feat: custom login form and background (#1107)

* feat: custom login form and background

Signed-off-by: magicwind <2814461814@qq.com>

* feat: costom login form border

* chore: update i18

* Update ApplicationEditPage.js

* Update LoginPage.js

* Update SignupPage.js

* Update LoginPage.js

* Update ApplicationEditPage.js

Signed-off-by: magicwind <2814461814@qq.com>
Co-authored-by: Gucheng <85475922+nomeguy@users.noreply.github.com>

authz/authz.go

@@ -15,6 +15,8 @@
 package authz
 
 import (
+	"strings"
+
 	"github.com/casbin/casbin/v2"
 	"github.com/casbin/casbin/v2/model"
 	xormadapter "github.com/casbin/xorm-adapter/v2"
@@ -128,6 +130,12 @@ p, *, *, GET, /api/get-release, *, *
 }
 
 func IsAllowed(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
+	if conf.IsDemoMode() {
+		if !isAllowedInDemoMode(subOwner, subName, method, urlPath, objOwner, objName) {
+			return false
+		}
+	}
+
 	res, err := Enforcer.Enforce(subOwner, subName, method, urlPath, objOwner, objName)
 	if err != nil {
 		panic(err)
@@ -135,3 +143,22 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o
 
 	return res
 }
+
+func isAllowedInDemoMode(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
+	if method == "POST" {
+		if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/send-verification-code" {
+			return true
+		} else if urlPath == "/api/update-user" {
+			// Allow ordinary users to update their own information
+			if subOwner == objOwner && subName == objName && !(subOwner == "built-in" && subName == "admin") {
+				return true
+			}
+			return false
+		} else {
+			return false
+		}
+	}
+
+	// If method equals GET
+	return true
+}

build.sh

@@ -6,6 +6,6 @@ then
     echo "Successfully connected to Google, no need to use Go proxy"
 else
     echo "Google is blocked, Go proxy is enabled: GOPROXY=https://goproxy.cn,direct"
-    GO_PROXY_SETTING=GOPROXY=https://goproxy.cn,direct
+    export GOPROXY="https://goproxy.cn,direct"
 fi
-CGO_ENABLED=0 GOOS=linux GOARCH=amd64 $GO_PROXY_SETTING go build -ldflags="-w -s" -o server .
+CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o server .

conf/app.conf

@@ -16,4 +16,5 @@ verificationCodeTimeout = 10
 initScore = 2000
 logPostOnly = true
 origin =
-staticBaseUrl = "https://cdn.casbin.org"
+staticBaseUrl = "https://cdn.casbin.org"
+isDemoMode = false

conf/conf.go

@@ -80,3 +80,7 @@ func GetBeegoConfDataSourceName() string {
 
 	return dataSourceName
 }
+
+func IsDemoMode() bool {
+	return strings.ToLower(GetConfigString("isDemoMode")) == "true"
+}

idp/dingtalk.go

@@ -121,6 +121,7 @@ func (idp *DingTalkIdProvider) GetToken(code string) (*oauth2.Token, error) {
 type DingTalkUserResponse struct {
 	Nick      string `json:"nick"`
 	OpenId    string `json:"openId"`
+	UnionId   string `json:"unionId"`
 	AvatarUrl string `json:"avatarUrl"`
 	Email     string `json:"email"`
 	Errmsg    string `json:"message"`
@@ -162,6 +163,7 @@ func (idp *DingTalkIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, erro
 		Id:          dtUserInfo.OpenId,
 		Username:    dtUserInfo.Nick,
 		DisplayName: dtUserInfo.Nick,
+		UnionId:     dtUserInfo.UnionId,
 		Email:       dtUserInfo.Email,
 		AvatarUrl:   dtUserInfo.AvatarUrl,
 	}

idp/provider.go

@@ -25,6 +25,7 @@ type UserInfo struct {
 	Id          string
 	Username    string
 	DisplayName string
+	UnionId     string
 	Email       string
 	AvatarUrl   string
 }

object/application.go

@@ -66,6 +66,9 @@ type Application struct {
 	TermsOfUse           string   `xorm:"varchar(100)" json:"termsOfUse"`
 	SignupHtml           string   `xorm:"mediumtext" json:"signupHtml"`
 	SigninHtml           string   `xorm:"mediumtext" json:"signinHtml"`
+	FormCss              string   `xorm:"text" json:"formCss"`
+	FormOffset           int      `json:"formOffset"`
+	FormBackgroundUrl    string   `xorm:"varchar(200)" json:"formBackgroundUrl"`
 }
 
 func GetApplicationCount(owner, field, value string) int {

object/check.go

@@ -302,6 +302,10 @@ func CheckAccessPermission(userId string, application *Application) (bool, error
 		}
 
 		if isHit {
+			containsAsterisk := ContainsAsterisk(userId, permission.Users)
+			if containsAsterisk {
+				return true, err
+			}
 			enforcer := getEnforcer(permission)
 			allowed, err = enforcer.Enforce(userId, application.Name, "read")
 			break

object/email.go

@@ -16,10 +16,28 @@
 
 package object
 
-import "github.com/go-gomail/gomail"
+import (
+	"crypto/tls"
+
+	"github.com/go-gomail/gomail"
+)
+
+func getDialer(provider *Provider) *gomail.Dialer {
+	dialer := &gomail.Dialer{}
+	if provider.Type == "SUBMAIL" {
+		dialer = gomail.NewDialer(provider.Host, provider.Port, provider.AppId, provider.ClientSecret)
+		dialer.TLSConfig = &tls.Config{InsecureSkipVerify: true}
+	} else {
+		dialer = gomail.NewDialer(provider.Host, provider.Port, provider.ClientId, provider.ClientSecret)
+	}
+
+	dialer.SSL = !provider.DisableSsl
+
+	return dialer
+}
 
 func SendEmail(provider *Provider, title string, content string, dest string, sender string) error {
-	dialer := gomail.NewDialer(provider.Host, provider.Port, provider.ClientId, provider.ClientSecret)
+	dialer := getDialer(provider)
 
 	message := gomail.NewMessage()
 	message.SetAddressHeader("From", provider.ClientId, sender)
@@ -32,8 +50,7 @@ func SendEmail(provider *Provider, title string, content string, dest string, se
 
 // DailSmtpServer Dail Smtp server
 func DailSmtpServer(provider *Provider) error {
-	dialer := gomail.NewDialer(provider.Host, provider.Port, provider.ClientId, provider.ClientSecret)
-	dialer.SSL = !provider.DisableSsl
+	dialer := getDialer(provider)
 
 	sender, err := dialer.Dial()
 	if err != nil {

object/init.go

@@ -25,6 +25,8 @@ import (
 )
 
 func InitDb() {
+	MigratePermissionRule()
+
 	existed := initBuiltInOrganization()
 	if !existed {
 		initBuiltInModel()
@@ -155,6 +157,7 @@ func initBuiltInApplication() {
 		},
 		RedirectUris:  []string{},
 		ExpireInHours: 168,
+		FormOffset:    8,
 	}
 	AddApplication(application)
 }
@@ -276,7 +279,7 @@ func initBuiltInPermission() {
 		Name:         "permission-built-in",
 		CreatedTime:  util.GetCurrentTime(),
 		DisplayName:  "Built-in Permission",
-		Users:        []string{"built-in/admin"},
+		Users:        []string{"built-in/*"},
 		Roles:        []string{},
 		Domains:      []string{},
 		Model:        "model-built-in",

object/oidc_discovery.go

@@ -43,6 +43,11 @@ type OidcDiscovery struct {
 }
 
 func getOriginFromHost(host string) (string, string) {
+	origin := conf.GetConfigString("origin")
+	if origin != "" {
+		return origin, origin
+	}
+
 	protocol := "https://"
 	if strings.HasPrefix(host, "localhost") {
 		protocol = "http://"
@@ -58,12 +63,6 @@ func getOriginFromHost(host string) (string, string) {
 func GetOidcDiscovery(host string) OidcDiscovery {
 	originFrontend, originBackend := getOriginFromHost(host)
 
-	origin := conf.GetConfigString("origin")
-	if origin != "" {
-		originFrontend = origin
-		originBackend = origin
-	}
-
 	// Examples:
 	// https://login.okta.com/.well-known/openid-configuration
 	// https://auth0.auth0.com/.well-known/openid-configuration

object/permission.go

@@ -16,6 +16,7 @@ package object
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/casdoor/casdoor/util"
 	"xorm.io/core"
@@ -207,3 +208,44 @@ func GetPermissionsBySubmitter(owner string, submitter string) []*Permission {
 
 	return permissions
 }
+
+func MigratePermissionRule() {
+	models := []*Model{}
+	err := adapter.Engine.Find(&models, &Model{})
+	if err != nil {
+		panic(err)
+	}
+
+	isHit := false
+	for _, model := range models {
+		if strings.Contains(model.ModelText, "permission") {
+			// update model table
+			model.ModelText = strings.Replace(model.ModelText, "permission,", "", -1)
+			UpdateModel(model.GetId(), model)
+			isHit = true
+		}
+	}
+
+	if isHit {
+		// update permission_rule table
+		sql := "UPDATE `permission_rule`SET V0 = V1, V1 = V2, V2 = V3, V3 = V4, V4 = V5 WHERE V0 IN (SELECT CONCAT(owner, '/', name) AS permission_id FROM `permission`)"
+		_, err = adapter.Engine.Exec(sql)
+		if err != nil {
+			return
+		}
+	}
+}
+
+func ContainsAsterisk(userId string, users []string) bool {
+	containsAsterisk := false
+	group, _ := util.GetOwnerAndNameFromId(userId)
+	for _, user := range users {
+		permissionGroup, permissionUserName := util.GetOwnerAndNameFromId(user)
+		if permissionGroup == group && permissionUserName == "*" {
+			containsAsterisk = true
+			break
+		}
+	}
+
+	return containsAsterisk
+}

object/provider.go

@@ -48,6 +48,7 @@ type Provider struct {
 	DisableSsl bool   `json:"disableSsl"`
 	Title      string `xorm:"varchar(100)" json:"title"`
 	Content    string `xorm:"varchar(1000)" json:"content"`
+	Receiver   string `xorm:"varchar(100)" json:"receiver"`
 
 	RegionId     string `xorm:"varchar(100)" json:"regionId"`
 	SignName     string `xorm:"varchar(100)" json:"signName"`

object/saml_idp.go

@@ -29,7 +29,6 @@ import (
 
 	"github.com/RobotsAndPencils/go-saml"
 	"github.com/beevik/etree"
-	"github.com/casdoor/casdoor/conf"
 	"github.com/golang-jwt/jwt/v4"
 	dsig "github.com/russellhaering/goxmldsig"
 	uuid "github.com/satori/go.uuid"
@@ -176,16 +175,12 @@ type Attribute struct {
 }
 
 func GetSamlMeta(application *Application, host string) (*IdpEntityDescriptor, error) {
-	//_, originBackend := getOriginFromHost(host)
 	cert := getCertByApplication(application)
 	block, _ := pem.Decode([]byte(cert.Certificate))
 	certificate := base64.StdEncoding.EncodeToString(block.Bytes)
 
-	origin := conf.GetConfigString("origin")
 	originFrontend, originBackend := getOriginFromHost(host)
-	if origin != "" {
-		originBackend = origin
-	}
+
 	d := IdpEntityDescriptor{
 		XMLName: xml.Name{
 			Local: "md:EntityDescriptor",

object/saml_sp.go

@@ -70,10 +70,12 @@ func GenerateSamlLoginUrl(id, relayState string) (string, string, error) {
 }
 
 func buildSp(provider *Provider, samlResponse string) (*saml2.SAMLServiceProvider, error) {
+	origin := conf.GetConfigString("origin")
+
 	certStore := dsig.MemoryX509CertificateStore{
 		Roots: []*x509.Certificate{},
 	}
-	origin := conf.GetConfigString("origin")
+
 	certEncodedData := ""
 	if samlResponse != "" {
 		certEncodedData = parseSamlResponse(samlResponse, provider.Type)

object/token_jwt.go

@@ -18,7 +18,6 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/util"
 	"github.com/golang-jwt/jwt/v4"
 )
@@ -67,11 +66,7 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 	refreshExpireTime := nowTime.Add(time.Duration(application.RefreshExpireInHours) * time.Hour)
 
 	user.Password = ""
-	origin := conf.GetConfigString("origin")
 	_, originBackend := getOriginFromHost(host)
-	if origin != "" {
-		originBackend = origin
-	}
 
 	name := util.GenerateId()
 	jti := fmt.Sprintf("%s/%s", application.Owner, name)

object/user.go

@@ -18,7 +18,6 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/util"
 	"github.com/duo-labs/webauthn/webauthn"
 	"xorm.io/core"
@@ -527,11 +526,8 @@ func GetUserInfo(userId string, scope string, aud string, host string) (*Userinf
 	if user == nil {
 		return nil, fmt.Errorf("the user: %s doesn't exist", userId)
 	}
-	origin := conf.GetConfigString("origin")
+
 	_, originBackend := getOriginFromHost(host)
-	if origin != "" {
-		originBackend = origin
-	}
 
 	resp := Userinfo{
 		Sub: user.Id,

object/user_util.go

@@ -137,6 +137,15 @@ func SetUserOAuthProperties(organization *Organization, user *User, providerType
 			user.Email = userInfo.Email
 		}
 	}
+
+	if userInfo.UnionId != "" {
+		propertyName := fmt.Sprintf("oauth_%s_unionId", providerType)
+		setUserProperty(user, propertyName, userInfo.UnionId)
+		if providerType == "DingTalk" && user.DingTalk == "" {
+			user.DingTalk = userInfo.UnionId
+		}
+	}
+
 	if userInfo.AvatarUrl != "" {
 		propertyName := fmt.Sprintf("oauth_%s_avatarUrl", providerType)
 		setUserProperty(user, propertyName, userInfo.AvatarUrl)

object/user_webauthn.go

@@ -27,12 +27,9 @@ import (
 func GetWebAuthnObject(host string) *webauthn.WebAuthn {
 	var err error
 
-	origin := conf.GetConfigString("origin")
-	if origin == "" {
-		_, origin = getOriginFromHost(host)
-	}
+	_, originBackend := getOriginFromHost(host)
 
-	localUrl, err := url.Parse(origin)
+	localUrl, err := url.Parse(originBackend)
 	if err != nil {
 		panic("error when parsing origin:" + err.Error())
 	}
@@ -40,7 +37,7 @@ func GetWebAuthnObject(host string) *webauthn.WebAuthn {
 	webAuthn, err := webauthn.New(&webauthn.Config{
 		RPDisplayName: conf.GetConfigString("appname"),      // Display Name for your site
 		RPID:          strings.Split(localUrl.Host, ":")[0], // Generally the domain name for your site, it's ok because splits cannot return empty array
-		RPOrigin:      origin,                               // The origin URL for WebAuthn requests
+		RPOrigin:      originBackend,                        // The origin URL for WebAuthn requests
 		// RPIcon:     "https://duo.com/logo.png",           // Optional icon URL for your site
 	})
 	if err != nil {

object/verification.go

@@ -47,7 +47,7 @@ func SendVerificationCodeToEmail(organization *Organization, user *User, provide
 
 	sender := organization.DisplayName
 	title := provider.Title
-	code := getRandomCode(5)
+	code := getRandomCode(6)
 	// "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes."
 	content := fmt.Sprintf(provider.Content, code)
 
@@ -63,7 +63,7 @@ func SendVerificationCodeToPhone(organization *Organization, user *User, provide
 		return errors.New("please set a SMS provider first")
 	}
 
-	code := getRandomCode(5)
+	code := getRandomCode(6)
 	if err := SendSms(provider, code, dest); err != nil {
 		return err
 	}

web/.eslintrc

@@ -97,6 +97,7 @@
     "react/jsx-key": "error",
     "no-console": "error",
     "eqeqeq": "error",
+    "keyword-spacing": "error",
 
     "react/prop-types": "off",
     "react/display-name": "off",

web/src/App.js

@@ -527,7 +527,7 @@ class App extends Component {
   }
 
   renderRouter() {
-    return(
+    return (
       <div>
         <Switch>
           <Route exact path="/result" render={(props) => this.renderHomeIfLoggedIn(<ResultPage {...props} />)} />
@@ -618,7 +618,7 @@ class App extends Component {
         </div>
       );
     } else {
-      return(
+      return (
         <div>
           <Header style={{padding: "0", marginBottom: "3px"}}>
             {
@@ -746,6 +746,7 @@ class App extends Component {
     const organization = this.state.account.organization;
     return (
       <React.Fragment>
+        <div style={{display: "none"}} id="CasdoorApplicationName" value={this.state.account.signupApplication} />
         <Helmet>
           <title>{organization.displayName}</title>
           <link rel="icon" href={organization.favicon} />

web/src/App.less

@@ -76,3 +76,8 @@
   flex: 1;
   align-items: stretch;
 }
+
+.loginBackground {
+  background: #ffffff no-repeat;
+  background-size: 100% 100%;
+}

web/src/ApplicationEditPage.js

@@ -13,7 +13,7 @@
 // limitations under the License.
 
 import React from "react";
-import {Button, Card, Col, Input, Popover, Row, Select, Switch, Upload} from "antd";
+import {Button, Card, Col, Input, Popover, Radio, Row, Select, Switch, Upload} from "antd";
 import {CopyOutlined, LinkOutlined, UploadOutlined} from "@ant-design/icons";
 import * as ApplicationBackend from "./backend/ApplicationBackend";
 import * as CertBackend from "./backend/CertBackend";
@@ -35,9 +35,18 @@ import "codemirror/lib/codemirror.css";
 require("codemirror/theme/material-darker.css");
 require("codemirror/mode/htmlmixed/htmlmixed");
 require("codemirror/mode/xml/xml");
+require("codemirror/mode/css/css");
 
 const {Option} = Select;
 
+const templete = {
+  padding: "30px",
+  border: "2px solid #ffffff",
+  borderRadius: "7px",
+  backgroundColor: "#ffffff",
+  boxShadow: " 0px 0px 20px rgba(0, 0, 0, 0.20)",
+};
+
 class ApplicationEditPage extends React.Component {
   constructor(props) {
     super(props);
@@ -111,7 +120,7 @@ class ApplicationEditPage extends React.Component {
   }
 
   parseApplicationField(key, value) {
-    if (["expireInHours", "refreshExpireInHours"].includes(key)) {
+    if (["expireInHours", "refreshExpireInHours", "offset"].includes(key)) {
       value = Setting.myParseInt(value);
     }
     return value;
@@ -148,6 +157,7 @@ class ApplicationEditPage extends React.Component {
   }
 
   renderApplication() {
+    const preview = JSON.stringify(templete, null, 2);
     return (
       <Card size="small" title={
         <div>
@@ -536,6 +546,66 @@ class ApplicationEditPage extends React.Component {
             this.renderSignupSigninPreview()
           }
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("application:Background URL"), i18next.t("application:Background URL - Tooltip"))} :
+          </Col>
+          <Col span={22} style={(Setting.isMobile()) ? {maxWidth: "100%"} : {}}>
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 1}>
+                {Setting.getLabel(i18next.t("general:URL"), i18next.t("general:URL - Tooltip"))} :
+              </Col>
+              <Col span={23} >
+                <Input prefix={<LinkOutlined />} value={this.state.application.backgroundUrl} onChange={e => {
+                  this.updateApplicationField("backgroundUrl", e.target.value);
+                }} />
+              </Col>
+            </Row>
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 1}>
+                {i18next.t("general:Preview")}:
+              </Col>
+              <Col span={23} >
+                <a target="_blank" rel="noreferrer" href={this.state.application.backgroundUrl}>
+                  <img src={this.state.application.backgroundUrl} alt={this.state.application.backgroundUrl} height={90} style={{marginBottom: "20px"}} />
+                </a>
+              </Col>
+            </Row>
+          </Col>
+        </Row>
+        <Row>
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("application:Form CSS"), i18next.t("application:Form CSS - Tooltip"))} :
+          </Col>
+          <Col span={22}>
+            <Popover placement="right" content={
+              <div style={{width: "900px", height: "300px"}} >
+                <CodeMirror value={this.state.application.formCss === "" ? preview : this.state.application.formCss}
+                  options={{mode: "css", theme: "material-darker"}}
+                  onBeforeChange={(editor, data, value) => {
+                    this.updateApplicationField("formCss", value);
+                  }}
+                />
+              </div>
+            } title={i18next.t("application:Form CSS - Edit")} trigger="click">
+              <Input value={this.state.application.formCss} style={{marginBottom: "10px"}} onChange={e => {
+                this.updateApplicationField("formCss", e.target.value);
+              }} />
+            </Popover>
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("application:From position"), i18next.t("application:From position - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Radio.Group onChange={e => {this.updateApplicationField("formOffset", e.target.value);}} value={this.state.application.formOffset !== 0 ? this.state.application.formOffset : 8}>
+              <Radio.Button value={2}>left</Radio.Button>
+              <Radio.Button value={8}>center</Radio.Button>
+              <Radio.Button value={14}>right</Radio.Button>
+            </Radio.Group>
+          </Col>
+        </Row>
         {
           !this.state.application.enableSignUp ? null : (
             <Row style={{marginTop: "20px"}} >
@@ -591,7 +661,7 @@ class ApplicationEditPage extends React.Component {
                 <LoginPage type={"login"} mode={"signup"} application={this.state.application} />
               )
             }
-            <div style={maskStyle}></div>
+            <div style={maskStyle} />
           </div>
         </Col>
         <Col span={11}>
@@ -605,7 +675,7 @@ class ApplicationEditPage extends React.Component {
           <br />
           <div style={{position: "relative", width: "90%", border: "1px solid rgb(217,217,217)", boxShadow: "10px 10px 5px #888888", alignItems: "center", overflow: "auto", flexDirection: "column", flex: "auto"}}>
             <LoginPage type={"login"} mode={"signin"} application={this.state.application} />
-            <div style={maskStyle}></div>
+            <div style={maskStyle} />
           </div>
         </Col>
       </React.Fragment>

web/src/ModelListPage.js

@@ -88,7 +88,7 @@ class ModelListPage extends BaseListPage {
         ...this.getColumnSearchProps("name"),
         render: (text, record, index) => {
           return (
-            <Link to={`/models/${text}`}>
+            <Link to={`/models/${record.owner}/${text}`}>
               {text}
             </Link>
           );

web/src/ProviderEditPage.js

@@ -34,7 +34,6 @@ class ProviderEditPage extends React.Component {
       providerName: props.match.params.providerName,
       provider: null,
       mode: props.location.mode !== undefined ? props.location.mode : "edit",
-      testEmail: this.props.account["email"] !== undefined ? this.props.account["email"] : "",
     };
   }
 
@@ -131,6 +130,9 @@ class ProviderEditPage extends React.Component {
     } else if (this.state.provider.category === "SMS" && this.state.provider.type === "Huawei Cloud SMS") {
       text = i18next.t("provider:Channel No.");
       tooltip = i18next.t("provider:Channel No. - Tooltip");
+    } else if (this.state.provider.category === "Email" && this.state.provider.type === "SUBMAIL") {
+      text = i18next.t("provider:App ID");
+      tooltip = i18next.t("provider:App ID - Tooltip");
     } else {
       return null;
     }
@@ -199,9 +201,12 @@ class ProviderEditPage extends React.Component {
                 this.updateProviderField("type", "GitHub");
               } else if (value === "Email") {
                 this.updateProviderField("type", "Default");
+                this.updateProviderField("host", "smtp.example.com");
+                this.updateProviderField("port", 465);
                 this.updateProviderField("disableSsl", false);
                 this.updateProviderField("title", "Casdoor Verification Code");
                 this.updateProviderField("content", "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes.");
+                this.updateProviderField("receiver", this.props.account.email);
               } else if (value === "SMS") {
                 this.updateProviderField("type", "Aliyun SMS");
               } else if (value === "Storage") {
@@ -536,7 +541,7 @@ class ProviderEditPage extends React.Component {
                   {Setting.getLabel(i18next.t("provider:Email Content"), i18next.t("provider:Email Content - Tooltip"))} :
                 </Col>
                 <Col span={22} >
-                  <TextArea autoSize={{minRows: 1, maxRows: 100}} value={this.state.provider.content} onChange={e => {
+                  <TextArea autoSize={{minRows: 3, maxRows: 100}} value={this.state.provider.content} onChange={e => {
                     this.updateProviderField("content", e.target.value);
                   }} />
                 </Col>
@@ -546,19 +551,16 @@ class ProviderEditPage extends React.Component {
                   {Setting.getLabel(i18next.t("provider:Test Email"), i18next.t("provider:Test Email - Tooltip"))} :
                 </Col>
                 <Col span={4} >
-                  <Input value={this.state.testEmail}
-                    placeHolder = {i18next.t("user:Input your email")}
-                    onChange={e => {
-                      this.setState({testEmail: e.target.value});
-                    }} />
+                  <Input value={this.state.provider.receiver} placeholder = {i18next.t("user:Input your email")} onChange={e => {
+                    this.updateProviderField("receiver", e.target.value);
+                  }} />
                 </Col>
-                <Button style={{marginLeft: "10px", marginBottom: "5px"}} type="primary"
-                  onClick={() => ProviderEditTestEmail.connectSmtpServer(this.state.provider)} >
+                <Button style={{marginLeft: "10px", marginBottom: "5px"}} type="primary" onClick={() => ProviderEditTestEmail.connectSmtpServer(this.state.provider)} >
                   {i18next.t("provider:Test Connection")}
                 </Button>
                 <Button style={{marginLeft: "10px", marginBottom: "5px"}} type="primary"
-                  disabled={!Setting.isValidEmail(this.state.testEmail)}
-                  onClick={() => ProviderEditTestEmail.sendTestEmail(this.state.provider, this.state.testEmail)} >
+                  disabled={!Setting.isValidEmail(this.state.provider.receiver)}
+                  onClick={() => ProviderEditTestEmail.sendTestEmail(this.state.provider, this.state.provider.receiver)} >
                   {i18next.t("provider:Send Test Email")}
                 </Button>
               </Row>

web/src/ResetModal.js

@@ -56,8 +56,12 @@ export const ResetModal = (props) => {
     });
   };
 
-  let placeHolder = "";
-  if (destType === "email") {placeHolder = i18next.t("user:Input your email");} else if (destType === "phone") {placeHolder = i18next.t("user:Input your phone number");}
+  let placeholder = "";
+  if (destType === "email") {
+    placeholder = i18next.t("user:Input your email");
+  } else if (destType === "phone") {
+    placeholder = i18next.t("user:Input your phone number");
+  }
 
   return (
     <Row>
@@ -80,7 +84,7 @@ export const ResetModal = (props) => {
             <Input
               addonBefore={destType === "email" ? i18next.t("user:New Email") : i18next.t("user:New phone")}
               prefix={destType === "email" ? <MailOutlined /> : <PhoneOutlined />}
-              placeholder={placeHolder}
+              placeholder={placeholder}
               onChange={e => setDest(e.target.value)}
             />
           </Row>

web/src/Setting.js

@@ -82,7 +82,7 @@ export const OtherProviderInfo = {
       url: "https://cloud.tencent.com/product/cos",
     },
     "Azure Blob": {
-      logo: `${StaticBaseUrl}/img/social_azure.jpg`,
+      logo: `${StaticBaseUrl}/img/social_azure.png`,
       url: "https://azure.microsoft.com/en-us/services/storage/blobs/",
     },
   },
@@ -354,6 +354,14 @@ export function isPromptAnswered(user, application) {
   return true;
 }
 
+export function parseObject(s) {
+  try {
+    return eval("(" + s + ")");
+  } catch (e) {
+    return null;
+  }
+}
+
 export function parseJson(s) {
   if (s === "") {
     return null;
@@ -450,9 +458,9 @@ export function trim(str, ch) {
   let start = 0;
   let end = str.length;
 
-  while(start < end && str[start] === ch) {++start;}
+  while (start < end && str[start] === ch) {++start;}
 
-  while(end > start && str[end - 1] === ch) {--end;}
+  while (end > start && str[end - 1] === ch) {--end;}
 
   return (start > 0 || end < str.length) ? str.substring(start, end) : str;
 }
@@ -500,7 +508,7 @@ export function getFriendlyFileSize(size) {
   return `${num} ${"KMGTPEZY"[i - 1]}B`;
 }
 
-function getRandomInt(s) {
+function getHashInt(s) {
   let hash = 0;
   if (s.length !== 0) {
     for (let i = 0; i < s.length; i++) {
@@ -510,16 +518,16 @@ function getRandomInt(s) {
     }
   }
 
+  if (hash < 0) {
+    hash = -hash;
+  }
   return hash;
 }
 
 export function getAvatarColor(s) {
   const colorList = ["#f56a00", "#7265e6", "#ffbf00", "#00a2ae"];
-  let random = getRandomInt(s);
-  if (random < 0) {
-    random = -random;
-  }
-  return colorList[random % 4];
+  const hash = getHashInt(s);
+  return colorList[hash % 4];
 }
 
 export function getLanguage() {
@@ -633,6 +641,7 @@ export function getProviderTypeOptions(category) {
     return (
       [
         {id: "Default", name: "Default"},
+        {id: "SUBMAIL", name: "SUBMAIL"},
       ]
     );
   } else if (category === "SMS") {

web/src/auth/AuthCallback.js

@@ -35,7 +35,7 @@ class AuthCallback extends React.Component {
     // realRedirectUrl = "http://localhost:9000"
     const params = new URLSearchParams(this.props.location.search);
     const state = params.get("state");
-    const queryString = Util.stateToGetQueryParams(state);
+    const queryString = Util.getQueryParamsFromState(state);
     return new URLSearchParams(queryString);
   }
 
@@ -50,8 +50,12 @@ class AuthCallback extends React.Component {
       // Casdoor's own login page, so "code" is not necessary
       if (realRedirectUri === null) {
         const samlRequest = innerParams.get("SAMLRequest");
+        // cas don't use 'redirect_url', it is called 'service'
+        const casService = innerParams.get("service");
         if (samlRequest !== null && samlRequest !== undefined && samlRequest !== "") {
           return "saml";
+        } else if (casService !== null && casService !== undefined && casService !== "") {
+          return "cas";
         }
         return "login";
       }
@@ -97,6 +101,7 @@ class AuthCallback extends React.Component {
     const providerName = innerParams.get("provider");
     const method = innerParams.get("method");
     const samlRequest = innerParams.get("SAMLRequest");
+    const casService = innerParams.get("service");
 
     const redirectUri = `${window.location.origin}/callback`;
 
@@ -111,6 +116,31 @@ class AuthCallback extends React.Component {
       redirectUri: redirectUri,
       method: method,
     };
+
+    if (this.getResponseType() === "cas") {
+      // user is using casdoor as cas sso server, and wants the ticket to be acquired
+      AuthBackend.loginCas(body, {"service": casService}).then((res) => {
+        if (res.status === "ok") {
+          let msg = "Logged in successfully.";
+          if (casService === "") {
+            // If service was not specified, Casdoor must display a message notifying the client that it has successfully initiated a single sign-on session.
+            msg += "Now you can visit apps protected by Casdoor.";
+          }
+          Util.showMessage("success", msg);
+
+          if (casService !== "") {
+            const st = res.data;
+            const newUrl = new URL(casService);
+            newUrl.searchParams.append("ticket", st);
+            window.location.href = newUrl.toString();
+          }
+        } else {
+          Util.showMessage("error", `Failed to log in: ${res.msg}`);
+        }
+      });
+      return;
+    }
+    // OAuth
     const oAuthParams = Util.getOAuthGetParameters(innerParams);
     const concatChar = oAuthParams?.redirectUri?.includes("?") ? "&" : "?";
     AuthBackend.login(body, oAuthParams)

web/src/auth/LoginPage.js

@@ -680,29 +680,33 @@ class LoginPage extends React.Component {
       );
     }
 
+    const formStyle = Setting.parseObject(application.formCss);
+
     return (
-      <Row>
-        <Col span={24} style={{display: "flex", justifyContent: "center"}}>
-          <div style={{marginTop: "80px", marginBottom: "50px", textAlign: "center"}}>
-            {
-              Setting.renderHelmet(application)
-            }
-            <CustomGithubCorner />
-            {
-              Setting.renderLogo(application)
-            }
-            {/* {*/}
-            {/*  this.state.clientId !== null ? "Redirect" : null*/}
-            {/* }*/}
-            {
-              this.renderSignedInBox()
-            }
-            {
-              this.renderForm(application)
-            }
-          </div>
-        </Col>
-      </Row>
+      <div className="loginBackground" style={{backgroundImage: `url(${application.formBackgroundUrl})`}}>
+        <Row>
+          <Col span={8} offset={application.formOffset === 0 ? 8 : application.formOffset} style={{display: "flex", justifyContent: "center"}}>
+            <div style={{marginTop: "80px", marginBottom: "50px", textAlign: "center", ...formStyle}}>
+              {
+                Setting.renderHelmet(application)
+              }
+              <CustomGithubCorner />
+              {
+                Setting.renderLogo(application)
+              }
+              {/* {*/}
+              {/*  this.state.clientId !== null ? "Redirect" : null*/}
+              {/* }*/}
+              {
+                this.renderSignedInBox()
+              }
+              {
+                this.renderForm(application)
+              }
+            </div>
+          </Col>
+        </Row>
+      </div>
     );
   }
 }

web/src/auth/Provider.js

@@ -177,7 +177,9 @@ export function getAuthUrl(application, provider, method) {
   let endpoint = authInfo[provider.type].endpoint;
   const redirectUri = `${window.location.origin}/callback`;
   const scope = authInfo[provider.type].scope;
-  const state = Util.getQueryParamsToState(application.name, provider.name, method);
+
+  const isShortState = provider.type === "WeChat" && navigator.userAgent.includes("MicroMessenger");
+  const state = Util.getStateFromQueryParams(application.name, provider.name, method, isShortState);
 
   if (provider.type === "Google") {
     return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&scope=${scope}&response_type=code&state=${state}`;

web/src/auth/SignupPage.js

@@ -584,9 +584,9 @@ class SignupPage extends React.Component {
             {i18next.t("signup:Have account?")} 
           <a onClick={() => {
             const linkInStorage = sessionStorage.getItem("signinUrl");
-            if(linkInStorage !== null && linkInStorage !== "") {
+            if (linkInStorage !== null && linkInStorage !== "") {
               Setting.goToLink(linkInStorage);
-            }else{
+            } else {
               Setting.goToLogin(this, application);
             }
           }}>
@@ -614,13 +614,15 @@ class SignupPage extends React.Component {
       );
     }
 
+    const formStyle = Setting.parseObject(application.formCss);
+
     return (
-      <div>
+      <div className="loginBackground" style={{backgroundImage: `url(${application.formBackgroundUrl})`}}>
         <CustomGithubCorner />
         &nbsp;
         <Row>
-          <Col span={24} style={{display: "flex", justifyContent: "center"}} >
-            <div style={{marginTop: "10px", textAlign: "center"}}>
+          <Col span={8} offset={application.formOffset === 0 ? 8 : application.formOffset} style={{display: "flex", justifyContent: "center"}} >
+            <div style={{marginTop: "10px", marginBottom: "30px", textAlign: "center", ...formStyle}}>
               {
                 Setting.renderHelmet(application)
               }

web/src/auth/Util.js

@@ -126,15 +126,27 @@ export function getOAuthGetParameters(params) {
   }
 }
 
-export function getQueryParamsToState(applicationName, providerName, method) {
+export function getStateFromQueryParams(applicationName, providerName, method, isShortState) {
   let query = window.location.search;
   query = `${query}&application=${applicationName}&provider=${providerName}&method=${method}`;
   if (method === "link") {
     query = `${query}&from=${window.location.pathname}`;
   }
-  return btoa(query);
+
+  if (!isShortState) {
+    return btoa(query);
+  } else {
+    const state = providerName;
+    sessionStorage.setItem(state, query);
+    return state;
+  }
 }
 
-export function stateToGetQueryParams(state) {
-  return atob(state);
+export function getQueryParamsFromState(state) {
+  const query = sessionStorage.getItem(state);
+  if (query === null) {
+    return atob(state);
+  } else {
+    return query;
+  }
 }

web/src/locales/de/data.json

@@ -6,6 +6,8 @@
     "Sign Up": "Registrieren"
   },
   "application": {
+    "Background URL": "Background URL",
+    "Background URL - Tooltip": "Background URL - Tooltip",
     "Copy SAML metadata URL": "Copy SAML metadata URL",
     "Copy prompt page URL": "Copy prompt page URL",
     "Copy signin page URL": "Copy signin page URL",
@@ -21,6 +23,11 @@
     "Enable signup": "Anmeldung aktivieren",
     "Enable signup - Tooltip": "Whether to allow users to sign up",
     "File uploaded successfully": "Datei erfolgreich hochgeladen",
+    "Form CSS": "Form CSS",
+    "Form CSS - Edit": "Form CSS - Edit",
+    "Form CSS - Tooltip": "Form CSS - Tooltip",
+    "From position": "From position",
+    "From position - Tooltip": "From position - Tooltip",
     "Grant types": "Grant types",
     "Grant types - Tooltip": "Grant types - Tooltip",
     "New Application": "New Application",

web/src/locales/en/data.json

@@ -6,6 +6,8 @@
     "Sign Up": "Sign Up"
   },
   "application": {
+    "Background URL": "Background URL",
+    "Background URL - Tooltip": "Background URL - Tooltip",
     "Copy SAML metadata URL": "Copy SAML metadata URL",
     "Copy prompt page URL": "Copy prompt page URL",
     "Copy signin page URL": "Copy signin page URL",
@@ -21,6 +23,11 @@
     "Enable signup": "Enable signup",
     "Enable signup - Tooltip": "Enable signup - Tooltip",
     "File uploaded successfully": "File uploaded successfully",
+    "Form CSS": "Form CSS",
+    "Form CSS - Edit": "Form CSS - Edit",
+    "Form CSS - Tooltip": "Form CSS - Tooltip",
+    "From position": "From position",
+    "From position - Tooltip": "From position - Tooltip",
     "Grant types": "Grant types",
     "Grant types - Tooltip": "Grant types - Tooltip",
     "New Application": "New Application",

web/src/locales/fr/data.json

@@ -6,6 +6,8 @@
     "Sign Up": "S'inscrire"
   },
   "application": {
+    "Background URL": "Background URL",
+    "Background URL - Tooltip": "Background URL - Tooltip",
     "Copy SAML metadata URL": "Copy SAML metadata URL",
     "Copy prompt page URL": "Copy prompt page URL",
     "Copy signin page URL": "Copy signin page URL",
@@ -21,6 +23,11 @@
     "Enable signup": "Activer l'inscription",
     "Enable signup - Tooltip": "Whether to allow users to sign up",
     "File uploaded successfully": "Fichier téléchargé avec succès",
+    "Form CSS": "Form CSS",
+    "Form CSS - Edit": "Form CSS - Edit",
+    "Form CSS - Tooltip": "Form CSS - Tooltip",
+    "From position": "From position",
+    "From position - Tooltip": "From position - Tooltip",
     "Grant types": "Grant types",
     "Grant types - Tooltip": "Grant types - Tooltip",
     "New Application": "New Application",

web/src/locales/ja/data.json

@@ -6,6 +6,8 @@
     "Sign Up": "新規登録"
   },
   "application": {
+    "Background URL": "Background URL",
+    "Background URL - Tooltip": "Background URL - Tooltip",
     "Copy SAML metadata URL": "Copy SAML metadata URL",
     "Copy prompt page URL": "Copy prompt page URL",
     "Copy signin page URL": "Copy signin page URL",
@@ -21,6 +23,11 @@
     "Enable signup": "サインアップを有効にする",
     "Enable signup - Tooltip": "Whether to allow users to sign up",
     "File uploaded successfully": "ファイルが正常にアップロードされました",
+    "Form CSS": "Form CSS",
+    "Form CSS - Edit": "Form CSS - Edit",
+    "Form CSS - Tooltip": "Form CSS - Tooltip",
+    "From position": "From position",
+    "From position - Tooltip": "From position - Tooltip",
     "Grant types": "Grant types",
     "Grant types - Tooltip": "Grant types - Tooltip",
     "New Application": "New Application",

web/src/locales/ko/data.json

@@ -6,6 +6,8 @@
     "Sign Up": "Sign Up"
   },
   "application": {
+    "Background URL": "Background URL",
+    "Background URL - Tooltip": "Background URL - Tooltip",
     "Copy SAML metadata URL": "Copy SAML metadata URL",
     "Copy prompt page URL": "Copy prompt page URL",
     "Copy signin page URL": "Copy signin page URL",
@@ -21,6 +23,11 @@
     "Enable signup": "Enable signup",
     "Enable signup - Tooltip": "Whether to allow users to sign up",
     "File uploaded successfully": "File uploaded successfully",
+    "Form CSS": "Form CSS",
+    "Form CSS - Edit": "Form CSS - Edit",
+    "Form CSS - Tooltip": "Form CSS - Tooltip",
+    "From position": "From position",
+    "From position - Tooltip": "From position - Tooltip",
     "Grant types": "Grant types",
     "Grant types - Tooltip": "Grant types - Tooltip",
     "New Application": "New Application",

web/src/locales/ru/data.json

@@ -6,6 +6,8 @@
     "Sign Up": "Регистрация"
   },
   "application": {
+    "Background URL": "Background URL",
+    "Background URL - Tooltip": "Background URL - Tooltip",
     "Copy SAML metadata URL": "Копировать адрес метаданных SAML",
     "Copy prompt page URL": "Скопировать URL-адрес страницы запроса",
     "Copy signin page URL": "Скопировать URL-адрес страницы входа",
@@ -21,6 +23,11 @@
     "Enable signup": "Включить регистрацию",
     "Enable signup - Tooltip": "Whether to allow users to sign up",
     "File uploaded successfully": "Файл успешно загружен",
+    "Form CSS": "Form CSS",
+    "Form CSS - Edit": "Form CSS - Edit",
+    "Form CSS - Tooltip": "Form CSS - Tooltip",
+    "From position": "From position",
+    "From position - Tooltip": "From position - Tooltip",
     "Grant types": "Виды грантов",
     "Grant types - Tooltip": "Виды грантов - Подсказка",
     "New Application": "Новое приложение",

web/src/locales/zh/data.json

@@ -6,6 +6,8 @@
     "Sign Up": "注册"
   },
   "application": {
+    "Background URL": "背景图URL",
+    "Background URL - Tooltip": "登录页背景图的链接",
     "Copy SAML metadata URL": "复制SAML元数据URL",
     "Copy prompt page URL": "复制提醒页面URL",
     "Copy signin page URL": "复制登录页面URL",
@@ -21,6 +23,11 @@
     "Enable signup": "启用注册",
     "Enable signup - Tooltip": "是否允许用户注册",
     "File uploaded successfully": "文件上传成功",
+    "Form CSS": "表单CSS",
+    "Form CSS - Edit": "编辑表单CSS",
+    "Form CSS - Tooltip": "表单的CSS样式(增加边框和阴影)",
+    "From position": "面板的位置",
+    "From position - Tooltip": "登录和注册面板的位置",
     "Grant types": "OAuth授权类型",
     "Grant types - Tooltip": "选择允许哪些OAuth协议中的Grant types",
     "New Application": "添加应用",