feat: check user existence when signing in via verification code (#1334 )

* fix:check user existence when logining by verification code * fix review problems * Update verification.go Co-authored-by: hsluoyz <hsluoyz@qq.com>
fix: prompt page translation (#1330 )
2025-07-08 17:10:27 +08:00 · 2022-11-28 00:11:33 +08:00 · 2022-11-27 21:04:45 +08:00 · 2022-11-27 17:32:15 +08:00 · 2022-11-26 17:17:49 +08:00 · 2022-11-25 23:08:45 +08:00
94 changed files with 2335 additions and 671 deletions
--- a/authz/authz.go
+++ b/authz/authz.go
@ -85,6 +85,8 @@ p, *, *, POST, /api/logout, *, *
 p, *, *, GET, /api/logout, *, *
 p, *, *, GET, /api/get-account, *, *
 p, *, *, GET, /api/userinfo, *, *
+p, *, *, POST, /api/webhook, *, *
+p, *, *, GET, /api/get-webhook-event, *, *
 p, *, *, *, /api/login/oauth, *, *
 p, *, *, GET, /api/get-application, *, *
 p, *, *, GET, /api/get-organization-applications, *, *
@ -142,7 +144,7 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o

 	userId := fmt.Sprintf("%s/%s", subOwner, subName)
 	user := object.GetUser(userId)
-	if user != nil && user.IsAdmin && subOwner == objOwner {
+	if user != nil && user.IsAdmin && (subOwner == objOwner || (objOwner == "admin" && subOwner == objName)) {
 		return true
 	}

--- a/captcha/provider.go
+++ b/captcha/provider.go
@ -31,6 +31,8 @@ func GetCaptchaProvider(captchaType string) CaptchaProvider {
 		return NewAliyunCaptchaProvider()
 	} else if captchaType == "GEETEST" {
 		return NewGEETESTCaptchaProvider()
+	} else if captchaType == "Cloudflare Turnstile" {
+		return NewCloudflareTurnstileProvider()
 	}
 	return nil
 }
--- a/captcha/turnstile.go
+++ b/captcha/turnstile.go
@ -0,0 +1,66 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package captcha
+
+import (
+	"encoding/json"
+	"errors"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+const CloudflareTurnstileVerifyUrl = "https://challenges.cloudflare.com/turnstile/v0/siteverify"
+
+type CloudflareTurnstileProvider struct{}
+
+func NewCloudflareTurnstileProvider() *CloudflareTurnstileProvider {
+	captcha := &CloudflareTurnstileProvider{}
+	return captcha
+}
+
+func (captcha *CloudflareTurnstileProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
+	reqData := url.Values{
+		"secret":   {clientSecret},
+		"response": {token},
+	}
+	resp, err := http.PostForm(CloudflareTurnstileVerifyUrl, reqData)
+	if err != nil {
+		return false, err
+	}
+
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return false, err
+	}
+
+	type captchaResponse struct {
+		Success    bool     `json:"success"`
+		ErrorCodes []string `json:"error-codes"`
+	}
+	captchaResp := &captchaResponse{}
+	err = json.Unmarshal(body, captchaResp)
+	if err != nil {
+		return false, err
+	}
+
+	if len(captchaResp.ErrorCodes) > 0 {
+		return false, errors.New(strings.Join(captchaResp.ErrorCodes, ","))
+	}
+
+	return captchaResp.Success, nil
+}
--- a/controllers/account.go
+++ b/controllers/account.go
@ -245,8 +245,7 @@ func (c *ApiController) Logout() {
 	util.LogInfo(c.Ctx, "API: [%s] logged out", user)

 	application := c.GetSessionApplication()
-	c.SetSessionUsername("")
-	c.SetSessionData(nil)
+	c.ClearUserSession()

 	if application == nil || application.Name == "app-built-in" || application.HomepageUrl == "" {
 		c.ResponseOk(user)
--- a/controllers/application.go
+++ b/controllers/application.go
@ -46,7 +46,7 @@ func (c *ApiController) GetApplications() {
 		if organization == "" {
 			applications = object.GetApplications(owner)
 		} else {
-			applications = object.GetApplicationsByOrganizationName(owner, organization)
+			applications = object.GetOrganizationApplications(owner, organization)
 		}

 		c.Data["json"] = object.GetMaskedApplications(applications, userId)
@ -103,17 +103,31 @@ func (c *ApiController) GetUserApplication() {
 // @router /get-organization-applications [get]
 func (c *ApiController) GetOrganizationApplications() {
 	userId := c.GetSessionUsername()
-	owner := c.Input().Get("owner")
 	organization := c.Input().Get("organization")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	if organization == "" {
 		c.ResponseError(c.T("ParameterErr.OrgMissingErr"))
 		return
 	}

-	applications := object.GetApplicationsByOrganizationName(owner, organization)
-	c.Data["json"] = object.GetMaskedApplications(applications, userId)
-	c.ServeJSON()
+	if limit == "" || page == "" {
+		var applications []*object.Application
+		applications = object.GetOrganizationApplications(owner, organization)
+		c.Data["json"] = object.GetMaskedApplications(applications, userId)
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetOrganizationApplicationCount(owner, organization, field, value)))
+		applications := object.GetMaskedApplications(object.GetPaginationOrganizationApplications(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder), userId)
+		c.ResponseOk(applications, paginator.Nums())
+	}
 }

 // UpdateApplication
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -17,14 +17,16 @@ package controllers
 import (
 	"encoding/base64"
 	"encoding/json"
+	"encoding/xml"
 	"fmt"
+	"io/ioutil"
 	"net/url"
 	"strconv"
 	"strings"
+	"sync"
 	"time"

 	"github.com/casdoor/casdoor/captcha"
-
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/idp"
 	"github.com/casdoor/casdoor/object"
@ -33,6 +35,11 @@ import (
 	"github.com/google/uuid"
 )

+var (
+	wechatScanType string
+	lock           sync.RWMutex
+)
+
 func codeToResponse(code *object.Code) *Response {
 	if code.Code == "" {
 		return &Response{Status: "error", Msg: code.Message, Data: code.Code}
@ -300,7 +307,7 @@ func (c *ApiController) Login() {
 		}

 		organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", application.Organization))
-		provider := object.GetProvider(fmt.Sprintf("admin/%s", form.Provider))
+		provider := object.GetProvider(util.GetId("admin", form.Provider))
 		providerItem := application.GetProviderItem(provider.Name)
 		if !providerItem.IsProviderVisible() {
 			c.ResponseError(fmt.Sprintf(c.T("ProviderErr.ProviderNotEnabled"), provider.Name))
@ -531,3 +538,46 @@ func (c *ApiController) HandleSamlLogin() {
 		slice[4], relayState, samlResponse)
 	c.Redirect(targetUrl, 303)
 }
+
+// HandleOfficialAccountEvent ...
+// @Tag HandleOfficialAccountEvent API
+// @Title HandleOfficialAccountEvent
+// @router /api/webhook [POST]
+func (c *ApiController) HandleOfficialAccountEvent() {
+	respBytes, err := ioutil.ReadAll(c.Ctx.Request.Body)
+	if err != nil {
+		c.ResponseError(err.Error())
+	}
+	var data struct {
+		MsgType  string `xml:"MsgType"`
+		Event    string `xml:"Event"`
+		EventKey string `xml:"EventKey"`
+	}
+	err = xml.Unmarshal(respBytes, &data)
+	if err != nil {
+		c.ResponseError(err.Error())
+	}
+	lock.Lock()
+	defer lock.Unlock()
+	if data.EventKey != "" {
+		wechatScanType = data.Event
+		c.Ctx.WriteString("")
+	}
+}
+
+// GetWebhookEventType ...
+// @Tag GetWebhookEventType API
+// @Title GetWebhookEventType
+// @router /api/get-webhook-event [GET]
+func (c *ApiController) GetWebhookEventType() {
+	lock.Lock()
+	defer lock.Unlock()
+	resp := &Response{
+		Status: "ok",
+		Msg:    "",
+		Data:   wechatScanType,
+	}
+	c.Data["json"] = resp
+	wechatScanType = ""
+	c.ServeJSON()
+}
--- a/controllers/base.go
+++ b/controllers/base.go
@ -63,8 +63,7 @@ func (c *ApiController) GetSessionUsername() string {
 	if sessionData != nil &&
 		sessionData.ExpireTime != 0 &&
 		sessionData.ExpireTime < time.Now().Unix() {
-		c.SetSessionUsername("")
-		c.SetSessionData(nil)
+		c.ClearUserSession()
 		return ""
 	}

@ -85,13 +84,17 @@ func (c *ApiController) GetSessionApplication() *object.Application {
 	return application
 }

+func (c *ApiController) ClearUserSession() {
+	c.SetSessionUsername("")
+	c.SetSessionData(nil)
+}
+
 func (c *ApiController) GetSessionOidc() (string, string) {
 	sessionData := c.GetSessionData()
 	if sessionData != nil &&
 		sessionData.ExpireTime != 0 &&
 		sessionData.ExpireTime < time.Now().Unix() {
-		c.SetSessionUsername("")
-		c.SetSessionData(nil)
+		c.ClearUserSession()
 		return "", ""
 	}
 	scopeValue := c.GetSession("scope")
--- a/controllers/casbin_adapter.go
+++ b/controllers/casbin_adapter.go
@ -18,6 +18,7 @@ import (
 	"encoding/json"

 	"github.com/beego/beego/utils/pagination"
+	xormadapter "github.com/casbin/xorm-adapter/v3"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@ -89,6 +90,69 @@ func (c *ApiController) SyncPolicies() {
 	id := c.Input().Get("id")
 	adapter := object.GetCasbinAdapter(id)

-	c.Data["json"] = object.SyncPolicies(adapter)
+	policies, err := object.SyncPolicies(adapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = policies
+	c.ServeJSON()
+}
+
+func (c *ApiController) UpdatePolicy() {
+	id := c.Input().Get("id")
+	adapter := object.GetCasbinAdapter(id)
+	var policies []xormadapter.CasbinRule
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policies)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	affected, err := object.UpdatePolicy(util.CasbinToSlice(policies[0]), util.CasbinToSlice(policies[1]), adapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	c.Data["json"] = wrapActionResponse(affected)
+	c.ServeJSON()
+}
+
+func (c *ApiController) AddPolicy() {
+	id := c.Input().Get("id")
+	adapter := object.GetCasbinAdapter(id)
+	var policy xormadapter.CasbinRule
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	affected, err := object.AddPolicy(util.CasbinToSlice(policy), adapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	c.Data["json"] = wrapActionResponse(affected)
+	c.ServeJSON()
+}
+
+func (c *ApiController) RemovePolicy() {
+	id := c.Input().Get("id")
+	adapter := object.GetCasbinAdapter(id)
+	var policy xormadapter.CasbinRule
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	affected, err := object.RemovePolicy(util.CasbinToSlice(policy), adapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	c.Data["json"] = wrapActionResponse(affected)
 	c.ServeJSON()
 }
--- a/controllers/enforcer.go
+++ b/controllers/enforcer.go
@ -21,12 +21,6 @@ import (
 )

 func (c *ApiController) Enforce() {
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		c.ResponseError(c.T("EnforcerErr.SignInFirst"))
-		return
-	}
-
 	var permissionRule object.PermissionRule
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permissionRule)
 	if err != nil {
@ -34,17 +28,11 @@ func (c *ApiController) Enforce() {
 		return
 	}

-	c.Data["json"] = object.Enforce(userId, &permissionRule)
+	c.Data["json"] = object.Enforce(&permissionRule)
 	c.ServeJSON()
 }

 func (c *ApiController) BatchEnforce() {
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		c.ResponseError(c.T("EnforcerErr.SignInFirst"))
-		return
-	}
-
 	var permissionRules []object.PermissionRule
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permissionRules)
 	if err != nil {
@ -52,7 +40,7 @@ func (c *ApiController) BatchEnforce() {
 		return
 	}

-	c.Data["json"] = object.BatchEnforce(userId, permissionRules)
+	c.Data["json"] = object.BatchEnforce(permissionRules)
 	c.ServeJSON()
 }

--- a/controllers/provider.go
+++ b/controllers/provider.go
@ -48,6 +48,30 @@ func (c *ApiController) GetProviders() {
 	}
 }

+// GetGlobalProviders
+// @Title GetGlobalProviders
+// @Tag Provider API
+// @Description get Global providers
+// @Success 200 {array} object.Provider The Response object
+// @router /get-global-providers [get]
+func (c *ApiController) GetGlobalProviders() {
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	if limit == "" || page == "" {
+		c.Data["json"] = object.GetMaskedProviders(object.GetGlobalProviders())
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetGlobalProviderCount(field, value)))
+		providers := object.GetMaskedProviders(object.GetPaginationGlobalProviders(paginator.Offset(), limit, field, value, sortField, sortOrder))
+		c.ResponseOk(providers, paginator.Nums())
+	}
+}
+
 // GetProvider
 // @Title GetProvider
 // @Tag Provider API
@ -57,7 +81,6 @@ func (c *ApiController) GetProviders() {
 // @router /get-provider [get]
 func (c *ApiController) GetProvider() {
 	id := c.Input().Get("id")
-
 	c.Data["json"] = object.GetMaskedProvider(object.GetProvider(id))
 	c.ServeJSON()
 }
--- a/controllers/resource.go
+++ b/controllers/resource.go
@ -156,7 +156,7 @@ func (c *ApiController) UploadResource() {
 		return
 	}

-	provider, user, ok := c.GetProviderFromContext("Storage")
+	provider, _, ok := c.GetProviderFromContext("Storage")
 	if !ok {
 		return
 	}
@ -171,6 +171,20 @@ func (c *ApiController) UploadResource() {
 		fileType, _ = util.GetOwnerAndNameFromId(mimeType)
 	}

+	if tag != "avatar" && tag != "termsOfUse" {
+		ext := filepath.Ext(filepath.Base(fullFilePath))
+		index := len(fullFilePath) - len(ext)
+		for i := 1; ; i++ {
+			_, objectKey := object.GetUploadFileUrl(provider, fullFilePath, true)
+			if object.GetResourceCount(owner, username, "name", objectKey) == 0 {
+				break
+			}
+
+			// duplicated fullFilePath found, change it
+			fullFilePath = fullFilePath[:index] + fmt.Sprintf("-%d", i) + ext
+		}
+	}
+
 	fileUrl, objectKey, err := object.UploadFileSafe(provider, fullFilePath, fileBuffer)
 	if err != nil {
 		c.ResponseError(err.Error())
@ -202,12 +216,10 @@ func (c *ApiController) UploadResource() {

 	switch tag {
 	case "avatar":
+		user := object.GetUserNoCheck(util.GetId(owner, username))
 		if user == nil {
-			user = object.GetUserNoCheck(username)
-			if user == nil {
-				c.ResponseError(c.T("ResourceErr.UserIsNil"))
-				return
-			}
+			c.ResponseError(c.T("ResourceErr.UserIsNil"))
+			return
 		}

 		user.Avatar = fileUrl
--- a/controllers/service.go
+++ b/controllers/service.go
@ -60,7 +60,7 @@ func (c *ApiController) SendEmail() {
 	var provider *object.Provider
 	if emailForm.Provider != "" {
 		// called by frontend's TestEmailWidget, provider name is set by frontend
-		provider = object.GetProvider(fmt.Sprintf("admin/%s", emailForm.Provider))
+		provider = object.GetProvider(util.GetId("admin", emailForm.Provider))
 	} else {
 		// called by Casdoor SDK via Client ID & Client Secret, so the used Email provider will be the application' Email provider or the default Email provider
 		var ok bool
--- a/controllers/util.go
+++ b/controllers/util.go
@ -17,6 +17,7 @@ package controllers
 import (
 	"fmt"
 	"strconv"
+	"strings"

 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/i18n"
@ -56,7 +57,7 @@ func (c *ApiController) T(error string) string {
 // GetAcceptLanguage ...
 func (c *ApiController) GetAcceptLanguage() string {
 	lang := c.Ctx.Request.Header.Get("Accept-Language")
-	if lang == "" {
+	if lang == "" || !strings.Contains(conf.GetConfigString("languages"), lang[0:2]) {
 		lang = "en"
 	}
 	return lang[0:2]
@ -98,6 +99,7 @@ func (c *ApiController) RequireSignedInUser() (*object.User, bool) {

 	user := object.GetUser(userId)
 	if user == nil {
+		c.ClearUserSession()
 		c.ResponseError(fmt.Sprintf(c.T("UserErr.DoNotExist"), userId))
 		return nil, false
 	}
@ -124,7 +126,7 @@ func getInitScore() (int, error) {
 func (c *ApiController) GetProviderFromContext(category string) (*object.Provider, *object.User, bool) {
 	providerName := c.Input().Get("provider")
 	if providerName != "" {
-		provider := object.GetProvider(util.GetId(providerName))
+		provider := object.GetProvider(util.GetId("admin", providerName))
 		if provider == nil {
 			c.ResponseError(c.T("ProviderErr.ProviderNotFound"), providerName)
 			return nil, nil, false
--- a/controllers/verification.go
+++ b/controllers/verification.go
@ -92,6 +92,10 @@ func (c *ApiController) SendVerificationCode() {
 	user := c.getCurrentUser()
 	application := object.GetApplication(applicationId)
 	organization := object.GetOrganization(fmt.Sprintf("%s/%s", application.Owner, application.Organization))
+	if organization == nil {
+		c.ResponseError(c.T("OrgErr.DoNotExist"))
+		return
+	}

 	if checkUser == "true" && user == nil && object.GetUserByFields(organization.Name, dest) == nil {
 		c.ResponseError(c.T("LoginErr.LoginFirst"))
@ -114,6 +118,12 @@ func (c *ApiController) SendVerificationCode() {
 			return
 		}

+		userByEmail := object.GetUserByEmail(organization.Name, dest)
+		if userByEmail == nil {
+			c.ResponseError(c.T("UserErr.DoNotExistSignUp"))
+			return
+		}
+
 		provider := application.GetEmailProvider()
 		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, remoteAddr, dest)
 	case "phone":
@ -124,8 +134,10 @@ func (c *ApiController) SendVerificationCode() {
 			c.ResponseError(c.T("PhoneErr.NumberInvalid"))
 			return
 		}
-		if organization == nil {
-			c.ResponseError(c.T("OrgErr.DoNotExist"))
+
+		userByPhone := object.GetUserByPhone(organization.Name, dest)
+		if userByPhone == nil {
+			c.ResponseError(c.T("UserErr.DoNotExistSignUp"))
 			return
 		}

--- a/deployment/deploy_test.go
+++ b/deployment/deploy_test.go
@ -21,9 +21,10 @@ import (
 	"testing"

 	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
 )

 func TestDeployStaticFiles(t *testing.T) {
-	provider := object.GetProvider("admin/provider_storage_aliyun_oss")
+	provider := object.GetProvider(util.GetId("admin", "provider_storage_aliyun_oss"))
 	deployStaticFiles(provider)
 }
--- a/go.mod
+++ b/go.mod
@ -23,6 +23,7 @@ require (
 	github.com/go-pay/gopay v1.5.72
 	github.com/go-sql-driver/mysql v1.5.0
 	github.com/golang-jwt/jwt/v4 v4.2.0
+	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/go-cmp v0.5.8 // indirect
 	github.com/google/uuid v1.2.0
 	github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
@ -36,6 +37,7 @@ require (
 	github.com/russellhaering/goxmldsig v1.1.1
 	github.com/satori/go.uuid v1.2.0
 	github.com/shirou/gopsutil v3.21.11+incompatible
+	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
 	github.com/smartystreets/goconvey v1.6.4 // indirect
 	github.com/stretchr/testify v1.8.0
 	github.com/tealeg/xlsx v1.0.5
@ -51,6 +53,7 @@ require (
 	gopkg.in/ini.v1 v1.67.0
 	gopkg.in/square/go-jose.v2 v2.6.0
 	gopkg.in/yaml.v2 v2.3.0 // indirect
+	xorm.io/builder v0.3.12 // indirect
 	xorm.io/core v0.7.2
-	xorm.io/xorm v1.0.4
+	xorm.io/xorm v1.0.5
 )
--- a/go.sum
+++ b/go.sum
@ -213,8 +213,9 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
 github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/snappy v0.0.0-20170215233205-553a64147049/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db h1:woRePGFeVFfLKN/pOkfl+p/TAqKOfFu+7KPlMVpok/w=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
+github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
 github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@ -394,6 +395,8 @@ github.com/siddontang/goredis v0.0.0-20150324035039-760763f78400/go.mod h1:DDcKz
 github.com/siddontang/rdb v0.0.0-20150307021120-fc89ed2e418d/go.mod h1:AMEsy7v5z92TR1JKMkLLoaOQk++LVnOKL3ScbJ8GNGA=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
+github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e h1:MRM5ITcdelLK2j1vwZ3Je0FKVCfqOLp5zO6trqMLYs0=
+github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
@ -787,10 +790,11 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-xorm.io/builder v0.3.7 h1:2pETdKRK+2QG4mLX4oODHEhn5Z8j1m8sXa7jfu+/SZI=
 xorm.io/builder v0.3.7/go.mod h1:aUW0S9eb9VCaPohFCH3j7czOx1PMW3i1HrSzbLYGBSE=
+xorm.io/builder v0.3.12 h1:ASZYX7fQmy+o8UJdhlLHSW57JDOkM8DNhcAF5d0LiJM=
+xorm.io/builder v0.3.12/go.mod h1:aUW0S9eb9VCaPohFCH3j7czOx1PMW3i1HrSzbLYGBSE=
 xorm.io/core v0.7.2 h1:mEO22A2Z7a3fPaZMk6gKL/jMD80iiyNwRrX5HOv3XLw=
 xorm.io/core v0.7.2/go.mod h1:jJfd0UAEzZ4t87nbQYtVjmqpIODugN6PD2D9E+dJvdM=
 xorm.io/xorm v1.0.3/go.mod h1:uF9EtbhODq5kNWxMbnBEj8hRRZnlcNSz2t2N7HW/+A4=
-xorm.io/xorm v1.0.4 h1:UBXA4I3NhiyjXfPqxXUkS2t5hMta9SSPATeMMaZg9oA=
-xorm.io/xorm v1.0.4/go.mod h1:uF9EtbhODq5kNWxMbnBEj8hRRZnlcNSz2t2N7HW/+A4=
+xorm.io/xorm v1.0.5 h1:LRr5PfOUb4ODPR63YwbowkNDwcolT2LnkwP/TUaMaB0=
+xorm.io/xorm v1.0.5/go.mod h1:uF9EtbhODq5kNWxMbnBEj8hRRZnlcNSz2t2N7HW/+A4=
--- a/i18n/util.go
+++ b/i18n/util.go
@ -17,7 +17,6 @@ package i18n
 import (
 	"embed"
 	"fmt"
-	"log"
 	"strings"

 	"github.com/casdoor/casdoor/util"
@ -27,10 +26,7 @@ import (
 //go:embed languages/*.ini
 var f embed.FS

-var (
-	langMapConfig  = make(map[string]*ini.File)
-	isNotFirstLoad = make(map[string]bool)
-)
+var langMapConfig = make(map[string]*ini.File)

 func getI18nFilePath(language string) string {
 	return fmt.Sprintf("../web/src/locales/%s/data.json", language)
@ -77,16 +73,14 @@ func applyData(data1 *I18nData, data2 *I18nData) {
 func Translate(lang string, error string) string {
 	parts := strings.Split(error, ".")
 	if !strings.Contains(error, ".") || len(parts) != 2 {
-		log.Println("Invalid Error Name")
-		return ""
+		return "Translate Error: " + error
 	}

-	if isNotFirstLoad[lang] {
+	if langMapConfig[lang] != nil {
 		return langMapConfig[lang].Section(parts[0]).Key(parts[1]).String()
 	} else {
 		file, _ := f.ReadFile("languages/locale_" + lang + ".ini")
 		langMapConfig[lang], _ = ini.Load(file)
-		isNotFirstLoad[lang] = true
 		return langMapConfig[lang].Section(parts[0]).Key(parts[1]).String()
 	}
 }
--- a/idp/dingtalk.go
+++ b/idp/dingtalk.go
@ -15,9 +15,12 @@
 package idp

 import (
+	"bytes"
 	"encoding/json"
 	"fmt"
 	"io"
+	"io/ioutil"
+	"log"
 	"net/http"
 	"strings"
 	"time"
@ -167,7 +170,10 @@ func (idp *DingTalkIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, erro
 		Email:       dtUserInfo.Email,
 		AvatarUrl:   dtUserInfo.AvatarUrl,
 	}
-
+	isUserInOrg, err := idp.isUserInOrg(userInfo.UnionId)
+	if !isUserInOrg {
+		return nil, err
+	}
 	return &userInfo, nil
 }

@ -194,3 +200,62 @@ func (idp *DingTalkIdProvider) postWithBody(body interface{}, url string) ([]byt

 	return data, nil
 }
+
+func (idp *DingTalkIdProvider) getInnerAppAccessToken() string {
+	appKey := idp.Config.ClientID
+	appSecret := idp.Config.ClientSecret
+	body := make(map[string]string)
+	body["appKey"] = appKey
+	body["appSecret"] = appSecret
+	bodyData, err := json.Marshal(body)
+	if err != nil {
+		log.Println(err.Error())
+	}
+	reader := bytes.NewReader(bodyData)
+	request, err := http.NewRequest("POST", "https://api.dingtalk.com/v1.0/oauth2/accessToken", reader)
+	request.Header.Set("Content-Type", "application/json;charset=UTF-8")
+	resp, err := idp.Client.Do(request)
+	respBytes, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		log.Println(err.Error())
+	}
+	var data struct {
+		ExpireIn    int    `json:"expireIn"`
+		AccessToken string `json:"accessToken"`
+	}
+	err = json.Unmarshal(respBytes, &data)
+	if err != nil {
+		log.Println(err.Error())
+	}
+	return data.AccessToken
+}
+
+func (idp *DingTalkIdProvider) isUserInOrg(unionId string) (bool, error) {
+	body := make(map[string]string)
+	body["unionid"] = unionId
+	bodyData, err := json.Marshal(body)
+	if err != nil {
+		log.Println(err.Error())
+	}
+	reader := bytes.NewReader(bodyData)
+	accessToken := idp.getInnerAppAccessToken()
+	request, _ := http.NewRequest("POST", "https://oapi.dingtalk.com/topapi/user/getbyunionid?access_token="+accessToken, reader)
+	request.Header.Set("Content-Type", "application/json;charset=UTF-8")
+	resp, err := idp.Client.Do(request)
+	respBytes, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		log.Println(err.Error())
+	}
+	var data struct {
+		ErrCode    int    `json:"errcode"`
+		ErrMessage string `json:"errmsg"`
+	}
+	err = json.Unmarshal(respBytes, &data)
+	if err != nil {
+		log.Println(err.Error())
+	}
+	if data.ErrCode == 60121 {
+		return false, fmt.Errorf("the user is not found in the organization where clientId and clientSecret belong")
+	}
+	return true, nil
+}
--- a/idp/wechat.go
+++ b/idp/wechat.go
@ -16,14 +16,17 @@ package idp

 import (
 	"bytes"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"net/http"
 	"net/url"
 	"strings"
 	"time"

+	"github.com/skip2/go-qrcode"
 	"golang.org/x/oauth2"
 )

@ -191,3 +194,54 @@ func (idp *WeChatIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error)
 	}
 	return &userInfo, nil
 }
+
+func GetWechatOfficialAccountAccessToken(clientId string, clientSecret string) (string, error) {
+	accessTokenUrl := fmt.Sprintf("https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=%s&secret=%s", clientId, clientSecret)
+	request, err := http.NewRequest("GET", accessTokenUrl, nil)
+	client := new(http.Client)
+	resp, err := client.Do(request)
+	respBytes, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+	var data struct {
+		ExpireIn    int    `json:"expires_in"`
+		AccessToken string `json:"access_token"`
+	}
+	err = json.Unmarshal(respBytes, &data)
+	if err != nil {
+		return "", err
+	}
+	return data.AccessToken, nil
+}
+
+func GetWechatOfficialAccountQRCode(clientId string, clientSecret string) (string, error) {
+	accessToken, err := GetWechatOfficialAccountAccessToken(clientId, clientSecret)
+	client := new(http.Client)
+	params := "{\"action_name\": \"QR_LIMIT_STR_SCENE\", \"action_info\": {\"scene\": {\"scene_str\": \"test\"}}}"
+	bodyData := bytes.NewReader([]byte(params))
+	qrCodeUrl := fmt.Sprintf("https://api.weixin.qq.com/cgi-bin/qrcode/create?access_token=%s", accessToken)
+	requeset, err := http.NewRequest("POST", qrCodeUrl, bodyData)
+	resp, err := client.Do(requeset)
+	if err != nil {
+		return "", err
+	}
+	respBytes, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+	var data struct {
+		Ticket        string `json:"ticket"`
+		ExpireSeconds int    `json:"expire_seconds"`
+		URL           string `json:"url"`
+	}
+	err = json.Unmarshal(respBytes, &data)
+	if err != nil {
+		return "", err
+	}
+
+	var png []byte
+	png, err = qrcode.Encode(data.URL, qrcode.Medium, 256)
+	base64Image := base64.StdEncoding.EncodeToString(png)
+	return base64Image, nil
+}
--- a/object/application.go
+++ b/object/application.go
@ -20,6 +20,7 @@ import (
 	"regexp"
 	"strings"

+	"github.com/casdoor/casdoor/idp"
 	"github.com/casdoor/casdoor/util"
 	"xorm.io/core"
 )
@ -84,6 +85,16 @@ func GetApplicationCount(owner, field, value string) int {
 	return int(count)
 }

+func GetOrganizationApplicationCount(owner, Organization, field, value string) int {
+	session := GetSession(owner, -1, -1, field, value, "", "")
+	count, err := session.Count(&Application{Organization: Organization})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
+}
+
 func GetApplications(owner string) []*Application {
 	applications := []*Application{}
 	err := adapter.Engine.Desc("created_time").Find(&applications, &Application{Owner: owner})
@ -94,8 +105,18 @@ func GetApplications(owner string) []*Application {
 	return applications
 }

-func GetPaginationApplications(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Application {
+func GetOrganizationApplications(owner string, organization string) []*Application {
 	applications := []*Application{}
+	err := adapter.Engine.Desc("created_time").Find(&applications, &Application{Owner: owner, Organization: organization})
+	if err != nil {
+		panic(err)
+	}
+
+	return applications
+}
+
+func GetPaginationApplications(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Application {
+	var applications []*Application
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
 	err := session.Find(&applications)
 	if err != nil {
@ -105,9 +126,10 @@ func GetPaginationApplications(owner string, offset, limit int, field, value, so
 	return applications
 }

-func GetApplicationsByOrganizationName(owner string, organization string) []*Application {
+func GetPaginationOrganizationApplications(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) []*Application {
 	applications := []*Application{}
-	err := adapter.Engine.Desc("created_time").Find(&applications, &Application{Owner: owner, Organization: organization})
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&applications, &Application{Owner: owner, Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@ -119,9 +141,11 @@ func getProviderMap(owner string) map[string]*Provider {
 	providers := GetProviders(owner)
 	m := map[string]*Provider{}
 	for _, provider := range providers {
-		//if provider.Category != "OAuth" {
-		//	continue
-		//}
+		// Get QRCode only once
+		if provider.Type == "WeChat" && provider.DisableSsl == true && provider.Content == "" {
+			provider.Content, _ = idp.GetWechatOfficialAccountQRCode(provider.ClientId2, provider.ClientSecret2)
+			UpdateProvider(provider.Owner+"/"+provider.Name, provider)
+		}

 		m[provider.Name] = GetMaskedProvider(provider)
 	}
@ -129,7 +153,7 @@ func getProviderMap(owner string) map[string]*Provider {
 }

 func extendApplicationWithProviders(application *Application) {
-	m := getProviderMap(application.Owner)
+	m := getProviderMap(application.Organization)
 	for _, providerItem := range application.Providers {
 		if provider, ok := m[providerItem.Name]; ok {
 			providerItem.Provider = provider
@ -270,6 +294,13 @@ func UpdateApplication(id string, application *Application) bool {
 		application.Name = name
 	}

+	if name != application.Name {
+		err := applicationChangeTrigger(name, application.Name)
+		if err != nil {
+			return false
+		}
+	}
+
 	for _, providerItem := range application.Providers {
 		providerItem.Provider = nil
 	}
@ -371,7 +402,7 @@ func IsAllowOrigin(origin string) bool {
 }

 func getApplicationMap(organization string) map[string]*Application {
-	applications := GetApplicationsByOrganizationName("admin", organization)
+	applications := GetOrganizationApplications("admin", organization)

 	applicationMap := make(map[string]*Application)
 	for _, application := range applications {
@ -400,3 +431,55 @@ func ExtendManagedAccountsWithUser(user *User) *User {

 	return user
 }
+
+func applicationChangeTrigger(oldName string, newName string) error {
+	session := adapter.Engine.NewSession()
+	defer session.Close()
+
+	err := session.Begin()
+	if err != nil {
+		return err
+	}
+
+	organization := new(Organization)
+	organization.DefaultApplication = newName
+	_, err = session.Where("default_application=?", oldName).Update(organization)
+	if err != nil {
+		return err
+	}
+
+	user := new(User)
+	user.SignupApplication = newName
+	_, err = session.Where("signup_application=?", oldName).Update(user)
+	if err != nil {
+		return err
+	}
+
+	resource := new(Resource)
+	resource.Application = newName
+	_, err = session.Where("application=?", oldName).Update(resource)
+	if err != nil {
+		return err
+	}
+
+	var permissions []*Permission
+	err = adapter.Engine.Find(&permissions)
+	if err != nil {
+		return err
+	}
+	for i := 0; i < len(permissions); i++ {
+		permissionResoureces := permissions[i].Resources
+		for j := 0; j < len(permissionResoureces); j++ {
+			if permissionResoureces[j] == oldName {
+				permissionResoureces[j] = newName
+			}
+		}
+		permissions[i].Resources = permissionResoureces
+		_, err = session.Where("name=?", permissions[i].Name).Update(permissions[i])
+		if err != nil {
+			return err
+		}
+	}
+
+	return session.Commit()
+}
--- a/object/application_item.go
+++ b/object/application_item.go
@ -15,7 +15,7 @@
 package object

 func (application *Application) GetProviderByCategory(category string) *Provider {
-	providers := GetProviders(application.Owner)
+	providers := GetProviders(application.Organization)
 	m := map[string]*Provider{}
 	for _, provider := range providers {
 		if provider.Category != category {
--- a/object/avatar.go
+++ b/object/avatar.go
@ -60,7 +60,7 @@ func getPermanentAvatarUrl(organization string, username string, url string, upl
 	}

 	fullFilePath := fmt.Sprintf("/avatar/%s/%s.png", organization, username)
-	uploadedFileUrl, _ := getUploadFileUrl(defaultStorageProvider, fullFilePath, false)
+	uploadedFileUrl, _ := GetUploadFileUrl(defaultStorageProvider, fullFilePath, false)

 	if upload {
 		DownloadAndUpload(url, fullFilePath)
--- a/object/casbin_adapter.go
+++ b/object/casbin_adapter.go
@ -148,34 +148,7 @@ func (casbinAdapter *CasbinAdapter) getTable() string {
 	}
 }

-func safeReturn(policy []string, i int) string {
-	if len(policy) > i {
-		return policy[i]
-	} else {
-		return ""
-	}
-}
-
-func matrixToCasbinRules(pType string, policies [][]string) []*xormadapter.CasbinRule {
-	res := []*xormadapter.CasbinRule{}
-
-	for _, policy := range policies {
-		line := xormadapter.CasbinRule{
-			Ptype: pType,
-			V0:    safeReturn(policy, 0),
-			V1:    safeReturn(policy, 1),
-			V2:    safeReturn(policy, 2),
-			V3:    safeReturn(policy, 3),
-			V4:    safeReturn(policy, 4),
-			V5:    safeReturn(policy, 5),
-		}
-		res = append(res, &line)
-	}
-
-	return res
-}
-
-func SyncPolicies(casbinAdapter *CasbinAdapter) []*xormadapter.CasbinRule {
+func initEnforcer(modelObj *Model, casbinAdapter *CasbinAdapter) (*casbin.Enforcer, error) {
 	// init Adapter
 	if casbinAdapter.Adapter == nil {
 		var dataSourceName string
@ -191,20 +164,60 @@ func SyncPolicies(casbinAdapter *CasbinAdapter) []*xormadapter.CasbinRule {
 			dataSourceName = strings.ReplaceAll(dataSourceName, "dbi.", "db.")
 		}

-		casbinAdapter.Adapter, _ = xormadapter.NewAdapterByEngineWithTableName(NewAdapter(casbinAdapter.DatabaseType, dataSourceName, casbinAdapter.Database).Engine, casbinAdapter.getTable(), "")
+		var err error
+		casbinAdapter.Adapter, err = xormadapter.NewAdapterByEngineWithTableName(NewAdapter(casbinAdapter.DatabaseType, dataSourceName, casbinAdapter.Database).Engine, casbinAdapter.getTable(), "")
+		if err != nil {
+			return nil, err
+		}
 	}

 	// init Model
-	modelObj := getModel(casbinAdapter.Owner, casbinAdapter.Model)
 	m, err := model.NewModelFromString(modelObj.ModelText)
 	if err != nil {
-		panic(err)
+		return nil, err
 	}

 	// init Enforcer
 	enforcer, err := casbin.NewEnforcer(m, casbinAdapter.Adapter)
 	if err != nil {
-		panic(err)
+		return nil, err
+	}
+
+	return enforcer, nil
+}
+
+func safeReturn(policy []string, i int) string {
+	if len(policy) > i {
+		return policy[i]
+	} else {
+		return ""
+	}
+}
+
+func matrixToCasbinRules(Ptype string, policies [][]string) []*xormadapter.CasbinRule {
+	res := []*xormadapter.CasbinRule{}
+
+	for _, policy := range policies {
+		line := xormadapter.CasbinRule{
+			Ptype: Ptype,
+			V0:    safeReturn(policy, 0),
+			V1:    safeReturn(policy, 1),
+			V2:    safeReturn(policy, 2),
+			V3:    safeReturn(policy, 3),
+			V4:    safeReturn(policy, 4),
+			V5:    safeReturn(policy, 5),
+		}
+		res = append(res, &line)
+	}
+
+	return res
+}
+
+func SyncPolicies(casbinAdapter *CasbinAdapter) ([]*xormadapter.CasbinRule, error) {
+	modelObj := getModel(casbinAdapter.Owner, casbinAdapter.Model)
+	enforcer, err := initEnforcer(modelObj, casbinAdapter)
+	if err != nil {
+		return nil, err
 	}

 	policies := matrixToCasbinRules("p", enforcer.GetPolicy())
@ -212,5 +225,48 @@ func SyncPolicies(casbinAdapter *CasbinAdapter) []*xormadapter.CasbinRule {
 		policies = append(policies, matrixToCasbinRules("g", enforcer.GetGroupingPolicy())...)
 	}

-	return policies
+	return policies, nil
+}
+
+func UpdatePolicy(oldPolicy, newPolicy []string, casbinAdapter *CasbinAdapter) (bool, error) {
+	modelObj := getModel(casbinAdapter.Owner, casbinAdapter.Model)
+	enforcer, err := initEnforcer(modelObj, casbinAdapter)
+	if err != nil {
+		return false, err
+	}
+
+	affected, err := enforcer.UpdatePolicy(oldPolicy, newPolicy)
+	if err != nil {
+		return affected, err
+	}
+	return affected, nil
+}
+
+func AddPolicy(policy []string, casbinAdapter *CasbinAdapter) (bool, error) {
+	modelObj := getModel(casbinAdapter.Owner, casbinAdapter.Model)
+	enforcer, err := initEnforcer(modelObj, casbinAdapter)
+	if err != nil {
+		return false, err
+	}
+
+	affected, err := enforcer.AddPolicy(policy)
+	if err != nil {
+		return affected, err
+	}
+	return affected, nil
+}
+
+func RemovePolicy(policy []string, casbinAdapter *CasbinAdapter) (bool, error) {
+	modelObj := getModel(casbinAdapter.Owner, casbinAdapter.Model)
+	enforcer, err := initEnforcer(modelObj, casbinAdapter)
+	if err != nil {
+		return false, err
+	}
+
+	affected, err := enforcer.RemovePolicy(policy)
+	if err != nil {
+		return affected, err
+	}
+
+	return affected, nil
 }
--- a/object/cert.go
+++ b/object/cert.go
@ -114,6 +114,12 @@ func UpdateCert(id string, cert *Cert) bool {
 		return false
 	}

+	if name != cert.Name {
+		err := certChangeTrigger(name, cert.Name)
+		if err != nil {
+			return false
+		}
+	}
 	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(cert)
 	if err != nil {
 		panic(err)
@ -161,3 +167,22 @@ func getCertByApplication(application *Application) *Cert {
 func GetDefaultCert() *Cert {
 	return getCert("admin", "cert-built-in")
 }
+
+func certChangeTrigger(oldName string, newName string) error {
+	session := adapter.Engine.NewSession()
+	defer session.Close()
+
+	err := session.Begin()
+	if err != nil {
+		return err
+	}
+
+	application := new(Application)
+	application.Cert = newName
+	_, err = session.Where("cert=?", oldName).Update(application)
+	if err != nil {
+		return err
+	}
+
+	return session.Commit()
+}
--- a/object/init.go
+++ b/object/init.go
@ -58,6 +58,7 @@ func initBuiltInOrganization() bool {
 		PhonePrefix:   "86",
 		DefaultAvatar: fmt.Sprintf("%s/img/casbin.svg", conf.GetConfigString("staticBaseUrl")),
 		Tags:          []string{},
+		Languages:     []string{"en", "zh", "es", "fr", "de", "ja", "ko", "ru"},
 		AccountItems: []*AccountItem{
 			{Name: "Organization", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
 			{Name: "ID", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
@ -221,7 +222,7 @@ func initBuiltInLdap() {
 }

 func initBuiltInProvider() {
-	provider := GetProvider("admin/provider_captcha_default")
+	provider := GetProvider(util.GetId("admin", "provider_captcha_default"))
 	if provider != nil {
 		return
 	}
--- a/object/init_data.go
+++ b/object/init_data.go
@ -56,12 +56,40 @@ func readInitDataFromFile(filePath string) *InitData {

 	s := util.ReadStringFromPath(filePath)

-	data := &InitData{}
+	data := &InitData{
+		Organizations: []*Organization{},
+		Applications:  []*Application{},
+		Users:         []*User{},
+		Certs:         []*Cert{},
+		Providers:     []*Provider{},
+		Ldaps:         []*Ldap{},
+	}
 	err := util.JsonToStruct(s, data)
 	if err != nil {
 		panic(err)
 	}

+	// transform nil slice to empty slice
+	for _, organization := range data.Organizations {
+		if organization.Tags == nil {
+			organization.Tags = []string{}
+		}
+	}
+	for _, application := range data.Applications {
+		if application.Providers == nil {
+			application.Providers = []*ProviderItem{}
+		}
+		if application.SignupItems == nil {
+			application.SignupItems = []*SignupItem{}
+		}
+		if application.GrantTypes == nil {
+			application.GrantTypes = []string{}
+		}
+		if application.RedirectUris == nil {
+			application.RedirectUris = []string{}
+		}
+	}
+
 	return data
 }

@ -140,7 +168,7 @@ func initDefinedLdap(ldap *Ldap) {
 }

 func initDefinedProvider(provider *Provider) {
-	existed := GetProvider(provider.GetId())
+	existed := GetProvider(util.GetId("admin", provider.Name))
 	if existed != nil {
 		return
 	}
--- a/object/model.go
+++ b/object/model.go
@ -92,6 +92,12 @@ func UpdateModel(id string, modelObj *Model) bool {
 		return false
 	}

+	if name != modelObj.Name {
+		err := modelChangeTrigger(name, modelObj.Name)
+		if err != nil {
+			return false
+		}
+	}
 	// check model grammar
 	_, err := model.NewModelFromString(modelObj.ModelText)
 	if err != nil {
@ -127,3 +133,22 @@ func DeleteModel(model *Model) bool {
 func (model *Model) GetId() string {
 	return fmt.Sprintf("%s/%s", model.Owner, model.Name)
 }
+
+func modelChangeTrigger(oldName string, newName string) error {
+	session := adapter.Engine.NewSession()
+	defer session.Close()
+
+	err := session.Begin()
+	if err != nil {
+		return err
+	}
+
+	permission := new(Permission)
+	permission.Model = newName
+	_, err = session.Where("model=?", oldName).Update(permission)
+	if err != nil {
+		return err
+	}
+
+	return session.Commit()
+}
--- a/object/organization.go
+++ b/object/organization.go
@ -16,6 +16,7 @@ package object

 import (
 	"fmt"
+	"strings"

 	"github.com/casdoor/casdoor/cred"
 	"github.com/casdoor/casdoor/i18n"
@ -44,6 +45,7 @@ type Organization struct {
 	DefaultAvatar      string   `xorm:"varchar(100)" json:"defaultAvatar"`
 	DefaultApplication string   `xorm:"varchar(100)" json:"defaultApplication"`
 	Tags               []string `xorm:"mediumtext" json:"tags"`
+	Languages          []string `xorm:"varchar(255)" json:"languages"`
 	MasterPassword     string   `xorm:"varchar(100)" json:"masterPassword"`
 	EnableSoftDeletion bool     `json:"enableSoftDeletion"`
 	IsProfilePublic    bool     `json:"isProfilePublic"`
@ -134,15 +136,10 @@ func UpdateOrganization(id string, organization *Organization) bool {
 	}

 	if name != organization.Name {
-		go func() {
-			application := new(Application)
-			application.Organization = organization.Name
-			_, _ = adapter.Engine.Where("organization=?", name).Update(application)
-
-			user := new(User)
-			user.Owner = organization.Name
-			_, _ = adapter.Engine.Where("owner=?", name).Update(user)
-		}()
+		err := organizationChangeTrigger(name, organization.Name)
+		if err != nil {
+			return false
+		}
 	}

 	if organization.MasterPassword != "" && organization.MasterPassword != "***" {
@ -226,7 +223,12 @@ func GetDefaultApplication(id string) (*Application, error) {
 	}

 	if organization.DefaultApplication != "" {
-		return getApplication("admin", organization.DefaultApplication), fmt.Errorf("The default application: %s does not exist", organization.DefaultApplication)
+		defaultApplication := getApplication("admin", organization.DefaultApplication)
+		if defaultApplication == nil {
+			return nil, fmt.Errorf("The default application: %s does not exist", organization.DefaultApplication)
+		} else {
+			return defaultApplication, nil
+		}
 	}

 	applications := []*Application{}
@ -252,3 +254,148 @@ func GetDefaultApplication(id string) (*Application, error) {

 	return defaultApplication, nil
 }
+
+func organizationChangeTrigger(oldName string, newName string) error {
+	session := adapter.Engine.NewSession()
+	defer session.Close()
+
+	err := session.Begin()
+	if err != nil {
+		return err
+	}
+
+	application := new(Application)
+	application.Organization = newName
+	_, err = session.Where("organization=?", oldName).Update(application)
+	if err != nil {
+		return err
+	}
+
+	user := new(User)
+	user.Owner = newName
+	_, err = session.Where("owner=?", oldName).Update(user)
+	if err != nil {
+		return err
+	}
+
+	role := new(Role)
+	_, err = adapter.Engine.Where("owner=?", oldName).Get(role)
+	if err != nil {
+		return err
+	}
+	for i, u := range role.Users {
+		// u = organization/username
+		split := strings.Split(u, "/")
+		if split[0] == oldName {
+			split[0] = newName
+			role.Users[i] = split[0] + "/" + split[1]
+		}
+	}
+	for i, u := range role.Roles {
+		// u = organization/username
+		split := strings.Split(u, "/")
+		if split[0] == oldName {
+			split[0] = newName
+			role.Roles[i] = split[0] + "/" + split[1]
+		}
+	}
+	role.Owner = newName
+	_, err = session.Where("owner=?", oldName).Update(role)
+	if err != nil {
+		return err
+	}
+
+	permission := new(Permission)
+	_, err = adapter.Engine.Where("owner=?", oldName).Get(permission)
+	if err != nil {
+		return err
+	}
+	for i, u := range permission.Users {
+		// u = organization/username
+		split := strings.Split(u, "/")
+		if split[0] == oldName {
+			split[0] = newName
+			permission.Users[i] = split[0] + "/" + split[1]
+		}
+	}
+	for i, u := range permission.Roles {
+		// u = organization/username
+		split := strings.Split(u, "/")
+		if split[0] == oldName {
+			split[0] = newName
+			permission.Roles[i] = split[0] + "/" + split[1]
+		}
+	}
+	permission.Owner = newName
+	_, err = session.Where("owner=?", oldName).Update(permission)
+	if err != nil {
+		return err
+	}
+
+	casbinAdapter := new(CasbinAdapter)
+	casbinAdapter.Owner = newName
+	casbinAdapter.Organization = newName
+	_, err = session.Where("owner=?", oldName).Update(casbinAdapter)
+	if err != nil {
+		return err
+	}
+
+	ldap := new(Ldap)
+	ldap.Owner = newName
+	_, err = session.Where("owner=?", oldName).Update(ldap)
+	if err != nil {
+		return err
+	}
+
+	model := new(Model)
+	model.Owner = newName
+	_, err = session.Where("owner=?", oldName).Update(model)
+	if err != nil {
+		return err
+	}
+
+	payment := new(Payment)
+	payment.Organization = newName
+	_, err = session.Where("organization=?", oldName).Update(payment)
+	if err != nil {
+		return err
+	}
+
+	record := new(Record)
+	record.Owner = newName
+	record.Organization = newName
+	_, err = session.Where("organization=?", oldName).Update(record)
+	if err != nil {
+		return err
+	}
+
+	resource := new(Resource)
+	resource.Owner = newName
+	_, err = session.Where("owner=?", oldName).Update(resource)
+	if err != nil {
+		return err
+	}
+
+	syncer := new(Syncer)
+	syncer.Organization = newName
+	_, err = session.Where("organization=?", oldName).Update(syncer)
+	if err != nil {
+		return err
+	}
+
+	token := new(Token)
+	token.Organization = newName
+	_, err = session.Where("organization=?", oldName).Update(token)
+	if err != nil {
+		return err
+	}
+
+	webhook := new(Webhook)
+	webhook.Organization = newName
+	_, err = session.Where("organization=?", oldName).Update(webhook)
+	if err != nil {
+		return err
+	}
+
+	return session.Commit()
+}
--- a/object/permission_enforcer.go
+++ b/object/permission_enforcer.go
@ -152,20 +152,20 @@ func removePolicies(permission *Permission) {
 	}
 }

-func Enforce(userId string, permissionRule *PermissionRule) bool {
+func Enforce(permissionRule *PermissionRule) bool {
 	permission := GetPermission(permissionRule.Id)
 	enforcer := getEnforcer(permission)
-	allow, err := enforcer.Enforce(userId, permissionRule.V1, permissionRule.V2)
+	allow, err := enforcer.Enforce(permissionRule.V0, permissionRule.V1, permissionRule.V2)
 	if err != nil {
 		panic(err)
 	}
 	return allow
 }

-func BatchEnforce(userId string, permissionRules []PermissionRule) []bool {
+func BatchEnforce(permissionRules []PermissionRule) []bool {
 	var requests [][]interface{}
 	for _, permissionRule := range permissionRules {
-		requests = append(requests, []interface{}{userId, permissionRule.V1, permissionRule.V2})
+		requests = append(requests, []interface{}{permissionRule.V0, permissionRule.V1, permissionRule.V2})
 	}
 	permission := GetPermission(permissionRules[0].Id)
 	enforcer := getEnforcer(permission)
--- a/object/provider.go
+++ b/object/provider.go
@ -25,7 +25,7 @@ import (

 type Provider struct {
 	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
-	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
+	Name        string `xorm:"varchar(100) notnull pk unique" json:"name"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`

 	DisplayName       string `xorm:"varchar(100)" json:"displayName"`
@ -46,9 +46,9 @@ type Provider struct {

 	Host       string `xorm:"varchar(100)" json:"host"`
 	Port       int    `json:"port"`
-	DisableSsl bool   `json:"disableSsl"`
+	DisableSsl bool   `json:"disableSsl"` // If the provider type is WeChat, DisableSsl means EnableQRCode
 	Title      string `xorm:"varchar(100)" json:"title"`
-	Content    string `xorm:"varchar(1000)" json:"content"`
+	Content    string `xorm:"varchar(1000)" json:"content"` // If provider type is WeChat, Content means QRCode string by Base64 encoding
 	Receiver   string `xorm:"varchar(100)" json:"receiver"`

 	RegionId     string `xorm:"varchar(100)" json:"regionId"`
@ -60,6 +60,7 @@ type Provider struct {
 	IntranetEndpoint string `xorm:"varchar(100)" json:"intranetEndpoint"`
 	Domain           string `xorm:"varchar(100)" json:"domain"`
 	Bucket           string `xorm:"varchar(100)" json:"bucket"`
+	PathPrefix       string `xorm:"varchar(100)" json:"pathPrefix"`

 	Metadata               string `xorm:"mediumtext" json:"metadata"`
 	IdP                    string `xorm:"mediumtext" json:"idP"`
@ -92,7 +93,17 @@ func GetMaskedProviders(providers []*Provider) []*Provider {
 }

 func GetProviderCount(owner, field, value string) int {
-	session := GetSession(owner, -1, -1, field, value, "", "")
+	session := GetSession("", -1, -1, field, value, "", "")
+	count, err := session.Where("owner = ? or owner = ? ", "admin", owner).Count(&Provider{})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
+}
+
+func GetGlobalProviderCount(field, value string) int {
+	session := GetSession("", -1, -1, field, value, "", "")
 	count, err := session.Count(&Provider{})
 	if err != nil {
 		panic(err)
@ -103,7 +114,17 @@ func GetProviderCount(owner, field, value string) int {

 func GetProviders(owner string) []*Provider {
 	providers := []*Provider{}
-	err := adapter.Engine.Desc("created_time").Find(&providers, &Provider{Owner: owner})
+	err := adapter.Engine.Where("owner = ? or owner = ? ", "admin", owner).Desc("created_time").Find(&providers, &Provider{})
+	if err != nil {
+		panic(err)
+	}
+
+	return providers
+}
+
+func GetGlobalProviders() []*Provider {
+	providers := []*Provider{}
+	err := adapter.Engine.Desc("created_time").Find(&providers)
 	if err != nil {
 		panic(err)
 	}
@ -113,7 +134,18 @@ func GetProviders(owner string) []*Provider {

 func GetPaginationProviders(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Provider {
 	providers := []*Provider{}
-	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	session := GetSession("", offset, limit, field, value, sortField, sortOrder)
+	err := session.Where("owner = ? or owner = ? ", "admin", owner).Find(&providers)
+	if err != nil {
+		panic(err)
+	}
+
+	return providers
+}
+
+func GetPaginationGlobalProviders(offset, limit int, field, value, sortField, sortOrder string) []*Provider {
+	providers := []*Provider{}
+	session := GetSession("", offset, limit, field, value, sortField, sortOrder)
 	err := session.Find(&providers)
 	if err != nil {
 		panic(err)
@ -127,7 +159,7 @@ func getProvider(owner string, name string) *Provider {
 		return nil
 	}

-	provider := Provider{Owner: owner, Name: name}
+	provider := Provider{Name: name}
 	existed, err := adapter.Engine.Get(&provider)
 	if err != nil {
 		panic(err)
@ -175,6 +207,13 @@ func UpdateProvider(id string, provider *Provider) bool {
 		return false
 	}

+	if name != provider.Name {
+		err := providerChangeTrigger(name, provider.Name)
+		if err != nil {
+			return false
+		}
+	}
+
 	session := adapter.Engine.ID(core.PK{owner, name}).AllCols()
 	if provider.ClientSecret == "***" {
 		session = session.Omit("client_secret")
@ -262,3 +301,41 @@ func GetCaptchaProviderByApplication(applicationId, isCurrentProvider, lang stri
 	}
 	return nil, nil
 }
+
+func providerChangeTrigger(oldName string, newName string) error {
+	session := adapter.Engine.NewSession()
+	defer session.Close()
+
+	err := session.Begin()
+	if err != nil {
+		return err
+	}
+
+	var applications []*Application
+	err = adapter.Engine.Find(&applications)
+	if err != nil {
+		return err
+	}
+	for i := 0; i < len(applications); i++ {
+		providers := applications[i].Providers
+		for j := 0; j < len(providers); j++ {
+			if providers[j].Name == oldName {
+				providers[j].Name = newName
+			}
+		}
+		applications[i].Providers = providers
+		_, err = session.Where("name=?", applications[i].Name).Update(applications[i])
+		if err != nil {
+			return err
+		}
+	}
+
+	resource := new(Resource)
+	resource.Provider = newName
+	_, err = session.Where("provider=?", oldName).Update(resource)
+	if err != nil {
+		return err
+	}
+
+	return session.Commit()
+}
--- a/object/provider_item.go
+++ b/object/provider_item.go
@ -15,7 +15,9 @@
 package object

 type ProviderItem struct {
-	Name      string    `json:"name"`
+	Owner string `json:"owner"`
+	Name  string `json:"name"`
+
 	CanSignUp bool      `json:"canSignUp"`
 	CanSignIn bool      `json:"canSignIn"`
 	CanUnlink bool      `json:"canUnlink"`
--- a/object/role.go
+++ b/object/role.go
@ -16,6 +16,7 @@ package object

 import (
 	"fmt"
+	"strings"

 	"github.com/casdoor/casdoor/util"
 	"xorm.io/core"
@ -94,6 +95,13 @@ func UpdateRole(id string, role *Role) bool {
 		return false
 	}

+	if name != role.Name {
+		err := roleChangeTrigger(name, role.Name)
+		if err != nil {
+			return false
+		}
+	}
+
 	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(role)
 	if err != nil {
 		panic(err)
@ -133,3 +141,54 @@ func GetRolesByUser(userId string) []*Role {

 	return roles
 }
+
+func roleChangeTrigger(oldName string, newName string) error {
+	session := adapter.Engine.NewSession()
+	defer session.Close()
+
+	err := session.Begin()
+	if err != nil {
+		return err
+	}
+
+	var roles []*Role
+	err = adapter.Engine.Find(&roles)
+	if err != nil {
+		return err
+	}
+	for _, role := range roles {
+		for j, u := range role.Roles {
+			split := strings.Split(u, "/")
+			if split[1] == oldName {
+				split[1] = newName
+				role.Roles[j] = split[0] + "/" + split[1]
+			}
+		}
+		_, err = session.Where("name=?", role.Name).Update(role)
+		if err != nil {
+			return err
+		}
+	}
+
+	var permissions []*Permission
+	err = adapter.Engine.Find(&permissions)
+	if err != nil {
+		return err
+	}
+	for _, permission := range permissions {
+		for j, u := range permission.Roles {
+			// u = organization/username
+			split := strings.Split(u, "/")
+			if split[1] == oldName {
+				split[1] = newName
+				permission.Roles[j] = split[0] + "/" + split[1]
+			}
+		}
+		_, err = session.Where("name=?", permission.Name).Update(permission)
+		if err != nil {
+			return err
+		}
+	}
+
+	return session.Commit()
+}
--- a/object/storage.go
+++ b/object/storage.go
@ -54,8 +54,8 @@ func escapePath(path string) string {
 	return res
 }

-func getUploadFileUrl(provider *Provider, fullFilePath string, hasTimestamp bool) (string, string) {
-	escapedPath := escapePath(fullFilePath)
+func GetUploadFileUrl(provider *Provider, fullFilePath string, hasTimestamp bool) (string, string) {
+	escapedPath := util.UrlJoin(provider.PathPrefix, escapePath(fullFilePath))
 	objectKey := util.UrlJoin(util.GetUrlPath(provider.Domain), escapedPath)

 	host := ""
@ -70,7 +70,7 @@ func getUploadFileUrl(provider *Provider, fullFilePath string, hasTimestamp bool
 		host = util.UrlJoin(provider.Domain, "/files")
 	}
 	if provider.Type == "Azure Blob" {
-		host = fmt.Sprintf("%s/%s", host, provider.Bucket)
+		host = util.UrlJoin(host, provider.Bucket)
 	}

 	fileUrl := util.UrlJoin(host, escapePath(objectKey))
@ -93,7 +93,7 @@ func uploadFile(provider *Provider, fullFilePath string, fileBuffer *bytes.Buffe
 		UpdateProvider(provider.GetId(), provider)
 	}

-	fileUrl, objectKey := getUploadFileUrl(provider, fullFilePath, true)
+	fileUrl, objectKey := GetUploadFileUrl(provider, fullFilePath, true)

 	_, err := storageProvider.Put(objectKey, fileBuffer)
 	if err != nil {
--- a/object/syncer_user.go
+++ b/object/syncer_user.go
@ -37,7 +37,16 @@ func (syncer *Syncer) getOriginalUsers() ([]*OriginalUser, error) {
 		return nil, err
 	}

-	return syncer.getOriginalUsersFromMap(results), nil
+	// Memory leak problem handling
+	// https://github.com/casdoor/casdoor/issues/1256
+	users := syncer.getOriginalUsersFromMap(results)
+	for _, m := range results {
+		for k := range m {
+			delete(m, k)
+		}
+	}
+
+	return users, nil
 }

 func (syncer *Syncer) getOriginalUserMap() ([]*OriginalUser, map[string]*OriginalUser, error) {
--- a/object/token.go
+++ b/object/token.go
@ -678,7 +678,7 @@ func GetWechatMiniProgramToken(application *Application, code string, host strin
 			ErrorDescription: "the application does not support wechat mini program",
 		}
 	}
-	provider := GetProvider(util.GetId(mpProvider.Name))
+	provider := GetProvider(util.GetId("admin", mpProvider.Name))
 	mpIdp := idp.NewWeChatMiniProgramIdProvider(provider.ClientId, provider.ClientSecret)
 	session, err := mpIdp.GetSessionByCode(code)
 	if err != nil {
--- a/object/token_jwt.go
+++ b/object/token_jwt.go
@ -24,9 +24,10 @@ import (

 type Claims struct {
 	*User
-	Nonce string `json:"nonce,omitempty"`
-	Tag   string `json:"tag,omitempty"`
-	Scope string `json:"scope,omitempty"`
+	TokenType string `json:"tokenType,omitempty"`
+	Nonce     string `json:"nonce,omitempty"`
+	Tag       string `json:"tag,omitempty"`
+	Scope     string `json:"scope,omitempty"`
 	jwt.RegisteredClaims
 }

@ -37,8 +38,9 @@ type UserShort struct {

 type ClaimsShort struct {
 	*UserShort
-	Nonce string `json:"nonce,omitempty"`
-	Scope string `json:"scope,omitempty"`
+	TokenType string `json:"tokenType,omitempty"`
+	Nonce     string `json:"nonce,omitempty"`
+	Scope     string `json:"scope,omitempty"`
 	jwt.RegisteredClaims
 }

@ -53,6 +55,7 @@ func getShortUser(user *User) *UserShort {
 func getShortClaims(claims Claims) ClaimsShort {
 	res := ClaimsShort{
 		UserShort:        getShortUser(claims.User),
+		TokenType:        claims.TokenType,
 		Nonce:            claims.Nonce,
 		Scope:            claims.Scope,
 		RegisteredClaims: claims.RegisteredClaims,
@ -72,8 +75,9 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 	jti := fmt.Sprintf("%s/%s", application.Owner, name)

 	claims := Claims{
-		User:  user,
-		Nonce: nonce,
+		User:      user,
+		TokenType: "access-token",
+		Nonce:     nonce,
 		// FIXME: A workaround for custom claim by reusing `tag` in user info
 		Tag:   user.Tag,
 		Scope: scope,
@ -97,10 +101,12 @@ func generateJwtToken(application *Application, user *User, nonce string, scope

 		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsShort)
 		claimsShort.ExpiresAt = jwt.NewNumericDate(refreshExpireTime)
+		claimsShort.TokenType = "refresh-token"
 		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsShort)
 	} else {
 		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
 		claims.ExpiresAt = jwt.NewNumericDate(refreshExpireTime)
+		claims.TokenType = "refresh-token"
 		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
 	}

--- a/object/token_jwt_key.go
+++ b/object/token_jwt_key.go
@ -37,7 +37,7 @@ func generateRsaKeys(bitSize int, expireInYears int, commonName string, organiza
 	// Encode private key to PKCS#1 ASN.1 PEM.
 	privateKeyPem := pem.EncodeToMemory(
 		&pem.Block{
-			Type:  "PRIVATE KEY",
+			Type:  "RSA PRIVATE KEY",
 			Bytes: x509.MarshalPKCS1PrivateKey(key),
 		},
 	)
--- a/object/user.go
+++ b/object/user.go
@ -380,6 +380,13 @@ func UpdateUser(id string, user *User, columns []string, isGlobalAdmin bool) boo
 		return false
 	}

+	if name != user.Name {
+		err := userChangeTrigger(name, user.Name)
+		if err != nil {
+			return false
+		}
+	}
+
 	if user.Password == "***" {
 		user.Password = oldUser.Password
 	}
@ -416,6 +423,13 @@ func UpdateUserForAllFields(id string, user *User) bool {
 		return false
 	}

+	if name != user.Name {
+		err := userChangeTrigger(name, user.Name)
+		if err != nil {
+			return false
+		}
+	}
+
 	user.UpdateUserHash()

 	if user.Avatar != oldUser.Avatar && user.Avatar != "" {
@ -567,3 +581,62 @@ func ExtendUserWithRolesAndPermissions(user *User) {
 	user.Roles = GetRolesByUser(user.GetId())
 	user.Permissions = GetPermissionsByUser(user.GetId())
 }
+
+func userChangeTrigger(oldName string, newName string) error {
+	session := adapter.Engine.NewSession()
+	defer session.Close()
+
+	err := session.Begin()
+	if err != nil {
+		return err
+	}
+
+	var roles []*Role
+	err = adapter.Engine.Find(&roles)
+	if err != nil {
+		return err
+	}
+	for _, role := range roles {
+		for j, u := range role.Users {
+			// u = organization/username
+			split := strings.Split(u, "/")
+			if split[1] == oldName {
+				split[1] = newName
+				role.Users[j] = split[0] + "/" + split[1]
+			}
+		}
+		_, err = session.Where("name=?", role.Name).Update(role)
+		if err != nil {
+			return err
+		}
+	}
+
+	var permissions []*Permission
+	err = adapter.Engine.Find(&permissions)
+	if err != nil {
+		return err
+	}
+	for _, permission := range permissions {
+		for j, u := range permission.Users {
+			// u = organization/username
+			split := strings.Split(u, "/")
+			if split[1] == oldName {
+				split[1] = newName
+				permission.Users[j] = split[0] + "/" + split[1]
+			}
+		}
+		_, err = session.Where("name=?", permission.Name).Update(permission)
+		if err != nil {
+			return err
+		}
+	}
+
+	resource := new(Resource)
+	resource.User = newName
+	_, err = session.Where("user=?", oldName).Update(resource)
+	if err != nil {
+		return err
+	}
+
+	return session.Commit()
+}
--- a/object/verification.go
+++ b/object/verification.go
@ -41,38 +41,7 @@ type VerificationRecord struct {
 	IsUsed     bool
 }

-func SendVerificationCodeToEmail(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
-	if provider == nil {
-		return fmt.Errorf("please set an Email provider first")
-	}
-
-	sender := organization.DisplayName
-	title := provider.Title
-	code := getRandomCode(6)
-	// "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes."
-	content := fmt.Sprintf(provider.Content, code)
-
-	if err := SendEmail(provider, title, content, dest, sender); err != nil {
-		return err
-	}
-
-	return AddToVerificationRecord(user, provider, remoteAddr, provider.Category, dest, code)
-}
-
-func SendVerificationCodeToPhone(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
-	if provider == nil {
-		return errors.New("please set a SMS provider first")
-	}
-
-	code := getRandomCode(6)
-	if err := SendSms(provider, code, dest); err != nil {
-		return err
-	}
-
-	return AddToVerificationRecord(user, provider, remoteAddr, provider.Category, dest, code)
-}
-
-func AddToVerificationRecord(user *User, provider *Provider, remoteAddr, recordType, dest, code string) error {
+func IsAllowSend(user *User, remoteAddr, recordType string) error {
 	var record VerificationRecord
 	record.RemoteAddr = remoteAddr
 	record.Type = recordType
@ -89,6 +58,63 @@ func AddToVerificationRecord(user *User, provider *Provider, remoteAddr, recordT
 		return errors.New("you can only send one code in 60s")
 	}

+	return nil
+}
+
+func SendVerificationCodeToEmail(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
+	if provider == nil {
+		return fmt.Errorf("please set an Email provider first")
+	}
+
+	sender := organization.DisplayName
+	title := provider.Title
+	code := getRandomCode(6)
+	// "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes."
+	content := fmt.Sprintf(provider.Content, code)
+
+	if err := IsAllowSend(user, remoteAddr, provider.Category); err != nil {
+		return err
+	}
+
+	if err := SendEmail(provider, title, content, dest, sender); err != nil {
+		return err
+	}
+
+	if err := AddToVerificationRecord(user, provider, remoteAddr, provider.Category, dest, code); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func SendVerificationCodeToPhone(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
+	if provider == nil {
+		return errors.New("please set a SMS provider first")
+	}
+
+	if err := IsAllowSend(user, remoteAddr, provider.Category); err != nil {
+		return err
+	}
+
+	code := getRandomCode(6)
+	if err := SendSms(provider, code, dest); err != nil {
+		return err
+	}
+
+	if err := AddToVerificationRecord(user, provider, remoteAddr, provider.Category, dest, code); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func AddToVerificationRecord(user *User, provider *Provider, remoteAddr, recordType, dest, code string) error {
+	var record VerificationRecord
+	record.RemoteAddr = remoteAddr
+	record.Type = recordType
+	if user != nil {
+		record.User = user.GetId()
+	}
 	record.Owner = provider.Owner
 	record.Name = util.GenerateId()
 	record.CreatedTime = util.GetCurrentTime()
@ -99,10 +125,10 @@ func AddToVerificationRecord(user *User, provider *Provider, remoteAddr, recordT

 	record.Receiver = dest
 	record.Code = code
-	record.Time = now
+	record.Time = time.Now().Unix()
 	record.IsUsed = false

-	_, err = adapter.Engine.Insert(record)
+	_, err := adapter.Engine.Insert(record)
 	if err != nil {
 		return err
 	}
--- a/object/webhook.go
+++ b/object/webhook.go
@ -37,7 +37,7 @@ type Webhook struct {
 	Method         string    `xorm:"varchar(100)" json:"method"`
 	ContentType    string    `xorm:"varchar(100)" json:"contentType"`
 	Headers        []*Header `xorm:"mediumtext" json:"headers"`
-	Events         []string  `xorm:"varchar(100)" json:"events"`
+	Events         []string  `xorm:"varchar(1000)" json:"events"`
 	IsUserExtended bool      `json:"isUserExtended"`
 	IsEnabled      bool      `json:"isEnabled"`
 }
--- a/routers/router.go
+++ b/routers/router.go
@ -54,6 +54,8 @@ func initAPI() {
 	beego.Router("/api/get-saml-login", &controllers.ApiController{}, "GET:GetSamlLogin")
 	beego.Router("/api/acs", &controllers.ApiController{}, "POST:HandleSamlLogin")
 	beego.Router("/api/saml/metadata", &controllers.ApiController{}, "GET:GetSamlMeta")
+	beego.Router("/api/webhook", &controllers.ApiController{}, "POST:HandleOfficialAccountEvent")
+	beego.Router("/api/get-webhook-event", &controllers.ApiController{}, "GET:GetWebhookEventType")

 	beego.Router("/api/get-organizations", &controllers.ApiController{}, "GET:GetOrganizations")
 	beego.Router("/api/get-organization", &controllers.ApiController{}, "GET:GetOrganization")
@ -103,6 +105,9 @@ func initAPI() {
 	beego.Router("/api/add-adapter", &controllers.ApiController{}, "POST:AddCasbinAdapter")
 	beego.Router("/api/delete-adapter", &controllers.ApiController{}, "POST:DeleteCasbinAdapter")
 	beego.Router("/api/sync-policies", &controllers.ApiController{}, "GET:SyncPolicies")
+	beego.Router("/api/update-policy", &controllers.ApiController{}, "POST:UpdatePolicy")
+	beego.Router("/api/add-policy", &controllers.ApiController{}, "POST:AddPolicy")
+	beego.Router("/api/remove-policy", &controllers.ApiController{}, "POST:RemovePolicy")

 	beego.Router("/api/set-password", &controllers.ApiController{}, "POST:SetPassword")
 	beego.Router("/api/check-user-password", &controllers.ApiController{}, "POST:CheckUserPassword")
@ -123,6 +128,7 @@ func initAPI() {

 	beego.Router("/api/get-providers", &controllers.ApiController{}, "GET:GetProviders")
 	beego.Router("/api/get-provider", &controllers.ApiController{}, "GET:GetProvider")
+	beego.Router("/api/get-global-providers", &controllers.ApiController{}, "GET:GetGlobalProviders")
 	beego.Router("/api/update-provider", &controllers.ApiController{}, "POST:UpdateProvider")
 	beego.Router("/api/add-provider", &controllers.ApiController{}, "POST:AddProvider")
 	beego.Router("/api/delete-provider", &controllers.ApiController{}, "POST:DeleteProvider")
--- a/util/string.go
+++ b/util/string.go
@ -123,8 +123,8 @@ func GenerateSimpleTimeId() string {
 	return t
 }

-func GetId(name string) string {
-	return fmt.Sprintf("admin/%s", name)
+func GetId(owner, name string) string {
+	return fmt.Sprintf("%s/%s", owner, name)
 }

 func GetMd5Hash(text string) string {
--- a/util/string_test.go
+++ b/util/string_test.go
@ -137,16 +137,16 @@ func TestGenerateId(t *testing.T) {
 func TestGetId(t *testing.T) {
 	scenarios := []struct {
 		description string
-		input       string
+		input       []string
 		expected    interface{}
 	}{
-		{"Scenery one", "casdoor", "admin/casdoor"},
-		{"Scenery two", "casbin", "admin/casbin"},
-		{"Scenery three", "lorem ipsum", "admin/lorem ipsum"},
+		{"Scenery one", []string{"admin", "casdoor"}, "admin/casdoor"},
+		{"Scenery two", []string{"admin", "casbin"}, "admin/casbin"},
+		{"Scenery three", []string{"test", "lorem ipsum"}, "test/lorem ipsum"},
 	}
 	for _, scenery := range scenarios {
 		t.Run(scenery.description, func(t *testing.T) {
-			actual := GetId(scenery.input)
+			actual := GetId(scenery.input[0], scenery.input[1])
 			assert.Equal(t, scenery.expected, actual, "This not is a valid MD5")
 		})
 	}
--- a/util/struct.go
+++ b/util/struct.go
@ -0,0 +1,29 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package util
+
+import xormadapter "github.com/casbin/xorm-adapter/v3"
+
+func CasbinToSlice(casbinRule xormadapter.CasbinRule) []string {
+	s := []string{
+		casbinRule.V0,
+		casbinRule.V1,
+		casbinRule.V2,
+		casbinRule.V3,
+		casbinRule.V4,
+		casbinRule.V5,
+	}
+	return s
+}
--- a/web/src/AccountTable.js
+++ b/web/src/AccountTable.js
@ -120,7 +120,7 @@ class AccountTable extends React.Component {
        },
      },
      {
-        title: i18next.t("provider:visible"),
+        title: i18next.t("organization:Visible"),
        dataIndex: "visible",
        key: "visible",
        width: "120px",
@ -133,7 +133,7 @@ class AccountTable extends React.Component {
        },
      },
      {
-        title: i18next.t("organization:viewRule"),
+        title: i18next.t("organization:View rule"),
        dataIndex: "viewRule",
        key: "viewRule",
        width: "155px",
@ -160,7 +160,7 @@ class AccountTable extends React.Component {
        },
      },
      {
-        title: i18next.t("organization:modifyRule"),
+        title: i18next.t("organization:Modify rule"),
        dataIndex: "modifyRule",
        key: "modifyRule",
        width: "155px",
--- a/web/src/AdapterEditPage.js
+++ b/web/src/AdapterEditPage.js
@ -13,7 +13,7 @@
 // limitations under the License.

 import React from "react";
-import {Button, Card, Col, Input, InputNumber, Row, Select, Switch, Table, Tooltip} from "antd";
+import {Button, Card, Col, Input, InputNumber, Row, Select, Switch} from "antd";
 import * as AdapterBackend from "./backend/AdapterBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as Setting from "./Setting";
@ -21,7 +21,7 @@ import i18next from "i18next";

 import "codemirror/lib/codemirror.css";
 import * as ModelBackend from "./backend/ModelBackend";
-import {EditOutlined, MinusOutlined} from "@ant-design/icons";
+import PolicyTable from "./common/PoliciyTable";
 require("codemirror/theme/material-darker.css");
 require("codemirror/mode/javascript/javascript");

@ -32,12 +32,11 @@ class AdapterEditPage extends React.Component {
    super(props);
    this.state = {
      classes: props,
-      organizationName: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
+      owner: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
      adapterName: props.match.params.adapterName,
      adapter: null,
      organizations: [],
      models: [],
-      policyLists: [],
      mode: props.location.mode !== undefined ? props.location.mode : "edit",
    };
  }
@ -48,7 +47,7 @@ class AdapterEditPage extends React.Component {
  }

  getAdapter() {
-    AdapterBackend.getAdapter(this.state.organizationName, this.state.adapterName)
+    AdapterBackend.getAdapter(this.state.owner, this.state.adapterName)
      .then((adapter) => {
        this.setState({
          adapter: adapter,
@ -59,7 +58,7 @@ class AdapterEditPage extends React.Component {
  }

  getOrganizations() {
-    OrganizationBackend.getOrganizations(this.state.organizationName)
+    OrganizationBackend.getOrganizations("admin")
      .then((res) => {
        this.setState({
          organizations: (res.msg === undefined) ? res : [],
@ -93,93 +92,6 @@ class AdapterEditPage extends React.Component {
    });
  }

-  synPolicies() {
-    this.setState({loading: true});
-    AdapterBackend.syncPolicies(this.state.adapter.owner, this.state.adapter.name)
-      .then((res) => {
-        this.setState({loading: false, policyLists: res});
-      })
-      .catch(error => {
-        this.setState({loading: false});
-        Setting.showMessage("error", `Adapter failed to get policies: ${error}`);
-      });
-  }
-
-  renderTable(table) {
-    const columns = [
-      {
-        title: "Rule Type",
-        dataIndex: "PType",
-        key: "PType",
-        width: "100px",
-      },
-      {
-        title: "V0",
-        dataIndex: "V0",
-        key: "V0",
-        width: "100px",
-      },
-      {
-        title: "V1",
-        dataIndex: "V1",
-        key: "V1",
-        width: "100px",
-      },
-      {
-        title: "V2",
-        dataIndex: "V2",
-        key: "V2",
-        width: "100px",
-      },
-      {
-        title: "V3",
-        dataIndex: "V3",
-        key: "V3",
-        width: "100px",
-      },
-      {
-        title: "V4",
-        dataIndex: "V4",
-        key: "V4",
-        width: "100px",
-      },
-      {
-        title: "V5",
-        dataIndex: "V5",
-        key: "V5",
-        width: "100px",
-      },
-      {
-        title: "Option",
-        key: "option",
-        width: "100px",
-        render: (text, record, index) => {
-          return (
-            <div>
-              <Tooltip placement="topLeft" title="Edit">
-                <Button style={{marginRight: "0.5rem"}} icon={<EditOutlined />} size="small" />
-              </Tooltip>
-              <Tooltip placement="topLeft" title="Delete">
-                <Button icon={<MinusOutlined />} size="small" />
-              </Tooltip>
-            </div>
-          );
-        },
-      }];
-
-    return (
-      <div>
-        <Table
-          pagination={{
-            defaultPageSize: 10,
-          }}
-          columns={columns} dataSource={table} rowKey="name" size="middle" bordered
-          loading={this.state.loading}
-        />
-      </div>
-    );
-  }
-
  renderAdapter() {
    return (
      <Card size="small" title={
@ -195,7 +107,7 @@ class AdapterEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.adapter.organization} onChange={(value => {this.updateadapterField("organization", value);})}>
+            <Select virtual={false} style={{width: "100%"}} value={this.state.adapter.organization} onChange={(value => {this.updateAdapterField("organization", value);})}>
              {
                this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
              }
@ -329,19 +241,8 @@ class AdapterEditPage extends React.Component {
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("adapter:Policies"), i18next.t("adapter:Policies - Tooltip"))} :
          </Col>
-          <Col span={2}>
-            <Button type="primary" onClick={() => {this.synPolicies();}}>
-              {i18next.t("adapter:Sync")}
-            </Button>
-          </Col>
-        </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-          </Col>
-          <Col span={22} >
-            {
-              this.renderTable(this.state.policyLists)
-            }
+          <Col span={22}>
+            <PolicyTable owner={this.state.owner} name={this.state.adapterName} mode={this.state.mode} />
          </Col>
        </Row>
        <Row style={{marginTop: "20px"}} >
@ -371,7 +272,7 @@ class AdapterEditPage extends React.Component {
          if (willExist) {
            this.props.history.push("/adapters");
          } else {
-            this.props.history.push(`/adapters/${this.state.adapter.name}`);
+            this.props.history.push(`/adapters/${this.state.owner}/${this.state.adapter.name}`);
          }
        } else {
          Setting.showMessage("error", res.msg);
--- a/web/src/AdapterListPage.js
+++ b/web/src/AdapterListPage.js
@ -45,7 +45,7 @@ class AdapterListPage extends BaseListPage {
    const newAdapter = this.newAdapter();
    AdapterBackend.addAdapter(newAdapter)
      .then((res) => {
-        this.props.history.push({pathname: `/adapters/${newAdapter.owner}/${newAdapter.name}`, mode: "add"});
+        this.props.history.push({pathname: `/adapters/${newAdapter.organization}/${newAdapter.name}`, mode: "add"});
      }
      )
      .catch(error => {
@ -70,21 +70,6 @@ class AdapterListPage extends BaseListPage {

  renderTable(adapters) {
    const columns = [
-      {
-        title: i18next.t("general:Organization"),
-        dataIndex: "organization",
-        key: "organization",
-        width: "120px",
-        sorter: true,
-        ...this.getColumnSearchProps("organization"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/organizations/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
      {
        title: i18next.t("general:Name"),
        dataIndex: "name",
@ -101,6 +86,21 @@ class AdapterListPage extends BaseListPage {
          );
        },
      },
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "organization",
+        key: "organization",
+        width: "120px",
+        sorter: true,
+        ...this.getColumnSearchProps("organization"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
      {
        title: i18next.t("general:Created time"),
        dataIndex: "createdTime",
--- a/web/src/App.js
+++ b/web/src/App.js
@ -420,13 +420,8 @@ class App extends Component {
          </Link>
        </Menu.Item>
      );
-      res.push(
-        <Menu.Item key="/providers">
-          <Link to="/providers">
-            {i18next.t("general:Providers")}
-          </Link>
-        </Menu.Item>
-      );
+    }
+    if (Setting.isLocalAdminUser(this.state.account)) {
      res.push(
        <Menu.Item key="/applications">
          <Link to="/applications">
@ -434,9 +429,13 @@ class App extends Component {
          </Link>
        </Menu.Item>
      );
-    }
-
-    if (Setting.isLocalAdminUser(this.state.account)) {
+      res.push(
+        <Menu.Item key="/providers">
+          <Link to="/providers">
+            {i18next.t("general:Providers")}
+          </Link>
+        </Menu.Item>
+      );
      res.push(
        <Menu.Item key="/resources">
          <Link to="/resources">
@ -565,9 +564,9 @@ class App extends Component {
          <Route exact path="/adapters" render={(props) => this.renderLoginIfNotLoggedIn(<AdapterListPage account={this.state.account} {...props} />)} />
          <Route exact path="/adapters/:organizationName/:adapterName" render={(props) => this.renderLoginIfNotLoggedIn(<AdapterEditPage account={this.state.account} {...props} />)} />
          <Route exact path="/providers" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/providers/:providerName" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderEditPage account={this.state.account} {...props} />)} />
+          <Route exact path="/providers/:organizationName/:providerName" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderEditPage account={this.state.account} {...props} />)} />
          <Route exact path="/applications" render={(props) => this.renderLoginIfNotLoggedIn(<ApplicationListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/applications/:applicationName" render={(props) => this.renderLoginIfNotLoggedIn(<ApplicationEditPage account={this.state.account} {...props} />)} />
+          <Route exact path="/applications/:organizationName/:applicationName" render={(props) => this.renderLoginIfNotLoggedIn(<ApplicationEditPage account={this.state.account} {...props} />)} />
          <Route exact path="/resources" render={(props) => this.renderLoginIfNotLoggedIn(<ResourceListPage account={this.state.account} {...props} />)} />
          {/* <Route exact path="/resources/:resourceName" render={(props) => this.renderLoginIfNotLoggedIn(<ResourceEditPage account={this.state.account} {...props} />)}/>*/}
          <Route exact path="/ldap/:ldapId" render={(props) => this.renderLoginIfNotLoggedIn(<LdapEditPage account={this.state.account} {...props} />)} />
@ -635,7 +634,7 @@ class App extends Component {
                {
                  this.renderAccount()
                }
-                <SelectLanguageBox />
+                {this.state.account && <SelectLanguageBox languages={this.state.account.organization.languages} />}
              </div>
            </Header>
            <Layout style={{backgroundColor: "#f5f5f5", alignItems: "stretch"}}>
@ -679,7 +678,7 @@ class App extends Component {
              {
                this.renderAccount()
              }
-              <SelectLanguageBox />
+              {this.state.account && <SelectLanguageBox languages={this.state.account.organization.languages} />}
            </div>
          </Header>
          {
--- a/web/src/App.less
+++ b/web/src/App.less
@ -59,12 +59,6 @@
  height: 70px; /* Footer height */
 }

-#language-box-corner {
-  position: absolute;
-  top: 75px;
-  right: 0;
-}
-
 .language-box {
  background: url("@{StaticBaseUrl}/img/muti_language.svg");
  background-size: 25px, 25px;
@ -123,7 +117,7 @@

 .login-form {
  text-align: center;
-  padding: 10px;
+  padding: 30px;
 }

 .login-content {
--- a/web/src/ApplicationEditPage.js
+++ b/web/src/ApplicationEditPage.js
@ -91,6 +91,7 @@ class ApplicationEditPage extends React.Component {
    super(props);
    this.state = {
      classes: props,
+      owner: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
      applicationName: props.match.params.applicationName,
      application: null,
      organizations: [],
@ -141,12 +142,11 @@ class ApplicationEditPage extends React.Component {
  }

  getProviders() {
-    ProviderBackend.getProviders("admin")
-      .then((res) => {
-        this.setState({
-          providers: res,
-        });
+    ProviderBackend.getProviders(this.state.owner).then((res => {
+      this.setState({
+        providers: res,
      });
+    }));
  }

  getSamlMetadata() {
@ -277,7 +277,7 @@ class ApplicationEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.application.organization} onChange={(value => {this.updateApplicationField("organization", value);})}>
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.application.organization} onChange={(value => {this.updateApplicationField("organization", value);})}>
              {
                this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
              }
@ -781,7 +781,7 @@ class ApplicationEditPage extends React.Component {

  submitApplicationEdit(willExist) {
    const application = Setting.deepCopy(this.state.application);
-    ApplicationBackend.updateApplication(this.state.application.owner, this.state.applicationName, application)
+    ApplicationBackend.updateApplication("admin", this.state.applicationName, application)
      .then((res) => {
        if (res.msg === "") {
          Setting.showMessage("success", "Successfully saved");
@ -792,7 +792,7 @@ class ApplicationEditPage extends React.Component {
          if (willExist) {
            this.props.history.push("/applications");
          } else {
-            this.props.history.push(`/applications/${this.state.application.name}`);
+            this.props.history.push(`/applications/${this.state.application.organization}/${this.state.application.name}`);
          }
        } else {
          Setting.showMessage("error", res.msg);
--- a/web/src/ApplicationListPage.js
+++ b/web/src/ApplicationListPage.js
@ -23,11 +23,28 @@ import i18next from "i18next";
 import BaseListPage from "./BaseListPage";

 class ApplicationListPage extends BaseListPage {
+  constructor(props) {
+    super(props);
+    this.state = {
+      classes: props,
+      organizationName: props.account.owner,
+      data: [],
+      pagination: {
+        current: 1,
+        pageSize: 10,
+      },
+      loading: false,
+      searchText: "",
+      searchedColumn: "",
+    };
+  }
+
  newApplication() {
    const randomName = Setting.getRandomName();
    return {
-      owner: "admin", // this.props.account.applicationname,
+      owner: "admin", // this.props.account.applicationName,
      name: `application_${randomName}`,
+      organization: this.state.organizationName,
      createdTime: moment().format(),
      displayName: `New Application - ${randomName}`,
      logo: `${Setting.StaticBaseUrl}/img/casdoor-logo_1185x256.png`,
@ -61,7 +78,7 @@ class ApplicationListPage extends BaseListPage {
    const newApplication = this.newApplication();
    ApplicationBackend.addApplication(newApplication)
      .then((res) => {
-        this.props.history.push({pathname: `/applications/${newApplication.name}`, mode: "add"});
+        this.props.history.push({pathname: `/applications/${newApplication.organization}/${newApplication.name}`, mode: "add"});
      }
      )
      .catch(error => {
@ -96,7 +113,7 @@ class ApplicationListPage extends BaseListPage {
        ...this.getColumnSearchProps("name"),
        render: (text, record, index) => {
          return (
-            <Link to={`/applications/${text}`}>
+            <Link to={`/applications/${record.organization}/${text}`}>
              {text}
            </Link>
          );
@ -213,7 +230,7 @@ class ApplicationListPage extends BaseListPage {
        render: (text, record, index) => {
          return (
            <div>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/applications/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/applications/${record.organization}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
              <Popconfirm
                title={`Sure to delete application: ${record.name} ?`}
                onConfirm={() => this.deleteApplication(index)}
@ -254,7 +271,8 @@ class ApplicationListPage extends BaseListPage {
    const field = params.searchedColumn, value = params.searchText;
    const sortField = params.sortField, sortOrder = params.sortOrder;
    this.setState({loading: true});
-    ApplicationBackend.getApplications("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    (Setting.isAdminUser(this.props.account) ? ApplicationBackend.getApplications("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder) :
+      ApplicationBackend.getApplicationsByOrganization("admin", this.state.organizationName, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
--- a/web/src/CropperDiv.js
+++ b/web/src/CropperDiv.js
@ -30,6 +30,7 @@ export const CropperDiv = (props) => {
  const {title} = props;
  const {user} = props;
  const {buttonText} = props;
+  const {organization} = props;
  let uploadButton;

  const onChange = (e) => {
@ -92,9 +93,8 @@ export const CropperDiv = (props) => {

  const getOptions = (data) => {
    const options = [];
-    if (props.account.organization.defaultAvatar !== null) {
-      options.push({value: props.account.organization.defaultAvatar});
-    }
+    options.push({value: organization?.defaultAvatar});
+
    for (let i = 0; i < data.length; i++) {
      if (data[i].fileType === "image") {
        const url = `${data[i].url}`;
@ -125,7 +125,7 @@ export const CropperDiv = (props) => {

  useEffect(() => {
    setLoading(true);
-    ResourceBackend.getResources(props.account.owner, props.account.name, "", "", "", "", "", "")
+    ResourceBackend.getResources(user.owner, user.name, "", "", "", "", "", "")
      .then((res) => {
        setLoading(false);
        setOptions(getOptions(res));
--- a/web/src/ModelListPage.js
+++ b/web/src/ModelListPage.js
@ -63,21 +63,6 @@ class ModelListPage extends BaseListPage {

  renderTable(models) {
    const columns = [
-      {
-        title: i18next.t("general:Organization"),
-        dataIndex: "owner",
-        key: "owner",
-        width: "120px",
-        sorter: true,
-        ...this.getColumnSearchProps("owner"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/organizations/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
      {
        title: i18next.t("general:Name"),
        dataIndex: "name",
@ -94,6 +79,21 @@ class ModelListPage extends BaseListPage {
          );
        },
      },
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "owner",
+        key: "owner",
+        width: "120px",
+        sorter: true,
+        ...this.getColumnSearchProps("owner"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
      {
        title: i18next.t("general:Created time"),
        dataIndex: "createdTime",
--- a/web/src/OrganizationEditPage.js
+++ b/web/src/OrganizationEditPage.js
@ -255,6 +255,31 @@ class OrganizationEditPage extends React.Component {
            }} />
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Languages"), i18next.t("general:Languages - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} mode="tags" style={{width: "100%"}}
+              value={this.state.organization.languages}
+              onChange={(value => {
+                this.updateOrganizationField("languages", value);
+              })} >
+              {
+                [
+                  {value: "en", label: "English"},
+                  {value: "zh", label: "简体中文"},
+                  {value: "es", label: "Español"},
+                  {value: "fr", label: "Français"},
+                  {value: "de", label: "Deutsch"},
+                  {value: "ja", label: "日本語"},
+                  {value: "ko", label: "한국어"},
+                  {value: "ru", label: "Русский"},
+                ].map((item, index) => <Option key={index} value={item.value}>{item.label}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 19 : 2}>
            {Setting.getLabel(i18next.t("organization:Soft deletion"), i18next.t("organization:Soft deletion - Tooltip"))} :
--- a/web/src/OrganizationListPage.js
+++ b/web/src/OrganizationListPage.js
@ -37,6 +37,7 @@ class OrganizationListPage extends BaseListPage {
      defaultAvatar: `${Setting.StaticBaseUrl}/img/casbin.svg`,
      defaultApplication: "",
      tags: [],
+      languages: ["en", "zh", "es", "fr", "de", "ja", "ko", "ru"],
      masterPassword: "",
      enableSoftDeletion: false,
      isProfilePublic: true,
--- a/web/src/PaymentListPage.js
+++ b/web/src/PaymentListPage.js
@ -76,6 +76,38 @@ class PaymentListPage extends BaseListPage {

  renderTable(payments) {
    const columns = [
+      {
+        title: i18next.t("general:Name"),
+        dataIndex: "name",
+        key: "name",
+        width: "180px",
+        fixed: "left",
+        sorter: true,
+        ...this.getColumnSearchProps("name"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/payments/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:Provider"),
+        dataIndex: "provider",
+        key: "provider",
+        width: "150px",
+        fixed: "left",
+        sorter: true,
+        ...this.getColumnSearchProps("provider"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/providers/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
      {
        title: i18next.t("general:Organization"),
        dataIndex: "organization",
@ -106,22 +138,7 @@ class PaymentListPage extends BaseListPage {
          );
        },
      },
-      {
-        title: i18next.t("general:Name"),
-        dataIndex: "name",
-        key: "name",
-        width: "180px",
-        fixed: "left",
-        sorter: true,
-        ...this.getColumnSearchProps("name"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/payments/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
+
      {
        title: i18next.t("general:Created time"),
        dataIndex: "createdTime",
@ -140,22 +157,6 @@ class PaymentListPage extends BaseListPage {
      //   sorter: true,
      //   ...this.getColumnSearchProps('displayName'),
      // },
-      {
-        title: i18next.t("general:Provider"),
-        dataIndex: "provider",
-        key: "provider",
-        width: "150px",
-        fixed: "left",
-        sorter: true,
-        ...this.getColumnSearchProps("provider"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/providers/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
      {
        title: i18next.t("payment:Type"),
        dataIndex: "type",
--- a/web/src/PermissionListPage.js
+++ b/web/src/PermissionListPage.js
@ -29,7 +29,7 @@ class PermissionListPage extends BaseListPage {
      name: `permission_${randomName}`,
      createdTime: moment().format(),
      displayName: `New Permission - ${randomName}`,
-      users: [this.props.account.name],
+      users: [`${this.props.account.owner}/${this.props.account.name}`],
      roles: [],
      domains: [],
      resourceType: "Application",
@ -77,21 +77,7 @@ class PermissionListPage extends BaseListPage {

  renderTable(permissions) {
    const columns = [
-      {
-        title: i18next.t("general:Organization"),
-        dataIndex: "owner",
-        key: "owner",
-        width: "120px",
-        sorter: true,
-        ...this.getColumnSearchProps("owner"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/organizations/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
+      // https://github.com/ant-design/ant-design/issues/22184
      {
        title: i18next.t("general:Name"),
        dataIndex: "name",
@ -108,6 +94,21 @@ class PermissionListPage extends BaseListPage {
          );
        },
      },
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "owner",
+        key: "owner",
+        width: "120px",
+        sorter: true,
+        ...this.getColumnSearchProps("owner"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
      {
        title: i18next.t("general:Created time"),
        dataIndex: "createdTime",
--- a/web/src/ProviderEditPage.js
+++ b/web/src/ProviderEditPage.js
@ -22,6 +22,7 @@ import {authConfig} from "./auth/Auth";
 import * as ProviderEditTestEmail from "./TestEmailWidget";
 import copy from "copy-to-clipboard";
 import {CaptchaPreview} from "./common/CaptchaPreview";
+import * as OrganizationBackend from "./backend/OrganizationBackend";

 const {Option} = Select;
 const {TextArea} = Input;
@ -32,17 +33,20 @@ class ProviderEditPage extends React.Component {
    this.state = {
      classes: props,
      providerName: props.match.params.providerName,
+      owner: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
      provider: null,
+      organizations: [],
      mode: props.location.mode !== undefined ? props.location.mode : "edit",
    };
  }

  UNSAFE_componentWillMount() {
+    this.getOrganizations();
    this.getProvider();
  }

  getProvider() {
-    ProviderBackend.getProvider("admin", this.state.providerName)
+    ProviderBackend.getProvider(this.state.owner, this.state.providerName)
      .then((provider) => {
        this.setState({
          provider: provider,
@ -50,6 +54,17 @@ class ProviderEditPage extends React.Component {
      });
  }

+  getOrganizations() {
+    if (Setting.isAdminUser(this.props.account)) {
+      OrganizationBackend.getOrganizations("admin")
+        .then((res) => {
+          this.setState({
+            organizations: res.msg === undefined ? res : [],
+          });
+        });
+    }
+  }
+
  parseProviderField(key, value) {
    if (["port"].includes(key)) {
      value = Setting.myParseInt(value);
@ -190,6 +205,19 @@ class ProviderEditPage extends React.Component {
            }} />
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.provider.owner} onChange={(value => {this.updateProviderField("owner", value);})}>
+              {Setting.isAdminUser(this.props.account) ? <Option key={"admin"} value={"admin"}>{i18next.t("provider:admin (share)")}</Option> : null}
+              {
+                this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("provider:Category"), i18next.t("provider:Category - Tooltip"))} :
@ -423,6 +451,20 @@ class ProviderEditPage extends React.Component {
            </React.Fragment>
          )
        }
+        {
+          this.state.provider.type !== "WeChat" ? null : (
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("provider:Enable QR code"), i18next.t("provider:Enable QR code - Tooltip"))} :
+              </Col>
+              <Col span={1} >
+                <Switch checked={this.state.provider.disableSsl} onChange={checked => {
+                  this.updateProviderField("disableSsl", checked);
+                }} />
+              </Col>
+            </Row>
+          )
+        }
        {
          this.state.provider.type !== "Adfs" && this.state.provider.type !== "Casdoor" && this.state.provider.type !== "Okta" ? null : (
            <Row style={{marginTop: "20px"}} >
@ -469,6 +511,16 @@ class ProviderEditPage extends React.Component {
                }} />
              </Col>
            </Row>
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={2}>
+                {Setting.getLabel(i18next.t("provider:Path prefix"), i18next.t("provider:The prefix path of the file - Tooltip"))} :
+              </Col>
+              <Col span={22} >
+                <Input value={this.state.provider.pathPrefix} onChange={e => {
+                  this.updateProviderField("pathPrefix", e.target.value);
+                }} />
+              </Col>
+            </Row>
            <Row style={{marginTop: "20px"}} >
              <Col style={{marginTop: "5px"}} span={2}>
                {Setting.getLabel(i18next.t("provider:Domain"), i18next.t("provider:Domain - Tooltip"))} :
@ -735,18 +787,19 @@ class ProviderEditPage extends React.Component {

  submitProviderEdit(willExist) {
    const provider = Setting.deepCopy(this.state.provider);
-    ProviderBackend.updateProvider(this.state.provider.owner, this.state.providerName, provider)
+    ProviderBackend.updateProvider(this.state.owner, this.state.providerName, provider)
      .then((res) => {
        if (res.msg === "") {
          Setting.showMessage("success", "Successfully saved");
          this.setState({
+            owner: this.state.provider.owner,
            providerName: this.state.provider.name,
          });

          if (willExist) {
            this.props.history.push("/providers");
          } else {
-            this.props.history.push(`/providers/${this.state.provider.name}`);
+            this.props.history.push(`/providers/${this.state.provider.owner}/${this.state.provider.name}`);
          }
        } else {
          Setting.showMessage("error", res.msg);
--- a/web/src/ProviderListPage.js
+++ b/web/src/ProviderListPage.js
@ -23,10 +23,25 @@ import i18next from "i18next";
 import BaseListPage from "./BaseListPage";

 class ProviderListPage extends BaseListPage {
+  constructor(props) {
+    super(props);
+    this.state = {
+      classes: props,
+      owner: Setting.isAdminUser(props.account) ? "admin" : props.account.owner,
+      data: [],
+      pagination: {
+        current: 1,
+        pageSize: 10,
+      },
+      loading: false,
+      searchText: "",
+      searchedColumn: "",
+    };
+  }
  newProvider() {
    const randomName = Setting.getRandomName();
    return {
-      owner: "admin", // this.props.account.providername,
+      owner: this.state.owner,
      name: `provider_${randomName}`,
      createdTime: moment().format(),
      displayName: `New Provider - ${randomName}`,
@ -46,7 +61,7 @@ class ProviderListPage extends BaseListPage {
    const newProvider = this.newProvider();
    ProviderBackend.addProvider(newProvider)
      .then((res) => {
-        this.props.history.push({pathname: `/providers/${newProvider.name}`, mode: "add"});
+        this.props.history.push({pathname: `/providers/${newProvider.owner}/${newProvider.name}`, mode: "add"});
      }
      )
      .catch(error => {
@ -81,12 +96,20 @@ class ProviderListPage extends BaseListPage {
        ...this.getColumnSearchProps("name"),
        render: (text, record, index) => {
          return (
-            <Link to={`/providers/${text}`}>
+            <Link to={`/providers/${record.owner}/${text}`}>
              {text}
            </Link>
          );
        },
      },
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "owner",
+        key: "owner",
+        width: "150px",
+        sorter: true,
+        ...this.getColumnSearchProps("owner"),
+      },
      {
        title: i18next.t("general:Created time"),
        dataIndex: "createdTime",
@ -177,12 +200,12 @@ class ProviderListPage extends BaseListPage {
        render: (text, record, index) => {
          return (
            <div>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/providers/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <Button disabled={!Setting.isAdminUser(this.props.account) && (record.owner !== this.props.account.owner)} style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/providers/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
              <Popconfirm
                title={`Sure to delete provider: ${record.name} ?`}
                onConfirm={() => this.deleteProvider(index)}
              >
-                <Button style={{marginBottom: "10px"}} type="danger">{i18next.t("general:Delete")}</Button>
+                <Button disabled={!Setting.isAdminUser(this.props.account) && (record.owner !== this.props.account.owner)} style={{marginBottom: "10px"}} type="danger">{i18next.t("general:Delete")}</Button>
              </Popconfirm>
            </div>
          );
@ -224,7 +247,8 @@ class ProviderListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    ProviderBackend.getProviders("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    (Setting.isAdminUser(this.props.account) ? ProviderBackend.getGlobalProviders(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      : ProviderBackend.getProviders(this.state.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
--- a/web/src/ProviderTable.js
+++ b/web/src/ProviderTable.js
@ -105,7 +105,7 @@ class ProviderTable extends React.Component {
        },
      },
      {
-        title: i18next.t("provider:canSignUp"),
+        title: i18next.t("provider:Can signup"),
        dataIndex: "canSignUp",
        key: "canSignUp",
        width: "120px",
@ -122,7 +122,7 @@ class ProviderTable extends React.Component {
        },
      },
      {
-        title: i18next.t("provider:canSignIn"),
+        title: i18next.t("provider:Can signin"),
        dataIndex: "canSignIn",
        key: "canSignIn",
        width: "120px",
@ -139,7 +139,7 @@ class ProviderTable extends React.Component {
        },
      },
      {
-        title: i18next.t("provider:canUnlink"),
+        title: i18next.t("provider:Can unlink"),
        dataIndex: "canUnlink",
        key: "canUnlink",
        width: "120px",
@ -156,7 +156,7 @@ class ProviderTable extends React.Component {
        },
      },
      {
-        title: i18next.t("provider:prompted"),
+        title: i18next.t("provider:Prompted"),
        dataIndex: "prompted",
        key: "prompted",
        width: "120px",
--- a/web/src/ResourceListPage.js
+++ b/web/src/ResourceListPage.js
@ -95,7 +95,7 @@ class ResourceListPage extends BaseListPage {
        ...this.getColumnSearchProps("provider"),
        render: (text, record, index) => {
          return (
-            <Link to={`/providers/${text}`}>
+            <Link to={`/providers/${record.owner}/${text}`}>
              {text}
            </Link>
          );
--- a/web/src/RoleEditPage.js
+++ b/web/src/RoleEditPage.js
@ -173,7 +173,7 @@ class RoleEditPage extends React.Component {
              this.updateRoleField("domains", value);
            })}>
              {
-                this.state.role.domains.map((domain, index) => <Option key={index} value={domain}>{domain}</Option>)
+                this.state.role.domains?.map((domain, index) => <Option key={index} value={domain}>{domain}</Option>)
              }
            </Select>
          </Col>
--- a/web/src/RoleListPage.js
+++ b/web/src/RoleListPage.js
@ -65,21 +65,6 @@ class RoleListPage extends BaseListPage {

  renderTable(roles) {
    const columns = [
-      {
-        title: i18next.t("general:Organization"),
-        dataIndex: "owner",
-        key: "owner",
-        width: "120px",
-        sorter: true,
-        ...this.getColumnSearchProps("owner"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/organizations/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
      {
        title: i18next.t("general:Name"),
        dataIndex: "name",
@ -96,6 +81,21 @@ class RoleListPage extends BaseListPage {
          );
        },
      },
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "owner",
+        key: "owner",
+        width: "120px",
+        sorter: true,
+        ...this.getColumnSearchProps("owner"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
      {
        title: i18next.t("general:Created time"),
        dataIndex: "createdTime",
--- a/web/src/SelectLanguageBox.js
+++ b/web/src/SelectLanguageBox.js
@ -28,28 +28,45 @@ class SelectLanguageBox extends React.Component {
    super(props);
    this.state = {
      classes: props,
+      languages: props.languages ?? ["en", "zh", "es", "fr", "de", "ja", "ko", "ru"],
    };
  }

+  items = [
+    this.getItem("English", "en", flagIcon("US", "English")),
+    this.getItem("简体中文", "zh", flagIcon("CN", "简体中文")),
+    this.getItem("Español", "es", flagIcon("ES", "Español")),
+    this.getItem("Français", "fr", flagIcon("FR", "Français")),
+    this.getItem("Deutsch", "de", flagIcon("DE", "Deutsch")),
+    this.getItem("日本語", "ja", flagIcon("JP", "日本語")),
+    this.getItem("한국어", "ko", flagIcon("KR", "한국어")),
+    this.getItem("Русский", "ru", flagIcon("RU", "Русский")),
+  ];
+
+  getOrganizationLanguages(languages) {
+    const select = [];
+    for (const language of languages) {
+      this.items.map((item, index) => item.key === language ? select.push(item) : null);
+    }
+    return select;
+  }
+
+  getItem(label, key, icon) {
+    return {key, icon, label};
+  }
+
  render() {
+    const languageItems = this.getOrganizationLanguages(this.state.languages);
    const menu = (
-      <Menu onClick={(e) => {
-        Setting.changeLanguage(e.key);
+      <Menu items={languageItems} onClick={(e) => {
+        Setting.setLanguage(e.key);
      }}>
-        <Menu.Item key="en" icon={flagIcon("US", "English")}>English</Menu.Item>
-        <Menu.Item key="zh" icon={flagIcon("CN", "简体中文")}>简体中文</Menu.Item>
-        <Menu.Item key="es" icon={flagIcon("ES", "Español")}>Español</Menu.Item>
-        <Menu.Item key="fr" icon={flagIcon("FR", "Français")}>Français</Menu.Item>
-        <Menu.Item key="de" icon={flagIcon("DE", "Deutsch")}>Deutsch</Menu.Item>
-        <Menu.Item key="ja" icon={flagIcon("JP", "日本語")}>日本語</Menu.Item>
-        <Menu.Item key="ko" icon={flagIcon("KR", "한국어")}>한국어</Menu.Item>
-        <Menu.Item key="ru" icon={flagIcon("RU", "Русский")}>Русский</Menu.Item>
      </Menu>
    );

    return (
      <Dropdown overlay={menu} >
-        <div className="language-box" id={this.props.id} style={this.props.style} />
+        <div className="language-box" style={{display: languageItems.length === 0 ? "none" : null, ...this.props.style}} />
      </Dropdown>
    );
  }
--- a/web/src/Setting.js
+++ b/web/src/Setting.js
@ -13,7 +13,7 @@
 // limitations under the License.

 import React from "react";
-import {Link, useHistory} from "react-router-dom";
+import {Link} from "react-router-dom";
 import {Tag, Tooltip, message} from "antd";
 import {QuestionCircleTwoTone} from "@ant-design/icons";
 import {isMobile as isMobileDevice} from "react-device-detect";
@ -145,6 +145,10 @@ export const OtherProviderInfo = {
      logo: `${StaticBaseUrl}/img/social_geetest.png`,
      url: "https://www.geetest.com",
    },
+    "Cloudflare Turnstile": {
+      logo: `${StaticBaseUrl}/img/social_cloudflare.png`,
+      url: "https://www.cloudflare.com/products/turnstile/",
+    },
  },
 };

@ -416,9 +420,7 @@ export function goToLinkSoft(ths, link) {
 }

 export function showMessage(type, text) {
-  if (type === "") {
-    return;
-  } else if (type === "success") {
+  if (type === "success") {
    message.success(text);
  } else if (type === "error") {
    message.error(text);
@ -445,8 +447,8 @@ export function deepCopy(obj) {
  return Object.assign({}, obj);
 }

-export function addRow(array, row) {
-  return [...array, row];
+export function addRow(array, row, position = "end") {
+  return position === "end" ? [...array, row] : [row, ...array];
 }

 export function prependRow(array, row) {
@ -552,14 +554,10 @@ export function setLanguage(language) {
  i18next.changeLanguage(language);
 }

-export function changeLanguage(language) {
-  localStorage.setItem("language", language);
-  changeMomentLanguage(language);
-  i18next.changeLanguage(language);
-  // window.location.reload(true);
-}
-
 export function getAcceptLanguage() {
+  if (i18next.language === null || i18next.language === "") {
+    return "en;q=0.9,en;q=0.8";
+  }
  return i18next.language + ";q=0.9,en;q=0.8";
 }

@ -701,6 +699,7 @@ export function getProviderTypeOptions(category) {
      {id: "hCaptcha", name: "hCaptcha"},
      {id: "Aliyun Captcha", name: "Aliyun Captcha"},
      {id: "GEETEST", name: "GEETEST"},
+      {id: "Cloudflare Turnstile", name: "Cloudflare Turnstile"},
    ]);
  } else {
    return [];
@ -752,7 +751,7 @@ export function getLoginLink(application) {
  } else if (authConfig.appName === application.name) {
    url = "/login";
  } else if (application.signinUrl === "") {
-    url = path.join(application.homepageUrl, "login");
+    url = path.join(application.homepageUrl, "/login");
  } else {
    url = application.signinUrl;
  }
@ -764,9 +763,8 @@ export function renderLoginLink(application, text) {
  return renderLink(url, text, null);
 }

-export function redirectToLoginPage(application) {
+export function redirectToLoginPage(application, history) {
  const loginLink = getLoginLink(application);
-  const history = useHistory();
  history.push(loginLink);
 }

--- a/web/src/SignupTable.js
+++ b/web/src/SignupTable.js
@ -104,7 +104,7 @@ class SignupTable extends React.Component {
        },
      },
      {
-        title: i18next.t("provider:visible"),
+        title: i18next.t("provider:Visible"),
        dataIndex: "visible",
        key: "visible",
        width: "120px",
@ -126,7 +126,7 @@ class SignupTable extends React.Component {
        },
      },
      {
-        title: i18next.t("provider:required"),
+        title: i18next.t("provider:Required"),
        dataIndex: "required",
        key: "required",
        width: "120px",
@ -143,7 +143,7 @@ class SignupTable extends React.Component {
        },
      },
      {
-        title: i18next.t("provider:prompted"),
+        title: i18next.t("provider:Prompted"),
        dataIndex: "prompted",
        key: "prompted",
        width: "120px",
--- a/web/src/SyncerListPage.js
+++ b/web/src/SyncerListPage.js
@ -88,21 +88,6 @@ class SyncerListPage extends BaseListPage {

  renderTable(syncers) {
    const columns = [
-      {
-        title: i18next.t("general:Organization"),
-        dataIndex: "organization",
-        key: "organization",
-        width: "120px",
-        sorter: true,
-        ...this.getColumnSearchProps("organization"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/organizations/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
      {
        title: i18next.t("general:Name"),
        dataIndex: "name",
@ -119,6 +104,21 @@ class SyncerListPage extends BaseListPage {
          );
        },
      },
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "organization",
+        key: "organization",
+        width: "120px",
+        sorter: true,
+        ...this.getColumnSearchProps("organization"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
      {
        title: i18next.t("general:Created time"),
        dataIndex: "createdTime",
--- a/web/src/SystemInfo.js
+++ b/web/src/SystemInfo.js
@ -90,37 +90,66 @@ class SystemInfo extends React.Component {
        </div> : i18next.t("system:Get Memory Usage Failed")
    );

-    return (
-      <Row>
-        <Col span={6}></Col>
-        <Col span={12}>
-          <Row gutter={[10, 10]}>
-            <Col span={12}>
-              <Card title={i18next.t("system:CPU Usage")} bordered={true} style={{textAlign: "center"}}>
-                {this.state.loading ? <Spin size="large" /> : CPUInfo}
-              </Card>
-            </Col>
-            <Col span={12}>
-              <Card title={i18next.t("system:Memory Usage")} bordered={true} style={{textAlign: "center"}}>
-                {this.state.loading ? <Spin size="large" /> : MemInfo}
-              </Card>
-            </Col>
-          </Row>
-          <Divider />
-          <Card title={i18next.t("system:About Casdoor")} bordered={true} style={{textAlign: "center"}}>
-            <div>{i18next.t("system:An Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML and CAS")}</div>
-            GitHub: <a href="https://github.com/casdoor/casdoor">casdoor</a>
-            <br />
-            {i18next.t("system:Version")}: <a href={this.state.href}>{this.state.latestVersion}</a>
-            <br />
-            {i18next.t("system:Official Website")}: <a href="https://casdoor.org/">casdoor.org</a>
-            <br />
-            {i18next.t("system:Community")}: <a href="https://casdoor.org/#:~:text=Casdoor%20API-,Community,-GitHub">contact us</a>
-          </Card>
-        </Col>
-        <Col span={6}></Col>
-      </Row>
-    );
+    if (!Setting.isMobile()) {
+      return (
+        <Row>
+          <Col span={6}></Col>
+          <Col span={12}>
+            <Row gutter={[10, 10]}>
+              <Col span={12}>
+                <Card title={i18next.t("system:CPU Usage")} bordered={true} style={{textAlign: "center", height: "100%"}}>
+                  {this.state.loading ? <Spin size="large" /> : CPUInfo}
+                </Card>
+              </Col>
+              <Col span={12}>
+                <Card title={i18next.t("system:Memory Usage")} bordered={true} style={{textAlign: "center", height: "100%"}}>
+                  {this.state.loading ? <Spin size="large" /> : MemInfo}
+                </Card>
+              </Col>
+            </Row>
+            <Divider />
+            <Card title={i18next.t("system:About Casdoor")} bordered={true} style={{textAlign: "center"}}>
+              <div>{i18next.t("system:An Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML and CAS")}</div>
+              GitHub: <a href="https://github.com/casdoor/casdoor">casdoor</a>
+              <br />
+              {i18next.t("system:Version")}: <a href={this.state.href}>{this.state.latestVersion}</a>
+              <br />
+              {i18next.t("system:Official Website")}: <a href="https://casdoor.org/">casdoor.org</a>
+              <br />
+              {i18next.t("system:Community")}: <a href="https://casdoor.org/#:~:text=Casdoor%20API-,Community,-GitHub">contact us</a>
+            </Card>
+          </Col>
+          <Col span={6}></Col>
+        </Row>
+      );
+    } else {
+      return (
+        <Row gutter={[16, 0]}>
+          <Col span={24}>
+            <Card title={i18next.t("system:CPU Usage")} bordered={true} style={{textAlign: "center", width: "100%"}}>
+              {this.state.loading ? <Spin size="large" /> : CPUInfo}
+            </Card>
+          </Col>
+          <Col span={24}>
+            <Card title={i18next.t("system:Memory Usage")} bordered={true} style={{textAlign: "center", width: "100%"}}>
+              {this.state.loading ? <Spin size="large" /> : MemInfo}
+            </Card>
+          </Col>
+          <Col span={24}>
+            <Card title={i18next.t("system:About Casdoor")} bordered={true} style={{textAlign: "center"}}>
+              <div>{i18next.t("system:An Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML and CAS")}</div>
+              GitHub: <a href="https://github.com/casdoor/casdoor">casdoor</a>
+              <br />
+              {i18next.t("system:Version")}: <a href={this.state.href}>{this.state.latestVersion}</a>
+              <br />
+              {i18next.t("system:Official Website")}: <a href="https://casdoor.org/">casdoor.org</a>
+              <br />
+              {i18next.t("system:Community")}: <a href="https://casdoor.org/#:~:text=Casdoor%20API-,Community,-GitHub">contact us</a>
+            </Card>
+          </Col>
+        </Row>
+      );
+    }
  }
 }

--- a/web/src/TokenListPage.js
+++ b/web/src/TokenListPage.js
@ -102,7 +102,7 @@ class TokenListPage extends BaseListPage {
        ...this.getColumnSearchProps("application"),
        render: (text, record, index) => {
          return (
-            <Link to={`/applications/${text}`}>
+            <Link to={`/applications/${record.organization}/${text}`}>
              {text}
            </Link>
          );
--- a/web/src/UserEditPage.js
+++ b/web/src/UserEditPage.js
@ -49,6 +49,7 @@ class UserEditPage extends React.Component {
      applications: [],
      mode: props.location.mode !== undefined ? props.location.mode : "edit",
      loading: true,
+      returnUrl: null,
    };
  }

@ -57,6 +58,7 @@ class UserEditPage extends React.Component {
    this.getOrganizations();
    this.getApplicationsByOrganization(this.state.organizationName);
    this.getUserApplication();
+    this.setReturnUrl();
  }

  getUser() {
@ -100,9 +102,14 @@ class UserEditPage extends React.Component {
      });
  }

-  getReturnUrl() {
+  setReturnUrl() {
    const searchParams = new URLSearchParams(this.props.location.search);
-    return searchParams.get("returnUrl");
+    const returnUrl = searchParams.get("returnUrl");
+    if (returnUrl !== null) {
+      this.setState({
+        returnUrl: returnUrl,
+      });
+    }
  }

  parseUserField(key, value) {
@ -242,7 +249,7 @@ class UserEditPage extends React.Component {
              </Col>
            </Row>
            <Row style={{marginTop: "20px"}}>
-              <CropperDiv buttonText={`${i18next.t("user:Upload a photo")}...`} title={i18next.t("user:Upload a photo")} user={this.state.user} account={this.props.account} />
+              <CropperDiv buttonText={`${i18next.t("user:Upload a photo")}...`} title={i18next.t("user:Upload a photo")} user={this.state.user} organization={this.state.organizations.find(organization => organization.name === this.state.organizationName)} />
            </Row>
          </Col>
        </Row>
@ -619,9 +626,8 @@ class UserEditPage extends React.Component {
            }
          } else {
            if (willExist) {
-              const returnUrl = this.getReturnUrl();
-              if (returnUrl) {
-                window.location.href = returnUrl;
+              if (this.state.returnUrl) {
+                window.location.href = this.state.returnUrl;
              }
            }
          }
--- a/web/src/UserListPage.js
+++ b/web/src/UserListPage.js
@ -17,6 +17,7 @@ import {Link} from "react-router-dom";
 import {Button, Popconfirm, Switch, Table, Upload} from "antd";
 import {UploadOutlined} from "@ant-design/icons";
 import moment from "moment";
+import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as Setting from "./Setting";
 import * as UserBackend from "./backend/UserBackend";
 import i18next from "i18next";
@ -28,6 +29,7 @@ class UserListPage extends BaseListPage {
    this.state = {
      classes: props,
      organizationName: props.match.params.organizationName,
+      organization: null,
      data: [],
      pagination: {
        current: 1,
@ -165,7 +167,7 @@ class UserListPage extends BaseListPage {
        ...this.getColumnSearchProps("signupApplication"),
        render: (text, record, index) => {
          return (
-            <Link to={`/applications/${text}`}>
+            <Link to={`/applications/${record.owner}/${text}`}>
              {text}
            </Link>
          );
@ -271,6 +273,15 @@ class UserListPage extends BaseListPage {
        width: "110px",
        sorter: true,
        ...this.getColumnSearchProps("tag"),
+        render: (text, record, index) => {
+          const tagMap = {};
+          this.state.organization?.tags?.map((tag, index) => {
+            const tokens = tag.split("|");
+            const displayValue = Setting.getLanguage() !== "zh" ? tokens[0] : tokens[1];
+            tagMap[tokens[0]] = displayValue;
+          });
+          return tagMap[text];
+        },
      },
      {
        title: i18next.t("user:Is admin"),
@ -387,6 +398,11 @@ class UserListPage extends BaseListPage {
              searchText: params.searchText,
              searchedColumn: params.searchedColumn,
            });
+
+            const users = res.data;
+            if (users.length > 0) {
+              this.getOrganization(users[0].owner);
+            }
          }
        });
    } else {
@ -403,10 +419,24 @@ class UserListPage extends BaseListPage {
              searchText: params.searchText,
              searchedColumn: params.searchedColumn,
            });
+
+            const users = res.data;
+            if (users.length > 0) {
+              this.getOrganization(users[0].owner);
+            }
          }
        });
    }
  };
+
+  getOrganization(organizationName) {
+    OrganizationBackend.getOrganization("admin", organizationName)
+      .then((organization) => {
+        this.setState({
+          organization: organization,
+        });
+      });
+  }
 }

 export default UserListPage;
--- a/web/src/WebhookEditPage.js
+++ b/web/src/WebhookEditPage.js
@ -244,7 +244,7 @@ class WebhookEditPage extends React.Component {
              }} >
              {
                (
-                  ["signup", "login", "logout", "update-user"].map((option, index) => {
+                  ["signup", "login", "logout", "add-user", "update-user", "add-organization", "update-organization", "add-provider", "update-provider"].map((option, index) => {
                    return (
                      <Option key={option} value={option}>{option}</Option>
                    );
--- a/web/src/WebhookListPage.js
+++ b/web/src/WebhookListPage.js
@ -67,21 +67,6 @@ class WebhookListPage extends BaseListPage {

  renderTable(webhooks) {
    const columns = [
-      {
-        title: i18next.t("general:Organization"),
-        dataIndex: "organization",
-        key: "organization",
-        width: "110px",
-        sorter: true,
-        ...this.getColumnSearchProps("organization"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/organizations/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
      {
        title: i18next.t("general:Name"),
        dataIndex: "name",
@ -98,6 +83,21 @@ class WebhookListPage extends BaseListPage {
          );
        },
      },
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "organization",
+        key: "organization",
+        width: "110px",
+        sorter: true,
+        ...this.getColumnSearchProps("organization"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
      {
        title: i18next.t("general:Created time"),
        dataIndex: "createdTime",
--- a/web/src/auth/AuthBackend.js
+++ b/web/src/auth/AuthBackend.js
@ -54,7 +54,7 @@ export function oAuthParamsToQuery(oAuthParams) {
  }

  // code
-  return `?clientId=${oAuthParams.clientId}&responseType=${oAuthParams.responseType}&redirectUri=${oAuthParams.redirectUri}&scope=${oAuthParams.scope}&state=${oAuthParams.state}&nonce=${oAuthParams.nonce}&code_challenge_method=${oAuthParams.challengeMethod}&code_challenge=${oAuthParams.codeChallenge}`;
+  return `?clientId=${oAuthParams.clientId}&responseType=${oAuthParams.responseType}&redirectUri=${encodeURIComponent(oAuthParams.redirectUri)}&scope=${oAuthParams.scope}&state=${oAuthParams.state}&nonce=${oAuthParams.nonce}&code_challenge_method=${oAuthParams.challengeMethod}&code_challenge=${oAuthParams.codeChallenge}`;
 }

 export function getApplicationLogin(oAuthParams) {
@ -130,3 +130,13 @@ export function loginWithSaml(values, param) {
    },
  }).then(res => res.json());
 }
+
+export function getWechatMessageEvent() {
+  return fetch(`${Setting.ServerUrl}/api/get-webhook-event`, {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
--- a/web/src/auth/ForgetPage.js
+++ b/web/src/auth/ForgetPage.js
@ -23,6 +23,7 @@ import {CountDownInput} from "../common/CountDownInput";
 import * as UserBackend from "../backend/UserBackend";
 import {CheckCircleOutlined, KeyOutlined, LockOutlined, SolutionOutlined, UserOutlined} from "@ant-design/icons";
 import CustomGithubCorner from "../CustomGithubCorner";
+import {withRouter} from "react-router-dom";

 const {Step} = Steps;
 const {Option} = Select;
@ -166,7 +167,7 @@ class ForgetPage extends React.Component {
    values.userOwner = this.state.application?.organizationObj.name;
    UserBackend.setPassword(values.userOwner, values.username, "", values?.newPassword).then(res => {
      if (res.status === "ok") {
-        Setting.redirectToLoginPage(this.state.application);
+        Setting.redirectToLoginPage(this.state.application, this.props.history);
      } else {
        Setting.showMessage("error", i18next.t(`signup:${res.msg}`));
      }
@ -489,7 +490,7 @@ class ForgetPage extends React.Component {
    return (
      <div className="loginBackground" style={{backgroundImage: Setting.inIframe() || Setting.isMobile() ? null : `url(${application.formBackgroundUrl})`}}>
        <CustomGithubCorner />
-        <div className="login-content forget-content">
+        <div className="login-content forget-content" style={{padding: Setting.isMobile() ? "0" : null, boxShadow: Setting.isMobile() ? "none" : null}}>
          <Row>
            <Col span={24} style={{justifyContent: "center"}}>
              <Row>
@ -550,4 +551,4 @@ class ForgetPage extends React.Component {
  }
 }

-export default ForgetPage;
+export default withRouter(ForgetPage);
--- a/web/src/auth/LoginPage.js
+++ b/web/src/auth/LoginPage.js
@ -28,7 +28,6 @@ import i18next from "i18next";
 import CustomGithubCorner from "../CustomGithubCorner";
 import {CountDownInput} from "../common/CountDownInput";
 import SelectLanguageBox from "../SelectLanguageBox";
-import {withTranslation} from "react-i18next";
 import {CaptchaModal} from "../common/CaptchaModal";

 const {TabPane} = Tabs;
@ -336,10 +335,10 @@ class LoginPage extends React.Component {
      return (
        <Result
          status="error"
-          title="Sign Up Error"
-          subTitle={"The application does not allow to sign up new account"}
+          title={i18next.t("application:Sign Up Error")}
+          subTitle={i18next.t("application:The application does not allow to sign up new account")}
          extra={[
-            <Button type="primary" key="signin" onClick={() => Setting.redirectToLoginPage(application)}>
+            <Button type="primary" key="signin" onClick={() => Setting.redirectToLoginPage(application, this.props.history)}>
              {
                i18next.t("login:Sign In")
              }
@ -369,7 +368,7 @@ class LoginPage extends React.Component {
            rules={[
              {
                required: true,
-                message: "Please input your application!",
+                message: i18next.t("application:Please input your application!"),
              },
            ]}
          >
@ -380,7 +379,7 @@ class LoginPage extends React.Component {
            rules={[
              {
                required: true,
-                message: "Please input your organization!",
+                message: i18next.t("application:Please input your organization!"),
              },
            ]}
          >
@ -682,7 +681,7 @@ class LoginPage extends React.Component {
                const accessToken = res.data;
                Setting.goToLink(`${oAuthParams.redirectUri}#${responseType}=${accessToken}?state=${oAuthParams.state}&token_type=bearer`);
              } else {
-                Setting.showMessage("success", "Successfully logged in with webauthn credentials");
+                Setting.showMessage("success", i18next.t("login:Successfully logged in with webauthn credentials"));
                Setting.goToLink("/");
              }
            } else {
@ -690,7 +689,7 @@ class LoginPage extends React.Component {
            }
          })
          .catch(error => {
-            Setting.showMessage("error", `Failed to connect to server: ${error}`);
+            Setting.showMessage("error", `${i18next.t("application:Failed to connect to server: ")}${error}`);
          });
      });
  }
@ -784,7 +783,6 @@ class LoginPage extends React.Component {
        <div className="login-content" style={{margin: this.parseOffset(application.formOffset)}}>
          {Setting.inIframe() ? null : <div dangerouslySetInnerHTML={{__html: application.formCss}} />}
          <div className="login-panel">
-            <SelectLanguageBox id="language-box-corner" style={{top: "50px"}} />
            <div className="side-image" style={{display: application.formOffset !== 4 ? "none" : null}}>
              <div dangerouslySetInnerHTML={{__html: application.formSideHtml}} />
            </div>
@ -800,6 +798,7 @@ class LoginPage extends React.Component {
                  {/* {*/}
                  {/*  this.state.clientId !== null ? "Redirect" : null*/}
                  {/* }*/}
+                  <SelectLanguageBox languages={application.organizationObj.languages} style={{top: "55px", right: "5px", position: "absolute"}} />
                  {
                    this.renderSignedInBox()
                  }
@ -816,4 +815,4 @@ class LoginPage extends React.Component {
  }
 }

-export default withTranslation()(LoginPage);
+export default LoginPage;
--- a/web/src/auth/PromptPage.js
+++ b/web/src/auth/PromptPage.js
@ -22,6 +22,7 @@ import i18next from "i18next";
 import AffiliationSelect from "../common/AffiliationSelect";
 import OAuthWidget from "../common/OAuthWidget";
 import SelectRegionBox from "../SelectRegionBox";
+import {withRouter} from "react-router-dom";

 class PromptPage extends React.Component {
  constructor(props) {
@ -190,7 +191,7 @@ class PromptPage extends React.Component {
          if (redirectUrl !== "" && redirectUrl !== null) {
            Setting.goToLink(redirectUrl);
          } else {
-            Setting.redirectToLoginPage(this.getApplicationObj());
+            Setting.redirectToLoginPage(this.getApplicationObj(), this.props.history);
          }
        } else {
          Setting.showMessage("error", `Failed to log out: ${res.msg}`);
@ -231,10 +232,10 @@ class PromptPage extends React.Component {
      return (
        <Result
          status="error"
-          title="Sign Up Error"
-          subTitle={"You are unexpected to see this prompt page"}
+          title={i18next.t("application:Sign Up Error")}
+          subTitle={i18next.t("application:You are unexpected to see this prompt page")}
          extra={[
-            <Button type="primary" key="signin" onClick={() => Setting.redirectToLoginPage(application)}>
+            <Button type="primary" key="signin" onClick={() => Setting.redirectToLoginPage(application, this.props.history)}>
              {
                i18next.t("login:Sign In")
              }
@ -272,4 +273,4 @@ class PromptPage extends React.Component {
  }
 }

-export default PromptPage;
+export default withRouter(PromptPage);
--- a/web/src/auth/ProviderButton.js
+++ b/web/src/auth/ProviderButton.js
@ -40,6 +40,8 @@ import BilibiliLoginButton from "./BilibiliLoginButton";
 import OktaLoginButton from "./OktaLoginButton";
 import DouyinLoginButton from "./DouyinLoginButton";
 import * as AuthBackend from "./AuthBackend";
+import {getEvent} from "./Util";
+import {Modal} from "antd";

 function getSigninButton(type) {
  const text = i18next.t("login:Sign in with {type}").replace("{type}", type);
@ -116,11 +118,33 @@ function getSamlUrl(provider, location) {
 export function renderProviderLogo(provider, application, width, margin, size, location) {
  if (size === "small") {
    if (provider.category === "OAuth") {
-      return (
-        <a key={provider.displayName} href={Provider.getAuthUrl(application, provider, "signup")}>
-          <img width={width} height={width} src={getProviderLogoURL(provider)} alt={provider.displayName} style={{margin: margin}} />
-        </a>
-      );
+      if (provider.type === "WeChat" && provider.clientId2 !== "" && provider.clientSecret2 !== "" && provider.content !== "" && provider.disableSsl === true && !navigator.userAgent.includes("MicroMessenger")) {
+        const info = async() => {
+          const t1 = setInterval(await getEvent, 1000, application, provider);
+          {Modal.info({
+            title: i18next.t("provider:Please use WeChat and scan the QR code to sign in"),
+            content: (
+              <div>
+                <img width={256} height={256} src = {"data:image/png;base64," + provider.content} alt="Wechat QR code" style={{margin: margin}} />
+              </div>
+            ),
+            onOk() {
+              window.clearInterval(t1);
+            },
+          });}
+        };
+        return (
+          <a key={provider.displayName} >
+            <img width={width} height={width} src={getProviderLogoURL(provider)} alt={provider.displayName} style={{margin: margin}} onClick={info} />
+          </a>
+        );
+      } else {
+        return (
+          <a key={provider.displayName} href={Provider.getAuthUrl(application, provider, "signup")}>
+            <img width={width} height={width} src={getProviderLogoURL(provider)} alt={provider.displayName} style={{margin: margin}} />
+          </a>
+        );
+      }
    } else if (provider.category === "SAML") {
      return (
        <a key={provider.displayName} onClick={() => getSamlUrl(provider, location)}>
--- a/web/src/auth/SignupPage.js
+++ b/web/src/auth/SignupPage.js
@ -26,6 +26,7 @@ import {CountDownInput} from "../common/CountDownInput";
 import SelectRegionBox from "../SelectRegionBox";
 import CustomGithubCorner from "../CustomGithubCorner";
 import SelectLanguageBox from "../SelectLanguageBox";
+import {withRouter} from "react-router-dom";

 const formItemLayout = {
  labelCol: {
@ -538,10 +539,10 @@ class SignupPage extends React.Component {
      return (
        <Result
          status="error"
-          title="Sign Up Error"
-          subTitle={"The application does not allow to sign up new account"}
+          title={i18next.t("application:Sign Up Error")}
+          subTitle={i18next.t("application:The application does not allow to sign up new account")}
          extra={[
-            <Button type="primary" key="signin" onClick={() => Setting.redirectToLoginPage(application)}>
+            <Button type="primary" key="signin" onClick={() => Setting.redirectToLoginPage(application, this.props.history)}>
              {
                i18next.t("login:Sign In")
              }
@ -562,7 +563,7 @@ class SignupPage extends React.Component {
          application: application.name,
          organization: application.organization,
        }}
-        style={{width: !Setting.isMobile() ? "400px" : "250px"}}
+        style={{width: !Setting.isMobile() ? "400px" : "300px"}}
        size="large"
      >
        <Form.Item
@ -600,7 +601,7 @@ class SignupPage extends React.Component {
            if (linkInStorage !== null && linkInStorage !== "") {
              Setting.goToLink(linkInStorage);
            } else {
-              Setting.redirectToLoginPage(application);
+              Setting.redirectToLoginPage(application, this.props.history);
            }
          }}>
            {i18next.t("signup:sign in now")}
@ -633,7 +634,6 @@ class SignupPage extends React.Component {
        <div className="login-content" style={{margin: this.parseOffset(application.formOffset)}}>
          {Setting.inIframe() ? null : <div dangerouslySetInnerHTML={{__html: application.formCss}} />}
          <div className="login-panel" >
-            <SelectLanguageBox id="language-box-corner" style={{top: "50px"}} />
            <div className="side-image" style={{display: application.formOffset !== 4 ? "none" : null}}>
              <div dangerouslySetInnerHTML={{__html: application.formSideHtml}} />
            </div>
@ -645,6 +645,7 @@ class SignupPage extends React.Component {
                {
                  Setting.renderLogo(application)
                }
+                <SelectLanguageBox languages={application.organizationObj.languages} style={{top: "55px", right: "5px", position: "absolute"}} />
                {
                  this.renderForm(application)
                }
@ -660,4 +661,4 @@ class SignupPage extends React.Component {
  }
 }

-export default SignupPage;
+export default withRouter(SignupPage);
--- a/web/src/auth/Util.js
+++ b/web/src/auth/Util.js
@ -14,6 +14,9 @@

 import React from "react";
 import {Alert, Button, Result, message} from "antd";
+import {getWechatMessageEvent} from "./AuthBackend";
+import * as Setting from "../Setting";
+import * as Provider from "./Provider";

 export function showMessage(type, text) {
  if (type === "success") {
@ -150,3 +153,12 @@ export function getQueryParamsFromState(state) {
    return query;
  }
 }
+
+export function getEvent(application, provider) {
+  getWechatMessageEvent()
+    .then(res => {
+      if (res.data === "SCAN" || res.data === "subscribe") {
+        Setting.goToLink(Provider.getAuthUrl(application, provider, "signup"));
+      }
+    });
+}
--- a/web/src/backend/AdapterBackend.js
+++ b/web/src/backend/AdapterBackend.js
@ -70,6 +70,41 @@ export function deleteAdapter(Adapter) {
  }).then(res => res.json());
 }

+export function UpdatePolicy(owner, name, policy) {
+  // eslint-disable-next-line no-console
+  console.log(policy);
+  return fetch(`${Setting.ServerUrl}/api/update-policy?id=${owner}/${encodeURIComponent(name)}`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(policy),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function AddPolicy(owner, name, policy) {
+  return fetch(`${Setting.ServerUrl}/api/add-policy?id=${owner}/${encodeURIComponent(name)}`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(policy),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function RemovePolicy(owner, name, policy) {
+  return fetch(`${Setting.ServerUrl}/api/remove-policy?id=${owner}/${encodeURIComponent(name)}`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(policy),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
 export function syncPolicies(owner, name) {
  return fetch(`${Setting.ServerUrl}/api/sync-policies?id=${owner}/${encodeURIComponent(name)}`, {
    method: "GET",
--- a/web/src/backend/ApplicationBackend.js
+++ b/web/src/backend/ApplicationBackend.js
@ -24,8 +24,8 @@ export function getApplications(owner, page = "", pageSize = "", field = "", val
  }).then(res => res.json());
 }

-export function getApplicationsByOrganization(owner, organization) {
-  return fetch(`${Setting.ServerUrl}/api/get-organization-applications?owner=${owner}&organization=${organization}`, {
+export function getApplicationsByOrganization(owner, organization, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-organization-applications?owner=${owner}&organization=${organization}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
    method: "GET",
    credentials: "include",
    headers: {
@ -68,7 +68,6 @@ export function updateApplication(owner, name, application) {

 export function addApplication(application) {
  const newApplication = Setting.deepCopy(application);
-  newApplication.organization = "built-in";
  return fetch(`${Setting.ServerUrl}/api/add-application`, {
    method: "POST",
    credentials: "include",
--- a/web/src/backend/ProviderBackend.js
+++ b/web/src/backend/ProviderBackend.js
@ -24,6 +24,16 @@ export function getProviders(owner, page = "", pageSize = "", field = "", value
  }).then(res => res.json());
 }

+export function getGlobalProviders(page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-global-providers?p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
 export function getProvider(owner, name) {
  return fetch(`${Setting.ServerUrl}/api/get-provider?id=${owner}/${encodeURIComponent(name)}`, {
    method: "GET",
--- a/web/src/common/CaptchaWidget.js
+++ b/web/src/common/CaptchaWidget.js
@ -105,6 +105,21 @@ export const CaptchaWidget = ({captchaType, subType, siteKey, clientSecret, onCh
      }, 500);
      break;
    }
+    case "Cloudflare Turnstile": {
+      const tTimer = setInterval(() => {
+        if (!window.turnstile) {
+          loadScript("https://challenges.cloudflare.com/turnstile/v0/api.js");
+        }
+        if (window.turnstile && window.turnstile.render) {
+          window.turnstile.render("#captcha", {
+            sitekey: siteKey,
+            callback: onChange,
+          });
+          clearInterval(tTimer);
+        }
+      }, 300);
+      break;
+    }
    default:
      break;
    }
--- a/web/src/common/PoliciyTable.js
+++ b/web/src/common/PoliciyTable.js
@ -0,0 +1,308 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {DeleteOutlined, EditOutlined} from "@ant-design/icons";
+import {Button, Input, Popconfirm, Table, Tooltip} from "antd";
+import * as Setting from "../Setting";
+import * as AdapterBackend from "../backend/AdapterBackend";
+import i18next from "i18next";
+
+class PolicyTable extends React.Component {
+  constructor(props) {
+    super(props);
+    this.state = {
+      policyLists: [],
+      loading: false,
+      editingIndex: "",
+      oldPolicy: "",
+      add: false,
+    };
+  }
+
+  UNSAFE_componentWillMount() {
+    if (this.props.mode === "edit") {
+      this.synPolicies();
+    }
+  }
+
+  isEditing = (index) => {
+    return index === this.state.editingIndex;
+  };
+
+  edit = (record, index) => {
+    this.setState({editingIndex: index, oldPolicy: Setting.deepCopy(record)});
+  };
+
+  cancel = (table, index) => {
+    Object.keys(table[index]).forEach((key) => {
+      table[index][key] = this.state.oldPolicy[key];
+    });
+    this.updateTable(table);
+    this.setState({editingIndex: "", oldPolicy: ""});
+    if (this.state.add) {
+      this.deleteRow(this.state.policyLists, index);
+      this.setState({add: false});
+    }
+  };
+
+  updateTable(table) {
+    this.setState({policyLists: table});
+  }
+
+  updateField(table, index, key, value) {
+    table[index][key] = value;
+    this.updateTable(table);
+  }
+
+  addRow(table) {
+    const row = {Ptype: "p"};
+    if (table === undefined) {
+      table = [];
+    }
+    table = Setting.addRow(table, row, "top");
+    this.updateTable(table);
+    this.edit(row, 0);
+    this.setState({add: true});
+  }
+
+  deleteRow(table, i) {
+    table = Setting.deleteRow(table, i);
+    this.updateTable(table);
+  }
+
+  save(table, i) {
+    this.state.add ? this.addPolicy(table, i) : this.updatePolicy(table, i);
+  }
+
+  synPolicies() {
+    this.setState({loading: true});
+    AdapterBackend.syncPolicies(this.props.owner, this.props.name)
+      .then((res) => {
+        if (res.status !== "error") {
+          this.setState({loading: false, policyLists: res});
+        } else {
+          this.setState({loading: false});
+          Setting.showMessage("error", `Adapter failed to get policies, ${res.msg}`);
+        }
+      })
+      .catch(error => {
+        this.setState({loading: false});
+        Setting.showMessage("error", `Adapter failed to get policies, ${error}`);
+      });
+  }
+
+  updatePolicy(table, i) {
+    AdapterBackend.UpdatePolicy(this.props.owner, this.props.name, [this.state.oldPolicy, table[i]]).then(res => {
+      if (res.status === "ok") {
+        this.setState({editingIndex: "", oldPolicy: ""});
+        Setting.showMessage("success", i18next.t("adapter:Update policy successfully"));
+      } else {
+        Setting.showMessage("error", i18next.t(`adapter:Update policy failed, ${res.msg}`));
+      }
+    });
+  }
+
+  addPolicy(table, i) {
+    AdapterBackend.AddPolicy(this.props.owner, this.props.name, table[i]).then(res => {
+      if (res.status === "ok") {
+        this.setState({editingIndex: "", oldPolicy: "", add: false});
+        if (res.data !== "Affected") {
+          Setting.showMessage("info", i18next.t("adapter:Repeated policy"));
+        } else {
+          Setting.showMessage("success", i18next.t("adapter:Add policy successfully"));
+        }
+      } else {
+        Setting.showMessage("error", i18next.t(`adapter:Add policy failed, ${res.msg}`));
+      }
+    });
+  }
+
+  deletePolicy(table, i) {
+    AdapterBackend.RemovePolicy(this.props.owner, this.props.name, table[i]).then(res => {
+      if (res.status === "ok") {
+        table = Setting.deleteRow(table, i);
+        this.updateTable(table);
+        Setting.showMessage("success", i18next.t("adapter:Delete policy successfully"));
+      } else {
+        Setting.showMessage("error", i18next.t(`adapter:Delete policy failed, ${res.msg}`));
+      }
+    });
+  }
+
+  renderTable(table) {
+    const columns = [
+      {
+        title: "Rule Type",
+        dataIndex: "Ptype",
+        width: "100px",
+        // render: (text, record, index) => {
+        //   const editing = this.isEditing(index);
+        //   return (
+        //     editing ?
+        //       <Input value={text} onChange={e => {
+        //         this.updateField(table, index, "Ptype", e.target.value);
+        //       }} />
+        //       : text
+        //   );
+        // },
+      },
+      {
+        title: "V0",
+        dataIndex: "V0",
+        width: "100px",
+        render: (text, record, index) => {
+          const editing = this.isEditing(index);
+          return (
+            editing ?
+              <Input value={text} onChange={e => {
+                this.updateField(table, index, "V0", e.target.value);
+              }} />
+              : text
+          );
+        },
+      },
+      {
+        title: "V1",
+        dataIndex: "V1",
+        width: "100px",
+        render: (text, record, index) => {
+          const editing = this.isEditing(index);
+          return (
+            editing ?
+              <Input value={text} onChange={e => {
+                this.updateField(table, index, "V1", e.target.value);
+              }} />
+              : text
+          );
+        },
+      },
+      {
+        title: "V2",
+        dataIndex: "V2",
+        width: "100px",
+        render: (text, record, index) => {
+          const editing = this.isEditing(index);
+          return (
+            editing ?
+              <Input value={text} onChange={e => {
+                this.updateField(table, index, "V2", e.target.value);
+              }} />
+              : text
+          );
+        },
+      },
+      {
+        title: "V3",
+        dataIndex: "V3",
+        width: "100px",
+        render: (text, record, index) => {
+          const editing = this.isEditing(index);
+          return (
+            editing ?
+              <Input value={text} onChange={e => {
+                this.updateField(table, index, "V3", e.target.value);
+              }} />
+              : text
+          );
+        },
+      },
+      {
+        title: "V4",
+        dataIndex: "V4",
+        width: "100px",
+        render: (text, record, index) => {
+          const editing = this.isEditing(index);
+          return (
+            editing ?
+              <Input value={text} onChange={e => {
+                this.updateField(table, index, "V4", e.target.value);
+              }} />
+              : text
+          );
+        },
+      },
+      {
+        title: "V5",
+        dataIndex: "V5",
+        width: "100px",
+        render: (text, record, index) => {
+          const editing = this.isEditing(index);
+          return (
+            editing ?
+              <Input value={text} onChange={e => {
+                this.updateField(table, index, "V5", e.target.value);
+              }} />
+              : text
+          );
+        },
+      },
+      {
+        title: "Option",
+        key: "option",
+        width: "100px",
+        render: (text, record, index) => {
+          const editable = this.isEditing(index);
+          return editable ? (
+            <span>
+              <Button style={{marginRight: 8}} onClick={() => this.save(table, index)}>
+              Save
+              </Button>
+              <Popconfirm title="Sure to cancel?" onConfirm={() => this.cancel(table, index)}>
+                <a>Cancel</a>
+              </Popconfirm>
+            </span>
+          ) : (
+            <div>
+              <Tooltip placement="topLeft" title="Edit">
+                <Button disabled={this.state.editingIndex !== ""} style={{marginRight: "5px"}} icon={<EditOutlined />} size="small" onClick={() => this.edit(record, index)} />
+              </Tooltip>
+              <Tooltip placement="topLeft" title="Delete">
+                <Button disabled={this.state.editingIndex !== ""} style={{marginRight: "5px"}} icon={<DeleteOutlined />} size="small" onClick={() => this.deletePolicy(table, index)} />
+              </Tooltip>
+            </div>
+          );
+        },
+      }];
+
+    return (
+      <Table
+        pagination={{
+          defaultPageSize: 10,
+        }}
+        columns={columns} dataSource={table} rowKey="index" size="middle" bordered
+        loading={this.state.loading}
+        title={() => (
+          <div>
+            <Button disabled={this.state.editingIndex !== ""} style={{marginRight: "5px"}} type="primary" size="small" onClick={() => this.addRow(table)}>{i18next.t("general:Add")}</Button>
+          </div>
+        )}
+      />
+    );
+  }
+
+  render() {
+    return (<>
+      <Button type="primary" onClick={() => {this.synPolicies();}}>
+        {i18next.t("adapter:Sync")}
+      </Button>
+      {
+        this.renderTable(this.state.policyLists)
+      }
+    </>
+    );
+  }
+}
+
+export default PolicyTable;
--- a/web/src/locales/de/data.json
+++ b/web/src/locales/de/data.json
@ -6,13 +6,18 @@
    "Sign Up": "Registrieren"
  },
  "adapter": {
+    "Add policy successfully": "Add policy successfully",
+    "Delete policy successfully": "Delete policy successfully",
    "Edit Adapter": "Edit Adapter",
    "New Adapter": "New Adapter",
    "Policies": "Policies",
    "Policies - Tooltip": "Policies - Tooltip",
-    "Sync": "Sync"
+    "Repeated policy": "Repeated policy",
+    "Sync": "Sync",
+    "Update policy successfully": "Update policy successfully"
  },
  "application": {
+    "Always": "Always",
    "Auto signin": "Auto signin",
    "Auto signin - Tooltip": "Auto signin - Tooltip",
    "Background URL": "Background URL",
@ -33,6 +38,7 @@
    "Enable signin session - Tooltip": "Aktiviere Anmeldesession - Tooltip",
    "Enable signup": "Anmeldung aktivieren",
    "Enable signup - Tooltip": "Whether to allow users to sign up",
+    "Failed to connect to server": "Failed to connect to server",
    "File uploaded successfully": "Datei erfolgreich hochgeladen",
    "Form CSS": "Form CSS",
    "Form CSS - Edit": "Form CSS - Edit",
@ -43,8 +49,11 @@
    "Grant types - Tooltip": "Grant types - Tooltip",
    "Left": "Left",
    "New Application": "New Application",
+    "None": "None",
    "Password ON": "Passwort AN",
    "Password ON - Tooltip": "Whether to allow password login",
+    "Please input your application!": "Please input your application!",
+    "Please input your organization!": "Please input your organization!",
    "Please select a HTML file": "Bitte wählen Sie eine HTML-Datei",
    "Prompt page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Prompt page URL copied to clipboard successfully, please paste it into the incognito window or another browser",
    "Redirect URL": "Weiterleitungs-URL",
@ -53,24 +62,25 @@
    "Refresh token expire": "Aktualisierungs-Token läuft ab",
    "Refresh token expire - Tooltip": "Aktualisierungs-Token läuft ab - Tooltip",
    "Right": "Right",
+    "Rule": "Rule",
    "SAML metadata": "SAML metadata",
    "SAML metadata - Tooltip": "SAML metadata - Tooltip",
    "SAML metadata URL copied to clipboard successfully": "SAML metadata URL copied to clipboard successfully",
    "Side panel HTML": "Side panel HTML",
    "Side panel HTML - Edit": "Side panel HTML - Edit",
    "Side panel HTML - Tooltip": "Side panel HTML - Tooltip",
+    "Sign Up Error": "Sign Up Error",
    "Signin page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Signin page URL copied to clipboard successfully, please paste it into the incognito window or another browser",
    "Signin session": "Anmeldesitzung",
    "Signup items": "Artikel registrieren",
    "Signup items - Tooltip": "Signup items that need to be filled in when users register",
    "Signup page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Signup page URL copied to clipboard successfully, please paste it into the incognito window or another browser",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account",
    "Token expire": "Token läuft ab",
    "Token expire - Tooltip": "Token läuft ab - Tooltip",
    "Token format": "Token-Format",
    "Token format - Tooltip": "Token-Format - Tooltip",
-    "Rule": "Rule",
-    "None": "None",
-    "Always": "Always"
+    "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
  },
  "cert": {
    "Bit size": "Bitgröße",
@ -170,6 +180,8 @@
    "Is enabled - Tooltip": "Ist aktiviert - Tooltip",
    "LDAPs": "LDAPs",
    "LDAPs - Tooltip": "LDAPs - Tooltip",
+    "Languages": "Languages",
+    "Languages - Tooltip": "Languages - Tooltip",
    "Last name": "Last name",
    "Logo": "Logo",
    "Logo - Tooltip": "App's image tag",
@ -290,6 +302,7 @@
    "Sign in with WebAuthn": "Sign in with WebAuthn",
    "Sign in with {type}": "Mit {type} anmelden",
    "Signing in...": "Anmelden...",
+    "Successfully logged in with webauthn credentials": "Successfully logged in with webauthn credentials",
    "The input is not valid Email or Phone!": "Die Eingabe ist keine gültige E-Mail oder Telefon!",
    "To access": "Zu Zugriff",
    "Verification Code": "Verification Code",
@ -311,15 +324,16 @@
    "Favicon": "Févicon",
    "Is profile public": "Is profile public",
    "Is profile public - Tooltip": "Is profile public - Tooltip",
+    "Modify rule": "Modify rule",
    "New Organization": "New Organization",
    "Soft deletion": "Weiche Löschung",
    "Soft deletion - Tooltip": "Weiche Löschung - Tooltip",
    "Tags": "Tags",
    "Tags - Tooltip": "Tags - Tooltip",
+    "View rule": "View rule",
+    "Visible": "Visible",
    "Website URL": "Website-URL",
-    "Website URL - Tooltip": "Unique string-style identifier",
-    "modifyRule": "modifyRule",
-    "viewRule": "viewRule"
+    "Website URL - Tooltip": "Unique string-style identifier"
  },
  "payment": {
    "Confirm your invoice information": "Confirm your invoice information",
@ -452,6 +466,9 @@
    "Bucket": "Eimer",
    "Bucket - Tooltip": "Storage bucket name",
    "Can not parse Metadata": "Metadaten können nicht analysiert werden",
+    "Can signin": "Can signin",
+    "Can signup": "Can signup",
+    "Can unlink": "Can unlink",
    "Category": "Kategorie",
    "Category - Tooltip": "Unique string-style identifier",
    "Channel No.": "Channel No.",
@ -474,6 +491,8 @@
    "Email Content - Tooltip": "Unique string-style identifier",
    "Email Title": "E-Mail-Titel",
    "Email Title - Tooltip": "Unique string-style identifier",
+    "Enable QR code": "Enable QR code",
+    "Enable QR code - Tooltip": "Enable QR code - Tooltip",
    "Endpoint": "Endpoint",
    "Endpoint (Intranet)": "Endpunkt (Intranet)",
    "Host": "Host",
@ -491,14 +510,18 @@
    "New Provider": "New Provider",
    "Parse": "Parse",
    "Parse Metadata successfully": "Metadaten erfolgreich analysieren",
+    "Path prefix": "Path prefix",
+    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
    "Port": "Port",
    "Port - Tooltip": "Unique string-style identifier",
+    "Prompted": "Prompted",
    "Provider URL": "Provider-URL",
    "Provider URL - Tooltip": "Unique string-style identifier",
    "Region ID": "Region ID",
    "Region ID - Tooltip": "Region ID - Tooltip",
    "Region endpoint for Internet": "Region Endpunkt für Internet",
    "Region endpoint for Intranet": "Region Endpunkt für Intranet",
+    "Required": "Required",
    "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
    "SMS account": "SMS account",
    "SMS account - Tooltip": "SMS account - Tooltip",
@ -535,19 +558,16 @@
    "Test Connection": "Test Smtp Connection",
    "Test Email": "Test email config",
    "Test Email - Tooltip": "Email Address",
+    "The prefix path of the file - Tooltip": "The prefix path of the file - Tooltip",
    "Token URL": "Token URL",
    "Token URL - Tooltip": "Token URL - Tooltip",
    "Type": "Typ",
    "Type - Tooltip": "Unique string-style identifier",
    "UserInfo URL": "UserInfo URL",
    "UserInfo URL - Tooltip": "UserInfo URL - Tooltip",
-    "alertType": "alarmtyp",
-    "canSignIn": "canSignIn",
-    "canSignUp": "canSignUp",
-    "canUnlink": "canUnlink",
-    "prompted": "gefragt",
-    "required": "benötigt",
-    "visible": "sichtbar"
+    "Visible": "Visible",
+    "admin (share)": "admin (share)",
+    "alertType": "alarmtyp"
  },
  "record": {
    "Is Triggered": "Wird ausgelöst"
--- a/web/src/locales/en/data.json
+++ b/web/src/locales/en/data.json
@ -6,13 +6,18 @@
    "Sign Up": "Sign Up"
  },
  "adapter": {
+    "Add policy successfully": "Add policy successfully",
+    "Delete policy successfully": "Delete policy successfully",
    "Edit Adapter": "Edit Adapter",
    "New Adapter": "New Adapter",
    "Policies": "Policies",
    "Policies - Tooltip": "Policies - Tooltip",
-    "Sync": "Sync"
+    "Repeated policy": "Repeated policy",
+    "Sync": "Sync",
+    "Update policy successfully": "Update policy successfully"
  },
  "application": {
+    "Always": "Always",
    "Auto signin": "Auto signin",
    "Auto signin - Tooltip": "Auto signin - Tooltip",
    "Background URL": "Background URL",
@ -33,6 +38,7 @@
    "Enable signin session - Tooltip": "Enable signin session - Tooltip",
    "Enable signup": "Enable signup",
    "Enable signup - Tooltip": "Enable signup - Tooltip",
+    "Failed to connect to server": "Failed to connect to server",
    "File uploaded successfully": "File uploaded successfully",
    "Form CSS": "Form CSS",
    "Form CSS - Edit": "Form CSS - Edit",
@ -43,8 +49,11 @@
    "Grant types - Tooltip": "Grant types - Tooltip",
    "Left": "Left",
    "New Application": "New Application",
+    "None": "None",
    "Password ON": "Password ON",
    "Password ON - Tooltip": "Password ON - Tooltip",
+    "Please input your application!": "Please input your application!",
+    "Please input your organization!": "Please input your organization!",
    "Please select a HTML file": "Please select a HTML file",
    "Prompt page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Prompt page URL copied to clipboard successfully, please paste it into the incognito window or another browser",
    "Redirect URL": "Redirect URL",
@ -53,24 +62,25 @@
    "Refresh token expire": "Refresh token expire",
    "Refresh token expire - Tooltip": "Refresh token expire - Tooltip",
    "Right": "Right",
+    "Rule": "Rule",
    "SAML metadata": "SAML metadata",
    "SAML metadata - Tooltip": "SAML metadata - Tooltip",
    "SAML metadata URL copied to clipboard successfully": "SAML metadata URL copied to clipboard successfully",
    "Side panel HTML": "Side panel HTML",
    "Side panel HTML - Edit": "Side panel HTML - Edit",
    "Side panel HTML - Tooltip": "Side panel HTML - Tooltip",
+    "Sign Up Error": "Sign Up Error",
    "Signin page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Signin page URL copied to clipboard successfully, please paste it into the incognito window or another browser",
    "Signin session": "Signin session",
    "Signup items": "Signup items",
    "Signup items - Tooltip": "Signup items - Tooltip",
    "Signup page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Signup page URL copied to clipboard successfully, please paste it into the incognito window or another browser",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account",
    "Token expire": "Token expire",
    "Token expire - Tooltip": "Token expire - Tooltip",
    "Token format": "Token format",
    "Token format - Tooltip": "Token format - Tooltip",
-    "Rule": "Rule",
-    "None": "None",
-    "Always": "Always"
+    "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
  },
  "cert": {
    "Bit size": "Bit size",
@ -170,6 +180,8 @@
    "Is enabled - Tooltip": "Is enabled - Tooltip",
    "LDAPs": "LDAPs",
    "LDAPs - Tooltip": "LDAPs - Tooltip",
+    "Languages": "Languages",
+    "Languages - Tooltip": "Languages - Tooltip",
    "Last name": "Last name",
    "Logo": "Logo",
    "Logo - Tooltip": "Logo - Tooltip",
@ -290,6 +302,7 @@
    "Sign in with WebAuthn": "Sign in with WebAuthn",
    "Sign in with {type}": "Sign in with {type}",
    "Signing in...": "Signing in...",
+    "Successfully logged in with webauthn credentials": "Successfully logged in with webauthn credentials",
    "The input is not valid Email or Phone!": "The input is not valid Email or Phone!",
    "To access": "To access",
    "Verification Code": "Verification Code",
@ -311,15 +324,16 @@
    "Favicon": "Favicon",
    "Is profile public": "Is profile public",
    "Is profile public - Tooltip": "Is profile public - Tooltip",
+    "Modify rule": "Modify rule",
    "New Organization": "New Organization",
    "Soft deletion": "Soft deletion",
    "Soft deletion - Tooltip": "Soft deletion - Tooltip",
    "Tags": "Tags",
    "Tags - Tooltip": "Tags - Tooltip",
+    "View rule": "View rule",
+    "Visible": "Visible",
    "Website URL": "Website URL",
-    "Website URL - Tooltip": "Website URL - Tooltip",
-    "modifyRule": "modifyRule",
-    "viewRule": "viewRule"
+    "Website URL - Tooltip": "Website URL - Tooltip"
  },
  "payment": {
    "Confirm your invoice information": "Confirm your invoice information",
@ -452,6 +466,9 @@
    "Bucket": "Bucket",
    "Bucket - Tooltip": "Bucket - Tooltip",
    "Can not parse Metadata": "Can not parse Metadata",
+    "Can signin": "Can signin",
+    "Can signup": "Can signup",
+    "Can unlink": "Can unlink",
    "Category": "Category",
    "Category - Tooltip": "Category - Tooltip",
    "Channel No.": "Channel No.",
@ -474,6 +491,8 @@
    "Email Content - Tooltip": "Email Content - Tooltip",
    "Email Title": "Email Title",
    "Email Title - Tooltip": "Email Title - Tooltip",
+    "Enable QR code": "Enable QR code",
+    "Enable QR code - Tooltip": "Enable QR code - Tooltip",
    "Endpoint": "Endpoint",
    "Endpoint (Intranet)": "Endpoint (Intranet)",
    "Host": "Host",
@ -491,14 +510,18 @@
    "New Provider": "New Provider",
    "Parse": "Parse",
    "Parse Metadata successfully": "Parse Metadata successfully",
+    "Path prefix": "Path prefix",
+    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
    "Port": "Port",
    "Port - Tooltip": "Port - Tooltip",
+    "Prompted": "Prompted",
    "Provider URL": "Provider URL",
    "Provider URL - Tooltip": "Provider URL - Tooltip",
    "Region ID": "Region ID",
    "Region ID - Tooltip": "Region ID - Tooltip",
    "Region endpoint for Internet": "Region endpoint for Internet",
    "Region endpoint for Intranet": "Region endpoint for Intranet",
+    "Required": "Required",
    "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
    "SMS account": "SMS account",
    "SMS account - Tooltip": "SMS account - Tooltip",
@ -535,19 +558,16 @@
    "Test Connection": "Test Connection",
    "Test Email": "Test Email",
    "Test Email - Tooltip": "Test Email - Tooltip",
+    "The prefix path of the file - Tooltip": "The prefix path of the file - Tooltip",
    "Token URL": "Token URL",
    "Token URL - Tooltip": "Token URL - Tooltip",
    "Type": "Type",
    "Type - Tooltip": "Type - Tooltip",
    "UserInfo URL": "UserInfo URL",
    "UserInfo URL - Tooltip": "UserInfo URL - Tooltip",
-    "alertType": "alertType",
-    "canSignIn": "canSignIn",
-    "canSignUp": "canSignUp",
-    "canUnlink": "canUnlink",
-    "prompted": "prompted",
-    "required": "required",
-    "visible": "visible"
+    "Visible": "Visible",
+    "admin (share)": "admin (share)",
+    "alertType": "alertType"
  },
  "record": {
    "Is Triggered": "Is Triggered"
--- a/web/src/locales/es/data.json
+++ b/web/src/locales/es/data.json
@ -38,6 +38,7 @@
    "SAML metadata URL copied to clipboard successfully": "SAML metadata URL copiado al portapapeles con éxito",
    "Signin page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Signin page URL copied to clipboard successfully, please paste it into the incognito window or another browser",
    "Signin session": "Signin session",
+    "Sign Up Error": "Sign Up Error",
    "Signup items": "Signup items",
    "Signup items - Tooltip": "Signup items - Tooltip",
    "Signup page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Signup page URL copied to clipboard successfully, please paste it into the incognito window or another browser",
@ -45,6 +46,7 @@
    "Token expire - Tooltip": "Expiración del Token - Tooltip",
    "Token format": "Formato del Token",
    "Token format - Tooltip": "Formato del Token - Tooltip",
+    "You are unexpected to see this prompt page": "You are unexpected to see this prompt page",
    "Rule": "Rule",
    "None": "None",
    "Always": "Always"
--- a/web/src/locales/fr/data.json
+++ b/web/src/locales/fr/data.json
@ -6,13 +6,18 @@
    "Sign Up": "S'inscrire"
  },
  "adapter": {
+    "Add policy successfully": "Add policy successfully",
+    "Delete policy successfully": "Delete policy successfully",
    "Edit Adapter": "Edit Adapter",
    "New Adapter": "New Adapter",
    "Policies": "Policies",
    "Policies - Tooltip": "Policies - Tooltip",
-    "Sync": "Sync"
+    "Repeated policy": "Repeated policy",
+    "Sync": "Sync",
+    "Update policy successfully": "Update policy successfully"
  },
  "application": {
+    "Always": "Always",
    "Auto signin": "Auto signin",
    "Auto signin - Tooltip": "Auto signin - Tooltip",
    "Background URL": "Background URL",
@ -33,6 +38,7 @@
    "Enable signin session - Tooltip": "Activer la session de connexion - infobulle",
    "Enable signup": "Activer l'inscription",
    "Enable signup - Tooltip": "Whether to allow users to sign up",
+    "Failed to connect to server": "Failed to connect to server",
    "File uploaded successfully": "Fichier téléchargé avec succès",
    "Form CSS": "Form CSS",
    "Form CSS - Edit": "Form CSS - Edit",
@ -43,8 +49,11 @@
    "Grant types - Tooltip": "Grant types - Tooltip",
    "Left": "Left",
    "New Application": "New Application",
+    "None": "None",
    "Password ON": "Mot de passe activé",
    "Password ON - Tooltip": "Whether to allow password login",
+    "Please input your application!": "Please input your application!",
+    "Please input your organization!": "Please input your organization!",
    "Please select a HTML file": "Veuillez sélectionner un fichier HTML",
    "Prompt page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Prompt page URL copied to clipboard successfully, please paste it into the incognito window or another browser",
    "Redirect URL": "URL de redirection",
@ -53,24 +62,25 @@
    "Refresh token expire": "Expiration du jeton d'actualisation",
    "Refresh token expire - Tooltip": "Expiration du jeton d'actualisation - infobulle",
    "Right": "Right",
+    "Rule": "Rule",
    "SAML metadata": "SAML metadata",
    "SAML metadata - Tooltip": "SAML metadata - Tooltip",
    "SAML metadata URL copied to clipboard successfully": "SAML metadata URL copied to clipboard successfully",
    "Side panel HTML": "Side panel HTML",
    "Side panel HTML - Edit": "Side panel HTML - Edit",
    "Side panel HTML - Tooltip": "Side panel HTML - Tooltip",
+    "Sign Up Error": "Sign Up Error",
    "Signin page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Signin page URL copied to clipboard successfully, please paste it into the incognito window or another browser",
    "Signin session": "Connexion à la session",
    "Signup items": "Inscrire des éléments",
    "Signup items - Tooltip": "Signup items that need to be filled in when users register",
    "Signup page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Signup page URL copied to clipboard successfully, please paste it into the incognito window or another browser",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account",
    "Token expire": "Expiration du jeton",
    "Token expire - Tooltip": "Expiration du jeton - Info-bulle",
    "Token format": "Format du jeton",
    "Token format - Tooltip": "Format du jeton - infobulle",
-    "Rule": "Rule",
-    "None": "None",
-    "Always": "Always"
+    "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
  },
  "cert": {
    "Bit size": "Taille du bit",
@ -170,6 +180,8 @@
    "Is enabled - Tooltip": "Est activé - infobulle",
    "LDAPs": "LDAPs",
    "LDAPs - Tooltip": "LDAPs - Infobulle",
+    "Languages": "Languages",
+    "Languages - Tooltip": "Languages - Tooltip",
    "Last name": "Last name",
    "Logo": "Logo",
    "Logo - Tooltip": "App's image tag",
@ -290,6 +302,7 @@
    "Sign in with WebAuthn": "Sign in with WebAuthn",
    "Sign in with {type}": "Se connecter avec {type}",
    "Signing in...": "Connexion en cours...",
+    "Successfully logged in with webauthn credentials": "Successfully logged in with webauthn credentials",
    "The input is not valid Email or Phone!": "L'entrée n'est pas valide Email ou Téléphone !",
    "To access": "Pour accéder à",
    "Verification Code": "Verification Code",
@ -311,15 +324,16 @@
    "Favicon": "Favicon",
    "Is profile public": "Is profile public",
    "Is profile public - Tooltip": "Is profile public - Tooltip",
+    "Modify rule": "Modify rule",
    "New Organization": "New Organization",
    "Soft deletion": "Suppression du logiciel",
    "Soft deletion - Tooltip": "Suppression de soft - infobulle",
    "Tags": "Tags",
    "Tags - Tooltip": "Tags - Tooltip",
+    "View rule": "View rule",
+    "Visible": "Visible",
    "Website URL": "URL du site web",
-    "Website URL - Tooltip": "Unique string-style identifier",
-    "modifyRule": "modifyRule",
-    "viewRule": "viewRule"
+    "Website URL - Tooltip": "Unique string-style identifier"
  },
  "payment": {
    "Confirm your invoice information": "Confirm your invoice information",
@ -452,6 +466,9 @@
    "Bucket": "Seau",
    "Bucket - Tooltip": "Storage bucket name",
    "Can not parse Metadata": "Impossible d'analyser les métadonnées",
+    "Can signin": "Can signin",
+    "Can signup": "Can signup",
+    "Can unlink": "Can unlink",
    "Category": "Catégorie",
    "Category - Tooltip": "Unique string-style identifier",
    "Channel No.": "Channel No.",
@ -474,6 +491,8 @@
    "Email Content - Tooltip": "Unique string-style identifier",
    "Email Title": "Titre de l'e-mail",
    "Email Title - Tooltip": "Unique string-style identifier",
+    "Enable QR code": "Enable QR code",
+    "Enable QR code - Tooltip": "Enable QR code - Tooltip",
    "Endpoint": "Endpoint",
    "Endpoint (Intranet)": "Point de terminaison (Intranet)",
    "Host": "Hôte",
@ -491,14 +510,18 @@
    "New Provider": "New Provider",
    "Parse": "Parse",
    "Parse Metadata successfully": "Analyse des métadonnées réussie",
+    "Path prefix": "Path prefix",
+    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
    "Port": "Port",
    "Port - Tooltip": "Unique string-style identifier",
+    "Prompted": "Prompted",
    "Provider URL": "URL du fournisseur",
    "Provider URL - Tooltip": "Unique string-style identifier",
    "Region ID": "ID de la région",
    "Region ID - Tooltip": "ID de région - infobulle",
    "Region endpoint for Internet": "Point de terminaison de la région pour Internet",
    "Region endpoint for Intranet": "Point de terminaison de la région pour Intranet",
+    "Required": "Required",
    "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
    "SMS account": "SMS account",
    "SMS account - Tooltip": "SMS account - Tooltip",
@ -535,19 +558,16 @@
    "Test Connection": "Test Smtp Connection",
    "Test Email": "Test email config",
    "Test Email - Tooltip": "Email Address",
+    "The prefix path of the file - Tooltip": "The prefix path of the file - Tooltip",
    "Token URL": "Token URL",
    "Token URL - Tooltip": "Token URL - Tooltip",
    "Type": "Type de texte",
    "Type - Tooltip": "Unique string-style identifier",
    "UserInfo URL": "UserInfo URL",
    "UserInfo URL - Tooltip": "UserInfo URL - Tooltip",
-    "alertType": "Type d'alerte",
-    "canSignIn": "canSignIn",
-    "canSignUp": "canSignUp",
-    "canUnlink": "canUnlink",
-    "prompted": "invitée",
-    "required": "Obligatoire",
-    "visible": "Visible"
+    "Visible": "Visible",
+    "admin (share)": "admin (share)",
+    "alertType": "Type d'alerte"
  },
  "record": {
    "Is Triggered": "Est déclenché"
--- a/web/src/locales/ja/data.json
+++ b/web/src/locales/ja/data.json
@ -6,13 +6,18 @@
    "Sign Up": "新規登録"
  },
  "adapter": {
+    "Add policy successfully": "Add policy successfully",
+    "Delete policy successfully": "Delete policy successfully",
    "Edit Adapter": "Edit Adapter",
    "New Adapter": "New Adapter",
    "Policies": "Policies",
    "Policies - Tooltip": "Policies - Tooltip",
-    "Sync": "Sync"
+    "Repeated policy": "Repeated policy",
+    "Sync": "Sync",
+    "Update policy successfully": "Update policy successfully"
  },
  "application": {
+    "Always": "Always",
    "Auto signin": "Auto signin",
    "Auto signin - Tooltip": "Auto signin - Tooltip",
    "Background URL": "Background URL",
@ -33,6 +38,7 @@
    "Enable signin session - Tooltip": "Enable signin session - Tooltip",
    "Enable signup": "サインアップを有効にする",
    "Enable signup - Tooltip": "Whether to allow users to sign up",
+    "Failed to connect to server": "Failed to connect to server",
    "File uploaded successfully": "ファイルが正常にアップロードされました",
    "Form CSS": "Form CSS",
    "Form CSS - Edit": "Form CSS - Edit",
@ -43,8 +49,11 @@
    "Grant types - Tooltip": "Grant types - Tooltip",
    "Left": "Left",
    "New Application": "New Application",
+    "None": "None",
    "Password ON": "パスワードON",
    "Password ON - Tooltip": "Whether to allow password login",
+    "Please input your application!": "Please input your application!",
+    "Please input your organization!": "Please input your organization!",
    "Please select a HTML file": "HTMLファイルを選択してください",
    "Prompt page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Prompt page URL copied to clipboard successfully, please paste it into the incognito window or another browser",
    "Redirect URL": "リダイレクトURL",
@ -53,24 +62,25 @@
    "Refresh token expire": "トークンの更新の期限が切れます",
    "Refresh token expire - Tooltip": "トークンの有効期限を更新する - ツールチップ",
    "Right": "Right",
+    "Rule": "Rule",
    "SAML metadata": "SAML metadata",
    "SAML metadata - Tooltip": "SAML metadata - Tooltip",
    "SAML metadata URL copied to clipboard successfully": "SAML metadata URL copied to clipboard successfully",
    "Side panel HTML": "Side panel HTML",
    "Side panel HTML - Edit": "Side panel HTML - Edit",
    "Side panel HTML - Tooltip": "Side panel HTML - Tooltip",
+    "Sign Up Error": "Sign Up Error",
    "Signin page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Signin page URL copied to clipboard successfully, please paste it into the incognito window or another browser",
    "Signin session": "サインインセッション",
    "Signup items": "アイテムの登録",
    "Signup items - Tooltip": "Signup items that need to be filled in when users register",
    "Signup page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Signup page URL copied to clipboard successfully, please paste it into the incognito window or another browser",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account",
    "Token expire": "トークンの有効期限",
    "Token expire - Tooltip": "トークンの有効期限 - ツールチップ",
    "Token format": "トークンのフォーマット",
    "Token format - Tooltip": "トークンフォーマット - ツールチップ",
-    "Rule": "Rule",
-    "None": "None",
-    "Always": "Always"
+    "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
  },
  "cert": {
    "Bit size": "ビットサイズ",
@ -170,6 +180,8 @@
    "Is enabled - Tooltip": "有効にする - ツールチップ",
    "LDAPs": "LDAP",
    "LDAPs - Tooltip": "LDAP - ツールチップ",
+    "Languages": "Languages",
+    "Languages - Tooltip": "Languages - Tooltip",
    "Last name": "Last name",
    "Logo": "Logo",
    "Logo - Tooltip": "App's image tag",
@ -290,6 +302,7 @@
    "Sign in with WebAuthn": "Sign in with WebAuthn",
    "Sign in with {type}": "{type} でサインイン",
    "Signing in...": "サインイン中...",
+    "Successfully logged in with webauthn credentials": "Successfully logged in with webauthn credentials",
    "The input is not valid Email or Phone!": "入力されたメールアドレスまたは電話番号が正しくありません。",
    "To access": "アクセスするには",
    "Verification Code": "Verification Code",
@ -311,15 +324,16 @@
    "Favicon": "ファビコン",
    "Is profile public": "Is profile public",
    "Is profile public - Tooltip": "Is profile public - Tooltip",
+    "Modify rule": "Modify rule",
    "New Organization": "New Organization",
    "Soft deletion": "ソフト削除",
    "Soft deletion - Tooltip": "ソフト削除 - ツールチップ",
    "Tags": "Tags",
    "Tags - Tooltip": "Tags - Tooltip",
+    "View rule": "View rule",
+    "Visible": "Visible",
    "Website URL": "Website URL",
-    "Website URL - Tooltip": "Unique string-style identifier",
-    "modifyRule": "modifyRule",
-    "viewRule": "viewRule"
+    "Website URL - Tooltip": "Unique string-style identifier"
  },
  "payment": {
    "Confirm your invoice information": "Confirm your invoice information",
@ -452,6 +466,9 @@
    "Bucket": "バケツ入りバケツ",
    "Bucket - Tooltip": "Storage bucket name",
    "Can not parse Metadata": "メタデータをパースできません",
+    "Can signin": "Can signin",
+    "Can signup": "Can signup",
+    "Can unlink": "Can unlink",
    "Category": "カテゴリ",
    "Category - Tooltip": "Unique string-style identifier",
    "Channel No.": "Channel No.",
@ -474,6 +491,8 @@
    "Email Content - Tooltip": "Unique string-style identifier",
    "Email Title": "メールタイトル",
    "Email Title - Tooltip": "Unique string-style identifier",
+    "Enable QR code": "Enable QR code",
+    "Enable QR code - Tooltip": "Enable QR code - Tooltip",
    "Endpoint": "Endpoint",
    "Endpoint (Intranet)": "エンドポイント (イントラネット)",
    "Host": "ホスト",
@ -491,14 +510,18 @@
    "New Provider": "New Provider",
    "Parse": "Parse",
    "Parse Metadata successfully": "メタデータの解析に成功",
+    "Path prefix": "Path prefix",
+    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
    "Port": "ポート",
    "Port - Tooltip": "Unique string-style identifier",
+    "Prompted": "Prompted",
    "Provider URL": "プロバイダー URL",
    "Provider URL - Tooltip": "Unique string-style identifier",
    "Region ID": "地域ID",
    "Region ID - Tooltip": "リージョンID - ツールチップ",
    "Region endpoint for Internet": "インターネットのリージョンエンドポイント",
    "Region endpoint for Intranet": "イントラネットのリージョンエンドポイント",
+    "Required": "Required",
    "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
    "SMS account": "SMS account",
    "SMS account - Tooltip": "SMS account - Tooltip",
@ -535,19 +558,16 @@
    "Test Connection": "Test Smtp Connection",
    "Test Email": "Test email config",
    "Test Email - Tooltip": "Email Address",
+    "The prefix path of the file - Tooltip": "The prefix path of the file - Tooltip",
    "Token URL": "Token URL",
    "Token URL - Tooltip": "Token URL - Tooltip",
    "Type": "タイプ",
    "Type - Tooltip": "Unique string-style identifier",
    "UserInfo URL": "UserInfo URL",
    "UserInfo URL - Tooltip": "UserInfo URL - Tooltip",
-    "alertType": "alertType",
-    "canSignIn": "canSignIn",
-    "canSignUp": "canSignUp",
-    "canUnlink": "canUnlink",
-    "prompted": "プロンプトされた",
-    "required": "必須",
-    "visible": "表示"
+    "Visible": "Visible",
+    "admin (share)": "admin (share)",
+    "alertType": "alertType"
  },
  "record": {
    "Is Triggered": "トリガーされます"
--- a/web/src/locales/ko/data.json
+++ b/web/src/locales/ko/data.json
@ -6,13 +6,18 @@
    "Sign Up": "Sign Up"
  },
  "adapter": {
+    "Add policy successfully": "Add policy successfully",
+    "Delete policy successfully": "Delete policy successfully",
    "Edit Adapter": "Edit Adapter",
    "New Adapter": "New Adapter",
    "Policies": "Policies",
    "Policies - Tooltip": "Policies - Tooltip",
-    "Sync": "Sync"
+    "Repeated policy": "Repeated policy",
+    "Sync": "Sync",
+    "Update policy successfully": "Update policy successfully"
  },
  "application": {
+    "Always": "Always",
    "Auto signin": "Auto signin",
    "Auto signin - Tooltip": "Auto signin - Tooltip",
    "Background URL": "Background URL",
@ -33,6 +38,7 @@
    "Enable signin session - Tooltip": "Enable signin session - Tooltip",
    "Enable signup": "Enable signup",
    "Enable signup - Tooltip": "Whether to allow users to sign up",
+    "Failed to connect to server": "Failed to connect to server",
    "File uploaded successfully": "File uploaded successfully",
    "Form CSS": "Form CSS",
    "Form CSS - Edit": "Form CSS - Edit",
@ -43,8 +49,11 @@
    "Grant types - Tooltip": "Grant types - Tooltip",
    "Left": "Left",
    "New Application": "New Application",
+    "None": "None",
    "Password ON": "Password ON",
    "Password ON - Tooltip": "Whether to allow password login",
+    "Please input your application!": "Please input your application!",
+    "Please input your organization!": "Please input your organization!",
    "Please select a HTML file": "Please select a HTML file",
    "Prompt page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Prompt page URL copied to clipboard successfully, please paste it into the incognito window or another browser",
    "Redirect URL": "Redirect URL",
@ -53,24 +62,25 @@
    "Refresh token expire": "Refresh token expire",
    "Refresh token expire - Tooltip": "Refresh token expire - Tooltip",
    "Right": "Right",
+    "Rule": "Rule",
    "SAML metadata": "SAML metadata",
    "SAML metadata - Tooltip": "SAML metadata - Tooltip",
    "SAML metadata URL copied to clipboard successfully": "SAML metadata URL copied to clipboard successfully",
    "Side panel HTML": "Side panel HTML",
    "Side panel HTML - Edit": "Side panel HTML - Edit",
    "Side panel HTML - Tooltip": "Side panel HTML - Tooltip",
+    "Sign Up Error": "Sign Up Error",
    "Signin page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Signin page URL copied to clipboard successfully, please paste it into the incognito window or another browser",
    "Signin session": "Signin session",
    "Signup items": "Signup items",
    "Signup items - Tooltip": "Signup items that need to be filled in when users register",
    "Signup page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Signup page URL copied to clipboard successfully, please paste it into the incognito window or another browser",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account",
    "Token expire": "Token expire",
    "Token expire - Tooltip": "Token expire - Tooltip",
    "Token format": "Token format",
    "Token format - Tooltip": "Token format - Tooltip",
-    "Rule": "Rule",
-    "None": "None",
-    "Always": "Always"
+    "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
  },
  "cert": {
    "Bit size": "Bit size",
@ -170,6 +180,8 @@
    "Is enabled - Tooltip": "Is enabled - Tooltip",
    "LDAPs": "LDAPs",
    "LDAPs - Tooltip": "LDAPs - Tooltip",
+    "Languages": "Languages",
+    "Languages - Tooltip": "Languages - Tooltip",
    "Last name": "Last name",
    "Logo": "Logo",
    "Logo - Tooltip": "App's image tag",
@ -290,6 +302,7 @@
    "Sign in with WebAuthn": "Sign in with WebAuthn",
    "Sign in with {type}": "Sign in with {type}",
    "Signing in...": "Signing in...",
+    "Successfully logged in with webauthn credentials": "Successfully logged in with webauthn credentials",
    "The input is not valid Email or Phone!": "The input is not valid Email or Phone!",
    "To access": "To access",
    "Verification Code": "Verification Code",
@ -311,15 +324,16 @@
    "Favicon": "Favicon",
    "Is profile public": "Is profile public",
    "Is profile public - Tooltip": "Is profile public - Tooltip",
+    "Modify rule": "Modify rule",
    "New Organization": "New Organization",
    "Soft deletion": "Soft deletion",
    "Soft deletion - Tooltip": "Soft deletion - Tooltip",
    "Tags": "Tags",
    "Tags - Tooltip": "Tags - Tooltip",
+    "View rule": "View rule",
+    "Visible": "Visible",
    "Website URL": "Website URL",
-    "Website URL - Tooltip": "Unique string-style identifier",
-    "modifyRule": "modifyRule",
-    "viewRule": "viewRule"
+    "Website URL - Tooltip": "Unique string-style identifier"
  },
  "payment": {
    "Confirm your invoice information": "Confirm your invoice information",
@ -452,6 +466,9 @@
    "Bucket": "Bucket",
    "Bucket - Tooltip": "Storage bucket name",
    "Can not parse Metadata": "Can not parse Metadata",
+    "Can signin": "Can signin",
+    "Can signup": "Can signup",
+    "Can unlink": "Can unlink",
    "Category": "Category",
    "Category - Tooltip": "Unique string-style identifier",
    "Channel No.": "Channel No.",
@ -474,6 +491,8 @@
    "Email Content - Tooltip": "Unique string-style identifier",
    "Email Title": "Email title",
    "Email Title - Tooltip": "Unique string-style identifier",
+    "Enable QR code": "Enable QR code",
+    "Enable QR code - Tooltip": "Enable QR code - Tooltip",
    "Endpoint": "Endpoint",
    "Endpoint (Intranet)": "Endpoint (Intranet)",
    "Host": "Host",
@ -491,14 +510,18 @@
    "New Provider": "New Provider",
    "Parse": "Parse",
    "Parse Metadata successfully": "Parse Metadata successfully",
+    "Path prefix": "Path prefix",
+    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
    "Port": "Port",
    "Port - Tooltip": "Unique string-style identifier",
+    "Prompted": "Prompted",
    "Provider URL": "Provider URL",
    "Provider URL - Tooltip": "Unique string-style identifier",
    "Region ID": "Region ID",
    "Region ID - Tooltip": "Region ID - Tooltip",
    "Region endpoint for Internet": "Region endpoint for Internet",
    "Region endpoint for Intranet": "Region endpoint for Intranet",
+    "Required": "Required",
    "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
    "SMS account": "SMS account",
    "SMS account - Tooltip": "SMS account - Tooltip",
@ -535,19 +558,16 @@
    "Test Connection": "Test Smtp Connection",
    "Test Email": "Test email config",
    "Test Email - Tooltip": "Email Address",
+    "The prefix path of the file - Tooltip": "The prefix path of the file - Tooltip",
    "Token URL": "Token URL",
    "Token URL - Tooltip": "Token URL - Tooltip",
    "Type": "Type",
    "Type - Tooltip": "Unique string-style identifier",
    "UserInfo URL": "UserInfo URL",
    "UserInfo URL - Tooltip": "UserInfo URL - Tooltip",
-    "alertType": "alertType",
-    "canSignIn": "canSignIn",
-    "canSignUp": "canSignUp",
-    "canUnlink": "canUnlink",
-    "prompted": "prompted",
-    "required": "required",
-    "visible": "visible"
+    "Visible": "Visible",
+    "admin (share)": "admin (share)",
+    "alertType": "alertType"
  },
  "record": {
    "Is Triggered": "Is Triggered"
--- a/web/src/locales/ru/data.json
+++ b/web/src/locales/ru/data.json
@ -6,13 +6,18 @@
    "Sign Up": "Регистрация"
  },
  "adapter": {
+    "Add policy successfully": "Add policy successfully",
+    "Delete policy successfully": "Delete policy successfully",
    "Edit Adapter": "Edit Adapter",
    "New Adapter": "New Adapter",
    "Policies": "Policies",
    "Policies - Tooltip": "Policies - Tooltip",
-    "Sync": "Sync"
+    "Repeated policy": "Repeated policy",
+    "Sync": "Sync",
+    "Update policy successfully": "Update policy successfully"
  },
  "application": {
+    "Always": "Always",
    "Auto signin": "Auto signin",
    "Auto signin - Tooltip": "Auto signin - Tooltip",
    "Background URL": "Background URL",
@ -33,6 +38,7 @@
    "Enable signin session - Tooltip": "Включить сеанс входа - Подсказка",
    "Enable signup": "Включить регистрацию",
    "Enable signup - Tooltip": "Whether to allow users to sign up",
+    "Failed to connect to server": "Failed to connect to server",
    "File uploaded successfully": "Файл успешно загружен",
    "Form CSS": "Form CSS",
    "Form CSS - Edit": "Form CSS - Edit",
@ -43,8 +49,11 @@
    "Grant types - Tooltip": "Виды грантов - Подсказка",
    "Left": "Left",
    "New Application": "Новое приложение",
+    "None": "None",
    "Password ON": "Пароль ВКЛ",
    "Password ON - Tooltip": "Whether to allow password login",
+    "Please input your application!": "Please input your application!",
+    "Please input your organization!": "Please input your organization!",
    "Please select a HTML file": "Пожалуйста, выберите HTML-файл",
    "Prompt page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Ссылка на страницу успешно скопирована в буфер обмена, пожалуйста, вставьте ее в окно инкогнито или другой браузер",
    "Redirect URL": "URL перенаправления",
@ -53,24 +62,25 @@
    "Refresh token expire": "Срок действия обновления токена истекает",
    "Refresh token expire - Tooltip": "Срок обновления токена истекает - Подсказка",
    "Right": "Right",
+    "Rule": "правило",
    "SAML metadata": "Метаданные SAML",
    "SAML metadata - Tooltip": "Метаданные SAML - Подсказка",
    "SAML metadata URL copied to clipboard successfully": "Адрес метаданных SAML скопирован в буфер обмена",
    "Side panel HTML": "Side panel HTML",
    "Side panel HTML - Edit": "Side panel HTML - Edit",
    "Side panel HTML - Tooltip": "Side panel HTML - Tooltip",
+    "Sign Up Error": "Sign Up Error",
    "Signin page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "URL страницы входа успешно скопирован в буфер обмена, пожалуйста, вставьте его в окно инкогнито или другой браузер",
    "Signin session": "Сессия входа",
    "Signup items": "Элементы регистрации",
    "Signup items - Tooltip": "Signup items that need to be filled in when users register",
    "Signup page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "URL страницы регистрации успешно скопирован в буфер обмена, пожалуйста, вставьте его в окно инкогнито или другой браузер",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account",
    "Token expire": "Токен истекает",
    "Token expire - Tooltip": "Истек токен - Подсказка",
    "Token format": "Формат токена",
    "Token format - Tooltip": "Формат токена - Подсказка",
-    "Rule": "правило",
-    "None": "None",
-    "Always": "Always"
+    "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
  },
  "cert": {
    "Bit size": "Размер бита",
@ -170,6 +180,8 @@
    "Is enabled - Tooltip": "Включено - Подсказка",
    "LDAPs": "LDAPы",
    "LDAPs - Tooltip": "LDAPs - Подсказки",
+    "Languages": "Languages",
+    "Languages - Tooltip": "Languages - Tooltip",
    "Last name": "Фамилия",
    "Logo": "Логотип",
    "Logo - Tooltip": "App's image tag",
@ -290,6 +302,7 @@
    "Sign in with WebAuthn": "Sign in with WebAuthn",
    "Sign in with {type}": "Войти с помощью {type}",
    "Signing in...": "Вход...",
+    "Successfully logged in with webauthn credentials": "Successfully logged in with webauthn credentials",
    "The input is not valid Email or Phone!": "Введен неверный адрес электронной почты или телефон!",
    "To access": "На доступ",
    "Verification Code": "Verification Code",
@ -311,15 +324,16 @@
    "Favicon": "Иконка",
    "Is profile public": "Is profile public",
    "Is profile public - Tooltip": "Is profile public - Tooltip",
+    "Modify rule": "Modify rule",
    "New Organization": "New Organization",
    "Soft deletion": "Мягкое удаление",
    "Soft deletion - Tooltip": "Мягкое удаление - Подсказка",
    "Tags": "Tags",
    "Tags - Tooltip": "Tags - Tooltip",
+    "View rule": "View rule",
+    "Visible": "Visible",
    "Website URL": "URL сайта",
-    "Website URL - Tooltip": "Unique string-style identifier",
-    "modifyRule": "modifyRule",
-    "viewRule": "viewRule"
+    "Website URL - Tooltip": "Unique string-style identifier"
  },
  "payment": {
    "Confirm your invoice information": "Confirm your invoice information",
@ -452,6 +466,9 @@
    "Bucket": "Ведро",
    "Bucket - Tooltip": "Storage bucket name",
    "Can not parse Metadata": "Невозможно разобрать метаданные",
+    "Can signin": "Can signin",
+    "Can signup": "Can signup",
+    "Can unlink": "Can unlink",
    "Category": "Категория",
    "Category - Tooltip": "Unique string-style identifier",
    "Channel No.": "Channel No.",
@ -474,6 +491,8 @@
    "Email Content - Tooltip": "Unique string-style identifier",
    "Email Title": "Заголовок письма",
    "Email Title - Tooltip": "Unique string-style identifier",
+    "Enable QR code": "Enable QR code",
+    "Enable QR code - Tooltip": "Enable QR code - Tooltip",
    "Endpoint": "Endpoint",
    "Endpoint (Intranet)": "Точка входа (Intranet)",
    "Host": "Хост",
@ -491,14 +510,18 @@
    "New Provider": "New Provider",
    "Parse": "Parse",
    "Parse Metadata successfully": "Анализ метаданных успешно завершен",
+    "Path prefix": "Path prefix",
+    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
    "Port": "Порт",
    "Port - Tooltip": "Unique string-style identifier",
+    "Prompted": "Prompted",
    "Provider URL": "URL провайдера",
    "Provider URL - Tooltip": "Unique string-style identifier",
    "Region ID": "ID региона",
    "Region ID - Tooltip": "Идентификатор региона - Подсказка",
    "Region endpoint for Internet": "Конечная точка региона для Интернета",
    "Region endpoint for Intranet": "Конечная точка региона Интранета",
+    "Required": "Required",
    "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
    "SMS account": "SMS account",
    "SMS account - Tooltip": "SMS account - Tooltip",
@ -535,19 +558,16 @@
    "Test Connection": "Test Smtp Connection",
    "Test Email": "Test email config",
    "Test Email - Tooltip": "Email Address",
+    "The prefix path of the file - Tooltip": "The prefix path of the file - Tooltip",
    "Token URL": "Token URL",
    "Token URL - Tooltip": "Token URL - Tooltip",
    "Type": "Тип",
    "Type - Tooltip": "Unique string-style identifier",
    "UserInfo URL": "UserInfo URL",
    "UserInfo URL - Tooltip": "UserInfo URL - Tooltip",
-    "alertType": "тип оповещения",
-    "canSignIn": "canSignIn",
-    "canSignUp": "canSignUp",
-    "canUnlink": "canUnlink",
-    "prompted": "запрошено",
-    "required": "обязательный",
-    "visible": "видимый"
+    "Visible": "Visible",
+    "admin (share)": "admin (share)",
+    "alertType": "тип оповещения"
  },
  "record": {
    "Is Triggered": "Срабатывает"
--- a/web/src/locales/zh/data.json
+++ b/web/src/locales/zh/data.json
@ -6,13 +6,18 @@
    "Sign Up": "注册"
  },
  "adapter": {
+    "Add policy successfully": "添加策略成功",
+    "Delete policy successfully": "删除策略成功",
    "Edit Adapter": "编辑适配器",
    "New Adapter": "添加适配器",
    "Policies": "策略",
    "Policies - Tooltip": "策略",
-    "Sync": "同步"
+    "Repeated policy": "策略重复",
+    "Sync": "同步",
+    "Update policy successfully": "更新策略成功"
  },
  "application": {
+    "Always": "始终开启",
    "Auto signin": "启用自动登录",
    "Auto signin - Tooltip": "当Casdoor存在已登录会话时，自动采用该会话进行应用端的登录",
    "Background URL": "背景图URL",
@ -33,6 +38,7 @@
    "Enable signin session - Tooltip": "从应用登录Casdoor后，Casdoor是否保持会话",
    "Enable signup": "启用注册",
    "Enable signup - Tooltip": "是否允许用户注册",
+    "Failed to connect to server": "无法连接服务器",
    "File uploaded successfully": "文件上传成功",
    "Form CSS": "表单CSS",
    "Form CSS - Edit": "编辑表单CSS",
@ -43,8 +49,11 @@
    "Grant types - Tooltip": "选择允许哪些OAuth协议中的Grant types",
    "Left": "居左",
    "New Application": "添加应用",
+    "None": "关闭",
    "Password ON": "开启密码",
    "Password ON - Tooltip": "是否允许密码登录",
+    "Please input your application!": "请输入你的应用",
+    "Please input your organization!": "请输入你的组织",
    "Please select a HTML file": "请选择一个HTML文件",
    "Prompt page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "提醒页面URL已成功复制到剪贴板，请粘贴到当前浏览器的隐身模式窗口或另一个浏览器访问",
    "Redirect URL": "重定向 URL",
@ -53,24 +62,25 @@
    "Refresh token expire": "Refresh Token过期",
    "Refresh token expire - Tooltip": "Refresh Token过期时间",
    "Right": "居右",
+    "Rule": "规则",
    "SAML metadata": "SAML元数据",
    "SAML metadata - Tooltip": "SAML协议的元数据（Metadata）信息",
    "SAML metadata URL copied to clipboard successfully": "SAML元数据URL已成功复制到剪贴板",
    "Side panel HTML": "侧面板 HTML",
    "Side panel HTML - Edit": "侧面板 HTML - 编辑",
    "Side panel HTML - Tooltip": "侧面板 HTML - Tooltip",
+    "Sign Up Error": "注册错误",
    "Signin page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "登录页面URL已成功复制到剪贴板，请粘贴到当前浏览器的隐身模式窗口或另一个浏览器访问",
    "Signin session": "保持登录会话",
    "Signup items": "注册项",
    "Signup items - Tooltip": "注册用户注册时需要填写的项目",
    "Signup page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "注册页面URL已成功复制到剪贴板，请粘贴到当前浏览器的隐身模式窗口或另一个浏览器访问",
+    "The application does not allow to sign up new account": "该应用不允许注册新账户",
    "Token expire": "Access Token过期",
    "Token expire - Tooltip": "Access Token过期时间",
    "Token format": "Access Token格式",
    "Token format - Tooltip": "Access Token格式",
-    "Rule": "规则",
-    "None": "关闭",
-    "Always": "始终开启"
+    "You are unexpected to see this prompt page": "错误跳转至提醒页面"
  },
  "cert": {
    "Bit size": "位大小",
@ -170,6 +180,8 @@
    "Is enabled - Tooltip": "是否启用",
    "LDAPs": "LDAP",
    "LDAPs - Tooltip": "LDAPs",
+    "Languages": "语言",
+    "Languages - Tooltip": "可选语言",
    "Last name": "姓氏",
    "Logo": "Logo",
    "Logo - Tooltip": "应用程序向外展示的图标",
@ -290,6 +302,7 @@
    "Sign in with WebAuthn": "WebAuthn登录",
    "Sign in with {type}": "{type}登录",
    "Signing in...": "正在登录...",
+    "Successfully logged in with webauthn credentials": "成功使用WebAuthn证书登录",
    "The input is not valid Email or Phone!": "您输入的电子邮箱格式或手机号有误！",
    "To access": "访问",
    "Verification Code": "验证码",
@ -311,15 +324,16 @@
    "Favicon": "图标",
    "Is profile public": "用户个人页公开",
    "Is profile public - Tooltip": "关闭后，只有全局管理员或同组织用户才能访问用户主页",
+    "Modify rule": "修改规则",
    "New Organization": "添加组织",
    "Soft deletion": "软删除",
    "Soft deletion - Tooltip": "启用后，删除用户信息时不会在数据库彻底清除，只会标记为已删除状态",
    "Tags": "标签集合",
    "Tags - Tooltip": "可供用户选择的标签的集合",
+    "View rule": "查看规则",
+    "Visible": "是否可见",
    "Website URL": "网页地址",
-    "Website URL - Tooltip": "网页地址",
-    "modifyRule": "修改规则",
-    "viewRule": "查看规则"
+    "Website URL - Tooltip": "网页地址"
  },
  "payment": {
    "Confirm your invoice information": "确认您的发票信息",
@ -452,6 +466,9 @@
    "Bucket": "存储桶",
    "Bucket - Tooltip": "Bucket名称",
    "Can not parse Metadata": "无法解析元数据",
+    "Can signin": "可用于登录",
+    "Can signup": "可用于注册",
+    "Can unlink": "可解绑定",
    "Category": "分类",
    "Category - Tooltip": "分类",
    "Channel No.": "Channel No.",
@ -474,6 +491,8 @@
    "Email Content - Tooltip": "邮件内容",
    "Email Title": "邮件标题",
    "Email Title - Tooltip": "邮件标题",
+    "Enable QR code": "扫码登陆",
+    "Enable QR code - Tooltip": "扫码登陆 - 工具提示",
    "Endpoint": "地域节点 (外网)",
    "Endpoint (Intranet)": "地域节点 (内网)",
    "Host": "主机",
@ -491,14 +510,18 @@
    "New Provider": "添加提供商",
    "Parse": "Parse",
    "Parse Metadata successfully": "解析元数据成功",
+    "Path prefix": "路径前缀",
+    "Please use WeChat and scan the QR code to sign in": "请使用微信扫描二维码登录",
    "Port": "端口",
    "Port - Tooltip": "端口号",
+    "Prompted": "注册后提醒绑定",
    "Provider URL": "提供商URL",
    "Provider URL - Tooltip": "提供商URL",
    "Region ID": "地域ID",
    "Region ID - Tooltip": "地域ID",
    "Region endpoint for Internet": "地域节点 (外网)",
    "Region endpoint for Intranet": "地域节点 (内网)",
+    "Required": "是否必填项",
    "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
    "SMS account": "SMS account",
    "SMS account - Tooltip": "SMS account - Tooltip",
@ -535,19 +558,16 @@
    "Test Connection": "测试SMTP连接",
    "Test Email": "测试Email配置",
    "Test Email - Tooltip": "邮箱地址",
+    "The prefix path of the file - Tooltip": "文件的路径前缀 - 工具提示",
    "Token URL": "Token URL",
    "Token URL - Tooltip": "Token URL - 工具提示",
    "Type": "类型",
    "Type - Tooltip": "类型",
    "UserInfo URL": "UserInfo URL",
    "UserInfo URL - Tooltip": "UserInfo URL - 工具提示",
-    "alertType": "警报类型",
-    "canSignIn": "可用于登录",
-    "canSignUp": "可用于注册",
-    "canUnlink": "可解绑定",
-    "prompted": "注册后提醒绑定",
-    "required": "是否必填项",
-    "visible": "是否可见"
+    "Visible": "是否可见",
+    "admin (share)": "admin (share)",
+    "alertType": "警报类型"
  },
  "record": {
    "Is Triggered": "已触发"
Author	SHA1	Message	Date
Mr Forest	fe448cbcf4	feat: check user existence when signing in via verification code (#1334 ) * fix:check user existence when logining by verification code * fix review problems * Update verification.go Co-authored-by: hsluoyz <hsluoyz@qq.com>	2022-11-28 00:11:33 +08:00
Chell	2ab25df950	fix: prompt page translation (#1330 ) * fix: prompt page translation * add multiple translations * fix: translation consistency * fix: translation consistency * fix: add translation * fix: add translation * Update data.json Co-authored-by: hsluoyz <hsluoyz@qq.com>	2022-11-27 21:04:45 +08:00
WangGuan	b895926754	feat: use another filename when uploading a duplicated file instead of replacing it (#1329 ) * fix: upload a file with the same name, not replace * Update resource.go Co-authored-by: hsluoyz <hsluoyz@qq.com>	2022-11-27 17:32:15 +08:00
YiNN	5bb7a4153f	feat: add cloudflare turnstile captcha (#1327 ) * feat: add cloudflare turnstile captcha * fix: rename turnstile to cloudflare turnstile	2022-11-26 17:17:49 +08:00
Yaodong Yu	b7cd598ee8	fix: fail to return after flush the page (#1325 ) * fix: fail to return after flush the page Old methed just get the url path parameter when click the butten. But when the page flushed, the returnUrl will disappear, so can not return to the specified page. * Update UserEditPage.js * Update UserEditPage.js Co-authored-by: hsluoyz <hsluoyz@qq.com>	2022-11-25 23:08:45 +08:00
Yaodong Yu	b10fb97c92	feat: finish policy list management (#1317 )	2022-11-25 16:02:20 +08:00
Yaodong Yu	b337b908ea	feat: fix the bug that admin cannot upload avatar for other users (#1323 )	2022-11-25 09:36:47 +08:00
Mr Forest	ba9d1e2388	fix: fix bug in GetAcceptLanguage() (#1322 )	2022-11-24 20:43:35 +08:00
Mr Forest	29ec1d2d9c	feat: update Xorm to v1.0.5 to fix the PostgreSQL bug in Xorm (#1321 ) * fix:update xorm version * fix pr problems * update xorm version to 1.2.0 * update xorm version to 1.0.5 * fix pr problems * generate go.sum file	2022-11-24 19:28:51 +08:00
Mr Forest	84a03f6c8e	feat: add webhook for add/update org/provider (#1316 )	2022-11-24 00:29:15 +08:00
会思考的下丘脑	56ff06bbea	feat: add parameter v0 for Casbin APIs (#1315 )	2022-11-23 22:39:17 +08:00
Yaodong Yu	7e756b8ee2	feat: manager applications in organization scope (#1290 ) * feat: manager applications in organization scope(front end) * fix: application can use own organization and admin provider * fix: improve methed to get provider * fix: modify provider methods by convention	2022-11-21 01:17:55 +08:00
Yaodong Yu	19ba37e0c2	feat: can specify available UI languages for an organization (#1306 )	2022-11-19 22:11:19 +08:00
Mr Forest	b98ce19211	feat: fix bug in GetDefaultApplication() that caused login error for other orgs (#1299 ) * fix:fix bug in GetDefaultApplication * fix:fix bug in GetDefaultApplication	2022-11-16 00:39:05 +08:00
会思考的下丘脑	37d1a73c0c	feat: encode redirectUri (#1297 )	2022-11-15 19:05:59 +08:00
Yaodong Yu	727877cf54	fix: illegal user when new a permission (#1298 )	2022-11-15 14:19:20 +08:00
Mr Forest	939b416717	fix: limit only under PC can login by following Wechat Official Account (#1293 )	2022-11-14 09:03:55 +08:00
imp2002	f115843fbb	feat: fix verification code send time's limit logic (#1292 )	2022-11-13 22:00:48 +08:00
Mr Forest	aa6a4dc74f	feat: support login by following wechat official account (#1284 ) * show QRcode when click WeChat Icon * update how to show qrcode * handle wechat scan qrcode * fix api problems * fix url problems * fix problems * modify get frequency * remove useless print * fix:fix PR problems * fix: fix PR problems * fix:fix PR problem * fix IMG load delay problems * fix:fix provider problems * fix test problems * use gofumpt to fmt code * fix:delete useless variables * feat:add button for follow official account * fix:fix review problems * use gofumpt to fmt code * fix:fix scantype problems * fix Response problem * use gofumpt to format code	2022-11-13 15:05:15 +08:00
cofecatt	462a82a3d5	fix: Add distinctions between access_token and refresh_token (#1280 )	2022-11-13 13:00:25 +08:00
Dinn	262aeba7e2	fix(RoleEditPage): Fix a crash when the sample role domains is null (#1268 )	2022-11-13 12:28:24 +08:00
Chell	61c2fd5412	feat: fix the issue of jumping back to the login page after resetting password (#1288 ) * fix: redirect to login page * fix: front end router * fix: front end router * fix: signup page router * fix: redirect to login page	2022-11-13 12:16:49 +08:00
Chell	d542208eb8	feat: fix select language box overlay (#1289 ) * fix: select language box overlay * fix: select language box position * fix: select language box position * fix: select language box position	2022-11-13 10:52:22 +08:00
Yaodong Yu	f818200c95	feat: fix empty organization in adapter edit page (#1274 )	2022-11-08 21:03:15 +08:00
Yaodong Yu	5bc2e91344	fix: fix typo (#1264 )	2022-11-06 21:14:26 +08:00
Gucheng Wang	295f732b18	Show tag in i18n	2022-11-06 20:19:31 +08:00
cofecatt	770ae47471	feat: fix memory leak problem (#1257 )	2022-11-06 01:43:27 +08:00
Chell	2ce4f96355	fix: forget page mobile view (#1263 )	2022-11-05 22:54:22 +08:00
Chell	07ed834b27	fix: system info mobile view (#1261 )	2022-11-05 22:46:52 +08:00
Yaodong Yu	8d686411ee	feat: support add providers inside the Organization scope (#1250 ) * feat: support add providers inside the Organization scope Signed-off-by: magicwind <2814461814@qq.com> * Update ProviderListPage.js * fix: gloabal admin can see all providers * fix: table fixed column warning * fix: edit application page can get all providers Signed-off-by: magicwind <2814461814@qq.com> Co-authored-by: hsluoyz <hsluoyz@qq.com>	2022-11-04 21:31:08 +08:00
Yaodong Yu	ce722897f1	feat: support prefix path for storage files (#1258 )	2022-11-04 21:08:39 +08:00
Mr Forest	a8381e875b	feat: change all occurrences when a object name is changed (#1252 )	2022-11-02 00:17:38 +08:00
Ke Wang	4c81fd7d16	feat: fix generating wrong x.509 private key file header (#1253 ) According to the [official x509 documentation](https://pkg.go.dev/crypto/x509#MarshalPKCS1PrivateKey), the private key generated using `x509.MarshalPKCS1PrivateKey` starts with `-----BEGIN RSA PRIVATE KEY-----` instead of `-----BEGIN PRIVATE KEY-----`. Otherwise, it will not be parsed by most tools (like OpenSSL, [jwt.io](https://jwt.io/), etc.) because it does not conform to the specification.	2022-11-01 22:19:38 +08:00
xAmast	25ee4226d3	feat: clear the session of a signin but non-existent user (#1246 )	2022-10-29 20:18:02 +08:00
Bingchang Chen	9d5b019243	fix: nil error if init data is empty (#1247 )	2022-10-29 20:04:43 +08:00
Mr Forest	6bb7b545b4	feat: restrict DingTalk user log in who is under the DingTalk Org(which ClientId belong) (#1241 ) * feat: fix bug in GetAcceptLanguage() * feat: add appName when logging in with DingTalk * fix review problems * format code * delete useless printf * modify display name Co-authored-by: Gucheng Wang <nomeguy@qq.com>	2022-10-28 22:14:05 +08:00