feat: add query and fragment response mode declare in OIDC (#1439 )

feat: edit user properties (#1435 )
fix: fix translate error (#1432 )
2025-07-08 00:50:28 +08:00 · 2023-01-01 21:46:12 +08:00 · 2022-12-31 15:27:53 +08:00 · 2022-12-30 12:10:18 +08:00 · 2022-12-29 22:30:37 +08:00 · 2022-12-27 14:46:57 +08:00
173 changed files with 5665 additions and 2911 deletions
--- a/.github/workflows/sync.yml
+++ b/.github/workflows/sync.yml
@ -33,3 +33,24 @@ jobs:
        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        CROWDIN_PROJECT_ID: '463556'
        CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
+
+    - name: crowdin backend action
+      uses: crowdin/github-action@1.4.8
+      with:
+        upload_translations: true
+
+        download_translations: true
+        push_translations: true
+        commit_message: 'refactor: New Crowdin Backend translations by Github Action'
+
+        localization_branch_name: l10n_crowdin_action
+        create_pull_request: true
+        pull_request_title: 'refactor: New Crowdin Backend translations'
+
+        crowdin_branch_name: l10n_branch
+        config: './crowdin.yml'
+
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        CROWDIN_PROJECT_ID: '463556'
+        CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
--- a/README.md
+++ b/README.md
@ -44,14 +44,12 @@

 ## Online demo

- International: https://door.casdoor.org (read-only)
- Asian mirror: https://door.casdoor.com (read-only)
- Asian mirror: https://demo.casdoor.com (read-write, will restore for every 5 minutes)
+- Read-only site: https://door.casdoor.com (any modification operation will fail)
+- Writable site: https://demo.casdoor.com (original data will be restored for every 5 minutes)

 ## Documentation

- International: https://casdoor.org
- Asian mirror: https://casdoor.cn
+https://casdoor.org

 ## Install

--- a/authz/authz.go
+++ b/authz/authz.go
@ -32,7 +32,9 @@ func InitAuthz() {
 	var err error

 	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
-	a, err := xormadapter.NewAdapterWithTableName(conf.GetConfigString("driverName"), conf.GetConfigDataSourceName()+conf.GetConfigString("dbName"), "casbin_rule", tableNamePrefix, true)
+	driverName := conf.GetConfigString("driverName")
+	dataSourceName := conf.GetConfigRealDataSourceName(driverName)
+	a, err := xormadapter.NewAdapterWithTableName(driverName, dataSourceName, "casbin_rule", tableNamePrefix, true)
 	if err != nil {
 		panic(err)
 	}
@ -85,6 +87,8 @@ p, *, *, POST, /api/logout, *, *
 p, *, *, GET, /api/logout, *, *
 p, *, *, GET, /api/get-account, *, *
 p, *, *, GET, /api/userinfo, *, *
+p, *, *, POST, /api/webhook, *, *
+p, *, *, GET, /api/get-webhook-event, *, *
 p, *, *, *, /api/login/oauth, *, *
 p, *, *, GET, /api/get-application, *, *
 p, *, *, GET, /api/get-organization-applications, *, *
--- a/captcha/provider.go
+++ b/captcha/provider.go
@ -31,6 +31,8 @@ func GetCaptchaProvider(captchaType string) CaptchaProvider {
 		return NewAliyunCaptchaProvider()
 	} else if captchaType == "GEETEST" {
 		return NewGEETESTCaptchaProvider()
+	} else if captchaType == "Cloudflare Turnstile" {
+		return NewCloudflareTurnstileProvider()
 	}
 	return nil
 }
--- a/captcha/turnstile.go
+++ b/captcha/turnstile.go
@ -0,0 +1,66 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package captcha
+
+import (
+	"encoding/json"
+	"errors"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+const CloudflareTurnstileVerifyUrl = "https://challenges.cloudflare.com/turnstile/v0/siteverify"
+
+type CloudflareTurnstileProvider struct{}
+
+func NewCloudflareTurnstileProvider() *CloudflareTurnstileProvider {
+	captcha := &CloudflareTurnstileProvider{}
+	return captcha
+}
+
+func (captcha *CloudflareTurnstileProvider) VerifyCaptcha(token, clientSecret string) (bool, error) {
+	reqData := url.Values{
+		"secret":   {clientSecret},
+		"response": {token},
+	}
+	resp, err := http.PostForm(CloudflareTurnstileVerifyUrl, reqData)
+	if err != nil {
+		return false, err
+	}
+
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return false, err
+	}
+
+	type captchaResponse struct {
+		Success    bool     `json:"success"`
+		ErrorCodes []string `json:"error-codes"`
+	}
+	captchaResp := &captchaResponse{}
+	err = json.Unmarshal(body, captchaResp)
+	if err != nil {
+		return false, err
+	}
+
+	if len(captchaResp.ErrorCodes) > 0 {
+		return false, errors.New(strings.Join(captchaResp.ErrorCodes, ","))
+	}
+
+	return captchaResp.Success, nil
+}
--- a/conf/app.conf
+++ b/conf/app.conf
@ -21,3 +21,4 @@ isDemoMode = false
 batchSize = 100
 ldapServerPort = 389
 languages = en,zh,es,fr,de,ja,ko,ru
+quota = {"organization": -1, "user": -1, "application": -1, "provider": -1}
--- a/conf/conf.go
+++ b/conf/conf.go
@ -15,6 +15,7 @@
 package conf

 import (
+	"encoding/json"
 	"fmt"
 	"os"
 	"runtime"
@ -24,6 +25,15 @@ import (
 	"github.com/beego/beego"
 )

+type Quota struct {
+	Organization int `json:"organization"`
+	User         int `json:"user"`
+	Application  int `json:"application"`
+	Provider     int `json:"provider"`
+}
+
+var quota = &Quota{-1, -1, -1, -1}
+
 func init() {
 	// this array contains the beego configuration items that may be modified via env
 	presetConfigItems := []string{"httpport", "appname"}
@ -35,6 +45,17 @@ func init() {
 			}
 		}
 	}
+	initQuota()
+}
+
+func initQuota() {
+	res := beego.AppConfig.String("quota")
+	if res != "" {
+		err := json.Unmarshal([]byte(res), quota)
+		if err != nil {
+			panic(err)
+		}
+	}
 }

 func GetConfigString(key string) string {
@ -95,3 +116,17 @@ func GetConfigBatchSize() int {
 	}
 	return res
 }
+
+func GetConfigQuota() *Quota {
+	return quota
+}
+
+func GetConfigRealDataSourceName(driverName string) string {
+	var dataSourceName string
+	if driverName != "mysql" {
+		dataSourceName = GetConfigDataSourceName()
+	} else {
+		dataSourceName = GetConfigDataSourceName() + GetConfigString("dbName")
+	}
+	return dataSourceName
+}
--- a/conf/conf_test.go
+++ b/conf/conf_test.go
@ -93,3 +93,19 @@ func TestGetConfBool(t *testing.T) {
 		})
 	}
 }
+
+func TestGetConfigQuota(t *testing.T) {
+	scenarios := []struct {
+		description string
+		expected    *Quota
+	}{
+		{"default", &Quota{-1, -1, -1, -1}},
+	}
+
+	err := beego.LoadAppConfig("ini", "app.conf")
+	assert.Nil(t, err)
+	for _, scenery := range scenarios {
+		quota := GetConfigQuota()
+		assert.Equal(t, scenery.expected, quota)
+	}
+}
--- a/controllers/account.go
+++ b/controllers/account.go
@ -102,7 +102,7 @@ type Captcha struct {
 // @router /signup [post]
 func (c *ApiController) Signup() {
 	if c.GetSessionUsername() != "" {
-		c.ResponseError(c.T("SignUpErr.SignOutFirst"), c.GetSessionUsername())
+		c.ResponseError(c.T("account:Please sign out first before signing up"), c.GetSessionUsername())
 		return
 	}

@ -115,7 +115,7 @@ func (c *ApiController) Signup() {

 	application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
 	if !application.EnableSignUp {
-		c.ResponseError(c.T("SignUpErr.DoNotAllowSignUp"))
+		c.ResponseError(c.T("account:The application does not allow to sign up new account"))
 		return
 	}

@ -129,7 +129,7 @@ func (c *ApiController) Signup() {
 	if application.IsSignupItemVisible("Email") && application.GetSignupItemRule("Email") != "No verification" && form.Email != "" {
 		checkResult := object.CheckVerificationCode(form.Email, form.EmailCode, c.GetAcceptLanguage())
 		if len(checkResult) != 0 {
-			c.ResponseError(c.T("EmailErr.EmailCheckResult"), checkResult)
+			c.ResponseError(c.T("account:Email: %s"), checkResult)
 			return
 		}
 	}
@ -139,7 +139,7 @@ func (c *ApiController) Signup() {
 		checkPhone = fmt.Sprintf("+%s%s", form.PhonePrefix, form.Phone)
 		checkResult := object.CheckVerificationCode(checkPhone, form.PhoneCode, c.GetAcceptLanguage())
 		if len(checkResult) != 0 {
-			c.ResponseError(c.T("PhoneErr.PhoneCheckResult"), checkResult)
+			c.ResponseError(c.T("account:Phone: %s"), checkResult)
 			return
 		}
 	}
@ -161,9 +161,9 @@ func (c *ApiController) Signup() {
 		username = id
 	}

-	initScore, err := getInitScore()
+	initScore, err := getInitScore(organization)
 	if err != nil {
-		c.ResponseError(fmt.Errorf(c.T("InitErr.InitScoreFailed"), err).Error())
+		c.ResponseError(fmt.Errorf(c.T("account:Get init score failed, error: %w"), err).Error())
 		return
 	}

@ -209,7 +209,7 @@ func (c *ApiController) Signup() {

 	affected := object.AddUser(user)
 	if !affected {
-		c.ResponseError(c.T("UserErr.InvalidInformation"), util.StructToJson(user))
+		c.ResponseError(c.T("account:Invalid information"), util.StructToJson(user))
 		return
 	}

--- a/controllers/application.go
+++ b/controllers/application.go
@ -46,7 +46,7 @@ func (c *ApiController) GetApplications() {
 		if organization == "" {
 			applications = object.GetApplications(owner)
 		} else {
-			applications = object.GetApplicationsByOrganizationName(owner, organization)
+			applications = object.GetOrganizationApplications(owner, organization)
 		}

 		c.Data["json"] = object.GetMaskedApplications(applications, userId)
@ -86,7 +86,7 @@ func (c *ApiController) GetUserApplication() {
 	id := c.Input().Get("id")
 	user := object.GetUser(id)
 	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("UserErr.DoNotExist"), id))
+		c.ResponseError(fmt.Sprintf(c.T("application:The user: %s doesn't exist"), id))
 		return
 	}

@ -103,17 +103,31 @@ func (c *ApiController) GetUserApplication() {
 // @router /get-organization-applications [get]
 func (c *ApiController) GetOrganizationApplications() {
 	userId := c.GetSessionUsername()
-	owner := c.Input().Get("owner")
 	organization := c.Input().Get("organization")
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")

 	if organization == "" {
-		c.ResponseError(c.T("ParameterErr.OrgMissingErr"))
+		c.ResponseError(c.T("application:Parameter organization is missing"))
 		return
 	}

-	applications := object.GetApplicationsByOrganizationName(owner, organization)
-	c.Data["json"] = object.GetMaskedApplications(applications, userId)
-	c.ServeJSON()
+	if limit == "" || page == "" {
+		var applications []*object.Application
+		applications = object.GetOrganizationApplications(owner, organization)
+		c.Data["json"] = object.GetMaskedApplications(applications, userId)
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetOrganizationApplicationCount(owner, organization, field, value)))
+		applications := object.GetMaskedApplications(object.GetPaginationOrganizationApplications(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder), userId)
+		c.ResponseOk(applications, paginator.Nums())
+	}
 }

 // UpdateApplication
@ -153,6 +167,12 @@ func (c *ApiController) AddApplication() {
 		return
 	}

+	count := object.GetApplicationCount("", "", "")
+	if err := checkQuotaForApplication(count); err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
 	c.Data["json"] = wrapActionResponse(object.AddApplication(&application))
 	c.ServeJSON()
 }
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -17,14 +17,16 @@ package controllers
 import (
 	"encoding/base64"
 	"encoding/json"
+	"encoding/xml"
 	"fmt"
+	"io/ioutil"
 	"net/url"
 	"strconv"
 	"strings"
+	"sync"
 	"time"

 	"github.com/casdoor/casdoor/captcha"
-
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/idp"
 	"github.com/casdoor/casdoor/object"
@ -33,6 +35,11 @@ import (
 	"github.com/google/uuid"
 )

+var (
+	wechatScanType string
+	lock           sync.RWMutex
+)
+
 func codeToResponse(code *object.Code) *Response {
 	if code.Code == "" {
 		return &Response{Status: "error", Msg: code.Message, Data: code.Code}
@ -58,7 +65,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		return
 	}
 	if !allowed {
-		c.ResponseError(c.T("AuthErr.Unauthorized"))
+		c.ResponseError(c.T("auth:Unauthorized operation"))
 		return
 	}

@ -77,7 +84,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		codeChallenge := c.Input().Get("code_challenge")

 		if challengeMethod != "S256" && challengeMethod != "null" && challengeMethod != "" {
-			c.ResponseError(c.T("AuthErr.ChallengeMethodErr"))
+			c.ResponseError(c.T("auth:Challenge method should be S256"))
 			return
 		}
 		code := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce, codeChallenge, c.Ctx.Request.Host, c.GetAcceptLanguage())
@ -163,7 +170,7 @@ func (c *ApiController) GetApplicationLogin() {
 }

 func setHttpClient(idProvider idp.IdProvider, providerType string) {
-	if providerType == "GitHub" || providerType == "Google" || providerType == "Facebook" || providerType == "LinkedIn" || providerType == "Steam" {
+	if providerType == "GitHub" || providerType == "Google" || providerType == "Facebook" || providerType == "LinkedIn" || providerType == "Steam" || providerType == "Line" {
 		idProvider.SetHttpClient(proxy.ProxyHttpClient)
 	} else {
 		idProvider.SetHttpClient(proxy.DefaultHttpClient)
@ -198,7 +205,7 @@ func (c *ApiController) Login() {
 	if form.Username != "" {
 		if form.Type == ResponseTypeLogin {
 			if c.GetSessionUsername() != "" {
-				c.ResponseError(c.T("LoginErr.SignOutFirst"), c.GetSessionUsername())
+				c.ResponseError(c.T("auth:Please sign out first before signing in"), c.GetSessionUsername())
 				return
 			}
 		}
@ -224,7 +231,7 @@ func (c *ApiController) Login() {
 			} else {
 				verificationCodeType = "phone"
 				if len(form.PhonePrefix) == 0 {
-					responseText := fmt.Sprintf(c.T("PhoneErr.NoPrefix"), verificationCodeType)
+					responseText := fmt.Sprintf(c.T("auth:%s No phone prefix"), verificationCodeType)
 					c.ResponseError(responseText)
 					return
 				}
@ -249,13 +256,17 @@ func (c *ApiController) Login() {

 			user = object.GetUserByFields(form.Organization, form.Username)
 			if user == nil {
-				c.ResponseError(fmt.Sprintf(c.T("LoginErr.UserDoNotExist"), form.Organization, form.Username))
+				c.ResponseError(fmt.Sprintf(c.T("auth:The user: %s/%s doesn't exist"), form.Organization, form.Username))
 				return
 			}
 		} else {
 			application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
 			if application == nil {
-				c.ResponseError(fmt.Sprintf("The application: %s does not exist", form.Application))
+				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), form.Application))
+				return
+			}
+			if !application.EnablePassword {
+				c.ResponseError(c.T("auth:The login method: login with password is not enabled for the application"))
 				return
 			}

@ -267,7 +278,7 @@ func (c *ApiController) Login() {
 				}

 				if !isHuman {
-					c.ResponseError("Turing test failed.")
+					c.ResponseError(c.T("auth:Turing test failed."))
 					return
 				}
 			}
@ -281,7 +292,7 @@ func (c *ApiController) Login() {
 		} else {
 			application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
 			if application == nil {
-				c.ResponseError(fmt.Sprintf(c.T("LoginErr.AppDoNotExist"), form.Application))
+				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), form.Application))
 				return
 			}

@ -295,15 +306,15 @@ func (c *ApiController) Login() {
 	} else if form.Provider != "" {
 		application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
 		if application == nil {
-			c.ResponseError(fmt.Sprintf(c.T("LoginErr.AppDoNotExist"), form.Application))
+			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), form.Application))
 			return
 		}

 		organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", application.Organization))
-		provider := object.GetProvider(fmt.Sprintf("admin/%s", form.Provider))
+		provider := object.GetProvider(util.GetId("admin", form.Provider))
 		providerItem := application.GetProviderItem(provider.Name)
 		if !providerItem.IsProviderVisible() {
-			c.ResponseError(fmt.Sprintf(c.T("ProviderErr.ProviderNotEnabled"), provider.Name))
+			c.ResponseError(fmt.Sprintf(c.T("auth:The provider: %s is not enabled for the application"), provider.Name))
 			return
 		}

@ -327,14 +338,14 @@ func (c *ApiController) Login() {

 			idProvider := idp.GetIdProvider(provider.Type, provider.SubType, clientId, clientSecret, provider.AppId, form.RedirectUri, provider.Domain, provider.CustomAuthUrl, provider.CustomTokenUrl, provider.CustomUserInfoUrl)
 			if idProvider == nil {
-				c.ResponseError(fmt.Sprintf(c.T("ProviderErr.ProviderNotSupported"), provider.Type))
+				c.ResponseError(fmt.Sprintf(c.T("auth:The provider type: %s is not supported"), provider.Type))
 				return
 			}

 			setHttpClient(idProvider, provider.Type)

 			if form.State != conf.GetConfigString("authState") && form.State != application.Name {
-				c.ResponseError(fmt.Sprintf(c.T("AuthErr.AuthStateWrong"), conf.GetConfigString("authState"), form.State))
+				c.ResponseError(fmt.Sprintf(c.T("auth:State expected: %s, but got: %s"), conf.GetConfigString("authState"), form.State))
 				return
 			}

@ -346,13 +357,13 @@ func (c *ApiController) Login() {
 			}

 			if !token.Valid() {
-				c.ResponseError(c.T("TokenErr.InvalidToken"))
+				c.ResponseError(c.T("auth:Invalid token"))
 				return
 			}

 			userInfo, err = idProvider.GetUserInfo(token)
 			if err != nil {
-				c.ResponseError(fmt.Sprintf(c.T("LoginErr.LoginFail"), err.Error()))
+				c.ResponseError(fmt.Sprintf(c.T("auth:Failed to login in: %s"), err.Error()))
 				return
 			}
 		}
@ -369,7 +380,7 @@ func (c *ApiController) Login() {
 				// Sign in via OAuth (want to sign up but already have account)

 				if user.IsForbidden {
-					c.ResponseError(c.T("LoginErr.UserIsForbidden"))
+					c.ResponseError(c.T("auth:The user is forbidden to sign in, please contact the administrator"))
 				}

 				resp = c.HandleLoggedIn(application, user, &form)
@ -381,12 +392,12 @@ func (c *ApiController) Login() {
 			} else if provider.Category == "OAuth" {
 				// Sign up via OAuth
 				if !application.EnableSignUp {
-					c.ResponseError(fmt.Sprintf(c.T("LoginErr.AppNotEnableSignUp"), provider.Type, userInfo.Username, userInfo.DisplayName))
+					c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support"), provider.Type, userInfo.Username, userInfo.DisplayName))
 					return
 				}

 				if !providerItem.CanSignUp {
-					c.ResponseError(fmt.Sprintf(c.T("LoginErr.ProviderCanNotSignUp"), provider.Type, userInfo.Username, userInfo.DisplayName, provider.Type))
+					c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up"), provider.Type, userInfo.Username, userInfo.DisplayName, provider.Type))
 					return
 				}

@ -405,9 +416,9 @@ func (c *ApiController) Login() {

 				properties := map[string]string{}
 				properties["no"] = strconv.Itoa(len(object.GetUsers(application.Organization)) + 2)
-				initScore, err := getInitScore()
+				initScore, err := getInitScore(organization)
 				if err != nil {
-					c.ResponseError(fmt.Errorf(c.T("InitErr.InitScoreFailed"), err).Error())
+					c.ResponseError(fmt.Errorf(c.T("auth:Get init score failed, error: %w"), err).Error())
 					return
 				}

@ -434,7 +445,7 @@ func (c *ApiController) Login() {

 				affected := object.AddUser(user)
 				if !affected {
-					c.ResponseError(fmt.Sprintf(c.T("LoginErr.InvalidUserInformation"), util.StructToJson(user)))
+					c.ResponseError(fmt.Sprintf(c.T("auth:Failed to create user, user information is invalid: %s"), util.StructToJson(user)))
 					return
 				}

@ -459,13 +470,13 @@ func (c *ApiController) Login() {
 		} else { // form.Method != "signup"
 			userId := c.GetSessionUsername()
 			if userId == "" {
-				c.ResponseError(c.T("LoginErr.AccountDoNotExist"), userInfo)
+				c.ResponseError(c.T("auth:The account does not exist"), userInfo)
 				return
 			}

 			oldUser := object.GetUserByField(application.Organization, provider.Type, userInfo.Id)
 			if oldUser != nil {
-				c.ResponseError(fmt.Sprintf(c.T("LoginErr.OldUser"), provider.Type, userInfo.Username, userInfo.DisplayName, oldUser.Name, oldUser.DisplayName))
+				c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)"), provider.Type, userInfo.Username, userInfo.DisplayName, oldUser.Name, oldUser.DisplayName))
 				return
 			}

@ -486,7 +497,7 @@ func (c *ApiController) Login() {
 			// user already signed in to Casdoor, so let the user click the avatar button to do the quick sign-in
 			application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
 			if application == nil {
-				c.ResponseError(fmt.Sprintf(c.T("LoginErr.AppDoNotExist"), form.Application))
+				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), form.Application))
 				return
 			}

@ -498,7 +509,7 @@ func (c *ApiController) Login() {
 			record.User = user.Name
 			util.SafeGoroutine(func() { object.AddRecord(record) })
 		} else {
-			c.ResponseError(fmt.Sprintf(c.T("LoginErr.UnknownAuthentication"), util.StructToJson(form)))
+			c.ResponseError(fmt.Sprintf(c.T("auth:Unknown authentication type (not password or provider), form = %s"), util.StructToJson(form)))
 			return
 		}
 	}
@ -531,3 +542,46 @@ func (c *ApiController) HandleSamlLogin() {
 		slice[4], relayState, samlResponse)
 	c.Redirect(targetUrl, 303)
 }
+
+// HandleOfficialAccountEvent ...
+// @Tag HandleOfficialAccountEvent API
+// @Title HandleOfficialAccountEvent
+// @router /api/webhook [POST]
+func (c *ApiController) HandleOfficialAccountEvent() {
+	respBytes, err := ioutil.ReadAll(c.Ctx.Request.Body)
+	if err != nil {
+		c.ResponseError(err.Error())
+	}
+	var data struct {
+		MsgType  string `xml:"MsgType"`
+		Event    string `xml:"Event"`
+		EventKey string `xml:"EventKey"`
+	}
+	err = xml.Unmarshal(respBytes, &data)
+	if err != nil {
+		c.ResponseError(err.Error())
+	}
+	lock.Lock()
+	defer lock.Unlock()
+	if data.EventKey != "" {
+		wechatScanType = data.Event
+		c.Ctx.WriteString("")
+	}
+}
+
+// GetWebhookEventType ...
+// @Tag GetWebhookEventType API
+// @Title GetWebhookEventType
+// @router /api/get-webhook-event [GET]
+func (c *ApiController) GetWebhookEventType() {
+	lock.Lock()
+	defer lock.Unlock()
+	resp := &Response{
+		Status: "ok",
+		Msg:    "",
+		Data:   wechatScanType,
+	}
+	c.Data["json"] = resp
+	wechatScanType = ""
+	c.ServeJSON()
+}
--- a/controllers/cas.go
+++ b/controllers/cas.go
@ -210,7 +210,7 @@ func (c *RootController) SamlValidate() {
 	}

 	if !strings.HasPrefix(target, service) {
-		c.ResponseError(fmt.Sprintf(c.T("CasErr.ServiceDoNotMatch"), target, service))
+		c.ResponseError(fmt.Sprintf(c.T("cas:Service %s and %s do not match"), target, service))
 		return
 	}

--- a/controllers/casbin_adapter.go
+++ b/controllers/casbin_adapter.go
@ -18,6 +18,7 @@ import (
 	"encoding/json"

 	"github.com/beego/beego/utils/pagination"
+	xormadapter "github.com/casbin/xorm-adapter/v3"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@ -31,8 +32,8 @@ func (c *ApiController) GetCasbinAdapters() {
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	if limit == "" || page == "" {
-		c.Data["json"] = object.GetCasbinAdapters(owner)
-		c.ServeJSON()
+		adapters := object.GetCasbinAdapters(owner)
+		c.ResponseOk(adapters)
 	} else {
 		limit := util.ParseInt(limit)
 		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetCasbinAdapterCount(owner, field, value)))
@ -43,8 +44,8 @@ func (c *ApiController) GetCasbinAdapters() {

 func (c *ApiController) GetCasbinAdapter() {
 	id := c.Input().Get("id")
-	c.Data["json"] = object.GetCasbinAdapter(id)
-	c.ServeJSON()
+	adapter := object.GetCasbinAdapter(id)
+	c.ResponseOk(adapter)
 }

 func (c *ApiController) UpdateCasbinAdapter() {
@ -89,6 +90,68 @@ func (c *ApiController) SyncPolicies() {
 	id := c.Input().Get("id")
 	adapter := object.GetCasbinAdapter(id)

-	c.Data["json"] = object.SyncPolicies(adapter)
+	policies, err := object.SyncPolicies(adapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.ResponseOk(policies)
+}
+
+func (c *ApiController) UpdatePolicy() {
+	id := c.Input().Get("id")
+	adapter := object.GetCasbinAdapter(id)
+	var policies []xormadapter.CasbinRule
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policies)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	affected, err := object.UpdatePolicy(util.CasbinToSlice(policies[0]), util.CasbinToSlice(policies[1]), adapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	c.Data["json"] = wrapActionResponse(affected)
+	c.ServeJSON()
+}
+
+func (c *ApiController) AddPolicy() {
+	id := c.Input().Get("id")
+	adapter := object.GetCasbinAdapter(id)
+	var policy xormadapter.CasbinRule
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	affected, err := object.AddPolicy(util.CasbinToSlice(policy), adapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	c.Data["json"] = wrapActionResponse(affected)
+	c.ServeJSON()
+}
+
+func (c *ApiController) RemovePolicy() {
+	id := c.Input().Get("id")
+	adapter := object.GetCasbinAdapter(id)
+	var policy xormadapter.CasbinRule
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	affected, err := object.RemovePolicy(util.CasbinToSlice(policy), adapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	c.Data["json"] = wrapActionResponse(affected)
 	c.ServeJSON()
 }
--- a/controllers/enforcer.go
+++ b/controllers/enforcer.go
@ -21,12 +21,6 @@ import (
 )

 func (c *ApiController) Enforce() {
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		c.ResponseError(c.T("EnforcerErr.SignInFirst"))
-		return
-	}
-
 	var permissionRule object.PermissionRule
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permissionRule)
 	if err != nil {
@ -34,17 +28,11 @@ func (c *ApiController) Enforce() {
 		return
 	}

-	c.Data["json"] = object.Enforce(userId, &permissionRule)
+	c.Data["json"] = object.Enforce(&permissionRule)
 	c.ServeJSON()
 }

 func (c *ApiController) BatchEnforce() {
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		c.ResponseError(c.T("EnforcerErr.SignInFirst"))
-		return
-	}
-
 	var permissionRules []object.PermissionRule
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permissionRules)
 	if err != nil {
@ -52,14 +40,14 @@ func (c *ApiController) BatchEnforce() {
 		return
 	}

-	c.Data["json"] = object.BatchEnforce(userId, permissionRules)
+	c.Data["json"] = object.BatchEnforce(permissionRules)
 	c.ServeJSON()
 }

 func (c *ApiController) GetAllObjects() {
 	userId := c.GetSessionUsername()
 	if userId == "" {
-		c.ResponseError(c.T("EnforcerErr.SignInFirst"))
+		c.ResponseError(c.T("enforcer:Please sign in first"))
 		return
 	}

@ -70,7 +58,7 @@ func (c *ApiController) GetAllObjects() {
 func (c *ApiController) GetAllActions() {
 	userId := c.GetSessionUsername()
 	if userId == "" {
-		c.ResponseError(c.T("EnforcerErr.SignInFirst"))
+		c.ResponseError(c.T("enforcer:Please sign in first"))
 		return
 	}

@ -81,7 +69,7 @@ func (c *ApiController) GetAllActions() {
 func (c *ApiController) GetAllRoles() {
 	userId := c.GetSessionUsername()
 	if userId == "" {
-		c.ResponseError(c.T("EnforcerErr.SignInFirst"))
+		c.ResponseError(c.T("enforcer:Please sign in first"))
 		return
 	}

--- a/controllers/ldap.go
+++ b/controllers/ldap.go
@ -52,7 +52,7 @@ func (c *ApiController) GetLdapUser() {
 	ldapServer := LdapServer{}
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldapServer)
 	if err != nil || util.IsStrsEmpty(ldapServer.Host, ldapServer.Admin, ldapServer.Passwd, ldapServer.BaseDn) {
-		c.ResponseError(c.T("ParameterErr.Missing"))
+		c.ResponseError(c.T("ldap:Missing parameter"))
 		return
 	}

@ -120,7 +120,7 @@ func (c *ApiController) GetLdap() {
 	id := c.Input().Get("id")

 	if util.IsStrsEmpty(id) {
-		c.ResponseError(c.T("ParameterErr.Missing"))
+		c.ResponseError(c.T("ldap:Missing parameter"))
 		return
 	}

@ -136,17 +136,17 @@ func (c *ApiController) AddLdap() {
 	var ldap object.Ldap
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldap)
 	if err != nil {
-		c.ResponseError(c.T("ParameterErr.Missing"))
+		c.ResponseError(c.T("ldap:Missing parameter"))
 		return
 	}

 	if util.IsStrsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Admin, ldap.Passwd, ldap.BaseDn) {
-		c.ResponseError(c.T("ParameterErr.Missing"))
+		c.ResponseError(c.T("ldap:Missing parameter"))
 		return
 	}

 	if object.CheckLdapExist(&ldap) {
-		c.ResponseError(c.T("LdapErr.ServerExisted"))
+		c.ResponseError(c.T("ldap:Ldap server exist"))
 		return
 	}

@ -171,7 +171,7 @@ func (c *ApiController) UpdateLdap() {
 	var ldap object.Ldap
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldap)
 	if err != nil || util.IsStrsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Admin, ldap.Passwd, ldap.BaseDn) {
-		c.ResponseError(c.T("ParameterErr.Missing"))
+		c.ResponseError(c.T("ldap:Missing parameter"))
 		return
 	}

--- a/controllers/link.go
+++ b/controllers/link.go
@ -47,7 +47,7 @@ func (c *ApiController) Unlink() {

 	if user.Id != unlinkedUser.Id && !user.IsGlobalAdmin {
 		// if the user is not the same as the one we are unlinking, we need to make sure the user is the global admin.
-		c.ResponseError(c.T("AuthErr.CanNotUnlinkUsers"))
+		c.ResponseError(c.T("link:You are not the global admin, you can't unlink other users"))
 		return
 	}

@ -55,23 +55,23 @@ func (c *ApiController) Unlink() {
 		// if the user is unlinking themselves, should check the provider can be unlinked, if not, we should return an error.
 		application := object.GetApplicationByUser(user)
 		if application == nil {
-			c.ResponseError(c.T("AuthErr.CanNotLinkMySelf"))
+			c.ResponseError(c.T("link:You can't unlink yourself, you are not a member of any application"))
 			return
 		}

 		if len(application.Providers) == 0 {
-			c.ResponseError(c.T("ApplicationErr.HasNoProviders"))
+			c.ResponseError(c.T("link:This application has no providers"))
 			return
 		}

 		provider := application.GetProviderItemByType(providerType)
 		if provider == nil {
-			c.ResponseError(c.T("ApplicationErr.HasNoProvidersOfType") + providerType)
+			c.ResponseError(c.T("link:This application has no providers of type") + providerType)
 			return
 		}

 		if !provider.CanUnlink {
-			c.ResponseError(c.T("ProviderErr.CanNotBeUnlinked"))
+			c.ResponseError(c.T("link:This provider can't be unlinked"))
 			return
 		}

@ -84,7 +84,7 @@ func (c *ApiController) Unlink() {
 	value := object.GetUserField(&unlinkedUser, providerType)

 	if value == "" {
-		c.ResponseError(c.T("ProviderErr.LinkFirstErr"), value)
+		c.ResponseError(c.T("link:Please link first"), value)
 		return
 	}

--- a/controllers/organization.go
+++ b/controllers/organization.go
@ -99,6 +99,12 @@ func (c *ApiController) AddOrganization() {
 		return
 	}

+	count := object.GetOrganizationCount("", "", "")
+	if err := checkQuotaForOrganization(count); err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
 	c.Data["json"] = wrapActionResponse(object.AddOrganization(&organization))
 	c.ServeJSON()
 }
--- a/controllers/permission.go
+++ b/controllers/permission.go
@ -65,6 +65,20 @@ func (c *ApiController) GetPermissionsBySubmitter() {
 	return
 }

+// GetPermissionsByRole
+// @Title GetPermissionsByRole
+// @Tag Permission API
+// @Description get permissions by role
+// @Param   id    query    string  true        "The id of the role"
+// @Success 200 {array} object.Permission The Response object
+// @router /get-permissions-by-role [get]
+func (c *ApiController) GetPermissionsByRole() {
+	id := c.Input().Get("id")
+	permissions := object.GetPermissionsByRole(id)
+	c.ResponseOk(permissions, len(permissions))
+	return
+}
+
 // GetPermission
 // @Title GetPermission
 // @Tag Permission API
--- a/controllers/product.go
+++ b/controllers/product.go
@ -141,13 +141,13 @@ func (c *ApiController) BuyProduct() {

 	userId := c.GetSessionUsername()
 	if userId == "" {
-		c.ResponseError(c.T("LoginErr.LoginFirst"))
+		c.ResponseError(c.T("product:Please login first"))
 		return
 	}

 	user := object.GetUser(userId)
 	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("UserErr.DoNotExist"), userId))
+		c.ResponseError(fmt.Sprintf(c.T("product:The user: %s doesn't exist"), userId))
 		return
 	}

--- a/controllers/provider.go
+++ b/controllers/provider.go
@ -81,7 +81,6 @@ func (c *ApiController) GetGlobalProviders() {
 // @router /get-provider [get]
 func (c *ApiController) GetProvider() {
 	id := c.Input().Get("id")
-
 	c.Data["json"] = object.GetMaskedProvider(object.GetProvider(id))
 	c.ServeJSON()
 }
@ -123,6 +122,12 @@ func (c *ApiController) AddProvider() {
 		return
 	}

+	count := object.GetProviderCount("", "", "")
+	if err := checkQuotaForProvider(count); err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
 	c.Data["json"] = wrapActionResponse(object.AddProvider(&provider))
 	c.ServeJSON()
 }
--- a/controllers/resource.go
+++ b/controllers/resource.go
@ -40,6 +40,15 @@ func (c *ApiController) GetResources() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
+
+	userObj, ok := c.RequireSignedInUser()
+	if !ok {
+		return
+	}
+	if userObj.IsAdmin {
+		user = ""
+	}
+
 	if limit == "" || page == "" {
 		c.Data["json"] = object.GetResources(owner, user)
 		c.ServeJSON()
@ -145,7 +154,7 @@ func (c *ApiController) UploadResource() {
 	defer file.Close()

 	if username == "" || fullFilePath == "" {
-		c.ResponseError(fmt.Sprintf(c.T("ResourceErr.UsernameOrFilePathEmpty"), username, fullFilePath))
+		c.ResponseError(fmt.Sprintf(c.T("resource:Username or fullFilePath is empty: username = %s, fullFilePath = %s"), username, fullFilePath))
 		return
 	}

@ -156,7 +165,7 @@ func (c *ApiController) UploadResource() {
 		return
 	}

-	provider, user, ok := c.GetProviderFromContext("Storage")
+	provider, _, ok := c.GetProviderFromContext("Storage")
 	if !ok {
 		return
 	}
@ -171,6 +180,20 @@ func (c *ApiController) UploadResource() {
 		fileType, _ = util.GetOwnerAndNameFromId(mimeType)
 	}

+	if tag != "avatar" && tag != "termsOfUse" {
+		ext := filepath.Ext(filepath.Base(fullFilePath))
+		index := len(fullFilePath) - len(ext)
+		for i := 1; ; i++ {
+			_, objectKey := object.GetUploadFileUrl(provider, fullFilePath, true)
+			if object.GetResourceCount(owner, username, "name", objectKey) == 0 {
+				break
+			}
+
+			// duplicated fullFilePath found, change it
+			fullFilePath = fullFilePath[:index] + fmt.Sprintf("-%d", i) + ext
+		}
+	}
+
 	fileUrl, objectKey, err := object.UploadFileSafe(provider, fullFilePath, fileBuffer)
 	if err != nil {
 		c.ResponseError(err.Error())
@ -202,12 +225,10 @@ func (c *ApiController) UploadResource() {

 	switch tag {
 	case "avatar":
+		user := object.GetUserNoCheck(util.GetId(owner, username))
 		if user == nil {
-			user = object.GetUserNoCheck(username)
-			if user == nil {
-				c.ResponseError(c.T("ResourceErr.UserIsNil"))
-				return
-			}
+			c.ResponseError(c.T("resource:User is nil for tag: avatar"))
+			return
 		}

 		user.Avatar = fileUrl
--- a/controllers/saml.go
+++ b/controllers/saml.go
@ -25,7 +25,7 @@ func (c *ApiController) GetSamlMeta() {
 	paramApp := c.Input().Get("application")
 	application := object.GetApplication(paramApp)
 	if application == nil {
-		c.ResponseError(fmt.Sprintf(c.T("ApplicationErr.AppNotFound"), paramApp))
+		c.ResponseError(fmt.Sprintf(c.T("saml:Application %s not found"), paramApp))
 		return
 	}
 	metadata, _ := object.GetSamlMeta(application, host)
--- a/controllers/service.go
+++ b/controllers/service.go
@ -60,7 +60,7 @@ func (c *ApiController) SendEmail() {
 	var provider *object.Provider
 	if emailForm.Provider != "" {
 		// called by frontend's TestEmailWidget, provider name is set by frontend
-		provider = object.GetProvider(fmt.Sprintf("admin/%s", emailForm.Provider))
+		provider = object.GetProvider(util.GetId("admin", emailForm.Provider))
 	} else {
 		// called by Casdoor SDK via Client ID & Client Secret, so the used Email provider will be the application' Email provider or the default Email provider
 		var ok bool
@ -81,7 +81,7 @@ func (c *ApiController) SendEmail() {
 	}

 	if util.IsStrsEmpty(emailForm.Title, emailForm.Content, emailForm.Sender) {
-		c.ResponseError(fmt.Sprintf(c.T("EmailErr.EmptyParam"), emailForm))
+		c.ResponseError(fmt.Sprintf(c.T("service:Empty parameters for emailForm: %v"), emailForm))
 		return
 	}

@ -93,7 +93,7 @@ func (c *ApiController) SendEmail() {
 	}

 	if len(invalidReceivers) != 0 {
-		c.ResponseError(fmt.Sprintf(c.T("EmailErr.InvalidReceivers"), invalidReceivers))
+		c.ResponseError(fmt.Sprintf(c.T("service:Invalid Email receivers: %s"), invalidReceivers))
 		return
 	}

@ -141,7 +141,7 @@ func (c *ApiController) SendSms() {
 	}

 	if len(invalidReceivers) != 0 {
-		c.ResponseError(fmt.Sprintf(c.T("PhoneErr.InvalidReceivers"), invalidReceivers))
+		c.ResponseError(fmt.Sprintf(c.T("service:Invalid phone receivers: %s"), invalidReceivers))
 		return
 	}

--- a/controllers/system_info.go
+++ b/controllers/system_info.go
@ -40,7 +40,7 @@ func (c *ApiController) GetSystemInfo() {

 	user := object.GetUser(id)
 	if user == nil || !user.IsGlobalAdmin {
-		c.ResponseError(c.T("ResourceErr.NotAuthorized"))
+		c.ResponseError(c.T("system_info:You are not authorized to access this resource"))
 		return
 	}

--- a/controllers/token.go
+++ b/controllers/token.go
@ -150,7 +150,7 @@ func (c *ApiController) GetOAuthCode() {
 	codeChallenge := c.Input().Get("code_challenge")

 	if challengeMethod != "S256" && challengeMethod != "null" && challengeMethod != "" {
-		c.ResponseError(c.T("AuthErr.ChallengeMethodErr"))
+		c.ResponseError(c.T("token:Challenge method should be S256"))
 		return
 	}
 	host := c.Ctx.Request.Host
@ -261,7 +261,7 @@ func (c *ApiController) TokenLogout() {
 	flag, application := object.DeleteTokenByAccessToken(token)
 	redirectUri := c.Input().Get("post_logout_redirect_uri")
 	state := c.Input().Get("state")
-	if application != nil && object.CheckRedirectUriValid(application, redirectUri) {
+	if application != nil && application.IsRedirectUriValid(redirectUri) {
 		c.Ctx.Redirect(http.StatusFound, redirectUri+"?state="+state)
 		return
 	}
@ -290,7 +290,7 @@ func (c *ApiController) IntrospectToken() {
 		clientId = c.Input().Get("client_id")
 		clientSecret = c.Input().Get("client_secret")
 		if clientId == "" || clientSecret == "" {
-			c.ResponseError(c.T("TokenErr.EmptyClientID"))
+			c.ResponseError(c.T("token:Empty clientId or clientSecret"))
 			c.Data["json"] = &object.TokenError{
 				Error: object.InvalidRequest,
 			}
@ -301,7 +301,7 @@ func (c *ApiController) IntrospectToken() {
 	}
 	application := object.GetApplicationByClientId(clientId)
 	if application == nil || application.ClientSecret != clientSecret {
-		c.ResponseError(c.T("TokenErr.InvalidAppOrWrongClientSecret"))
+		c.ResponseError(c.T("token:Invalid application or wrong clientSecret"))
 		c.Data["json"] = &object.TokenError{
 			Error: object.InvalidClient,
 		}
--- a/controllers/user.go
+++ b/controllers/user.go
@ -149,7 +149,7 @@ func (c *ApiController) UpdateUser() {
 	}

 	if user.DisplayName == "" {
-		c.ResponseError(c.T("UserErr.DisplayNameCanNotBeEmpty"))
+		c.ResponseError(c.T("user:Display name cannot be empty"))
 		return
 	}

@ -183,6 +183,12 @@ func (c *ApiController) AddUser() {
 		return
 	}

+	count := object.GetUserCount("", "", "")
+	if err := checkQuotaForUser(count); err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
 	msg := object.CheckUsername(user.Name, c.GetAcceptLanguage())
 	if msg != "" {
 		c.ResponseError(msg)
@ -230,7 +236,7 @@ func (c *ApiController) GetEmailAndPhone() {

 	user := object.GetUserByFields(form.Organization, form.Username)
 	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("UserErr.DoNotExistInOrg"), form.Organization, form.Username))
+		c.ResponseError(fmt.Sprintf(c.T("user:The user: %s/%s doesn't exist"), form.Organization, form.Username))
 		return
 	}

@ -288,12 +294,12 @@ func (c *ApiController) SetPassword() {
 	}

 	if strings.Contains(newPassword, " ") {
-		c.ResponseError(c.T("SetPasswordErr.CanNotContainBlank"))
+		c.ResponseError(c.T("user:New password cannot contain blank space."))
 		return
 	}

 	if len(newPassword) <= 5 {
-		c.ResponseError(c.T("SetPasswordErr.LessThanSixCharacters"))
+		c.ResponseError(c.T("user:New password must have at least 6 characters"))
 		return
 	}

--- a/controllers/user_upload.go
+++ b/controllers/user_upload.go
@ -61,6 +61,6 @@ func (c *ApiController) UploadUsers() {
 	if affected {
 		c.ResponseOk()
 	} else {
-		c.ResponseError(c.T("UserErr.FailToImportUsers"))
+		c.ResponseError(c.T("user_upload:Failed to import users"))
 	}
 }
--- a/controllers/util.go
+++ b/controllers/util.go
@ -17,6 +17,7 @@ package controllers
 import (
 	"fmt"
 	"strconv"
+	"strings"

 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/i18n"
@ -56,7 +57,7 @@ func (c *ApiController) T(error string) string {
 // GetAcceptLanguage ...
 func (c *ApiController) GetAcceptLanguage() string {
 	lang := c.Ctx.Request.Header.Get("Accept-Language")
-	if lang == "" {
+	if lang == "" || !strings.Contains(conf.GetConfigString("languages"), lang[0:2]) {
 		lang = "en"
 	}
 	return lang[0:2]
@ -83,7 +84,7 @@ func (c *ApiController) SetTokenErrorHttpStatus() {
 func (c *ApiController) RequireSignedIn() (string, bool) {
 	userId := c.GetSessionUsername()
 	if userId == "" {
-		c.ResponseError(c.T("LoginErr.LoginFirst"), "Please login first")
+		c.ResponseError(c.T("util:Please login first"), "Please login first")
 		return "", false
 	}
 	return userId, true
@ -99,7 +100,7 @@ func (c *ApiController) RequireSignedInUser() (*object.User, bool) {
 	user := object.GetUser(userId)
 	if user == nil {
 		c.ClearUserSession()
-		c.ResponseError(fmt.Sprintf(c.T("UserErr.DoNotExist"), userId))
+		c.ResponseError(fmt.Sprintf(c.T("util:The user: %s doesn't exist"), userId))
 		return nil, false
 	}
 	return user, true
@ -118,16 +119,20 @@ func (c *ApiController) RequireAdmin() (string, bool) {
 	return user.Owner, true
 }

-func getInitScore() (int, error) {
-	return strconv.Atoi(conf.GetConfigString("initScore"))
+func getInitScore(organization *object.Organization) (int, error) {
+	if organization != nil {
+		return organization.InitScore, nil
+	} else {
+		return strconv.Atoi(conf.GetConfigString("initScore"))
+	}
 }

 func (c *ApiController) GetProviderFromContext(category string) (*object.Provider, *object.User, bool) {
 	providerName := c.Input().Get("provider")
 	if providerName != "" {
-		provider := object.GetProvider(util.GetId(providerName))
+		provider := object.GetProvider(util.GetId("admin", providerName))
 		if provider == nil {
-			c.ResponseError(c.T("ProviderErr.ProviderNotFound"), providerName)
+			c.ResponseError(c.T("util:The provider: %s is not found"), providerName)
 			return nil, nil, false
 		}
 		return provider, nil, true
@ -140,15 +145,59 @@ func (c *ApiController) GetProviderFromContext(category string) (*object.Provide

 	application, user := object.GetApplicationByUserId(userId)
 	if application == nil {
-		c.ResponseError(fmt.Sprintf(c.T("ApplicationErr.AppNotFoundForUserID"), userId))
+		c.ResponseError(fmt.Sprintf(c.T("util:No application is found for userId: %s"), userId))
 		return nil, nil, false
 	}

 	provider := application.GetProviderByCategory(category)
 	if provider == nil {
-		c.ResponseError(fmt.Sprintf(c.T("ProviderErr.ProviderNotFoundForCategory"), category, application.Name))
+		c.ResponseError(fmt.Sprintf(c.T("util:No provider for category: %s is found for application: %s"), category, application.Name))
 		return nil, nil, false
 	}

 	return provider, user, true
 }
+
+func checkQuotaForApplication(count int) error {
+	quota := conf.GetConfigQuota().Application
+	if quota == -1 {
+		return nil
+	}
+	if count >= quota {
+		return fmt.Errorf("application quota is exceeded")
+	}
+	return nil
+}
+
+func checkQuotaForOrganization(count int) error {
+	quota := conf.GetConfigQuota().Organization
+	if quota == -1 {
+		return nil
+	}
+	if count >= quota {
+		return fmt.Errorf("organization quota is exceeded")
+	}
+	return nil
+}
+
+func checkQuotaForProvider(count int) error {
+	quota := conf.GetConfigQuota().Provider
+	if quota == -1 {
+		return nil
+	}
+	if count >= quota {
+		return fmt.Errorf("provider quota is exceeded")
+	}
+	return nil
+}
+
+func checkQuotaForUser(count int) error {
+	quota := conf.GetConfigQuota().User
+	if quota == -1 {
+		return nil
+	}
+	if count >= quota {
+		return fmt.Errorf("user quota is exceeded")
+	}
+	return nil
+}
--- a/controllers/verification.go
+++ b/controllers/verification.go
@ -47,26 +47,27 @@ func (c *ApiController) SendVerificationCode() {
 	checkKey := c.Ctx.Request.Form.Get("checkKey")
 	checkUser := c.Ctx.Request.Form.Get("checkUser")
 	applicationId := c.Ctx.Request.Form.Get("applicationId")
+	method := c.Ctx.Request.Form.Get("method")
 	remoteAddr := util.GetIPFromRequest(c.Ctx.Request)

 	if destType == "" {
-		c.ResponseError(c.T("ParameterErr.Missing") + ": type.")
+		c.ResponseError(c.T("verification:Missing parameter") + ": type.")
 		return
 	}
 	if dest == "" {
-		c.ResponseError(c.T("ParameterErr.Missing") + ": dest.")
+		c.ResponseError(c.T("verification:Missing parameter") + ": dest.")
 		return
 	}
 	if applicationId == "" {
-		c.ResponseError(c.T("ParameterErr.Missing") + ": applicationId.")
+		c.ResponseError(c.T("verification:Missing parameter") + ": applicationId.")
 		return
 	}
 	if !strings.Contains(applicationId, "/") {
-		c.ResponseError(c.T("ParameterErr.Wrong") + ": applicationId.")
+		c.ResponseError(c.T("verification:Wrong parameter") + ": applicationId.")
 		return
 	}
 	if checkType == "" {
-		c.ResponseError(c.T("ParameterErr.Missing") + ": checkType.")
+		c.ResponseError(c.T("verification:Missing parameter") + ": checkType.")
 		return
 	}

@ -74,7 +75,7 @@ func (c *ApiController) SendVerificationCode() {

 	if captchaProvider != nil {
 		if checkKey == "" {
-			c.ResponseError(c.T("ParameterErr.Missing") + ": checkKey.")
+			c.ResponseError(c.T("verification:Missing parameter") + ": checkKey.")
 			return
 		}
 		isHuman, err := captchaProvider.VerifyCaptcha(checkKey, checkId)
@ -84,7 +85,7 @@ func (c *ApiController) SendVerificationCode() {
 		}

 		if !isHuman {
-			c.ResponseError(c.T("AuthErr.NotHuman"))
+			c.ResponseError(c.T("verification:Turing test failed."))
 			return
 		}
 	}
@ -92,9 +93,13 @@ func (c *ApiController) SendVerificationCode() {
 	user := c.getCurrentUser()
 	application := object.GetApplication(applicationId)
 	organization := object.GetOrganization(fmt.Sprintf("%s/%s", application.Owner, application.Organization))
+	if organization == nil {
+		c.ResponseError(c.T("verification:Organization does not exist"))
+		return
+	}

 	if checkUser == "true" && user == nil && object.GetUserByFields(organization.Name, dest) == nil {
-		c.ResponseError(c.T("LoginErr.LoginFirst"))
+		c.ResponseError(c.T("verification:Please login first"))
 		return
 	}

@ -110,7 +115,13 @@ func (c *ApiController) SendVerificationCode() {
 			dest = user.Email
 		}
 		if !util.IsEmailValid(dest) {
-			c.ResponseError(c.T("EmailErr.EmailInvalid"))
+			c.ResponseError(c.T("verification:Email is invalid"))
+			return
+		}
+
+		userByEmail := object.GetUserByEmail(organization.Name, dest)
+		if userByEmail == nil && method != "signup" && method != "reset" {
+			c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
 			return
 		}

@ -121,11 +132,13 @@ func (c *ApiController) SendVerificationCode() {
 			dest = user.Phone
 		}
 		if !util.IsPhoneCnValid(dest) {
-			c.ResponseError(c.T("PhoneErr.NumberInvalid"))
+			c.ResponseError(c.T("verification:Phone number is invalid"))
 			return
 		}
-		if organization == nil {
-			c.ResponseError(c.T("OrgErr.DoNotExist"))
+
+		userByPhone := object.GetUserByPhone(organization.Name, dest)
+		if userByPhone == nil && method != "signup" && method != "reset" {
+			c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
 			return
 		}

@ -157,7 +170,7 @@ func (c *ApiController) ResetEmailOrPhone() {
 	dest := c.Ctx.Request.Form.Get("dest")
 	code := c.Ctx.Request.Form.Get("code")
 	if len(dest) == 0 || len(code) == 0 || len(destType) == 0 {
-		c.ResponseError(c.T("ParameterErr.Missing"))
+		c.ResponseError(c.T("verification:Missing parameter"))
 		return
 	}

@ -166,7 +179,7 @@ func (c *ApiController) ResetEmailOrPhone() {
 	if destType == "phone" {
 		phoneItem := object.GetAccountItemByName("Phone", org)
 		if phoneItem == nil {
-			c.ResponseError(c.T("PhoneErr.UnableGetModifyRule"))
+			c.ResponseError(c.T("verification:Unable to get the phone modify rule."))
 			return
 		}

@ -183,7 +196,7 @@ func (c *ApiController) ResetEmailOrPhone() {
 	} else if destType == "email" {
 		emailItem := object.GetAccountItemByName("Email", org)
 		if emailItem == nil {
-			c.ResponseError(c.T("EmailErr.UnableGetModifyRule"))
+			c.ResponseError(c.T("verification:Unable to get the email modify rule."))
 			return
 		}

@ -205,7 +218,7 @@ func (c *ApiController) ResetEmailOrPhone() {
 		user.Phone = dest
 		object.SetUserField(user, "phone", user.Phone)
 	default:
-		c.ResponseError(c.T("ParameterErr.UnknownType"))
+		c.ResponseError(c.T("verification:Unknown type"))
 		return
 	}

@ -224,17 +237,17 @@ func (c *ApiController) VerifyCaptcha() {
 	captchaToken := c.Ctx.Request.Form.Get("captchaToken")
 	clientSecret := c.Ctx.Request.Form.Get("clientSecret")
 	if captchaToken == "" {
-		c.ResponseError(c.T("ParameterErr.Missing") + ": captchaToken.")
+		c.ResponseError(c.T("verification:Missing parameter") + ": captchaToken.")
 		return
 	}
 	if clientSecret == "" {
-		c.ResponseError(c.T("ParameterErr.Missing") + ": clientSecret.")
+		c.ResponseError(c.T("verification:Missing parameter") + ": clientSecret.")
 		return
 	}

 	provider := captcha.GetCaptchaProvider(captchaType)
 	if provider == nil {
-		c.ResponseError(c.T("ProviderErr.InvalidProvider"))
+		c.ResponseError(c.T("verification:Invalid captcha provider."))
 		return
 	}

--- a/controllers/webauthn.go
+++ b/controllers/webauthn.go
@ -35,7 +35,7 @@ func (c *ApiController) WebAuthnSignupBegin() {
 	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	user := c.getCurrentUser()
 	if user == nil {
-		c.ResponseError(c.T("LoginErr.LoginFirst"))
+		c.ResponseError(c.T("webauthn:Please login first"))
 		return
 	}

@ -66,13 +66,13 @@ func (c *ApiController) WebAuthnSignupFinish() {
 	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	user := c.getCurrentUser()
 	if user == nil {
-		c.ResponseError(c.T("LoginErr.LoginFirst"))
+		c.ResponseError(c.T("webauthn:Please login first"))
 		return
 	}
 	sessionObj := c.GetSession("registration")
 	sessionData, ok := sessionObj.(webauthn.SessionData)
 	if !ok {
-		c.ResponseError(c.T("AuthErr.CallWebAuthnSigninBegin"))
+		c.ResponseError(c.T("webauthn:Please call WebAuthnSigninBegin first"))
 		return
 	}
 	c.Ctx.Request.Body = io.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))
@ -101,9 +101,14 @@ func (c *ApiController) WebAuthnSigninBegin() {
 	userName := c.Input().Get("name")
 	user := object.GetUserByFields(userOwner, userName)
 	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("UserErr.DoNotExistInOrg"), userOwner, userName))
+		c.ResponseError(fmt.Sprintf(c.T("webauthn:The user: %s/%s doesn't exist"), userOwner, userName))
 		return
 	}
+	if len(user.WebauthnCredentials) == 0 {
+		c.ResponseError(c.T("webauthn:Found no credentials for this user"))
+		return
+	}
+
 	options, sessionData, err := webauthnObj.BeginLogin(user)
 	if err != nil {
 		c.ResponseError(err.Error())
@ -127,7 +132,7 @@ func (c *ApiController) WebAuthnSigninFinish() {
 	sessionObj := c.GetSession("authentication")
 	sessionData, ok := sessionObj.(webauthn.SessionData)
 	if !ok {
-		c.ResponseError(c.T("AuthErr.CallWebAuthnSigninBegin"))
+		c.ResponseError(c.T("webauthn:Please call WebAuthnSigninBegin first"))
 		return
 	}
 	c.Ctx.Request.Body = io.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))
--- a/crowdin.yml
+++ b/crowdin.yml
@ -0,0 +1,10 @@
+project_id: '491513'
+api_token_env: 'CROWDIN_PERSONAL_TOKEN'
+preserve_hierarchy: true
+files: [
+  # JSON translation files
+    {
+        source: '/i18n/locales/en/data.json',
+        translation: '/i18n/locales/%two_letters_code%/data.json',
+    },
+]
--- a/deployment/deploy_test.go
+++ b/deployment/deploy_test.go
@ -21,9 +21,10 @@ import (
 	"testing"

 	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
 )

 func TestDeployStaticFiles(t *testing.T) {
-	provider := object.GetProvider("admin/provider_storage_aliyun_oss")
+	provider := object.GetProvider(util.GetId("admin", "provider_storage_aliyun_oss"))
 	deployStaticFiles(provider)
 }
--- a/go.mod
+++ b/go.mod
@ -4,7 +4,6 @@ go 1.16

 require (
 	github.com/RobotsAndPencils/go-saml v0.0.0-20170520135329-fb13cb52a46b
-	github.com/Unknwon/goconfig v1.0.0
 	github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387
 	github.com/aws/aws-sdk-go v1.44.4
 	github.com/beego/beego v1.12.11
@ -12,7 +11,6 @@ require (
 	github.com/casbin/casbin/v2 v2.30.1
 	github.com/casbin/xorm-adapter/v3 v3.0.1
 	github.com/casdoor/go-sms-sender v0.5.1
-	github.com/casdoor/goth v1.69.0-FIX2
 	github.com/casdoor/oss v1.2.0
 	github.com/dchest/captcha v0.0.0-20200903113550-03f5f0333e1f
 	github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc
@ -23,12 +21,14 @@ require (
 	github.com/go-pay/gopay v1.5.72
 	github.com/go-sql-driver/mysql v1.5.0
 	github.com/golang-jwt/jwt/v4 v4.2.0
+	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/go-cmp v0.5.8 // indirect
 	github.com/google/uuid v1.2.0
 	github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
-	github.com/lestrrat-go/jwx v0.9.0
+	github.com/lestrrat-go/jwx v1.2.21
 	github.com/lib/pq v1.8.0
 	github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3
+	github.com/markbates/goth v1.75.2
 	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d // indirect
 	github.com/qiangmzsx/string-adapter/v2 v2.1.0
 	github.com/robfig/cron/v3 v3.0.1
@ -36,21 +36,22 @@ require (
 	github.com/russellhaering/goxmldsig v1.1.1
 	github.com/satori/go.uuid v1.2.0
 	github.com/shirou/gopsutil v3.21.11+incompatible
-	github.com/smartystreets/goconvey v1.6.4 // indirect
+	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
 	github.com/stretchr/testify v1.8.0
 	github.com/tealeg/xlsx v1.0.5
 	github.com/thanhpk/randstr v1.0.4
 	github.com/tklauser/go-sysconf v0.3.10 // indirect
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
-	golang.org/x/crypto v0.0.0-20220208233918-bba287dce954
+	golang.org/x/crypto v0.0.0-20220214200702-86341886e292
 	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd
 	golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914
 	golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df // indirect
-	gopkg.in/ini.v1 v1.67.0
+	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0
 	gopkg.in/yaml.v2 v2.3.0 // indirect
+	xorm.io/builder v0.3.12 // indirect
 	xorm.io/core v0.7.2
-	xorm.io/xorm v1.0.4
+	xorm.io/xorm v1.0.5
 )
--- a/go.sum
+++ b/go.sum
@ -61,8 +61,6 @@ github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go
 github.com/PuerkitoBio/goquery v1.5.1/go.mod h1:GsLWisAFVj4WgDibEWF4pvYnkVQBpKBKeU+7zCJoLcc=
 github.com/RobotsAndPencils/go-saml v0.0.0-20170520135329-fb13cb52a46b h1:EgJ6N2S0h1WfFIjU5/VVHWbMSVYXAluop97Qxpr/lfQ=
 github.com/RobotsAndPencils/go-saml v0.0.0-20170520135329-fb13cb52a46b/go.mod h1:3SAoF0F5EbcOuBD5WT9nYkbIJieBS84cUQXADbXeBsU=
-github.com/Unknwon/goconfig v1.0.0 h1:9IAu/BYbSLQi8puFjUQApZTxIHqSwrj5d8vpP8vTq4A=
-github.com/Unknwon/goconfig v1.0.0/go.mod h1:wngxua9XCNjvHjDiTiV26DaKDT+0c63QR6H5hjVUUxw=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
@ -102,8 +100,6 @@ github.com/casbin/xorm-adapter/v3 v3.0.1 h1:0l0zkYxo6cNuIdrBZgFxlje1TRvmheYa/zIp
 github.com/casbin/xorm-adapter/v3 v3.0.1/go.mod h1:1BL7rHEDXrxO+vQdSo/ZaWKRivXl7YTos67GdMYcd20=
 github.com/casdoor/go-sms-sender v0.5.1 h1:1/Wp1OLkVAVY4lEGQhekSNetSAWhnPcxYPV7xpCZgC0=
 github.com/casdoor/go-sms-sender v0.5.1/go.mod h1:kBykbqwgRDXbXdMAIxmZKinVM1WjdqEbej5LAbUbcfI=
-github.com/casdoor/goth v1.69.0-FIX2 h1:RgfIMkL9kekylgxHHK2ZY8ASAwOGns2HVlaBwLu7Bcs=
-github.com/casdoor/goth v1.69.0-FIX2/go.mod h1:Om55nRo8CkeDkPSNBbzXW4G5uI28ZUkSk5S69dPek3s=
 github.com/casdoor/oss v1.2.0 h1:ozLAE+nnNdFQBWbzH8U9spzaO8h8NrB57lBcdyMUUQ8=
 github.com/casdoor/oss v1.2.0/go.mod h1:qii35VBuxnR/uEuYSKpS0aJ8htQFOcCVsZ4FHgHLuss=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
@ -127,6 +123,9 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/dchest/captcha v0.0.0-20200903113550-03f5f0333e1f h1:q/DpyjJjZs94bziQ7YkBmIlpqbVP7yw179rnzoNVX1M=
 github.com/dchest/captcha v0.0.0-20200903113550-03f5f0333e1f/go.mod h1:QGrK8vMWWHQYQ3QU9bw9Y9OPNfxccGzfb41qjvVeXtY=
+github.com/decred/dcrd/crypto/blake256 v1.0.0/go.mod h1:sQl2p6Y26YV+ZOcSTP6thNdn47hh8kt6rqSlvmrXFAc=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d h1:1iy2qD6JEhHKKhUOA9IWs7mjco7lnw2qx8FsRI2wirE=
+github.com/decred/dcrd/dcrec/secp256k1/v4 v4.0.0-20210816181553-5444fa50b93d/go.mod h1:tmAIfUFEirG/Y8jhZ9M+h36obRZAk/1fcSpXwAVlfqE=
 github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc h1:VRRKCwnzqk8QCaRC4os14xoKDdbHqqlJtJA0oc1ZAjg=
 github.com/denisenkom/go-mssqldb v0.0.0-20200428022330-06a60b6afbbc/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/duo-labs/webauthn v0.0.0-20211221191814-a22482edaa3b h1:L63RATZFZuFMXy6ixnKmv3eNAXwYQF6HW1vd4IYsQqQ=
@ -175,6 +174,8 @@ github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG
 github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs=
 github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/goccy/go-json v0.9.6 h1:5/4CtRQdtsX0sal8fdVhTaiMN01Ri8BExZZ8iRmHQ6E=
+github.com/goccy/go-json v0.9.6/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
@ -213,8 +214,9 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
 github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
 github.com/golang/snappy v0.0.0-20170215233205-553a64147049/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db h1:woRePGFeVFfLKN/pOkfl+p/TAqKOfFu+7KPlMVpok/w=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
+github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/gomodule/redigo v2.0.0+incompatible h1:K/R+8tc58AaqLkqG2Ol3Qk+DR/TlNuhuh457pBFPtt0=
 github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
@ -248,7 +250,6 @@ github.com/google/uuid v1.2.0 h1:qJYtXnJRWmpe7m/3XlyhrsLrEURqHRM2kxzoxXqyUDs=
 github.com/google/uuid v1.2.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
 github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
@ -282,7 +283,6 @@ github.com/json-iterator/go v1.1.10 h1:Kz6Cvnvv2wGdaG/V8yMvfkmNiXq9Ya2KUv4rouJJr
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 h1:iQTw/8FWTuc7uiaSepXwyf3o52HaUYcV+Tu66S3F5GA=
@ -301,8 +301,18 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
 github.com/ledisdb/ledisdb v0.0.0-20200510135210-d35789ec47e6/go.mod h1:n931TsDuKuq+uX4v1fulaMbA/7ZLLhjc85h7chZGBCQ=
 github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
-github.com/lestrrat-go/jwx v0.9.0 h1:Fnd0EWzTm0kFrBPzE/PEPp9nzllES5buMkksPMjEKpM=
-github.com/lestrrat-go/jwx v0.9.0/go.mod h1:iEoxlYfZjvoGpuWwxUz+eR5e6KTJGsaRcy/YNA/UnBk=
+github.com/lestrrat-go/backoff/v2 v2.0.8 h1:oNb5E5isby2kiro9AgdHLv5N5tint1AnDVVf2E2un5A=
+github.com/lestrrat-go/backoff/v2 v2.0.8/go.mod h1:rHP/q/r9aT27n24JQLa7JhSQZCKBBOiM/uP402WwN8Y=
+github.com/lestrrat-go/blackmagic v1.0.0 h1:XzdxDbuQTz0RZZEmdU7cnQxUtFUzgCSPq8RCz4BxIi4=
+github.com/lestrrat-go/blackmagic v1.0.0/go.mod h1:TNgH//0vYSs8VXDCfkZLgIrVTTXQELZffUV0tz3MtdQ=
+github.com/lestrrat-go/httpcc v1.0.0 h1:FszVC6cKfDvBKcJv646+lkh4GydQg2Z29scgUfkOpYc=
+github.com/lestrrat-go/httpcc v1.0.0/go.mod h1:tGS/u00Vh5N6FHNkExqGGNId8e0Big+++0Gf8MBnAvE=
+github.com/lestrrat-go/iter v1.0.1 h1:q8faalr2dY6o8bV45uwrxq12bRa1ezKrB6oM9FUgN4A=
+github.com/lestrrat-go/iter v1.0.1/go.mod h1:zIdgO1mRKhn8l9vrZJZz9TUMMFbQbLeTsbqPDrJ/OJc=
+github.com/lestrrat-go/jwx v1.2.21 h1:n+yG95UMm5ZFsDdvsZmui+bqat4Cj/di4ys6XbgSlE8=
+github.com/lestrrat-go/jwx v1.2.21/go.mod h1:9cfxnOH7G1gN75CaJP2hKGcxFEx5sPh1abRIA/ZJVh4=
+github.com/lestrrat-go/option v1.0.0 h1:WqAWL8kh8VcSoD6xjSH34/1m8yxluXQbDeKNfvFeEO4=
+github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.7.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lib/pq v1.8.0 h1:9xohqzkUwzR4Ga4ivdTcawVS89YSDVxXMa3xJX3cGzg=
@ -311,6 +321,8 @@ github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3 h1:wIONC+HMNRqmWBjuM
 github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3/go.mod h1:37YR9jabpiIxsb8X9VCIx8qFOjTDIIrIHHODa8C4gz0=
 github.com/markbates/going v1.0.0 h1:DQw0ZP7NbNlFGcKbcE/IVSOAFzScxRtLpd0rLMzLhq0=
 github.com/markbates/going v1.0.0/go.mod h1:I6mnB4BPnEeqo85ynXIx1ZFLLbtiLHNXVgWeFO9OGOA=
+github.com/markbates/goth v1.75.2 h1:C7KloBMMk50JyXaHhzfqWYLW6+bDcSVIvUGHXneLWro=
+github.com/markbates/goth v1.75.2/go.mod h1:X6xdNgpapSENS0O35iTBBcMHoJDQDfI9bJl+APCkYMc=
 github.com/mattermost/xml-roundtrip-validator v0.0.0-20201208211235-fe770d50d911 h1:erppMjjp69Rertg1zlgRbLJH1u+eCmRPxKjMZ5I8/Ro=
 github.com/mattermost/xml-roundtrip-validator v0.0.0-20201208211235-fe770d50d911/go.mod h1:qccnGMcpgwcNaBnxqpJpWWUiPNr5H3O8eDgGV9gT5To=
 github.com/mattn/go-ieproxy v0.0.1 h1:qiyop7gCflfhwCzGyeT0gro3sF9AIg9HU98JORTkqfI=
@ -394,11 +406,10 @@ github.com/siddontang/goredis v0.0.0-20150324035039-760763f78400/go.mod h1:DDcKz
 github.com/siddontang/rdb v0.0.0-20150307021120-fc89ed2e418d/go.mod h1:AMEsy7v5z92TR1JKMkLLoaOQk++LVnOKL3ScbJ8GNGA=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
+github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e h1:MRM5ITcdelLK2j1vwZ3Je0FKVCfqOLp5zO6trqMLYs0=
+github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
-github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/ssdb/gossdb v0.0.0-20180723034631-88f6b59b84ec/go.mod h1:QBvMkMya+gXctz3kmljlUCu/yB3GZ6oee+dUozsezQE=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
@ -462,8 +473,9 @@ golang.org/x/crypto v0.0.0-20201221181555-eec23a3978ad/go.mod h1:jdWPYTVW3xRLrWP
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220208233918-bba287dce954 h1:BkypuErRT9A9I/iljuaG3/zdMjd/J6m8tKKJQtGfSdA=
 golang.org/x/crypto v0.0.0-20220208233918-bba287dce954/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20220214200702-86341886e292 h1:f+lwQ+GtmgoY+A2YaQxlSOnDjXcQ7ZRLWOHbC6HtRqE=
+golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@ -527,7 +539,6 @@ golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81R
 golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20200927032502-5d4f70055728/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200930145003-4acb6c075d10/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
 golang.org/x/net v0.0.0-20210610132358-84b48f89b13b/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
@ -787,10 +798,11 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-xorm.io/builder v0.3.7 h1:2pETdKRK+2QG4mLX4oODHEhn5Z8j1m8sXa7jfu+/SZI=
 xorm.io/builder v0.3.7/go.mod h1:aUW0S9eb9VCaPohFCH3j7czOx1PMW3i1HrSzbLYGBSE=
+xorm.io/builder v0.3.12 h1:ASZYX7fQmy+o8UJdhlLHSW57JDOkM8DNhcAF5d0LiJM=
+xorm.io/builder v0.3.12/go.mod h1:aUW0S9eb9VCaPohFCH3j7czOx1PMW3i1HrSzbLYGBSE=
 xorm.io/core v0.7.2 h1:mEO22A2Z7a3fPaZMk6gKL/jMD80iiyNwRrX5HOv3XLw=
 xorm.io/core v0.7.2/go.mod h1:jJfd0UAEzZ4t87nbQYtVjmqpIODugN6PD2D9E+dJvdM=
 xorm.io/xorm v1.0.3/go.mod h1:uF9EtbhODq5kNWxMbnBEj8hRRZnlcNSz2t2N7HW/+A4=
-xorm.io/xorm v1.0.4 h1:UBXA4I3NhiyjXfPqxXUkS2t5hMta9SSPATeMMaZg9oA=
-xorm.io/xorm v1.0.4/go.mod h1:uF9EtbhODq5kNWxMbnBEj8hRRZnlcNSz2t2N7HW/+A4=
+xorm.io/xorm v1.0.5 h1:LRr5PfOUb4ODPR63YwbowkNDwcolT2LnkwP/TUaMaB0=
+xorm.io/xorm v1.0.5/go.mod h1:uF9EtbhODq5kNWxMbnBEj8hRRZnlcNSz2t2N7HW/+A4=
--- a/i18n/generate.go
+++ b/i18n/generate.go
@ -83,7 +83,7 @@ func parseToData() *I18nData {

 	data := I18nData{}
 	for _, word := range allWords {
-		tokens := strings.Split(word, ":")
+		tokens := strings.SplitN(word, ":", 2)
 		namespace := tokens[0]
 		key := tokens[1]

--- a/i18n/generate_backend.go
+++ b/i18n/generate_backend.go
@ -15,13 +15,11 @@
 package i18n

 import (
-	"log"
 	"os"
 	"path/filepath"
 	"regexp"
 	"strings"

-	"github.com/Unknwon/goconfig"
 	"github.com/casdoor/casdoor/util"
 )

@ -43,7 +41,7 @@ func GetAllI18nStrings(fileContent string, path string) []string {
 			return res
 		}
 		for _, match := range matches {
-			match := strings.Split(match[1], ",")
+			match := strings.SplitN(match[1], ",", 2)
 			res = append(res, match[1][2:])
 		}
 	} else {
@ -84,39 +82,34 @@ func getAllGoFilePaths() []string {
 	return res
 }

-func getErrName(paths []string) map[string]bool {
-	ErrName := make(map[string]bool)
+func getErrName(paths []string) map[string]string {
+	ErrName := make(map[string]string)
 	for i := 0; i < len(paths); i++ {
 		content := util.ReadStringFromPath(paths[i])
 		words := GetAllI18nStrings(content, paths[i])
-		for i := 0; i < len(words); i++ {
-			ErrName[words[i]] = true
+		for j := 0; j < len(words); j++ {
+			ErrName[words[j]] = paths[i]
 		}
 	}
 	return ErrName
 }

-func writeToAllLanguageFiles(errName map[string]bool) {
-	languages := "en,zh,es,fr,de,ja,ko,ru"
-	languageArr := strings.Split(languages, ",")
-	var c [10]*goconfig.ConfigFile
-	for i := 0; i < len(languageArr); i++ {
-		var err error
-		c[i], err = goconfig.LoadConfigFile("../i18n/languages/" + "locale_" + languageArr[i] + ".ini")
-		if err != nil {
-			log.Println(err.Error())
+func getI18nJSONData(errName map[string]string) *I18nData {
+	data := I18nData{}
+	for k, v := range errName {
+		var index int
+		if strings.Contains(v, "/") {
+			index = strings.LastIndex(v, "/")
+		} else {
+			index = strings.LastIndex(v, "\\")
 		}
-		for j := range errName {
-			parts := strings.Split(j, ".")
-			_, err := c[i].GetValue(parts[0], parts[1])
-			if err != nil {
-				c[i].SetValue(parts[0], parts[1], parts[1])
-			}
-		}
-		c[i].SetPrettyFormat(true)
-		err = goconfig.SaveConfigFile(c[i], "../i18n/languages/"+"locale_"+languageArr[i]+".ini")
-		if err != nil {
-			log.Println(err)
+		namespace := v[index+1 : len(v)-3]
+		key := k[len(namespace)+1:]
+		// fmt.Printf("k=%s,v=%s,namespace=%s,key=%s\n", k, v, namespace, key)
+		if _, ok := data[namespace]; !ok {
+			data[namespace] = map[string]string{}
 		}
+		data[namespace][key] = key
 	}
+	return &data
 }
--- a/i18n/generate_test.go
+++ b/i18n/generate_test.go
@ -44,7 +44,17 @@ func TestGenerateI18nStringsForBackend(t *testing.T) {

 	errName := getErrName(paths)

-	writeToAllLanguageFiles(errName)
+	dataEn := getI18nJSONData(errName)
+
+	writeI18nFile("backend_en", dataEn)
+
+	applyToOtherLanguage(dataEn, "backend_de")
+	applyToOtherLanguage(dataEn, "backend_es")
+	applyToOtherLanguage(dataEn, "backend_fr")
+	applyToOtherLanguage(dataEn, "backend_ja")
+	applyToOtherLanguage(dataEn, "backend_ko")
+	applyToOtherLanguage(dataEn, "backend_ru")
+	applyToOtherLanguage(dataEn, "backend_zh")

 	fmt.Println("Total Err Words:", len(errName))

--- a/i18n/languages/locale_de.ini
+++ b/i18n/languages/locale_de.ini
@ -1,137 +0,0 @@
-[ApplicationErr]
-AppNotFound = Application %s not found
-AppNotFoundForUserID = No application is found for userId: %s
-GrantTypeNotSupport = Grant_type: %s is not supported in this application
-HasNoProviders = This application has no providers
-HasNoProvidersOfType = This application has no providers of type
-InvalidID = Invalid application id
-
-[AuthErr]
-AuthStateWrong = State expected: %s, but got: %s
-ChallengeMethodErr = Challenge method should be S256
-CanNotUnlinkUsers = You are not the global admin, you can't unlink other users
-CanNotLinkMySelf = You can't unlink yourself, you are not a member of any application
-CallWebAuthnSigninBegin = Please call WebAuthnSigninBegin first
-NotHuman = Turing test failed.
-Unauthorized = Unauthorized operation
-WrongPasswordManyTimes = WrongPasswordManyTimes
-
-[CasErr]
-ServiceDoNotMatch = Service %s and %s do not match
-
-[EmailErr]
-ExistedErr = Email already exists
-EmptyErr = Email cannot be empty
-EmailInvalid = Email is invalid
-EmailCheckResult = Email: %s
-EmptyParam = Empty parameters for emailForm: %v
-InvalidReceivers = Invalid Email receivers: %s
-UnableGetModifyRule = Unable to get the email modify rule.
-
-[EnforcerErr]
-SignInFirst = Please sign in first
-
-[InitErr]
-InitScoreFailed = Get init score failed, error: %%w
-
-[LdapErr]
-MultipleAccounts = Multiple accounts with same uid, please check your ldap server
-PasswordWrong = Ldap user name or password incorrect
-ServerExisted = Ldap server exist
-
-[LoginErr]
-AppDoNotExist = The application: %s does not exist
-AppNotEnableSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support
-AccountDoNotExist = The account does not exist
-InvalidUserInformation = Failed to create user, user information is invalid: %s
-LoginFirst = Please login first
-LoginFail = Failed to login in: %s
-NoPermission = You don't have the permission to do this
-OldUser = The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)
-ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
-SessionOutdated = Session outdated, please login again
-SignOutFirst = Please sign out first before signing in
-UserDoNotExist = The user: %s/%s doesn't exist
-UserIsForbidden = The user is forbidden to sign in, please contact the administrator
-UnknownAuthentication = Unknown authentication type (not password or provider), form = %s
-UnsupportedPasswordType = unsupported password type: %s
-
-[OrgErr]
-DoNotExist = Organization does not exist
-Immutable = The %s is immutable.
-OnlyAdmin = Only admin can modify the %s.
-UnknownModifyRule = Unknown modify rule %s.
-
-[ParameterErr]
-OrgMissingErr = Parameter organization is missing
-Missing = Missing parameter
-UnknownType = Unknown type
-Wrong = Wrong parameter
-
-[PhoneErr]
-CodeNotSent = Code has not been sent yet!
-CodeTimeOut = You should verify your code in %d min!
-ExistedErr = Phone already exists
-EmptyErr = Phone cannot be empty
-InvalidReceivers = Invalid phone receivers: %s
-NumberInvalid = Phone number is invalid
-NoPrefix = %s No phone prefix
-PhoneCheckResult = Phone: %s
-UnableGetModifyRule = Unable to get the phone modify rule.
-
-[ProviderErr]
-CanNotBeUnlinked = This provider can't be unlinked
-CategoryNotSAML = provider %s's category is not SAML
-DoNotExist = the provider: %s does not exist
-InvalidProvider = Invalid captcha provider.
-LinkFirstErr = Please link first
-ProviderNotEnabled = The provider: %s is not enabled for the application
-ProviderNotSupported = The provider type: %s is not supported
-ProviderNotFound = The provider: %s is not found
-ProviderNotFoundForCategory = No provider for category: %s is found for application: %s
-
-[ResourceErr]
-NotAuthorized = You are not authorized to access this resource
-UserIsNil = User is nil for tag: /"avatar/"
-UsernameOrFilePathEmpty = Username or fullFilePath is empty: username = %s, fullFilePath = %s
-
-[SetPasswordErr]
-CanNotContainBlank = New password cannot contain blank space.
-LessThanSixCharacters = New password must have at least 6 characters
-
-[SignUpErr]
-DoNotAllowSignUp = The application does not allow to sign up new account
-SignOutFirst = Please sign out first before signing up
-
-[StorageErr]
-ObjectKeyNotAllowed = The objectKey: %s is not allowed
-
-[TokenErr]
-EmptyClientID = Empty clientId or clientSecret
-InvalidToken = Invalid token
-InvalidAppOrWrongClientSecret = Invalid application or wrong clientSecret
-InvalidClientId = Invalid client_id
-RedirectURIDoNotExist = Redirect URI: %s doesn't exist in the allowed Redirect URI list
-
-[UserErr]
-AffiliationBlankErr = Affiliation cannot be blank
-DisplayNameBlankErr = DisplayName cannot be blank
-DisplayNameInvalid = DisplayName is not valid real name
-DisplayNameCanNotBeEmpty = Display name cannot be empty
-DoNotExist = The user: %s doesn't exist
-DoNotExistInOrg = The user: %s/%s doesn't exist
-DoNotExistSignUp = the user does not exist, please sign up first
-FirstNameBlankErr = FirstName cannot be blank
-FailToImportUsers = Failed to import users
-LastNameBlankErr = LastName cannot be blank
-NameLessThanTwoCharacters = Username must have at least 2 characters
-NameStartWithADigitErr = Username cannot start with a digit
-NameIsEmailErr = Username cannot be an email address
-NameCantainWhitSpaceErr = Username cannot contain white spaces
-NameExistedErr = Username already exists
-NameEmptyErr = Empty username.
-NameTooLang = Username is too long (maximum is 39 characters).
-NameFormatErr = The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.
-PasswordLessThanSixCharacters = Password must have at least 6 characters
-InvalidInformation = Invalid information
-
--- a/i18n/languages/locale_en.ini
+++ b/i18n/languages/locale_en.ini
@ -1,137 +0,0 @@
-[ApplicationErr]
-AppNotFound = Application %s not found
-AppNotFoundForUserID = No application is found for userId: %s
-GrantTypeNotSupport = Grant_type: %s is not supported in this application
-HasNoProviders = This application has no providers
-HasNoProvidersOfType = This application has no providers of type
-InvalidID = Invalid application id
-
-[AuthErr]
-AuthStateWrong = State expected: %s, but got: %s
-ChallengeMethodErr = Challenge method should be S256
-CanNotUnlinkUsers = You are not the global admin, you can't unlink other users
-CanNotLinkMySelf = You can't unlink yourself, you are not a member of any application
-CallWebAuthnSigninBegin = Please call WebAuthnSigninBegin first
-NotHuman = Turing test failed.
-WrongPasswordManyTimes = You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again
-Unauthorized = Unauthorized operation
-
-[CasErr]
-ServiceDoNotMatch = Service %s and %s do not match
-
-[EmailErr]
-ExistedErr = Email already exists
-EmptyErr = Email cannot be empty
-EmailInvalid = Email is invalid
-EmailCheckResult = Email: %s
-EmptyParam = Empty parameters for emailForm: %v
-InvalidReceivers = Invalid Email receivers: %s
-UnableGetModifyRule = Unable to get the email modify rule.
-
-[EnforcerErr]
-SignInFirst = Please sign in first
-
-[InitErr]
-InitScoreFailed = Get init score failed, error: %%w
-
-[LdapErr]
-MultipleAccounts = Multiple accounts with same uid, please check your ldap server
-PasswordWrong = Ldap user name or password incorrect
-ServerExisted = Ldap server exist
-
-[LoginErr]
-AppDoNotExist = The application: %s does not exist
-AppNotEnableSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support
-AccountDoNotExist = The account does not exist
-InvalidUserInformation = Failed to create user, user information is invalid: %s
-LoginFirst = Please login first
-LoginFail = Failed to login in: %s
-NoPermission = You don't have the permission to do this
-OldUser = The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)
-ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
-SessionOutdated = Session outdated, please login again
-SignOutFirst = Please sign out first before signing in
-UserDoNotExist = The user: %s/%s doesn't exist
-UserIsForbidden = The user is forbidden to sign in, please contact the administrator
-UnknownAuthentication = Unknown authentication type (not password or provider), form = %s
-UnsupportedPasswordType = unsupported password type: %s
-
-[OrgErr]
-DoNotExist = Organization does not exist
-Immutable = The %s is immutable.
-OnlyAdmin = Only admin can modify the %s.
-UnknownModifyRule = Unknown modify rule %s.
-
-[ParameterErr]
-OrgMissingErr = Parameter organization is missing
-Missing = Missing parameter
-UnknownType = Unknown type
-Wrong = Wrong parameter
-
-[PhoneErr]
-CodeNotSent = Code has not been sent yet!
-CodeTimeOut = You should verify your code in %d min!
-ExistedErr = Phone already exists
-EmptyErr = Phone cannot be empty
-InvalidReceivers = Invalid phone receivers: %s
-NumberInvalid = Phone number is invalid
-NoPrefix = %s No phone prefix
-PhoneCheckResult = Phone: %s
-UnableGetModifyRule = Unable to get the phone modify rule.
-
-[ProviderErr]
-CanNotBeUnlinked = This provider can't be unlinked
-CategoryNotSAML = provider %s's category is not SAML
-DoNotExist = the provider: %s does not exist
-InvalidProvider = Invalid captcha provider.
-LinkFirstErr = Please link first
-ProviderNotEnabled = The provider: %s is not enabled for the application
-ProviderNotSupported = The provider type: %s is not supported
-ProviderNotFound = The provider: %s is not found
-ProviderNotFoundForCategory = No provider for category: %s is found for application: %s
-
-[ResourceErr]
-NotAuthorized = You are not authorized to access this resource
-UserIsNil = User is nil for tag: /"avatar/"
-UsernameOrFilePathEmpty = Username or fullFilePath is empty: username = %s, fullFilePath = %s
-
-[SetPasswordErr]
-CanNotContainBlank = New password cannot contain blank space.
-LessThanSixCharacters = New password must have at least 6 characters
-
-[SignUpErr]
-DoNotAllowSignUp = The application does not allow to sign up new account
-SignOutFirst = Please sign out first before signing up
-
-[StorageErr]
-ObjectKeyNotAllowed = The objectKey: %s is not allowed
-
-[TokenErr]
-EmptyClientID = Empty clientId or clientSecret
-InvalidToken = Invalid token
-InvalidAppOrWrongClientSecret = Invalid application or wrong clientSecret
-InvalidClientId = Invalid client_id
-RedirectURIDoNotExist = Redirect URI: %s doesn't exist in the allowed Redirect URI list
-
-[UserErr]
-AffiliationBlankErr = Affiliation cannot be blank
-DisplayNameBlankErr = DisplayName cannot be blank
-DisplayNameInvalid = DisplayName is not valid real name
-DisplayNameCanNotBeEmpty = Display name cannot be empty
-DoNotExist = The user: %s doesn't exist
-DoNotExistInOrg = The user: %s/%s doesn't exist
-DoNotExistSignUp = the user does not exist, please sign up first
-FirstNameBlankErr = FirstName cannot be blank
-FailToImportUsers = Failed to import users
-LastNameBlankErr = LastName cannot be blank
-NameLessThanTwoCharacters = Username must have at least 2 characters
-NameStartWithADigitErr = Username cannot start with a digit
-NameIsEmailErr = Username cannot be an email address
-NameCantainWhitSpaceErr = Username cannot contain white spaces
-NameExistedErr = Username already exists
-NameEmptyErr = Empty username.
-NameTooLang = Username is too long (maximum is 39 characters).
-NameFormatErr = The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.
-PasswordLessThanSixCharacters = Password must have at least 6 characters
-InvalidInformation = Invalid information
-
--- a/i18n/languages/locale_es.ini
+++ b/i18n/languages/locale_es.ini
@ -1,137 +0,0 @@
-[ApplicationErr]
-AppNotFound = Application %s not found
-AppNotFoundForUserID = No application is found for userId: %s
-GrantTypeNotSupport = Grant_type: %s is not supported in this application
-HasNoProviders = This application has no providers
-HasNoProvidersOfType = This application has no providers of type
-InvalidID = Invalid application id
-
-[AuthErr]
-AuthStateWrong = State expected: %s, but got: %s
-ChallengeMethodErr = Challenge method should be S256
-CanNotUnlinkUsers = You are not the global admin, you can't unlink other users
-CanNotLinkMySelf = You can't unlink yourself, you are not a member of any application
-CallWebAuthnSigninBegin = Please call WebAuthnSigninBegin first
-NotHuman = Turing test failed.
-Unauthorized = Unauthorized operation
-WrongPasswordManyTimes = WrongPasswordManyTimes
-
-[CasErr]
-ServiceDoNotMatch = Service %s and %s do not match
-
-[EmailErr]
-ExistedErr = Email already exists
-EmptyErr = Email cannot be empty
-EmailInvalid = Email is invalid
-EmailCheckResult = Email: %s
-EmptyParam = Empty parameters for emailForm: %v
-InvalidReceivers = Invalid Email receivers: %s
-UnableGetModifyRule = Unable to get the email modify rule.
-
-[EnforcerErr]
-SignInFirst = Please sign in first
-
-[InitErr]
-InitScoreFailed = Get init score failed, error: %%w
-
-[LdapErr]
-MultipleAccounts = Multiple accounts with same uid, please check your ldap server
-PasswordWrong = Ldap user name or password incorrect
-ServerExisted = Ldap server exist
-
-[LoginErr]
-AppDoNotExist = The application: %s does not exist
-AppNotEnableSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support
-AccountDoNotExist = The account does not exist
-InvalidUserInformation = Failed to create user, user information is invalid: %s
-LoginFirst = Please login first
-LoginFail = Failed to login in: %s
-NoPermission = You don't have the permission to do this
-OldUser = The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)
-ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
-SessionOutdated = Session outdated, please login again
-SignOutFirst = Please sign out first before signing in
-UserDoNotExist = The user: %s/%s doesn't exist
-UserIsForbidden = The user is forbidden to sign in, please contact the administrator
-UnknownAuthentication = Unknown authentication type (not password or provider), form = %s
-UnsupportedPasswordType = unsupported password type: %s
-
-[OrgErr]
-DoNotExist = Organization does not exist
-Immutable = The %s is immutable.
-OnlyAdmin = Only admin can modify the %s.
-UnknownModifyRule = Unknown modify rule %s.
-
-[ParameterErr]
-OrgMissingErr = Parameter organization is missing
-Missing = Missing parameter
-UnknownType = Unknown type
-Wrong = Wrong parameter
-
-[PhoneErr]
-CodeNotSent = Code has not been sent yet!
-CodeTimeOut = You should verify your code in %d min!
-ExistedErr = Phone already exists
-EmptyErr = Phone cannot be empty
-InvalidReceivers = Invalid phone receivers: %s
-NumberInvalid = Phone number is invalid
-NoPrefix = %s No phone prefix
-PhoneCheckResult = Phone: %s
-UnableGetModifyRule = Unable to get the phone modify rule.
-
-[ProviderErr]
-CanNotBeUnlinked = This provider can't be unlinked
-CategoryNotSAML = provider %s's category is not SAML
-DoNotExist = the provider: %s does not exist
-InvalidProvider = Invalid captcha provider.
-LinkFirstErr = Please link first
-ProviderNotEnabled = The provider: %s is not enabled for the application
-ProviderNotSupported = The provider type: %s is not supported
-ProviderNotFound = The provider: %s is not found
-ProviderNotFoundForCategory = No provider for category: %s is found for application: %s
-
-[ResourceErr]
-NotAuthorized = You are not authorized to access this resource
-UserIsNil = User is nil for tag: /"avatar/"
-UsernameOrFilePathEmpty = Username or fullFilePath is empty: username = %s, fullFilePath = %s
-
-[SetPasswordErr]
-CanNotContainBlank = New password cannot contain blank space.
-LessThanSixCharacters = New password must have at least 6 characters
-
-[SignUpErr]
-DoNotAllowSignUp = The application does not allow to sign up new account
-SignOutFirst = Please sign out first before signing up
-
-[StorageErr]
-ObjectKeyNotAllowed = The objectKey: %s is not allowed
-
-[TokenErr]
-EmptyClientID = Empty clientId or clientSecret
-InvalidToken = Invalid token
-InvalidAppOrWrongClientSecret = Invalid application or wrong clientSecret
-InvalidClientId = Invalid client_id
-RedirectURIDoNotExist = Redirect URI: %s doesn't exist in the allowed Redirect URI list
-
-[UserErr]
-AffiliationBlankErr = Affiliation cannot be blank
-DisplayNameBlankErr = DisplayName cannot be blank
-DisplayNameInvalid = DisplayName is not valid real name
-DisplayNameCanNotBeEmpty = Display name cannot be empty
-DoNotExist = The user: %s doesn't exist
-DoNotExistInOrg = The user: %s/%s doesn't exist
-DoNotExistSignUp = the user does not exist, please sign up first
-FirstNameBlankErr = FirstName cannot be blank
-FailToImportUsers = Failed to import users
-LastNameBlankErr = LastName cannot be blank
-NameLessThanTwoCharacters = Username must have at least 2 characters
-NameStartWithADigitErr = Username cannot start with a digit
-NameIsEmailErr = Username cannot be an email address
-NameCantainWhitSpaceErr = Username cannot contain white spaces
-NameExistedErr = Username already exists
-NameEmptyErr = Empty username.
-NameTooLang = Username is too long (maximum is 39 characters).
-NameFormatErr = The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.
-PasswordLessThanSixCharacters = Password must have at least 6 characters
-InvalidInformation = Invalid information
-
--- a/i18n/languages/locale_fr.ini
+++ b/i18n/languages/locale_fr.ini
@ -1,137 +0,0 @@
-[ApplicationErr]
-AppNotFound = Application %s not found
-AppNotFoundForUserID = No application is found for userId: %s
-GrantTypeNotSupport = Grant_type: %s is not supported in this application
-HasNoProviders = This application has no providers
-HasNoProvidersOfType = This application has no providers of type
-InvalidID = Invalid application id
-
-[AuthErr]
-AuthStateWrong = State expected: %s, but got: %s
-ChallengeMethodErr = Challenge method should be S256
-CanNotUnlinkUsers = You are not the global admin, you can't unlink other users
-CanNotLinkMySelf = You can't unlink yourself, you are not a member of any application
-CallWebAuthnSigninBegin = Please call WebAuthnSigninBegin first
-NotHuman = Turing test failed.
-Unauthorized = Unauthorized operation
-WrongPasswordManyTimes = WrongPasswordManyTimes
-
-[CasErr]
-ServiceDoNotMatch = Service %s and %s do not match
-
-[EmailErr]
-ExistedErr = Email already exists
-EmptyErr = Email cannot be empty
-EmailInvalid = Email is invalid
-EmailCheckResult = Email: %s
-EmptyParam = Empty parameters for emailForm: %v
-InvalidReceivers = Invalid Email receivers: %s
-UnableGetModifyRule = Unable to get the email modify rule.
-
-[EnforcerErr]
-SignInFirst = Please sign in first
-
-[InitErr]
-InitScoreFailed = Get init score failed, error: %%w
-
-[LdapErr]
-MultipleAccounts = Multiple accounts with same uid, please check your ldap server
-PasswordWrong = Ldap user name or password incorrect
-ServerExisted = Ldap server exist
-
-[LoginErr]
-AppDoNotExist = The application: %s does not exist
-AppNotEnableSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support
-AccountDoNotExist = The account does not exist
-InvalidUserInformation = Failed to create user, user information is invalid: %s
-LoginFirst = Please login first
-LoginFail = Failed to login in: %s
-NoPermission = You don't have the permission to do this
-OldUser = The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)
-ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
-SessionOutdated = Session outdated, please login again
-SignOutFirst = Please sign out first before signing in
-UserDoNotExist = The user: %s/%s doesn't exist
-UserIsForbidden = The user is forbidden to sign in, please contact the administrator
-UnknownAuthentication = Unknown authentication type (not password or provider), form = %s
-UnsupportedPasswordType = unsupported password type: %s
-
-[OrgErr]
-DoNotExist = Organization does not exist
-Immutable = The %s is immutable.
-OnlyAdmin = Only admin can modify the %s.
-UnknownModifyRule = Unknown modify rule %s.
-
-[ParameterErr]
-OrgMissingErr = Parameter organization is missing
-Missing = Missing parameter
-UnknownType = Unknown type
-Wrong = Wrong parameter
-
-[PhoneErr]
-CodeNotSent = Code has not been sent yet!
-CodeTimeOut = You should verify your code in %d min!
-ExistedErr = Phone already exists
-EmptyErr = Phone cannot be empty
-InvalidReceivers = Invalid phone receivers: %s
-NumberInvalid = Phone number is invalid
-NoPrefix = %s No phone prefix
-PhoneCheckResult = Phone: %s
-UnableGetModifyRule = Unable to get the phone modify rule.
-
-[ProviderErr]
-CanNotBeUnlinked = This provider can't be unlinked
-CategoryNotSAML = provider %s's category is not SAML
-DoNotExist = the provider: %s does not exist
-InvalidProvider = Invalid captcha provider.
-LinkFirstErr = Please link first
-ProviderNotEnabled = The provider: %s is not enabled for the application
-ProviderNotSupported = The provider type: %s is not supported
-ProviderNotFound = The provider: %s is not found
-ProviderNotFoundForCategory = No provider for category: %s is found for application: %s
-
-[ResourceErr]
-NotAuthorized = You are not authorized to access this resource
-UserIsNil = User is nil for tag: /"avatar/"
-UsernameOrFilePathEmpty = Username or fullFilePath is empty: username = %s, fullFilePath = %s
-
-[SetPasswordErr]
-CanNotContainBlank = New password cannot contain blank space.
-LessThanSixCharacters = New password must have at least 6 characters
-
-[SignUpErr]
-DoNotAllowSignUp = The application does not allow to sign up new account
-SignOutFirst = Please sign out first before signing up
-
-[StorageErr]
-ObjectKeyNotAllowed = The objectKey: %s is not allowed
-
-[TokenErr]
-EmptyClientID = Empty clientId or clientSecret
-InvalidToken = Invalid token
-InvalidAppOrWrongClientSecret = Invalid application or wrong clientSecret
-InvalidClientId = Invalid client_id
-RedirectURIDoNotExist = Redirect URI: %s doesn't exist in the allowed Redirect URI list
-
-[UserErr]
-AffiliationBlankErr = Affiliation cannot be blank
-DisplayNameBlankErr = DisplayName cannot be blank
-DisplayNameInvalid = DisplayName is not valid real name
-DisplayNameCanNotBeEmpty = Display name cannot be empty
-DoNotExist = The user: %s doesn't exist
-DoNotExistInOrg = The user: %s/%s doesn't exist
-DoNotExistSignUp = the user does not exist, please sign up first
-FirstNameBlankErr = FirstName cannot be blank
-FailToImportUsers = Failed to import users
-LastNameBlankErr = LastName cannot be blank
-NameLessThanTwoCharacters = Username must have at least 2 characters
-NameStartWithADigitErr = Username cannot start with a digit
-NameIsEmailErr = Username cannot be an email address
-NameCantainWhitSpaceErr = Username cannot contain white spaces
-NameExistedErr = Username already exists
-NameEmptyErr = Empty username.
-NameTooLang = Username is too long (maximum is 39 characters).
-NameFormatErr = The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.
-PasswordLessThanSixCharacters = Password must have at least 6 characters
-InvalidInformation = Invalid information
-
--- a/i18n/languages/locale_ja.ini
+++ b/i18n/languages/locale_ja.ini
@ -1,137 +0,0 @@
-[ApplicationErr]
-AppNotFound = Application %s not found
-AppNotFoundForUserID = No application is found for userId: %s
-GrantTypeNotSupport = Grant_type: %s is not supported in this application
-HasNoProviders = This application has no providers
-HasNoProvidersOfType = This application has no providers of type
-InvalidID = Invalid application id
-
-[AuthErr]
-AuthStateWrong = State expected: %s, but got: %s
-ChallengeMethodErr = Challenge method should be S256
-CanNotUnlinkUsers = You are not the global admin, you can't unlink other users
-CanNotLinkMySelf = You can't unlink yourself, you are not a member of any application
-CallWebAuthnSigninBegin = Please call WebAuthnSigninBegin first
-NotHuman = Turing test failed.
-Unauthorized = Unauthorized operation
-WrongPasswordManyTimes = WrongPasswordManyTimes
-
-[CasErr]
-ServiceDoNotMatch = Service %s and %s do not match
-
-[EmailErr]
-ExistedErr = Email already exists
-EmptyErr = Email cannot be empty
-EmailInvalid = Email is invalid
-EmailCheckResult = Email: %s
-EmptyParam = Empty parameters for emailForm: %v
-InvalidReceivers = Invalid Email receivers: %s
-UnableGetModifyRule = Unable to get the email modify rule.
-
-[EnforcerErr]
-SignInFirst = Please sign in first
-
-[InitErr]
-InitScoreFailed = Get init score failed, error: %%w
-
-[LdapErr]
-MultipleAccounts = Multiple accounts with same uid, please check your ldap server
-PasswordWrong = Ldap user name or password incorrect
-ServerExisted = Ldap server exist
-
-[LoginErr]
-AppDoNotExist = The application: %s does not exist
-AppNotEnableSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support
-AccountDoNotExist = The account does not exist
-InvalidUserInformation = Failed to create user, user information is invalid: %s
-LoginFirst = Please login first
-LoginFail = Failed to login in: %s
-NoPermission = You don't have the permission to do this
-OldUser = The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)
-ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
-SessionOutdated = Session outdated, please login again
-SignOutFirst = Please sign out first before signing in
-UserDoNotExist = The user: %s/%s doesn't exist
-UserIsForbidden = The user is forbidden to sign in, please contact the administrator
-UnknownAuthentication = Unknown authentication type (not password or provider), form = %s
-UnsupportedPasswordType = unsupported password type: %s
-
-[OrgErr]
-DoNotExist = Organization does not exist
-Immutable = The %s is immutable.
-OnlyAdmin = Only admin can modify the %s.
-UnknownModifyRule = Unknown modify rule %s.
-
-[ParameterErr]
-OrgMissingErr = Parameter organization is missing
-Missing = Missing parameter
-UnknownType = Unknown type
-Wrong = Wrong parameter
-
-[PhoneErr]
-CodeNotSent = Code has not been sent yet!
-CodeTimeOut = You should verify your code in %d min!
-ExistedErr = Phone already exists
-EmptyErr = Phone cannot be empty
-InvalidReceivers = Invalid phone receivers: %s
-NumberInvalid = Phone number is invalid
-NoPrefix = %s No phone prefix
-PhoneCheckResult = Phone: %s
-UnableGetModifyRule = Unable to get the phone modify rule.
-
-[ProviderErr]
-CanNotBeUnlinked = This provider can't be unlinked
-CategoryNotSAML = provider %s's category is not SAML
-DoNotExist = the provider: %s does not exist
-InvalidProvider = Invalid captcha provider.
-LinkFirstErr = Please link first
-ProviderNotEnabled = The provider: %s is not enabled for the application
-ProviderNotSupported = The provider type: %s is not supported
-ProviderNotFound = The provider: %s is not found
-ProviderNotFoundForCategory = No provider for category: %s is found for application: %s
-
-[ResourceErr]
-NotAuthorized = You are not authorized to access this resource
-UserIsNil = User is nil for tag: /"avatar/"
-UsernameOrFilePathEmpty = Username or fullFilePath is empty: username = %s, fullFilePath = %s
-
-[SetPasswordErr]
-CanNotContainBlank = New password cannot contain blank space.
-LessThanSixCharacters = New password must have at least 6 characters
-
-[SignUpErr]
-DoNotAllowSignUp = The application does not allow to sign up new account
-SignOutFirst = Please sign out first before signing up
-
-[StorageErr]
-ObjectKeyNotAllowed = The objectKey: %s is not allowed
-
-[TokenErr]
-EmptyClientID = Empty clientId or clientSecret
-InvalidToken = Invalid token
-InvalidAppOrWrongClientSecret = Invalid application or wrong clientSecret
-InvalidClientId = Invalid client_id
-RedirectURIDoNotExist = Redirect URI: %s doesn't exist in the allowed Redirect URI list
-
-[UserErr]
-AffiliationBlankErr = Affiliation cannot be blank
-DisplayNameBlankErr = DisplayName cannot be blank
-DisplayNameInvalid = DisplayName is not valid real name
-DisplayNameCanNotBeEmpty = Display name cannot be empty
-DoNotExist = The user: %s doesn't exist
-DoNotExistInOrg = The user: %s/%s doesn't exist
-DoNotExistSignUp = the user does not exist, please sign up first
-FirstNameBlankErr = FirstName cannot be blank
-FailToImportUsers = Failed to import users
-LastNameBlankErr = LastName cannot be blank
-NameLessThanTwoCharacters = Username must have at least 2 characters
-NameStartWithADigitErr = Username cannot start with a digit
-NameIsEmailErr = Username cannot be an email address
-NameCantainWhitSpaceErr = Username cannot contain white spaces
-NameExistedErr = Username already exists
-NameEmptyErr = Empty username.
-NameTooLang = Username is too long (maximum is 39 characters).
-NameFormatErr = The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.
-PasswordLessThanSixCharacters = Password must have at least 6 characters
-InvalidInformation = Invalid information
-
--- a/i18n/languages/locale_ko.ini
+++ b/i18n/languages/locale_ko.ini
@ -1,137 +0,0 @@
-[ApplicationErr]
-AppNotFound = Application %s not found
-AppNotFoundForUserID = No application is found for userId: %s
-GrantTypeNotSupport = Grant_type: %s is not supported in this application
-HasNoProviders = This application has no providers
-HasNoProvidersOfType = This application has no providers of type
-InvalidID = Invalid application id
-
-[AuthErr]
-AuthStateWrong = State expected: %s, but got: %s
-ChallengeMethodErr = Challenge method should be S256
-CanNotUnlinkUsers = You are not the global admin, you can't unlink other users
-CanNotLinkMySelf = You can't unlink yourself, you are not a member of any application
-CallWebAuthnSigninBegin = Please call WebAuthnSigninBegin first
-NotHuman = Turing test failed.
-Unauthorized = Unauthorized operation
-WrongPasswordManyTimes = WrongPasswordManyTimes
-
-[CasErr]
-ServiceDoNotMatch = Service %s and %s do not match
-
-[EmailErr]
-ExistedErr = Email already exists
-EmptyErr = Email cannot be empty
-EmailInvalid = Email is invalid
-EmailCheckResult = Email: %s
-EmptyParam = Empty parameters for emailForm: %v
-InvalidReceivers = Invalid Email receivers: %s
-UnableGetModifyRule = Unable to get the email modify rule.
-
-[EnforcerErr]
-SignInFirst = Please sign in first
-
-[InitErr]
-InitScoreFailed = Get init score failed, error: %%w
-
-[LdapErr]
-MultipleAccounts = Multiple accounts with same uid, please check your ldap server
-PasswordWrong = Ldap user name or password incorrect
-ServerExisted = Ldap server exist
-
-[LoginErr]
-AppDoNotExist = The application: %s does not exist
-AppNotEnableSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support
-AccountDoNotExist = The account does not exist
-InvalidUserInformation = Failed to create user, user information is invalid: %s
-LoginFirst = Please login first
-LoginFail = Failed to login in: %s
-NoPermission = You don't have the permission to do this
-OldUser = The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)
-ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
-SessionOutdated = Session outdated, please login again
-SignOutFirst = Please sign out first before signing in
-UserDoNotExist = The user: %s/%s doesn't exist
-UserIsForbidden = The user is forbidden to sign in, please contact the administrator
-UnknownAuthentication = Unknown authentication type (not password or provider), form = %s
-UnsupportedPasswordType = unsupported password type: %s
-
-[OrgErr]
-DoNotExist = Organization does not exist
-Immutable = The %s is immutable.
-OnlyAdmin = Only admin can modify the %s.
-UnknownModifyRule = Unknown modify rule %s.
-
-[ParameterErr]
-OrgMissingErr = Parameter organization is missing
-Missing = Missing parameter
-UnknownType = Unknown type
-Wrong = Wrong parameter
-
-[PhoneErr]
-CodeNotSent = Code has not been sent yet!
-CodeTimeOut = You should verify your code in %d min!
-ExistedErr = Phone already exists
-EmptyErr = Phone cannot be empty
-InvalidReceivers = Invalid phone receivers: %s
-NumberInvalid = Phone number is invalid
-NoPrefix = %s No phone prefix
-PhoneCheckResult = Phone: %s
-UnableGetModifyRule = Unable to get the phone modify rule.
-
-[ProviderErr]
-CanNotBeUnlinked = This provider can't be unlinked
-CategoryNotSAML = provider %s's category is not SAML
-DoNotExist = the provider: %s does not exist
-InvalidProvider = Invalid captcha provider.
-LinkFirstErr = Please link first
-ProviderNotEnabled = The provider: %s is not enabled for the application
-ProviderNotSupported = The provider type: %s is not supported
-ProviderNotFound = The provider: %s is not found
-ProviderNotFoundForCategory = No provider for category: %s is found for application: %s
-
-[ResourceErr]
-NotAuthorized = You are not authorized to access this resource
-UserIsNil = User is nil for tag: /"avatar/"
-UsernameOrFilePathEmpty = Username or fullFilePath is empty: username = %s, fullFilePath = %s
-
-[SetPasswordErr]
-CanNotContainBlank = New password cannot contain blank space.
-LessThanSixCharacters = New password must have at least 6 characters
-
-[SignUpErr]
-DoNotAllowSignUp = The application does not allow to sign up new account
-SignOutFirst = Please sign out first before signing up
-
-[StorageErr]
-ObjectKeyNotAllowed = The objectKey: %s is not allowed
-
-[TokenErr]
-EmptyClientID = Empty clientId or clientSecret
-InvalidToken = Invalid token
-InvalidAppOrWrongClientSecret = Invalid application or wrong clientSecret
-InvalidClientId = Invalid client_id
-RedirectURIDoNotExist = Redirect URI: %s doesn't exist in the allowed Redirect URI list
-
-[UserErr]
-AffiliationBlankErr = Affiliation cannot be blank
-DisplayNameBlankErr = DisplayName cannot be blank
-DisplayNameInvalid = DisplayName is not valid real name
-DisplayNameCanNotBeEmpty = Display name cannot be empty
-DoNotExist = The user: %s doesn't exist
-DoNotExistInOrg = The user: %s/%s doesn't exist
-DoNotExistSignUp = the user does not exist, please sign up first
-FirstNameBlankErr = FirstName cannot be blank
-FailToImportUsers = Failed to import users
-LastNameBlankErr = LastName cannot be blank
-NameLessThanTwoCharacters = Username must have at least 2 characters
-NameStartWithADigitErr = Username cannot start with a digit
-NameIsEmailErr = Username cannot be an email address
-NameCantainWhitSpaceErr = Username cannot contain white spaces
-NameExistedErr = Username already exists
-NameEmptyErr = Empty username.
-NameTooLang = Username is too long (maximum is 39 characters).
-NameFormatErr = The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.
-PasswordLessThanSixCharacters = Password must have at least 6 characters
-InvalidInformation = Invalid information
-
--- a/i18n/languages/locale_ru.ini
+++ b/i18n/languages/locale_ru.ini
@ -1,137 +0,0 @@
-[ApplicationErr]
-AppNotFound = Application %s not found
-AppNotFoundForUserID = No application is found for userId: %s
-GrantTypeNotSupport = Grant_type: %s is not supported in this application
-HasNoProviders = This application has no providers
-HasNoProvidersOfType = This application has no providers of type
-InvalidID = Invalid application id
-
-[AuthErr]
-AuthStateWrong = State expected: %s, but got: %s
-ChallengeMethodErr = Challenge method should be S256
-CanNotUnlinkUsers = You are not the global admin, you can't unlink other users
-CanNotLinkMySelf = You can't unlink yourself, you are not a member of any application
-CallWebAuthnSigninBegin = Please call WebAuthnSigninBegin first
-NotHuman = Turing test failed.
-Unauthorized = Unauthorized operation
-WrongPasswordManyTimes = WrongPasswordManyTimes
-
-[CasErr]
-ServiceDoNotMatch = Service %s and %s do not match
-
-[EmailErr]
-ExistedErr = Email already exists
-EmptyErr = Email cannot be empty
-EmailInvalid = Email is invalid
-EmailCheckResult = Email: %s
-EmptyParam = Empty parameters for emailForm: %v
-InvalidReceivers = Invalid Email receivers: %s
-UnableGetModifyRule = Unable to get the email modify rule.
-
-[EnforcerErr]
-SignInFirst = Please sign in first
-
-[InitErr]
-InitScoreFailed = Get init score failed, error: %%w
-
-[LdapErr]
-MultipleAccounts = Multiple accounts with same uid, please check your ldap server
-PasswordWrong = Ldap user name or password incorrect
-ServerExisted = Ldap server exist
-
-[LoginErr]
-AppDoNotExist = The application: %s does not exist
-AppNotEnableSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support
-AccountDoNotExist = The account does not exist
-InvalidUserInformation = Failed to create user, user information is invalid: %s
-LoginFirst = Please login first
-LoginFail = Failed to login in: %s
-NoPermission = You don't have the permission to do this
-OldUser = The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)
-ProviderCanNotSignUp = The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up
-SessionOutdated = Session outdated, please login again
-SignOutFirst = Please sign out first before signing in
-UserDoNotExist = The user: %s/%s doesn't exist
-UserIsForbidden = The user is forbidden to sign in, please contact the administrator
-UnknownAuthentication = Unknown authentication type (not password or provider), form = %s
-UnsupportedPasswordType = unsupported password type: %s
-
-[OrgErr]
-DoNotExist = Organization does not exist
-Immutable = The %s is immutable.
-OnlyAdmin = Only admin can modify the %s.
-UnknownModifyRule = Unknown modify rule %s.
-
-[ParameterErr]
-OrgMissingErr = Parameter organization is missing
-Missing = Missing parameter
-UnknownType = Unknown type
-Wrong = Wrong parameter
-
-[PhoneErr]
-CodeNotSent = Code has not been sent yet!
-CodeTimeOut = You should verify your code in %d min!
-ExistedErr = Phone already exists
-EmptyErr = Phone cannot be empty
-InvalidReceivers = Invalid phone receivers: %s
-NumberInvalid = Phone number is invalid
-NoPrefix = %s No phone prefix
-PhoneCheckResult = Phone: %s
-UnableGetModifyRule = Unable to get the phone modify rule.
-
-[ProviderErr]
-CanNotBeUnlinked = This provider can't be unlinked
-CategoryNotSAML = provider %s's category is not SAML
-DoNotExist = the provider: %s does not exist
-InvalidProvider = Invalid captcha provider.
-LinkFirstErr = Please link first
-ProviderNotEnabled = The provider: %s is not enabled for the application
-ProviderNotSupported = The provider type: %s is not supported
-ProviderNotFound = The provider: %s is not found
-ProviderNotFoundForCategory = No provider for category: %s is found for application: %s
-
-[ResourceErr]
-NotAuthorized = You are not authorized to access this resource
-UserIsNil = User is nil for tag: /"avatar/"
-UsernameOrFilePathEmpty = Username or fullFilePath is empty: username = %s, fullFilePath = %s
-
-[SetPasswordErr]
-CanNotContainBlank = New password cannot contain blank space.
-LessThanSixCharacters = New password must have at least 6 characters
-
-[SignUpErr]
-DoNotAllowSignUp = The application does not allow to sign up new account
-SignOutFirst = Please sign out first before signing up
-
-[StorageErr]
-ObjectKeyNotAllowed = The objectKey: %s is not allowed
-
-[TokenErr]
-EmptyClientID = Empty clientId or clientSecret
-InvalidToken = Invalid token
-InvalidAppOrWrongClientSecret = Invalid application or wrong clientSecret
-InvalidClientId = Invalid client_id
-RedirectURIDoNotExist = Redirect URI: %s doesn't exist in the allowed Redirect URI list
-
-[UserErr]
-AffiliationBlankErr = Affiliation cannot be blank
-DisplayNameBlankErr = DisplayName cannot be blank
-DisplayNameInvalid = DisplayName is not valid real name
-DisplayNameCanNotBeEmpty = Display name cannot be empty
-DoNotExist = The user: %s doesn't exist
-DoNotExistInOrg = The user: %s/%s doesn't exist
-DoNotExistSignUp = the user does not exist, please sign up first
-FirstNameBlankErr = FirstName cannot be blank
-FailToImportUsers = Failed to import users
-LastNameBlankErr = LastName cannot be blank
-NameLessThanTwoCharacters = Username must have at least 2 characters
-NameStartWithADigitErr = Username cannot start with a digit
-NameIsEmailErr = Username cannot be an email address
-NameCantainWhitSpaceErr = Username cannot contain white spaces
-NameExistedErr = Username already exists
-NameEmptyErr = Empty username.
-NameTooLang = Username is too long (maximum is 39 characters).
-NameFormatErr = The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.
-PasswordLessThanSixCharacters = Password must have at least 6 characters
-InvalidInformation = Invalid information
-
--- a/i18n/languages/locale_zh.ini
+++ b/i18n/languages/locale_zh.ini
@ -1,137 +0,0 @@
-[ApplicationErr]
-AppNotFound = 应用 %%s 未找到
-AppNotFoundForUserID = 找不到该用户的应用程序 %s
-GrantTypeNotSupport = 此应用中不支持此授权类型
-HasNoProviders = 该应用无提供商
-HasNoProvidersOfType = 应用没有该类型的提供商
-InvalidID = 无效的Application ID
-
-[AuthErr]
-AuthStateWrong = 期望状态位: %s, 实际状态为: %s
-ChallengeMethodErr = Challenge 方法应该为 S256
-CanNotUnlinkUsers = 您不是全局管理员，无法取消链接其他用户
-CanNotLinkMySelf = 您无法取消链接，您不是任何应用程序的成员
-CallWebAuthnSigninBegin = 请先调用WebAuthnSigninBegin
-NotHuman = 真人验证失败
-Unauthorized = 未授权的操作
-WrongPasswordManyTimes = 输入密码错误次数已达上限，请在 %d 分 %d 秒后重试
-
-[CasErr]
-ServiceDoNotMatch = 服务 %s 与 %s 不匹配
-
-[EmailErr]
-ExistedErr = 该邮箱已存在
-EmptyErr = 邮箱不可为空
-EmailInvalid = 无效邮箱
-EmailCheckResult = Email: %s
-EmptyParam = 邮件参数为空: %v
-InvalidReceivers = 无效的邮箱接收者: %%s
-UnableGetModifyRule = 无法得到Email修改规则
-
-[EnforcerErr]
-SignInFirst = 请先登录
-
-[InitErr]
-InitScoreFailed = 初始化分数失败: %w
-
-[LdapErr]
-MultipleAccounts = 多个帐户具有相同的uid，请检查您的 ldap 服务器
-PasswordWrong = Ldap密码错误
-ServerExisted = Ldap服务器已存在
-
-[LoginErr]
-AppDoNotExist = 应用不存在: %s
-AppNotEnableSignUp = 提供商账户: %s 与用户名: %s (%s) 不存在且 不允许注册新账户, 请联系IT支持
-AccountDoNotExist = 账户不存在
-InvalidUserInformation = 创建用户失败，用户信息无效: %%s
-LoginFirst = 请先登录
-LoginFail = 无法登录: %s
-NoPermission = 您没有权限执行此操作
-OldUser = 提供商账户: %s 与用户名: %s (%s) 已经与其他账户绑定: %s (%s)
-ProviderCanNotSignUp = 提供商账户: %s 与用户名: %s (%s) 不存在且 不允许通过 %s 注册新账户, 请使用其他方式注册
-SignOutFirst = 请在登录前登出
-SessionOutdated = Session已过期，请重新登陆
-UserDoNotExist = 用户不存在: %s/%s
-UserIsForbidden = 该用户被禁止登陆，请联系管理员
-UnknownAuthentication = 未知的认证类型 (非密码或提供商认证), form = %s
-UnsupportedPasswordType = 不支持此密码类型
-
-[OrgErr]
-DoNotExist = 组织不存在
-Immutable = %s是不可变的
-OnlyAdmin = 只有管理员用户有此权限
-UnknownModifyRule = 未知的修改规则
-
-[ParameterErr]
-Missing = 参数丢失
-OrgMissingErr = Organization参数丢失
-UnknownType = 未知类型
-Wrong = 参数错误
-
-[PhoneErr]
-CodeNotSent = 验证码还未发送
-CodeTimeOut = 验证码过期
-ExistedErr = 该电话已存在
-EmptyErr = 电话不可为空
-InvalidReceivers = 无效的电话接收者: %s
-NumberInvalid = 无效电话
-PhoneCheckResult = 电话: %s
-UnableGetModifyRule = 无法得到电话修改规则
-NoPrefix = %s 无此电话前缀
-
-[ProviderErr]
-CanNotBeUnlinked = 该提供商不可被链接
-InvalidProvider = 无效的验证码提供商
-LinkFirstErr = 请先绑定
-ProviderNotEnabled = 提供商: %s 未被启用
-ProviderNotSupported = 不支持该类型的提供商: %s
-ProviderNotFound = 该提供商未找到: %s
-ProviderNotFoundForCategory = 该类型的提供商: %s 在应用中未找到: %s
-DoNotExist = 提供商: %s 不存在
-CategoryNotSAML = 提供商 %s类型不是SAML
-
-[ResourceErr]
-NotAuthorized = 您无权获取此资源
-UserIsNil = 用户头像标签为空
-UsernameOrFilePathEmpty = username或FilePath为空: username = %s, fullFilePath = %s
-
-[SetPasswordErr]
-CanNotContainBlank = 新密码不可以包含空客
-LessThanSixCharacters = 新密码至少为6位
-
-[SignUpErr]
-DoNotAllowSignUp = 该应用不允许注册新账户
-SignOutFirst = 请在登陆前登出
-
-[TokenErr]
-EmptyClientID = clientId或clientSecret为空
-InvalidAppOrWrongClientSecret = 无效应用或错误的clientSecret
-InvalidToken = 无效token
-InvalidClientId = 无效的ClientId
-RedirectURIDoNotExist = 重定向 URI：%s 在可列表中未找到
-
-[UserErr]
-AffiliationBlankErr = 联系方式不可为空
-DisplayNameBlankErr = 展示名称不可为空
-DisplayNameInvalid = 展示名称无效
-DisplayNameCanNotBeEmpty = 展示名称不可为空
-DoNotExist = 用户不存在: %s
-DoNotExistInOrg = 用户不存在: %s/%s
-FirstNameBlankErr = 名不可以为空
-FailToImportUsers = 导入用户失败
-LastNameBlankErr = 姓不可以为空
-NameLessThanTwoCharacters = 用户名至少要有2个字符
-NameStartWithADigitErr = 用户名禁止使用数字作为第一个字符
-NameIsEmailErr = 用户名不可以是邮箱地址
-NameCantainWhitSpaceErr = 用户名不可以包含空格
-NameExistedErr = 用户名已存在
-NameEmptyErr = 用户名不可为空
-NameTooLang = 用户名过长（最大长度为39个字符）
-NameFormatErr = 用户名只能包含字母数字字符、下划线或连字符，不能有连续的连字符或下划线，也不能以连字符或下划线开头或结尾
-PasswordLessThanSixCharacters = 密码至少为6字符
-DoNotExistSignUp = 用户不存在，请先注册
-InvalidInformation = 无效信息
-
-[StorageErr]
-ObjectKeyNotAllowed = object key :%s 不被允许
-
--- a/i18n/locales/de/data.json
+++ b/i18n/locales/de/data.json
@ -0,0 +1,173 @@
+{
+  "account": {
+    "Email: %s": "Email: %s",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid information": "Invalid information",
+    "Phone: %s": "Phone: %s",
+    "Please sign out first before signing up": "Please sign out first before signing up",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "application": {
+    "Parameter organization is missing": "Parameter organization is missing",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "auth": {
+    "%s No phone prefix": "%s No phone prefix",
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid token": "Invalid token",
+    "Please sign out first before signing in": "Please sign out first before signing in",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account does not exist": "The account does not exist",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider type: %s is not supported": "The provider type: %s is not supported",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist",
+    "Turing test failed.": "Turing test failed.",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Please login first": "Please login first",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user doesn't exist": "The user doesn't exist",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You don't have the permission to do this": "You don't have the permission to do this",
+    "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again": "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "check_util": {
+    "You have entered the wrong password too many times, please wait for %d minutes and try again": "You have entered the wrong password too many times, please wait for %d minutes and try again",
+    "password is incorrect, you have %d remaining chances": "password is incorrect, you have %d remaining chances"
+  },
+  "enforcer": {
+    "Please sign in first": "Please sign in first"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist",
+    "Missing parameter": "Missing parameter"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
+  },
+  "product": {
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "system_info": {
+    "You are not authorized to access this resource": "You are not authorized to access this resource"
+  },
+  "token": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "New password must have at least 6 characters": "New password must have at least 6 characters",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "Please login first": "Please login first",
+    "The provider: %s is not found": "The provider: %s is not found",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "verification": {
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Email is invalid": "Email is invalid",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Missing parameter": "Missing parameter",
+    "Organization does not exist": "Organization does not exist",
+    "Phone number is invalid": "Phone number is invalid",
+    "Please login first": "Please login first",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong parameter": "Wrong parameter",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first",
+    "Please login first": "Please login first",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
+  }
+}
--- a/i18n/locales/en/data.json
+++ b/i18n/locales/en/data.json
@ -0,0 +1,173 @@
+{
+  "account": {
+    "Email: %s": "Email: %s",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid information": "Invalid information",
+    "Phone: %s": "Phone: %s",
+    "Please sign out first before signing up": "Please sign out first before signing up",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "application": {
+    "Parameter organization is missing": "Parameter organization is missing",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "auth": {
+    "%s No phone prefix": "%s No phone prefix",
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid token": "Invalid token",
+    "Please sign out first before signing in": "Please sign out first before signing in",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account does not exist": "The account does not exist",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider type: %s is not supported": "The provider type: %s is not supported",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist",
+    "Turing test failed.": "Turing test failed.",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Please login first": "Please login first",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user doesn't exist": "The user doesn't exist",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You don't have the permission to do this": "You don't have the permission to do this",
+    "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again": "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "check_util": {
+    "You have entered the wrong password too many times, please wait for %d minutes and try again": "You have entered the wrong password too many times, please wait for %d minutes and try again",
+    "password is incorrect, you have %d remaining chances": "password is incorrect, you have %d remaining chances"
+  },
+  "enforcer": {
+    "Please sign in first": "Please sign in first"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist",
+    "Missing parameter": "Missing parameter"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
+  },
+  "product": {
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "system_info": {
+    "You are not authorized to access this resource": "You are not authorized to access this resource"
+  },
+  "token": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "New password must have at least 6 characters": "New password must have at least 6 characters",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "Please login first": "Please login first",
+    "The provider: %s is not found": "The provider: %s is not found",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "verification": {
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Email is invalid": "Email is invalid",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Missing parameter": "Missing parameter",
+    "Organization does not exist": "Organization does not exist",
+    "Phone number is invalid": "Phone number is invalid",
+    "Please login first": "Please login first",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong parameter": "Wrong parameter",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first",
+    "Please login first": "Please login first",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
+  }
+}
--- a/i18n/locales/es/data.json
+++ b/i18n/locales/es/data.json
@ -0,0 +1,173 @@
+{
+  "account": {
+    "Email: %s": "Email: %s",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid information": "Invalid information",
+    "Phone: %s": "Phone: %s",
+    "Please sign out first before signing up": "Please sign out first before signing up",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "application": {
+    "Parameter organization is missing": "Parameter organization is missing",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "auth": {
+    "%s No phone prefix": "%s No phone prefix",
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid token": "Invalid token",
+    "Please sign out first before signing in": "Please sign out first before signing in",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account does not exist": "The account does not exist",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider type: %s is not supported": "The provider type: %s is not supported",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist",
+    "Turing test failed.": "Turing test failed.",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Please login first": "Please login first",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user doesn't exist": "The user doesn't exist",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You don't have the permission to do this": "You don't have the permission to do this",
+    "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again": "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "check_util": {
+    "You have entered the wrong password too many times, please wait for %d minutes and try again": "You have entered the wrong password too many times, please wait for %d minutes and try again",
+    "password is incorrect, you have %d remaining chances": "password is incorrect, you have %d remaining chances"
+  },
+  "enforcer": {
+    "Please sign in first": "Please sign in first"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist",
+    "Missing parameter": "Missing parameter"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
+  },
+  "product": {
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "system_info": {
+    "You are not authorized to access this resource": "You are not authorized to access this resource"
+  },
+  "token": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "New password must have at least 6 characters": "New password must have at least 6 characters",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "Please login first": "Please login first",
+    "The provider: %s is not found": "The provider: %s is not found",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "verification": {
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Email is invalid": "Email is invalid",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Missing parameter": "Missing parameter",
+    "Organization does not exist": "Organization does not exist",
+    "Phone number is invalid": "Phone number is invalid",
+    "Please login first": "Please login first",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong parameter": "Wrong parameter",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first",
+    "Please login first": "Please login first",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
+  }
+}
--- a/i18n/locales/fr/data.json
+++ b/i18n/locales/fr/data.json
@ -0,0 +1,173 @@
+{
+  "account": {
+    "Email: %s": "Email: %s",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid information": "Invalid information",
+    "Phone: %s": "Phone: %s",
+    "Please sign out first before signing up": "Please sign out first before signing up",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "application": {
+    "Parameter organization is missing": "Parameter organization is missing",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "auth": {
+    "%s No phone prefix": "%s No phone prefix",
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid token": "Invalid token",
+    "Please sign out first before signing in": "Please sign out first before signing in",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account does not exist": "The account does not exist",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider type: %s is not supported": "The provider type: %s is not supported",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist",
+    "Turing test failed.": "Turing test failed.",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Please login first": "Please login first",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user doesn't exist": "The user doesn't exist",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You don't have the permission to do this": "You don't have the permission to do this",
+    "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again": "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "check_util": {
+    "You have entered the wrong password too many times, please wait for %d minutes and try again": "You have entered the wrong password too many times, please wait for %d minutes and try again",
+    "password is incorrect, you have %d remaining chances": "password is incorrect, you have %d remaining chances"
+  },
+  "enforcer": {
+    "Please sign in first": "Please sign in first"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist",
+    "Missing parameter": "Missing parameter"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
+  },
+  "product": {
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "system_info": {
+    "You are not authorized to access this resource": "You are not authorized to access this resource"
+  },
+  "token": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "New password must have at least 6 characters": "New password must have at least 6 characters",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "Please login first": "Please login first",
+    "The provider: %s is not found": "The provider: %s is not found",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "verification": {
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Email is invalid": "Email is invalid",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Missing parameter": "Missing parameter",
+    "Organization does not exist": "Organization does not exist",
+    "Phone number is invalid": "Phone number is invalid",
+    "Please login first": "Please login first",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong parameter": "Wrong parameter",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first",
+    "Please login first": "Please login first",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
+  }
+}
--- a/i18n/locales/ja/data.json
+++ b/i18n/locales/ja/data.json
@ -0,0 +1,173 @@
+{
+  "account": {
+    "Email: %s": "Email: %s",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid information": "Invalid information",
+    "Phone: %s": "Phone: %s",
+    "Please sign out first before signing up": "Please sign out first before signing up",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "application": {
+    "Parameter organization is missing": "Parameter organization is missing",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "auth": {
+    "%s No phone prefix": "%s No phone prefix",
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid token": "Invalid token",
+    "Please sign out first before signing in": "Please sign out first before signing in",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account does not exist": "The account does not exist",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider type: %s is not supported": "The provider type: %s is not supported",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist",
+    "Turing test failed.": "Turing test failed.",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Please login first": "Please login first",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user doesn't exist": "The user doesn't exist",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You don't have the permission to do this": "You don't have the permission to do this",
+    "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again": "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "check_util": {
+    "You have entered the wrong password too many times, please wait for %d minutes and try again": "You have entered the wrong password too many times, please wait for %d minutes and try again",
+    "password is incorrect, you have %d remaining chances": "password is incorrect, you have %d remaining chances"
+  },
+  "enforcer": {
+    "Please sign in first": "Please sign in first"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist",
+    "Missing parameter": "Missing parameter"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
+  },
+  "product": {
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "system_info": {
+    "You are not authorized to access this resource": "You are not authorized to access this resource"
+  },
+  "token": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "New password must have at least 6 characters": "New password must have at least 6 characters",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "Please login first": "Please login first",
+    "The provider: %s is not found": "The provider: %s is not found",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "verification": {
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Email is invalid": "Email is invalid",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Missing parameter": "Missing parameter",
+    "Organization does not exist": "Organization does not exist",
+    "Phone number is invalid": "Phone number is invalid",
+    "Please login first": "Please login first",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong parameter": "Wrong parameter",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first",
+    "Please login first": "Please login first",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
+  }
+}
--- a/i18n/locales/ko/data.json
+++ b/i18n/locales/ko/data.json
@ -0,0 +1,173 @@
+{
+  "account": {
+    "Email: %s": "Email: %s",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid information": "Invalid information",
+    "Phone: %s": "Phone: %s",
+    "Please sign out first before signing up": "Please sign out first before signing up",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "application": {
+    "Parameter organization is missing": "Parameter organization is missing",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "auth": {
+    "%s No phone prefix": "%s No phone prefix",
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid token": "Invalid token",
+    "Please sign out first before signing in": "Please sign out first before signing in",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account does not exist": "The account does not exist",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider type: %s is not supported": "The provider type: %s is not supported",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist",
+    "Turing test failed.": "Turing test failed.",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Please login first": "Please login first",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user doesn't exist": "The user doesn't exist",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You don't have the permission to do this": "You don't have the permission to do this",
+    "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again": "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "check_util": {
+    "You have entered the wrong password too many times, please wait for %d minutes and try again": "You have entered the wrong password too many times, please wait for %d minutes and try again",
+    "password is incorrect, you have %d remaining chances": "password is incorrect, you have %d remaining chances"
+  },
+  "enforcer": {
+    "Please sign in first": "Please sign in first"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist",
+    "Missing parameter": "Missing parameter"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
+  },
+  "product": {
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "system_info": {
+    "You are not authorized to access this resource": "You are not authorized to access this resource"
+  },
+  "token": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "New password must have at least 6 characters": "New password must have at least 6 characters",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "Please login first": "Please login first",
+    "The provider: %s is not found": "The provider: %s is not found",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "verification": {
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Email is invalid": "Email is invalid",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Missing parameter": "Missing parameter",
+    "Organization does not exist": "Organization does not exist",
+    "Phone number is invalid": "Phone number is invalid",
+    "Please login first": "Please login first",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong parameter": "Wrong parameter",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first",
+    "Please login first": "Please login first",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
+  }
+}
--- a/i18n/locales/ru/data.json
+++ b/i18n/locales/ru/data.json
@ -0,0 +1,173 @@
+{
+  "account": {
+    "Email: %s": "Email: %s",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid information": "Invalid information",
+    "Phone: %s": "Phone: %s",
+    "Please sign out first before signing up": "Please sign out first before signing up",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "application": {
+    "Parameter organization is missing": "Parameter organization is missing",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "auth": {
+    "%s No phone prefix": "%s No phone prefix",
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid token": "Invalid token",
+    "Please sign out first before signing in": "Please sign out first before signing in",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account does not exist": "The account does not exist",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider type: %s is not supported": "The provider type: %s is not supported",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist",
+    "Turing test failed.": "Turing test failed.",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Please login first": "Please login first",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user doesn't exist": "The user doesn't exist",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You don't have the permission to do this": "You don't have the permission to do this",
+    "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again": "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "check_util": {
+    "You have entered the wrong password too many times, please wait for %d minutes and try again": "You have entered the wrong password too many times, please wait for %d minutes and try again",
+    "password is incorrect, you have %d remaining chances": "password is incorrect, you have %d remaining chances"
+  },
+  "enforcer": {
+    "Please sign in first": "Please sign in first"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist",
+    "Missing parameter": "Missing parameter"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
+  },
+  "product": {
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "system_info": {
+    "You are not authorized to access this resource": "You are not authorized to access this resource"
+  },
+  "token": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "New password must have at least 6 characters": "New password must have at least 6 characters",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "Please login first": "Please login first",
+    "The provider: %s is not found": "The provider: %s is not found",
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
+  },
+  "verification": {
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Email is invalid": "Email is invalid",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Missing parameter": "Missing parameter",
+    "Organization does not exist": "Organization does not exist",
+    "Phone number is invalid": "Phone number is invalid",
+    "Please login first": "Please login first",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong parameter": "Wrong parameter",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first",
+    "Please login first": "Please login first",
+    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
+  }
+}
--- a/i18n/locales/zh/data.json
+++ b/i18n/locales/zh/data.json
@ -0,0 +1,173 @@
+{
+  "account": {
+    "Email: %s": "邮件: %s",
+    "Get init score failed, error: %w": "初始化分数失败: %w",
+    "Invalid information": "无效信息",
+    "Phone: %s": "电话: %s",
+    "Please sign out first before signing up": "请在登陆前登出",
+    "The application does not allow to sign up new account": "该应用不允许注册新账户"
+  },
+  "application": {
+    "Parameter organization is missing": "Organization参数丢失",
+    "The user: %s doesn't exist": "用户不存在: %s"
+  },
+  "auth": {
+    "%s No phone prefix": "%s 无此电话前缀",
+    "Challenge method should be S256": "Challenge 方法应该为 S256",
+    "Failed to create user, user information is invalid: %s": "创建用户失败，用户信息无效: %s",
+    "Failed to login in: %s": "无法登录: %s",
+    "Get init score failed, error: %w": "初始化分数失败: %w",
+    "Invalid token": "无效token",
+    "Please sign out first before signing in": "请在登陆前登出",
+    "State expected: %s, but got: %s": "期望状态位: %s, 实际状态为: %s",
+    "The account does not exist": "账户不存在",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "提供商账户: %s 与用户名: %s (%s) 不存在且 不允许通过 %s 注册新账户, 请使用其他方式注册",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "提供商账户: %s 与用户名: %s (%s) 不存在且 不允许注册新账户, 请联系IT支持",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "提供商账户: %s 与用户名: %s (%s) 已经与其他账户绑定: %s (%s)",
+    "The application: %s does not exist": "应用 %s 不存在",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider type: %s is not supported": "不支持该类型的提供商: %s",
+    "The provider: %s is not enabled for the application": "提供商: %s 未被启用",
+    "The user is forbidden to sign in, please contact the administrator": "该用户被禁止登陆，请联系管理员",
+    "The user: %s/%s doesn't exist": "用户不存在: %s/%s",
+    "Turing test failed.": "真人验证失败",
+    "Unauthorized operation": "未授权的操作",
+    "Unknown authentication type (not password or provider), form = %s": "未知的认证类型（非密码或第三方提供商）：%s"
+  },
+  "cas": {
+    "Service %s and %s do not match": "服务 %s 与 %s 不匹配"
+  },
+  "check": {
+    "Affiliation cannot be blank": "联系方式不可为空",
+    "DisplayName cannot be blank": "展示名称不可为空",
+    "DisplayName is not valid real name": "展示名称无效",
+    "Email already exists": "该邮箱已存在",
+    "Email cannot be empty": "邮箱不可为空",
+    "Email is invalid": "无效邮箱",
+    "Empty username.": "用户名不可为空",
+    "FirstName cannot be blank": "名不可以为空",
+    "LastName cannot be blank": "姓不可以为空",
+    "Ldap user name or password incorrect": "Ldap密码错误",
+    "Multiple accounts with same uid, please check your ldap server": "多个帐户具有相同的uid，请检查您的 ldap 服务器",
+    "Organization does not exist": "组织不存在",
+    "Password must have at least 6 characters": "新密码至少为6位",
+    "Phone already exists": "该电话已存在",
+    "Phone cannot be empty": "电话不可为空",
+    "Phone number is invalid": "无效电话",
+    "Please login first": "请先登录",
+    "Session outdated, please login again": "Session已过期，请重新登陆",
+    "The user doesn't exist": "用户不存在",
+    "The user is forbidden to sign in, please contact the administrator": "该用户被禁止登陆，请联系管理员",
+    "The user: %s doesn't exist": "用户不存在: %s",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "用户名只能包含字母数字字符、下划线或连字符，不能有连续的连字符或下划线，也不能以连字符或下划线开头或结尾",
+    "Username already exists": "用户名已存在",
+    "Username cannot be an email address": "用户名不可以是邮箱地址",
+    "Username cannot contain white spaces": "用户名不可以包含空格",
+    "Username cannot start with a digit": "用户名禁止使用数字作为第一个字符",
+    "Username is too long (maximum is 39 characters).": "用户名过长（最大长度为39个字符）",
+    "Username must have at least 2 characters": "用户名至少要有2个字符",
+    "You don't have the permission to do this": "用户名至少要有2个字符",
+    "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again": "输入密码错误次数已达上限，请在 %d 分 %d 秒后重试",
+    "unsupported password type: %s": "不支持的密码类型: %s"
+  },
+  "check_util": {
+    "You have entered the wrong password too many times, please wait for %d minutes and try again": "输入密码错误次数已达上限，请在 %d 分后重试",
+    "password is incorrect, you have %d remaining chances": "密码错误，您还有 %d 次尝试的机会"
+  },
+  "enforcer": {
+    "Please sign in first": "请先登录"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap服务器已存在",
+    "Missing parameter": "参数丢失"
+  },
+  "link": {
+    "Please link first": "请先绑定",
+    "This application has no providers": "该应用无提供商",
+    "This application has no providers of type": "应用没有该类型的提供商",
+    "This provider can't be unlinked": "该提供商不可被链接",
+    "You are not the global admin, you can't unlink other users": "您不是全局管理员，无法取消链接其他用户",
+    "You can't unlink yourself, you are not a member of any application": "您无法取消链接，您不是任何应用程序的成员"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "您无法取消链接，您不是任何应用程序的成员",
+    "The %s is immutable.": "%s是不可变的",
+    "Unknown modify rule %s.": "未知的修改规则"
+  },
+  "product": {
+    "Please login first": "请先登录",
+    "The user: %s doesn't exist": "用户不存在: %s"
+  },
+  "provider": {
+    "Invalid application id": "无效的Application ID",
+    "the provider: %s does not exist": "提供商: %s 不存在"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "用户头像标签为空",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "username或FilePath为空: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "应用 %s 未找到"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "提供商 %s类型不是SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "邮件参数为空: %v",
+    "Invalid Email receivers: %s": " 无效的邮箱接收者: %s",
+    "Invalid phone receivers: %s": "无效的电话接收者: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "object key :%s 不被允许",
+    "The provider type: %s is not supported": "提供商类型: %s 尚未支持"
+  },
+  "system_info": {
+    "You are not authorized to access this resource": "您无权获取此资源"
+  },
+  "token": {
+    "Challenge method should be S256": "Challenge 方法应该为 S256",
+    "Empty clientId or clientSecret": "clientId或clientSecret为空",
+    "Grant_type: %s is not supported in this application": "此应用中不支持此授权类型: %s",
+    "Invalid application or wrong clientSecret": "无效应用或错误的clientSecret",
+    "Invalid client_id": "无效的ClientId",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "重定向 URI：%s 在可列表中未找到"
+  },
+  "user": {
+    "Display name cannot be empty": "展示名称不可为空",
+    "New password cannot contain blank space.": "新密码不可以包含空格",
+    "New password must have at least 6 characters": "新密码至少需要6位字符",
+    "The user: %s/%s doesn't exist": "用户不存在: %s/%s"
+  },
+  "user_upload": {
+    "Failed to import users": "导入用户失败"
+  },
+  "util": {
+    "No application is found for userId: %s": "找不到该用户的应用程序 %s",
+    "No provider for category: %s is found for application: %s": "找不到该用户的应用程序 %s",
+    "Please login first": "请先登录",
+    "The provider: %s is not found": "该提供商未找到: %s",
+    "The user: %s doesn't exist": "用户不存在: %s"
+  },
+  "verification": {
+    "Code has not been sent yet!": "验证码还未发送",
+    "Email is invalid": "非法的邮箱",
+    "Invalid captcha provider.": "非法的验证码提供商",
+    "Missing parameter": "参数丢失",
+    "Organization does not exist": "组织不存在",
+    "Phone number is invalid": "非法的电话号码",
+    "Please login first": "请先登录",
+    "Turing test failed.": "验证码还未发送",
+    "Unable to get the email modify rule.": "无法得到邮箱修改规则",
+    "Unable to get the phone modify rule.": "无法得到电话修改规则",
+    "Unknown type": "未知类型",
+    "Wrong parameter": "参数错误",
+    "You should verify your code in %d min!": "请在 %d 分钟内输入正确验证码",
+    "the user does not exist, please sign up first": "用户不存在，请先注册"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "该用户没有WebAuthn凭据",
+    "Please call WebAuthnSigninBegin first": "请先调用 WebAuthnSigninBegi",
+    "Please login first": "请先登录",
+    "The user: %s/%s doesn't exist": "用户: %s/%s 不存在"
+  }
+}
--- a/i18n/util.go
+++ b/i18n/util.go
@ -17,23 +17,24 @@ package i18n
 import (
 	"embed"
 	"fmt"
-	"log"
 	"strings"

 	"github.com/casdoor/casdoor/util"
-	"gopkg.in/ini.v1"
 )

-//go:embed languages/*.ini
+//go:embed locales/*/data.json
 var f embed.FS

-var (
-	langMapConfig  = make(map[string]*ini.File)
-	isNotFirstLoad = make(map[string]bool)
-)
+var langMap = make(map[string]map[string]map[string]string) // for example : langMap[en][account][Invalid information] = Invalid information

 func getI18nFilePath(language string) string {
-	return fmt.Sprintf("../web/src/locales/%s/data.json", language)
+	if strings.Contains(language, "backend") {
+		// change language from 'backend_en' to 'en'
+		language = language[8:]
+		return fmt.Sprintf("../i18n/locales/%s/data.json", language)
+	} else {
+		return fmt.Sprintf("../web/src/locales/%s/data.json", language)
+	}
 }

 func readI18nFile(language string) *I18nData {
@ -75,18 +76,20 @@ func applyData(data1 *I18nData, data2 *I18nData) {
 }

 func Translate(lang string, error string) string {
-	parts := strings.Split(error, ".")
-	if !strings.Contains(error, ".") || len(parts) != 2 {
-		log.Println("Invalid Error Name")
-		return ""
+	parts := strings.SplitN(error, ":", 2)
+	if !strings.Contains(error, ":") || len(parts) != 2 {
+		return "Translate Error: " + error
 	}
-
-	if isNotFirstLoad[lang] {
-		return langMapConfig[lang].Section(parts[0]).Key(parts[1]).String()
+	if langMap[lang] != nil {
+		return langMap[lang][parts[0]][parts[1]]
 	} else {
-		file, _ := f.ReadFile("languages/locale_" + lang + ".ini")
-		langMapConfig[lang], _ = ini.Load(file)
-		isNotFirstLoad[lang] = true
-		return langMapConfig[lang].Section(parts[0]).Key(parts[1]).String()
+		file, _ := f.ReadFile("locales/" + lang + "/data.json")
+		data := I18nData{}
+		err := util.JsonToStruct(string(file), &data)
+		if err != nil {
+			panic(err)
+		}
+		langMap[lang] = data
+		return langMap[lang][parts[0]][parts[1]]
 	}
 }
--- a/idp/adfs.go
+++ b/idp/adfs.go
@ -15,11 +15,11 @@
 package idp

 import (
-	"bytes"
 	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"net/http"
 	"net/url"
 	"time"
@ -118,13 +118,14 @@ func (idp *AdfsIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
 	if err != nil {
 		return nil, err
 	}
-	keyset, err := jwk.Parse(resp.Body)
+	body, err := ioutil.ReadAll(resp.Body)
+	keyset, err := jwk.ParseKey(body)
 	if err != nil {
 		return nil, err
 	}
 	tokenSrc := []byte(token.AccessToken)
-	publicKey, _ := keyset.Keys[0].Materialize()
-	idToken, _ := jwt.Parse(bytes.NewReader(tokenSrc), jwt.WithVerify(jwa.RS256, publicKey))
+	publicKey, _ := keyset.PublicKey()
+	idToken, _ := jwt.Parse(tokenSrc, jwt.WithVerify(jwa.RS256, publicKey))
 	sid, _ := idToken.Get("sid")
 	upn, _ := idToken.Get("upn")
 	name, _ := idToken.Get("unique_name")
--- a/idp/dingtalk.go
+++ b/idp/dingtalk.go
@ -256,6 +256,8 @@ func (idp *DingTalkIdProvider) isUserInOrg(unionId string) (bool, error) {
 	}
 	if data.ErrCode == 60121 {
 		return false, fmt.Errorf("the user is not found in the organization where clientId and clientSecret belong")
+	} else if data.ErrCode != 0 {
+		return false, fmt.Errorf(data.ErrMessage)
 	}
 	return true, nil
 }
--- a/idp/goth.go
+++ b/idp/goth.go
@ -22,35 +22,35 @@ import (
 	"time"

 	"github.com/casdoor/casdoor/util"
-	"github.com/casdoor/goth"
-	"github.com/casdoor/goth/providers/amazon"
-	"github.com/casdoor/goth/providers/apple"
-	"github.com/casdoor/goth/providers/azuread"
-	"github.com/casdoor/goth/providers/bitbucket"
-	"github.com/casdoor/goth/providers/digitalocean"
-	"github.com/casdoor/goth/providers/discord"
-	"github.com/casdoor/goth/providers/dropbox"
-	"github.com/casdoor/goth/providers/facebook"
-	"github.com/casdoor/goth/providers/gitea"
-	"github.com/casdoor/goth/providers/github"
-	"github.com/casdoor/goth/providers/gitlab"
-	"github.com/casdoor/goth/providers/google"
-	"github.com/casdoor/goth/providers/heroku"
-	"github.com/casdoor/goth/providers/instagram"
-	"github.com/casdoor/goth/providers/kakao"
-	"github.com/casdoor/goth/providers/line"
-	"github.com/casdoor/goth/providers/linkedin"
-	"github.com/casdoor/goth/providers/microsoftonline"
-	"github.com/casdoor/goth/providers/paypal"
-	"github.com/casdoor/goth/providers/salesforce"
-	"github.com/casdoor/goth/providers/shopify"
-	"github.com/casdoor/goth/providers/slack"
-	"github.com/casdoor/goth/providers/steam"
-	"github.com/casdoor/goth/providers/tumblr"
-	"github.com/casdoor/goth/providers/twitter"
-	"github.com/casdoor/goth/providers/yahoo"
-	"github.com/casdoor/goth/providers/yandex"
-	"github.com/casdoor/goth/providers/zoom"
+	"github.com/markbates/goth"
+	"github.com/markbates/goth/providers/amazon"
+	"github.com/markbates/goth/providers/apple"
+	"github.com/markbates/goth/providers/azureadv2"
+	"github.com/markbates/goth/providers/bitbucket"
+	"github.com/markbates/goth/providers/digitalocean"
+	"github.com/markbates/goth/providers/discord"
+	"github.com/markbates/goth/providers/dropbox"
+	"github.com/markbates/goth/providers/facebook"
+	"github.com/markbates/goth/providers/gitea"
+	"github.com/markbates/goth/providers/github"
+	"github.com/markbates/goth/providers/gitlab"
+	"github.com/markbates/goth/providers/google"
+	"github.com/markbates/goth/providers/heroku"
+	"github.com/markbates/goth/providers/instagram"
+	"github.com/markbates/goth/providers/kakao"
+	"github.com/markbates/goth/providers/line"
+	"github.com/markbates/goth/providers/linkedin"
+	"github.com/markbates/goth/providers/microsoftonline"
+	"github.com/markbates/goth/providers/paypal"
+	"github.com/markbates/goth/providers/salesforce"
+	"github.com/markbates/goth/providers/shopify"
+	"github.com/markbates/goth/providers/slack"
+	"github.com/markbates/goth/providers/steam"
+	"github.com/markbates/goth/providers/tumblr"
+	"github.com/markbates/goth/providers/twitter"
+	"github.com/markbates/goth/providers/yahoo"
+	"github.com/markbates/goth/providers/yandex"
+	"github.com/markbates/goth/providers/zoom"
 	"golang.org/x/oauth2"
 )

@ -74,8 +74,8 @@ func NewGothIdProvider(providerType string, clientId string, clientSecret string
 		}
 	case "AzureAD":
 		idp = GothIdProvider{
-			Provider: azuread.New(clientId, clientSecret, redirectUrl, nil),
-			Session:  &azuread.Session{},
+			Provider: azureadv2.New(clientId, clientSecret, redirectUrl, azureadv2.ProviderOptions{Tenant: "common"}),
+			Session:  &azureadv2.Session{},
 		}
 	case "Bitbucket":
 		idp = GothIdProvider{
@ -202,6 +202,8 @@ func NewGothIdProvider(providerType string, clientId string, clientSecret string
 			Provider: zoom.New(clientId, clientSecret, redirectUrl),
 			Session:  &zoom.Session{},
 		}
+	default:
+		return nil
 	}

 	return &idp
--- a/idp/provider.go
+++ b/idp/provider.go
@ -98,7 +98,7 @@ func GetIdProvider(typ string, subType string, clientId string, clientSecret str
 	return nil
 }

-var gothList = []string{"Apple", "AzureAd", "Slack", "Steam"}
+var gothList = []string{"Apple", "AzureAD", "Slack", "Steam", "Line"}

 func isGothSupport(provider string) bool {
 	for _, value := range gothList {
--- a/idp/wechat.go
+++ b/idp/wechat.go
@ -16,14 +16,17 @@ package idp

 import (
 	"bytes"
+	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"net/http"
 	"net/url"
 	"strings"
 	"time"

+	"github.com/skip2/go-qrcode"
 	"golang.org/x/oauth2"
 )

@ -191,3 +194,54 @@ func (idp *WeChatIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error)
 	}
 	return &userInfo, nil
 }
+
+func GetWechatOfficialAccountAccessToken(clientId string, clientSecret string) (string, error) {
+	accessTokenUrl := fmt.Sprintf("https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=%s&secret=%s", clientId, clientSecret)
+	request, err := http.NewRequest("GET", accessTokenUrl, nil)
+	client := new(http.Client)
+	resp, err := client.Do(request)
+	respBytes, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+	var data struct {
+		ExpireIn    int    `json:"expires_in"`
+		AccessToken string `json:"access_token"`
+	}
+	err = json.Unmarshal(respBytes, &data)
+	if err != nil {
+		return "", err
+	}
+	return data.AccessToken, nil
+}
+
+func GetWechatOfficialAccountQRCode(clientId string, clientSecret string) (string, error) {
+	accessToken, err := GetWechatOfficialAccountAccessToken(clientId, clientSecret)
+	client := new(http.Client)
+	params := "{\"action_name\": \"QR_LIMIT_STR_SCENE\", \"action_info\": {\"scene\": {\"scene_str\": \"test\"}}}"
+	bodyData := bytes.NewReader([]byte(params))
+	qrCodeUrl := fmt.Sprintf("https://api.weixin.qq.com/cgi-bin/qrcode/create?access_token=%s", accessToken)
+	requeset, err := http.NewRequest("POST", qrCodeUrl, bodyData)
+	resp, err := client.Do(requeset)
+	if err != nil {
+		return "", err
+	}
+	respBytes, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+	var data struct {
+		Ticket        string `json:"ticket"`
+		ExpireSeconds int    `json:"expire_seconds"`
+		URL           string `json:"url"`
+	}
+	err = json.Unmarshal(respBytes, &data)
+	if err != nil {
+		return "", err
+	}
+
+	var png []byte
+	png, err = qrcode.Encode(data.URL, qrcode.Medium, 256)
+	base64Image := base64.StdEncoding.EncodeToString(png)
+	return base64Image, nil
+}
--- a/init_data.json.template
+++ b/init_data.json.template
@ -156,5 +156,187 @@
      "autoSync": 0,
      "lastSync": ""
    }
+  ],
+  "models": [
+    {
+      "owner": "",
+      "name": "",
+      "modelText": "",
+      "displayName": ""
+    }
+  ],
+  "permissions": [
+    {
+      "actions": [
+        ""
+      ],
+      "displayName": "",
+      "effect": "",
+      "isEnabled": true,
+      "model": "",
+      "name": "",
+      "owner": "",
+      "resourceType": "",
+      "resources": [
+        ""
+      ],
+      "roles": [
+        ""
+      ],
+      "users": [
+        ""
+      ]
+    }
+  ],
+  "payments": [
+    {
+      "currency": "",
+      "detail": "",
+      "displayName": "",
+      "invoiceRemark": "",
+      "invoiceTaxId": "",
+      "invoiceTitle": "",
+      "invoiceType": "",
+      "invoiceUrl": "",
+      "message": "",
+      "name": "",
+      "organization": "",
+      "owner": "",
+      "payUrl": "",
+      "personEmail": "",
+      "personIdCard": "",
+      "personName": "",
+      "personPhone": "",
+      "price": 0,
+      "productDisplayName": "",
+      "productName": "",
+      "provider": "",
+      "returnUrl": "",
+      "state": "",
+      "tag": "",
+      "type": "",
+      "user": ""
+    }
+  ],
+  "products": [
+    {
+      "currency": "",
+      "detail": "",
+      "displayName": "",
+      "image": "",
+      "name": "",
+      "owner": "",
+      "price": 0,
+      "providers": [
+        ""
+      ],
+      "quantity": 0,
+      "returnUrl": "",
+      "sold": 0,
+      "state": "",
+      "tag": ""
+    }
+  ],
+  "resources": [
+    {
+      "owner": "",
+      "name": "",
+      "user": "",
+      "provider": "",
+      "application": "",
+      "tag": "",
+      "parent": "",
+      "fileName": "",
+      "fileType": "",
+      "fileFormat": "",
+      "url": "",
+      "description": ""
+    }
+  ],
+  "roles": [
+    {
+      "displayName": "",
+      "isEnabled": true,
+      "name": "",
+      "owner": "",
+      "roles": [
+        ""
+      ],
+      "users": [
+        ""
+      ]
+    }
+  ],
+  "syncers": [
+    {
+      "affiliationTable": "",
+      "avatarBaseUrl": "",
+      "database": "",
+      "databaseType": "",
+      "errorText": "",
+      "host": "",
+      "isEnabled": true,
+      "name": "",
+      "organization": "",
+      "owner": "",
+      "password": "",
+      "port": 0,
+      "syncInterval": 0,
+      "table": "",
+      "tableColumns": [
+        {
+          "casdoorName": "",
+          "isHashed": true,
+          "name": "",
+          "type": "",
+          "values": [
+            ""
+          ]
+        }
+      ],
+      "tablePrimaryKey": "",
+      "type": "",
+      "user": ""
+    }
+  ],
+  "tokens": [
+    {
+      "accessToken": "",
+      "application": "",
+      "code": "",
+      "codeChallenge": "",
+      "codeExpireIn": 0,
+      "codeIsUsed": true,
+      "createdTime": "",
+      "expiresIn": 0,
+      "name": "",
+      "organization": "",
+      "owner": "",
+      "refreshToken": "",
+      "scope": "",
+      "tokenType": "",
+      "user": ""
+    }
+  ],
+  "webhooks": [
+    {
+      "contentType": "",
+      "events": [
+        ""
+      ],
+      "headers": [
+        {
+          "name": "",
+          "value": ""
+        }
+      ],
+      "isEnabled": true,
+      "isUserExtended": true,
+      "method": "",
+      "name": "",
+      "organization": "",
+      "owner": "",
+      "url": ""
+    }
  ]
 }
--- a/object/application.go
+++ b/object/application.go
@ -16,10 +16,10 @@ package object

 import (
 	"fmt"
-	"net/url"
 	"regexp"
 	"strings"

+	"github.com/casdoor/casdoor/idp"
 	"github.com/casdoor/casdoor/util"
 	"xorm.io/core"
 )
@ -50,6 +50,7 @@ type Application struct {
 	EnableCodeSignin    bool            `json:"enableCodeSignin"`
 	EnableSamlCompress  bool            `json:"enableSamlCompress"`
 	EnableWebAuthn      bool            `json:"enableWebAuthn"`
+	SamlReplyUrl        string          `xorm:"varchar(100)" json:"samlReplyUrl"`
 	Providers           []*ProviderItem `xorm:"mediumtext" json:"providers"`
 	SignupItems         []*SignupItem   `xorm:"varchar(1000)" json:"signupItems"`
 	GrantTypes          []string        `xorm:"varchar(1000)" json:"grantTypes"`
@ -84,6 +85,16 @@ func GetApplicationCount(owner, field, value string) int {
 	return int(count)
 }

+func GetOrganizationApplicationCount(owner, Organization, field, value string) int {
+	session := GetSession(owner, -1, -1, field, value, "", "")
+	count, err := session.Count(&Application{Organization: Organization})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
+}
+
 func GetApplications(owner string) []*Application {
 	applications := []*Application{}
 	err := adapter.Engine.Desc("created_time").Find(&applications, &Application{Owner: owner})
@ -94,8 +105,18 @@ func GetApplications(owner string) []*Application {
 	return applications
 }

-func GetPaginationApplications(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Application {
+func GetOrganizationApplications(owner string, organization string) []*Application {
 	applications := []*Application{}
+	err := adapter.Engine.Desc("created_time").Find(&applications, &Application{Owner: owner, Organization: organization})
+	if err != nil {
+		panic(err)
+	}
+
+	return applications
+}
+
+func GetPaginationApplications(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Application {
+	var applications []*Application
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
 	err := session.Find(&applications)
 	if err != nil {
@ -105,9 +126,10 @@ func GetPaginationApplications(owner string, offset, limit int, field, value, so
 	return applications
 }

-func GetApplicationsByOrganizationName(owner string, organization string) []*Application {
+func GetPaginationOrganizationApplications(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) []*Application {
 	applications := []*Application{}
-	err := adapter.Engine.Desc("created_time").Find(&applications, &Application{Owner: owner, Organization: organization})
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&applications, &Application{Owner: owner, Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@ -119,9 +141,11 @@ func getProviderMap(owner string) map[string]*Provider {
 	providers := GetProviders(owner)
 	m := map[string]*Provider{}
 	for _, provider := range providers {
-		//if provider.Category != "OAuth" {
-		//	continue
-		//}
+		// Get QRCode only once
+		if provider.Type == "WeChat" && provider.DisableSsl == true && provider.Content == "" {
+			provider.Content, _ = idp.GetWechatOfficialAccountQRCode(provider.ClientId2, provider.ClientSecret2)
+			UpdateProvider(provider.Owner+"/"+provider.Name, provider)
+		}

 		m[provider.Name] = GetMaskedProvider(provider)
 	}
@ -129,7 +153,7 @@ func getProviderMap(owner string) map[string]*Provider {
 }

 func extendApplicationWithProviders(application *Application) {
-	m := getProviderMap(application.Owner)
+	m := getProviderMap(application.Organization)
 	for _, providerItem := range application.Providers {
 		if provider, ok := m[providerItem.Name]; ok {
 			providerItem.Provider = provider
@ -329,56 +353,30 @@ func (application *Application) GetId() string {
 	return fmt.Sprintf("%s/%s", application.Owner, application.Name)
 }

-func CheckRedirectUriValid(application *Application, redirectUri string) bool {
-	validUri := false
-	for _, tmpUri := range application.RedirectUris {
-		tmpUriRegex := regexp.MustCompile(tmpUri)
-		if tmpUriRegex.MatchString(redirectUri) || strings.Contains(redirectUri, tmpUri) {
-			validUri = true
+func (application *Application) IsRedirectUriValid(redirectUri string) bool {
+	isValid := false
+	for _, targetUri := range application.RedirectUris {
+		targetUriRegex := regexp.MustCompile(targetUri)
+		if targetUriRegex.MatchString(redirectUri) || strings.Contains(redirectUri, targetUri) {
+			isValid = true
 			break
 		}
 	}
-	return validUri
+	return isValid
 }

-func IsAllowOrigin(origin string) bool {
-	allowOrigin := false
-	originUrl, err := url.Parse(origin)
-	if err != nil {
-		return false
-	}
-
-	rows, err := adapter.Engine.Cols("redirect_uris").Rows(&Application{})
-	if err != nil {
-		panic(err)
-	}
-
-	application := Application{}
-	for rows.Next() {
-		err := rows.Scan(&application)
-		if err != nil {
-			panic(err)
-		}
-		for _, tmpRedirectUri := range application.RedirectUris {
-			u1, err := url.Parse(tmpRedirectUri)
-			if err != nil {
-				continue
-			}
-			if u1.Scheme == originUrl.Scheme && u1.Host == originUrl.Host {
-				allowOrigin = true
-				break
-			}
-		}
-		if allowOrigin {
-			break
+func IsOriginAllowed(origin string) bool {
+	applications := GetApplications("")
+	for _, application := range applications {
+		if application.IsRedirectUriValid(origin) {
+			return true
 		}
 	}
-
-	return allowOrigin
+	return false
 }

 func getApplicationMap(organization string) map[string]*Application {
-	applications := GetApplicationsByOrganizationName("admin", organization)
+	applications := GetOrganizationApplications("admin", organization)

 	applicationMap := make(map[string]*Application)
 	for _, application := range applications {
--- a/object/application_item.go
+++ b/object/application_item.go
@ -15,7 +15,7 @@
 package object

 func (application *Application) GetProviderByCategory(category string) *Provider {
-	providers := GetProviders(application.Owner)
+	providers := GetProviders(application.Organization)
 	m := map[string]*Provider{}
 	for _, provider := range providers {
 		if provider.Category != category {
--- a/object/avatar.go
+++ b/object/avatar.go
@ -60,7 +60,7 @@ func getPermanentAvatarUrl(organization string, username string, url string, upl
 	}

 	fullFilePath := fmt.Sprintf("/avatar/%s/%s.png", organization, username)
-	uploadedFileUrl, _ := getUploadFileUrl(defaultStorageProvider, fullFilePath, false)
+	uploadedFileUrl, _ := GetUploadFileUrl(defaultStorageProvider, fullFilePath, false)

 	if upload {
 		DownloadAndUpload(url, fullFilePath)
--- a/object/casbin_adapter.go
+++ b/object/casbin_adapter.go
@ -148,34 +148,7 @@ func (casbinAdapter *CasbinAdapter) getTable() string {
 	}
 }

-func safeReturn(policy []string, i int) string {
-	if len(policy) > i {
-		return policy[i]
-	} else {
-		return ""
-	}
-}
-
-func matrixToCasbinRules(pType string, policies [][]string) []*xormadapter.CasbinRule {
-	res := []*xormadapter.CasbinRule{}
-
-	for _, policy := range policies {
-		line := xormadapter.CasbinRule{
-			Ptype: pType,
-			V0:    safeReturn(policy, 0),
-			V1:    safeReturn(policy, 1),
-			V2:    safeReturn(policy, 2),
-			V3:    safeReturn(policy, 3),
-			V4:    safeReturn(policy, 4),
-			V5:    safeReturn(policy, 5),
-		}
-		res = append(res, &line)
-	}
-
-	return res
-}
-
-func SyncPolicies(casbinAdapter *CasbinAdapter) []*xormadapter.CasbinRule {
+func initEnforcer(modelObj *Model, casbinAdapter *CasbinAdapter) (*casbin.Enforcer, error) {
 	// init Adapter
 	if casbinAdapter.Adapter == nil {
 		var dataSourceName string
@ -191,20 +164,60 @@ func SyncPolicies(casbinAdapter *CasbinAdapter) []*xormadapter.CasbinRule {
 			dataSourceName = strings.ReplaceAll(dataSourceName, "dbi.", "db.")
 		}

-		casbinAdapter.Adapter, _ = xormadapter.NewAdapterByEngineWithTableName(NewAdapter(casbinAdapter.DatabaseType, dataSourceName, casbinAdapter.Database).Engine, casbinAdapter.getTable(), "")
+		var err error
+		casbinAdapter.Adapter, err = xormadapter.NewAdapterByEngineWithTableName(NewAdapter(casbinAdapter.DatabaseType, dataSourceName, casbinAdapter.Database).Engine, casbinAdapter.getTable(), "")
+		if err != nil {
+			return nil, err
+		}
 	}

 	// init Model
-	modelObj := getModel(casbinAdapter.Owner, casbinAdapter.Model)
 	m, err := model.NewModelFromString(modelObj.ModelText)
 	if err != nil {
-		panic(err)
+		return nil, err
 	}

 	// init Enforcer
 	enforcer, err := casbin.NewEnforcer(m, casbinAdapter.Adapter)
 	if err != nil {
-		panic(err)
+		return nil, err
+	}
+
+	return enforcer, nil
+}
+
+func safeReturn(policy []string, i int) string {
+	if len(policy) > i {
+		return policy[i]
+	} else {
+		return ""
+	}
+}
+
+func matrixToCasbinRules(Ptype string, policies [][]string) []*xormadapter.CasbinRule {
+	res := []*xormadapter.CasbinRule{}
+
+	for _, policy := range policies {
+		line := xormadapter.CasbinRule{
+			Ptype: Ptype,
+			V0:    safeReturn(policy, 0),
+			V1:    safeReturn(policy, 1),
+			V2:    safeReturn(policy, 2),
+			V3:    safeReturn(policy, 3),
+			V4:    safeReturn(policy, 4),
+			V5:    safeReturn(policy, 5),
+		}
+		res = append(res, &line)
+	}
+
+	return res
+}
+
+func SyncPolicies(casbinAdapter *CasbinAdapter) ([]*xormadapter.CasbinRule, error) {
+	modelObj := getModel(casbinAdapter.Owner, casbinAdapter.Model)
+	enforcer, err := initEnforcer(modelObj, casbinAdapter)
+	if err != nil {
+		return nil, err
 	}

 	policies := matrixToCasbinRules("p", enforcer.GetPolicy())
@ -212,5 +225,48 @@ func SyncPolicies(casbinAdapter *CasbinAdapter) []*xormadapter.CasbinRule {
 		policies = append(policies, matrixToCasbinRules("g", enforcer.GetGroupingPolicy())...)
 	}

-	return policies
+	return policies, nil
+}
+
+func UpdatePolicy(oldPolicy, newPolicy []string, casbinAdapter *CasbinAdapter) (bool, error) {
+	modelObj := getModel(casbinAdapter.Owner, casbinAdapter.Model)
+	enforcer, err := initEnforcer(modelObj, casbinAdapter)
+	if err != nil {
+		return false, err
+	}
+
+	affected, err := enforcer.UpdatePolicy(oldPolicy, newPolicy)
+	if err != nil {
+		return affected, err
+	}
+	return affected, nil
+}
+
+func AddPolicy(policy []string, casbinAdapter *CasbinAdapter) (bool, error) {
+	modelObj := getModel(casbinAdapter.Owner, casbinAdapter.Model)
+	enforcer, err := initEnforcer(modelObj, casbinAdapter)
+	if err != nil {
+		return false, err
+	}
+
+	affected, err := enforcer.AddPolicy(policy)
+	if err != nil {
+		return affected, err
+	}
+	return affected, nil
+}
+
+func RemovePolicy(policy []string, casbinAdapter *CasbinAdapter) (bool, error) {
+	modelObj := getModel(casbinAdapter.Owner, casbinAdapter.Model)
+	enforcer, err := initEnforcer(modelObj, casbinAdapter)
+	if err != nil {
+		return false, err
+	}
+
+	affected, err := enforcer.RemovePolicy(policy)
+	if err != nil {
+		return affected, err
+	}
+
+	return affected, nil
 }
--- a/object/check.go
+++ b/object/check.go
@ -44,21 +44,21 @@ func init() {

 func CheckUserSignup(application *Application, organization *Organization, username string, password string, displayName string, firstName string, lastName string, email string, phone string, affiliation string, lang string) string {
 	if organization == nil {
-		return i18n.Translate(lang, "OrgErr.DoNotExist")
+		return i18n.Translate(lang, "check:Organization does not exist")
 	}

 	if application.IsSignupItemVisible("Username") {
 		if len(username) <= 1 {
-			return i18n.Translate(lang, "UserErr.NameLessThanTwoCharacters")
+			return i18n.Translate(lang, "check:Username must have at least 2 characters")
 		}
 		if unicode.IsDigit(rune(username[0])) {
-			return i18n.Translate(lang, "UserErr.NameStartWithADigitErr")
+			return i18n.Translate(lang, "check:Username cannot start with a digit")
 		}
 		if util.IsEmailValid(username) {
-			return i18n.Translate(lang, "UserErr.NameIsEmailErr")
+			return i18n.Translate(lang, "check:Username cannot be an email address")
 		}
 		if reWhiteSpace.MatchString(username) {
-			return i18n.Translate(lang, "UserErr.NameCantainWhitSpaceErr")
+			return i18n.Translate(lang, "check:Username cannot contain white spaces")
 		}
 		msg := CheckUsername(username, lang)
 		if msg != "" {
@ -66,65 +66,65 @@ func CheckUserSignup(application *Application, organization *Organization, usern
 		}

 		if HasUserByField(organization.Name, "name", username) {
-			return i18n.Translate(lang, "UserErr.NameExistedErr")
+			return i18n.Translate(lang, "check:Username already exists")
 		}
 		if HasUserByField(organization.Name, "email", email) {
-			return i18n.Translate(lang, "EmailErr.ExistedErr")
+			return i18n.Translate(lang, "check:Email already exists")
 		}
 		if HasUserByField(organization.Name, "phone", phone) {
-			return i18n.Translate(lang, "PhoneErr.ExistedErr")
+			return i18n.Translate(lang, "check:Phone already exists")
 		}
 	}

 	if len(password) <= 5 {
-		return i18n.Translate(lang, "UserErr.PasswordLessThanSixCharacters")
+		return i18n.Translate(lang, "check:Password must have at least 6 characters")
 	}

 	if application.IsSignupItemVisible("Email") {
 		if email == "" {
 			if application.IsSignupItemRequired("Email") {
-				return i18n.Translate(lang, "EmailErr.EmptyErr")
+				return i18n.Translate(lang, "check:Email cannot be empty")
 			} else {
 				return ""
 			}
 		}

 		if HasUserByField(organization.Name, "email", email) {
-			return i18n.Translate(lang, "EmailErr.ExistedErr")
+			return i18n.Translate(lang, "check:Email already exists")
 		} else if !util.IsEmailValid(email) {
-			return i18n.Translate(lang, "EmailErr.EmailInvalid")
+			return i18n.Translate(lang, "check:Email is invalid")
 		}
 	}

 	if application.IsSignupItemVisible("Phone") {
 		if phone == "" {
 			if application.IsSignupItemRequired("Phone") {
-				return i18n.Translate(lang, "PhoneErr.EmptyErr")
+				return i18n.Translate(lang, "check:Phone cannot be empty")
 			} else {
 				return ""
 			}
 		}

 		if HasUserByField(organization.Name, "phone", phone) {
-			return i18n.Translate(lang, "PhoneErr.ExistedErr")
+			return i18n.Translate(lang, "check:Phone already exists")
 		} else if organization.PhonePrefix == "86" && !util.IsPhoneCnValid(phone) {
-			return i18n.Translate(lang, "PhoneErr.NumberInvalid")
+			return i18n.Translate(lang, "check:Phone number is invalid")
 		}
 	}

 	if application.IsSignupItemVisible("Display name") {
 		if application.GetSignupItemRule("Display name") == "First, last" && (firstName != "" || lastName != "") {
 			if firstName == "" {
-				return i18n.Translate(lang, "UserErr.FirstNameBlankErr")
+				return i18n.Translate(lang, "check:FirstName cannot be blank")
 			} else if lastName == "" {
-				return i18n.Translate(lang, "UserErr.LastNameBlankErr")
+				return i18n.Translate(lang, "check:LastName cannot be blank")
 			}
 		} else {
 			if displayName == "" {
-				return i18n.Translate(lang, "UserErr.DisplayNameBlankErr")
+				return i18n.Translate(lang, "check:DisplayName cannot be blank")
 			} else if application.GetSignupItemRule("Display name") == "Real name" {
 				if !isValidRealName(displayName) {
-					return i18n.Translate(lang, "UserErr.DisplayNameInvalid")
+					return i18n.Translate(lang, "check:DisplayName is not valid real name")
 				}
 			}
 		}
@ -132,7 +132,7 @@ func CheckUserSignup(application *Application, organization *Organization, usern

 	if application.IsSignupItemVisible("Affiliation") {
 		if affiliation == "" {
-			return i18n.Translate(lang, "UserErr.AffiliationBlankErr")
+			return i18n.Translate(lang, "check:Affiliation cannot be blank")
 		}
 	}

@ -147,7 +147,7 @@ func checkSigninErrorTimes(user *User, lang string) string {

 		// deny the login if the error times is greater than the limit and the last login time is less than the duration
 		if seconds > 0 {
-			return fmt.Sprintf(i18n.Translate(lang, "AuthErr.WrongPasswordManyTimes"), seconds/60, seconds%60)
+			return fmt.Sprintf(i18n.Translate(lang, "check:You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again"), seconds/60, seconds%60)
 		}

 		// reset the error times
@ -167,7 +167,7 @@ func CheckPassword(user *User, password string, lang string) string {

 	organization := GetOrganizationByUser(user)
 	if organization == nil {
-		return i18n.Translate(lang, "OrgErr.DoNotExist")
+		return i18n.Translate(lang, "check:Organization does not exist")
 	}

 	credManager := cred.GetCredManager(organization.PasswordType)
@ -184,9 +184,9 @@ func CheckPassword(user *User, password string, lang string) string {
 			return ""
 		}

-		return recordSigninErrorInfo(user)
+		return recordSigninErrorInfo(user, lang)
 	} else {
-		return fmt.Sprintf(i18n.Translate(lang, "LoginErr.UnsupportedPasswordType"), organization.PasswordType)
+		return fmt.Sprintf(i18n.Translate(lang, "check:unsupported password type: %s"), organization.PasswordType)
 	}
 }

@ -210,7 +210,7 @@ func checkLdapUserPassword(user *User, password string, lang string) (*User, str
 		if len(searchResult.Entries) == 0 {
 			continue
 		} else if len(searchResult.Entries) > 1 {
-			return nil, i18n.Translate(lang, "LdapErr.MultipleAccounts")
+			return nil, i18n.Translate(lang, "check:Multiple accounts with same uid, please check your ldap server")
 		}

 		dn := searchResult.Entries[0].DN
@ -221,7 +221,7 @@ func checkLdapUserPassword(user *User, password string, lang string) (*User, str
 	}

 	if !ldapLoginSuccess {
-		return nil, i18n.Translate(lang, "LdapErr.PasswordWrong")
+		return nil, i18n.Translate(lang, "check:Ldap user name or password incorrect")
 	}
 	return user, ""
 }
@ -229,11 +229,11 @@ func checkLdapUserPassword(user *User, password string, lang string) (*User, str
 func CheckUserPassword(organization string, username string, password string, lang string) (*User, string) {
 	user := GetUserByFields(organization, username)
 	if user == nil || user.IsDeleted == true {
-		return nil, i18n.Translate(lang, "UserErr.DoNotExistSignUp")
+		return nil, i18n.Translate(lang, "check:The user doesn't exist")
 	}

 	if user.IsForbidden {
-		return nil, i18n.Translate(lang, "LoginErr.UserIsForbidden")
+		return nil, i18n.Translate(lang, "check:The user is forbidden to sign in, please contact the administrator")
 	}

 	if user.Ldap != "" {
@ -254,13 +254,13 @@ func filterField(field string) bool {

 func CheckUserPermission(requestUserId, userId, userOwner string, strict bool, lang string) (bool, error) {
 	if requestUserId == "" {
-		return false, fmt.Errorf(i18n.Translate(lang, "LoginErr.LoginFirst"))
+		return false, fmt.Errorf(i18n.Translate(lang, "check:Please login first"))
 	}

 	if userId != "" {
 		targetUser := GetUser(userId)
 		if targetUser == nil {
-			return false, fmt.Errorf(i18n.Translate(lang, "UserErr.DoNotExist"), userId)
+			return false, fmt.Errorf(i18n.Translate(lang, "check:The user: %s doesn't exist"), userId)
 		}

 		userOwner = targetUser.Owner
@ -272,7 +272,7 @@ func CheckUserPermission(requestUserId, userId, userOwner string, strict bool, l
 	} else {
 		requestUser := GetUser(requestUserId)
 		if requestUser == nil {
-			return false, fmt.Errorf(i18n.Translate(lang, "LoginErr.SessionOutdated"))
+			return false, fmt.Errorf(i18n.Translate(lang, "check:Session outdated, please login again"))
 		}
 		if requestUser.IsGlobalAdmin {
 			hasPermission = true
@ -287,7 +287,7 @@ func CheckUserPermission(requestUserId, userId, userOwner string, strict bool, l
 		}
 	}

-	return hasPermission, fmt.Errorf(i18n.Translate(lang, "LoginErr.NoPermission"))
+	return hasPermission, fmt.Errorf(i18n.Translate(lang, "check:You don't have the permission to do this"))
 }

 func CheckAccessPermission(userId string, application *Application) (bool, error) {
@ -313,8 +313,9 @@ func CheckAccessPermission(userId string, application *Application) (bool, error
 				return true, err
 			}
 			enforcer := getEnforcer(permission)
-			allowed, err = enforcer.Enforce(userId, application.Name, "read")
-			break
+			if allowed, err = enforcer.Enforce(userId, application.Name, "read"); allowed {
+				return allowed, err
+			}
 		}
 	}
 	return allowed, err
@ -322,9 +323,9 @@ func CheckAccessPermission(userId string, application *Application) (bool, error

 func CheckUsername(username string, lang string) string {
 	if username == "" {
-		return i18n.Translate(lang, "UserErr.NameEmptyErr")
+		return i18n.Translate(lang, "check:Empty username.")
 	} else if len(username) > 39 {
-		return i18n.Translate(lang, "UserErr.NameTooLang")
+		return i18n.Translate(lang, "check:Username is too long (maximum is 39 characters).")
 	}

 	exclude, _ := regexp.Compile("^[\u0021-\u007E]+$")
@ -335,7 +336,7 @@ func CheckUsername(username string, lang string) string {
 	// https://stackoverflow.com/questions/58726546/github-username-convention-using-regex
 	re, _ := regexp.Compile("^[a-zA-Z0-9]+((?:-[a-zA-Z0-9]+)|(?:_[a-zA-Z0-9]+))*$")
 	if !re.MatchString(username) {
-		return i18n.Translate(lang, "UserErr.NameFormatErr")
+		return i18n.Translate(lang, "check:The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.")
 	}

 	return ""
--- a/object/check_util.go
+++ b/object/check_util.go
@ -18,6 +18,8 @@ import (
 	"fmt"
 	"regexp"
 	"time"
+
+	"github.com/casdoor/casdoor/i18n"
 )

 var reRealName *regexp.Regexp
@ -43,7 +45,7 @@ func resetUserSigninErrorTimes(user *User) {
 	UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, user.IsGlobalAdmin)
 }

-func recordSigninErrorInfo(user *User) string {
+func recordSigninErrorInfo(user *User, lang string) string {
 	// increase failed login count
 	user.SigninWrongTimes++

@ -56,9 +58,9 @@ func recordSigninErrorInfo(user *User) string {
 	UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, user.IsGlobalAdmin)
 	leftChances := SigninWrongTimesLimit - user.SigninWrongTimes
 	if leftChances > 0 {
-		return fmt.Sprintf("password is incorrect, you have %d remaining chances", leftChances)
+		return fmt.Sprintf(i18n.Translate(lang, "check_util:password is incorrect, you have %d remaining chances"), leftChances)
 	}

 	// don't show the chance error message if the user has no chance left
-	return fmt.Sprintf("You have entered the wrong password too many times, please wait for %d minutes and try again", int(LastSignWrongTimeDuration.Minutes()))
+	return fmt.Sprintf(i18n.Translate(lang, "check_util:You have entered the wrong password too many times, please wait for %d minutes and try again"), int(LastSignWrongTimeDuration.Minutes()))
 }
--- a/object/init.go
+++ b/object/init.go
@ -58,6 +58,8 @@ func initBuiltInOrganization() bool {
 		PhonePrefix:   "86",
 		DefaultAvatar: fmt.Sprintf("%s/img/casbin.svg", conf.GetConfigString("staticBaseUrl")),
 		Tags:          []string{},
+		Languages:     []string{"en", "zh", "es", "fr", "de", "ja", "ko", "ru"},
+		InitScore:     2000,
 		AccountItems: []*AccountItem{
 			{Name: "Organization", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
 			{Name: "ID", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
@ -157,7 +159,7 @@ func initBuiltInApplication() {
 		},
 		RedirectUris:  []string{},
 		ExpireInHours: 168,
-		FormOffset:    8,
+		FormOffset:    2,
 	}
 	AddApplication(application)
 }
@ -221,7 +223,7 @@ func initBuiltInLdap() {
 }

 func initBuiltInProvider() {
-	provider := GetProvider("admin/provider_captcha_default")
+	provider := GetProvider(util.GetId("admin", "provider_captcha_default"))
 	if provider != nil {
 		return
 	}
--- a/object/init_data.go
+++ b/object/init_data.go
@ -23,6 +23,15 @@ type InitData struct {
 	Certs         []*Cert         `json:"certs"`
 	Providers     []*Provider     `json:"providers"`
 	Ldaps         []*Ldap         `json:"ldaps"`
+	Models        []*Model        `json:"models"`
+	Permissions   []*Permission   `json:"permissions"`
+	Payments      []*Payment      `json:"payments"`
+	Products      []*Product      `json:"products"`
+	Resources     []*Resource     `json:"resources"`
+	Roles         []*Role         `json:"roles"`
+	Syncers       []*Syncer       `json:"syncers"`
+	Tokens        []*Token        `json:"tokens"`
+	Webhooks      []*Webhook      `json:"webhooks"`
 }

 func InitFromFile() {
@ -46,6 +55,33 @@ func InitFromFile() {
 		for _, ldap := range initData.Ldaps {
 			initDefinedLdap(ldap)
 		}
+		for _, model := range initData.Models {
+			initDefinedModel(model)
+		}
+		for _, permission := range initData.Permissions {
+			initDefinedPermission(permission)
+		}
+		for _, payment := range initData.Payments {
+			initDefinedPayment(payment)
+		}
+		for _, product := range initData.Products {
+			initDefinedProduct(product)
+		}
+		for _, resource := range initData.Resources {
+			initDefinedResource(resource)
+		}
+		for _, role := range initData.Roles {
+			initDefinedRole(role)
+		}
+		for _, syncer := range initData.Syncers {
+			initDefinedSyncer(syncer)
+		}
+		for _, token := range initData.Tokens {
+			initDefinedToken(token)
+		}
+		for _, webhook := range initData.Webhooks {
+			initDefinedWebhook(webhook)
+		}
 	}
 }

@ -63,6 +99,15 @@ func readInitDataFromFile(filePath string) *InitData {
 		Certs:         []*Cert{},
 		Providers:     []*Provider{},
 		Ldaps:         []*Ldap{},
+		Models:        []*Model{},
+		Permissions:   []*Permission{},
+		Payments:      []*Payment{},
+		Products:      []*Product{},
+		Resources:     []*Resource{},
+		Roles:         []*Role{},
+		Syncers:       []*Syncer{},
+		Tokens:        []*Token{},
+		Webhooks:      []*Webhook{},
 	}
 	err := util.JsonToStruct(s, data)
 	if err != nil {
@ -89,6 +134,41 @@ func readInitDataFromFile(filePath string) *InitData {
 			application.RedirectUris = []string{}
 		}
 	}
+	for _, permission := range data.Permissions {
+		if permission.Actions == nil {
+			permission.Actions = []string{}
+		}
+		if permission.Resources == nil {
+			permission.Resources = []string{}
+		}
+		if permission.Roles == nil {
+			permission.Roles = []string{}
+		}
+		if permission.Users == nil {
+			permission.Users = []string{}
+		}
+	}
+	for _, role := range data.Roles {
+		if role.Roles == nil {
+			role.Roles = []string{}
+		}
+		if role.Users == nil {
+			role.Users = []string{}
+		}
+	}
+	for _, syncer := range data.Syncers {
+		if syncer.TableColumns == nil {
+			syncer.TableColumns = []*TableColumn{}
+		}
+	}
+	for _, webhook := range data.Webhooks {
+		if webhook.Events == nil {
+			webhook.Events = []string{}
+		}
+		if webhook.Headers == nil {
+			webhook.Headers = []*Header{}
+		}
+	}

 	return data
 }
@ -168,9 +248,90 @@ func initDefinedLdap(ldap *Ldap) {
 }

 func initDefinedProvider(provider *Provider) {
-	existed := GetProvider(provider.GetId())
+	existed := GetProvider(util.GetId("admin", provider.Name))
 	if existed != nil {
 		return
 	}
 	AddProvider(provider)
 }
+
+func initDefinedModel(model *Model) {
+	existed := GetModel(model.GetId())
+	if existed != nil {
+		return
+	}
+	model.CreatedTime = util.GetCurrentTime()
+	AddModel(model)
+}
+
+func initDefinedPermission(permission *Permission) {
+	existed := GetPermission(permission.GetId())
+	if existed != nil {
+		return
+	}
+	permission.CreatedTime = util.GetCurrentTime()
+	AddPermission(permission)
+}
+
+func initDefinedPayment(payment *Payment) {
+	existed := GetPayment(payment.GetId())
+	if existed != nil {
+		return
+	}
+	payment.CreatedTime = util.GetCurrentTime()
+	AddPayment(payment)
+}
+
+func initDefinedProduct(product *Product) {
+	existed := GetProduct(product.GetId())
+	if existed != nil {
+		return
+	}
+	product.CreatedTime = util.GetCurrentTime()
+	AddProduct(product)
+}
+
+func initDefinedResource(resource *Resource) {
+	existed := GetResource(resource.GetId())
+	if existed != nil {
+		return
+	}
+	resource.CreatedTime = util.GetCurrentTime()
+	AddResource(resource)
+}
+
+func initDefinedRole(role *Role) {
+	existed := GetRole(role.GetId())
+	if existed != nil {
+		return
+	}
+	role.CreatedTime = util.GetCurrentTime()
+	AddRole(role)
+}
+
+func initDefinedSyncer(syncer *Syncer) {
+	existed := GetSyncer(syncer.GetId())
+	if existed != nil {
+		return
+	}
+	syncer.CreatedTime = util.GetCurrentTime()
+	AddSyncer(syncer)
+}
+
+func initDefinedToken(token *Token) {
+	existed := GetToken(token.GetId())
+	if existed != nil {
+		return
+	}
+	token.CreatedTime = util.GetCurrentTime()
+	AddToken(token)
+}
+
+func initDefinedWebhook(webhook *Webhook) {
+	existed := GetWebhook(webhook.GetId())
+	if existed != nil {
+		return
+	}
+	webhook.CreatedTime = util.GetCurrentTime()
+	AddWebhook(webhook)
+}
--- a/object/oidc_discovery.go
+++ b/object/oidc_discovery.go
@ -76,7 +76,7 @@ func GetOidcDiscovery(host string) OidcDiscovery {
 		JwksUri:                                fmt.Sprintf("%s/.well-known/jwks", originBackend),
 		IntrospectionEndpoint:                  fmt.Sprintf("%s/api/login/oauth/introspect", originBackend),
 		ResponseTypesSupported:                 []string{"code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token", "none"},
-		ResponseModesSupported:                 []string{"login", "code", "link"},
+		ResponseModesSupported:                 []string{"query", "fragment", "login", "code", "link"},
 		GrantTypesSupported:                    []string{"password", "authorization_code"},
 		SubjectTypesSupported:                  []string{"public"},
 		IdTokenSigningAlgValuesSupported:       []string{"RS256"},
--- a/object/organization.go
+++ b/object/organization.go
@ -45,7 +45,9 @@ type Organization struct {
 	DefaultAvatar      string   `xorm:"varchar(100)" json:"defaultAvatar"`
 	DefaultApplication string   `xorm:"varchar(100)" json:"defaultApplication"`
 	Tags               []string `xorm:"mediumtext" json:"tags"`
+	Languages          []string `xorm:"varchar(255)" json:"languages"`
 	MasterPassword     string   `xorm:"varchar(100)" json:"masterPassword"`
+	InitScore          int      `json:"initScore"`
 	EnableSoftDeletion bool     `json:"enableSoftDeletion"`
 	IsProfilePublic    bool     `json:"isProfilePublic"`

@ -203,14 +205,14 @@ func CheckAccountItemModifyRule(accountItem *AccountItem, user *User, lang strin
 	switch accountItem.ModifyRule {
 	case "Admin":
 		if !(user.IsAdmin || user.IsGlobalAdmin) {
-			return false, fmt.Sprintf(i18n.Translate(lang, "OrgErr.OnlyAdmin"), accountItem.Name)
+			return false, fmt.Sprintf(i18n.Translate(lang, "organization:Only admin can modify the %s."), accountItem.Name)
 		}
 	case "Immutable":
-		return false, fmt.Sprintf(i18n.Translate(lang, "OrgErr.Immutable"), accountItem.Name)
+		return false, fmt.Sprintf(i18n.Translate(lang, "organization:The %s is immutable."), accountItem.Name)
 	case "Self":
 		break
 	default:
-		return false, fmt.Sprintf(i18n.Translate(lang, "OrgErr.UnknownModifyRule"), accountItem.ModifyRule)
+		return false, fmt.Sprintf(i18n.Translate(lang, "organization:Unknown modify rule %s."), accountItem.ModifyRule)
 	}
 	return true, ""
 }
@ -222,7 +224,12 @@ func GetDefaultApplication(id string) (*Application, error) {
 	}

 	if organization.DefaultApplication != "" {
-		return getApplication("admin", organization.DefaultApplication), fmt.Errorf("The default application: %s does not exist", organization.DefaultApplication)
+		defaultApplication := getApplication("admin", organization.DefaultApplication)
+		if defaultApplication == nil {
+			return nil, fmt.Errorf("The default application: %s does not exist", organization.DefaultApplication)
+		} else {
+			return defaultApplication, nil
+		}
 	}

 	applications := []*Application{}
--- a/object/payment.go
+++ b/object/payment.go
@ -35,7 +35,7 @@ type Payment struct {
 	ProductName        string `xorm:"varchar(100)" json:"productName"`
 	ProductDisplayName string `xorm:"varchar(100)" json:"productDisplayName"`

-	Detail   string  `xorm:"varchar(100)" json:"detail"`
+	Detail   string  `xorm:"varchar(255)" json:"detail"`
 	Tag      string  `xorm:"varchar(100)" json:"tag"`
 	Currency string  `xorm:"varchar(100)" json:"currency"`
 	Price    float64 `json:"price"`
--- a/object/permission.go
+++ b/object/permission.go
@ -111,7 +111,27 @@ func GetPermission(id string) *Permission {
 	return getPermission(owner, name)
 }

+// checkPermissionValid verifies if the permission is valid
+func checkPermissionValid(permission *Permission) {
+	enforcer := getEnforcer(permission)
+	enforcer.EnableAutoSave(false)
+	policies, groupingPolicies := getPolicies(permission)
+
+	if len(groupingPolicies) > 0 {
+		_, err := enforcer.AddGroupingPolicies(groupingPolicies)
+		if err != nil {
+			panic(err)
+		}
+	}
+
+	_, err := enforcer.AddPolicies(policies)
+	if err != nil {
+		panic(err)
+	}
+}
+
 func UpdatePermission(id string, permission *Permission) bool {
+	checkPermissionValid(permission)
 	owner, name := util.GetOwnerAndNameFromId(id)
 	oldPermission := getPermission(owner, name)
 	if oldPermission == nil {
--- a/object/permission_enforcer.go
+++ b/object/permission_enforcer.go
@ -29,7 +29,9 @@ func getEnforcer(permission *Permission) *casbin.Enforcer {
 		tableName = permission.Adapter
 	}
 	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
-	adapter, err := xormadapter.NewAdapterWithTableName(conf.GetConfigString("driverName"), conf.GetConfigDataSourceName()+conf.GetConfigString("dbName"), tableName, tableNamePrefix, true)
+	driverName := conf.GetConfigString("driverName")
+	dataSourceName := conf.GetConfigRealDataSourceName(driverName)
+	adapter, err := xormadapter.NewAdapterWithTableName(driverName, dataSourceName, tableName, tableNamePrefix, true)
 	if err != nil {
 		panic(err)
 	}
@ -39,7 +41,7 @@ func getEnforcer(permission *Permission) *casbin.Enforcer {
 r = sub, obj, act

 [policy_definition]
-p = sub, obj, act
+p = sub, obj, act, "", "", permissionId

 [role_definition]
 g = _, _
@ -63,22 +65,27 @@ m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act`
 		panic(err)
 	}

+	// load Policy with a specific Permission
+	enforcer.LoadFilteredPolicy(xormadapter.Filter{
+		V5: []string{permission.Owner + "/" + permission.Name},
+	})
 	return enforcer
 }

 func getPolicies(permission *Permission) ([][]string, [][]string) {
 	var policies [][]string
 	var groupingPolicies [][]string
+	permissionId := permission.Owner + "/" + permission.Name
 	domainExist := len(permission.Domains) > 0
 	for _, user := range permission.Users {
 		for _, resource := range permission.Resources {
 			for _, action := range permission.Actions {
 				if domainExist {
 					for _, domain := range permission.Domains {
-						policies = append(policies, []string{user, domain, resource, strings.ToLower(action)})
+						policies = append(policies, []string{user, domain, resource, strings.ToLower(action), "", permissionId})
 					}
 				} else {
-					policies = append(policies, []string{user, resource, strings.ToLower(action)})
+					policies = append(policies, []string{user, resource, strings.ToLower(action), "", "", permissionId})
 				}
 			}
 		}
@ -88,29 +95,29 @@ func getPolicies(permission *Permission) ([][]string, [][]string) {
 		for _, subUser := range roleObj.Users {
 			if domainExist {
 				for _, domain := range permission.Domains {
-					groupingPolicies = append(groupingPolicies, []string{subUser, domain, role})
+					groupingPolicies = append(groupingPolicies, []string{subUser, domain, role, "", "", permissionId})
 				}
 			} else {
-				groupingPolicies = append(groupingPolicies, []string{subUser, role})
+				groupingPolicies = append(groupingPolicies, []string{subUser, role, "", "", "", permissionId})
 			}
 		}
 		for _, subRole := range roleObj.Roles {
 			if domainExist {
 				for _, domain := range permission.Domains {
-					groupingPolicies = append(groupingPolicies, []string{subRole, domain, role})
+					groupingPolicies = append(groupingPolicies, []string{subRole, domain, role, "", "", permissionId})
 				}
 			} else {
-				groupingPolicies = append(groupingPolicies, []string{subRole, role})
+				groupingPolicies = append(groupingPolicies, []string{subRole, role, "", "", "", permissionId})
 			}
 		}
 		for _, resource := range permission.Resources {
 			for _, action := range permission.Actions {
 				if domainExist {
 					for _, domain := range permission.Domains {
-						policies = append(policies, []string{role, domain, resource, strings.ToLower(action)})
+						policies = append(policies, []string{role, domain, resource, strings.ToLower(action), "", permissionId})
 					}
 				} else {
-					policies = append(policies, []string{role, resource, strings.ToLower(action)})
+					policies = append(policies, []string{role, resource, strings.ToLower(action), "", "", permissionId})
 				}
 			}
 		}
@ -152,20 +159,29 @@ func removePolicies(permission *Permission) {
 	}
 }

-func Enforce(userId string, permissionRule *PermissionRule) bool {
+func Enforce(permissionRule *PermissionRule) bool {
 	permission := GetPermission(permissionRule.Id)
 	enforcer := getEnforcer(permission)
-	allow, err := enforcer.Enforce(userId, permissionRule.V1, permissionRule.V2)
+
+	request := []interface{}{permissionRule.V0, permissionRule.V1, permissionRule.V2}
+	if permissionRule.V3 != "" {
+		request = append(request, permissionRule.V3)
+	}
+	allow, err := enforcer.Enforce(request...)
 	if err != nil {
 		panic(err)
 	}
 	return allow
 }

-func BatchEnforce(userId string, permissionRules []PermissionRule) []bool {
+func BatchEnforce(permissionRules []PermissionRule) []bool {
 	var requests [][]interface{}
 	for _, permissionRule := range permissionRules {
-		requests = append(requests, []interface{}{userId, permissionRule.V1, permissionRule.V2})
+		if permissionRule.V3 != "" {
+			requests = append(requests, []interface{}{permissionRule.V0, permissionRule.V1, permissionRule.V2, permissionRule.V3})
+		} else {
+			requests = append(requests, []interface{}{permissionRule.V0, permissionRule.V1, permissionRule.V2})
+		}
 	}
 	permission := GetPermission(permissionRules[0].Id)
 	enforcer := getEnforcer(permission)
--- a/object/product.go
+++ b/object/product.go
@ -27,15 +27,16 @@ type Product struct {
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
 	DisplayName string `xorm:"varchar(100)" json:"displayName"`

-	Image     string   `xorm:"varchar(100)" json:"image"`
-	Detail    string   `xorm:"varchar(100)" json:"detail"`
-	Tag       string   `xorm:"varchar(100)" json:"tag"`
-	Currency  string   `xorm:"varchar(100)" json:"currency"`
-	Price     float64  `json:"price"`
-	Quantity  int      `json:"quantity"`
-	Sold      int      `json:"sold"`
-	Providers []string `xorm:"varchar(100)" json:"providers"`
-	ReturnUrl string   `xorm:"varchar(1000)" json:"returnUrl"`
+	Image       string   `xorm:"varchar(100)" json:"image"`
+	Detail      string   `xorm:"varchar(255)" json:"detail"`
+	Description string   `xorm:"varchar(100)" json:"description"`
+	Tag         string   `xorm:"varchar(100)" json:"tag"`
+	Currency    string   `xorm:"varchar(100)" json:"currency"`
+	Price       float64  `json:"price"`
+	Quantity    int      `json:"quantity"`
+	Sold        int      `json:"sold"`
+	Providers   []string `xorm:"varchar(100)" json:"providers"`
+	ReturnUrl   string   `xorm:"varchar(1000)" json:"returnUrl"`

 	State string `xorm:"varchar(100)" json:"state"`

@ -213,6 +214,10 @@ func BuyProduct(id string, providerName string, user *User, host string) (string
 }

 func ExtendProductWithProviders(product *Product) {
+	if product == nil {
+		return
+	}
+
 	product.ProviderObjs = []*Provider{}

 	m := getProviderMap(product.Owner)
--- a/object/provider.go
+++ b/object/provider.go
@ -25,7 +25,7 @@ import (

 type Provider struct {
 	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
-	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
+	Name        string `xorm:"varchar(100) notnull pk unique" json:"name"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`

 	DisplayName       string `xorm:"varchar(100)" json:"displayName"`
@ -46,9 +46,9 @@ type Provider struct {

 	Host       string `xorm:"varchar(100)" json:"host"`
 	Port       int    `json:"port"`
-	DisableSsl bool   `json:"disableSsl"`
+	DisableSsl bool   `json:"disableSsl"` // If the provider type is WeChat, DisableSsl means EnableQRCode
 	Title      string `xorm:"varchar(100)" json:"title"`
-	Content    string `xorm:"varchar(1000)" json:"content"`
+	Content    string `xorm:"varchar(1000)" json:"content"` // If provider type is WeChat, Content means QRCode string by Base64 encoding
 	Receiver   string `xorm:"varchar(100)" json:"receiver"`

 	RegionId     string `xorm:"varchar(100)" json:"regionId"`
@ -93,8 +93,8 @@ func GetMaskedProviders(providers []*Provider) []*Provider {
 }

 func GetProviderCount(owner, field, value string) int {
-	session := GetSession(owner, -1, -1, field, value, "", "")
-	count, err := session.Count(&Provider{})
+	session := GetSession("", -1, -1, field, value, "", "")
+	count, err := session.Where("owner = ? or owner = ? ", "admin", owner).Count(&Provider{})
 	if err != nil {
 		panic(err)
 	}
@ -114,7 +114,7 @@ func GetGlobalProviderCount(field, value string) int {

 func GetProviders(owner string) []*Provider {
 	providers := []*Provider{}
-	err := adapter.Engine.Desc("created_time").Find(&providers, &Provider{Owner: owner})
+	err := adapter.Engine.Where("owner = ? or owner = ? ", "admin", owner).Desc("created_time").Find(&providers, &Provider{})
 	if err != nil {
 		panic(err)
 	}
@ -133,9 +133,9 @@ func GetGlobalProviders() []*Provider {
 }

 func GetPaginationProviders(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Provider {
-	var providers []*Provider
-	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&providers)
+	providers := []*Provider{}
+	session := GetSession("", offset, limit, field, value, sortField, sortOrder)
+	err := session.Where("owner = ? or owner = ? ", "admin", owner).Find(&providers)
 	if err != nil {
 		panic(err)
 	}
@ -144,7 +144,7 @@ func GetPaginationProviders(owner string, offset, limit int, field, value, sortF
 }

 func GetPaginationGlobalProviders(offset, limit int, field, value, sortField, sortOrder string) []*Provider {
-	var providers []*Provider
+	providers := []*Provider{}
 	session := GetSession("", offset, limit, field, value, sortField, sortOrder)
 	err := session.Find(&providers)
 	if err != nil {
@ -159,7 +159,7 @@ func getProvider(owner string, name string) *Provider {
 		return nil
 	}

-	provider := Provider{Owner: owner, Name: name}
+	provider := Provider{Name: name}
 	existed, err := adapter.Engine.Get(&provider)
 	if err != nil {
 		panic(err)
@ -277,7 +277,7 @@ func GetCaptchaProviderByOwnerName(applicationId, lang string) (*Provider, error
 	}

 	if !existed {
-		return nil, fmt.Errorf(i18n.Translate(lang, "ProviderErr.DoNotExist"), applicationId)
+		return nil, fmt.Errorf(i18n.Translate(lang, "provider:the provider: %s does not exist"), applicationId)
 	}

 	return &provider, nil
@ -289,7 +289,7 @@ func GetCaptchaProviderByApplication(applicationId, isCurrentProvider, lang stri
 	}
 	application := GetApplication(applicationId)
 	if application == nil || len(application.Providers) == 0 {
-		return nil, fmt.Errorf(i18n.Translate(lang, "ApplicationErr.InvalidID"))
+		return nil, fmt.Errorf(i18n.Translate(lang, "provider:Invalid application id"))
 	}
 	for _, provider := range application.Providers {
 		if provider.Provider == nil {
--- a/object/provider_item.go
+++ b/object/provider_item.go
@ -15,7 +15,9 @@
 package object

 type ProviderItem struct {
-	Name      string    `json:"name"`
+	Owner string `json:"owner"`
+	Name  string `json:"name"`
+
 	CanSignUp bool      `json:"canSignUp"`
 	CanSignIn bool      `json:"canSignIn"`
 	CanUnlink bool      `json:"canUnlink"`
--- a/object/resource.go
+++ b/object/resource.go
@ -23,7 +23,7 @@ import (

 type Resource struct {
 	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
-	Name        string `xorm:"varchar(250) notnull pk" json:"name"`
+	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`

 	User        string `xorm:"varchar(100)" json:"user"`
@ -31,12 +31,12 @@ type Resource struct {
 	Application string `xorm:"varchar(100)" json:"application"`
 	Tag         string `xorm:"varchar(100)" json:"tag"`
 	Parent      string `xorm:"varchar(100)" json:"parent"`
-	FileName    string `xorm:"varchar(1000)" json:"fileName"`
+	FileName    string `xorm:"varchar(255)" json:"fileName"`
 	FileType    string `xorm:"varchar(100)" json:"fileType"`
 	FileFormat  string `xorm:"varchar(100)" json:"fileFormat"`
 	FileSize    int    `json:"fileSize"`
-	Url         string `xorm:"varchar(1000)" json:"url"`
-	Description string `xorm:"varchar(1000)" json:"description"`
+	Url         string `xorm:"varchar(255)" json:"url"`
+	Description string `xorm:"varchar(255)" json:"description"`
 }

 func GetResourceCount(owner, user, field, value string) int {
--- a/object/saml_idp.go
+++ b/object/saml_idp.go
@ -240,8 +240,8 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 	}

 	// verify samlRequest
-	if valid := CheckRedirectUriValid(application, authnRequest.Issuer.Url); !valid {
-		return "", "", fmt.Errorf("err: invalid issuer url")
+	if isValid := application.IsRedirectUriValid(authnRequest.Issuer.Url); !isValid {
+		return "", "", fmt.Errorf("err: Issuer URI: %s doesn't exist in the allowed Redirect URI list", authnRequest.Issuer.Url)
 	}

 	// get certificate string
@ -251,6 +251,11 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h

 	_, originBackend := getOriginFromHost(host)

+	// redirect Url (Assertion Consumer Url)
+	if application.SamlReplyUrl != "" {
+		authnRequest.AssertionConsumerServiceURL = application.SamlReplyUrl
+	}
+
 	// build signedResponse
 	samlResponse, _ := NewSamlResponse(user, originBackend, certificate, authnRequest.AssertionConsumerServiceURL, authnRequest.Issuer.Url, authnRequest.ID, application.RedirectUris)
 	randomKeyStore := &X509Key{
--- a/object/saml_sp.go
+++ b/object/saml_sp.go
@ -45,7 +45,7 @@ func ParseSamlResponse(samlResponse string, providerType string) (string, error)
 func GenerateSamlLoginUrl(id, relayState, lang string) (string, string, error) {
 	provider := GetProvider(id)
 	if provider.Category != "SAML" {
-		return "", "", fmt.Errorf(i18n.Translate(lang, "ProviderErr.CategoryNotSAML"), provider.Name)
+		return "", "", fmt.Errorf(i18n.Translate(lang, "saml_sp:provider %s's category is not SAML"), provider.Name)
 	}
 	sp, err := buildSp(provider, "")
 	if err != nil {
--- a/object/storage.go
+++ b/object/storage.go
@ -54,7 +54,7 @@ func escapePath(path string) string {
 	return res
 }

-func getUploadFileUrl(provider *Provider, fullFilePath string, hasTimestamp bool) (string, string) {
+func GetUploadFileUrl(provider *Provider, fullFilePath string, hasTimestamp bool) (string, string) {
 	escapedPath := util.UrlJoin(provider.PathPrefix, escapePath(fullFilePath))
 	objectKey := util.UrlJoin(util.GetUrlPath(provider.Domain), escapedPath)

@ -93,7 +93,7 @@ func uploadFile(provider *Provider, fullFilePath string, fileBuffer *bytes.Buffe
 		UpdateProvider(provider.GetId(), provider)
 	}

-	fileUrl, objectKey := getUploadFileUrl(provider, fullFilePath, true)
+	fileUrl, objectKey := GetUploadFileUrl(provider, fullFilePath, true)

 	_, err := storageProvider.Put(objectKey, fileBuffer)
 	if err != nil {
@ -130,13 +130,13 @@ func UploadFileSafe(provider *Provider, fullFilePath string, fileBuffer *bytes.B
 func DeleteFile(provider *Provider, objectKey string, lang string) error {
 	// check fullFilePath is there security issue
 	if strings.Contains(objectKey, "..") {
-		return fmt.Errorf(i18n.Translate(lang, "StorageErr.ObjectKeyNotAllowed"), objectKey)
+		return fmt.Errorf(i18n.Translate(lang, "storage:The objectKey: %s is not allowed"), objectKey)
 	}

 	endpoint := getProviderEndpoint(provider)
 	storageProvider := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, endpoint)
 	if storageProvider == nil {
-		return fmt.Errorf(i18n.Translate(lang, "ProviderErr.ProviderNotSupported"), provider.Type)
+		return fmt.Errorf(i18n.Translate(lang, "storage:The provider type: %s is not supported"), provider.Type)
 	}

 	if provider.Domain == "" {
--- a/object/token.go
+++ b/object/token.go
@ -18,7 +18,6 @@ import (
 	"crypto/sha256"
 	"encoding/base64"
 	"fmt"
-	"strings"
 	"time"

 	"github.com/casdoor/casdoor/i18n"
@ -169,6 +168,10 @@ func GetToken(id string) *Token {
 	return getToken(owner, name)
 }

+func (token *Token) GetId() string {
+	return fmt.Sprintf("%s/%s", token.Owner, token.Name)
+}
+
 func UpdateToken(id string, token *Token) bool {
 	owner, name := util.GetOwnerAndNameFromId(id)
 	if getToken(owner, name) == nil {
@ -241,23 +244,16 @@ func GetTokenByTokenAndApplication(token string, application string) *Token {

 func CheckOAuthLogin(clientId string, responseType string, redirectUri string, scope string, state string, lang string) (string, *Application) {
 	if responseType != "code" && responseType != "token" && responseType != "id_token" {
-		return fmt.Sprintf(i18n.Translate(lang, "ApplicationErr.GrantTypeNotSupport"), responseType), nil
+		return fmt.Sprintf(i18n.Translate(lang, "token:Grant_type: %s is not supported in this application"), responseType), nil
 	}

 	application := GetApplicationByClientId(clientId)
 	if application == nil {
-		return i18n.Translate(lang, "TokenErr.InvalidClientId"), nil
+		return i18n.Translate(lang, "token:Invalid client_id"), nil
 	}

-	validUri := false
-	for _, tmpUri := range application.RedirectUris {
-		if strings.Contains(redirectUri, tmpUri) {
-			validUri = true
-			break
-		}
-	}
-	if !validUri {
-		return fmt.Sprintf(i18n.Translate(lang, "TokenErr.RedirectURIDoNotExist"), redirectUri), application
+	if !application.IsRedirectUriValid(redirectUri) {
+		return fmt.Sprintf(i18n.Translate(lang, "token:Redirect URI: %s doesn't exist in the allowed Redirect URI list"), redirectUri), application
 	}

 	// Mask application for /api/get-app-login
@ -269,7 +265,7 @@ func GetOAuthCode(userId string, clientId string, responseType string, redirectU
 	user := GetUser(userId)
 	if user == nil {
 		return &Code{
-			Message: fmt.Sprintf("The user: %s doesn't exist", userId),
+			Message: fmt.Sprintf("token:The user: %s doesn't exist", userId),
 			Code:    "",
 		}
 	}
@ -678,7 +674,7 @@ func GetWechatMiniProgramToken(application *Application, code string, host strin
 			ErrorDescription: "the application does not support wechat mini program",
 		}
 	}
-	provider := GetProvider(util.GetId(mpProvider.Name))
+	provider := GetProvider(util.GetId("admin", mpProvider.Name))
 	mpIdp := idp.NewWeChatMiniProgramIdProvider(provider.ClientId, provider.ClientSecret)
 	session, err := mpIdp.GetSessionByCode(code)
 	if err != nil {
--- a/object/token_jwt.go
+++ b/object/token_jwt.go
@ -24,9 +24,10 @@ import (

 type Claims struct {
 	*User
-	Nonce string `json:"nonce,omitempty"`
-	Tag   string `json:"tag,omitempty"`
-	Scope string `json:"scope,omitempty"`
+	TokenType string `json:"tokenType,omitempty"`
+	Nonce     string `json:"nonce,omitempty"`
+	Tag       string `json:"tag,omitempty"`
+	Scope     string `json:"scope,omitempty"`
 	jwt.RegisteredClaims
 }

@ -37,8 +38,9 @@ type UserShort struct {

 type ClaimsShort struct {
 	*UserShort
-	Nonce string `json:"nonce,omitempty"`
-	Scope string `json:"scope,omitempty"`
+	TokenType string `json:"tokenType,omitempty"`
+	Nonce     string `json:"nonce,omitempty"`
+	Scope     string `json:"scope,omitempty"`
 	jwt.RegisteredClaims
 }

@ -53,6 +55,7 @@ func getShortUser(user *User) *UserShort {
 func getShortClaims(claims Claims) ClaimsShort {
 	res := ClaimsShort{
 		UserShort:        getShortUser(claims.User),
+		TokenType:        claims.TokenType,
 		Nonce:            claims.Nonce,
 		Scope:            claims.Scope,
 		RegisteredClaims: claims.RegisteredClaims,
@ -72,8 +75,9 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 	jti := fmt.Sprintf("%s/%s", application.Owner, name)

 	claims := Claims{
-		User:  user,
-		Nonce: nonce,
+		User:      user,
+		TokenType: "access-token",
+		Nonce:     nonce,
 		// FIXME: A workaround for custom claim by reusing `tag` in user info
 		Tag:   user.Tag,
 		Scope: scope,
@ -97,10 +101,12 @@ func generateJwtToken(application *Application, user *User, nonce string, scope

 		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsShort)
 		claimsShort.ExpiresAt = jwt.NewNumericDate(refreshExpireTime)
+		claimsShort.TokenType = "refresh-token"
 		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, claimsShort)
 	} else {
 		token = jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
 		claims.ExpiresAt = jwt.NewNumericDate(refreshExpireTime)
+		claims.TokenType = "refresh-token"
 		refreshToken = jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
 	}

--- a/object/user.go
+++ b/object/user.go
@ -102,6 +102,7 @@ type User struct {
 	Bilibili string `xorm:"bilibili varchar(100)" json:"bilibili"`
 	Okta     string `xorm:"okta varchar(100)" json:"okta"`
 	Douyin   string `xorm:"douyin varchar(100)" json:"douyin"`
+	Line     string `xorm:"line varchar(100)" json:"line"`
 	Custom   string `xorm:"custom varchar(100)" json:"custom"`

 	WebauthnCredentials []webauthn.Credential `xorm:"webauthnCredentials blob" json:"webauthnCredentials"`
--- a/object/verification.go
+++ b/object/verification.go
@ -41,38 +41,7 @@ type VerificationRecord struct {
 	IsUsed     bool
 }

-func SendVerificationCodeToEmail(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
-	if provider == nil {
-		return fmt.Errorf("please set an Email provider first")
-	}
-
-	sender := organization.DisplayName
-	title := provider.Title
-	code := getRandomCode(6)
-	// "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes."
-	content := fmt.Sprintf(provider.Content, code)
-
-	if err := SendEmail(provider, title, content, dest, sender); err != nil {
-		return err
-	}
-
-	return AddToVerificationRecord(user, provider, remoteAddr, provider.Category, dest, code)
-}
-
-func SendVerificationCodeToPhone(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
-	if provider == nil {
-		return errors.New("please set a SMS provider first")
-	}
-
-	code := getRandomCode(6)
-	if err := SendSms(provider, code, dest); err != nil {
-		return err
-	}
-
-	return AddToVerificationRecord(user, provider, remoteAddr, provider.Category, dest, code)
-}
-
-func AddToVerificationRecord(user *User, provider *Provider, remoteAddr, recordType, dest, code string) error {
+func IsAllowSend(user *User, remoteAddr, recordType string) error {
 	var record VerificationRecord
 	record.RemoteAddr = remoteAddr
 	record.Type = recordType
@ -89,6 +58,63 @@ func AddToVerificationRecord(user *User, provider *Provider, remoteAddr, recordT
 		return errors.New("you can only send one code in 60s")
 	}

+	return nil
+}
+
+func SendVerificationCodeToEmail(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
+	if provider == nil {
+		return fmt.Errorf("please set an Email provider first")
+	}
+
+	sender := organization.DisplayName
+	title := provider.Title
+	code := getRandomCode(6)
+	// "You have requested a verification code at Casdoor. Here is your code: %s, please enter in 5 minutes."
+	content := fmt.Sprintf(provider.Content, code)
+
+	if err := IsAllowSend(user, remoteAddr, provider.Category); err != nil {
+		return err
+	}
+
+	if err := SendEmail(provider, title, content, dest, sender); err != nil {
+		return err
+	}
+
+	if err := AddToVerificationRecord(user, provider, remoteAddr, provider.Category, dest, code); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func SendVerificationCodeToPhone(organization *Organization, user *User, provider *Provider, remoteAddr string, dest string) error {
+	if provider == nil {
+		return errors.New("please set a SMS provider first")
+	}
+
+	if err := IsAllowSend(user, remoteAddr, provider.Category); err != nil {
+		return err
+	}
+
+	code := getRandomCode(6)
+	if err := SendSms(provider, code, dest); err != nil {
+		return err
+	}
+
+	if err := AddToVerificationRecord(user, provider, remoteAddr, provider.Category, dest, code); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func AddToVerificationRecord(user *User, provider *Provider, remoteAddr, recordType, dest, code string) error {
+	var record VerificationRecord
+	record.RemoteAddr = remoteAddr
+	record.Type = recordType
+	if user != nil {
+		record.User = user.GetId()
+	}
 	record.Owner = provider.Owner
 	record.Name = util.GenerateId()
 	record.CreatedTime = util.GetCurrentTime()
@ -99,10 +125,10 @@ func AddToVerificationRecord(user *User, provider *Provider, remoteAddr, recordT

 	record.Receiver = dest
 	record.Code = code
-	record.Time = now
+	record.Time = time.Now().Unix()
 	record.IsUsed = false

-	_, err = adapter.Engine.Insert(record)
+	_, err := adapter.Engine.Insert(record)
 	if err != nil {
 		return err
 	}
@ -127,7 +153,7 @@ func CheckVerificationCode(dest, code, lang string) string {
 	record := getVerificationRecord(dest)

 	if record == nil {
-		return i18n.Translate(lang, "PhoneErr.CodeNotSent")
+		return i18n.Translate(lang, "verification:Code has not been sent yet!")
 	}

 	timeout, err := conf.GetConfigInt64("verificationCodeTimeout")
@ -137,7 +163,7 @@ func CheckVerificationCode(dest, code, lang string) string {

 	now := time.Now().Unix()
 	if now-record.Time > timeout*60 {
-		return fmt.Sprintf(i18n.Translate(lang, "PhoneErr.CodeTimeOut"), timeout)
+		return fmt.Sprintf(i18n.Translate(lang, "verification:You should verify your code in %d min!"), timeout)
 	}

 	if record.Code != code {
--- a/object/webhook.go
+++ b/object/webhook.go
@ -37,7 +37,7 @@ type Webhook struct {
 	Method         string    `xorm:"varchar(100)" json:"method"`
 	ContentType    string    `xorm:"varchar(100)" json:"contentType"`
 	Headers        []*Header `xorm:"mediumtext" json:"headers"`
-	Events         []string  `xorm:"varchar(100)" json:"events"`
+	Events         []string  `xorm:"varchar(1000)" json:"events"`
 	IsUserExtended bool      `json:"isUserExtended"`
 	IsEnabled      bool      `json:"isEnabled"`
 }
--- a/routers/cors_filter.go
+++ b/routers/cors_filter.go
@ -34,7 +34,7 @@ func CorsFilter(ctx *context.Context) {
 	originConf := conf.GetConfigString("origin")

 	if origin != "" && originConf != "" && origin != originConf {
-		if object.IsAllowOrigin(origin) {
+		if object.IsOriginAllowed(origin) {
 			ctx.Output.Header(headerAllowOrigin, origin)
 			ctx.Output.Header(headerAllowMethods, "POST, GET, OPTIONS")
 			ctx.Output.Header(headerAllowHeaders, "Content-Type, Authorization")
--- a/routers/router.go
+++ b/routers/router.go
@ -54,6 +54,8 @@ func initAPI() {
 	beego.Router("/api/get-saml-login", &controllers.ApiController{}, "GET:GetSamlLogin")
 	beego.Router("/api/acs", &controllers.ApiController{}, "POST:HandleSamlLogin")
 	beego.Router("/api/saml/metadata", &controllers.ApiController{}, "GET:GetSamlMeta")
+	beego.Router("/api/webhook", &controllers.ApiController{}, "POST:HandleOfficialAccountEvent")
+	beego.Router("/api/get-webhook-event", &controllers.ApiController{}, "GET:GetWebhookEventType")

 	beego.Router("/api/get-organizations", &controllers.ApiController{}, "GET:GetOrganizations")
 	beego.Router("/api/get-organization", &controllers.ApiController{}, "GET:GetOrganization")
@ -80,6 +82,7 @@ func initAPI() {

 	beego.Router("/api/get-permissions", &controllers.ApiController{}, "GET:GetPermissions")
 	beego.Router("/api/get-permissions-by-submitter", &controllers.ApiController{}, "GET:GetPermissionsBySubmitter")
+	beego.Router("/api/get-permissions-by-role", &controllers.ApiController{}, "GET:GetPermissionsByRole")
 	beego.Router("/api/get-permission", &controllers.ApiController{}, "GET:GetPermission")
 	beego.Router("/api/update-permission", &controllers.ApiController{}, "POST:UpdatePermission")
 	beego.Router("/api/add-permission", &controllers.ApiController{}, "POST:AddPermission")
@ -103,6 +106,9 @@ func initAPI() {
 	beego.Router("/api/add-adapter", &controllers.ApiController{}, "POST:AddCasbinAdapter")
 	beego.Router("/api/delete-adapter", &controllers.ApiController{}, "POST:DeleteCasbinAdapter")
 	beego.Router("/api/sync-policies", &controllers.ApiController{}, "GET:SyncPolicies")
+	beego.Router("/api/update-policy", &controllers.ApiController{}, "POST:UpdatePolicy")
+	beego.Router("/api/add-policy", &controllers.ApiController{}, "POST:AddPolicy")
+	beego.Router("/api/remove-policy", &controllers.ApiController{}, "POST:RemovePolicy")

 	beego.Router("/api/set-password", &controllers.ApiController{}, "POST:SetPassword")
 	beego.Router("/api/check-user-password", &controllers.ApiController{}, "POST:CheckUserPassword")
--- a/util/string.go
+++ b/util/string.go
@ -123,8 +123,8 @@ func GenerateSimpleTimeId() string {
 	return t
 }

-func GetId(name string) string {
-	return fmt.Sprintf("admin/%s", name)
+func GetId(owner, name string) string {
+	return fmt.Sprintf("%s/%s", owner, name)
 }

 func GetMd5Hash(text string) string {
--- a/util/string_test.go
+++ b/util/string_test.go
@ -137,16 +137,16 @@ func TestGenerateId(t *testing.T) {
 func TestGetId(t *testing.T) {
 	scenarios := []struct {
 		description string
-		input       string
+		input       []string
 		expected    interface{}
 	}{
-		{"Scenery one", "casdoor", "admin/casdoor"},
-		{"Scenery two", "casbin", "admin/casbin"},
-		{"Scenery three", "lorem ipsum", "admin/lorem ipsum"},
+		{"Scenery one", []string{"admin", "casdoor"}, "admin/casdoor"},
+		{"Scenery two", []string{"admin", "casbin"}, "admin/casbin"},
+		{"Scenery three", []string{"test", "lorem ipsum"}, "test/lorem ipsum"},
 	}
 	for _, scenery := range scenarios {
 		t.Run(scenery.description, func(t *testing.T) {
-			actual := GetId(scenery.input)
+			actual := GetId(scenery.input[0], scenery.input[1])
 			assert.Equal(t, scenery.expected, actual, "This not is a valid MD5")
 		})
 	}
--- a/util/struct.go
+++ b/util/struct.go
@ -0,0 +1,29 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package util
+
+import xormadapter "github.com/casbin/xorm-adapter/v3"
+
+func CasbinToSlice(casbinRule xormadapter.CasbinRule) []string {
+	s := []string{
+		casbinRule.V0,
+		casbinRule.V1,
+		casbinRule.V2,
+		casbinRule.V3,
+		casbinRule.V4,
+		casbinRule.V5,
+	}
+	return s
+}
--- a/web/package.json
+++ b/web/package.json
@ -9,7 +9,7 @@
    "@testing-library/jest-dom": "^4.2.4",
    "@testing-library/react": "^9.3.2",
    "@testing-library/user-event": "^7.1.2",
-    "antd": "^4.22.8",
+    "antd": "5.0.5",
    "codemirror": "^5.61.1",
    "copy-to-clipboard": "^3.3.1",
    "core-js": "^3.25.0",
--- a/web/src/AdapterEditPage.js
+++ b/web/src/AdapterEditPage.js
@ -13,7 +13,7 @@
 // limitations under the License.

 import React from "react";
-import {Button, Card, Col, Input, InputNumber, Row, Select, Switch, Table, Tooltip} from "antd";
+import {Button, Card, Col, Input, InputNumber, Row, Select, Switch} from "antd";
 import * as AdapterBackend from "./backend/AdapterBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as Setting from "./Setting";
@ -21,7 +21,7 @@ import i18next from "i18next";

 import "codemirror/lib/codemirror.css";
 import * as ModelBackend from "./backend/ModelBackend";
-import {EditOutlined, MinusOutlined} from "@ant-design/icons";
+import PolicyTable from "./common/PoliciyTable";
 require("codemirror/theme/material-darker.css");
 require("codemirror/mode/javascript/javascript");

@ -32,12 +32,11 @@ class AdapterEditPage extends React.Component {
    super(props);
    this.state = {
      classes: props,
-      organizationName: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
+      owner: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
      adapterName: props.match.params.adapterName,
      adapter: null,
      organizations: [],
      models: [],
-      policyLists: [],
      mode: props.location.mode !== undefined ? props.location.mode : "edit",
    };
  }
@ -48,13 +47,15 @@ class AdapterEditPage extends React.Component {
  }

  getAdapter() {
-    AdapterBackend.getAdapter(this.state.organizationName, this.state.adapterName)
-      .then((adapter) => {
-        this.setState({
-          adapter: adapter,
-        });
+    AdapterBackend.getAdapter(this.state.owner, this.state.adapterName)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            adapter: res.data,
+          });

-        this.getModels(adapter.owner);
+          this.getModels(this.state.owner);
+        }
      });
  }

@ -93,93 +94,6 @@ class AdapterEditPage extends React.Component {
    });
  }

-  synPolicies() {
-    this.setState({loading: true});
-    AdapterBackend.syncPolicies(this.state.adapter.owner, this.state.adapter.name)
-      .then((res) => {
-        this.setState({loading: false, policyLists: res});
-      })
-      .catch(error => {
-        this.setState({loading: false});
-        Setting.showMessage("error", `Adapter failed to get policies: ${error}`);
-      });
-  }
-
-  renderTable(table) {
-    const columns = [
-      {
-        title: "Rule Type",
-        dataIndex: "PType",
-        key: "PType",
-        width: "100px",
-      },
-      {
-        title: "V0",
-        dataIndex: "V0",
-        key: "V0",
-        width: "100px",
-      },
-      {
-        title: "V1",
-        dataIndex: "V1",
-        key: "V1",
-        width: "100px",
-      },
-      {
-        title: "V2",
-        dataIndex: "V2",
-        key: "V2",
-        width: "100px",
-      },
-      {
-        title: "V3",
-        dataIndex: "V3",
-        key: "V3",
-        width: "100px",
-      },
-      {
-        title: "V4",
-        dataIndex: "V4",
-        key: "V4",
-        width: "100px",
-      },
-      {
-        title: "V5",
-        dataIndex: "V5",
-        key: "V5",
-        width: "100px",
-      },
-      {
-        title: "Option",
-        key: "option",
-        width: "100px",
-        render: (text, record, index) => {
-          return (
-            <div>
-              <Tooltip placement="topLeft" title="Edit">
-                <Button style={{marginRight: "0.5rem"}} icon={<EditOutlined />} size="small" />
-              </Tooltip>
-              <Tooltip placement="topLeft" title="Delete">
-                <Button icon={<MinusOutlined />} size="small" />
-              </Tooltip>
-            </div>
-          );
-        },
-      }];
-
-    return (
-      <div>
-        <Table
-          pagination={{
-            defaultPageSize: 10,
-          }}
-          columns={columns} dataSource={table} rowKey="name" size="middle" bordered
-          loading={this.state.loading}
-        />
-      </div>
-    );
-  }
-
  renderAdapter() {
    return (
      <Card size="small" title={
@ -329,19 +243,8 @@ class AdapterEditPage extends React.Component {
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("adapter:Policies"), i18next.t("adapter:Policies - Tooltip"))} :
          </Col>
-          <Col span={2}>
-            <Button type="primary" onClick={() => {this.synPolicies();}}>
-              {i18next.t("adapter:Sync")}
-            </Button>
-          </Col>
-        </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-          </Col>
-          <Col span={22} >
-            {
-              this.renderTable(this.state.policyLists)
-            }
+          <Col span={22}>
+            <PolicyTable owner={this.state.owner} name={this.state.adapterName} mode={this.state.mode} />
          </Col>
        </Row>
        <Row style={{marginTop: "20px"}} >
@ -362,8 +265,8 @@ class AdapterEditPage extends React.Component {
    const adapter = Setting.deepCopy(this.state.adapter);
    AdapterBackend.updateAdapter(this.state.adapter.owner, this.state.adapterName, adapter)
      .then((res) => {
-        if (res.msg === "") {
-          Setting.showMessage("success", "Successfully saved");
+        if (res.status === "ok") {
+          Setting.showMessage("success", i18next.t("general:Successfully saved"));
          this.setState({
            adapterName: this.state.adapter.name,
          });
@ -371,25 +274,29 @@ class AdapterEditPage extends React.Component {
          if (willExist) {
            this.props.history.push("/adapters");
          } else {
-            this.props.history.push(`/adapters/${this.state.adapter.name}`);
+            this.props.history.push(`/adapters/${this.state.owner}/${this.state.adapter.name}`);
          }
        } else {
-          Setting.showMessage("error", res.msg);
+          Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);
          this.updateAdapterField("name", this.state.adapterName);
        }
      })
      .catch(error => {
-        Setting.showMessage("error", `Failed to connect to server: ${error}`);
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
      });
  }

  deleteAdapter() {
    AdapterBackend.deleteAdapter(this.state.adapter)
-      .then(() => {
-        this.props.history.push("/adapters");
+      .then((res) => {
+        if (res.status === "ok") {
+          this.props.history.push("/adapters");
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
+        }
      })
      .catch(error => {
-        Setting.showMessage("error", `adapter failed to delete: ${error}`);
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
      });
  }

--- a/web/src/AdapterListPage.js
+++ b/web/src/AdapterListPage.js
@ -45,26 +45,33 @@ class AdapterListPage extends BaseListPage {
    const newAdapter = this.newAdapter();
    AdapterBackend.addAdapter(newAdapter)
      .then((res) => {
-        this.props.history.push({pathname: `/adapters/${newAdapter.owner}/${newAdapter.name}`, mode: "add"});
-      }
-      )
+        if (res.status === "ok") {
+          this.props.history.push({pathname: `/adapters/${newAdapter.organization}/${newAdapter.name}`, mode: "add"});
+          Setting.showMessage("success", i18next.t("general:Successfully added"));
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to add")}: ${res.msg}`);
+        }
+      })
      .catch(error => {
-        Setting.showMessage("error", `Adapter failed to add: ${error}`);
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
      });
  }

  deleteAdapter(i) {
    AdapterBackend.deleteAdapter(this.state.data[i])
      .then((res) => {
-        Setting.showMessage("success", "Adapter deleted successfully");
-        this.setState({
-          data: Setting.deleteRow(this.state.data, i),
-          pagination: {total: this.state.pagination.total - 1},
-        });
-      }
-      )
+        if (res.status === "ok") {
+          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
+          });
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
+        }
+      })
      .catch(error => {
-        Setting.showMessage("error", `Adapter failed to delete: ${error}`);
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
      });
  }

@ -80,7 +87,7 @@ class AdapterListPage extends BaseListPage {
        ...this.getColumnSearchProps("name"),
        render: (text, record, index) => {
          return (
-            <Link to={`/adapters/${text}`}>
+            <Link to={`/adapters/${record.organization}/${text}`}>
              {text}
            </Link>
          );
@ -201,7 +208,7 @@ class AdapterListPage extends BaseListPage {
                title={`Sure to delete adapter: ${record.name} ?`}
                onConfirm={() => this.deleteAdapter(index)}
              >
-                <Button style={{marginBottom: "10px"}} type="danger">{i18next.t("general:Delete")}</Button>
+                <Button style={{marginBottom: "10px"}} type="primary" danger>{i18next.t("general:Delete")}</Button>
              </Popconfirm>
            </div>
          );
--- a/web/src/App.js
+++ b/web/src/App.js
@ -17,7 +17,7 @@ import "./App.less";
 import {Helmet} from "react-helmet";
 import * as Setting from "./Setting";
 import {BarsOutlined, DownOutlined, LogoutOutlined, SettingOutlined} from "@ant-design/icons";
-import {Avatar, BackTop, Button, Card, Drawer, Dropdown, Layout, Menu, Result} from "antd";
+import {Avatar, Button, Card, ConfigProvider, Drawer, Dropdown, FloatButton, Layout, Menu, Result, theme} from "antd";
 import {Link, Redirect, Route, Switch, withRouter} from "react-router-dom";
 import OrganizationListPage from "./OrganizationListPage";
 import OrganizationEditPage from "./OrganizationEditPage";
@ -55,28 +55,23 @@ import CustomGithubCorner from "./CustomGithubCorner";
 import * as Conf from "./Conf";

 import * as Auth from "./auth/Auth";
-import SignupPage from "./auth/SignupPage";
+import EntryPage from "./EntryPage";
 import ResultPage from "./auth/ResultPage";
-import LoginPage from "./auth/LoginPage";
-import SelfLoginPage from "./auth/SelfLoginPage";
-import SelfForgetPage from "./auth/SelfForgetPage";
-import ForgetPage from "./auth/ForgetPage";
 import * as AuthBackend from "./auth/AuthBackend";
 import AuthCallback from "./auth/AuthCallback";
 import SelectLanguageBox from "./SelectLanguageBox";
 import i18next from "i18next";
-import PromptPage from "./auth/PromptPage";
 import OdicDiscoveryPage from "./auth/OidcDiscoveryPage";
 import SamlCallback from "./auth/SamlCallback";
-import CasLogout from "./auth/CasLogout";
 import ModelListPage from "./ModelListPage";
 import ModelEditPage from "./ModelEditPage";
 import SystemInfo from "./SystemInfo";
 import AdapterListPage from "./AdapterListPage";
 import AdapterEditPage from "./AdapterEditPage";
 import {withTranslation} from "react-i18next";
+import SelectThemeBox from "./SelectThemeBox";

-const {Header, Footer} = Layout;
+const {Header, Footer, Content} = Layout;

 class App extends Component {
  constructor(props) {
@ -87,6 +82,8 @@ class App extends Component {
      account: undefined,
      uri: null,
      menuVisible: false,
+      themeAlgorithm: null,
+      logo: null,
    };

    Setting.initServerUrl();
@ -101,6 +98,16 @@ class App extends Component {
    this.getAccount();
  }

+  componentDidMount() {
+    localStorage.getItem("theme") ?
+      this.setState({"themeAlgorithm": this.getTheme()}) : this.setState({"themeAlgorithm": theme.defaultAlgorithm});
+    this.setState({"logo": Setting.getLogo(localStorage.getItem("theme"))});
+    addEventListener("themeChange", (e) => {
+      this.setState({"themeAlgorithm": this.getTheme()});
+      this.setState({"logo": Setting.getLogo(localStorage.getItem("theme"))});
+    });
+  }
+
  componentDidUpdate() {
    // eslint-disable-next-line no-restricted-globals
    const uri = location.pathname;
@ -190,6 +197,10 @@ class App extends Component {
    return "";
  }

+  getTheme() {
+    return Setting.Themes.find(t => t.key === localStorage.getItem("theme"))["style"];
+  }
+
  setLanguage(account) {
    const language = account?.language;
    if (language !== "" && language !== i18next.language) {
@ -224,7 +235,7 @@ class App extends Component {
          this.setLanguage(account);
        } else {
          if (res.data !== "Please login first") {
-            Setting.showMessage("error", `Failed to sign in: ${res.msg}`);
+            Setting.showMessage("error", `${i18next.t("application:Failed to sign in")}: ${res.msg}`);
          }
        }

@ -249,7 +260,7 @@ class App extends Component {
            account: null,
          });

-          Setting.showMessage("success", "Logged out successfully");
+          Setting.showMessage("success", i18next.t("application:Logged out successfully"));
          const redirectUri = res.data2;
          if (redirectUri !== null && redirectUri !== undefined && redirectUri !== "") {
            Setting.goToLink(redirectUri);
@ -295,23 +306,16 @@ class App extends Component {
  }

  renderRightDropdown() {
-    const menu = (
-      <Menu onClick={this.handleRightDropdownClick.bind(this)}>
-        <Menu.Item key="/account">
-          <SettingOutlined />
-          &nbsp;&nbsp;
-          {i18next.t("account:My Account")}
-        </Menu.Item>
-        <Menu.Item key="/logout">
-          <LogoutOutlined />
-          &nbsp;&nbsp;
-          {i18next.t("account:Logout")}
-        </Menu.Item>
-      </Menu>
-    );
+    const items = [];
+    items.push(Setting.getItem(<><SettingOutlined />&nbsp;&nbsp;{i18next.t("account:My Account")}</>,
+      "/account"
+    ));
+    items.push(Setting.getItem(<><LogoutOutlined />&nbsp;&nbsp;{i18next.t("account:Logout")}</>,
+      "/logout"));
+    const onClick = this.handleRightDropdownClick.bind(this);

    return (
-      <Dropdown key="/rightDropDown" overlay={menu} className="rightDropDown">
+      <Dropdown key="/rightDropDown" menu={{items, onClick}} className="rightDropDown">
        <div className="ant-dropdown-link" style={{float: "right", cursor: "pointer"}}>
          &nbsp;
          &nbsp;
@ -363,156 +367,89 @@ class App extends Component {
      return [];
    }

-    res.push(
-      <Menu.Item key="/">
-        <Link to="/">
-          {i18next.t("general:Home")}
-        </Link>
-      </Menu.Item>
-    );
+    res.push(Setting.getItem(<Link to="/">{i18next.t("general:Home")}</Link>, "/"));

    if (Setting.isAdminUser(this.state.account)) {
-      res.push(
-        <Menu.Item key="/organizations">
-          <Link to="/organizations">
-            {i18next.t("general:Organizations")}
-          </Link>
-        </Menu.Item>
-      );
+      res.push(Setting.getItem(<Link to="/organizations">{i18next.t("general:Organizations")}</Link>,
+        "/organizations"));
    }

    if (Setting.isLocalAdminUser(this.state.account)) {
-      res.push(
-        <Menu.Item key="/users">
-          <Link to="/users">
-            {i18next.t("general:Users")}
-          </Link>
-        </Menu.Item>
-      );
-      res.push(
-        <Menu.Item key="/roles">
-          <Link to="/roles">
-            {i18next.t("general:Roles")}
-          </Link>
-        </Menu.Item>
-      );
-      res.push(
-        <Menu.Item key="/permissions">
-          <Link to="/permissions">
-            {i18next.t("general:Permissions")}
-          </Link>
-        </Menu.Item>
-      );
+      res.push(Setting.getItem(<Link to="/users">{i18next.t("general:Users")}</Link>,
+        "/users"
+      ));
+
+      res.push(Setting.getItem(<Link to="/roles">{i18next.t("general:Roles")}</Link>,
+        "/roles"
+      ));
+
+      res.push(Setting.getItem(<Link to="/permissions">{i18next.t("general:Permissions")}</Link>,
+        "/permissions"
+      ));
    }

    if (Setting.isAdminUser(this.state.account)) {
-      res.push(
-        <Menu.Item key="/models">
-          <Link to="/models">
-            {i18next.t("general:Models")}
-          </Link>
-        </Menu.Item>
-      );
-      res.push(
-        <Menu.Item key="/adapters">
-          <Link to="/adapters">
-            {i18next.t("general:Adapters")}
-          </Link>
-        </Menu.Item>
-      );
-      res.push(
-        <Menu.Item key="/applications">
-          <Link to="/applications">
-            {i18next.t("general:Applications")}
-          </Link>
-        </Menu.Item>
-      );
+      res.push(Setting.getItem(<Link to="/models">{i18next.t("general:Models")}</Link>,
+        "/models"
+      ));
+
+      res.push(Setting.getItem(<Link to="/adapters">{i18next.t("general:Adapters")}</Link>,
+        "/adapters"
+      ));
    }

    if (Setting.isLocalAdminUser(this.state.account)) {
-      res.push(
-        <Menu.Item key="/providers">
-          <Link to="/providers">
-            {i18next.t("general:Providers")}
-          </Link>
-        </Menu.Item>
-      );
-      res.push(
-        <Menu.Item key="/resources">
-          <Link to="/resources">
-            {i18next.t("general:Resources")}
-          </Link>
-        </Menu.Item>
-      );
-      res.push(
-        <Menu.Item key="/records">
-          <Link to="/records">
-            {i18next.t("general:Records")}
-          </Link>
-        </Menu.Item>
-      );
+      res.push(Setting.getItem(<Link to="/applications">{i18next.t("general:Applications")}</Link>,
+        "/applications"
+      ));
+
+      res.push(Setting.getItem(<Link to="/providers">{i18next.t("general:Providers")}</Link>,
+        "/providers"
+      ));
+
+      res.push(Setting.getItem(<Link to="/resources">{i18next.t("general:Resources")}</Link>,
+        "/resources"
+      ));
+
+      res.push(Setting.getItem(<Link to="/records">{i18next.t("general:Records")}</Link>,
+        "/records"
+      ));
    }

    if (Setting.isAdminUser(this.state.account)) {
-      res.push(
-        <Menu.Item key="/tokens">
-          <Link to="/tokens">
-            {i18next.t("general:Tokens")}
-          </Link>
-        </Menu.Item>
-      );
-      res.push(
-        <Menu.Item key="/webhooks">
-          <Link to="/webhooks">
-            {i18next.t("general:Webhooks")}
-          </Link>
-        </Menu.Item>
-      );
-      res.push(
-        <Menu.Item key="/syncers">
-          <Link to="/syncers">
-            {i18next.t("general:Syncers")}
-          </Link>
-        </Menu.Item>
-      );
-      res.push(
-        <Menu.Item key="/certs">
-          <Link to="/certs">
-            {i18next.t("general:Certs")}
-          </Link>
-        </Menu.Item>
-      );
+      res.push(Setting.getItem(<Link to="/tokens">{i18next.t("general:Tokens")}</Link>,
+        "/tokens"
+      ));
+
+      res.push(Setting.getItem(<Link to="/webhooks">{i18next.t("general:Webhooks")}</Link>,
+        "/webhooks"
+      ));
+
+      res.push(Setting.getItem(<Link to="/syncers">{i18next.t("general:Syncers")}</Link>,
+        "/syncers"
+      ));
+
+      res.push(Setting.getItem(<Link to="/certs">{i18next.t("general:Certs")}</Link>,
+        "/certs"
+      ));

      if (Conf.EnableExtraPages) {
-        res.push(
-          <Menu.Item key="/products">
-            <Link to="/products">
-              {i18next.t("general:Products")}
-            </Link>
-          </Menu.Item>
-        );
-        res.push(
-          <Menu.Item key="/payments">
-            <Link to="/payments">
-              {i18next.t("general:Payments")}
-            </Link>
-          </Menu.Item>
-        );
-        res.push(
-          <Menu.Item key="/sysinfo">
-            <Link to="/sysinfo">
-              {i18next.t("general:SysInfo")}
-            </Link>
-          </Menu.Item>
-        );
+        res.push(Setting.getItem(<Link to="/products">{i18next.t("general:Products")}</Link>,
+          "/products"
+        ));
+
+        res.push(Setting.getItem(<Link to="/payments">{i18next.t("general:Payments")}</Link>,
+          "/payments"
+        ));
+
+        res.push(Setting.getItem(<Link to="/sysinfo">{i18next.t("general:SysInfo")}</Link>,
+          "/sysinfo"
+        ));
      }
-      res.push(
-        <Menu.Item key="/swagger">
-          <a target="_blank" rel="noreferrer" href={Setting.isLocalhost() ? `${Setting.ServerUrl}/swagger` : "/swagger"}>
-            {i18next.t("general:Swagger")}
-          </a>
-        </Menu.Item>
-      );
+      res.push(Setting.getItem(<a target="_blank" rel="noreferrer"
+        href={Setting.isLocalhost() ? `${Setting.ServerUrl}/swagger` : "/swagger"}>{i18next.t("general:Swagger")}</a>,
+      "/swagger"
+      ));
    }

    return res;
@ -545,55 +482,62 @@ class App extends Component {

  renderRouter() {
    return (
-      <div>
-        <Switch>
-          <Route exact path="/result" render={(props) => this.renderHomeIfLoggedIn(<ResultPage {...props} />)} />
-          <Route exact path="/result/:applicationName" render={(props) => this.renderHomeIfLoggedIn(<ResultPage {...props} />)} />
-          <Route exact path="/" render={(props) => this.renderLoginIfNotLoggedIn(<HomePage account={this.state.account} {...props} />)} />
-          <Route exact path="/account" render={(props) => this.renderLoginIfNotLoggedIn(<AccountPage account={this.state.account} {...props} />)} />
-          <Route exact path="/organizations" render={(props) => this.renderLoginIfNotLoggedIn(<OrganizationListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/organizations/:organizationName" render={(props) => this.renderLoginIfNotLoggedIn(<OrganizationEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/organizations/:organizationName/users" render={(props) => this.renderLoginIfNotLoggedIn(<UserListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/users" render={(props) => this.renderLoginIfNotLoggedIn(<UserListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/users/:organizationName/:userName" render={(props) => <UserEditPage account={this.state.account} {...props} />} />
-          <Route exact path="/roles" render={(props) => this.renderLoginIfNotLoggedIn(<RoleListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/roles/:organizationName/:roleName" render={(props) => this.renderLoginIfNotLoggedIn(<RoleEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/permissions" render={(props) => this.renderLoginIfNotLoggedIn(<PermissionListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/permissions/:organizationName/:permissionName" render={(props) => this.renderLoginIfNotLoggedIn(<PermissionEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/models" render={(props) => this.renderLoginIfNotLoggedIn(<ModelListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/models/:organizationName/:modelName" render={(props) => this.renderLoginIfNotLoggedIn(<ModelEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/adapters" render={(props) => this.renderLoginIfNotLoggedIn(<AdapterListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/adapters/:organizationName/:adapterName" render={(props) => this.renderLoginIfNotLoggedIn(<AdapterEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/providers" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/providers/:providerName" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/providers/:organizationName/:providerName" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/applications" render={(props) => this.renderLoginIfNotLoggedIn(<ApplicationListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/applications/:applicationName" render={(props) => this.renderLoginIfNotLoggedIn(<ApplicationEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/resources" render={(props) => this.renderLoginIfNotLoggedIn(<ResourceListPage account={this.state.account} {...props} />)} />
-          {/* <Route exact path="/resources/:resourceName" render={(props) => this.renderLoginIfNotLoggedIn(<ResourceEditPage account={this.state.account} {...props} />)}/>*/}
-          <Route exact path="/ldap/:ldapId" render={(props) => this.renderLoginIfNotLoggedIn(<LdapEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/ldap/sync/:ldapId" render={(props) => this.renderLoginIfNotLoggedIn(<LdapSyncPage account={this.state.account} {...props} />)} />
-          <Route exact path="/tokens" render={(props) => this.renderLoginIfNotLoggedIn(<TokenListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/tokens/:tokenName" render={(props) => this.renderLoginIfNotLoggedIn(<TokenEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/webhooks" render={(props) => this.renderLoginIfNotLoggedIn(<WebhookListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/webhooks/:webhookName" render={(props) => this.renderLoginIfNotLoggedIn(<WebhookEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/syncers" render={(props) => this.renderLoginIfNotLoggedIn(<SyncerListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/syncers/:syncerName" render={(props) => this.renderLoginIfNotLoggedIn(<SyncerEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/certs" render={(props) => this.renderLoginIfNotLoggedIn(<CertListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/certs/:certName" render={(props) => this.renderLoginIfNotLoggedIn(<CertEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/products" render={(props) => this.renderLoginIfNotLoggedIn(<ProductListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/products/:productName" render={(props) => this.renderLoginIfNotLoggedIn(<ProductEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/products/:productName/buy" render={(props) => this.renderLoginIfNotLoggedIn(<ProductBuyPage account={this.state.account} {...props} />)} />
-          <Route exact path="/payments" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/payments/:paymentName" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/payments/:paymentName/result" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentResultPage account={this.state.account} {...props} />)} />
-          <Route exact path="/records" render={(props) => this.renderLoginIfNotLoggedIn(<RecordListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/.well-known/openid-configuration" render={(props) => <OdicDiscoveryPage />} />
-          <Route exact path="/sysinfo" render={(props) => this.renderLoginIfNotLoggedIn(<SystemInfo account={this.state.account} {...props} />)} />
-          <Route path="" render={() => <Result status="404" title="404 NOT FOUND" subTitle={i18next.t("general:Sorry, the page you visited does not exist.")}
-            extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>} />} />
-        </Switch>
-      </div>
+      <ConfigProvider theme={{
+        token: {
+          colorPrimary: "rgb(89,54,213)",
+          colorInfo: "rgb(89,54,213)",
+        },
+        algorithm: this.state.themeAlgorithm,
+      }}>
+        <div>
+          <Switch>
+            <Route exact path="/result" render={(props) => this.renderHomeIfLoggedIn(<ResultPage {...props} />)} />
+            <Route exact path="/result/:applicationName" render={(props) => this.renderHomeIfLoggedIn(<ResultPage {...props} />)} />
+            <Route exact path="/" render={(props) => this.renderLoginIfNotLoggedIn(<HomePage account={this.state.account} {...props} />)} />
+            <Route exact path="/account" render={(props) => this.renderLoginIfNotLoggedIn(<AccountPage account={this.state.account} {...props} />)} />
+            <Route exact path="/organizations" render={(props) => this.renderLoginIfNotLoggedIn(<OrganizationListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/organizations/:organizationName" render={(props) => this.renderLoginIfNotLoggedIn(<OrganizationEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/organizations/:organizationName/users" render={(props) => this.renderLoginIfNotLoggedIn(<UserListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/users" render={(props) => this.renderLoginIfNotLoggedIn(<UserListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/users/:organizationName/:userName" render={(props) => <UserEditPage account={this.state.account} {...props} />} />
+            <Route exact path="/roles" render={(props) => this.renderLoginIfNotLoggedIn(<RoleListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/roles/:organizationName/:roleName" render={(props) => this.renderLoginIfNotLoggedIn(<RoleEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/permissions" render={(props) => this.renderLoginIfNotLoggedIn(<PermissionListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/permissions/:organizationName/:permissionName" render={(props) => this.renderLoginIfNotLoggedIn(<PermissionEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/models" render={(props) => this.renderLoginIfNotLoggedIn(<ModelListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/models/:organizationName/:modelName" render={(props) => this.renderLoginIfNotLoggedIn(<ModelEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/adapters" render={(props) => this.renderLoginIfNotLoggedIn(<AdapterListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/adapters/:organizationName/:adapterName" render={(props) => this.renderLoginIfNotLoggedIn(<AdapterEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/providers" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/providers/:organizationName/:providerName" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/applications" render={(props) => this.renderLoginIfNotLoggedIn(<ApplicationListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/applications/:organizationName/:applicationName" render={(props) => this.renderLoginIfNotLoggedIn(<ApplicationEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/resources" render={(props) => this.renderLoginIfNotLoggedIn(<ResourceListPage account={this.state.account} {...props} />)} />
+            {/* <Route exact path="/resources/:resourceName" render={(props) => this.renderLoginIfNotLoggedIn(<ResourceEditPage account={this.state.account} {...props} />)}/>*/}
+            <Route exact path="/ldap/:ldapId" render={(props) => this.renderLoginIfNotLoggedIn(<LdapEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/ldap/sync/:ldapId" render={(props) => this.renderLoginIfNotLoggedIn(<LdapSyncPage account={this.state.account} {...props} />)} />
+            <Route exact path="/tokens" render={(props) => this.renderLoginIfNotLoggedIn(<TokenListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/tokens/:tokenName" render={(props) => this.renderLoginIfNotLoggedIn(<TokenEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/webhooks" render={(props) => this.renderLoginIfNotLoggedIn(<WebhookListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/webhooks/:webhookName" render={(props) => this.renderLoginIfNotLoggedIn(<WebhookEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/syncers" render={(props) => this.renderLoginIfNotLoggedIn(<SyncerListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/syncers/:syncerName" render={(props) => this.renderLoginIfNotLoggedIn(<SyncerEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/certs" render={(props) => this.renderLoginIfNotLoggedIn(<CertListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/certs/:certName" render={(props) => this.renderLoginIfNotLoggedIn(<CertEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/products" render={(props) => this.renderLoginIfNotLoggedIn(<ProductListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/products/:productName" render={(props) => this.renderLoginIfNotLoggedIn(<ProductEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/products/:productName/buy" render={(props) => this.renderLoginIfNotLoggedIn(<ProductBuyPage account={this.state.account} {...props} />)} />
+            <Route exact path="/payments" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/payments/:paymentName" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/payments/:paymentName/result" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentResultPage account={this.state.account} {...props} />)} />
+            <Route exact path="/records" render={(props) => this.renderLoginIfNotLoggedIn(<RecordListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/.well-known/openid-configuration" render={(props) => <OdicDiscoveryPage />} />
+            <Route exact path="/sysinfo" render={(props) => this.renderLoginIfNotLoggedIn(<SystemInfo account={this.state.account} {...props} />)} />
+            <Route path="" render={() => <Result status="404" title="404 NOT FOUND" subTitle={i18next.t("general:Sorry, the page you visited does not exist.")}
+              extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>} />} />
+          </Switch>
+        </div>
+      </ConfigProvider>
    );
  }

@ -612,81 +556,75 @@ class App extends Component {
  renderContent() {
    if (!Setting.isMobile()) {
      return (
-        <div style={{display: "flex", flex: "auto", width: "100%", flexDirection: "column"}}>
-          <Layout style={{display: "flex", alignItems: "stretch"}}>
-            <Header style={{padding: "0", marginBottom: "3px"}}>
-              {
-                Setting.isMobile() ? null : (
-                  <Link to={"/"}>
-                    <div className="logo" />
-                  </Link>
-                )
-              }
-              <div>
-                <Menu
-                  // theme="dark"
-                  mode={(Setting.isMobile() && this.isStartPages()) ? "inline" : "horizontal"}
-                  selectedKeys={[`${this.state.selectedMenuKey}`]}
-                  style={{lineHeight: "64px", position: "absolute", left: "145px", right: "200px"}}
-                >
-                  {
-                    this.renderMenu()
-                  }
-                </Menu>
-                {
-                  this.renderAccount()
-                }
-                <SelectLanguageBox />
-              </div>
-            </Header>
-            <Layout style={{backgroundColor: "#f5f5f5", alignItems: "stretch"}}>
-              <Card className="content-warp-card">
-                {
-                  this.renderRouter()
-                }
-              </Card>
-            </Layout>
-          </Layout>
-        </div>
-      );
-    } else {
-      return (
-        <div>
-          <Header style={{padding: "0", marginBottom: "3px"}}>
+        <Layout id="parent-area">
+          <Header style={{marginBottom: "3px", paddingInline: 0, backgroundColor: this.state.themeAlgorithm === theme.darkAlgorithm ? "black" : "white"}}>
            {
              Setting.isMobile() ? null : (
                <Link to={"/"}>
-                  <div className="logo" />
+                  <div className="logo" style={{background: `url(${this.state.logo})`}} />
+                </Link>
+              )
+            }
+            <Menu
+              items={this.renderMenu()}
+              mode={(Setting.isMobile() && this.isStartPages()) ? "inline" : "horizontal"}
+              selectedKeys={[`${this.state.selectedMenuKey}`]}
+              style={{position: "absolute", left: "145px", backgroundColor: this.state.themeAlgorithm === theme.darkAlgorithm ? "black" : "white"}}
+            />
+            {
+              this.renderAccount()
+            }
+            {this.state.account && <SelectThemeBox themes={this.state.account.organization.themes} />}
+            {this.state.account && <SelectLanguageBox languages={this.state.account.organization.languages} />}
+          </Header>
+          <Content style={{alignItems: "stretch", display: "flex", flexDirection: "column"}}>
+            <Card className="content-warp-card">
+              {
+                this.renderRouter()
+              }
+            </Card>
+          </Content>
+          {
+            this.renderFooter()
+          }
+        </Layout>
+      );
+    } else {
+      return (
+        <Layout>
+          <Header style={{padding: "0", marginBottom: "3px", backgroundColor: this.state.themeAlgorithm === theme.darkAlgorithm ? "black" : "white"}}>
+            {
+              Setting.isMobile() ? null : (
+                <Link to={"/"}>
+                  <div className="logo" style={{background: `url(${this.state.logo})`}} />
                </Link>
              )
            }
            <Drawer title={i18next.t("general:Close")} placement="left" visible={this.state.menuVisible} onClose={this.onClose}>
              <Menu
                // theme="dark"
+                items={this.renderMenu()}
                mode={(Setting.isMobile()) ? "inline" : "horizontal"}
                selectedKeys={[`${this.state.selectedMenuKey}`]}
                style={{lineHeight: "64px"}}
                onClick={this.onClose}
              >
-                {
-                  this.renderMenu()
-                }
              </Menu>
            </Drawer>
            <Button icon={<BarsOutlined />} onClick={this.showMenu} type="text">
              {i18next.t("general:Menu")}
            </Button>
-            <div style = {{float: "right"}}>
-              {
-                this.renderAccount()
-              }
-              <SelectLanguageBox />
-            </div>
+            {
+              this.renderAccount()
+            }
+            {this.state.account && <SelectThemeBox themes={this.state.account.organization.themes} />}
+            {this.state.account && <SelectLanguageBox languages={this.state.account.organization.languages} />}
          </Header>
-          {
-            this.renderRouter()
-          }
-        </div>
+          <Content style={{display: "flex", flexDirection: "column"}} >{
+            this.renderRouter()}
+          </Content>
+          {this.renderFooter()}
+        </Layout>
      );
    }
  }
@ -696,77 +634,66 @@ class App extends Component {
    // https://www.freecodecamp.org/neyarnws/how-to-keep-your-footer-where-it-belongs-59c6aa05c59c/

    return (
-      <>
+      <React.Fragment>
        {!this.state.account ? null : <div style={{display: "none"}} id="CasdoorApplicationName" value={this.state.account.signupApplication} />}
        <Footer id="footer" style={
          {
-            borderTop: "1px solid #e8e8e8",
-            backgroundColor: "white",
            textAlign: "center",
          }
        }>
-          Powered by <a target="_blank" href="https://casdoor.org" rel="noreferrer"><img style={{paddingBottom: "3px"}} height={"20px"} alt={"Casdoor"} src={`${Setting.StaticBaseUrl}/img/casdoor-logo_1185x256.png`} /></a>
+          Powered by <a target="_blank" href="https://casdoor.org" rel="noreferrer"><img style={{paddingBottom: "3px"}} height={"20px"} alt={"Casdoor"} src={this.state.logo} /></a>
        </Footer>
-      </>
+      </React.Fragment>
    );
  }

  isDoorPages() {
+    return this.isEntryPages() || window.location.pathname.startsWith("/callback");
+  }
+
+  isEntryPages() {
    return window.location.pathname.startsWith("/signup") ||
      window.location.pathname.startsWith("/login") ||
-      window.location.pathname.startsWith("/callback") ||
-      window.location.pathname.startsWith("/prompt") ||
      window.location.pathname.startsWith("/forget") ||
-      window.location.pathname.startsWith("/cas");
+      window.location.pathname.startsWith("/prompt") ||
+      window.location.pathname.startsWith("/cas") ||
+      window.location.pathname.startsWith("/auto-signup");
  }

  renderPage() {
    if (this.isDoorPages()) {
      return (
-        <div style={{display: "flex", flexDirection: "column", height: "100%"}}>
-          <div id="login-content-wrap" style={{flexDirection: "column"}}>
-            <Switch>
-              <Route exact path="/signup" render={(props) => this.renderHomeIfLoggedIn(<SignupPage account={this.state.account} {...props} />)} />
-              <Route exact path="/signup/:applicationName" render={(props) => this.renderHomeIfLoggedIn(<SignupPage account={this.state.account} {...props} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />)} />
-              <Route exact path="/login" render={(props) => this.renderHomeIfLoggedIn(<SelfLoginPage account={this.state.account} {...props} />)} />
-              <Route exact path="/login/:owner" render={(props) => this.renderHomeIfLoggedIn(<SelfLoginPage account={this.state.account} {...props} />)} />
-              <Route exact path="/auto-signup/oauth/authorize" render={(props) => <LoginPage account={this.state.account} type={"code"} mode={"signup"} {...props} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />} />
-              <Route exact path="/signup/oauth/authorize" render={(props) => <SignupPage account={this.state.account} {...props} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />} />
-              <Route exact path="/login/oauth/authorize" render={(props) => <LoginPage account={this.state.account} type={"code"} mode={"signin"} {...props} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />} />
-              <Route exact path="/login/saml/authorize/:owner/:applicationName" render={(props) => <LoginPage account={this.state.account} type={"saml"} mode={"signin"} {...props} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />} />
-              <Route exact path="/cas/:owner/:casApplicationName/logout" render={(props) => this.renderHomeIfLoggedIn(<CasLogout clearAccount={() => this.setState({account: null})} {...props} />)} />
-              <Route exact path="/cas/:owner/:casApplicationName/login" render={(props) => {return (<LoginPage type={"cas"} mode={"signup"} account={this.state.account} {...props} />);}} />
-              <Route exact path="/callback" component={AuthCallback} />
-              <Route exact path="/callback/saml" component={SamlCallback} />
-              <Route exact path="/forget" render={(props) => this.renderHomeIfLoggedIn(<SelfForgetPage {...props} />)} />
-              <Route exact path="/forget/:applicationName" render={(props) => this.renderHomeIfLoggedIn(<ForgetPage {...props} />)} />
-              <Route exact path="/prompt" render={(props) => this.renderLoginIfNotLoggedIn(<PromptPage account={this.state.account} {...props} />)} />
-              <Route exact path="/prompt/:applicationName" render={(props) => this.renderLoginIfNotLoggedIn(<PromptPage account={this.state.account} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} {...props} />)} />
-              <Route exact path="/sysinfo" render={(props) => this.renderLoginIfNotLoggedIn(<SystemInfo {...props} />)} />
-              <Route path="" render={() => <Result status="404" title="404 NOT FOUND" subTitle={i18next.t("general:Sorry, the page you visited does not exist.")}
-                extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>} />} />
-            </Switch>
-          </div>
-          {
-            this.renderFooter()
-          }
-        </div>
+        <React.Fragment>
+          <Layout id="parent-area">
+            <Content style={{display: "flex", justifyContent: "center"}}>
+              {
+                this.isEntryPages() ?
+                  <EntryPage account={this.state.account} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />
+                  :
+                  <Switch>
+                    <Route exact path="/callback" component={AuthCallback} />
+                    <Route exact path="/callback/saml" component={SamlCallback} />
+                    <Route path="" render={() => <Result status="404" title="404 NOT FOUND" subTitle={i18next.t("general:Sorry, the page you visited does not exist.")}
+                      extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>} />} />
+                  </Switch>
+              }
+            </Content>
+            {
+              this.renderFooter()
+            }
+          </Layout>
+        </React.Fragment>
      );
    }

    return (
-      <div id="parent-area">
-        <BackTop />
+      <React.Fragment>
+        <FloatButton.BackTop />
        <CustomGithubCorner />
-        <div id="content-wrap" style={{flexDirection: "column"}}>
-          {
-            this.renderContent()
-          }
-        </div>
        {
-          this.renderFooter()
+          this.renderContent()
        }
-      </div>
+      </React.Fragment>
    );
  }

@ -777,9 +704,17 @@ class App extends Component {
          <Helmet>
            <link rel="icon" href={"https://cdn.casdoor.com/static/favicon.png"} />
          </Helmet>
-          {
-            this.renderPage()
-          }
+          <ConfigProvider theme={{
+            token: {
+              colorPrimary: "rgb(89,54,213)",
+              colorInfo: "rgb(89,54,213)",
+            },
+            algorithm: this.state.themeAlgorithm,
+          }}>
+            {
+              this.renderPage()
+            }
+          </ConfigProvider>
        </React.Fragment>
      );
    }
@ -791,9 +726,17 @@ class App extends Component {
          <title>{organization.displayName}</title>
          <link rel="icon" href={organization.favicon} />
        </Helmet>
-        {
-          this.renderPage()
-        }
+        <ConfigProvider theme={{
+          token: {
+            colorPrimary: "rgb(89,54,213)",
+            colorInfo: "rgb(89,54,213)",
+          },
+          algorithm: this.state.themeAlgorithm,
+        }}>
+          {
+            this.renderPage()
+          }
+        </ConfigProvider>
      </React.Fragment>
    );
  }
--- a/web/src/App.less
+++ b/web/src/App.less
@ -1,6 +1,5 @@
 /* stylelint-disable at-rule-name-case */
 /* stylelint-disable selector-class-pattern */
-@import "~antd/dist/antd.less";

@StaticBaseUrl: "https://cdn.casbin.org";

@ -14,20 +13,23 @@
 }

 .App-header {
-  background-color: #282c34;
  min-height: 100vh;
  display: flex;
  flex-direction: column;
  align-items: center;
  justify-content: center;
  font-size: calc(10px + 2vmin);
-  color: white;
 }

 .App-link {
  color: #61dafb;
 }

+img {
+  border-style: none;
+  vertical-align: middle;
+}
+
 #root {
  height: 100%;
 }
@ -37,32 +39,10 @@
  flex-direction: column;
  height: 100%;
  min-height: 100vh;
-  background-color: #f5f5f5;
 }

-#content-wrap {
-  display: flex;
-  flex: 1 1 0;
-  align-items: stretch;
-  width: 100%;
-}
-
-#login-content-wrap {
-  display: flex;
-  flex: 1 1 0;
-  width: 100%;
-}
-
-#footer {
-  bottom: 0;
-  width: 100%;
-  height: 70px; /* Footer height */
-}
-
-#language-box-corner {
-  position: absolute;
-  top: 75px;
-  right: 0;
+.panel-logo {
+  margin-bottom: 30px;
 }

 .language-box {
@ -72,7 +52,7 @@
  background-repeat: no-repeat;
  border-radius: 5px;
  width: 45px;
-  height: 65px;
+  height: 100%;
  float: right;
  cursor: pointer;

@ -81,9 +61,32 @@
  }
 }

+.login-form .language-box {
+  height: 65px;
+}
+
+.theme-box {
+  background: url("@{StaticBaseUrl}/img/muti_language.svg");
+  background-size: 25px, 25px;
+  background-position: center !important;
+  background-repeat: no-repeat !important;
+  border-radius: 5px;
+  width: 45px;
+  height: 100%;
+  float: right;
+  cursor: pointer;
+
+  &:hover {
+    background-color: #f5f5f5 !important;
+  }
+}
+
 .rightDropDown {
+  border-radius: 7px;
+
  &:hover {
    background-color: #f5f5f5;
+    color: black;
  }
 }

@ -107,6 +110,7 @@

 .forget-content {
  padding: 10px 100px 20px;
+  margin: 30px auto;
  border: 2px solid #fff;
  border-radius: 7px;
  background-color: rgb(255 255 255);
@ -137,10 +141,16 @@
 }

 .loginBackground {
+  flex: auto;
  display: flex;
  align-items: center;
-  flex: 1 1 0;
  background: #fff no-repeat;
  background-size: 100% 100%;
  background-attachment: fixed;
 }
+
+.ant-menu-horizontal {
+  border-bottom: none !important;
+  margin-right: 30px;
+  right: 230px;
+}
--- a/web/src/ApplicationEditPage.js
+++ b/web/src/ApplicationEditPage.js
@ -49,6 +49,9 @@ const template = `<style>
 }
 </style>`;

+const previewGrid = Setting.isMobile() ? 22 : 11;
+const previewWidth = Setting.isMobile() ? "110%" : "90%";
+
 const sideTemplate = `<style>
  .left-model{
    text-align: center;
@ -91,7 +94,7 @@ class ApplicationEditPage extends React.Component {
    super(props);
    this.state = {
      classes: props,
-      owner: props.account.owner,
+      owner: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
      applicationName: props.match.params.applicationName,
      application: null,
      organizations: [],
@ -142,21 +145,11 @@ class ApplicationEditPage extends React.Component {
  }

  getProviders() {
-    if (Setting.isAdminUser(this.props.account)) {
-      ProviderBackend.getGlobalProviders()
-        .then((res) => {
-          this.setState({
-            providers: res,
-          });
-        });
-    } else {
-      ProviderBackend.getProviders(this.state.owner)
-        .then((res) => {
-          this.setState({
-            providers: res,
-          });
-        });
-    }
+    ProviderBackend.getProviders(this.state.owner).then((res => {
+      this.setState({
+        providers: res,
+      });
+    }));
  }

  getSamlMetadata() {
@ -198,7 +191,7 @@ class ApplicationEditPage extends React.Component {
          Setting.showMessage("success", i18next.t("application:File uploaded successfully"));
          this.updateApplicationField("termsOfUse", res.data);
        } else {
-          Setting.showMessage("error", res.msg);
+          Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);
        }
      }).finally(() => {
        this.setState({uploading: false});
@ -287,7 +280,7 @@ class ApplicationEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.application.organization} onChange={(value => {this.updateApplicationField("organization", value);})}>
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.application.organization} onChange={(value => {this.updateApplicationField("organization", value);})}>
              {
                this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
              }
@ -552,6 +545,16 @@ class ApplicationEditPage extends React.Component {
            </Select>
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("application:SAML Reply URL"), i18next.t("application:Redirect URL (Assertion Consumer Service POST Binding URL) - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input prefix={<LinkOutlined />} value={this.state.application.samlReplyUrl} onChange={e => {
+              this.updateApplicationField("samlReplyUrl", e.target.value);
+            }} />
+          </Col>
+        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 19 : 2}>
            {Setting.getLabel(i18next.t("application:Enable SAML compress"), i18next.t("application:Enable SAML compress - Tooltip"))} :
@ -723,14 +726,14 @@ class ApplicationEditPage extends React.Component {
  renderSignupSigninPreview() {
    let signUpUrl = `/signup/${this.state.application.name}`;
    const signInUrl = `/login/oauth/authorize?client_id=${this.state.application.clientId}&response_type=code&redirect_uri=${this.state.application.redirectUris[0]}&scope=read&state=casdoor`;
-    const maskStyle = {position: "absolute", top: "0px", left: "0px", zIndex: 10, height: "100%", width: "100%", background: "rgba(0,0,0,0.4)"};
+    const maskStyle = {position: "absolute", top: "0px", left: "0px", zIndex: 10, height: "97%", width: "100%", background: "rgba(0,0,0,0.4)"};
    if (!this.state.application.enablePassword) {
      signUpUrl = signInUrl.replace("/login/oauth/authorize", "/signup/oauth/authorize");
    }

    return (
      <React.Fragment>
-        <Col span={11}>
+        <Col span={previewGrid}>
          <Button style={{marginBottom: "10px"}} type="primary" shape="round" icon={<CopyOutlined />} onClick={() => {
            copy(`${window.location.origin}${signUpUrl}`);
            Setting.showMessage("success", i18next.t("application:Signup page URL copied to clipboard successfully, please paste it into the incognito window or another browser"));
@ -739,19 +742,23 @@ class ApplicationEditPage extends React.Component {
            {i18next.t("application:Copy signup page URL")}
          </Button>
          <br />
-          <div style={{position: "relative", width: "90%", border: "1px solid rgb(217,217,217)", boxShadow: "10px 10px 5px #888888", alignItems: "center", overflow: "auto", flexDirection: "column", flex: "auto"}}>
+          <div style={{position: "relative", width: previewWidth, border: "1px solid rgb(217,217,217)", boxShadow: "10px 10px 5px #888888", overflow: "auto"}}>
            {
              this.state.application.enablePassword ? (
-                <SignupPage application={this.state.application} />
+                <div className="loginBackground" style={{backgroundImage: `url(${this.state.application?.formBackgroundUrl})`, overflow: "auto"}}>
+                  <SignupPage application={this.state.application} preview = "auto" />
+                </div>
              ) : (
-                <LoginPage type={"login"} mode={"signup"} application={this.state.application} />
+                <div className="loginBackground" style={{backgroundImage: `url(${this.state.application?.formBackgroundUrl})`, overflow: "auto"}}>
+                  <LoginPage type={"login"} mode={"signup"} application={this.state.application} preview = "auto" />
+                </div>
              )
            }
-            <div style={maskStyle} />
+            <div style={{overflow: "auto", ...maskStyle}} />
          </div>
        </Col>
-        <Col span={11}>
-          <Button style={{marginBottom: "10px"}} type="primary" shape="round" icon={<CopyOutlined />} onClick={() => {
+        <Col span={previewGrid}>
+          <Button style={{marginBottom: "10px", marginTop: Setting.isMobile() ? "15px" : "0"}} type="primary" shape="round" icon={<CopyOutlined />} onClick={() => {
            copy(`${window.location.origin}${signInUrl}`);
            Setting.showMessage("success", i18next.t("application:Signin page URL copied to clipboard successfully, please paste it into the incognito window or another browser"));
          }}
@ -759,9 +766,11 @@ class ApplicationEditPage extends React.Component {
            {i18next.t("application:Copy signin page URL")}
          </Button>
          <br />
-          <div style={{position: "relative", width: "90%", border: "1px solid rgb(217,217,217)", boxShadow: "10px 10px 5px #888888", alignItems: "center", overflow: "auto", flexDirection: "column", flex: "auto"}}>
-            <LoginPage type={"login"} mode={"signin"} application={this.state.application} />
-            <div style={maskStyle} />
+          <div style={{position: "relative", width: previewWidth, border: "1px solid rgb(217,217,217)", boxShadow: "10px 10px 5px #888888", overflow: "auto"}}>
+            <div className="loginBackground" style={{backgroundImage: `url(${this.state.application?.formBackgroundUrl})`, overflow: "auto"}}>
+              <LoginPage type={"login"} mode={"signin"} application={this.state.application} preview = "auto" />
+            </div>
+            <div style={{overflow: "auto", ...maskStyle}} />
          </div>
        </Col>
      </React.Fragment>
@ -772,7 +781,7 @@ class ApplicationEditPage extends React.Component {
    const promptUrl = `/prompt/${this.state.application.name}`;
    const maskStyle = {position: "absolute", top: "0px", left: "0px", zIndex: 10, height: "100%", width: "100%", background: "rgba(0,0,0,0.4)"};
    return (
-      <Col span={11}>
+      <Col span={previewGrid}>
        <Button style={{marginBottom: "10px"}} type="primary" shape="round" icon={<CopyOutlined />} onClick={() => {
          copy(`${window.location.origin}${promptUrl}`);
          Setting.showMessage("success", i18next.t("application:Prompt page URL copied to clipboard successfully, please paste it into the incognito window or another browser"));
@ -781,7 +790,7 @@ class ApplicationEditPage extends React.Component {
          {i18next.t("application:Copy prompt page URL")}
        </Button>
        <br />
-        <div style={{position: "relative", width: "90%", border: "1px solid rgb(217,217,217)", boxShadow: "10px 10px 5px #888888", flexDirection: "column", flex: "auto"}}>
+        <div style={{position: "relative", width: previewWidth, border: "1px solid rgb(217,217,217)", boxShadow: "10px 10px 5px #888888", flexDirection: "column", flex: "auto"}}>
          <PromptPage application={this.state.application} account={this.props.account} />
          <div style={maskStyle} />
        </div>
@ -791,10 +800,10 @@ class ApplicationEditPage extends React.Component {

  submitApplicationEdit(willExist) {
    const application = Setting.deepCopy(this.state.application);
-    ApplicationBackend.updateApplication(this.state.application.owner, this.state.applicationName, application)
+    ApplicationBackend.updateApplication("admin", this.state.applicationName, application)
      .then((res) => {
-        if (res.msg === "") {
-          Setting.showMessage("success", "Successfully saved");
+        if (res.status === "ok") {
+          Setting.showMessage("success", i18next.t("general:Successfully saved"));
          this.setState({
            applicationName: this.state.application.name,
          });
@ -802,25 +811,29 @@ class ApplicationEditPage extends React.Component {
          if (willExist) {
            this.props.history.push("/applications");
          } else {
-            this.props.history.push(`/applications/${this.state.application.name}`);
+            this.props.history.push(`/applications/${this.state.application.organization}/${this.state.application.name}`);
          }
        } else {
-          Setting.showMessage("error", res.msg);
+          Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);
          this.updateApplicationField("name", this.state.applicationName);
        }
      })
      .catch(error => {
-        Setting.showMessage("error", `Failed to connect to server: ${error}`);
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
      });
  }

  deleteApplication() {
    ApplicationBackend.deleteApplication(this.state.application)
-      .then(() => {
-        this.props.history.push("/applications");
+      .then((res) => {
+        if (res.status === "ok") {
+          this.props.history.push("/applications");
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
+        }
      })
      .catch(error => {
-        Setting.showMessage("error", `Application failed to delete: ${error}`);
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
      });
  }

--- a/web/src/ApplicationListPage.js
+++ b/web/src/ApplicationListPage.js
@ -23,11 +23,28 @@ import i18next from "i18next";
 import BaseListPage from "./BaseListPage";

 class ApplicationListPage extends BaseListPage {
+  constructor(props) {
+    super(props);
+    this.state = {
+      classes: props,
+      organizationName: props.account.owner,
+      data: [],
+      pagination: {
+        current: 1,
+        pageSize: 10,
+      },
+      loading: false,
+      searchText: "",
+      searchedColumn: "",
+    };
+  }
+
  newApplication() {
    const randomName = Setting.getRandomName();
    return {
-      owner: "admin", // this.props.account.applicationname,
+      owner: "admin", // this.props.account.applicationName,
      name: `application_${randomName}`,
+      organization: this.state.organizationName,
      createdTime: moment().format(),
      displayName: `New Application - ${randomName}`,
      logo: `${Setting.StaticBaseUrl}/img/casdoor-logo_1185x256.png`,
@ -53,7 +70,7 @@ class ApplicationListPage extends BaseListPage {
      redirectUris: ["http://localhost:9000/callback"],
      tokenFormat: "JWT",
      expireInHours: 24 * 7,
-      formOffset: 8,
+      formOffset: 2,
    };
  }

@ -61,26 +78,33 @@ class ApplicationListPage extends BaseListPage {
    const newApplication = this.newApplication();
    ApplicationBackend.addApplication(newApplication)
      .then((res) => {
-        this.props.history.push({pathname: `/applications/${newApplication.name}`, mode: "add"});
-      }
-      )
+        if (res.status === "ok") {
+          this.props.history.push({pathname: `/applications/${newApplication.organization}/${newApplication.name}`, mode: "add"});
+          Setting.showMessage("success", i18next.t("general:Successfully added"));
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to add")}: ${res.msg}`);
+        }
+      })
      .catch(error => {
-        Setting.showMessage("error", `Application failed to add: ${error}`);
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
      });
  }

  deleteApplication(i) {
    ApplicationBackend.deleteApplication(this.state.data[i])
      .then((res) => {
-        Setting.showMessage("success", "Application deleted successfully");
-        this.setState({
-          data: Setting.deleteRow(this.state.data, i),
-          pagination: {total: this.state.pagination.total - 1},
-        });
-      }
-      )
+        if (res.status === "ok") {
+          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
+          });
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
+        }
+      })
      .catch(error => {
-        Setting.showMessage("error", `Application failed to delete: ${error}`);
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
      });
  }

@ -96,7 +120,7 @@ class ApplicationListPage extends BaseListPage {
        ...this.getColumnSearchProps("name"),
        render: (text, record, index) => {
          return (
-            <Link to={`/applications/${text}`}>
+            <Link to={`/applications/${record.organization}/${text}`}>
              {text}
            </Link>
          );
@ -173,9 +197,9 @@ class ApplicationListPage extends BaseListPage {
                    <List.Item>
                      <div style={{display: "inline"}}>
                        <Tooltip placement="topLeft" title="Edit">
-                          <Button style={{marginRight: "5px"}} icon={<EditOutlined />} size="small" onClick={() => Setting.goToLinkSoft(this, `/providers/${providerItem.name}`)} />
+                          <Button style={{marginRight: "5px"}} icon={<EditOutlined />} size="small" onClick={() => Setting.goToLinkSoft(this, `/providers/${record.organization}/${providerItem.name}`)} />
                        </Tooltip>
-                        <Link to={`/providers/${providerItem.name}`}>
+                        <Link to={`/providers/${record.organization}/${providerItem.name}`}>
                          {providerItem.name}
                        </Link>
                      </div>
@ -213,13 +237,13 @@ class ApplicationListPage extends BaseListPage {
        render: (text, record, index) => {
          return (
            <div>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/applications/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/applications/${record.organization}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
              <Popconfirm
                title={`Sure to delete application: ${record.name} ?`}
                onConfirm={() => this.deleteApplication(index)}
                disabled={record.name === "app-built-in"}
              >
-                <Button style={{marginBottom: "10px"}} disabled={record.name === "app-built-in"} type="danger">{i18next.t("general:Delete")}</Button>
+                <Button style={{marginBottom: "10px"}} disabled={record.name === "app-built-in"} type="primary" danger>{i18next.t("general:Delete")}</Button>
              </Popconfirm>
            </div>
          );
@ -254,7 +278,8 @@ class ApplicationListPage extends BaseListPage {
    const field = params.searchedColumn, value = params.searchText;
    const sortField = params.sortField, sortOrder = params.sortOrder;
    this.setState({loading: true});
-    ApplicationBackend.getApplications("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    (Setting.isAdminUser(this.props.account) ? ApplicationBackend.getApplications("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder) :
+      ApplicationBackend.getApplicationsByOrganization("admin", this.state.organizationName, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
--- a/web/src/BaseListPage.js
+++ b/web/src/BaseListPage.js
@ -87,7 +87,7 @@ class BaseListPage extends React.Component {
      record[dataIndex]
        ? record[dataIndex].toString().toLowerCase().includes(value.toLowerCase())
        : "",
-    onFilterDropdownVisibleChange: visible => {
+    onFilterDropdownOpenChange: visible => {
      if (visible) {
        setTimeout(() => this.searchInput.select(), 100);
      }
--- a/web/src/CertEditPage.js
+++ b/web/src/CertEditPage.js
@ -65,6 +65,7 @@ class CertEditPage extends React.Component {
  }

  renderCert() {
+    const editorWidth = Setting.isMobile() ? 22 : 9;
    return (
      <Card size="small" title={
        <div>
@ -166,7 +167,7 @@ class CertEditPage extends React.Component {
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("cert:Certificate"), i18next.t("cert:Certificate - Tooltip"))} :
          </Col>
-          <Col span={9} >
+          <Col span={editorWidth} >
            <Button style={{marginRight: "10px", marginBottom: "10px"}} onClick={() => {
              copy(this.state.cert.certificate);
              Setting.showMessage("success", i18next.t("cert:Certificate copied to clipboard successfully"));
@ -189,7 +190,7 @@ class CertEditPage extends React.Component {
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("cert:Private key"), i18next.t("cert:Private key - Tooltip"))} :
          </Col>
-          <Col span={9} >
+          <Col span={editorWidth} >
            <Button style={{marginRight: "10px", marginBottom: "10px"}} onClick={() => {
              copy(this.state.cert.privateKey);
              Setting.showMessage("success", i18next.t("cert:Private key copied to clipboard successfully"));
@ -217,8 +218,8 @@ class CertEditPage extends React.Component {
    const cert = Setting.deepCopy(this.state.cert);
    CertBackend.updateCert(this.state.cert.owner, this.state.certName, cert)
      .then((res) => {
-        if (res.msg === "") {
-          Setting.showMessage("success", "Successfully saved");
+        if (res.status === "ok") {
+          Setting.showMessage("success", i18next.t("general:Successfully saved"));
          this.setState({
            certName: this.state.cert.name,
          });
@ -229,22 +230,26 @@ class CertEditPage extends React.Component {
            this.props.history.push(`/certs/${this.state.cert.name}`);
          }
        } else {
-          Setting.showMessage("error", res.msg);
+          Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);
          this.updateCertField("name", this.state.certName);
        }
      })
      .catch(error => {
-        Setting.showMessage("error", `Failed to connect to server: ${error}`);
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
      });
  }

  deleteCert() {
    CertBackend.deleteCert(this.state.cert)
-      .then(() => {
-        this.props.history.push("/certs");
+      .then((res) => {
+        if (res.status === "ok") {
+          this.props.history.push("/certs");
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
+        }
      })
      .catch(error => {
-        Setting.showMessage("error", `Cert failed to delete: ${error}`);
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
      });
  }

--- a/web/src/CertListPage.js
+++ b/web/src/CertListPage.js
@ -43,26 +43,33 @@ class CertListPage extends BaseListPage {
    const newCert = this.newCert();
    CertBackend.addCert(newCert)
      .then((res) => {
-        this.props.history.push({pathname: `/certs/${newCert.name}`, mode: "add"});
-      }
-      )
+        if (res.status === "ok") {
+          this.props.history.push({pathname: `/certs/${newCert.name}`, mode: "add"});
+          Setting.showMessage("success", i18next.t("general:Successfully added"));
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to add")}: ${res.msg}`);
+        }
+      })
      .catch(error => {
-        Setting.showMessage("error", `Cert failed to add: ${error}`);
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
      });
  }

  deleteCert(i) {
    CertBackend.deleteCert(this.state.data[i])
      .then((res) => {
-        Setting.showMessage("success", "Cert deleted successfully");
-        this.setState({
-          data: Setting.deleteRow(this.state.data, i),
-          pagination: {total: this.state.pagination.total - 1},
-        });
-      }
-      )
+        if (res.status === "ok") {
+          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
+          });
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
+        }
+      })
      .catch(error => {
-        Setting.showMessage("error", `Cert failed to delete: ${error}`);
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
      });
  }

@ -165,7 +172,7 @@ class CertListPage extends BaseListPage {
                title={`Sure to delete cert: ${record.name} ?`}
                onConfirm={() => this.deleteCert(index)}
              >
-                <Button style={{marginBottom: "10px"}} type="danger">{i18next.t("general:Delete")}</Button>
+                <Button style={{marginBottom: "10px"}} type="primary" danger>{i18next.t("general:Delete")}</Button>
              </Popconfirm>
            </div>
          );
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
imp2002	308f305c53	feat: add query and fragment response mode declare in OIDC (#1439 )	2023-01-01 21:46:12 +08:00
Yaodong Yu	d498bc60ce	feat: edit user properties (#1435 )	2022-12-31 15:27:53 +08:00
Mr Forest	7bbe1e38c1	fix: fix translate error (#1432 ) * fix:fix translate error * Delete TelegramLoginButton.js * Update data.json * Update data.json Co-authored-by: hsluoyz <hsluoyz@qq.com>	2022-12-30 12:10:18 +08:00
Chell	f465fc6ce0	feat: support changing theme in antd 5 (#1430 ) * feat: add global theme change function * feat: add icons * feat: in app theme changer * feat: use antd built-in themes * fix: multiple styling problem * fix: theme init from localstorage * feat: dark mode footer * feat: casdoor logo color theme * feat: select theme box icon adaptive to theme * fix: menu bar style * fix: language box style * feat: translation * feat: update translation of select theme box without reloading * fix: mobile view * fix: better structured select theme box * feat: add compact icon * fix: redundant theme fetch * fix: redundant theme fetch * fix: various styling problems	2022-12-29 22:30:37 +08:00
June	c952c2f2f4	feat: fix login with password bug when feature is disabled (#1428 )	2022-12-27 14:46:57 +08:00
Yaodong Yu	86ae97d1e5	feat: fix the bug that spin is always showing when response error (#1424 )	2022-12-24 17:55:36 +08:00
Yaodong Yu	6ea73e3eca	fix: show background image in preview (#1425 )	2022-12-24 17:47:05 +08:00
Chell	a71a190db5	feat: fix bug in redirectToLoginPage() (#1422 )	2022-12-24 01:10:02 +08:00
Yaodong Yu	da69d94445	feat: fix the bug that spin in oauth is always showing (#1421 )	2022-12-23 15:06:51 +08:00
imp2002	b8b915abe1	feat: check AccessPermission in multiple permissions (#1420 )	2022-12-23 14:06:02 +08:00
Chell	5d1548e989	feat: fix absolute URL redirection (#1419 ) * fix: redirect to absolute url * fix: original jump	2022-12-23 11:05:15 +08:00
Yaodong Yu	a0dc6e06cd	feat: add EntryPage for login, signup pages to fix background flashing issue (#1416 ) * feat: fix flush in login Pages * fix: code format * fix: improve code * Update App.js * Update EntryPage.js * fix: optimize api request * Update App.js * Update App.js * fix: fix css * fix: css and getApllicationObj Co-authored-by: hsluoyz <hsluoyz@qq.com>	2022-12-22 23:39:02 +08:00
WangGuan	ae130788ec	feat: add Line support as OAuth 3rd-party login (#1413 )	2022-12-21 02:25:58 +08:00
Gucheng Wang	f075d0fd74	Refactor out application.IsRedirectUriValid()	2022-12-21 00:35:33 +08:00
Alena Poliakova	65d4946042	feat: add valid key for creating token (#1411 )	2022-12-20 22:05:00 +08:00
Liu	26acece8af	feat: add all other missing objects to init_data (#1407 ) * Add all other missing objects to init_data.json * Format golang code * feat: add all other missing objects to init_data * feat: add all other missing objects to init_data	2022-12-18 01:49:42 +08:00
Gucheng Wang	48a0c8473f	Improve README	2022-12-18 01:41:12 +08:00
Yaodong Yu	082ae3c91e	fix: fix undefined owner bug in AdapterEditPage (#1406 )	2022-12-17 21:21:39 +08:00
Yaodong Yu	1ee2ff1d30	feat: now dingtalk OAuth returns all error messages to frontend (#1405 )	2022-12-17 21:10:20 +08:00
Gucheng Wang	c0d9969013	Add description to product	2022-12-16 23:35:30 +08:00
Gucheng Wang	1bdee13150	Fix bug in renderQrCodeModal()	2022-12-16 23:28:43 +08:00
imp2002	d668022af0	feat: fix length of policy and `[policy_define]` in `model` inconsistent (#1400 )	2022-12-15 20:42:55 +08:00
Yaodong Yu	e227875c2b	feat: add post methed for saml response (#1399 )	2022-12-13 22:32:45 +08:00
Mr Forest	e473de3162	feat: fix sign in error via webauthn (#1398 ) * fix: fix sign in error via webauthn * fix review problems	2022-12-13 16:57:42 +08:00
Gucheng Wang	c5ef841d3f	Disable isValidIdCard()	2022-12-12 01:07:31 +08:00
Gucheng Wang	d46288b591	Add renderQrCodeModal()	2022-12-12 00:42:45 +08:00
Chell	b968bf033c	fix: case insensitive country name and country abbreviation search in region selection (#1394 )	2022-12-11 18:14:25 +08:00
Mr Forest	eca2527bc0	feat: fix bug in signup and reset phone and email (#1396 ) * fix: fix bug in signup and reset phone and email * delete useless addition	2022-12-11 15:52:36 +08:00
Chell	ef836acfe9	fix: login page flag icon preload (#1393 )	2022-12-11 11:22:58 +08:00
Yaodong Yu	a51f0d7c08	feat: init score in organization (#1388 ) * feat: init score in organization * Update OrganizationEditPage.js Co-authored-by: hsluoyz <hsluoyz@qq.com>	2022-12-10 22:27:12 +08:00
Yaodong Yu	e3c36beaf4	fix: the link button with disabled style but can click (#1390 )	2022-12-10 22:14:20 +08:00
imp2002	19dce838d1	fix: fix invalid url in applications page (#1389 )	2022-12-10 22:06:21 +08:00
Yaodong Yu	b41d8652f0	feat: fix showing wrong error messages (#1385 )	2022-12-09 15:11:13 +08:00
imp2002	e705eecffe	feat: response with status in `casbin_adapter.go` (#1384 ) * fix: response standardized information with status in `casbin_adapter.go` * fix: remove redundant statements	2022-12-08 10:22:59 +08:00
Mr Forest	2bb2c36f22	fix: add crowdin action env (#1381 )	2022-12-07 14:05:21 +08:00
Mr Forest	1bb3d2dea9	feat: refactor backend i18n (#1373 ) * fix: handle the dataSourceName when DB changes * reduce duplication of code * feat: refactor translation error message * feat: use json intsead of ini file * remove useless translation * fix translate problems * remove useless addition * fix pr problems * fix pr problems * fix split problem * use gofumpt to fmt code * use crowdin to execute backend translation * fix pr problems * refactor: change translation file structure same as frontend * delete useless output * update go.mod	2022-12-07 13:13:23 +08:00
Gucheng Wang	96566a626b	Increase Detail field size	2022-12-07 01:53:03 +08:00
Yaodong Yu	042e52bd16	feat: replace casdoor/goth with markbates/goth (#1374 )	2022-12-06 17:18:29 +08:00
Yaodong Yu	e207fd243b	feat: fix CSS issue that login error pages are not centered (#1371 )	2022-12-06 14:00:17 +08:00
Gucheng Wang	30b7fd963f	Reduce Resource key size	2022-12-06 11:30:42 +08:00
Yaodong Yu	ca314bbfb5	feat: refactor layout and fix footer CSS (#1370 )	2022-12-06 00:50:17 +08:00
imp2002	812c44e070	feat: add and load policy within a specific permission (#1357 ) * fix: add and load policy with a specific permission * fix: use a clear variable name	2022-12-05 17:07:10 +08:00
imp2002	78e45d07cf	fix: support RBAC With Domains/Tenants (#1333 ) * feat: support RBAC With Domains/Tenants * fix: add verify for `UpdatePermission` * Update permission.go Co-authored-by: hsluoyz <hsluoyz@qq.com>	2022-12-05 16:08:17 +08:00
Yaodong Yu	0856977b92	feat: update to antd 5.0 (#1362 ) * feat: update to ant5.X * fix: incompatible styles * fix: adjust the style	2022-12-04 23:05:30 +08:00
Chell	a44a4b0300	feat: fix React incorrect usage to fix issue that verification code must be submitted twice to succeed (#1348 ) * fix: synchronized user login fields saving * fix: synchronized user login fields saving * recover changes * fix: save username in step 2 * fix: format	2022-12-04 20:58:07 +08:00
Chell	4b29dd8c41	fix: responsive certs page editor (#1360 ) * fix: responsive editor width * fix: format	2022-12-04 16:04:04 +08:00
Yaodong Yu	165e2e33e3	fix: disable formcss in mobile (#1359 )	2022-12-04 15:53:46 +08:00
Yang Luo	d13a307ad5	Allow org admin to access GetResources()	2022-12-03 01:10:45 +08:00
Mr Forest	27bd771fed	feat: handle the dataSourceName when DB changes (#1352 ) * fix: handle the dataSourceName when DB changes * reduce duplication of code	2022-12-02 22:20:18 +08:00
Yaodong Yu	9f3ee275a8	feat: reformat frontend alert texts with correct i18n (#1341 ) * fix: add i18 * fix: standard prompt message	2022-12-02 00:06:28 +08:00
Chell	fcda64ad7d	fix: provider sort alphabetical order (#1347 )	2022-12-01 22:51:10 +08:00
Yaodong Yu	d815bf92bd	fix: handle add message in frontend (#1340 )	2022-11-29 20:32:47 +08:00
WangGuan	7867060b71	feat: add quota limitation to organizations, users, providers and applications (#1339 )	2022-11-29 11:01:41 +08:00
Mr Forest	8890d1d7c7	fix: check credential existence when signing via WebAuthn (#1336 ) * fix: check credential existence when signing via WebAuthn * fix review problem	2022-11-28 21:47:17 +08:00
Chell	6e6a0a074a	fix: application edit mobile view (#1331 ) * fix: application edit mobile view * fix: decompose elements * fix: decomposition * fix: remove space component * Update ApplicationEditPage.js Co-authored-by: hsluoyz <hsluoyz@qq.com>	2022-11-28 21:10:49 +08:00
Thai	cff3007992	feat: add get-permissions-by-role API (#1335 )	2022-11-28 15:30:46 +08:00
Mr Forest	fe448cbcf4	feat: check user existence when signing in via verification code (#1334 ) * fix:check user existence when logining by verification code * fix review problems * Update verification.go Co-authored-by: hsluoyz <hsluoyz@qq.com>	2022-11-28 00:11:33 +08:00
Chell	2ab25df950	fix: prompt page translation (#1330 ) * fix: prompt page translation * add multiple translations * fix: translation consistency * fix: translation consistency * fix: add translation * fix: add translation * Update data.json Co-authored-by: hsluoyz <hsluoyz@qq.com>	2022-11-27 21:04:45 +08:00
WangGuan	b895926754	feat: use another filename when uploading a duplicated file instead of replacing it (#1329 ) * fix: upload a file with the same name, not replace * Update resource.go Co-authored-by: hsluoyz <hsluoyz@qq.com>	2022-11-27 17:32:15 +08:00
YiNN	5bb7a4153f	feat: add cloudflare turnstile captcha (#1327 ) * feat: add cloudflare turnstile captcha * fix: rename turnstile to cloudflare turnstile	2022-11-26 17:17:49 +08:00
Yaodong Yu	b7cd598ee8	fix: fail to return after flush the page (#1325 ) * fix: fail to return after flush the page Old methed just get the url path parameter when click the butten. But when the page flushed, the returnUrl will disappear, so can not return to the specified page. * Update UserEditPage.js * Update UserEditPage.js Co-authored-by: hsluoyz <hsluoyz@qq.com>	2022-11-25 23:08:45 +08:00
Yaodong Yu	b10fb97c92	feat: finish policy list management (#1317 )	2022-11-25 16:02:20 +08:00
Yaodong Yu	b337b908ea	feat: fix the bug that admin cannot upload avatar for other users (#1323 )	2022-11-25 09:36:47 +08:00
Mr Forest	ba9d1e2388	fix: fix bug in GetAcceptLanguage() (#1322 )	2022-11-24 20:43:35 +08:00
Mr Forest	29ec1d2d9c	feat: update Xorm to v1.0.5 to fix the PostgreSQL bug in Xorm (#1321 ) * fix:update xorm version * fix pr problems * update xorm version to 1.2.0 * update xorm version to 1.0.5 * fix pr problems * generate go.sum file	2022-11-24 19:28:51 +08:00
Mr Forest	84a03f6c8e	feat: add webhook for add/update org/provider (#1316 )	2022-11-24 00:29:15 +08:00
会思考的下丘脑	56ff06bbea	feat: add parameter v0 for Casbin APIs (#1315 )	2022-11-23 22:39:17 +08:00
Yaodong Yu	7e756b8ee2	feat: manager applications in organization scope (#1290 ) * feat: manager applications in organization scope(front end) * fix: application can use own organization and admin provider * fix: improve methed to get provider * fix: modify provider methods by convention	2022-11-21 01:17:55 +08:00
Yaodong Yu	19ba37e0c2	feat: can specify available UI languages for an organization (#1306 )	2022-11-19 22:11:19 +08:00
Mr Forest	b98ce19211	feat: fix bug in GetDefaultApplication() that caused login error for other orgs (#1299 ) * fix:fix bug in GetDefaultApplication * fix:fix bug in GetDefaultApplication	2022-11-16 00:39:05 +08:00
会思考的下丘脑	37d1a73c0c	feat: encode redirectUri (#1297 )	2022-11-15 19:05:59 +08:00
Yaodong Yu	727877cf54	fix: illegal user when new a permission (#1298 )	2022-11-15 14:19:20 +08:00
Mr Forest	939b416717	fix: limit only under PC can login by following Wechat Official Account (#1293 )	2022-11-14 09:03:55 +08:00
imp2002	f115843fbb	feat: fix verification code send time's limit logic (#1292 )	2022-11-13 22:00:48 +08:00
Mr Forest	aa6a4dc74f	feat: support login by following wechat official account (#1284 ) * show QRcode when click WeChat Icon * update how to show qrcode * handle wechat scan qrcode * fix api problems * fix url problems * fix problems * modify get frequency * remove useless print * fix:fix PR problems * fix: fix PR problems * fix:fix PR problem * fix IMG load delay problems * fix:fix provider problems * fix test problems * use gofumpt to fmt code * fix:delete useless variables * feat:add button for follow official account * fix:fix review problems * use gofumpt to fmt code * fix:fix scantype problems * fix Response problem * use gofumpt to format code	2022-11-13 15:05:15 +08:00
cofecatt	462a82a3d5	fix: Add distinctions between access_token and refresh_token (#1280 )	2022-11-13 13:00:25 +08:00
Dinn	262aeba7e2	fix(RoleEditPage): Fix a crash when the sample role domains is null (#1268 )	2022-11-13 12:28:24 +08:00