test: add step in gitHub action from running tests first (#476 )

* Add step for running tests in github actions The test xlsx/xlsx_test.go is removed becout the path containing file not exist. * Fix error in test * test: This test was supposed to test getUsers, but it does nothing This test will be rewrite for using a clean database, today its necessary create a syncer manualy for this test pass. * Add syncer tests * Fix Copyright position * fix: back with test file
fix: use new dingtalk api and support qrcode method (#486 )
2025-08-16 03:20:42 +08:00 · 2022-02-10 17:15:15 +08:00 · 2022-02-10 17:14:18 +08:00 · 2022-02-08 20:59:20 +08:00 · 2022-02-08 20:52:20 +08:00 · 2022-02-07 22:21:19 +08:00
45 changed files with 1712 additions and 313 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -3,9 +3,33 @@ name: Build
 on: [push, pull_request]

 jobs:
+
+  go-tests:
+    name: Running Go tests
+    runs-on: ubuntu-latest
+    services:
+      mysql:
+          image: mysql:5.7
+          env:
+            MYSQL_DATABASE: casdoor
+            MYSQL_ROOT_PASSWORD: 123456
+          ports:
+              - 3306:3306
+          options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-go@v2
+        with:
+          go-version: '^1.16.5'
+      - name: Tests
+        run: |
+          go test -v $(go list ./...) -tags skipCi
+        working-directory: ./
+
  frontend:
    name: Front-end
    runs-on: ubuntu-latest
+    needs: [ go-tests ]
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
@@ -14,10 +38,10 @@ jobs:
      - run: yarn install && CI=false yarn run build
        working-directory: ./web

-
  backend:
    name: Back-end
    runs-on: ubuntu-latest
+    needs: [ go-tests ]
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-go@v2
--- a/conf/app.conf
+++ b/conf/app.conf
@@ -16,4 +16,4 @@ httpProxy = "127.0.0.1:10808"
 verificationCodeTimeout = 10
 initScore = 2000
 logPostOnly = true
-origin = "https://door.casbin.com"
+origin =
--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -55,7 +55,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		challengeMethod := c.Input().Get("code_challenge_method")
 		codeChallenge := c.Input().Get("code_challenge")

-		if challengeMethod != "S256" && challengeMethod != "null" {
+		if challengeMethod != "S256" && challengeMethod != "null" && challengeMethod != "" {
 			c.ResponseError("Challenge method should be S256")
 			return
 		}
@@ -221,7 +221,7 @@ func (c *ApiController) Login() {
 				clientSecret = provider.ClientSecret2
 			}

-			idProvider := idp.GetIdProvider(provider.Type, provider.SubType, clientId, clientSecret, form.RedirectUri)
+			idProvider := idp.GetIdProvider(provider.Type, provider.SubType, clientId, clientSecret, provider.AppId, form.RedirectUri)
 			if idProvider == nil {
 				c.ResponseError(fmt.Sprintf("The provider type: %s is not supported", provider.Type))
 				return
--- a/controllers/oidc_discovery.go
+++ b/controllers/oidc_discovery.go
@@ -20,7 +20,8 @@ import "github.com/casdoor/casdoor/object"
 // @Tag OIDC API
 // @router /.well-known/openid-configuration [get]
 func (c *RootController) GetOidcDiscovery() {
-	c.Data["json"] = object.GetOidcDiscovery()
+	host := c.Ctx.Request.Host
+	c.Data["json"] = object.GetOidcDiscovery(host)
 	c.ServeJSON()
 }

--- a/controllers/payment.go
+++ b/controllers/payment.go
@@ -0,0 +1,116 @@
+// Copyright 2022 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/astaxie/beego/utils/pagination"
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
+)
+
+// GetPayments
+// @Title GetPayments
+// @Tag Payment API
+// @Description get payments
+// @Param   owner     query    string  true        "The owner of payments"
+// @Success 200 {array} object.Payment The Response object
+// @router /get-payments [get]
+func (c *ApiController) GetPayments() {
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	if limit == "" || page == "" {
+		c.Data["json"] = object.GetPayments(owner)
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetPaymentCount(owner, field, value)))
+		payments := object.GetPaginationPayments(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		c.ResponseOk(payments, paginator.Nums())
+	}
+}
+
+// @Title GetPayment
+// @Tag Payment API
+// @Description get payment
+// @Param   id    query    string  true        "The id of the payment"
+// @Success 200 {object} object.Payment The Response object
+// @router /get-payment [get]
+func (c *ApiController) GetPayment() {
+	id := c.Input().Get("id")
+
+	c.Data["json"] = object.GetPayment(id)
+	c.ServeJSON()
+}
+
+// @Title UpdatePayment
+// @Tag Payment API
+// @Description update payment
+// @Param   id    query    string  true        "The id of the payment"
+// @Param   body    body   object.Payment  true        "The details of the payment"
+// @Success 200 {object} controllers.Response The Response object
+// @router /update-payment [post]
+func (c *ApiController) UpdatePayment() {
+	id := c.Input().Get("id")
+
+	var payment object.Payment
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &payment)
+	if err != nil {
+		panic(err)
+	}
+
+	c.Data["json"] = wrapActionResponse(object.UpdatePayment(id, &payment))
+	c.ServeJSON()
+}
+
+// @Title AddPayment
+// @Tag Payment API
+// @Description add payment
+// @Param   body    body   object.Payment  true        "The details of the payment"
+// @Success 200 {object} controllers.Response The Response object
+// @router /add-payment [post]
+func (c *ApiController) AddPayment() {
+	var payment object.Payment
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &payment)
+	if err != nil {
+		panic(err)
+	}
+
+	c.Data["json"] = wrapActionResponse(object.AddPayment(&payment))
+	c.ServeJSON()
+}
+
+// @Title DeletePayment
+// @Tag Payment API
+// @Description delete payment
+// @Param   body    body   object.Payment  true        "The details of the payment"
+// @Success 200 {object} controllers.Response The Response object
+// @router /delete-payment [post]
+func (c *ApiController) DeletePayment() {
+	var payment object.Payment
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &payment)
+	if err != nil {
+		panic(err)
+	}
+
+	c.Data["json"] = wrapActionResponse(object.DeletePayment(&payment))
+	c.ServeJSON()
+}
--- a/controllers/token.go
+++ b/controllers/token.go
@@ -145,7 +145,7 @@ func (c *ApiController) GetOAuthCode() {
 	challengeMethod := c.Input().Get("code_challenge_method")
 	codeChallenge := c.Input().Get("code_challenge")

-	if challengeMethod != "S256" && challengeMethod != "null" {
+	if challengeMethod != "S256" && challengeMethod != "null" && challengeMethod != "" {
 		c.ResponseError("Challenge method should be S256")
 		return
 	}
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,7 +1,7 @@
 version: '3.1'
 services:
-  restart: always
  casdoor:
+    restart: always
    build:
      context: ./
      dockerfile: Dockerfile
--- a/go.mod
+++ b/go.mod
@@ -25,6 +25,7 @@ require (
 	github.com/russellhaering/goxmldsig v1.1.1
 	github.com/satori/go.uuid v1.2.0 // indirect
 	github.com/smartystreets/goconvey v1.6.4 // indirect
+	github.com/stretchr/testify v1.6.1
 	github.com/tealeg/xlsx v1.0.5
 	github.com/thanhpk/randstr v1.0.4
 	golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3
@@ -35,6 +36,7 @@ require (
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df // indirect
 	gopkg.in/ini.v1 v1.62.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0
+	gopkg.in/yaml.v2 v2.3.0 // indirect
 	xorm.io/core v0.7.2
 	xorm.io/xorm v1.0.3
 )
--- a/go.sum
+++ b/go.sum
@@ -667,8 +667,9 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
+gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b h1:h8qDotaEPuJATrMmW04NCwg7v22aHH28wwpauUhK9Oo=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
--- a/idp/dingtalk.go
+++ b/idp/dingtalk.go
@@ -15,32 +15,16 @@
 package idp

 import (
-	"bytes"
-	"crypto/hmac"
-	"crypto/sha256"
-	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io"
 	"net/http"
-	"net/url"
-	"strconv"
 	"strings"
 	"time"

 	"golang.org/x/oauth2"
 )

-// A total of three steps are required:
-//
-// 1. Construct the link and get the temporary authorization code
-//	tmp_auth_code through the code at the end of the url.
-//
-// 2. Use hmac256 to calculate the signature, and then submit it together with timestamp,
-//	tmp_auth_code, accessKey to obtain unionid, userid, accessKey.
-//
-// 3. Get detailed information through userid.
-
 type DingTalkIdProvider struct {
 	Client *http.Client
 	Config *oauth2.Config
@@ -64,8 +48,8 @@ func (idp *DingTalkIdProvider) SetHttpClient(client *http.Client) {
 // getConfig return a point of Config, which describes a typical 3-legged OAuth2 flow
 func (idp *DingTalkIdProvider) getConfig(clientId string, clientSecret string, redirectUrl string) *oauth2.Config {
 	var endpoint = oauth2.Endpoint{
-		AuthURL:  "https://oapi.dingtalk.com/sns/getuserinfo_bycode",
-		TokenURL: "https://oapi.dingtalk.com/gettoken",
+		AuthURL:  "https://api.dingtalk.com/v1.0/contact/users/me",
+		TokenURL: "https://api.dingtalk.com/v1.0/oauth2/userAccessToken",
 	}

 	var config = &oauth2.Config{
@@ -83,256 +67,121 @@ func (idp *DingTalkIdProvider) getConfig(clientId string, clientSecret string, r
 }

 type DingTalkAccessToken struct {
-	ErrCode     int    `json:"errcode"`
-	ErrMsg      string `json:"errmsg"`
-	AccessToken string `json:"access_token"` // Interface call credentials
-	ExpiresIn   int64  `json:"expires_in"`   // access_token interface call credential timeout time, unit (seconds)
+	ErrCode     int    `json:"code"`
+	ErrMsg      string `json:"message"`
+	AccessToken string `json:"accessToken"` // Interface call credentials
+	ExpiresIn   int64  `json:"expireIn"`    // access_token interface call credential timeout time, unit (seconds)
 }

-type DingTalkIds struct {
-	UserId  string `json:"user_id"`
-	UnionId string `json:"union_id"`
-}
-
-type InfoResp struct {
-	Errcode  int `json:"errcode"`
-	UserInfo struct {
-		Nick                 string `json:"nick"`
-		Unionid              string `json:"unionid"`
-		Openid               string `json:"openid"`
-		MainOrgAuthHighLevel bool   `json:"main_org_auth_high_level"`
-	} `json:"user_info"`
-	Errmsg string `json:"errmsg"`
-}
-
-// GetToken use code get access_token (*operation of getting code ought to be done in front)
-// get more detail via: https://developers.dingtalk.com/document/app/dingtalk-retrieve-user-information?spm=ding_open_doc.document.0.0.51b91a31wWV3tY#doc-api-dingtalk-GetUser
+// GetToken use code get access_token (*operation of getting authCode ought to be done in front)
+// get more detail via: https://open.dingtalk.com/document/orgapp-server/obtain-user-token
 func (idp *DingTalkIdProvider) GetToken(code string) (*oauth2.Token, error) {
-	timestamp := strconv.FormatInt(time.Now().UnixNano()/1e6, 10)
-	signature := EncodeSHA256(timestamp, idp.Config.ClientSecret)
-	u := fmt.Sprintf(
-		"%s?accessKey=%s&timestamp=%s&signature=%s", idp.Config.Endpoint.AuthURL,
-		idp.Config.ClientID, timestamp, signature)
+	pTokenParams := &struct {
+		ClientId     string `json:"clientId"`
+		ClientSecret string `json:"clientSecret"`
+		Code         string `json:"code"`
+		GrantType    string `json:"grantType"`
+	}{idp.Config.ClientID, idp.Config.ClientSecret, code, "authorization_code"}

-	tmpCode := struct {
-		TmpAuthCode string `json:"tmp_auth_code"`
-	}{code}
-	bs, _ := json.Marshal(tmpCode)
-	r := strings.NewReader(string(bs))
-	resp, err := http.Post(u, "application/json;charset=UTF-8", r)
+	data, err := idp.postWithBody(pTokenParams, idp.Config.Endpoint.TokenURL)
 	if err != nil {
 		return nil, err
 	}

-	defer func(Body io.ReadCloser) {
-		err := Body.Close()
-		if err != nil {
-			return
-		}
-	}(resp.Body)
-
-	body, _ := io.ReadAll(resp.Body)
-	info := InfoResp{}
-	_ = json.Unmarshal(body, &info)
-	errCode := info.Errcode
-	if errCode != 0 {
-		return nil, fmt.Errorf("%d: %s", errCode, info.Errmsg)
-	}
-
-	u2 := fmt.Sprintf("%s?appkey=%s&appsecret=%s", idp.Config.Endpoint.TokenURL, idp.Config.ClientID, idp.Config.ClientSecret)
-	resp, _ = http.Get(u2)
-	defer func(Body io.ReadCloser) {
-		err := Body.Close()
-		if err != nil {
-			return
-		}
-	}(resp.Body)
-	body, _ = io.ReadAll(resp.Body)
-	tokenResp := DingTalkAccessToken{}
-	_ = json.Unmarshal(body, &tokenResp)
-	if tokenResp.ErrCode != 0 {
-		return nil, fmt.Errorf("%d: %s", tokenResp.ErrCode, tokenResp.ErrMsg)
-	}
-
-	// use unionid to get userid
-	unionid := info.UserInfo.Unionid
-	userid, err := idp.GetUseridByUnionid(tokenResp.AccessToken, unionid)
+	pToken := &DingTalkAccessToken{}
+	err = json.Unmarshal(data, pToken)
 	if err != nil {
 		return nil, err
 	}

-	// Since DingTalk does not require scopes, put userid and unionid into
-	// idp.config.scopes to facilitate GetUserInfo() to obtain these two parameters.
-	idp.Config.Scopes = []string{unionid, userid}
+	if pToken.ErrCode != 0 {
+		return nil, fmt.Errorf("pToken.Errcode = %d, pToken.Errmsg = %s", pToken.ErrCode, pToken.ErrMsg)
+	}

 	token := &oauth2.Token{
-		AccessToken: tokenResp.AccessToken,
-		Expiry:      time.Unix(time.Now().Unix()+tokenResp.ExpiresIn, 0),
+		AccessToken: pToken.AccessToken,
+		Expiry:      time.Unix(time.Now().Unix()+int64(pToken.ExpiresIn), 0),
 	}
-
 	return token, nil
 }

-type UnionIdResponse struct {
-	Errcode int    `json:"errcode"`
-	Errmsg  string `json:"errmsg"`
-	Result  struct {
-		ContactType string `json:"contact_type"`
-		Userid      string `json:"userid"`
-	} `json:"result"`
-	RequestId string `json:"request_id"`
-}
-
-// GetUseridByUnionid ...
-func (idp *DingTalkIdProvider) GetUseridByUnionid(accesstoken, unionid string) (userid string, err error) {
-	u := fmt.Sprintf("https://oapi.dingtalk.com/topapi/user/getbyunionid?access_token=%s&unionid=%s",
-		accesstoken, unionid)
-	useridInfo, err := idp.GetUrlResp(u)
-	if err != nil {
-		return "", err
-	}
-
-	uresp := UnionIdResponse{}
-	_ = json.Unmarshal([]byte(useridInfo), &uresp)
-	errcode := uresp.Errcode
-	if errcode != 0 {
-		return "", fmt.Errorf("%d: %s", errcode, uresp.Errmsg)
-	}
-	return uresp.Result.Userid, nil
-}
-
 /*
 {
-	"errcode":0,
-	"result":{
-		"boss":false,
-		"unionid":"5M6zgZBKQPCxdiPdANeJ6MgiEiE",
-		"role_list":[
-			{
-				"group_name":"默认",
-				"name":"主管理员",
-				"id":2062489174
-			}
-		],
-		"exclusive_account":false,
-		"mobile":"15236176076",
-		"active":true,
-		"admin":true,
-		"avatar":"https://static-legacy.dingtalk.com/media/lALPDeRETW9WAnnNAyDNAyA_800_800.png",
-		"hide_mobile":false,
-		"userid":"manager4713",
-		"senior":false,
-		"dept_order_list":[
-			{
-				"dept_id":1,
-				"order":176294576350761512
-			}
-		],
-		"real_authed":true,
-		"name":"刘继坤",
-		"dept_id_list":[
-			1
-		],
-		"state_code":"86",
-		"email":"",
-		"leader_in_dept":[
-			{
-				"leader":false,
-				"dept_id":1
-			}
-		]
-	},
-	"errmsg":"ok",
-	"request_id":"3sug9d2exsla"
+{
+  "nick" : "zhangsan",
+  "avatarUrl" : "https://xxx",
+  "mobile" : "150xxxx9144",
+  "openId" : "123",
+  "unionId" : "z21HjQliSzpw0Yxxxx",
+  "email" : "zhangsan@alibaba-inc.com",
+  "stateCode" : "86"
 }
 */

 type DingTalkUserResponse struct {
-	Errcode int    `json:"errcode"`
-	Errmsg  string `json:"errmsg"`
-	Result  struct {
-		Extension   string `json:"extension"`
-		Unionid     string `json:"unionid"`
-		Boss        bool   `json:"boss"`
-		UnionEmpExt struct {
-			CorpId          string `json:"corpId"`
-			Userid          string `json:"userid"`
-			UnionEmpMapList []struct {
-				CorpId string `json:"corpId"`
-				Userid string `json:"userid"`
-			} `json:"unionEmpMapList"`
-		} `json:"unionEmpExt"`
-		RoleList []struct {
-			GroupName string `json:"group_name"`
-			Id        int    `json:"id"`
-			Name      string `json:"name"`
-		} `json:"role_list"`
-		Admin         bool   `json:"admin"`
-		Remark        string `json:"remark"`
-		Title         string `json:"title"`
-		HiredDate     int64  `json:"hired_date"`
-		Userid        string `json:"userid"`
-		WorkPlace     string `json:"work_place"`
-		DeptOrderList []struct {
-			DeptId int   `json:"dept_id"`
-			Order  int64 `json:"order"`
-		} `json:"dept_order_list"`
-		RealAuthed   bool   `json:"real_authed"`
-		DeptIdList   []int  `json:"dept_id_list"`
-		JobNumber    string `json:"job_number"`
-		Email        string `json:"email"`
-		LeaderInDept []struct {
-			DeptId int  `json:"dept_id"`
-			Leader bool `json:"leader"`
-		} `json:"leader_in_dept"`
-		ManagerUserid string `json:"manager_userid"`
-		Mobile        string `json:"mobile"`
-		Active        bool   `json:"active"`
-		Telephone     string `json:"telephone"`
-		Avatar        string `json:"avatar"`
-		HideMobile    bool   `json:"hide_mobile"`
-		Senior        bool   `json:"senior"`
-		Name          string `json:"name"`
-		StateCode     string `json:"state_code"`
-	} `json:"result"`
-	RequestId string `json:"request_id"`
+	Nick      string `json:"nick"`
+	OpenId    string `json:"openId"`
+	AvatarUrl string `json:"avatarUrl"`
+	Email     string `json:"email"`
+	Errmsg    string `json:"message"`
+	Errcode   string `json:"code"`
 }

-// GetUserInfo Use userid and access_token to get UserInfo
-// get more detail via: https://developers.dingtalk.com/document/app/query-user-details
+// GetUserInfo Use  access_token to get UserInfo
+// get more detail via: https://open.dingtalk.com/document/orgapp-server/dingtalk-retrieve-user-information
 func (idp *DingTalkIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
-	var dtUserInfo DingTalkUserResponse
+	dtUserInfo := &DingTalkUserResponse{}
 	accessToken := token.AccessToken

-	u := fmt.Sprintf("https://oapi.dingtalk.com/topapi/v2/user/get?access_token=%s&userid=%s",
-		accessToken, idp.Config.Scopes[1])
-
-	userinfoResp, err := idp.GetUrlResp(u)
+	reqest, err := http.NewRequest("GET", idp.Config.Endpoint.AuthURL, nil)
+	if err != nil {
+		return nil, err
+	}
+	reqest.Header.Add("x-acs-dingtalk-access-token", accessToken)
+	resp, err := idp.Client.Do(reqest)
 	if err != nil {
 		return nil, err
 	}

-	if err = json.Unmarshal([]byte(userinfoResp), &dtUserInfo); err != nil {
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
 		return nil, err
 	}

+	err = json.Unmarshal(data, dtUserInfo)
+	if err != nil {
+		return nil, err
+	}
+
+	if dtUserInfo.Errmsg != "" {
+		return nil, fmt.Errorf("userIdResp.Errcode = %s, userIdResp.Errmsg = %s", dtUserInfo.Errcode, dtUserInfo.Errmsg)
+	}
+
 	userInfo := UserInfo{
-		Id:          strconv.Itoa(dtUserInfo.Result.RoleList[0].Id),
-		Username:    dtUserInfo.Result.RoleList[0].Name,
-		DisplayName: dtUserInfo.Result.Name,
-		Email:       dtUserInfo.Result.Email,
-		AvatarUrl:   dtUserInfo.Result.Avatar,
+		Id:          dtUserInfo.OpenId,
+		Username:    dtUserInfo.Nick,
+		DisplayName: dtUserInfo.Nick,
+		Email:       dtUserInfo.Email,
+		AvatarUrl:   dtUserInfo.AvatarUrl,
 	}

 	return &userInfo, nil
 }

-func (idp *DingTalkIdProvider) GetUrlResp(url string) (string, error) {
-	resp, err := idp.Client.Get(url)
+func (idp *DingTalkIdProvider) postWithBody(body interface{}, url string) ([]byte, error) {
+	bs, err := json.Marshal(body)
 	if err != nil {
-		return "", err
+		return nil, err
+	}
+	r := strings.NewReader(string(bs))
+	resp, err := idp.Client.Post(url, "application/json;charset=UTF-8", r)
+	if err != nil {
+		return nil, err
+	}
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
 	}
-
 	defer func(Body io.ReadCloser) {
 		err := Body.Close()
 		if err != nil {
@@ -340,26 +189,5 @@ func (idp *DingTalkIdProvider) GetUrlResp(url string) (string, error) {
 		}
 	}(resp.Body)

-	buf := new(bytes.Buffer)
-	_, err = buf.ReadFrom(resp.Body)
-	if err != nil {
-		return "", err
-	}
-
-	return buf.String(), nil
-}
-
-// EncodeSHA256 Use the HmacSHA256 algorithm to sign, the signature data is the current timestamp,
-// and the key is the appSecret corresponding to the appId. Use this key to calculate the timestamp signature value.
-// get more detail via: https://developers.dingtalk.com/document/app/signature-calculation-for-logon-free-scenarios-1?spm=ding_open_doc.document.0.0.63262ea7l6iEm1#topic-2021698
-func EncodeSHA256(message, secret string) string {
-	h := hmac.New(sha256.New, []byte(secret))
-	h.Write([]byte(message))
-	sum := h.Sum(nil)
-	msg1 := base64.StdEncoding.EncodeToString(sum)
-
-	uv := url.Values{}
-	uv.Add("0", msg1)
-	msg2 := uv.Encode()[2:]
-	return msg2
+	return data, nil
 }
--- a/idp/infoflow_internal.go
+++ b/idp/infoflow_internal.go
@@ -0,0 +1,192 @@
+// Copyright 2022 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package idp
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+
+	"golang.org/x/oauth2"
+)
+
+type InfoflowInternalIdProvider struct {
+	Client  *http.Client
+	Config  *oauth2.Config
+	AgentId string
+}
+
+func NewInfoflowInternalIdProvider(clientId string, clientSecret string, appId string, redirectUrl string) *InfoflowInternalIdProvider {
+	idp := &InfoflowInternalIdProvider{}
+
+	config := idp.getConfig(clientId, clientSecret, redirectUrl)
+	idp.Config = config
+	idp.AgentId = appId
+	return idp
+}
+
+func (idp *InfoflowInternalIdProvider) SetHttpClient(client *http.Client) {
+	idp.Client = client
+}
+
+func (idp *InfoflowInternalIdProvider) getConfig(clientId string, clientSecret string, redirectUrl string) *oauth2.Config {
+	var config = &oauth2.Config{
+		ClientID:     clientId,
+		ClientSecret: clientSecret,
+		RedirectURL:  redirectUrl,
+	}
+
+	return config
+}
+
+type InfoflowInterToken struct {
+	Errcode     int    `json:"errcode"`
+	Errmsg      string `json:"errmsg"`
+	AccessToken string `json:"access_token"`
+}
+
+// get more detail via: https://qy.baidu.com/doc/index.html#/inner_quickstart/flow?id=%E8%8E%B7%E5%8F%96accesstoken
+func (idp *InfoflowInternalIdProvider) GetToken(code string) (*oauth2.Token, error) {
+	pTokenParams := &struct {
+		CorpId     string `json:"corpid"`
+		Corpsecret string `json:"corpsecret"`
+	}{idp.Config.ClientID, idp.Config.ClientSecret}
+	resp, err := idp.Client.Get(fmt.Sprintf("https://qy.im.baidu.com/api/gettoken?corpid=%s&corpsecret=%s", pTokenParams.CorpId, pTokenParams.Corpsecret))
+	if err != nil {
+		return nil, err
+	}
+
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	pToken := &InfoflowInterToken{}
+	err = json.Unmarshal(data, pToken)
+	if err != nil {
+		return nil, err
+	}
+	if pToken.Errcode != 0 {
+		return nil, fmt.Errorf("pToken.Errcode = %d, pToken.Errmsg = %s", pToken.Errcode, pToken.Errmsg)
+	}
+	token := &oauth2.Token{
+		AccessToken: pToken.AccessToken,
+	}
+
+	raw := make(map[string]interface{})
+	raw["code"] = code
+	token = token.WithExtra(raw)
+
+	return token, nil
+}
+
+/*
+{
+    "errcode": 0,
+    "errmsg": "ok",
+    "userid": "lili",
+    "name": "丽丽",
+    "department": [1],
+    "mobile": "13500088888",
+    "email": "lili4@gzdev.com",
+    "imid": 40000318,
+    "hiuname": "lili4",
+    "status": 1,
+    "extattr":
+        {
+            "attrs": [
+                {
+                    "name": "爱好",
+                    "value": "旅游"
+                },
+                {
+                    "name": "卡号,
+                    "value": "1234567234"
+                }
+            ]
+        },
+   "lm": 14236463257
+}
+*/
+
+type InfoflowInternalUserResp struct {
+	Errcode int    `json:"errcode"`
+	Errmsg  string `json:"errmsg"`
+	UserId  string `json:"UserId"`
+}
+
+type InfoflowInternalUserInfo struct {
+	Errcode int    `json:"errcode"`
+	Errmsg  string `json:"errmsg"`
+	UserId  string `json:"userid"`
+	Imid    int    `json:"imid"`
+	Name    string `json:"name"`
+	Avatar  string `json:"headimg"`
+	Email   string `json:"email"`
+}
+
+// get more detail via: https://qy.baidu.com/doc/index.html#/inner_serverapi/contacts?id=%e8%8e%b7%e5%8f%96%e6%88%90%e5%91%98
+func (idp *InfoflowInternalIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
+	//Get userid first
+	accessToken := token.AccessToken
+	code := token.Extra("code").(string)
+	resp, err := idp.Client.Get(fmt.Sprintf("https://qy.im.baidu.com/api/user/getuserinfo?access_token=%s&code=%s&agentid=%s", accessToken, code, idp.AgentId))
+	if err != nil {
+		return nil, err
+	}
+
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	userResp := &InfoflowInternalUserResp{}
+	err = json.Unmarshal(data, userResp)
+	if err != nil {
+		return nil, err
+	}
+	if userResp.Errcode != 0 {
+		return nil, fmt.Errorf("userIdResp.Errcode = %d, userIdResp.Errmsg = %s", userResp.Errcode, userResp.Errmsg)
+	}
+	//Use userid and accesstoken to get user information
+	resp, err = idp.Client.Get(fmt.Sprintf("https://api.im.baidu.com/api/user/get?access_token=%s&userid=%s", accessToken, userResp.UserId))
+	if err != nil {
+		return nil, err
+	}
+
+	data, err = io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	infoResp := &InfoflowInternalUserInfo{}
+	err = json.Unmarshal(data, infoResp)
+	if err != nil {
+		return nil, err
+	}
+	if infoResp.Errcode != 0 {
+		return nil, fmt.Errorf("userInfoResp.errcode = %d, userInfoResp.errmsg = %s", infoResp.Errcode, infoResp.Errmsg)
+	}
+	userInfo := UserInfo{
+		Id:          infoResp.UserId,
+		Username:    infoResp.UserId,
+		DisplayName: infoResp.Name,
+		AvatarUrl:   infoResp.Avatar,
+		Email:       infoResp.Email,
+	}
+
+	if userInfo.Id == "" {
+		userInfo.Id = userInfo.Username
+	}
+	return &userInfo, nil
+}
--- a/idp/infoflow_third_party.go
+++ b/idp/infoflow_third_party.go
@@ -0,0 +1,211 @@
+// Copyright 2022 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package idp
+
+import (
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"time"
+
+	"golang.org/x/oauth2"
+)
+
+type InfoflowIdProvider struct {
+	Client  *http.Client
+	Config  *oauth2.Config
+	AgentId string
+	Ticket  string
+}
+
+func NewInfoflowIdProvider(clientId string, clientSecret string, appId string, redirectUrl string) *InfoflowIdProvider {
+	idp := &InfoflowIdProvider{}
+
+	config := idp.getConfig(clientId, clientSecret, redirectUrl)
+	idp.Config = config
+	idp.AgentId = appId
+	return idp
+}
+
+func (idp *InfoflowIdProvider) SetHttpClient(client *http.Client) {
+	idp.Client = client
+}
+
+func (idp *InfoflowIdProvider) getConfig(clientId string, clientSecret string, redirectUrl string) *oauth2.Config {
+	var config = &oauth2.Config{
+		ClientID:     clientId,
+		ClientSecret: clientSecret,
+		RedirectURL:  redirectUrl,
+	}
+
+	return config
+}
+
+type InfoflowToken struct {
+	Errcode     int    `json:"errcode"`
+	Errmsg      string `json:"errmsg"`
+	AccessToken string `json:"suite_access_token"`
+	ExpiresIn   int    `json:"expires_in"`
+}
+
+// get more detail via: https://qy.baidu.com/doc/index.html#/third_serverapi/authority
+func (idp *InfoflowIdProvider) GetToken(code string) (*oauth2.Token, error) {
+	pTokenParams := &struct {
+		SuiteId     string `json:"suite_id"`
+		SuiteSecret string `json:"suite_secret"`
+		SuiteTicket string `json:"suite_ticket"`
+	}{idp.Config.ClientID, idp.Config.ClientSecret, idp.Ticket}
+	data, err := idp.postWithBody(pTokenParams, "https://api.im.baidu.com/api/service/get_suite_token")
+
+	pToken := &InfoflowToken{}
+	err = json.Unmarshal(data, pToken)
+	if err != nil {
+		return nil, err
+	}
+	if pToken.Errcode != 0 {
+		return nil, fmt.Errorf("pToken.Errcode = %d, pToken.Errmsg = %s", pToken.Errcode, pToken.Errmsg)
+	}
+	token := &oauth2.Token{
+		AccessToken: pToken.AccessToken,
+		Expiry:      time.Unix(time.Now().Unix()+int64(pToken.ExpiresIn), 0),
+	}
+
+	raw := make(map[string]interface{})
+	raw["code"] = code
+	token = token.WithExtra(raw)
+
+	return token, nil
+}
+
+/*
+{
+    "errcode": 0,
+    "errmsg": "ok",
+    "userid": "lili",
+    "name": "丽丽",
+    "department": [1],
+    "mobile": "13500088888",
+    "email": "lili4@gzdev.com",
+    "imid": 40000318,
+    "hiuname": "lili4",
+    "status": 1,
+    "extattr": {
+        "attrs": [
+            {
+                "name": "爱好",
+                "value": "旅游"
+            },
+            {
+                "name": "卡号",
+                "value": "1234567234"
+            }
+        ]
+    },
+    "lm" : 14236463257
+}
+*/
+
+type InfoflowUserResp struct {
+	Errcode int    `json:"errcode"`
+	Errmsg  string `json:"errmsg"`
+	UserId  string `json:"UserId"`
+}
+
+type InfoflowUserInfo struct {
+	Errcode int    `json:"errcode"`
+	Errmsg  string `json:"errmsg"`
+	Imid    string `json:"imid"`
+	Name    string `json:"name"`
+	Email   string `json:"email"`
+}
+
+// get more detail via: https://qy.baidu.com/doc/index.html#/third_serverapi/contacts?id=%e8%8e%b7%e5%8f%96%e6%88%90%e5%91%98
+func (idp *InfoflowIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
+	//Get userid first
+	accessToken := token.AccessToken
+	code := token.Extra("code").(string)
+	resp, err := idp.Client.Get(fmt.Sprintf("https://api.im.baidu.com/api/user/getuserinfo?access_token=%s&code=%s&agentid=%s", accessToken, code, idp.AgentId))
+	if err != nil {
+		return nil, err
+	}
+
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	userResp := &InfoflowUserResp{}
+	err = json.Unmarshal(data, userResp)
+	if err != nil {
+		return nil, err
+	}
+	if userResp.Errcode != 0 {
+		return nil, fmt.Errorf("userIdResp.Errcode = %d, userIdResp.Errmsg = %s", userResp.Errcode, userResp.Errmsg)
+	}
+	//Use userid and accesstoken to get user information
+	resp, err = idp.Client.Get(fmt.Sprintf("https://api.im.baidu.com/api/user/get?access_token=%s&userid=%s", accessToken, userResp.UserId))
+	if err != nil {
+		return nil, err
+	}
+
+	data, err = io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	infoResp := &InfoflowUserInfo{}
+	err = json.Unmarshal(data, infoResp)
+	if err != nil {
+		return nil, err
+	}
+	if infoResp.Errcode != 0 {
+		return nil, fmt.Errorf("userInfoResp.errcode = %d, userInfoResp.errmsg = %s", infoResp.Errcode, infoResp.Errmsg)
+	}
+	userInfo := UserInfo{
+		Id:          infoResp.Imid,
+		Username:    infoResp.Name,
+		DisplayName: infoResp.Name,
+		Email:       infoResp.Email,
+	}
+
+	if userInfo.Id == "" {
+		userInfo.Id = userInfo.Username
+	}
+	return &userInfo, nil
+}
+
+func (idp *InfoflowIdProvider) postWithBody(body interface{}, url string) ([]byte, error) {
+	bs, err := json.Marshal(body)
+	if err != nil {
+		return nil, err
+	}
+	r := strings.NewReader(string(bs))
+	resp, err := idp.Client.Post(url, "application/json;charset=UTF-8", r)
+	if err != nil {
+		return nil, err
+	}
+	data, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	defer func(Body io.ReadCloser) {
+		err := Body.Close()
+		if err != nil {
+			return
+		}
+	}(resp.Body)
+
+	return data, nil
+}
--- a/idp/provider.go
+++ b/idp/provider.go
@@ -35,7 +35,7 @@ type IdProvider interface {
 	GetUserInfo(token *oauth2.Token) (*UserInfo, error)
 }

-func GetIdProvider(typ string, subType string, clientId string, clientSecret string, redirectUrl string) IdProvider {
+func GetIdProvider(typ string, subType string, clientId string, clientSecret string, appId string, redirectUrl string) IdProvider {
 	if typ == "GitHub" {
 		return NewGithubIdProvider(clientId, clientSecret, redirectUrl)
 	} else if typ == "Google" {
@@ -68,6 +68,14 @@ func GetIdProvider(typ string, subType string, clientId string, clientSecret str
 		return NewGitlabIdProvider(clientId, clientSecret, redirectUrl)
 	} else if typ == "Baidu" {
 		return NewBaiduIdProvider(clientId, clientSecret, redirectUrl)
+	} else if typ == "Infoflow" {
+		if subType == "Internal" {
+			return NewInfoflowInternalIdProvider(clientId, clientSecret, appId, redirectUrl)
+		} else if subType == "Third-party" {
+			return NewInfoflowIdProvider(clientId, clientSecret, appId, redirectUrl)
+		} else {
+			return nil
+		}
 	} else if isGothSupport(typ) {
 		return NewGothIdProvider(typ, clientId, clientSecret, redirectUrl)
 	}
--- a/object/adapter.go
+++ b/object/adapter.go
@@ -183,6 +183,11 @@ func (a *Adapter) createTable() {
 		panic(err)
 	}

+	err = a.Engine.Sync2(new(Payment))
+	if err != nil {
+		panic(err)
+	}
+
 	err = a.Engine.Sync2(new(Ldap))
 	if err != nil {
 		panic(err)
@@ -211,4 +216,4 @@ func GetSession(owner string, offset, limit int, field, value, sortField, sortOr
 		session = session.Desc(util.SnakeString(sortField))
 	}
 	return session
-}
+}
--- a/object/oidc_discovery.go
+++ b/object/oidc_discovery.go
@@ -18,6 +18,7 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
+	"strings"

 	"github.com/astaxie/beego"
 	"gopkg.in/square/go-jose.v2"
@@ -40,22 +41,39 @@ type OidcDiscovery struct {
 	RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"`
 }

-var oidcDiscovery OidcDiscovery
+func getOriginFromHost(host string) (string, string) {
+	protocol := "https://"
+	if strings.HasPrefix(host, "localhost") {
+		protocol = "http://"
+	}
+
+	if host == "localhost:8000" {
+		return fmt.Sprintf("%s%s", protocol, "localhost:7001"), fmt.Sprintf("%s%s", protocol, "localhost:8000")
+	} else {
+		return fmt.Sprintf("%s%s", protocol, host), fmt.Sprintf("%s%s", protocol, host)
+	}
+}
+
+func GetOidcDiscovery(host string) OidcDiscovery {
+	originFrontend, originBackend := getOriginFromHost(host)

-func init() {
 	origin := beego.AppConfig.String("origin")
+	if origin != "" {
+		originFrontend = origin
+		originBackend = origin
+	}

 	// Examples:
 	// https://login.okta.com/.well-known/openid-configuration
 	// https://auth0.auth0.com/.well-known/openid-configuration
 	// https://accounts.google.com/.well-known/openid-configuration
 	// https://access.line.me/.well-known/openid-configuration
-	oidcDiscovery = OidcDiscovery{
-		Issuer:                                 origin,
-		AuthorizationEndpoint:                  fmt.Sprintf("%s/login/oauth/authorize", origin),
-		TokenEndpoint:                          fmt.Sprintf("%s/api/login/oauth/access_token", origin),
-		UserinfoEndpoint:                       fmt.Sprintf("%s/api/userinfo", origin),
-		JwksUri:                                fmt.Sprintf("%s/api/certs", origin),
+	oidcDiscovery := OidcDiscovery{
+		Issuer:                                 originFrontend,
+		AuthorizationEndpoint:                  fmt.Sprintf("%s/login/oauth/authorize", originFrontend),
+		TokenEndpoint:                          fmt.Sprintf("%s/api/login/oauth/access_token", originBackend),
+		UserinfoEndpoint:                       fmt.Sprintf("%s/api/userinfo", originBackend),
+		JwksUri:                                fmt.Sprintf("%s/api/certs", originBackend),
 		ResponseTypesSupported:                 []string{"id_token"},
 		ResponseModesSupported:                 []string{"login", "code", "link"},
 		GrantTypesSupported:                    []string{"password", "authorization_code"},
@@ -66,9 +84,7 @@ func init() {
 		RequestParameterSupported:              true,
 		RequestObjectSigningAlgValuesSupported: []string{"HS256", "HS384", "HS512"},
 	}
-}

-func GetOidcDiscovery() OidcDiscovery {
 	return oidcDiscovery
 }

--- a/object/payment.go
+++ b/object/payment.go
@@ -0,0 +1,129 @@
+// Copyright 2022 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+
+	"github.com/casdoor/casdoor/util"
+	"xorm.io/core"
+)
+
+type Payment struct {
+	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
+	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
+	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
+	DisplayName string `xorm:"varchar(100)" json:"displayName"`
+
+	Provider     string `xorm:"varchar(100)" json:"provider"`
+	Type         string `xorm:"varchar(100)" json:"type"`
+	Organization string `xorm:"varchar(100)" json:"organization"`
+	User         string `xorm:"varchar(100)" json:"user"`
+	Good         string `xorm:"varchar(100)" json:"good"`
+	Amount       string `xorm:"varchar(100)" json:"amount"`
+	Currency     string `xorm:"varchar(100)" json:"currency"`
+
+	State string `xorm:"varchar(100)" json:"state"`
+}
+
+func GetPaymentCount(owner, field, value string) int {
+	session := GetSession(owner, -1, -1, field, value, "", "")
+	count, err := session.Count(&Payment{})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
+}
+
+func GetPayments(owner string) []*Payment {
+	payments := []*Payment{}
+	err := adapter.Engine.Desc("created_time").Find(&payments, &Payment{Owner: owner})
+	if err != nil {
+		panic(err)
+	}
+
+	return payments
+}
+
+func GetPaginationPayments(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Payment {
+	payments := []*Payment{}
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&payments)
+	if err != nil {
+		panic(err)
+	}
+
+	return payments
+}
+
+func getPayment(owner string, name string) *Payment {
+	if owner == "" || name == "" {
+		return nil
+	}
+
+	payment := Payment{Owner: owner, Name: name}
+	existed, err := adapter.Engine.Get(&payment)
+	if err != nil {
+		panic(err)
+	}
+
+	if existed {
+		return &payment
+	} else {
+		return nil
+	}
+}
+
+func GetPayment(id string) *Payment {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	return getPayment(owner, name)
+}
+
+func UpdatePayment(id string, payment *Payment) bool {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	if getPayment(owner, name) == nil {
+		return false
+	}
+
+	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(payment)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func AddPayment(payment *Payment) bool {
+	affected, err := adapter.Engine.Insert(payment)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func DeletePayment(payment *Payment) bool {
+	affected, err := adapter.Engine.ID(core.PK{payment.Owner, payment.Name}).Delete(&Payment{})
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func (payment *Payment) GetId() string {
+	return fmt.Sprintf("%s/%s", payment.Owner, payment.Name)
+}
--- a/object/syncer_user_test.go
+++ b/object/syncer_user_test.go
@@ -1,5 +1,4 @@
 // Copyright 2021 The casbin Authors. All Rights Reserved.
-//
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
@@ -11,6 +10,7 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
+// +build !skipCi

 package object

@@ -21,11 +21,10 @@ import (

 func TestGetUsers(t *testing.T) {
 	InitConfig()
-
 	syncers := GetSyncers("admin")
 	syncer := syncers[0]
 	syncer.initAdapter()
-	users := syncer.getOriginalUsers()
+	users, _ := syncer.getOriginalUsers()
 	for _, user := range users {
 		fmt.Printf("%v\n", user)
 	}
--- a/object/token.go
+++ b/object/token.go
@@ -283,7 +283,7 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code

 	if code == "" {
 		return &TokenWrapper{
-			AccessToken: "error: code should not be empty",
+			AccessToken: "error: authorization code should not be empty",
 			TokenType:   "",
 			ExpiresIn:   0,
 			Scope:       "",
@@ -293,7 +293,7 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
 	token := getTokenByCode(code)
 	if token == nil {
 		return &TokenWrapper{
-			AccessToken: "error: invalid code",
+			AccessToken: "error: invalid authorization code",
 			TokenType:   "",
 			ExpiresIn:   0,
 			Scope:       "",
@@ -317,6 +317,7 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
 			Scope:       "",
 		}
 	}
+
 	if token.CodeChallenge != "" && pkceChallenge(verifier) != token.CodeChallenge {
 		return &TokenWrapper{
 			AccessToken: "error: incorrect code_verifier",
@@ -325,21 +326,21 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
 			Scope:       "",
 		}
 	}
+
 	if token.CodeIsUsed {
-		//Resist replay attacks, if the code is reused, the token generated with this code will be deleted
-		DeleteToken(token)
+		// anti replay attacks
 		return &TokenWrapper{
-			AccessToken: "error: code has been used.",
+			AccessToken: "error: authorization code has been used",
 			TokenType:   "",
 			ExpiresIn:   0,
 			Scope:       "",
 		}
 	}
+
 	if time.Now().Unix() > token.CodeExpireIn {
-		//can only use the code to generate a token within five minutes
-		DeleteToken(token)
+		// code must be used within 5 minutes
 		return &TokenWrapper{
-			AccessToken: "error: code has expired",
+			AccessToken: "error: authorization code has expired",
 			TokenType:   "",
 			ExpiresIn:   0,
 			Scope:       "",
--- a/object/user.go
+++ b/object/user.go
@@ -80,6 +80,7 @@ type User struct {
 	Lark     string `xorm:"lark varchar(100)" json:"lark"`
 	Gitlab   string `xorm:"gitlab varchar(100)" json:"gitlab"`
 	Baidu    string `xorm:"baidu varchar(100)" json:"baidu"`
+	Infoflow string `xorm:"infoflow varchar(100)" json:"infoflow"`
 	Apple    string `xorm:"apple varchar(100)" json:"apple"`
 	AzureAD  string `xorm:"azuread varchar(100)" json:"azuread"`
 	Slack    string `xorm:"slack varchar(100)" json:"slack"`
--- a/routers/auto_signin_filter.go
+++ b/routers/auto_signin_filter.go
@@ -40,7 +40,7 @@ func AutoSigninFilter(ctx *context.Context) {
 			return
 		}

-		if !util.IsTokenExpired(token.CreatedTime, token.ExpiresIn) {
+		if util.IsTokenExpired(token.CreatedTime, token.ExpiresIn) {
 			responseError(ctx, "Access token has expired")
 			return
 		}
--- a/routers/router.go
+++ b/routers/router.go
@@ -149,6 +149,12 @@ func initAPI() {
 	beego.Router("/api/add-cert", &controllers.ApiController{}, "POST:AddCert")
 	beego.Router("/api/delete-cert", &controllers.ApiController{}, "POST:DeleteCert")

+	beego.Router("/api/get-payments", &controllers.ApiController{}, "GET:GetPayments")
+	beego.Router("/api/get-payment", &controllers.ApiController{}, "GET:GetPayment")
+	beego.Router("/api/update-payment", &controllers.ApiController{}, "POST:UpdatePayment")
+	beego.Router("/api/add-payment", &controllers.ApiController{}, "POST:AddPayment")
+	beego.Router("/api/delete-payment", &controllers.ApiController{}, "POST:DeletePayment")
+
 	beego.Router("/api/send-email", &controllers.ApiController{}, "POST:SendEmail")
 	beego.Router("/api/send-sms", &controllers.ApiController{}, "POST:SendSms")

--- a/util/time.go
+++ b/util/time.go
@@ -32,5 +32,5 @@ func GetCurrentUnixTime() string {
 func IsTokenExpired(createdTime string, expiresIn int) bool {
 	createdTimeObj, _ := time.Parse(time.RFC3339, createdTime)
 	expiresAtObj := createdTimeObj.Add(time.Duration(expiresIn) * time.Minute)
-	return time.Now().Before(expiresAtObj)
+	return time.Now().After(expiresAtObj)
 }
--- a/util/time_test.go
+++ b/util/time_test.go
@@ -0,0 +1,111 @@
+// Copyright 2021 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package util
+
+import (
+	"fmt"
+	"reflect"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_GetCurrentTime(t *testing.T) {
+	test := GetCurrentTime()
+	expected := time.Now().Format(time.RFC3339)
+
+	assert.Equal(t, test, expected, "The times not are equals")
+
+	types := reflect.TypeOf(test).Kind()
+	assert.Equal(t, types, reflect.String, "GetCurrentUnixTime should be return string")
+
+}
+
+func Test_GetCurrentUnixTime_Shoud_Return_String(t *testing.T) {
+	test := GetCurrentUnixTime()
+	types := reflect.TypeOf(test).Kind()
+	assert.Equal(t, types, reflect.String, "GetCurrentUnixTime should be return string")
+}
+
+func Test_IsTokenExpired(t *testing.T) {
+
+	type input struct {
+		createdTime string
+		expiresIn   int
+	}
+
+	type testCases struct {
+		description string
+		input       input
+		expected    bool
+	}
+
+	for _, scenario := range []testCases{
+		{
+			description: "Token emited now is valid for 60 minutes",
+			input: input{
+				createdTime: time.Now().Format(time.RFC3339),
+				expiresIn:   60,
+			},
+			expected: false,
+		},
+		{
+			description: "Token emited 60 minutes before now is valid for 60 minutes",
+			input: input{
+				createdTime: time.Now().Add(-time.Minute * 60).Format(time.RFC3339),
+				expiresIn:   61,
+			},
+			expected: false,
+		},
+		{
+			description: "Token emited 2 hours before now is Expired after 60 minutes",
+			input: input{
+				createdTime: time.Now().Add(-time.Hour * 2).Format(time.RFC3339),
+				expiresIn:   60,
+			},
+			expected: true,
+		},
+		{
+			description: "Token emited 61 minutes before now is Expired after 60 minutes",
+			input: input{
+				createdTime: time.Now().Add(-time.Minute * 61).Format(time.RFC3339),
+				expiresIn:   60,
+			},
+			expected: true,
+		},
+		{
+			description: "Token emited 2 hours before now  is velid for 120 minutes",
+			input: input{
+				createdTime: time.Now().Add(-time.Hour * 2).Format(time.RFC3339),
+				expiresIn:   121,
+			},
+			expected: false,
+		},
+		{
+			description: "Token emited 159 minutes before now is Expired after 60 minutes",
+			input: input{
+				createdTime: time.Now().Add(-time.Minute * 159).Format(time.RFC3339),
+				expiresIn:   120,
+			},
+			expected: true,
+		},
+	} {
+		t.Run(scenario.description, func(t *testing.T) {
+			result := IsTokenExpired(scenario.input.createdTime, scenario.input.expiresIn)
+			assert.Equal(t, scenario.expected, result, fmt.Sprintf("Expected %t, but was founded %t", scenario.expected, result))
+		})
+	}
+}
--- a/web/craco.config.js
+++ b/web/craco.config.js
@@ -3,10 +3,22 @@ const CracoLessPlugin = require('craco-less');
 module.exports = {
  devServer: {
    proxy: {
-        '/api': {
-            target: 'http://localhost:8000',
-            changeOrigin: true,
-        }
+      '/api': {
+        target: 'http://localhost:8000',
+        changeOrigin: true,
+      },
+      '/swagger': {
+        target: 'http://localhost:8000',
+        changeOrigin: true,
+      },
+      '/files': {
+        target: 'http://localhost:8000',
+        changeOrigin: true,
+      },
+      '/.well-known/openid-configuration': {
+        target: 'http://localhost:8000',
+        changeOrigin: true,
+      }
    },
  },
  plugins: [
@@ -15,7 +27,7 @@ module.exports = {
      options: {
        lessLoaderOptions: {
          lessOptions: {
-            modifyVars: { '@primary-color': 'rgb(45,120,213)' },
+            modifyVars: {'@primary-color': 'rgb(45,120,213)'},
            javascriptEnabled: true,
          },
        },
--- a/web/src/App.js
+++ b/web/src/App.js
@@ -43,6 +43,8 @@ import SyncerListPage from "./SyncerListPage";
 import SyncerEditPage from "./SyncerEditPage";
 import CertListPage from "./CertListPage";
 import CertEditPage from "./CertEditPage";
+import PaymentListPage from "./PaymentListPage";
+import PaymentEditPage from "./PaymentEditPage";
 import AccountPage from "./account/AccountPage";
 import HomePage from "./basic/HomePage";
 import CustomGithubCorner from "./CustomGithubCorner";
@@ -126,6 +128,8 @@ class App extends Component {
      this.setState({ selectedMenuKey: '/syncers' });
    } else if (uri.includes('/certs')) {
      this.setState({ selectedMenuKey: '/certs' });
+    } else if (uri.includes('/payments')) {
+      this.setState({ selectedMenuKey: '/payments' });
    } else if (uri.includes('/signup')) {
      this.setState({ selectedMenuKey: '/signup' });
    } else if (uri.includes('/login')) {
@@ -408,6 +412,13 @@ class App extends Component {
          </Link>
        </Menu.Item>
      );
+      res.push(
+        <Menu.Item key="/payments">
+          <Link to="/payments">
+            {i18next.t("general:Payments")}
+          </Link>
+        </Menu.Item>
+      );
      res.push(
        <Menu.Item key="/swagger">
          <a target="_blank" rel="noreferrer" href={Setting.isLocalhost() ? `${Setting.ServerUrl}/swagger` : "/swagger"}>
@@ -478,6 +489,8 @@ class App extends Component {
          <Route exact path="/syncers/:syncerName" render={(props) => this.renderLoginIfNotLoggedIn(<SyncerEditPage account={this.state.account} {...props} />)}/>
          <Route exact path="/certs" render={(props) => this.renderLoginIfNotLoggedIn(<CertListPage account={this.state.account} {...props} />)}/>
          <Route exact path="/certs/:certName" render={(props) => this.renderLoginIfNotLoggedIn(<CertEditPage account={this.state.account} {...props} />)}/>
+          <Route exact path="/payments" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentListPage account={this.state.account} {...props} />)}/>
+          <Route exact path="/payments/:paymentName" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentEditPage account={this.state.account} {...props} />)}/>
          <Route exact path="/records" render={(props) => this.renderLoginIfNotLoggedIn(<RecordListPage account={this.state.account} {...props} />)}/>
          <Route exact path="/.well-known/openid-configuration" render={(props) => <OdicDiscoveryPage />}/>
          <Route path="" render={() => <Result status="404" title="404 NOT FOUND" subTitle={i18next.t("general:Sorry, the page you visited does not exist.")}
--- a/web/src/ApplicationEditPage.js
+++ b/web/src/ApplicationEditPage.js
@@ -16,6 +16,7 @@ import React from "react";
 import {Button, Card, Col, Input, Popover, Row, Select, Switch, Upload} from 'antd';
 import {LinkOutlined, UploadOutlined} from "@ant-design/icons";
 import * as ApplicationBackend from "./backend/ApplicationBackend";
+import * as CertBackend from "./backend/CertBackend";
 import * as Setting from "./Setting";
 import * as ProviderBackend from "./backend/ProviderBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
@@ -43,6 +44,7 @@ class ApplicationEditPage extends React.Component {
      applicationName: props.match.params.applicationName,
      application: null,
      organizations: [],
+      certs: [],
      providers: [],
      uploading: false,
    };
@@ -51,6 +53,7 @@ class ApplicationEditPage extends React.Component {
  UNSAFE_componentWillMount() {
    this.getApplication();
    this.getOrganizations();
+    this.getCerts();
    this.getProviders();
  }

@@ -72,6 +75,15 @@ class ApplicationEditPage extends React.Component {
      });
  }

+  getCerts() {
+    CertBackend.getCerts("admin")
+      .then((res) => {
+        this.setState({
+          certs: (res.msg === undefined) ? res : [],
+        });
+      });
+  }
+
  getProviders() {
    ProviderBackend.getProviders("admin")
      .then((res) => {
@@ -226,6 +238,18 @@ class ApplicationEditPage extends React.Component {
            }} />
          </Col>
        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Cert"), i18next.t("general:Cert - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: '100%'}} value={this.state.application.cert} onChange={(value => {this.updateApplicationField('cert', value);})}>
+              {
+                this.state.certs.map((cert, index) => <Option key={index} value={cert.name}>{cert.name}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
        <Row style={{marginTop: '20px'}} >
          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("application:Redirect URLs"), i18next.t("application:Redirect URLs - Tooltip"))} :
--- a/web/src/ApplicationListPage.js
+++ b/web/src/ApplicationListPage.js
@@ -47,6 +47,7 @@ class ApplicationListPage extends BaseListPage {
        {name: "Phone", visible: true, required: true, rule: "None"},
        {name: "Agreement", visible: true, required: true, rule: "None"},
      ],
+      cert: "cert-built-in",
      redirectUris: ["http://localhost:9000/callback"],
      tokenFormat: "JWT",
      expireInHours: 24 * 7,
--- a/web/src/PaymentEditPage.js
+++ b/web/src/PaymentEditPage.js
@@ -0,0 +1,210 @@
+// Copyright 2022 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Button, Card, Col, Input, Row, Select, Switch} from 'antd';
+import * as PaymentBackend from "./backend/PaymentBackend";
+import * as OrganizationBackend from "./backend/OrganizationBackend";
+import * as UserBackend from "./backend/UserBackend";
+import * as Setting from "./Setting";
+import i18next from "i18next";
+import * as RoleBackend from "./backend/RoleBackend";
+
+const { Option } = Select;
+
+class PaymentEditPage extends React.Component {
+  constructor(props) {
+    super(props);
+    this.state = {
+      classes: props,
+      organizationName: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
+      paymentName: props.match.params.paymentName,
+      payment: null,
+    };
+  }
+
+  UNSAFE_componentWillMount() {
+    this.getPayment();
+  }
+
+  getPayment() {
+    PaymentBackend.getPayment("admin", this.state.paymentName)
+      .then((payment) => {
+        this.setState({
+          payment: payment,
+        });
+      });
+  }
+
+  parsePaymentField(key, value) {
+    if ([""].includes(key)) {
+      value = Setting.myParseInt(value);
+    }
+    return value;
+  }
+
+  updatePaymentField(key, value) {
+    value = this.parsePaymentField(key, value);
+
+    let payment = this.state.payment;
+    payment[key] = value;
+    this.setState({
+      payment: payment,
+    });
+  }
+
+  renderPayment() {
+    return (
+      <Card size="small" title={
+        <div>
+          {i18next.t("payment:Edit Payment")}&nbsp;&nbsp;&nbsp;&nbsp;
+          <Button onClick={() => this.submitPaymentEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: '20px'}} type="primary" onClick={() => this.submitPaymentEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+        </div>
+      } style={(Setting.isMobile())? {margin: '5px'}:{}} type="inner">
+        <Row style={{marginTop: '10px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.payment.organization} onChange={e => {
+              // this.updatePaymentField('organization', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.payment.name} onChange={e => {
+              // this.updatePaymentField('name', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Display name"), i18next.t("general:Display name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.payment.displayName} onChange={e => {
+              this.updatePaymentField('displayName', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.payment.name} onChange={e => {
+              // this.updatePaymentField('name', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Provider"), i18next.t("general:Provider - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.payment.provider} onChange={e => {
+              // this.updatePaymentField('provider', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("provider:Type"), i18next.t("provider:Type - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.payment.type} onChange={e => {
+              // this.updatePaymentField('type', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("payment:Good"), i18next.t("payment:Good - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.payment.good} onChange={e => {
+              // this.updatePaymentField('good', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("payment:Amount"), i18next.t("payment:Amount - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.payment.amount} onChange={e => {
+              // this.updatePaymentField('amount', e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: '20px'}} >
+          <Col style={{marginTop: '5px'}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("payment:Currency"), i18next.t("payment:Currency - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.payment.currency} onChange={e => {
+              // this.updatePaymentField('currency', e.target.value);
+            }} />
+          </Col>
+        </Row>
+      </Card>
+    )
+  }
+
+  submitPaymentEdit(willExist) {
+    let payment = Setting.deepCopy(this.state.payment);
+    PaymentBackend.updatePayment(this.state.organizationName, this.state.paymentName, payment)
+      .then((res) => {
+        if (res.msg === "") {
+          Setting.showMessage("success", `Successfully saved`);
+          this.setState({
+            paymentName: this.state.payment.name,
+          });
+
+          if (willExist) {
+            this.props.history.push(`/payments`);
+          } else {
+            this.props.history.push(`/payments/${this.state.payment.name}`);
+          }
+        } else {
+          Setting.showMessage("error", res.msg);
+          this.updatePaymentField('name', this.state.paymentName);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `Failed to connect to server: ${error}`);
+      });
+  }
+
+  render() {
+    return (
+      <div>
+        {
+          this.state.payment !== null ? this.renderPayment() : null
+        }
+        <div style={{marginTop: '20px', marginLeft: '40px'}}>
+          <Button size="large" onClick={() => this.submitPaymentEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: '20px'}} type="primary" size="large" onClick={() => this.submitPaymentEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+        </div>
+      </div>
+    );
+  }
+}
+
+export default PaymentEditPage;
--- a/web/src/PaymentListPage.js
+++ b/web/src/PaymentListPage.js
@@ -0,0 +1,264 @@
+// Copyright 2022 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Link} from "react-router-dom";
+import {Button, Popconfirm, Switch, Table} from 'antd';
+import moment from "moment";
+import * as Setting from "./Setting";
+import * as PaymentBackend from "./backend/PaymentBackend";
+import i18next from "i18next";
+import BaseListPage from "./BaseListPage";
+import * as Provider from "./auth/Provider";
+
+class PaymentListPage extends BaseListPage {
+  newPayment() {
+    const randomName = Setting.getRandomName();
+    return {
+      owner: "admin",
+      name: `payment_${randomName}`,
+      createdTime: moment().format(),
+      displayName: `New Payment - ${randomName}`,
+      provider: "provider_pay_paypal",
+      type: "PayPal",
+      organization: "built-in",
+      user: "admin",
+      good: "A notebook computer",
+      amount: "300",
+      currency: "USD",
+      state: "Paid",
+    }
+  }
+
+  addPayment() {
+    const newPayment = this.newPayment();
+    PaymentBackend.addPayment(newPayment)
+      .then((res) => {
+          Setting.showMessage("success", `Payment added successfully`);
+          this.props.history.push(`/payments/${newPayment.name}`);
+        }
+      )
+      .catch(error => {
+        Setting.showMessage("error", `Payment failed to add: ${error}`);
+      });
+  }
+
+  deletePayment(i) {
+    PaymentBackend.deletePayment(this.state.data[i])
+      .then((res) => {
+          Setting.showMessage("success", `Payment deleted successfully`);
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
+          });
+        }
+      )
+      .catch(error => {
+        Setting.showMessage("error", `Payment failed to delete: ${error}`);
+      });
+  }
+
+  renderTable(payments) {
+    const columns = [
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: 'owner',
+        key: 'owner',
+        width: '120px',
+        sorter: true,
+        ...this.getColumnSearchProps('owner'),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          )
+        }
+      },
+      {
+        title: i18next.t("general:User"),
+        dataIndex: 'user',
+        key: 'user',
+        width: '120px',
+        sorter: true,
+        ...this.getColumnSearchProps('user'),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/users/${record.organization}/${text}`}>
+              {text}
+            </Link>
+          )
+        }
+      },
+      {
+        title: i18next.t("general:Name"),
+        dataIndex: 'name',
+        key: 'name',
+        width: '150px',
+        fixed: 'left',
+        sorter: true,
+        ...this.getColumnSearchProps('name'),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/payments/${text}`}>
+              {text}
+            </Link>
+          )
+        }
+      },
+      {
+        title: i18next.t("general:Created time"),
+        dataIndex: 'createdTime',
+        key: 'createdTime',
+        width: '160px',
+        sorter: true,
+        render: (text, record, index) => {
+          return Setting.getFormattedDate(text);
+        }
+      },
+      // {
+      //   title: i18next.t("general:Display name"),
+      //   dataIndex: 'displayName',
+      //   key: 'displayName',
+      //   width: '160px',
+      //   sorter: true,
+      //   ...this.getColumnSearchProps('displayName'),
+      // },
+      {
+        title: i18next.t("general:Provider"),
+        dataIndex: 'provider',
+        key: 'provider',
+        width: '150px',
+        fixed: 'left',
+        sorter: true,
+        ...this.getColumnSearchProps('provider'),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/providers/${text}`}>
+              {text}
+            </Link>
+          )
+        }
+      },
+      {
+        title: i18next.t("provider:Type"),
+        dataIndex: 'type',
+        key: 'type',
+        width: '110px',
+        align: 'center',
+        filterMultiple: false,
+        filters: [
+          {text: 'Payment', value: 'Payment', children: Setting.getProviderTypeOptions('Payment').map((o) => {return {text:o.id, value:o.name}})},
+        ],
+        sorter: true,
+        render: (text, record, index) => {
+          return Provider.getProviderLogoWidget(record);
+        }
+      },
+      {
+        title: i18next.t("payment:Good"),
+        dataIndex: 'good',
+        key: 'good',
+        width: '160px',
+        sorter: true,
+        ...this.getColumnSearchProps('good'),
+      },
+      {
+        title: i18next.t("payment:Amount"),
+        dataIndex: 'amount',
+        key: 'amount',
+        width: '120px',
+        sorter: true,
+        ...this.getColumnSearchProps('amount'),
+      },
+      {
+        title: i18next.t("payment:Currency"),
+        dataIndex: 'currency',
+        key: 'currency',
+        width: '120px',
+        sorter: true,
+        ...this.getColumnSearchProps('currency'),
+      },
+      {
+        title: i18next.t("general:Action"),
+        dataIndex: '',
+        key: 'op',
+        width: '170px',
+        fixed: (Setting.isMobile()) ? "false" : "right",
+        render: (text, record, index) => {
+          return (
+            <div>
+              <Button style={{marginTop: '10px', marginBottom: '10px', marginRight: '10px'}} type="primary" onClick={() => this.props.history.push(`/payments/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <Popconfirm
+                title={`Sure to delete payment: ${record.name} ?`}
+                onConfirm={() => this.deletePayment(index)}
+              >
+                <Button style={{marginBottom: '10px'}} type="danger">{i18next.t("general:Delete")}</Button>
+              </Popconfirm>
+            </div>
+          )
+        }
+      },
+    ];
+
+    const paginationProps = {
+      total: this.state.pagination.total,
+      showQuickJumper: true,
+      showSizeChanger: true,
+      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
+    };
+
+    return (
+      <div>
+        <Table scroll={{x: 'max-content'}} columns={columns} dataSource={payments} rowKey="name" size="middle" bordered pagination={paginationProps}
+               title={() => (
+                 <div>
+                   {i18next.t("general:Payments")}&nbsp;&nbsp;&nbsp;&nbsp;
+                   <Button type="primary" size="small" onClick={this.addPayment.bind(this)}>{i18next.t("general:Add")}</Button>
+                 </div>
+               )}
+               loading={this.state.loading}
+               onChange={this.handleTableChange}
+        />
+      </div>
+    );
+  }
+
+  fetch = (params = {}) => {
+    let field = params.searchedColumn, value = params.searchText;
+    let sortField = params.sortField, sortOrder = params.sortOrder;
+    if (params.type !== undefined && params.type !== null) {
+      field = "type";
+      value = params.type;
+    }
+    this.setState({ loading: true });
+    PaymentBackend.getPayments("", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            loading: false,
+            data: res.data,
+            pagination: {
+              ...params.pagination,
+              total: res.data2,
+            },
+            searchText: params.searchText,
+            searchedColumn: params.searchedColumn,
+          });
+        }
+      });
+  };
+}
+
+export default PaymentListPage;
--- a/web/src/ProviderEditPage.js
+++ b/web/src/ProviderEditPage.js
@@ -96,6 +96,9 @@ class ProviderEditPage extends React.Component {
    } else if (this.state.provider.type === "WeCom" && this.state.provider.subType === "Internal") {
      text = i18next.t("provider:Agent ID");
      tooltip = i18next.t("provider:Agent ID - Tooltip");
+    } else if (this.state.provider.type === "Infoflow"){
+      text = i18next.t("provider:Agent ID");
+      tooltip = i18next.t("provider:Agent ID - Tooltip");
    } else if (this.state.provider.category === "SMS" && this.state.provider.type === "Volc Engine SMS") {
      text = i18next.t("provider:SMS account");
      tooltip = i18next.t("provider:SMS account - Tooltip");
@@ -184,6 +187,7 @@ class ProviderEditPage extends React.Component {
                  {id: 'SMS', name: 'SMS'},
                  {id: 'Storage', name: 'Storage'},
                  {id: 'SAML', name: 'SAML'},
+                  {id: 'Payment', name: 'Payment'},
                ].map((providerCategory, index) => <Option key={index} value={providerCategory.id}>{providerCategory.name}</Option>)
              }
            </Select>
@@ -207,7 +211,7 @@ class ProviderEditPage extends React.Component {
          </Col>
        </Row>
        {
-          this.state.provider.type !== "WeCom" ? null : (
+          this.state.provider.type !== "WeCom" && this.state.provider.type !== "Infoflow" ? null : (
            <React.Fragment>
              <Row style={{marginTop: '20px'}} >
                <Col style={{marginTop: '5px'}} span={2}>
@@ -223,20 +227,23 @@ class ProviderEditPage extends React.Component {
                  </Select>
                </Col>
              </Row>
-              <Row style={{marginTop: '20px'}} >
-                <Col style={{marginTop: '5px'}} span={2}>
-                  {Setting.getLabel(i18next.t("provider:Method"), i18next.t("provider:Method - Tooltip"))} :
-                </Col>
-                <Col span={22} >
-                  <Select virtual={false} style={{width: '100%'}} value={this.state.provider.method} onChange={value => {
-                    this.updateProviderField('method', value);
-                  }}>
-                    {
-                      [{name: "Normal"}, {name: "Silent"}].map((method, index) => <Option key={index} value={method.name}>{method.name}</Option>)
-                    }
-                  </Select>
-                </Col>
-              </Row>
+              {
+                this.state.provider.type !== "WeCom"  ? null : (    
+                  <Row style={{marginTop: '20px'}} >
+                    <Col style={{marginTop: '5px'}} span={2}>
+                      {Setting.getLabel(i18next.t("provider:Method"), i18next.t("provider:Method - Tooltip"))} :
+                    </Col>
+                    <Col span={22} >
+                      <Select virtual={false} style={{width: '100%'}} value={this.state.provider.method} onChange={value => {
+                        this.updateProviderField('method', value);
+                      }}>
+                        {
+                          [{name: "Normal"}, {name: "Silent"}].map((method, index) => <Option key={index} value={method.name}>{method.name}</Option>)
+                        }
+                      </Select>
+                    </Col>
+                  </Row>)
+              }
            </React.Fragment>
          )
        }
--- a/web/src/Setting.js
+++ b/web/src/Setting.js
@@ -399,6 +399,7 @@ export function getProviderTypeOptions(category) {
        {id: 'Lark', name: 'Lark'},
        {id: 'GitLab', name: 'GitLab'},
        {id: 'Baidu', name: 'Baidu'},
+        {id: 'Infoflow', name: 'Infoflow'},
        {id: 'Apple', name: 'Apple'},
        {id: 'AzureAD', name: 'AzureAD'},
        {id: 'Slack', name: 'Slack'},
@@ -432,13 +433,19 @@ export function getProviderTypeOptions(category) {
      {id: 'Aliyun IDaaS', name: 'Aliyun IDaaS'},
      {id: 'Keycloak', name: 'Keycloak'},
    ]);
+  } else if (category === "Payment") {
+    return ([
+      {id: 'Alipay', name: 'Alipay'},
+      {id: 'WeChat Pay', name: 'WeChat Pay'},
+      {id: 'PayPal', name: 'PayPal'},
+    ]);
  } else {
    return [];
  }
 }

 export function getProviderSubTypeOptions(type) {
-  if (type === "WeCom") {
+  if (type === "WeCom" || type === "Infoflow") {
    return (
      [
        {id: 'Internal', name: 'Internal'},
--- a/web/src/auth/AuthCallback.js
+++ b/web/src/auth/AuthCallback.js
@@ -74,6 +74,10 @@ class AuthCallback extends React.Component {
    if (code === null) {
      code = params.get("auth_code");
    }
+    // Dingtalk now  returns "authCode=xxx" instead of "code=xxx"
+    if (code === null) {
+      code = params.get("authCode")
+    }

    const innerParams = this.getInnerParams();
    const applicationName = innerParams.get("application");
--- a/web/src/auth/InfoflowLoginButton.js
+++ b/web/src/auth/InfoflowLoginButton.js
@@ -0,0 +1,32 @@
+// Copyright 2022 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import {createButton} from "react-social-login-buttons";
+import {StaticBaseUrl} from "../Setting";
+
+function Icon({ width = 24, height = 24, color }) {
+    return <img src={`${StaticBaseUrl}/buttons/infoflow.svg`} alt="Sign in with Infoflow" style={{width: 24, height: 24}} />;
+}
+
+const config = {
+    text: "Sign in with Infoflow",
+    icon: Icon,
+    iconFormat: name => `fa fa-${name}`,
+    style: {background: "#ffffff", color: "#000000"},
+    activeStyle: {background: "#ededee"},
+};
+
+const InfoflowLoginButton = createButton(config);
+
+export default InfoflowLoginButton;
--- a/web/src/auth/LoginPage.js
+++ b/web/src/auth/LoginPage.js
@@ -35,6 +35,7 @@ import WeComLoginButton from "./WeComLoginButton";
 import LarkLoginButton from "./LarkLoginButton";
 import GitLabLoginButton from "./GitLabLoginButton";
 import BaiduLoginButton from "./BaiduLoginButton";
+import InfoflowLoginButton from "./InfoflowLoginButton";
 import AppleLoginButton from "./AppleLoginButton"
 import AzureADLoginButton from "./AzureADLoginButton";
 import SlackLoginButton from "./SlackLoginButton";
@@ -186,6 +187,8 @@ class LoginPage extends React.Component {
      return <GitLabLoginButton text={text} align={"center"} />
    } else if (type === "Baidu") {
      return <BaiduLoginButton text={text} align={"center"} />
+    } else if (type === "Infoflow") {
+      return <InfoflowLoginButton text={text} align={"center"} />
    } else if (type === "Apple") {
      return <AppleLoginButton text={text} align={"center"} />
    } else if (type === "AzureAD") {
--- a/web/src/auth/Provider.js
+++ b/web/src/auth/Provider.js
@@ -41,8 +41,8 @@ const authInfo = {
    endpoint: "https://www.facebook.com/dialog/oauth",
  },
  DingTalk: {
-    scope: "snsapi_login",
-    endpoint: "https://oapi.dingtalk.com/connect/oauth2/sns_authorize",
+    scope: "openid",
+    endpoint: "https://login.dingtalk.com/oauth2/auth",
  },
  Weibo: {
    scope: "email",
@@ -74,6 +74,9 @@ const authInfo = {
    scope: "basic",
    endpoint: "http://openapi.baidu.com/oauth/2.0/authorize",
  },
+  Infoflow: {
+    endpoint: "https://xpc.im.baidu.com/oauth2/authorize",
+  },
  Apple: {
    scope: "name%20email",
    endpoint: "https://appleid.apple.com/auth/authorize",
@@ -137,6 +140,20 @@ const otherProviderInfo = {
      url: "https://www.keycloak.org/"
    },
  },
+  Payment: {
+    "Alipay": {
+      logo: `${StaticBaseUrl}/img/payment_alipay.png`,
+      url: "https://www.alipay.com/"
+    },
+    "WeChat Pay": {
+      logo: `${StaticBaseUrl}/img/payment_wechat_pay.png`,
+      url: "https://pay.weixin.qq.com/"
+    },
+    "PayPal": {
+      logo: `${StaticBaseUrl}/img/payment_paypal.png`,
+      url: "https://www.paypal.com/"
+    },
+  },
 };

 export function getProviderLogo(provider) {
@@ -213,7 +230,7 @@ export function getAuthUrl(application, provider, method) {
  } else if (provider.type === "Facebook") {
    return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&scope=${scope}&response_type=code&state=${state}`;
  } else if (provider.type === "DingTalk") {
-    return `${endpoint}?appid=${provider.clientId}&redirect_uri=${redirectUri}&scope=${scope}&response_type=code&state=${state}`;
+    return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&scope=${scope}&response_type=code&state=${state}&prompt=consent`;
  } else if (provider.type === "Weibo") {
    return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&scope=${scope}&response_type=code&state=${state}`;
  } else if (provider.type === "Gitee") {
@@ -249,6 +266,8 @@ export function getAuthUrl(application, provider, method) {
    return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&response_type=code&scope=${scope}`;
  } else if (provider.type === "Baidu") {
    return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&response_type=code&scope=${scope}&display=popup`;
+  } else if (provider.type === "Infoflow"){
+    return `${endpoint}?appid=${provider.clientId}&redirect_uri=${redirectUri}?state=${state}`
  } else if (provider.type === "Apple") {
    return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&response_type=code&scope=${scope}&response_mode=form_post`;
  } else if (provider.type === "AzureAD") {
--- a/web/src/auth/Util.js
+++ b/web/src/auth/Util.js
@@ -75,18 +75,22 @@ export function renderMessageLarge(ths, msg) {
  }
 }

+function getRefinedValue(value){
+  return (value === null)? "" : value
+}
+
 export function getOAuthGetParameters(params) {
  const queries = (params !== undefined) ? params : new URLSearchParams(window.location.search);
-  const clientId = queries.get("client_id");
-  const responseType = queries.get("response_type");
-  const redirectUri = queries.get("redirect_uri");
-  const scope = queries.get("scope");
-  const state = queries.get("state");
-  const nonce = queries.get("nonce")
-  const challengeMethod = queries.get("code_challenge_method")
-  const codeChallenge = queries.get("code_challenge")
+  const clientId = getRefinedValue(queries.get("client_id"));
+  const responseType = getRefinedValue(queries.get("response_type"));
+  const redirectUri = getRefinedValue(queries.get("redirect_uri"));
+  const scope = getRefinedValue(queries.get("scope"));
+  const state = getRefinedValue(queries.get("state"));
+  const nonce = getRefinedValue(queries.get("nonce"))
+  const challengeMethod = getRefinedValue(queries.get("code_challenge_method"))
+  const codeChallenge = getRefinedValue(queries.get("code_challenge"))
  
-  if (clientId === undefined || clientId === null) {
+  if (clientId === undefined || clientId === null || clientId === "") {
    // login
    return null;
  } else {
--- a/web/src/backend/PaymentBackend.js
+++ b/web/src/backend/PaymentBackend.js
@@ -0,0 +1,56 @@
+// Copyright 2022 The casbin Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import * as Setting from "../Setting";
+
+export function getPayments(owner, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-payments?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
+    method: "GET",
+    credentials: "include"
+  }).then(res => res.json());
+}
+
+export function getPayment(owner, name) {
+  return fetch(`${Setting.ServerUrl}/api/get-payment?id=${owner}/${encodeURIComponent(name)}`, {
+    method: "GET",
+    credentials: "include"
+  }).then(res => res.json());
+}
+
+export function updatePayment(owner, name, payment) {
+  let newPayment = Setting.deepCopy(payment);
+  return fetch(`${Setting.ServerUrl}/api/update-payment?id=${owner}/${encodeURIComponent(name)}`, {
+    method: 'POST',
+    credentials: 'include',
+    body: JSON.stringify(newPayment),
+  }).then(res => res.json());
+}
+
+export function addPayment(payment) {
+  let newPayment = Setting.deepCopy(payment);
+  return fetch(`${Setting.ServerUrl}/api/add-payment`, {
+    method: 'POST',
+    credentials: 'include',
+    body: JSON.stringify(newPayment),
+  }).then(res => res.json());
+}
+
+export function deletePayment(payment) {
+  let newPayment = Setting.deepCopy(payment);
+  return fetch(`${Setting.ServerUrl}/api/delete-payment`, {
+    method: 'POST',
+    credentials: 'include',
+    body: JSON.stringify(newPayment),
+  }).then(res => res.json());
+}
--- a/web/src/locales/de/data.json
+++ b/web/src/locales/de/data.json
@@ -92,6 +92,8 @@
    "Avatar - Tooltip": "Avatar to show to others",
    "Back Home": "Zurück zu Hause",
    "Captcha": "Captcha",
+    "Cert": "Cert",
+    "Cert - Tooltip": "Cert - Tooltip",
    "Certs": "Certs",
    "Client IP": "Client-IP",
    "Created time": "Erstellte Zeit",
@@ -133,6 +135,7 @@
    "Password salt - Tooltip": "Random parameters used for password encryption",
    "Password type": "Passworttyp",
    "Password type - Tooltip": "The form in which the password is stored in the database",
+    "Payments": "Payments",
    "Permissions": "Berechtigungen",
    "Personal name": "Persönlicher Name",
    "Phone": "Telefon",
@@ -142,6 +145,7 @@
    "Preview": "Vorschau",
    "Preview - Tooltip": "The form in which the password is stored in the database",
    "Provider": "Anbieter",
+    "Provider - Tooltip": "Provider - Tooltip",
    "Providers": "Anbieter",
    "Providers - Tooltip": "List of third-party applications that can be used to log in",
    "Records": "Datensätze",
@@ -234,6 +238,15 @@
    "Website URL": "Website-URL",
    "Website URL - Tooltip": "Unique string-style identifier"
  },
+  "payment": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "Amount - Tooltip",
+    "Currency": "Currency",
+    "Currency - Tooltip": "Currency - Tooltip",
+    "Edit Payment": "Edit Payment",
+    "Good": "Good",
+    "Good - Tooltip": "Good - Tooltip"
+  },
  "permission": {
    "Actions": "Aktionen",
    "Actions - Tooltip": "Aktionen - Tooltip",
--- a/web/src/locales/en/data.json
+++ b/web/src/locales/en/data.json
@@ -92,6 +92,8 @@
    "Avatar - Tooltip": "Avatar - Tooltip",
    "Back Home": "Back Home",
    "Captcha": "Captcha",
+    "Cert": "Cert",
+    "Cert - Tooltip": "Cert - Tooltip",
    "Certs": "Certs",
    "Client IP": "Client IP",
    "Created time": "Created time",
@@ -133,6 +135,7 @@
    "Password salt - Tooltip": "Password salt - Tooltip",
    "Password type": "Password type",
    "Password type - Tooltip": "Password type - Tooltip",
+    "Payments": "Payments",
    "Permissions": "Permissions",
    "Personal name": "Personal name",
    "Phone": "Phone",
@@ -142,6 +145,7 @@
    "Preview": "Preview",
    "Preview - Tooltip": "Preview - Tooltip",
    "Provider": "Provider",
+    "Provider - Tooltip": "Provider - Tooltip",
    "Providers": "Providers",
    "Providers - Tooltip": "Providers - Tooltip",
    "Records": "Records",
@@ -234,6 +238,15 @@
    "Website URL": "Website URL",
    "Website URL - Tooltip": "Website URL - Tooltip"
  },
+  "payment": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "Amount - Tooltip",
+    "Currency": "Currency",
+    "Currency - Tooltip": "Currency - Tooltip",
+    "Edit Payment": "Edit Payment",
+    "Good": "Good",
+    "Good - Tooltip": "Good - Tooltip"
+  },
  "permission": {
    "Actions": "Actions",
    "Actions - Tooltip": "Actions - Tooltip",
--- a/web/src/locales/fr/data.json
+++ b/web/src/locales/fr/data.json
@@ -92,6 +92,8 @@
    "Avatar - Tooltip": "Avatar to show to others",
    "Back Home": "Retour à la page d'accueil",
    "Captcha": "Captcha",
+    "Cert": "Cert",
+    "Cert - Tooltip": "Cert - Tooltip",
    "Certs": "Certes",
    "Client IP": "IP du client",
    "Created time": "Date de création",
@@ -133,6 +135,7 @@
    "Password salt - Tooltip": "Random parameters used for password encryption",
    "Password type": "Type de mot de passe",
    "Password type - Tooltip": "The form in which the password is stored in the database",
+    "Payments": "Payments",
    "Permissions": "Permissions",
    "Personal name": "Nom personnel",
    "Phone": "Téléphone",
@@ -142,6 +145,7 @@
    "Preview": "Aperçu",
    "Preview - Tooltip": "The form in which the password is stored in the database",
    "Provider": "Fournisseur",
+    "Provider - Tooltip": "Provider - Tooltip",
    "Providers": "Fournisseurs",
    "Providers - Tooltip": "List of third-party applications that can be used to log in",
    "Records": "Enregistrements",
@@ -234,6 +238,15 @@
    "Website URL": "URL du site web",
    "Website URL - Tooltip": "Unique string-style identifier"
  },
+  "payment": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "Amount - Tooltip",
+    "Currency": "Currency",
+    "Currency - Tooltip": "Currency - Tooltip",
+    "Edit Payment": "Edit Payment",
+    "Good": "Good",
+    "Good - Tooltip": "Good - Tooltip"
+  },
  "permission": {
    "Actions": "Actions",
    "Actions - Tooltip": "Actions - Info-bulle",
--- a/web/src/locales/ja/data.json
+++ b/web/src/locales/ja/data.json
@@ -92,6 +92,8 @@
    "Avatar - Tooltip": "Avatar to show to others",
    "Back Home": "ホーム",
    "Captcha": "Captcha",
+    "Cert": "Cert",
+    "Cert - Tooltip": "Cert - Tooltip",
    "Certs": "Certs",
    "Client IP": "クライアント IP",
    "Created time": "作成日時",
@@ -133,6 +135,7 @@
    "Password salt - Tooltip": "Random parameters used for password encryption",
    "Password type": "パスワードの種類",
    "Password type - Tooltip": "The form in which the password is stored in the database",
+    "Payments": "Payments",
    "Permissions": "アクセス許可",
    "Personal name": "個人名",
    "Phone": "電話番号",
@@ -142,6 +145,7 @@
    "Preview": "プレビュー",
    "Preview - Tooltip": "The form in which the password is stored in the database",
    "Provider": "プロバイダー",
+    "Provider - Tooltip": "Provider - Tooltip",
    "Providers": "プロバイダー",
    "Providers - Tooltip": "List of third-party applications that can be used to log in",
    "Records": "レコード",
@@ -234,6 +238,15 @@
    "Website URL": "Website URL",
    "Website URL - Tooltip": "Unique string-style identifier"
  },
+  "payment": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "Amount - Tooltip",
+    "Currency": "Currency",
+    "Currency - Tooltip": "Currency - Tooltip",
+    "Edit Payment": "Edit Payment",
+    "Good": "Good",
+    "Good - Tooltip": "Good - Tooltip"
+  },
  "permission": {
    "Actions": "アクション",
    "Actions - Tooltip": "アクション → ツールチップ",
--- a/web/src/locales/ko/data.json
+++ b/web/src/locales/ko/data.json
@@ -92,6 +92,8 @@
    "Avatar - Tooltip": "Avatar to show to others",
    "Back Home": "Back Home",
    "Captcha": "Captcha",
+    "Cert": "Cert",
+    "Cert - Tooltip": "Cert - Tooltip",
    "Certs": "Certs",
    "Client IP": "Client IP",
    "Created time": "Created time",
@@ -133,6 +135,7 @@
    "Password salt - Tooltip": "Random parameters used for password encryption",
    "Password type": "Password type",
    "Password type - Tooltip": "The form in which the password is stored in the database",
+    "Payments": "Payments",
    "Permissions": "Permissions",
    "Personal name": "Personal name",
    "Phone": "Phone",
@@ -142,6 +145,7 @@
    "Preview": "Preview",
    "Preview - Tooltip": "The form in which the password is stored in the database",
    "Provider": "Provider",
+    "Provider - Tooltip": "Provider - Tooltip",
    "Providers": "Providers",
    "Providers - Tooltip": "List of third-party applications that can be used to log in",
    "Records": "Records",
@@ -234,6 +238,15 @@
    "Website URL": "Website URL",
    "Website URL - Tooltip": "Unique string-style identifier"
  },
+  "payment": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "Amount - Tooltip",
+    "Currency": "Currency",
+    "Currency - Tooltip": "Currency - Tooltip",
+    "Edit Payment": "Edit Payment",
+    "Good": "Good",
+    "Good - Tooltip": "Good - Tooltip"
+  },
  "permission": {
    "Actions": "Actions",
    "Actions - Tooltip": "Actions - Tooltip",
--- a/web/src/locales/ru/data.json
+++ b/web/src/locales/ru/data.json
@@ -92,6 +92,8 @@
    "Avatar - Tooltip": "Avatar to show to others",
    "Back Home": "Назад",
    "Captcha": "Капча",
+    "Cert": "Cert",
+    "Cert - Tooltip": "Cert - Tooltip",
    "Certs": "Сертификаты",
    "Client IP": "IP клиента",
    "Created time": "Время создания",
@@ -133,6 +135,7 @@
    "Password salt - Tooltip": "Random parameters used for password encryption",
    "Password type": "Тип пароля",
    "Password type - Tooltip": "The form in which the password is stored in the database",
+    "Payments": "Payments",
    "Permissions": "Права доступа",
    "Personal name": "Личное имя",
    "Phone": "Телефон",
@@ -142,6 +145,7 @@
    "Preview": "Предпросмотр",
    "Preview - Tooltip": "The form in which the password is stored in the database",
    "Provider": "Поставщик",
+    "Provider - Tooltip": "Provider - Tooltip",
    "Providers": "Поставщики",
    "Providers - Tooltip": "List of third-party applications that can be used to log in",
    "Records": "Отчеты",
@@ -234,6 +238,15 @@
    "Website URL": "URL сайта",
    "Website URL - Tooltip": "Unique string-style identifier"
  },
+  "payment": {
+    "Amount": "Amount",
+    "Amount - Tooltip": "Amount - Tooltip",
+    "Currency": "Currency",
+    "Currency - Tooltip": "Currency - Tooltip",
+    "Edit Payment": "Edit Payment",
+    "Good": "Good",
+    "Good - Tooltip": "Good - Tooltip"
+  },
  "permission": {
    "Actions": "Действия",
    "Actions - Tooltip": "Действия - Подсказка",
--- a/web/src/locales/zh/data.json
+++ b/web/src/locales/zh/data.json
@@ -92,6 +92,8 @@
    "Avatar - Tooltip": "向其他人展示的头像",
    "Back Home": "返回到首页",
    "Captcha": "人机验证码",
+    "Cert": "证书",
+    "Cert - Tooltip": "该应用所对应的客户端SDK需要验证的公钥证书",
    "Certs": "证书",
    "Client IP": "客户端IP",
    "Created time": "创建时间",
@@ -133,6 +135,7 @@
    "Password salt - Tooltip": "用于密码加密的随机参数",
    "Password type": "密码类型",
    "Password type - Tooltip": "密码在数据库中存储的形式",
+    "Payments": "付款",
    "Permissions": "权限",
    "Personal name": "姓名",
    "Phone": "手机号",
@@ -142,6 +145,7 @@
    "Preview": "预览",
    "Preview - Tooltip": "预览",
    "Provider": "提供商",
+    "Provider - Tooltip": "第三方登录需要配置的提供方",
    "Providers": "提供商",
    "Providers - Tooltip": "第三方登录需要配置的提供方",
    "Records": "日志",
@@ -234,6 +238,15 @@
    "Website URL": "网页地址",
    "Website URL - Tooltip": "网页地址"
  },
+  "payment": {
+    "Amount": "金额",
+    "Amount - Tooltip": "付款的金额",
+    "Currency": "币种",
+    "Currency - Tooltip": "如USD（美元），CNY（人民币）等",
+    "Edit Payment": "编辑付款",
+    "Good": "商品",
+    "Good - Tooltip": "购买的商品名称"
+  },
  "permission": {
    "Actions": "动作",
    "Actions - Tooltip": "授权的动作",
--- a/xlsx/xlsx_test.go
+++ b/xlsx/xlsx_test.go
@@ -11,6 +11,7 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
+// +build !skipCi

 package xlsx

@@ -19,4 +20,4 @@ import "testing"
 func TestReadSheet(t *testing.T) {
 	ticket := ReadXlsxFile("../../tmpFiles/example")
 	println(ticket)
-}
+}
Author	SHA1	Message	Date
Rafael Firmino	47d1448c02	test: add step in gitHub action from running tests first (#476 ) * Add step for running tests in github actions The test xlsx/xlsx_test.go is removed becout the path containing file not exist. * Fix error in test * test: This test was supposed to test getUsers, but it does nothing This test will be rewrite for using a clean database, today its necessary create a syncer manualy for this test pass. * Add syncer tests * Fix Copyright position * fix: back with test file	2022-02-10 17:15:15 +08:00
Steve0x2a	eb15afec34	fix: use new dingtalk api and support qrcode method (#486 ) Signed-off-by: Steve0x2a <stevesough@gmail.com>	2022-02-10 17:14:18 +08:00
Yang Luo	e1c54744dc	Add cert to ApplicationEditPage.js	2022-02-08 20:59:20 +08:00
Yang Luo	612b5f5c2e	Improve message in GetOAuthToken().	2022-02-08 20:52:20 +08:00
Rafael Firmino	bd38552db5	test: add tests in time util package (#474 ) * test: add tests in time util package * Add copyright	2022-02-07 22:21:19 +08:00
Steve0x2a	256b433e57	fix: IsTokenExpired function adjustment (#475 ) * fix: IsTokenExpired function adjustment Signed-off-by: Steve0x2a <stevesough@gmail.com> * fix: tokenExpired err Signed-off-by: Steve0x2a <stevesough@gmail.com>	2022-02-07 22:20:36 +08:00
Steve0x2a	63161d6135	fix: infoflow's parameter error (#480 ) * fix: missing state parameter Signed-off-by: Steve0x2a <stevesough@gmail.com> * fix: infoflow's parameter error Signed-off-by: Steve0x2a <stevesough@gmail.com> * fix: use userid instead of imid Signed-off-by: Steve0x2a <stevesough@gmail.com>	2022-02-07 21:50:51 +08:00
Steve0x2a	5640d258bb	fix: missing state parameter (#478 ) Signed-off-by: Steve0x2a <stevesough@gmail.com>	2022-02-07 15:54:37 +08:00
Steve0x2a	f85f4c0cf8	feat: add infoflow idp support (#472 ) * feat: add infoflow internal backend support Signed-off-by: Steve0x2a <stevesough@gmail.com> * feat: add infoflow idp support Signed-off-by: Steve0x2a <stevesough@gmail.com> * fix: copyright and comment Signed-off-by: Steve0x2a <stevesough@gmail.com>	2022-02-05 21:54:38 +08:00
Yang Luo	0720794e75	Fix bug in IsTokenExpired().	2022-02-05 21:16:30 +08:00
Yang Luo	940aa2bc2d	Add payment pages.	2022-02-05 20:13:15 +08:00
Товарищ программист	db44957b1f	fix: fix proxy for swagger (#471 )	2022-02-04 20:00:40 +08:00
Rafael Firmino	e5e1fdae76	FIx: menu redirect to swagger (#470 )	2022-02-04 19:08:32 +08:00
Rafael Firmino	80f01074fa	fix: 'restart always' instruction is in wrong position (#468 )	2022-02-03 21:27:27 +08:00
Steve0x2a	d943d5cc61	fix: oauth params null value error (#465 ) Signed-off-by: Steve0x2a <stevesough@gmail.com>	2022-01-30 17:58:54 +08:00
Gucheng Wang	19ed35f964	Add getOriginFromHost().	2022-01-29 23:43:25 +08:00