feat: update Xorm to v1.0.5 to fix the PostgreSQL bug in Xorm (#1321)

* fix:update xorm version

* fix pr problems

* update xorm version to 1.2.0

* update xorm version to 1.0.5

* fix pr problems

* generate go.sum file

Dockerfile

@@ -14,6 +14,9 @@ RUN ./build.sh
 FROM alpine:latest AS STANDARD
 LABEL MAINTAINER="https://casdoor.org/"
 ARG USER=casdoor
+ARG TARGETOS
+ARG TARGETARCH
+ENV BUILDX_ARCH="${TARGETOS:-linux}_${TARGETARCH:-amd64}"
 
 RUN sed -i 's/https/http/' /etc/apk/repositories
 RUN apk add --update sudo
@@ -28,7 +31,7 @@ RUN adduser -D $USER -u 1000 \
 
 USER 1000
 WORKDIR /
-COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/server ./server
+COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/server_${BUILDX_ARCH} ./server
 COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/swagger ./swagger
 COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/conf/app.conf ./conf/app.conf
 COPY --from=FRONT --chown=$USER:$USER /web/build ./web/build
@@ -46,12 +49,15 @@ RUN apt update \
 
 FROM db AS ALLINONE
 LABEL MAINTAINER="https://casdoor.org/"
+ARG TARGETOS
+ARG TARGETARCH
+ENV BUILDX_ARCH="${TARGETOS:-linux}_${TARGETARCH:-amd64}"
 
 RUN apt update
 RUN apt install -y ca-certificates && update-ca-certificates
 
 WORKDIR /
-COPY --from=BACK /go/src/casdoor/server ./server
+COPY --from=BACK /go/src/casdoor/server_${BUILDX_ARCH} ./server
 COPY --from=BACK /go/src/casdoor/swagger ./swagger
 COPY --from=BACK /go/src/casdoor/docker-entrypoint.sh /docker-entrypoint.sh
 COPY --from=BACK /go/src/casdoor/conf/app.conf ./conf/app.conf

authz/authz.go

@@ -85,6 +85,8 @@ p, *, *, POST, /api/logout, *, *
 p, *, *, GET, /api/logout, *, *
 p, *, *, GET, /api/get-account, *, *
 p, *, *, GET, /api/userinfo, *, *
+p, *, *, POST, /api/webhook, *, *
+p, *, *, GET, /api/get-webhook-event, *, *
 p, *, *, *, /api/login/oauth, *, *
 p, *, *, GET, /api/get-application, *, *
 p, *, *, GET, /api/get-organization-applications, *, *
@@ -142,7 +144,7 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o
 
 	userId := fmt.Sprintf("%s/%s", subOwner, subName)
 	user := object.GetUser(userId)
-	if user != nil && user.IsAdmin && subOwner == objOwner {
+	if user != nil && user.IsAdmin && (subOwner == objOwner || (objOwner == "admin" && subOwner == objName)) {
 		return true
 	}
 

build.sh

@@ -8,4 +8,5 @@ else
     echo "Google is blocked, Go proxy is enabled: GOPROXY=https://goproxy.cn,direct"
     export GOPROXY="https://goproxy.cn,direct"
 fi
-CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o server .
+CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o server_linux_amd64 .
+CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags="-w -s" -o server_linux_arm64 .

captcha/provider.go

@@ -14,6 +14,8 @@
 
 package captcha
 
+import "fmt"
+
 type CaptchaProvider interface {
 	VerifyCaptcha(token, clientSecret string) (bool, error)
 }
@@ -32,3 +34,12 @@ func GetCaptchaProvider(captchaType string) CaptchaProvider {
 	}
 	return nil
 }
+
+func VerifyCaptchaByCaptchaType(captchaType, token, clientSecret string) (bool, error) {
+	provider := GetCaptchaProvider(captchaType)
+	if provider == nil {
+		return false, fmt.Errorf("invalid captcha provider: %s", captchaType)
+	}
+
+	return provider.VerifyCaptcha(token, clientSecret)
+}

controllers/account.go

@@ -64,6 +64,10 @@ type RequestForm struct {
 	RelayState   string `json:"relayState"`
 	SamlRequest  string `json:"samlRequest"`
 	SamlResponse string `json:"samlResponse"`
+
+	CaptchaType  string `json:"captchaType"`
+	CaptchaToken string `json:"captchaToken"`
+	ClientSecret string `json:"clientSecret"`
 }
 
 type Response struct {
@@ -241,8 +245,7 @@ func (c *ApiController) Logout() {
 	util.LogInfo(c.Ctx, "API: [%s] logged out", user)
 
 	application := c.GetSessionApplication()
-	c.SetSessionUsername("")
-	c.SetSessionData(nil)
+	c.ClearUserSession()
 
 	if application == nil || application.Name == "app-built-in" || application.HomepageUrl == "" {
 		c.ResponseOk(user)

controllers/application.go

@@ -46,7 +46,7 @@ func (c *ApiController) GetApplications() {
 		if organization == "" {
 			applications = object.GetApplications(owner)
 		} else {
-			applications = object.GetApplicationsByOrganizationName(owner, organization)
+			applications = object.GetOrganizationApplications(owner, organization)
 		}
 
 		c.Data["json"] = object.GetMaskedApplications(applications, userId)
@@ -103,17 +103,31 @@ func (c *ApiController) GetUserApplication() {
 // @router /get-organization-applications [get]
 func (c *ApiController) GetOrganizationApplications() {
 	userId := c.GetSessionUsername()
-	owner := c.Input().Get("owner")
 	organization := c.Input().Get("organization")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
 
 	if organization == "" {
 		c.ResponseError(c.T("ParameterErr.OrgMissingErr"))
 		return
 	}
 
-	applications := object.GetApplicationsByOrganizationName(owner, organization)
-	c.Data["json"] = object.GetMaskedApplications(applications, userId)
-	c.ServeJSON()
+	if limit == "" || page == "" {
+		var applications []*object.Application
+		applications = object.GetOrganizationApplications(owner, organization)
+		c.Data["json"] = object.GetMaskedApplications(applications, userId)
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetOrganizationApplicationCount(owner, organization, field, value)))
+		applications := object.GetMaskedApplications(object.GetPaginationOrganizationApplications(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder), userId)
+		c.ResponseOk(applications, paginator.Nums())
+	}
 }
 
 // UpdateApplication

controllers/auth.go

@@ -17,12 +17,16 @@ package controllers
 import (
 	"encoding/base64"
 	"encoding/json"
+	"encoding/xml"
 	"fmt"
+	"io/ioutil"
 	"net/url"
 	"strconv"
 	"strings"
+	"sync"
 	"time"
 
+	"github.com/casdoor/casdoor/captcha"
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/idp"
 	"github.com/casdoor/casdoor/object"
@@ -31,6 +35,11 @@ import (
 	"github.com/google/uuid"
 )
 
+var (
+	wechatScanType string
+	lock           sync.RWMutex
+)
+
 func codeToResponse(code *object.Code) *Response {
 	if code.Code == "" {
 		return &Response{Status: "error", Msg: code.Message, Data: code.Code}
@@ -251,6 +260,25 @@ func (c *ApiController) Login() {
 				return
 			}
 		} else {
+			application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
+			if application == nil {
+				c.ResponseError(fmt.Sprintf("The application: %s does not exist", form.Application))
+				return
+			}
+
+			if object.CheckToEnableCaptcha(application) {
+				isHuman, err := captcha.VerifyCaptchaByCaptchaType(form.CaptchaType, form.CaptchaToken, form.ClientSecret)
+				if err != nil {
+					c.ResponseError(err.Error())
+					return
+				}
+
+				if !isHuman {
+					c.ResponseError("Turing test failed.")
+					return
+				}
+			}
+
 			password := form.Password
 			user, msg = object.CheckUserPassword(form.Organization, form.Username, password, c.GetAcceptLanguage())
 		}
@@ -279,7 +307,7 @@ func (c *ApiController) Login() {
 		}
 
 		organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", application.Organization))
-		provider := object.GetProvider(fmt.Sprintf("admin/%s", form.Provider))
+		provider := object.GetProvider(util.GetId(form.Provider))
 		providerItem := application.GetProviderItem(provider.Name)
 		if !providerItem.IsProviderVisible() {
 			c.ResponseError(fmt.Sprintf(c.T("ProviderErr.ProviderNotEnabled"), provider.Name))
@@ -510,3 +538,46 @@ func (c *ApiController) HandleSamlLogin() {
 		slice[4], relayState, samlResponse)
 	c.Redirect(targetUrl, 303)
 }
+
+// HandleOfficialAccountEvent ...
+// @Tag HandleOfficialAccountEvent API
+// @Title HandleOfficialAccountEvent
+// @router /api/webhook [POST]
+func (c *ApiController) HandleOfficialAccountEvent() {
+	respBytes, err := ioutil.ReadAll(c.Ctx.Request.Body)
+	if err != nil {
+		c.ResponseError(err.Error())
+	}
+	var data struct {
+		MsgType  string `xml:"MsgType"`
+		Event    string `xml:"Event"`
+		EventKey string `xml:"EventKey"`
+	}
+	err = xml.Unmarshal(respBytes, &data)
+	if err != nil {
+		c.ResponseError(err.Error())
+	}
+	lock.Lock()
+	defer lock.Unlock()
+	if data.EventKey != "" {
+		wechatScanType = data.Event
+		c.Ctx.WriteString("")
+	}
+}
+
+// GetWebhookEventType ...
+// @Tag GetWebhookEventType API
+// @Title GetWebhookEventType
+// @router /api/get-webhook-event [GET]
+func (c *ApiController) GetWebhookEventType() {
+	lock.Lock()
+	defer lock.Unlock()
+	resp := &Response{
+		Status: "ok",
+		Msg:    "",
+		Data:   wechatScanType,
+	}
+	c.Data["json"] = resp
+	wechatScanType = ""
+	c.ServeJSON()
+}

controllers/base.go

@@ -63,8 +63,7 @@ func (c *ApiController) GetSessionUsername() string {
 	if sessionData != nil &&
 		sessionData.ExpireTime != 0 &&
 		sessionData.ExpireTime < time.Now().Unix() {
-		c.SetSessionUsername("")
-		c.SetSessionData(nil)
+		c.ClearUserSession()
 		return ""
 	}
 
@@ -85,13 +84,17 @@ func (c *ApiController) GetSessionApplication() *object.Application {
 	return application
 }
 
+func (c *ApiController) ClearUserSession() {
+	c.SetSessionUsername("")
+	c.SetSessionData(nil)
+}
+
 func (c *ApiController) GetSessionOidc() (string, string) {
 	sessionData := c.GetSessionData()
 	if sessionData != nil &&
 		sessionData.ExpireTime != 0 &&
 		sessionData.ExpireTime < time.Now().Unix() {
-		c.SetSessionUsername("")
-		c.SetSessionData(nil)
+		c.ClearUserSession()
 		return "", ""
 	}
 	scopeValue := c.GetSession("scope")

controllers/enforcer.go

@@ -21,12 +21,6 @@ import (
 )
 
 func (c *ApiController) Enforce() {
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		c.ResponseError(c.T("EnforcerErr.SignInFirst"))
-		return
-	}
-
 	var permissionRule object.PermissionRule
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permissionRule)
 	if err != nil {
@@ -34,17 +28,11 @@ func (c *ApiController) Enforce() {
 		return
 	}
 
-	c.Data["json"] = object.Enforce(userId, &permissionRule)
+	c.Data["json"] = object.Enforce(&permissionRule)
 	c.ServeJSON()
 }
 
 func (c *ApiController) BatchEnforce() {
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		c.ResponseError(c.T("EnforcerErr.SignInFirst"))
-		return
-	}
-
 	var permissionRules []object.PermissionRule
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permissionRules)
 	if err != nil {
@@ -52,7 +40,7 @@ func (c *ApiController) BatchEnforce() {
 		return
 	}
 
-	c.Data["json"] = object.BatchEnforce(userId, permissionRules)
+	c.Data["json"] = object.BatchEnforce(permissionRules)
 	c.ServeJSON()
 }
 

controllers/provider.go

@@ -48,6 +48,30 @@ func (c *ApiController) GetProviders() {
 	}
 }
 
+// GetGlobalProviders
+// @Title GetGlobalProviders
+// @Tag Provider API
+// @Description get Global providers
+// @Success 200 {array} object.Provider The Response object
+// @router /get-global-providers [get]
+func (c *ApiController) GetGlobalProviders() {
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	if limit == "" || page == "" {
+		c.Data["json"] = object.GetMaskedProviders(object.GetGlobalProviders())
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetGlobalProviderCount(field, value)))
+		providers := object.GetMaskedProviders(object.GetPaginationGlobalProviders(paginator.Offset(), limit, field, value, sortField, sortOrder))
+		c.ResponseOk(providers, paginator.Nums())
+	}
+}
+
 // GetProvider
 // @Title GetProvider
 // @Tag Provider API
@@ -57,7 +81,6 @@ func (c *ApiController) GetProviders() {
 // @router /get-provider [get]
 func (c *ApiController) GetProvider() {
 	id := c.Input().Get("id")
-
 	c.Data["json"] = object.GetMaskedProvider(object.GetProvider(id))
 	c.ServeJSON()
 }

controllers/service.go

@@ -60,7 +60,7 @@ func (c *ApiController) SendEmail() {
 	var provider *object.Provider
 	if emailForm.Provider != "" {
 		// called by frontend's TestEmailWidget, provider name is set by frontend
-		provider = object.GetProvider(fmt.Sprintf("admin/%s", emailForm.Provider))
+		provider = object.GetProvider(util.GetId(emailForm.Provider))
 	} else {
 		// called by Casdoor SDK via Client ID & Client Secret, so the used Email provider will be the application' Email provider or the default Email provider
 		var ok bool

controllers/util.go

@@ -83,7 +83,7 @@ func (c *ApiController) SetTokenErrorHttpStatus() {
 func (c *ApiController) RequireSignedIn() (string, bool) {
 	userId := c.GetSessionUsername()
 	if userId == "" {
-		c.ResponseError(c.T("LoginErr.SignInFirst"))
+		c.ResponseError(c.T("LoginErr.LoginFirst"), "Please login first")
 		return "", false
 	}
 	return userId, true
@@ -98,6 +98,7 @@ func (c *ApiController) RequireSignedInUser() (*object.User, bool) {
 
 	user := object.GetUser(userId)
 	if user == nil {
+		c.ClearUserSession()
 		c.ResponseError(fmt.Sprintf(c.T("UserErr.DoNotExist"), userId))
 		return nil, false
 	}

deployment/deploy_test.go

@@ -21,9 +21,10 @@ import (
 	"testing"
 
 	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
 )
 
 func TestDeployStaticFiles(t *testing.T) {
-	provider := object.GetProvider("admin/provider_storage_aliyun_oss")
+	provider := object.GetProvider(util.GetId("provider_storage_aliyun_oss"))
 	deployStaticFiles(provider)
 }

go.mod

@@ -23,6 +23,7 @@ require (
 	github.com/go-pay/gopay v1.5.72
 	github.com/go-sql-driver/mysql v1.5.0
 	github.com/golang-jwt/jwt/v4 v4.2.0
+	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/go-cmp v0.5.8 // indirect
 	github.com/google/uuid v1.2.0
 	github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
@@ -36,6 +37,7 @@ require (
 	github.com/russellhaering/goxmldsig v1.1.1
 	github.com/satori/go.uuid v1.2.0
 	github.com/shirou/gopsutil v3.21.11+incompatible
+	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
 	github.com/smartystreets/goconvey v1.6.4 // indirect
 	github.com/stretchr/testify v1.8.0
 	github.com/tealeg/xlsx v1.0.5
@@ -51,6 +53,7 @@ require (
 	gopkg.in/ini.v1 v1.67.0
 	gopkg.in/square/go-jose.v2 v2.6.0
 	gopkg.in/yaml.v2 v2.3.0 // indirect
+	xorm.io/builder v0.3.12 // indirect
 	xorm.io/core v0.7.2
-	xorm.io/xorm v1.0.4
+	xorm.io/xorm v1.0.5
 )

go.sum

@@ -213,8 +213,9 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
 github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/snappy v0.0.0-20170215233205-553a64147049/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db h1:woRePGFeVFfLKN/pOkfl+p/TAqKOfFu+7KPlMVpok/w=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
+github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
 github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@@ -394,6 +395,8 @@ github.com/siddontang/goredis v0.0.0-20150324035039-760763f78400/go.mod h1:DDcKz
 github.com/siddontang/rdb v0.0.0-20150307021120-fc89ed2e418d/go.mod h1:AMEsy7v5z92TR1JKMkLLoaOQk++LVnOKL3ScbJ8GNGA=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e h1:MRM5ITcdelLK2j1vwZ3Je0FKVCfqOLp5zO6trqMLYs0=
+github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
@@ -787,10 +790,11 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-xorm.io/builder v0.3.7 h1:2pETdKRK+2QG4mLX4oODHEhn5Z8j1m8sXa7jfu+/SZI=
 xorm.io/builder v0.3.7/go.mod h1:aUW0S9eb9VCaPohFCH3j7czOx1PMW3i1HrSzbLYGBSE=
+xorm.io/builder v0.3.12 h1:ASZYX7fQmy+o8UJdhlLHSW57JDOkM8DNhcAF5d0LiJM=
+xorm.io/builder v0.3.12/go.mod h1:aUW0S9eb9VCaPohFCH3j7czOx1PMW3i1HrSzbLYGBSE=
 xorm.io/core v0.7.2 h1:mEO22A2Z7a3fPaZMk6gKL/jMD80iiyNwRrX5HOv3XLw=
 xorm.io/core v0.7.2/go.mod h1:jJfd0UAEzZ4t87nbQYtVjmqpIODugN6PD2D9E+dJvdM=
 xorm.io/xorm v1.0.3/go.mod h1:uF9EtbhODq5kNWxMbnBEj8hRRZnlcNSz2t2N7HW/+A4=
-xorm.io/xorm v1.0.4 h1:UBXA4I3NhiyjXfPqxXUkS2t5hMta9SSPATeMMaZg9oA=
-xorm.io/xorm v1.0.4/go.mod h1:uF9EtbhODq5kNWxMbnBEj8hRRZnlcNSz2t2N7HW/+A4=
+xorm.io/xorm v1.0.5 h1:LRr5PfOUb4ODPR63YwbowkNDwcolT2LnkwP/TUaMaB0=
+xorm.io/xorm v1.0.5/go.mod h1:uF9EtbhODq5kNWxMbnBEj8hRRZnlcNSz2t2N7HW/+A4=

i18n/languages/locale_de.ini

@@ -51,7 +51,6 @@ OldUser = The account for provider: %s and username: %s (%s) is already linked t
 ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
 SessionOutdated = Session outdated, please login again
 SignOutFirst = Please sign out first before signing in
-SignInFirst = Please sign in first
 UserDoNotExist = The user: %s/%s doesn't exist
 UserIsForbidden = The user is forbidden to sign in, please contact the administrator
 UnknownAuthentication = Unknown authentication type (not password or provider), form = %s

i18n/languages/locale_en.ini

@@ -51,7 +51,6 @@ OldUser = The account for provider: %s and username: %s (%s) is already linked t
 ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
 SessionOutdated = Session outdated, please login again
 SignOutFirst = Please sign out first before signing in
-SignInFirst = Please sign in first
 UserDoNotExist = The user: %s/%s doesn't exist
 UserIsForbidden = The user is forbidden to sign in, please contact the administrator
 UnknownAuthentication = Unknown authentication type (not password or provider), form = %s

i18n/languages/locale_es.ini

@@ -51,7 +51,6 @@ OldUser = The account for provider: %s and username: %s (%s) is already linked t
 ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
 SessionOutdated = Session outdated, please login again
 SignOutFirst = Please sign out first before signing in
-SignInFirst = Please sign in first
 UserDoNotExist = The user: %s/%s doesn't exist
 UserIsForbidden = The user is forbidden to sign in, please contact the administrator
 UnknownAuthentication = Unknown authentication type (not password or provider), form = %s

i18n/languages/locale_fr.ini

@@ -51,7 +51,6 @@ OldUser = The account for provider: %s and username: %s (%s) is already linked t
 ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
 SessionOutdated = Session outdated, please login again
 SignOutFirst = Please sign out first before signing in
-SignInFirst = Please sign in first
 UserDoNotExist = The user: %s/%s doesn't exist
 UserIsForbidden = The user is forbidden to sign in, please contact the administrator
 UnknownAuthentication = Unknown authentication type (not password or provider), form = %s

i18n/languages/locale_ja.ini

@@ -51,7 +51,6 @@ OldUser = The account for provider: %s and username: %s (%s) is already linked t
 ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
 SessionOutdated = Session outdated, please login again
 SignOutFirst = Please sign out first before signing in
-SignInFirst = Please sign in first
 UserDoNotExist = The user: %s/%s doesn't exist
 UserIsForbidden = The user is forbidden to sign in, please contact the administrator
 UnknownAuthentication = Unknown authentication type (not password or provider), form = %s

i18n/languages/locale_ko.ini

@@ -51,7 +51,6 @@ OldUser = The account for provider: %s and username: %s (%s) is already linked t
 ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
 SessionOutdated = Session outdated, please login again
 SignOutFirst = Please sign out first before signing in
-SignInFirst = Please sign in first
 UserDoNotExist = The user: %s/%s doesn't exist
 UserIsForbidden = The user is forbidden to sign in, please contact the administrator
 UnknownAuthentication = Unknown authentication type (not password or provider), form = %s

i18n/languages/locale_ru.ini

@@ -51,7 +51,6 @@ OldUser = The account for provider: %s and username: %s (%s) is already linked t
 ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
 SessionOutdated = Session outdated, please login again
 SignOutFirst = Please sign out first before signing in
-SignInFirst = Please sign in first
 UserDoNotExist = The user: %s/%s doesn't exist
 UserIsForbidden = The user is forbidden to sign in, please contact the administrator
 UnknownAuthentication = Unknown authentication type (not password or provider), form = %s

i18n/languages/locale_zh.ini

@@ -51,7 +51,6 @@ OldUser = 提供商账户: %s 与用户名: %s (%s) 已经与其他账户绑定:
 ProviderCanNotSignUp = 提供商账户: %s 与用户名: %s (%s) 不存在且 不允许通过 %s 注册新账户, 请使用其他方式注册
 SignOutFirst = 请在登录前登出
 SessionOutdated = Session已过期，请重新登陆
-SignInFirst = 请先登出
 UserDoNotExist = 用户不存在: %s/%s
 UserIsForbidden = 该用户被禁止登陆，请联系管理员
 UnknownAuthentication = 未知的认证类型 (非密码或提供商认证), form = %s

idp/dingtalk.go

@@ -15,9 +15,12 @@
 package idp
 
 import (
+	"bytes"
 	"encoding/json"
 	"fmt"
 	"io"
+	"io/ioutil"
+	"log"
 	"net/http"
 	"strings"
 	"time"
@@ -167,7 +170,10 @@ func (idp *DingTalkIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, erro
 		Email:       dtUserInfo.Email,
 		AvatarUrl:   dtUserInfo.AvatarUrl,
 	}
-
+	isUserInOrg, err := idp.isUserInOrg(userInfo.UnionId)
+	if !isUserInOrg {
+		return nil, err
+	}
 	return &userInfo, nil
 }
 
@@ -194,3 +200,62 @@ func (idp *DingTalkIdProvider) postWithBody(body interface{}, url string) ([]byt
 
 	return data, nil
 }
+
+func (idp *DingTalkIdProvider) getInnerAppAccessToken() string {
+	appKey := idp.Config.ClientID
+	appSecret := idp.Config.ClientSecret
+	body := make(map[string]string)
+	body["appKey"] = appKey
+	body["appSecret"] = appSecret
+	bodyData, err := json.Marshal(body)
+	if err != nil {
+		log.Println(err.Error())
+	}
+	reader := bytes.NewReader(bodyData)
+	request, err := http.NewRequest("POST", "https://api.dingtalk.com/v1.0/oauth2/accessToken", reader)
+	request.Header.Set("Content-Type", "application/json;charset=UTF-8")
+	resp, err := idp.Client.Do(request)
+	respBytes, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		log.Println(err.Error())
+	}
+	var data struct {
+		ExpireIn    int    `json:"expireIn"`
+		AccessToken string `json:"accessToken"`
+	}
+	err = json.Unmarshal(respBytes, &data)
+	if err != nil {
+		log.Println(err.Error())
+	}
+	return data.AccessToken
+}
+
+func (idp *DingTalkIdProvider) isUserInOrg(unionId string) (bool, error) {
+	body := make(map[string]string)
+	body["unionid"] = unionId
+	bodyData, err := json.Marshal(body)
+	if err != nil {
+		log.Println(err.Error())
+	}
+	reader := bytes.NewReader(bodyData)
+	accessToken := idp.getInnerAppAccessToken()
+	request, _ := http.NewRequest("POST", "https://oapi.dingtalk.com/topapi/user/getbyunionid?access_token="+accessToken, reader)
+	request.Header.Set("Content-Type", "application/json;charset=UTF-8")
+	resp, err := idp.Client.Do(request)
+	respBytes, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		log.Println(err.Error())
+	}
+	var data struct {
+		ErrCode    int    `json:"errcode"`
+		ErrMessage string `json:"errmsg"`
+	}
+	err = json.Unmarshal(respBytes, &data)
+	if err != nil {
+		log.Println(err.Error())
+	}
+	if data.ErrCode == 60121 {
+		return false, fmt.Errorf("the user is not found in the organization where clientId and clientSecret belong")
+	}
+	return true, nil
+}

idp/wechat.go

@@ -16,14 +16,17 @@ package idp
 
 import (
 	"bytes"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"net/http"
 	"net/url"
 	"strings"
 	"time"
 
+	"github.com/skip2/go-qrcode"
 	"golang.org/x/oauth2"
 )
 
@@ -191,3 +194,54 @@ func (idp *WeChatIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error)
 	}
 	return &userInfo, nil
 }
+
+func GetWechatOfficialAccountAccessToken(clientId string, clientSecret string) (string, error) {
+	accessTokenUrl := fmt.Sprintf("https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=%s&secret=%s", clientId, clientSecret)
+	request, err := http.NewRequest("GET", accessTokenUrl, nil)
+	client := new(http.Client)
+	resp, err := client.Do(request)
+	respBytes, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+	var data struct {
+		ExpireIn    int    `json:"expires_in"`
+		AccessToken string `json:"access_token"`
+	}
+	err = json.Unmarshal(respBytes, &data)
+	if err != nil {
+		return "", err
+	}
+	return data.AccessToken, nil
+}
+
+func GetWechatOfficialAccountQRCode(clientId string, clientSecret string) (string, error) {
+	accessToken, err := GetWechatOfficialAccountAccessToken(clientId, clientSecret)
+	client := new(http.Client)
+	params := "{\"action_name\": \"QR_LIMIT_STR_SCENE\", \"action_info\": {\"scene\": {\"scene_str\": \"test\"}}}"
+	bodyData := bytes.NewReader([]byte(params))
+	qrCodeUrl := fmt.Sprintf("https://api.weixin.qq.com/cgi-bin/qrcode/create?access_token=%s", accessToken)
+	requeset, err := http.NewRequest("POST", qrCodeUrl, bodyData)
+	resp, err := client.Do(requeset)
+	if err != nil {
+		return "", err
+	}
+	respBytes, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+	var data struct {
+		Ticket        string `json:"ticket"`
+		ExpireSeconds int    `json:"expire_seconds"`
+		URL           string `json:"url"`
+	}
+	err = json.Unmarshal(respBytes, &data)
+	if err != nil {
+		return "", err
+	}
+
+	var png []byte
+	png, err = qrcode.Encode(data.URL, qrcode.Medium, 256)
+	base64Image := base64.StdEncoding.EncodeToString(png)
+	return base64Image, nil
+}

object/application.go

@@ -20,6 +20,7 @@ import (
 	"regexp"
 	"strings"
 
+	"github.com/casdoor/casdoor/idp"
 	"github.com/casdoor/casdoor/util"
 	"xorm.io/core"
 )
@@ -84,6 +85,16 @@ func GetApplicationCount(owner, field, value string) int {
 	return int(count)
 }
 
+func GetOrganizationApplicationCount(owner, Organization, field, value string) int {
+	session := GetSession(owner, -1, -1, field, value, "", "")
+	count, err := session.Count(&Application{Organization: Organization})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
+}
+
 func GetApplications(owner string) []*Application {
 	applications := []*Application{}
 	err := adapter.Engine.Desc("created_time").Find(&applications, &Application{Owner: owner})
@@ -94,8 +105,18 @@ func GetApplications(owner string) []*Application {
 	return applications
 }
 
-func GetPaginationApplications(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Application {
+func GetOrganizationApplications(owner string, organization string) []*Application {
 	applications := []*Application{}
+	err := adapter.Engine.Desc("created_time").Find(&applications, &Application{Owner: owner, Organization: organization})
+	if err != nil {
+		panic(err)
+	}
+
+	return applications
+}
+
+func GetPaginationApplications(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Application {
+	var applications []*Application
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
 	err := session.Find(&applications)
 	if err != nil {
@@ -105,9 +126,10 @@ func GetPaginationApplications(owner string, offset, limit int, field, value, so
 	return applications
 }
 
-func GetApplicationsByOrganizationName(owner string, organization string) []*Application {
+func GetPaginationOrganizationApplications(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) []*Application {
 	applications := []*Application{}
-	err := adapter.Engine.Desc("created_time").Find(&applications, &Application{Owner: owner, Organization: organization})
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&applications, &Application{Owner: owner, Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@@ -119,9 +141,11 @@ func getProviderMap(owner string) map[string]*Provider {
 	providers := GetProviders(owner)
 	m := map[string]*Provider{}
 	for _, provider := range providers {
-		//if provider.Category != "OAuth" {
-		//	continue
-		//}
+		// Get QRCode only once
+		if provider.Type == "WeChat" && provider.DisableSsl == true && provider.Content == "" {
+			provider.Content, _ = idp.GetWechatOfficialAccountQRCode(provider.ClientId2, provider.ClientSecret2)
+			UpdateProvider(provider.Owner+"/"+provider.Name, provider)
+		}
 
 		m[provider.Name] = GetMaskedProvider(provider)
 	}
@@ -129,7 +153,7 @@ func getProviderMap(owner string) map[string]*Provider {
 }
 
 func extendApplicationWithProviders(application *Application) {
-	m := getProviderMap(application.Owner)
+	m := getProviderMap(application.Organization)
 	for _, providerItem := range application.Providers {
 		if provider, ok := m[providerItem.Name]; ok {
 			providerItem.Provider = provider
@@ -270,6 +294,13 @@ func UpdateApplication(id string, application *Application) bool {
 		application.Name = name
 	}
 
+	if name != application.Name {
+		err := applicationChangeTrigger(name, application.Name)
+		if err != nil {
+			return false
+		}
+	}
+
 	for _, providerItem := range application.Providers {
 		providerItem.Provider = nil
 	}
@@ -371,7 +402,7 @@ func IsAllowOrigin(origin string) bool {
 }
 
 func getApplicationMap(organization string) map[string]*Application {
-	applications := GetApplicationsByOrganizationName("admin", organization)
+	applications := GetOrganizationApplications("admin", organization)
 
 	applicationMap := make(map[string]*Application)
 	for _, application := range applications {
@@ -400,3 +431,55 @@ func ExtendManagedAccountsWithUser(user *User) *User {
 
 	return user
 }
+
+func applicationChangeTrigger(oldName string, newName string) error {
+	session := adapter.Engine.NewSession()
+	defer session.Close()
+
+	err := session.Begin()
+	if err != nil {
+		return err
+	}
+
+	organization := new(Organization)
+	organization.DefaultApplication = newName
+	_, err = session.Where("default_application=?", oldName).Update(organization)
+	if err != nil {
+		return err
+	}
+
+	user := new(User)
+	user.SignupApplication = newName
+	_, err = session.Where("signup_application=?", oldName).Update(user)
+	if err != nil {
+		return err
+	}
+
+	resource := new(Resource)
+	resource.Application = newName
+	_, err = session.Where("application=?", oldName).Update(resource)
+	if err != nil {
+		return err
+	}
+
+	var permissions []*Permission
+	err = adapter.Engine.Find(&permissions)
+	if err != nil {
+		return err
+	}
+	for i := 0; i < len(permissions); i++ {
+		permissionResoureces := permissions[i].Resources
+		for j := 0; j < len(permissionResoureces); j++ {
+			if permissionResoureces[j] == oldName {
+				permissionResoureces[j] = newName
+			}
+		}
+		permissions[i].Resources = permissionResoureces
+		_, err = session.Where("name=?", permissions[i].Name).Update(permissions[i])
+		if err != nil {
+			return err
+		}
+	}
+
+	return session.Commit()
+}

object/application_item.go

@@ -15,7 +15,7 @@
 package object
 
 func (application *Application) GetProviderByCategory(category string) *Provider {
-	providers := GetProviders(application.Owner)
+	providers := GetProviders(application.Organization)
 	m := map[string]*Provider{}
 	for _, provider := range providers {
 		if provider.Category != category {

object/cert.go

@@ -114,6 +114,12 @@ func UpdateCert(id string, cert *Cert) bool {
 		return false
 	}
 
+	if name != cert.Name {
+		err := certChangeTrigger(name, cert.Name)
+		if err != nil {
+			return false
+		}
+	}
 	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(cert)
 	if err != nil {
 		panic(err)
@@ -161,3 +167,22 @@ func getCertByApplication(application *Application) *Cert {
 func GetDefaultCert() *Cert {
 	return getCert("admin", "cert-built-in")
 }
+
+func certChangeTrigger(oldName string, newName string) error {
+	session := adapter.Engine.NewSession()
+	defer session.Close()
+
+	err := session.Begin()
+	if err != nil {
+		return err
+	}
+
+	application := new(Application)
+	application.Cert = newName
+	_, err = session.Where("cert=?", oldName).Update(application)
+	if err != nil {
+		return err
+	}
+
+	return session.Commit()
+}

object/check.go

@@ -340,3 +340,20 @@ func CheckUsername(username string, lang string) string {
 
 	return ""
 }
+
+func CheckToEnableCaptcha(application *Application) bool {
+	if len(application.Providers) == 0 {
+		return false
+	}
+
+	for _, providerItem := range application.Providers {
+		if providerItem.Provider == nil {
+			continue
+		}
+		if providerItem.Provider.Category == "Captcha" && providerItem.Provider.Type == "Default" {
+			return providerItem.Rule == "Always"
+		}
+	}
+
+	return false
+}

object/init.go

@@ -58,6 +58,7 @@ func initBuiltInOrganization() bool {
 		PhonePrefix:   "86",
 		DefaultAvatar: fmt.Sprintf("%s/img/casbin.svg", conf.GetConfigString("staticBaseUrl")),
 		Tags:          []string{},
+		Languages:     []string{"en", "zh", "es", "fr", "de", "ja", "ko", "ru"},
 		AccountItems: []*AccountItem{
 			{Name: "Organization", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
 			{Name: "ID", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
@@ -143,7 +144,7 @@ func initBuiltInApplication() {
 		EnablePassword: true,
 		EnableSignUp:   true,
 		Providers: []*ProviderItem{
-			{Name: "provider_captcha_default", CanSignUp: false, CanSignIn: false, CanUnlink: false, Prompted: false, AlertType: "None", Provider: nil},
+			{Name: "provider_captcha_default", CanSignUp: false, CanSignIn: false, CanUnlink: false, Prompted: false, AlertType: "None", Rule: "None", Provider: nil},
 		},
 		SignupItems: []*SignupItem{
 			{Name: "ID", Visible: false, Required: true, Prompted: false, Rule: "Random"},
@@ -221,7 +222,7 @@ func initBuiltInLdap() {
 }
 
 func initBuiltInProvider() {
-	provider := GetProvider("admin/provider_captcha_default")
+	provider := GetProvider(util.GetId("provider_captcha_default"))
 	if provider != nil {
 		return
 	}

object/init_data.go

@@ -56,12 +56,40 @@ func readInitDataFromFile(filePath string) *InitData {
 
 	s := util.ReadStringFromPath(filePath)
 
-	data := &InitData{}
+	data := &InitData{
+		Organizations: []*Organization{},
+		Applications:  []*Application{},
+		Users:         []*User{},
+		Certs:         []*Cert{},
+		Providers:     []*Provider{},
+		Ldaps:         []*Ldap{},
+	}
 	err := util.JsonToStruct(s, data)
 	if err != nil {
 		panic(err)
 	}
 
+	// transform nil slice to empty slice
+	for _, organization := range data.Organizations {
+		if organization.Tags == nil {
+			organization.Tags = []string{}
+		}
+	}
+	for _, application := range data.Applications {
+		if application.Providers == nil {
+			application.Providers = []*ProviderItem{}
+		}
+		if application.SignupItems == nil {
+			application.SignupItems = []*SignupItem{}
+		}
+		if application.GrantTypes == nil {
+			application.GrantTypes = []string{}
+		}
+		if application.RedirectUris == nil {
+			application.RedirectUris = []string{}
+		}
+	}
+
 	return data
 }
 
@@ -140,7 +168,7 @@ func initDefinedLdap(ldap *Ldap) {
 }
 
 func initDefinedProvider(provider *Provider) {
-	existed := GetProvider(provider.GetId())
+	existed := GetProvider(util.GetId(provider.Name))
 	if existed != nil {
 		return
 	}

object/model.go

@@ -92,6 +92,12 @@ func UpdateModel(id string, modelObj *Model) bool {
 		return false
 	}
 
+	if name != modelObj.Name {
+		err := modelChangeTrigger(name, modelObj.Name)
+		if err != nil {
+			return false
+		}
+	}
 	// check model grammar
 	_, err := model.NewModelFromString(modelObj.ModelText)
 	if err != nil {
@@ -127,3 +133,22 @@ func DeleteModel(model *Model) bool {
 func (model *Model) GetId() string {
 	return fmt.Sprintf("%s/%s", model.Owner, model.Name)
 }
+
+func modelChangeTrigger(oldName string, newName string) error {
+	session := adapter.Engine.NewSession()
+	defer session.Close()
+
+	err := session.Begin()
+	if err != nil {
+		return err
+	}
+
+	permission := new(Permission)
+	permission.Model = newName
+	_, err = session.Where("model=?", oldName).Update(permission)
+	if err != nil {
+		return err
+	}
+
+	return session.Commit()
+}

object/organization.go

@@ -16,6 +16,7 @@ package object
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/casdoor/casdoor/cred"
 	"github.com/casdoor/casdoor/i18n"
@@ -44,6 +45,7 @@ type Organization struct {
 	DefaultAvatar      string   `xorm:"varchar(100)" json:"defaultAvatar"`
 	DefaultApplication string   `xorm:"varchar(100)" json:"defaultApplication"`
 	Tags               []string `xorm:"mediumtext" json:"tags"`
+	Languages          []string `xorm:"varchar(255)" json:"languages"`
 	MasterPassword     string   `xorm:"varchar(100)" json:"masterPassword"`
 	EnableSoftDeletion bool     `json:"enableSoftDeletion"`
 	IsProfilePublic    bool     `json:"isProfilePublic"`
@@ -134,15 +136,10 @@ func UpdateOrganization(id string, organization *Organization) bool {
 	}
 
 	if name != organization.Name {
-		go func() {
-			application := new(Application)
-			application.Organization = organization.Name
-			_, _ = adapter.Engine.Where("organization=?", name).Update(application)
-
-			user := new(User)
-			user.Owner = organization.Name
-			_, _ = adapter.Engine.Where("owner=?", name).Update(user)
-		}()
+		err := organizationChangeTrigger(name, organization.Name)
+		if err != nil {
+			return false
+		}
 	}
 
 	if organization.MasterPassword != "" && organization.MasterPassword != "***" {
@@ -226,7 +223,12 @@ func GetDefaultApplication(id string) (*Application, error) {
 	}
 
 	if organization.DefaultApplication != "" {
-		return getApplication("admin", organization.DefaultApplication), fmt.Errorf("The default application: %s does not exist", organization.DefaultApplication)
+		defaultApplication := getApplication("admin", organization.DefaultApplication)
+		if defaultApplication == nil {
+			return nil, fmt.Errorf("The default application: %s does not exist", organization.DefaultApplication)
+		} else {
+			return defaultApplication, nil
+		}
 	}
 
 	applications := []*Application{}
@@ -252,3 +254,148 @@ func GetDefaultApplication(id string) (*Application, error) {
 
 	return defaultApplication, nil
 }
+
+func organizationChangeTrigger(oldName string, newName string) error {
+	session := adapter.Engine.NewSession()
+	defer session.Close()
+
+	err := session.Begin()
+	if err != nil {
+		return err
+	}
+
+	application := new(Application)
+	application.Organization = newName
+	_, err = session.Where("organization=?", oldName).Update(application)
+	if err != nil {
+		return err
+	}
+
+	user := new(User)
+	user.Owner = newName
+	_, err = session.Where("owner=?", oldName).Update(user)
+	if err != nil {
+		return err
+	}
+
+	role := new(Role)
+	_, err = adapter.Engine.Where("owner=?", oldName).Get(role)
+	if err != nil {
+		return err
+	}
+	for i, u := range role.Users {
+		// u = organization/username
+		split := strings.Split(u, "/")
+		if split[0] == oldName {
+			split[0] = newName
+			role.Users[i] = split[0] + "/" + split[1]
+		}
+	}
+	for i, u := range role.Roles {
+		// u = organization/username
+		split := strings.Split(u, "/")
+		if split[0] == oldName {
+			split[0] = newName
+			role.Roles[i] = split[0] + "/" + split[1]
+		}
+	}
+	role.Owner = newName
+	_, err = session.Where("owner=?", oldName).Update(role)
+	if err != nil {
+		return err
+	}
+
+	permission := new(Permission)
+	_, err = adapter.Engine.Where("owner=?", oldName).Get(permission)
+	if err != nil {
+		return err
+	}
+	for i, u := range permission.Users {
+		// u = organization/username
+		split := strings.Split(u, "/")
+		if split[0] == oldName {
+			split[0] = newName
+			permission.Users[i] = split[0] + "/" + split[1]
+		}
+	}
+	for i, u := range permission.Roles {
+		// u = organization/username
+		split := strings.Split(u, "/")
+		if split[0] == oldName {
+			split[0] = newName
+			permission.Roles[i] = split[0] + "/" + split[1]
+		}
+	}
+	permission.Owner = newName
+	_, err = session.Where("owner=?", oldName).Update(permission)
+	if err != nil {
+		return err
+	}
+
+	casbinAdapter := new(CasbinAdapter)
+	casbinAdapter.Owner = newName
+	casbinAdapter.Organization = newName
+	_, err = session.Where("owner=?", oldName).Update(casbinAdapter)
+	if err != nil {
+		return err
+	}
+
+	ldap := new(Ldap)
+	ldap.Owner = newName
+	_, err = session.Where("owner=?", oldName).Update(ldap)
+	if err != nil {
+		return err
+	}
+
+	model := new(Model)
+	model.Owner = newName
+	_, err = session.Where("owner=?", oldName).Update(model)
+	if err != nil {
+		return err
+	}
+
+	payment := new(Payment)
+	payment.Organization = newName
+	_, err = session.Where("organization=?", oldName).Update(payment)
+	if err != nil {
+		return err
+	}
+
+	record := new(Record)
+	record.Owner = newName
+	record.Organization = newName
+	_, err = session.Where("organization=?", oldName).Update(record)
+	if err != nil {
+		return err
+	}
+
+	resource := new(Resource)
+	resource.Owner = newName
+	_, err = session.Where("owner=?", oldName).Update(resource)
+	if err != nil {
+		return err
+	}
+
+	syncer := new(Syncer)
+	syncer.Organization = newName
+	_, err = session.Where("organization=?", oldName).Update(syncer)
+	if err != nil {
+		return err
+	}
+
+	token := new(Token)
+	token.Organization = newName
+	_, err = session.Where("organization=?", oldName).Update(token)
+	if err != nil {
+		return err
+	}
+
+	webhook := new(Webhook)
+	webhook.Organization = newName
+	_, err = session.Where("organization=?", oldName).Update(webhook)
+	if err != nil {
+		return err
+	}
+
+	return session.Commit()
+}

object/permission_enforcer.go

@@ -152,20 +152,20 @@ func removePolicies(permission *Permission) {
 	}
 }
 
-func Enforce(userId string, permissionRule *PermissionRule) bool {
+func Enforce(permissionRule *PermissionRule) bool {
 	permission := GetPermission(permissionRule.Id)
 	enforcer := getEnforcer(permission)
-	allow, err := enforcer.Enforce(userId, permissionRule.V1, permissionRule.V2)
+	allow, err := enforcer.Enforce(permissionRule.V0, permissionRule.V1, permissionRule.V2)
 	if err != nil {
 		panic(err)
 	}
 	return allow
 }
 
-func BatchEnforce(userId string, permissionRules []PermissionRule) []bool {
+func BatchEnforce(permissionRules []PermissionRule) []bool {
 	var requests [][]interface{}
 	for _, permissionRule := range permissionRules {
-		requests = append(requests, []interface{}{userId, permissionRule.V1, permissionRule.V2})
+		requests = append(requests, []interface{}{permissionRule.V0, permissionRule.V1, permissionRule.V2})
 	}
 	permission := GetPermission(permissionRules[0].Id)
 	enforcer := getEnforcer(permission)

object/provider.go

@@ -25,7 +25,7 @@ import (
 
 type Provider struct {
 	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
-	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
+	Name        string `xorm:"varchar(100) notnull pk unique" json:"name"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
 
 	DisplayName       string `xorm:"varchar(100)" json:"displayName"`
@@ -46,9 +46,9 @@ type Provider struct {
 
 	Host       string `xorm:"varchar(100)" json:"host"`
 	Port       int    `json:"port"`
-	DisableSsl bool   `json:"disableSsl"`
+	DisableSsl bool   `json:"disableSsl"` // If the provider type is WeChat, DisableSsl means EnableQRCode
 	Title      string `xorm:"varchar(100)" json:"title"`
-	Content    string `xorm:"varchar(1000)" json:"content"`
+	Content    string `xorm:"varchar(1000)" json:"content"` // If provider type is WeChat, Content means QRCode string by Base64 encoding
 	Receiver   string `xorm:"varchar(100)" json:"receiver"`
 
 	RegionId     string `xorm:"varchar(100)" json:"regionId"`
@@ -60,6 +60,7 @@ type Provider struct {
 	IntranetEndpoint string `xorm:"varchar(100)" json:"intranetEndpoint"`
 	Domain           string `xorm:"varchar(100)" json:"domain"`
 	Bucket           string `xorm:"varchar(100)" json:"bucket"`
+	PathPrefix       string `xorm:"varchar(100)" json:"pathPrefix"`
 
 	Metadata               string `xorm:"mediumtext" json:"metadata"`
 	IdP                    string `xorm:"mediumtext" json:"idP"`
@@ -92,7 +93,17 @@ func GetMaskedProviders(providers []*Provider) []*Provider {
 }
 
 func GetProviderCount(owner, field, value string) int {
-	session := GetSession(owner, -1, -1, field, value, "", "")
+	session := GetSession("", -1, -1, field, value, "", "")
+	count, err := session.Where("owner = ? or owner = ? ", "admin", owner).Count(&Provider{})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
+}
+
+func GetGlobalProviderCount(field, value string) int {
+	session := GetSession("", -1, -1, field, value, "", "")
 	count, err := session.Count(&Provider{})
 	if err != nil {
 		panic(err)
@@ -103,7 +114,17 @@ func GetProviderCount(owner, field, value string) int {
 
 func GetProviders(owner string) []*Provider {
 	providers := []*Provider{}
-	err := adapter.Engine.Desc("created_time").Find(&providers, &Provider{Owner: owner})
+	err := adapter.Engine.Where("owner = ? or owner = ? ", "admin", owner).Desc("created_time").Find(&providers, &Provider{})
+	if err != nil {
+		panic(err)
+	}
+
+	return providers
+}
+
+func GetGlobalProviders() []*Provider {
+	providers := []*Provider{}
+	err := adapter.Engine.Desc("created_time").Find(&providers)
 	if err != nil {
 		panic(err)
 	}
@@ -113,7 +134,18 @@ func GetProviders(owner string) []*Provider {
 
 func GetPaginationProviders(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Provider {
 	providers := []*Provider{}
-	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	session := GetSession("", offset, limit, field, value, sortField, sortOrder)
+	err := session.Where("owner = ? or owner = ? ", "admin", owner).Find(&providers)
+	if err != nil {
+		panic(err)
+	}
+
+	return providers
+}
+
+func GetPaginationGlobalProviders(offset, limit int, field, value, sortField, sortOrder string) []*Provider {
+	providers := []*Provider{}
+	session := GetSession("", offset, limit, field, value, sortField, sortOrder)
 	err := session.Find(&providers)
 	if err != nil {
 		panic(err)
@@ -127,7 +159,7 @@ func getProvider(owner string, name string) *Provider {
 		return nil
 	}
 
-	provider := Provider{Owner: owner, Name: name}
+	provider := Provider{Name: name}
 	existed, err := adapter.Engine.Get(&provider)
 	if err != nil {
 		panic(err)
@@ -175,6 +207,13 @@ func UpdateProvider(id string, provider *Provider) bool {
 		return false
 	}
 
+	if name != provider.Name {
+		err := providerChangeTrigger(name, provider.Name)
+		if err != nil {
+			return false
+		}
+	}
+
 	session := adapter.Engine.ID(core.PK{owner, name}).AllCols()
 	if provider.ClientSecret == "***" {
 		session = session.Omit("client_secret")
@@ -262,3 +301,41 @@ func GetCaptchaProviderByApplication(applicationId, isCurrentProvider, lang stri
 	}
 	return nil, nil
 }
+
+func providerChangeTrigger(oldName string, newName string) error {
+	session := adapter.Engine.NewSession()
+	defer session.Close()
+
+	err := session.Begin()
+	if err != nil {
+		return err
+	}
+
+	var applications []*Application
+	err = adapter.Engine.Find(&applications)
+	if err != nil {
+		return err
+	}
+	for i := 0; i < len(applications); i++ {
+		providers := applications[i].Providers
+		for j := 0; j < len(providers); j++ {
+			if providers[j].Name == oldName {
+				providers[j].Name = newName
+			}
+		}
+		applications[i].Providers = providers
+		_, err = session.Where("name=?", applications[i].Name).Update(applications[i])
+		if err != nil {
+			return err
+		}
+	}
+
+	resource := new(Resource)
+	resource.Provider = newName
+	_, err = session.Where("provider=?", oldName).Update(resource)
+	if err != nil {
+		return err
+	}
+
+	return session.Commit()
+}

object/provider_item.go

@@ -15,12 +15,15 @@
 package object
 
 type ProviderItem struct {
-	Name      string    `json:"name"`
+	Owner string `json:"owner"`
+	Name  string `json:"name"`
+
 	CanSignUp bool      `json:"canSignUp"`
 	CanSignIn bool      `json:"canSignIn"`
 	CanUnlink bool      `json:"canUnlink"`
 	Prompted  bool      `json:"prompted"`
 	AlertType string    `json:"alertType"`
+	Rule      string    `json:"rule"`
 	Provider  *Provider `json:"provider"`
 }
 

object/role.go

@@ -16,6 +16,7 @@ package object
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/casdoor/casdoor/util"
 	"xorm.io/core"
@@ -94,6 +95,13 @@ func UpdateRole(id string, role *Role) bool {
 		return false
 	}
 
+	if name != role.Name {
+		err := roleChangeTrigger(name, role.Name)
+		if err != nil {
+			return false
+		}
+	}
+
 	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(role)
 	if err != nil {
 		panic(err)
@@ -133,3 +141,54 @@ func GetRolesByUser(userId string) []*Role {
 
 	return roles
 }
+
+func roleChangeTrigger(oldName string, newName string) error {
+	session := adapter.Engine.NewSession()
+	defer session.Close()
+
+	err := session.Begin()
+	if err != nil {
+		return err
+	}
+
+	var roles []*Role
+	err = adapter.Engine.Find(&roles)
+	if err != nil {
+		return err
+	}
+	for _, role := range roles {
+		for j, u := range role.Roles {
+			split := strings.Split(u, "/")
+			if split[1] == oldName {
+				split[1] = newName
+				role.Roles[j] = split[0] + "/" + split[1]
+			}
+		}
+		_, err = session.Where("name=?", role.Name).Update(role)
+		if err != nil {
+			return err
+		}
+	}
+
+	var permissions []*Permission
+	err = adapter.Engine.Find(&permissions)
+	if err != nil {
+		return err
+	}
+	for _, permission := range permissions {
+		for j, u := range permission.Roles {
+			// u = organization/username
+			split := strings.Split(u, "/")
+			if split[1] == oldName {
+				split[1] = newName
+				permission.Roles[j] = split[0] + "/" + split[1]
+			}
+		}
+		_, err = session.Where("name=?", permission.Name).Update(permission)
+		if err != nil {
+			return err
+		}
+	}
+
+	return session.Commit()
+}

object/storage.go

@@ -55,7 +55,7 @@ func escapePath(path string) string {
 }
 
 func getUploadFileUrl(provider *Provider, fullFilePath string, hasTimestamp bool) (string, string) {
-	escapedPath := escapePath(fullFilePath)
+	escapedPath := util.UrlJoin(provider.PathPrefix, escapePath(fullFilePath))
 	objectKey := util.UrlJoin(util.GetUrlPath(provider.Domain), escapedPath)
 
 	host := ""
@@ -70,7 +70,7 @@ func getUploadFileUrl(provider *Provider, fullFilePath string, hasTimestamp bool
 		host = util.UrlJoin(provider.Domain, "/files")
 	}
 	if provider.Type == "Azure Blob" {
-		host = fmt.Sprintf("%s/%s", host, provider.Bucket)
+		host = util.UrlJoin(host, provider.Bucket)
 	}
 
 	fileUrl := util.UrlJoin(host, escapePath(objectKey))

object/syncer_user.go

@@ -37,7 +37,16 @@ func (syncer *Syncer) getOriginalUsers() ([]*OriginalUser, error) {
 		return nil, err
 	}
 
-	return syncer.getOriginalUsersFromMap(results), nil
+	// Memory leak problem handling
+	// https://github.com/casdoor/casdoor/issues/1256
+	users := syncer.getOriginalUsersFromMap(results)
+	for _, m := range results {
+		for k := range m {
+			delete(m, k)
+		}
+	}
+
+	return users, nil
 }
 
 func (syncer *Syncer) getOriginalUserMap() ([]*OriginalUser, map[string]*OriginalUser, error) {

object/token_jwt.go

@@ -24,9 +24,10 @@ import (
 
 type Claims struct {
 	*User
-	Nonce string `json:"nonce,omitempty"`
-	Tag   string `json:"tag,omitempty"`
-	Scope string `json:"scope,omitempty"`
+	TokenType string `json:"tokenType,omitempty"`
+	Nonce     string `json:"nonce,omitempty"`
+	Tag       string `json:"tag,omitempty"`
+	Scope     string `json:"scope,omitempty"`
 	jwt.RegisteredClaims
 }
 
@@ -37,8 +38,9 @@ type UserShort struct {
 
 type ClaimsShort struct {
 	*UserShort
-	Nonce string `json:"nonce,omitempty"`
-	Scope string `json:"scope,omitempty"`
+	TokenType string `json:"tokenType,omitempty"`
+	Nonce     string `json:"nonce,omitempty"`
+	Scope     string `json:"scope,omitempty"`
 	jwt.RegisteredClaims
 }
 
@@ -53,6 +55,7 @@ func getShortUser(user *User) *UserShort {
 func getShortClaims(claims Claims) ClaimsShort {
 	res := ClaimsShort{
 		UserShort:        getShortUser(claims.User),
+		TokenType:        claims.TokenType,
 		Nonce:            claims.Nonce,
 		Scope:            claims.Scope,
 		RegisteredClaims: claims.RegisteredClaims,
@@ -72,8 +75,9 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 	jti := fmt.Sprintf("%s/%s", application.Owner, name)
 
 	claims := Claims{
-		User:  user,
-		Nonce: nonce,
+		User:      user,
+		TokenType: "access-token",
+		Nonce:     nonce,
 		// FIXME: A workaround for custom claim by reusing `tag` in user info
 		Tag:   user.Tag,
 		Scope: scope,
@@ -97,10 +101,12 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 
 		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsShort)
 		claimsShort.ExpiresAt = jwt.NewNumericDate(refreshExpireTime)
+		claimsShort.TokenType = "refresh-token"
 		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsShort)
 	} else {
 		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
 		claims.ExpiresAt = jwt.NewNumericDate(refreshExpireTime)
+		claims.TokenType = "refresh-token"
 		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
 	}
 

object/token_jwt_key.go

@@ -37,7 +37,7 @@ func generateRsaKeys(bitSize int, expireInYears int, commonName string, organiza
 	// Encode private key to PKCS#1 ASN.1 PEM.
 	privateKeyPem := pem.EncodeToMemory(
 		&pem.Block{
-			Type:  "PRIVATE KEY",
+			Type:  "RSA PRIVATE KEY",
 			Bytes: x509.MarshalPKCS1PrivateKey(key),
 		},
 	)

object/user.go

@@ -380,6 +380,13 @@ func UpdateUser(id string, user *User, columns []string, isGlobalAdmin bool) boo
 		return false
 	}
 
+	if name != user.Name {
+		err := userChangeTrigger(name, user.Name)
+		if err != nil {
+			return false
+		}
+	}
+
 	if user.Password == "***" {
 		user.Password = oldUser.Password
 	}
@@ -416,6 +423,13 @@ func UpdateUserForAllFields(id string, user *User) bool {
 		return false
 	}
 
+	if name != user.Name {
+		err := userChangeTrigger(name, user.Name)
+		if err != nil {
+			return false
+		}
+	}
+
 	user.UpdateUserHash()
 
 	if user.Avatar != oldUser.Avatar && user.Avatar != "" {
@@ -567,3 +581,62 @@ func ExtendUserWithRolesAndPermissions(user *User) {
 	user.Roles = GetRolesByUser(user.GetId())
 	user.Permissions = GetPermissionsByUser(user.GetId())
 }
+
+func userChangeTrigger(oldName string, newName string) error {
+	session := adapter.Engine.NewSession()
+	defer session.Close()
+
+	err := session.Begin()
+	if err != nil {
+		return err
+	}
+
+	var roles []*Role
+	err = adapter.Engine.Find(&roles)
+	if err != nil {
+		return err
+	}
+	for _, role := range roles {
+		for j, u := range role.Users {
+			// u = organization/username
+			split := strings.Split(u, "/")
+			if split[1] == oldName {
+				split[1] = newName
+				role.Users[j] = split[0] + "/" + split[1]
+			}
+		}
+		_, err = session.Where("name=?", role.Name).Update(role)
+		if err != nil {
+			return err
+		}
+	}
+
+	var permissions []*Permission
+	err = adapter.Engine.Find(&permissions)
+	if err != nil {
+		return err
+	}
+	for _, permission := range permissions {
+		for j, u := range permission.Users {
+			// u = organization/username
+			split := strings.Split(u, "/")
+			if split[1] == oldName {
+				split[1] = newName
+				permission.Users[j] = split[0] + "/" + split[1]
+			}
+		}
+		_, err = session.Where("name=?", permission.Name).Update(permission)
+		if err != nil {
+			return err
+		}
+	}
+
+	resource := new(Resource)
+	resource.User = newName
+	_, err = session.Where("user=?", oldName).Update(resource)
+	if err != nil {
+		return err
+	}
+
+	return session.Commit()
+}

object/verification.go

@@ -41,38 +41,7 @@ type VerificationRecord struct {
 	IsUsed     bool
 }
 
-func SendVerificationCodeToEmail(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
-	if provider == nil {
-		return fmt.Errorf("please set an Email provider first")
-	}
-
-	sender := organization.DisplayName
-	title := provider.Title
-	code := getRandomCode(6)
-	// "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes."
-	content := fmt.Sprintf(provider.Content, code)
-
-	if err := SendEmail(provider, title, content, dest, sender); err != nil {
-		return err
-	}
-
-	return AddToVerificationRecord(user, provider, remoteAddr, provider.Category, dest, code)
-}
-
-func SendVerificationCodeToPhone(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
-	if provider == nil {
-		return errors.New("please set a SMS provider first")
-	}
-
-	code := getRandomCode(6)
-	if err := SendSms(provider, code, dest); err != nil {
-		return err
-	}
-
-	return AddToVerificationRecord(user, provider, remoteAddr, provider.Category, dest, code)
-}
-
-func AddToVerificationRecord(user *User, provider *Provider, remoteAddr, recordType, dest, code string) error {
+func IsAllowSend(user *User, remoteAddr, recordType string) error {
 	var record VerificationRecord
 	record.RemoteAddr = remoteAddr
 	record.Type = recordType
@@ -89,6 +58,63 @@ func AddToVerificationRecord(user *User, provider *Provider, remoteAddr, recordT
 		return errors.New("you can only send one code in 60s")
 	}
 
+	return nil
+}
+
+func SendVerificationCodeToEmail(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
+	if provider == nil {
+		return fmt.Errorf("please set an Email provider first")
+	}
+
+	sender := organization.DisplayName
+	title := provider.Title
+	code := getRandomCode(6)
+	// "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes."
+	content := fmt.Sprintf(provider.Content, code)
+
+	if err := IsAllowSend(user, remoteAddr, provider.Category); err != nil {
+		return err
+	}
+
+	if err := SendEmail(provider, title, content, dest, sender); err != nil {
+		return err
+	}
+
+	if err := AddToVerificationRecord(user, provider, remoteAddr, provider.Category, dest, code); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func SendVerificationCodeToPhone(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
+	if provider == nil {
+		return errors.New("please set a SMS provider first")
+	}
+
+	if err := IsAllowSend(user, remoteAddr, provider.Category); err != nil {
+		return err
+	}
+
+	code := getRandomCode(6)
+	if err := SendSms(provider, code, dest); err != nil {
+		return err
+	}
+
+	if err := AddToVerificationRecord(user, provider, remoteAddr, provider.Category, dest, code); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func AddToVerificationRecord(user *User, provider *Provider, remoteAddr, recordType, dest, code string) error {
+	var record VerificationRecord
+	record.RemoteAddr = remoteAddr
+	record.Type = recordType
+	if user != nil {
+		record.User = user.GetId()
+	}
 	record.Owner = provider.Owner
 	record.Name = util.GenerateId()
 	record.CreatedTime = util.GetCurrentTime()
@@ -99,10 +125,10 @@ func AddToVerificationRecord(user *User, provider *Provider, remoteAddr, recordT
 
 	record.Receiver = dest
 	record.Code = code
-	record.Time = now
+	record.Time = time.Now().Unix()
 	record.IsUsed = false
 
-	_, err = adapter.Engine.Insert(record)
+	_, err := adapter.Engine.Insert(record)
 	if err != nil {
 		return err
 	}

object/webhook.go

@@ -37,7 +37,7 @@ type Webhook struct {
 	Method         string    `xorm:"varchar(100)" json:"method"`
 	ContentType    string    `xorm:"varchar(100)" json:"contentType"`
 	Headers        []*Header `xorm:"mediumtext" json:"headers"`
-	Events         []string  `xorm:"varchar(100)" json:"events"`
+	Events         []string  `xorm:"varchar(1000)" json:"events"`
 	IsUserExtended bool      `json:"isUserExtended"`
 	IsEnabled      bool      `json:"isEnabled"`
 }

routers/router.go

@@ -54,6 +54,8 @@ func initAPI() {
 	beego.Router("/api/get-saml-login", &controllers.ApiController{}, "GET:GetSamlLogin")
 	beego.Router("/api/acs", &controllers.ApiController{}, "POST:HandleSamlLogin")
 	beego.Router("/api/saml/metadata", &controllers.ApiController{}, "GET:GetSamlMeta")
+	beego.Router("/api/webhook", &controllers.ApiController{}, "POST:HandleOfficialAccountEvent")
+	beego.Router("/api/get-webhook-event", &controllers.ApiController{}, "GET:GetWebhookEventType")
 
 	beego.Router("/api/get-organizations", &controllers.ApiController{}, "GET:GetOrganizations")
 	beego.Router("/api/get-organization", &controllers.ApiController{}, "GET:GetOrganization")
@@ -123,6 +125,7 @@ func initAPI() {
 
 	beego.Router("/api/get-providers", &controllers.ApiController{}, "GET:GetProviders")
 	beego.Router("/api/get-provider", &controllers.ApiController{}, "GET:GetProvider")
+	beego.Router("/api/get-global-providers", &controllers.ApiController{}, "GET:GetGlobalProviders")
 	beego.Router("/api/update-provider", &controllers.ApiController{}, "POST:UpdateProvider")
 	beego.Router("/api/add-provider", &controllers.ApiController{}, "POST:AddProvider")
 	beego.Router("/api/delete-provider", &controllers.ApiController{}, "POST:DeleteProvider")

web/src/AccountTable.js

@@ -120,7 +120,7 @@ class AccountTable extends React.Component {
         },
       },
       {
-        title: i18next.t("provider:visible"),
+        title: i18next.t("organization:Visible"),
         dataIndex: "visible",
         key: "visible",
         width: "120px",
@@ -133,7 +133,7 @@ class AccountTable extends React.Component {
         },
       },
       {
-        title: i18next.t("organization:viewRule"),
+        title: i18next.t("organization:View rule"),
         dataIndex: "viewRule",
         key: "viewRule",
         width: "155px",
@@ -160,7 +160,7 @@ class AccountTable extends React.Component {
         },
       },
       {
-        title: i18next.t("organization:modifyRule"),
+        title: i18next.t("organization:Modify rule"),
         dataIndex: "modifyRule",
         key: "modifyRule",
         width: "155px",

web/src/AdapterEditPage.js

@@ -59,7 +59,7 @@ class AdapterEditPage extends React.Component {
   }
 
   getOrganizations() {
-    OrganizationBackend.getOrganizations(this.state.organizationName)
+    OrganizationBackend.getOrganizations("admin")
       .then((res) => {
         this.setState({
           organizations: (res.msg === undefined) ? res : [],
@@ -195,7 +195,7 @@ class AdapterEditPage extends React.Component {
             {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.adapter.organization} onChange={(value => {this.updateadapterField("organization", value);})}>
+            <Select virtual={false} style={{width: "100%"}} value={this.state.adapter.organization} onChange={(value => {this.updateAdapterField("organization", value);})}>
               {
                 this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
               }

web/src/AdapterListPage.js

@@ -70,21 +70,6 @@ class AdapterListPage extends BaseListPage {
 
   renderTable(adapters) {
     const columns = [
-      {
-        title: i18next.t("general:Organization"),
-        dataIndex: "organization",
-        key: "organization",
-        width: "120px",
-        sorter: true,
-        ...this.getColumnSearchProps("organization"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/organizations/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
       {
         title: i18next.t("general:Name"),
         dataIndex: "name",
@@ -101,6 +86,21 @@ class AdapterListPage extends BaseListPage {
           );
         },
       },
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "organization",
+        key: "organization",
+        width: "120px",
+        sorter: true,
+        ...this.getColumnSearchProps("organization"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
       {
         title: i18next.t("general:Created time"),
         dataIndex: "createdTime",

web/src/App.js

@@ -221,10 +221,9 @@ class App extends Component {
         if (res.status === "ok") {
           account = res.data;
           account.organization = res.data2;
-
           this.setLanguage(account);
         } else {
-          if (res.msg !== "Please sign in first") {
+          if (res.data !== "Please login first") {
             Setting.showMessage("error", `Failed to sign in: ${res.msg}`);
           }
         }
@@ -421,13 +420,8 @@ class App extends Component {
           </Link>
         </Menu.Item>
       );
-      res.push(
-        <Menu.Item key="/providers">
-          <Link to="/providers">
-            {i18next.t("general:Providers")}
-          </Link>
-        </Menu.Item>
-      );
+    }
+    if (Setting.isLocalAdminUser(this.state.account)) {
       res.push(
         <Menu.Item key="/applications">
           <Link to="/applications">
@@ -435,9 +429,13 @@ class App extends Component {
           </Link>
         </Menu.Item>
       );
-    }
-
-    if (Setting.isLocalAdminUser(this.state.account)) {
+      res.push(
+        <Menu.Item key="/providers">
+          <Link to="/providers">
+            {i18next.t("general:Providers")}
+          </Link>
+        </Menu.Item>
+      );
       res.push(
         <Menu.Item key="/resources">
           <Link to="/resources">
@@ -566,9 +564,9 @@ class App extends Component {
           <Route exact path="/adapters" render={(props) => this.renderLoginIfNotLoggedIn(<AdapterListPage account={this.state.account} {...props} />)} />
           <Route exact path="/adapters/:organizationName/:adapterName" render={(props) => this.renderLoginIfNotLoggedIn(<AdapterEditPage account={this.state.account} {...props} />)} />
           <Route exact path="/providers" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/providers/:providerName" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderEditPage account={this.state.account} {...props} />)} />
+          <Route exact path="/providers/:organizationName/:providerName" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderEditPage account={this.state.account} {...props} />)} />
           <Route exact path="/applications" render={(props) => this.renderLoginIfNotLoggedIn(<ApplicationListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/applications/:applicationName" render={(props) => this.renderLoginIfNotLoggedIn(<ApplicationEditPage account={this.state.account} {...props} />)} />
+          <Route exact path="/applications/:organizationName/:applicationName" render={(props) => this.renderLoginIfNotLoggedIn(<ApplicationEditPage account={this.state.account} {...props} />)} />
           <Route exact path="/resources" render={(props) => this.renderLoginIfNotLoggedIn(<ResourceListPage account={this.state.account} {...props} />)} />
           {/* <Route exact path="/resources/:resourceName" render={(props) => this.renderLoginIfNotLoggedIn(<ResourceEditPage account={this.state.account} {...props} />)}/>*/}
           <Route exact path="/ldap/:ldapId" render={(props) => this.renderLoginIfNotLoggedIn(<LdapEditPage account={this.state.account} {...props} />)} />
@@ -636,7 +634,7 @@ class App extends Component {
                 {
                   this.renderAccount()
                 }
-                <SelectLanguageBox />
+                {this.state.account && <SelectLanguageBox languages={this.state.account.organization.languages} />}
               </div>
             </Header>
             <Layout style={{backgroundColor: "#f5f5f5", alignItems: "stretch"}}>
@@ -680,7 +678,7 @@ class App extends Component {
               {
                 this.renderAccount()
               }
-              <SelectLanguageBox />
+              {this.state.account && <SelectLanguageBox languages={this.state.account.organization.languages} />}
             </div>
           </Header>
           {

web/src/App.less

@@ -59,12 +59,6 @@
   height: 70px; /* Footer height */
 }
 
-#language-box-corner {
-  position: absolute;
-  top: 75px;
-  right: 0;
-}
-
 .language-box {
   background: url("@{StaticBaseUrl}/img/muti_language.svg");
   background-size: 25px, 25px;
@@ -123,7 +117,7 @@
 
 .login-form {
   text-align: center;
-  padding: 10px;
+  padding: 30px;
 }
 
 .login-content {

web/src/ApplicationEditPage.js

@@ -91,6 +91,7 @@ class ApplicationEditPage extends React.Component {
     super(props);
     this.state = {
       classes: props,
+      owner: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
       applicationName: props.match.params.applicationName,
       application: null,
       organizations: [],
@@ -141,12 +142,11 @@ class ApplicationEditPage extends React.Component {
   }
 
   getProviders() {
-    ProviderBackend.getProviders("admin")
-      .then((res) => {
-        this.setState({
-          providers: res,
-        });
+    ProviderBackend.getProviders(this.state.owner).then((res => {
+      this.setState({
+        providers: res,
       });
+    }));
   }
 
   getSamlMetadata() {
@@ -277,7 +277,7 @@ class ApplicationEditPage extends React.Component {
             {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.application.organization} onChange={(value => {this.updateApplicationField("organization", value);})}>
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.application.organization} onChange={(value => {this.updateApplicationField("organization", value);})}>
               {
                 this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
               }
@@ -781,7 +781,7 @@ class ApplicationEditPage extends React.Component {
 
   submitApplicationEdit(willExist) {
     const application = Setting.deepCopy(this.state.application);
-    ApplicationBackend.updateApplication(this.state.application.owner, this.state.applicationName, application)
+    ApplicationBackend.updateApplication("admin", this.state.applicationName, application)
       .then((res) => {
         if (res.msg === "") {
           Setting.showMessage("success", "Successfully saved");
@@ -792,7 +792,7 @@ class ApplicationEditPage extends React.Component {
           if (willExist) {
             this.props.history.push("/applications");
           } else {
-            this.props.history.push(`/applications/${this.state.application.name}`);
+            this.props.history.push(`/applications/${this.state.application.organization}/${this.state.application.name}`);
           }
         } else {
           Setting.showMessage("error", res.msg);

web/src/ApplicationListPage.js

@@ -23,11 +23,28 @@ import i18next from "i18next";
 import BaseListPage from "./BaseListPage";
 
 class ApplicationListPage extends BaseListPage {
+  constructor(props) {
+    super(props);
+    this.state = {
+      classes: props,
+      organizationName: props.account.owner,
+      data: [],
+      pagination: {
+        current: 1,
+        pageSize: 10,
+      },
+      loading: false,
+      searchText: "",
+      searchedColumn: "",
+    };
+  }
+
   newApplication() {
     const randomName = Setting.getRandomName();
     return {
-      owner: "admin", // this.props.account.applicationname,
+      owner: "admin", // this.props.account.applicationName,
       name: `application_${randomName}`,
+      organization: this.state.organizationName,
       createdTime: moment().format(),
       displayName: `New Application - ${randomName}`,
       logo: `${Setting.StaticBaseUrl}/img/casdoor-logo_1185x256.png`,
@@ -61,7 +78,7 @@ class ApplicationListPage extends BaseListPage {
     const newApplication = this.newApplication();
     ApplicationBackend.addApplication(newApplication)
       .then((res) => {
-        this.props.history.push({pathname: `/applications/${newApplication.name}`, mode: "add"});
+        this.props.history.push({pathname: `/applications/${newApplication.organization}/${newApplication.name}`, mode: "add"});
       }
       )
       .catch(error => {
@@ -96,7 +113,7 @@ class ApplicationListPage extends BaseListPage {
         ...this.getColumnSearchProps("name"),
         render: (text, record, index) => {
           return (
-            <Link to={`/applications/${text}`}>
+            <Link to={`/applications/${record.organization}/${text}`}>
               {text}
             </Link>
           );
@@ -213,7 +230,7 @@ class ApplicationListPage extends BaseListPage {
         render: (text, record, index) => {
           return (
             <div>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/applications/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/applications/${record.organization}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
               <Popconfirm
                 title={`Sure to delete application: ${record.name} ?`}
                 onConfirm={() => this.deleteApplication(index)}
@@ -254,7 +271,8 @@ class ApplicationListPage extends BaseListPage {
     const field = params.searchedColumn, value = params.searchText;
     const sortField = params.sortField, sortOrder = params.sortOrder;
     this.setState({loading: true});
-    ApplicationBackend.getApplications("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    (Setting.isAdminUser(this.props.account) ? ApplicationBackend.getApplications("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder) :
+      ApplicationBackend.getApplicationsByOrganization("admin", this.state.organizationName, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
       .then((res) => {
         if (res.status === "ok") {
           this.setState({

web/src/ModelListPage.js

@@ -63,21 +63,6 @@ class ModelListPage extends BaseListPage {
 
   renderTable(models) {
     const columns = [
-      {
-        title: i18next.t("general:Organization"),
-        dataIndex: "owner",
-        key: "owner",
-        width: "120px",
-        sorter: true,
-        ...this.getColumnSearchProps("owner"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/organizations/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
       {
         title: i18next.t("general:Name"),
         dataIndex: "name",
@@ -94,6 +79,21 @@ class ModelListPage extends BaseListPage {
           );
         },
       },
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "owner",
+        key: "owner",
+        width: "120px",
+        sorter: true,
+        ...this.getColumnSearchProps("owner"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
       {
         title: i18next.t("general:Created time"),
         dataIndex: "createdTime",

web/src/OrganizationEditPage.js

@@ -255,6 +255,31 @@ class OrganizationEditPage extends React.Component {
             }} />
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Languages"), i18next.t("general:Languages - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} mode="tags" style={{width: "100%"}}
+              value={this.state.organization.languages}
+              onChange={(value => {
+                this.updateOrganizationField("languages", value);
+              })} >
+              {
+                [
+                  {value: "en", label: "English"},
+                  {value: "zh", label: "简体中文"},
+                  {value: "es", label: "Español"},
+                  {value: "fr", label: "Français"},
+                  {value: "de", label: "Deutsch"},
+                  {value: "ja", label: "日本語"},
+                  {value: "ko", label: "한국어"},
+                  {value: "ru", label: "Русский"},
+                ].map((item, index) => <Option key={index} value={item.value}>{item.label}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 19 : 2}>
             {Setting.getLabel(i18next.t("organization:Soft deletion"), i18next.t("organization:Soft deletion - Tooltip"))} :

web/src/OrganizationListPage.js

@@ -37,6 +37,7 @@ class OrganizationListPage extends BaseListPage {
       defaultAvatar: `${Setting.StaticBaseUrl}/img/casbin.svg`,
       defaultApplication: "",
       tags: [],
+      languages: ["en", "zh", "es", "fr", "de", "ja", "ko", "ru"],
       masterPassword: "",
       enableSoftDeletion: false,
       isProfilePublic: true,

web/src/PaymentListPage.js

@@ -76,6 +76,38 @@ class PaymentListPage extends BaseListPage {
 
   renderTable(payments) {
     const columns = [
+      {
+        title: i18next.t("general:Name"),
+        dataIndex: "name",
+        key: "name",
+        width: "180px",
+        fixed: "left",
+        sorter: true,
+        ...this.getColumnSearchProps("name"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/payments/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:Provider"),
+        dataIndex: "provider",
+        key: "provider",
+        width: "150px",
+        fixed: "left",
+        sorter: true,
+        ...this.getColumnSearchProps("provider"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/providers/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
       {
         title: i18next.t("general:Organization"),
         dataIndex: "organization",
@@ -106,22 +138,7 @@ class PaymentListPage extends BaseListPage {
           );
         },
       },
-      {
-        title: i18next.t("general:Name"),
-        dataIndex: "name",
-        key: "name",
-        width: "180px",
-        fixed: "left",
-        sorter: true,
-        ...this.getColumnSearchProps("name"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/payments/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
+
       {
         title: i18next.t("general:Created time"),
         dataIndex: "createdTime",
@@ -140,22 +157,6 @@ class PaymentListPage extends BaseListPage {
       //   sorter: true,
       //   ...this.getColumnSearchProps('displayName'),
       // },
-      {
-        title: i18next.t("general:Provider"),
-        dataIndex: "provider",
-        key: "provider",
-        width: "150px",
-        fixed: "left",
-        sorter: true,
-        ...this.getColumnSearchProps("provider"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/providers/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
       {
         title: i18next.t("payment:Type"),
         dataIndex: "type",

web/src/PermissionListPage.js

@@ -29,7 +29,7 @@ class PermissionListPage extends BaseListPage {
       name: `permission_${randomName}`,
       createdTime: moment().format(),
       displayName: `New Permission - ${randomName}`,
-      users: [this.props.account.name],
+      users: [`${this.props.account.owner}/${this.props.account.name}`],
       roles: [],
       domains: [],
       resourceType: "Application",
@@ -77,21 +77,7 @@ class PermissionListPage extends BaseListPage {
 
   renderTable(permissions) {
     const columns = [
-      {
-        title: i18next.t("general:Organization"),
-        dataIndex: "owner",
-        key: "owner",
-        width: "120px",
-        sorter: true,
-        ...this.getColumnSearchProps("owner"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/organizations/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
+      // https://github.com/ant-design/ant-design/issues/22184
       {
         title: i18next.t("general:Name"),
         dataIndex: "name",
@@ -108,6 +94,21 @@ class PermissionListPage extends BaseListPage {
           );
         },
       },
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "owner",
+        key: "owner",
+        width: "120px",
+        sorter: true,
+        ...this.getColumnSearchProps("owner"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
       {
         title: i18next.t("general:Created time"),
         dataIndex: "createdTime",

web/src/ProviderEditPage.js

@@ -22,6 +22,7 @@ import {authConfig} from "./auth/Auth";
 import * as ProviderEditTestEmail from "./TestEmailWidget";
 import copy from "copy-to-clipboard";
 import {CaptchaPreview} from "./common/CaptchaPreview";
+import * as OrganizationBackend from "./backend/OrganizationBackend";
 
 const {Option} = Select;
 const {TextArea} = Input;
@@ -32,17 +33,20 @@ class ProviderEditPage extends React.Component {
     this.state = {
       classes: props,
       providerName: props.match.params.providerName,
+      owner: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
       provider: null,
+      organizations: [],
       mode: props.location.mode !== undefined ? props.location.mode : "edit",
     };
   }
 
   UNSAFE_componentWillMount() {
+    this.getOrganizations();
     this.getProvider();
   }
 
   getProvider() {
-    ProviderBackend.getProvider("admin", this.state.providerName)
+    ProviderBackend.getProvider(this.state.owner, this.state.providerName)
       .then((provider) => {
         this.setState({
           provider: provider,
@@ -50,6 +54,17 @@ class ProviderEditPage extends React.Component {
       });
   }
 
+  getOrganizations() {
+    if (Setting.isAdminUser(this.props.account)) {
+      OrganizationBackend.getOrganizations("admin")
+        .then((res) => {
+          this.setState({
+            organizations: res.msg === undefined ? res : [],
+          });
+        });
+    }
+  }
+
   parseProviderField(key, value) {
     if (["port"].includes(key)) {
       value = Setting.myParseInt(value);
@@ -190,6 +205,19 @@ class ProviderEditPage extends React.Component {
             }} />
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.provider.owner} onChange={(value => {this.updateProviderField("owner", value);})}>
+              {Setting.isAdminUser(this.props.account) ? <Option key={"admin"} value={"admin"}>{i18next.t("provider:admin (share)")}</Option> : null}
+              {
+                this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("provider:Category"), i18next.t("provider:Category - Tooltip"))} :
@@ -423,6 +451,20 @@ class ProviderEditPage extends React.Component {
             </React.Fragment>
           )
         }
+        {
+          this.state.provider.type !== "WeChat" ? null : (
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("provider:Enable QR code"), i18next.t("provider:Enable QR code - Tooltip"))} :
+              </Col>
+              <Col span={1} >
+                <Switch checked={this.state.provider.disableSsl} onChange={checked => {
+                  this.updateProviderField("disableSsl", checked);
+                }} />
+              </Col>
+            </Row>
+          )
+        }
         {
           this.state.provider.type !== "Adfs" && this.state.provider.type !== "Casdoor" && this.state.provider.type !== "Okta" ? null : (
             <Row style={{marginTop: "20px"}} >
@@ -469,6 +511,16 @@ class ProviderEditPage extends React.Component {
                 }} />
               </Col>
             </Row>
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={2}>
+                {Setting.getLabel(i18next.t("provider:Path prefix"), i18next.t("provider:The prefix path of the file - Tooltip"))} :
+              </Col>
+              <Col span={22} >
+                <Input value={this.state.provider.pathPrefix} onChange={e => {
+                  this.updateProviderField("pathPrefix", e.target.value);
+                }} />
+              </Col>
+            </Row>
             <Row style={{marginTop: "20px"}} >
               <Col style={{marginTop: "5px"}} span={2}>
                 {Setting.getLabel(i18next.t("provider:Domain"), i18next.t("provider:Domain - Tooltip"))} :
@@ -735,18 +787,19 @@ class ProviderEditPage extends React.Component {
 
   submitProviderEdit(willExist) {
     const provider = Setting.deepCopy(this.state.provider);
-    ProviderBackend.updateProvider(this.state.provider.owner, this.state.providerName, provider)
+    ProviderBackend.updateProvider(this.state.owner, this.state.providerName, provider)
       .then((res) => {
         if (res.msg === "") {
           Setting.showMessage("success", "Successfully saved");
           this.setState({
+            owner: this.state.provider.owner,
             providerName: this.state.provider.name,
           });
 
           if (willExist) {
             this.props.history.push("/providers");
           } else {
-            this.props.history.push(`/providers/${this.state.provider.name}`);
+            this.props.history.push(`/providers/${this.state.provider.owner}/${this.state.provider.name}`);
           }
         } else {
           Setting.showMessage("error", res.msg);

web/src/ProviderListPage.js

@@ -23,10 +23,25 @@ import i18next from "i18next";
 import BaseListPage from "./BaseListPage";
 
 class ProviderListPage extends BaseListPage {
+  constructor(props) {
+    super(props);
+    this.state = {
+      classes: props,
+      owner: Setting.isAdminUser(props.account) ? "admin" : props.account.owner,
+      data: [],
+      pagination: {
+        current: 1,
+        pageSize: 10,
+      },
+      loading: false,
+      searchText: "",
+      searchedColumn: "",
+    };
+  }
   newProvider() {
     const randomName = Setting.getRandomName();
     return {
-      owner: "admin", // this.props.account.providername,
+      owner: this.state.owner,
       name: `provider_${randomName}`,
       createdTime: moment().format(),
       displayName: `New Provider - ${randomName}`,
@@ -46,7 +61,7 @@ class ProviderListPage extends BaseListPage {
     const newProvider = this.newProvider();
     ProviderBackend.addProvider(newProvider)
       .then((res) => {
-        this.props.history.push({pathname: `/providers/${newProvider.name}`, mode: "add"});
+        this.props.history.push({pathname: `/providers/${newProvider.owner}/${newProvider.name}`, mode: "add"});
       }
       )
       .catch(error => {
@@ -81,12 +96,20 @@ class ProviderListPage extends BaseListPage {
         ...this.getColumnSearchProps("name"),
         render: (text, record, index) => {
           return (
-            <Link to={`/providers/${text}`}>
+            <Link to={`/providers/${record.owner}/${text}`}>
               {text}
             </Link>
           );
         },
       },
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "owner",
+        key: "owner",
+        width: "150px",
+        sorter: true,
+        ...this.getColumnSearchProps("owner"),
+      },
       {
         title: i18next.t("general:Created time"),
         dataIndex: "createdTime",
@@ -177,12 +200,12 @@ class ProviderListPage extends BaseListPage {
         render: (text, record, index) => {
           return (
             <div>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/providers/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <Button disabled={!Setting.isAdminUser(this.props.account) && (record.owner !== this.props.account.owner)} style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/providers/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
               <Popconfirm
                 title={`Sure to delete provider: ${record.name} ?`}
                 onConfirm={() => this.deleteProvider(index)}
               >
-                <Button style={{marginBottom: "10px"}} type="danger">{i18next.t("general:Delete")}</Button>
+                <Button disabled={!Setting.isAdminUser(this.props.account) && (record.owner !== this.props.account.owner)} style={{marginBottom: "10px"}} type="danger">{i18next.t("general:Delete")}</Button>
               </Popconfirm>
             </div>
           );
@@ -224,7 +247,8 @@ class ProviderListPage extends BaseListPage {
       value = params.type;
     }
     this.setState({loading: true});
-    ProviderBackend.getProviders("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    (Setting.isAdminUser(this.props.account) ? ProviderBackend.getGlobalProviders(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      : ProviderBackend.getProviders(this.state.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
       .then((res) => {
         if (res.status === "ok") {
           this.setState({

web/src/ProviderTable.js

@@ -39,7 +39,7 @@ class ProviderTable extends React.Component {
   }
 
   addRow(table) {
-    const row = {name: Setting.getNewRowNameForTable(table, "Please select a provider"), canSignUp: true, canSignIn: true, canUnlink: true, alertType: "None"};
+    const row = {name: Setting.getNewRowNameForTable(table, "Please select a provider"), canSignUp: true, canSignIn: true, canUnlink: true, alertType: "None", rule: "None"};
     if (table === undefined) {
       table = [];
     }
@@ -105,7 +105,7 @@ class ProviderTable extends React.Component {
         },
       },
       {
-        title: i18next.t("provider:canSignUp"),
+        title: i18next.t("provider:Can signup"),
         dataIndex: "canSignUp",
         key: "canSignUp",
         width: "120px",
@@ -122,7 +122,7 @@ class ProviderTable extends React.Component {
         },
       },
       {
-        title: i18next.t("provider:canSignIn"),
+        title: i18next.t("provider:Can signin"),
         dataIndex: "canSignIn",
         key: "canSignIn",
         width: "120px",
@@ -139,7 +139,7 @@ class ProviderTable extends React.Component {
         },
       },
       {
-        title: i18next.t("provider:canUnlink"),
+        title: i18next.t("provider:Can unlink"),
         dataIndex: "canUnlink",
         key: "canUnlink",
         width: "120px",
@@ -156,7 +156,7 @@ class ProviderTable extends React.Component {
         },
       },
       {
-        title: i18next.t("provider:prompted"),
+        title: i18next.t("provider:Prompted"),
         dataIndex: "prompted",
         key: "prompted",
         width: "120px",
@@ -193,6 +193,28 @@ class ProviderTable extends React.Component {
       //     )
       //   }
       // },
+      {
+        title: i18next.t("application:Rule"),
+        dataIndex: "rule",
+        key: "rule",
+        width: "100px",
+        render: (text, record, index) => {
+          if (record.provider?.category !== "Captcha") {
+            return null;
+          }
+          return (
+            <Select virtual={false} style={{width: "100%"}}
+              value={text}
+              defaultValue="None"
+              onChange={value => {
+                this.updateField(table, index, "rule", value);
+              }} >
+              <Option key="None" value="None">{i18next.t("application:None")}</Option>
+              <Option key="Always" value="Always">{i18next.t("application:Always")}</Option>
+            </Select>
+          );
+        },
+      },
       {
         title: i18next.t("general:Action"),
         key: "action",

web/src/ResourceListPage.js

@@ -95,7 +95,7 @@ class ResourceListPage extends BaseListPage {
         ...this.getColumnSearchProps("provider"),
         render: (text, record, index) => {
           return (
-            <Link to={`/providers/${text}`}>
+            <Link to={`/providers/${record.owner}/${text}`}>
               {text}
             </Link>
           );

web/src/RoleEditPage.js

@@ -173,7 +173,7 @@ class RoleEditPage extends React.Component {
               this.updateRoleField("domains", value);
             })}>
               {
-                this.state.role.domains.map((domain, index) => <Option key={index} value={domain}>{domain}</Option>)
+                this.state.role.domains?.map((domain, index) => <Option key={index} value={domain}>{domain}</Option>)
               }
             </Select>
           </Col>

web/src/RoleListPage.js

@@ -65,21 +65,6 @@ class RoleListPage extends BaseListPage {
 
   renderTable(roles) {
     const columns = [
-      {
-        title: i18next.t("general:Organization"),
-        dataIndex: "owner",
-        key: "owner",
-        width: "120px",
-        sorter: true,
-        ...this.getColumnSearchProps("owner"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/organizations/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
       {
         title: i18next.t("general:Name"),
         dataIndex: "name",
@@ -96,6 +81,21 @@ class RoleListPage extends BaseListPage {
           );
         },
       },
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "owner",
+        key: "owner",
+        width: "120px",
+        sorter: true,
+        ...this.getColumnSearchProps("owner"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
       {
         title: i18next.t("general:Created time"),
         dataIndex: "createdTime",

web/src/SelectLanguageBox.js

@@ -28,28 +28,45 @@ class SelectLanguageBox extends React.Component {
     super(props);
     this.state = {
       classes: props,
+      languages: props.languages ?? ["en", "zh", "es", "fr", "de", "ja", "ko", "ru"],
     };
   }
 
+  items = [
+    this.getItem("English", "en", flagIcon("US", "English")),
+    this.getItem("简体中文", "zh", flagIcon("CN", "简体中文")),
+    this.getItem("Español", "es", flagIcon("ES", "Español")),
+    this.getItem("Français", "fr", flagIcon("FR", "Français")),
+    this.getItem("Deutsch", "de", flagIcon("DE", "Deutsch")),
+    this.getItem("日本語", "ja", flagIcon("JP", "日本語")),
+    this.getItem("한국어", "ko", flagIcon("KR", "한국어")),
+    this.getItem("Русский", "ru", flagIcon("RU", "Русский")),
+  ];
+
+  getOrganizationLanguages(languages) {
+    const select = [];
+    for (const language of languages) {
+      this.items.map((item, index) => item.key === language ? select.push(item) : null);
+    }
+    return select;
+  }
+
+  getItem(label, key, icon) {
+    return {key, icon, label};
+  }
+
   render() {
+    const languageItems = this.getOrganizationLanguages(this.state.languages);
     const menu = (
-      <Menu onClick={(e) => {
-        Setting.changeLanguage(e.key);
+      <Menu items={languageItems} onClick={(e) => {
+        Setting.setLanguage(e.key);
       }}>
-        <Menu.Item key="en" icon={flagIcon("US", "English")}>English</Menu.Item>
-        <Menu.Item key="zh" icon={flagIcon("CN", "简体中文")}>简体中文</Menu.Item>
-        <Menu.Item key="es" icon={flagIcon("ES", "Español")}>Español</Menu.Item>
-        <Menu.Item key="fr" icon={flagIcon("FR", "Français")}>Français</Menu.Item>
-        <Menu.Item key="de" icon={flagIcon("DE", "Deutsch")}>Deutsch</Menu.Item>
-        <Menu.Item key="ja" icon={flagIcon("JP", "日本語")}>日本語</Menu.Item>
-        <Menu.Item key="ko" icon={flagIcon("KR", "한국어")}>한국어</Menu.Item>
-        <Menu.Item key="ru" icon={flagIcon("RU", "Русский")}>Русский</Menu.Item>
       </Menu>
     );
 
     return (
       <Dropdown overlay={menu} >
-        <div className="language-box" id={this.props.id} style={this.props.style} />
+        <div className="language-box" style={{display: languageItems.length === 0 ? "none" : null, ...this.props.style}} />
       </Dropdown>
     );
   }

web/src/Setting.js

@@ -12,9 +12,10 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+import React from "react";
+import {Link} from "react-router-dom";
 import {Tag, Tooltip, message} from "antd";
 import {QuestionCircleTwoTone} from "@ant-design/icons";
-import React from "react";
 import {isMobile as isMobileDevice} from "react-device-detect";
 import "./i18n";
 import i18next from "i18next";
@@ -22,7 +23,6 @@ import copy from "copy-to-clipboard";
 import {authConfig} from "./auth/Auth";
 import {Helmet} from "react-helmet";
 import * as Conf from "./Conf";
-import {Link} from "react-router-dom";
 import * as path from "path-browserify";
 
 export const ServerUrl = "";
@@ -552,13 +552,6 @@ export function setLanguage(language) {
   i18next.changeLanguage(language);
 }
 
-export function changeLanguage(language) {
-  localStorage.setItem("language", language);
-  changeMomentLanguage(language);
-  i18next.changeLanguage(language);
-  // window.location.reload(true);
-}
-
 export function getAcceptLanguage() {
   return i18next.language + ";q=0.9,en;q=0.8";
 }
@@ -743,26 +736,30 @@ export function renderLogo(application) {
   }
 }
 
-export function goToLogin(ths, application) {
+export function getLoginLink(application) {
+  let url;
   if (application === null) {
-    return;
-  }
-
-  if (!application.enablePassword && window.location.pathname.includes("/auto-signup/oauth/authorize")) {
-    const link = window.location.href.replace("/auto-signup/oauth/authorize", "/login/oauth/authorize");
-    goToLink(link);
-    return;
-  }
-
-  if (authConfig.appName === application.name) {
-    goToLinkSoft(ths, "/login");
+    url = null;
+  } else if (!application.enablePassword && window.location.pathname.includes("/auto-signup/oauth/authorize")) {
+    url = window.location.href.replace("/auto-signup/oauth/authorize", "/login/oauth/authorize");
+  } else if (authConfig.appName === application.name) {
+    url = "/login";
+  } else if (application.signinUrl === "") {
+    url = path.join(application.homepageUrl, "/login");
   } else {
-    if (application.signinUrl === "") {
-      goToLink(path.join(application.homepageUrl, "login"));
-    } else {
-      goToLink(application.signinUrl);
-    }
+    url = application.signinUrl;
   }
+  return url;
+}
+
+export function renderLoginLink(application, text) {
+  const url = getLoginLink(application);
+  return renderLink(url, text, null);
+}
+
+export function redirectToLoginPage(application, history) {
+  const loginLink = getLoginLink(application);
+  history.push(loginLink);
 }
 
 function renderLink(url, text, onClick) {

web/src/SignupTable.js

@@ -104,7 +104,7 @@ class SignupTable extends React.Component {
         },
       },
       {
-        title: i18next.t("provider:visible"),
+        title: i18next.t("provider:Visible"),
         dataIndex: "visible",
         key: "visible",
         width: "120px",
@@ -126,7 +126,7 @@ class SignupTable extends React.Component {
         },
       },
       {
-        title: i18next.t("provider:required"),
+        title: i18next.t("provider:Required"),
         dataIndex: "required",
         key: "required",
         width: "120px",
@@ -143,7 +143,7 @@ class SignupTable extends React.Component {
         },
       },
       {
-        title: i18next.t("provider:prompted"),
+        title: i18next.t("provider:Prompted"),
         dataIndex: "prompted",
         key: "prompted",
         width: "120px",
@@ -164,7 +164,7 @@ class SignupTable extends React.Component {
         },
       },
       {
-        title: i18next.t("application:rule"),
+        title: i18next.t("application:Rule"),
         dataIndex: "rule",
         key: "rule",
         width: "155px",

web/src/SyncerListPage.js

@@ -88,21 +88,6 @@ class SyncerListPage extends BaseListPage {
 
   renderTable(syncers) {
     const columns = [
-      {
-        title: i18next.t("general:Organization"),
-        dataIndex: "organization",
-        key: "organization",
-        width: "120px",
-        sorter: true,
-        ...this.getColumnSearchProps("organization"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/organizations/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
       {
         title: i18next.t("general:Name"),
         dataIndex: "name",
@@ -119,6 +104,21 @@ class SyncerListPage extends BaseListPage {
           );
         },
       },
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "organization",
+        key: "organization",
+        width: "120px",
+        sorter: true,
+        ...this.getColumnSearchProps("organization"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
       {
         title: i18next.t("general:Created time"),
         dataIndex: "createdTime",

web/src/SystemInfo.js

@@ -90,37 +90,66 @@ class SystemInfo extends React.Component {
         </div> : i18next.t("system:Get Memory Usage Failed")
     );
 
-    return (
-      <Row>
-        <Col span={6}></Col>
-        <Col span={12}>
-          <Row gutter={[10, 10]}>
-            <Col span={12}>
-              <Card title={i18next.t("system:CPU Usage")} bordered={true} style={{textAlign: "center"}}>
-                {this.state.loading ? <Spin size="large" /> : CPUInfo}
-              </Card>
-            </Col>
-            <Col span={12}>
-              <Card title={i18next.t("system:Memory Usage")} bordered={true} style={{textAlign: "center"}}>
-                {this.state.loading ? <Spin size="large" /> : MemInfo}
-              </Card>
-            </Col>
-          </Row>
-          <Divider />
-          <Card title={i18next.t("system:About Casdoor")} bordered={true} style={{textAlign: "center"}}>
-            <div>{i18next.t("system:An Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML and CAS")}</div>
-            GitHub: <a href="https://github.com/casdoor/casdoor">casdoor</a>
-            <br />
-            {i18next.t("system:Version")}: <a href={this.state.href}>{this.state.latestVersion}</a>
-            <br />
-            {i18next.t("system:Official Website")}: <a href="https://casdoor.org/">casdoor.org</a>
-            <br />
-            {i18next.t("system:Community")}: <a href="https://casdoor.org/#:~:text=Casdoor%20API-,Community,-GitHub">contact us</a>
-          </Card>
-        </Col>
-        <Col span={6}></Col>
-      </Row>
-    );
+    if (!Setting.isMobile()) {
+      return (
+        <Row>
+          <Col span={6}></Col>
+          <Col span={12}>
+            <Row gutter={[10, 10]}>
+              <Col span={12}>
+                <Card title={i18next.t("system:CPU Usage")} bordered={true} style={{textAlign: "center", height: "100%"}}>
+                  {this.state.loading ? <Spin size="large" /> : CPUInfo}
+                </Card>
+              </Col>
+              <Col span={12}>
+                <Card title={i18next.t("system:Memory Usage")} bordered={true} style={{textAlign: "center", height: "100%"}}>
+                  {this.state.loading ? <Spin size="large" /> : MemInfo}
+                </Card>
+              </Col>
+            </Row>
+            <Divider />
+            <Card title={i18next.t("system:About Casdoor")} bordered={true} style={{textAlign: "center"}}>
+              <div>{i18next.t("system:An Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML and CAS")}</div>
+              GitHub: <a href="https://github.com/casdoor/casdoor">casdoor</a>
+              <br />
+              {i18next.t("system:Version")}: <a href={this.state.href}>{this.state.latestVersion}</a>
+              <br />
+              {i18next.t("system:Official Website")}: <a href="https://casdoor.org/">casdoor.org</a>
+              <br />
+              {i18next.t("system:Community")}: <a href="https://casdoor.org/#:~:text=Casdoor%20API-,Community,-GitHub">contact us</a>
+            </Card>
+          </Col>
+          <Col span={6}></Col>
+        </Row>
+      );
+    } else {
+      return (
+        <Row gutter={[16, 0]}>
+          <Col span={24}>
+            <Card title={i18next.t("system:CPU Usage")} bordered={true} style={{textAlign: "center", width: "100%"}}>
+              {this.state.loading ? <Spin size="large" /> : CPUInfo}
+            </Card>
+          </Col>
+          <Col span={24}>
+            <Card title={i18next.t("system:Memory Usage")} bordered={true} style={{textAlign: "center", width: "100%"}}>
+              {this.state.loading ? <Spin size="large" /> : MemInfo}
+            </Card>
+          </Col>
+          <Col span={24}>
+            <Card title={i18next.t("system:About Casdoor")} bordered={true} style={{textAlign: "center"}}>
+              <div>{i18next.t("system:An Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML and CAS")}</div>
+              GitHub: <a href="https://github.com/casdoor/casdoor">casdoor</a>
+              <br />
+              {i18next.t("system:Version")}: <a href={this.state.href}>{this.state.latestVersion}</a>
+              <br />
+              {i18next.t("system:Official Website")}: <a href="https://casdoor.org/">casdoor.org</a>
+              <br />
+              {i18next.t("system:Community")}: <a href="https://casdoor.org/#:~:text=Casdoor%20API-,Community,-GitHub">contact us</a>
+            </Card>
+          </Col>
+        </Row>
+      );
+    }
   }
 }
 

web/src/TokenListPage.js

@@ -102,7 +102,7 @@ class TokenListPage extends BaseListPage {
         ...this.getColumnSearchProps("application"),
         render: (text, record, index) => {
           return (
-            <Link to={`/applications/${text}`}>
+            <Link to={`/applications/${record.organization}/${text}`}>
               {text}
             </Link>
           );

web/src/UserListPage.js

@@ -17,6 +17,7 @@ import {Link} from "react-router-dom";
 import {Button, Popconfirm, Switch, Table, Upload} from "antd";
 import {UploadOutlined} from "@ant-design/icons";
 import moment from "moment";
+import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as Setting from "./Setting";
 import * as UserBackend from "./backend/UserBackend";
 import i18next from "i18next";
@@ -28,6 +29,7 @@ class UserListPage extends BaseListPage {
     this.state = {
       classes: props,
       organizationName: props.match.params.organizationName,
+      organization: null,
       data: [],
       pagination: {
         current: 1,
@@ -165,7 +167,7 @@ class UserListPage extends BaseListPage {
         ...this.getColumnSearchProps("signupApplication"),
         render: (text, record, index) => {
           return (
-            <Link to={`/applications/${text}`}>
+            <Link to={`/applications/${record.owner}/${text}`}>
               {text}
             </Link>
           );
@@ -271,6 +273,15 @@ class UserListPage extends BaseListPage {
         width: "110px",
         sorter: true,
         ...this.getColumnSearchProps("tag"),
+        render: (text, record, index) => {
+          const tagMap = {};
+          this.state.organization?.tags?.map((tag, index) => {
+            const tokens = tag.split("|");
+            const displayValue = Setting.getLanguage() !== "zh" ? tokens[0] : tokens[1];
+            tagMap[tokens[0]] = displayValue;
+          });
+          return tagMap[text];
+        },
       },
       {
         title: i18next.t("user:Is admin"),
@@ -352,7 +363,7 @@ class UserListPage extends BaseListPage {
 
     return (
       <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={users} rowKey="name" size="middle" bordered pagination={paginationProps}
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={users} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
           title={() => (
             <div>
               {i18next.t("general:Users")}&nbsp;&nbsp;&nbsp;&nbsp;
@@ -387,6 +398,11 @@ class UserListPage extends BaseListPage {
               searchText: params.searchText,
               searchedColumn: params.searchedColumn,
             });
+
+            const users = res.data;
+            if (users.length > 0) {
+              this.getOrganization(users[0].owner);
+            }
           }
         });
     } else {
@@ -403,10 +419,24 @@ class UserListPage extends BaseListPage {
               searchText: params.searchText,
               searchedColumn: params.searchedColumn,
             });
+
+            const users = res.data;
+            if (users.length > 0) {
+              this.getOrganization(users[0].owner);
+            }
           }
         });
     }
   };
+
+  getOrganization(organizationName) {
+    OrganizationBackend.getOrganization("admin", organizationName)
+      .then((organization) => {
+        this.setState({
+          organization: organization,
+        });
+      });
+  }
 }
 
 export default UserListPage;

web/src/WebhookEditPage.js

@@ -244,7 +244,7 @@ class WebhookEditPage extends React.Component {
               }} >
               {
                 (
-                  ["signup", "login", "logout", "update-user"].map((option, index) => {
+                  ["signup", "login", "logout", "add-user", "update-user", "add-organization", "update-organization", "add-provider", "update-provider"].map((option, index) => {
                     return (
                       <Option key={option} value={option}>{option}</Option>
                     );

web/src/WebhookListPage.js

@@ -67,21 +67,6 @@ class WebhookListPage extends BaseListPage {
 
   renderTable(webhooks) {
     const columns = [
-      {
-        title: i18next.t("general:Organization"),
-        dataIndex: "organization",
-        key: "organization",
-        width: "110px",
-        sorter: true,
-        ...this.getColumnSearchProps("organization"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/organizations/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
       {
         title: i18next.t("general:Name"),
         dataIndex: "name",
@@ -98,6 +83,21 @@ class WebhookListPage extends BaseListPage {
           );
         },
       },
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "organization",
+        key: "organization",
+        width: "110px",
+        sorter: true,
+        ...this.getColumnSearchProps("organization"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
       {
         title: i18next.t("general:Created time"),
         dataIndex: "createdTime",

web/src/auth/AuthBackend.js

@@ -54,7 +54,7 @@ export function oAuthParamsToQuery(oAuthParams) {
   }
 
   // code
-  return `?clientId=${oAuthParams.clientId}&responseType=${oAuthParams.responseType}&redirectUri=${oAuthParams.redirectUri}&scope=${oAuthParams.scope}&state=${oAuthParams.state}&nonce=${oAuthParams.nonce}&code_challenge_method=${oAuthParams.challengeMethod}&code_challenge=${oAuthParams.codeChallenge}`;
+  return `?clientId=${oAuthParams.clientId}&responseType=${oAuthParams.responseType}&redirectUri=${encodeURIComponent(oAuthParams.redirectUri)}&scope=${oAuthParams.scope}&state=${oAuthParams.state}&nonce=${oAuthParams.nonce}&code_challenge_method=${oAuthParams.challengeMethod}&code_challenge=${oAuthParams.codeChallenge}`;
 }
 
 export function getApplicationLogin(oAuthParams) {
@@ -130,3 +130,13 @@ export function loginWithSaml(values, param) {
     },
   }).then(res => res.json());
 }
+
+export function getWechatMessageEvent() {
+  return fetch(`${Setting.ServerUrl}/api/get-webhook-event`, {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}

web/src/auth/ForgetPage.js

@@ -23,6 +23,7 @@ import {CountDownInput} from "../common/CountDownInput";
 import * as UserBackend from "../backend/UserBackend";
 import {CheckCircleOutlined, KeyOutlined, LockOutlined, SolutionOutlined, UserOutlined} from "@ant-design/icons";
 import CustomGithubCorner from "../CustomGithubCorner";
+import {withRouter} from "react-router-dom";
 
 const {Step} = Steps;
 const {Option} = Select;
@@ -166,7 +167,7 @@ class ForgetPage extends React.Component {
     values.userOwner = this.state.application?.organizationObj.name;
     UserBackend.setPassword(values.userOwner, values.username, "", values?.newPassword).then(res => {
       if (res.status === "ok") {
-        Setting.goToLogin(this, this.state.application);
+        Setting.redirectToLoginPage(this.state.application, this.props.history);
       } else {
         Setting.showMessage("error", i18next.t(`signup:${res.msg}`));
       }
@@ -489,7 +490,7 @@ class ForgetPage extends React.Component {
     return (
       <div className="loginBackground" style={{backgroundImage: Setting.inIframe() || Setting.isMobile() ? null : `url(${application.formBackgroundUrl})`}}>
         <CustomGithubCorner />
-        <div className="login-content forget-content">
+        <div className="login-content forget-content" style={{padding: Setting.isMobile() ? "0" : null, boxShadow: Setting.isMobile() ? "none" : null}}>
           <Row>
             <Col span={24} style={{justifyContent: "center"}}>
               <Row>
@@ -550,4 +551,4 @@ class ForgetPage extends React.Component {
   }
 }
 
-export default ForgetPage;
+export default withRouter(ForgetPage);

web/src/auth/LoginPage.js

@@ -13,7 +13,6 @@
 // limitations under the License.
 
 import React from "react";
-import {Link} from "react-router-dom";
 import {Button, Checkbox, Col, Form, Input, Result, Row, Spin, Tabs} from "antd";
 import {LockOutlined, UserOutlined} from "@ant-design/icons";
 import * as UserWebauthnBackend from "../backend/UserWebauthnBackend";
@@ -29,7 +28,7 @@ import i18next from "i18next";
 import CustomGithubCorner from "../CustomGithubCorner";
 import {CountDownInput} from "../common/CountDownInput";
 import SelectLanguageBox from "../SelectLanguageBox";
-import {withTranslation} from "react-i18next";
+import {CaptchaModal} from "../common/CaptchaModal";
 
 const {TabPane} = Tabs;
 
@@ -49,6 +48,9 @@ class LoginPage extends React.Component {
       validEmail: false,
       validPhone: false,
       loginMethod: "password",
+      enableCaptchaModal: false,
+      openCaptchaModal: false,
+      verifyCaptcha: undefined,
     };
 
     if (this.state.type === "cas" && props.match?.params.casApplicationName !== undefined) {
@@ -69,6 +71,18 @@ class LoginPage extends React.Component {
     }
   }
 
+  componentDidUpdate(prevProps, prevState, snapshot) {
+    if (this.state.application && !prevState.application) {
+      const defaultCaptchaProviderItems = this.getDefaultCaptchaProviderItems(this.state.application);
+
+      if (!defaultCaptchaProviderItems) {
+        return;
+      }
+
+      this.setState({enableCaptchaModal: defaultCaptchaProviderItems.some(providerItem => providerItem.rule === "Always")});
+    }
+  }
+
   getApplicationLogin() {
     const oAuthParams = Util.getOAuthGetParameters();
     AuthBackend.getApplicationLogin(oAuthParams)
@@ -226,6 +240,23 @@ class LoginPage extends React.Component {
       return;
     }
 
+    if (this.state.loginMethod === "password" && this.state.enableCaptchaModal) {
+      this.setState({
+        openCaptchaModal: true,
+        verifyCaptcha: (captchaType, captchaToken, secret) => {
+          values["captchaType"] = captchaType;
+          values["captchaToken"] = captchaToken;
+          values["clientSecret"] = secret;
+
+          this.login(values);
+        },
+      });
+    } else {
+      this.login(values);
+    }
+  }
+
+  login(values) {
     // here we are supposed to determine whether Casdoor is working as an OAuth server or CAS server
     if (this.state.type === "cas") {
       // CAS
@@ -240,6 +271,8 @@ class LoginPage extends React.Component {
           }
           Util.showMessage("success", msg);
 
+          this.setState({openCaptchaModal: false});
+
           if (casParams.service !== "") {
             const st = res.data;
             const newUrl = new URL(casParams.service);
@@ -247,6 +280,7 @@ class LoginPage extends React.Component {
             window.location.href = newUrl.toString();
           }
         } else {
+          this.setState({openCaptchaModal: false});
           Util.showMessage("error", `Failed to log in: ${res.msg}`);
         }
       });
@@ -259,6 +293,7 @@ class LoginPage extends React.Component {
         .then((res) => {
           if (res.status === "ok") {
             const responseType = values["type"];
+
             if (responseType === "login") {
               Util.showMessage("success", "Logged in successfully");
 
@@ -276,6 +311,7 @@ class LoginPage extends React.Component {
               Setting.goToLink(`${redirectUri}?SAMLResponse=${encodeURIComponent(SAMLResponse)}&RelayState=${oAuthParams.relayState}`);
             }
           } else {
+            this.setState({openCaptchaModal: false});
             Util.showMessage("error", `Failed to log in: ${res.msg}`);
           }
         });
@@ -302,13 +338,11 @@ class LoginPage extends React.Component {
           title="Sign Up Error"
           subTitle={"The application does not allow to sign up new account"}
           extra={[
-            <Link key="login" onClick={() => {
-              Setting.goToLogin(this, application);
-            }}>
-              <Button type="primary" key="signin">
-                Sign In
-              </Button>
-            </Link>,
+            <Button type="primary" key="signin" onClick={() => Setting.redirectToLoginPage(application, this.props.history)}>
+              {
+                i18next.t("login:Sign In")
+              }
+            </Button>,
           ]}
         >
         </Result>
@@ -421,6 +455,9 @@ class LoginPage extends React.Component {
                   i18next.t("login:Sign In")
               }
             </Button>
+            {
+              this.renderCaptchaModal(application)
+            }
             {
               this.renderFooter(application)
             }
@@ -463,16 +500,54 @@ class LoginPage extends React.Component {
     }
   }
 
+  getDefaultCaptchaProviderItems(application) {
+    const providers = application?.providers;
+
+    if (providers === undefined || providers === null) {
+      return null;
+    }
+
+    return providers.filter(providerItem => {
+      if (providerItem.provider === undefined || providerItem.provider === null) {
+        return false;
+      }
+
+      return providerItem.provider.category === "Captcha" && providerItem.provider.type === "Default";
+    });
+  }
+
+  renderCaptchaModal(application) {
+    if (!this.state.enableCaptchaModal) {
+      return null;
+    }
+
+    const provider = this.getDefaultCaptchaProviderItems(application)
+      .filter(providerItem => providerItem.rule === "Always")
+      .map(providerItem => providerItem.provider)[0];
+
+    return <CaptchaModal
+      owner={provider.owner}
+      name={provider.name}
+      captchaType={provider.type}
+      subType={provider.subType}
+      clientId={provider.clientId}
+      clientId2={provider.clientId2}
+      clientSecret={provider.clientSecret}
+      clientSecret2={provider.clientSecret2}
+      open={this.state.openCaptchaModal}
+      onOk={(captchaType, captchaToken, secret) => this.state.verifyCaptcha?.(captchaType, captchaToken, secret)}
+      canCancel={false}
+    />;
+  }
+
   renderFooter(application) {
     if (this.state.mode === "signup") {
       return (
         <div style={{float: "right"}}>
           {i18next.t("signup:Have account?")}&nbsp;
-          <Link onClick={() => {
-            Setting.goToLogin(this, application);
-          }}>
-            {i18next.t("signup:sign in now")}
-          </Link>
+          {
+            Setting.renderLoginLink(application, i18next.t("signup:sign in now"))
+          }
         </div>
       );
     } else {
@@ -708,7 +783,6 @@ class LoginPage extends React.Component {
         <div className="login-content" style={{margin: this.parseOffset(application.formOffset)}}>
           {Setting.inIframe() ? null : <div dangerouslySetInnerHTML={{__html: application.formCss}} />}
           <div className="login-panel">
-            <SelectLanguageBox id="language-box-corner" style={{top: "50px"}} />
             <div className="side-image" style={{display: application.formOffset !== 4 ? "none" : null}}>
               <div dangerouslySetInnerHTML={{__html: application.formSideHtml}} />
             </div>
@@ -724,6 +798,7 @@ class LoginPage extends React.Component {
                   {/* {*/}
                   {/*  this.state.clientId !== null ? "Redirect" : null*/}
                   {/* }*/}
+                  <SelectLanguageBox languages={application.organizationObj.languages} style={{top: "55px", right: "5px", position: "absolute"}} />
                   {
                     this.renderSignedInBox()
                   }
@@ -740,4 +815,4 @@ class LoginPage extends React.Component {
   }
 }
 
-export default withTranslation()(LoginPage);
+export default LoginPage;

web/src/auth/PromptPage.js

@@ -22,6 +22,7 @@ import i18next from "i18next";
 import AffiliationSelect from "../common/AffiliationSelect";
 import OAuthWidget from "../common/OAuthWidget";
 import SelectRegionBox from "../SelectRegionBox";
+import {withRouter} from "react-router-dom";
 
 class PromptPage extends React.Component {
   constructor(props) {
@@ -190,7 +191,7 @@ class PromptPage extends React.Component {
           if (redirectUrl !== "" && redirectUrl !== null) {
             Setting.goToLink(redirectUrl);
           } else {
-            Setting.goToLogin(this, this.getApplicationObj());
+            Setting.redirectToLoginPage(this.getApplicationObj(), this.props.history);
           }
         } else {
           Setting.showMessage("error", `Failed to log out: ${res.msg}`);
@@ -234,10 +235,10 @@ class PromptPage extends React.Component {
           title="Sign Up Error"
           subTitle={"You are unexpected to see this prompt page"}
           extra={[
-            <Button type="primary" key="signin" onClick={() => {
-              Setting.goToLogin(this, application);
-            }}>
-              Sign In
+            <Button type="primary" key="signin" onClick={() => Setting.redirectToLoginPage(application, this.props.history)}>
+              {
+                i18next.t("login:Sign In")
+              }
             </Button>,
           ]}
         >
@@ -272,4 +273,4 @@ class PromptPage extends React.Component {
   }
 }
 
-export default PromptPage;
+export default withRouter(PromptPage);

web/src/auth/ProviderButton.js

@@ -40,6 +40,8 @@ import BilibiliLoginButton from "./BilibiliLoginButton";
 import OktaLoginButton from "./OktaLoginButton";
 import DouyinLoginButton from "./DouyinLoginButton";
 import * as AuthBackend from "./AuthBackend";
+import {getEvent} from "./Util";
+import {Modal} from "antd";
 
 function getSigninButton(type) {
   const text = i18next.t("login:Sign in with {type}").replace("{type}", type);
@@ -116,11 +118,33 @@ function getSamlUrl(provider, location) {
 export function renderProviderLogo(provider, application, width, margin, size, location) {
   if (size === "small") {
     if (provider.category === "OAuth") {
-      return (
-        <a key={provider.displayName} href={Provider.getAuthUrl(application, provider, "signup")}>
-          <img width={width} height={width} src={getProviderLogoURL(provider)} alt={provider.displayName} style={{margin: margin}} />
-        </a>
-      );
+      if (provider.type === "WeChat" && provider.clientId2 !== "" && provider.clientSecret2 !== "" && provider.content !== "" && provider.disableSsl === true && !navigator.userAgent.includes("MicroMessenger")) {
+        const info = async() => {
+          const t1 = setInterval(await getEvent, 1000, application, provider);
+          {Modal.info({
+            title: i18next.t("provider:Please use WeChat and scan the QR code to sign in"),
+            content: (
+              <div>
+                <img width={256} height={256} src = {"data:image/png;base64," + provider.content} alt="Wechat QR code" style={{margin: margin}} />
+              </div>
+            ),
+            onOk() {
+              window.clearInterval(t1);
+            },
+          });}
+        };
+        return (
+          <a key={provider.displayName} >
+            <img width={width} height={width} src={getProviderLogoURL(provider)} alt={provider.displayName} style={{margin: margin}} onClick={info} />
+          </a>
+        );
+      } else {
+        return (
+          <a key={provider.displayName} href={Provider.getAuthUrl(application, provider, "signup")}>
+            <img width={width} height={width} src={getProviderLogoURL(provider)} alt={provider.displayName} style={{margin: margin}} />
+          </a>
+        );
+      }
     } else if (provider.category === "SAML") {
       return (
         <a key={provider.displayName} onClick={() => getSamlUrl(provider, location)}>

web/src/auth/ResultPage.js

@@ -69,7 +69,7 @@ class ResultPage extends React.Component {
               if (linkInStorage !== null && linkInStorage !== "") {
                 Setting.goToLink(linkInStorage);
               } else {
-                Setting.goToLogin(this, application);
+                Setting.redirectToLoginPage(application);
               }
             }}>
               {i18next.t("login:Sign In")}

web/src/auth/SignupPage.js

@@ -26,6 +26,7 @@ import {CountDownInput} from "../common/CountDownInput";
 import SelectRegionBox from "../SelectRegionBox";
 import CustomGithubCorner from "../CustomGithubCorner";
 import SelectLanguageBox from "../SelectLanguageBox";
+import {withRouter} from "react-router-dom";
 
 const formItemLayout = {
   labelCol: {
@@ -541,10 +542,10 @@ class SignupPage extends React.Component {
           title="Sign Up Error"
           subTitle={"The application does not allow to sign up new account"}
           extra={[
-            <Button type="primary" key="signin" onClick={() => {
-              Setting.goToLogin(this, application);
-            }}>
-              Sign In
+            <Button type="primary" key="signin" onClick={() => Setting.redirectToLoginPage(application, this.props.history)}>
+              {
+                i18next.t("login:Sign In")
+              }
             </Button>,
           ]}
         >
@@ -562,7 +563,7 @@ class SignupPage extends React.Component {
           application: application.name,
           organization: application.organization,
         }}
-        style={{width: !Setting.isMobile() ? "400px" : "250px"}}
+        style={{width: !Setting.isMobile() ? "400px" : "300px"}}
         size="large"
       >
         <Form.Item
@@ -600,7 +601,7 @@ class SignupPage extends React.Component {
             if (linkInStorage !== null && linkInStorage !== "") {
               Setting.goToLink(linkInStorage);
             } else {
-              Setting.goToLogin(this, application);
+              Setting.redirectToLoginPage(application, this.props.history);
             }
           }}>
             {i18next.t("signup:sign in now")}
@@ -633,7 +634,6 @@ class SignupPage extends React.Component {
         <div className="login-content" style={{margin: this.parseOffset(application.formOffset)}}>
           {Setting.inIframe() ? null : <div dangerouslySetInnerHTML={{__html: application.formCss}} />}
           <div className="login-panel" >
-            <SelectLanguageBox id="language-box-corner" style={{top: "50px"}} />
             <div className="side-image" style={{display: application.formOffset !== 4 ? "none" : null}}>
               <div dangerouslySetInnerHTML={{__html: application.formSideHtml}} />
             </div>
@@ -645,6 +645,7 @@ class SignupPage extends React.Component {
                 {
                   Setting.renderLogo(application)
                 }
+                <SelectLanguageBox languages={application.organizationObj.languages} style={{top: "55px", right: "5px", position: "absolute"}} />
                 {
                   this.renderForm(application)
                 }
@@ -660,4 +661,4 @@ class SignupPage extends React.Component {
   }
 }
 
-export default SignupPage;
+export default withRouter(SignupPage);

web/src/auth/Util.js

@@ -14,6 +14,9 @@
 
 import React from "react";
 import {Alert, Button, Result, message} from "antd";
+import {getWechatMessageEvent} from "./AuthBackend";
+import * as Setting from "../Setting";
+import * as Provider from "./Provider";
 
 export function showMessage(type, text) {
   if (type === "success") {
@@ -150,3 +153,12 @@ export function getQueryParamsFromState(state) {
     return query;
   }
 }
+
+export function getEvent(application, provider) {
+  getWechatMessageEvent()
+    .then(res => {
+      if (res.data === "SCAN" || res.data === "subscribe") {
+        Setting.goToLink(Provider.getAuthUrl(application, provider, "signup"));
+      }
+    });
+}

web/src/backend/ApplicationBackend.js

@@ -24,8 +24,8 @@ export function getApplications(owner, page = "", pageSize = "", field = "", val
   }).then(res => res.json());
 }
 
-export function getApplicationsByOrganization(owner, organization) {
-  return fetch(`${Setting.ServerUrl}/api/get-organization-applications?owner=${owner}&organization=${organization}`, {
+export function getApplicationsByOrganization(owner, organization, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-organization-applications?owner=${owner}&organization=${organization}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
     method: "GET",
     credentials: "include",
     headers: {
@@ -68,7 +68,6 @@ export function updateApplication(owner, name, application) {
 
 export function addApplication(application) {
   const newApplication = Setting.deepCopy(application);
-  newApplication.organization = "built-in";
   return fetch(`${Setting.ServerUrl}/api/add-application`, {
     method: "POST",
     credentials: "include",

web/src/backend/ProviderBackend.js

@@ -24,6 +24,16 @@ export function getProviders(owner, page = "", pageSize = "", field = "", value
   }).then(res => res.json());
 }
 
+export function getGlobalProviders(page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-global-providers?p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
 export function getProvider(owner, name) {
   return fetch(`${Setting.ServerUrl}/api/get-provider?id=${owner}/${encodeURIComponent(name)}`, {
     method: "GET",

web/src/common/CaptchaModal.js

@@ -0,0 +1,159 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import {Button, Col, Input, Modal, Row} from "antd";
+import i18next from "i18next";
+import React, {useEffect} from "react";
+import * as UserBackend from "../backend/UserBackend";
+import {CaptchaWidget} from "./CaptchaWidget";
+import {SafetyOutlined} from "@ant-design/icons";
+
+export const CaptchaModal = ({
+  owner,
+  name,
+  captchaType,
+  subType,
+  clientId,
+  clientId2,
+  clientSecret,
+  clientSecret2,
+  open,
+  onOk,
+  onCancel,
+  canCancel,
+}) => {
+  const [visible, setVisible] = React.useState(false);
+  const [captchaImg, setCaptchaImg] = React.useState("");
+  const [captchaToken, setCaptchaToken] = React.useState("");
+  const [secret, setSecret] = React.useState(clientSecret);
+  const [secret2, setSecret2] = React.useState(clientSecret2);
+
+  useEffect(() => {
+    setVisible(() => {
+      if (open) {
+        getCaptchaFromBackend();
+      } else {
+        cleanUp();
+      }
+      return open;
+    });
+  }, [open]);
+
+  const handleOk = () => {
+    onOk?.(captchaType, captchaToken, secret);
+  };
+
+  const handleCancel = () => {
+    onCancel?.();
+  };
+
+  const cleanUp = () => {
+    setCaptchaToken("");
+  };
+
+  const getCaptchaFromBackend = () => {
+    UserBackend.getCaptcha(owner, name, true).then((res) => {
+      if (captchaType === "Default") {
+        setSecret(res.captchaId);
+        setCaptchaImg(res.captchaImage);
+      } else {
+        setSecret(res.clientSecret);
+        setSecret2(res.clientSecret2);
+      }
+    });
+  };
+
+  const renderDefaultCaptcha = () => {
+    return (
+      <Col>
+        <Row
+          style={{
+            backgroundImage: `url('data:image/png;base64,${captchaImg}')`,
+            backgroundRepeat: "no-repeat",
+            height: "80px",
+            width: "200px",
+            borderRadius: "5px",
+            border: "1px solid #ccc",
+            marginBottom: 10,
+          }}
+        />
+        <Row>
+          <Input
+            autoFocus
+            value={captchaToken}
+            prefix={<SafetyOutlined />}
+            placeholder={i18next.t("general:Captcha")}
+            onPressEnter={handleOk}
+            onChange={(e) => setCaptchaToken(e.target.value)}
+          />
+        </Row>
+      </Col>
+    );
+  };
+
+  const onSubmit = (token) => {
+    setCaptchaToken(token);
+  };
+
+  const renderCheck = () => {
+    if (captchaType === "Default") {
+      return renderDefaultCaptcha();
+    } else {
+      return (
+        <Col>
+          <Row>
+            <CaptchaWidget
+              captchaType={captchaType}
+              subType={subType}
+              siteKey={clientId}
+              clientSecret={secret}
+              onChange={onSubmit}
+              clientId2={clientId2}
+              clientSecret2={secret2}
+            />
+          </Row>
+        </Col>
+      );
+    }
+  };
+
+  const renderFooter = () => {
+    if (canCancel) {
+      return [
+        <Button key="cancel" onClick={handleCancel}>{i18next.t("user:Cancel")}</Button>,
+        <Button key="ok" type="primary" onClick={handleOk}>{i18next.t("user:OK")}</Button>,
+      ];
+    } else {
+      return [
+        <Button key="ok" type="primary" onClick={handleOk}>{i18next.t("user:OK")}</Button>,
+      ];
+    }
+  };
+
+  return (
+    <React.Fragment>
+      <Modal
+        closable={false}
+        maskClosable={false}
+        destroyOnClose={true}
+        title={i18next.t("general:Captcha")}
+        visible={visible}
+        width={348}
+        footer={renderFooter()}
+      >
+        {renderCheck()}
+      </Modal>
+    </React.Fragment>
+  );
+};

web/src/common/CaptchaPreview.js

@@ -12,13 +12,12 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import {Button, Col, Input, Modal, Row} from "antd";
+import {Button} from "antd";
 import React from "react";
 import i18next from "i18next";
-import * as UserBackend from "../backend/UserBackend";
+import {CaptchaModal} from "./CaptchaModal";
 import * as ProviderBackend from "../backend/ProviderBackend";
-import {SafetyOutlined} from "@ant-design/icons";
-import {CaptchaWidget} from "./CaptchaWidget";
+import * as UserBackend from "../backend/UserBackend";
 
 export const CaptchaPreview = ({
   provider,
@@ -33,37 +32,9 @@ export const CaptchaPreview = ({
   clientId2,
   clientSecret2,
 }) => {
-  const [visible, setVisible] = React.useState(false);
-  const [captchaImg, setCaptchaImg] = React.useState("");
-  const [captchaToken, setCaptchaToken] = React.useState("");
-  const [secret, setSecret] = React.useState(clientSecret);
-  const [secret2, setSecret2] = React.useState(clientSecret2);
-
-  const handleOk = () => {
-    UserBackend.verifyCaptcha(captchaType, captchaToken, secret).then(() => {
-      setCaptchaToken("");
-      setVisible(false);
-    });
-  };
-
-  const handleCancel = () => {
-    setVisible(false);
-  };
-
-  const getCaptchaFromBackend = () => {
-    UserBackend.getCaptcha(owner, name, true).then((res) => {
-      if (captchaType === "Default") {
-        setSecret(res.captchaId);
-        setCaptchaImg(res.captchaImage);
-      } else {
-        setSecret(res.clientSecret);
-        setSecret2(res.clientSecret2);
-      }
-    });
-  };
+  const [open, setOpen] = React.useState(false);
 
   const clickPreview = () => {
-    setVisible(true);
     provider.name = name;
     provider.clientId = clientId;
     provider.type = captchaType;
@@ -71,64 +42,10 @@ export const CaptchaPreview = ({
     if (clientSecret !== "***") {
       provider.clientSecret = clientSecret;
       ProviderBackend.updateProvider(owner, providerName, provider).then(() => {
-        getCaptchaFromBackend();
+        setOpen(true);
       });
     } else {
-      getCaptchaFromBackend();
-    }
-  };
-
-  const renderDefaultCaptcha = () => {
-    return (
-      <Col>
-        <Row
-          style={{
-            backgroundImage: `url('data:image/png;base64,${captchaImg}')`,
-            backgroundRepeat: "no-repeat",
-            height: "80px",
-            width: "200px",
-            borderRadius: "5px",
-            border: "1px solid #ccc",
-            marginBottom: 10,
-          }}
-        />
-        <Row>
-          <Input
-            autoFocus
-            value={captchaToken}
-            prefix={<SafetyOutlined />}
-            placeholder={i18next.t("general:Captcha")}
-            onPressEnter={handleOk}
-            onChange={(e) => setCaptchaToken(e.target.value)}
-          />
-        </Row>
-      </Col>
-    );
-  };
-
-  const onSubmit = (token) => {
-    setCaptchaToken(token);
-  };
-
-  const renderCheck = () => {
-    if (captchaType === "Default") {
-      return renderDefaultCaptcha();
-    } else {
-      return (
-        <Col>
-          <Row>
-            <CaptchaWidget
-              captchaType={captchaType}
-              subType={subType}
-              siteKey={clientId}
-              clientSecret={secret}
-              onChange={onSubmit}
-              clientId2={clientId2}
-              clientSecret2={secret2}
-            />
-          </Row>
-        </Col>
-      );
+      setOpen(true);
     }
   };
 
@@ -146,6 +63,16 @@ export const CaptchaPreview = ({
     return false;
   };
 
+  const onOk = (captchaType, captchaToken, secret) => {
+    UserBackend.verifyCaptcha(captchaType, captchaToken, secret).then(() => {
+      setOpen(false);
+    });
+  };
+
+  const onCancel = () => {
+    setOpen(false);
+  };
+
   return (
     <React.Fragment>
       <Button
@@ -156,20 +83,20 @@ export const CaptchaPreview = ({
       >
         {i18next.t("general:Preview")}
       </Button>
-      <Modal
-        closable={false}
-        maskClosable={false}
-        destroyOnClose={true}
-        title={i18next.t("general:Captcha")}
-        visible={visible}
-        okText={i18next.t("user:OK")}
-        cancelText={i18next.t("user:Cancel")}
-        onOk={handleOk}
-        onCancel={handleCancel}
-        width={348}
-      >
-        {renderCheck()}
-      </Modal>
+      <CaptchaModal
+        owner={owner}
+        name={name}
+        captchaType={captchaType}
+        subType={subType}
+        clientId={clientId}
+        clientId2={clientId2}
+        clientSecret={clientSecret}
+        clientSecret2={clientSecret2}
+        open={open}
+        onOk={onOk}
+        onCancel={onCancel}
+        canCancel={true}
+      />
     </React.Fragment>
   );
 };

web/src/locales/de/data.json

@@ -13,6 +13,7 @@
     "Sync": "Sync"
   },
   "application": {
+    "Always": "Always",
     "Auto signin": "Auto signin",
     "Auto signin - Tooltip": "Auto signin - Tooltip",
     "Background URL": "Background URL",
@@ -43,6 +44,7 @@
     "Grant types - Tooltip": "Grant types - Tooltip",
     "Left": "Left",
     "New Application": "New Application",
+    "None": "None",
     "Password ON": "Passwort AN",
     "Password ON - Tooltip": "Whether to allow password login",
     "Please select a HTML file": "Bitte wählen Sie eine HTML-Datei",
@@ -53,6 +55,7 @@
     "Refresh token expire": "Aktualisierungs-Token läuft ab",
     "Refresh token expire - Tooltip": "Aktualisierungs-Token läuft ab - Tooltip",
     "Right": "Right",
+    "Rule": "Rule",
     "SAML metadata": "SAML metadata",
     "SAML metadata - Tooltip": "SAML metadata - Tooltip",
     "SAML metadata URL copied to clipboard successfully": "SAML metadata URL copied to clipboard successfully",
@@ -67,8 +70,7 @@
     "Token expire": "Token läuft ab",
     "Token expire - Tooltip": "Token läuft ab - Tooltip",
     "Token format": "Token-Format",
-    "Token format - Tooltip": "Token-Format - Tooltip",
-    "rule": "rule"
+    "Token format - Tooltip": "Token-Format - Tooltip"
   },
   "cert": {
     "Bit size": "Bitgröße",
@@ -168,6 +170,8 @@
     "Is enabled - Tooltip": "Ist aktiviert - Tooltip",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAPs - Tooltip",
+    "Languages": "Languages",
+    "Languages - Tooltip": "Languages - Tooltip",
     "Last name": "Last name",
     "Logo": "Logo",
     "Logo - Tooltip": "App's image tag",
@@ -309,15 +313,16 @@
     "Favicon": "Févicon",
     "Is profile public": "Is profile public",
     "Is profile public - Tooltip": "Is profile public - Tooltip",
+    "Modify rule": "Modify rule",
     "New Organization": "New Organization",
     "Soft deletion": "Weiche Löschung",
     "Soft deletion - Tooltip": "Weiche Löschung - Tooltip",
     "Tags": "Tags",
     "Tags - Tooltip": "Tags - Tooltip",
+    "View rule": "View rule",
+    "Visible": "Visible",
     "Website URL": "Website-URL",
-    "Website URL - Tooltip": "Unique string-style identifier",
-    "modifyRule": "modifyRule",
-    "viewRule": "viewRule"
+    "Website URL - Tooltip": "Unique string-style identifier"
   },
   "payment": {
     "Confirm your invoice information": "Confirm your invoice information",
@@ -450,6 +455,9 @@
     "Bucket": "Eimer",
     "Bucket - Tooltip": "Storage bucket name",
     "Can not parse Metadata": "Metadaten können nicht analysiert werden",
+    "Can signin": "Can signin",
+    "Can signup": "Can signup",
+    "Can unlink": "Can unlink",
     "Category": "Kategorie",
     "Category - Tooltip": "Unique string-style identifier",
     "Channel No.": "Channel No.",
@@ -472,6 +480,8 @@
     "Email Content - Tooltip": "Unique string-style identifier",
     "Email Title": "E-Mail-Titel",
     "Email Title - Tooltip": "Unique string-style identifier",
+    "Enable QR code": "Enable QR code",
+    "Enable QR code - Tooltip": "Enable QR code - Tooltip",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Endpunkt (Intranet)",
     "Host": "Host",
@@ -489,14 +499,18 @@
     "New Provider": "New Provider",
     "Parse": "Parse",
     "Parse Metadata successfully": "Metadaten erfolgreich analysieren",
+    "Path prefix": "Path prefix",
+    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
     "Port": "Port",
     "Port - Tooltip": "Unique string-style identifier",
+    "Prompted": "Prompted",
     "Provider URL": "Provider-URL",
     "Provider URL - Tooltip": "Unique string-style identifier",
     "Region ID": "Region ID",
     "Region ID - Tooltip": "Region ID - Tooltip",
     "Region endpoint for Internet": "Region Endpunkt für Internet",
     "Region endpoint for Intranet": "Region Endpunkt für Intranet",
+    "Required": "Required",
     "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
     "SMS account": "SMS account",
     "SMS account - Tooltip": "SMS account - Tooltip",
@@ -533,19 +547,15 @@
     "Test Connection": "Test Smtp Connection",
     "Test Email": "Test email config",
     "Test Email - Tooltip": "Email Address",
+    "The prefix path of the file - Tooltip": "The prefix path of the file - Tooltip",
     "Token URL": "Token URL",
     "Token URL - Tooltip": "Token URL - Tooltip",
     "Type": "Typ",
     "Type - Tooltip": "Unique string-style identifier",
     "UserInfo URL": "UserInfo URL",
     "UserInfo URL - Tooltip": "UserInfo URL - Tooltip",
-    "alertType": "alarmtyp",
-    "canSignIn": "canSignIn",
-    "canSignUp": "canSignUp",
-    "canUnlink": "canUnlink",
-    "prompted": "gefragt",
-    "required": "benötigt",
-    "visible": "sichtbar"
+    "Visible": "Visible",
+    "alertType": "alarmtyp"
   },
   "record": {
     "Is Triggered": "Wird ausgelöst"
@@ -695,6 +705,7 @@
     "Old Password": "Altes Passwort",
     "Password": "Passwort",
     "Password Set": "Passwort setzen",
+    "Please select avatar from resources": "Please select avatar from resources",
     "Properties": "Eigenschaften",
     "Re-enter New": "Neu erneut eingeben",
     "Reset Email...": "Reset Email...",

web/src/locales/en/data.json

@@ -13,6 +13,7 @@
     "Sync": "Sync"
   },
   "application": {
+    "Always": "Always",
     "Auto signin": "Auto signin",
     "Auto signin - Tooltip": "Auto signin - Tooltip",
     "Background URL": "Background URL",
@@ -43,6 +44,7 @@
     "Grant types - Tooltip": "Grant types - Tooltip",
     "Left": "Left",
     "New Application": "New Application",
+    "None": "None",
     "Password ON": "Password ON",
     "Password ON - Tooltip": "Password ON - Tooltip",
     "Please select a HTML file": "Please select a HTML file",
@@ -53,6 +55,7 @@
     "Refresh token expire": "Refresh token expire",
     "Refresh token expire - Tooltip": "Refresh token expire - Tooltip",
     "Right": "Right",
+    "Rule": "Rule",
     "SAML metadata": "SAML metadata",
     "SAML metadata - Tooltip": "SAML metadata - Tooltip",
     "SAML metadata URL copied to clipboard successfully": "SAML metadata URL copied to clipboard successfully",
@@ -67,8 +70,7 @@
     "Token expire": "Token expire",
     "Token expire - Tooltip": "Token expire - Tooltip",
     "Token format": "Token format",
-    "Token format - Tooltip": "Token format - Tooltip",
-    "rule": "rule"
+    "Token format - Tooltip": "Token format - Tooltip"
   },
   "cert": {
     "Bit size": "Bit size",
@@ -168,6 +170,8 @@
     "Is enabled - Tooltip": "Is enabled - Tooltip",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAPs - Tooltip",
+    "Languages": "Languages",
+    "Languages - Tooltip": "Languages - Tooltip",
     "Last name": "Last name",
     "Logo": "Logo",
     "Logo - Tooltip": "Logo - Tooltip",
@@ -309,15 +313,16 @@
     "Favicon": "Favicon",
     "Is profile public": "Is profile public",
     "Is profile public - Tooltip": "Is profile public - Tooltip",
+    "Modify rule": "Modify rule",
     "New Organization": "New Organization",
     "Soft deletion": "Soft deletion",
     "Soft deletion - Tooltip": "Soft deletion - Tooltip",
     "Tags": "Tags",
     "Tags - Tooltip": "Tags - Tooltip",
+    "View rule": "View rule",
+    "Visible": "Visible",
     "Website URL": "Website URL",
-    "Website URL - Tooltip": "Website URL - Tooltip",
-    "modifyRule": "modifyRule",
-    "viewRule": "viewRule"
+    "Website URL - Tooltip": "Website URL - Tooltip"
   },
   "payment": {
     "Confirm your invoice information": "Confirm your invoice information",
@@ -450,6 +455,9 @@
     "Bucket": "Bucket",
     "Bucket - Tooltip": "Bucket - Tooltip",
     "Can not parse Metadata": "Can not parse Metadata",
+    "Can signin": "Can signin",
+    "Can signup": "Can signup",
+    "Can unlink": "Can unlink",
     "Category": "Category",
     "Category - Tooltip": "Category - Tooltip",
     "Channel No.": "Channel No.",
@@ -472,6 +480,8 @@
     "Email Content - Tooltip": "Email Content - Tooltip",
     "Email Title": "Email Title",
     "Email Title - Tooltip": "Email Title - Tooltip",
+    "Enable QR code": "Enable QR code",
+    "Enable QR code - Tooltip": "Enable QR code - Tooltip",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Endpoint (Intranet)",
     "Host": "Host",
@@ -489,14 +499,18 @@
     "New Provider": "New Provider",
     "Parse": "Parse",
     "Parse Metadata successfully": "Parse Metadata successfully",
+    "Path prefix": "Path prefix",
+    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
     "Port": "Port",
     "Port - Tooltip": "Port - Tooltip",
+    "Prompted": "Prompted",
     "Provider URL": "Provider URL",
     "Provider URL - Tooltip": "Provider URL - Tooltip",
     "Region ID": "Region ID",
     "Region ID - Tooltip": "Region ID - Tooltip",
     "Region endpoint for Internet": "Region endpoint for Internet",
     "Region endpoint for Intranet": "Region endpoint for Intranet",
+    "Required": "Required",
     "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
     "SMS account": "SMS account",
     "SMS account - Tooltip": "SMS account - Tooltip",
@@ -533,19 +547,15 @@
     "Test Connection": "Test Connection",
     "Test Email": "Test Email",
     "Test Email - Tooltip": "Test Email - Tooltip",
+    "The prefix path of the file - Tooltip": "The prefix path of the file - Tooltip",
     "Token URL": "Token URL",
     "Token URL - Tooltip": "Token URL - Tooltip",
     "Type": "Type",
     "Type - Tooltip": "Type - Tooltip",
     "UserInfo URL": "UserInfo URL",
     "UserInfo URL - Tooltip": "UserInfo URL - Tooltip",
-    "alertType": "alertType",
-    "canSignIn": "canSignIn",
-    "canSignUp": "canSignUp",
-    "canUnlink": "canUnlink",
-    "prompted": "prompted",
-    "required": "required",
-    "visible": "visible"
+    "Visible": "Visible",
+    "alertType": "alertType"
   },
   "record": {
     "Is Triggered": "Is Triggered"
@@ -695,6 +705,7 @@
     "Old Password": "Old Password",
     "Password": "Password",
     "Password Set": "Password Set",
+    "Please select avatar from resources": "Please select avatar from resources",
     "Properties": "Properties",
     "Re-enter New": "Re-enter New",
     "Reset Email...": "Reset Email...",

web/src/locales/es/data.json

@@ -45,7 +45,9 @@
     "Token expire - Tooltip": "Expiración del Token - Tooltip",
     "Token format": "Formato del Token",
     "Token format - Tooltip": "Formato del Token - Tooltip",
-    "rule": "rule"
+    "Rule": "Rule",
+    "None": "None",
+    "Always": "Always"
   },
   "cert": {
     "Bit size": "Tamaño del Bit",

web/src/locales/fr/data.json

@@ -13,6 +13,7 @@
     "Sync": "Sync"
   },
   "application": {
+    "Always": "Always",
     "Auto signin": "Auto signin",
     "Auto signin - Tooltip": "Auto signin - Tooltip",
     "Background URL": "Background URL",
@@ -43,6 +44,7 @@
     "Grant types - Tooltip": "Grant types - Tooltip",
     "Left": "Left",
     "New Application": "New Application",
+    "None": "None",
     "Password ON": "Mot de passe activé",
     "Password ON - Tooltip": "Whether to allow password login",
     "Please select a HTML file": "Veuillez sélectionner un fichier HTML",
@@ -53,6 +55,7 @@
     "Refresh token expire": "Expiration du jeton d'actualisation",
     "Refresh token expire - Tooltip": "Expiration du jeton d'actualisation - infobulle",
     "Right": "Right",
+    "Rule": "Rule",
     "SAML metadata": "SAML metadata",
     "SAML metadata - Tooltip": "SAML metadata - Tooltip",
     "SAML metadata URL copied to clipboard successfully": "SAML metadata URL copied to clipboard successfully",
@@ -67,8 +70,7 @@
     "Token expire": "Expiration du jeton",
     "Token expire - Tooltip": "Expiration du jeton - Info-bulle",
     "Token format": "Format du jeton",
-    "Token format - Tooltip": "Format du jeton - infobulle",
-    "rule": "rule"
+    "Token format - Tooltip": "Format du jeton - infobulle"
   },
   "cert": {
     "Bit size": "Taille du bit",
@@ -168,6 +170,8 @@
     "Is enabled - Tooltip": "Est activé - infobulle",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAPs - Infobulle",
+    "Languages": "Languages",
+    "Languages - Tooltip": "Languages - Tooltip",
     "Last name": "Last name",
     "Logo": "Logo",
     "Logo - Tooltip": "App's image tag",
@@ -309,15 +313,16 @@
     "Favicon": "Favicon",
     "Is profile public": "Is profile public",
     "Is profile public - Tooltip": "Is profile public - Tooltip",
+    "Modify rule": "Modify rule",
     "New Organization": "New Organization",
     "Soft deletion": "Suppression du logiciel",
     "Soft deletion - Tooltip": "Suppression de soft - infobulle",
     "Tags": "Tags",
     "Tags - Tooltip": "Tags - Tooltip",
+    "View rule": "View rule",
+    "Visible": "Visible",
     "Website URL": "URL du site web",
-    "Website URL - Tooltip": "Unique string-style identifier",
-    "modifyRule": "modifyRule",
-    "viewRule": "viewRule"
+    "Website URL - Tooltip": "Unique string-style identifier"
   },
   "payment": {
     "Confirm your invoice information": "Confirm your invoice information",
@@ -450,6 +455,9 @@
     "Bucket": "Seau",
     "Bucket - Tooltip": "Storage bucket name",
     "Can not parse Metadata": "Impossible d'analyser les métadonnées",
+    "Can signin": "Can signin",
+    "Can signup": "Can signup",
+    "Can unlink": "Can unlink",
     "Category": "Catégorie",
     "Category - Tooltip": "Unique string-style identifier",
     "Channel No.": "Channel No.",
@@ -472,6 +480,8 @@
     "Email Content - Tooltip": "Unique string-style identifier",
     "Email Title": "Titre de l'e-mail",
     "Email Title - Tooltip": "Unique string-style identifier",
+    "Enable QR code": "Enable QR code",
+    "Enable QR code - Tooltip": "Enable QR code - Tooltip",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Point de terminaison (Intranet)",
     "Host": "Hôte",
@@ -489,14 +499,18 @@
     "New Provider": "New Provider",
     "Parse": "Parse",
     "Parse Metadata successfully": "Analyse des métadonnées réussie",
+    "Path prefix": "Path prefix",
+    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
     "Port": "Port",
     "Port - Tooltip": "Unique string-style identifier",
+    "Prompted": "Prompted",
     "Provider URL": "URL du fournisseur",
     "Provider URL - Tooltip": "Unique string-style identifier",
     "Region ID": "ID de la région",
     "Region ID - Tooltip": "ID de région - infobulle",
     "Region endpoint for Internet": "Point de terminaison de la région pour Internet",
     "Region endpoint for Intranet": "Point de terminaison de la région pour Intranet",
+    "Required": "Required",
     "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
     "SMS account": "SMS account",
     "SMS account - Tooltip": "SMS account - Tooltip",
@@ -533,19 +547,15 @@
     "Test Connection": "Test Smtp Connection",
     "Test Email": "Test email config",
     "Test Email - Tooltip": "Email Address",
+    "The prefix path of the file - Tooltip": "The prefix path of the file - Tooltip",
     "Token URL": "Token URL",
     "Token URL - Tooltip": "Token URL - Tooltip",
     "Type": "Type de texte",
     "Type - Tooltip": "Unique string-style identifier",
     "UserInfo URL": "UserInfo URL",
     "UserInfo URL - Tooltip": "UserInfo URL - Tooltip",
-    "alertType": "Type d'alerte",
-    "canSignIn": "canSignIn",
-    "canSignUp": "canSignUp",
-    "canUnlink": "canUnlink",
-    "prompted": "invitée",
-    "required": "Obligatoire",
-    "visible": "Visible"
+    "Visible": "Visible",
+    "alertType": "Type d'alerte"
   },
   "record": {
     "Is Triggered": "Est déclenché"
@@ -695,6 +705,7 @@
     "Old Password": "Ancien mot de passe",
     "Password": "Mot de passe",
     "Password Set": "Mot de passe défini",
+    "Please select avatar from resources": "Please select avatar from resources",
     "Properties": "Propriétés",
     "Re-enter New": "Nouvelle entrée",
     "Reset Email...": "Reset Email...",

web/src/locales/ja/data.json

@@ -13,6 +13,7 @@
     "Sync": "Sync"
   },
   "application": {
+    "Always": "Always",
     "Auto signin": "Auto signin",
     "Auto signin - Tooltip": "Auto signin - Tooltip",
     "Background URL": "Background URL",
@@ -43,6 +44,7 @@
     "Grant types - Tooltip": "Grant types - Tooltip",
     "Left": "Left",
     "New Application": "New Application",
+    "None": "None",
     "Password ON": "パスワードON",
     "Password ON - Tooltip": "Whether to allow password login",
     "Please select a HTML file": "HTMLファイルを選択してください",
@@ -53,6 +55,7 @@
     "Refresh token expire": "トークンの更新の期限が切れます",
     "Refresh token expire - Tooltip": "トークンの有効期限を更新する - ツールチップ",
     "Right": "Right",
+    "Rule": "Rule",
     "SAML metadata": "SAML metadata",
     "SAML metadata - Tooltip": "SAML metadata - Tooltip",
     "SAML metadata URL copied to clipboard successfully": "SAML metadata URL copied to clipboard successfully",
@@ -67,8 +70,7 @@
     "Token expire": "トークンの有効期限",
     "Token expire - Tooltip": "トークンの有効期限 - ツールチップ",
     "Token format": "トークンのフォーマット",
-    "Token format - Tooltip": "トークンフォーマット - ツールチップ",
-    "rule": "rule"
+    "Token format - Tooltip": "トークンフォーマット - ツールチップ"
   },
   "cert": {
     "Bit size": "ビットサイズ",
@@ -168,6 +170,8 @@
     "Is enabled - Tooltip": "有効にする - ツールチップ",
     "LDAPs": "LDAP",
     "LDAPs - Tooltip": "LDAP - ツールチップ",
+    "Languages": "Languages",
+    "Languages - Tooltip": "Languages - Tooltip",
     "Last name": "Last name",
     "Logo": "Logo",
     "Logo - Tooltip": "App's image tag",
@@ -309,15 +313,16 @@
     "Favicon": "ファビコン",
     "Is profile public": "Is profile public",
     "Is profile public - Tooltip": "Is profile public - Tooltip",
+    "Modify rule": "Modify rule",
     "New Organization": "New Organization",
     "Soft deletion": "ソフト削除",
     "Soft deletion - Tooltip": "ソフト削除 - ツールチップ",
     "Tags": "Tags",
     "Tags - Tooltip": "Tags - Tooltip",
+    "View rule": "View rule",
+    "Visible": "Visible",
     "Website URL": "Website URL",
-    "Website URL - Tooltip": "Unique string-style identifier",
-    "modifyRule": "modifyRule",
-    "viewRule": "viewRule"
+    "Website URL - Tooltip": "Unique string-style identifier"
   },
   "payment": {
     "Confirm your invoice information": "Confirm your invoice information",
@@ -450,6 +455,9 @@
     "Bucket": "バケツ入りバケツ",
     "Bucket - Tooltip": "Storage bucket name",
     "Can not parse Metadata": "メタデータをパースできません",
+    "Can signin": "Can signin",
+    "Can signup": "Can signup",
+    "Can unlink": "Can unlink",
     "Category": "カテゴリ",
     "Category - Tooltip": "Unique string-style identifier",
     "Channel No.": "Channel No.",
@@ -472,6 +480,8 @@
     "Email Content - Tooltip": "Unique string-style identifier",
     "Email Title": "メールタイトル",
     "Email Title - Tooltip": "Unique string-style identifier",
+    "Enable QR code": "Enable QR code",
+    "Enable QR code - Tooltip": "Enable QR code - Tooltip",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "エンドポイント (イントラネット)",
     "Host": "ホスト",
@@ -489,14 +499,18 @@
     "New Provider": "New Provider",
     "Parse": "Parse",
     "Parse Metadata successfully": "メタデータの解析に成功",
+    "Path prefix": "Path prefix",
+    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
     "Port": "ポート",
     "Port - Tooltip": "Unique string-style identifier",
+    "Prompted": "Prompted",
     "Provider URL": "プロバイダー URL",
     "Provider URL - Tooltip": "Unique string-style identifier",
     "Region ID": "地域ID",
     "Region ID - Tooltip": "リージョンID - ツールチップ",
     "Region endpoint for Internet": "インターネットのリージョンエンドポイント",
     "Region endpoint for Intranet": "イントラネットのリージョンエンドポイント",
+    "Required": "Required",
     "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
     "SMS account": "SMS account",
     "SMS account - Tooltip": "SMS account - Tooltip",
@@ -533,19 +547,15 @@
     "Test Connection": "Test Smtp Connection",
     "Test Email": "Test email config",
     "Test Email - Tooltip": "Email Address",
+    "The prefix path of the file - Tooltip": "The prefix path of the file - Tooltip",
     "Token URL": "Token URL",
     "Token URL - Tooltip": "Token URL - Tooltip",
     "Type": "タイプ",
     "Type - Tooltip": "Unique string-style identifier",
     "UserInfo URL": "UserInfo URL",
     "UserInfo URL - Tooltip": "UserInfo URL - Tooltip",
-    "alertType": "alertType",
-    "canSignIn": "canSignIn",
-    "canSignUp": "canSignUp",
-    "canUnlink": "canUnlink",
-    "prompted": "プロンプトされた",
-    "required": "必須",
-    "visible": "表示"
+    "Visible": "Visible",
+    "alertType": "alertType"
   },
   "record": {
     "Is Triggered": "トリガーされます"
@@ -695,6 +705,7 @@
     "Old Password": "古いパスワード",
     "Password": "パスワード",
     "Password Set": "パスワード設定",
+    "Please select avatar from resources": "Please select avatar from resources",
     "Properties": "プロパティー",
     "Re-enter New": "新しい入力",
     "Reset Email...": "Reset Email...",

web/src/locales/ko/data.json

@@ -13,6 +13,7 @@
     "Sync": "Sync"
   },
   "application": {
+    "Always": "Always",
     "Auto signin": "Auto signin",
     "Auto signin - Tooltip": "Auto signin - Tooltip",
     "Background URL": "Background URL",
@@ -43,6 +44,7 @@
     "Grant types - Tooltip": "Grant types - Tooltip",
     "Left": "Left",
     "New Application": "New Application",
+    "None": "None",
     "Password ON": "Password ON",
     "Password ON - Tooltip": "Whether to allow password login",
     "Please select a HTML file": "Please select a HTML file",
@@ -53,6 +55,7 @@
     "Refresh token expire": "Refresh token expire",
     "Refresh token expire - Tooltip": "Refresh token expire - Tooltip",
     "Right": "Right",
+    "Rule": "Rule",
     "SAML metadata": "SAML metadata",
     "SAML metadata - Tooltip": "SAML metadata - Tooltip",
     "SAML metadata URL copied to clipboard successfully": "SAML metadata URL copied to clipboard successfully",
@@ -67,8 +70,7 @@
     "Token expire": "Token expire",
     "Token expire - Tooltip": "Token expire - Tooltip",
     "Token format": "Token format",
-    "Token format - Tooltip": "Token format - Tooltip",
-    "rule": "rule"
+    "Token format - Tooltip": "Token format - Tooltip"
   },
   "cert": {
     "Bit size": "Bit size",
@@ -168,6 +170,8 @@
     "Is enabled - Tooltip": "Is enabled - Tooltip",
     "LDAPs": "LDAPs",
     "LDAPs - Tooltip": "LDAPs - Tooltip",
+    "Languages": "Languages",
+    "Languages - Tooltip": "Languages - Tooltip",
     "Last name": "Last name",
     "Logo": "Logo",
     "Logo - Tooltip": "App's image tag",
@@ -309,15 +313,16 @@
     "Favicon": "Favicon",
     "Is profile public": "Is profile public",
     "Is profile public - Tooltip": "Is profile public - Tooltip",
+    "Modify rule": "Modify rule",
     "New Organization": "New Organization",
     "Soft deletion": "Soft deletion",
     "Soft deletion - Tooltip": "Soft deletion - Tooltip",
     "Tags": "Tags",
     "Tags - Tooltip": "Tags - Tooltip",
+    "View rule": "View rule",
+    "Visible": "Visible",
     "Website URL": "Website URL",
-    "Website URL - Tooltip": "Unique string-style identifier",
-    "modifyRule": "modifyRule",
-    "viewRule": "viewRule"
+    "Website URL - Tooltip": "Unique string-style identifier"
   },
   "payment": {
     "Confirm your invoice information": "Confirm your invoice information",
@@ -450,6 +455,9 @@
     "Bucket": "Bucket",
     "Bucket - Tooltip": "Storage bucket name",
     "Can not parse Metadata": "Can not parse Metadata",
+    "Can signin": "Can signin",
+    "Can signup": "Can signup",
+    "Can unlink": "Can unlink",
     "Category": "Category",
     "Category - Tooltip": "Unique string-style identifier",
     "Channel No.": "Channel No.",
@@ -472,6 +480,8 @@
     "Email Content - Tooltip": "Unique string-style identifier",
     "Email Title": "Email title",
     "Email Title - Tooltip": "Unique string-style identifier",
+    "Enable QR code": "Enable QR code",
+    "Enable QR code - Tooltip": "Enable QR code - Tooltip",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Endpoint (Intranet)",
     "Host": "Host",
@@ -489,14 +499,18 @@
     "New Provider": "New Provider",
     "Parse": "Parse",
     "Parse Metadata successfully": "Parse Metadata successfully",
+    "Path prefix": "Path prefix",
+    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
     "Port": "Port",
     "Port - Tooltip": "Unique string-style identifier",
+    "Prompted": "Prompted",
     "Provider URL": "Provider URL",
     "Provider URL - Tooltip": "Unique string-style identifier",
     "Region ID": "Region ID",
     "Region ID - Tooltip": "Region ID - Tooltip",
     "Region endpoint for Internet": "Region endpoint for Internet",
     "Region endpoint for Intranet": "Region endpoint for Intranet",
+    "Required": "Required",
     "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
     "SMS account": "SMS account",
     "SMS account - Tooltip": "SMS account - Tooltip",
@@ -533,19 +547,15 @@
     "Test Connection": "Test Smtp Connection",
     "Test Email": "Test email config",
     "Test Email - Tooltip": "Email Address",
+    "The prefix path of the file - Tooltip": "The prefix path of the file - Tooltip",
     "Token URL": "Token URL",
     "Token URL - Tooltip": "Token URL - Tooltip",
     "Type": "Type",
     "Type - Tooltip": "Unique string-style identifier",
     "UserInfo URL": "UserInfo URL",
     "UserInfo URL - Tooltip": "UserInfo URL - Tooltip",
-    "alertType": "alertType",
-    "canSignIn": "canSignIn",
-    "canSignUp": "canSignUp",
-    "canUnlink": "canUnlink",
-    "prompted": "prompted",
-    "required": "required",
-    "visible": "visible"
+    "Visible": "Visible",
+    "alertType": "alertType"
   },
   "record": {
     "Is Triggered": "Is Triggered"
@@ -695,6 +705,7 @@
     "Old Password": "Old Password",
     "Password": "Password",
     "Password Set": "Password Set",
+    "Please select avatar from resources": "Please select avatar from resources",
     "Properties": "Properties",
     "Re-enter New": "Re-enter New",
     "Reset Email...": "Reset Email...",

web/src/locales/ru/data.json

@@ -13,6 +13,7 @@
     "Sync": "Sync"
   },
   "application": {
+    "Always": "Always",
     "Auto signin": "Auto signin",
     "Auto signin - Tooltip": "Auto signin - Tooltip",
     "Background URL": "Background URL",
@@ -43,6 +44,7 @@
     "Grant types - Tooltip": "Виды грантов - Подсказка",
     "Left": "Left",
     "New Application": "Новое приложение",
+    "None": "None",
     "Password ON": "Пароль ВКЛ",
     "Password ON - Tooltip": "Whether to allow password login",
     "Please select a HTML file": "Пожалуйста, выберите HTML-файл",
@@ -53,6 +55,7 @@
     "Refresh token expire": "Срок действия обновления токена истекает",
     "Refresh token expire - Tooltip": "Срок обновления токена истекает - Подсказка",
     "Right": "Right",
+    "Rule": "правило",
     "SAML metadata": "Метаданные SAML",
     "SAML metadata - Tooltip": "Метаданные SAML - Подсказка",
     "SAML metadata URL copied to clipboard successfully": "Адрес метаданных SAML скопирован в буфер обмена",
@@ -67,8 +70,7 @@
     "Token expire": "Токен истекает",
     "Token expire - Tooltip": "Истек токен - Подсказка",
     "Token format": "Формат токена",
-    "Token format - Tooltip": "Формат токена - Подсказка",
-    "rule": "правило"
+    "Token format - Tooltip": "Формат токена - Подсказка"
   },
   "cert": {
     "Bit size": "Размер бита",
@@ -168,6 +170,8 @@
     "Is enabled - Tooltip": "Включено - Подсказка",
     "LDAPs": "LDAPы",
     "LDAPs - Tooltip": "LDAPs - Подсказки",
+    "Languages": "Languages",
+    "Languages - Tooltip": "Languages - Tooltip",
     "Last name": "Фамилия",
     "Logo": "Логотип",
     "Logo - Tooltip": "App's image tag",
@@ -309,15 +313,16 @@
     "Favicon": "Иконка",
     "Is profile public": "Is profile public",
     "Is profile public - Tooltip": "Is profile public - Tooltip",
+    "Modify rule": "Modify rule",
     "New Organization": "New Organization",
     "Soft deletion": "Мягкое удаление",
     "Soft deletion - Tooltip": "Мягкое удаление - Подсказка",
     "Tags": "Tags",
     "Tags - Tooltip": "Tags - Tooltip",
+    "View rule": "View rule",
+    "Visible": "Visible",
     "Website URL": "URL сайта",
-    "Website URL - Tooltip": "Unique string-style identifier",
-    "modifyRule": "modifyRule",
-    "viewRule": "viewRule"
+    "Website URL - Tooltip": "Unique string-style identifier"
   },
   "payment": {
     "Confirm your invoice information": "Confirm your invoice information",
@@ -450,6 +455,9 @@
     "Bucket": "Ведро",
     "Bucket - Tooltip": "Storage bucket name",
     "Can not parse Metadata": "Невозможно разобрать метаданные",
+    "Can signin": "Can signin",
+    "Can signup": "Can signup",
+    "Can unlink": "Can unlink",
     "Category": "Категория",
     "Category - Tooltip": "Unique string-style identifier",
     "Channel No.": "Channel No.",
@@ -472,6 +480,8 @@
     "Email Content - Tooltip": "Unique string-style identifier",
     "Email Title": "Заголовок письма",
     "Email Title - Tooltip": "Unique string-style identifier",
+    "Enable QR code": "Enable QR code",
+    "Enable QR code - Tooltip": "Enable QR code - Tooltip",
     "Endpoint": "Endpoint",
     "Endpoint (Intranet)": "Точка входа (Intranet)",
     "Host": "Хост",
@@ -489,14 +499,18 @@
     "New Provider": "New Provider",
     "Parse": "Parse",
     "Parse Metadata successfully": "Анализ метаданных успешно завершен",
+    "Path prefix": "Path prefix",
+    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
     "Port": "Порт",
     "Port - Tooltip": "Unique string-style identifier",
+    "Prompted": "Prompted",
     "Provider URL": "URL провайдера",
     "Provider URL - Tooltip": "Unique string-style identifier",
     "Region ID": "ID региона",
     "Region ID - Tooltip": "Идентификатор региона - Подсказка",
     "Region endpoint for Internet": "Конечная точка региона для Интернета",
     "Region endpoint for Intranet": "Конечная точка региона Интранета",
+    "Required": "Required",
     "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
     "SMS account": "SMS account",
     "SMS account - Tooltip": "SMS account - Tooltip",
@@ -533,19 +547,15 @@
     "Test Connection": "Test Smtp Connection",
     "Test Email": "Test email config",
     "Test Email - Tooltip": "Email Address",
+    "The prefix path of the file - Tooltip": "The prefix path of the file - Tooltip",
     "Token URL": "Token URL",
     "Token URL - Tooltip": "Token URL - Tooltip",
     "Type": "Тип",
     "Type - Tooltip": "Unique string-style identifier",
     "UserInfo URL": "UserInfo URL",
     "UserInfo URL - Tooltip": "UserInfo URL - Tooltip",
-    "alertType": "тип оповещения",
-    "canSignIn": "canSignIn",
-    "canSignUp": "canSignUp",
-    "canUnlink": "canUnlink",
-    "prompted": "запрошено",
-    "required": "обязательный",
-    "visible": "видимый"
+    "Visible": "Visible",
+    "alertType": "тип оповещения"
   },
   "record": {
     "Is Triggered": "Срабатывает"
@@ -695,6 +705,7 @@
     "Old Password": "Старый пароль",
     "Password": "Пароль",
     "Password Set": "Пароль установлен",
+    "Please select avatar from resources": "Please select avatar from resources",
     "Properties": "Свойства",
     "Re-enter New": "Введите еще раз",
     "Reset Email...": "Reset Email...",

web/src/locales/zh/data.json

@@ -13,6 +13,7 @@
     "Sync": "同步"
   },
   "application": {
+    "Always": "始终开启",
     "Auto signin": "启用自动登录",
     "Auto signin - Tooltip": "当Casdoor存在已登录会话时，自动采用该会话进行应用端的登录",
     "Background URL": "背景图URL",
@@ -43,6 +44,7 @@
     "Grant types - Tooltip": "选择允许哪些OAuth协议中的Grant types",
     "Left": "居左",
     "New Application": "添加应用",
+    "None": "关闭",
     "Password ON": "开启密码",
     "Password ON - Tooltip": "是否允许密码登录",
     "Please select a HTML file": "请选择一个HTML文件",
@@ -53,6 +55,7 @@
     "Refresh token expire": "Refresh Token过期",
     "Refresh token expire - Tooltip": "Refresh Token过期时间",
     "Right": "居右",
+    "Rule": "规则",
     "SAML metadata": "SAML元数据",
     "SAML metadata - Tooltip": "SAML协议的元数据（Metadata）信息",
     "SAML metadata URL copied to clipboard successfully": "SAML元数据URL已成功复制到剪贴板",
@@ -67,8 +70,7 @@
     "Token expire": "Access Token过期",
     "Token expire - Tooltip": "Access Token过期时间",
     "Token format": "Access Token格式",
-    "Token format - Tooltip": "Access Token格式",
-    "rule": "规则"
+    "Token format - Tooltip": "Access Token格式"
   },
   "cert": {
     "Bit size": "位大小",
@@ -168,6 +170,8 @@
     "Is enabled - Tooltip": "是否启用",
     "LDAPs": "LDAP",
     "LDAPs - Tooltip": "LDAPs",
+    "Languages": "语言",
+    "Languages - Tooltip": "可选语言",
     "Last name": "姓氏",
     "Logo": "Logo",
     "Logo - Tooltip": "应用程序向外展示的图标",
@@ -309,15 +313,16 @@
     "Favicon": "图标",
     "Is profile public": "用户个人页公开",
     "Is profile public - Tooltip": "关闭后，只有全局管理员或同组织用户才能访问用户主页",
+    "Modify rule": "修改规则",
     "New Organization": "添加组织",
     "Soft deletion": "软删除",
     "Soft deletion - Tooltip": "启用后，删除用户信息时不会在数据库彻底清除，只会标记为已删除状态",
     "Tags": "标签集合",
     "Tags - Tooltip": "可供用户选择的标签的集合",
+    "View rule": "查看规则",
+    "Visible": "是否可见",
     "Website URL": "网页地址",
-    "Website URL - Tooltip": "网页地址",
-    "modifyRule": "修改规则",
-    "viewRule": "查看规则"
+    "Website URL - Tooltip": "网页地址"
   },
   "payment": {
     "Confirm your invoice information": "确认您的发票信息",
@@ -450,6 +455,9 @@
     "Bucket": "存储桶",
     "Bucket - Tooltip": "Bucket名称",
     "Can not parse Metadata": "无法解析元数据",
+    "Can signin": "可用于登录",
+    "Can signup": "可用于注册",
+    "Can unlink": "可解绑定",
     "Category": "分类",
     "Category - Tooltip": "分类",
     "Channel No.": "Channel No.",
@@ -472,6 +480,8 @@
     "Email Content - Tooltip": "邮件内容",
     "Email Title": "邮件标题",
     "Email Title - Tooltip": "邮件标题",
+    "Enable QR code": "扫码登陆",
+    "Enable QR code - Tooltip": "扫码登陆 - 工具提示",
     "Endpoint": "地域节点 (外网)",
     "Endpoint (Intranet)": "地域节点 (内网)",
     "Host": "主机",
@@ -489,14 +499,18 @@
     "New Provider": "添加提供商",
     "Parse": "Parse",
     "Parse Metadata successfully": "解析元数据成功",
+    "Path prefix": "路径前缀",
+    "Please use WeChat and scan the QR code to sign in": "请使用微信扫描二维码登录",
     "Port": "端口",
     "Port - Tooltip": "端口号",
+    "Prompted": "注册后提醒绑定",
     "Provider URL": "提供商URL",
     "Provider URL - Tooltip": "提供商URL",
     "Region ID": "地域ID",
     "Region ID - Tooltip": "地域ID",
     "Region endpoint for Internet": "地域节点 (外网)",
     "Region endpoint for Intranet": "地域节点 (内网)",
+    "Required": "是否必填项",
     "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
     "SMS account": "SMS account",
     "SMS account - Tooltip": "SMS account - Tooltip",
@@ -533,19 +547,15 @@
     "Test Connection": "测试SMTP连接",
     "Test Email": "测试Email配置",
     "Test Email - Tooltip": "邮箱地址",
+    "The prefix path of the file - Tooltip": "文件的路径前缀 - 工具提示",
     "Token URL": "Token URL",
     "Token URL - Tooltip": "Token URL - 工具提示",
     "Type": "类型",
     "Type - Tooltip": "类型",
     "UserInfo URL": "UserInfo URL",
     "UserInfo URL - Tooltip": "UserInfo URL - 工具提示",
-    "alertType": "警报类型",
-    "canSignIn": "可用于登录",
-    "canSignUp": "可用于注册",
-    "canUnlink": "可解绑定",
-    "prompted": "注册后提醒绑定",
-    "required": "是否必填项",
-    "visible": "是否可见"
+    "Visible": "是否可见",
+    "alertType": "警报类型"
   },
   "record": {
     "Is Triggered": "已触发"
@@ -695,6 +705,7 @@
     "Old Password": "旧密码",
     "Password": "密码",
     "Password Set": "密码已设置",
+    "Please select avatar from resources": "从资源中选择...",
     "Properties": "属性",
     "Re-enter New": "重复新密码",
     "Reset Email...": "重置邮箱...",