release: 0.29.0

chore: save caddy logs to caddy.log
refactor: run formatter
2024-07-30 08:43:30 +02:00 · 2024-07-30 08:43:11 +02:00 · 2024-07-30 08:39:22 +02:00 · 2024-07-30 08:27:36 +02:00 · 2024-07-30 08:26:56 +02:00 · 2024-07-28 16:09:31 +02:00
66 changed files with 1063 additions and 214 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,37 @@
+## [0.29.0](https://github.com/stonith404/pingvin-share/compare/v0.28.0...v0.29.0) (2024-07-30)
+
+
+### Features
+
+* add more options to reverse shares ([#495](https://github.com/stonith404/pingvin-share/issues/495)) ([fe735f9](https://github.com/stonith404/pingvin-share/commit/fe735f9704c9d96398f3127a559e17848b08d140)), closes [#155](https://github.com/stonith404/pingvin-share/issues/155)
+* sort share files by name by default ([27ee9fb](https://github.com/stonith404/pingvin-share/commit/27ee9fb6cb98177661bed20a0baa399b27e70b7e))
+
+
+### Reverts
+
+* Revert "fix: set max age of access token cookie to 15 minutes" ([14c2185](https://github.com/stonith404/pingvin-share/commit/14c2185e6f1a81d63e25fbeec3e30a54cf6a44c5))
+
+## [0.28.0](https://github.com/stonith404/pingvin-share/compare/v0.27.0...v0.28.0) (2024-07-22)
+
+
+### Features
+
+* **auth:** Add role-based access management from OpenID Connect ([#535](https://github.com/stonith404/pingvin-share/issues/535)) ([70fd2d9](https://github.com/stonith404/pingvin-share/commit/70fd2d94be3411cc430f5c56e522028398127efb))
+
+
+### Bug Fixes
+
+* store only 10 share tokens in the cookies and clear the expired ones ([e5a0c64](https://github.com/stonith404/pingvin-share/commit/e5a0c649e36e0db419d04446affe2564c45cf321))
+
+## [0.27.0](https://github.com/stonith404/pingvin-share/compare/v0.26.0...v0.27.0) (2024-07-11)
+
+
+### Features
+
+* add logs for successful registration, successful login and failed login ([d2bfb9a](https://github.com/stonith404/pingvin-share/commit/d2bfb9a55fdad6a05377b8552471cf1151304c90))
+* **auth:** Allow to hide username / password login form when OAuth is enabled ([#518](https://github.com/stonith404/pingvin-share/issues/518)) ([e1a68f7](https://github.com/stonith404/pingvin-share/commit/e1a68f75f7b034f1ef9e45f26de584f13e355589)), closes [#489](https://github.com/stonith404/pingvin-share/issues/489)
+* **smtp:** allow unauthorized mail server certificates ([#525](https://github.com/stonith404/pingvin-share/issues/525)) ([083d82c](https://github.com/stonith404/pingvin-share/commit/083d82c28b835c178f076e89ef8f5885e8ea31cb))
+
 ## [0.26.0](https://github.com/stonith404/pingvin-share/compare/v0.25.0...v0.26.0) (2024-07-03)


--- a/5
+++ b/5
@@ -57,4 +57,7 @@ EXPOSE 3000
 HEALTHCHECK --interval=10s --timeout=3s CMD curl -f http://localhost:3000/api/health || exit 1

 # Application startup updated for Caddy
-CMD cp -rn /tmp/img/* /opt/app/frontend/public/img && caddy run --config /etc/caddy/Caddyfile & PORT=3333 HOSTNAME=0.0.0.0 node frontend/server.js & cd backend && npm run prod
+CMD cp -rn /tmp/img/* /opt/app/frontend/public/img && \
+ caddy run --config /etc/caddy/Caddyfile 2> caddy.log & \
+ PORT=3333 HOSTNAME=0.0.0.0 node frontend/server.js & \
+ cd backend && npm run prod
--- a/backend/package-lock.json
+++ b/backend/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "pingvin-share-backend",
-  "version": "0.26.0",
+  "version": "0.29.0",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "pingvin-share-backend",
-      "version": "0.26.0",
+      "version": "0.29.0",
      "dependencies": {
        "@nestjs/cache-manager": "^2.2.2",
        "@nestjs/common": "^10.3.9",
@@ -19,6 +19,7 @@
        "@nestjs/swagger": "^7.3.1",
        "@nestjs/throttler": "^5.2.0",
        "@prisma/client": "^5.16.1",
+        "@types/jmespath": "^0.15.2",
        "archiver": "^7.0.1",
        "argon2": "^0.40.3",
        "body-parser": "^1.20.2",
@@ -28,6 +29,7 @@
        "class-validator": "^0.14.1",
        "content-disposition": "^0.5.4",
        "cookie-parser": "^1.4.6",
+        "jmespath": "^0.16.0",
        "mime-types": "^2.1.35",
        "moment": "^2.30.1",
        "nanoid": "^3.3.7",
@@ -1994,6 +1996,12 @@
        "@types/range-parser": "*"
      }
    },
+    "node_modules/@types/jmespath": {
+      "version": "0.15.2",
+      "resolved": "https://registry.npmjs.org/@types/jmespath/-/jmespath-0.15.2.tgz",
+      "integrity": "sha512-pegh49FtNsC389Flyo9y8AfkVIZn9MMPE9yJrO9svhq6Fks2MwymULWjZqySuxmctd3ZH4/n7Mr98D+1Qo5vGA==",
+      "license": "MIT"
+    },
    "node_modules/@types/json-schema": {
      "version": "7.0.12",
      "resolved": "https://registry.npmjs.org/@types/json-schema/-/json-schema-7.0.12.tgz",
@@ -5523,6 +5531,15 @@
        "url": "https://github.com/chalk/supports-color?sponsor=1"
      }
    },
+    "node_modules/jmespath": {
+      "version": "0.16.0",
+      "resolved": "https://registry.npmjs.org/jmespath/-/jmespath-0.16.0.tgz",
+      "integrity": "sha512-9FzQjJ7MATs1tSpnco1K6ayiYE3figslrXA72G2HQ/n76RzvYlofyi5QM+iX4YRs/pu3yzxlVQSST23+dMDknw==",
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">= 0.6.0"
+      }
+    },
    "node_modules/joi": {
      "version": "17.11.0",
      "resolved": "https://registry.npmjs.org/joi/-/joi-17.11.0.tgz",
--- a/backend/package.json
+++ b/backend/package.json
@@ -1,6 +1,6 @@
 {
  "name": "pingvin-share-backend",
-  "version": "0.26.0",
+  "version": "0.29.0",
  "scripts": {
    "build": "nest build",
    "dev": "cross-env NODE_ENV=development nest start --watch",
@@ -24,6 +24,7 @@
    "@nestjs/swagger": "^7.3.1",
    "@nestjs/throttler": "^5.2.0",
    "@prisma/client": "^5.16.1",
+    "@types/jmespath": "^0.15.2",
    "archiver": "^7.0.1",
    "argon2": "^0.40.3",
    "body-parser": "^1.20.2",
@@ -33,6 +34,7 @@
    "class-validator": "^0.14.1",
    "content-disposition": "^0.5.4",
    "cookie-parser": "^1.4.6",
+    "jmespath": "^0.16.0",
    "mime-types": "^2.1.35",
    "moment": "^2.30.1",
    "nanoid": "^3.3.7",
--- a/backend/prisma/migrations/20240609145325_add_simplied_field_for_reverse_share/migration.sql
+++ b/backend/prisma/migrations/20240609145325_add_simplied_field_for_reverse_share/migration.sql
@@ -0,0 +1,20 @@
+-- RedefineTables
+PRAGMA foreign_keys=OFF;
+CREATE TABLE "new_ReverseShare" (
+    "id" TEXT NOT NULL PRIMARY KEY,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "token" TEXT NOT NULL,
+    "shareExpiration" DATETIME NOT NULL,
+    "maxShareSize" TEXT NOT NULL,
+    "sendEmailNotification" BOOLEAN NOT NULL,
+    "remainingUses" INTEGER NOT NULL,
+    "simplified" BOOLEAN NOT NULL DEFAULT false,
+    "creatorId" TEXT NOT NULL,
+    CONSTRAINT "ReverseShare_creatorId_fkey" FOREIGN KEY ("creatorId") REFERENCES "User" ("id") ON DELETE CASCADE ON UPDATE CASCADE
+);
+INSERT INTO "new_ReverseShare" ("createdAt", "creatorId", "id", "maxShareSize", "remainingUses", "sendEmailNotification", "shareExpiration", "token") SELECT "createdAt", "creatorId", "id", "maxShareSize", "remainingUses", "sendEmailNotification", "shareExpiration", "token" FROM "ReverseShare";
+DROP TABLE "ReverseShare";
+ALTER TABLE "new_ReverseShare" RENAME TO "ReverseShare";
+CREATE UNIQUE INDEX "ReverseShare_token_key" ON "ReverseShare"("token");
+PRAGMA foreign_key_check;
+PRAGMA foreign_keys=ON;
--- a/backend/prisma/migrations/20240725141038_add_public_access_field_for_reverse_share/migration.sql
+++ b/backend/prisma/migrations/20240725141038_add_public_access_field_for_reverse_share/migration.sql
@@ -0,0 +1,22 @@
+-- RedefineTables
+PRAGMA defer_foreign_keys=ON;
+PRAGMA foreign_keys=OFF;
+CREATE TABLE "new_ReverseShare" (
+    "id" TEXT NOT NULL PRIMARY KEY,
+    "createdAt" DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    "token" TEXT NOT NULL,
+    "shareExpiration" DATETIME NOT NULL,
+    "maxShareSize" TEXT NOT NULL,
+    "sendEmailNotification" BOOLEAN NOT NULL,
+    "remainingUses" INTEGER NOT NULL,
+    "simplified" BOOLEAN NOT NULL DEFAULT false,
+    "publicAccess" BOOLEAN NOT NULL DEFAULT true,
+    "creatorId" TEXT NOT NULL,
+    CONSTRAINT "ReverseShare_creatorId_fkey" FOREIGN KEY ("creatorId") REFERENCES "User" ("id") ON DELETE CASCADE ON UPDATE CASCADE
+);
+INSERT INTO "new_ReverseShare" ("createdAt", "creatorId", "id", "maxShareSize", "remainingUses", "sendEmailNotification", "shareExpiration", "simplified", "token") SELECT "createdAt", "creatorId", "id", "maxShareSize", "remainingUses", "sendEmailNotification", "shareExpiration", "simplified", "token" FROM "ReverseShare";
+DROP TABLE "ReverseShare";
+ALTER TABLE "new_ReverseShare" RENAME TO "ReverseShare";
+CREATE UNIQUE INDEX "ReverseShare_token_key" ON "ReverseShare"("token");
+PRAGMA foreign_keys=ON;
+PRAGMA defer_foreign_keys=OFF;
--- a/backend/prisma/schema.prisma
+++ b/backend/prisma/schema.prisma
@@ -103,6 +103,8 @@ model ReverseShare {
  maxShareSize          String
  sendEmailNotification Boolean
  remainingUses         Int
+  simplified            Boolean  @default(false)
+  publicAccess          Boolean  @default(true)

  creatorId String
  creator   User   @relation(fields: [creatorId], references: [id], onDelete: Cascade)
--- a/backend/prisma/seed/config.seed.ts
+++ b/backend/prisma/seed/config.seed.ts
@@ -71,7 +71,6 @@ const configVariables: ConfigVariables = {
    enableShareEmailRecipients: {
      type: "boolean",
      defaultValue: "false",
-
      secret: false,
    },
    shareRecipientsSubject: {
@@ -117,6 +116,12 @@ const configVariables: ConfigVariables = {
      defaultValue: "false",
      secret: false,
    },
+    allowUnauthorizedCertificates: {
+      type: "boolean",
+      defaultValue: "false",
+
+      secret: false,
+    },
    host: {
      type: "string",
      defaultValue: "",
@@ -148,6 +153,11 @@ const configVariables: ConfigVariables = {
      type: "boolean",
      defaultValue: "true",
    },
+    "disablePassword": {
+      type: "boolean",
+      defaultValue: "false",
+      secret: false,
+    },
    "github-enabled": {
      type: "boolean",
      defaultValue: "false",
@@ -220,6 +230,18 @@ const configVariables: ConfigVariables = {
      type: "string",
      defaultValue: "",
    },
+    "oidc-rolePath": {
+      type: "string",
+      defaultValue: "",
+    },
+    "oidc-roleGeneralAccess": {
+      type: "string",
+      defaultValue: "",
+    },
+    "oidc-roleAdminAccess": {
+      type: "string",
+      defaultValue: "",
+    },
    "oidc-clientId": {
      type: "string",
      defaultValue: "",
@@ -229,7 +251,7 @@ const configVariables: ConfigVariables = {
      defaultValue: "",
      obscured: true,
    },
-  }
+  },
 };

 type ConfigVariables = {
@@ -281,12 +303,15 @@ async function seedConfigVariables() {

 async function migrateConfigVariables() {
  const existingConfigVariables = await prisma.config.findMany();
+  const orderMap: { [category: string]: number } = {};

  for (const existingConfigVariable of existingConfigVariables) {
    const configVariable =
      configVariables[existingConfigVariable.category]?.[
-      existingConfigVariable.name
+        existingConfigVariable.name
      ];
+
+    // Delete the config variable if it doesn't exist in the seed
    if (!configVariable) {
      await prisma.config.delete({
        where: {
@@ -297,15 +322,11 @@ async function migrateConfigVariables() {
        },
      });

-      // Update the config variable if the metadata changed
-    } else if (
-      JSON.stringify({
-        ...configVariable,
-        name: existingConfigVariable.name,
-        category: existingConfigVariable.category,
-        value: existingConfigVariable.value,
-      }) != JSON.stringify(existingConfigVariable)
-    ) {
+      // Update the config variable if it exists in the seed
+    } else {
+      const variableOrder = Object.keys(
+        configVariables[existingConfigVariable.category]
+      ).indexOf(existingConfigVariable.name);
      await prisma.config.update({
        where: {
          name_category: {
@@ -318,8 +339,10 @@ async function migrateConfigVariables() {
          name: existingConfigVariable.name,
          category: existingConfigVariable.category,
          value: existingConfigVariable.value,
+          order: variableOrder,
        },
      });
+      orderMap[existingConfigVariable.category] = variableOrder + 1;
    }
  }
 }
--- a/backend/src/auth/auth.controller.ts
+++ b/backend/src/auth/auth.controller.ts
@@ -45,12 +45,13 @@ export class AuthController {
  })
  async signUp(
    @Body() dto: AuthRegisterDTO,
+    @Req() { ip }: Request,
    @Res({ passthrough: true }) response: Response,
  ) {
    if (!this.config.get("share.allowRegistration"))
      throw new ForbiddenException("Registration is not allowed");

-    const result = await this.authService.signUp(dto);
+    const result = await this.authService.signUp(dto, ip);

    this.authService.addTokensToResponse(
      response,
@@ -71,9 +72,10 @@ export class AuthController {
  @HttpCode(200)
  async signIn(
    @Body() dto: AuthSignInDTO,
+    @Req() { ip }: Request,
    @Res({ passthrough: true }) response: Response,
  ) {
-    const result = await this.authService.signIn(dto);
+    const result = await this.authService.signIn(dto, ip);

    if (result.accessToken && result.refreshToken) {
      this.authService.addTokensToResponse(
--- a/backend/src/auth/auth.service.ts
+++ b/backend/src/auth/auth.service.ts
@@ -2,6 +2,7 @@ import {
  BadRequestException,
  ForbiddenException,
  Injectable,
+  Logger,
  UnauthorizedException,
 } from "@nestjs/common";
 import { JwtService } from "@nestjs/jwt";
@@ -24,8 +25,9 @@ export class AuthService {
    private config: ConfigService,
    private emailService: EmailService,
  ) {}
+  private readonly logger = new Logger(AuthService.name);

-  async signUp(dto: AuthRegisterDTO) {
+  async signUp(dto: AuthRegisterDTO, ip: string, isAdmin?: boolean) {
    const isFirstUser = (await this.prisma.user.count()) == 0;

    const hash = dto.password ? await argon.hash(dto.password) : null;
@@ -35,7 +37,7 @@ export class AuthService {
          email: dto.email,
          username: dto.username,
          password: hash,
-          isAdmin: isFirstUser,
+          isAdmin: isAdmin ?? isFirstUser,
        },
      });

@@ -44,6 +46,7 @@ export class AuthService {
      );
      const accessToken = await this.createAccessToken(user, refreshTokenId);

+      this.logger.log(`User ${user.email} signed up from IP ${ip}`);
      return { accessToken, refreshToken, user };
    } catch (e) {
      if (e instanceof PrismaClientKnownRequestError) {
@@ -57,19 +60,27 @@ export class AuthService {
    }
  }

-  async signIn(dto: AuthSignInDTO) {
+  async signIn(dto: AuthSignInDTO, ip: string) {
    if (!dto.email && !dto.username)
      throw new BadRequestException("Email or username is required");

+    if (this.config.get("oauth.disablePassword"))
+      throw new ForbiddenException("Password sign in is disabled");
+
    const user = await this.prisma.user.findFirst({
      where: {
        OR: [{ email: dto.email }, { username: dto.username }],
      },
    });

-    if (!user || !(await argon.verify(user.password, dto.password)))
+    if (!user || !(await argon.verify(user.password, dto.password))) {
+      this.logger.log(
+        `Failed login attempt for user ${dto.email} from IP ${ip}`,
+      );
      throw new UnauthorizedException("Wrong email or password");
+    }

+    this.logger.log(`Successful login for user ${user.email} from IP ${ip}`);
    return this.generateToken(user);
  }

@@ -94,6 +105,9 @@ export class AuthService {
  }

  async requestResetPassword(email: string) {
+    if (this.config.get("oauth.disablePassword"))
+      throw new ForbiddenException("Password sign in is disabled");
+
    const user = await this.prisma.user.findFirst({
      where: { email },
      include: { resetPasswordToken: true },
@@ -119,6 +133,9 @@ export class AuthService {
  }

  async resetPassword(token: string, newPassword: string) {
+    if (this.config.get("oauth.disablePassword"))
+      throw new ForbiddenException("Password sign in is disabled");
+
    const user = await this.prisma.user.findFirst({
      where: { resetPasswordToken: { token } },
    });
@@ -234,7 +251,7 @@ export class AuthService {
    if (accessToken)
      response.cookie("access_token", accessToken, {
        sameSite: "lax",
-        maxAge: 1000 * 60 * 15, // 15 minutes
+        maxAge: 1000 * 60 * 60 * 24 * 30 * 3, // 3 months
      });
    if (refreshToken)
      response.cookie("refresh_token", refreshToken, {
--- a/backend/src/email/email.service.ts
+++ b/backend/src/email/email.service.ts
@@ -25,6 +25,11 @@ export class EmailService {
        user: this.config.get("smtp.username"),
        pass: this.config.get("smtp.password"),
      },
+      tls: {
+        rejectUnauthorized: !this.config.get(
+          "smtp.allowUnauthorizedCertificates",
+        ),
+      },
    });
  }

--- a/backend/src/file/guard/fileSecurity.guard.ts
+++ b/backend/src/file/guard/fileSecurity.guard.ts
@@ -9,14 +9,16 @@ import * as moment from "moment";
 import { PrismaService } from "src/prisma/prisma.service";
 import { ShareSecurityGuard } from "src/share/guard/shareSecurity.guard";
 import { ShareService } from "src/share/share.service";
+import { ConfigService } from "src/config/config.service";

@Injectable()
 export class FileSecurityGuard extends ShareSecurityGuard {
  constructor(
    private _shareService: ShareService,
    private _prisma: PrismaService,
+    _config: ConfigService,
  ) {
-    super(_shareService, _prisma);
+    super(_shareService, _prisma, _config);
  }

  async canActivate(context: ExecutionContext) {
--- a/backend/src/oauth/dto/oauthSignIn.dto.ts
+++ b/backend/src/oauth/dto/oauthSignIn.dto.ts
@@ -3,4 +3,5 @@ export interface OAuthSignInDto {
  providerId: string;
  providerUsername: string;
  email: string;
+  isAdmin?: boolean;
 }
--- a/backend/src/oauth/oauth.controller.ts
+++ b/backend/src/oauth/oauth.controller.ts
@@ -85,7 +85,7 @@ export class OAuthController {
        accessToken?: string;
        refreshToken?: string;
        loginToken?: string;
-      } = await this.oauthService.signIn(user);
+      } = await this.oauthService.signIn(user, request.ip);
      if (token.accessToken) {
        this.authService.addTokensToResponse(
          response,
--- a/backend/src/oauth/oauth.service.ts
+++ b/backend/src/oauth/oauth.service.ts
@@ -1,4 +1,4 @@
-import { Inject, Injectable } from "@nestjs/common";
+import { Inject, Injectable, Logger } from "@nestjs/common";
 import { User } from "@prisma/client";
 import { nanoid } from "nanoid";
 import { AuthService } from "../auth/auth.service";
@@ -15,6 +15,7 @@ export class OAuthService {
    private auth: AuthService,
    @Inject("OAUTH_PLATFORMS") private platforms: string[],
  ) {}
+  private readonly logger = new Logger(OAuthService.name);

  available(): string[] {
    return this.platforms
@@ -39,21 +40,25 @@ export class OAuthService {
    return Object.fromEntries(oauthUsers.map((u) => [u.provider, u]));
  }

-  async signIn(user: OAuthSignInDto) {
+  async signIn(user: OAuthSignInDto, ip: string) {
    const oauthUser = await this.prisma.oAuthUser.findFirst({
      where: {
        provider: user.provider,
        providerUserId: user.providerId,
      },
-      include: {
-        user: true,
-      },
    });
    if (oauthUser) {
-      return this.auth.generateToken(oauthUser.user, true);
+      await this.updateIsAdmin(user);
+      const updatedUser = await this.prisma.user.findFirst({
+        where: {
+          email: user.email,
+        },
+      });
+      this.logger.log(`Successful login for user ${user.email} from IP ${ip}`);
+      return this.auth.generateToken(updatedUser, true);
    }

-    return this.signUp(user);
+    return this.signUp(user, ip);
  }

  async link(
@@ -119,7 +124,7 @@ export class OAuthService {
    }
  }

-  private async signUp(user: OAuthSignInDto) {
+  private async signUp(user: OAuthSignInDto, ip: string) {
    // register
    if (!this.config.get("oauth.allowRegistration")) {
      throw new ErrorPageException("no_user", "/auth/signIn", [
@@ -148,14 +153,19 @@ export class OAuthService {
          userId: existingUser.id,
        },
      });
+      await this.updateIsAdmin(user);
      return this.auth.generateToken(existingUser, true);
    }

-    const result = await this.auth.signUp({
-      email: user.email,
-      username: await this.getAvailableUsername(user.providerUsername),
-      password: null,
-    });
+    const result = await this.auth.signUp(
+      {
+        email: user.email,
+        username: await this.getAvailableUsername(user.providerUsername),
+        password: null,
+      },
+      ip,
+      user.isAdmin,
+    );

    await this.prisma.oAuthUser.create({
      data: {
@@ -168,4 +178,16 @@ export class OAuthService {

    return result;
  }
+
+  private async updateIsAdmin(user: OAuthSignInDto) {
+    if ("isAdmin" in user)
+      await this.prisma.user.update({
+        where: {
+          email: user.email,
+        },
+        data: {
+          isAdmin: user.isAdmin,
+        },
+      });
+  }
 }
--- a/backend/src/oauth/provider/discord.provider.ts
+++ b/backend/src/oauth/provider/discord.provider.ts
@@ -101,10 +101,10 @@ export class DiscordProvider implements OAuthProvider<DiscordToken> {
      });
      const guilds = (await res.json()) as DiscordPartialGuild[];
      if (!guilds.some((guild) => guild.id === guildId)) {
-        throw new ErrorPageException("discord_guild_permission_denied");
+        throw new ErrorPageException("user_not_allowed");
      }
    } catch {
-      throw new ErrorPageException("discord_guild_permission_denied");
+      throw new ErrorPageException("user_not_allowed");
    }
  }
 }
--- a/backend/src/oauth/provider/genericOidc.provider.ts
+++ b/backend/src/oauth/provider/genericOidc.provider.ts
@@ -2,6 +2,7 @@ import { Logger } from "@nestjs/common";
 import { ConfigService } from "../../config/config.service";
 import { JwtService } from "@nestjs/jwt";
 import { Cache } from "cache-manager";
+import * as jmespath from "jmespath";
 import { nanoid } from "nanoid";
 import { OAuthCallbackDto } from "../dto/oauthCallback.dto";
 import { OAuthProvider, OAuthToken } from "./oauthProvider.interface";
@@ -108,6 +109,11 @@ export abstract class GenericOidcProvider implements OAuthProvider<OidcToken> {
    token: OAuthToken<OidcToken>,
    query: OAuthCallbackDto,
    claim?: string,
+    roleConfig?: {
+      path?: string;
+      generalAccess?: string;
+      adminAccess?: string;
+    },
  ): Promise<OAuthSignInDto> {
    const idTokenData = this.decodeIdToken(token.idToken);
    // maybe it's not necessary to verify the id token since it's directly obtained from the provider
@@ -128,6 +134,44 @@ export abstract class GenericOidcProvider implements OAuthProvider<OidcToken> {
        idTokenData.name ||
        idTokenData.nickname;

+    let isAdmin: boolean;
+
+    if (roleConfig?.path) {
+      // A path to read roles from the token is configured
+      let roles: string[] | null;
+      try {
+        roles = jmespath.search(idTokenData, roleConfig.path);
+      } catch (e) {
+        roles = null;
+      }
+      if (Array.isArray(roles)) {
+        // Roles are found in the token
+        if (
+          roleConfig.generalAccess &&
+          !roles.includes(roleConfig.generalAccess)
+        ) {
+          // Role for general access is configured and the user does not have it
+          this.logger.error(
+            `User roles ${roles} do not include ${roleConfig.generalAccess}`,
+          );
+          throw new ErrorPageException("user_not_allowed");
+        }
+        if (roleConfig.adminAccess) {
+          // Role for admin access is configured
+          isAdmin = roles.includes(roleConfig.adminAccess);
+        }
+      } else {
+        this.logger.error(
+          `Roles not found at path ${roleConfig.path} in ID Token ${JSON.stringify(
+            idTokenData,
+            undefined,
+            2,
+          )}`,
+        );
+        throw new ErrorPageException("user_not_allowed");
+      }
+    }
+
    if (!username) {
      this.logger.error(
        `Can not get username from ID Token ${JSON.stringify(
@@ -146,6 +190,7 @@ export abstract class GenericOidcProvider implements OAuthProvider<OidcToken> {
      email: idTokenData.email,
      providerId: idTokenData.sub,
      providerUsername: username,
+      ...(isAdmin !== undefined && { isAdmin }),
    };
  }

--- a/backend/src/oauth/provider/oidc.provider.ts
+++ b/backend/src/oauth/provider/oidc.provider.ts
@@ -34,6 +34,15 @@ export class OidcProvider extends GenericOidcProvider {
    _?: string,
  ): Promise<OAuthSignInDto> {
    const claim = this.config.get("oauth.oidc-usernameClaim") || undefined;
-    return super.getUserInfo(token, query, claim);
+    const rolePath = this.config.get("oauth.oidc-rolePath") || undefined;
+    const roleGeneralAccess =
+      this.config.get("oauth.oidc-roleGeneralAccess") || undefined;
+    const roleAdminAccess =
+      this.config.get("oauth.oidc-roleAdminAccess") || undefined;
+    return super.getUserInfo(token, query, claim, {
+      path: rolePath,
+      generalAccess: roleGeneralAccess,
+      adminAccess: roleAdminAccess,
+    });
  }
 }
--- a/backend/src/reverseShare/dto/createReverseShare.dto.ts
+++ b/backend/src/reverseShare/dto/createReverseShare.dto.ts
@@ -13,4 +13,10 @@ export class CreateReverseShareDTO {
  @Min(1)
  @Max(1000)
  maxUseCount: number;
+
+  @IsBoolean()
+  simplified: boolean;
+
+  @IsBoolean()
+  publicAccess: boolean;
 }
--- a/backend/src/reverseShare/dto/reverseShare.dto.ts
+++ b/backend/src/reverseShare/dto/reverseShare.dto.ts
@@ -13,6 +13,9 @@ export class ReverseShareDTO {
  @Expose()
  token: string;

+  @Expose()
+  simplified: boolean;
+
  from(partial: Partial<ReverseShareDTO>) {
    return plainToClass(ReverseShareDTO, partial, {
      excludeExtraneousValues: true,
--- a/backend/src/reverseShare/reverseShare.service.ts
+++ b/backend/src/reverseShare/reverseShare.service.ts
@@ -49,6 +49,8 @@ export class ReverseShareService {
        remainingUses: data.maxUseCount,
        maxShareSize: data.maxShareSize,
        sendEmailNotification: data.sendEmailNotification,
+        simplified: data.simplified,
+        publicAccess: data.publicAccess,
        creatorId,
      },
    });
--- a/backend/src/share/dto/shareComplete.dto.ts
+++ b/backend/src/share/dto/shareComplete.dto.ts
@@ -0,0 +1,19 @@
+import { Expose, plainToClass } from "class-transformer";
+import { ShareDTO } from "./share.dto";
+
+export class CompletedShareDTO extends ShareDTO {
+  @Expose()
+  notifyReverseShareCreator?: boolean;
+
+  from(partial: Partial<CompletedShareDTO>) {
+    return plainToClass(CompletedShareDTO, partial, {
+      excludeExtraneousValues: true,
+    });
+  }
+
+  fromList(partial: Partial<CompletedShareDTO>[]) {
+    return partial.map((part) =>
+      plainToClass(CompletedShareDTO, part, { excludeExtraneousValues: true }),
+    );
+  }
+}
--- a/backend/src/share/guard/shareSecurity.guard.ts
+++ b/backend/src/share/guard/shareSecurity.guard.ts
@@ -1,5 +1,4 @@
 import {
-  CanActivate,
  ExecutionContext,
  ForbiddenException,
  Injectable,
@@ -9,13 +8,19 @@ import { Request } from "express";
 import * as moment from "moment";
 import { PrismaService } from "src/prisma/prisma.service";
 import { ShareService } from "src/share/share.service";
+import { ConfigService } from "src/config/config.service";
+import { JwtGuard } from "src/auth/guard/jwt.guard";
+import { User } from "@prisma/client";

@Injectable()
-export class ShareSecurityGuard implements CanActivate {
+export class ShareSecurityGuard extends JwtGuard {
  constructor(
    private shareService: ShareService,
    private prisma: PrismaService,
-  ) {}
+    configService: ConfigService,
+  ) {
+    super(configService);
+  }

  async canActivate(context: ExecutionContext) {
    const request: Request = context.switchToHttp().getRequest();
@@ -31,7 +36,7 @@ export class ShareSecurityGuard implements CanActivate {

    const share = await this.prisma.share.findUnique({
      where: { id: shareId },
-      include: { security: true },
+      include: { security: true, reverseShare: true },
    });

    if (
@@ -53,6 +58,22 @@ export class ShareSecurityGuard implements CanActivate {
        "share_token_required",
      );

+    // Run the JWTGuard to set the user
+    await super.canActivate(context);
+    const user = request.user as User;
+
+    // Only the creator and reverse share creator can access the reverse share if it's not public
+    if (
+      share.reverseShare &&
+      !share.reverseShare.publicAccess &&
+      share.creatorId !== user?.id &&
+      share.reverseShare.creatorId !== user?.id
+    )
+      throw new ForbiddenException(
+        "Only reverse share creator can access this share",
+        "private_share",
+      );
+
    return true;
  }
 }
--- a/backend/src/share/share.controller.ts
+++ b/backend/src/share/share.controller.ts
@@ -10,9 +10,11 @@ import {
  Res,
  UseGuards,
 } from "@nestjs/common";
+import { JwtService } from "@nestjs/jwt";
 import { Throttle } from "@nestjs/throttler";
 import { User } from "@prisma/client";
 import { Request, Response } from "express";
+import * as moment from "moment";
 import { GetUser } from "src/auth/decorator/getUser.decorator";
 import { AdministratorGuard } from "src/auth/guard/isAdmin.guard";
 import { JwtGuard } from "src/auth/guard/jwt.guard";
@@ -27,9 +29,13 @@ import { ShareOwnerGuard } from "./guard/shareOwner.guard";
 import { ShareSecurityGuard } from "./guard/shareSecurity.guard";
 import { ShareTokenSecurity } from "./guard/shareTokenSecurity.guard";
 import { ShareService } from "./share.service";
+import { CompletedShareDTO } from "./dto/shareComplete.dto";
@Controller("shares")
 export class ShareController {
-  constructor(private shareService: ShareService) {}
+  constructor(
+    private shareService: ShareService,
+    private jwtService: JwtService,
+  ) {}

  @Get("all")
  @UseGuards(JwtGuard, AdministratorGuard)
@@ -81,7 +87,7 @@ export class ShareController {
  @UseGuards(CreateShareGuard, ShareOwnerGuard)
  async complete(@Param("id") id: string, @Req() request: Request) {
    const { reverse_share_token } = request.cookies;
-    return new ShareDTO().from(
+    return new CompletedShareDTO().from(
      await this.shareService.complete(id, reverse_share_token),
    );
  }
@@ -121,10 +127,13 @@ export class ShareController {
  @Post(":id/token")
  async getShareToken(
    @Param("id") id: string,
+    @Req() request: Request,
    @Res({ passthrough: true }) response: Response,
    @Body() body: SharePasswordDto,
  ) {
    const token = await this.shareService.getShareToken(id, body.password);
+
+    this.clearShareTokenCookies(request, response);
    response.cookie(`share_${id}_token`, token, {
      path: "/",
      httpOnly: true,
@@ -132,4 +141,32 @@ export class ShareController {

    return { token };
  }
+
+  /**
+   * Keeps the 10 most recent share token cookies and deletes the rest and all expired ones
+   */
+  private clearShareTokenCookies(request: Request, response: Response) {
+    const shareTokenCookies = Object.entries(request.cookies)
+      .filter(([key]) => key.startsWith("share_") && key.endsWith("_token"))
+      .map(([key, value]) => ({
+        key,
+        payload: this.jwtService.decode(value),
+      }));
+
+    const expiredTokens = shareTokenCookies.filter(
+      (cookie) => cookie.payload.exp < moment().unix(),
+    );
+    const validTokens = shareTokenCookies.filter(
+      (cookie) => cookie.payload.exp >= moment().unix(),
+    );
+
+    expiredTokens.forEach((cookie) => response.clearCookie(cookie.key));
+
+    if (validTokens.length > 10) {
+      validTokens
+        .sort((a, b) => a.payload.exp - b.payload.exp)
+        .slice(0, -10)
+        .forEach((cookie) => response.clearCookie(cookie.key));
+    }
+  }
 }
--- a/backend/src/share/share.service.ts
+++ b/backend/src/share/share.service.ts
@@ -4,7 +4,7 @@ import {
  Injectable,
  NotFoundException,
 } from "@nestjs/common";
-import { JwtService } from "@nestjs/jwt";
+import { JwtService, JwtSignOptions } from "@nestjs/jwt";
 import { Share, User } from "@prisma/client";
 import * as archiver from "archiver";
 import * as argon from "argon2";
@@ -159,11 +159,12 @@ export class ShareService {
      );
    }

-    if (
-      share.reverseShare &&
-      this.config.get("smtp.enabled") &&
-      share.reverseShare.sendEmailNotification
-    ) {
+    const notifyReverseShareCreator = share.reverseShare
+      ? this.config.get("smtp.enabled") &&
+        share.reverseShare.sendEmailNotification
+      : undefined;
+
+    if (notifyReverseShareCreator) {
      await this.emailService.sendMailToReverseShareCreator(
        share.reverseShare.creator.email,
        share.id,
@@ -180,10 +181,15 @@ export class ShareService {
      });
    }

-    return this.prisma.share.update({
+    const updatedShare = await this.prisma.share.update({
      where: { id },
      data: { uploadLocked: true },
    });
+
+    return {
+      ...updatedShare,
+      notifyReverseShareCreator,
+    };
  }

  async revertComplete(id: string) {
@@ -239,7 +245,11 @@ export class ShareService {
    const share = await this.prisma.share.findUnique({
      where: { id },
      include: {
-        files: true,
+        files: {
+          orderBy: {
+            name: "asc",
+          },
+        },
        creator: true,
        security: true,
      },
@@ -328,15 +338,21 @@ export class ShareService {
    const { expiration } = await this.prisma.share.findUnique({
      where: { id: shareId },
    });
-    return this.jwtService.sign(
-      {
-        shareId,
-      },
-      {
-        expiresIn: moment(expiration).diff(new Date(), "seconds") + "s",
-        secret: this.config.get("internal.jwtSecret"),
-      },
-    );
+
+    const tokenPayload = {
+      shareId,
+      iat: moment().unix(),
+    };
+
+    const tokenOptions: JwtSignOptions = {
+      secret: this.config.get("internal.jwtSecret"),
+    };
+
+    if (!moment(expiration).isSame(0)) {
+      tokenOptions.expiresIn = moment(expiration).diff(new Date(), "seconds");
+    }
+
+    return this.jwtService.sign(tokenPayload, tokenOptions);
  }

  async verifyShareToken(shareId: string, token: string) {
--- a/docker-compose-dev.yml
+++ b/docker-compose-dev.yml
@@ -1,4 +1,3 @@
-version: '3.8'
 services:
  clamav:
    restart: unless-stopped
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,4 +1,3 @@
-version: '3.8'
 services:
  pingvin-share:
    image: stonith404/pingvin-share
--- a/frontend/package-lock.json
+++ b/frontend/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "pingvin-share-frontend",
-  "version": "0.26.0",
+  "version": "0.29.0",
  "lockfileVersion": 2,
  "requires": true,
  "packages": {
    "": {
      "name": "pingvin-share-frontend",
-      "version": "0.26.0",
+      "version": "0.29.0",
      "dependencies": {
        "@emotion/react": "^11.11.4",
        "@emotion/server": "^11.11.0",
@@ -26,7 +26,6 @@
        "mime-types": "^2.1.35",
        "moment": "^2.30.1",
        "next": "^14.2.3",
-        "next-cookies": "^2.0.3",
        "next-http-proxy-middleware": "^1.2.6",
        "next-pwa": "^5.6.0",
        "p-limit": "^4.0.0",
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -1,6 +1,6 @@
 {
  "name": "pingvin-share-frontend",
-  "version": "0.26.0",
+  "version": "0.29.0",
  "scripts": {
    "dev": "next dev",
    "build": "next build",
@@ -27,7 +27,6 @@
    "mime-types": "^2.1.35",
    "moment": "^2.30.1",
    "next": "^14.2.3",
-    "next-cookies": "^2.0.3",
    "next-http-proxy-middleware": "^1.2.6",
    "next-pwa": "^5.6.0",
    "p-limit": "^4.0.0",
--- a/frontend/src/components/auth/SignInForm.tsx
+++ b/frontend/src/components/auth/SignInForm.tsx
@@ -28,6 +28,19 @@ import toast from "../../utils/toast.util";
 import { safeRedirectPath } from "../../utils/router.util";

 const useStyles = createStyles((theme) => ({
+  signInWith: {
+    fontWeight: 500,
+    "&:before": {
+      content: "''",
+      flex: 1,
+      display: "block",
+    },
+    "&:after": {
+      content: "''",
+      flex: 1,
+      display: "block",
+    },
+  },
  or: {
    "&:before": {
      content: "''",
@@ -128,49 +141,58 @@ const SignInForm = ({ redirectPath }: { redirectPath: string }) => {
        </Text>
      )}
      <Paper withBorder shadow="md" p={30} mt={30} radius="md">
-        <form
-          onSubmit={form.onSubmit((values) => {
-            signIn(values.emailOrUsername, values.password);
-          })}
-        >
-          <TextInput
-            label={t("signin.input.email-or-username")}
-            placeholder={t("signin.input.email-or-username.placeholder")}
-            {...form.getInputProps("emailOrUsername")}
-          />
-          <PasswordInput
-            label={t("signin.input.password")}
-            placeholder={t("signin.input.password.placeholder")}
-            mt="md"
-            {...form.getInputProps("password")}
-          />
-          {config.get("smtp.enabled") && (
-            <Group position="right" mt="xs">
-              <Anchor component={Link} href="/auth/resetPassword" size="xs">
-                <FormattedMessage id="resetPassword.title" />
-              </Anchor>
-            </Group>
-          )}
-          <Button fullWidth mt="xl" type="submit">
-            <FormattedMessage id="signin.button.submit" />
-          </Button>
-        </form>
+        {config.get("oauth.disablePassword") || (
+          <form
+            onSubmit={form.onSubmit((values) => {
+              signIn(values.emailOrUsername, values.password);
+            })}
+          >
+            <TextInput
+              label={t("signin.input.email-or-username")}
+              placeholder={t("signin.input.email-or-username.placeholder")}
+              {...form.getInputProps("emailOrUsername")}
+            />
+            <PasswordInput
+              label={t("signin.input.password")}
+              placeholder={t("signin.input.password.placeholder")}
+              mt="md"
+              {...form.getInputProps("password")}
+            />
+            {config.get("smtp.enabled") && (
+              <Group position="right" mt="xs">
+                <Anchor component={Link} href="/auth/resetPassword" size="xs">
+                  <FormattedMessage id="resetPassword.title" />
+                </Anchor>
+              </Group>
+            )}
+            <Button fullWidth mt="xl" type="submit">
+              <FormattedMessage id="signin.button.submit" />
+            </Button>
+          </form>
+        )}
        {oauth.length > 0 && (
-          <Stack mt="xl">
-            <Group align="center" className={classes.or}>
-              <Text>{t("signIn.oauth.or")}</Text>
-            </Group>
+          <Stack mt={config.get("oauth.disablePassword") ? undefined : "xl"}>
+            {config.get("oauth.disablePassword") ? (
+              <Group align="center" className={classes.signInWith}>
+                <Text>{t("signIn.oauth.signInWith")}</Text>
+              </Group>
+            ) : (
+              <Group align="center" className={classes.or}>
+                <Text>{t("signIn.oauth.or")}</Text>
+              </Group>
+            )}
            <Group position="center">
              {oauth.map((provider) => (
                <Button
                  key={provider}
                  component="a"
-                  target="_blank"
                  title={t(`signIn.oauth.${provider}`)}
                  href={getOAuthUrl(config.get("general.appUrl"), provider)}
                  variant="light"
+                  fullWidth
                >
                  {getOAuthIcon(provider)}
+                  {"\u2002" + t(`signIn.oauth.${provider}`)}
                </Button>
              ))}
            </Group>
--- a/frontend/src/components/share/FileList.tsx
+++ b/frontend/src/components/share/FileList.tsx
@@ -39,7 +39,7 @@ const FileList = ({
  const t = useTranslate();

  const [sort, setSort] = useState<TableSort>({
-    property: undefined,
+    property: "name",
    direction: "desc",
  });

--- a/frontend/src/components/share/modals/showCreateReverseShareModal.tsx
+++ b/frontend/src/components/share/modals/showCreateReverseShareModal.tsx
@@ -22,6 +22,7 @@ import { getExpirationPreview } from "../../../utils/date.util";
 import toast from "../../../utils/toast.util";
 import FileSizeInput from "../FileSizeInput";
 import showCompletedReverseShareModal from "./showCompletedReverseShareModal";
+import { getCookie, setCookie } from "cookies-next";

 const showCreateReverseShareModal = (
  modals: ModalsContextProps,
@@ -61,10 +62,16 @@ const Body = ({
      sendEmailNotification: false,
      expiration_num: 1,
      expiration_unit: "-days",
+      simplified: !!(getCookie("reverse-share.simplified") ?? false),
+      publicAccess: !!(getCookie("reverse-share.public-access") ?? true),
    },
  });

  const onSubmit = form.onSubmit(async (values) => {
+    // remember simplified and publicAccess in cookies
+    setCookie("reverse-share.simplified", values.simplified);
+    setCookie("reverse-share.public-access", values.publicAccess);
+
    const expirationDate = moment().add(
      form.values.expiration_num,
      form.values.expiration_unit.replace(
@@ -91,6 +98,8 @@ const Body = ({
        values.maxShareSize,
        values.maxUseCount,
        values.sendEmailNotification,
+        values.simplified,
+        values.publicAccess,
      )
      .then(({ link }) => {
        modals.closeAll();
@@ -210,7 +219,28 @@ const Body = ({
              })}
            />
          )}
-
+          <Switch
+            mt="xs"
+            labelPosition="left"
+            label={t("account.reverseShares.modal.simplified")}
+            description={t(
+              "account.reverseShares.modal.simplified.description",
+            )}
+            {...form.getInputProps("simplified", {
+              type: "checkbox",
+            })}
+          />
+          <Switch
+            mt="xs"
+            labelPosition="left"
+            label={t("account.reverseShares.modal.public-access")}
+            description={t(
+              "account.reverseShares.modal.public-access.description",
+            )}
+            {...form.getInputProps("publicAccess", {
+              type: "checkbox",
+            })}
+          />
          <Button mt="md" type="submit">
            <FormattedMessage id="common.button.create" />
          </Button>
--- a/frontend/src/components/upload/modals/showCompletedUploadModal.tsx
+++ b/frontend/src/components/upload/modals/showCompletedUploadModal.tsx
@@ -7,12 +7,12 @@ import { FormattedMessage } from "react-intl";
 import useTranslate, {
  translateOutsideContext,
 } from "../../../hooks/useTranslate.hook";
-import { Share } from "../../../types/share.type";
+import { CompletedShare } from "../../../types/share.type";
 import CopyTextField from "../CopyTextField";

 const showCompletedUploadModal = (
  modals: ModalsContextProps,
-  share: Share,
+  share: CompletedShare,
  appUrl: string,
 ) => {
  const t = translateOutsideContext();
@@ -25,7 +25,7 @@ const showCompletedUploadModal = (
  });
 };

-const Body = ({ share, appUrl }: { share: Share; appUrl: string }) => {
+const Body = ({ share, appUrl }: { share: CompletedShare; appUrl: string }) => {
  const modals = useModals();
  const router = useRouter();
  const t = useTranslate();
@@ -35,6 +35,19 @@ const Body = ({ share, appUrl }: { share: Share; appUrl: string }) => {
  return (
    <Stack align="stretch">
      <CopyTextField link={link} />
+      {share.notifyReverseShareCreator === true && (
+        <Text
+          size="sm"
+          sx={(theme) => ({
+            color:
+              theme.colorScheme === "dark"
+                ? theme.colors.gray[3]
+                : theme.colors.dark[4],
+          })}
+        >
+          {t("upload.modal.completed.notified-reverse-share-creator")}
+        </Text>
+      )}
      <Text
        size="xs"
        sx={(theme) => ({
--- a/frontend/src/components/upload/modals/showCreateUploadModal.tsx
+++ b/frontend/src/components/upload/modals/showCreateUploadModal.tsx
@@ -31,6 +31,7 @@ import { FileUpload } from "../../../types/File.type";
 import { CreateShare } from "../../../types/share.type";
 import { getExpirationPreview } from "../../../utils/date.util";
 import React from "react";
+import toast from "../../../utils/toast.util";

 const showCreateUploadModal = (
  modals: ModalsContextProps,
@@ -41,12 +42,26 @@ const showCreateUploadModal = (
    allowUnauthenticatedShares: boolean;
    enableEmailRecepients: boolean;
    maxExpirationInHours: number;
+    simplified: boolean;
  },
  files: FileUpload[],
  uploadCallback: (createShare: CreateShare, files: FileUpload[]) => void,
 ) => {
  const t = translateOutsideContext();

+  if (options.simplified) {
+    return modals.openModal({
+      title: t("upload.modal.title"),
+      children: (
+        <SimplifiedCreateUploadModalModal
+          options={options}
+          files={files}
+          uploadCallback={uploadCallback}
+        />
+      ),
+    });
+  }
+
  return modals.openModal({
    title: t("upload.modal.title"),
    children: (
@@ -59,6 +74,23 @@ const showCreateUploadModal = (
  });
 };

+const generateLink = () =>
+  Buffer.from(Math.random().toString(), "utf8")
+    .toString("base64")
+    .substring(10, 17);
+
+const generateAvailableLink = async (times = 10): Promise<string> => {
+  if (times <= 0) {
+    throw new Error("Could not generate available link");
+  }
+  const _link = generateLink();
+  if (!(await shareService.isShareIdAvailable(_link))) {
+    return await generateAvailableLink(times - 1);
+  } else {
+    return _link;
+  }
+};
+
 const CreateUploadModalBody = ({
  uploadCallback,
  files,
@@ -78,9 +110,7 @@ const CreateUploadModalBody = ({
  const modals = useModals();
  const t = useTranslate();

-  const generatedLink = Buffer.from(Math.random().toString(), "utf8")
-    .toString("base64")
-    .substr(10, 7);
+  const generatedLink = generateLink();

  const [showNotSignedInAlert, setShowNotSignedInAlert] = useState(true);

@@ -202,14 +232,7 @@ const CreateUploadModalBody = ({
            <Button
              style={{ flex: "0 0 auto" }}
              variant="outline"
-              onClick={() =>
-                form.setFieldValue(
-                  "link",
-                  Buffer.from(Math.random().toString(), "utf8")
-                    .toString("base64")
-                    .substr(10, 7),
-                )
-              }
+              onClick={() => form.setFieldValue("link", generateLink())}
            >
              <FormattedMessage id="common.button.generate" />
            </Button>
@@ -429,4 +452,108 @@ const CreateUploadModalBody = ({
  );
 };

+const SimplifiedCreateUploadModalModal = ({
+  uploadCallback,
+  files,
+  options,
+}: {
+  files: FileUpload[];
+  uploadCallback: (createShare: CreateShare, files: FileUpload[]) => void;
+  options: {
+    isUserSignedIn: boolean;
+    isReverseShare: boolean;
+    appUrl: string;
+    allowUnauthenticatedShares: boolean;
+    enableEmailRecepients: boolean;
+    maxExpirationInHours: number;
+  };
+}) => {
+  const modals = useModals();
+  const t = useTranslate();
+
+  const [showNotSignedInAlert, setShowNotSignedInAlert] = useState(true);
+
+  const validationSchema = yup.object().shape({
+    name: yup
+      .string()
+      .transform((value) => value || undefined)
+      .min(3, t("common.error.too-short", { length: 3 }))
+      .max(30, t("common.error.too-long", { length: 30 })),
+  });
+
+  const form = useForm({
+    initialValues: {
+      name: undefined,
+      description: undefined,
+    },
+    validate: yupResolver(validationSchema),
+  });
+
+  const onSubmit = form.onSubmit(async (values) => {
+    const link = await generateAvailableLink().catch(() => {
+      toast.error(t("upload.modal.link.error.taken"));
+      return undefined;
+    });
+
+    if (!link) {
+      return;
+    }
+
+    uploadCallback(
+      {
+        id: link,
+        name: values.name,
+        expiration: "never",
+        recipients: [],
+        description: values.description,
+        security: {
+          password: undefined,
+          maxViews: undefined,
+        },
+      },
+      files,
+    );
+    modals.closeAll();
+  });
+
+  return (
+    <Stack>
+      {showNotSignedInAlert && !options.isUserSignedIn && (
+        <Alert
+          withCloseButton
+          onClose={() => setShowNotSignedInAlert(false)}
+          icon={<TbAlertCircle size={16} />}
+          title={t("upload.modal.not-signed-in")}
+          color="yellow"
+        >
+          <FormattedMessage id="upload.modal.not-signed-in-description" />
+        </Alert>
+      )}
+      <form onSubmit={onSubmit}>
+        <Stack align="stretch">
+          <Stack align="stretch">
+            <TextInput
+              variant="filled"
+              placeholder={t(
+                "upload.modal.accordion.name-and-description.name.placeholder",
+              )}
+              {...form.getInputProps("name")}
+            />
+            <Textarea
+              variant="filled"
+              placeholder={t(
+                "upload.modal.accordion.name-and-description.description.placeholder",
+              )}
+              {...form.getInputProps("description")}
+            />
+          </Stack>
+          <Button type="submit" data-autofocus>
+            <FormattedMessage id="common.button.share" />
+          </Button>
+        </Stack>
+      </form>
+    </Stack>
+  );
+};
+
 export default showCreateUploadModal;
--- a/frontend/src/i18n/translations/ar-EG.ts
+++ b/frontend/src/i18n/translations/ar-EG.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "إن المصادقة الثنائية ضرورية",
  "signIn.notify.totp-required.description": "فضلًا أدخل رمز المصادقة الثنائية",
  "signIn.oauth.or": "أو",
+  "signIn.oauth.signInWith": "تسجيل الدخول بواسطة تطبيق",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -294,8 +295,8 @@ export default {
  "admin.config.general.app-url.description": "الرابط الذي تكون مشاركة Pingvin صالحة عليه",
  "admin.config.general.show-home-page": "إظهار الصفحة الرئيسية",
  "admin.config.general.show-home-page.description": "تحديد ما إذا كان سيتم عرض الصفحة الرئيسية",
-  "admin.config.general.session-duration": "Session Duration",
-  "admin.config.general.session-duration.description": "Time in hours after which a user must log in again (default: 3 months).",
+  "admin.config.general.session-duration": "مدة الجلسة",
+  "admin.config.general.session-duration.description": "الوقت بالساعات الذي يجب على المستخدم بعده إعادة تسجيل الدخول (الافتراضي: 3 أشهر).",
  "admin.config.general.logo": "الشعار",
  "admin.config.general.logo.description": "يمكنك تغيير شعارك عن طريق تحميل صورة جديدة. يجب أن تكون الصورة PNG ويجب أن يكون تنسيقها 1:1.",
  "admin.config.general.logo.placeholder": "اختر صورة",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "كلمة السر",
  "admin.config.smtp.password.description": "كلمة السر لخادم الـSMTP",
  "admin.config.smtp.button.test": "إرسال رسالة بريد تجريبية",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
  "admin.config.oauth.allow-registration": "السماح بتسجيل الحسابات الجديدة",
  "admin.config.oauth.allow-registration.description": "السماح للمستخدمين بالدخول بواسطة حساباتهم الاجتماعية",
  "admin.config.oauth.ignore-totp": "تجاهل TOTP",
  "admin.config.oauth.ignore-totp.description": "تجاهل TOTP إذا دخل المستخدم بحسابه الاجتماعي",
+  "admin.config.oauth.disable-password": "تعطيل تسجيل الدخول باستخدام كلمة السر",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "تفعيل خيار الدخول بحساب GitHub",
  "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "رابط الاستكشاف لتطبيق OpenID Connect OAuth",
  "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
  "admin.config.oauth.oidc-username-claim.description": "طلب اسم المستخدم في رمز معرف OpenID Connect. إذا كنت لا تعرف معنى هذا الإعداد، اتركه فارغًا.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
  "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
  "admin.config.oauth.oidc-client-id.description": "معرف العميل لتطبيق OpenID Connect OAuth",
  "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
@@ -402,7 +413,7 @@ export default {
  "error.msg.already_linked": "حساب {0} هذا مرتبط بالفعل بحساب آخر.",
  "error.msg.not_linked": "لم يتم ربط حساب {0} هذا بأي حساب حتى الآن.",
  "error.msg.unverified_account": "لم يتم التحقق من حساب {0} هذا، يرجى المحاولة مرة أخرى بعد التحقق.",
-  "error.msg.discord_guild_permission_denied": "غير مسموح لك بتسجيل الدخول.",
+  "error.msg.user_not_allowed": "غير مسموح لك بتسجيل الدخول.",
  "error.msg.cannot_get_user_info": "فشلت عملية جلب معلومات المستخدم الخاصة بك من حساب {0} هذا.",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
--- a/frontend/src/i18n/translations/da-DK.ts
+++ b/frontend/src/i18n/translations/da-DK.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "2-faktor login påkrævet",
  "signIn.notify.totp-required.description": "Indtast den aktuelle engangskode fra din 2-faktor Authenticator",
  "signIn.oauth.or": "OR",
+  "signIn.oauth.signInWith": "Sign in with",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "Adgangskode",
  "admin.config.smtp.password.description": "Adgangskoden til SMTP serveren",
  "admin.config.smtp.button.test": "Send test e-mail",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
  "admin.config.oauth.allow-registration": "Tillad registrering",
  "admin.config.oauth.allow-registration.description": "Allow users to register via social login",
  "admin.config.oauth.ignore-totp": "Ignore TOTP",
  "admin.config.oauth.ignore-totp.description": "Whether to ignore TOTP when user using social login",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "Whether GitHub login is enabled",
  "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
  "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
  "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
  "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
  "admin.config.oauth.oidc-client-id.description": "Client ID of the OpenID Connect OAuth app",
  "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
@@ -402,7 +413,7 @@ export default {
  "error.msg.already_linked": "This {0} account is already linked to another account.",
  "error.msg.not_linked": "This {0} account haven't linked to any account yet.",
  "error.msg.unverified_account": "This {0} account is unverified, please try again after verification.",
-  "error.msg.discord_guild_permission_denied": "Du har ikke tilladelse til at logge ind.",
+  "error.msg.user_not_allowed": "Du har ikke tilladelse til at logge ind.",
  "error.msg.cannot_get_user_info": "Can not get your user info from this {0} account.",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
--- a/frontend/src/i18n/translations/de-DE.ts
+++ b/frontend/src/i18n/translations/de-DE.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "Zwei-Faktor-Authentifizierung benötigt",
  "signIn.notify.totp-required.description": "Bitte füge deinen Zwei-Faktor-Authentifizierungscode ein",
  "signIn.oauth.or": "ODER",
+  "signIn.oauth.signInWith": "Anmelden mit",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -72,7 +73,7 @@ export default {
  "account.card.password.title": "Passwort",
  "account.card.password.old": "Altes Passwort",
  "account.card.password.new": "Neues Passwort",
-  "account.card.password.noPasswordSet": "Du hast kein Passwort erstellt. Wenn Du Dich mit E-Mail und Passwort anmelden möchtest, musst Du ein Passwort festlegen.",
+  "account.card.password.noPasswordSet": "Du hast kein Passwort erstellt. Wenn du dich mit E-Mail und Passwort anmelden möchtest, musst du ein Passwort festlegen.",
  "account.notify.password.success": "Passwort erfolgreich geändert",
  "account.card.oauth.title": "Anmeldung über soziale Netzwerke",
  "account.card.oauth.github": "GitHub",
@@ -84,7 +85,7 @@ export default {
  "account.card.oauth.unlink": "Verknüpfung aufheben",
  "account.card.oauth.unlinked": "Verknüpfung aufgehoben",
  "account.modal.unlink.title": "Kontoverknüpfung aufheben",
-  "account.modal.unlink.description": "Das Entfernen der Verknüpfung mit Deinem sozialen Konten kann dazu führen, dass Du Dein Konto verlierst, wenn Du Dich nicht an Deinen Benutzernamen und Dein Passwort erinnerst.",
+  "account.modal.unlink.description": "Das Entfernen der Verknüpfung mit deinem sozialen Konten kann dazu führen, dass du dein Konto verlierst, wenn du dich nicht an deinen Benutzernamen und dein Passwort erinnerst.",
  "account.notify.oauth.unlinked.success": "Verknüpfung erfolgreich aufgehoben",
  "account.card.security.title": "Sicherheit",
  "account.card.security.totp.enable.description": "Gib dein aktuelles Passwort ein, um TOTP zu aktivieren",
@@ -300,7 +301,7 @@ export default {
  "admin.config.general.logo.description": "Ändere dein Logo durch Hochladen eines Bildes. Das Bild muss im PNG-Format vorliegen und sollte mit Seitenverhältnis 1:1 sein.",
  "admin.config.general.logo.placeholder": "Bild auswählen",
  "admin.config.email.enable-share-email-recipients": "Erlaube das Teilen der Freigabe via Email",
-  "admin.config.email.enable-share-email-recipients.description": "Gibt an, ob Emails an Freigabe-Empfänger ermöglicht werden sollen. Aktiviere dies nur, wenn Du SMTP aktivierst hast.",
+  "admin.config.email.enable-share-email-recipients.description": "Gibt an, ob Emails an Freigabe-Empfänger ermöglicht werden sollen. Aktiviere dies nur, wenn du SMTP aktivierst hast.",
  "admin.config.email.share-recipients-subject": "Betreff für Freigabe-Empfänger",
  "admin.config.email.share-recipients-subject.description": "Betreff der E-Mail, die an die Freigabe-Empfänger gesendet wird.",
  "admin.config.email.share-recipients-message": "Nachricht für Freigabe-Empfänger",
@@ -332,7 +333,7 @@ export default {
  "admin.config.share.auto-open-share-modal": "Auto open create share modal",
  "admin.config.share.auto-open-share-modal.description": "The share creation modal automatically appears when a user selects files, eliminating the need to manually click the button.",
  "admin.config.smtp.enabled": "Aktiviert",
-  "admin.config.smtp.enabled.description": "Gibt an, ob SMTP aktiviert ist. Aktiviere dies nur, wenn Du den Host, den Port, die Email, den Benutzernamen und das Passwort deines SMTP-Servers eingegeben hast.",
+  "admin.config.smtp.enabled.description": "Gibt an, ob SMTP aktiviert ist. Aktiviere dies nur, wenn du den Host, den Port, die Email, den Benutzernamen und das Passwort deines SMTP-Servers eingegeben hast.",
  "admin.config.smtp.host": "Host",
  "admin.config.smtp.host.description": "Host des SMTP-Servers",
  "admin.config.smtp.port": "Port",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "Passwort",
  "admin.config.smtp.password.description": "Passwort des SMTP-Servers",
  "admin.config.smtp.button.test": "Test-E-Mail senden",
+  "admin.config.smtp.allow-unauthorized-certificates": "Vertrauen von nicht authentifizierten SMTP-Server-Zertifikaten",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Verwenden Sie diese Option nur, wenn Sie selbst signierten Zertifikaten vertrauen müssen.",
  "admin.config.oauth.allow-registration": "Registrierung erlauben",
  "admin.config.oauth.allow-registration.description": "Benutzern erlauben, sich über Soziale Netzwerke zu registrieren",
  "admin.config.oauth.ignore-totp": "TOTP ignorieren",
  "admin.config.oauth.ignore-totp.description": "Gibt an, ob TOTP ignoriert werden soll, wenn sich der Benutzer über Soziale Netzwerke anmeldet",
+  "admin.config.oauth.disable-password": "Anmelden mit Passwort deaktivieren",
+  "admin.config.oauth.disable-password.description": "Deaktiviert das Anmelden mit Passwort\nStelle vor Aktivierung dieser Konfiguration sicher, dass ein OAuth-Provider korrekt konfiguriert ist, um nicht ausgesperrt zu werden.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "GitHub Anmeldung erlaubt",
  "admin.config.oauth.github-client-id": "GitHub Client-ID",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "Discovery-URL der OpenID OAuth App",
  "admin.config.oauth.oidc-username-claim": "OpenID Connect Benutzername anfordern",
  "admin.config.oauth.oidc-username-claim.description": "Benutzername im OpenID Token. Leer lassen, wenn du nicht weißt, was diese Konfiguration bedeutet.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Muss ein valider JMES-Pfad sein, der zu einem Array an Rollen führt. " + "Die Zugangsverwaltung über Rollen in OpenID Connect ist nur empfohlen, wenn kein anderer Identitätsprovider konfiguriert und die Anmeldung per Password deaktiviert ist. " + "Leer lassen, wenn du nicht weißt, was diese Konfiguration bedeutet.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Rolle für generellen Zugriff. Muss Teil der Rollen eines Benutzers sein, damit dieser sich anmelden kann. " + "Leer lassen, wenn du nicht weißt, was diese Konfiguration bedeutet.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Rolle für administrativen Zugriff. Muss Teil der Rollen eines Benutzers sein, damit dieser auf das Administrator-Panel zugreifen kann. " + "Leer lassen, wenn du nicht weißt, was diese Konfiguration bedeutet.",
  "admin.config.oauth.oidc-client-id": "OpenID Connect Client-ID",
  "admin.config.oauth.oidc-client-id.description": "Client-ID der OpenID Connect OAuth-App",
  "admin.config.oauth.oidc-client-secret": "OpenID Connect Client-Secret",
@@ -401,8 +412,8 @@ export default {
  "error.msg.no_email": "Kann die E-Mail-Adresse von dem Konto {0} nicht abrufen.",
  "error.msg.already_linked": "Das Konto {0} ist bereits mit einem anderen Konto verknüpft.",
  "error.msg.not_linked": "Das Konto {0} wurde noch nicht mit einem Konto verknüpft.",
-  "error.msg.unverified_account": "Dieses Konto {0} wurde noch nicht verifiziert, bitte versuchen Sie es nach der Verifikation erneut.",
-  "error.msg.discord_guild_permission_denied": "Du bist nicht berechtigt, Dich anzumelden.",
+  "error.msg.unverified_account": "Dieses Konto {0} wurde noch nicht verifiziert, bitte versuche es nach der Verifikation erneut.",
+  "error.msg.user_not_allowed": "Du bist nicht berechtigt, dich anzumelden.",
  "error.msg.cannot_get_user_info": "Deine Benutzerinformationen können nicht von diesem Konto {0} abgerufen werden.",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
--- a/frontend/src/i18n/translations/el-GR.ts
+++ b/frontend/src/i18n/translations/el-GR.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "Απαιτείται έλεγχος ταυτότητας δύο παραγόντων.",
  "signIn.notify.totp-required.description": "Παρακαλώ εισάγετε τον κωδικό 2FA.",
  "signIn.oauth.or": "Ή",
+  "signIn.oauth.signInWith": "Sign in with",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "Κωδικός πρόσβασης",
  "admin.config.smtp.password.description": "Κωδικός πρόσβασης στον εξυπηρετητή SMTP",
  "admin.config.smtp.button.test": "Αποστολή δοκιμαστικού email",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
  "admin.config.oauth.allow-registration": "Να επιτρέπεται η εγγραφή",
  "admin.config.oauth.allow-registration.description": "Επιτρέψτε στους χρήστες να εγγραφούν μέσω λογαριασμών κοινωνικής δικτύωσης",
  "admin.config.oauth.ignore-totp": "Παράβλεψη TOTP",
  "admin.config.oauth.ignore-totp.description": "Αν θα αγνοηθεί το TOTP όταν ο χρήστης χρησιμοποιεί την κοινωνική σύνδεση",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "Αν είναι ενεργοποιημένη η σύνδεση GitHub",
  "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
  "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
  "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Αφήστε κενό αν δε γνωρίζετε για αυτή τη ρύθμιση",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
  "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
  "admin.config.oauth.oidc-client-id.description": "Client ID of the OpenID Connect OAuth app",
  "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
@@ -402,7 +413,7 @@ export default {
  "error.msg.already_linked": "Αυτός ο λογαριασμός {0} είναι ήδη συνδεδεμένος με άλλο λογαριασμό.",
  "error.msg.not_linked": "Αυτός ο λογαριασμός {0} δεν έχει συνδεθεί με κανένα λογαριασμό ακόμα.",
  "error.msg.unverified_account": "Αυτός ο λογαριασμός {0} δεν έχει επαληθευτεί, παρακαλώ προσπαθήστε ξανά μετά την επαλήθευση.",
-  "error.msg.discord_guild_permission_denied": "Δεν σας επιτρέπεται η σύνδεση.",
+  "error.msg.user_not_allowed": "Δεν σας επιτρέπεται η σύνδεση.",
  "error.msg.cannot_get_user_info": "Δεν είναι δυνατή η λήψη των πληροφοριών χρήστη από αυτόν τον λογαριασμό {0}.",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
--- a/frontend/src/i18n/translations/en-US.ts
+++ b/frontend/src/i18n/translations/en-US.ts
@@ -44,6 +44,7 @@ export default {
  "signIn.notify.totp-required.description":
    "Please enter your two-factor authentication code",
  "signIn.oauth.or": "OR",
+  "signIn.oauth.signInWith": "Sign in with",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -198,6 +199,14 @@ export default {
  "account.reverseShares.modal.send-email.description":
    "Send an email notification when a share is created with this reverse share link.",

+  "account.reverseShares.modal.simplified": "Simple mode",
+  "account.reverseShares.modal.simplified.description":
+    "Make it easy for the person uploading the file to share it with you. They will be able to customize only the name and description of the share.",
+
+  "account.reverseShares.modal.public-access": "Public access",
+  "account.reverseShares.modal.public-access.description":
+    "Make the created shares with this reverse share public. If disabled, only you and the creator of the share can view it.",
+
  "account.reverseShares.modal.max-use.label": "Max uses",
  "account.reverseShares.modal.max-use.description":
    "The maximum amount of times this URL can be used to create a share.",
@@ -341,6 +350,7 @@ export default {
  "upload.modal.completed.expires-on":
    "This share will expire on {expiration}.",
  "upload.modal.completed.share-ready": "Share ready",
+  "upload.modal.completed.notified-reverse-share-creator": "We have notified the creator of the reverse share. You can also manually share this link with them through other means.",

  // END /upload

@@ -354,6 +364,8 @@ export default {
  "share.error.not-found.title": "Share not found",
  "share.error.not-found.description":
    "The share you're looking for doesn't exist.",
+  "share.error.access-denied.title": "Private share",
+  "share.error.access-denied.description": "The current account does not have permission to access this share",

  "share.modal.password.title": "Password required",
  "share.modal.password.description":
@@ -399,9 +411,8 @@ export default {
  "admin.config.general.show-home-page": "Show home page",
  "admin.config.general.show-home-page.description":
    "Whether to show the home page",
-  "admin.config.general.session-duration": 
-    "Session Duration",
-  "admin.config.general.session-duration.description": 
+  "admin.config.general.session-duration": "Session Duration",
+  "admin.config.general.session-duration.description":
    "Time in hours after which a user must log in again (default: 3 months).",
  "admin.config.general.logo": "Logo",
  "admin.config.general.logo.description":
@@ -453,9 +464,11 @@ export default {
  "admin.config.share.zip-compression-level.description":
    "Adjust the level to balance between file size and compression speed. Valid values range from 0 to 9, with 0 being no compression and 9 being maximum compression. ",
  "admin.config.share.chunk-size": "Chunk size",
-  "admin.config.share.chunk-size.description": "Adjust the chunk size (in bytes) for your uploads to balance efficiency and reliability according to your internet connection. Smaller chunks can enhance success rates for unstable connections, while larger chunks speed up uploads for stable connections.",
+  "admin.config.share.chunk-size.description":
+    "Adjust the chunk size (in bytes) for your uploads to balance efficiency and reliability according to your internet connection. Smaller chunks can enhance success rates for unstable connections, while larger chunks speed up uploads for stable connections.",
  "admin.config.share.auto-open-share-modal": "Auto open create share modal",
-  "admin.config.share.auto-open-share-modal.description": "The share creation modal automatically appears when a user selects files, eliminating the need to manually click the button.",
+  "admin.config.share.auto-open-share-modal.description":
+    "The share creation modal automatically appears when a user selects files, eliminating the need to manually click the button.",

  "admin.config.smtp.enabled": "Enabled",
  "admin.config.smtp.enabled.description":
@@ -472,6 +485,10 @@ export default {
  "admin.config.smtp.password": "Password",
  "admin.config.smtp.password.description": "Password of the SMTP server",
  "admin.config.smtp.button.test": "Send test email",
+  "admin.config.smtp.allow-unauthorized-certificates":
+    "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description":
+    "Only set this to true if you need to trust self signed certificates.",

  "admin.config.oauth.allow-registration": "Allow registration",
  "admin.config.oauth.allow-registration.description":
@@ -479,6 +496,9 @@ export default {
  "admin.config.oauth.ignore-totp": "Ignore TOTP",
  "admin.config.oauth.ignore-totp.description":
    "Whether to ignore TOTP when user using social login",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description":
+    "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description":
    "Whether GitHub login is enabled",
@@ -530,6 +550,19 @@ export default {
  "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
  "admin.config.oauth.oidc-username-claim.description":
    "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description":
+    "Must be a valid JMES path referencing an array of roles. " +
+    "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " +
+    "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description":
+    "Role required for general access. Must be present in a user’s roles for them to log in. " +
+    "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description":
+    "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " +
+    "Leave it blank if you don't know what this config is.",
  "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
  "admin.config.oauth.oidc-client-id.description":
    "Client ID of the OpenID Connect OAuth app",
@@ -558,7 +591,7 @@ export default {
  "error.msg.not_linked": "This {0} account haven't linked to any account yet.",
  "error.msg.unverified_account":
    "This {0} account is unverified, please try again after verification.",
-  "error.msg.discord_guild_permission_denied":
+  "error.msg.user_not_allowed":
    "You are not allowed to sign in.",
  "error.msg.cannot_get_user_info":
    "Can not get your user info from this {0} account.",
--- a/frontend/src/i18n/translations/es-ES.ts
+++ b/frontend/src/i18n/translations/es-ES.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "Se requiere autenticación de dos factores",
  "signIn.notify.totp-required.description": "Por favor ingrese su código de autenticación de dos factores",
  "signIn.oauth.or": "O",
+  "signIn.oauth.signInWith": "Sign in with",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "Contraseña",
  "admin.config.smtp.password.description": "Contraseña del servidor SMTP",
  "admin.config.smtp.button.test": "Enviar correo de prueba",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
  "admin.config.oauth.allow-registration": "Permitir registro",
  "admin.config.oauth.allow-registration.description": "Permitir a los usuarios registrarse mediante login social",
  "admin.config.oauth.ignore-totp": "Ignorar TOTP",
  "admin.config.oauth.ignore-totp.description": "Ignorar TOTP cuando el usuario utiliza inicio de sesión social",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "Si el inicio de sesión de GitHub está habilitado",
  "admin.config.oauth.github-client-id": "ID del Cliente de GitHub",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
  "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
  "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
  "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
  "admin.config.oauth.oidc-client-id.description": "Client ID of the OpenID Connect OAuth app",
  "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
@@ -402,7 +413,7 @@ export default {
  "error.msg.already_linked": "Esta cuenta {0} ya está vinculada a otra cuenta.",
  "error.msg.not_linked": "Esta cuenta {0} aún no ha sido vinculada a ninguna cuenta.",
  "error.msg.unverified_account": "Esta cuenta {0} no está verificada, por favor inténtalo de nuevo después de la verificación.",
-  "error.msg.discord_guild_permission_denied": "No tienes permitido iniciar sesion.",
+  "error.msg.user_not_allowed": "No tienes permitido iniciar sesion.",
  "error.msg.cannot_get_user_info": "No se puede obtener la información de usuario de la cuenta {0}.",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
--- a/frontend/src/i18n/translations/fi-FI.ts
+++ b/frontend/src/i18n/translations/fi-FI.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "Kaksivaiheinen tunnistautuminen vaadittu",
  "signIn.notify.totp-required.description": "Syötä kaksivaiheisen tunnistautumisen koodi tähän",
  "signIn.oauth.or": "OR",
+  "signIn.oauth.signInWith": "Sign in with",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "Salasana",
  "admin.config.smtp.password.description": "SMTP palvelimen salasana",
  "admin.config.smtp.button.test": "Lähetä testisähköposti",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
  "admin.config.oauth.allow-registration": "Allow registration",
  "admin.config.oauth.allow-registration.description": "Allow users to register via social login",
  "admin.config.oauth.ignore-totp": "Ignore TOTP",
  "admin.config.oauth.ignore-totp.description": "Whether to ignore TOTP when user using social login",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "Whether GitHub login is enabled",
  "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
  "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
  "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
  "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
  "admin.config.oauth.oidc-client-id.description": "Client ID of the OpenID Connect OAuth app",
  "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
@@ -402,7 +413,7 @@ export default {
  "error.msg.already_linked": "This {0} account is already linked to another account.",
  "error.msg.not_linked": "This {0} account haven't linked to any account yet.",
  "error.msg.unverified_account": "This {0} account is unverified, please try again after verification.",
-  "error.msg.discord_guild_permission_denied": "You are not allowed to sign in.",
+  "error.msg.user_not_allowed": "You are not allowed to sign in.",
  "error.msg.cannot_get_user_info": "Can not get your user info from this {0} account.",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
--- a/frontend/src/i18n/translations/fr-FR.ts
+++ b/frontend/src/i18n/translations/fr-FR.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "Une authentification à deux facteurs est requise",
  "signIn.notify.totp-required.description": "Veuillez entrer votre code d'authentification à deux facteurs",
  "signIn.oauth.or": "OU",
+  "signIn.oauth.signInWith": "Se connecter avec",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -294,8 +295,8 @@ export default {
  "admin.config.general.app-url.description": "Depuis quel URL le partage Pingvin est disponible",
  "admin.config.general.show-home-page": "Afficher la page d’accueil",
  "admin.config.general.show-home-page.description": "Afficher ou non la page d’accueil",
-  "admin.config.general.session-duration": "Session Duration",
-  "admin.config.general.session-duration.description": "Time in hours after which a user must log in again (default: 3 months).",
+  "admin.config.general.session-duration": "Durée de la session",
+  "admin.config.general.session-duration.description": "Nombre d’heures après lesquelles un utilisateur doit se reconnecter (par défaut : 3 mois).",
  "admin.config.general.logo": "Logo",
  "admin.config.general.logo.description": "Changez de logo en envoyant une nouvelle image. L’image doit être au format PNG et doit avoir un ratio 1:1.",
  "admin.config.general.logo.placeholder": "Sélectionner une image",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "Mot de passe",
  "admin.config.smtp.password.description": "Mot de passe du serveur SMTP",
  "admin.config.smtp.button.test": "Envoyer un courriel de test",
+  "admin.config.smtp.allow-unauthorized-certificates": "Faire confiance aux certificats de serveurs SMTP non autorisés",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Ne permettez ceci que si vous avez besoin de faire confiance aux certificats autosignés.",
  "admin.config.oauth.allow-registration": "Autoriser l’inscription",
  "admin.config.oauth.allow-registration.description": "Permettre aux utilisateurs de s’inscrire via leur identifiant social",
  "admin.config.oauth.ignore-totp": "Ignorer TOTP",
  "admin.config.oauth.ignore-totp.description": "Ignorer le TOTP lorsque l’utilisateur utilise un identifiant social.",
+  "admin.config.oauth.disable-password": "Désactiver la connexion par mot de passe",
+  "admin.config.oauth.disable-password.description": "Désactive la connexion par mot de passe\nAssurez-vous qu’un fournisseur OAuth soit correctement configuré avant d’activer cette configuration pour éviter d'être enfermé.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "Permettre la connexion via GitHub.",
  "admin.config.oauth.github-client-id": "ID client de GitHub",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "L’URI de découverte de la connexion à l'application OpenID OAuth",
  "admin.config.oauth.oidc-username-claim": "Revendication du nom d’utilisateur OpenID",
  "admin.config.oauth.oidc-username-claim.description": "Le champ contenant la revendication du nom d’utilisateur dans le jeton OpenID Connect. Laissez vide si vous ne savez pas quoi indiquer.",
+  "admin.config.oauth.oidc-role-path": "Chemin vers les rôles dans le jeton OpenID Connect",
+  "admin.config.oauth.oidc-role-path.description": "Doit être un chemin JMES valide référençant un tableau de rôles. " + "La gestion des droits d'accès en utilisant les rôles OpenID Connect n'est recommandée que si aucun autre fournisseur d'identité n'est configuré et que la connexion par mot de passe est désactivée. " + "Laissez vide si vous ne savez pas ce qu'est cette configuration.",
+  "admin.config.oauth.oidc-role-general-access": "Rôle OpenID Connect pour un accès général",
+  "admin.config.oauth.oidc-role-general-access.description": "Rôle requis pour un accès général. Doit être présent dans les rôles d'un utilisateur pour qu'il se connecte. " + "Laissez vide si vous ne savez pas ce qu'est cette configuration.",
+  "admin.config.oauth.oidc-role-admin-access": "Rôle OpenID Connect pour l'accès admin",
+  "admin.config.oauth.oidc-role-admin-access.description": "Rôle requis pour l'accès administratif. Doit être présent dans les rôles d'un utilisateur pour accéder au panneau d'administration. " + "Laissez vide si vous ne savez pas ce qu'est cette configuration.",
  "admin.config.oauth.oidc-client-id": "ID du client OpenID",
  "admin.config.oauth.oidc-client-id.description": "L’ID du client de l’application OAuth OpenID Connect",
  "admin.config.oauth.oidc-client-secret": "Secret du client OpenID",
@@ -402,7 +413,7 @@ export default {
  "error.msg.already_linked": "Le compte {0} est déjà associé à un autre compte.",
  "error.msg.not_linked": "Le compte {0} n’est pas encore associé à compte.",
  "error.msg.unverified_account": "Le compte {0} n'est pas vérifié, veuillez réessayer après vérification.",
-  "error.msg.discord_guild_permission_denied": "Vous n’êtes pas autorisé à vous authentifier.",
+  "error.msg.user_not_allowed": "Vous n’êtes pas autorisé à vous authentifier.",
  "error.msg.cannot_get_user_info": "Impossible d’obtenir vos informations utilisateur à partir du compte {0}.",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
--- a/frontend/src/i18n/translations/hu-HU.ts
+++ b/frontend/src/i18n/translations/hu-HU.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "Kétfaktoros hitelesítésre van szükség",
  "signIn.notify.totp-required.description": "Adja meg a másik úton kapott kódját",
  "signIn.oauth.or": "VAGY",
+  "signIn.oauth.signInWith": "Bejelentkezés a következővel",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -294,8 +295,8 @@ export default {
  "admin.config.general.app-url.description": "A Pingvin Share megosztáskezelőre mutató hivatkozás",
  "admin.config.general.show-home-page": "Kezdőlap mutatása",
  "admin.config.general.show-home-page.description": "A kezdőlap mutatásának ki- és bekapcsolása",
-  "admin.config.general.session-duration": "Session Duration",
-  "admin.config.general.session-duration.description": "Time in hours after which a user must log in again (default: 3 months).",
+  "admin.config.general.session-duration": "Munkamenet időtartama",
+  "admin.config.general.session-duration.description": "Annak az időtartamnak a megadása, amit követően a felhasználónak ismét be kell jelentkeznie (alapérték: 3 hónap).",
  "admin.config.general.logo": "Logó",
  "admin.config.general.logo.description": "A logó személyessé tételéhez töltsön fel egy új képet. A formátum legyen PNG, az oldalarány 1:1.",
  "admin.config.general.logo.placeholder": "Kép kiválasztása",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "Jelszó",
  "admin.config.smtp.password.description": "Jelszó az SMTP kiszolgálón",
  "admin.config.smtp.button.test": "Teszt email küldése",
+  "admin.config.smtp.allow-unauthorized-certificates": "A jogosulatlan SMTP kiszolgáló tanúsítványok is megbízhatók",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Csak akkor engedélyezze ha saját aláírású tanúsítványok elfogadása is szükséges.",
  "admin.config.oauth.allow-registration": "Regisztráció engedélyezése",
  "admin.config.oauth.allow-registration.description": "A felhasználók közösségi bejelentkezésen át is regisztrálhatnak",
  "admin.config.oauth.ignore-totp": "TOTP mellőzése",
  "admin.config.oauth.ignore-totp.description": "TOTP mellőzése a közösségi bejelentkezést használó felhasználónál",
+  "admin.config.oauth.disable-password": "Jelszavas bejelentkezés letiltása",
+  "admin.config.oauth.disable-password.description": "A jelszavas bejelentkezés be- és kikapcsolása\nA letiltás előtt a kizáródás elkerülésére mindenképpen ellenőrizendő az OAuth szolgáltató megfelelő konfigurációja.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "GitHub bejelentkezés engedélyezése",
  "admin.config.oauth.github-client-id": "GitHub ügyfél ID",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "Az OpenID Connect OAuth applikáció Discovery URI azonosítója",
  "admin.config.oauth.oidc-username-claim": "OpenID Connect felhasználónév igény",
  "admin.config.oauth.oidc-username-claim.description": "Az OpenID Connect ID token felhasználónév igénye. Hagyja üresen ha nincs információja a beállításról.",
+  "admin.config.oauth.oidc-role-path": "Az OpenID Connect token szerepeinek elérési útvonala",
+  "admin.config.oauth.oidc-role-path.description": "Szerepkörökből álló tömbre hivatkozó érvényes JMES-útvonalnak kell lennie. " + "A belépési jogosultságok kezelésére az OpenID Connect szerepkörök csak más azonosító szolgáltatások hiányában és a jelszavas bejelentkezés letiltottsága mellett javasolt. " + "Hagyja üresen, ha nem tudja, mi ez a konfiguráció.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect szerepkör általános hozzáféréshez",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Hagyja üresen, ha nem tudja, mi ez a konfiguráció.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect szerepkör admin hozzáféréshez",
+  "admin.config.oauth.oidc-role-admin-access.description": "A rendszergazdai hozzáféréshez szükséges szerepkör. Meg kell lennie a felhasználó szerepkörében ahhoz, hogy hozzáférhessen az adminisztrációs panelhez. " + "Hagyja üresen, ha nem tudja, mi ez a konfiguráció.",
  "admin.config.oauth.oidc-client-id": "OpenID Connect ügyfél ID azonosító",
  "admin.config.oauth.oidc-client-id.description": "Az OpenID Connect OAuth applikáció ügyfél ID azonosítója",
  "admin.config.oauth.oidc-client-secret": "OpenID Connect ügyfél titok",
@@ -402,7 +413,7 @@ export default {
  "error.msg.already_linked": "Ez a(z) {0} fiók már kapcsolódik egy másik fiókhoz.",
  "error.msg.not_linked": "Ez a(z){0} fiók még nem kapcsolódott egyetlen fiókhoz sem.",
  "error.msg.unverified_account": "Ezt a(z) {0} fiókot még nem igazolták vissza, kérem próbálja újra a megerősítés után.",
-  "error.msg.discord_guild_permission_denied": "Nem jelentkezhet be.",
+  "error.msg.user_not_allowed": "Nem jelentkezhet be.",
  "error.msg.cannot_get_user_info": "Nem nyerhető ki felhasználói információ ebből a(z) {0} fiókból.",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
--- a/frontend/src/i18n/translations/it-IT.ts
+++ b/frontend/src/i18n/translations/it-IT.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "Autenticazione a due fattori richiesta",
  "signIn.notify.totp-required.description": "Inserisci il tuo codice di autenticazione a due fattori",
  "signIn.oauth.or": "OPPURE",
+  "signIn.oauth.signInWith": "Registrati con",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "Password",
  "admin.config.smtp.password.description": "Password del server SMTP",
  "admin.config.smtp.button.test": "Invia e-mail di prova",
+  "admin.config.smtp.allow-unauthorized-certificates": "Fidati di certificati server SMTP non autorizzati",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Imposta il parametro a \"vero\" solo se vuoi fidarti di certificati self signed.",
  "admin.config.oauth.allow-registration": "Consenti la registrazione",
  "admin.config.oauth.allow-registration.description": "Consenti agli utenti di registrarsi tramite social login",
  "admin.config.oauth.ignore-totp": "Ignora TOTP",
  "admin.config.oauth.ignore-totp.description": "Indica se ignorare TOTP quando l'utente utilizza il social login",
+  "admin.config.oauth.disable-password": "Disabilita l'accesso tramite password",
+  "admin.config.oauth.disable-password.description": "Nel caso di disabilitazione della password di accesso\nAssicurarti di aver configurato correttamente un provider OAuth prima di attivare questa configurazione, per evitare di essere bloccato fuori dal servizio.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "Se l'accesso tramite GitHub è abilitato",
  "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "URI di scoperta dell'app OAuth di OpenID Connect",
  "admin.config.oauth.oidc-username-claim": "Richiesta nome utente OpenID Connect",
  "admin.config.oauth.oidc-username-claim.description": "Nome utente nel token OpenID Connect. Lascialo vuoto se non sai cos'è questa configurazione.",
+  "admin.config.oauth.oidc-role-path": "Percorso verso i ruoli in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Deve essere un percorso JMES valido che faccia riferimento a una serie di ruoli. " + "La gestione dei diritti di accesso utilizzando i ruoli OpenID Connect è consigliata solo se nessun altro provider d'identità è configurato e l'accesso tramite password è disabilitato. " + "Lascialo vuoto se non sai cosa sia questa configurazione.",
+  "admin.config.oauth.oidc-role-general-access": "Ruolo OpenID Connect per l'accesso generale",
+  "admin.config.oauth.oidc-role-general-access.description": "Ruolo richiesto per l'accesso generale. Deve essere presente nei ruoli di un utente affinché possa accedere. " + "Lascialo vuoto se non sai cosa sia questa configurazione.",
+  "admin.config.oauth.oidc-role-admin-access": "Ruolo OpenID Connect per l'accesso amministrativo",
+  "admin.config.oauth.oidc-role-admin-access.description": "Ruolo richiesto per l'accesso amministrativo. Deve essere presente nei ruoli di un utente per accedere al pannello di amministrazione. " + "Lascialo vuoto se non sai cosa sia questa configurazione.",
  "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
  "admin.config.oauth.oidc-client-id.description": "Client ID dell'app OAuth di OpenID Connect",
  "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
@@ -402,7 +413,7 @@ export default {
  "error.msg.already_linked": "Questo account {0} è già collegato ad un altro account.",
  "error.msg.not_linked": "Questo account {0} non è ancora collegato ad alcun account.",
  "error.msg.unverified_account": "Questo account {0} non è verificato, per favore riprova dopo la verifica.",
-  "error.msg.discord_guild_permission_denied": "Non sei autorizzato ad accedere.",
+  "error.msg.user_not_allowed": "Non sei autorizzato ad accedere.",
  "error.msg.cannot_get_user_info": "Non è possibile ottenere le informazioni utente da questo account {0}.",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
--- a/frontend/src/i18n/translations/ja-JP.ts
+++ b/frontend/src/i18n/translations/ja-JP.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "二段階認証が必要です",
  "signIn.notify.totp-required.description": "二段階認証コードを入力してください",
  "signIn.oauth.or": "または",
+  "signIn.oauth.signInWith": "サインインの方法",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -57,7 +58,7 @@ export default {
  // /auth/reset-password
  "resetPassword.title": "パスワードを忘れてしまいましたか？",
  "resetPassword.description": "登録しているメールアドレスを入力してください。",
-  "resetPassword.notify.success": "A message with a link to reset your password has been sent if the email exists.",
+  "resetPassword.notify.success": "電子メールが存在する場合、パスワードをリセットするためのリンクを含むメッセージが送信されました。",
  "resetPassword.button.back": "サインインページに戻る",
  "resetPassword.text.resetPassword": "パスワードをリセット",
  "resetPassword.text.enterNewPassword": "新規パスワードを入力",
@@ -169,7 +170,7 @@ export default {
  // /admin
  "admin.title": "管理画面",
  "admin.button.users": "ユーザー管理",
-  "admin.button.shares": "Share management",
+  "admin.button.shares": "共有管理",
  "admin.button.config": "設定",
  "admin.version": "バージョン",
  // END /admin
@@ -197,13 +198,13 @@ export default {
  "admin.users.modal.create.admin.description": "チェックされている場合、ユーザーは管理画面にアクセスできるようになります。",
  // END /admin/users
  // /admin/shares
-  "admin.shares.title": "Share management",
-  "admin.shares.table.id": "Share ID",
-  "admin.shares.table.username": "Creator",
-  "admin.shares.table.visitors": "Visitors",
-  "admin.shares.table.expires": "Expires At",
-  "admin.shares.edit.delete.title": "Delete share {id}",
-  "admin.shares.edit.delete.description": "Do you really want to delete this share?",
+  "admin.shares.title": "共有管理",
+  "admin.shares.table.id": "共有ID",
+  "admin.shares.table.username": "作成者",
+  "admin.shares.table.visitors": "訪問者",
+  "admin.shares.table.expires": "有効期限",
+  "admin.shares.edit.delete.title": "共有 {id} を削除",
+  "admin.shares.edit.delete.description": "この共有を削除してもよろしいですか？",
  // END /admin/shares
  // /upload
  "upload.title": "アップロード",
@@ -239,9 +240,9 @@ export default {
  "upload.modal.expires.month-plural": "ヶ月間",
  "upload.modal.expires.year-singular": "年間",
  "upload.modal.expires.year-plural": "年間",
-  "upload.modal.accordion.name-and-description.title": "Name and description",
-  "upload.modal.accordion.name-and-description.name.placeholder": "Name",
-  "upload.modal.accordion.name-and-description.description.placeholder": "Note for the recipients of this share",
+  "upload.modal.accordion.name-and-description.title": "名前と説明",
+  "upload.modal.accordion.name-and-description.name.placeholder": "名前",
+  "upload.modal.accordion.name-and-description.description.placeholder": "この共有に関する受信者へのメモ",
  "upload.modal.accordion.email.title": "メールで受け取る相手",
  "upload.modal.accordion.email.placeholder": "メールの宛先を入力",
  "upload.modal.accordion.email.invalid-email": "無効なメールアドレスです",
@@ -273,7 +274,7 @@ export default {
  "share.table.name": "ファイル名",
  "share.table.size": "サイズ",
  "share.modal.file-preview.error.not-supported.title": "プレビューに対応していません",
-  "share.modal.file-preview.error.not-supported.description": "A preview for this file type is unsupported. Please download the file to view it.",
+  "share.modal.file-preview.error.not-supported.description": "このファイルタイプのプレビューはサポートされていません。ファイルをダウンロードして表示してください。",
  // END /share/[id]
  // /share/[id]/edit
  "share.edit.title": "編集 {shareId}",
@@ -294,8 +295,8 @@ export default {
  "admin.config.general.app-url.description": "Pingvin Shareで利用できるURL",
  "admin.config.general.show-home-page": "ホームページを表示する",
  "admin.config.general.show-home-page.description": "ホームページを表示するかどうか選択",
-  "admin.config.general.session-duration": "Session Duration",
-  "admin.config.general.session-duration.description": "Time in hours after which a user must log in again (default: 3 months).",
+  "admin.config.general.session-duration": "セッション期間",
+  "admin.config.general.session-duration.description": "ユーザーが再度ログインする必要がある時間（時間単位）（デフォルト: 3 か月）。",
  "admin.config.general.logo": "ロゴ",
  "admin.config.general.logo.description": "新しい画像をアップロードしてロゴを変更できます。画像は、PNG形式でアスペクト比が1:1である必要があります。",
  "admin.config.general.logo.placeholder": "画像を選択",
@@ -327,10 +328,10 @@ export default {
  "admin.config.share.max-size.description": "最大ファイルサイズ（byte単位）",
  "admin.config.share.zip-compression-level": "Zip圧縮レベル",
  "admin.config.share.zip-compression-level.description": "ファイルサイズと圧縮速度のバランスを取るように、レベルを調整できます。有効な値は0～9の間で、0が無圧縮、9で最大限の圧縮となります。 ",
-  "admin.config.share.chunk-size": "Chunk size",
-  "admin.config.share.chunk-size.description": "Adjust the chunk size (in bytes) for your uploads to balance efficiency and reliability according to your internet connection. Smaller chunks can enhance success rates for unstable connections, while larger chunks speed up uploads for stable connections.",
-  "admin.config.share.auto-open-share-modal": "Auto open create share modal",
-  "admin.config.share.auto-open-share-modal.description": "The share creation modal automatically appears when a user selects files, eliminating the need to manually click the button.",
+  "admin.config.share.chunk-size": "チャンクサイズ",
+  "admin.config.share.chunk-size.description": "インターネット接続に応じてアップロードのチャンクサイズ（バイト単位）を調整し、効率と信頼性のバランスを取ってください。不安定な接続の場合、チャンクサイズを小さくすることでアップロード成功率を高めることができ、安定した接続の場合、チャンクサイズを大きくすることでアップロード速度を速めることができます。",
+  "admin.config.share.auto-open-share-modal": "共有モーダルを自動的に開く",
+  "admin.config.share.auto-open-share-modal.description": "ユーザーがファイルを選択すると、共有作成モーダルが自動的に表示されるため、手動でボタンをクリックする必要がありません。",
  "admin.config.smtp.enabled": "有効",
  "admin.config.smtp.enabled.description": "SMTPを有効にするかどうかを選択してください。SMTPサーバーのホスト名、ポート番号、電子メールアドレス、ユーザー名、パスワードが入力されている場合にのみ、有効にしてください。",
  "admin.config.smtp.host": "ホスト名",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "パスワード",
  "admin.config.smtp.password.description": "SMTPサーバーのパスワード",
  "admin.config.smtp.button.test": "テストメールを送信",
+  "admin.config.smtp.allow-unauthorized-certificates": "許可されていない SMTP サーバー証明書を信頼します",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "自己署名証明書を信頼する必要がある場合にのみ、これをtrueに設定してください。",
  "admin.config.oauth.allow-registration": "登録を許可する",
  "admin.config.oauth.allow-registration.description": "ユーザーにソーシャルアカウント経由での登録を許可します",
  "admin.config.oauth.ignore-totp": "二段階認証を無視する",
  "admin.config.oauth.ignore-totp.description": "ソーシャルログイン時に二段階認証を無視するかどうかを設定します",
+  "admin.config.oauth.disable-password": "パスワードログインを無効にする",
+  "admin.config.oauth.disable-password.description": "パスワードログインを無効にするかどうか\nロックアウトされないように、この設定を有効にする前にOAuthプロバイダーが適切に設定されていることを確認してください。",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "GitHubアカウントを使用したログインを許可するかどうかを設定します",
  "admin.config.oauth.github-client-id": "GitHub クライアントID",
@@ -370,22 +375,28 @@ export default {
  "admin.config.oauth.microsoft-client-secret.description": "Microsoft OAuthアプリのクライアントシークレット",
  "admin.config.oauth.discord-enabled": "Discord",
  "admin.config.oauth.discord-enabled.description": "Discordアカウントを使用したログインを許可するかどうかを設定します",
-  "admin.config.oauth.discord-limited-guild": "Discord limited server ID",
-  "admin.config.oauth.discord-limited-guild.description": "Limit signing in to users in a specific server. Leave it blank to disable.",
+  "admin.config.oauth.discord-limited-guild": "Discord限定サーバーID",
+  "admin.config.oauth.discord-limited-guild.description": "特定のサーバーのユーザーにサインインを制限します。無効にするには空白のままにしてください。",
  "admin.config.oauth.discord-client-id": "Discord クライアントID",
  "admin.config.oauth.discord-client-id.description": "Discord OAuthアプリのクライアントID",
  "admin.config.oauth.discord-client-secret": "Discord クライアントシークレット",
  "admin.config.oauth.discord-client-secret.description": "Discord OAuthアプリのクライアントシークレット",
  "admin.config.oauth.oidc-enabled": "OpenID Connect",
-  "admin.config.oauth.oidc-enabled.description": "Whether OpenID Connect login is enabled",
+  "admin.config.oauth.oidc-enabled.description": "OpenID Connect のログインが有効かを設定します",
  "admin.config.oauth.oidc-discovery-uri": "OpenID Connect Discovery URI",
-  "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
-  "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
-  "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
-  "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
-  "admin.config.oauth.oidc-client-id.description": "Client ID of the OpenID Connect OAuth app",
+  "admin.config.oauth.oidc-discovery-uri.description": "OpenID OAuthアプリのDiscovery URI",
+  "admin.config.oauth.oidc-username-claim": "OpenID Connect ユーザー名の要求",
+  "admin.config.oauth.oidc-username-claim.description": "OpenID Connect ID トークンのユーザー名要求。この設定が何かわからない場合は空白のままにしてください。",
+  "admin.config.oauth.oidc-role-path": "OpenID Connectトークンのロールへのパス",
+  "admin.config.oauth.oidc-role-path.description": "ロールの配列を参照する有効なJMESパスでなければなりません。" + "OpenID Connectのロールを使用してアクセス権を管理することは、他のIDプロバイダが設定されておらず、パスワードログインが無効になっている場合にのみ推奨されます。この構成がわからない場合は空白のままにしてください。" + "この設定が何であるか分からない場合は空白のままにしてください。",
+  "admin.config.oauth.oidc-role-general-access": "一般的なアクセスのためのOpenID Connectのロール",
+  "admin.config.oauth.oidc-role-general-access.description": "一般的なアクセスに必要なロール。ログインするユーザーのロールに存在する必要があります。 " + "この設定が何であるか分からない場合は空白のままにしてください。",
+  "admin.config.oauth.oidc-role-admin-access": "管理者アクセスのための OpenID Connectのロール",
+  "admin.config.oauth.oidc-role-admin-access.description": "管理者アクセスに必要なロール。管理パネルにアクセスするためには、ユーザのロールに存在する必要があります。" + "この設定が何であるか分からない場合は空白のままにしてください。",
+  "admin.config.oauth.oidc-client-id": "OpenID Connect クライアントID",
+  "admin.config.oauth.oidc-client-id.description": "OpenID Connect OAuth アプリのクライアント ID",
  "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
-  "admin.config.oauth.oidc-client-secret.description": "Client secret of the OpenID Connect OAuth app",
+  "admin.config.oauth.oidc-client-secret.description": "OpenID Connect OAuthアプリのクライアントシークレット",
  // 404
  "404.description": "ページが見つかりません。",
  "404.button.home": "ホームに戻る",
@@ -396,14 +407,14 @@ export default {
  "error.msg.default": "問題が発生しました。",
  "error.msg.access_denied": "認証処理を中止しました、後で再度お試しください。",
  "error.msg.expired_token": "認証処理に時間がかかりすぎています、後で再度お試しください。",
-  "error.msg.invalid_token": "Internal Error",
+  "error.msg.invalid_token": "内部エラー",
  "error.msg.no_user": "この{0} アカウントにリンクしたユーザーが存在しません。",
  "error.msg.no_email": "この{0} アカウントからメールアドレスを取得出来ません。",
  "error.msg.already_linked": "この{0} アカウントは、既に別のアカウントにリンクされています。",
  "error.msg.not_linked": "この{0} アカウントはどのアカウントにもリンクされていません。",
-  "error.msg.unverified_account": "This {0} account is unverified, please try again after verification.",
-  "error.msg.discord_guild_permission_denied": "You are not allowed to sign in.",
-  "error.msg.cannot_get_user_info": "Can not get your user info from this {0} account.",
+  "error.msg.unverified_account": "この {0} アカウントは認証されていません。認証後にもう一度お試しください。",
+  "error.msg.user_not_allowed": "サインインできません。",
+  "error.msg.cannot_get_user_info": "この {0} アカウントからユーザー情報を取得できません。",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
  "error.param.provider_microsoft": "Microsoft",
@@ -421,10 +432,10 @@ export default {
  "common.button.generate": "生成",
  "common.button.done": "完了",
  "common.text.link": "リンク",
-  "common.text.navigate-to-link": "Go to the link",
+  "common.text.navigate-to-link": "リンクへ移動",
  "common.text.or": "または",
  "common.button.go-back": "戻る",
-  "common.button.go-home": "Go home",
+  "common.button.go-home": "ホームに戻る",
  "common.notify.copied": "リンクをクリップボードにコピーしました",
  "common.success": "成功",
  "common.error": "エラー",
--- a/frontend/src/i18n/translations/ko-KR.ts
+++ b/frontend/src/i18n/translations/ko-KR.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "2단계 인증이 필요합니다",
  "signIn.notify.totp-required.description": "2단계 인증 코드를 입력해주세요",
  "signIn.oauth.or": "또는",
+  "signIn.oauth.signInWith": "Sign in with",
  "signIn.oauth.github": "깃허브",
  "signIn.oauth.google": "구글",
  "signIn.oauth.microsoft": "마이크로소프트",
@@ -44,10 +45,10 @@ export default {
  "signup.title": "계정 만들기",
  "signup.description": "이미 계정이 있으신가요?",
  "signup.button.signin": "로그인",
-  "signup.input.username": "사용자 이름",
-  "signup.input.username.placeholder": "당신의 사용지 이름",
+  "signup.input.username": "사용자명",
+  "signup.input.username.placeholder": "귀하의 사용자명",
  "signup.input.email": "이메일",
-  "signup.input.email.placeholder": "당신의 이메일",
+  "signup.input.email.placeholder": "귀하의 이메일",
  "signup.button.submit": "시작하기",
  // END /auth/signup
  // /auth/totp
@@ -258,13 +259,13 @@ export default {
  // /share/[id]
  "share.title": "공유 {shareId}",
  "share.description": "내가 당신과 공유한 것을 보세요!",
-  "share.error.visitor-limit-exceeded.title": "방문자 제한 초과",
-  "share.error.visitor-limit-exceeded.description": "The visitor limit from this share has been exceeded.",
+  "share.error.visitor-limit-exceeded.title": "방문자 한도 초과",
+  "share.error.visitor-limit-exceeded.description": "이 공유의 방문자 한도를 초과했습니다.",
  "share.error.removed.title": "공유가 삭제됨",
  "share.error.not-found.title": "공유를 찾을 수 없습니다.",
  "share.error.not-found.description": "당신이 찾는 공유는 존재하지 않습니다.",
  "share.modal.password.title": "비밀번호 필요",
-  "share.modal.password.description": "이 공유에 액세스하려면 공유의 암호를 입력하십시오.",
+  "share.modal.password.description": "이 공유에 접근하려면 공유의 암호를 입력하십시오.",
  "share.modal.password": "비밀번호",
  "share.modal.error.invalid-password": "잘못된 비밀번호",
  "share.button.download-all": "모두 다운로드",
@@ -289,13 +290,13 @@ export default {
  "admin.config.category.smtp": "SMTP",
  "admin.config.category.oauth": "소셜 로그인",
  "admin.config.general.app-name": "앱 이름",
-  "admin.config.general.app-name.description": "Name of the application",
+  "admin.config.general.app-name.description": "이 앱의 이름",
  "admin.config.general.app-url": "앱 URL",
  "admin.config.general.app-url.description": "Pingvin Share를 사용할 수 있는 URL",
  "admin.config.general.show-home-page": "홈 페이지 표시",
-  "admin.config.general.show-home-page.description": "홈 페이지를 표시할지 여부를 점검하십시오.",
-  "admin.config.general.session-duration": "Session Duration",
-  "admin.config.general.session-duration.description": "Time in hours after which a user must log in again (default: 3 months).",
+  "admin.config.general.show-home-page.description": "홈 페이지를 표시할지 여부",
+  "admin.config.general.session-duration": "세션 기간",
+  "admin.config.general.session-duration.description": "사용자가 다시 로그인해야 하는 시간 (기본값: 3개월)",
  "admin.config.general.logo": "로고",
  "admin.config.general.logo.description": "새 이미지를 업로드하여 로고를 변경하십시오. 이미지는 PNG여야 하며 1:1 비율이어야 합니다.",
  "admin.config.general.logo.placeholder": "이미지 선택",
@@ -305,9 +306,9 @@ export default {
  "admin.config.email.share-recipients-subject.description": "공유 수신자에게 전송되는 이메일의 제목입니다.",
  "admin.config.email.share-recipients-message": "수신자 메시지 공유",
  "admin.config.email.share-recipients-message.description": "공유 수신자에게 보내는 메시지입니다. 사용 가능한 변수:\n {creator} - 공유 작성자의 사용자 이름\n {shareUrl} - 공유의 URL\n {desc} - 공유에 대한 설명\n {expires} - 공유 만료일\n 변수는 실제 값으로 대체됩니다.",
-  "admin.config.email.reverse-share-subject": "역공유 제목",
+  "admin.config.email.reverse-share-subject": "역방향 공유 제목",
  "admin.config.email.reverse-share-subject.description": "누군가 당신이 공유한 역방향 공유 링크를 사용하여 공유를 생성했을 때 전송되는 이메일의 제목입니다.",
-  "admin.config.email.reverse-share-message": "역공유 메시지",
+  "admin.config.email.reverse-share-message": "역방향 공유 메시지",
  "admin.config.email.reverse-share-message.description": "누군가 귀하의 역방향 공유 링크를 사용하여 공유를 생성하면 전송되는 메시지입니다.. {shareUrl} 은 작성자 이름 및 공유 URL로 대체됩니다.",
  "admin.config.email.reset-password-subject": "비밀번호 재설정 제목",
  "admin.config.email.reset-password-subject.description": "사용자가 암호 재설정을 요청할 때 전송되는 메일의 제목입니다.",
@@ -321,16 +322,16 @@ export default {
  "admin.config.share.allow-registration.description": "등록 가능 여부",
  "admin.config.share.allow-unauthenticated-shares": "인증되지 않은 공유 허용",
  "admin.config.share.allow-unauthenticated-shares.description": "인증되지 않은 사용자가 공유를 생성할 수 있는지 여부",
-  "admin.config.share.max-expiration": "최대 만료일",
-  "admin.config.share.max-expiration.description": "최대 공유 만료 시간입니다. 만료 기간을 설정하지 않는경우 0으로 설정합니다.",
+  "admin.config.share.max-expiration": "최대 만료 시간",
+  "admin.config.share.max-expiration.description": "공유의 최대 만료 시간. 무제한 만료를 허용하려면 0으로 설정하세요.",
  "admin.config.share.max-size": "최대 크기",
-  "admin.config.share.max-size.description": "공유 최대 크기 - 바이트",
-  "admin.config.share.zip-compression-level": "압축 레벨",
+  "admin.config.share.max-size.description": "공유의 최대 크기 (바이트)",
+  "admin.config.share.zip-compression-level": "Zip 압축 레벨",
  "admin.config.share.zip-compression-level.description": "파일 크기와 압축 속도 간의 균형을 맞추도록 레벨을 조정합니다. 유효한 값의 범위는 0에서 9까지이며, 0은 압축되지 않고 9는 최대 압축입니다. ",
  "admin.config.share.chunk-size": "청크 크기",
  "admin.config.share.chunk-size.description": "업로드할 청크 크기(바이트 단위)를 조정하여 인터넷 연결에 따라 효율성과 신뢰성의 균형을 유지합니다. 더 작은 청크는 불안정한 연결에 대한 성공률을 향상시킬 수 있고, 더 큰 청크는 안정적인 연결에 대한 업로드 속도를 높일 수 있습니다.",
-  "admin.config.share.auto-open-share-modal": "Auto open create share modal",
-  "admin.config.share.auto-open-share-modal.description": "The share creation modal automatically appears when a user selects files, eliminating the need to manually click the button.",
+  "admin.config.share.auto-open-share-modal": "공유 생성 창 자동 열기",
+  "admin.config.share.auto-open-share-modal.description": "사용자가 파일을 선택하면 공유 생성 창이 자동으로 나타나서 버튼을 수동으로 클릭할 필요가 없습니다.",
  "admin.config.smtp.enabled": "활성화됨",
  "admin.config.smtp.enabled.description": "SMTP 사용 여부 SMTP 서버의 호스트, 포트, 전자 메일, 사용자 및 암호를 입력한 경우에만 true로 설정합니다.",
  "admin.config.smtp.host": "호스트",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "비밀번호",
  "admin.config.smtp.password.description": "SMTP 서버 비밀번호",
  "admin.config.smtp.button.test": "테스트 이메일 보내기",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
  "admin.config.oauth.allow-registration": "가입 허용",
  "admin.config.oauth.allow-registration.description": "사용자가 소셜 로그인을 통해 등록할 수 있도록 허용",
  "admin.config.oauth.ignore-totp": "TOTP 무시",
  "admin.config.oauth.ignore-totp.description": "사용자가 소셜 로그인을 사용하는 경우 TOTP를 무시할 것인지 여부",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
  "admin.config.oauth.github-enabled": "깃허브",
  "admin.config.oauth.github-enabled.description": "깃허브 로그인 사용 여부",
  "admin.config.oauth.github-client-id": "GitHub 클라이언트 ID",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
  "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
  "admin.config.oauth.oidc-username-claim.description": "OpenID Connect ID 토큰의 Username claim 입니다. 이 구성이 무엇인지 모르면 비워 둡니다.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
  "admin.config.oauth.oidc-client-id": "OpenID Connect 클라이언트 ID",
  "admin.config.oauth.oidc-client-id.description": "OpenID Connect OAuth 앱의 클라이언트 ID",
  "admin.config.oauth.oidc-client-secret": "OpenID 클라이언트 secret",
@@ -402,7 +413,7 @@ export default {
  "error.msg.already_linked": "이 {0} 계정은 이미 다른 계정에 연결되어 있습니다.",
  "error.msg.not_linked": "이 {0} 계정은 아직 어떤 계정에도 연결되지 않았습니다.",
  "error.msg.unverified_account": "이 {0} 계정은 확인되지 않았습니다. 확인 후 다시 시도하십시오.",
-  "error.msg.discord_guild_permission_denied": "로그인할 수 없습니다.",
+  "error.msg.user_not_allowed": "로그인할 수 없습니다.",
  "error.msg.cannot_get_user_info": "이 {0} 계정에서 사용자 정보를 가져올 수 없습니다",
  "error.param.provider_github": "깃허브",
  "error.param.provider_google": "구글",
--- a/frontend/src/i18n/translations/nl-BE.ts
+++ b/frontend/src/i18n/translations/nl-BE.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "Tweestapsverificatie vereist",
  "signIn.notify.totp-required.description": "Voer uw tweestapsverificatiecode in",
  "signIn.oauth.or": "OF",
+  "signIn.oauth.signInWith": "Sign in with",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "Wachtwoord",
  "admin.config.smtp.password.description": "Wachtwoord van de SMTP-server",
  "admin.config.smtp.button.test": "Teste-mail verzenden",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
  "admin.config.oauth.allow-registration": "Sta registratie toe",
  "admin.config.oauth.allow-registration.description": "Gebruikers toestaan zich te registreren via sociale login",
  "admin.config.oauth.ignore-totp": "TOTP negeren",
  "admin.config.oauth.ignore-totp.description": "TOTP negeren wanneer gebruiker sociale login gebruikt",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "Ofdat GitHub login is ingeschakeld",
  "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI van de OpenID Connect OAuth app",
  "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
  "admin.config.oauth.oidc-username-claim.description": "Gebruikersnaam claim in OpenID Connect-ID-token. Laat het leeg als u niet weet wat deze configuratie is.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
  "admin.config.oauth.oidc-client-id": "Client-ID OpenID Connect",
  "admin.config.oauth.oidc-client-id.description": "Client-ID van de OpenID Connect OAuth app",
  "admin.config.oauth.oidc-client-secret": "OpenID Connect client secret",
@@ -402,7 +413,7 @@ export default {
  "error.msg.already_linked": "Dit {0} account is al gekoppeld aan een ander account.",
  "error.msg.not_linked": "Dit {0} account is nog aan geen enkel account gekoppeld.",
  "error.msg.unverified_account": "Dit {0} account is nog niet geverifieerd, probeer het opnieuw na de verificatie.",
-  "error.msg.discord_guild_permission_denied": "U heeft geen toestemming om in te loggen.",
+  "error.msg.user_not_allowed": "U heeft geen toestemming om in te loggen.",
  "error.msg.cannot_get_user_info": "Kan uw gebruikersgegevens van dit {0} account niet ophalen.",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
--- a/frontend/src/i18n/translations/pl-PL.ts
+++ b/frontend/src/i18n/translations/pl-PL.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "Wymagane jest uwierzytelnianie dwuetapowe",
  "signIn.notify.totp-required.description": "Wprowadź kod uwierzytelniania dwuetapowego",
  "signIn.oauth.or": "LUB",
+  "signIn.oauth.signInWith": "Sign in with",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "Hasło",
  "admin.config.smtp.password.description": "Hasło serwera SMTP",
  "admin.config.smtp.button.test": "Wyślij testowego e-maila",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
  "admin.config.oauth.allow-registration": "Zezwól na rejestrację",
  "admin.config.oauth.allow-registration.description": "Zezwalaj użytkownikom na rejestrację za pomocą konta społecznościowego",
  "admin.config.oauth.ignore-totp": "Ignoruj TOTP",
  "admin.config.oauth.ignore-totp.description": "Czy zignorować TOTP, kiedy użytkownik loguje się za pomocą konta społecznościowego",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "Czy login na GitHub jest włączony",
  "admin.config.oauth.github-client-id": "ID klienta GitHub",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "Wykrywanie URI OAuth aplikacji OpenID Connect",
  "admin.config.oauth.oidc-username-claim": "Żądanie nazwy użytkownika OpenID Connect",
  "admin.config.oauth.oidc-username-claim.description": "Żądanie nazwy użytkownika w tokenie identyfikatora OpenID Connect. Jeśli nie wiesz, czym jest ta konfiguracja, pozostaw pustą.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
  "admin.config.oauth.oidc-client-id": "Identyfikator klienta OpenID Connect",
  "admin.config.oauth.oidc-client-id.description": "Identyfikator klienta OAuth aplikacji OpenID Connect",
  "admin.config.oauth.oidc-client-secret": "Sekret klienta OpenID Connect",
@@ -402,7 +413,7 @@ export default {
  "error.msg.already_linked": "To konto {0} zostało już połączone z innym kontem.",
  "error.msg.not_linked": "To konto {0} nie zostało jeszcze połączone z żadnym kontem.",
  "error.msg.unverified_account": "To konto {0} nie zostało zweryfikowane, spróbuj ponownie po weryfikacji.",
-  "error.msg.discord_guild_permission_denied": "Nie możesz się zalogować.",
+  "error.msg.user_not_allowed": "Nie możesz się zalogować.",
  "error.msg.cannot_get_user_info": "Nie można uzyskać informacji o użytkowniku z tego konta {0}.",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
--- a/frontend/src/i18n/translations/pt-BR.ts
+++ b/frontend/src/i18n/translations/pt-BR.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "Autenticação de dois fatores necessária",
  "signIn.notify.totp-required.description": "Insira seu código de autenticação de dois fatores",
  "signIn.oauth.or": "OU",
+  "signIn.oauth.signInWith": "Iniciar sessão com",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "Senha",
  "admin.config.smtp.password.description": "Senha do servidor SMTP",
  "admin.config.smtp.button.test": "Enviar email de teste",
+  "admin.config.smtp.allow-unauthorized-certificates": "Confiar em certificados de servidor SMTP não autorizados",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Apenas defina isso como verdadeiro se você precisar confiar nos certificados auto-assinados.",
  "admin.config.oauth.allow-registration": "Permitir registro",
  "admin.config.oauth.allow-registration.description": "Permitir que os usuários se registrem através do login de redes sociais",
  "admin.config.oauth.ignore-totp": "Ignorar TOTP",
  "admin.config.oauth.ignore-totp.description": "Ignorar o TOTP quando usuário usando login social",
+  "admin.config.oauth.disable-password": "Desativar login por senha",
+  "admin.config.oauth.disable-password.description": "Se deseja desativar o login por senha\nCertifique-se de que um provedor OAuth está configurado corretamente antes de ativar essa configuração para evitar ser bloqueado.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "Se o login GitHub está habilitado",
  "admin.config.oauth.github-client-id": "Client ID do GitHub",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "URI da descoberta do aplicativo OpenID Connect OAuth",
  "admin.config.oauth.oidc-username-claim": "Reivindicação de nome de usuário OpenID Connect",
  "admin.config.oauth.oidc-username-claim.description": "Nome de usuário no token de ID OpenID Connect. Deixe em branco se você não sabe o que é esta configuração.",
+  "admin.config.oauth.oidc-role-path": "Caminho para as funções no token OpenID Connect",
+  "admin.config.oauth.oidc-role-path.description": "Deve ser um caminho JMES válido, fazendo referência a uma matriz de funções. " + "Gerenciar direitos de acesso usando as funções OpenID Connect só é recomendado se nenhum outro provedor de identidade for configurado e o login por senha for desativado. " + "Deixe em branco se você não sabe o que é esta configuração.",
+  "admin.config.oauth.oidc-role-general-access": "Função OpenID Connect para acesso geral",
+  "admin.config.oauth.oidc-role-general-access.description": "Função necessária para acesso geral. Deve estar presente nas funções de um usuário para que ele faça o login. " + "Deixe em branco se você não sabe o que é esta configuração.",
+  "admin.config.oauth.oidc-role-admin-access": "Função OpenID Connect para acesso de administrador",
+  "admin.config.oauth.oidc-role-admin-access.description": "Função necessária para acesso administrativo. Deve estar presente nos papéis de um usuário para ele acessar o painel de administração. " + "Deixe em branco se você não sabe o que é esta configuração.",
  "admin.config.oauth.oidc-client-id": "ID do cliente OpenID Connect",
  "admin.config.oauth.oidc-client-id.description": "ID do cliente do aplicativo OpenID OAuth",
  "admin.config.oauth.oidc-client-secret": "Segredo do cliente OpenID Connect",
@@ -402,7 +413,7 @@ export default {
  "error.msg.already_linked": "Esta conta {0} já está vinculada a outra conta.",
  "error.msg.not_linked": "Esta conta {0} ainda não foi vinculada a nenhuma conta.",
  "error.msg.unverified_account": "Esta conta {0} não foi verificada, tente novamente após a verificação.",
-  "error.msg.discord_guild_permission_denied": "Você não tem permissão para acessar.",
+  "error.msg.user_not_allowed": "Você não tem permissão para acessar.",
  "error.msg.cannot_get_user_info": "Não é possível obter suas informações de usuário desta conta {0}.",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
--- a/frontend/src/i18n/translations/ru-RU.ts
+++ b/frontend/src/i18n/translations/ru-RU.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "Требуется двухфакторная аутентификация",
  "signIn.notify.totp-required.description": "Пожалуйста, введите код Вашей 2-х факторной аутентификации",
  "signIn.oauth.or": "ИЛИ",
+  "signIn.oauth.signInWith": "Sign in with",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "Пароль",
  "admin.config.smtp.password.description": "Пароль SMTP-сервера",
  "admin.config.smtp.button.test": "Отправить тестовое письмо",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
  "admin.config.oauth.allow-registration": "Разрешить регистрацию",
  "admin.config.oauth.allow-registration.description": "Разрешить пользователям регистрироваться используя учетные записи социальных сетей",
  "admin.config.oauth.ignore-totp": "Игнорировать TOTP",
  "admin.config.oauth.ignore-totp.description": "Игнорировать TOTP при использовании социальной авторизации",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "Включен ли логин на GitHub",
  "admin.config.oauth.github-client-id": "ID клиента GitHub",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
  "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
  "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
  "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
  "admin.config.oauth.oidc-client-id.description": "Client ID of the OpenID Connect OAuth app",
  "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
@@ -402,7 +413,7 @@ export default {
  "error.msg.already_linked": "Эта учетная запись {0} уже привязана к другому аккаунту.",
  "error.msg.not_linked": "Эта учетная запись {0} ещё не привязана ни к одному аккаунту.",
  "error.msg.unverified_account": "Эта учетная запись {0} не подтверждена, повторите попытку после подтверждения.",
-  "error.msg.discord_guild_permission_denied": "У вас нет разрешения на вход.",
+  "error.msg.user_not_allowed": "У вас нет разрешения на вход.",
  "error.msg.cannot_get_user_info": "Can not get your user info from this {0} account.",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
--- a/frontend/src/i18n/translations/sl-SI.ts
+++ b/frontend/src/i18n/translations/sl-SI.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "Zahtevana je dvofaktorska avtentikacija",
  "signIn.notify.totp-required.description": "Prosim vnesite vašo kodo dvofaktorske avtentikacije",
  "signIn.oauth.or": "ALI",
+  "signIn.oauth.signInWith": "Sign in with",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "Geslo",
  "admin.config.smtp.password.description": "Geslo SMTP strežnika",
  "admin.config.smtp.button.test": "Pošlji testno sporočilo",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
  "admin.config.oauth.allow-registration": "Dovoli registracijo",
  "admin.config.oauth.allow-registration.description": "Dovoli registracijo uporabnika prek družbenih omrežij",
  "admin.config.oauth.ignore-totp": "Ignoriraj TOTP",
  "admin.config.oauth.ignore-totp.description": "Če ignorirati TOTP, ko se uporabnik registrira prek družbenih omrežij",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "Če je dovoljena prijava z GitHub računom",
  "admin.config.oauth.github-client-id": "GitHub ID klienta",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "URI za odkrivanje OpenID Connect OAuth aplikacije",
  "admin.config.oauth.oidc-username-claim": "OpenID Connect zahteva za uporabniško ime",
  "admin.config.oauth.oidc-username-claim.description": "Zahteva za uporabniško ime za OpenID Connect ID žetona. Pustite prazno, če ne poznate te nastavitve.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
  "admin.config.oauth.oidc-client-id": "OpenID Connect ID klienta",
  "admin.config.oauth.oidc-client-id.description": "ID Klienta OpenID Connect OAuth aplikacije",
  "admin.config.oauth.oidc-client-secret": "OpenID Connect skrivnost klienta",
@@ -402,7 +413,7 @@ export default {
  "error.msg.already_linked": "Račun {0} je že povezan na drug račun.",
  "error.msg.not_linked": "Račun {0} še ni povezan z nobenim računom.",
  "error.msg.unverified_account": "Račun {0} je nepreverjen, prosimo poskusite ponovno po preverjanju.",
-  "error.msg.discord_guild_permission_denied": "Nimate dovoljenja za prijavo.",
+  "error.msg.user_not_allowed": "Nimate dovoljenja za prijavo.",
  "error.msg.cannot_get_user_info": "Ne moremo najti uporabniških informacij za račun {0}.",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
--- a/frontend/src/i18n/translations/sr-SP.ts
+++ b/frontend/src/i18n/translations/sr-SP.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "Потребна је двофакторска аутентификација",
  "signIn.notify.totp-required.description": "Унесите свој двофакторски код за аутентификацију",
  "signIn.oauth.or": "Или",
+  "signIn.oauth.signInWith": "Sign in with",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "Лозинка",
  "admin.config.smtp.password.description": "Лозинка SMTP сервера",
  "admin.config.smtp.button.test": "Пошаљи тестну е-пошту",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
  "admin.config.oauth.allow-registration": "Дозволи регистрацију",
  "admin.config.oauth.allow-registration.description": "Дозволите корисницима да се региструју путем друштвене пријаве",
  "admin.config.oauth.ignore-totp": "Занемари ТОТП",
  "admin.config.oauth.ignore-totp.description": "Да ли да игноришете ТОТП када корисник користи пријаву на друштвеним мрежама",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "Да ли је пријављивање на GitHub омогућено",
  "admin.config.oauth.github-client-id": "GitHub ИД клијента",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
  "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
  "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
  "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
  "admin.config.oauth.oidc-client-id.description": "Client ID of the OpenID Connect OAuth app",
  "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
@@ -402,7 +413,7 @@ export default {
  "error.msg.already_linked": "Овај {0} налог је већ повезан са другим налогом.",
  "error.msg.not_linked": "Овај {0} налог још увек није повезан ни са једним налогом.",
  "error.msg.unverified_account": "This {0} account is unverified, please try again after verification.",
-  "error.msg.discord_guild_permission_denied": "You are not allowed to sign in.",
+  "error.msg.user_not_allowed": "You are not allowed to sign in.",
  "error.msg.cannot_get_user_info": "Can not get your user info from this {0} account.",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
--- a/frontend/src/i18n/translations/sv-SE.ts
+++ b/frontend/src/i18n/translations/sv-SE.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "Tvåfaktorsautentisering krävs",
  "signIn.notify.totp-required.description": "Vänligen ange din tvåfaktorsautentiseringskod",
  "signIn.oauth.or": "ELLER",
+  "signIn.oauth.signInWith": "Sign in with",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "Lösenord",
  "admin.config.smtp.password.description": "Lösenord för SMTP-servern",
  "admin.config.smtp.button.test": "Skicka testmeddelande",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
  "admin.config.oauth.allow-registration": "Tillåt registrering",
  "admin.config.oauth.allow-registration.description": "Tillåt användare att registrera sig via social inloggning",
  "admin.config.oauth.ignore-totp": "Ignorera TOTP",
  "admin.config.oauth.ignore-totp.description": "Om du vill ignorera TOTP när användaren använder social inloggning",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "Om GitHub-inloggning är aktiverad",
  "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI för OpenID Connect OAuth appen",
  "admin.config.oauth.oidc-username-claim": "OpenID Connect användarnamnsanspråk",
  "admin.config.oauth.oidc-username-claim.description": "Användarnamnsanspråk i OpenID Connect ID token. Lämna tomt om du inte vet vad denna konfiguration är.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
  "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
  "admin.config.oauth.oidc-client-id.description": "Client ID för OpenID OAuth",
  "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
@@ -402,7 +413,7 @@ export default {
  "error.msg.already_linked": "Detta {0} konto är redan länkat till ett annat konto.",
  "error.msg.not_linked": "Detta {0} konto har ännu inte länkat till något konto.",
  "error.msg.unverified_account": "Detta {0} -konto är overifierat, försök igen efter verifiering.",
-  "error.msg.discord_guild_permission_denied": "Du är inte tillåten att logga in.",
+  "error.msg.user_not_allowed": "Du är inte tillåten att logga in.",
  "error.msg.cannot_get_user_info": "Kan inte hämta din användarinformation från detta {0} konto.",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
--- a/frontend/src/i18n/translations/th-TH.ts
+++ b/frontend/src/i18n/translations/th-TH.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "ยืนยันตรวจสอบสิทธิ์สองปัจจัย",
  "signIn.notify.totp-required.description": "กรุณาใส่รหัสยืนยันตัวตนสองปัจจัย",
  "signIn.oauth.or": "OR",
+  "signIn.oauth.signInWith": "Sign in with",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "รหัสผ่าน",
  "admin.config.smtp.password.description": "รหัสผ่านของเซิร์ฟเวอร์ SMTP",
  "admin.config.smtp.button.test": "ส่งอีเมล์์์์์์ทดสอบ",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
  "admin.config.oauth.allow-registration": "Allow registration",
  "admin.config.oauth.allow-registration.description": "Allow users to register via social login",
  "admin.config.oauth.ignore-totp": "Ignore TOTP",
  "admin.config.oauth.ignore-totp.description": "Whether to ignore TOTP when user using social login",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "Whether GitHub login is enabled",
  "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
  "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
  "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
  "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
  "admin.config.oauth.oidc-client-id.description": "Client ID of the OpenID Connect OAuth app",
  "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
@@ -402,7 +413,7 @@ export default {
  "error.msg.already_linked": "This {0} account is already linked to another account.",
  "error.msg.not_linked": "This {0} account haven't linked to any account yet.",
  "error.msg.unverified_account": "This {0} account is unverified, please try again after verification.",
-  "error.msg.discord_guild_permission_denied": "You are not allowed to sign in.",
+  "error.msg.user_not_allowed": "You are not allowed to sign in.",
  "error.msg.cannot_get_user_info": "Can not get your user info from this {0} account.",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
--- a/frontend/src/i18n/translations/tr-TR.ts
+++ b/frontend/src/i18n/translations/tr-TR.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "İki faktörlü kimlik doğrulama gerekli",
  "signIn.notify.totp-required.description": "Lütfen iki faktörlü doğrulama kodunuzu girin",
  "signIn.oauth.or": "YA DA",
+  "signIn.oauth.signInWith": "Sign in with",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "Şifre",
  "admin.config.smtp.password.description": "SMTP sunucusunun şifresi",
  "admin.config.smtp.button.test": "Test e-postası gönder",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
  "admin.config.oauth.allow-registration": "Kayıtlara izin ver",
  "admin.config.oauth.allow-registration.description": "Sosyal Medya kayıtlarına izin verilip verilmeyeceği",
  "admin.config.oauth.ignore-totp": "2FA görmezden gel",
  "admin.config.oauth.ignore-totp.description": "Sosyal Medya ile giriş yapıldıktıktan sonra 2FA görmezden gelinip gelinmeyeceği",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "GitHub girişine izin verilip verilmeyeceği",
  "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "OpenID Connect OAuth uygulamasının Keşfetme URI'si",
  "admin.config.oauth.oidc-username-claim": "OpenID Connect kullanıcı adı sahiplenme",
  "admin.config.oauth.oidc-username-claim.description": "OpenID Connect ID belirtecinde kullanıcı adı sahiplenme. Bu yapılandırmanın ne olduğunu bilmiyorsanız boş bırakın.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
  "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
  "admin.config.oauth.oidc-client-id.description": "OpenID Connect OAuth uygulamasının Client ID'si",
  "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
@@ -402,7 +413,7 @@ export default {
  "error.msg.already_linked": "Bu {0} hesabı zaten başka bir hesaba bağlı.",
  "error.msg.not_linked": "Bu {0} hesabı henüz bir hesaba bağlı değil.",
  "error.msg.unverified_account": "Bu {0} hesabı doğrulanmamış, lütfen doğruladıktan sonra yeniden dene.",
-  "error.msg.discord_guild_permission_denied": "Giriş yapmana izin verilmiyor.",
+  "error.msg.user_not_allowed": "Giriş yapmana izin verilmiyor.",
  "error.msg.cannot_get_user_info": "Bu {0} hesabından kullanıcı bilgilerinizi alamıyorum.",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
--- a/frontend/src/i18n/translations/uk-UA.ts
+++ b/frontend/src/i18n/translations/uk-UA.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "Потрібна двофакторна аутентифікація",
  "signIn.notify.totp-required.description": "Будь ласка, введіть код Вашої 2-х факторної аутентифікації",
  "signIn.oauth.or": "АБО",
+  "signIn.oauth.signInWith": "Sign in with",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "Пароль",
  "admin.config.smtp.password.description": "Пароль SMTP-сервера",
  "admin.config.smtp.button.test": "Відправити тестовий лист",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
  "admin.config.oauth.allow-registration": "Дозволити реєстрацію",
  "admin.config.oauth.allow-registration.description": "Дозволити користувачам реєструватися, використовуючи облікові записи соціальних мереж",
  "admin.config.oauth.ignore-totp": "Ігнорувати TOTP",
  "admin.config.oauth.ignore-totp.description": "Ігнорувати TOTP при використанні соціальної авторизації",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "Чи ввімкнено логін на GitHub",
  "admin.config.oauth.github-client-id": "ID клієнта GitHub",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "URI Discovery URI додатка OpenID Connect OAuth",
  "admin.config.oauth.oidc-username-claim": "Заява на ім'я користувача OpenID Connect",
  "admin.config.oauth.oidc-username-claim.description": "Заява про ім'я користувача в токені OpenID Connect ID. Залиште порожнім, якщо не знаєте, що це за конфіг.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
  "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
  "admin.config.oauth.oidc-client-id.description": "Клієнтський ідентифікатор додатка OpenID Connect OAuth",
  "admin.config.oauth.oidc-client-secret": "Секрет клієнта OpenID Connect",
@@ -402,7 +413,7 @@ export default {
  "error.msg.already_linked": "Цей обліковий запис {0} уже прив'язано до іншого акаунта.",
  "error.msg.not_linked": "Цей обліковий запис {0} ще не прив'язаний до жодного акаунту.",
  "error.msg.unverified_account": "Цей обліковий запис {0} не підтверджено, повторіть спробу після підтвердження.",
-  "error.msg.discord_guild_permission_denied": "У вас немає дозволу на вхід.",
+  "error.msg.user_not_allowed": "У вас немає дозволу на вхід.",
  "error.msg.cannot_get_user_info": "Не вдається отримати інфу про користувача з цього {0} облікового запису.",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
--- a/frontend/src/i18n/translations/zh-CN.ts
+++ b/frontend/src/i18n/translations/zh-CN.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "请继续两步验证",
  "signIn.notify.totp-required.description": "请输入一次性验证码",
  "signIn.oauth.or": "或",
+  "signIn.oauth.signInWith": "Sign in with",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "谷歌",
  "signIn.oauth.microsoft": "Microsoft",
@@ -151,6 +152,12 @@ export default {
  "account.reverseShares.modal.max-size.label": "共享文件上限",
  "account.reverseShares.modal.send-email": "发送邮件提醒",
  "account.reverseShares.modal.send-email.description": "当这个预留共享链接被用于共享时，发送邮件提醒",
+  "account.reverseShares.modal.simplified": "简单模式",
+  "account.reverseShares.modal.simplified.description":
+    "让上传者更轻松地与你共享文件，他们仅能自定义共享的名称和描述。",
+  "account.reverseShares.modal.public-access": "公开访问",
+  "account.reverseShares.modal.public-access.description":
+    "让通过这个预留共享创建共享能被公开访问。如果禁用，将只有您和创建者能够访问。",
  "account.reverseShares.modal.max-use.label": "最大使用次数",
  "account.reverseShares.modal.max-use.description": "这个预留共享链接可被用于创建共享的最大使用次数",
  "account.reverseShare.never-expires": "这个预留共享永不过期",
@@ -254,6 +261,7 @@ export default {
  "upload.modal.completed.never-expires": "这个共享永不过期",
  "upload.modal.completed.expires-on": "这个共享将过期于 {expiration}.",
  "upload.modal.completed.share-ready": "共享创建完毕",
+  "upload.modal.completed.notified-reverse-share-creator": "我们已经通知预留共享的创建者。您也可以通过其他方式将该链接手动分享给他们。",
  // END /upload
  // /share/[id]
  "share.title": "共享 {shareId}",
@@ -263,6 +271,8 @@ export default {
  "share.error.removed.title": "共享已删除",
  "share.error.not-found.title": "共享未找到",
  "share.error.not-found.description": "共享文件走丢了",
+  "share.error.access-denied.title": "私有共享",
+  "share.error.access-denied.description": "当前账户没有权限访问此共享",
  "share.modal.password.title": "需要密码",
  "share.modal.password.description": "请输入密码来访问此共享",
  "share.modal.password": "密码",
@@ -344,10 +354,14 @@ export default {
  "admin.config.smtp.password": "密码",
  "admin.config.smtp.password.description": "SMTP 主机密码",
  "admin.config.smtp.button.test": "发送测试邮件",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
  "admin.config.oauth.allow-registration": "允许注册",
  "admin.config.oauth.allow-registration.description": "允许用户通过登录社交账号来注册",
  "admin.config.oauth.ignore-totp": "忽略两步验证",
  "admin.config.oauth.ignore-totp.description": "用户通过社交账号登录时是否忽略两步验证",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "是否启用 GitHub 账号登录",
  "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,6 +396,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "OpenID Connect OAuth App 的 Discovery URI",
  "admin.config.oauth.oidc-username-claim": "OpenID Connect 用户名请求",
  "admin.config.oauth.oidc-username-claim.description": "OpenID Connect ID token 中的用户名请求。如果您不知道这项配置是什么，请留空。",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
  "admin.config.oauth.oidc-client-id": "OpenID Connect 的 Client ID",
  "admin.config.oauth.oidc-client-id.description": "OpenID Connect OAuth App 的 Client ID",
  "admin.config.oauth.oidc-client-secret": "OpenID Connect 的 Client secret",
@@ -402,7 +422,7 @@ export default {
  "error.msg.already_linked": "{0} 这个账户已经关联到另一个账号。",
  "error.msg.not_linked": "{0} 这个账户尚未关联到任何账号。",
  "error.msg.unverified_account": "{0} 这个账户尚未验证，请在验证后重试。",
-  "error.msg.discord_guild_permission_denied": "您无权登录。",
+  "error.msg.user_not_allowed": "您无权登录。",
  "error.msg.cannot_get_user_info": "无法从 {0} 这个账户获取您的用户信息。",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "谷歌",
--- a/frontend/src/i18n/translations/zh-TW.ts
+++ b/frontend/src/i18n/translations/zh-TW.ts
@@ -34,6 +34,7 @@ export default {
  "signIn.notify.totp-required.title": "請繼續兩步驗證",
  "signIn.notify.totp-required.description": "請輸入一次性驗證碼",
  "signIn.oauth.or": "OR",
+  "signIn.oauth.signInWith": "Sign in with",
  "signIn.oauth.github": "GitHub",
  "signIn.oauth.google": "Google",
  "signIn.oauth.microsoft": "Microsoft",
@@ -344,10 +345,14 @@ export default {
  "admin.config.smtp.password": "密碼",
  "admin.config.smtp.password.description": "SMTP 主機密碼",
  "admin.config.smtp.button.test": "發送測試Email",
+  "admin.config.smtp.allow-unauthorized-certificates": "Trust unauthorized SMTP server certificates",
+  "admin.config.smtp.allow-unauthorized-certificates.description": "Only set this to true if you need to trust self signed certificates.",
  "admin.config.oauth.allow-registration": "允許註冊",
  "admin.config.oauth.allow-registration.description": "允許使用者以第三方登入註冊",
  "admin.config.oauth.ignore-totp": "略過 TOTP",
  "admin.config.oauth.ignore-totp.description": "當使用者使用第三方登入時，略過 TOTP 驗證",
+  "admin.config.oauth.disable-password": "Disable password login",
+  "admin.config.oauth.disable-password.description": "Whether to disable password login\nMake sure that an OAuth provider is properly configured before activating this configuration to avoid being locked out.",
  "admin.config.oauth.github-enabled": "GitHub",
  "admin.config.oauth.github-enabled.description": "啟用 Github 登入",
  "admin.config.oauth.github-client-id": "GitHub Client ID",
@@ -382,6 +387,12 @@ export default {
  "admin.config.oauth.oidc-discovery-uri.description": "Discovery URI of the OpenID Connect OAuth app",
  "admin.config.oauth.oidc-username-claim": "OpenID Connect username claim",
  "admin.config.oauth.oidc-username-claim.description": "Username claim in OpenID Connect ID token. Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-path": "Path to roles in OpenID Connect token",
+  "admin.config.oauth.oidc-role-path.description": "Must be a valid JMES path referencing an array of roles. " + "Managing access rights using OpenID Connect roles is only recommended if no other identity provider is configured and password login is disabled. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-general-access": "OpenID Connect role for general access",
+  "admin.config.oauth.oidc-role-general-access.description": "Role required for general access. Must be present in a user’s roles for them to log in. " + "Leave it blank if you don't know what this config is.",
+  "admin.config.oauth.oidc-role-admin-access": "OpenID Connect role for admin access",
+  "admin.config.oauth.oidc-role-admin-access.description": "Role required for administrative access. Must be present in a user’s roles for them to access the admin panel. " + "Leave it blank if you don't know what this config is.",
  "admin.config.oauth.oidc-client-id": "OpenID Connect Client ID",
  "admin.config.oauth.oidc-client-id.description": "Client ID of the OpenID Connect OAuth app",
  "admin.config.oauth.oidc-client-secret": "OpenID Connect Client secret",
@@ -402,7 +413,7 @@ export default {
  "error.msg.already_linked": "此 {0} 帳號已與另一個帳號關聯。",
  "error.msg.not_linked": "此 {0} 帳號尚未關聯到任何帳號。",
  "error.msg.unverified_account": "This {0} account is unverified, please try again after verification.",
-  "error.msg.discord_guild_permission_denied": "You are not allowed to sign in.",
+  "error.msg.user_not_allowed": "You are not allowed to sign in.",
  "error.msg.cannot_get_user_info": "Can not get your user info from this {0} account.",
  "error.param.provider_github": "GitHub",
  "error.param.provider_google": "Google",
--- a/frontend/src/pages/share/[shareId]/edit.tsx
+++ b/frontend/src/pages/share/[shareId]/edit.tsx
@@ -43,6 +43,12 @@ const Share = ({ shareId }: { shareId: string }) => {
              t("share.error.not-found.description"),
            );
          }
+        } else if (e.response.status == 403 && error == "share_removed") {
+          showErrorModal(
+            modals,
+            t("share.error.access-denied.title"),
+            t("share.error.access-denied.description"),
+          );
        } else {
          showErrorModal(modals, t("common.error"), t("common.error.unknown"));
        }
--- a/frontend/src/pages/share/[shareId]/index.tsx
+++ b/frontend/src/pages/share/[shareId]/index.tsx
@@ -69,6 +69,12 @@ const Share = ({ shareId }: { shareId: string }) => {
              "go-home",
            );
          }
+        } else if (e.response.status == 403 && error == "private_share") {
+          showErrorModal(
+            modals,
+            t("share.error.access-denied.title"),
+            t("share.error.access-denied.description"),
+          );
        } else if (error == "share_password_required") {
          showEnterPasswordModal(modals, getShareToken);
        } else if (error == "share_token_required") {
--- a/frontend/src/pages/upload/[reverseShareToken].tsx
+++ b/frontend/src/pages/upload/[reverseShareToken].tsx
@@ -17,12 +17,14 @@ const Share = ({ reverseShareToken }: { reverseShareToken: string }) => {
  const [isLoading, setIsLoading] = useState(true);

  const [maxShareSize, setMaxShareSize] = useState(0);
+  const [simplified, setSimplified] = useState(false);

  useEffect(() => {
    shareService
      .setReverseShare(reverseShareToken)
      .then((reverseShareTokenData) => {
        setMaxShareSize(parseInt(reverseShareTokenData.maxShareSize));
+        setSimplified(reverseShareTokenData.simplified);
        setIsLoading(false);
      })
      .catch(() => {
@@ -38,7 +40,13 @@ const Share = ({ reverseShareToken }: { reverseShareToken: string }) => {

  if (isLoading) return <LoadingOverlay visible />;

-  return <Upload isReverseShare maxShareSize={maxShareSize} />;
+  return (
+    <Upload
+      isReverseShare
+      maxShareSize={maxShareSize}
+      simplified={simplified}
+    />
+  );
 };

 export default Share;
--- a/frontend/src/pages/upload/index.tsx
+++ b/frontend/src/pages/upload/index.tsx
@@ -25,9 +25,11 @@ let createdShare: Share;
 const Upload = ({
  maxShareSize,
  isReverseShare = false,
+  simplified,
 }: {
  maxShareSize?: number;
  isReverseShare: boolean;
+  simplified: boolean;
 }) => {
  const modals = useModals();
  const t = useTranslate();
@@ -133,6 +135,7 @@ const Upload = ({
        ),
        enableEmailRecepients: config.get("email.enableShareEmailRecipients"),
        maxExpirationInHours: config.get("share.maxExpiration"),
+        simplified,
      },
      files,
      uploadFiles,
--- a/frontend/src/services/share.service.ts
+++ b/frontend/src/services/share.service.ts
@@ -109,6 +109,8 @@ const createReverseShare = async (
  maxShareSize: number,
  maxUseCount: number,
  sendEmailNotification: boolean,
+  simplified: boolean,
+  publicAccess: boolean,
 ) => {
  return (
    await api.post("reverseShares", {
@@ -116,6 +118,8 @@ const createReverseShare = async (
      maxShareSize: maxShareSize.toString(),
      maxUseCount,
      sendEmailNotification,
+      simplified,
+      publicAccess,
    })
  ).data;
 };
--- a/frontend/src/types/share.type.ts
+++ b/frontend/src/types/share.type.ts
@@ -11,6 +11,15 @@ export type Share = {
  hasPassword: boolean;
 };

+export type CompletedShare = Share & {
+  /**
+   * undefined means is not reverse share
+   * true means server was send email to reverse share creator
+   * false means server was not send email to reverse share creator
+   * */
+  notifyReverseShareCreator: boolean | undefined;
+};
+
 export type CreateShare = {
  id: string;
  name?: string;
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
  "name": "pingvin-share",
-  "version": "0.26.0",
+  "version": "0.29.0",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "pingvin-share",
-      "version": "0.26.0",
+      "version": "0.29.0",
      "devDependencies": {
        "conventional-changelog-cli": "^3.0.0"
      }
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
  "name": "pingvin-share",
-  "version": "0.26.0",
+  "version": "0.29.0",
  "scripts": {
    "format": "cd frontend && npm run format && cd ../backend && npm run format",
    "lint": "cd frontend && npm run lint && cd ../backend && npm run lint",
Author	SHA1	Message	Date
Elias Schneider	0a963bfaf1	release: 0.29.0	2024-07-30 08:43:30 +02:00
Elias Schneider	472c93d548	chore: save caddy logs to `caddy.log`	2024-07-30 08:43:11 +02:00
Elias Schneider	93aacca9b4	refactor: run formatter	2024-07-30 08:39:22 +02:00
Elias Schneider	3505669135	chore(translations): update translations via Crowdin (#540 ) * New translations en-us.ts (French) * New translations en-us.ts (Hungarian) * New translations en-us.ts (Japanese) * New translations en-us.ts (Japanese)	2024-07-30 08:27:36 +02:00
Ivan Li	fe735f9704	feat: add more options to reverse shares (#495 ) * feat(reverse-share): optional simplified interface for reverse sharing. issue #155. * chore: Remove useless form validation. * feat: Share Ready modal adds a prompt that an email has been sent to the reverse share creator. * fix: Simplified reverse shared interface elements lack spacing when not logged in. * fix: Share Ready modal prompt contrast is too low in dark mode. * feat: add public access options to reverse share. * feat: remember reverse share simplified and publicAccess options in cookies. * style: npm run format. * chore(i18n): Improve translation. Co-authored-by: Elias Schneider <login@eliasschneider.com> Update frontend/src/i18n/translations/en-US.ts Co-authored-by: Elias Schneider <login@eliasschneider.com> Update frontend/src/i18n/translations/en-US.ts Co-authored-by: Elias Schneider <login@eliasschneider.com> chore(i18n): Improve translation. * chore: Improved variable naming. * chore(i18n): Improve translation. x2. * fix(backend/shares): Misjudged the permission of the share of the reverse share.	2024-07-30 08:26:56 +02:00
Elias Schneider	3563715f57	chore(frontend): remove unused dependency	2024-07-28 16:09:31 +02:00
Elias Schneider	14c2185e6f	Revert "fix: set max age of access token cookie to 15 minutes" This reverts commit `2dac38560b`.	2024-07-27 17:15:20 +02:00
Elias Schneider	27ee9fb6cb	feat: sort share files by name by default	2024-07-25 19:32:00 +02:00
Elias Schneider	601772d2f4	release: 0.28.0	2024-07-22 13:36:54 +02:00
Elias Schneider	0e66be5f08	chore: resolve uncomplete merge conflict	2024-07-22 13:36:41 +02:00
Elias Schneider	4cabcfb715	chore(translations): update translations via Crowdin (#532 ) * New translations en-us.ts (French) * New translations en-us.ts (Spanish) * New translations en-us.ts (Danish) * New translations en-us.ts (German) * New translations en-us.ts (Greek) * New translations en-us.ts (Finnish) * New translations en-us.ts (Hungarian) * New translations en-us.ts (Italian) * New translations en-us.ts (Japanese) * New translations en-us.ts (Korean) * New translations en-us.ts (Polish) * New translations en-us.ts (Russian) * New translations en-us.ts (Slovenian) * New translations en-us.ts (Serbian (Cyrillic)) * New translations en-us.ts (Swedish) * New translations en-us.ts (Ukrainian) * New translations en-us.ts (Chinese Simplified) * New translations en-us.ts (Chinese Traditional) * New translations en-us.ts (Portuguese, Brazilian) * New translations en-us.ts (Thai) * New translations en-us.ts (Dutch, Belgium) * New translations en-us.ts (Arabic, Egypt) * New translations en-us.ts (Turkish) * New translations en-us.ts (Portuguese, Brazilian) * New translations en-us.ts (Italian) * New translations en-us.ts (French) * New translations en-us.ts (Spanish) * New translations en-us.ts (Danish) * New translations en-us.ts (German) * New translations en-us.ts (Greek) * New translations en-us.ts (Finnish) * New translations en-us.ts (Hungarian) * New translations en-us.ts (Italian) * New translations en-us.ts (Japanese) * New translations en-us.ts (Korean) * New translations en-us.ts (Polish) * New translations en-us.ts (Russian) * New translations en-us.ts (Slovenian) * New translations en-us.ts (Serbian (Cyrillic)) * New translations en-us.ts (Swedish) * New translations en-us.ts (Ukrainian) * New translations en-us.ts (Chinese Simplified) * New translations en-us.ts (Chinese Traditional) * New translations en-us.ts (Portuguese, Brazilian) * New translations en-us.ts (Thai) * New translations en-us.ts (Dutch, Belgium) * New translations en-us.ts (Arabic, Egypt) * New translations en-us.ts (Turkish) * New translations en-us.ts (Italian) * New translations en-us.ts (Portuguese, Brazilian) * New translations en-us.ts (Arabic, Egypt)	2024-07-22 11:01:20 +02:00
Maurice Schorn	e5e9d85d39	chore: remove obsolete version from docker compose * compose version tag is not a necessity * adjust default nextjs port * Update docker-compose.yml --------- Co-authored-by: Elias Schneider <login@eliasschneider.com>	2024-07-17 23:26:57 +02:00
Marvin A. Ruder	70fd2d94be	feat(auth): Add role-based access management from OpenID Connect (#535 ) * feat(auth): Add role-based access management from OpenID Connect Signed-off-by: Marvin A. Ruder <signed@mruder.dev> * Apply suggestions from code review Signed-off-by: Marvin A. Ruder <signed@mruder.dev> --------- Signed-off-by: Marvin A. Ruder <signed@mruder.dev>	2024-07-17 23:25:42 +02:00
Elias Schneider	e5a0c649e3	fix: store only 10 share tokens in the cookies and clear the expired ones	2024-07-16 19:17:53 +02:00
Anti-Apple4life	414bcecbb5	chore: fix compile-time errors and warnings in i18n translations (#531 ) * Fix aingle-quote warning in fi-FI.ts * Fix duplicate key in fr-FR.ts	2024-07-11 23:43:15 +02:00
Elias Schneider	968352cb6c	release: 0.27.0	2024-07-11 21:57:37 +02:00
Elias Schneider	355f860387	chore(translations): update translations via Crowdin (#524 ) * New translations en-us.ts (French) * New translations en-us.ts (Spanish) * New translations en-us.ts (Danish) * New translations en-us.ts (German) * New translations en-us.ts (Greek) * New translations en-us.ts (Finnish) * New translations en-us.ts (Hungarian) * New translations en-us.ts (Italian) * New translations en-us.ts (Japanese) * New translations en-us.ts (Korean) * New translations en-us.ts (Polish) * New translations en-us.ts (Russian) * New translations en-us.ts (Slovenian) * New translations en-us.ts (Serbian (Cyrillic)) * New translations en-us.ts (Swedish) * New translations en-us.ts (Ukrainian) * New translations en-us.ts (Chinese Simplified) * New translations en-us.ts (Chinese Traditional) * New translations en-us.ts (Portuguese, Brazilian) * New translations en-us.ts (Thai) * New translations en-us.ts (Dutch, Belgium) * New translations en-us.ts (Arabic, Egypt) * New translations en-us.ts (Turkish) * New translations en-us.ts (Italian) * New translations en-us.ts (Portuguese, Brazilian) * New translations en-us.ts (French) * New translations en-us.ts (French) * New translations en-us.ts (Spanish) * New translations en-us.ts (Danish) * New translations en-us.ts (German) * New translations en-us.ts (Greek) * New translations en-us.ts (Finnish) * New translations en-us.ts (Hungarian) * New translations en-us.ts (Italian) * New translations en-us.ts (Japanese) * New translations en-us.ts (Korean) * New translations en-us.ts (Polish) * New translations en-us.ts (Russian) * New translations en-us.ts (Slovenian) * New translations en-us.ts (Serbian (Cyrillic)) * New translations en-us.ts (Swedish) * New translations en-us.ts (Ukrainian) * New translations en-us.ts (Chinese Simplified) * New translations en-us.ts (Chinese Traditional) * New translations en-us.ts (Portuguese, Brazilian) * New translations en-us.ts (Thai) * New translations en-us.ts (Dutch, Belgium) * New translations en-us.ts (Arabic, Egypt) * New translations en-us.ts (Turkish)	2024-07-11 21:57:08 +02:00
thecrafterjt	083d82c28b	feat(smtp): allow unauthorized mail server certificates (#525 ) * Update config.seed.ts Added Config Option "allowUnauthenticatedCertificates". * Update email.service.ts Now using new Config Option "allowUnauthenticatedCertificates". * Update en-US.ts * Update ar-EG.ts * Update da-DK.ts * Update el-GR.ts * Update es-ES.ts * Update fi-FI.ts * Update fr-FR.ts * Update hu-HU.ts * Update it-IT.ts * Update ja-JP.ts * Update ko-KR.ts * Update nl-BE.ts * Update pl-PL.ts * Update pt-BR.ts * Update ru-RU.ts * Update sl-SI.ts * Update sr-SP.ts * Update sv-SE.ts * Update th-TH.ts * Update tr-TR.ts * Update uk-UA.ts * Update zh-CN.ts * Update zh-TW.ts * Update config.seed.ts * Update email.service.ts * Update de-DE.ts * Add files via upload rename allow-unauthenticated-certificates to allow-unauthorized-certificates * Add files via upload rename allowUnauthenticatedCertificates to allowUnauthorizedCertificates * Add files via upload rename allowUnauthenticatedCertificates to allowUnauthorizedCertificates * rename "unauthenticated" to "unauthorized" * refactor: run formatter --------- Co-authored-by: Elias Schneider <login@eliasschneider.com>	2024-07-11 21:50:09 +02:00
Elias Schneider	046c630abf	Merge branches 'main' and 'main' of https://github.com/stonith404/pingvin-share	2024-07-10 18:39:53 +02:00
Elias Schneider	d2bfb9a55f	feat: add logs for successful registration, successful login and failed login	2024-07-10 18:39:47 +02:00
Elias Schneider	fccf57e9e4	chore(translations): update translations via Crowdin (#520 ) * New translations en-us.ts (Hungarian) * New translations en-us.ts (Korean)	2024-07-07 23:08:28 +02:00
Marvin A. Ruder	e1a68f75f7	feat(auth): Allow to hide username / password login form when OAuth is enabled (#518 ) * 🚀 Feature: Allow to hide username / password login form when OAuth is enabled * Hide “Sign in” password form * Disable routes related to password authentication * Change styling of OAuth provider buttons * Open OAuth page in same tab * Fix consistent usage of informal language in de-DE locale Fixes #489 Signed-off-by: Marvin A. Ruder <signed@mruder.dev> * fix: order of new config variables --------- Signed-off-by: Marvin A. Ruder <signed@mruder.dev> Co-authored-by: Elias Schneider <login@eliasschneider.com>	2024-07-07 23:08:14 +02:00