} | Zulip
+{% endblock %}
+
+{% block portico_content %}
+
+
+
+
+
+
+
{{ _("Configuration error") }}
+
+ {% block error_content %}
+ {% endblock %}
+
+
After making your changes, remember to restart
+ the Zulip server.
+
Refresh to try again or click here to go back to the login page.
+
+
+
+
+
+
+ You attempted to use the DevAuthBackend authentication method,
+ which is used for logging in without a password in the Zulip development
+ environment.
+
+ This backend is not available for this realm, either because:
+
+ - This Zulip server is configured as a production server.
+ -
+
DevAuthBackend is disabled in
+ AUTHENTICATION_BACKENDS in
+ {{ auth_settings_path }}.
+
+ -
+ You disabled this authentication backend in
+ this realm’s
+ authentication settings.
+
+
+{% endblock %}
diff --git a/templates/zerver/config_error/github.html b/templates/zerver/config_error/github.html
new file mode 100644
index 0000000000..ddc8c78190
--- /dev/null
+++ b/templates/zerver/config_error/github.html
@@ -0,0 +1,28 @@
+{% extends "zerver/config_error/social-container.html" %}
+
+{% block error_content %}
+
+ You are attempting to use the GitHub auth backend, but it
+ is not properly configured. To configure, please check the following:
+
+
+ -
+ You have added
+
{{ root_domain_url }}/complete/github/ as the callback URL
+ in the OAuth application in GitHub. You can create OAuth apps from
+ GitHub’s developer
+ site.
+
+ -
+ You have set
{{ client_id_key_name }} in
+ {{ auth_settings_path }} and
+ social_auth_github_secret in
+ {{ secrets_path }} with the values from your OAuth
+ application.
+
+ -
+ Navigate back to the login page and attempt the GitHub auth flow again.
+
+
+ {{ super() }}
+{% endblock %}
diff --git a/templates/zerver/config_error/gitlab.html b/templates/zerver/config_error/gitlab.html
new file mode 100644
index 0000000000..ee2f2f7b16
--- /dev/null
+++ b/templates/zerver/config_error/gitlab.html
@@ -0,0 +1,28 @@
+{% extends "zerver/config_error/social-container.html" %}
+
+{% block error_content %}
+
+ You are attempting to use the GitLab auth backend, but it
+ is not properly configured. To configure, please check the following:
+
+
+ -
+ You have added
+
{{ root_domain_url }}/complete/gitlab/ as the callback URL
+ in the OAuth application in GitLab. You can register OAuth apps at
+ GitLab
+ applications.
+
+ -
+ You have set
{{ client_id_key_name }} in
+ {{ auth_settings_path }} and
+ social_auth_gitlab_secret in
+ {{ secrets_path }} with the values from your OAuth
+ application.
+
+ -
+ Navigate back to the login page and attempt the GitLab auth flow again.
+
+
+ {{ super() }}
+{% endblock %}
diff --git a/templates/zerver/config_error/google.html b/templates/zerver/config_error/google.html
new file mode 100644
index 0000000000..d3f6c70c10
--- /dev/null
+++ b/templates/zerver/config_error/google.html
@@ -0,0 +1,31 @@
+{% extends "zerver/config_error/social-container.html" %}
+
+{% block error_content %}
+
+ You are attempting to use the Google auth backend, but it
+ is not properly configured. To configure, please check the following:
+
+
+ -
+ You have created a Google OAuth2 client and enabled the Identity Toolkit
+ API. You can create OAuth2 apps at
+ the Google developer
+ console.
+
+ -
+ You have configured your OAuth2 client to allow redirects to your
+ server’s Google auth URL:
+
{{ root_domain_url }}/complete/google/.
+
+ -
+ You have set
{{ client_id_key_name }} in
+ {{ auth_settings_path }} and
+ social_auth_google_secret in
+ {{ secrets_path }}.
+
+ -
+ Navigate back to the login page and attempt the Google auth flow again.
+
+
+ {{ super() }}
+{% endblock %}
diff --git a/templates/zerver/config_error/ldap.html b/templates/zerver/config_error/ldap.html
new file mode 100644
index 0000000000..f0970a8125
--- /dev/null
+++ b/templates/zerver/config_error/ldap.html
@@ -0,0 +1,9 @@
+{% extends "zerver/config_error/container.html" %}
+
+{% block error_content %}
+ {% trans %}
+ You are trying to log in using LDAP without creating an
+ organization first. Please use EmailAuthBackend to create
+ your organization and then try again.
+ {% endtrans %}
+{% endblock %}
diff --git a/templates/zerver/config_error/oidc.html b/templates/zerver/config_error/oidc.html
new file mode 100644
index 0000000000..93071fac2b
--- /dev/null
+++ b/templates/zerver/config_error/oidc.html
@@ -0,0 +1,8 @@
+{% extends "zerver/config_error/container.html" %}
+
+{% block error_content %}
+ {# TODO: Improve the config error page for OIDC #}
+
+ The OpenID Connect backend is not configured correctly.
+
+{% endblock %}
diff --git a/templates/zerver/config_error/remote_user_backend_disabled.html b/templates/zerver/config_error/remote_user_backend_disabled.html
new file mode 100644
index 0000000000..7cd85a9642
--- /dev/null
+++ b/templates/zerver/config_error/remote_user_backend_disabled.html
@@ -0,0 +1,8 @@
+{% extends "zerver/config_error/container.html" %}
+
+{% block error_content %}
+
+ Authentication via the REMOTE_USER header is
+ disabled in `/etc/zulip/settings.py`.
+
+{% endblock %}
diff --git a/templates/zerver/config_error/remote_user_header_missing.html b/templates/zerver/config_error/remote_user_header_missing.html
new file mode 100644
index 0000000000..eaa711d1cc
--- /dev/null
+++ b/templates/zerver/config_error/remote_user_header_missing.html
@@ -0,0 +1,7 @@
+{% extends "zerver/config_error/container.html" %}
+
+{% block error_content %}
+
+ The REMOTE_USER header is not set.
+
+{% endblock %}
diff --git a/templates/zerver/config_error/saml.html b/templates/zerver/config_error/saml.html
new file mode 100644
index 0000000000..991140f0d5
--- /dev/null
+++ b/templates/zerver/config_error/saml.html
@@ -0,0 +1,15 @@
+{% extends "zerver/config_error/container.html" %}
+
+{% block error_content %}
+
+ SAML authentication is either not enabled or misconfigured. Have a look at
+ our setup guide.
+
+ {% if development_environment %}
+
+ See also the
+ SAML guide
+ for the development environment.
+
+ {% endif %}
+{% endblock %}
diff --git a/templates/zerver/config_error/smtp.html b/templates/zerver/config_error/smtp.html
new file mode 100644
index 0000000000..c7c11eb646
--- /dev/null
+++ b/templates/zerver/config_error/smtp.html
@@ -0,0 +1,26 @@
+{% extends "zerver/config_error/container.html" %}
+
+{% block error_content %}
+
+ It appears there are problems with the
+ email configuration.
+
+ {% if not development_environment %}
+
+ See /var/log/zulip/errors.log for more
+ details on the error.
+
+
+ You may also want to test your email configuration,
+ as described in the
+ Production installation docs.
+
+ {% else %}
+
+ Please have a look at our
+ setup guide
+ for forwarding emails sent in development
+ environment to an email account.
+
+ {% endif %}
+{% endblock %}
diff --git a/templates/zerver/config_error/social-container.html b/templates/zerver/config_error/social-container.html
new file mode 100644
index 0000000000..13d84280b9
--- /dev/null
+++ b/templates/zerver/config_error/social-container.html
@@ -0,0 +1,17 @@
+{% extends "zerver/config_error/container.html" %}
+
+{% block error_content %}
+ {% if development %}
+
+ For more information, have a look at the
+ authentication setup guide
+ for the development environment.
+
+ {% else %}
+
+ For more information, have a look at our
+ authentication setup guide
+ and the comments in {{ settings_comments_path }}.
+
+ {% endif %}
+{% endblock %}
diff --git a/tools/linter_lib/custom_check.py b/tools/linter_lib/custom_check.py
index 59ad1401dd..1fc8d30d36 100644
--- a/tools/linter_lib/custom_check.py
+++ b/tools/linter_lib/custom_check.py
@@ -697,7 +697,7 @@ html_rules: List["Rule"] = [
"web/templates/popovers/user_card/user_card_popover_avatar.hbs",
"web/templates/confirm_dialog/confirm_subscription_invites_warning.hbs",
"templates/zerver/reset_confirm.html",
- "templates/zerver/config_error.html",
+ "templates/zerver/config_error/container.html",
"templates/zerver/dev_env_email_access_details.html",
"templates/zerver/confirm_continue_registration.html",
"templates/zerver/register.html",
diff --git a/zerver/views/errors.py b/zerver/views/errors.py
index 278302588e..9042d1c937 100644
--- a/zerver/views/errors.py
+++ b/zerver/views/errors.py
@@ -1,17 +1,18 @@
-from typing import Dict
-
+from django.conf import settings
from django.http import HttpRequest, HttpResponse
from django.shortcuts import render
-def config_error(request: HttpRequest, error_category_name: str) -> HttpResponse:
- contexts: Dict[str, Dict[str, object]] = {
- "apple": {"social_backend_name": "apple", "has_error_template": True},
- "google": {"social_backend_name": "google", "has_error_template": True},
- "github": {"social_backend_name": "github", "has_error_template": True},
- "gitlab": {"social_backend_name": "gitlab", "has_error_template": True},
+def config_error(request: HttpRequest, error_name: str) -> HttpResponse:
+ assert "/" not in error_name
+ context = {
+ "error_name": error_name,
}
+ if settings.DEVELOPMENT:
+ context["auth_settings_path"] = "zproject/dev-secrets.conf"
+ context["client_id_key_name"] = f"social_auth_{error_name}_key"
+ else:
+ context["auth_settings_path"] = "/etc/zulip/settings.py"
+ context["client_id_key_name"] = f"SOCIAL_AUTH_{error_name.upper()}_KEY"
- context = contexts.get(error_category_name, {})
- context["error_name"] = error_category_name
- return render(request, "zerver/config_error.html", context)
+ return render(request, f"zerver/config_error/{error_name}.html", context)
diff --git a/zproject/dev_urls.py b/zproject/dev_urls.py
index 8b19719910..7e5c4abad4 100644
--- a/zproject/dev_urls.py
+++ b/zproject/dev_urls.py
@@ -91,7 +91,7 @@ urls = [
"devtools/integrations/send_all_webhook_fixture_messages", send_all_webhook_fixture_messages
),
path("devtools/integrations//fixtures", get_fixtures),
- path("config-error/", config_error, name="config_error"),
+ path("config-error/", config_error, name="config_error"),
# Special endpoint to remove all the server-side caches.
path("flush_caches", remove_caches),
# Redirect camo URLs for development