feat: allow captcha to be enabled when logging in (#1211)

* Fix bug in GetAcceptLanguage()

* feat: allow captcha to be enabled when logging in

* feat: when the login password is wrong, enable captcha

* feat: Restrict captcha from frontend

* fix: modify CaptchaModal component

* fix: modify the words of i18n

* Update data.json

Co-authored-by: Gucheng Wang <nomeguy@qq.com>
Co-authored-by: hsluoyz <hsluoyz@qq.com>

.github/workflows/build.yml

@@ -125,26 +125,36 @@ jobs:
               
           fi
 
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          version: latest
+
       - name: Log in to Docker Hub
         uses: docker/login-action@v1
-        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' &&steps.should_push.outputs.push=='true'
+        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
-
       - name: Push to Docker Hub
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
         with:
           target: STANDARD
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: casbin/casdoor:${{steps.get-current-tag.outputs.tag }},casbin/casdoor:latest
 
       - name: Push All In One Version to Docker Hub
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
         with:
           target: ALLINONE
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: casbin/casdoor-all-in-one:${{steps.get-current-tag.outputs.tag }},casbin/casdoor-all-in-one:latest

.gitignore

@@ -27,3 +27,6 @@ logs/
 files/
 lastupdate.tmp
 commentsRouter*.go
+
+# ignore build result
+casdoor

Dockerfile

@@ -2,7 +2,7 @@ FROM node:16.13.0 AS FRONT
 WORKDIR /web
 COPY ./web .
 RUN yarn config set registry https://registry.npmmirror.com
-RUN yarn install && yarn run build
+RUN yarn install --frozen-lockfile --network-timeout 1000000 && yarn run build
 
 
 FROM golang:1.17.5 AS BACK
@@ -13,16 +13,29 @@ RUN ./build.sh
 
 FROM alpine:latest AS STANDARD
 LABEL MAINTAINER="https://casdoor.org/"
+ARG USER=casdoor
+ARG TARGETOS
+ARG TARGETARCH
+ENV BUILDX_ARCH="${TARGETOS:-linux}_${TARGETARCH:-amd64}"
 
 RUN sed -i 's/https/http/' /etc/apk/repositories
+RUN apk add --update sudo
 RUN apk add curl
 RUN apk add ca-certificates && update-ca-certificates
 
+RUN adduser -D $USER -u 1000 \
+    && echo "$USER ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/$USER \
+    && chmod 0440 /etc/sudoers.d/$USER \
+    && mkdir logs \
+    && chown -R $USER:$USER logs
+
+USER 1000
 WORKDIR /
-COPY --from=BACK /go/src/casdoor/server ./server
+COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/server_${BUILDX_ARCH} ./server
-COPY --from=BACK /go/src/casdoor/swagger ./swagger
+COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/swagger ./swagger
-COPY --from=BACK /go/src/casdoor/conf/app.conf ./conf/app.conf
+COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/conf/app.conf ./conf/app.conf
-COPY --from=FRONT /web/build ./web/build
+COPY --from=FRONT --chown=$USER:$USER /web/build ./web/build
+
 ENTRYPOINT ["/server"]
 
 
@@ -36,12 +49,15 @@ RUN apt update \
 
 FROM db AS ALLINONE
 LABEL MAINTAINER="https://casdoor.org/"
+ARG TARGETOS
+ARG TARGETARCH
+ENV BUILDX_ARCH="${TARGETOS:-linux}_${TARGETARCH:-amd64}"
 
 RUN apt update
 RUN apt install -y ca-certificates && update-ca-certificates
 
 WORKDIR /
-COPY --from=BACK /go/src/casdoor/server ./server
+COPY --from=BACK /go/src/casdoor/server_${BUILDX_ARCH} ./server
 COPY --from=BACK /go/src/casdoor/swagger ./swagger
 COPY --from=BACK /go/src/casdoor/docker-entrypoint.sh /docker-entrypoint.sh
 COPY --from=BACK /go/src/casdoor/conf/app.conf ./conf/app.conf

README.md

@@ -51,7 +51,7 @@
 ## Documentation
 
 - International: https://casdoor.org
-- Asian mirror: https://docs.casdoor.cn
+- Asian mirror: https://casdoor.cn
 
 ## Install
 
@@ -69,7 +69,7 @@ https://casdoor.org/docs/how-to-connect/overview
 
 ## Integrations
 
-https://casdoor.org/docs/integration/apisix
+https://casdoor.org/docs/category/integrations
 
 ## How to contact?
 

SECURITY.md

@@ -0,0 +1,9 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+We are grateful for security researchers and users reporting a vulnerability to us first. To ensure that your request is handled in a timely manner and we can keep users safe, please follow the below guidelines.
+
+- **Please do not report security vulnerabilities directly on GitHub.**
+
+- To report a vulnerability, please email [admin@casdoor.org](admin@casdoor.org).

authz/authz.go

@@ -15,12 +15,14 @@
 package authz
 
 import (
+	"fmt"
 	"strings"
 
 	"github.com/casbin/casbin/v2"
 	"github.com/casbin/casbin/v2/model"
 	xormadapter "github.com/casbin/xorm-adapter/v3"
 	"github.com/casdoor/casdoor/conf"
+	"github.com/casdoor/casdoor/object"
 	stringadapter "github.com/qiangmzsx/string-adapter/v2"
 )
 
@@ -138,6 +140,12 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o
 		}
 	}
 
+	userId := fmt.Sprintf("%s/%s", subOwner, subName)
+	user := object.GetUser(userId)
+	if user != nil && user.IsAdmin && subOwner == objOwner {
+		return true
+	}
+
 	res, err := Enforcer.Enforce(subOwner, subName, method, urlPath, objOwner, objName)
 	if err != nil {
 		panic(err)

build.sh

@@ -8,4 +8,5 @@ else
     echo "Google is blocked, Go proxy is enabled: GOPROXY=https://goproxy.cn,direct"
     export GOPROXY="https://goproxy.cn,direct"
 fi
-CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o server .
+CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o server_linux_amd64 .
+CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags="-w -s" -o server_linux_arm64 .

captcha/provider.go

@@ -14,6 +14,8 @@
 
 package captcha
 
+import "fmt"
+
 type CaptchaProvider interface {
 	VerifyCaptcha(token, clientSecret string) (bool, error)
 }
@@ -32,3 +34,12 @@ func GetCaptchaProvider(captchaType string) CaptchaProvider {
 	}
 	return nil
 }
+
+func VerifyCaptchaByCaptchaType(captchaType, token, clientSecret string) (bool, error) {
+	provider := GetCaptchaProvider(captchaType)
+	if provider == nil {
+		return false, fmt.Errorf("invalid captcha provider: %s", captchaType)
+	}
+
+	return provider.VerifyCaptcha(token, clientSecret)
+}

conf/app.conf

@@ -20,3 +20,4 @@ staticBaseUrl = "https://cdn.casbin.org"
 isDemoMode = false
 batchSize = 100
 ldapServerPort = 389
+languages = en,zh,es,fr,de,ja,ko,ru

controllers/account.go

@@ -64,6 +64,10 @@ type RequestForm struct {
 	RelayState   string `json:"relayState"`
 	SamlRequest  string `json:"samlRequest"`
 	SamlResponse string `json:"samlResponse"`
+
+	CaptchaType  string `json:"captchaType"`
+	CaptchaToken string `json:"captchaToken"`
+	ClientSecret string `json:"clientSecret"`
 }
 
 type Response struct {
@@ -98,7 +102,7 @@ type Captcha struct {
 // @router /signup [post]
 func (c *ApiController) Signup() {
 	if c.GetSessionUsername() != "" {
-		c.ResponseError("Please sign out first before signing up", c.GetSessionUsername())
+		c.ResponseError(c.T("SignUpErr.SignOutFirst"), c.GetSessionUsername())
 		return
 	}
 
@@ -111,21 +115,21 @@ func (c *ApiController) Signup() {
 
 	application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
 	if !application.EnableSignUp {
-		c.ResponseError("The application does not allow to sign up new account")
+		c.ResponseError(c.T("SignUpErr.DoNotAllowSignUp"))
 		return
 	}
 
 	organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", form.Organization))
-	msg := object.CheckUserSignup(application, organization, form.Username, form.Password, form.Name, form.FirstName, form.LastName, form.Email, form.Phone, form.Affiliation)
+	msg := object.CheckUserSignup(application, organization, form.Username, form.Password, form.Name, form.FirstName, form.LastName, form.Email, form.Phone, form.Affiliation, c.GetAcceptLanguage())
 	if msg != "" {
 		c.ResponseError(msg)
 		return
 	}
 
 	if application.IsSignupItemVisible("Email") && application.GetSignupItemRule("Email") != "No verification" && form.Email != "" {
-		checkResult := object.CheckVerificationCode(form.Email, form.EmailCode)
+		checkResult := object.CheckVerificationCode(form.Email, form.EmailCode, c.GetAcceptLanguage())
 		if len(checkResult) != 0 {
-			c.ResponseError(fmt.Sprintf("Email: %s", checkResult))
+			c.ResponseError(c.T("EmailErr.EmailCheckResult"), checkResult)
 			return
 		}
 	}
@@ -133,9 +137,9 @@ func (c *ApiController) Signup() {
 	var checkPhone string
 	if application.IsSignupItemVisible("Phone") && form.Phone != "" {
 		checkPhone = fmt.Sprintf("+%s%s", form.PhonePrefix, form.Phone)
-		checkResult := object.CheckVerificationCode(checkPhone, form.PhoneCode)
+		checkResult := object.CheckVerificationCode(checkPhone, form.PhoneCode, c.GetAcceptLanguage())
 		if len(checkResult) != 0 {
-			c.ResponseError(fmt.Sprintf("Phone: %s", checkResult))
+			c.ResponseError(c.T("PhoneErr.PhoneCheckResult"), checkResult)
 			return
 		}
 	}
@@ -159,7 +163,7 @@ func (c *ApiController) Signup() {
 
 	initScore, err := getInitScore()
 	if err != nil {
-		c.ResponseError(fmt.Errorf("get init score failed, error: %w", err).Error())
+		c.ResponseError(fmt.Errorf(c.T("InitErr.InitScoreFailed"), err).Error())
 		return
 	}
 
@@ -205,7 +209,7 @@ func (c *ApiController) Signup() {
 
 	affected := object.AddUser(user)
 	if !affected {
-		c.ResponseError(fmt.Sprintf("Failed to create user, user information is invalid: %s", util.StructToJson(user)))
+		c.ResponseError(c.T("UserErr.InvalidInformation"), util.StructToJson(user))
 		return
 	}
 
@@ -309,7 +313,7 @@ func (c *ApiController) GetCaptcha() {
 	applicationId := c.Input().Get("applicationId")
 	isCurrentProvider := c.Input().Get("isCurrentProvider")
 
-	captchaProvider, err := object.GetCaptchaProviderByApplication(applicationId, isCurrentProvider)
+	captchaProvider, err := object.GetCaptchaProviderByApplication(applicationId, isCurrentProvider, c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(err.Error())
 		return

controllers/application.go

@@ -86,7 +86,7 @@ func (c *ApiController) GetUserApplication() {
 	id := c.Input().Get("id")
 	user := object.GetUser(id)
 	if user == nil {
-		c.ResponseError(fmt.Sprintf("The user: %s doesn't exist", id))
+		c.ResponseError(fmt.Sprintf(c.T("UserErr.DoNotExist"), id))
 		return
 	}
 
@@ -107,7 +107,7 @@ func (c *ApiController) GetOrganizationApplications() {
 	organization := c.Input().Get("organization")
 
 	if organization == "" {
-		c.ResponseError("Parameter organization is missing")
+		c.ResponseError(c.T("ParameterErr.OrgMissingErr"))
 		return
 	}
 

controllers/auth.go

@@ -23,6 +23,8 @@ import (
 	"strings"
 	"time"
 
+	"github.com/casdoor/casdoor/captcha"
+
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/idp"
 	"github.com/casdoor/casdoor/object"
@@ -56,7 +58,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		return
 	}
 	if !allowed {
-		c.ResponseError("Unauthorized operation")
+		c.ResponseError(c.T("AuthErr.Unauthorized"))
 		return
 	}
 
@@ -75,10 +77,10 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		codeChallenge := c.Input().Get("code_challenge")
 
 		if challengeMethod != "S256" && challengeMethod != "null" && challengeMethod != "" {
-			c.ResponseError("Challenge method should be S256")
+			c.ResponseError(c.T("AuthErr.ChallengeMethodErr"))
 			return
 		}
-		code := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce, codeChallenge, c.Ctx.Request.Host)
+		code := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce, codeChallenge, c.Ctx.Request.Host, c.GetAcceptLanguage())
 		resp = codeToResponse(code)
 
 		if application.EnableSigninSession || application.HasPromptPage() {
@@ -151,7 +153,7 @@ func (c *ApiController) GetApplicationLogin() {
 	scope := c.Input().Get("scope")
 	state := c.Input().Get("state")
 
-	msg, application := object.CheckOAuthLogin(clientId, responseType, redirectUri, scope, state)
+	msg, application := object.CheckOAuthLogin(clientId, responseType, redirectUri, scope, state, c.GetAcceptLanguage())
 	application = object.GetMaskedApplication(application, "")
 	if msg != "" {
 		c.ResponseError(msg, application)
@@ -196,7 +198,7 @@ func (c *ApiController) Login() {
 	if form.Username != "" {
 		if form.Type == ResponseTypeLogin {
 			if c.GetSessionUsername() != "" {
-				c.ResponseError("Please sign out first before signing in", c.GetSessionUsername())
+				c.ResponseError(c.T("LoginErr.SignOutFirst"), c.GetSessionUsername())
 				return
 			}
 		}
@@ -218,11 +220,11 @@ func (c *ApiController) Login() {
 				if user != nil && util.GetMaskedEmail(user.Email) == form.Username {
 					form.Username = user.Email
 				}
-				checkResult = object.CheckVerificationCode(form.Username, form.Code)
+				checkResult = object.CheckVerificationCode(form.Username, form.Code, c.GetAcceptLanguage())
 			} else {
 				verificationCodeType = "phone"
 				if len(form.PhonePrefix) == 0 {
-					responseText := fmt.Sprintf("%s%s", verificationCodeType, "No phone prefix")
+					responseText := fmt.Sprintf(c.T("PhoneErr.NoPrefix"), verificationCodeType)
 					c.ResponseError(responseText)
 					return
 				}
@@ -230,7 +232,7 @@ func (c *ApiController) Login() {
 					form.Username = user.Phone
 				}
 				checkPhone := fmt.Sprintf("+%s%s", form.PhonePrefix, form.Username)
-				checkResult = object.CheckVerificationCode(checkPhone, form.Code)
+				checkResult = object.CheckVerificationCode(checkPhone, form.Code, c.GetAcceptLanguage())
 			}
 			if len(checkResult) != 0 {
 				responseText := fmt.Sprintf("%s%s", verificationCodeType, checkResult)
@@ -247,12 +249,31 @@ func (c *ApiController) Login() {
 
 			user = object.GetUserByFields(form.Organization, form.Username)
 			if user == nil {
-				c.ResponseError(fmt.Sprintf("The user: %s/%s doesn't exist", form.Organization, form.Username))
+				c.ResponseError(fmt.Sprintf(c.T("LoginErr.UserDoNotExist"), form.Organization, form.Username))
 				return
 			}
 		} else {
+			application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
+			if application == nil {
+				c.ResponseError(fmt.Sprintf("The application: %s does not exist", form.Application))
+				return
+			}
+
+			if object.CheckToEnableCaptcha(application) {
+				isHuman, err := captcha.VerifyCaptchaByCaptchaType(form.CaptchaType, form.CaptchaToken, form.ClientSecret)
+				if err != nil {
+					c.ResponseError(err.Error())
+					return
+				}
+
+				if !isHuman {
+					c.ResponseError("Turing test failed.")
+					return
+				}
+			}
+
 			password := form.Password
-			user, msg = object.CheckUserPassword(form.Organization, form.Username, password)
+			user, msg = object.CheckUserPassword(form.Organization, form.Username, password, c.GetAcceptLanguage())
 		}
 
 		if msg != "" {
@@ -260,7 +281,7 @@ func (c *ApiController) Login() {
 		} else {
 			application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
 			if application == nil {
-				c.ResponseError(fmt.Sprintf("The application: %s does not exist", form.Application))
+				c.ResponseError(fmt.Sprintf(c.T("LoginErr.AppDoNotExist"), form.Application))
 				return
 			}
 
@@ -274,7 +295,7 @@ func (c *ApiController) Login() {
 	} else if form.Provider != "" {
 		application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
 		if application == nil {
-			c.ResponseError(fmt.Sprintf("The application: %s does not exist", form.Application))
+			c.ResponseError(fmt.Sprintf(c.T("LoginErr.AppDoNotExist"), form.Application))
 			return
 		}
 
@@ -282,7 +303,7 @@ func (c *ApiController) Login() {
 		provider := object.GetProvider(fmt.Sprintf("admin/%s", form.Provider))
 		providerItem := application.GetProviderItem(provider.Name)
 		if !providerItem.IsProviderVisible() {
-			c.ResponseError(fmt.Sprintf("The provider: %s is not enabled for the application", provider.Name))
+			c.ResponseError(fmt.Sprintf(c.T("ProviderErr.ProviderNotEnabled"), provider.Name))
 			return
 		}
 
@@ -306,14 +327,14 @@ func (c *ApiController) Login() {
 
 			idProvider := idp.GetIdProvider(provider.Type, provider.SubType, clientId, clientSecret, provider.AppId, form.RedirectUri, provider.Domain, provider.CustomAuthUrl, provider.CustomTokenUrl, provider.CustomUserInfoUrl)
 			if idProvider == nil {
-				c.ResponseError(fmt.Sprintf("The provider type: %s is not supported", provider.Type))
+				c.ResponseError(fmt.Sprintf(c.T("ProviderErr.ProviderNotSupported"), provider.Type))
 				return
 			}
 
 			setHttpClient(idProvider, provider.Type)
 
 			if form.State != conf.GetConfigString("authState") && form.State != application.Name {
-				c.ResponseError(fmt.Sprintf("state expected: \"%s\", but got: \"%s\"", conf.GetConfigString("authState"), form.State))
+				c.ResponseError(fmt.Sprintf(c.T("AuthErr.AuthStateWrong"), conf.GetConfigString("authState"), form.State))
 				return
 			}
 
@@ -325,13 +346,13 @@ func (c *ApiController) Login() {
 			}
 
 			if !token.Valid() {
-				c.ResponseError("Invalid token")
+				c.ResponseError(c.T("TokenErr.InvalidToken"))
 				return
 			}
 
 			userInfo, err = idProvider.GetUserInfo(token)
 			if err != nil {
-				c.ResponseError(fmt.Sprintf("Failed to login in: %s", err.Error()))
+				c.ResponseError(fmt.Sprintf(c.T("LoginErr.LoginFail"), err.Error()))
 				return
 			}
 		}
@@ -348,7 +369,7 @@ func (c *ApiController) Login() {
 				// Sign in via OAuth (want to sign up but already have account)
 
 				if user.IsForbidden {
-					c.ResponseError("the user is forbidden to sign in, please contact the administrator")
+					c.ResponseError(c.T("LoginErr.UserIsForbidden"))
 				}
 
 				resp = c.HandleLoggedIn(application, user, &form)
@@ -360,12 +381,12 @@ func (c *ApiController) Login() {
 			} else if provider.Category == "OAuth" {
 				// Sign up via OAuth
 				if !application.EnableSignUp {
-					c.ResponseError(fmt.Sprintf("The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support", provider.Type, userInfo.Username, userInfo.DisplayName))
+					c.ResponseError(fmt.Sprintf(c.T("LoginErr.AppNotEnableSignUp"), provider.Type, userInfo.Username, userInfo.DisplayName))
 					return
 				}
 
 				if !providerItem.CanSignUp {
-					c.ResponseError(fmt.Sprintf("The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %s, please use another way to sign up", provider.Type, userInfo.Username, userInfo.DisplayName, provider.Type))
+					c.ResponseError(fmt.Sprintf(c.T("LoginErr.ProviderCanNotSignUp"), provider.Type, userInfo.Username, userInfo.DisplayName, provider.Type))
 					return
 				}
 
@@ -386,7 +407,7 @@ func (c *ApiController) Login() {
 				properties["no"] = strconv.Itoa(len(object.GetUsers(application.Organization)) + 2)
 				initScore, err := getInitScore()
 				if err != nil {
-					c.ResponseError(fmt.Errorf("get init score failed, error: %w", err).Error())
+					c.ResponseError(fmt.Errorf(c.T("InitErr.InitScoreFailed"), err).Error())
 					return
 				}
 
@@ -413,7 +434,7 @@ func (c *ApiController) Login() {
 
 				affected := object.AddUser(user)
 				if !affected {
-					c.ResponseError(fmt.Sprintf("Failed to create user, user information is invalid: %s", util.StructToJson(user)))
+					c.ResponseError(fmt.Sprintf(c.T("LoginErr.InvalidUserInformation"), util.StructToJson(user)))
 					return
 				}
 
@@ -438,13 +459,13 @@ func (c *ApiController) Login() {
 		} else { // form.Method != "signup"
 			userId := c.GetSessionUsername()
 			if userId == "" {
-				c.ResponseError("The account does not exist", userInfo)
+				c.ResponseError(c.T("LoginErr.AccountDoNotExist"), userInfo)
 				return
 			}
 
 			oldUser := object.GetUserByField(application.Organization, provider.Type, userInfo.Id)
 			if oldUser != nil {
-				c.ResponseError(fmt.Sprintf("The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)", provider.Type, userInfo.Username, userInfo.DisplayName, oldUser.Name, oldUser.DisplayName))
+				c.ResponseError(fmt.Sprintf(c.T("LoginErr.OldUser"), provider.Type, userInfo.Username, userInfo.DisplayName, oldUser.Name, oldUser.DisplayName))
 				return
 			}
 
@@ -465,7 +486,7 @@ func (c *ApiController) Login() {
 			// user already signed in to Casdoor, so let the user click the avatar button to do the quick sign-in
 			application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
 			if application == nil {
-				c.ResponseError(fmt.Sprintf("The application: %s does not exist", form.Application))
+				c.ResponseError(fmt.Sprintf(c.T("LoginErr.AppDoNotExist"), form.Application))
 				return
 			}
 
@@ -477,7 +498,7 @@ func (c *ApiController) Login() {
 			record.User = user.Name
 			util.SafeGoroutine(func() { object.AddRecord(record) })
 		} else {
-			c.ResponseError(fmt.Sprintf("unknown authentication type (not password or provider), form = %s", util.StructToJson(form)))
+			c.ResponseError(fmt.Sprintf(c.T("LoginErr.UnknownAuthentication"), util.StructToJson(form)))
 			return
 		}
 	}
@@ -489,7 +510,7 @@ func (c *ApiController) Login() {
 func (c *ApiController) GetSamlLogin() {
 	providerId := c.Input().Get("id")
 	relayState := c.Input().Get("relayState")
-	authURL, method, err := object.GenerateSamlLoginUrl(providerId, relayState)
+	authURL, method, err := object.GenerateSamlLoginUrl(providerId, relayState, c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(err.Error())
 	}

controllers/cas.go

@@ -210,7 +210,7 @@ func (c *RootController) SamlValidate() {
 	}
 
 	if !strings.HasPrefix(target, service) {
-		c.ResponseError(fmt.Sprintf("service %s and %s do not match", target, service))
+		c.ResponseError(fmt.Sprintf(c.T("CasErr.ServiceDoNotMatch"), target, service))
 		return
 	}
 

controllers/enforcer.go

@@ -23,7 +23,7 @@ import (
 func (c *ApiController) Enforce() {
 	userId := c.GetSessionUsername()
 	if userId == "" {
-		c.ResponseError("Please sign in first")
+		c.ResponseError(c.T("EnforcerErr.SignInFirst"))
 		return
 	}
 
@@ -41,7 +41,7 @@ func (c *ApiController) Enforce() {
 func (c *ApiController) BatchEnforce() {
 	userId := c.GetSessionUsername()
 	if userId == "" {
-		c.ResponseError("Please sign in first")
+		c.ResponseError(c.T("EnforcerErr.SignInFirst"))
 		return
 	}
 
@@ -59,7 +59,7 @@ func (c *ApiController) BatchEnforce() {
 func (c *ApiController) GetAllObjects() {
 	userId := c.GetSessionUsername()
 	if userId == "" {
-		c.ResponseError("Please sign in first")
+		c.ResponseError(c.T("EnforcerErr.SignInFirst"))
 		return
 	}
 
@@ -70,7 +70,7 @@ func (c *ApiController) GetAllObjects() {
 func (c *ApiController) GetAllActions() {
 	userId := c.GetSessionUsername()
 	if userId == "" {
-		c.ResponseError("Please sign in first")
+		c.ResponseError(c.T("EnforcerErr.SignInFirst"))
 		return
 	}
 
@@ -81,7 +81,7 @@ func (c *ApiController) GetAllActions() {
 func (c *ApiController) GetAllRoles() {
 	userId := c.GetSessionUsername()
 	if userId == "" {
-		c.ResponseError("Please sign in first")
+		c.ResponseError(c.T("EnforcerErr.SignInFirst"))
 		return
 	}
 

controllers/ldap.go

@@ -52,7 +52,7 @@ func (c *ApiController) GetLdapUser() {
 	ldapServer := LdapServer{}
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldapServer)
 	if err != nil || util.IsStrsEmpty(ldapServer.Host, ldapServer.Admin, ldapServer.Passwd, ldapServer.BaseDn) {
-		c.ResponseError("Missing parameter")
+		c.ResponseError(c.T("ParameterErr.Missing"))
 		return
 	}
 
@@ -120,7 +120,7 @@ func (c *ApiController) GetLdap() {
 	id := c.Input().Get("id")
 
 	if util.IsStrsEmpty(id) {
-		c.ResponseError("Missing parameter")
+		c.ResponseError(c.T("ParameterErr.Missing"))
 		return
 	}
 
@@ -136,17 +136,17 @@ func (c *ApiController) AddLdap() {
 	var ldap object.Ldap
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldap)
 	if err != nil {
-		c.ResponseError("Missing parameter")
+		c.ResponseError(c.T("ParameterErr.Missing"))
 		return
 	}
 
 	if util.IsStrsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Admin, ldap.Passwd, ldap.BaseDn) {
-		c.ResponseError("Missing parameter")
+		c.ResponseError(c.T("ParameterErr.Missing"))
 		return
 	}
 
 	if object.CheckLdapExist(&ldap) {
-		c.ResponseError("Ldap server exist")
+		c.ResponseError(c.T("LdapErr.ServerExisted"))
 		return
 	}
 
@@ -171,7 +171,7 @@ func (c *ApiController) UpdateLdap() {
 	var ldap object.Ldap
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldap)
 	if err != nil || util.IsStrsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Admin, ldap.Passwd, ldap.BaseDn) {
-		c.ResponseError("Missing parameter")
+		c.ResponseError(c.T("ParameterErr.Missing"))
 		return
 	}
 

controllers/ldapserver.go

@@ -49,7 +49,7 @@ func handleBind(w ldapserver.ResponseWriter, m *ldapserver.Message) {
 			return
 		}
 		bindpassword := string(r.AuthenticationSimple())
-		binduser, err := object.CheckUserPassword(bindorg, bindusername, bindpassword)
+		binduser, err := object.CheckUserPassword(bindorg, bindusername, bindpassword, "en")
 		if err != "" {
 			log.Printf("Bind failed User=%s, Pass=%#v, ErrMsg=%s", string(r.Name()), r.Authentication(), err)
 			res.SetResultCode(ldapserver.LDAPResultInvalidCredentials)

controllers/link.go

@@ -47,7 +47,7 @@ func (c *ApiController) Unlink() {
 
 	if user.Id != unlinkedUser.Id && !user.IsGlobalAdmin {
 		// if the user is not the same as the one we are unlinking, we need to make sure the user is the global admin.
-		c.ResponseError("You are not the global admin, you can't unlink other users")
+		c.ResponseError(c.T("AuthErr.CanNotUnlinkUsers"))
 		return
 	}
 
@@ -55,23 +55,23 @@ func (c *ApiController) Unlink() {
 		// if the user is unlinking themselves, should check the provider can be unlinked, if not, we should return an error.
 		application := object.GetApplicationByUser(user)
 		if application == nil {
-			c.ResponseError("You can't unlink yourself, you are not a member of any application")
+			c.ResponseError(c.T("AuthErr.CanNotLinkMySelf"))
 			return
 		}
 
 		if len(application.Providers) == 0 {
-			c.ResponseError("This application has no providers")
+			c.ResponseError(c.T("ApplicationErr.HasNoProviders"))
 			return
 		}
 
 		provider := application.GetProviderItemByType(providerType)
 		if provider == nil {
-			c.ResponseError("This application has no providers of type " + providerType)
+			c.ResponseError(c.T("ApplicationErr.HasNoProvidersOfType") + providerType)
 			return
 		}
 
 		if !provider.CanUnlink {
-			c.ResponseError("This provider can't be unlinked")
+			c.ResponseError(c.T("ProviderErr.CanNotBeUnlinked"))
 			return
 		}
 
@@ -84,7 +84,7 @@ func (c *ApiController) Unlink() {
 	value := object.GetUserField(&unlinkedUser, providerType)
 
 	if value == "" {
-		c.ResponseError("Please link first", value)
+		c.ResponseError(c.T("ProviderErr.LinkFirstErr"), value)
 		return
 	}
 

controllers/organization.go

@@ -133,11 +133,12 @@ func (c *ApiController) GetDefaultApplication() {
 	userId := c.GetSessionUsername()
 	id := c.Input().Get("id")
 
-	application := object.GetMaskedApplication(object.GetDefaultApplication(id), userId)
+	application, err := object.GetDefaultApplication(id)
-	if application == nil {
+	if err != nil {
-		c.ResponseError("Please set a default application for this organization")
+		c.ResponseError(err.Error())
 		return
 	}
 
-	c.ResponseOk(application)
+	maskedApplication := object.GetMaskedApplication(application, userId)
+	c.ResponseOk(maskedApplication)
 }

controllers/product.go

@@ -141,13 +141,13 @@ func (c *ApiController) BuyProduct() {
 
 	userId := c.GetSessionUsername()
 	if userId == "" {
-		c.ResponseError("Please login first")
+		c.ResponseError(c.T("LoginErr.LoginFirst"))
 		return
 	}
 
 	user := object.GetUser(userId)
 	if user == nil {
-		c.ResponseError(fmt.Sprintf("The user: %s doesn't exist", userId))
+		c.ResponseError(fmt.Sprintf(c.T("UserErr.DoNotExist"), userId))
 		return
 	}
 

controllers/resource.go

@@ -113,7 +113,7 @@ func (c *ApiController) DeleteResource() {
 		return
 	}
 
-	err = object.DeleteFile(provider, resource.Name)
+	err = object.DeleteFile(provider, resource.Name, c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -145,7 +145,7 @@ func (c *ApiController) UploadResource() {
 	defer file.Close()
 
 	if username == "" || fullFilePath == "" {
-		c.ResponseError(fmt.Sprintf("username or fullFilePath is empty: username = %s, fullFilePath = %s", username, fullFilePath))
+		c.ResponseError(fmt.Sprintf(c.T("ResourceErr.UsernameOrFilePathEmpty"), username, fullFilePath))
 		return
 	}
 
@@ -205,7 +205,7 @@ func (c *ApiController) UploadResource() {
 		if user == nil {
 			user = object.GetUserNoCheck(username)
 			if user == nil {
-				c.ResponseError("user is nil for tag: \"avatar\"")
+				c.ResponseError(c.T("ResourceErr.UserIsNil"))
 				return
 			}
 		}

controllers/saml.go

@@ -25,7 +25,7 @@ func (c *ApiController) GetSamlMeta() {
 	paramApp := c.Input().Get("application")
 	application := object.GetApplication(paramApp)
 	if application == nil {
-		c.ResponseError(fmt.Sprintf("err: application %s not found", paramApp))
+		c.ResponseError(fmt.Sprintf(c.T("ApplicationErr.AppNotFound"), paramApp))
 		return
 	}
 	metadata, _ := object.GetSamlMeta(application, host)

controllers/service.go

@@ -81,7 +81,7 @@ func (c *ApiController) SendEmail() {
 	}
 
 	if util.IsStrsEmpty(emailForm.Title, emailForm.Content, emailForm.Sender) {
-		c.ResponseError(fmt.Sprintf("Empty parameters for emailForm: %v", emailForm))
+		c.ResponseError(fmt.Sprintf(c.T("EmailErr.EmptyParam"), emailForm))
 		return
 	}
 
@@ -93,7 +93,7 @@ func (c *ApiController) SendEmail() {
 	}
 
 	if len(invalidReceivers) != 0 {
-		c.ResponseError(fmt.Sprintf("Invalid Email receivers: %s", invalidReceivers))
+		c.ResponseError(fmt.Sprintf(c.T("EmailErr.InvalidReceivers"), invalidReceivers))
 		return
 	}
 
@@ -141,7 +141,7 @@ func (c *ApiController) SendSms() {
 	}
 
 	if len(invalidReceivers) != 0 {
-		c.ResponseError(fmt.Sprintf("Invalid phone receivers: %s", invalidReceivers))
+		c.ResponseError(fmt.Sprintf(c.T("PhoneErr.InvalidReceivers"), invalidReceivers))
 		return
 	}
 

controllers/system_info.go

@@ -40,7 +40,7 @@ func (c *ApiController) GetSystemInfo() {
 
 	user := object.GetUser(id)
 	if user == nil || !user.IsGlobalAdmin {
-		c.ResponseError("You are not authorized to access this resource")
+		c.ResponseError(c.T("ResourceErr.NotAuthorized"))
 		return
 	}
 

controllers/token.go

@@ -150,12 +150,12 @@ func (c *ApiController) GetOAuthCode() {
 	codeChallenge := c.Input().Get("code_challenge")
 
 	if challengeMethod != "S256" && challengeMethod != "null" && challengeMethod != "" {
-		c.ResponseError("Challenge method should be S256")
+		c.ResponseError(c.T("AuthErr.ChallengeMethodErr"))
 		return
 	}
 	host := c.Ctx.Request.Host
 
-	c.Data["json"] = object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce, codeChallenge, host)
+	c.Data["json"] = object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce, codeChallenge, host, c.GetAcceptLanguage())
 	c.ServeJSON()
 }
 
@@ -204,7 +204,7 @@ func (c *ApiController) GetOAuthToken() {
 	}
 	host := c.Ctx.Request.Host
 
-	c.Data["json"] = object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, username, password, host, tag, avatar)
+	c.Data["json"] = object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, username, password, host, tag, avatar, c.GetAcceptLanguage())
 	c.SetTokenErrorHttpStatus()
 	c.ServeJSON()
 }
@@ -290,7 +290,7 @@ func (c *ApiController) IntrospectToken() {
 		clientId = c.Input().Get("client_id")
 		clientSecret = c.Input().Get("client_secret")
 		if clientId == "" || clientSecret == "" {
-			c.ResponseError("empty clientId or clientSecret")
+			c.ResponseError(c.T("TokenErr.EmptyClientID"))
 			c.Data["json"] = &object.TokenError{
 				Error: object.InvalidRequest,
 			}
@@ -301,7 +301,7 @@ func (c *ApiController) IntrospectToken() {
 	}
 	application := object.GetApplicationByClientId(clientId)
 	if application == nil || application.ClientSecret != clientSecret {
-		c.ResponseError("invalid application or wrong clientSecret")
+		c.ResponseError(c.T("TokenErr.InvalidAppOrWrongClientSecret"))
 		c.Data["json"] = &object.TokenError{
 			Error: object.InvalidClient,
 		}

controllers/user.go

@@ -100,7 +100,7 @@ func (c *ApiController) GetUser() {
 	organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", owner))
 	if !organization.IsProfilePublic {
 		requestUserId := c.GetSessionUsername()
-		hasPermission, err := object.CheckUserPermission(requestUserId, id, owner, false)
+		hasPermission, err := object.CheckUserPermission(requestUserId, id, owner, false, c.GetAcceptLanguage())
 		if !hasPermission {
 			c.ResponseError(err.Error())
 			return
@@ -149,7 +149,7 @@ func (c *ApiController) UpdateUser() {
 	}
 
 	if user.DisplayName == "" {
-		c.ResponseError("Display name cannot be empty")
+		c.ResponseError(c.T("UserErr.DisplayNameCanNotBeEmpty"))
 		return
 	}
 
@@ -183,6 +183,12 @@ func (c *ApiController) AddUser() {
 		return
 	}
 
+	msg := object.CheckUsername(user.Name, c.GetAcceptLanguage())
+	if msg != "" {
+		c.ResponseError(msg)
+		return
+	}
+
 	c.Data["json"] = wrapActionResponse(object.AddUser(&user))
 	c.ServeJSON()
 }
@@ -224,7 +230,7 @@ func (c *ApiController) GetEmailAndPhone() {
 
 	user := object.GetUserByFields(form.Organization, form.Username)
 	if user == nil {
-		c.ResponseError(fmt.Sprintf("The user: %s/%s doesn't exist", form.Organization, form.Username))
+		c.ResponseError(fmt.Sprintf(c.T("UserErr.DoNotExistInOrg"), form.Organization, form.Username))
 		return
 	}
 
@@ -265,7 +271,7 @@ func (c *ApiController) SetPassword() {
 	requestUserId := c.GetSessionUsername()
 	userId := fmt.Sprintf("%s/%s", userOwner, userName)
 
-	hasPermission, err := object.CheckUserPermission(requestUserId, userId, userOwner, true)
+	hasPermission, err := object.CheckUserPermission(requestUserId, userId, userOwner, true, c.GetAcceptLanguage())
 	if !hasPermission {
 		c.ResponseError(err.Error())
 		return
@@ -274,7 +280,7 @@ func (c *ApiController) SetPassword() {
 	targetUser := object.GetUser(userId)
 
 	if oldPassword != "" {
-		msg := object.CheckPassword(targetUser, oldPassword)
+		msg := object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
 		if msg != "" {
 			c.ResponseError(msg)
 			return
@@ -282,12 +288,12 @@ func (c *ApiController) SetPassword() {
 	}
 
 	if strings.Contains(newPassword, " ") {
-		c.ResponseError("New password cannot contain blank space.")
+		c.ResponseError(c.T("SetPasswordErr.CanNotContainBlank"))
 		return
 	}
 
 	if len(newPassword) <= 5 {
-		c.ResponseError("New password must have at least 6 characters")
+		c.ResponseError(c.T("SetPasswordErr.LessThanSixCharacters"))
 		return
 	}
 
@@ -309,7 +315,7 @@ func (c *ApiController) CheckUserPassword() {
 		return
 	}
 
-	_, msg := object.CheckUserPassword(user.Owner, user.Name, user.Password)
+	_, msg := object.CheckUserPassword(user.Owner, user.Name, user.Password, c.GetAcceptLanguage())
 	if msg == "" {
 		c.ResponseOk()
 	} else {

controllers/user_upload.go

@@ -61,6 +61,6 @@ func (c *ApiController) UploadUsers() {
 	if affected {
 		c.ResponseOk()
 	} else {
-		c.ResponseError("Failed to import users")
+		c.ResponseError(c.T("UserErr.FailToImportUsers"))
 	}
 }

controllers/util.go

@@ -19,6 +19,7 @@ import (
 	"strconv"
 
 	"github.com/casdoor/casdoor/conf"
+	"github.com/casdoor/casdoor/i18n"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -48,6 +49,19 @@ func (c *ApiController) ResponseError(error string, data ...interface{}) {
 	c.ResponseJsonData(resp, data...)
 }
 
+func (c *ApiController) T(error string) string {
+	return i18n.Translate(c.GetAcceptLanguage(), error)
+}
+
+// GetAcceptLanguage ...
+func (c *ApiController) GetAcceptLanguage() string {
+	lang := c.Ctx.Request.Header.Get("Accept-Language")
+	if lang == "" {
+		lang = "en"
+	}
+	return lang[0:2]
+}
+
 // SetTokenErrorHttpStatus ...
 func (c *ApiController) SetTokenErrorHttpStatus() {
 	_, ok := c.Data["json"].(*object.TokenError)
@@ -69,7 +83,7 @@ func (c *ApiController) SetTokenErrorHttpStatus() {
 func (c *ApiController) RequireSignedIn() (string, bool) {
 	userId := c.GetSessionUsername()
 	if userId == "" {
-		c.ResponseError("Please sign in first")
+		c.ResponseError(c.T("LoginErr.LoginFirst"), "Please login first")
 		return "", false
 	}
 	return userId, true
@@ -84,7 +98,7 @@ func (c *ApiController) RequireSignedInUser() (*object.User, bool) {
 
 	user := object.GetUser(userId)
 	if user == nil {
-		c.ResponseError(fmt.Sprintf("The user: %s doesn't exist", userId))
+		c.ResponseError(fmt.Sprintf(c.T("UserErr.DoNotExist"), userId))
 		return nil, false
 	}
 	return user, true
@@ -112,7 +126,7 @@ func (c *ApiController) GetProviderFromContext(category string) (*object.Provide
 	if providerName != "" {
 		provider := object.GetProvider(util.GetId(providerName))
 		if provider == nil {
-			c.ResponseError(fmt.Sprintf("The provider: %s is not found", providerName))
+			c.ResponseError(c.T("ProviderErr.ProviderNotFound"), providerName)
 			return nil, nil, false
 		}
 		return provider, nil, true
@@ -125,13 +139,13 @@ func (c *ApiController) GetProviderFromContext(category string) (*object.Provide
 
 	application, user := object.GetApplicationByUserId(userId)
 	if application == nil {
-		c.ResponseError(fmt.Sprintf("No application is found for userId: \"%s\"", userId))
+		c.ResponseError(fmt.Sprintf(c.T("ApplicationErr.AppNotFoundForUserID"), userId))
 		return nil, nil, false
 	}
 
 	provider := application.GetProviderByCategory(category)
 	if provider == nil {
-		c.ResponseError(fmt.Sprintf("No provider for category: \"%s\" is found for application: %s", category, application.Name))
+		c.ResponseError(fmt.Sprintf(c.T("ProviderErr.ProviderNotFoundForCategory"), category, application.Name))
 		return nil, nil, false
 	}
 

controllers/verification.go

@@ -50,23 +50,23 @@ func (c *ApiController) SendVerificationCode() {
 	remoteAddr := util.GetIPFromRequest(c.Ctx.Request)
 
 	if destType == "" {
-		c.ResponseError("Missing parameter: type.")
+		c.ResponseError(c.T("ParameterErr.Missing") + ": type.")
 		return
 	}
 	if dest == "" {
-		c.ResponseError("Missing parameter: dest.")
+		c.ResponseError(c.T("ParameterErr.Missing") + ": dest.")
 		return
 	}
 	if applicationId == "" {
-		c.ResponseError("Missing parameter: applicationId.")
+		c.ResponseError(c.T("ParameterErr.Missing") + ": applicationId.")
 		return
 	}
 	if !strings.Contains(applicationId, "/") {
-		c.ResponseError("Wrong parameter: applicationId.")
+		c.ResponseError(c.T("ParameterErr.Wrong") + ": applicationId.")
 		return
 	}
 	if checkType == "" {
-		c.ResponseError("Missing parameter: checkType.")
+		c.ResponseError(c.T("ParameterErr.Missing") + ": checkType.")
 		return
 	}
 
@@ -74,7 +74,7 @@ func (c *ApiController) SendVerificationCode() {
 
 	if captchaProvider != nil {
 		if checkKey == "" {
-			c.ResponseError("Missing parameter: checkKey.")
+			c.ResponseError(c.T("ParameterErr.Missing") + ": checkKey.")
 			return
 		}
 		isHuman, err := captchaProvider.VerifyCaptcha(checkKey, checkId)
@@ -84,7 +84,7 @@ func (c *ApiController) SendVerificationCode() {
 		}
 
 		if !isHuman {
-			c.ResponseError("Turing test failed.")
+			c.ResponseError(c.T("AuthErr.NotHuman"))
 			return
 		}
 	}
@@ -94,7 +94,7 @@ func (c *ApiController) SendVerificationCode() {
 	organization := object.GetOrganization(fmt.Sprintf("%s/%s", application.Owner, application.Organization))
 
 	if checkUser == "true" && user == nil && object.GetUserByFields(organization.Name, dest) == nil {
-		c.ResponseError("Please login first")
+		c.ResponseError(c.T("LoginErr.LoginFirst"))
 		return
 	}
 
@@ -110,7 +110,7 @@ func (c *ApiController) SendVerificationCode() {
 			dest = user.Email
 		}
 		if !util.IsEmailValid(dest) {
-			c.ResponseError("Invalid Email address")
+			c.ResponseError(c.T("EmailErr.EmailInvalid"))
 			return
 		}
 
@@ -121,11 +121,11 @@ func (c *ApiController) SendVerificationCode() {
 			dest = user.Phone
 		}
 		if !util.IsPhoneCnValid(dest) {
-			c.ResponseError("Invalid phone number")
+			c.ResponseError(c.T("PhoneErr.NumberInvalid"))
 			return
 		}
 		if organization == nil {
-			c.ResponseError("The organization doesn't exist.")
+			c.ResponseError(c.T("OrgErr.DoNotExist"))
 			return
 		}
 
@@ -157,7 +157,7 @@ func (c *ApiController) ResetEmailOrPhone() {
 	dest := c.Ctx.Request.Form.Get("dest")
 	code := c.Ctx.Request.Form.Get("code")
 	if len(dest) == 0 || len(code) == 0 || len(destType) == 0 {
-		c.ResponseError("Missing parameter.")
+		c.ResponseError(c.T("ParameterErr.Missing"))
 		return
 	}
 
@@ -166,11 +166,11 @@ func (c *ApiController) ResetEmailOrPhone() {
 	if destType == "phone" {
 		phoneItem := object.GetAccountItemByName("Phone", org)
 		if phoneItem == nil {
-			c.ResponseError("Unable to get the phone modify rule.")
+			c.ResponseError(c.T("PhoneErr.UnableGetModifyRule"))
 			return
 		}
 
-		if pass, errMsg := object.CheckAccountItemModifyRule(phoneItem, user); !pass {
+		if pass, errMsg := object.CheckAccountItemModifyRule(phoneItem, user, c.GetAcceptLanguage()); !pass {
 			c.ResponseError(errMsg)
 			return
 		}
@@ -183,16 +183,16 @@ func (c *ApiController) ResetEmailOrPhone() {
 	} else if destType == "email" {
 		emailItem := object.GetAccountItemByName("Email", org)
 		if emailItem == nil {
-			c.ResponseError("Unable to get the email modify rule.")
+			c.ResponseError(c.T("EmailErr.UnableGetModifyRule"))
 			return
 		}
 
-		if pass, errMsg := object.CheckAccountItemModifyRule(emailItem, user); !pass {
+		if pass, errMsg := object.CheckAccountItemModifyRule(emailItem, user, c.GetAcceptLanguage()); !pass {
 			c.ResponseError(errMsg)
 			return
 		}
 	}
-	if ret := object.CheckVerificationCode(checkDest, code); len(ret) != 0 {
+	if ret := object.CheckVerificationCode(checkDest, code, c.GetAcceptLanguage()); len(ret) != 0 {
 		c.ResponseError(ret)
 		return
 	}
@@ -205,7 +205,7 @@ func (c *ApiController) ResetEmailOrPhone() {
 		user.Phone = dest
 		object.SetUserField(user, "phone", user.Phone)
 	default:
-		c.ResponseError("Unknown type.")
+		c.ResponseError(c.T("ParameterErr.UnknownType"))
 		return
 	}
 
@@ -224,17 +224,17 @@ func (c *ApiController) VerifyCaptcha() {
 	captchaToken := c.Ctx.Request.Form.Get("captchaToken")
 	clientSecret := c.Ctx.Request.Form.Get("clientSecret")
 	if captchaToken == "" {
-		c.ResponseError("Missing parameter: captchaToken.")
+		c.ResponseError(c.T("ParameterErr.Missing") + ": captchaToken.")
 		return
 	}
 	if clientSecret == "" {
-		c.ResponseError("Missing parameter: clientSecret.")
+		c.ResponseError(c.T("ParameterErr.Missing") + ": clientSecret.")
 		return
 	}
 
 	provider := captcha.GetCaptchaProvider(captchaType)
 	if provider == nil {
-		c.ResponseError("Invalid captcha provider.")
+		c.ResponseError(c.T("ProviderErr.InvalidProvider"))
 		return
 	}
 

controllers/webauthn.go

@@ -35,7 +35,7 @@ func (c *ApiController) WebAuthnSignupBegin() {
 	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	user := c.getCurrentUser()
 	if user == nil {
-		c.ResponseError("Please login first.")
+		c.ResponseError(c.T("LoginErr.LoginFirst"))
 		return
 	}
 
@@ -66,13 +66,13 @@ func (c *ApiController) WebAuthnSignupFinish() {
 	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	user := c.getCurrentUser()
 	if user == nil {
-		c.ResponseError("Please login first.")
+		c.ResponseError(c.T("LoginErr.LoginFirst"))
 		return
 	}
 	sessionObj := c.GetSession("registration")
 	sessionData, ok := sessionObj.(webauthn.SessionData)
 	if !ok {
-		c.ResponseError("Please call WebAuthnSignupBegin first")
+		c.ResponseError(c.T("AuthErr.CallWebAuthnSigninBegin"))
 		return
 	}
 	c.Ctx.Request.Body = io.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))
@@ -101,7 +101,7 @@ func (c *ApiController) WebAuthnSigninBegin() {
 	userName := c.Input().Get("name")
 	user := object.GetUserByFields(userOwner, userName)
 	if user == nil {
-		c.ResponseError(fmt.Sprintf("The user: %s/%s doesn't exist", userOwner, userName))
+		c.ResponseError(fmt.Sprintf(c.T("UserErr.DoNotExistInOrg"), userOwner, userName))
 		return
 	}
 	options, sessionData, err := webauthnObj.BeginLogin(user)
@@ -127,7 +127,7 @@ func (c *ApiController) WebAuthnSigninFinish() {
 	sessionObj := c.GetSession("authentication")
 	sessionData, ok := sessionObj.(webauthn.SessionData)
 	if !ok {
-		c.ResponseError("Please call WebAuthnSigninBegin first")
+		c.ResponseError(c.T("AuthErr.CallWebAuthnSigninBegin"))
 		return
 	}
 	c.Ctx.Request.Body = io.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))

go.mod

@@ -4,6 +4,7 @@ go 1.16
 
 require (
 	github.com/RobotsAndPencils/go-saml v0.0.0-20170520135329-fb13cb52a46b
+	github.com/Unknwon/goconfig v1.0.0
 	github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387
 	github.com/aws/aws-sdk-go v1.44.4
 	github.com/beego/beego v1.12.11
@@ -47,7 +48,7 @@ require (
 	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df // indirect
-	gopkg.in/ini.v1 v1.62.0 // indirect
+	gopkg.in/ini.v1 v1.67.0
 	gopkg.in/square/go-jose.v2 v2.6.0
 	gopkg.in/yaml.v2 v2.3.0 // indirect
 	xorm.io/core v0.7.2

go.sum

@@ -61,6 +61,8 @@ github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go
 github.com/PuerkitoBio/goquery v1.5.1/go.mod h1:GsLWisAFVj4WgDibEWF4pvYnkVQBpKBKeU+7zCJoLcc=
 github.com/RobotsAndPencils/go-saml v0.0.0-20170520135329-fb13cb52a46b h1:EgJ6N2S0h1WfFIjU5/VVHWbMSVYXAluop97Qxpr/lfQ=
 github.com/RobotsAndPencils/go-saml v0.0.0-20170520135329-fb13cb52a46b/go.mod h1:3SAoF0F5EbcOuBD5WT9nYkbIJieBS84cUQXADbXeBsU=
+github.com/Unknwon/goconfig v1.0.0 h1:9IAu/BYbSLQi8puFjUQApZTxIHqSwrj5d8vpP8vTq4A=
+github.com/Unknwon/goconfig v1.0.0/go.mod h1:wngxua9XCNjvHjDiTiV26DaKDT+0c63QR6H5hjVUUxw=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
@@ -757,8 +759,8 @@ gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMy
 gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df h1:n7WqCuqOuCbNr617RXOY0AWRXxgwEyPp2z+p0+hgMuE=
 gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df/go.mod h1:LRQQ+SO6ZHR7tOkpBDuZnXENFzX8qRjMDMyPD6BRkCw=
 gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ini.v1 v1.62.0 h1:duBzk771uxoUuOlyRLkHsygud9+5lrlGjdFBb4mSKDU=
+gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
-gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/mgo.v2 v2.0.0-20190816093944-a6b53ec6cb22/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA=
 gopkg.in/square/go-jose.v2 v2.6.0 h1:NGk74WTnPKBNUhNzQX7PYcTLUjoq7mzKk2OKbvwk2iI=
 gopkg.in/square/go-jose.v2 v2.6.0/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=

i18n/generate_backend.go

@@ -0,0 +1,122 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package i18n
+
+import (
+	"log"
+	"os"
+	"path/filepath"
+	"regexp"
+	"strings"
+
+	"github.com/Unknwon/goconfig"
+	"github.com/casdoor/casdoor/util"
+)
+
+var (
+	reI18nBackendObject    *regexp.Regexp
+	re18nBackendController *regexp.Regexp
+)
+
+func init() {
+	reI18nBackendObject, _ = regexp.Compile("i18n.Translate\\((.*?)\"\\)")
+	re18nBackendController, _ = regexp.Compile("c.T\\((.*?)\"\\)")
+}
+
+func GetAllI18nStrings(fileContent string, path string) []string {
+	res := []string{}
+	if strings.Contains(path, "object") {
+		matches := reI18nBackendObject.FindAllStringSubmatch(fileContent, -1)
+		if matches == nil {
+			return res
+		}
+		for _, match := range matches {
+			match := strings.Split(match[1], ",")
+			res = append(res, match[1][2:])
+		}
+	} else {
+		matches := re18nBackendController.FindAllStringSubmatch(fileContent, -1)
+		if matches == nil {
+			return res
+		}
+		for _, match := range matches {
+			res = append(res, match[1][1:])
+		}
+	}
+
+	return res
+}
+
+func getAllGoFilePaths() []string {
+	path := "../"
+
+	res := []string{}
+	err := filepath.Walk(path,
+		func(path string, info os.FileInfo, err error) error {
+			if err != nil {
+				return err
+			}
+
+			if !strings.HasSuffix(info.Name(), ".go") {
+				return nil
+			}
+
+			res = append(res, path)
+			// fmt.Println(path, info.Name())
+			return nil
+		})
+	if err != nil {
+		panic(err)
+	}
+
+	return res
+}
+
+func getErrName(paths []string) map[string]bool {
+	ErrName := make(map[string]bool)
+	for i := 0; i < len(paths); i++ {
+		content := util.ReadStringFromPath(paths[i])
+		words := GetAllI18nStrings(content, paths[i])
+		for i := 0; i < len(words); i++ {
+			ErrName[words[i]] = true
+		}
+	}
+	return ErrName
+}
+
+func writeToAllLanguageFiles(errName map[string]bool) {
+	languages := "en,zh,es,fr,de,ja,ko,ru"
+	languageArr := strings.Split(languages, ",")
+	var c [10]*goconfig.ConfigFile
+	for i := 0; i < len(languageArr); i++ {
+		var err error
+		c[i], err = goconfig.LoadConfigFile("../i18n/languages/" + "locale_" + languageArr[i] + ".ini")
+		if err != nil {
+			log.Println(err.Error())
+		}
+		for j := range errName {
+			parts := strings.Split(j, ".")
+			_, err := c[i].GetValue(parts[0], parts[1])
+			if err != nil {
+				c[i].SetValue(parts[0], parts[1], parts[1])
+			}
+		}
+		c[i].SetPrettyFormat(true)
+		err = goconfig.SaveConfigFile(c[i], "../i18n/languages/"+"locale_"+languageArr[i]+".ini")
+		if err != nil {
+			log.Println(err)
+		}
+	}
+}

i18n/generate_test.go

@@ -14,7 +14,10 @@
 
 package i18n
 
-import "testing"
+import (
+	"fmt"
+	"testing"
+)
 
 func applyToOtherLanguage(dataEn *I18nData, lang string) {
 	dataOther := readI18nFile(lang)
@@ -24,7 +27,7 @@ func applyToOtherLanguage(dataEn *I18nData, lang string) {
 	writeI18nFile(lang, dataEn)
 }
 
-func TestGenerateI18nStrings(t *testing.T) {
+func TestGenerateI18nStringsForFrontend(t *testing.T) {
 	dataEn := parseToData()
 	writeI18nFile("en", dataEn)
 
@@ -35,3 +38,17 @@ func TestGenerateI18nStrings(t *testing.T) {
 	applyToOtherLanguage(dataEn, "ru")
 	applyToOtherLanguage(dataEn, "zh")
 }
+
+func TestGenerateI18nStringsForBackend(t *testing.T) {
+	paths := getAllGoFilePaths()
+
+	errName := getErrName(paths)
+
+	writeToAllLanguageFiles(errName)
+
+	fmt.Println("Total Err Words:", len(errName))
+
+	for i := range errName {
+		fmt.Println(i)
+	}
+}

i18n/languages/locale_de.ini

@@ -0,0 +1,137 @@
+[ApplicationErr]
+AppNotFound = Application %s not found
+AppNotFoundForUserID = No application is found for userId: %s
+GrantTypeNotSupport = Grant_type: %s is not supported in this application
+HasNoProviders = This application has no providers
+HasNoProvidersOfType = This application has no providers of type
+InvalidID = Invalid application id
+
+[AuthErr]
+AuthStateWrong = State expected: %s, but got: %s
+ChallengeMethodErr = Challenge method should be S256
+CanNotUnlinkUsers = You are not the global admin, you can't unlink other users
+CanNotLinkMySelf = You can't unlink yourself, you are not a member of any application
+CallWebAuthnSigninBegin = Please call WebAuthnSigninBegin first
+NotHuman = Turing test failed.
+Unauthorized = Unauthorized operation
+WrongPasswordManyTimes = WrongPasswordManyTimes
+
+[CasErr]
+ServiceDoNotMatch = Service %s and %s do not match
+
+[EmailErr]
+ExistedErr = Email already exists
+EmptyErr = Email cannot be empty
+EmailInvalid = Email is invalid
+EmailCheckResult = Email: %s
+EmptyParam = Empty parameters for emailForm: %v
+InvalidReceivers = Invalid Email receivers: %s
+UnableGetModifyRule = Unable to get the email modify rule.
+
+[EnforcerErr]
+SignInFirst = Please sign in first
+
+[InitErr]
+InitScoreFailed = Get init score failed, error: %%w
+
+[LdapErr]
+MultipleAccounts = Multiple accounts with same uid, please check your ldap server
+PasswordWrong = Ldap user name or password incorrect
+ServerExisted = Ldap server exist
+
+[LoginErr]
+AppDoNotExist = The application: %s does not exist
+AppNotEnableSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support
+AccountDoNotExist = The account does not exist
+InvalidUserInformation = Failed to create user, user information is invalid: %s
+LoginFirst = Please login first
+LoginFail = Failed to login in: %s
+NoPermission = You don't have the permission to do this
+OldUser = The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)
+ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
+SessionOutdated = Session outdated, please login again
+SignOutFirst = Please sign out first before signing in
+UserDoNotExist = The user: %s/%s doesn't exist
+UserIsForbidden = The user is forbidden to sign in, please contact the administrator
+UnknownAuthentication = Unknown authentication type (not password or provider), form = %s
+UnsupportedPasswordType = unsupported password type: %s
+
+[OrgErr]
+DoNotExist = Organization does not exist
+Immutable = The %s is immutable.
+OnlyAdmin = Only admin can modify the %s.
+UnknownModifyRule = Unknown modify rule %s.
+
+[ParameterErr]
+OrgMissingErr = Parameter organization is missing
+Missing = Missing parameter
+UnknownType = Unknown type
+Wrong = Wrong parameter
+
+[PhoneErr]
+CodeNotSent = Code has not been sent yet!
+CodeTimeOut = You should verify your code in %d min!
+ExistedErr = Phone already exists
+EmptyErr = Phone cannot be empty
+InvalidReceivers = Invalid phone receivers: %s
+NumberInvalid = Phone number is invalid
+NoPrefix = %s No phone prefix
+PhoneCheckResult = Phone: %s
+UnableGetModifyRule = Unable to get the phone modify rule.
+
+[ProviderErr]
+CanNotBeUnlinked = This provider can't be unlinked
+CategoryNotSAML = provider %s's category is not SAML
+DoNotExist = the provider: %s does not exist
+InvalidProvider = Invalid captcha provider.
+LinkFirstErr = Please link first
+ProviderNotEnabled = The provider: %s is not enabled for the application
+ProviderNotSupported = The provider type: %s is not supported
+ProviderNotFound = The provider: %s is not found
+ProviderNotFoundForCategory = No provider for category: %s is found for application: %s
+
+[ResourceErr]
+NotAuthorized = You are not authorized to access this resource
+UserIsNil = User is nil for tag: /"avatar/"
+UsernameOrFilePathEmpty = Username or fullFilePath is empty: username = %s, fullFilePath = %s
+
+[SetPasswordErr]
+CanNotContainBlank = New password cannot contain blank space.
+LessThanSixCharacters = New password must have at least 6 characters
+
+[SignUpErr]
+DoNotAllowSignUp = The application does not allow to sign up new account
+SignOutFirst = Please sign out first before signing up
+
+[StorageErr]
+ObjectKeyNotAllowed = The objectKey: %s is not allowed
+
+[TokenErr]
+EmptyClientID = Empty clientId or clientSecret
+InvalidToken = Invalid token
+InvalidAppOrWrongClientSecret = Invalid application or wrong clientSecret
+InvalidClientId = Invalid client_id
+RedirectURIDoNotExist = Redirect URI: %s doesn't exist in the allowed Redirect URI list
+
+[UserErr]
+AffiliationBlankErr = Affiliation cannot be blank
+DisplayNameBlankErr = DisplayName cannot be blank
+DisplayNameInvalid = DisplayName is not valid real name
+DisplayNameCanNotBeEmpty = Display name cannot be empty
+DoNotExist = The user: %s doesn't exist
+DoNotExistInOrg = The user: %s/%s doesn't exist
+DoNotExistSignUp = the user does not exist, please sign up first
+FirstNameBlankErr = FirstName cannot be blank
+FailToImportUsers = Failed to import users
+LastNameBlankErr = LastName cannot be blank
+NameLessThanTwoCharacters = Username must have at least 2 characters
+NameStartWithADigitErr = Username cannot start with a digit
+NameIsEmailErr = Username cannot be an email address
+NameCantainWhitSpaceErr = Username cannot contain white spaces
+NameExistedErr = Username already exists
+NameEmptyErr = Empty username.
+NameTooLang = Username is too long (maximum is 39 characters).
+NameFormatErr = The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.
+PasswordLessThanSixCharacters = Password must have at least 6 characters
+InvalidInformation = Invalid information
+

i18n/languages/locale_en.ini

@@ -0,0 +1,137 @@
+[ApplicationErr]
+AppNotFound = Application %s not found
+AppNotFoundForUserID = No application is found for userId: %s
+GrantTypeNotSupport = Grant_type: %s is not supported in this application
+HasNoProviders = This application has no providers
+HasNoProvidersOfType = This application has no providers of type
+InvalidID = Invalid application id
+
+[AuthErr]
+AuthStateWrong = State expected: %s, but got: %s
+ChallengeMethodErr = Challenge method should be S256
+CanNotUnlinkUsers = You are not the global admin, you can't unlink other users
+CanNotLinkMySelf = You can't unlink yourself, you are not a member of any application
+CallWebAuthnSigninBegin = Please call WebAuthnSigninBegin first
+NotHuman = Turing test failed.
+WrongPasswordManyTimes = You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again
+Unauthorized = Unauthorized operation
+
+[CasErr]
+ServiceDoNotMatch = Service %s and %s do not match
+
+[EmailErr]
+ExistedErr = Email already exists
+EmptyErr = Email cannot be empty
+EmailInvalid = Email is invalid
+EmailCheckResult = Email: %s
+EmptyParam = Empty parameters for emailForm: %v
+InvalidReceivers = Invalid Email receivers: %s
+UnableGetModifyRule = Unable to get the email modify rule.
+
+[EnforcerErr]
+SignInFirst = Please sign in first
+
+[InitErr]
+InitScoreFailed = Get init score failed, error: %%w
+
+[LdapErr]
+MultipleAccounts = Multiple accounts with same uid, please check your ldap server
+PasswordWrong = Ldap user name or password incorrect
+ServerExisted = Ldap server exist
+
+[LoginErr]
+AppDoNotExist = The application: %s does not exist
+AppNotEnableSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support
+AccountDoNotExist = The account does not exist
+InvalidUserInformation = Failed to create user, user information is invalid: %s
+LoginFirst = Please login first
+LoginFail = Failed to login in: %s
+NoPermission = You don't have the permission to do this
+OldUser = The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)
+ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
+SessionOutdated = Session outdated, please login again
+SignOutFirst = Please sign out first before signing in
+UserDoNotExist = The user: %s/%s doesn't exist
+UserIsForbidden = The user is forbidden to sign in, please contact the administrator
+UnknownAuthentication = Unknown authentication type (not password or provider), form = %s
+UnsupportedPasswordType = unsupported password type: %s
+
+[OrgErr]
+DoNotExist = Organization does not exist
+Immutable = The %s is immutable.
+OnlyAdmin = Only admin can modify the %s.
+UnknownModifyRule = Unknown modify rule %s.
+
+[ParameterErr]
+OrgMissingErr = Parameter organization is missing
+Missing = Missing parameter
+UnknownType = Unknown type
+Wrong = Wrong parameter
+
+[PhoneErr]
+CodeNotSent = Code has not been sent yet!
+CodeTimeOut = You should verify your code in %d min!
+ExistedErr = Phone already exists
+EmptyErr = Phone cannot be empty
+InvalidReceivers = Invalid phone receivers: %s
+NumberInvalid = Phone number is invalid
+NoPrefix = %s No phone prefix
+PhoneCheckResult = Phone: %s
+UnableGetModifyRule = Unable to get the phone modify rule.
+
+[ProviderErr]
+CanNotBeUnlinked = This provider can't be unlinked
+CategoryNotSAML = provider %s's category is not SAML
+DoNotExist = the provider: %s does not exist
+InvalidProvider = Invalid captcha provider.
+LinkFirstErr = Please link first
+ProviderNotEnabled = The provider: %s is not enabled for the application
+ProviderNotSupported = The provider type: %s is not supported
+ProviderNotFound = The provider: %s is not found
+ProviderNotFoundForCategory = No provider for category: %s is found for application: %s
+
+[ResourceErr]
+NotAuthorized = You are not authorized to access this resource
+UserIsNil = User is nil for tag: /"avatar/"
+UsernameOrFilePathEmpty = Username or fullFilePath is empty: username = %s, fullFilePath = %s
+
+[SetPasswordErr]
+CanNotContainBlank = New password cannot contain blank space.
+LessThanSixCharacters = New password must have at least 6 characters
+
+[SignUpErr]
+DoNotAllowSignUp = The application does not allow to sign up new account
+SignOutFirst = Please sign out first before signing up
+
+[StorageErr]
+ObjectKeyNotAllowed = The objectKey: %s is not allowed
+
+[TokenErr]
+EmptyClientID = Empty clientId or clientSecret
+InvalidToken = Invalid token
+InvalidAppOrWrongClientSecret = Invalid application or wrong clientSecret
+InvalidClientId = Invalid client_id
+RedirectURIDoNotExist = Redirect URI: %s doesn't exist in the allowed Redirect URI list
+
+[UserErr]
+AffiliationBlankErr = Affiliation cannot be blank
+DisplayNameBlankErr = DisplayName cannot be blank
+DisplayNameInvalid = DisplayName is not valid real name
+DisplayNameCanNotBeEmpty = Display name cannot be empty
+DoNotExist = The user: %s doesn't exist
+DoNotExistInOrg = The user: %s/%s doesn't exist
+DoNotExistSignUp = the user does not exist, please sign up first
+FirstNameBlankErr = FirstName cannot be blank
+FailToImportUsers = Failed to import users
+LastNameBlankErr = LastName cannot be blank
+NameLessThanTwoCharacters = Username must have at least 2 characters
+NameStartWithADigitErr = Username cannot start with a digit
+NameIsEmailErr = Username cannot be an email address
+NameCantainWhitSpaceErr = Username cannot contain white spaces
+NameExistedErr = Username already exists
+NameEmptyErr = Empty username.
+NameTooLang = Username is too long (maximum is 39 characters).
+NameFormatErr = The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.
+PasswordLessThanSixCharacters = Password must have at least 6 characters
+InvalidInformation = Invalid information
+

i18n/languages/locale_es.ini

@@ -0,0 +1,137 @@
+[ApplicationErr]
+AppNotFound = Application %s not found
+AppNotFoundForUserID = No application is found for userId: %s
+GrantTypeNotSupport = Grant_type: %s is not supported in this application
+HasNoProviders = This application has no providers
+HasNoProvidersOfType = This application has no providers of type
+InvalidID = Invalid application id
+
+[AuthErr]
+AuthStateWrong = State expected: %s, but got: %s
+ChallengeMethodErr = Challenge method should be S256
+CanNotUnlinkUsers = You are not the global admin, you can't unlink other users
+CanNotLinkMySelf = You can't unlink yourself, you are not a member of any application
+CallWebAuthnSigninBegin = Please call WebAuthnSigninBegin first
+NotHuman = Turing test failed.
+Unauthorized = Unauthorized operation
+WrongPasswordManyTimes = WrongPasswordManyTimes
+
+[CasErr]
+ServiceDoNotMatch = Service %s and %s do not match
+
+[EmailErr]
+ExistedErr = Email already exists
+EmptyErr = Email cannot be empty
+EmailInvalid = Email is invalid
+EmailCheckResult = Email: %s
+EmptyParam = Empty parameters for emailForm: %v
+InvalidReceivers = Invalid Email receivers: %s
+UnableGetModifyRule = Unable to get the email modify rule.
+
+[EnforcerErr]
+SignInFirst = Please sign in first
+
+[InitErr]
+InitScoreFailed = Get init score failed, error: %%w
+
+[LdapErr]
+MultipleAccounts = Multiple accounts with same uid, please check your ldap server
+PasswordWrong = Ldap user name or password incorrect
+ServerExisted = Ldap server exist
+
+[LoginErr]
+AppDoNotExist = The application: %s does not exist
+AppNotEnableSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support
+AccountDoNotExist = The account does not exist
+InvalidUserInformation = Failed to create user, user information is invalid: %s
+LoginFirst = Please login first
+LoginFail = Failed to login in: %s
+NoPermission = You don't have the permission to do this
+OldUser = The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)
+ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
+SessionOutdated = Session outdated, please login again
+SignOutFirst = Please sign out first before signing in
+UserDoNotExist = The user: %s/%s doesn't exist
+UserIsForbidden = The user is forbidden to sign in, please contact the administrator
+UnknownAuthentication = Unknown authentication type (not password or provider), form = %s
+UnsupportedPasswordType = unsupported password type: %s
+
+[OrgErr]
+DoNotExist = Organization does not exist
+Immutable = The %s is immutable.
+OnlyAdmin = Only admin can modify the %s.
+UnknownModifyRule = Unknown modify rule %s.
+
+[ParameterErr]
+OrgMissingErr = Parameter organization is missing
+Missing = Missing parameter
+UnknownType = Unknown type
+Wrong = Wrong parameter
+
+[PhoneErr]
+CodeNotSent = Code has not been sent yet!
+CodeTimeOut = You should verify your code in %d min!
+ExistedErr = Phone already exists
+EmptyErr = Phone cannot be empty
+InvalidReceivers = Invalid phone receivers: %s
+NumberInvalid = Phone number is invalid
+NoPrefix = %s No phone prefix
+PhoneCheckResult = Phone: %s
+UnableGetModifyRule = Unable to get the phone modify rule.
+
+[ProviderErr]
+CanNotBeUnlinked = This provider can't be unlinked
+CategoryNotSAML = provider %s's category is not SAML
+DoNotExist = the provider: %s does not exist
+InvalidProvider = Invalid captcha provider.
+LinkFirstErr = Please link first
+ProviderNotEnabled = The provider: %s is not enabled for the application
+ProviderNotSupported = The provider type: %s is not supported
+ProviderNotFound = The provider: %s is not found
+ProviderNotFoundForCategory = No provider for category: %s is found for application: %s
+
+[ResourceErr]
+NotAuthorized = You are not authorized to access this resource
+UserIsNil = User is nil for tag: /"avatar/"
+UsernameOrFilePathEmpty = Username or fullFilePath is empty: username = %s, fullFilePath = %s
+
+[SetPasswordErr]
+CanNotContainBlank = New password cannot contain blank space.
+LessThanSixCharacters = New password must have at least 6 characters
+
+[SignUpErr]
+DoNotAllowSignUp = The application does not allow to sign up new account
+SignOutFirst = Please sign out first before signing up
+
+[StorageErr]
+ObjectKeyNotAllowed = The objectKey: %s is not allowed
+
+[TokenErr]
+EmptyClientID = Empty clientId or clientSecret
+InvalidToken = Invalid token
+InvalidAppOrWrongClientSecret = Invalid application or wrong clientSecret
+InvalidClientId = Invalid client_id
+RedirectURIDoNotExist = Redirect URI: %s doesn't exist in the allowed Redirect URI list
+
+[UserErr]
+AffiliationBlankErr = Affiliation cannot be blank
+DisplayNameBlankErr = DisplayName cannot be blank
+DisplayNameInvalid = DisplayName is not valid real name
+DisplayNameCanNotBeEmpty = Display name cannot be empty
+DoNotExist = The user: %s doesn't exist
+DoNotExistInOrg = The user: %s/%s doesn't exist
+DoNotExistSignUp = the user does not exist, please sign up first
+FirstNameBlankErr = FirstName cannot be blank
+FailToImportUsers = Failed to import users
+LastNameBlankErr = LastName cannot be blank
+NameLessThanTwoCharacters = Username must have at least 2 characters
+NameStartWithADigitErr = Username cannot start with a digit
+NameIsEmailErr = Username cannot be an email address
+NameCantainWhitSpaceErr = Username cannot contain white spaces
+NameExistedErr = Username already exists
+NameEmptyErr = Empty username.
+NameTooLang = Username is too long (maximum is 39 characters).
+NameFormatErr = The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.
+PasswordLessThanSixCharacters = Password must have at least 6 characters
+InvalidInformation = Invalid information
+

i18n/languages/locale_fr.ini

@@ -0,0 +1,137 @@
+[ApplicationErr]
+AppNotFound = Application %s not found
+AppNotFoundForUserID = No application is found for userId: %s
+GrantTypeNotSupport = Grant_type: %s is not supported in this application
+HasNoProviders = This application has no providers
+HasNoProvidersOfType = This application has no providers of type
+InvalidID = Invalid application id
+
+[AuthErr]
+AuthStateWrong = State expected: %s, but got: %s
+ChallengeMethodErr = Challenge method should be S256
+CanNotUnlinkUsers = You are not the global admin, you can't unlink other users
+CanNotLinkMySelf = You can't unlink yourself, you are not a member of any application
+CallWebAuthnSigninBegin = Please call WebAuthnSigninBegin first
+NotHuman = Turing test failed.
+Unauthorized = Unauthorized operation
+WrongPasswordManyTimes = WrongPasswordManyTimes
+
+[CasErr]
+ServiceDoNotMatch = Service %s and %s do not match
+
+[EmailErr]
+ExistedErr = Email already exists
+EmptyErr = Email cannot be empty
+EmailInvalid = Email is invalid
+EmailCheckResult = Email: %s
+EmptyParam = Empty parameters for emailForm: %v
+InvalidReceivers = Invalid Email receivers: %s
+UnableGetModifyRule = Unable to get the email modify rule.
+
+[EnforcerErr]
+SignInFirst = Please sign in first
+
+[InitErr]
+InitScoreFailed = Get init score failed, error: %%w
+
+[LdapErr]
+MultipleAccounts = Multiple accounts with same uid, please check your ldap server
+PasswordWrong = Ldap user name or password incorrect
+ServerExisted = Ldap server exist
+
+[LoginErr]
+AppDoNotExist = The application: %s does not exist
+AppNotEnableSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support
+AccountDoNotExist = The account does not exist
+InvalidUserInformation = Failed to create user, user information is invalid: %s
+LoginFirst = Please login first
+LoginFail = Failed to login in: %s
+NoPermission = You don't have the permission to do this
+OldUser = The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)
+ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
+SessionOutdated = Session outdated, please login again
+SignOutFirst = Please sign out first before signing in
+UserDoNotExist = The user: %s/%s doesn't exist
+UserIsForbidden = The user is forbidden to sign in, please contact the administrator
+UnknownAuthentication = Unknown authentication type (not password or provider), form = %s
+UnsupportedPasswordType = unsupported password type: %s
+
+[OrgErr]
+DoNotExist = Organization does not exist
+Immutable = The %s is immutable.
+OnlyAdmin = Only admin can modify the %s.
+UnknownModifyRule = Unknown modify rule %s.
+
+[ParameterErr]
+OrgMissingErr = Parameter organization is missing
+Missing = Missing parameter
+UnknownType = Unknown type
+Wrong = Wrong parameter
+
+[PhoneErr]
+CodeNotSent = Code has not been sent yet!
+CodeTimeOut = You should verify your code in %d min!
+ExistedErr = Phone already exists
+EmptyErr = Phone cannot be empty
+InvalidReceivers = Invalid phone receivers: %s
+NumberInvalid = Phone number is invalid
+NoPrefix = %s No phone prefix
+PhoneCheckResult = Phone: %s
+UnableGetModifyRule = Unable to get the phone modify rule.
+
+[ProviderErr]
+CanNotBeUnlinked = This provider can't be unlinked
+CategoryNotSAML = provider %s's category is not SAML
+DoNotExist = the provider: %s does not exist
+InvalidProvider = Invalid captcha provider.
+LinkFirstErr = Please link first
+ProviderNotEnabled = The provider: %s is not enabled for the application
+ProviderNotSupported = The provider type: %s is not supported
+ProviderNotFound = The provider: %s is not found
+ProviderNotFoundForCategory = No provider for category: %s is found for application: %s
+
+[ResourceErr]
+NotAuthorized = You are not authorized to access this resource
+UserIsNil = User is nil for tag: /"avatar/"
+UsernameOrFilePathEmpty = Username or fullFilePath is empty: username = %s, fullFilePath = %s
+
+[SetPasswordErr]
+CanNotContainBlank = New password cannot contain blank space.
+LessThanSixCharacters = New password must have at least 6 characters
+
+[SignUpErr]
+DoNotAllowSignUp = The application does not allow to sign up new account
+SignOutFirst = Please sign out first before signing up
+
+[StorageErr]
+ObjectKeyNotAllowed = The objectKey: %s is not allowed
+
+[TokenErr]
+EmptyClientID = Empty clientId or clientSecret
+InvalidToken = Invalid token
+InvalidAppOrWrongClientSecret = Invalid application or wrong clientSecret
+InvalidClientId = Invalid client_id
+RedirectURIDoNotExist = Redirect URI: %s doesn't exist in the allowed Redirect URI list
+
+[UserErr]
+AffiliationBlankErr = Affiliation cannot be blank
+DisplayNameBlankErr = DisplayName cannot be blank
+DisplayNameInvalid = DisplayName is not valid real name
+DisplayNameCanNotBeEmpty = Display name cannot be empty
+DoNotExist = The user: %s doesn't exist
+DoNotExistInOrg = The user: %s/%s doesn't exist
+DoNotExistSignUp = the user does not exist, please sign up first
+FirstNameBlankErr = FirstName cannot be blank
+FailToImportUsers = Failed to import users
+LastNameBlankErr = LastName cannot be blank
+NameLessThanTwoCharacters = Username must have at least 2 characters
+NameStartWithADigitErr = Username cannot start with a digit
+NameIsEmailErr = Username cannot be an email address
+NameCantainWhitSpaceErr = Username cannot contain white spaces
+NameExistedErr = Username already exists
+NameEmptyErr = Empty username.
+NameTooLang = Username is too long (maximum is 39 characters).
+NameFormatErr = The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.
+PasswordLessThanSixCharacters = Password must have at least 6 characters
+InvalidInformation = Invalid information
+

i18n/languages/locale_ja.ini

@@ -0,0 +1,137 @@
+[ApplicationErr]
+AppNotFound = Application %s not found
+AppNotFoundForUserID = No application is found for userId: %s
+GrantTypeNotSupport = Grant_type: %s is not supported in this application
+HasNoProviders = This application has no providers
+HasNoProvidersOfType = This application has no providers of type
+InvalidID = Invalid application id
+
+[AuthErr]
+AuthStateWrong = State expected: %s, but got: %s
+ChallengeMethodErr = Challenge method should be S256
+CanNotUnlinkUsers = You are not the global admin, you can't unlink other users
+CanNotLinkMySelf = You can't unlink yourself, you are not a member of any application
+CallWebAuthnSigninBegin = Please call WebAuthnSigninBegin first
+NotHuman = Turing test failed.
+Unauthorized = Unauthorized operation
+WrongPasswordManyTimes = WrongPasswordManyTimes
+
+[CasErr]
+ServiceDoNotMatch = Service %s and %s do not match
+
+[EmailErr]
+ExistedErr = Email already exists
+EmptyErr = Email cannot be empty
+EmailInvalid = Email is invalid
+EmailCheckResult = Email: %s
+EmptyParam = Empty parameters for emailForm: %v
+InvalidReceivers = Invalid Email receivers: %s
+UnableGetModifyRule = Unable to get the email modify rule.
+
+[EnforcerErr]
+SignInFirst = Please sign in first
+
+[InitErr]
+InitScoreFailed = Get init score failed, error: %%w
+
+[LdapErr]
+MultipleAccounts = Multiple accounts with same uid, please check your ldap server
+PasswordWrong = Ldap user name or password incorrect
+ServerExisted = Ldap server exist
+
+[LoginErr]
+AppDoNotExist = The application: %s does not exist
+AppNotEnableSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support
+AccountDoNotExist = The account does not exist
+InvalidUserInformation = Failed to create user, user information is invalid: %s
+LoginFirst = Please login first
+LoginFail = Failed to login in: %s
+NoPermission = You don't have the permission to do this
+OldUser = The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)
+ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
+SessionOutdated = Session outdated, please login again
+SignOutFirst = Please sign out first before signing in
+UserDoNotExist = The user: %s/%s doesn't exist
+UserIsForbidden = The user is forbidden to sign in, please contact the administrator
+UnknownAuthentication = Unknown authentication type (not password or provider), form = %s
+UnsupportedPasswordType = unsupported password type: %s
+
+[OrgErr]
+DoNotExist = Organization does not exist
+Immutable = The %s is immutable.
+OnlyAdmin = Only admin can modify the %s.
+UnknownModifyRule = Unknown modify rule %s.
+
+[ParameterErr]
+OrgMissingErr = Parameter organization is missing
+Missing = Missing parameter
+UnknownType = Unknown type
+Wrong = Wrong parameter
+
+[PhoneErr]
+CodeNotSent = Code has not been sent yet!
+CodeTimeOut = You should verify your code in %d min!
+ExistedErr = Phone already exists
+EmptyErr = Phone cannot be empty
+InvalidReceivers = Invalid phone receivers: %s
+NumberInvalid = Phone number is invalid
+NoPrefix = %s No phone prefix
+PhoneCheckResult = Phone: %s
+UnableGetModifyRule = Unable to get the phone modify rule.
+
+[ProviderErr]
+CanNotBeUnlinked = This provider can't be unlinked
+CategoryNotSAML = provider %s's category is not SAML
+DoNotExist = the provider: %s does not exist
+InvalidProvider = Invalid captcha provider.
+LinkFirstErr = Please link first
+ProviderNotEnabled = The provider: %s is not enabled for the application
+ProviderNotSupported = The provider type: %s is not supported
+ProviderNotFound = The provider: %s is not found
+ProviderNotFoundForCategory = No provider for category: %s is found for application: %s
+
+[ResourceErr]
+NotAuthorized = You are not authorized to access this resource
+UserIsNil = User is nil for tag: /"avatar/"
+UsernameOrFilePathEmpty = Username or fullFilePath is empty: username = %s, fullFilePath = %s
+
+[SetPasswordErr]
+CanNotContainBlank = New password cannot contain blank space.
+LessThanSixCharacters = New password must have at least 6 characters
+
+[SignUpErr]
+DoNotAllowSignUp = The application does not allow to sign up new account
+SignOutFirst = Please sign out first before signing up
+
+[StorageErr]
+ObjectKeyNotAllowed = The objectKey: %s is not allowed
+
+[TokenErr]
+EmptyClientID = Empty clientId or clientSecret
+InvalidToken = Invalid token
+InvalidAppOrWrongClientSecret = Invalid application or wrong clientSecret
+InvalidClientId = Invalid client_id
+RedirectURIDoNotExist = Redirect URI: %s doesn't exist in the allowed Redirect URI list
+
+[UserErr]
+AffiliationBlankErr = Affiliation cannot be blank
+DisplayNameBlankErr = DisplayName cannot be blank
+DisplayNameInvalid = DisplayName is not valid real name
+DisplayNameCanNotBeEmpty = Display name cannot be empty
+DoNotExist = The user: %s doesn't exist
+DoNotExistInOrg = The user: %s/%s doesn't exist
+DoNotExistSignUp = the user does not exist, please sign up first
+FirstNameBlankErr = FirstName cannot be blank
+FailToImportUsers = Failed to import users
+LastNameBlankErr = LastName cannot be blank
+NameLessThanTwoCharacters = Username must have at least 2 characters
+NameStartWithADigitErr = Username cannot start with a digit
+NameIsEmailErr = Username cannot be an email address
+NameCantainWhitSpaceErr = Username cannot contain white spaces
+NameExistedErr = Username already exists
+NameEmptyErr = Empty username.
+NameTooLang = Username is too long (maximum is 39 characters).
+NameFormatErr = The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.
+PasswordLessThanSixCharacters = Password must have at least 6 characters
+InvalidInformation = Invalid information
+

i18n/languages/locale_ko.ini

@@ -0,0 +1,137 @@
+[ApplicationErr]
+AppNotFound = Application %s not found
+AppNotFoundForUserID = No application is found for userId: %s
+GrantTypeNotSupport = Grant_type: %s is not supported in this application
+HasNoProviders = This application has no providers
+HasNoProvidersOfType = This application has no providers of type
+InvalidID = Invalid application id
+
+[AuthErr]
+AuthStateWrong = State expected: %s, but got: %s
+ChallengeMethodErr = Challenge method should be S256
+CanNotUnlinkUsers = You are not the global admin, you can't unlink other users
+CanNotLinkMySelf = You can't unlink yourself, you are not a member of any application
+CallWebAuthnSigninBegin = Please call WebAuthnSigninBegin first
+NotHuman = Turing test failed.
+Unauthorized = Unauthorized operation
+WrongPasswordManyTimes = WrongPasswordManyTimes
+
+[CasErr]
+ServiceDoNotMatch = Service %s and %s do not match
+
+[EmailErr]
+ExistedErr = Email already exists
+EmptyErr = Email cannot be empty
+EmailInvalid = Email is invalid
+EmailCheckResult = Email: %s
+EmptyParam = Empty parameters for emailForm: %v
+InvalidReceivers = Invalid Email receivers: %s
+UnableGetModifyRule = Unable to get the email modify rule.
+
+[EnforcerErr]
+SignInFirst = Please sign in first
+
+[InitErr]
+InitScoreFailed = Get init score failed, error: %%w
+
+[LdapErr]
+MultipleAccounts = Multiple accounts with same uid, please check your ldap server
+PasswordWrong = Ldap user name or password incorrect
+ServerExisted = Ldap server exist
+
+[LoginErr]
+AppDoNotExist = The application: %s does not exist
+AppNotEnableSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support
+AccountDoNotExist = The account does not exist
+InvalidUserInformation = Failed to create user, user information is invalid: %s
+LoginFirst = Please login first
+LoginFail = Failed to login in: %s
+NoPermission = You don't have the permission to do this
+OldUser = The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)
+ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
+SessionOutdated = Session outdated, please login again
+SignOutFirst = Please sign out first before signing in
+UserDoNotExist = The user: %s/%s doesn't exist
+UserIsForbidden = The user is forbidden to sign in, please contact the administrator
+UnknownAuthentication = Unknown authentication type (not password or provider), form = %s
+UnsupportedPasswordType = unsupported password type: %s
+
+[OrgErr]
+DoNotExist = Organization does not exist
+Immutable = The %s is immutable.
+OnlyAdmin = Only admin can modify the %s.
+UnknownModifyRule = Unknown modify rule %s.
+
+[ParameterErr]
+OrgMissingErr = Parameter organization is missing
+Missing = Missing parameter
+UnknownType = Unknown type
+Wrong = Wrong parameter
+
+[PhoneErr]
+CodeNotSent = Code has not been sent yet!
+CodeTimeOut = You should verify your code in %d min!
+ExistedErr = Phone already exists
+EmptyErr = Phone cannot be empty
+InvalidReceivers = Invalid phone receivers: %s
+NumberInvalid = Phone number is invalid
+NoPrefix = %s No phone prefix
+PhoneCheckResult = Phone: %s
+UnableGetModifyRule = Unable to get the phone modify rule.
+
+[ProviderErr]
+CanNotBeUnlinked = This provider can't be unlinked
+CategoryNotSAML = provider %s's category is not SAML
+DoNotExist = the provider: %s does not exist
+InvalidProvider = Invalid captcha provider.
+LinkFirstErr = Please link first
+ProviderNotEnabled = The provider: %s is not enabled for the application
+ProviderNotSupported = The provider type: %s is not supported
+ProviderNotFound = The provider: %s is not found
+ProviderNotFoundForCategory = No provider for category: %s is found for application: %s
+
+[ResourceErr]
+NotAuthorized = You are not authorized to access this resource
+UserIsNil = User is nil for tag: /"avatar/"
+UsernameOrFilePathEmpty = Username or fullFilePath is empty: username = %s, fullFilePath = %s
+
+[SetPasswordErr]
+CanNotContainBlank = New password cannot contain blank space.
+LessThanSixCharacters = New password must have at least 6 characters
+
+[SignUpErr]
+DoNotAllowSignUp = The application does not allow to sign up new account
+SignOutFirst = Please sign out first before signing up
+
+[StorageErr]
+ObjectKeyNotAllowed = The objectKey: %s is not allowed
+
+[TokenErr]
+EmptyClientID = Empty clientId or clientSecret
+InvalidToken = Invalid token
+InvalidAppOrWrongClientSecret = Invalid application or wrong clientSecret
+InvalidClientId = Invalid client_id
+RedirectURIDoNotExist = Redirect URI: %s doesn't exist in the allowed Redirect URI list
+
+[UserErr]
+AffiliationBlankErr = Affiliation cannot be blank
+DisplayNameBlankErr = DisplayName cannot be blank
+DisplayNameInvalid = DisplayName is not valid real name
+DisplayNameCanNotBeEmpty = Display name cannot be empty
+DoNotExist = The user: %s doesn't exist
+DoNotExistInOrg = The user: %s/%s doesn't exist
+DoNotExistSignUp = the user does not exist, please sign up first
+FirstNameBlankErr = FirstName cannot be blank
+FailToImportUsers = Failed to import users
+LastNameBlankErr = LastName cannot be blank
+NameLessThanTwoCharacters = Username must have at least 2 characters
+NameStartWithADigitErr = Username cannot start with a digit
+NameIsEmailErr = Username cannot be an email address
+NameCantainWhitSpaceErr = Username cannot contain white spaces
+NameExistedErr = Username already exists
+NameEmptyErr = Empty username.
+NameTooLang = Username is too long (maximum is 39 characters).
+NameFormatErr = The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.
+PasswordLessThanSixCharacters = Password must have at least 6 characters
+InvalidInformation = Invalid information
+

i18n/languages/locale_ru.ini

@@ -0,0 +1,137 @@
+[ApplicationErr]
+AppNotFound = Application %s not found
+AppNotFoundForUserID = No application is found for userId: %s
+GrantTypeNotSupport = Grant_type: %s is not supported in this application
+HasNoProviders = This application has no providers
+HasNoProvidersOfType = This application has no providers of type
+InvalidID = Invalid application id
+
+[AuthErr]
+AuthStateWrong = State expected: %s, but got: %s
+ChallengeMethodErr = Challenge method should be S256
+CanNotUnlinkUsers = You are not the global admin, you can't unlink other users
+CanNotLinkMySelf = You can't unlink yourself, you are not a member of any application
+CallWebAuthnSigninBegin = Please call WebAuthnSigninBegin first
+NotHuman = Turing test failed.
+Unauthorized = Unauthorized operation
+WrongPasswordManyTimes = WrongPasswordManyTimes
+
+[CasErr]
+ServiceDoNotMatch = Service %s and %s do not match
+
+[EmailErr]
+ExistedErr = Email already exists
+EmptyErr = Email cannot be empty
+EmailInvalid = Email is invalid
+EmailCheckResult = Email: %s
+EmptyParam = Empty parameters for emailForm: %v
+InvalidReceivers = Invalid Email receivers: %s
+UnableGetModifyRule = Unable to get the email modify rule.
+
+[EnforcerErr]
+SignInFirst = Please sign in first
+
+[InitErr]
+InitScoreFailed = Get init score failed, error: %%w
+
+[LdapErr]
+MultipleAccounts = Multiple accounts with same uid, please check your ldap server
+PasswordWrong = Ldap user name or password incorrect
+ServerExisted = Ldap server exist
+
+[LoginErr]
+AppDoNotExist = The application: %s does not exist
+AppNotEnableSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support
+AccountDoNotExist = The account does not exist
+InvalidUserInformation = Failed to create user, user information is invalid: %s
+LoginFirst = Please login first
+LoginFail = Failed to login in: %s
+NoPermission = You don't have the permission to do this
+OldUser = The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)
+ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
+SessionOutdated = Session outdated, please login again
+SignOutFirst = Please sign out first before signing in
+UserDoNotExist = The user: %s/%s doesn't exist
+UserIsForbidden = The user is forbidden to sign in, please contact the administrator
+UnknownAuthentication = Unknown authentication type (not password or provider), form = %s
+UnsupportedPasswordType = unsupported password type: %s
+
+[OrgErr]
+DoNotExist = Organization does not exist
+Immutable = The %s is immutable.
+OnlyAdmin = Only admin can modify the %s.
+UnknownModifyRule = Unknown modify rule %s.
+
+[ParameterErr]
+OrgMissingErr = Parameter organization is missing
+Missing = Missing parameter
+UnknownType = Unknown type
+Wrong = Wrong parameter
+
+[PhoneErr]
+CodeNotSent = Code has not been sent yet!
+CodeTimeOut = You should verify your code in %d min!
+ExistedErr = Phone already exists
+EmptyErr = Phone cannot be empty
+InvalidReceivers = Invalid phone receivers: %s
+NumberInvalid = Phone number is invalid
+NoPrefix = %s No phone prefix
+PhoneCheckResult = Phone: %s
+UnableGetModifyRule = Unable to get the phone modify rule.
+
+[ProviderErr]
+CanNotBeUnlinked = This provider can't be unlinked
+CategoryNotSAML = provider %s's category is not SAML
+DoNotExist = the provider: %s does not exist
+InvalidProvider = Invalid captcha provider.
+LinkFirstErr = Please link first
+ProviderNotEnabled = The provider: %s is not enabled for the application
+ProviderNotSupported = The provider type: %s is not supported
+ProviderNotFound = The provider: %s is not found
+ProviderNotFoundForCategory = No provider for category: %s is found for application: %s
+
+[ResourceErr]
+NotAuthorized = You are not authorized to access this resource
+UserIsNil = User is nil for tag: /"avatar/"
+UsernameOrFilePathEmpty = Username or fullFilePath is empty: username = %s, fullFilePath = %s
+
+[SetPasswordErr]
+CanNotContainBlank = New password cannot contain blank space.
+LessThanSixCharacters = New password must have at least 6 characters
+
+[SignUpErr]
+DoNotAllowSignUp = The application does not allow to sign up new account
+SignOutFirst = Please sign out first before signing up
+
+[StorageErr]
+ObjectKeyNotAllowed = The objectKey: %s is not allowed
+
+[TokenErr]
+EmptyClientID = Empty clientId or clientSecret
+InvalidToken = Invalid token
+InvalidAppOrWrongClientSecret = Invalid application or wrong clientSecret
+InvalidClientId = Invalid client_id
+RedirectURIDoNotExist = Redirect URI: %s doesn't exist in the allowed Redirect URI list
+
+[UserErr]
+AffiliationBlankErr = Affiliation cannot be blank
+DisplayNameBlankErr = DisplayName cannot be blank
+DisplayNameInvalid = DisplayName is not valid real name
+DisplayNameCanNotBeEmpty = Display name cannot be empty
+DoNotExist = The user: %s doesn't exist
+DoNotExistInOrg = The user: %s/%s doesn't exist
+DoNotExistSignUp = the user does not exist, please sign up first
+FirstNameBlankErr = FirstName cannot be blank
+FailToImportUsers = Failed to import users
+LastNameBlankErr = LastName cannot be blank
+NameLessThanTwoCharacters = Username must have at least 2 characters
+NameStartWithADigitErr = Username cannot start with a digit
+NameIsEmailErr = Username cannot be an email address
+NameCantainWhitSpaceErr = Username cannot contain white spaces
+NameExistedErr = Username already exists
+NameEmptyErr = Empty username.
+NameTooLang = Username is too long (maximum is 39 characters).
+NameFormatErr = The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.
+PasswordLessThanSixCharacters = Password must have at least 6 characters
+InvalidInformation = Invalid information
+

i18n/languages/locale_zh.ini

@@ -0,0 +1,137 @@
+[ApplicationErr]
+AppNotFound = 应用 %%s 未找到
+AppNotFoundForUserID = 找不到该用户的应用程序 %s
+GrantTypeNotSupport = 此应用中不支持此授权类型
+HasNoProviders = 该应用无提供商
+HasNoProvidersOfType = 应用没有该类型的提供商
+InvalidID = 无效的Application ID
+
+[AuthErr]
+AuthStateWrong = 期望状态位: %s, 实际状态为: %s
+ChallengeMethodErr = Challenge 方法应该为 S256
+CanNotUnlinkUsers = 您不是全局管理员，无法取消链接其他用户
+CanNotLinkMySelf = 您无法取消链接，您不是任何应用程序的成员
+CallWebAuthnSigninBegin = 请先调用WebAuthnSigninBegin
+NotHuman = 真人验证失败
+Unauthorized = 未授权的操作
+WrongPasswordManyTimes = 输入密码错误次数已达上限，请在 %d 分 %d 秒后重试
+
+[CasErr]
+ServiceDoNotMatch = 服务 %s 与 %s 不匹配
+
+[EmailErr]
+ExistedErr = 该邮箱已存在
+EmptyErr = 邮箱不可为空
+EmailInvalid = 无效邮箱
+EmailCheckResult = Email: %s
+EmptyParam = 邮件参数为空: %v
+InvalidReceivers = 无效的邮箱接收者: %%s
+UnableGetModifyRule = 无法得到Email修改规则
+
+[EnforcerErr]
+SignInFirst = 请先登录
+
+[InitErr]
+InitScoreFailed = 初始化分数失败: %w
+
+[LdapErr]
+MultipleAccounts = 多个帐户具有相同的uid，请检查您的 ldap 服务器
+PasswordWrong = Ldap密码错误
+ServerExisted = Ldap服务器已存在
+
+[LoginErr]
+AppDoNotExist = 应用不存在: %s
+AppNotEnableSignUp = 提供商账户: %s 与用户名: %s (%s) 不存在且 不允许注册新账户, 请联系IT支持
+AccountDoNotExist = 账户不存在
+InvalidUserInformation = 创建用户失败，用户信息无效: %%s
+LoginFirst = 请先登录
+LoginFail = 无法登录: %s
+NoPermission = 您没有权限执行此操作
+OldUser = 提供商账户: %s 与用户名: %s (%s) 已经与其他账户绑定: %s (%s)
+ProviderCanNotSignUp = 提供商账户: %s 与用户名: %s (%s) 不存在且 不允许通过 %s 注册新账户, 请使用其他方式注册
+SignOutFirst = 请在登录前登出
+SessionOutdated = Session已过期，请重新登陆
+UserDoNotExist = 用户不存在: %s/%s
+UserIsForbidden = 该用户被禁止登陆，请联系管理员
+UnknownAuthentication = 未知的认证类型 (非密码或提供商认证), form = %s
+UnsupportedPasswordType = 不支持此密码类型
+
+[OrgErr]
+DoNotExist = 组织不存在
+Immutable = %s是不可变的
+OnlyAdmin = 只有管理员用户有此权限
+UnknownModifyRule = 未知的修改规则
+
+[ParameterErr]
+Missing = 参数丢失
+OrgMissingErr = Organization参数丢失
+UnknownType = 未知类型
+Wrong = 参数错误
+
+[PhoneErr]
+CodeNotSent = 验证码还未发送
+CodeTimeOut = 验证码过期
+ExistedErr = 该电话已存在
+EmptyErr = 电话不可为空
+InvalidReceivers = 无效的电话接收者: %s
+NumberInvalid = 无效电话
+PhoneCheckResult = 电话: %s
+UnableGetModifyRule = 无法得到电话修改规则
+NoPrefix = %s 无此电话前缀
+
+[ProviderErr]
+CanNotBeUnlinked = 该提供商不可被链接
+InvalidProvider = 无效的验证码提供商
+LinkFirstErr = 请先绑定
+ProviderNotEnabled = 提供商: %s 未被启用
+ProviderNotSupported = 不支持该类型的提供商: %s
+ProviderNotFound = 该提供商未找到: %s
+ProviderNotFoundForCategory = 该类型的提供商: %s 在应用中未找到: %s
+DoNotExist = 提供商: %s 不存在
+CategoryNotSAML = 提供商 %s类型不是SAML
+
+[ResourceErr]
+NotAuthorized = 您无权获取此资源
+UserIsNil = 用户头像标签为空
+UsernameOrFilePathEmpty = username或FilePath为空: username = %s, fullFilePath = %s
+
+[SetPasswordErr]
+CanNotContainBlank = 新密码不可以包含空客
+LessThanSixCharacters = 新密码至少为6位
+
+[SignUpErr]
+DoNotAllowSignUp = 该应用不允许注册新账户
+SignOutFirst = 请在登陆前登出
+
+[TokenErr]
+EmptyClientID = clientId或clientSecret为空
+InvalidAppOrWrongClientSecret = 无效应用或错误的clientSecret
+InvalidToken = 无效token
+InvalidClientId = 无效的ClientId
+RedirectURIDoNotExist = 重定向 URI：%s 在可列表中未找到
+
+[UserErr]
+AffiliationBlankErr = 联系方式不可为空
+DisplayNameBlankErr = 展示名称不可为空
+DisplayNameInvalid = 展示名称无效
+DisplayNameCanNotBeEmpty = 展示名称不可为空
+DoNotExist = 用户不存在: %s
+DoNotExistInOrg = 用户不存在: %s/%s
+FirstNameBlankErr = 名不可以为空
+FailToImportUsers = 导入用户失败
+LastNameBlankErr = 姓不可以为空
+NameLessThanTwoCharacters = 用户名至少要有2个字符
+NameStartWithADigitErr = 用户名禁止使用数字作为第一个字符
+NameIsEmailErr = 用户名不可以是邮箱地址
+NameCantainWhitSpaceErr = 用户名不可以包含空格
+NameExistedErr = 用户名已存在
+NameEmptyErr = 用户名不可为空
+NameTooLang = 用户名过长（最大长度为39个字符）
+NameFormatErr = 用户名只能包含字母数字字符、下划线或连字符，不能有连续的连字符或下划线，也不能以连字符或下划线开头或结尾
+PasswordLessThanSixCharacters = 密码至少为6字符
+DoNotExistSignUp = 用户不存在，请先注册
+InvalidInformation = 无效信息
+
+[StorageErr]
+ObjectKeyNotAllowed = object key :%s 不被允许
+

i18n/util.go

@@ -15,10 +15,21 @@
 package i18n
 
 import (
+	"embed"
 	"fmt"
+	"log"
 	"strings"
 
 	"github.com/casdoor/casdoor/util"
+	"gopkg.in/ini.v1"
+)
+
+//go:embed languages/*.ini
+var f embed.FS
+
+var (
+	langMapConfig  = make(map[string]*ini.File)
+	isNotFirstLoad = make(map[string]bool)
 )
 
 func getI18nFilePath(language string) string {
@@ -62,3 +73,20 @@ func applyData(data1 *I18nData, data2 *I18nData) {
 		}
 	}
 }
+
+func Translate(lang string, error string) string {
+	parts := strings.Split(error, ".")
+	if !strings.Contains(error, ".") || len(parts) != 2 {
+		log.Println("Invalid Error Name")
+		return ""
+	}
+
+	if isNotFirstLoad[lang] {
+		return langMapConfig[lang].Section(parts[0]).Key(parts[1]).String()
+	} else {
+		file, _ := f.ReadFile("languages/locale_" + lang + ".ini")
+		langMapConfig[lang], _ = ini.Load(file)
+		isNotFirstLoad[lang] = true
+		return langMapConfig[lang].Section(parts[0]).Key(parts[1]).String()
+	}
+}

idp/goth.go

@@ -282,7 +282,7 @@ func getUser(gothUser goth.User, provider string) *UserInfo {
 		}
 	}
 	if provider == "steam" {
-		user.Username = user.DisplayName
+		user.Username = user.Id
 		user.Email = ""
 	}
 	return &user

object/adapter.go

@@ -19,11 +19,13 @@ import (
 	"runtime"
 
 	"github.com/beego/beego"
+	xormadapter "github.com/casbin/xorm-adapter/v3"
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/util"
 	_ "github.com/denisenkom/go-mssqldb" // db = mssql
 	_ "github.com/go-sql-driver/mysql"   // db = mysql
 	_ "github.com/lib/pq"                // db = postgres
+	"xorm.io/xorm/migrate"
 	//_ "github.com/mattn/go-sqlite3"    // db = sqlite3
 	"xorm.io/core"
 	"xorm.io/xorm"
@@ -40,6 +42,7 @@ func InitConfig() {
 	beego.BConfig.WebConfig.Session.SessionOn = true
 
 	InitAdapter(true)
+	initMigrations()
 }
 
 func InitAdapter(createDatabase bool) {
@@ -214,6 +217,11 @@ func (a *Adapter) createTable() {
 	if err != nil {
 		panic(err)
 	}
+
+	err = a.Engine.Sync2(new(xormadapter.CasbinRule))
+	if err != nil {
+		panic(err)
+	}
 }
 
 func GetSession(owner string, offset, limit int, field, value, sortField, sortOrder string) *xorm.Session {
@@ -239,3 +247,22 @@ func GetSession(owner string, offset, limit int, field, value, sortField, sortOr
 	}
 	return session
 }
+
+func initMigrations() {
+	migrations := []*migrate.Migration{
+		{
+			ID: "20221015CasbinRule--fill ptype field with p",
+			Migrate: func(tx *xorm.Engine) error {
+				_, err := tx.Cols("ptype").Update(&xormadapter.CasbinRule{
+					Ptype: "p",
+				})
+				return err
+			},
+			Rollback: func(tx *xorm.Engine) error {
+				return tx.DropTables(&xormadapter.CasbinRule{})
+			},
+		},
+	}
+	m := migrate.New(adapter.Engine, migrate.DefaultOptions, migrations)
+	m.Migrate()
+}

object/application.go

@@ -70,6 +70,7 @@ type Application struct {
 	SigninHtml           string   `xorm:"mediumtext" json:"signinHtml"`
 	FormCss              string   `xorm:"text" json:"formCss"`
 	FormOffset           int      `json:"formOffset"`
+	FormSideHtml         string   `xorm:"mediumtext" json:"formSideHtml"`
 	FormBackgroundUrl    string   `xorm:"varchar(200)" json:"formBackgroundUrl"`
 }
 

object/avatar.go

@@ -50,7 +50,7 @@ func downloadFile(url string) (*bytes.Buffer, error) {
 	return fileBuffer, nil
 }
 
-func getPermanentAvatarUrl(organization string, username string, url string) string {
+func getPermanentAvatarUrl(organization string, username string, url string, upload bool) string {
 	if url == "" {
 		return ""
 	}
@@ -62,6 +62,14 @@ func getPermanentAvatarUrl(organization string, username string, url string) str
 	fullFilePath := fmt.Sprintf("/avatar/%s/%s.png", organization, username)
 	uploadedFileUrl, _ := getUploadFileUrl(defaultStorageProvider, fullFilePath, false)
 
+	if upload {
+		DownloadAndUpload(url, fullFilePath)
+	}
+
+	return uploadedFileUrl
+}
+
+func DownloadAndUpload(url string, fullFilePath string) {
 	fileBuffer, err := downloadFile(url)
 	if err != nil {
 		panic(err)
@@ -71,6 +79,4 @@ func getPermanentAvatarUrl(organization string, username string, url string) str
 	if err != nil {
 		panic(err)
 	}
-
-	return uploadedFileUrl
 }

object/avatar_test.go

@@ -32,7 +32,7 @@ func TestSyncPermanentAvatars(t *testing.T) {
 			continue
 		}
 
-		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar)
+		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar, true)
 		updateUserColumn("permanent_avatar", user)
 		fmt.Printf("[%d/%d]: Update user: [%s]'s permanent avatar: %s\n", i, len(users), user.GetId(), user.PermanentAvatar)
 	}

object/casbin_adapter.go

@@ -22,7 +22,6 @@ import (
 	"github.com/casbin/casbin/v2/model"
 	xormadapter "github.com/casbin/xorm-adapter/v3"
 	"github.com/casdoor/casdoor/util"
-
 	"xorm.io/core"
 )
 

object/check.go

@@ -22,6 +22,7 @@ import (
 	"unicode"
 
 	"github.com/casdoor/casdoor/cred"
+	"github.com/casdoor/casdoor/i18n"
 	"github.com/casdoor/casdoor/util"
 	goldap "github.com/go-ldap/ldap/v3"
 )
@@ -41,84 +42,89 @@ func init() {
 	reFieldWhiteList, _ = regexp.Compile(`^[A-Za-z0-9]+$`)
 }
 
-func CheckUserSignup(application *Application, organization *Organization, username string, password string, displayName string, firstName string, lastName string, email string, phone string, affiliation string) string {
+func CheckUserSignup(application *Application, organization *Organization, username string, password string, displayName string, firstName string, lastName string, email string, phone string, affiliation string, lang string) string {
 	if organization == nil {
-		return "organization does not exist"
+		return i18n.Translate(lang, "OrgErr.DoNotExist")
 	}
 
 	if application.IsSignupItemVisible("Username") {
 		if len(username) <= 1 {
-			return "username must have at least 2 characters"
+			return i18n.Translate(lang, "UserErr.NameLessThanTwoCharacters")
 		}
 		if unicode.IsDigit(rune(username[0])) {
-			return "username cannot start with a digit"
+			return i18n.Translate(lang, "UserErr.NameStartWithADigitErr")
 		}
 		if util.IsEmailValid(username) {
-			return "username cannot be an email address"
+			return i18n.Translate(lang, "UserErr.NameIsEmailErr")
 		}
 		if reWhiteSpace.MatchString(username) {
-			return "username cannot contain white spaces"
+			return i18n.Translate(lang, "UserErr.NameCantainWhitSpaceErr")
 		}
+		msg := CheckUsername(username, lang)
+		if msg != "" {
+			return msg
+		}
+
 		if HasUserByField(organization.Name, "name", username) {
-			return "username already exists"
+			return i18n.Translate(lang, "UserErr.NameExistedErr")
 		}
 		if HasUserByField(organization.Name, "email", email) {
-			return "email already exists"
+			return i18n.Translate(lang, "EmailErr.ExistedErr")
 		}
 		if HasUserByField(organization.Name, "phone", phone) {
-			return "phone already exists"
+			return i18n.Translate(lang, "PhoneErr.ExistedErr")
 		}
 	}
 
 	if len(password) <= 5 {
-		return "password must have at least 6 characters"
+		return i18n.Translate(lang, "UserErr.PasswordLessThanSixCharacters")
 	}
 
 	if application.IsSignupItemVisible("Email") {
 		if email == "" {
 			if application.IsSignupItemRequired("Email") {
-				return "email cannot be empty"
+				return i18n.Translate(lang, "EmailErr.EmptyErr")
 			} else {
 				return ""
 			}
 		}
 
 		if HasUserByField(organization.Name, "email", email) {
-			return "email already exists"
+			return i18n.Translate(lang, "EmailErr.ExistedErr")
 		} else if !util.IsEmailValid(email) {
-			return "email is invalid"
+			return i18n.Translate(lang, "EmailErr.EmailInvalid")
 		}
 	}
 
 	if application.IsSignupItemVisible("Phone") {
 		if phone == "" {
 			if application.IsSignupItemRequired("Phone") {
-				return "phone cannot be empty"
+				return i18n.Translate(lang, "PhoneErr.EmptyErr")
 			} else {
 				return ""
 			}
 		}
 
 		if HasUserByField(organization.Name, "phone", phone) {
-			return "phone already exists"
+			return i18n.Translate(lang, "PhoneErr.ExistedErr")
 		} else if organization.PhonePrefix == "86" && !util.IsPhoneCnValid(phone) {
-			return "phone number is invalid"
+			return i18n.Translate(lang, "PhoneErr.NumberInvalid")
 		}
 	}
 
 	if application.IsSignupItemVisible("Display name") {
 		if application.GetSignupItemRule("Display name") == "First, last" && (firstName != "" || lastName != "") {
 			if firstName == "" {
-				return "firstName cannot be blank"
+				return i18n.Translate(lang, "UserErr.FirstNameBlankErr")
 			} else if lastName == "" {
-				return "lastName cannot be blank"
+				return i18n.Translate(lang, "UserErr.LastNameBlankErr")
 			}
 		} else {
 			if displayName == "" {
-				return "displayName cannot be blank"
+				return i18n.Translate(lang, "UserErr.DisplayNameBlankErr")
 			} else if application.GetSignupItemRule("Display name") == "Real name" {
 				if !isValidRealName(displayName) {
-					return "displayName is not valid real name"
+					return i18n.Translate(lang, "UserErr.DisplayNameInvalid")
 				}
 			}
 		}
@@ -126,14 +132,14 @@ func CheckUserSignup(application *Application, organization *Organization, usern
 
 	if application.IsSignupItemVisible("Affiliation") {
 		if affiliation == "" {
-			return "affiliation cannot be blank"
+			return i18n.Translate(lang, "UserErr.AffiliationBlankErr")
 		}
 	}
 
 	return ""
 }
 
-func checkSigninErrorTimes(user *User) string {
+func checkSigninErrorTimes(user *User, lang string) string {
 	if user.SigninWrongTimes >= SigninWrongTimesLimit {
 		lastSignWrongTime, _ := time.Parse(time.RFC3339, user.LastSigninWrongTime)
 		passedTime := time.Now().UTC().Sub(lastSignWrongTime)
@@ -141,7 +147,7 @@ func checkSigninErrorTimes(user *User) string {
 
 		// deny the login if the error times is greater than the limit and the last login time is less than the duration
 		if seconds > 0 {
-			return fmt.Sprintf("You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again", seconds/60, seconds%60)
+			return fmt.Sprintf(i18n.Translate(lang, "AuthErr.WrongPasswordManyTimes"), seconds/60, seconds%60)
 		}
 
 		// reset the error times
@@ -153,15 +159,15 @@ func checkSigninErrorTimes(user *User) string {
 	return ""
 }
 
-func CheckPassword(user *User, password string) string {
+func CheckPassword(user *User, password string, lang string) string {
 	// check the login error times
-	if msg := checkSigninErrorTimes(user); msg != "" {
+	if msg := checkSigninErrorTimes(user, lang); msg != "" {
 		return msg
 	}
 
 	organization := GetOrganizationByUser(user)
 	if organization == nil {
-		return "organization does not exist"
+		return i18n.Translate(lang, "OrgErr.DoNotExist")
 	}
 
 	credManager := cred.GetCredManager(organization.PasswordType)
@@ -180,11 +186,11 @@ func CheckPassword(user *User, password string) string {
 
 		return recordSigninErrorInfo(user)
 	} else {
-		return fmt.Sprintf("unsupported password type: %s", organization.PasswordType)
+		return fmt.Sprintf(i18n.Translate(lang, "LoginErr.UnsupportedPasswordType"), organization.PasswordType)
 	}
 }
 
-func checkLdapUserPassword(user *User, password string) (*User, string) {
+func checkLdapUserPassword(user *User, password string, lang string) (*User, string) {
 	ldaps := GetLdaps(user.Owner)
 	ldapLoginSuccess := false
 	for _, ldapServer := range ldaps {
@@ -204,7 +210,7 @@ func checkLdapUserPassword(user *User, password string) (*User, string) {
 		if len(searchResult.Entries) == 0 {
 			continue
 		} else if len(searchResult.Entries) > 1 {
-			return nil, "Error: multiple accounts with same uid, please check your ldap server"
+			return nil, i18n.Translate(lang, "LdapErr.MultipleAccounts")
 		}
 
 		dn := searchResult.Entries[0].DN
@@ -215,26 +221,26 @@ func checkLdapUserPassword(user *User, password string) (*User, string) {
 	}
 
 	if !ldapLoginSuccess {
-		return nil, "ldap user name or password incorrect"
+		return nil, i18n.Translate(lang, "LdapErr.PasswordWrong")
 	}
 	return user, ""
 }
 
-func CheckUserPassword(organization string, username string, password string) (*User, string) {
+func CheckUserPassword(organization string, username string, password string, lang string) (*User, string) {
 	user := GetUserByFields(organization, username)
 	if user == nil || user.IsDeleted == true {
-		return nil, "the user does not exist, please sign up first"
+		return nil, i18n.Translate(lang, "UserErr.DoNotExistSignUp")
 	}
 
 	if user.IsForbidden {
-		return nil, "the user is forbidden to sign in, please contact the administrator"
+		return nil, i18n.Translate(lang, "LoginErr.UserIsForbidden")
 	}
 
 	if user.Ldap != "" {
 		// ONLY for ldap users
-		return checkLdapUserPassword(user, password)
+		return checkLdapUserPassword(user, password, lang)
 	} else {
-		msg := CheckPassword(user, password)
+		msg := CheckPassword(user, password, lang)
 		if msg != "" {
 			return nil, msg
 		}
@@ -246,15 +252,15 @@ func filterField(field string) bool {
 	return reFieldWhiteList.MatchString(field)
 }
 
-func CheckUserPermission(requestUserId, userId, userOwner string, strict bool) (bool, error) {
+func CheckUserPermission(requestUserId, userId, userOwner string, strict bool, lang string) (bool, error) {
 	if requestUserId == "" {
-		return false, fmt.Errorf("please login first")
+		return false, fmt.Errorf(i18n.Translate(lang, "LoginErr.LoginFirst"))
 	}
 
 	if userId != "" {
 		targetUser := GetUser(userId)
 		if targetUser == nil {
-			return false, fmt.Errorf("the user: %s doesn't exist", userId)
+			return false, fmt.Errorf(i18n.Translate(lang, "UserErr.DoNotExist"), userId)
 		}
 
 		userOwner = targetUser.Owner
@@ -266,7 +272,7 @@ func CheckUserPermission(requestUserId, userId, userOwner string, strict bool) (
 	} else {
 		requestUser := GetUser(requestUserId)
 		if requestUser == nil {
-			return false, fmt.Errorf("session outdated, please login again")
+			return false, fmt.Errorf(i18n.Translate(lang, "LoginErr.SessionOutdated"))
 		}
 		if requestUser.IsGlobalAdmin {
 			hasPermission = true
@@ -281,7 +287,7 @@ func CheckUserPermission(requestUserId, userId, userOwner string, strict bool) (
 		}
 	}
 
-	return hasPermission, fmt.Errorf("you don't have the permission to do this")
+	return hasPermission, fmt.Errorf(i18n.Translate(lang, "LoginErr.NoPermission"))
 }
 
 func CheckAccessPermission(userId string, application *Application) (bool, error) {
@@ -313,3 +319,41 @@ func CheckAccessPermission(userId string, application *Application) (bool, error
 	}
 	return allowed, err
 }
+
+func CheckUsername(username string, lang string) string {
+	if username == "" {
+		return i18n.Translate(lang, "UserErr.NameEmptyErr")
+	} else if len(username) > 39 {
+		return i18n.Translate(lang, "UserErr.NameTooLang")
+	}
+
+	exclude, _ := regexp.Compile("^[\u0021-\u007E]+$")
+	if !exclude.MatchString(username) {
+		return ""
+	}
+
+	// https://stackoverflow.com/questions/58726546/github-username-convention-using-regex
+	re, _ := regexp.Compile("^[a-zA-Z0-9]+((?:-[a-zA-Z0-9]+)|(?:_[a-zA-Z0-9]+))*$")
+	if !re.MatchString(username) {
+		return i18n.Translate(lang, "UserErr.NameFormatErr")
+	}
+
+	return ""
+}
+
+func CheckToEnableCaptcha(application *Application) bool {
+	if len(application.Providers) == 0 {
+		return false
+	}
+
+	for _, providerItem := range application.Providers {
+		if providerItem.Provider == nil {
+			continue
+		}
+		if providerItem.Provider.Category == "Captcha" && providerItem.Provider.Type == "Default" {
+			return providerItem.Rule == "Always"
+		}
+	}
+
+	return false
+}

object/init.go

@@ -143,7 +143,7 @@ func initBuiltInApplication() {
 		EnablePassword: true,
 		EnableSignUp:   true,
 		Providers: []*ProviderItem{
-			{Name: "provider_captcha_default", CanSignUp: false, CanSignIn: false, CanUnlink: false, Prompted: false, AlertType: "None", Provider: nil},
+			{Name: "provider_captcha_default", CanSignUp: false, CanSignIn: false, CanUnlink: false, Prompted: false, AlertType: "None", Rule: "None", Provider: nil},
 		},
 		SignupItems: []*SignupItem{
 			{Name: "ID", Visible: false, Required: true, Prompted: false, Rule: "Random"},

object/ldap.go

@@ -409,6 +409,7 @@ func SyncLdapUsers(owner string, users []LdapRespUser, ldapId string) (*[]LdapRe
 				}
 			}
 		}
+
 		if !found && !AddUser(&User{
 			Owner:       owner,
 			Name:        buildLdapUserName(user.Uid, user.UidNumber),

object/ldapserver.go

@@ -62,7 +62,7 @@ func GetFilteredUsers(m *ldapserver.Message, name, org string) ([]*User, int) {
 			return nil, ldapserver.LDAPResultInsufficientAccessRights
 		}
 	} else {
-		hasPermission, err := CheckUserPermission(fmt.Sprintf("%s/%s", m.Client.OrgName, m.Client.UserName), fmt.Sprintf("%s/%s", org, name), org, true)
+		hasPermission, err := CheckUserPermission(fmt.Sprintf("%s/%s", m.Client.OrgName, m.Client.UserName), fmt.Sprintf("%s/%s", org, name), org, true, "en")
 		if !hasPermission {
 			log.Printf("ErrMsg = %v", err.Error())
 			return nil, ldapserver.LDAPResultInsufficientAccessRights

object/organization.go

@@ -18,6 +18,7 @@ import (
 	"fmt"
 
 	"github.com/casdoor/casdoor/cred"
+	"github.com/casdoor/casdoor/i18n"
 	"github.com/casdoor/casdoor/util"
 	"xorm.io/core"
 )
@@ -202,30 +203,30 @@ func GetAccountItemByName(name string, organization *Organization) *AccountItem
 	return nil
 }
 
-func CheckAccountItemModifyRule(accountItem *AccountItem, user *User) (bool, string) {
+func CheckAccountItemModifyRule(accountItem *AccountItem, user *User, lang string) (bool, string) {
 	switch accountItem.ModifyRule {
 	case "Admin":
 		if !(user.IsAdmin || user.IsGlobalAdmin) {
-			return false, fmt.Sprintf("Only admin can modify the %s.", accountItem.Name)
+			return false, fmt.Sprintf(i18n.Translate(lang, "OrgErr.OnlyAdmin"), accountItem.Name)
 		}
 	case "Immutable":
-		return false, fmt.Sprintf("The %s is immutable.", accountItem.Name)
+		return false, fmt.Sprintf(i18n.Translate(lang, "OrgErr.Immutable"), accountItem.Name)
 	case "Self":
 		break
 	default:
-		return false, fmt.Sprintf("Unknown modify rule %s.", accountItem.ModifyRule)
+		return false, fmt.Sprintf(i18n.Translate(lang, "OrgErr.UnknownModifyRule"), accountItem.ModifyRule)
 	}
 	return true, ""
 }
 
-func GetDefaultApplication(id string) *Application {
+func GetDefaultApplication(id string) (*Application, error) {
 	organization := GetOrganization(id)
 	if organization == nil {
-		return nil
+		return nil, fmt.Errorf("The organization: %s does not exist", id)
 	}
 
 	if organization.DefaultApplication != "" {
-		return getApplication("admin", organization.DefaultApplication)
+		return getApplication("admin", organization.DefaultApplication), fmt.Errorf("The default application: %s does not exist", organization.DefaultApplication)
 	}
 
 	applications := []*Application{}
@@ -235,7 +236,7 @@ func GetDefaultApplication(id string) *Application {
 	}
 
 	if len(applications) == 0 {
-		return nil
+		return nil, fmt.Errorf("The application does not exist")
 	}
 
 	defaultApplication := applications[0]
@@ -249,5 +250,5 @@ func GetDefaultApplication(id string) *Application {
 	extendApplicationWithProviders(defaultApplication)
 	extendApplicationWithOrg(defaultApplication)
 
-	return defaultApplication
+	return defaultApplication, nil
 }

object/provider.go

@@ -17,6 +17,7 @@ package object
 import (
 	"fmt"
 
+	"github.com/casdoor/casdoor/i18n"
 	"github.com/casdoor/casdoor/pp"
 	"github.com/casdoor/casdoor/util"
 	"xorm.io/core"
@@ -228,7 +229,7 @@ func (p *Provider) GetId() string {
 	return fmt.Sprintf("%s/%s", p.Owner, p.Name)
 }
 
-func GetCaptchaProviderByOwnerName(applicationId string) (*Provider, error) {
+func GetCaptchaProviderByOwnerName(applicationId, lang string) (*Provider, error) {
 	owner, name := util.GetOwnerAndNameFromId(applicationId)
 	provider := Provider{Owner: owner, Name: name, Category: "Captcha"}
 	existed, err := adapter.Engine.Get(&provider)
@@ -237,26 +238,26 @@ func GetCaptchaProviderByOwnerName(applicationId string) (*Provider, error) {
 	}
 
 	if !existed {
-		return nil, fmt.Errorf("the provider: %s does not exist", applicationId)
+		return nil, fmt.Errorf(i18n.Translate(lang, "ProviderErr.DoNotExist"), applicationId)
 	}
 
 	return &provider, nil
 }
 
-func GetCaptchaProviderByApplication(applicationId, isCurrentProvider string) (*Provider, error) {
+func GetCaptchaProviderByApplication(applicationId, isCurrentProvider, lang string) (*Provider, error) {
 	if isCurrentProvider == "true" {
-		return GetCaptchaProviderByOwnerName(applicationId)
+		return GetCaptchaProviderByOwnerName(applicationId, lang)
 	}
 	application := GetApplication(applicationId)
 	if application == nil || len(application.Providers) == 0 {
-		return nil, fmt.Errorf("invalid application id")
+		return nil, fmt.Errorf(i18n.Translate(lang, "ApplicationErr.InvalidID"))
 	}
 	for _, provider := range application.Providers {
 		if provider.Provider == nil {
 			continue
 		}
 		if provider.Provider.Category == "Captcha" {
-			return GetCaptchaProviderByOwnerName(fmt.Sprintf("%s/%s", provider.Provider.Owner, provider.Provider.Name))
+			return GetCaptchaProviderByOwnerName(fmt.Sprintf("%s/%s", provider.Provider.Owner, provider.Provider.Name), lang)
 		}
 	}
 	return nil, nil

object/provider_item.go

@@ -21,6 +21,7 @@ type ProviderItem struct {
 	CanUnlink bool      `json:"canUnlink"`
 	Prompted  bool      `json:"prompted"`
 	AlertType string    `json:"alertType"`
+	Rule      string    `json:"rule"`
 	Provider  *Provider `json:"provider"`
 }
 

object/saml_sp.go

@@ -24,6 +24,7 @@ import (
 	"strings"
 
 	"github.com/casdoor/casdoor/conf"
+	"github.com/casdoor/casdoor/i18n"
 	saml2 "github.com/russellhaering/gosaml2"
 	dsig "github.com/russellhaering/goxmldsig"
 )
@@ -41,10 +42,10 @@ func ParseSamlResponse(samlResponse string, providerType string) (string, error)
 	return assertionInfo.NameID, nil
 }
 
-func GenerateSamlLoginUrl(id, relayState string) (string, string, error) {
+func GenerateSamlLoginUrl(id, relayState, lang string) (string, string, error) {
 	provider := GetProvider(id)
 	if provider.Category != "SAML" {
-		return "", "", fmt.Errorf("provider %s's category is not SAML", provider.Name)
+		return "", "", fmt.Errorf(i18n.Translate(lang, "ProviderErr.CategoryNotSAML"), provider.Name)
 	}
 	sp, err := buildSp(provider, "")
 	if err != nil {

object/storage.go

@@ -21,6 +21,7 @@ import (
 	"strings"
 
 	"github.com/casdoor/casdoor/conf"
+	"github.com/casdoor/casdoor/i18n"
 	"github.com/casdoor/casdoor/storage"
 	"github.com/casdoor/casdoor/util"
 )
@@ -126,16 +127,16 @@ func UploadFileSafe(provider *Provider, fullFilePath string, fileBuffer *bytes.B
 	return fileUrl, objectKey, nil
 }
 
-func DeleteFile(provider *Provider, objectKey string) error {
+func DeleteFile(provider *Provider, objectKey string, lang string) error {
 	// check fullFilePath is there security issue
 	if strings.Contains(objectKey, "..") {
-		return fmt.Errorf("the objectKey: %s is not allowed", objectKey)
+		return fmt.Errorf(i18n.Translate(lang, "StorageErr.ObjectKeyNotAllowed"), objectKey)
 	}
 
 	endpoint := getProviderEndpoint(provider)
 	storageProvider := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, endpoint)
 	if storageProvider == nil {
-		return fmt.Errorf("the provider type: %s is not supported", provider.Type)
+		return fmt.Errorf(i18n.Translate(lang, "ProviderErr.ProviderNotSupported"), provider.Type)
 	}
 
 	if provider.Domain == "" {

object/syncer_user.go

@@ -120,7 +120,7 @@ func (syncer *Syncer) updateUserForOriginalFields(user *User) (bool, error) {
 	}
 
 	if user.Avatar != oldUser.Avatar && user.Avatar != "" {
-		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar)
+		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar, true)
 	}
 
 	columns := syncer.getCasdoorColumns()

object/token.go

@@ -21,6 +21,7 @@ import (
 	"strings"
 	"time"
 
+	"github.com/casdoor/casdoor/i18n"
 	"github.com/casdoor/casdoor/idp"
 	"github.com/casdoor/casdoor/util"
 	"xorm.io/core"
@@ -238,14 +239,14 @@ func GetTokenByTokenAndApplication(token string, application string) *Token {
 	return &tokenResult
 }
 
-func CheckOAuthLogin(clientId string, responseType string, redirectUri string, scope string, state string) (string, *Application) {
+func CheckOAuthLogin(clientId string, responseType string, redirectUri string, scope string, state string, lang string) (string, *Application) {
 	if responseType != "code" && responseType != "token" && responseType != "id_token" {
-		return fmt.Sprintf("error: grant_type: %s is not supported in this application", responseType), nil
+		return fmt.Sprintf(i18n.Translate(lang, "ApplicationErr.GrantTypeNotSupport"), responseType), nil
 	}
 
 	application := GetApplicationByClientId(clientId)
 	if application == nil {
-		return "Invalid client_id", nil
+		return i18n.Translate(lang, "TokenErr.InvalidClientId"), nil
 	}
 
 	validUri := false
@@ -256,7 +257,7 @@ func CheckOAuthLogin(clientId string, responseType string, redirectUri string, s
 		}
 	}
 	if !validUri {
-		return fmt.Sprintf("Redirect URI: \"%s\" doesn't exist in the allowed Redirect URI list", redirectUri), application
+		return fmt.Sprintf(i18n.Translate(lang, "TokenErr.RedirectURIDoNotExist"), redirectUri), application
 	}
 
 	// Mask application for /api/get-app-login
@@ -264,7 +265,7 @@ func CheckOAuthLogin(clientId string, responseType string, redirectUri string, s
 	return "", application
 }
 
-func GetOAuthCode(userId string, clientId string, responseType string, redirectUri string, scope string, state string, nonce string, challenge string, host string) *Code {
+func GetOAuthCode(userId string, clientId string, responseType string, redirectUri string, scope string, state string, nonce string, challenge string, host string, lang string) *Code {
 	user := GetUser(userId)
 	if user == nil {
 		return &Code{
@@ -279,7 +280,7 @@ func GetOAuthCode(userId string, clientId string, responseType string, redirectU
 		}
 	}
 
-	msg, application := CheckOAuthLogin(clientId, responseType, redirectUri, scope, state)
+	msg, application := CheckOAuthLogin(clientId, responseType, redirectUri, scope, state, lang)
 	if msg != "" {
 		return &Code{
 			Message: msg,
@@ -322,7 +323,7 @@ func GetOAuthCode(userId string, clientId string, responseType string, redirectU
 	}
 }
 
-func GetOAuthToken(grantType string, clientId string, clientSecret string, code string, verifier string, scope string, username string, password string, host string, tag string, avatar string) interface{} {
+func GetOAuthToken(grantType string, clientId string, clientSecret string, code string, verifier string, scope string, username string, password string, host string, tag string, avatar string, lang string) interface{} {
 	application := GetApplicationByClientId(clientId)
 	if application == nil {
 		return &TokenError{
@@ -353,7 +354,7 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
 
 	if tag == "wechat_miniprogram" {
 		// Wechat Mini Program
-		token, tokenError = GetWechatMiniProgramToken(application, code, host, username, avatar)
+		token, tokenError = GetWechatMiniProgramToken(application, code, host, username, avatar, lang)
 	}
 
 	if tokenError != nil {
@@ -559,7 +560,7 @@ func GetPasswordToken(application *Application, username string, password string
 			ErrorDescription: "the user does not exist",
 		}
 	}
-	msg := CheckPassword(user, password)
+	msg := CheckPassword(user, password, "en")
 	if msg != "" {
 		return nil, &TokenError{
 			Error:            InvalidGrant,
@@ -669,7 +670,7 @@ func GetTokenByUser(application *Application, user *User, scope string, host str
 
 // GetWechatMiniProgramToken
 // Wechat Mini Program flow
-func GetWechatMiniProgramToken(application *Application, code string, host string, username string, avatar string) (*Token, *TokenError) {
+func GetWechatMiniProgramToken(application *Application, code string, host string, username string, avatar string, lang string) (*Token, *TokenError) {
 	mpProvider := GetWechatMiniProgramProvider(application)
 	if mpProvider == nil {
 		return nil, &TokenError{
@@ -703,7 +704,7 @@ func GetWechatMiniProgramToken(application *Application, code string, host strin
 		}
 		// Add new user
 		var name string
-		if username != "" {
+		if CheckUsername(username, lang) == "" {
 			name = username
 		} else {
 			name = fmt.Sprintf("wechat-%s", openId)

object/user.go

@@ -386,7 +386,7 @@ func UpdateUser(id string, user *User, columns []string, isGlobalAdmin bool) boo
 	user.UpdateUserHash()
 
 	if user.Avatar != oldUser.Avatar && user.Avatar != "" && user.PermanentAvatar != "*" {
-		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar)
+		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar, false)
 	}
 
 	if len(columns) == 0 {
@@ -419,7 +419,7 @@ func UpdateUserForAllFields(id string, user *User) bool {
 	user.UpdateUserHash()
 
 	if user.Avatar != oldUser.Avatar && user.Avatar != "" {
-		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar)
+		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar, false)
 	}
 
 	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(user)
@@ -449,7 +449,7 @@ func AddUser(user *User) bool {
 	user.UpdateUserHash()
 	user.PreHash = user.Hash
 
-	user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar)
+	user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar, false)
 
 	user.Ranking = GetUserCount(user.Owner, "", "") + 1
 
@@ -474,7 +474,7 @@ func AddUsers(users []*User) bool {
 		user.UpdateUserHash()
 		user.PreHash = user.Hash
 
-		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar)
+		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar, true)
 	}
 
 	affected, err := adapter.Engine.Insert(users)

object/verification.go

@@ -21,6 +21,7 @@ import (
 	"time"
 
 	"github.com/casdoor/casdoor/conf"
+	"github.com/casdoor/casdoor/i18n"
 	"github.com/casdoor/casdoor/util"
 	"xorm.io/core"
 )
@@ -122,11 +123,11 @@ func getVerificationRecord(dest string) *VerificationRecord {
 	return &record
 }
 
-func CheckVerificationCode(dest, code string) string {
+func CheckVerificationCode(dest, code, lang string) string {
 	record := getVerificationRecord(dest)
 
 	if record == nil {
-		return "Code has not been sent yet!"
+		return i18n.Translate(lang, "PhoneErr.CodeNotSent")
 	}
 
 	timeout, err := conf.GetConfigInt64("verificationCodeTimeout")
@@ -136,7 +137,7 @@ func CheckVerificationCode(dest, code string) string {
 
 	now := time.Now().Unix()
 	if now-record.Time > timeout*60 {
-		return fmt.Sprintf("You should verify your code in %d min!", timeout)
+		return fmt.Sprintf(i18n.Translate(lang, "PhoneErr.CodeTimeOut"), timeout)
 	}
 
 	if record.Code != code {
@@ -159,7 +160,7 @@ func DisableVerificationCode(dest string) {
 	}
 }
 
-// from Casnode/object/validateCode.go line 116
+// From Casnode/object/validateCode.go line 116
 var stdNums = []byte("0123456789")
 
 func getRandomCode(length int) string {

routers/authz_filter.go

@@ -63,11 +63,16 @@ func getObject(ctx *context.Context) (string, string) {
 	if method == http.MethodGet {
 		// query == "?id=built-in/admin"
 		id := ctx.Input.Query("id")
-		if id == "" {
+		if id != "" {
-			return "", ""
+			return util.GetOwnerAndNameFromId(id)
 		}
 
-		return util.GetOwnerAndNameFromId(id)
+		owner := ctx.Input.Query("owner")
+		if owner != "" {
+			return owner, ""
+		}
+
+		return "", ""
 	} else {
 		body := ctx.Input.RequestBody
 

routers/auto_signin_filter.go

@@ -62,7 +62,7 @@ func AutoSigninFilter(ctx *context.Context) {
 	password := ctx.Input.Query("password")
 	if userId != "" && password != "" && ctx.Input.Query("grant_type") == "" {
 		owner, name := util.GetOwnerAndNameFromId(userId)
-		_, msg := object.CheckUserPassword(owner, name, password)
+		_, msg := object.CheckUserPassword(owner, name, password, "en")
 		if msg != "" {
 			responseError(ctx, msg)
 			return

web/package.json

@@ -70,6 +70,7 @@
     "eslint-plugin-react": "^7.31.1",
     "husky": "^4.3.8",
     "lint-staged": "^13.0.3",
+    "path-browserify": "^1.0.1",
     "stylelint": "^14.11.0",
     "stylelint-config-recommended-less": "^1.0.4",
     "stylelint-config-standard": "^28.0.0"

web/src/App.js

@@ -16,8 +16,8 @@ import React, {Component} from "react";
 import "./App.less";
 import {Helmet} from "react-helmet";
 import * as Setting from "./Setting";
-import {DownOutlined, LogoutOutlined, SettingOutlined} from "@ant-design/icons";
+import {BarsOutlined, DownOutlined, LogoutOutlined, SettingOutlined} from "@ant-design/icons";
-import {Avatar, BackTop, Button, Card, Dropdown, Layout, Menu, Result} from "antd";
+import {Avatar, BackTop, Button, Card, Drawer, Dropdown, Layout, Menu, Result} from "antd";
 import {Link, Redirect, Route, Switch, withRouter} from "react-router-dom";
 import OrganizationListPage from "./OrganizationListPage";
 import OrganizationEditPage from "./OrganizationEditPage";
@@ -74,6 +74,7 @@ import ModelEditPage from "./ModelEditPage";
 import SystemInfo from "./SystemInfo";
 import AdapterListPage from "./AdapterListPage";
 import AdapterEditPage from "./AdapterEditPage";
+import {withTranslation} from "react-i18next";
 
 const {Header, Footer} = Layout;
 
@@ -85,6 +86,7 @@ class App extends Component {
       selectedMenuKey: 0,
       account: undefined,
       uri: null,
+      menuVisible: false,
     };
 
     Setting.initServerUrl();
@@ -219,10 +221,9 @@ class App extends Component {
         if (res.status === "ok") {
           account = res.data;
           account.organization = res.data2;
-
           this.setLanguage(account);
         } else {
-          if (res.msg !== "Please sign in first") {
+          if (res.data !== "Please login first") {
             Setting.showMessage("error", `Failed to sign in: ${res.msg}`);
           }
         }
@@ -298,12 +299,12 @@ class App extends Component {
       <Menu onClick={this.handleRightDropdownClick.bind(this)}>
         <Menu.Item key="/account">
           <SettingOutlined />
-          &nbsp;
+          &nbsp;&nbsp;
           {i18next.t("account:My Account")}
         </Menu.Item>
         <Menu.Item key="/logout">
           <LogoutOutlined />
-          &nbsp;
+          &nbsp;&nbsp;
           {i18next.t("account:Logout")}
         </Menu.Item>
       </Menu>
@@ -378,6 +379,9 @@ class App extends Component {
           </Link>
         </Menu.Item>
       );
+    }
+
+    if (Setting.isLocalAdminUser(this.state.account)) {
       res.push(
         <Menu.Item key="/users">
           <Link to="/users">
@@ -592,6 +596,18 @@ class App extends Component {
     );
   }
 
+  onClose = () => {
+    this.setState({
+      menuVisible: false,
+    });
+  };
+
+  showMenu = () => {
+    this.setState({
+      menuVisible: true,
+    });
+  };
+
   renderContent() {
     if (!Setting.isMobile()) {
       return (
@@ -610,7 +626,7 @@ class App extends Component {
                   // theme="dark"
                   mode={(Setting.isMobile() && this.isStartPages()) ? "inline" : "horizontal"}
                   selectedKeys={[`${this.state.selectedMenuKey}`]}
-                  style={{lineHeight: "64px", width: "78%", position: "absolute", left: "145px"}}
+                  style={{lineHeight: "64px", position: "absolute", left: "145px", right: "200px"}}
                 >
                   {
                     this.renderMenu()
@@ -643,22 +659,28 @@ class App extends Component {
                 </Link>
               )
             }
-            <Menu
+            <Drawer title={i18next.t("general:Close")} placement="left" visible={this.state.menuVisible} onClose={this.onClose}>
-            // theme="dark"
+              <Menu
-              mode={(Setting.isMobile() && this.isStartPages()) ? "inline" : "horizontal"}
+                // theme="dark"
-              selectedKeys={[`${this.state.selectedMenuKey}`]}
+                mode={(Setting.isMobile()) ? "inline" : "horizontal"}
-              style={{lineHeight: "64px"}}
+                selectedKeys={[`${this.state.selectedMenuKey}`]}
-            >
+                style={{lineHeight: "64px"}}
-              {
+                onClick={this.onClose}
-                this.renderMenu()
+              >
-              }
-              <div style = {{float: "right"}}>
                 {
-                  this.renderAccount()
+                  this.renderMenu()
                 }
-                <SelectLanguageBox />
+              </Menu>
-              </div>
+            </Drawer>
-            </Menu>
+            <Button icon={<BarsOutlined />} onClick={this.showMenu} type="text">
+              {i18next.t("general:Menu")}
+            </Button>
+            <div style = {{float: "right"}}>
+              {
+                this.renderAccount()
+              }
+              <SelectLanguageBox />
+            </div>
           </Header>
           {
             this.renderRouter()
@@ -776,4 +798,4 @@ class App extends Component {
   }
 }
 
-export default withRouter(App);
+export default withRouter(withTranslation()(App));

web/src/App.less

@@ -65,7 +65,7 @@
   right: 0;
 }
 
-.language_box {
+.language-box {
   background: url("@{StaticBaseUrl}/img/muti_language.svg");
   background-size: 25px, 25px;
   background-position: center;
@@ -94,7 +94,39 @@
   align-items: stretch;
 }
 
-.login-content{
+.side-image {
+  display: none;
+
+  @media screen and (min-width: 1100px) {
+    display: block;
+    position: relative;
+    width: 500px;
+    border-right: 0.5px solid rgb(196 203 215);
+  }
+}
+
+.forget-content {
+  padding: 10px 100px 20px;
+  border: 2px solid #fff;
+  border-radius: 7px;
+  background-color: rgb(255 255 255);
+  box-shadow: 0 0 20px rgb(0 0 0 / 20%);
+}
+
+.login-panel {
+  margin-top: 50px;
+  margin-bottom: 50px;
+  display: flex;
+  background-color: rgb(255 255 255);
+  overflow: hidden;
+}
+
+.login-form {
+  text-align: center;
+  padding: 10px;
+}
+
+.login-content {
   display: flex;
   flex-direction: row;
   justify-content: center;
@@ -105,7 +137,9 @@
 }
 
 .loginBackground {
-  height: 100%;
+  display: flex;
+  align-items: center;
+  flex: 1 1 0;
   background: #fff no-repeat;
   background-size: 100% 100%;
   background-attachment: fixed;

web/src/ApplicationEditPage.js

@@ -32,6 +32,7 @@ import copy from "copy-to-clipboard";
 
 import {Controlled as CodeMirror} from "react-codemirror2";
 import "codemirror/lib/codemirror.css";
+
 require("codemirror/theme/material-darker.css");
 require("codemirror/mode/htmlmixed/htmlmixed");
 require("codemirror/mode/xml/xml");
@@ -39,13 +40,51 @@ require("codemirror/mode/css/css");
 
 const {Option} = Select;
 
-const template = {
+const template = `<style>
-  padding: "30px",
+  .login-panel{
-  border: "2px solid #ffffff",
+    padding: 40px 70px 0 70px;
-  borderRadius: "7px",
+    border-radius: 10px;
-  backgroundColor: "#ffffff",
+    background-color: #ffffff;
-  boxShadow: " 0px 0px 20px rgba(0, 0, 0, 0.20)",
+    box-shadow: 0 0 30px 20px rgba(0, 0, 0, 0.20);
-};
+}
+</style>`;
+
+const sideTemplate = `<style>
+  .left-model{
+    text-align: center;
+    padding: 30px;
+    background-color: #8ca0ed;
+    position: absolute;
+    transform: none;
+    width: 100%;
+    height: 100%;
+  }
+  .side-logo{
+    display: flex;
+    align-items: center;
+  }
+  .side-logo span {
+    font-family: Montserrat, sans-serif;
+    font-weight: 900;
+    font-size: 2.4rem;
+    line-height: 1.3;
+    margin-left: 16px;
+    color: #404040;
+  }
+  .img{
+    max-width: none;
+    margin: 41px 0 13px;
+  }
+</style>
+<div class="left-model">
+  <span class="side-logo"> <img src="https://cdn.casbin.org/img/casdoor-logo_1185x256.png" alt="Casdoor" style="width: 120px"> 
+    <span>SSO</span> 
+  </span>
+  <div class="img">
+    <img src="https://cdn.casbin.org/img/casbin.svg" alt="Casdoor"/>
+  </div>
+</div>
+`;
 
 class ApplicationEditPage extends React.Component {
   constructor(props) {
@@ -157,7 +196,6 @@ class ApplicationEditPage extends React.Component {
   }
 
   renderApplication() {
-    const preview = JSON.stringify(template, null, 2);
     return (
       <Card size="small" title={
         <div>
@@ -562,10 +600,10 @@ class ApplicationEditPage extends React.Component {
           </Col>
           <Col span={22} style={(Setting.isMobile()) ? {maxWidth: "100%"} : {}}>
             <Row style={{marginTop: "20px"}} >
-              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 1}>
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
                 {Setting.getLabel(i18next.t("general:URL"), i18next.t("general:URL - Tooltip"))} :
               </Col>
-              <Col span={23} >
+              <Col span={22} >
                 <Input prefix={<LinkOutlined />} value={this.state.application.formBackgroundUrl} onChange={e => {
                   this.updateApplicationField("formBackgroundUrl", e.target.value);
                 }} />
@@ -590,7 +628,7 @@ class ApplicationEditPage extends React.Component {
           <Col span={22}>
             <Popover placement="right" content={
               <div style={{width: "900px", height: "300px"}} >
-                <CodeMirror value={this.state.application.formCss === "" ? preview : this.state.application.formCss}
+                <CodeMirror value={this.state.application.formCss === "" ? template : this.state.application.formCss}
                   options={{mode: "css", theme: "material-darker"}}
                   onBeforeChange={(editor, data, value) => {
                     this.updateApplicationField("formCss", value);
@@ -606,14 +644,42 @@ class ApplicationEditPage extends React.Component {
         </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("application:From position"), i18next.t("application:From position - Tooltip"))} :
+            {Setting.getLabel(i18next.t("application:Form position"), i18next.t("application:Form position - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Radio.Group onChange={e => {this.updateApplicationField("formOffset", e.target.value);}} value={this.state.application.formOffset !== 0 ? this.state.application.formOffset : 8}>
+            <Row style={{marginTop: "20px"}} >
-              <Radio.Button value={2}>left</Radio.Button>
+              <Radio.Group onChange={e => {this.updateApplicationField("formOffset", e.target.value);}} value={this.state.application.formOffset}>
-              <Radio.Button value={8}>center</Radio.Button>
+                <Radio.Button value={1}>{i18next.t("application:Left")}</Radio.Button>
-              <Radio.Button value={14}>right</Radio.Button>
+                <Radio.Button value={2}>{i18next.t("application:Center")}</Radio.Button>
-            </Radio.Group>
+                <Radio.Button value={3}>{i18next.t("application:Right")}</Radio.Button>
+                <Radio.Button value={4}>
+                  {i18next.t("application:Enable side panel")}
+                </Radio.Button>
+              </Radio.Group>
+            </Row>
+            {this.state.application.formOffset === 4 ?
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 3}>
+                  {Setting.getLabel(i18next.t("application:Side panel HTML"), i18next.t("application:Side panel HTML - Tooltip"))} :
+                </Col>
+                <Col span={21} >
+                  <Popover placement="right" content={
+                    <div style={{width: "900px", height: "300px"}} >
+                      <CodeMirror value={this.state.application.formSideHtml === "" ? sideTemplate : this.state.application.formSideHtml}
+                        options={{mode: "htmlmixed", theme: "material-darker"}}
+                        onBeforeChange={(editor, data, value) => {
+                          this.updateApplicationField("formSideHtml", value);
+                        }}
+                      />
+                    </div>
+                  } title={i18next.t("application:Side panel HTML - Edit")} trigger="click">
+                    <Input value={this.state.application.formSideHtml} style={{marginBottom: "10px"}} onChange={e => {
+                      this.updateApplicationField("formSideHtml", e.target.value);
+                    }} />
+                  </Popover>
+                </Col>
+              </Row>
+              : null}
           </Col>
         </Row>
         {
@@ -707,7 +773,7 @@ class ApplicationEditPage extends React.Component {
         <br />
         <div style={{position: "relative", width: "90%", border: "1px solid rgb(217,217,217)", boxShadow: "10px 10px 5px #888888", flexDirection: "column", flex: "auto"}}>
           <PromptPage application={this.state.application} account={this.props.account} />
-          <div style={maskStyle}></div>
+          <div style={maskStyle} />
         </div>
       </Col>
     );

web/src/CropperDiv.js

@@ -12,19 +12,21 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import React, {useState} from "react";
+import React, {useEffect, useState} from "react";
 import Cropper from "react-cropper";
 import "cropperjs/dist/cropper.css";
 import * as Setting from "./Setting";
-import {Button, Col, Modal, Row} from "antd";
+import {Button, Col, Modal, Row, Select} from "antd";
 import i18next from "i18next";
 import * as ResourceBackend from "./backend/ResourceBackend";
 
 export const CropperDiv = (props) => {
+  const [loading, setLoading] = useState(true);
+  const [options, setOptions] = useState([]);
   const [image, setImage] = useState("");
   const [cropper, setCropper] = useState();
-  const [visible, setVisible] = React.useState(false);
+  const [visible, setVisible] = useState(false);
-  const [confirmLoading, setConfirmLoading] = React.useState(false);
+  const [confirmLoading, setConfirmLoading] = useState(false);
   const {title} = props;
   const {user} = props;
   const {buttonText} = props;
@@ -60,7 +62,7 @@ export const CropperDiv = (props) => {
       ResourceBackend.uploadResource(user.owner, user.name, "avatar", "CropperDiv", fullFilePath, blob)
         .then((res) => {
           if (res.status === "ok") {
-            window.location.href = "/account";
+            window.location.href = window.location.pathname;
           } else {
             Setting.showMessage("error", res.msg);
           }
@@ -88,6 +90,48 @@ export const CropperDiv = (props) => {
     uploadButton.click();
   };
 
+  const getOptions = (data) => {
+    const options = [];
+    if (props.account.organization.defaultAvatar !== null) {
+      options.push({value: props.account.organization.defaultAvatar});
+    }
+    for (let i = 0; i < data.length; i++) {
+      if (data[i].fileType === "image") {
+        const url = `${data[i].url}`;
+        options.push({
+          value: url,
+        });
+      }
+    }
+    return options;
+  };
+
+  const getBase64Image = (src) => {
+    return new Promise((resolve) => {
+      const image = new Image();
+      image.src = src;
+      image.setAttribute("crossOrigin", "anonymous");
+      image.onload = () => {
+        const canvas = document.createElement("canvas");
+        canvas.width = image.width;
+        canvas.height = image.height;
+        const ctx = canvas.getContext("2d");
+        ctx.drawImage(image, 0, 0, image.width, image.height);
+        const dataURL = canvas.toDataURL("image/png");
+        resolve(dataURL);
+      };
+    });
+  };
+
+  useEffect(() => {
+    setLoading(true);
+    ResourceBackend.getResources(props.account.owner, props.account.name, "", "", "", "", "", "")
+      .then((res) => {
+        setLoading(false);
+        setOptions(getOptions(res));
+      });
+  }, []);
+
   return (
     <div>
       <Button type="default" onClick={showModal}>
@@ -105,10 +149,20 @@ export const CropperDiv = (props) => {
           [<Button block key="submit" type="primary" onClick={handleOk}>{i18next.t("user:Set new profile picture")}</Button>]
         }
       >
-        <Col style={{margin: "0px auto 40px auto", width: 1000, height: 300}}>
+        <Col style={{margin: "0px auto 60px auto", width: 1000, height: 350}}>
           <Row style={{width: "100%", marginBottom: "20px"}}>
             <input style={{display: "none"}} ref={input => uploadButton = input} type="file" accept="image/*" onChange={onChange} />
             <Button block onClick={selectFile}>{i18next.t("user:Select a photo...")}</Button>
+            <Select
+              style={{width: "100%"}}
+              loading={loading}
+              placeholder={i18next.t("user:Please select avatar from resources")}
+              onChange={(async value => {
+                setImage(await getBase64Image(value));
+              })}
+              options={options}
+              allowClear={true}
+            />
           </Row>
           <Cropper
             style={{height: "100%"}}

web/src/PermissionEditPage.js

@@ -35,6 +35,7 @@ class PermissionEditPage extends React.Component {
       permissionName: props.match.params.permissionName,
       permission: null,
       organizations: [],
+      model: null,
       users: [],
       roles: [],
       models: [],
@@ -59,6 +60,7 @@ class PermissionEditPage extends React.Component {
         this.getRoles(permission.owner);
         this.getModels(permission.owner);
         this.getResources(permission.owner);
+        this.getModel(permission.owner, permission.model);
       });
   }
 
@@ -98,6 +100,15 @@ class PermissionEditPage extends React.Component {
       });
   }
 
+  getModel(organizationName, modelName) {
+    ModelBackend.getModel(organizationName, modelName)
+      .then((res) => {
+        this.setState({
+          model: res,
+        });
+      });
+  }
+
   getResources(organizationName) {
     ApplicationBackend.getApplicationsByOrganization("admin", organizationName)
       .then((res) => {
@@ -115,6 +126,10 @@ class PermissionEditPage extends React.Component {
   }
 
   updatePermissionField(key, value) {
+    if (key === "model") {
+      this.getModel(this.state.permission.owner, value);
+    }
+
     value = this.parsePermissionField(key, value);
 
     const permission = this.state.permission;
@@ -124,6 +139,13 @@ class PermissionEditPage extends React.Component {
     });
   }
 
+  hasRoleDefinition(model) {
+    if (model !== null) {
+      return model.modelText.includes("role_definition");
+    }
+    return false;
+  }
+
   renderPermission() {
     return (
       <Card size="small" title={
@@ -214,7 +236,7 @@ class PermissionEditPage extends React.Component {
             {Setting.getLabel(i18next.t("role:Sub roles"), i18next.t("role:Sub roles - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Select virtual={false} mode="tags" style={{width: "100%"}} value={this.state.permission.roles} onChange={(value => {this.updatePermissionField("roles", value);})}>
+            <Select virtual={false} disabled={!this.hasRoleDefinition(this.state.model)} mode="tags" style={{width: "100%"}} value={this.state.permission.roles} onChange={(value => {this.updatePermissionField("roles", value);})}>
               {
                 this.state.roles.filter(roles => (roles.owner !== this.state.roles.owner || roles.name !== this.state.roles.name)).map((permission, index) => <Option key={index} value={`${permission.owner}/${permission.name}`}>{`${permission.owner}/${permission.name}`}</Option>)
               }

web/src/PermissionListPage.js

@@ -341,7 +341,7 @@ class PermissionListPage extends BaseListPage {
     this.setState({loading: true});
 
     const getPermissions = Setting.isLocalAdminUser(this.props.account) ? PermissionBackend.getPermissions : PermissionBackend.getPermissionsBySubmitter;
-    getPermissions("", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    getPermissions(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         if (res.status === "ok") {
           this.setState({

web/src/ProviderTable.js

@@ -39,7 +39,7 @@ class ProviderTable extends React.Component {
   }
 
   addRow(table) {
-    const row = {name: Setting.getNewRowNameForTable(table, "Please select a provider"), canSignUp: true, canSignIn: true, canUnlink: true, alertType: "None"};
+    const row = {name: Setting.getNewRowNameForTable(table, "Please select a provider"), canSignUp: true, canSignIn: true, canUnlink: true, alertType: "None", rule: "None"};
     if (table === undefined) {
       table = [];
     }
@@ -193,6 +193,28 @@ class ProviderTable extends React.Component {
       //     )
       //   }
       // },
+      {
+        title: i18next.t("application:Rule"),
+        dataIndex: "rule",
+        key: "rule",
+        width: "100px",
+        render: (text, record, index) => {
+          if (record.provider?.category !== "Captcha") {
+            return null;
+          }
+          return (
+            <Select virtual={false} style={{width: "100%"}}
+              value={text}
+              defaultValue="None"
+              onChange={value => {
+                this.updateField(table, index, "rule", value);
+              }} >
+              <Option key="None" value="None">{i18next.t("application:None")}</Option>
+              <Option key="Always" value="Always">{i18next.t("application:Always")}</Option>
+            </Select>
+          );
+        },
+      },
       {
         title: i18next.t("general:Action"),
         key: "action",

web/src/RoleListPage.js

@@ -25,7 +25,7 @@ class RoleListPage extends BaseListPage {
   newRole() {
     const randomName = Setting.getRandomName();
     return {
-      owner: "built-in",
+      owner: this.props.account.owner,
       name: `role_${randomName}`,
       createdTime: moment().format(),
       displayName: `New Role - ${randomName}`,
@@ -211,7 +211,7 @@ class RoleListPage extends BaseListPage {
       value = params.type;
     }
     this.setState({loading: true});
-    RoleBackend.getRoles("", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    RoleBackend.getRoles(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         if (res.status === "ok") {
           this.setState({

web/src/SelectLanguageBox.js

@@ -49,7 +49,7 @@ class SelectLanguageBox extends React.Component {
 
     return (
       <Dropdown overlay={menu} >
-        <div className="language_box" id={this.props.id} style={this.props.style} />
+        <div className="language-box" id={this.props.id} style={this.props.style} />
       </Dropdown>
     );
   }

web/src/Setting.js

@@ -12,9 +12,10 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+import React from "react";
+import {Link, useHistory} from "react-router-dom";
 import {Tag, Tooltip, message} from "antd";
 import {QuestionCircleTwoTone} from "@ant-design/icons";
-import React from "react";
 import {isMobile as isMobileDevice} from "react-device-detect";
 import "./i18n";
 import i18next from "i18next";
@@ -22,6 +23,7 @@ import copy from "copy-to-clipboard";
 import {authConfig} from "./auth/Auth";
 import {Helmet} from "react-helmet";
 import * as Conf from "./Conf";
+import * as path from "path-browserify";
 
 export const ServerUrl = "";
 
@@ -554,7 +556,11 @@ export function changeLanguage(language) {
   localStorage.setItem("language", language);
   changeMomentLanguage(language);
   i18next.changeLanguage(language);
-  window.location.reload(true);
+  // window.location.reload(true);
+}
+
+export function getAcceptLanguage() {
+  return i18next.language + ";q=0.9,en;q=0.8";
 }
 
 export function changeMomentLanguage(language) {
@@ -737,64 +743,97 @@ export function renderLogo(application) {
   }
 }
 
-export function goToLogin(ths, application) {
+export function getLoginLink(application) {
+  let url;
   if (application === null) {
-    return;
+    url = null;
-  }
+  } else if (!application.enablePassword && window.location.pathname.includes("/auto-signup/oauth/authorize")) {
-
+    url = window.location.href.replace("/auto-signup/oauth/authorize", "/login/oauth/authorize");
-  if (!application.enablePassword && window.location.pathname.includes("/auto-signup/oauth/authorize")) {
+  } else if (authConfig.appName === application.name) {
-    const link = window.location.href.replace("/auto-signup/oauth/authorize", "/login/oauth/authorize");
+    url = "/login";
-    goToLink(link);
+  } else if (application.signinUrl === "") {
-    return;
+    url = path.join(application.homepageUrl, "login");
-  }
-
-  if (authConfig.appName === application.name) {
-    goToLinkSoft(ths, "/login");
   } else {
-    if (application.signinUrl === "") {
+    url = application.signinUrl;
-      goToLink(`${application.homepageUrl}/login`);
+  }
-    } else {
+  return url;
-      goToLink(application.signinUrl);
+}
-    }
+
+export function renderLoginLink(application, text) {
+  const url = getLoginLink(application);
+  return renderLink(url, text, null);
+}
+
+export function redirectToLoginPage(application) {
+  const loginLink = getLoginLink(application);
+  const history = useHistory();
+  history.push(loginLink);
+}
+
+function renderLink(url, text, onClick) {
+  if (url === null) {
+    return null;
+  }
+
+  if (url.startsWith("/")) {
+    return (
+      <Link style={{float: "right"}} to={url} onClick={() => {
+        if (onClick !== null) {
+          onClick();
+        }
+      }}>{text}</Link>
+    );
+  } else if (url.startsWith("http")) {
+    return (
+      <a target="_blank" rel="noopener noreferrer" style={{float: "right"}} href={url} onClick={() => {
+        if (onClick !== null) {
+          onClick();
+        }
+      }}>{text}</a>
+    );
+  } else {
+    return null;
   }
 }
 
-export function goToSignup(ths, application) {
+export function renderSignupLink(application, text) {
+  let url;
   if (application === null) {
-    return;
+    url = null;
-  }
+  } else if (!application.enablePassword && window.location.pathname.includes("/login/oauth/authorize")) {
-
+    url = window.location.href.replace("/login/oauth/authorize", "/auto-signup/oauth/authorize");
-  if (!application.enablePassword && window.location.pathname.includes("/login/oauth/authorize")) {
+  } else if (authConfig.appName === application.name) {
-    const link = window.location.href.replace("/login/oauth/authorize", "/auto-signup/oauth/authorize");
+    url = "/signup";
-    goToLink(link);
-    return;
-  }
-
-  if (authConfig.appName === application.name) {
-    goToLinkSoft(ths, "/signup");
   } else {
     if (application.signupUrl === "") {
-      goToLinkSoft(ths, `/signup/${application.name}`);
+      url = `/signup/${application.name}`;
     } else {
-      goToLink(application.signupUrl);
+      url = application.signupUrl;
     }
   }
+
+  const storeSigninUrl = () => {
+    sessionStorage.setItem("signinUrl", window.location.href);
+  };
+
+  return renderLink(url, text, storeSigninUrl);
 }
 
-export function goToForget(ths, application) {
+export function renderForgetLink(application, text) {
+  let url;
   if (application === null) {
-    return;
+    url = null;
-  }
+  } else if (authConfig.appName === application.name) {
-
+    url = "/forget";
-  if (authConfig.appName === application.name) {
-    goToLinkSoft(ths, "/forget");
   } else {
     if (application.forgetUrl === "") {
-      goToLinkSoft(ths, `/forget/${application.name}`);
+      url = `/forget/${application.name}`;
     } else {
-      goToLink(application.forgetUrl);
+      url = application.forgetUrl;
     }
   }
+
+  return renderLink(url, text, null);
 }
 
 export function renderHelmet(application) {

web/src/SignupTable.js

@@ -164,7 +164,7 @@ class SignupTable extends React.Component {
         },
       },
       {
-        title: i18next.t("application:rule"),
+        title: i18next.t("application:Rule"),
         dataIndex: "rule",
         key: "rule",
         width: "155px",

web/src/UserEditPage.js

@@ -17,7 +17,6 @@ import {Button, Card, Col, Input, Result, Row, Select, Spin, Switch} from "antd"
 import * as UserBackend from "./backend/UserBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as Setting from "./Setting";
-import {LinkOutlined} from "@ant-design/icons";
 import i18next from "i18next";
 import CropperDiv from "./CropperDiv.js";
 import * as ApplicationBackend from "./backend/ApplicationBackend";
@@ -232,16 +231,6 @@ class UserEditPage extends React.Component {
             {Setting.getLabel(i18next.t("general:Avatar"), i18next.t("general:Avatar - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Row style={{marginTop: "20px"}} >
-              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-                {i18next.t("general:URL")}:
-              </Col>
-              <Col span={22} >
-                <Input prefix={<LinkOutlined />} value={this.state.user.avatar} onChange={e => {
-                  this.updateUserField("avatar", e.target.value);
-                }} />
-              </Col>
-            </Row>
             <Row style={{marginTop: "20px"}} >
               <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
                 {i18next.t("general:Preview")}:
@@ -661,7 +650,7 @@ class UserEditPage extends React.Component {
     return (
       <div>
         {
-          this.state.loading ? <Spin size="large" /> : (
+          this.state.loading ? <Spin size="large" style={{marginLeft: "50%", marginTop: "10%"}} /> : (
             this.state.user !== null ? this.renderUser() :
               <Result
                 status="404"

web/src/UserListPage.js

@@ -352,7 +352,7 @@ class UserListPage extends BaseListPage {
 
     return (
       <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={users} rowKey="name" size="middle" bordered pagination={paginationProps}
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={users} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
           title={() => (
             <div>
               {i18next.t("general:Users")}&nbsp;&nbsp;&nbsp;&nbsp;
@@ -374,7 +374,7 @@ class UserListPage extends BaseListPage {
     const sortField = params.sortField, sortOrder = params.sortOrder;
     this.setState({loading: true});
     if (this.state.organizationName === undefined) {
-      UserBackend.getGlobalUsers(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      (Setting.isAdminUser(this.props.account) ? UserBackend.getGlobalUsers(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder) : UserBackend.getUsers(this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
         .then((res) => {
           if (res.status === "ok") {
             this.setState({

web/src/auth/AuthBackend.js

@@ -13,11 +13,15 @@
 // limitations under the License.
 
 import {authConfig} from "./Auth";
+import * as Setting from "../Setting";
 
 export function getAccount(query) {
   return fetch(`${authConfig.serverUrl}/api/get-account${query}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -26,6 +30,9 @@ export function signup(values) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(values),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -34,6 +41,9 @@ export function getEmailAndPhone(values) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(values),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then((res) => res.json());
 }
 
@@ -51,6 +61,9 @@ export function getApplicationLogin(oAuthParams) {
   return fetch(`${authConfig.serverUrl}/api/get-app-login${oAuthParamsToQuery(oAuthParams)}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -59,6 +72,9 @@ export function login(values, oAuthParams) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(values),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -67,6 +83,9 @@ export function loginCas(values, params) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(values),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -74,6 +93,9 @@ export function logout() {
   return fetch(`${authConfig.serverUrl}/api/logout`, {
     method: "POST",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -82,6 +104,9 @@ export function unlink(values) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(values),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -89,6 +114,9 @@ export function getSamlLogin(providerId, relayState) {
   return fetch(`${authConfig.serverUrl}/api/get-saml-login?id=${providerId}&relayState=${relayState}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -97,5 +125,8 @@ export function loginWithSaml(values, param) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(values),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }

web/src/auth/ForgetPage.js

@@ -166,7 +166,7 @@ class ForgetPage extends React.Component {
     values.userOwner = this.state.application?.organizationObj.name;
     UserBackend.setPassword(values.userOwner, values.username, "", values?.newPassword).then(res => {
       if (res.status === "ok") {
-        Setting.goToLogin(this, this.state.application);
+        Setting.redirectToLoginPage(this.state.application);
       } else {
         Setting.showMessage("error", i18next.t(`signup:${res.msg}`));
       }
@@ -487,61 +487,65 @@ class ForgetPage extends React.Component {
     }
 
     return (
-      <Row>
+      <div className="loginBackground" style={{backgroundImage: Setting.inIframe() || Setting.isMobile() ? null : `url(${application.formBackgroundUrl})`}}>
-        <Col span={24} style={{justifyContent: "center"}}>
+        <CustomGithubCorner />
+        <div className="login-content forget-content">
           <Row>
-            <Col span={24}>
+            <Col span={24} style={{justifyContent: "center"}}>
-              <div style={{marginTop: "80px", marginBottom: "10px", textAlign: "center"}}>
+              <Row>
-                {
+                <Col span={24}>
-                  Setting.renderHelmet(application)
+                  <div style={{marginTop: "80px", marginBottom: "10px", textAlign: "center"}}>
-                }
+                    {
-                <CustomGithubCorner />
+                      Setting.renderHelmet(application)
-                {
+                    }
-                  Setting.renderLogo(application)
+                    {
-                }
+                      Setting.renderLogo(application)
+                    }
+                  </div>
+                </Col>
+              </Row>
+              <Row>
+                <Col span={24}>
+                  <div style={{textAlign: "center", fontSize: "28px"}}>
+                    {i18next.t("forget:Retrieve password")}
+                  </div>
+                </Col>
+              </Row>
+              <Row>
+                <Col span={24}>
+                  <Steps
+                    current={this.state.current}
+                    style={{
+                      width: "90%",
+                      maxWidth: "500px",
+                      margin: "auto",
+                      marginTop: "80px",
+                    }}
+                  >
+                    <Step
+                      title={i18next.t("forget:Account")}
+                      icon={<UserOutlined />}
+                    />
+                    <Step
+                      title={i18next.t("forget:Verify")}
+                      icon={<SolutionOutlined />}
+                    />
+                    <Step
+                      title={i18next.t("forget:Reset")}
+                      icon={<KeyOutlined />}
+                    />
+                  </Steps>
+                </Col>
+              </Row>
+            </Col>
+            <Col span={24} style={{display: "flex", justifyContent: "center"}}>
+              <div style={{marginTop: "10px", textAlign: "center"}}>
+                {this.renderForm(application)}
               </div>
             </Col>
           </Row>
-          <Row>
+        </div>
-            <Col span={24}>
+      </div>
-              <div style={{textAlign: "center", fontSize: "28px"}}>
-                {i18next.t("forget:Retrieve password")}
-              </div>
-            </Col>
-          </Row>
-          <Row>
-            <Col span={24}>
-              <Steps
-                current={this.state.current}
-                style={{
-                  width: "90%",
-                  maxWidth: "500px",
-                  margin: "auto",
-                  marginTop: "80px",
-                }}
-              >
-                <Step
-                  title={i18next.t("forget:Account")}
-                  icon={<UserOutlined />}
-                />
-                <Step
-                  title={i18next.t("forget:Verify")}
-                  icon={<SolutionOutlined />}
-                />
-                <Step
-                  title={i18next.t("forget:Reset")}
-                  icon={<KeyOutlined />}
-                />
-              </Steps>
-            </Col>
-          </Row>
-        </Col>
-        <Col span={24} style={{display: "flex", justifyContent: "center"}}>
-          <div style={{marginTop: "10px", textAlign: "center"}}>
-            {this.renderForm(application)}
-          </div>
-        </Col>
-      </Row>
     );
   }
 }

web/src/auth/LoginPage.js

@@ -13,7 +13,6 @@
 // limitations under the License.
 
 import React from "react";
-import {Link} from "react-router-dom";
 import {Button, Checkbox, Col, Form, Input, Result, Row, Spin, Tabs} from "antd";
 import {LockOutlined, UserOutlined} from "@ant-design/icons";
 import * as UserWebauthnBackend from "../backend/UserWebauthnBackend";
@@ -29,6 +28,8 @@ import i18next from "i18next";
 import CustomGithubCorner from "../CustomGithubCorner";
 import {CountDownInput} from "../common/CountDownInput";
 import SelectLanguageBox from "../SelectLanguageBox";
+import {withTranslation} from "react-i18next";
+import {CaptchaModal} from "../common/CaptchaModal";
 
 const {TabPane} = Tabs;
 
@@ -48,6 +49,9 @@ class LoginPage extends React.Component {
       validEmail: false,
       validPhone: false,
       loginMethod: "password",
+      enableCaptchaModal: false,
+      openCaptchaModal: false,
+      verifyCaptcha: undefined,
     };
 
     if (this.state.type === "cas" && props.match?.params.casApplicationName !== undefined) {
@@ -68,6 +72,18 @@ class LoginPage extends React.Component {
     }
   }
 
+  componentDidUpdate(prevProps, prevState, snapshot) {
+    if (this.state.application && !prevState.application) {
+      const defaultCaptchaProviderItems = this.getDefaultCaptchaProviderItems(this.state.application);
+
+      if (!defaultCaptchaProviderItems) {
+        return;
+      }
+
+      this.setState({enableCaptchaModal: defaultCaptchaProviderItems.some(providerItem => providerItem.rule === "Always")});
+    }
+  }
+
   getApplicationLogin() {
     const oAuthParams = Util.getOAuthGetParameters();
     AuthBackend.getApplicationLogin(oAuthParams)
@@ -138,6 +154,18 @@ class LoginPage extends React.Component {
     this.props.onUpdateAccount(account);
   }
 
+  parseOffset(offset) {
+    if (offset === 2 || offset === 4 || Setting.inIframe() || Setting.isMobile()) {
+      return "0 auto";
+    }
+    if (offset === 1) {
+      return "0 10%";
+    }
+    if (offset === 3) {
+      return "0 60%";
+    }
+  }
+
   populateOauthValues(values) {
     const oAuthParams = Util.getOAuthGetParameters();
     if (oAuthParams !== null && oAuthParams.responseType !== null && oAuthParams.responseType !== "") {
@@ -155,8 +183,8 @@ class LoginPage extends React.Component {
       values["type"] = "saml";
     }
 
-    if (this.state.owner !== null && this.state.owner !== undefined) {
+    if (this.state.application.organization !== null && this.state.application.organization !== undefined) {
-      values["organization"] = this.state.owner;
+      values["organization"] = this.state.application.organization;
     }
   }
   postCodeLoginAction(res) {
@@ -213,6 +241,23 @@ class LoginPage extends React.Component {
       return;
     }
 
+    if (this.state.loginMethod === "password" && this.state.enableCaptchaModal) {
+      this.setState({
+        openCaptchaModal: true,
+        verifyCaptcha: (captchaType, captchaToken, secret) => {
+          values["captchaType"] = captchaType;
+          values["captchaToken"] = captchaToken;
+          values["clientSecret"] = secret;
+
+          this.login(values);
+        },
+      });
+    } else {
+      this.login(values);
+    }
+  }
+
+  login(values) {
     // here we are supposed to determine whether Casdoor is working as an OAuth server or CAS server
     if (this.state.type === "cas") {
       // CAS
@@ -227,6 +272,8 @@ class LoginPage extends React.Component {
           }
           Util.showMessage("success", msg);
 
+          this.setState({openCaptchaModal: false});
+
           if (casParams.service !== "") {
             const st = res.data;
             const newUrl = new URL(casParams.service);
@@ -234,6 +281,7 @@ class LoginPage extends React.Component {
             window.location.href = newUrl.toString();
           }
         } else {
+          this.setState({openCaptchaModal: false});
           Util.showMessage("error", `Failed to log in: ${res.msg}`);
         }
       });
@@ -246,6 +294,7 @@ class LoginPage extends React.Component {
         .then((res) => {
           if (res.status === "ok") {
             const responseType = values["type"];
+
             if (responseType === "login") {
               Util.showMessage("success", "Logged in successfully");
 
@@ -263,6 +312,7 @@ class LoginPage extends React.Component {
               Setting.goToLink(`${redirectUri}?SAMLResponse=${encodeURIComponent(SAMLResponse)}&RelayState=${oAuthParams.relayState}`);
             }
           } else {
+            this.setState({openCaptchaModal: false});
             Util.showMessage("error", `Failed to log in: ${res.msg}`);
           }
         });
@@ -289,13 +339,11 @@ class LoginPage extends React.Component {
           title="Sign Up Error"
           subTitle={"The application does not allow to sign up new account"}
           extra={[
-            <Link key="login" onClick={() => {
+            <Button type="primary" key="signin" onClick={() => Setting.redirectToLoginPage(application)}>
-              Setting.goToLogin(this, application);
+              {
-            }}>
+                i18next.t("login:Sign In")
-              <Button type="primary" key="signin">
+              }
-                Sign In
+            </Button>,
-              </Button>
-            </Link>,
           ]}
         >
         </Result>
@@ -392,11 +440,9 @@ class LoginPage extends React.Component {
                 {i18next.t("login:Auto sign in")}
               </Checkbox>
             </Form.Item>
-            <a style={{float: "right"}} onClick={() => {
+            {
-              Setting.goToForget(this, application);
+              Setting.renderForgetLink(application, i18next.t("login:Forgot password?"))
-            }}>
+            }
-              {i18next.t("login:Forgot password?")}
-            </a>
           </Form.Item>
           <Form.Item>
             <Button
@@ -410,6 +456,9 @@ class LoginPage extends React.Component {
                   i18next.t("login:Sign In")
               }
             </Button>
+            {
+              this.renderCaptchaModal(application)
+            }
             {
               this.renderFooter(application)
             }
@@ -452,16 +501,54 @@ class LoginPage extends React.Component {
     }
   }
 
+  getDefaultCaptchaProviderItems(application) {
+    const providers = application?.providers;
+
+    if (providers === undefined || providers === null) {
+      return null;
+    }
+
+    return providers.filter(providerItem => {
+      if (providerItem.provider === undefined || providerItem.provider === null) {
+        return false;
+      }
+
+      return providerItem.provider.category === "Captcha" && providerItem.provider.type === "Default";
+    });
+  }
+
+  renderCaptchaModal(application) {
+    if (!this.state.enableCaptchaModal) {
+      return null;
+    }
+
+    const provider = this.getDefaultCaptchaProviderItems(application)
+      .filter(providerItem => providerItem.rule === "Always")
+      .map(providerItem => providerItem.provider)[0];
+
+    return <CaptchaModal
+      owner={provider.owner}
+      name={provider.name}
+      captchaType={provider.type}
+      subType={provider.subType}
+      clientId={provider.clientId}
+      clientId2={provider.clientId2}
+      clientSecret={provider.clientSecret}
+      clientSecret2={provider.clientSecret2}
+      open={this.state.openCaptchaModal}
+      onOk={(captchaType, captchaToken, secret) => this.state.verifyCaptcha?.(captchaType, captchaToken, secret)}
+      canCancel={false}
+    />;
+  }
+
   renderFooter(application) {
     if (this.state.mode === "signup") {
       return (
         <div style={{float: "right"}}>
           {i18next.t("signup:Have account?")}&nbsp;
-          <Link onClick={() => {
+          {
-            Setting.goToLogin(this, application);
+            Setting.renderLoginLink(application, i18next.t("signup:sign in now"))
-          }}>
+          }
-            {i18next.t("signup:sign in now")}
-          </Link>
         </div>
       );
     } else {
@@ -472,12 +559,9 @@ class LoginPage extends React.Component {
               !application.enableSignUp ? null : (
                 <>
                   {i18next.t("login:No account?")}&nbsp;
-                  <a onClick={() => {
+                  {
-                    sessionStorage.setItem("signinUrl", window.location.href);
+                    Setting.renderSignupLink(application, i18next.t("login:sign up now"))
-                    Setting.goToSignup(this, application);
+                  }
-                  }}>
-                    {i18next.t("login:sign up now")}
-                  </a>
                 </>
               )
             }
@@ -694,16 +778,18 @@ class LoginPage extends React.Component {
       );
     }
 
-    const formStyle = Setting.inIframe() ? null : Setting.parseObject(application.formCss);
-
     return (
       <div className="loginBackground" style={{backgroundImage: Setting.inIframe() || Setting.isMobile() ? null : `url(${application.formBackgroundUrl})`}}>
         <CustomGithubCorner />
-        <Row>
+        <div className="login-content" style={{margin: this.parseOffset(application.formOffset)}}>
-          <Col span={8} offset={application.formOffset === 0 || Setting.inIframe() || Setting.isMobile() ? 8 : application.formOffset} style={{display: "flex", justifyContent: "center"}}>
+          {Setting.inIframe() ? null : <div dangerouslySetInnerHTML={{__html: application.formCss}} />}
-            <div className="login-content">
+          <div className="login-panel">
-              <div style={{marginTop: "80px", marginBottom: "50px", textAlign: "center", ...formStyle}}>
+            <SelectLanguageBox id="language-box-corner" style={{top: "50px"}} />
-                <SelectLanguageBox id="language-box-corner" style={{top: "80px", right: "5px"}} />
+            <div className="side-image" style={{display: application.formOffset !== 4 ? "none" : null}}>
+              <div dangerouslySetInnerHTML={{__html: application.formSideHtml}} />
+            </div>
+            <div className="login-form">
+              <div >
                 <div>
                   {
                     Setting.renderHelmet(application)
@@ -723,11 +809,11 @@ class LoginPage extends React.Component {
                 </div>
               </div>
             </div>
-          </Col>
+          </div>
-        </Row>
+        </div>
       </div>
     );
   }
 }
 
-export default LoginPage;
+export default withTranslation()(LoginPage);

web/src/auth/PromptPage.js

@@ -190,7 +190,7 @@ class PromptPage extends React.Component {
           if (redirectUrl !== "" && redirectUrl !== null) {
             Setting.goToLink(redirectUrl);
           } else {
-            Setting.goToLogin(this, this.getApplicationObj());
+            Setting.redirectToLoginPage(this.getApplicationObj());
           }
         } else {
           Setting.showMessage("error", `Failed to log out: ${res.msg}`);
@@ -234,10 +234,10 @@ class PromptPage extends React.Component {
           title="Sign Up Error"
           subTitle={"You are unexpected to see this prompt page"}
           extra={[
-            <Button type="primary" key="signin" onClick={() => {
+            <Button type="primary" key="signin" onClick={() => Setting.redirectToLoginPage(application)}>
-              Setting.goToLogin(this, application);
+              {
-            }}>
+                i18next.t("login:Sign In")
-              Sign In
+              }
             </Button>,
           ]}
         >

web/src/auth/ProviderButton.js

@@ -129,6 +129,32 @@ export function renderProviderLogo(provider, application, width, margin, size, l
       );
     }
 
+  } else if (provider.type === "Custom") {
+    // style definition
+    const text = i18next.t("login:Sign in with {type}").replace("{type}", provider.displayName);
+    const customAStyle = {display: "block", height: "55px", color: "#000"};
+    const customButtonStyle = {display: "flex", alignItems: "center", width: "calc(100% - 10px)", height: "50px", margin: "5px", padding: "0 10px", backgroundColor: "transparent", boxShadow: "0px 1px 3px rgba(0,0,0,0.5)", border: "0px", borderRadius: "3px", cursor: "pointer"};
+    const customImgStyle = {justfyContent: "space-between"};
+    const customSpanStyle = {textAlign: "center", lineHeight: "50px", width: "100%", fontSize: "19px"};
+    if (provider.category === "OAuth") {
+      return (
+        <a key={provider.displayName} href={Provider.getAuthUrl(application, provider, "signup")} style={customAStyle}>
+          <button style={customButtonStyle}>
+            <img width={26} src={getProviderLogoURL(provider)} alt={provider.displayName} style={customImgStyle} />
+            <span style={customSpanStyle}>{text}</span>
+          </button>
+        </a>
+      );
+    } else if (provider.category === "SAML") {
+      return (
+        <a key={provider.displayName} onClick={() => getSamlUrl(provider, location)} style={customAStyle}>
+          <button style={customButtonStyle}>
+            <img width={26} src={getProviderLogoURL(provider)} alt={provider.displayName} style={customImgStyle} />
+            <span style={customSpanStyle}>{text}</span>
+          </button>
+        </a>
+      );
+    }
   } else {
     return (
       <div key={provider.displayName} style={{marginBottom: "10px"}}>

web/src/auth/ResultPage.js

@@ -69,7 +69,7 @@ class ResultPage extends React.Component {
               if (linkInStorage !== null && linkInStorage !== "") {
                 Setting.goToLink(linkInStorage);
               } else {
-                Setting.goToLogin(this, application);
+                Setting.redirectToLoginPage(application);
               }
             }}>
               {i18next.t("login:Sign In")}

web/src/auth/SignupPage.js

@@ -14,7 +14,7 @@
 
 import React from "react";
 import {Link} from "react-router-dom";
-import {Button, Checkbox, Col, Form, Input, Modal, Result, Row} from "antd";
+import {Button, Checkbox, Form, Input, Modal, Result} from "antd";
 import * as Setting from "../Setting";
 import * as AuthBackend from "./AuthBackend";
 import * as ProviderButton from "./ProviderButton";
@@ -148,6 +148,18 @@ class SignupPage extends React.Component {
     this.props.onUpdateAccount(account);
   }
 
+  parseOffset(offset) {
+    if (offset === 2 || offset === 4 || Setting.inIframe() || Setting.isMobile()) {
+      return "0 auto";
+    }
+    if (offset === 1) {
+      return "0 10%";
+    }
+    if (offset === 3) {
+      return "0 60%";
+    }
+  }
+
   onFinish(values) {
     const application = this.getApplicationObj();
     values.phonePrefix = application.organizationObj.phonePrefix;
@@ -529,10 +541,10 @@ class SignupPage extends React.Component {
           title="Sign Up Error"
           subTitle={"The application does not allow to sign up new account"}
           extra={[
-            <Button type="primary" key="signin" onClick={() => {
+            <Button type="primary" key="signin" onClick={() => Setting.redirectToLoginPage(application)}>
-              Setting.goToLogin(this, application);
+              {
-            }}>
+                i18next.t("login:Sign In")
-              Sign In
+              }
             </Button>,
           ]}
         >
@@ -588,7 +600,7 @@ class SignupPage extends React.Component {
             if (linkInStorage !== null && linkInStorage !== "") {
               Setting.goToLink(linkInStorage);
             } else {
-              Setting.goToLogin(this, application);
+              Setting.redirectToLoginPage(application);
             }
           }}>
             {i18next.t("signup:sign in now")}
@@ -615,17 +627,18 @@ class SignupPage extends React.Component {
       );
     }
 
-    const formStyle = Setting.inIframe() ? null : Setting.parseObject(application.formCss);
-
     return (
       <div className="loginBackground" style={{backgroundImage: Setting.inIframe() || Setting.isMobile() ? null : `url(${application.formBackgroundUrl})`}}>
         <CustomGithubCorner />
-        &nbsp;
+        <div className="login-content" style={{margin: this.parseOffset(application.formOffset)}}>
-        <Row>
+          {Setting.inIframe() ? null : <div dangerouslySetInnerHTML={{__html: application.formCss}} />}
-          <Col span={8} offset={application.formOffset === 0 || Setting.inIframe() || Setting.isMobile() ? 8 : application.formOffset} style={{display: "flex", justifyContent: "center"}} >
+          <div className="login-panel" >
-            <div className="login-content">
+            <SelectLanguageBox id="language-box-corner" style={{top: "50px"}} />
-              <div style={{marginBottom: "10px", textAlign: "center", ...formStyle}}>
+            <div className="side-image" style={{display: application.formOffset !== 4 ? "none" : null}}>
-                <SelectLanguageBox id="language-box-corner" style={{top: "3px", right: "5px"}} />
+              <div dangerouslySetInnerHTML={{__html: application.formSideHtml}} />
+            </div>
+            <div className="login-form">
+              <div >
                 {
                   Setting.renderHelmet(application)
                 }
@@ -637,8 +650,8 @@ class SignupPage extends React.Component {
                 }
               </div>
             </div>
-          </Col>
+          </div>
-        </Row>
+        </div>
         {
           this.renderModal()
         }

web/src/backend/AdapterBackend.js

@@ -18,6 +18,9 @@ export function getAdapters(owner, page = "", pageSize = "", field = "", value =
   return fetch(`${Setting.ServerUrl}/api/get-adapters?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -25,6 +28,9 @@ export function getAdapter(owner, name) {
   return fetch(`${Setting.ServerUrl}/api/get-adapter?id=${owner}/${encodeURIComponent(name)}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -34,6 +40,9 @@ export function updateAdapter(owner, name, Adapter) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newAdapter),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -43,6 +52,9 @@ export function addAdapter(Adapter) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newAdapter),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -52,6 +64,9 @@ export function deleteAdapter(Adapter) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newAdapter),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -59,5 +74,8 @@ export function syncPolicies(owner, name) {
   return fetch(`${Setting.ServerUrl}/api/sync-policies?id=${owner}/${encodeURIComponent(name)}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }

web/src/backend/ApplicationBackend.js

@@ -18,6 +18,9 @@ export function getApplications(owner, page = "", pageSize = "", field = "", val
   return fetch(`${Setting.ServerUrl}/api/get-applications?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -25,6 +28,9 @@ export function getApplicationsByOrganization(owner, organization) {
   return fetch(`${Setting.ServerUrl}/api/get-organization-applications?owner=${owner}&organization=${organization}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -32,6 +38,9 @@ export function getApplication(owner, name) {
   return fetch(`${Setting.ServerUrl}/api/get-application?id=${owner}/${encodeURIComponent(name)}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -39,6 +48,9 @@ export function getUserApplication(owner, name) {
   return fetch(`${Setting.ServerUrl}/api/get-user-application?id=${owner}/${encodeURIComponent(name)}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -48,6 +60,9 @@ export function updateApplication(owner, name, application) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newApplication),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -58,6 +73,9 @@ export function addApplication(application) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newApplication),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -67,6 +85,9 @@ export function deleteApplication(application) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newApplication),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -74,5 +95,8 @@ export function getSamlMetadata(owner, name) {
   return fetch(`${Setting.ServerUrl}/api/saml/metadata?application=${owner}/${encodeURIComponent(name)}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.text());
 }

web/src/backend/CertBackend.js

@@ -18,6 +18,9 @@ export function getCerts(owner, page = "", pageSize = "", field = "", value = ""
   return fetch(`${Setting.ServerUrl}/api/get-certs?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -25,6 +28,9 @@ export function getCert(owner, name) {
   return fetch(`${Setting.ServerUrl}/api/get-cert?id=${owner}/${encodeURIComponent(name)}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -34,6 +40,9 @@ export function updateCert(owner, name, cert) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newCert),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -43,6 +52,9 @@ export function addCert(cert) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newCert),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -52,5 +64,8 @@ export function deleteCert(cert) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newCert),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }

web/src/backend/LdapBackend.js

@@ -18,6 +18,9 @@ export function getLdaps(owner) {
   return fetch(`${Setting.ServerUrl}/api/get-ldaps?owner=${owner}`, {
     method: "POST",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -25,6 +28,9 @@ export function getLdap(id) {
   return fetch(`${Setting.ServerUrl}/api/get-ldap?id=${id}`, {
     method: "POST",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -33,6 +39,9 @@ export function addLdap(body) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(body),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -41,6 +50,9 @@ export function deleteLdap(body) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(body),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -49,6 +61,9 @@ export function updateLdap(body) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(body),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -57,6 +72,9 @@ export function getLdapUser(body) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(body),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -65,6 +83,9 @@ export function syncUsers(owner, ldapId, body) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(body),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -73,5 +94,8 @@ export function checkLdapUsersExist(owner, body) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(body),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }

web/src/backend/ModelBackend.js

@@ -18,6 +18,9 @@ export function getModels(owner, page = "", pageSize = "", field = "", value = "
   return fetch(`${Setting.ServerUrl}/api/get-models?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -25,6 +28,9 @@ export function getModel(owner, name) {
   return fetch(`${Setting.ServerUrl}/api/get-model?id=${owner}/${encodeURIComponent(name)}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -34,6 +40,9 @@ export function updateModel(owner, name, model) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newModel),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -43,6 +52,9 @@ export function addModel(model) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newModel),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -52,5 +64,8 @@ export function deleteModel(model) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newModel),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }

web/src/backend/OrganizationBackend.js

@@ -18,6 +18,9 @@ export function getOrganizations(owner, page = "", pageSize = "", field = "", va
   return fetch(`${Setting.ServerUrl}/api/get-organizations?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -25,6 +28,9 @@ export function getOrganization(owner, name) {
   return fetch(`${Setting.ServerUrl}/api/get-organization?id=${owner}/${encodeURIComponent(name)}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -34,6 +40,9 @@ export function updateOrganization(owner, name, organization) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newOrganization),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -43,6 +52,9 @@ export function addOrganization(organization) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newOrganization),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -52,6 +64,9 @@ export function deleteOrganization(organization) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newOrganization),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -59,5 +74,8 @@ export function getDefaultApplication(owner, name) {
   return fetch(`${Setting.ServerUrl}/api/get-default-application?id=${owner}/${encodeURIComponent(name)}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }

web/src/backend/PaymentBackend.js

@@ -18,6 +18,9 @@ export function getPayments(owner, page = "", pageSize = "", field = "", value =
   return fetch(`${Setting.ServerUrl}/api/get-payments?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -25,6 +28,9 @@ export function getPayment(owner, name) {
   return fetch(`${Setting.ServerUrl}/api/get-payment?id=${owner}/${encodeURIComponent(name)}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -34,6 +40,9 @@ export function updatePayment(owner, name, payment) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newPayment),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -43,6 +52,9 @@ export function addPayment(payment) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newPayment),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -52,6 +64,9 @@ export function deletePayment(payment) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newPayment),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -59,5 +74,8 @@ export function invoicePayment(owner, name) {
   return fetch(`${Setting.ServerUrl}/api/invoice-payment?id=${owner}/${encodeURIComponent(name)}`, {
     method: "POST",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }

web/src/backend/PermissionBackend.js

@@ -18,6 +18,9 @@ export function getPermissions(owner, page = "", pageSize = "", field = "", valu
   return fetch(`${Setting.ServerUrl}/api/get-permissions?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -25,6 +28,9 @@ export function getPermissionsBySubmitter() {
   return fetch(`${Setting.ServerUrl}/api/get-permissions-by-submitter`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -32,6 +38,9 @@ export function getPermission(owner, name) {
   return fetch(`${Setting.ServerUrl}/api/get-permission?id=${owner}/${encodeURIComponent(name)}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -41,6 +50,9 @@ export function updatePermission(owner, name, permission) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newPermission),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -50,6 +62,9 @@ export function addPermission(permission) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newPermission),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -59,5 +74,8 @@ export function deletePermission(permission) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newPermission),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }

web/src/backend/ProductBackend.js

@@ -18,6 +18,9 @@ export function getProducts(owner, page = "", pageSize = "", field = "", value =
   return fetch(`${Setting.ServerUrl}/api/get-products?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -25,6 +28,9 @@ export function getProduct(owner, name) {
   return fetch(`${Setting.ServerUrl}/api/get-product?id=${owner}/${encodeURIComponent(name)}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -34,6 +40,9 @@ export function updateProduct(owner, name, product) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newProduct),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -43,6 +52,9 @@ export function addProduct(product) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newProduct),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -52,6 +64,9 @@ export function deleteProduct(product) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newProduct),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -59,5 +74,8 @@ export function buyProduct(owner, name, providerId) {
   return fetch(`${Setting.ServerUrl}/api/buy-product?id=${owner}/${encodeURIComponent(name)}&providerName=${providerId}`, {
     method: "POST",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }

web/src/backend/ProviderBackend.js

@@ -18,6 +18,9 @@ export function getProviders(owner, page = "", pageSize = "", field = "", value
   return fetch(`${Setting.ServerUrl}/api/get-providers?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -25,6 +28,9 @@ export function getProvider(owner, name) {
   return fetch(`${Setting.ServerUrl}/api/get-provider?id=${owner}/${encodeURIComponent(name)}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -34,6 +40,9 @@ export function updateProvider(owner, name, provider) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newProvider),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -43,6 +52,9 @@ export function addProvider(provider) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newProvider),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -52,5 +64,8 @@ export function deleteProvider(provider) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newProvider),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }

web/src/backend/RecordBackend.js

@@ -18,5 +18,8 @@ export function getRecords(page, pageSize, field = "", value = "", sortField = "
   return fetch(`${Setting.ServerUrl}/api/get-records?pageSize=${pageSize}&p=${page}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }

web/src/backend/ResourceBackend.js

@@ -18,6 +18,9 @@ export function getResources(owner, user, page = "", pageSize = "", field = "",
   return fetch(`${Setting.ServerUrl}/api/get-resources?owner=${owner}&user=${user}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -25,6 +28,9 @@ export function getResource(owner, name) {
   return fetch(`${Setting.ServerUrl}/api/get-resource?id=${owner}/${encodeURIComponent(name)}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -34,6 +40,9 @@ export function updateResource(owner, name, resource) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newResource),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -43,6 +52,9 @@ export function addResource(resource) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newResource),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -52,6 +64,9 @@ export function deleteResource(resource, provider = "") {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newResource),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -63,5 +78,8 @@ export function uploadResource(owner, user, tag, parent, fullFilePath, file, pro
     body: formData,
     method: "POST",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }

web/src/backend/RoleBackend.js

@@ -18,6 +18,9 @@ export function getRoles(owner, page = "", pageSize = "", field = "", value = ""
   return fetch(`${Setting.ServerUrl}/api/get-roles?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -25,6 +28,9 @@ export function getRole(owner, name) {
   return fetch(`${Setting.ServerUrl}/api/get-role?id=${owner}/${encodeURIComponent(name)}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -34,6 +40,9 @@ export function updateRole(owner, name, role) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newRole),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -43,6 +52,9 @@ export function addRole(role) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newRole),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -52,5 +64,8 @@ export function deleteRole(role) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newRole),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }

web/src/backend/SyncerBackend.js

@@ -18,6 +18,9 @@ export function getSyncers(owner, page = "", pageSize = "", field = "", value =
   return fetch(`${Setting.ServerUrl}/api/get-syncers?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -25,6 +28,9 @@ export function getSyncer(owner, name) {
   return fetch(`${Setting.ServerUrl}/api/get-syncer?id=${owner}/${encodeURIComponent(name)}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -34,6 +40,9 @@ export function updateSyncer(owner, name, syncer) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newSyncer),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -43,6 +52,9 @@ export function addSyncer(syncer) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newSyncer),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -52,6 +64,9 @@ export function deleteSyncer(syncer) {
     method: "POST",
     credentials: "include",
     body: JSON.stringify(newSyncer),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }
 
@@ -59,5 +74,8 @@ export function runSyncer(owner, name) {
   return fetch(`${Setting.ServerUrl}/api/run-syncer?id=${owner}/${encodeURIComponent(name)}`, {
     method: "GET",
     credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
   }).then(res => res.json());
 }