fix(login): use label policy settings for favicon, translate titles (#4641)

* fix: render favicon from label policy * translate main title * translation * i18n * i18n * i18nkey * rm attr * select user title * Add description meta * Update internal/api/ui/login/mfa_init_verify_handler.go Co-authored-by: Livio Spring <livio.a@gmail.com> * Update internal/api/ui/login/renderer.go Co-authored-by: Livio Spring <livio.a@gmail.com> * merge ifs * use errors.internal * check for i18ndescriptionkey * missing i18n Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-02-28 16:07:24 +00:00 · 2022-11-07 09:55:12 +01:00 · 2022-11-07 09:55:12 +01:00 · b432cf4963
commit b432cf4963
parent 5c807a0660
34 changed files with 127 additions and 67 deletions
--- a/internal/api/ui/login/change_password_handler.go
+++ b/internal/api/ui/login/change_password_handler.go
@ -40,8 +40,9 @@ func (l *Login) renderChangePassword(w http.ResponseWriter, r *http.Request, aut
 	if err != nil {
 		errID, errMessage = l.getErrorMessage(r, err)
 	}
+	translator := l.getTranslator(r.Context(), authReq)
 	data := passwordData{
-		baseData:    l.getBaseData(r, authReq, "Change Password", errID, errMessage),
+		baseData:    l.getBaseData(r, authReq, "PasswordChange.Title","PasswordChange.Description", errID, errMessage),
 		profileData: l.getProfileData(authReq),
 	}
 	policy := l.getPasswordComplexityPolicy(r, authReq.UserOrgID)
@ -60,12 +61,12 @@ func (l *Login) renderChangePassword(w http.ResponseWriter, r *http.Request, aut
 			data.HasNumber = NumberRegex
 		}
 	}
-	translator := l.getTranslator(r.Context(), authReq)
 	l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplChangePassword], data, nil)
 }

 func (l *Login) renderChangePasswordDone(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest) {
 	var errType, errMessage string
-	data := l.getUserData(r, authReq, "Password Change Done", errType, errMessage)
-	l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplChangePasswordDone], data, nil)
+	translator := l.getTranslator(r.Context(), authReq)
+	data := l.getUserData(r, authReq, "PasswordChange.Title","PasswordChange.Description", errType, errMessage)
+	l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplChangePasswordDone], data, nil)
 }
--- a/internal/api/ui/login/external_login_handler.go
+++ b/internal/api/ui/login/external_login_handler.go
@ -287,8 +287,9 @@ func (l *Login) renderExternalNotFoundOption(w http.ResponseWriter, r *http.Requ
 		return
 	}

+	translator := l.getTranslator(r.Context(), authReq)
 	data := externalNotFoundOptionData{
-		baseData: l.getBaseData(r, authReq, "ExternalNotFoundOption", errID, errMessage),
+		baseData: l.getBaseData(r, authReq, "ExternalNotFound.Title", "ExternalNotFound.Description", errID, errMessage),
 		externalNotFoundOptionFormData: externalNotFoundOptionFormData{
 			externalRegisterFormData: externalRegisterFormData{
 				Email:     human.EmailAddress,
@ -313,7 +314,6 @@ func (l *Login) renderExternalNotFoundOption(w http.ResponseWriter, r *http.Requ
 		data.ExternalPhone = human.PhoneNumber
 		data.ExternalPhoneVerified = human.IsPhoneVerified
 	}
-	translator := l.getTranslator(r.Context(), authReq)
 	l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplExternalNotFoundOption], data, nil)
 }

--- a/internal/api/ui/login/external_register_handler.go
+++ b/internal/api/ui/login/external_register_handler.go
@ -179,8 +179,9 @@ func (l *Login) renderExternalRegisterOverview(w http.ResponseWriter, r *http.Re
 		errID, errMessage = l.getErrorMessage(r, err)
 	}

+	translator := l.getTranslator(r.Context(), authReq)
 	data := externalRegisterData{
-		baseData: l.getBaseData(r, authReq, "ExternalRegisterOverview", errID, errMessage),
+		baseData: l.getBaseData(r, authReq, "ExternalRegistrationUserOverview.Title", "ExternalRegistrationUserOverview.Description", errID, errMessage),
 		externalRegisterFormData: externalRegisterFormData{
 			Email:     human.EmailAddress,
 			Username:  human.Username,
@ -203,7 +204,6 @@ func (l *Login) renderExternalRegisterOverview(w http.ResponseWriter, r *http.Re
 		data.ExternalPhone = human.PhoneNumber
 		data.ExternalPhoneVerified = human.IsPhoneVerified
 	}
-	translator := l.getTranslator(r.Context(), authReq)
 	l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplExternalRegisterOverview], data, nil)
 }

--- a/internal/api/ui/login/init_password_handler.go
+++ b/internal/api/ui/login/init_password_handler.go
@ -123,8 +123,11 @@ func (l *Login) renderInitPassword(w http.ResponseWriter, r *http.Request, authR
 	if userID == "" && authReq != nil {
 		userID = authReq.UserID
 	}
+
+	translator := l.getTranslator(r.Context(), authReq)
+
 	data := initPasswordData{
-		baseData:    l.getBaseData(r, authReq, "Init Password", errID, errMessage),
+		baseData:    l.getBaseData(r, authReq, "InitPassword.Title","InitPassword.Description", errID, errMessage),
 		profileData: l.getProfileData(authReq),
 		UserID:      userID,
 		Code:        code,
@ -145,7 +148,6 @@ func (l *Login) renderInitPassword(w http.ResponseWriter, r *http.Request, authR
 			data.HasNumber = NumberRegex
 		}
 	}
-	translator := l.getTranslator(r.Context(), authReq)
 	if authReq == nil {
 		user, err := l.query.GetUserByID(r.Context(), false, userID)
 		if err == nil {
@ -156,7 +158,7 @@ func (l *Login) renderInitPassword(w http.ResponseWriter, r *http.Request, authR
 }

 func (l *Login) renderInitPasswordDone(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, orgID string) {
-	data := l.getUserData(r, authReq, "Password Init Done", "", "")
+	data := l.getUserData(r, authReq, "InitPasswordDone.Title", "InitPasswordDone.Description", "", "")
 	translator := l.getTranslator(r.Context(), authReq)
 	if authReq == nil {
 		l.customTexts(r.Context(), translator, orgID)
--- a/internal/api/ui/login/init_user_handler.go
+++ b/internal/api/ui/login/init_user_handler.go
@ -115,8 +115,10 @@ func (l *Login) renderInitUser(w http.ResponseWriter, r *http.Request, authReq *
 	if authReq != nil {
 		userID = authReq.UserID
 	}
+
+	translator := l.getTranslator(r.Context(), authReq)
 	data := initUserData{
-		baseData:    l.getBaseData(r, authReq, "Init User", errID, errMessage),
+		baseData:    l.getBaseData(r, authReq, "InitUser.Title", "InitUser.Description", errID, errMessage),
 		profileData: l.getProfileData(authReq),
 		UserID:      userID,
 		LoginName:   loginName,
@ -139,7 +141,6 @@ func (l *Login) renderInitUser(w http.ResponseWriter, r *http.Request, authReq *
 			data.HasNumber = NumberRegex
 		}
 	}
-	translator := l.getTranslator(r.Context(), authReq)
 	if authReq == nil {
 		user, err := l.query.GetUserByID(r.Context(), false, userID)
 		if err == nil {
@ -150,7 +151,7 @@ func (l *Login) renderInitUser(w http.ResponseWriter, r *http.Request, authReq *
 }

 func (l *Login) renderInitUserDone(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, orgID string) {
-	data := l.getUserData(r, authReq, "User Init Done", "", "")
+	data := l.getUserData(r, authReq,"InitUserDone.Title" ,"InitUserDone.Description", "", "")
 	translator := l.getTranslator(r.Context(), authReq)
 	if authReq == nil {
 		l.customTexts(r.Context(), translator, orgID)
--- a/internal/api/ui/login/link_users_handler.go
+++ b/internal/api/ui/login/link_users_handler.go
@ -19,6 +19,6 @@ func (l *Login) linkUsers(w http.ResponseWriter, r *http.Request, authReq *domai

 func (l *Login) renderLinkUsersDone(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, err error) {
 	var errType, errMessage string
-	data := l.getUserData(r, authReq, "Linking Users Done", errType, errMessage)
+	data := l.getUserData(r, authReq, "LinkingUsersDone.Title", "LinkingUsersDone.Description", errType, errMessage)
 	l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplLinkUsersDone], data, nil)
 }
--- a/internal/api/ui/login/login_handler.go
+++ b/internal/api/ui/login/login_handler.go
@ -99,7 +99,7 @@ func (l *Login) renderLogin(w http.ResponseWriter, r *http.Request, authReq *dom
 		l.handleIDP(w, r, authReq, authReq.AllowedExternalIDPs[0].IDPConfigID)
 		return
 	}
-	data := l.getUserData(r, authReq, "Login", errID, errMessage)
+	data := l.getUserData(r, authReq, "Login.Title","Login.Description", errID, errMessage)
 	funcs := map[string]interface{}{
 		"hasUsernamePasswordLogin": func() bool {
 			return authReq != nil && authReq.LoginPolicy != nil && authReq.LoginPolicy.AllowUsernamePassword
--- a/internal/api/ui/login/login_success_handler.go
+++ b/internal/api/ui/login/login_success_handler.go
@ -41,7 +41,7 @@ func (l *Login) renderSuccessAndCallback(w http.ResponseWriter, r *http.Request,
 		errID, errMessage = l.getErrorMessage(r, err)
 	}
 	data := loginSuccessData{
-		userData: l.getUserData(r, authReq, "Login Successful", errID, errMessage),
+		userData: l.getUserData(r, authReq, "LoginSuccess.Title","", errID, errMessage),
 	}
 	if authReq != nil {
 		//the id will be set via the html (maybe change this with the login refactoring)
--- a/internal/api/ui/login/logout_handler.go
+++ b/internal/api/ui/login/logout_handler.go
@ -13,6 +13,6 @@ func (l *Login) handleLogoutDone(w http.ResponseWriter, r *http.Request) {
 }

 func (l *Login) renderLogoutDone(w http.ResponseWriter, r *http.Request) {
-	data := l.getUserData(r, nil, "Logout Done", "", "")
+	data := l.getUserData(r, nil, "LogoutDone.Title","LogoutDone.Description", "", "")
 	l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), nil), l.renderer.Templates[tmplLogoutDone], data, nil)
 }
--- a/internal/api/ui/login/mail_verify_handler.go
+++ b/internal/api/ui/login/mail_verify_handler.go
@ -92,12 +92,13 @@ func (l *Login) renderMailVerification(w http.ResponseWriter, r *http.Request, a
 	if userID == "" {
 		userID = authReq.UserID
 	}
+
+	translator := l.getTranslator(r.Context(), authReq)
 	data := mailVerificationData{
-		baseData:    l.getBaseData(r, authReq, "Mail Verification", errID, errMessage),
+		baseData:    l.getBaseData(r, authReq, "EmailVerification.Title","EmailVerification.Description", errID, errMessage),
 		UserID:      userID,
 		profileData: l.getProfileData(authReq),
 	}
-	translator := l.getTranslator(r.Context(), authReq)
 	if authReq == nil {
 		user, err := l.query.GetUserByID(r.Context(), false, userID)
 		if err == nil {
@ -108,11 +109,11 @@ func (l *Login) renderMailVerification(w http.ResponseWriter, r *http.Request, a
 }

 func (l *Login) renderMailVerified(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, orgID string) {
+	translator := l.getTranslator(r.Context(), authReq)
 	data := mailVerificationData{
-		baseData:    l.getBaseData(r, authReq, "Mail Verified", "", ""),
+		baseData:    l.getBaseData(r, authReq, "EmailVerificationDone.Title","EmailVerificationDone.Description", "", ""),
 		profileData: l.getProfileData(authReq),
 	}
-	translator := l.getTranslator(r.Context(), authReq)
 	if authReq == nil {
 		l.customTexts(r.Context(), translator, orgID)
 	}
--- a/internal/api/ui/login/mfa_init_done_handler.go
+++ b/internal/api/ui/login/mfa_init_done_handler.go
@ -15,8 +15,8 @@ type mfaInitDoneData struct {

 func (l *Login) renderMFAInitDone(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, data *mfaDoneData) {
 	var errType, errMessage string
-	data.baseData = l.getBaseData(r, authReq, "MFA Init Done", errType, errMessage)
-	data.profileData = l.getProfileData(authReq)
 	translator := l.getTranslator(r.Context(), authReq)
+	data.baseData = l.getBaseData(r, authReq, "InitMFADone.Title","InitMFADone.Description", errType, errMessage)
+	data.profileData = l.getProfileData(authReq)
 	l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplMFAInitDone], data, nil)
 }
--- a/internal/api/ui/login/mfa_init_u2f.go
+++ b/internal/api/ui/login/mfa_init_u2f.go
@ -31,7 +31,7 @@ func (l *Login) renderRegisterU2F(w http.ResponseWriter, r *http.Request, authRe
 	}
 	data := &u2fInitData{
 		webAuthNData: webAuthNData{
-			userData:               l.getUserData(r, authReq, "Register WebAuthNToken", errID, errMessage),
+			userData:               l.getUserData(r, authReq, "InitMFAU2F.Title","InitMFAU2F.Description", errID, errMessage),
 			CredentialCreationData: credentialData,
 		},
 		MFAType: domain.MFATypeU2F,
--- a/internal/api/ui/login/mfa_init_verify_handler.go
+++ b/internal/api/ui/login/mfa_init_verify_handler.go
@ -70,7 +70,8 @@ func (l *Login) renderMFAInitVerify(w http.ResponseWriter, r *http.Request, auth
 	if err != nil {
 		errID, errMessage = l.getErrorMessage(r, err)
 	}
-	data.baseData = l.getBaseData(r, authReq, "MFA Init Verify", errID, errMessage)
+	translator := l.getTranslator(r.Context(), authReq)
+	data.baseData = l.getBaseData(r, authReq, "InitMFAOTP.Title", "InitMFAOTP.Description", errID, errMessage)
 	data.profileData = l.getProfileData(authReq)
 	if data.MFAType == domain.MFATypeOTP {
 		code, err := generateQrCode(data.otpData.Url)
@ -79,7 +80,6 @@ func (l *Login) renderMFAInitVerify(w http.ResponseWriter, r *http.Request, auth
 		}
 	}

-	translator := l.getTranslator(r.Context(), authReq)
 	l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplMFAInitVerify], data, nil)
 }

--- a/internal/api/ui/login/mfa_prompt_handler.go
+++ b/internal/api/ui/login/mfa_prompt_handler.go
@ -54,8 +54,9 @@ func (l *Login) renderMFAPrompt(w http.ResponseWriter, r *http.Request, authReq
 	if err != nil {
 		errID, errMessage = l.getErrorMessage(r, err)
 	}
+	translator := l.getTranslator(r.Context(), authReq)
 	data := mfaData{
-		baseData:    l.getBaseData(r, authReq, "MFA Prompt", errID, errMessage),
+		baseData:    l.getBaseData(r, authReq, "InitMFAPrompt.Title","InitMFAPrompt.Description", errID, errMessage),
 		profileData: l.getProfileData(authReq),
 	}

@ -74,7 +75,6 @@ func (l *Login) renderMFAPrompt(w http.ResponseWriter, r *http.Request, authReq
 		l.handleMFACreation(w, r, authReq, data)
 		return
 	}
-	translator := l.getTranslator(r.Context(), authReq)
 	l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplMFAPrompt], data, nil)
 }

--- a/internal/api/ui/login/mfa_verify_handler.go
+++ b/internal/api/ui/login/mfa_verify_handler.go
@ -58,23 +58,29 @@ func (l *Login) renderMFAVerifySelected(w http.ResponseWriter, r *http.Request,
 	if err != nil {
 		errID, errMessage = l.getErrorMessage(r, err)
 	}
-	data := l.getUserData(r, authReq, "MFA Verify", errID, errMessage)
+	data := l.getUserData(r, authReq, "","", errID, errMessage)
 	if verificationStep == nil {
 		l.renderError(w, r, authReq, err)
 		return
 	}
+	translator := l.getTranslator(r.Context(), authReq)
+
 	switch selectedProvider {
 	case domain.MFATypeU2F:
+		data.Title = translator.LocalizeWithoutArgs("VerifyMFAU2F.Title")
+		data.Description = translator.LocalizeWithoutArgs("VerifyMFAU2F.Description")
 		l.renderU2FVerification(w, r, authReq, removeSelectedProviderFromList(verificationStep.MFAProviders, domain.MFATypeU2F), nil)
 		return
 	case domain.MFATypeOTP:
 		data.MFAProviders = removeSelectedProviderFromList(verificationStep.MFAProviders, domain.MFATypeOTP)
 		data.SelectedMFAProvider = domain.MFATypeOTP
+		data.Title = translator.LocalizeWithoutArgs("VerifyMFAOTP.Title")
+		data.Description = translator.LocalizeWithoutArgs("VerifyMFAOTP.Description")
 	default:
 		l.renderError(w, r, authReq, err)
 		return
 	}
-	l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplMFAVerify], data, nil)
+	l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplMFAVerify], data, nil)
 }

 func removeSelectedProviderFromList(providers []domain.MFAType, selected domain.MFAType) []domain.MFAType {
--- a/internal/api/ui/login/mfa_verify_u2f_handler.go
+++ b/internal/api/ui/login/mfa_verify_u2f_handler.go
@ -39,7 +39,7 @@ func (l *Login) renderU2FVerification(w http.ResponseWriter, r *http.Request, au
 	}
 	data := &mfaU2FData{
 		webAuthNData: webAuthNData{
-			userData:               l.getUserData(r, authReq, "Login WebAuthNToken", errID, errMessage),
+			userData:               l.getUserData(r, authReq, "VerifyMFAU2F.Title","VerifyMFAU2F.Description", errID, errMessage),
 			CredentialCreationData: credentialData,
 		},
 		MFAProviders:     providers,
--- a/internal/api/ui/login/password_handler.go
+++ b/internal/api/ui/login/password_handler.go
@ -19,7 +19,7 @@ func (l *Login) renderPassword(w http.ResponseWriter, r *http.Request, authReq *
 	if err != nil {
 		errID, errMessage = l.getErrorMessage(r, err)
 	}
-	data := l.getUserData(r, authReq, "Password", errID, errMessage)
+	data := l.getUserData(r, authReq, "Password.Title","Password.Description", errID, errMessage)
 	funcs := map[string]interface{}{
 		"showPasswordReset": func() bool {
 			if authReq.LoginPolicy != nil {
--- a/internal/api/ui/login/password_reset_handler.go
+++ b/internal/api/ui/login/password_reset_handler.go
@ -45,6 +45,6 @@ func (l *Login) renderPasswordResetDone(w http.ResponseWriter, r *http.Request,
 	if err != nil {
 		errID, errMessage = l.getErrorMessage(r, err)
 	}
-	data := l.getUserData(r, authReq, "Password Reset Done", errID, errMessage)
+	data := l.getUserData(r, authReq, "PasswordResetDone.Title","PasswordResetDone.Description", errID, errMessage)
 	l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplPasswordResetDone], data, nil)
 }
--- a/internal/api/ui/login/passwordless_login_handler.go
+++ b/internal/api/ui/login/passwordless_login_handler.go
@ -38,7 +38,7 @@ func (l *Login) renderPasswordlessVerification(w http.ResponseWriter, r *http.Re
 	}
 	data := &passwordlessData{
 		webAuthNData{
-			userData:               l.getUserData(r, authReq, "Login Passwordless", errID, errMessage),
+			userData:               l.getUserData(r, authReq, "Passwordless.Title","Passwordless.Description", errID, errMessage),
 			CredentialCreationData: credentialData,
 		},
 		passwordSet,
--- a/internal/api/ui/login/passwordless_prompt_handler.go
+++ b/internal/api/ui/login/passwordless_prompt_handler.go
@ -32,7 +32,7 @@ func (l *Login) renderPasswordlessPrompt(w http.ResponseWriter, r *http.Request,
 		errID, errMessage = l.getErrorMessage(r, err)
 	}
 	data := &passwordlessPromptData{
-		userData: l.getUserData(r, authReq, "Passwordless Prompt", errID, errMessage),
+		userData: l.getUserData(r, authReq, "PasswordlessPrompt.Title","PasswordlessPrompt.Description", errID, errMessage),
 	}

 	translator := l.getTranslator(r.Context(), authReq)
--- a/internal/api/ui/login/passwordless_registration_handler.go
+++ b/internal/api/ui/login/passwordless_registration_handler.go
@ -99,9 +99,11 @@ func (l *Login) renderPasswordlessRegistration(w http.ResponseWriter, r *http.Re
 	if webAuthNToken != nil {
 		credentialData = base64.RawURLEncoding.EncodeToString(webAuthNToken.CredentialCreationData)
 	}
+
+	translator := l.getTranslator(r.Context(), authReq)
 	data := &passwordlessRegistrationData{
 		webAuthNData{
-			userData:               l.getUserData(r, authReq, "Login Passwordless", errID, errMessage),
+			userData:               l.getUserData(r, authReq, "PasswordlessRegistration.Title", "PasswordlessRegistration.Description", errID, errMessage),
 			CredentialCreationData: credentialData,
 		},
 		code,
@ -111,7 +113,6 @@ func (l *Login) renderPasswordlessRegistration(w http.ResponseWriter, r *http.Re
 		requestedPlatformType,
 		disabled,
 	}
-	translator := l.getTranslator(r.Context(), authReq)
 	if authReq == nil {
 		policy, err := l.query.ActiveLabelPolicyByOrg(r.Context(), orgID)
 		logging.Log("HANDL-XjWKE").OnError(err).Error("unable to get active label policy")
@ -191,11 +192,12 @@ func (l *Login) renderPasswordlessRegistrationDone(w http.ResponseWriter, r *htt
 	if err != nil {
 		errID, errMessage = l.getErrorMessage(r, err)
 	}
+	translator := l.getTranslator(r.Context(), authReq)
+
 	data := passwordlessRegistrationDoneDate{
-		userData:       l.getUserData(r, authReq, "Passwordless Registration Done", errID, errMessage),
+		userData:       l.getUserData(r, authReq, "PasswordlessRegistrationDone.Title","PasswordlessRegistrationDone.Description", errID, errMessage),
 		HideNextButton: authReq == nil,
 	}
-	translator := l.getTranslator(r.Context(), authReq)
 	if authReq == nil {
 		l.customTexts(r.Context(), translator, orgID)
 	}
--- a/internal/api/ui/login/register_handler.go
+++ b/internal/api/ui/login/register_handler.go
@ -124,7 +124,7 @@ func (l *Login) renderRegister(w http.ResponseWriter, r *http.Request, authReque
 	}

 	data := registerData{
-		baseData:         l.getBaseData(r, authRequest, "Register", errID, errMessage),
+		baseData:         l.getBaseData(r, authRequest, "RegistrationUser.Title","RegistrationUser.Description", errID, errMessage),
 		registerFormData: *formData,
 	}

--- a/internal/api/ui/login/register_option_handler.go
+++ b/internal/api/ui/login/register_option_handler.go
@ -52,8 +52,9 @@ func (l *Login) renderRegisterOption(w http.ResponseWriter, r *http.Request, aut
 			return
 		}
 	}
+	translator := l.getTranslator(r.Context(), authReq)
 	data := registerOptionData{
-		baseData: l.getBaseData(r, authReq, "RegisterOption", errID, errMessage),
+		baseData: l.getBaseData(r, authReq, "RegisterOption.Title","RegisterOption.Description", errID, errMessage),
 	}
 	funcs := map[string]interface{}{
 		"hasRegistration": func() bool {
@ -63,7 +64,6 @@ func (l *Login) renderRegisterOption(w http.ResponseWriter, r *http.Request, aut
 			return externalAllowed
 		},
 	}
-	translator := l.getTranslator(r.Context(), authReq)
 	l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplRegisterOption], data, funcs)
 }

--- a/internal/api/ui/login/register_org_handler.go
+++ b/internal/api/ui/login/register_org_handler.go
@ -86,8 +86,9 @@ func (l *Login) renderRegisterOrg(w http.ResponseWriter, r *http.Request, authRe
 	if formData == nil {
 		formData = new(registerOrgFormData)
 	}
+	translator := l.getTranslator(r.Context(), authRequest)
 	data := registerOrgData{
-		baseData:            l.getBaseData(r, authRequest, "Register", errID, errMessage),
+		baseData:            l.getBaseData(r, authRequest, "RegistrationOrg.Title","RegistrationOrg.Description", errID, errMessage),
 		registerOrgFormData: *formData,
 	}
 	pwPolicy := l.getPasswordComplexityPolicy(r, "0")
@ -112,7 +113,6 @@ func (l *Login) renderRegisterOrg(w http.ResponseWriter, r *http.Request, authRe
 		data.IamDomain = authz.GetInstance(r.Context()).RequestedDomain()
 	}

-	translator := l.getTranslator(r.Context(), authRequest)
 	if authRequest == nil {
 		l.customTexts(r.Context(), translator, "")
 	}
--- a/internal/api/ui/login/renderer.go
+++ b/internal/api/ui/login/renderer.go
@ -105,6 +105,16 @@ func CreateRenderer(pathPrefix string, staticDir http.FileSystem, staticStorage
 			}
 			return path.Join(r.pathPrefix, fmt.Sprintf("%s?%s=%s&%s=%v&%s=%s", EndpointDynamicResources, "orgId", orgID, "default-policy", policy.Default, "filename", fileName))
 		},
+		"customIconResource": func(orgID string, policy *domain.LabelPolicy, darkMode bool) string {
+			fileName := policy.IconURL
+			if darkMode && policy.IconDarkURL != "" {
+				fileName = policy.IconDarkURL
+			}
+			if fileName == "" {
+				return ""
+			}
+			return path.Join(r.pathPrefix, fmt.Sprintf("%s?%s=%s&%s=%v&%s=%s", EndpointDynamicResources, "orgId", orgID, "default-policy", policy.Default, "filename", fileName))
+		},
 		"avatarResource": func(orgID, avatar string) string {
 			return path.Join(r.pathPrefix, fmt.Sprintf("%s?%s=%s&%s=%v&%s=%s", EndpointDynamicResources, "orgId", orgID, "default-policy", false, "filename", avatar))
 		},
@ -315,13 +325,13 @@ func (l *Login) renderInternalError(w http.ResponseWriter, r *http.Request, auth
 	if err != nil {
 		_, msg = l.getErrorMessage(r, err)
 	}
-	data := l.getBaseData(r, authReq, "Error", "Internal", msg)
+	data := l.getBaseData(r, authReq, "Errors.Internal","", "Internal", msg)
 	l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplError], data, nil)
 }

-func (l *Login) getUserData(r *http.Request, authReq *domain.AuthRequest, title string, errType, errMessage string) userData {
+func (l *Login) getUserData(r *http.Request, authReq *domain.AuthRequest, titleI18nKey string, descriptionI18nKey string, errType, errMessage string) userData {
 	userData := userData{
-		baseData:    l.getBaseData(r, authReq, title, errType, errMessage),
+		baseData:    l.getBaseData(r, authReq, titleI18nKey, descriptionI18nKey, errType, errMessage),
 		profileData: l.getProfileData(authReq),
 	}
 	if authReq != nil && authReq.LinkingUsers != nil {
@ -330,8 +340,20 @@ func (l *Login) getUserData(r *http.Request, authReq *domain.AuthRequest, title
 	return userData
 }

-func (l *Login) getBaseData(r *http.Request, authReq *domain.AuthRequest, title string, errType, errMessage string) baseData {
-	lang, _ := l.renderer.ReqLang(l.getTranslator(r.Context(), authReq), r).Base()
+func (l *Login) getBaseData(r *http.Request, authReq *domain.AuthRequest, titleI18nKey string, descriptionI18nKey string, errType, errMessage string) baseData {
+	translator := l.getTranslator(r.Context(), authReq)
+	
+	title := ""
+	if titleI18nKey != "" {
+		title = translator.LocalizeWithoutArgs(titleI18nKey)
+	}
+
+	description := ""
+	if descriptionI18nKey != "" {
+		description =  translator.LocalizeWithoutArgs(descriptionI18nKey)
+	}
+	
+	lang, _ := l.renderer.ReqLang(translator, r).Base()
 	baseData := baseData{
 		errorData: errorData{
 			ErrID:      errType,
@ -339,6 +361,7 @@ func (l *Login) getBaseData(r *http.Request, authReq *domain.AuthRequest, title
 		},
 		Lang:                   lang.String(),
 		Title:                  title,
+		Description:		description,
 		Theme:                  l.getTheme(r),
 		ThemeMode:              l.getThemeMode(r),
 		DarkMode:               l.isDarkMode(r),
@ -567,6 +590,7 @@ type baseData struct {
 	errorData
 	Lang                   string
 	Title                  string
+	Description            string
 	Theme                  string
 	ThemeMode              string
 	DarkMode               bool
--- a/internal/api/ui/login/select_user_handler.go
+++ b/internal/api/ui/login/select_user_handler.go
@ -17,12 +17,21 @@ type userSelectionFormData struct {
 }

 func (l *Login) renderUserSelection(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest, selectionData *domain.SelectUserStep) {
-	data := userSelectionData{
-		baseData: l.getBaseData(r, authReq, "Select User", "", ""),
-		Users:    selectionData.Users,
-		Linking:  len(authReq.LinkingUsers) > 0,
-	}
 	translator := l.getTranslator(r.Context(), authReq)
+	
+	linking := len(authReq.LinkingUsers) > 0
+
+	titleI18nKey := "SelectAccount.Title"
+	descriptionI18nKey := "SelectAccount.Description"
+	if linking {
+		titleI18nKey = "SelectAccount.TitleLinking"
+		descriptionI18nKey = "SelectAccount.DescriptionLinking"
+	}
+	data := userSelectionData{
+		baseData: l.getBaseData(r, authReq, titleI18nKey,descriptionI18nKey, "", ""),
+		Users:    selectionData.Users,
+		Linking:  linking,
+	}
 	l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplUserSelection], data, nil)
 }

--- a/internal/api/ui/login/static/i18n/de.yaml
+++ b/internal/api/ui/login/static/i18n/de.yaml
@ -284,7 +284,7 @@ LinkingUsersDone:
  NextButtonText: weiter

 ExternalNotFound:
-  Title: Externer Benutzer
+  Title: Externer Benutzer nicht gefunden
  Description: Externer Benutzer konnte nicht gefunden werden. Willst du deinen Benutzer mit einem bestehenden verlinken oder diesen als neuen Benutzer registrieren.
  LinkButtonText: Verlinken
  AutoRegisterButtonText: registrieren
--- a/internal/api/ui/login/static/i18n/en.yaml
+++ b/internal/api/ui/login/static/i18n/en.yaml
@ -284,7 +284,7 @@ LinkingUsersDone:
  NextButtonText: next

 ExternalNotFound:
-  Title: External User
+  Title: External User not found
  Description: External user not found. Do you want to link your user or auto register a new one.
  LinkButtonText: Link
  AutoRegisterButtonText: register
--- a/internal/api/ui/login/static/i18n/fr.yaml
+++ b/internal/api/ui/login/static/i18n/fr.yaml
@ -284,7 +284,7 @@ LinkingUsersDone:
  NextButtonText: suivant

 ExternalNotFound:
-  Title: Utilisateur externe
+  Title: Utilisateur externe introuvable
  Description: Utilisateur externe non trouvé. Voulez-vous lier votre utilisateur ou enregistrer automatiquement un nouvel utilisateur.
  LinkButtonText: Lier
  AutoRegisterButtonText: enregistrer
--- a/internal/api/ui/login/static/i18n/it.yaml
+++ b/internal/api/ui/login/static/i18n/it.yaml
@ -284,7 +284,7 @@ LinkingUsersDone:
  NextButtonText: Avanti

 ExternalNotFound:
-  Title: Utente esterno
+  Title: Utente esterno non trovato
  Description: Utente esterno non trovato. Vuoi collegare il tuo utente o registrarne uno nuovo automaticamente.
  LinkButtonText: Link
  AutoRegisterButtonText: Registra
--- a/internal/api/ui/login/static/i18n/zh.yaml
+++ b/internal/api/ui/login/static/i18n/zh.yaml
@ -284,7 +284,7 @@ LinkingUsersDone:
  NextButtonText: 继续

 ExternalNotFound:
-  Title: 外部用户
+  Title: 未找到外部用户
  Description: 未找到外部用户。你想绑定你已存在的用户还是自动注册一个新用户。
  LinkButtonText: 绑定
  AutoRegisterButtonText: 注册
--- a/internal/api/ui/login/static/templates/main.html
+++ b/internal/api/ui/login/static/templates/main.html
@ -8,13 +8,21 @@
    <meta http-equiv="X-UA-Compatible" content="ie=edge">

    <link rel="stylesheet" href="{{ resourceThemeUrl "css/zitadel.css" .Theme }}" type="text/css">
-    <link rel="icon" type="image/x-icon" href="{{ resourceThemeUrl "favicon.ico" .Theme }}">
+    
    {{ if hasCustomPolicy .LabelPolicy }}
-    <link rel="stylesheet" href="{{ variablesCssFileUrl .PrivateLabelingOrgID .LabelPolicy}}" type="text/css">
-    {{ end}}
+        <link rel="stylesheet" href="{{ variablesCssFileUrl .PrivateLabelingOrgID .LabelPolicy}}" type="text/css">
+        {{ $icon := customIconResource .PrivateLabelingOrgID .LabelPolicy .DarkMode }}
+        {{if $icon}}
+            <link rel="icon" type="image" href="{{$icon}}">
+        {{end}}
+    {{ else }}
+        <link rel="icon" type="image/x-icon" href="{{ resourceThemeUrl "favicon.ico" .Theme }}">
+    {{ end }}
+
    <link rel="stylesheet" href="{{ resourceThemeUrl "../../fonts/lgn-icons/css/lgn-icon-font.css" .Theme }}">

    <title>{{ .Title }}</title>
+    <meta name="description" content="{{ .Description }}"/>

    <script src="{{ resourceUrl "scripts/theme.js" }}"></script>
 </head>
--- a/internal/api/ui/login/username_change_handler.go
+++ b/internal/api/ui/login/username_change_handler.go
@ -20,8 +20,9 @@ func (l *Login) renderChangeUsername(w http.ResponseWriter, r *http.Request, aut
 	if err != nil {
 		errID, errMessage = l.getErrorMessage(r, err)
 	}
-	data := l.getUserData(r, authReq, "Change Username", errID, errMessage)
-	l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplChangeUsername], data, nil)
+	translator := l.getTranslator(r.Context(), authReq)
+	data := l.getUserData(r, authReq, "UsernameChange.Title","UsernameChange.Description", errID, errMessage)
+	l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplChangeUsername], data, nil)
 }

 func (l *Login) handleChangeUsername(w http.ResponseWriter, r *http.Request) {
@ -41,6 +42,7 @@ func (l *Login) handleChangeUsername(w http.ResponseWriter, r *http.Request) {

 func (l *Login) renderChangeUsernameDone(w http.ResponseWriter, r *http.Request, authReq *domain.AuthRequest) {
 	var errType, errMessage string
-	data := l.getUserData(r, authReq, "Username Change Done", errType, errMessage)
-	l.renderer.RenderTemplate(w, r, l.getTranslator(r.Context(), authReq), l.renderer.Templates[tmplChangeUsernameDone], data, nil)
+	translator := l.getTranslator(r.Context(), authReq)
+	data := l.getUserData(r, authReq, "UsernameChangeDone.Title","UsernameChangeDone.Description", errType, errMessage)
+	l.renderer.RenderTemplate(w, r, translator, l.renderer.Templates[tmplChangeUsernameDone], data, nil)
 }
--- a/internal/i18n/i18n.go
+++ b/internal/i18n/i18n.go
@ -139,6 +139,10 @@ func (t *Translator) Localize(id string, args map[string]interface{}, langs ...s
 	return localize(t.localizer(langs...), id, args)
 }

+func (t *Translator) LocalizeWithoutArgs(id string, langs ...string) string {
+	return localize(t.localizer(langs...), id, map[string]interface{}{})
+}
+
 func (t *Translator) Lang(r *http.Request) language.Tag {
 	matcher := language.NewMatcher(t.bundle.LanguageTags())
 	tag, _ := language.MatchStrings(matcher, t.langsFromRequest(r)...)