feat: support multiple country codes for sending SMS (#1557)

* feat: support multiple country code * feat: improve UI * feat: migrate accountItem * fix: Aliyun compatible * fix: phone validate * fix: typo
2025-07-03 12:30:19 +08:00 · 2023-02-16 22:53:28 +08:00
parent 4605938f8e
commit eb72c9f273
52 changed files with 560 additions and 258 deletions
--- a/controllers/account.go
+++ b/controllers/account.go
@ -58,7 +58,7 @@ type RequestForm struct {

 	EmailCode   string `json:"emailCode"`
 	PhoneCode   string `json:"phoneCode"`
-	PhonePrefix string `json:"phonePrefix"`
+	CountryCode string `json:"countryCode"`

 	AutoSignin bool `json:"autoSignin"`

@ -121,7 +121,7 @@ func (c *ApiController) Signup() {
 	}

 	organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", form.Organization))
-	msg := object.CheckUserSignup(application, organization, form.Username, form.Password, form.Name, form.FirstName, form.LastName, form.Email, form.Phone, form.Affiliation, c.GetAcceptLanguage())
+	msg := object.CheckUserSignup(application, organization, form.Username, form.Password, form.Name, form.FirstName, form.LastName, form.Email, form.Phone, form.CountryCode, form.Affiliation, c.GetAcceptLanguage())
 	if msg != "" {
 		c.ResponseError(msg)
 		return
@ -137,7 +137,7 @@ func (c *ApiController) Signup() {

 	var checkPhone string
 	if application.IsSignupItemVisible("Phone") && form.Phone != "" {
-		checkPhone = fmt.Sprintf("+%s%s", form.PhonePrefix, form.Phone)
+		checkPhone, _ = util.GetE164Number(form.Phone, form.CountryCode)
 		checkResult := object.CheckVerificationCode(checkPhone, form.PhoneCode, c.GetAcceptLanguage())
 		if len(checkResult) != 0 {
 			c.ResponseError(c.T("account:Phone: %s"), checkResult)
@ -179,6 +179,7 @@ func (c *ApiController) Signup() {
 		Avatar:            organization.DefaultAvatar,
 		Email:             form.Email,
 		Phone:             form.Phone,
+		CountryCode:       form.CountryCode,
 		Address:           []string{},
 		Affiliation:       form.Affiliation,
 		IdCard:            form.IdCard,
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -263,34 +263,32 @@ func (c *ApiController) Login() {
 				checkDest = form.Username
 			} else {
 				verificationCodeType = "phone"
-				if len(form.PhonePrefix) == 0 {
-					responseText := fmt.Sprintf(c.T("auth:%s No phone prefix"), verificationCodeType)
-					c.ResponseError(responseText)
-					return
-				}
 				if user != nil && util.GetMaskedPhone(user.Phone) == form.Username {
 					form.Username = user.Phone
 				}
-				checkDest = fmt.Sprintf("+%s%s", form.PhonePrefix, form.Username)
 			}
-			user = object.GetUserByFields(form.Organization, form.Username)
-			if user == nil {
+
+			if user = object.GetUserByFields(form.Organization, form.Username); user == nil {
 				c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(form.Organization, form.Username)))
 				return
 			}
+			if verificationCodeType == "phone" {
+				form.CountryCode = user.GetCountryCode(form.CountryCode)
+				var ok bool
+				if checkDest, ok = util.GetE164Number(form.Username, form.CountryCode); !ok {
+					c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), form.CountryCode))
+					return
+				}
+			}
+
 			checkResult = object.CheckSigninCode(user, checkDest, form.Code, c.GetAcceptLanguage())
 			if len(checkResult) != 0 {
-				responseText := fmt.Sprintf("%s - %s", verificationCodeType, checkResult)
-				c.ResponseError(responseText)
+				c.ResponseError(fmt.Sprintf("%s - %s", verificationCodeType, checkResult))
 				return
 			}

 			// disable the verification code
-			if strings.Contains(form.Username, "@") {
-				object.DisableVerificationCode(form.Username)
-			} else {
-				object.DisableVerificationCode(fmt.Sprintf("+%s%s", form.PhonePrefix, form.Username))
-			}
+			object.DisableVerificationCode(checkDest)
 		} else {
 			application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
 			if application == nil {
--- a/controllers/service.go
+++ b/controllers/service.go
@ -130,13 +130,13 @@ func (c *ApiController) SendSms() {
 		return
 	}

-	org := object.GetOrganization(smsForm.OrgId)
 	var invalidReceivers []string
 	for idx, receiver := range smsForm.Receivers {
-		if !util.IsPhoneCnValid(receiver) {
+		// The receiver phone format: E164 like +8613854673829 +441932567890
+		if !util.IsPhoneValid(receiver, "") {
 			invalidReceivers = append(invalidReceivers, receiver)
 		} else {
-			smsForm.Receivers[idx] = fmt.Sprintf("+%s%s", org.PhonePrefix, receiver)
+			smsForm.Receivers[idx] = receiver
 		}
 	}

--- a/controllers/user_util.go
+++ b/controllers/user_util.go
@ -62,6 +62,10 @@ func checkPermissionForUpdateUser(userId string, newUser object.User, c *ApiCont
 		item := object.GetAccountItemByName("Phone", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
+	if oldUser.CountryCode != newUser.CountryCode {
+		item := object.GetAccountItemByName("Country code", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
 	if oldUser.Region != newUser.Region {
 		item := object.GetAccountItemByName("Country/Region", organization)
 		itemsChanged = append(itemsChanged, item)
--- a/controllers/verification.go
+++ b/controllers/verification.go
@ -24,6 +24,13 @@ import (
 	"github.com/casdoor/casdoor/util"
 )

+const (
+	SignupVerification = "signup"
+	ResetVerification  = "reset"
+	LoginVerification  = "login"
+	ForgetVerification = "forget"
+)
+
 func (c *ApiController) getCurrentUser() *object.User {
 	var user *object.User
 	userId := c.GetSessionUsername()
@ -42,18 +49,15 @@ func (c *ApiController) getCurrentUser() *object.User {
 func (c *ApiController) SendVerificationCode() {
 	destType := c.Ctx.Request.Form.Get("type")
 	dest := c.Ctx.Request.Form.Get("dest")
+	countryCode := c.Ctx.Request.Form.Get("countryCode")
 	checkType := c.Ctx.Request.Form.Get("checkType")
 	checkId := c.Ctx.Request.Form.Get("checkId")
 	checkKey := c.Ctx.Request.Form.Get("checkKey")
-	checkUser := c.Ctx.Request.Form.Get("checkUser")
 	applicationId := c.Ctx.Request.Form.Get("applicationId")
 	method := c.Ctx.Request.Form.Get("method")
+	checkUser := c.Ctx.Request.Form.Get("checkUser")
 	remoteAddr := util.GetIPFromRequest(c.Ctx.Request)

-	if destType == "" {
-		c.ResponseError(c.T("general:Missing parameter") + ": type.")
-		return
-	}
 	if dest == "" {
 		c.ResponseError(c.T("general:Missing parameter") + ": dest.")
 		return
@ -62,98 +66,101 @@ func (c *ApiController) SendVerificationCode() {
 		c.ResponseError(c.T("general:Missing parameter") + ": applicationId.")
 		return
 	}
-	if !strings.Contains(applicationId, "/") {
-		c.ResponseError(c.T("verification:Wrong parameter") + ": applicationId.")
-		return
-	}
 	if checkType == "" {
 		c.ResponseError(c.T("general:Missing parameter") + ": checkType.")
 		return
 	}
-
-	captchaProvider := captcha.GetCaptchaProvider(checkType)
-
-	if captchaProvider != nil {
-		if checkKey == "" {
-			c.ResponseError(c.T("general:Missing parameter") + ": checkKey.")
-			return
-		}
-		isHuman, err := captchaProvider.VerifyCaptcha(checkKey, checkId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if !isHuman {
-			c.ResponseError(c.T("verification:Turing test failed."))
-			return
-		}
+	if checkKey == "" {
+		c.ResponseError(c.T("general:Missing parameter") + ": checkKey.")
+		return
+	}
+	if !strings.Contains(applicationId, "/") {
+		c.ResponseError(c.T("verification:Wrong parameter") + ": applicationId.")
+		return
+	}
+
+	if captchaProvider := captcha.GetCaptchaProvider(checkType); captchaProvider == nil {
+		c.ResponseError(c.T("general:don't support captchaProvider: ") + checkType)
+		return
+	} else if isHuman, err := captchaProvider.VerifyCaptcha(checkKey, checkId); err != nil {
+		c.ResponseError(err.Error())
+		return
+	} else if !isHuman {
+		c.ResponseError(c.T("verification:Turing test failed."))
+		return
 	}

-	user := c.getCurrentUser()
 	application := object.GetApplication(applicationId)
-	organization := object.GetOrganization(fmt.Sprintf("%s/%s", application.Owner, application.Organization))
+	organization := object.GetOrganization(util.GetId(application.Owner, application.Organization))
 	if organization == nil {
 		c.ResponseError(c.T("verification:Organization does not exist"))
 		return
 	}

-	if checkUser == "true" && user == nil && object.GetUserByFields(organization.Name, dest) == nil {
-		c.ResponseError(c.T("general:Please login first"))
-		return
+	var user *object.User
+	// checkUser != "", means method is ForgetVerification
+	if checkUser != "" {
+		owner := application.Organization
+		user = object.GetUser(util.GetId(owner, checkUser))
 	}

 	sendResp := errors.New("invalid dest type")

-	if user == nil && checkUser != "" && checkUser != "true" {
-		name := application.Organization
-		user = object.GetUser(fmt.Sprintf("%s/%s", name, checkUser))
-	}
 	switch destType {
 	case "email":
-		if user != nil && util.GetMaskedEmail(user.Email) == dest {
-			dest = user.Email
-		}
 		if !util.IsEmailValid(dest) {
 			c.ResponseError(c.T("verification:Email is invalid"))
 			return
 		}

-		userByEmail := object.GetUserByEmail(organization.Name, dest)
-		if userByEmail == nil && method != "signup" && method != "reset" {
-			c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
-			return
+		if method == LoginVerification || method == ForgetVerification {
+			if user != nil && util.GetMaskedEmail(user.Email) == dest {
+				dest = user.Email
+			}
+
+			user = object.GetUserByEmail(organization.Name, dest)
+			if user == nil {
+				c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
+				return
+			}
+		} else if method == ResetVerification {
+			user = c.getCurrentUser()
 		}

 		provider := application.GetEmailProvider()
 		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, remoteAddr, dest)
 	case "phone":
-		if user != nil && util.GetMaskedPhone(user.Phone) == dest {
-			dest = user.Phone
-		}
-		if !util.IsPhoneCnValid(dest) {
-			c.ResponseError(c.T("verification:Phone number is invalid"))
-			return
+		if method == LoginVerification || method == ForgetVerification {
+			if user != nil && util.GetMaskedPhone(user.Phone) == dest {
+				dest = user.Phone
+			}
+
+			if user = object.GetUserByPhone(organization.Name, dest); user == nil {
+				c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
+				return
+			}
+
+			countryCode = user.GetCountryCode(countryCode)
+		} else if method == ResetVerification {
+			if user = c.getCurrentUser(); user != nil {
+				countryCode = user.GetCountryCode(countryCode)
+			}
 		}

-		userByPhone := object.GetUserByPhone(organization.Name, dest)
-		if userByPhone == nil && method != "signup" && method != "reset" {
-			c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
-			return
-		}
-
-		dest = fmt.Sprintf("+%s%s", organization.PhonePrefix, dest)
 		provider := application.GetSmsProvider()
-		sendResp = object.SendVerificationCodeToPhone(organization, user, provider, remoteAddr, dest)
+		if phone, ok := util.GetE164Number(dest, countryCode); !ok {
+			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), countryCode))
+			return
+		} else {
+			sendResp = object.SendVerificationCodeToPhone(organization, user, provider, remoteAddr, phone)
+		}
 	}

 	if sendResp != nil {
-		c.Data["json"] = Response{Status: "error", Msg: sendResp.Error()}
+		c.ResponseError(sendResp.Error())
 	} else {
-		c.Data["json"] = Response{Status: "ok"}
+		c.ResponseOk()
 	}
-
-	c.ServeJSON()
 }

 // ResetEmailOrPhone ...
@ -169,7 +176,8 @@ func (c *ApiController) ResetEmailOrPhone() {
 	destType := c.Ctx.Request.Form.Get("type")
 	dest := c.Ctx.Request.Form.Get("dest")
 	code := c.Ctx.Request.Form.Get("code")
-	if len(dest) == 0 || len(code) == 0 || len(destType) == 0 {
+
+	if util.IsStrsEmpty(destType, dest, code) {
 		c.ResponseError(c.T("general:Missing parameter"))
 		return
 	}
@ -192,12 +200,10 @@ func (c *ApiController) ResetEmailOrPhone() {
 			c.ResponseError(errMsg)
 			return
 		}
-
-		phonePrefix := "86"
-		if organization != nil && organization.PhonePrefix != "" {
-			phonePrefix = organization.PhonePrefix
+		if checkDest, ok = util.GetE164Number(dest, user.GetCountryCode("")); !ok {
+			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), user.CountryCode))
+			return
 		}
-		checkDest = fmt.Sprintf("+%s%s", phonePrefix, dest)
 	} else if destType == "email" {
 		if object.HasUserByField(user.Owner, "email", user.Email) {
 			c.ResponseError(c.T("check:Email already exists"))
@ -215,8 +221,8 @@ func (c *ApiController) ResetEmailOrPhone() {
 			return
 		}
 	}
-	if ret := object.CheckVerificationCode(checkDest, code, c.GetAcceptLanguage()); len(ret) != 0 {
-		c.ResponseError(ret)
+	if msg := object.CheckVerificationCode(checkDest, code, c.GetAcceptLanguage()); len(msg) != 0 {
+		c.ResponseError(msg)
 		return
 	}

@ -233,8 +239,7 @@ func (c *ApiController) ResetEmailOrPhone() {
 	}

 	object.DisableVerificationCode(checkDest)
-	c.Data["json"] = Response{Status: "ok"}
-	c.ServeJSON()
+	c.ResponseOk()
 }

 // VerifyCaptcha ...