feat: improve user edit page to fix missing fields and page crash (#1463 )

feat: check uniqueness for email and phone when updating user (#1461 )
* fix: check unique field when update user * Update data.json Co-authored-by: hsluoyz <hsluoyz@qq.com>
2025-07-22 08:03:50 +08:00 · 2023-01-11 16:15:06 +08:00 · 2023-01-10 22:34:08 +08:00 · 2023-01-09 23:33:03 +08:00 · 2023-01-09 00:16:32 +08:00 · 2023-01-07 13:49:06 +08:00
103 changed files with 13962 additions and 12612 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -1,2 +1,5 @@
 *.go linguist-detectable=true
-*.js linguist-detectable=false
+*.js linguist-detectable=false
 # Declare files that will always have LF line endings on checkout.
 # Git will always convert line endings to LF on checkout. You should use this for files that must keep LF endings, even on Windows.
 *.sh text eol=lf
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -76,11 +76,48 @@ jobs:
          version: latest
          args: --disable-all -c dummy.yml -E=gofumpt --max-same-issues=0 --timeout 5m --modules-download-mode=mod
  e2e:
    name: e2e-test
    runs-on: ubuntu-latest
    needs: [ frontend, backend, linter ]
    services:
      mysql:
          image: mysql:5.7
          env:
            MYSQL_DATABASE: casdoor
            MYSQL_ROOT_PASSWORD: 123456
          ports:
              - 3306:3306
          options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-go@v2
        with:
          go-version: '^1.16.5'
      - uses: actions/setup-node@v2
        with:
          node-version: 16    
      - name: front install
        run: yarn install
        working-directory: ./web
      - name: front start
        run: nohup yarn start &
        working-directory: ./web  
      - name: back start
        run: nohup go run ./main.go &
        working-directory: ./
      - name: Sleep for starting
        run: sleep 60s
        shell: bash
      - name: e2e
        run: npx cypress run --spec "**/e2e/**.cy.js"
        working-directory: ./web
  release-and-push:
    name: Release And Push
    runs-on: ubuntu-latest
    if: github.repository == 'casdoor/casdoor' && github.event_name == 'push'
-    needs: [ frontend, backend, linter ]
+    needs: [ frontend, backend, linter, e2e ]
    steps:
      - name: Checkout
        uses: actions/checkout@v2
--- a/controllers/account.go
+++ b/controllers/account.go
@ -242,6 +242,7 @@ func (c *ApiController) Signup() {
 // @router /logout [get,post]
 func (c *ApiController) Logout() {
 	user := c.GetSessionUsername()
 	object.DeleteSessionId(user, c.Ctx.Input.CruSession.SessionID())
 	util.LogInfo(c.Ctx, "API: [%s] logged out", user)
 	application := c.GetSessionApplication()
@ -271,12 +272,17 @@ func (c *ApiController) GetAccount() {
 		user = object.ExtendManagedAccountsWithUser(user)
 	}
 	object.ExtendUserWithRolesAndPermissions(user)
 	user.Permissions = object.GetMaskedPermissions(user.Permissions)
 	user.Roles = object.GetMaskedRoles(user.Roles)
 	organization := object.GetMaskedOrganization(object.GetOrganizationByUser(user))
 	resp := Response{
 		Status: "ok",
 		Sub:    user.Id,
 		Name:   user.Name,
-		Data:   user,
+		Data:   object.GetMaskedUser(user),
 		Data2:  organization,
 	}
 	c.Data["json"] = resp
--- a/controllers/application.go
+++ b/controllers/application.go
@ -86,7 +86,7 @@ func (c *ApiController) GetUserApplication() {
 	id := c.Input().Get("id")
 	user := object.GetUser(id)
 	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("application:The user: %s doesn't exist"), id))
+		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), id))
 		return
 	}
--- a/controllers/auth.go
+++ b/controllers/auth.go
@ -52,7 +52,7 @@ func tokenToResponse(token *object.Token) *Response {
 	if token.AccessToken == "" {
 		return &Response{Status: "error", Msg: "fail to get accessToken", Data: token.AccessToken}
 	}
-	return &Response{Status: "ok", Msg: "", Data: token.AccessToken}
+	return &Response{Status: "ok", Msg: "", Data: token.AccessToken, Data2: token.RefreshToken}
 }
 // HandleLoggedIn ...
@ -103,12 +103,12 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 			resp = tokenToResponse(token)
 		}
 	} else if form.Type == ResponseTypeSaml { // saml flow
-		res, redirectUrl, err := object.GetSamlResponse(application, user, form.SamlRequest, c.Ctx.Request.Host)
+		res, redirectUrl, method, err := object.GetSamlResponse(application, user, form.SamlRequest, c.Ctx.Request.Host)
 		if err != nil {
 			c.ResponseError(err.Error(), nil)
 			return
 		}
-		resp = &Response{Status: "ok", Msg: "", Data: res, Data2: redirectUrl}
+		resp = &Response{Status: "ok", Msg: "", Data: res, Data2: map[string]string{"redirectUrl": redirectUrl, "method": method}}
 	} else if form.Type == ResponseTypeCas {
 		// not oauth but CAS SSO protocol
 		service := c.Input().Get("service")
@ -139,6 +139,10 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		})
 	}
 	if resp.Status == "ok" {
 		object.SetSession(user.GetId(), c.Ctx.Input.CruSession.SessionID())
 	}
 	return resp
 }
@ -170,7 +174,7 @@ func (c *ApiController) GetApplicationLogin() {
 }
 func setHttpClient(idProvider idp.IdProvider, providerType string) {
-	if providerType == "GitHub" || providerType == "Google" || providerType == "Facebook" || providerType == "LinkedIn" || providerType == "Steam" {
+	if providerType == "GitHub" || providerType == "Google" || providerType == "Facebook" || providerType == "LinkedIn" || providerType == "Steam" || providerType == "Line" {
 		idProvider.SetHttpClient(proxy.ProxyHttpClient)
 	} else {
 		idProvider.SetHttpClient(proxy.DefaultHttpClient)
@ -205,7 +209,7 @@ func (c *ApiController) Login() {
 	if form.Username != "" {
 		if form.Type == ResponseTypeLogin {
 			if c.GetSessionUsername() != "" {
-				c.ResponseError(c.T("auth:Please sign out first before signing in"), c.GetSessionUsername())
+				c.ResponseError(c.T("account:Please sign out first before signing in"), c.GetSessionUsername())
 				return
 			}
 		}
@ -222,12 +226,13 @@ func (c *ApiController) Login() {
 			}
 			// check result through Email or Phone
 			var checkDest string
 			if strings.Contains(form.Username, "@") {
 				verificationCodeType = "email"
 				if user != nil && util.GetMaskedEmail(user.Email) == form.Username {
 					form.Username = user.Email
 				}
-				checkResult = object.CheckVerificationCode(form.Username, form.Code, c.GetAcceptLanguage())
+				checkDest = form.Username
 			} else {
 				verificationCodeType = "phone"
 				if len(form.PhonePrefix) == 0 {
@ -238,11 +243,16 @@ func (c *ApiController) Login() {
 				if user != nil && util.GetMaskedPhone(user.Phone) == form.Username {
 					form.Username = user.Phone
 				}
-				checkPhone := fmt.Sprintf("+%s%s", form.PhonePrefix, form.Username)
+				checkDest = fmt.Sprintf("+%s%s", form.PhonePrefix, form.Username)
 				checkResult = object.CheckVerificationCode(checkPhone, form.Code, c.GetAcceptLanguage())
 			}
 			user = object.GetUserByFields(form.Organization, form.Username)
 			if user == nil {
 				c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(form.Organization, form.Username)))
 				return
 			}
 			checkResult = object.CheckSigninCode(user, checkDest, form.Code, c.GetAcceptLanguage())
 			if len(checkResult) != 0 {
-				responseText := fmt.Sprintf("%s%s", verificationCodeType, checkResult)
+				responseText := fmt.Sprintf("%s - %s", verificationCodeType, checkResult)
 				c.ResponseError(responseText)
 				return
 			}
@ -253,18 +263,16 @@ func (c *ApiController) Login() {
 			} else {
 				object.DisableVerificationCode(fmt.Sprintf("+%s%s", form.PhonePrefix, form.Username))
 			}
 			user = object.GetUserByFields(form.Organization, form.Username)
 			if user == nil {
 				c.ResponseError(fmt.Sprintf(c.T("auth:The user: %s/%s doesn't exist"), form.Organization, form.Username))
 				return
 			}
 		} else {
 			application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
 			if application == nil {
 				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), form.Application))
 				return
 			}
 			if !application.EnablePassword {
 				c.ResponseError(c.T("auth:The login method: login with password is not enabled for the application"))
 				return
 			}
 			if object.CheckToEnableCaptcha(application) {
 				isHuman, err := captcha.VerifyCaptchaByCaptchaType(form.CaptchaType, form.CaptchaToken, form.ClientSecret)
@ -414,7 +422,7 @@ func (c *ApiController) Login() {
 				properties["no"] = strconv.Itoa(len(object.GetUsers(application.Organization)) + 2)
 				initScore, err := getInitScore(organization)
 				if err != nil {
-					c.ResponseError(fmt.Errorf(c.T("auth:Get init score failed, error: %w"), err).Error())
+					c.ResponseError(fmt.Errorf(c.T("account:Get init score failed, error: %w"), err).Error())
 					return
 				}
@ -460,13 +468,13 @@ func (c *ApiController) Login() {
 				record2.User = user.Name
 				util.SafeGoroutine(func() { object.AddRecord(record2) })
 			} else if provider.Category == "SAML" {
-				resp = &Response{Status: "error", Msg: "The account does not exist"}
+				resp = &Response{Status: "error", Msg: fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(application.Organization, userInfo.Id))}
 			}
 			// resp = &Response{Status: "ok", Msg: "", Data: res}
 		} else { // form.Method != "signup"
 			userId := c.GetSessionUsername()
 			if userId == "" {
-				c.ResponseError(c.T("auth:The account does not exist"), userInfo)
+				c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(application.Organization, userInfo.Id)), userInfo)
 				return
 			}
--- a/controllers/enforcer.go
+++ b/controllers/enforcer.go
@ -47,7 +47,7 @@ func (c *ApiController) BatchEnforce() {
 func (c *ApiController) GetAllObjects() {
 	userId := c.GetSessionUsername()
 	if userId == "" {
-		c.ResponseError(c.T("enforcer:Please sign in first"))
+		c.ResponseError(c.T("general:Please login first"))
 		return
 	}
@ -58,7 +58,7 @@ func (c *ApiController) GetAllObjects() {
 func (c *ApiController) GetAllActions() {
 	userId := c.GetSessionUsername()
 	if userId == "" {
-		c.ResponseError(c.T("enforcer:Please sign in first"))
+		c.ResponseError(c.T("general:Please login first"))
 		return
 	}
@ -69,7 +69,7 @@ func (c *ApiController) GetAllActions() {
 func (c *ApiController) GetAllRoles() {
 	userId := c.GetSessionUsername()
 	if userId == "" {
-		c.ResponseError(c.T("enforcer:Please sign in first"))
+		c.ResponseError(c.T("general:Please login first"))
 		return
 	}
--- a/controllers/product.go
+++ b/controllers/product.go
@ -141,13 +141,13 @@ func (c *ApiController) BuyProduct() {
 	userId := c.GetSessionUsername()
 	if userId == "" {
-		c.ResponseError(c.T("product:Please login first"))
+		c.ResponseError(c.T("general:Please login first"))
 		return
 	}
 	user := object.GetUser(userId)
 	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("product:The user: %s doesn't exist"), userId))
+		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
 		return
 	}
--- a/controllers/session.go
+++ b/controllers/session.go
@ -0,0 +1,68 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"encoding/json"
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 // DeleteSession
 // @Title DeleteSession
 // @Tag Session API
 // @Description Delete session by userId
 // @Param   ID     query    string  true        "The ID(owner/name) of user."
 // @Success 200 {array} string The Response object
 // @router /delete-session [post]
 func (c *ApiController) DeleteSession() {
 	var session object.Session
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &session)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 	c.Data["json"] = wrapActionResponse(object.DeleteSession(util.GetId(session.Owner, session.Name)))
 	c.ServeJSON()
 }
 // GetSessions
 // @Title GetSessions
 // @Tag Session API
 // @Description Get organization user sessions
 // @Param   owner     query    string  true        "The organization name"
 // @Success 200 {array} string The Response object
 // @router /get-sessions [get]
 func (c *ApiController) GetSessions() {
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	owner := c.Input().Get("owner")
 	if limit == "" || page == "" {
 		c.Data["json"] = object.GetSessions(owner)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
 		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetSessionCount(owner, field, value)))
 		sessions := object.GetPaginationSessions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(sessions, paginator.Nums())
 	}
 }
--- a/controllers/system_info.go
+++ b/controllers/system_info.go
@ -40,7 +40,7 @@ func (c *ApiController) GetSystemInfo() {
 	user := object.GetUser(id)
 	if user == nil || !user.IsGlobalAdmin {
-		c.ResponseError(c.T("system_info:You are not authorized to access this resource"))
+		c.ResponseError(c.T("auth:Unauthorized operation"))
 		return
 	}
--- a/controllers/token.go
+++ b/controllers/token.go
@ -150,7 +150,7 @@ func (c *ApiController) GetOAuthCode() {
 	codeChallenge := c.Input().Get("code_challenge")
 	if challengeMethod != "S256" && challengeMethod != "null" && challengeMethod != "" {
-		c.ResponseError(c.T("token:Challenge method should be S256"))
+		c.ResponseError(c.T("auth:Challenge method should be S256"))
 		return
 	}
 	host := c.Ctx.Request.Host
@ -261,7 +261,7 @@ func (c *ApiController) TokenLogout() {
 	flag, application := object.DeleteTokenByAccessToken(token)
 	redirectUri := c.Input().Get("post_logout_redirect_uri")
 	state := c.Input().Get("state")
-	if application != nil && object.CheckRedirectUriValid(application, redirectUri) {
+	if application != nil && application.IsRedirectUriValid(redirectUri) {
 		c.Ctx.Redirect(http.StatusFound, redirectUri+"?state="+state)
 		return
 	}
--- a/controllers/user.go
+++ b/controllers/user.go
@ -148,8 +148,8 @@ func (c *ApiController) UpdateUser() {
 		return
 	}
-	if user.DisplayName == "" {
+	if msg := object.CheckUpdateUser(object.GetUser(id), &user, c.GetAcceptLanguage()); msg != "" {
-		c.ResponseError(c.T("user:Display name cannot be empty"))
+		c.ResponseError(msg)
 		return
 	}
@ -159,6 +159,12 @@ func (c *ApiController) UpdateUser() {
 	}
 	isGlobalAdmin := c.IsGlobalAdmin()
 	if pass, err := checkPermissionForUpdateUser(id, user, c); !pass {
 		c.ResponseError(err)
 		return
 	}
 	affected := object.UpdateUser(id, &user, columns, isGlobalAdmin)
 	if affected {
 		object.UpdateUserToOriginalDatabase(&user)
@ -236,7 +242,7 @@ func (c *ApiController) GetEmailAndPhone() {
 	user := object.GetUserByFields(form.Organization, form.Username)
 	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("user:The user: %s/%s doesn't exist"), form.Organization, form.Username))
+		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(form.Organization, form.Username)))
 		return
 	}
--- a/controllers/user_util.go
+++ b/controllers/user_util.go
@ -0,0 +1,142 @@
 // Copyright 2023 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package controllers
 import (
 	"encoding/json"
 	"github.com/casdoor/casdoor/object"
 )
 func checkPermissionForUpdateUser(userId string, newUser object.User, c *ApiController) (bool, string) {
 	oldUser := object.GetUser(userId)
 	organization := object.GetOrganizationByUser(oldUser)
 	var itemsChanged []*object.AccountItem
 	if oldUser.Owner != newUser.Owner {
 		item := object.GetAccountItemByName("Organization", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Name != newUser.Name {
 		item := object.GetAccountItemByName("Name", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Id != newUser.Id {
 		item := object.GetAccountItemByName("ID", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.DisplayName != newUser.DisplayName {
 		item := object.GetAccountItemByName("Display name", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Avatar != newUser.Avatar {
 		item := object.GetAccountItemByName("Avatar", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Type != newUser.Type {
 		item := object.GetAccountItemByName("User type", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	// The password is *** when not modified
 	if oldUser.Password != newUser.Password && newUser.Password != "***" {
 		item := object.GetAccountItemByName("Password", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Email != newUser.Email {
 		item := object.GetAccountItemByName("Email", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Phone != newUser.Phone {
 		item := object.GetAccountItemByName("Phone", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Region != newUser.Region {
 		item := object.GetAccountItemByName("Country/Region", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Location != newUser.Location {
 		item := object.GetAccountItemByName("Location", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Affiliation != newUser.Affiliation {
 		item := object.GetAccountItemByName("Affiliation", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Title != newUser.Title {
 		item := object.GetAccountItemByName("Title", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Homepage != newUser.Homepage {
 		item := object.GetAccountItemByName("Homepage", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Bio != newUser.Bio {
 		item := object.GetAccountItemByName("Bio", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.Tag != newUser.Tag {
 		item := object.GetAccountItemByName("Tag", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.SignupApplication != newUser.SignupApplication {
 		item := object.GetAccountItemByName("Signup application", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	oldUserRolesJson, _ := json.Marshal(oldUser.Roles)
 	newUserRolesJson, _ := json.Marshal(newUser.Roles)
 	if string(oldUserRolesJson) != string(newUserRolesJson) {
 		item := object.GetAccountItemByName("Roles", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	oldUserPermissionJson, _ := json.Marshal(oldUser.Permissions)
 	newUserPermissionJson, _ := json.Marshal(newUser.Permissions)
 	if string(oldUserPermissionJson) != string(newUserPermissionJson) {
 		item := object.GetAccountItemByName("Permissions", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	oldUserPropertiesJson, _ := json.Marshal(oldUser.Properties)
 	newUserPropertiesJson, _ := json.Marshal(newUser.Properties)
 	if string(oldUserPropertiesJson) != string(newUserPropertiesJson) {
 		item := object.GetAccountItemByName("Properties", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.IsAdmin != newUser.IsAdmin {
 		item := object.GetAccountItemByName("Is admin", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.IsGlobalAdmin != newUser.IsGlobalAdmin {
 		item := object.GetAccountItemByName("Is global admin", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.IsForbidden != newUser.IsForbidden {
 		item := object.GetAccountItemByName("Is forbidden", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	if oldUser.IsDeleted != newUser.IsDeleted {
 		item := object.GetAccountItemByName("Is deleted", organization)
 		itemsChanged = append(itemsChanged, item)
 	}
 	for i := range itemsChanged {
 		if pass, err := object.CheckAccountItemModifyRule(itemsChanged[i], c.getCurrentUser(), c.GetAcceptLanguage()); !pass {
 			return pass, err
 		}
 	}
 	return true, ""
 }
--- a/controllers/util.go
+++ b/controllers/util.go
@ -84,7 +84,7 @@ func (c *ApiController) SetTokenErrorHttpStatus() {
 func (c *ApiController) RequireSignedIn() (string, bool) {
 	userId := c.GetSessionUsername()
 	if userId == "" {
-		c.ResponseError(c.T("util:Please login first"), "Please login first")
+		c.ResponseError(c.T("general:Please login first"), "Please login first")
 		return "", false
 	}
 	return userId, true
@ -100,7 +100,7 @@ func (c *ApiController) RequireSignedInUser() (*object.User, bool) {
 	user := object.GetUser(userId)
 	if user == nil {
 		c.ClearUserSession()
-		c.ResponseError(fmt.Sprintf(c.T("util:The user: %s doesn't exist"), userId))
+		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
 		return nil, false
 	}
 	return user, true
--- a/controllers/verification.go
+++ b/controllers/verification.go
@ -99,7 +99,7 @@ func (c *ApiController) SendVerificationCode() {
 	}
 	if checkUser == "true" && user == nil && object.GetUserByFields(organization.Name, dest) == nil {
-		c.ResponseError(c.T("verification:Please login first"))
+		c.ResponseError(c.T("general:Please login first"))
 		return
 	}
@ -175,9 +175,14 @@ func (c *ApiController) ResetEmailOrPhone() {
 	}
 	checkDest := dest
-	org := object.GetOrganizationByUser(user)
+	organization := object.GetOrganizationByUser(user)
 	if destType == "phone" {
-		phoneItem := object.GetAccountItemByName("Phone", org)
+		if object.HasUserByField(user.Owner, "phone", user.Phone) {
 			c.ResponseError(c.T("check:Phone already exists"))
 			return
 		}
 		phoneItem := object.GetAccountItemByName("Phone", organization)
 		if phoneItem == nil {
 			c.ResponseError(c.T("verification:Unable to get the phone modify rule."))
 			return
@ -189,12 +194,17 @@ func (c *ApiController) ResetEmailOrPhone() {
 		}
 		phonePrefix := "86"
-		if org != nil && org.PhonePrefix != "" {
+		if organization != nil && organization.PhonePrefix != "" {
-			phonePrefix = org.PhonePrefix
+			phonePrefix = organization.PhonePrefix
 		}
 		checkDest = fmt.Sprintf("+%s%s", phonePrefix, dest)
 	} else if destType == "email" {
-		emailItem := object.GetAccountItemByName("Email", org)
+		if object.HasUserByField(user.Owner, "email", user.Email) {
 			c.ResponseError(c.T("check:Email already exists"))
 			return
 		}
 		emailItem := object.GetAccountItemByName("Email", organization)
 		if emailItem == nil {
 			c.ResponseError(c.T("verification:Unable to get the email modify rule."))
 			return
--- a/controllers/webauthn.go
+++ b/controllers/webauthn.go
@ -35,7 +35,7 @@ func (c *ApiController) WebAuthnSignupBegin() {
 	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	user := c.getCurrentUser()
 	if user == nil {
-		c.ResponseError(c.T("webauthn:Please login first"))
+		c.ResponseError(c.T("general:Please login first"))
 		return
 	}
@ -66,7 +66,7 @@ func (c *ApiController) WebAuthnSignupFinish() {
 	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	user := c.getCurrentUser()
 	if user == nil {
-		c.ResponseError(c.T("webauthn:Please login first"))
+		c.ResponseError(c.T("general:Please login first"))
 		return
 	}
 	sessionObj := c.GetSession("registration")
@ -101,7 +101,7 @@ func (c *ApiController) WebAuthnSigninBegin() {
 	userName := c.Input().Get("name")
 	user := object.GetUserByFields(userOwner, userName)
 	if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("webauthn:The user: %s/%s doesn't exist"), userOwner, userName))
+		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(userOwner, userName)))
 		return
 	}
 	if len(user.WebauthnCredentials) == 0 {
--- a/i18n/generate.go
+++ b/i18n/generate.go
@ -26,16 +26,22 @@ import (
 type I18nData map[string]map[string]string
-var reI18n *regexp.Regexp
+var (
 	reI18nFrontend          *regexp.Regexp
 	reI18nBackendObject     *regexp.Regexp
 	reI18nBackendController *regexp.Regexp
 )
 func init() {
-	reI18n, _ = regexp.Compile("i18next.t\\(\"(.*?)\"\\)")
+	reI18nFrontend, _ = regexp.Compile("i18next.t\\(\"(.*?)\"\\)")
 	reI18nBackendObject, _ = regexp.Compile("i18n.Translate\\((.*?)\"\\)")
 	reI18nBackendController, _ = regexp.Compile("c.T\\((.*?)\"\\)")
 }
-func getAllI18nStrings(fileContent string) []string {
+func getAllI18nStringsFrontend(fileContent string) []string {
 	res := []string{}
-	matches := reI18n.FindAllStringSubmatch(fileContent, -1)
+	matches := reI18nFrontend.FindAllStringSubmatch(fileContent, -1)
 	if matches == nil {
 		return res
 	}
@ -46,17 +52,39 @@ func getAllI18nStrings(fileContent string) []string {
 	return res
 }
-func getAllJsFilePaths() []string {
+func getAllI18nStringsBackend(fileContent string, isObjectPackage bool) []string {
 	path := "../web/src"
 	res := []string{}
-	err := filepath.Walk(path,
+	if isObjectPackage {
 		matches := reI18nBackendObject.FindAllStringSubmatch(fileContent, -1)
 		if matches == nil {
 			return res
 		}
 		for _, match := range matches {
 			match := strings.SplitN(match[1], ",", 2)
 			res = append(res, match[1][2:])
 		}
 	} else {
 		matches := reI18nBackendController.FindAllStringSubmatch(fileContent, -1)
 		if matches == nil {
 			return res
 		}
 		for _, match := range matches {
 			res = append(res, match[1][1:])
 		}
 	}
 	return res
 }
 func getAllFilePathsInFolder(folder string, fileSuffix string) []string {
 	res := []string{}
 	err := filepath.Walk(folder,
 		func(path string, info os.FileInfo, err error) error {
 			if err != nil {
 				return err
 			}
-			if !strings.HasSuffix(info.Name(), ".js") {
+			if !strings.HasSuffix(info.Name(), fileSuffix) {
 				return nil
 			}
@ -71,12 +99,25 @@ func getAllJsFilePaths() []string {
 	return res
 }
-func parseToData() *I18nData {
+func parseEnData(category string) *I18nData {
 	var paths []string
 	if category == "backend" {
 		paths = getAllFilePathsInFolder("../", ".go")
 	} else {
 		paths = getAllFilePathsInFolder("../web/src", ".js")
 	}
 	allWords := []string{}
 	paths := getAllJsFilePaths()
 	for _, path := range paths {
 		fileContent := util.ReadStringFromPath(path)
-		words := getAllI18nStrings(fileContent)
+
 		var words []string
 		if category == "backend" {
 			isObjectPackage := strings.Contains(path, "object")
 			words = getAllI18nStringsBackend(fileContent, isObjectPackage)
 		} else {
 			words = getAllI18nStringsFrontend(fileContent)
 		}
 		allWords = append(allWords, words...)
 	}
 	fmt.Printf("%v\n", allWords)
--- a/i18n/generate_backend.go
+++ b/i18n/generate_backend.go
@ -1,115 +0,0 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package i18n
 import (
 	"os"
 	"path/filepath"
 	"regexp"
 	"strings"
 	"github.com/casdoor/casdoor/util"
 )
 var (
 	reI18nBackendObject    *regexp.Regexp
 	re18nBackendController *regexp.Regexp
 )
 func init() {
 	reI18nBackendObject, _ = regexp.Compile("i18n.Translate\\((.*?)\"\\)")
 	re18nBackendController, _ = regexp.Compile("c.T\\((.*?)\"\\)")
 }
 func GetAllI18nStrings(fileContent string, path string) []string {
 	res := []string{}
 	if strings.Contains(path, "object") {
 		matches := reI18nBackendObject.FindAllStringSubmatch(fileContent, -1)
 		if matches == nil {
 			return res
 		}
 		for _, match := range matches {
 			match := strings.SplitN(match[1], ",", 2)
 			res = append(res, match[1][2:])
 		}
 	} else {
 		matches := re18nBackendController.FindAllStringSubmatch(fileContent, -1)
 		if matches == nil {
 			return res
 		}
 		for _, match := range matches {
 			res = append(res, match[1][1:])
 		}
 	}
 	return res
 }
 func getAllGoFilePaths() []string {
 	path := "../"
 	res := []string{}
 	err := filepath.Walk(path,
 		func(path string, info os.FileInfo, err error) error {
 			if err != nil {
 				return err
 			}
 			if !strings.HasSuffix(info.Name(), ".go") {
 				return nil
 			}
 			res = append(res, path)
 			// fmt.Println(path, info.Name())
 			return nil
 		})
 	if err != nil {
 		panic(err)
 	}
 	return res
 }
 func getErrName(paths []string) map[string]string {
 	ErrName := make(map[string]string)
 	for i := 0; i < len(paths); i++ {
 		content := util.ReadStringFromPath(paths[i])
 		words := GetAllI18nStrings(content, paths[i])
 		for j := 0; j < len(words); j++ {
 			ErrName[words[j]] = paths[i]
 		}
 	}
 	return ErrName
 }
 func getI18nJSONData(errName map[string]string) *I18nData {
 	data := I18nData{}
 	for k, v := range errName {
 		var index int
 		if strings.Contains(v, "/") {
 			index = strings.LastIndex(v, "/")
 		} else {
 			index = strings.LastIndex(v, "\\")
 		}
 		namespace := v[index+1 : len(v)-3]
 		key := k[len(namespace)+1:]
 		// fmt.Printf("k=%s,v=%s,namespace=%s,key=%s\n", k, v, namespace, key)
 		if _, ok := data[namespace]; !ok {
 			data[namespace] = map[string]string{}
 		}
 		data[namespace][key] = key
 	}
 	return &data
 }
--- a/i18n/generate_test.go
+++ b/i18n/generate_test.go
@ -15,50 +15,39 @@
 package i18n
 import (
 	"fmt"
 	"testing"
 )
-func applyToOtherLanguage(dataEn *I18nData, lang string) {
+func applyToOtherLanguage(category string, language string, i18nData *I18nData) {
-	dataOther := readI18nFile(lang)
+	newData := readI18nFile(category, language)
-	println(dataOther)
+	println(newData)
-	applyData(dataEn, dataOther)
+	applyData(i18nData, newData)
-	writeI18nFile(lang, dataEn)
+	writeI18nFile(category, language, i18nData)
 }
-func TestGenerateI18nStringsForFrontend(t *testing.T) {
+func TestGenerateI18nFrontend(t *testing.T) {
-	dataEn := parseToData()
+	enData := parseEnData("frontend")
-	writeI18nFile("en", dataEn)
+	writeI18nFile("frontend", "en", enData)
-	applyToOtherLanguage(dataEn, "de")
+	applyToOtherLanguage("frontend", "de", enData)
-	applyToOtherLanguage(dataEn, "fr")
+	applyToOtherLanguage("frontend", "es", enData)
-	applyToOtherLanguage(dataEn, "ja")
+	applyToOtherLanguage("frontend", "fr", enData)
-	applyToOtherLanguage(dataEn, "ko")
+	applyToOtherLanguage("frontend", "ja", enData)
-	applyToOtherLanguage(dataEn, "ru")
+	applyToOtherLanguage("frontend", "ko", enData)
-	applyToOtherLanguage(dataEn, "zh")
+	applyToOtherLanguage("frontend", "ru", enData)
 	applyToOtherLanguage("frontend", "zh", enData)
 }
-func TestGenerateI18nStringsForBackend(t *testing.T) {
+func TestGenerateI18nBackend(t *testing.T) {
-	paths := getAllGoFilePaths()
+	enData := parseEnData("backend")
 	writeI18nFile("backend", "en", enData)
-	errName := getErrName(paths)
+	applyToOtherLanguage("backend", "de", enData)
-
+	applyToOtherLanguage("backend", "es", enData)
-	dataEn := getI18nJSONData(errName)
+	applyToOtherLanguage("backend", "fr", enData)
-
+	applyToOtherLanguage("backend", "ja", enData)
-	writeI18nFile("backend_en", dataEn)
+	applyToOtherLanguage("backend", "ko", enData)
-
+	applyToOtherLanguage("backend", "ru", enData)
-	applyToOtherLanguage(dataEn, "backend_de")
+	applyToOtherLanguage("backend", "zh", enData)
 	applyToOtherLanguage(dataEn, "backend_es")
 	applyToOtherLanguage(dataEn, "backend_fr")
 	applyToOtherLanguage(dataEn, "backend_ja")
 	applyToOtherLanguage(dataEn, "backend_ko")
 	applyToOtherLanguage(dataEn, "backend_ru")
 	applyToOtherLanguage(dataEn, "backend_zh")
 	fmt.Println("Total Err Words:", len(errName))
 	for i := range errName {
 		fmt.Println(i)
 	}
 }
--- a/i18n/locales/de/data.json
+++ b/i18n/locales/de/data.json
@ -4,31 +4,28 @@
    "Get init score failed, error: %w": "Get init score failed, error: %w",
    "Invalid information": "Invalid information",
    "Phone: %s": "Phone: %s",
    "Please sign out first before signing in": "Please sign out first before signing in",
    "Please sign out first before signing up": "Please sign out first before signing up",
    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
  },
  "application": {
-    "Parameter organization is missing": "Parameter organization is missing",
+    "Parameter organization is missing": "Parameter organization is missing"
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "auth": {
    "%s No phone prefix": "%s No phone prefix",
    "Challenge method should be S256": "Challenge method should be S256",
    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
    "Failed to login in: %s": "Failed to login in: %s",
    "Get init score failed, error: %w": "Get init score failed, error: %w",
    "Invalid token": "Invalid token",
    "Please sign out first before signing in": "Please sign out first before signing in",
    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
    "The account does not exist": "The account does not exist",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
    "The application: %s does not exist": "The application: %s does not exist",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The provider type: %s is not supported": "The provider type: %s is not supported",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist",
    "Turing test failed.": "Turing test failed.",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
@ -53,11 +50,8 @@
    "Phone already exists": "Phone already exists",
    "Phone cannot be empty": "Phone cannot be empty",
    "Phone number is invalid": "Phone number is invalid",
    "Please login first": "Please login first",
    "Session outdated, please login again": "Session outdated, please login again",
    "The user doesn't exist": "The user doesn't exist",
    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
    "Username already exists": "Username already exists",
    "Username cannot be an email address": "Username cannot be an email address",
@ -65,16 +59,13 @@
    "Username cannot start with a digit": "Username cannot start with a digit",
    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You don't have the permission to do this": "You don't have the permission to do this",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again": "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
-  "check_util": {
+  "general": {
-    "You have entered the wrong password too many times, please wait for %d minutes and try again": "You have entered the wrong password too many times, please wait for %d minutes and try again",
+    "Please login first": "Please login first",
-    "password is incorrect, you have %d remaining chances": "password is incorrect, you have %d remaining chances"
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "enforcer": {
    "Please sign in first": "Please sign in first"
  },
  "ldap": {
    "Ldap server exist": "Ldap server exist",
@ -93,10 +84,6 @@
    "The %s is immutable.": "The %s is immutable.",
    "Unknown modify rule %s.": "Unknown modify rule %s."
  },
  "product": {
    "Please login first": "Please login first",
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "provider": {
    "Invalid application id": "Invalid application id",
    "the provider: %s does not exist": "the provider: %s does not exist"
@ -120,11 +107,7 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
  "system_info": {
    "You are not authorized to access this resource": "You are not authorized to access this resource"
  },
  "token": {
    "Challenge method should be S256": "Challenge method should be S256",
    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
@ -134,8 +117,7 @@
  "user": {
    "Display name cannot be empty": "Display name cannot be empty",
    "New password cannot contain blank space.": "New password cannot contain blank space.",
-    "New password must have at least 6 characters": "New password must have at least 6 characters",
+    "New password must have at least 6 characters": "New password must have at least 6 characters"
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
  },
  "user_upload": {
    "Failed to import users": "Failed to import users"
@ -143,9 +125,7 @@
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "Please login first": "Please login first",
+    "The provider: %s is not found": "The provider: %s is not found"
    "The provider: %s is not found": "The provider: %s is not found",
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "verification": {
    "Code has not been sent yet!": "Code has not been sent yet!",
@ -154,7 +134,6 @@
    "Missing parameter": "Missing parameter",
    "Organization does not exist": "Organization does not exist",
    "Phone number is invalid": "Phone number is invalid",
    "Please login first": "Please login first",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
@ -165,8 +144,6 @@
  },
  "webauthn": {
    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
    "Please login first": "Please login first",
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
  }
 }
--- a/i18n/locales/en/data.json
+++ b/i18n/locales/en/data.json
@ -4,31 +4,28 @@
    "Get init score failed, error: %w": "Get init score failed, error: %w",
    "Invalid information": "Invalid information",
    "Phone: %s": "Phone: %s",
    "Please sign out first before signing in": "Please sign out first before signing in",
    "Please sign out first before signing up": "Please sign out first before signing up",
    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
  },
  "application": {
-    "Parameter organization is missing": "Parameter organization is missing",
+    "Parameter organization is missing": "Parameter organization is missing"
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "auth": {
    "%s No phone prefix": "%s No phone prefix",
    "Challenge method should be S256": "Challenge method should be S256",
    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
    "Failed to login in: %s": "Failed to login in: %s",
    "Get init score failed, error: %w": "Get init score failed, error: %w",
    "Invalid token": "Invalid token",
    "Please sign out first before signing in": "Please sign out first before signing in",
    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
    "The account does not exist": "The account does not exist",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
    "The application: %s does not exist": "The application: %s does not exist",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The provider type: %s is not supported": "The provider type: %s is not supported",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist",
    "Turing test failed.": "Turing test failed.",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
@ -53,11 +50,8 @@
    "Phone already exists": "Phone already exists",
    "Phone cannot be empty": "Phone cannot be empty",
    "Phone number is invalid": "Phone number is invalid",
    "Please login first": "Please login first",
    "Session outdated, please login again": "Session outdated, please login again",
    "The user doesn't exist": "The user doesn't exist",
    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
    "Username already exists": "Username already exists",
    "Username cannot be an email address": "Username cannot be an email address",
@ -65,16 +59,13 @@
    "Username cannot start with a digit": "Username cannot start with a digit",
    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You don't have the permission to do this": "You don't have the permission to do this",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again": "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
-  "check_util": {
+  "general": {
-    "You have entered the wrong password too many times, please wait for %d minutes and try again": "You have entered the wrong password too many times, please wait for %d minutes and try again",
+    "Please login first": "Please login first",
-    "password is incorrect, you have %d remaining chances": "password is incorrect, you have %d remaining chances"
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "enforcer": {
    "Please sign in first": "Please sign in first"
  },
  "ldap": {
    "Ldap server exist": "Ldap server exist",
@ -93,10 +84,6 @@
    "The %s is immutable.": "The %s is immutable.",
    "Unknown modify rule %s.": "Unknown modify rule %s."
  },
  "product": {
    "Please login first": "Please login first",
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "provider": {
    "Invalid application id": "Invalid application id",
    "the provider: %s does not exist": "the provider: %s does not exist"
@ -120,11 +107,7 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
  "system_info": {
    "You are not authorized to access this resource": "You are not authorized to access this resource"
  },
  "token": {
    "Challenge method should be S256": "Challenge method should be S256",
    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
@ -134,8 +117,7 @@
  "user": {
    "Display name cannot be empty": "Display name cannot be empty",
    "New password cannot contain blank space.": "New password cannot contain blank space.",
-    "New password must have at least 6 characters": "New password must have at least 6 characters",
+    "New password must have at least 6 characters": "New password must have at least 6 characters"
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
  },
  "user_upload": {
    "Failed to import users": "Failed to import users"
@ -143,9 +125,7 @@
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "Please login first": "Please login first",
+    "The provider: %s is not found": "The provider: %s is not found"
    "The provider: %s is not found": "The provider: %s is not found",
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "verification": {
    "Code has not been sent yet!": "Code has not been sent yet!",
@ -154,7 +134,6 @@
    "Missing parameter": "Missing parameter",
    "Organization does not exist": "Organization does not exist",
    "Phone number is invalid": "Phone number is invalid",
    "Please login first": "Please login first",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
@ -165,8 +144,6 @@
  },
  "webauthn": {
    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
    "Please login first": "Please login first",
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
  }
 }
--- a/i18n/locales/es/data.json
+++ b/i18n/locales/es/data.json
@ -4,31 +4,28 @@
    "Get init score failed, error: %w": "Get init score failed, error: %w",
    "Invalid information": "Invalid information",
    "Phone: %s": "Phone: %s",
    "Please sign out first before signing in": "Please sign out first before signing in",
    "Please sign out first before signing up": "Please sign out first before signing up",
    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
  },
  "application": {
-    "Parameter organization is missing": "Parameter organization is missing",
+    "Parameter organization is missing": "Parameter organization is missing"
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "auth": {
    "%s No phone prefix": "%s No phone prefix",
    "Challenge method should be S256": "Challenge method should be S256",
    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
    "Failed to login in: %s": "Failed to login in: %s",
    "Get init score failed, error: %w": "Get init score failed, error: %w",
    "Invalid token": "Invalid token",
    "Please sign out first before signing in": "Please sign out first before signing in",
    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
    "The account does not exist": "The account does not exist",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
    "The application: %s does not exist": "The application: %s does not exist",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The provider type: %s is not supported": "The provider type: %s is not supported",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist",
    "Turing test failed.": "Turing test failed.",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
@ -53,11 +50,8 @@
    "Phone already exists": "Phone already exists",
    "Phone cannot be empty": "Phone cannot be empty",
    "Phone number is invalid": "Phone number is invalid",
    "Please login first": "Please login first",
    "Session outdated, please login again": "Session outdated, please login again",
    "The user doesn't exist": "The user doesn't exist",
    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
    "Username already exists": "Username already exists",
    "Username cannot be an email address": "Username cannot be an email address",
@ -65,16 +59,13 @@
    "Username cannot start with a digit": "Username cannot start with a digit",
    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You don't have the permission to do this": "You don't have the permission to do this",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again": "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
-  "check_util": {
+  "general": {
-    "You have entered the wrong password too many times, please wait for %d minutes and try again": "You have entered the wrong password too many times, please wait for %d minutes and try again",
+    "Please login first": "Please login first",
-    "password is incorrect, you have %d remaining chances": "password is incorrect, you have %d remaining chances"
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "enforcer": {
    "Please sign in first": "Please sign in first"
  },
  "ldap": {
    "Ldap server exist": "Ldap server exist",
@ -93,10 +84,6 @@
    "The %s is immutable.": "The %s is immutable.",
    "Unknown modify rule %s.": "Unknown modify rule %s."
  },
  "product": {
    "Please login first": "Please login first",
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "provider": {
    "Invalid application id": "Invalid application id",
    "the provider: %s does not exist": "the provider: %s does not exist"
@ -120,11 +107,7 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
  "system_info": {
    "You are not authorized to access this resource": "You are not authorized to access this resource"
  },
  "token": {
    "Challenge method should be S256": "Challenge method should be S256",
    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
@ -134,8 +117,7 @@
  "user": {
    "Display name cannot be empty": "Display name cannot be empty",
    "New password cannot contain blank space.": "New password cannot contain blank space.",
-    "New password must have at least 6 characters": "New password must have at least 6 characters",
+    "New password must have at least 6 characters": "New password must have at least 6 characters"
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
  },
  "user_upload": {
    "Failed to import users": "Failed to import users"
@ -143,9 +125,7 @@
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "Please login first": "Please login first",
+    "The provider: %s is not found": "The provider: %s is not found"
    "The provider: %s is not found": "The provider: %s is not found",
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "verification": {
    "Code has not been sent yet!": "Code has not been sent yet!",
@ -154,7 +134,6 @@
    "Missing parameter": "Missing parameter",
    "Organization does not exist": "Organization does not exist",
    "Phone number is invalid": "Phone number is invalid",
    "Please login first": "Please login first",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
@ -165,8 +144,6 @@
  },
  "webauthn": {
    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
    "Please login first": "Please login first",
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
  }
 }
--- a/i18n/locales/fr/data.json
+++ b/i18n/locales/fr/data.json
@ -4,31 +4,28 @@
    "Get init score failed, error: %w": "Get init score failed, error: %w",
    "Invalid information": "Invalid information",
    "Phone: %s": "Phone: %s",
    "Please sign out first before signing in": "Please sign out first before signing in",
    "Please sign out first before signing up": "Please sign out first before signing up",
    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
  },
  "application": {
-    "Parameter organization is missing": "Parameter organization is missing",
+    "Parameter organization is missing": "Parameter organization is missing"
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "auth": {
    "%s No phone prefix": "%s No phone prefix",
    "Challenge method should be S256": "Challenge method should be S256",
    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
    "Failed to login in: %s": "Failed to login in: %s",
    "Get init score failed, error: %w": "Get init score failed, error: %w",
    "Invalid token": "Invalid token",
    "Please sign out first before signing in": "Please sign out first before signing in",
    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
    "The account does not exist": "The account does not exist",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
    "The application: %s does not exist": "The application: %s does not exist",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The provider type: %s is not supported": "The provider type: %s is not supported",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist",
    "Turing test failed.": "Turing test failed.",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
@ -53,11 +50,8 @@
    "Phone already exists": "Phone already exists",
    "Phone cannot be empty": "Phone cannot be empty",
    "Phone number is invalid": "Phone number is invalid",
    "Please login first": "Please login first",
    "Session outdated, please login again": "Session outdated, please login again",
    "The user doesn't exist": "The user doesn't exist",
    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
    "Username already exists": "Username already exists",
    "Username cannot be an email address": "Username cannot be an email address",
@ -65,16 +59,13 @@
    "Username cannot start with a digit": "Username cannot start with a digit",
    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You don't have the permission to do this": "You don't have the permission to do this",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again": "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
-  "check_util": {
+  "general": {
-    "You have entered the wrong password too many times, please wait for %d minutes and try again": "You have entered the wrong password too many times, please wait for %d minutes and try again",
+    "Please login first": "Please login first",
-    "password is incorrect, you have %d remaining chances": "password is incorrect, you have %d remaining chances"
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "enforcer": {
    "Please sign in first": "Please sign in first"
  },
  "ldap": {
    "Ldap server exist": "Ldap server exist",
@ -93,10 +84,6 @@
    "The %s is immutable.": "The %s is immutable.",
    "Unknown modify rule %s.": "Unknown modify rule %s."
  },
  "product": {
    "Please login first": "Please login first",
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "provider": {
    "Invalid application id": "Invalid application id",
    "the provider: %s does not exist": "the provider: %s does not exist"
@ -120,11 +107,7 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
  "system_info": {
    "You are not authorized to access this resource": "You are not authorized to access this resource"
  },
  "token": {
    "Challenge method should be S256": "Challenge method should be S256",
    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
@ -134,8 +117,7 @@
  "user": {
    "Display name cannot be empty": "Display name cannot be empty",
    "New password cannot contain blank space.": "New password cannot contain blank space.",
-    "New password must have at least 6 characters": "New password must have at least 6 characters",
+    "New password must have at least 6 characters": "New password must have at least 6 characters"
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
  },
  "user_upload": {
    "Failed to import users": "Failed to import users"
@ -143,9 +125,7 @@
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "Please login first": "Please login first",
+    "The provider: %s is not found": "The provider: %s is not found"
    "The provider: %s is not found": "The provider: %s is not found",
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "verification": {
    "Code has not been sent yet!": "Code has not been sent yet!",
@ -154,7 +134,6 @@
    "Missing parameter": "Missing parameter",
    "Organization does not exist": "Organization does not exist",
    "Phone number is invalid": "Phone number is invalid",
    "Please login first": "Please login first",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
@ -165,8 +144,6 @@
  },
  "webauthn": {
    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
    "Please login first": "Please login first",
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
  }
 }
--- a/i18n/locales/ja/data.json
+++ b/i18n/locales/ja/data.json
@ -4,31 +4,28 @@
    "Get init score failed, error: %w": "Get init score failed, error: %w",
    "Invalid information": "Invalid information",
    "Phone: %s": "Phone: %s",
    "Please sign out first before signing in": "Please sign out first before signing in",
    "Please sign out first before signing up": "Please sign out first before signing up",
    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
  },
  "application": {
-    "Parameter organization is missing": "Parameter organization is missing",
+    "Parameter organization is missing": "Parameter organization is missing"
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "auth": {
    "%s No phone prefix": "%s No phone prefix",
    "Challenge method should be S256": "Challenge method should be S256",
    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
    "Failed to login in: %s": "Failed to login in: %s",
    "Get init score failed, error: %w": "Get init score failed, error: %w",
    "Invalid token": "Invalid token",
    "Please sign out first before signing in": "Please sign out first before signing in",
    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
    "The account does not exist": "The account does not exist",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
    "The application: %s does not exist": "The application: %s does not exist",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The provider type: %s is not supported": "The provider type: %s is not supported",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist",
    "Turing test failed.": "Turing test failed.",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
@ -53,11 +50,8 @@
    "Phone already exists": "Phone already exists",
    "Phone cannot be empty": "Phone cannot be empty",
    "Phone number is invalid": "Phone number is invalid",
    "Please login first": "Please login first",
    "Session outdated, please login again": "Session outdated, please login again",
    "The user doesn't exist": "The user doesn't exist",
    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
    "Username already exists": "Username already exists",
    "Username cannot be an email address": "Username cannot be an email address",
@ -65,16 +59,13 @@
    "Username cannot start with a digit": "Username cannot start with a digit",
    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You don't have the permission to do this": "You don't have the permission to do this",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again": "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
-  "check_util": {
+  "general": {
-    "You have entered the wrong password too many times, please wait for %d minutes and try again": "You have entered the wrong password too many times, please wait for %d minutes and try again",
+    "Please login first": "Please login first",
-    "password is incorrect, you have %d remaining chances": "password is incorrect, you have %d remaining chances"
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "enforcer": {
    "Please sign in first": "Please sign in first"
  },
  "ldap": {
    "Ldap server exist": "Ldap server exist",
@ -93,10 +84,6 @@
    "The %s is immutable.": "The %s is immutable.",
    "Unknown modify rule %s.": "Unknown modify rule %s."
  },
  "product": {
    "Please login first": "Please login first",
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "provider": {
    "Invalid application id": "Invalid application id",
    "the provider: %s does not exist": "the provider: %s does not exist"
@ -120,11 +107,7 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
  "system_info": {
    "You are not authorized to access this resource": "You are not authorized to access this resource"
  },
  "token": {
    "Challenge method should be S256": "Challenge method should be S256",
    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
@ -134,8 +117,7 @@
  "user": {
    "Display name cannot be empty": "Display name cannot be empty",
    "New password cannot contain blank space.": "New password cannot contain blank space.",
-    "New password must have at least 6 characters": "New password must have at least 6 characters",
+    "New password must have at least 6 characters": "New password must have at least 6 characters"
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
  },
  "user_upload": {
    "Failed to import users": "Failed to import users"
@ -143,9 +125,7 @@
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "Please login first": "Please login first",
+    "The provider: %s is not found": "The provider: %s is not found"
    "The provider: %s is not found": "The provider: %s is not found",
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "verification": {
    "Code has not been sent yet!": "Code has not been sent yet!",
@ -154,7 +134,6 @@
    "Missing parameter": "Missing parameter",
    "Organization does not exist": "Organization does not exist",
    "Phone number is invalid": "Phone number is invalid",
    "Please login first": "Please login first",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
@ -165,8 +144,6 @@
  },
  "webauthn": {
    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
    "Please login first": "Please login first",
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
  }
 }
--- a/i18n/locales/ko/data.json
+++ b/i18n/locales/ko/data.json
@ -4,31 +4,28 @@
    "Get init score failed, error: %w": "Get init score failed, error: %w",
    "Invalid information": "Invalid information",
    "Phone: %s": "Phone: %s",
    "Please sign out first before signing in": "Please sign out first before signing in",
    "Please sign out first before signing up": "Please sign out first before signing up",
    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
  },
  "application": {
-    "Parameter organization is missing": "Parameter organization is missing",
+    "Parameter organization is missing": "Parameter organization is missing"
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "auth": {
    "%s No phone prefix": "%s No phone prefix",
    "Challenge method should be S256": "Challenge method should be S256",
    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
    "Failed to login in: %s": "Failed to login in: %s",
    "Get init score failed, error: %w": "Get init score failed, error: %w",
    "Invalid token": "Invalid token",
    "Please sign out first before signing in": "Please sign out first before signing in",
    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
    "The account does not exist": "The account does not exist",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
    "The application: %s does not exist": "The application: %s does not exist",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The provider type: %s is not supported": "The provider type: %s is not supported",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist",
    "Turing test failed.": "Turing test failed.",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
@ -53,11 +50,8 @@
    "Phone already exists": "Phone already exists",
    "Phone cannot be empty": "Phone cannot be empty",
    "Phone number is invalid": "Phone number is invalid",
    "Please login first": "Please login first",
    "Session outdated, please login again": "Session outdated, please login again",
    "The user doesn't exist": "The user doesn't exist",
    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
    "Username already exists": "Username already exists",
    "Username cannot be an email address": "Username cannot be an email address",
@ -65,16 +59,13 @@
    "Username cannot start with a digit": "Username cannot start with a digit",
    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You don't have the permission to do this": "You don't have the permission to do this",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again": "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
-  "check_util": {
+  "general": {
-    "You have entered the wrong password too many times, please wait for %d minutes and try again": "You have entered the wrong password too many times, please wait for %d minutes and try again",
+    "Please login first": "Please login first",
-    "password is incorrect, you have %d remaining chances": "password is incorrect, you have %d remaining chances"
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "enforcer": {
    "Please sign in first": "Please sign in first"
  },
  "ldap": {
    "Ldap server exist": "Ldap server exist",
@ -93,10 +84,6 @@
    "The %s is immutable.": "The %s is immutable.",
    "Unknown modify rule %s.": "Unknown modify rule %s."
  },
  "product": {
    "Please login first": "Please login first",
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "provider": {
    "Invalid application id": "Invalid application id",
    "the provider: %s does not exist": "the provider: %s does not exist"
@ -120,11 +107,7 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
  "system_info": {
    "You are not authorized to access this resource": "You are not authorized to access this resource"
  },
  "token": {
    "Challenge method should be S256": "Challenge method should be S256",
    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
@ -134,8 +117,7 @@
  "user": {
    "Display name cannot be empty": "Display name cannot be empty",
    "New password cannot contain blank space.": "New password cannot contain blank space.",
-    "New password must have at least 6 characters": "New password must have at least 6 characters",
+    "New password must have at least 6 characters": "New password must have at least 6 characters"
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
  },
  "user_upload": {
    "Failed to import users": "Failed to import users"
@ -143,9 +125,7 @@
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "Please login first": "Please login first",
+    "The provider: %s is not found": "The provider: %s is not found"
    "The provider: %s is not found": "The provider: %s is not found",
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "verification": {
    "Code has not been sent yet!": "Code has not been sent yet!",
@ -154,7 +134,6 @@
    "Missing parameter": "Missing parameter",
    "Organization does not exist": "Organization does not exist",
    "Phone number is invalid": "Phone number is invalid",
    "Please login first": "Please login first",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
@ -165,8 +144,6 @@
  },
  "webauthn": {
    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
    "Please login first": "Please login first",
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
  }
 }
--- a/i18n/locales/ru/data.json
+++ b/i18n/locales/ru/data.json
@ -4,31 +4,28 @@
    "Get init score failed, error: %w": "Get init score failed, error: %w",
    "Invalid information": "Invalid information",
    "Phone: %s": "Phone: %s",
    "Please sign out first before signing in": "Please sign out first before signing in",
    "Please sign out first before signing up": "Please sign out first before signing up",
    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
  },
  "application": {
-    "Parameter organization is missing": "Parameter organization is missing",
+    "Parameter organization is missing": "Parameter organization is missing"
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "auth": {
    "%s No phone prefix": "%s No phone prefix",
    "Challenge method should be S256": "Challenge method should be S256",
    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
    "Failed to login in: %s": "Failed to login in: %s",
    "Get init score failed, error: %w": "Get init score failed, error: %w",
    "Invalid token": "Invalid token",
    "Please sign out first before signing in": "Please sign out first before signing in",
    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
    "The account does not exist": "The account does not exist",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
    "The application: %s does not exist": "The application: %s does not exist",
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The provider type: %s is not supported": "The provider type: %s is not supported",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist",
    "Turing test failed.": "Turing test failed.",
    "Unauthorized operation": "Unauthorized operation",
    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
@ -53,11 +50,8 @@
    "Phone already exists": "Phone already exists",
    "Phone cannot be empty": "Phone cannot be empty",
    "Phone number is invalid": "Phone number is invalid",
    "Please login first": "Please login first",
    "Session outdated, please login again": "Session outdated, please login again",
    "The user doesn't exist": "The user doesn't exist",
    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
    "The user: %s doesn't exist": "The user: %s doesn't exist",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
    "Username already exists": "Username already exists",
    "Username cannot be an email address": "Username cannot be an email address",
@ -65,16 +59,13 @@
    "Username cannot start with a digit": "Username cannot start with a digit",
    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You don't have the permission to do this": "You don't have the permission to do this",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again": "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
-  "check_util": {
+  "general": {
-    "You have entered the wrong password too many times, please wait for %d minutes and try again": "You have entered the wrong password too many times, please wait for %d minutes and try again",
+    "Please login first": "Please login first",
-    "password is incorrect, you have %d remaining chances": "password is incorrect, you have %d remaining chances"
+    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "enforcer": {
    "Please sign in first": "Please sign in first"
  },
  "ldap": {
    "Ldap server exist": "Ldap server exist",
@ -93,10 +84,6 @@
    "The %s is immutable.": "The %s is immutable.",
    "Unknown modify rule %s.": "Unknown modify rule %s."
  },
  "product": {
    "Please login first": "Please login first",
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "provider": {
    "Invalid application id": "Invalid application id",
    "the provider: %s does not exist": "the provider: %s does not exist"
@ -120,11 +107,7 @@
    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
    "The provider type: %s is not supported": "The provider type: %s is not supported"
  },
  "system_info": {
    "You are not authorized to access this resource": "You are not authorized to access this resource"
  },
  "token": {
    "Challenge method should be S256": "Challenge method should be S256",
    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
@ -134,8 +117,7 @@
  "user": {
    "Display name cannot be empty": "Display name cannot be empty",
    "New password cannot contain blank space.": "New password cannot contain blank space.",
-    "New password must have at least 6 characters": "New password must have at least 6 characters",
+    "New password must have at least 6 characters": "New password must have at least 6 characters"
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
  },
  "user_upload": {
    "Failed to import users": "Failed to import users"
@ -143,9 +125,7 @@
  "util": {
    "No application is found for userId: %s": "No application is found for userId: %s",
    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "Please login first": "Please login first",
+    "The provider: %s is not found": "The provider: %s is not found"
    "The provider: %s is not found": "The provider: %s is not found",
    "The user: %s doesn't exist": "The user: %s doesn't exist"
  },
  "verification": {
    "Code has not been sent yet!": "Code has not been sent yet!",
@ -154,7 +134,6 @@
    "Missing parameter": "Missing parameter",
    "Organization does not exist": "Organization does not exist",
    "Phone number is invalid": "Phone number is invalid",
    "Please login first": "Please login first",
    "Turing test failed.": "Turing test failed.",
    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
@ -165,8 +144,6 @@
  },
  "webauthn": {
    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
    "Please login first": "Please login first",
    "The user: %s/%s doesn't exist": "The user: %s/%s doesn't exist"
  }
 }
--- a/i18n/locales/zh/data.json
+++ b/i18n/locales/zh/data.json
@ -3,170 +3,147 @@
    "Email: %s": "邮件: %s",
    "Get init score failed, error: %w": "初始化分数失败: %w",
    "Invalid information": "无效信息",
-    "Phone: %s": "电话: %s",
+    "Phone: %s": "手机号: %s",
-    "Please sign out first before signing up": "请在登陆前登出",
+    "Please sign out first before signing in": "请在登录前先退出登录",
-    "The application does not allow to sign up new account": "该应用不允许注册新账户"
+    "Please sign out first before signing up": "请在注册前先退出登录",
    "The application does not allow to sign up new account": "该应用不允许注册新用户"
  },
  "application": {
-    "Parameter organization is missing": "Organization参数丢失",
+    "Parameter organization is missing": "缺少organization参数"
    "The user: %s doesn't exist": "用户不存在: %s"
  },
  "auth": {
-    "%s No phone prefix": "%s 无此电话前缀",
+    "%s No phone prefix": "%s 无此手机号前缀",
    "Challenge method should be S256": "Challenge 方法应该为 S256",
    "Failed to create user, user information is invalid: %s": "创建用户失败，用户信息无效: %s",
-    "Failed to login in: %s": "无法登录: %s",
+    "Failed to login in: %s": "登录失败: %s",
    "Get init score failed, error: %w": "初始化分数失败: %w",
    "Invalid token": "无效token",
-    "Please sign out first before signing in": "请在登陆前登出",
+    "State expected: %s, but got: %s": "期望状态为: %s, 实际状态为: %s",
    "State expected: %s, but got: %s": "期望状态位: %s, 实际状态为: %s",
    "The account does not exist": "账户不存在",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "提供商账户: %s 与用户名: %s (%s) 不存在且 不允许通过 %s 注册新账户, 请使用其他方式注册",
    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "提供商账户: %s 与用户名: %s (%s) 不存在且 不允许注册新账户, 请联系IT支持",
    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "提供商账户: %s 与用户名: %s (%s) 已经与其他账户绑定: %s (%s)",
    "The application: %s does not exist": "应用 %s 不存在",
    "The login method: login with password is not enabled for the application": "该应用禁止采用密码登录方式",
    "The provider type: %s is not supported": "不支持该类型的提供商: %s",
-    "The provider: %s is not enabled for the application": "提供商: %s 未被启用",
+    "The provider: %s is not enabled for the application": "该应用的提供商: %s 未被启用",
-    "The user is forbidden to sign in, please contact the administrator": "该用户被禁止登陆，请联系管理员",
+    "The user is forbidden to sign in, please contact the administrator": "该用户被禁止登录，请联系管理员",
-    "The user: %s/%s doesn't exist": "用户不存在: %s/%s",
+    "Turing test failed.": "人机验证失败",
    "Turing test failed.": "真人验证失败",
    "Unauthorized operation": "未授权的操作",
-    "Unknown authentication type (not password or provider), form = %s": "未授权的操作"
+    "Unknown authentication type (not password or provider), form = %s": "未知的认证类型（非密码或第三方提供商）：%s"
  },
  "cas": {
    "Service %s and %s do not match": "服务 %s 与 %s 不匹配"
  },
  "check": {
-    "Affiliation cannot be blank": "联系方式不可为空",
+    "Affiliation cannot be blank": "工作单位不可为空",
-    "DisplayName cannot be blank": "展示名称不可为空",
+    "DisplayName cannot be blank": "显示名称不可为空",
-    "DisplayName is not valid real name": "展示名称无效",
+    "DisplayName is not valid real name": "显示名称必须是真实姓名",
    "Email already exists": "该邮箱已存在",
    "Email cannot be empty": "邮箱不可为空",
    "Email is invalid": "无效邮箱",
    "Empty username.": "用户名不可为空",
    "FirstName cannot be blank": "名不可以为空",
    "LastName cannot be blank": "姓不可以为空",
-    "Ldap user name or password incorrect": "Ldap密码错误",
+    "Ldap user name or password incorrect": "LDAP密码错误",
-    "Multiple accounts with same uid, please check your ldap server": "多个帐户具有相同的uid，请检查您的 ldap 服务器",
+    "Multiple accounts with same uid, please check your ldap server": "多个帐户具有相同的uid，请检查您的 LDAP 服务器",
    "Organization does not exist": "组织不存在",
    "Password must have at least 6 characters": "新密码至少为6位",
-    "Phone already exists": "该电话已存在",
+    "Phone already exists": "该手机号已存在",
-    "Phone cannot be empty": "电话不可为空",
+    "Phone cannot be empty": "手机号不可为空",
-    "Phone number is invalid": "无效电话",
+    "Phone number is invalid": "无效手机号",
-    "Please login first": "请先登录",
+    "Session outdated, please login again": "会话已过期，请重新登录",
-    "Session outdated, please login again": "Session已过期，请重新登陆",
+    "The user is forbidden to sign in, please contact the administrator": "该用户被禁止登录，请联系管理员",
    "The user doesn't exist": "用户不存在",
    "The user is forbidden to sign in, please contact the administrator": "该用户被禁止登陆，请联系管理员",
    "The user: %s doesn't exist": "用户不存在: %s",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "用户名只能包含字母数字字符、下划线或连字符，不能有连续的连字符或下划线，也不能以连字符或下划线开头或结尾",
    "Username already exists": "用户名已存在",
    "Username cannot be an email address": "用户名不可以是邮箱地址",
-    "Username cannot contain white spaces": "用户名不可以包含空格",
+    "Username cannot contain white spaces": "用户名禁止包含空格",
-    "Username cannot start with a digit": "用户名禁止使用数字作为第一个字符",
+    "Username cannot start with a digit": "用户名禁止使用数字开头",
-    "Username is too long (maximum is 39 characters).": "用户名过长（最大长度为39个字符）",
+    "Username is too long (maximum is 39 characters).": "用户名过长（最大允许长度为39个字符）",
    "Username must have at least 2 characters": "用户名至少要有2个字符",
-    "You don't have the permission to do this": "用户名至少要有2个字符",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "密码错误次数已达上限，请在 %d 分后重试",
-    "You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again": "输入密码错误次数已达上限，请在 %d 分 %d 秒后重试",
+    "password or code is incorrect, you have %d remaining chances": "密码错误，您还有 %d 次尝试的机会",
    "unsupported password type: %s": "不支持的密码类型: %s"
  },
-  "check_util": {
+  "general": {
-    "You have entered the wrong password too many times, please wait for %d minutes and try again": "输入密码错误次数已达上限，请在 %d 分后重试",
+    "Please login first": "请先登录",
-    "password is incorrect, you have %d remaining chances": "密码错误，您还有 %d 次尝试的机会"
+    "The user: %s doesn't exist": "用户: %s 不存在"
  },
  "enforcer": {
    "Please sign in first": "请先登录"
  },
  "ldap": {
-    "Ldap server exist": "Ldap服务器已存在",
+    "Ldap server exist": "LDAP服务器已存在",
-    "Missing parameter": "参数丢失"
+    "Missing parameter": "LDAP缺少参数"
  },
  "link": {
    "Please link first": "请先绑定",
-    "This application has no providers": "该应用无提供商",
+    "This application has no providers": "该应用无可用的提供商",
    "This application has no providers of type": "应用没有该类型的提供商",
-    "This provider can't be unlinked": "该提供商不可被链接",
+    "This provider can't be unlinked": "该提供商被禁止解绑",
-    "You are not the global admin, you can't unlink other users": "您不是全局管理员，无法取消链接其他用户",
+    "You are not the global admin, you can't unlink other users": "您不是全局管理员，无法解绑其他用户",
-    "You can't unlink yourself, you are not a member of any application": "您无法取消链接，您不是任何应用程序的成员"
+    "You can't unlink yourself, you are not a member of any application": "您无法自行解绑，您不是任何应用程序的成员"
  },
  "organization": {
-    "Only admin can modify the %s.": "您无法取消链接，您不是任何应用程序的成员",
+    "Only admin can modify the %s.": "仅允许管理员可以修改 %s",
-    "The %s is immutable.": "%s是不可变的",
+    "The %s is immutable.": "%s 是不可变的",
-    "Unknown modify rule %s.": "未知的修改规则"
+    "Unknown modify rule %s.": "未知的修改规则: %s"
  },
  "product": {
    "Please login first": "请先登录",
    "The user: %s doesn't exist": "用户不存在: %s"
  },
  "provider": {
-    "Invalid application id": "无效的Application ID",
+    "Invalid application id": "无效的应用ID",
    "the provider: %s does not exist": "提供商: %s 不存在"
  },
  "resource": {
-    "User is nil for tag: avatar": "用户头像标签为空",
+    "User is nil for tag: avatar": "上传头像时用户为空",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "username或FilePath为空: username = %s, fullFilePath = %s"
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "username或fullFilePath为空: username = %s, fullFilePath = %s"
  },
  "saml": {
-    "Application %s not found": "应用 %s 未找到"
+    "Application %s not found": "未找到应用: %s"
  },
  "saml_sp": {
-    "provider %s's category is not SAML": "提供商 %s类型不是SAML"
+    "provider %s's category is not SAML": "提供商: %s 不是SAML类型"
  },
  "service": {
    "Empty parameters for emailForm: %v": "邮件参数为空: %v",
-    "Invalid Email receivers: %s": " 无效的邮箱接收者: %s",
+    "Invalid Email receivers: %s": " 无效的邮箱收件人: %s",
-    "Invalid phone receivers: %s": "无效的电话接收者: %s"
+    "Invalid phone receivers: %s": "无效的手机短信收信人: %s"
  },
  "storage": {
-    "The objectKey: %s is not allowed": "object key :%s 不被允许",
+    "The objectKey: %s is not allowed": "objectKey: %s 被禁止",
-    "The provider type: %s is not supported": "提供商类型: %s 尚未支持"
+    "The provider type: %s is not supported": "不支持的提供商类型: %s"
  },
  "system_info": {
    "You are not authorized to access this resource": "您无权获取此资源"
  },
  "token": {
    "Challenge method should be S256": "Challenge 方法应该为 S256",
    "Empty clientId or clientSecret": "clientId或clientSecret为空",
-    "Grant_type: %s is not supported in this application": "此应用中不支持此授权类型: %s",
+    "Grant_type: %s is not supported in this application": "该应用不支持Grant_type: %s",
    "Invalid application or wrong clientSecret": "无效应用或错误的clientSecret",
    "Invalid client_id": "无效的ClientId",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "重定向 URI：%s 在可列表中未找到"
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "重定向 URI：%s 在许可跳转列表中未找到"
  },
  "user": {
-    "Display name cannot be empty": "展示名称不可为空",
+    "Display name cannot be empty": "显示名称不可为空",
    "New password cannot contain blank space.": "新密码不可以包含空格",
-    "New password must have at least 6 characters": "新密码至少需要6位字符",
+    "New password must have at least 6 characters": "新密码至少需要6位字符"
    "The user: %s/%s doesn't exist": "用户不存在: %s/%s"
  },
  "user_upload": {
    "Failed to import users": "导入用户失败"
  },
  "util": {
-    "No application is found for userId: %s": "找不到该用户的应用程序 %s",
+    "No application is found for userId: %s": "未找到用户: %s 的应用",
-    "No provider for category: %s is found for application: %s": "找不到该用户的应用程序 %s",
+    "No provider for category: %s is found for application: %s": "未找到类别为: %s 的提供商来满足应用: %s",
-    "Please login first": "请先登录",
+    "The provider: %s is not found": "未找到提供商: %s"
    "The provider: %s is not found": "该提供商未找到: %s",
    "The user: %s doesn't exist": "用户不存在: %s"
  },
  "verification": {
    "Code has not been sent yet!": "验证码还未发送",
    "Email is invalid": "非法的邮箱",
    "Invalid captcha provider.": "非法的验证码提供商",
-    "Missing parameter": "参数丢失",
+    "Missing parameter": "缺少参数",
    "Organization does not exist": "组织不存在",
-    "Phone number is invalid": "非法的电话号码",
+    "Phone number is invalid": "非法的手机号码",
    "Please login first": "请先登录",
    "Turing test failed.": "验证码还未发送",
-    "Unable to get the email modify rule.": "无法得到邮箱修改规则",
+    "Unable to get the email modify rule.": "无法获取邮箱修改规则",
-    "Unable to get the phone modify rule.": "无法得到电话修改规则",
+    "Unable to get the phone modify rule.": "无法获取手机号修改规则",
    "Unknown type": "未知类型",
    "Wrong parameter": "参数错误",
    "You should verify your code in %d min!": "请在 %d 分钟内输入正确验证码",
    "the user does not exist, please sign up first": "用户不存在，请先注册"
  },
  "webauthn": {
-    "Found no credentials for this user": "该用户没有WebAuthn凭据",
+    "Found no credentials for this user": "该用户没有 WebAuthn 凭据",
-    "Please call WebAuthnSigninBegin first": "请先调用 WebAuthnSigninBegi",
+    "Please call WebAuthnSigninBegin first": "请先调用 WebAuthnSigninBegin"
    "Please login first": "请先登录",
    "The user: %s/%s doesn't exist": "用户: %s/%s 不存在"
  }
 }
--- a/i18n/util.go
+++ b/i18n/util.go
@ -27,18 +27,16 @@ var f embed.FS
 var langMap = make(map[string]map[string]map[string]string) // for example : langMap[en][account][Invalid information] = Invalid information
-func getI18nFilePath(language string) string {
+func getI18nFilePath(category string, language string) string {
-	if strings.Contains(language, "backend") {
+	if category == "backend" {
 		// change language from 'backend_en' to 'en'
 		language = language[8:]
 		return fmt.Sprintf("../i18n/locales/%s/data.json", language)
 	} else {
 		return fmt.Sprintf("../web/src/locales/%s/data.json", language)
 	}
 }
-func readI18nFile(language string) *I18nData {
+func readI18nFile(category string, language string) *I18nData {
-	s := util.ReadStringFromPath(getI18nFilePath(language))
+	s := util.ReadStringFromPath(getI18nFilePath(category, language))
 	data := &I18nData{}
 	err := util.JsonToStruct(s, data)
@ -48,13 +46,13 @@ func readI18nFile(language string) *I18nData {
 	return data
 }
-func writeI18nFile(language string, data *I18nData) {
+func writeI18nFile(category string, language string, data *I18nData) {
 	s := util.StructToJsonFormatted(data)
 	s = strings.ReplaceAll(s, "\\u0026", "&")
 	s += "\n"
 	println(s)
-	util.WriteStringToPath(s, getI18nFilePath(language))
+	util.WriteStringToPath(s, getI18nFilePath(category, language))
 }
 func applyData(data1 *I18nData, data2 *I18nData) {
--- a/idp/provider.go
+++ b/idp/provider.go
@ -98,7 +98,7 @@ func GetIdProvider(typ string, subType string, clientId string, clientSecret str
 	return nil
 }
-var gothList = []string{"Apple", "AzureAD", "Slack", "Steam"}
+var gothList = []string{"Apple", "AzureAD", "Slack", "Steam", "Line"}
 func isGothSupport(provider string) bool {
 	for _, value := range gothList {
--- a/object/adapter.go
+++ b/object/adapter.go
@ -222,6 +222,11 @@ func (a *Adapter) createTable() {
 	if err != nil {
 		panic(err)
 	}
 	err = a.Engine.Sync2(new(Session))
 	if err != nil {
 		panic(err)
 	}
 }
 func GetSession(owner string, offset, limit int, field, value, sortField, sortOrder string) *xorm.Session {
--- a/object/application.go
+++ b/object/application.go
@ -16,7 +16,6 @@ package object
 import (
 	"fmt"
 	"net/url"
 	"regexp"
 	"strings"
@ -354,52 +353,26 @@ func (application *Application) GetId() string {
 	return fmt.Sprintf("%s/%s", application.Owner, application.Name)
 }
-func CheckRedirectUriValid(application *Application, redirectUri string) bool {
+func (application *Application) IsRedirectUriValid(redirectUri string) bool {
-	validUri := false
+	isValid := false
-	for _, tmpUri := range application.RedirectUris {
+	for _, targetUri := range application.RedirectUris {
-		tmpUriRegex := regexp.MustCompile(tmpUri)
+		targetUriRegex := regexp.MustCompile(targetUri)
-		if tmpUriRegex.MatchString(redirectUri) || strings.Contains(redirectUri, tmpUri) {
+		if targetUriRegex.MatchString(redirectUri) || strings.Contains(redirectUri, targetUri) {
-			validUri = true
+			isValid = true
 			break
 		}
 	}
-	return validUri
+	return isValid
 }
-func IsAllowOrigin(origin string) bool {
+func IsOriginAllowed(origin string) bool {
-	allowOrigin := false
+	applications := GetApplications("")
-	originUrl, err := url.Parse(origin)
+	for _, application := range applications {
-	if err != nil {
+		if application.IsRedirectUriValid(origin) {
-		return false
+			return true
 	}
 	rows, err := adapter.Engine.Cols("redirect_uris").Rows(&Application{})
 	if err != nil {
 		panic(err)
 	}
 	application := Application{}
 	for rows.Next() {
 		err := rows.Scan(&application)
 		if err != nil {
 			panic(err)
 		}
 		for _, tmpRedirectUri := range application.RedirectUris {
 			u1, err := url.Parse(tmpRedirectUri)
 			if err != nil {
 				continue
 			}
 			if u1.Scheme == originUrl.Scheme && u1.Host == originUrl.Host {
 				allowOrigin = true
 				break
 			}
 		}
 		if allowOrigin {
 			break
 		}
 	}
-
+	return false
 	return allowOrigin
 }
 func getApplicationMap(organization string) map[string]*Application {
--- a/object/check.go
+++ b/object/check.go
@ -60,8 +60,8 @@ func CheckUserSignup(application *Application, organization *Organization, usern
 		if reWhiteSpace.MatchString(username) {
 			return i18n.Translate(lang, "check:Username cannot contain white spaces")
 		}
-		msg := CheckUsername(username, lang)
+
-		if msg != "" {
+		if msg := CheckUsername(username, lang); msg != "" {
 			return msg
 		}
@ -143,11 +143,11 @@ func checkSigninErrorTimes(user *User, lang string) string {
 	if user.SigninWrongTimes >= SigninWrongTimesLimit {
 		lastSignWrongTime, _ := time.Parse(time.RFC3339, user.LastSigninWrongTime)
 		passedTime := time.Now().UTC().Sub(lastSignWrongTime)
-		seconds := int(LastSignWrongTimeDuration.Seconds() - passedTime.Seconds())
+		minutes := int(LastSignWrongTimeDuration.Minutes() - passedTime.Minutes())
 		// deny the login if the error times is greater than the limit and the last login time is less than the duration
-		if seconds > 0 {
+		if minutes > 0 {
-			return fmt.Sprintf(i18n.Translate(lang, "check:You have entered the wrong password too many times, please wait for %d minutes %d seconds and try again"), seconds/60, seconds%60)
+			return fmt.Sprintf(i18n.Translate(lang, "check:You have entered the wrong password or code too many times, please wait for %d minutes and try again"), minutes)
 		}
 		// reset the error times
@ -229,7 +229,7 @@ func checkLdapUserPassword(user *User, password string, lang string) (*User, str
 func CheckUserPassword(organization string, username string, password string, lang string) (*User, string) {
 	user := GetUserByFields(organization, username)
 	if user == nil || user.IsDeleted == true {
-		return nil, i18n.Translate(lang, "check:The user doesn't exist")
+		return nil, fmt.Sprintf(i18n.Translate(lang, "general:The user: %s doesn't exist"), util.GetId(organization, username))
 	}
 	if user.IsForbidden {
@ -254,13 +254,13 @@ func filterField(field string) bool {
 func CheckUserPermission(requestUserId, userId, userOwner string, strict bool, lang string) (bool, error) {
 	if requestUserId == "" {
-		return false, fmt.Errorf(i18n.Translate(lang, "check:Please login first"))
+		return false, fmt.Errorf(i18n.Translate(lang, "general:Please login first"))
 	}
 	if userId != "" {
 		targetUser := GetUser(userId)
 		if targetUser == nil {
-			return false, fmt.Errorf(i18n.Translate(lang, "check:The user: %s doesn't exist"), userId)
+			return false, fmt.Errorf(i18n.Translate(lang, "general:The user: %s doesn't exist"), userId)
 		}
 		userOwner = targetUser.Owner
@ -287,7 +287,7 @@ func CheckUserPermission(requestUserId, userId, userOwner string, strict bool, l
 		}
 	}
-	return hasPermission, fmt.Errorf(i18n.Translate(lang, "check:You don't have the permission to do this"))
+	return hasPermission, fmt.Errorf(i18n.Translate(lang, "auth:Unauthorized operation"))
 }
 func CheckAccessPermission(userId string, application *Application) (bool, error) {
@ -313,8 +313,9 @@ func CheckAccessPermission(userId string, application *Application) (bool, error
 				return true, err
 			}
 			enforcer := getEnforcer(permission)
-			allowed, err = enforcer.Enforce(userId, application.Name, "read")
+			if allowed, err = enforcer.Enforce(userId, application.Name, "read"); allowed {
-			break
+				return allowed, err
 			}
 		}
 	}
 	return allowed, err
@ -341,6 +342,34 @@ func CheckUsername(username string, lang string) string {
 	return ""
 }
 func CheckUpdateUser(oldUser *User, user *User, lang string) string {
 	if user.DisplayName == "" {
 		return i18n.Translate(lang, "user:Display name cannot be empty")
 	}
 	if msg := CheckUsername(user.Name, lang); msg != "" {
 		return msg
 	}
 	if oldUser.Name != user.Name {
 		if HasUserByField(user.Owner, "name", user.Name) {
 			return i18n.Translate(lang, "check:Username already exists")
 		}
 	}
 	if oldUser.Email != user.Email {
 		if HasUserByField(user.Name, "email", user.Email) {
 			return i18n.Translate(lang, "check:Email already exists")
 		}
 	}
 	if oldUser.Phone != user.Phone {
 		if HasUserByField(user.Owner, "phone", user.Phone) {
 			return i18n.Translate(lang, "check:Phone already exists")
 		}
 	}
 	return ""
 }
 func CheckToEnableCaptcha(application *Application) bool {
 	if len(application.Providers) == 0 {
 		return false
--- a/object/check_util.go
+++ b/object/check_util.go
@ -58,9 +58,9 @@ func recordSigninErrorInfo(user *User, lang string) string {
 	UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, user.IsGlobalAdmin)
 	leftChances := SigninWrongTimesLimit - user.SigninWrongTimes
 	if leftChances > 0 {
-		return fmt.Sprintf(i18n.Translate(lang, "check_util:password is incorrect, you have %d remaining chances"), leftChances)
+		return fmt.Sprintf(i18n.Translate(lang, "check:password or code is incorrect, you have %d remaining chances"), leftChances)
 	}
 	// don't show the chance error message if the user has no chance left
-	return fmt.Sprintf(i18n.Translate(lang, "check_util:You have entered the wrong password too many times, please wait for %d minutes and try again"), int(LastSignWrongTimeDuration.Minutes()))
+	return fmt.Sprintf(i18n.Translate(lang, "check:You have entered the wrong password or code too many times, please wait for %d minutes and try again"), int(LastSignWrongTimeDuration.Minutes()))
 }
--- a/object/oidc_discovery.go
+++ b/object/oidc_discovery.go
@ -76,7 +76,7 @@ func GetOidcDiscovery(host string) OidcDiscovery {
 		JwksUri:                                fmt.Sprintf("%s/.well-known/jwks", originBackend),
 		IntrospectionEndpoint:                  fmt.Sprintf("%s/api/login/oauth/introspect", originBackend),
 		ResponseTypesSupported:                 []string{"code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token", "none"},
-		ResponseModesSupported:                 []string{"login", "code", "link"},
+		ResponseModesSupported:                 []string{"query", "fragment", "login", "code", "link"},
 		GrantTypesSupported:                    []string{"password", "authorization_code"},
 		SubjectTypesSupported:                  []string{"public"},
 		IdTokenSigningAlgValuesSupported:       []string{"RS256"},
--- a/object/organization.go
+++ b/object/organization.go
@ -204,7 +204,7 @@ func GetAccountItemByName(name string, organization *Organization) *AccountItem
 func CheckAccountItemModifyRule(accountItem *AccountItem, user *User, lang string) (bool, string) {
 	switch accountItem.ModifyRule {
 	case "Admin":
-		if !(user.IsAdmin || user.IsGlobalAdmin) {
+		if user == nil || !user.IsAdmin && !user.IsGlobalAdmin {
 			return false, fmt.Sprintf(i18n.Translate(lang, "organization:Only admin can modify the %s."), accountItem.Name)
 		}
 	case "Immutable":
--- a/object/permission.go
+++ b/object/permission.go
@ -269,3 +269,12 @@ func ContainsAsterisk(userId string, users []string) bool {
 	return containsAsterisk
 }
 func GetMaskedPermissions(permissions []*Permission) []*Permission {
 	for _, permission := range permissions {
 		permission.Users = nil
 		permission.Submitter = ""
 	}
 	return permissions
 }
--- a/object/role.go
+++ b/object/role.go
@ -192,3 +192,11 @@ func roleChangeTrigger(oldName string, newName string) error {
 	return session.Commit()
 }
 func GetMaskedRoles(roles []*Role) []*Role {
 	for _, role := range roles {
 		role.Users = nil
 	}
 	return roles
 }
--- a/object/saml_idp.go
+++ b/object/saml_idp.go
@ -223,11 +223,14 @@ func GetSamlMeta(application *Application, host string) (*IdpEntityDescriptor, e
 // GetSamlResponse generates a SAML2.0 response
 // parameter samlRequest is saml request in base64 format
-func GetSamlResponse(application *Application, user *User, samlRequest string, host string) (string, string, error) {
+func GetSamlResponse(application *Application, user *User, samlRequest string, host string) (string, string, string, error) {
 	// request type
 	method := "GET"
 	// base64 decode
 	defated, err := base64.StdEncoding.DecodeString(samlRequest)
 	if err != nil {
-		return "", "", fmt.Errorf("err: %s", err.Error())
+		return "", "", method, fmt.Errorf("err: %s", err.Error())
 	}
 	// decompress
 	var buffer bytes.Buffer
@ -236,12 +239,12 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 	var authnRequest saml.AuthnRequest
 	err = xml.Unmarshal(buffer.Bytes(), &authnRequest)
 	if err != nil {
-		return "", "", fmt.Errorf("err: %s", err.Error())
+		return "", "", method, fmt.Errorf("err: %s", err.Error())
 	}
 	// verify samlRequest
-	if valid := CheckRedirectUriValid(application, authnRequest.Issuer.Url); !valid {
+	if isValid := application.IsRedirectUriValid(authnRequest.Issuer.Url); !isValid {
-		return "", "", fmt.Errorf("err: invalid issuer url")
+		return "", "", method, fmt.Errorf("err: Issuer URI: %s doesn't exist in the allowed Redirect URI list", authnRequest.Issuer.Url)
 	}
 	// get certificate string
@ -253,6 +256,7 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 	// redirect Url (Assertion Consumer Url)
 	if application.SamlReplyUrl != "" {
 		method = "POST"
 		authnRequest.AssertionConsumerServiceURL = application.SamlReplyUrl
 	}
@ -275,7 +279,7 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 	doc.SetRoot(samlResponse)
 	xmlBytes, err := doc.WriteToBytes()
 	if err != nil {
-		return "", "", fmt.Errorf("err: %s", err.Error())
+		return "", "", method, fmt.Errorf("err: %s", err.Error())
 	}
 	// compress
@ -283,7 +287,7 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 		flated := bytes.NewBuffer(nil)
 		writer, err := flate.NewWriter(flated, flate.DefaultCompression)
 		if err != nil {
-			return "", "", fmt.Errorf("err: %s", err.Error())
+			return "", "", method, fmt.Errorf("err: %s", err.Error())
 		}
 		writer.Write(xmlBytes)
 		writer.Close()
@ -291,7 +295,7 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 	}
 	// base64 encode
 	res := base64.StdEncoding.EncodeToString(xmlBytes)
-	return res, authnRequest.AssertionConsumerServiceURL, nil
+	return res, authnRequest.AssertionConsumerServiceURL, method, nil
 }
 // NewSamlResponse11 return a saml1.1 response(not 2.0)
--- a/object/session.go
+++ b/object/session.go
@ -0,0 +1,132 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package object
 import (
 	"time"
 	"github.com/beego/beego"
 	"github.com/casdoor/casdoor/util"
 	"xorm.io/core"
 )
 type Session struct {
 	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
 	SessionId []string `json:"sessionId"`
 }
 func SetSession(id string, sessionId string) {
 	owner, name := util.GetOwnerAndNameFromIdNoCheck(id)
 	session := &Session{Owner: owner, Name: name}
 	get, err := adapter.Engine.Get(session)
 	if err != nil {
 		panic(err)
 	}
 	session.SessionId = append(session.SessionId, sessionId)
 	if get {
 		_, err = adapter.Engine.ID(core.PK{owner, name}).Update(session)
 	} else {
 		session.CreatedTime = time.Now().Format(time.RFC3339)
 		_, err = adapter.Engine.Insert(session)
 	}
 	if err != nil {
 		panic(err)
 	}
 }
 func DeleteSession(id string) bool {
 	owner, name := util.GetOwnerAndNameFromIdNoCheck(id)
 	session := &Session{Owner: owner, Name: name}
 	_, err := adapter.Engine.ID(core.PK{owner, name}).Get(session)
 	if err != nil {
 		return false
 	}
 	DeleteBeegoSession(session.SessionId)
 	affected, err := adapter.Engine.ID(core.PK{owner, name}).Delete(session)
 	return affected != 0
 }
 func DeleteSessionId(id string, sessionId string) bool {
 	owner, name := util.GetOwnerAndNameFromIdNoCheck(id)
 	session := &Session{Owner: owner, Name: name}
 	_, err := adapter.Engine.ID(core.PK{owner, name}).Get(session)
 	if err != nil {
 		return false
 	}
 	DeleteBeegoSession([]string{sessionId})
 	session.SessionId = util.DeleteVal(session.SessionId, sessionId)
 	if len(session.SessionId) < 1 {
 		affected, _ := adapter.Engine.ID(core.PK{owner, name}).Delete(session)
 		return affected != 0
 	} else {
 		affected, _ := adapter.Engine.ID(core.PK{owner, name}).Update(session)
 		return affected != 0
 	}
 }
 func DeleteBeegoSession(sessionIds []string) {
 	for _, sessionId := range sessionIds {
 		err := beego.GlobalSessions.GetProvider().SessionDestroy(sessionId)
 		if err != nil {
 			return
 		}
 	}
 }
 func GetSessions(owner string) []*Session {
 	sessions := []*Session{}
 	var err error
 	if owner != "" {
 		err = adapter.Engine.Desc("created_time").Where("owner = ?", owner).Find(&sessions)
 	} else {
 		err = adapter.Engine.Desc("created_time").Find(&sessions)
 	}
 	if err != nil {
 		panic(err)
 	}
 	return sessions
 }
 func GetPaginationSessions(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Session {
 	sessions := []*Session{}
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
 	err := session.Find(&sessions)
 	if err != nil {
 		panic(err)
 	}
 	return sessions
 }
 func GetSessionCount(owner, field, value string) int {
 	session := GetSession(owner, -1, -1, field, value, "", "")
 	count, err := session.Count(&Session{})
 	if err != nil {
 		panic(err)
 	}
 	return int(count)
 }
--- a/object/token.go
+++ b/object/token.go
@ -18,7 +18,6 @@ import (
 	"crypto/sha256"
 	"encoding/base64"
 	"fmt"
 	"strings"
 	"time"
 	"github.com/casdoor/casdoor/i18n"
@ -253,14 +252,7 @@ func CheckOAuthLogin(clientId string, responseType string, redirectUri string, s
 		return i18n.Translate(lang, "token:Invalid client_id"), nil
 	}
-	validUri := false
+	if !application.IsRedirectUriValid(redirectUri) {
 	for _, tmpUri := range application.RedirectUris {
 		if strings.Contains(redirectUri, tmpUri) {
 			validUri = true
 			break
 		}
 	}
 	if !validUri {
 		return fmt.Sprintf(i18n.Translate(lang, "token:Redirect URI: %s doesn't exist in the allowed Redirect URI list"), redirectUri), application
 	}
@ -273,7 +265,7 @@ func GetOAuthCode(userId string, clientId string, responseType string, redirectU
 	user := GetUser(userId)
 	if user == nil {
 		return &Code{
-			Message: fmt.Sprintf("token:The user: %s doesn't exist", userId),
+			Message: fmt.Sprintf("general:The user: %s doesn't exist", userId),
 			Code:    "",
 		}
 	}
--- a/object/user.go
+++ b/object/user.go
@ -102,6 +102,7 @@ type User struct {
 	Bilibili string `xorm:"bilibili varchar(100)" json:"bilibili"`
 	Okta     string `xorm:"okta varchar(100)" json:"okta"`
 	Douyin   string `xorm:"douyin varchar(100)" json:"douyin"`
 	Line     string `xorm:"line varchar(100)" json:"line"`
 	Custom   string `xorm:"custom varchar(100)" json:"custom"`
 	WebauthnCredentials []webauthn.Credential `xorm:"webauthnCredentials blob" json:"webauthnCredentials"`
@ -528,6 +529,9 @@ func AddUsersInBatch(users []*User) bool {
 }
 func DeleteUser(user *User) bool {
 	// Forced offline the user first
 	DeleteSession(user.GetId())
 	affected, err := adapter.Engine.ID(core.PK{user.Owner, user.Name}).Delete(&User{})
 	if err != nil {
 		panic(err)
--- a/object/verification.go
+++ b/object/verification.go
@ -26,6 +26,10 @@ import (
 	"xorm.io/core"
 )
 const (
 	wrongCode = "wrongCode"
 )
 type VerificationRecord struct {
 	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
@ -167,7 +171,7 @@ func CheckVerificationCode(dest, code, lang string) string {
 	}
 	if record.Code != code {
-		return "Wrong code!"
+		return wrongCode
 	}
 	return ""
@ -186,6 +190,24 @@ func DisableVerificationCode(dest string) {
 	}
 }
 func CheckSigninCode(user *User, dest, code, lang string) string {
 	// check the login error times
 	if msg := checkSigninErrorTimes(user, lang); msg != "" {
 		return msg
 	}
 	result := CheckVerificationCode(dest, code, lang)
 	switch result {
 	case "":
 		resetUserSigninErrorTimes(user)
 		return ""
 	case wrongCode:
 		return recordSigninErrorInfo(user, lang)
 	default:
 		return result
 	}
 }
 // From Casnode/object/validateCode.go line 116
 var stdNums = []byte("0123456789")
--- a/routers/cors_filter.go
+++ b/routers/cors_filter.go
@ -34,7 +34,7 @@ func CorsFilter(ctx *context.Context) {
 	originConf := conf.GetConfigString("origin")
 	if origin != "" && originConf != "" && origin != originConf {
-		if object.IsAllowOrigin(origin) {
+		if object.IsOriginAllowed(origin) {
 			ctx.Output.Header(headerAllowOrigin, origin)
 			ctx.Output.Header(headerAllowMethods, "POST, GET, OPTIONS")
 			ctx.Output.Header(headerAllowHeaders, "Content-Type, Authorization")
--- a/routers/router.go
+++ b/routers/router.go
@ -164,6 +164,9 @@ func initAPI() {
 	beego.Router("/api/get-records-filter", &controllers.ApiController{}, "POST:GetRecordsByFilter")
 	beego.Router("/api/add-record", &controllers.ApiController{}, "POST:AddRecord")
 	beego.Router("/api/get-sessions", &controllers.ApiController{}, "GET:GetSessions")
 	beego.Router("/api/delete-session", &controllers.ApiController{}, "POST:DeleteSession")
 	beego.Router("/api/get-webhooks", &controllers.ApiController{}, "GET:GetWebhooks")
 	beego.Router("/api/get-webhook", &controllers.ApiController{}, "GET:GetWebhook")
 	beego.Router("/api/update-webhook", &controllers.ApiController{}, "POST:UpdateWebhook")
--- a/util/slice.go
+++ b/util/slice.go
@ -0,0 +1,25 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 package util
 func DeleteVal(values []string, val string) []string {
 	newValues := []string{}
 	for _, v := range values {
 		if v != val {
 			newValues = append(newValues, v)
 		}
 	}
 	return newValues
 }
--- a/web/cypress.config.js
+++ b/web/cypress.config.js
@ -0,0 +1,7 @@
 module.exports = {
  e2e: {
    setupNodeEvents(on, config) {
      // implement node event listeners here
    },
  },
 };
--- a/web/cypress/e2e/login.cy.js
+++ b/web/cypress/e2e/login.cy.js
@ -0,0 +1,56 @@
 describe("Login test", () => {
  const selector = {
    username: "#input",
    password: "#normal_login_password",
    loginButton: ".ant-btn",
  };
  it("Login succeeded", () => {
    cy.request({
      method: "POST",
      url: "http://localhost:7001/api/login",
      body: {
        "application": "app-built-in",
        "organization": "built-in",
        "username": "admin",
        "password": "123",
        "autoSignin": true,
        "type": "login",
        "phonePrefix": "86",
      },
    }).then((Response) => {
      expect(Response).property("body").property("status").to.equal("ok");
    });
  });
  it("ui Login succeeded", () => {
    cy.visit("http://localhost:7001");
    cy.get(selector.username).type("admin");
    cy.get(selector.password).type("123");
    cy.get(selector.loginButton).click();
    cy.url().should("eq", "http://localhost:7001/");
  });
  it("Login failed", () => {
    cy.request({
      method: "POST",
      url: "http://localhost:7001/api/login",
      body: {
        "application": "app-built-in",
        "organization": "built-in",
        "username": "admin",
        "password": "1234",
        "autoSignin": true,
        "type": "login",
        "phonePrefix": "86",
      },
    }).then((Response) => {
      expect(Response).property("body").property("status").to.equal("error");
    });
  });
  it("ui Login failed", () => {
    cy.visit("http://localhost:7001");
    cy.get(selector.username).type("admin");
    cy.get(selector.password).type("1234");
    cy.get(selector.loginButton).click();
    cy.url().should("eq", "http://localhost:7001/login");
  });
 });
--- a/web/cypress/support/commands.js
+++ b/web/cypress/support/commands.js
@ -0,0 +1,25 @@
 // ***********************************************
 // This example commands.js shows you how to
 // create various custom commands and overwrite
 // existing commands.
 //
 // For more comprehensive examples of custom
 // commands please read more here:
 // https://on.cypress.io/custom-commands
 // ***********************************************
 //
 //
 // -- This is a parent command --
 // Cypress.Commands.add('login', (email, password) => { ... })
 //
 //
 // -- This is a child command --
 // Cypress.Commands.add('drag', { prevSubject: 'element'}, (subject, options) => { ... })
 //
 //
 // -- This is a dual command --
 // Cypress.Commands.add('dismiss', { prevSubject: 'optional'}, (subject, options) => { ... })
 //
 //
 // -- This will overwrite an existing command --
 // Cypress.Commands.overwrite('visit', (originalFn, url, options) => { ... })
--- a/web/cypress/support/e2e.js
+++ b/web/cypress/support/e2e.js
@ -0,0 +1,20 @@
 // ***********************************************************
 // This example support/e2e.js is processed and
 // loaded automatically before your test files.
 //
 // This is a great place to put global configuration and
 // behavior that modifies Cypress.
 //
 // You can change the location of this file or turn off
 // automatically serving support files with the
 // 'supportFile' configuration option.
 //
 // You can read more here:
 // https://on.cypress.io/configuration
 // ***********************************************************
 // Import commands.js using ES2015 syntax:
 import './commands'
 // Alternatively you can use CommonJS syntax:
 // require('./commands')
--- a/web/package.json
+++ b/web/package.json
@ -9,7 +9,7 @@
    "@testing-library/jest-dom": "^4.2.4",
    "@testing-library/react": "^9.3.2",
    "@testing-library/user-event": "^7.1.2",
-    "antd": "5.0.5",
+    "antd": "5.1.2",
    "codemirror": "^5.61.1",
    "copy-to-clipboard": "^3.3.1",
    "core-js": "^3.25.0",
--- a/web/src/AccountTable.js
+++ b/web/src/AccountTable.js
@ -170,7 +170,7 @@ class AccountTable extends React.Component {
          }
          let options;
-          if (record.viewRule === "Admin") {
+          if (record.viewRule === "Admin" || record.name === "Is admin" || record.name === "Is global admin") {
            options = [
              {id: "Admin", name: "Admin"},
              {id: "Immutable", name: "Immutable"},
--- a/web/src/AdapterListPage.js
+++ b/web/src/AdapterListPage.js
@ -260,6 +260,13 @@ class AdapterListPage extends BaseListPage {
            searchText: params.searchText,
            searchedColumn: params.searchedColumn,
          });
        } else {
          if (res.msg.includes("Unauthorized")) {
            this.setState({
              loading: false,
              isAuthorized: false,
            });
          }
        }
      });
  };
--- a/web/src/App.js
+++ b/web/src/App.js
@ -17,7 +17,7 @@ import "./App.less";
 import {Helmet} from "react-helmet";
 import * as Setting from "./Setting";
 import {BarsOutlined, DownOutlined, LogoutOutlined, SettingOutlined} from "@ant-design/icons";
-import {Avatar, Button, Card, ConfigProvider, Drawer, Dropdown, FloatButton, Layout, Menu, Result} from "antd";
+import {Avatar, Button, Card, ConfigProvider, Drawer, Dropdown, FloatButton, Layout, Menu, Result, theme} from "antd";
 import {Link, Redirect, Route, Switch, withRouter} from "react-router-dom";
 import OrganizationListPage from "./OrganizationListPage";
 import OrganizationEditPage from "./OrganizationEditPage";
@ -55,26 +55,22 @@ import CustomGithubCorner from "./CustomGithubCorner";
 import * as Conf from "./Conf";
 import * as Auth from "./auth/Auth";
-import SignupPage from "./auth/SignupPage";
+import EntryPage from "./EntryPage";
 import ResultPage from "./auth/ResultPage";
 import LoginPage from "./auth/LoginPage";
 import SelfLoginPage from "./auth/SelfLoginPage";
 import SelfForgetPage from "./auth/SelfForgetPage";
 import ForgetPage from "./auth/ForgetPage";
 import * as AuthBackend from "./auth/AuthBackend";
 import AuthCallback from "./auth/AuthCallback";
 import SelectLanguageBox from "./SelectLanguageBox";
 import i18next from "i18next";
 import PromptPage from "./auth/PromptPage";
 import OdicDiscoveryPage from "./auth/OidcDiscoveryPage";
 import SamlCallback from "./auth/SamlCallback";
 import CasLogout from "./auth/CasLogout";
 import ModelListPage from "./ModelListPage";
 import ModelEditPage from "./ModelEditPage";
 import SystemInfo from "./SystemInfo";
 import AdapterListPage from "./AdapterListPage";
 import AdapterEditPage from "./AdapterEditPage";
 import {withTranslation} from "react-i18next";
 import SelectThemeBox from "./SelectThemeBox";
 import SessionListPage from "./SessionListPage";
 const {Header, Footer, Content} = Layout;
@ -87,6 +83,8 @@ class App extends Component {
      account: undefined,
      uri: null,
      menuVisible: false,
      themeAlgorithm: null,
      logo: null,
    };
    Setting.initServerUrl();
@ -101,6 +99,16 @@ class App extends Component {
    this.getAccount();
  }
  componentDidMount() {
    localStorage.getItem("theme") ?
      this.setState({"themeAlgorithm": this.getTheme()}) : this.setState({"themeAlgorithm": theme.defaultAlgorithm});
    this.setState({"logo": Setting.getLogo(localStorage.getItem("theme"))});
    addEventListener("themeChange", (e) => {
      this.setState({"themeAlgorithm": this.getTheme()});
      this.setState({"logo": Setting.getLogo(localStorage.getItem("theme"))});
    });
  }
  componentDidUpdate() {
    // eslint-disable-next-line no-restricted-globals
    const uri = location.pathname;
@ -190,6 +198,10 @@ class App extends Component {
    return "";
  }
  getTheme() {
    return Setting.Themes.find(t => t.key === localStorage.getItem("theme"))["style"];
  }
  setLanguage(account) {
    const language = account?.language;
    if (language !== "" && language !== i18next.language) {
@ -410,6 +422,10 @@ class App extends Component {
        "/tokens"
      ));
      res.push(Setting.getItem(<Link to="/sessions">{i18next.t("general:Sessions")}</Link>,
        "/sessions"
      ));
      res.push(Setting.getItem(<Link to="/webhooks">{i18next.t("general:Webhooks")}</Link>,
        "/webhooks"
      ));
@ -471,54 +487,63 @@ class App extends Component {
  renderRouter() {
    return (
-      <div>
+      <ConfigProvider theme={{
-        <Switch>
+        token: {
-          <Route exact path="/result" render={(props) => this.renderHomeIfLoggedIn(<ResultPage {...props} />)} />
+          colorPrimary: "rgb(89,54,213)",
-          <Route exact path="/result/:applicationName" render={(props) => this.renderHomeIfLoggedIn(<ResultPage {...props} />)} />
+          colorInfo: "rgb(89,54,213)",
-          <Route exact path="/" render={(props) => this.renderLoginIfNotLoggedIn(<HomePage account={this.state.account} {...props} />)} />
+        },
-          <Route exact path="/account" render={(props) => this.renderLoginIfNotLoggedIn(<AccountPage account={this.state.account} {...props} />)} />
+        algorithm: this.state.themeAlgorithm,
-          <Route exact path="/organizations" render={(props) => this.renderLoginIfNotLoggedIn(<OrganizationListPage account={this.state.account} {...props} />)} />
+      }}>
-          <Route exact path="/organizations/:organizationName" render={(props) => this.renderLoginIfNotLoggedIn(<OrganizationEditPage account={this.state.account} {...props} />)} />
+        <div>
-          <Route exact path="/organizations/:organizationName/users" render={(props) => this.renderLoginIfNotLoggedIn(<UserListPage account={this.state.account} {...props} />)} />
+          <Switch>
-          <Route exact path="/users" render={(props) => this.renderLoginIfNotLoggedIn(<UserListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/result" render={(props) => this.renderHomeIfLoggedIn(<ResultPage {...props} />)} />
-          <Route exact path="/users/:organizationName/:userName" render={(props) => <UserEditPage account={this.state.account} {...props} />} />
+            <Route exact path="/result/:applicationName" render={(props) => this.renderHomeIfLoggedIn(<ResultPage {...props} />)} />
-          <Route exact path="/roles" render={(props) => this.renderLoginIfNotLoggedIn(<RoleListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/" render={(props) => this.renderLoginIfNotLoggedIn(<HomePage account={this.state.account} {...props} />)} />
-          <Route exact path="/roles/:organizationName/:roleName" render={(props) => this.renderLoginIfNotLoggedIn(<RoleEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/account" render={(props) => this.renderLoginIfNotLoggedIn(<AccountPage account={this.state.account} {...props} />)} />
-          <Route exact path="/permissions" render={(props) => this.renderLoginIfNotLoggedIn(<PermissionListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/organizations" render={(props) => this.renderLoginIfNotLoggedIn(<OrganizationListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/permissions/:organizationName/:permissionName" render={(props) => this.renderLoginIfNotLoggedIn(<PermissionEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/organizations/:organizationName" render={(props) => this.renderLoginIfNotLoggedIn(<OrganizationEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/models" render={(props) => this.renderLoginIfNotLoggedIn(<ModelListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/organizations/:organizationName/users" render={(props) => this.renderLoginIfNotLoggedIn(<UserListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/models/:organizationName/:modelName" render={(props) => this.renderLoginIfNotLoggedIn(<ModelEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/users" render={(props) => this.renderLoginIfNotLoggedIn(<UserListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/adapters" render={(props) => this.renderLoginIfNotLoggedIn(<AdapterListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/users/:organizationName/:userName" render={(props) => <UserEditPage account={this.state.account} {...props} />} />
-          <Route exact path="/adapters/:organizationName/:adapterName" render={(props) => this.renderLoginIfNotLoggedIn(<AdapterEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/roles" render={(props) => this.renderLoginIfNotLoggedIn(<RoleListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/providers" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/roles/:organizationName/:roleName" render={(props) => this.renderLoginIfNotLoggedIn(<RoleEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/providers/:organizationName/:providerName" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/permissions" render={(props) => this.renderLoginIfNotLoggedIn(<PermissionListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/applications" render={(props) => this.renderLoginIfNotLoggedIn(<ApplicationListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/permissions/:organizationName/:permissionName" render={(props) => this.renderLoginIfNotLoggedIn(<PermissionEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/applications/:organizationName/:applicationName" render={(props) => this.renderLoginIfNotLoggedIn(<ApplicationEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/models" render={(props) => this.renderLoginIfNotLoggedIn(<ModelListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/resources" render={(props) => this.renderLoginIfNotLoggedIn(<ResourceListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/models/:organizationName/:modelName" render={(props) => this.renderLoginIfNotLoggedIn(<ModelEditPage account={this.state.account} {...props} />)} />
-          {/* <Route exact path="/resources/:resourceName" render={(props) => this.renderLoginIfNotLoggedIn(<ResourceEditPage account={this.state.account} {...props} />)}/>*/}
+            <Route exact path="/adapters" render={(props) => this.renderLoginIfNotLoggedIn(<AdapterListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/ldap/:ldapId" render={(props) => this.renderLoginIfNotLoggedIn(<LdapEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/adapters/:organizationName/:adapterName" render={(props) => this.renderLoginIfNotLoggedIn(<AdapterEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/ldap/sync/:ldapId" render={(props) => this.renderLoginIfNotLoggedIn(<LdapSyncPage account={this.state.account} {...props} />)} />
+            <Route exact path="/providers" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/tokens" render={(props) => this.renderLoginIfNotLoggedIn(<TokenListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/providers/:organizationName/:providerName" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/tokens/:tokenName" render={(props) => this.renderLoginIfNotLoggedIn(<TokenEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/applications" render={(props) => this.renderLoginIfNotLoggedIn(<ApplicationListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/webhooks" render={(props) => this.renderLoginIfNotLoggedIn(<WebhookListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/applications/:organizationName/:applicationName" render={(props) => this.renderLoginIfNotLoggedIn(<ApplicationEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/webhooks/:webhookName" render={(props) => this.renderLoginIfNotLoggedIn(<WebhookEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/resources" render={(props) => this.renderLoginIfNotLoggedIn(<ResourceListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/syncers" render={(props) => this.renderLoginIfNotLoggedIn(<SyncerListPage account={this.state.account} {...props} />)} />
+            {/* <Route exact path="/resources/:resourceName" render={(props) => this.renderLoginIfNotLoggedIn(<ResourceEditPage account={this.state.account} {...props} />)}/>*/}
-          <Route exact path="/syncers/:syncerName" render={(props) => this.renderLoginIfNotLoggedIn(<SyncerEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/ldap/:ldapId" render={(props) => this.renderLoginIfNotLoggedIn(<LdapEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/certs" render={(props) => this.renderLoginIfNotLoggedIn(<CertListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/ldap/sync/:ldapId" render={(props) => this.renderLoginIfNotLoggedIn(<LdapSyncPage account={this.state.account} {...props} />)} />
-          <Route exact path="/certs/:certName" render={(props) => this.renderLoginIfNotLoggedIn(<CertEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/tokens" render={(props) => this.renderLoginIfNotLoggedIn(<TokenListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/products" render={(props) => this.renderLoginIfNotLoggedIn(<ProductListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/sessions" render={(props) => this.renderLoginIfNotLoggedIn(<SessionListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/products/:productName" render={(props) => this.renderLoginIfNotLoggedIn(<ProductEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/tokens/:tokenName" render={(props) => this.renderLoginIfNotLoggedIn(<TokenEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/products/:productName/buy" render={(props) => this.renderLoginIfNotLoggedIn(<ProductBuyPage account={this.state.account} {...props} />)} />
+            <Route exact path="/webhooks" render={(props) => this.renderLoginIfNotLoggedIn(<WebhookListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/payments" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/webhooks/:webhookName" render={(props) => this.renderLoginIfNotLoggedIn(<WebhookEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/payments/:paymentName" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/syncers" render={(props) => this.renderLoginIfNotLoggedIn(<SyncerListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/payments/:paymentName/result" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentResultPage account={this.state.account} {...props} />)} />
+            <Route exact path="/syncers/:syncerName" render={(props) => this.renderLoginIfNotLoggedIn(<SyncerEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/records" render={(props) => this.renderLoginIfNotLoggedIn(<RecordListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/certs" render={(props) => this.renderLoginIfNotLoggedIn(<CertListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/.well-known/openid-configuration" render={(props) => <OdicDiscoveryPage />} />
+            <Route exact path="/certs/:certName" render={(props) => this.renderLoginIfNotLoggedIn(<CertEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/sysinfo" render={(props) => this.renderLoginIfNotLoggedIn(<SystemInfo account={this.state.account} {...props} />)} />
+            <Route exact path="/products" render={(props) => this.renderLoginIfNotLoggedIn(<ProductListPage account={this.state.account} {...props} />)} />
-          <Route path="" render={() => <Result status="404" title="404 NOT FOUND" subTitle={i18next.t("general:Sorry, the page you visited does not exist.")}
+            <Route exact path="/products/:productName" render={(props) => this.renderLoginIfNotLoggedIn(<ProductEditPage account={this.state.account} {...props} />)} />
-            extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>} />} />
+            <Route exact path="/products/:productName/buy" render={(props) => this.renderLoginIfNotLoggedIn(<ProductBuyPage account={this.state.account} {...props} />)} />
-        </Switch>
+            <Route exact path="/payments" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentListPage account={this.state.account} {...props} />)} />
-      </div>
+            <Route exact path="/payments/:paymentName" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentEditPage account={this.state.account} {...props} />)} />
            <Route exact path="/payments/:paymentName/result" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentResultPage account={this.state.account} {...props} />)} />
            <Route exact path="/records" render={(props) => this.renderLoginIfNotLoggedIn(<RecordListPage account={this.state.account} {...props} />)} />
            <Route exact path="/.well-known/openid-configuration" render={(props) => <OdicDiscoveryPage />} />
            <Route exact path="/sysinfo" render={(props) => this.renderLoginIfNotLoggedIn(<SystemInfo account={this.state.account} {...props} />)} />
            <Route path="" render={() => <Result status="404" title="404 NOT FOUND" subTitle={i18next.t("general:Sorry, the page you visited does not exist.")}
              extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>} />} />
          </Switch>
        </div>
      </ConfigProvider>
    );
  }
@ -538,30 +563,27 @@ class App extends Component {
    if (!Setting.isMobile()) {
      return (
        <Layout id="parent-area">
-          <Header style={{marginBottom: "3px", paddingInline: 0}}>
+          <Header style={{marginBottom: "3px", paddingInline: 0, backgroundColor: this.state.themeAlgorithm === theme.darkAlgorithm ? "black" : "white"}}>
            {
              Setting.isMobile() ? null : (
                <Link to={"/"}>
-                  <div className="logo" />
+                  <div className="logo" style={{background: `url(${this.state.logo})`}} />
                </Link>
              )
            }
-            <div>
+            <Menu
-              <Menu
+              items={this.renderMenu()}
-                // theme="dark"
+              mode={(Setting.isMobile() && this.isStartPages()) ? "inline" : "horizontal"}
-                items={this.renderMenu()}
+              selectedKeys={[`${this.state.selectedMenuKey}`]}
-                mode={(Setting.isMobile() && this.isStartPages()) ? "inline" : "horizontal"}
+              style={{position: "absolute", left: "145px", backgroundColor: this.state.themeAlgorithm === theme.darkAlgorithm ? "black" : "white"}}
-                selectedKeys={[`${this.state.selectedMenuKey}`]}
+            />
-                style={{lineHeight: "64px", position: "absolute", left: "145px", right: "200px"}}
+            {
-              >
+              this.renderAccount()
-              </Menu>
+            }
-              {
+            {this.state.account && <SelectThemeBox themes={this.state.account.organization.themes} />}
-                this.renderAccount()
+            {this.state.account && <SelectLanguageBox languages={this.state.account.organization.languages} />}
              }
              {this.state.account && <SelectLanguageBox languages={this.state.account.organization.languages} />}
            </div>
          </Header>
-          <Content style={{backgroundColor: "#f5f5f5", alignItems: "stretch", display: "flex", flexDirection: "column"}}>
+          <Content style={{alignItems: "stretch", display: "flex", flexDirection: "column"}}>
            <Card className="content-warp-card">
              {
                this.renderRouter()
@ -576,11 +598,11 @@ class App extends Component {
    } else {
      return (
        <Layout>
-          <Header style={{padding: "0", marginBottom: "3px"}}>
+          <Header style={{padding: "0", marginBottom: "3px", backgroundColor: this.state.themeAlgorithm === theme.darkAlgorithm ? "black" : "white"}}>
            {
              Setting.isMobile() ? null : (
                <Link to={"/"}>
-                  <div className="logo" />
+                  <div className="logo" style={{background: `url(${this.state.logo})`}} />
                </Link>
              )
            }
@ -598,12 +620,11 @@ class App extends Component {
            <Button icon={<BarsOutlined />} onClick={this.showMenu} type="text">
              {i18next.t("general:Menu")}
            </Button>
-            <div style = {{float: "right"}}>
+            {
-              {
+              this.renderAccount()
-                this.renderAccount()
+            }
-              }
+            {this.state.account && <SelectThemeBox themes={this.state.account.organization.themes} />}
-              {this.state.account && <SelectLanguageBox languages={this.state.account.organization.languages} />}
+            {this.state.account && <SelectLanguageBox languages={this.state.account.organization.languages} />}
            </div>
          </Header>
          <Content style={{display: "flex", flexDirection: "column"}} >{
            this.renderRouter()}
@ -619,74 +640,66 @@ class App extends Component {
    // https://www.freecodecamp.org/neyarnws/how-to-keep-your-footer-where-it-belongs-59c6aa05c59c/
    return (
-      <>
+      <React.Fragment>
        {!this.state.account ? null : <div style={{display: "none"}} id="CasdoorApplicationName" value={this.state.account.signupApplication} />}
        <Footer id="footer" style={
          {
            borderTop: "1px solid #e8e8e8",
            backgroundColor: "white",
            textAlign: "center",
          }
        }>
-          Powered by <a target="_blank" href="https://casdoor.org" rel="noreferrer"><img style={{paddingBottom: "3px"}} height={"20px"} alt={"Casdoor"} src={`${Setting.StaticBaseUrl}/img/casdoor-logo_1185x256.png`} /></a>
+          Powered by <a target="_blank" href="https://casdoor.org" rel="noreferrer"><img style={{paddingBottom: "3px"}} height={"20px"} alt={"Casdoor"} src={this.state.logo} /></a>
        </Footer>
-      </>
+      </React.Fragment>
    );
  }
  isDoorPages() {
    return this.isEntryPages() || window.location.pathname.startsWith("/callback");
  }
  isEntryPages() {
    return window.location.pathname.startsWith("/signup") ||
      window.location.pathname.startsWith("/login") ||
      window.location.pathname.startsWith("/callback") ||
      window.location.pathname.startsWith("/prompt") ||
      window.location.pathname.startsWith("/forget") ||
-      window.location.pathname.startsWith("/cas");
+      window.location.pathname.startsWith("/prompt") ||
      window.location.pathname.startsWith("/cas") ||
      window.location.pathname.startsWith("/auto-signup");
  }
  renderPage() {
    if (this.isDoorPages()) {
      return (
-        <>
+        <React.Fragment>
          <Layout id="parent-area">
            <Content style={{display: "flex", justifyContent: "center"}}>
-              <Switch>
+              {
-                <Route exact path="/signup" render={(props) => this.renderHomeIfLoggedIn(<SignupPage account={this.state.account} {...props} />)} />
+                this.isEntryPages() ?
-                <Route exact path="/signup/:applicationName" render={(props) => this.renderHomeIfLoggedIn(<SignupPage account={this.state.account} {...props} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />)} />
+                  <EntryPage account={this.state.account} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />
-                <Route exact path="/login" render={(props) => this.renderHomeIfLoggedIn(<SelfLoginPage account={this.state.account} {...props} />)} />
+                  :
-                <Route exact path="/login/:owner" render={(props) => this.renderHomeIfLoggedIn(<SelfLoginPage account={this.state.account} {...props} />)} />
+                  <Switch>
-                <Route exact path="/auto-signup/oauth/authorize" render={(props) => <LoginPage account={this.state.account} type={"code"} mode={"signup"} {...props} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />} />
+                    <Route exact path="/callback" component={AuthCallback} />
-                <Route exact path="/signup/oauth/authorize" render={(props) => <SignupPage account={this.state.account} {...props} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />} />
+                    <Route exact path="/callback/saml" component={SamlCallback} />
-                <Route exact path="/login/oauth/authorize" render={(props) => <LoginPage account={this.state.account} type={"code"} mode={"signin"} {...props} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />} />
+                    <Route path="" render={() => <Result status="404" title="404 NOT FOUND" subTitle={i18next.t("general:Sorry, the page you visited does not exist.")}
-                <Route exact path="/login/saml/authorize/:owner/:applicationName" render={(props) => <LoginPage account={this.state.account} type={"saml"} mode={"signin"} {...props} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} />} />
+                      extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>} />} />
-                <Route exact path="/cas/:owner/:casApplicationName/logout" render={(props) => this.renderHomeIfLoggedIn(<CasLogout clearAccount={() => this.setState({account: null})} {...props} />)} />
+                  </Switch>
-                <Route exact path="/cas/:owner/:casApplicationName/login" render={(props) => {return (<LoginPage type={"cas"} mode={"signup"} account={this.state.account} {...props} />);}} />
+              }
                <Route exact path="/callback" component={AuthCallback} />
                <Route exact path="/callback/saml" component={SamlCallback} />
                <Route exact path="/forget" render={(props) => this.renderHomeIfLoggedIn(<SelfForgetPage {...props} />)} />
                <Route exact path="/forget/:applicationName" render={(props) => this.renderHomeIfLoggedIn(<ForgetPage {...props} />)} />
                <Route exact path="/prompt" render={(props) => this.renderLoginIfNotLoggedIn(<PromptPage account={this.state.account} {...props} />)} />
                <Route exact path="/prompt/:applicationName" render={(props) => this.renderLoginIfNotLoggedIn(<PromptPage account={this.state.account} onUpdateAccount={(account) => {this.onUpdateAccount(account);}} {...props} />)} />
                <Route exact path="/sysinfo" render={(props) => this.renderLoginIfNotLoggedIn(<SystemInfo {...props} />)} />
                <Route path="" render={() => <Result status="404" title="404 NOT FOUND" subTitle={i18next.t("general:Sorry, the page you visited does not exist.")}
                  extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>} />} />
              </Switch>
            </Content>
            {
              this.renderFooter()
            }
          </Layout>
-        </>
+        </React.Fragment>
      );
    }
    return (
-      <>
+      <React.Fragment>
        <FloatButton.BackTop />
        <CustomGithubCorner />
        {
          this.renderContent()
        }
-      </>
+      </React.Fragment>
    );
  }
@ -702,6 +715,7 @@ class App extends Component {
              colorPrimary: "rgb(89,54,213)",
              colorInfo: "rgb(89,54,213)",
            },
            algorithm: this.state.themeAlgorithm,
          }}>
            {
              this.renderPage()
@ -723,6 +737,7 @@ class App extends Component {
            colorPrimary: "rgb(89,54,213)",
            colorInfo: "rgb(89,54,213)",
          },
          algorithm: this.state.themeAlgorithm,
        }}>
          {
            this.renderPage()
--- a/web/src/App.less
+++ b/web/src/App.less
@ -13,14 +13,12 @@
 }
 .App-header {
  background-color: #282c34;
  min-height: 100vh;
  display: flex;
  flex-direction: column;
  align-items: center;
  justify-content: center;
  font-size: calc(10px + 2vmin);
  color: white;
 }
 .App-link {
@ -41,7 +39,6 @@ img {
  flex-direction: column;
  height: 100%;
  min-height: 100vh;
  background-color: #f5f5f5;
 }
 .panel-logo {
@ -55,7 +52,7 @@ img {
  background-repeat: no-repeat;
  border-radius: 5px;
  width: 45px;
-  height: 65px;
+  height: 100%;
  float: right;
  cursor: pointer;
@ -64,9 +61,32 @@ img {
  }
 }
 .login-form .language-box {
  height: 65px;
 }
 .theme-box {
  background: url("@{StaticBaseUrl}/img/muti_language.svg");
  background-size: 25px, 25px;
  background-position: center !important;
  background-repeat: no-repeat !important;
  border-radius: 5px;
  width: 45px;
  height: 100%;
  float: right;
  cursor: pointer;
  &:hover {
    background-color: #f5f5f5 !important;
  }
 }
 .rightDropDown {
  border-radius: 7px;
  &:hover {
    background-color: #f5f5f5;
    color: black;
  }
 }
@ -128,3 +148,9 @@ img {
  background-size: 100% 100%;
  background-attachment: fixed;
 }
 .ant-menu-horizontal {
  border-bottom: none !important;
  margin-right: 30px;
  right: 230px;
 }
--- a/web/src/ApplicationEditPage.js
+++ b/web/src/ApplicationEditPage.js
@ -13,7 +13,7 @@
 // limitations under the License.
 import React from "react";
-import {Button, Card, Col, Input, Popover, Radio, Row, Select, Switch, Upload} from "antd";
+import {Button, Card, Col, Input, Popover, Radio, Result, Row, Select, Switch, Upload} from "antd";
 import {CopyOutlined, LinkOutlined, UploadOutlined} from "@ant-design/icons";
 import * as ApplicationBackend from "./backend/ApplicationBackend";
 import * as CertBackend from "./backend/CertBackend";
@ -103,6 +103,7 @@ class ApplicationEditPage extends React.Component {
      uploading: false,
      mode: props.location.mode !== undefined ? props.location.mode : "edit",
      samlMetadata: null,
      isAuthorized: true,
    };
  }
@ -129,9 +130,15 @@ class ApplicationEditPage extends React.Component {
  getOrganizations() {
    OrganizationBackend.getOrganizations("admin")
      .then((res) => {
-        this.setState({
+        if (res?.status === "error") {
-          organizations: (res.msg === undefined) ? res : [],
+          this.setState({
-        });
+            isAuthorized: false,
          });
        } else {
          this.setState({
            organizations: (res.msg === undefined) ? res : [],
          });
        }
      });
  }
@ -726,7 +733,7 @@ class ApplicationEditPage extends React.Component {
  renderSignupSigninPreview() {
    let signUpUrl = `/signup/${this.state.application.name}`;
    const signInUrl = `/login/oauth/authorize?client_id=${this.state.application.clientId}&response_type=code&redirect_uri=${this.state.application.redirectUris[0]}&scope=read&state=casdoor`;
-    const maskStyle = {position: "absolute", top: "0px", left: "0px", zIndex: 10, height: "100%", width: "100%", background: "rgba(0,0,0,0.4)"};
+    const maskStyle = {position: "absolute", top: "0px", left: "0px", zIndex: 10, height: "97%", width: "100%", background: "rgba(0,0,0,0.4)"};
    if (!this.state.application.enablePassword) {
      signUpUrl = signInUrl.replace("/login/oauth/authorize", "/signup/oauth/authorize");
    }
@ -742,15 +749,19 @@ class ApplicationEditPage extends React.Component {
            {i18next.t("application:Copy signup page URL")}
          </Button>
          <br />
-          <div style={{position: "relative", width: previewWidth, border: "1px solid rgb(217,217,217)", boxShadow: "10px 10px 5px #888888", alignItems: "center", overflow: "auto", flexDirection: "column", flex: "auto"}}>
+          <div style={{position: "relative", width: previewWidth, border: "1px solid rgb(217,217,217)", boxShadow: "10px 10px 5px #888888", overflow: "auto"}}>
            {
              this.state.application.enablePassword ? (
-                <SignupPage application={this.state.application} />
+                <div className="loginBackground" style={{backgroundImage: `url(${this.state.application?.formBackgroundUrl})`, overflow: "auto"}}>
                  <SignupPage application={this.state.application} preview = "auto" />
                </div>
              ) : (
-                <LoginPage type={"login"} mode={"signup"} application={this.state.application} />
+                <div className="loginBackground" style={{backgroundImage: `url(${this.state.application?.formBackgroundUrl})`, overflow: "auto"}}>
                  <LoginPage type={"login"} mode={"signup"} application={this.state.application} preview = "auto" />
                </div>
              )
            }
-            <div style={maskStyle} />
+            <div style={{overflow: "auto", ...maskStyle}} />
          </div>
        </Col>
        <Col span={previewGrid}>
@ -762,9 +773,11 @@ class ApplicationEditPage extends React.Component {
            {i18next.t("application:Copy signin page URL")}
          </Button>
          <br />
-          <div style={{position: "relative", width: previewWidth, border: "1px solid rgb(217,217,217)", boxShadow: "10px 10px 5px #888888", alignItems: "center", overflow: "auto", flexDirection: "column", flex: "auto"}}>
+          <div style={{position: "relative", width: previewWidth, border: "1px solid rgb(217,217,217)", boxShadow: "10px 10px 5px #888888", overflow: "auto"}}>
-            <LoginPage type={"login"} mode={"signin"} application={this.state.application} />
+            <div className="loginBackground" style={{backgroundImage: `url(${this.state.application?.formBackgroundUrl})`, overflow: "auto"}}>
-            <div style={maskStyle} />
+              <LoginPage type={"login"} mode={"signin"} application={this.state.application} preview = "auto" />
            </div>
            <div style={{overflow: "auto", ...maskStyle}} />
          </div>
        </Col>
      </React.Fragment>
@ -832,6 +845,17 @@ class ApplicationEditPage extends React.Component {
  }
  render() {
    if (!this.state.isAuthorized) {
      return (
        <Result
          status="403"
          title="403 Unauthorized"
          subTitle={i18next.t("general:Sorry, you do not have permission to access this page or logged in status invalid.")}
          extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>}
        />
      );
    }
    return (
      <div>
        {
--- a/web/src/ApplicationListPage.js
+++ b/web/src/ApplicationListPage.js
@ -14,7 +14,7 @@
 import React from "react";
 import {Link} from "react-router-dom";
-import {Button, Col, List, Popconfirm, Row, Table, Tooltip} from "antd";
+import {Button, Col, List, Popconfirm, Result, Row, Table, Tooltip} from "antd";
 import {EditOutlined} from "@ant-design/icons";
 import moment from "moment";
 import * as Setting from "./Setting";
@ -36,6 +36,7 @@ class ApplicationListPage extends BaseListPage {
      loading: false,
      searchText: "",
      searchedColumn: "",
      isAuthorized: true,
    };
  }
@ -258,6 +259,17 @@ class ApplicationListPage extends BaseListPage {
      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
    };
    if (!this.state.isAuthorized) {
      return (
        <Result
          status="403"
          title="403 Unauthorized"
          subTitle={i18next.t("general:Sorry, you do not have permission to access this page or logged in status invalid.")}
          extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>}
        />
      );
    }
    return (
      <div>
        <Table scroll={{x: "max-content"}} columns={columns} dataSource={applications} rowKey="name" size="middle" bordered pagination={paginationProps}
@ -292,6 +304,13 @@ class ApplicationListPage extends BaseListPage {
            searchText: params.searchText,
            searchedColumn: params.searchedColumn,
          });
        } else {
          if (res.msg.includes("Unauthorized")) {
            this.setState({
              loading: false,
              isAuthorized: false,
            });
          }
        }
      });
  };
--- a/web/src/BaseListPage.js
+++ b/web/src/BaseListPage.js
@ -13,9 +13,10 @@
 // limitations under the License.
 import React from "react";
-import {Button, Input, Space} from "antd";
+import {Button, Input, Result, Space} from "antd";
 import {SearchOutlined} from "@ant-design/icons";
 import Highlighter from "react-highlight-words";
 import i18next from "i18next";
 class BaseListPage extends React.Component {
  constructor(props) {
@ -127,6 +128,17 @@ class BaseListPage extends React.Component {
  };
  render() {
    if (!this.state.isAuthorized) {
      return (
        <Result
          status="403"
          title="403 Unauthorized"
          subTitle={i18next.t("general:Sorry, you do not have permission to access this page or logged in status invalid.")}
          extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>}
        />
      );
    }
    return (
      <div>
        {
--- a/web/src/CertListPage.js
+++ b/web/src/CertListPage.js
@ -227,6 +227,13 @@ class CertListPage extends BaseListPage {
            searchText: params.searchText,
            searchedColumn: params.searchedColumn,
          });
        } else {
          if (res.msg.includes("Unauthorized")) {
            this.setState({
              loading: false,
              isAuthorized: false,
            });
          }
        }
      });
  };
--- a/web/src/EntryPage.js
+++ b/web/src/EntryPage.js
@ -0,0 +1,84 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 import React from "react";
 import {Redirect, Route, Switch} from "react-router-dom";
 import {Spin} from "antd";
 import i18next from "i18next";
 import * as Setting from "./Setting";
 import SignupPage from "./auth/SignupPage";
 import SelfLoginPage from "./auth/SelfLoginPage";
 import LoginPage from "./auth/LoginPage";
 import SelfForgetPage from "./auth/SelfForgetPage";
 import ForgetPage from "./auth/ForgetPage";
 import PromptPage from "./auth/PromptPage";
 import CasLogout from "./auth/CasLogout";
 class EntryPage extends React.Component {
  constructor(props) {
    super(props);
    this.state = {
      application: undefined,
    };
  }
  renderHomeIfLoggedIn(component) {
    if (this.props.account !== null && this.props.account !== undefined) {
      return <Redirect to="/" />;
    } else {
      return component;
    }
  }
  renderLoginIfNotLoggedIn(component) {
    if (this.props.account === null) {
      sessionStorage.setItem("from", window.location.pathname);
      return <Redirect to="/login" />;
    } else if (this.props.account === undefined) {
      return null;
    } else {
      return component;
    }
  }
  render() {
    const onUpdateApplication = (application) => {
      this.setState({
        application: application,
      });
    };
    return <div className="loginBackground" style={{backgroundImage: Setting.inIframe() || Setting.isMobile() ? null : `url(${this.state.application?.formBackgroundUrl})`}}>
      <Spin spinning={this.state.application === undefined} tip={i18next.t("login:Loading")} style={{margin: "0 auto"}} />
      <Switch>
        <Route exact path="/signup" render={(props) => this.renderHomeIfLoggedIn(<SignupPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
        <Route exact path="/signup/:applicationName" render={(props) => this.renderHomeIfLoggedIn(<SignupPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
        <Route exact path="/login" render={(props) => this.renderHomeIfLoggedIn(<SelfLoginPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
        <Route exact path="/login/:owner" render={(props) => this.renderHomeIfLoggedIn(<SelfLoginPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
        <Route exact path="/auto-signup/oauth/authorize" render={(props) => <LoginPage {...this.props} application={this.state.application} type={"code"} mode={"signup"} onUpdateApplication={onUpdateApplication}{...props} />} />
        <Route exact path="/signup/oauth/authorize" render={(props) => <SignupPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />} />
        <Route exact path="/login/oauth/authorize" render={(props) => <LoginPage {...this.props} application={this.state.application} type={"code"} mode={"signin"} onUpdateApplication={onUpdateApplication} {...props} />} />
        <Route exact path="/login/saml/authorize/:owner/:applicationName" render={(props) => <LoginPage {...this.props} application={this.state.application} type={"saml"} mode={"signin"} onUpdateApplication={onUpdateApplication} {...props} />} />
        <Route exact path="/forget" render={(props) => this.renderHomeIfLoggedIn(<SelfForgetPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
        <Route exact path="/forget/:applicationName" render={(props) => this.renderHomeIfLoggedIn(<ForgetPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
        <Route exact path="/prompt" render={(props) => this.renderLoginIfNotLoggedIn(<PromptPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
        <Route exact path="/prompt/:applicationName" render={(props) => this.renderLoginIfNotLoggedIn(<PromptPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
        <Route exact path="/cas/:owner/:casApplicationName/logout" render={(props) => this.renderHomeIfLoggedIn(<CasLogout {...this.props} application={this.state.application} {...props} />)} />
        <Route exact path="/cas/:owner/:casApplicationName/login" render={(props) => {return (<LoginPage {...this.props} application={this.state.application} type={"cas"} mode={"signup"} {...props} />);}} />
      </Switch>
    </div>;
  }
 }
 export default EntryPage;
--- a/web/src/ModelListPage.js
+++ b/web/src/ModelListPage.js
@ -200,6 +200,13 @@ class ModelListPage extends BaseListPage {
            searchText: params.searchText,
            searchedColumn: params.searchedColumn,
          });
        } else {
          if (res.msg.includes("Unauthorized")) {
            this.setState({
              loading: false,
              isAuthorized: false,
            });
          }
        }
      });
  };
--- a/web/src/OrganizationListPage.js
+++ b/web/src/OrganizationListPage.js
@ -251,7 +251,7 @@ class OrganizationListPage extends BaseListPage {
        <Result
          status="403"
          title="403 Unauthorized"
-          subTitle={i18next.t("general:Sorry, you do not have permission to access this page.")}
+          subTitle={i18next.t("general:Sorry, you do not have permission to access this page or logged in status invalid.")}
          extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>}
        />
      );
--- a/web/src/PaymentListPage.js
+++ b/web/src/PaymentListPage.js
@ -278,6 +278,13 @@ class PaymentListPage extends BaseListPage {
            searchText: params.searchText,
            searchedColumn: params.searchedColumn,
          });
        } else {
          if (res.msg.includes("Unauthorized")) {
            this.setState({
              loading: false,
              isAuthorized: false,
            });
          }
        }
      });
  };
--- a/web/src/PermissionListPage.js
+++ b/web/src/PermissionListPage.js
@ -358,6 +358,13 @@ class PermissionListPage extends BaseListPage {
            searchText: params.searchText,
            searchedColumn: params.searchedColumn,
          });
        } else {
          if (res.msg.includes("Unauthorized")) {
            this.setState({
              loading: false,
              isAuthorized: false,
            });
          }
        }
      });
  };
--- a/web/src/ProductListPage.js
+++ b/web/src/ProductListPage.js
@ -295,6 +295,13 @@ class ProductListPage extends BaseListPage {
            searchText: params.searchText,
            searchedColumn: params.searchedColumn,
          });
        } else {
          if (res.msg.includes("Unauthorized")) {
            this.setState({
              loading: false,
              isAuthorized: false,
            });
          }
        }
      });
  };
--- a/web/src/ProviderListPage.js
+++ b/web/src/ProviderListPage.js
@ -14,7 +14,7 @@
 import React from "react";
 import {Link} from "react-router-dom";
-import {Button, Popconfirm, Table} from "antd";
+import {Button, Popconfirm, Result, Table} from "antd";
 import moment from "moment";
 import * as Setting from "./Setting";
 import * as ProviderBackend from "./backend/ProviderBackend";
@ -36,6 +36,7 @@ class ProviderListPage extends BaseListPage {
      loading: false,
      searchText: "",
      searchedColumn: "",
      isAuthorized: true,
    };
  }
  newProvider() {
@ -227,6 +228,17 @@ class ProviderListPage extends BaseListPage {
      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
    };
    if (!this.state.isAuthorized) {
      return (
        <Result
          status="403"
          title="403 Unauthorized"
          subTitle={i18next.t("general:Sorry, you do not have permission to access this page or logged in status invalid.")}
          extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>}
        />
      );
    }
    return (
      <div>
        <Table scroll={{x: "max-content"}} columns={columns} dataSource={providers} rowKey="name" size="middle" bordered pagination={paginationProps}
@ -268,6 +280,13 @@ class ProviderListPage extends BaseListPage {
            searchText: params.searchText,
            searchedColumn: params.searchedColumn,
          });
        } else {
          if (res.msg.includes("Unauthorized")) {
            this.setState({
              loading: false,
              isAuthorized: false,
            });
          }
        }
      });
  };
--- a/web/src/RecordListPage.js
+++ b/web/src/RecordListPage.js
@ -222,6 +222,13 @@ class RecordListPage extends BaseListPage {
            searchText: params.searchText,
            searchedColumn: params.searchedColumn,
          });
        } else {
          if (res.data.includes("Please login first")) {
            this.setState({
              loading: false,
              isAuthorized: false,
            });
          }
        }
      });
  };
--- a/web/src/ResetModal.js
+++ b/web/src/ResetModal.js
@ -37,7 +37,11 @@ export const ResetModal = (props) => {
  const handleOk = () => {
    if (dest === "") {
-      Setting.showMessage("error", i18next.t("user:Empty " + destType));
+      if (destType === "phone") {
        Setting.showMessage("error", i18next.t("user:Phone cannot be empty"));
      } else {
        Setting.showMessage("error", i18next.t("user:Email cannot be empty"));
      }
      return;
    }
    if (code === "") {
--- a/web/src/ResourceListPage.js
+++ b/web/src/ResourceListPage.js
@ -13,7 +13,7 @@
 // limitations under the License.
 import React from "react";
-import {Button, Popconfirm, Table, Upload} from "antd";
+import {Button, Popconfirm, Result, Table, Upload} from "antd";
 import {UploadOutlined} from "@ant-design/icons";
 import copy from "copy-to-clipboard";
 import * as Setting from "./Setting";
@ -37,6 +37,7 @@ class ResourceListPage extends BaseListPage {
      searchedColumn: "",
      fileList: [],
      uploading: false,
      isAuthorized: true,
    };
  }
@ -272,6 +273,17 @@ class ResourceListPage extends BaseListPage {
      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
    };
    if (!this.state.isAuthorized) {
      return (
        <Result
          status="403"
          title="403 Unauthorized"
          subTitle={i18next.t("general:Sorry, you do not have permission to access this page or logged in status invalid.")}
          extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>}
        />
      );
    }
    return (
      <div>
        <Table scroll={{x: "max-content"}} columns={columns} dataSource={resources} rowKey="name" size="middle" bordered pagination={paginationProps}
@ -308,6 +320,13 @@ class ResourceListPage extends BaseListPage {
            searchText: params.searchText,
            searchedColumn: params.searchedColumn,
          });
        } else {
          if (res.data.includes("Please login first")) {
            this.setState({
              loading: false,
              isAuthorized: false,
            });
          }
        }
      });
  };
--- a/web/src/RoleListPage.js
+++ b/web/src/RoleListPage.js
@ -231,6 +231,13 @@ class RoleListPage extends BaseListPage {
            searchText: params.searchText,
            searchedColumn: params.searchedColumn,
          });
        } else {
          if (res.msg.includes("Unauthorized")) {
            this.setState({
              loading: false,
              isAuthorized: false,
            });
          }
        }
      });
  };
--- a/web/src/SelectThemeBox.js
+++ b/web/src/SelectThemeBox.js
@ -0,0 +1,81 @@
 // Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 import React from "react";
 import * as Setting from "./Setting";
 import {Dropdown} from "antd";
 import "./App.less";
 import i18next from "i18next";
 function themeIcon(themeKey) {
  return <img width={24} alt={themeKey} src={getLogoURL(themeKey)} />;
 }
 function getLogoURL(themeKey) {
  if (themeKey) {
    return Setting.Themes.find(t => t.key === themeKey)["selectThemeLogo"];
  } else {
    return Setting.Themes.find(t => t.key === localStorage.getItem("theme"))["selectThemeLogo"];
  }
 }
 class SelectThemeBox extends React.Component {
  constructor(props) {
    super(props);
    this.state = {
      classes: props,
      themes: props.theme ?? ["Default", "Dark", "Compact"],
      icon: null,
    };
  }
  items = this.getThemes();
  componentDidMount() {
    i18next.on("languageChanged", () => {
      this.items = this.getThemes();
    });
    localStorage.getItem("theme") ? this.setState({"icon": getLogoURL()}) : this.setState({"icon": getLogoURL("Default")});
    addEventListener("themeChange", (e) => {
      this.setState({"icon": getLogoURL()});
    });
  }
  getThemes() {
    return Setting.Themes.map((theme) => Setting.getItem(i18next.t(`general:${theme.label}`), theme.key, themeIcon(theme.key)));
  }
  getOrganizationThemes(themes) {
    const select = [];
    for (const theme of themes) {
      this.items.map((item, index) => item.key === theme ? select.push(item) : null);
    }
    return select;
  }
  render() {
    const themeItems = this.getOrganizationThemes(this.state.themes);
    const onClick = (e) => {
      Setting.setTheme(e.key);
    };
    return (
      <Dropdown menu={{items: themeItems, onClick}} >
        <div className="theme-box" style={{display: themeItems.length === 0 ? "none" : null, background: `url(${this.state.icon})`, ...this.props.style}} />
      </Dropdown>
    );
  }
 }
 export default SelectThemeBox;
--- a/web/src/SessionListPage.js
+++ b/web/src/SessionListPage.js
@ -0,0 +1,162 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 import BaseListPage from "./BaseListPage";
 import * as Setting from "./Setting";
 import i18next from "i18next";
 import {Link} from "react-router-dom";
 import {Button, Popconfirm, Table, Tag} from "antd";
 import React from "react";
 import * as SessionBackend from "./backend/SessionBackend";
 class SessionListPage extends BaseListPage {
  deleteSession(i) {
    SessionBackend.deleteSession(this.state.data[i])
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
          this.setState({
            data: Setting.deleteRow(this.state.data, i),
            pagination: {total: this.state.pagination.total - 1},
          });
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
        }
      })
      .catch(error => {
        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
      });
  }
  renderTable(sessions) {
    const columns = [
      {
        title: i18next.t("general:Name"),
        dataIndex: "name",
        key: "name",
        width: "150px",
        fixed: "left",
        sorter: true,
        ...this.getColumnSearchProps("name"),
      },
      {
        title: i18next.t("general:Organization"),
        dataIndex: "owner",
        key: "organization",
        width: "110px",
        sorter: true,
        ...this.getColumnSearchProps("organization"),
        render: (text, record, index) => {
          return (
            <Link to={`/organizations/${text}`}>
              {text}
            </Link>
          );
        },
      },
      {
        title: i18next.t("general:Created time"),
        dataIndex: "createdTime",
        key: "createdTime",
        width: "180px",
        sorter: true,
        render: (text, record, index) => {
          return Setting.getFormattedDate(text);
        },
      },
      {
        title: i18next.t("general:Session ID"),
        dataIndex: "sessionId",
        key: "sessionId",
        width: "180px",
        sorter: true,
        render: (text, record, index) => {
          return text.map((item, index) =>
            <Tag key={index}>{item}</Tag>
          );
        },
      },
      {
        title: i18next.t("general:Action"),
        dataIndex: "",
        key: "op",
        width: "70px",
        fixed: (Setting.isMobile()) ? "false" : "right",
        render: (text, record, index) => {
          return (
            <div>
              <Popconfirm
                title={`Sure to delete session: ${record.name} ?`}
                onConfirm={() => this.deleteSession(index)}
              >
                <Button style={{marginBottom: "10px"}} type="primary" danger>{i18next.t("general:Delete")}</Button>
              </Popconfirm>
            </div>
          );
        },
      },
    ];
    const paginationProps = {
      total: this.state.pagination.total,
      showQuickJumper: true,
      showSizeChanger: true,
      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
    };
    return (
      <div>
        <Table scroll={{x: "max-content"}} columns={columns} dataSource={sessions} rowKey="name" size="middle" bordered pagination={paginationProps}
          loading={this.state.loading}
          onChange={this.handleTableChange}
        />
      </div>
    );
  }
  fetch = (params = {}) => {
    let field = params.searchedColumn, value = params.searchText;
    const sortField = params.sortField, sortOrder = params.sortOrder;
    if (params.contentType !== undefined && params.contentType !== null) {
      field = "contentType";
      value = params.contentType;
    }
    this.setState({loading: true});
    SessionBackend.getSessions("", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
            loading: false,
            data: res.data,
            pagination: {
              ...params.pagination,
              total: res.data2,
            },
            searchText: params.searchText,
            searchedColumn: params.searchedColumn,
          });
        } else {
          if (res.msg.includes("Unauthorized")) {
            this.setState({
              loading: false,
              isAuthorized: false,
            });
          }
        }
      });
  };
 }
 export default SessionListPage;
--- a/web/src/Setting.js
+++ b/web/src/Setting.js
@ -14,7 +14,7 @@
 import React from "react";
 import {Link} from "react-router-dom";
-import {Tag, Tooltip, message} from "antd";
+import {Tag, Tooltip, message, theme} from "antd";
 import {QuestionCircleTwoTone} from "@ant-design/icons";
 import {isMobile as isMobileDevice} from "react-device-detect";
 import "./i18n";
@ -43,6 +43,13 @@ export const Countries = [{label: "English", key: "en", country: "US", alt: "Eng
  {label: "Русский", key: "ru", country: "RU", alt: "Русский"},
 ];
 const {defaultAlgorithm, darkAlgorithm, compactAlgorithm} = theme;
 export const Themes = [{label: i18next.t("general:Dark"), key: "Dark", style: darkAlgorithm, selectThemeLogo: `${StaticBaseUrl}/img/dark.svg`},
  {label: i18next.t("general:Compact"), key: "Compact", style: compactAlgorithm, selectThemeLogo: `${StaticBaseUrl}/img/compact.svg`},
  {label: i18next.t("general:Default"), key: "Default", style: defaultAlgorithm, selectThemeLogo: `${StaticBaseUrl}/img/light.svg`},
 ];
 export const OtherProviderInfo = {
  SMS: {
    "Aliyun SMS": {
@ -562,6 +569,14 @@ export function getAvatarColor(s) {
  return colorList[hash % 4];
 }
 export function getLogo(theme) {
  if (theme === "Dark") {
    return `${StaticBaseUrl}/img/casdoor-logo_1185x256_dark.png`;
  } else {
    return `${StaticBaseUrl}/img/casdoor-logo_1185x256.png`;
  }
 }
 export function getLanguageText(text) {
  if (!text.includes("|")) {
    return text;
@ -587,6 +602,11 @@ export function setLanguage(language) {
  i18next.changeLanguage(language);
 }
 export function setTheme(themeKey) {
  localStorage.setItem("theme", themeKey);
  dispatchEvent(new Event("themeChange"));
 }
 export function getAcceptLanguage() {
  if (i18next.language === null || i18next.language === "") {
    return "en;q=0.9,en;q=0.8";
@ -681,6 +701,7 @@ export function getProviderTypeOptions(category) {
        {id: "Bilibili", name: "Bilibili"},
        {id: "Okta", name: "Okta"},
        {id: "Douyin", name: "Douyin"},
        {id: "Line", name: "Line"},
        {id: "Custom", name: "Custom"},
      ]
    );
@ -798,6 +819,9 @@ export function renderLoginLink(application, text) {
 export function redirectToLoginPage(application, history) {
  const loginLink = getLoginLink(application);
  if (loginLink.indexOf("http") === 0 || loginLink.indexOf("https") === 0) {
    window.location.replace(loginLink);
  }
  history.push(loginLink);
 }
--- a/web/src/SyncerListPage.js
+++ b/web/src/SyncerListPage.js
@ -288,6 +288,13 @@ class SyncerListPage extends BaseListPage {
            searchText: params.searchText,
            searchedColumn: params.searchedColumn,
          });
        } else {
          if (res.msg.includes("Unauthorized")) {
            this.setState({
              loading: false,
              isAuthorized: false,
            });
          }
        }
      });
  };
--- a/web/src/TokenListPage.js
+++ b/web/src/TokenListPage.js
@ -253,6 +253,13 @@ class TokenListPage extends BaseListPage {
            searchText: params.searchText,
            searchedColumn: params.searchedColumn,
          });
        } else {
          if (res.msg.includes("Unauthorized")) {
            this.setState({
              loading: false,
              isAuthorized: false,
            });
          }
        }
      });
  };
--- a/web/src/UserEditPage.js
+++ b/web/src/UserEditPage.js
@ -28,11 +28,7 @@ import SamlWidget from "./common/SamlWidget";
 import SelectRegionBox from "./SelectRegionBox";
 import WebAuthnCredentialTable from "./WebauthnCredentialTable";
 import ManagedAccountTable from "./ManagedAccountTable";
-
+import PropertyTable from "./propertyTable";
 import {Controlled as CodeMirror} from "react-codemirror2";
 import "codemirror/lib/codemirror.css";
 require("codemirror/theme/material-darker.css");
 require("codemirror/mode/javascript/javascript");
 const {Option} = Select;
@ -288,18 +284,23 @@ class UserEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Email"), i18next.t("general:Email - Tooltip"))} :
          </Col>
          <Col style={{paddingRight: "20px"}} span={11} >
-            <Input value={this.state.user.email}
+            {Setting.isLocalAdminUser(this.props.account) ?
-              disabled={disabled}
+              (<Input value={this.state.user.email}
-              onChange={e => {
+                disabled={disabled}
-                this.updateUserField("email", e.target.value);
+                onChange={e => {
-              }} />
+                  this.updateUserField("email", e.target.value);
                }} />) :
              (<Select value={this.state.user.email}
                options={[Setting.getItem(this.state.user.email, this.state.user.email)]}
                disabled={disabled}
                onChange={e => {
                  this.updateUserField("email", e.target.value);
                }} />)
            }
          </Col>
          <Col span={11} >
-            {
+            {/* backend auto get the current user, so admin can not edit. Just self can reset*/}
-              !this.isSelf() ? null : (
+            {this.isSelf() ? <ResetModal application={this.state.application} disabled={disabled} buttonText={i18next.t("user:Reset Email...")} destType={"email"} /> : null}
                <ResetModal application={this.state.application} disabled={disabled} buttonText={i18next.t("user:Reset Email...")} destType={"email"} />
              )
            }
          </Col>
        </Row>
      );
@ -310,14 +311,21 @@ class UserEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Phone"), i18next.t("general:Phone - Tooltip"))} :
          </Col>
          <Col style={{paddingRight: "20px"}} span={11} >
-            <Input value={this.state.user.phone} addonBefore={`+${this.state.application?.organizationObj.phonePrefix}`}
+            {Setting.isLocalAdminUser(this.props.account) ?
-              disabled={disabled}
+              <Input value={this.state.user.phone} addonBefore={`+${this.state.application?.organizationObj.phonePrefix}`}
-              onChange={e => {
+                disabled={disabled}
-                this.updateUserField("phone", e.target.value);
+                onChange={e => {
-              }} />
+                  this.updateUserField("phone", e.target.value);
                }} /> :
              (<Select value={`+${this.state.application?.organizationObj.phonePrefix} ${this.state.user.phone}`}
                options={[Setting.getItem(`+${this.state.application?.organizationObj.phonePrefix} ${this.state.user.phone}`, this.state.user.phone)]}
                disabled={disabled}
                onChange={e => {
                  this.updateUserField("phone", e.target.value);
                }} />)}
          </Col>
          <Col span={11} >
-            {this.state.user.id === this.props.account?.id ? (<ResetModal application={this.state.application} disabled={disabled} buttonText={i18next.t("user:Reset Phone...")} destType={"phone"} />) : null}
+            {this.isSelf() ? (<ResetModal application={this.state.application} disabled={disabled} buttonText={i18next.t("user:Reset Phone...")} destType={"phone"} />) : null}
          </Col>
        </Row>
      );
@ -490,13 +498,10 @@ class UserEditPage extends React.Component {
      return (
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {i18next.t("user:Properties")}:
+            {Setting.getLabel(i18next.t("user:Properties"), i18next.t("user:Properties - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <CodeMirror
+            <PropertyTable properties={this.state.user.properties} onUpdateTable={(value) => {this.updateUserField("properties", value);}} />
              value={JSON.stringify(this.state.user.properties, null, 4)}
              options={{mode: "javascript", theme: "material-darker"}}
            />
          </Col>
        </Row>
      );
@ -507,7 +512,7 @@ class UserEditPage extends React.Component {
            {Setting.getLabel(i18next.t("user:Is admin"), i18next.t("user:Is admin - Tooltip"))} :
          </Col>
          <Col span={(Setting.isMobile()) ? 22 : 2} >
-            <Switch disabled={this.state.user.owner === "built-in"} checked={this.state.user.isAdmin} onChange={checked => {
+            <Switch disabled={disabled} checked={this.state.user.isAdmin} onChange={checked => {
              this.updateUserField("isAdmin", checked);
            }} />
          </Col>
@ -520,7 +525,7 @@ class UserEditPage extends React.Component {
            {Setting.getLabel(i18next.t("user:Is global admin"), i18next.t("user:Is global admin - Tooltip"))} :
          </Col>
          <Col span={(Setting.isMobile()) ? 22 : 2} >
-            <Switch disabled={this.state.user.owner === "built-in"} checked={this.state.user.isGlobalAdmin} onChange={checked => {
+            <Switch disabled={disabled} checked={this.state.user.isGlobalAdmin} onChange={checked => {
              this.updateUserField("isGlobalAdmin", checked);
            }} />
          </Col>
--- a/web/src/UserListPage.js
+++ b/web/src/UserListPage.js
@ -14,7 +14,7 @@
 import React from "react";
 import {Link} from "react-router-dom";
-import {Button, Popconfirm, Switch, Table, Upload} from "antd";
+import {Button, Popconfirm, Result, Switch, Table, Upload} from "antd";
 import {UploadOutlined} from "@ant-design/icons";
 import moment from "moment";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
@ -38,6 +38,7 @@ class UserListPage extends BaseListPage {
      loading: false,
      searchText: "",
      searchedColumn: "",
      isAuthorized: true,
    };
  }
@ -353,6 +354,7 @@ class UserListPage extends BaseListPage {
              <Popconfirm
                title={`Sure to delete user: ${record.name} ?`}
                onConfirm={() => this.deleteUser(index)}
                disabled={disabled}
              >
                <Button disabled={disabled} style={{marginBottom: "10px"}} type="primary" danger>{i18next.t("general:Delete")}</Button>
              </Popconfirm>
@ -369,6 +371,17 @@ class UserListPage extends BaseListPage {
      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
    };
    if (!this.state.isAuthorized) {
      return (
        <Result
          status="403"
          title="403 Unauthorized"
          subTitle={i18next.t("general:Sorry, you do not have permission to access this page or logged in status invalid.")}
          extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>}
        />
      );
    }
    return (
      <div>
        <Table scroll={{x: "max-content"}} columns={columns} dataSource={users} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
@ -411,6 +424,13 @@ class UserListPage extends BaseListPage {
            if (users.length > 0) {
              this.getOrganization(users[0].owner);
            }
          } else {
            if (res.msg.includes("Unauthorized")) {
              this.setState({
                loading: false,
                isAuthorized: false,
              });
            }
          }
        });
    } else {
@ -432,6 +452,13 @@ class UserListPage extends BaseListPage {
            if (users.length > 0) {
              this.getOrganization(users[0].owner);
            }
          } else {
            if (res.msg.includes("Unauthorized")) {
              this.setState({
                loading: false,
                isAuthorized: false,
              });
            }
          }
        });
    }
--- a/web/src/WebhookListPage.js
+++ b/web/src/WebhookListPage.js
@ -253,6 +253,13 @@ class WebhookListPage extends BaseListPage {
            searchText: params.searchText,
            searchedColumn: params.searchedColumn,
          });
        } else {
          if (res.msg.includes("Unauthorized")) {
            this.setState({
              loading: false,
              isAuthorized: false,
            });
          }
        }
      });
  };
--- a/web/src/auth/AuthCallback.js
+++ b/web/src/auth/AuthCallback.js
@ -20,6 +20,7 @@ import * as Util from "./Util";
 import {authConfig} from "./Auth";
 import * as Setting from "../Setting";
 import i18next from "i18next";
 import RedirectForm from "../common/RedirectForm";
 class AuthCallback extends React.Component {
  constructor(props) {
@ -27,6 +28,9 @@ class AuthCallback extends React.Component {
    this.state = {
      classes: props,
      msg: null,
      samlResponse: "",
      relayState: "",
      redirectUrl: "",
    };
  }
@ -164,9 +168,17 @@ class AuthCallback extends React.Component {
            const from = innerParams.get("from");
            Setting.goToLinkSoft(this, from);
          } else if (responseType === "saml") {
-            const SAMLResponse = res.data;
+            if (res.data2.method === "POST") {
-            const redirectUri = res.data2;
+              this.setState({
-            Setting.goToLink(`${redirectUri}?SAMLResponse=${encodeURIComponent(SAMLResponse)}&RelayState=${oAuthParams.relayState}`);
+                samlResponse: res.data,
                redirectUrl: res.data2.redirectUrl,
                relayState: oAuthParams.relayState,
              });
            } else {
              const SAMLResponse = res.data;
              const redirectUri = res.data2.redirectUrl;
              Setting.goToLink(`${redirectUri}?SAMLResponse=${encodeURIComponent(SAMLResponse)}&RelayState=${oAuthParams.relayState}`);
            }
          }
        } else {
          this.setState({
@ -177,8 +189,12 @@ class AuthCallback extends React.Component {
  }
  render() {
    if (this.state.samlResponse !== "") {
      return <RedirectForm samlResponse={this.state.samlResponse} redirectUrl={this.state.redirectUrl} relayState={this.state.relayState} />;
    }
    return (
-      <div style={{textAlign: "center"}}>
+      <div style={{display: "flex", justifyContent: "center", alignItems: "center"}}>
        {
          (this.state.msg === null) ? (
            <Spin size="large" tip={i18next.t("login:Signing in...")} style={{paddingTop: "10%"}} />
--- a/web/src/auth/CasLogout.js
+++ b/web/src/auth/CasLogout.js
@ -13,7 +13,7 @@
 // limitations under the License.
 import React from "react";
-import {Spin} from "antd";
+import {Card, Spin} from "antd";
 import {withRouter} from "react-router-dom";
 import * as AuthBackend from "./AuthBackend";
 import * as Setting from "../Setting";
@ -39,7 +39,8 @@ class CasLogout extends React.Component {
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", "Logged out successfully");
-          this.props.clearAccount();
+          this.props.onUpdateAccount(null);
          this.onUpdateApplication(null);
          const redirectUri = res.data2;
          if (redirectUri !== null && redirectUri !== undefined && redirectUri !== "") {
            Setting.goToLink(redirectUri);
@ -49,6 +50,7 @@ class CasLogout extends React.Component {
            Setting.goToLinkSoft(this, `/cas/${this.state.owner}/${this.state.applicationName}/login`);
          }
        } else {
          this.onUpdateApplication(null);
          Setting.showMessage("error", `Failed to log out: ${res.msg}`);
        }
      });
@ -57,11 +59,13 @@ class CasLogout extends React.Component {
  render() {
    return (
-      <div style={{textAlign: "center"}}>
+      <Card>
-        {
+        <div style={{display: "flex", justifyContent: "center", alignItems: "center"}}>
-          <Spin size="large" tip={i18next.t("login:Logging out...")} style={{paddingTop: "10%"}} />
+          {
-        }
+            <Spin size="large" tip={i18next.t("login:Logging out...")} style={{paddingTop: "10%"}} />
-      </div>
+          }
        </div>
      </Card>
    );
  }
 }
--- a/web/src/auth/ForgetPage.js
+++ b/web/src/auth/ForgetPage.js
@ -34,12 +34,7 @@ class ForgetPage extends React.Component {
    this.state = {
      classes: props,
      account: props.account,
-      applicationName:
+      applicationName: props.applicationName ?? props.match.params?.applicationName,
          props.applicationName !== undefined
            ? props.applicationName
            : props.match === undefined
              ? null
              : props.match.params.applicationName,
      application: null,
      msg: null,
      userId: "",
@ -57,34 +52,36 @@ class ForgetPage extends React.Component {
    };
  }
-  UNSAFE_componentWillMount() {
+  componentDidMount() {
-    if (this.state.applicationName !== undefined) {
+    if (this.getApplicationObj() === null) {
-      this.getApplication();
+      if (this.state.applicationName !== undefined) {
-    } else {
+        this.getApplication();
-      Setting.showMessage("error", i18next.t("forget:Unknown forget type: ") + this.state.type);
+      } else {
        Setting.showMessage("error", i18next.t("forget:Unknown forget type: ") + this.state.type);
      }
    }
  }
  getApplication() {
-    if (this.state.applicationName === null) {
+    if (this.state.applicationName === undefined) {
      return;
    }
-    ApplicationBackend.getApplication("admin", this.state.applicationName).then(
+    ApplicationBackend.getApplication("admin", this.state.applicationName)
-      (application) => {
+      .then((application) => {
        this.onUpdateApplication(application);
        this.setState({
          application: application,
        });
-      }
+      });
    );
  }
  getApplicationObj() {
-    if (this.props.application !== undefined) {
+    return this.props.application ?? this.state.application;
-      return this.props.application;
+  }
-    } else {
+
-      return this.state.application;
+  onUpdateApplication(application) {
-    }
+    this.props.onUpdateApplication(application);
  }
  onFormFinish(name, info, forms) {
@ -143,7 +140,7 @@ class ForgetPage extends React.Component {
          username: this.state.username,
          name: this.state.name,
          code: forms.step2.getFieldValue("emailCode"),
-          phonePrefix: this.state.application?.organizationObj.phonePrefix,
+          phonePrefix: this.getApplicationObj()?.organizationObj.phonePrefix,
          type: "login",
        }, oAuthParams).then(res => {
          if (res.status === "ok") {
@ -166,10 +163,10 @@ class ForgetPage extends React.Component {
  onFinish(values) {
    values.username = this.state.username;
-    values.userOwner = this.state.application?.organizationObj.name;
+    values.userOwner = this.getApplicationObj()?.organizationObj.name;
    UserBackend.setPassword(values.userOwner, values.username, "", values?.newPassword).then(res => {
      if (res.status === "ok") {
-        Setting.redirectToLoginPage(this.state.application, this.props.history);
+        Setting.redirectToLoginPage(this.getApplicationObj(), this.props.history);
      } else {
        Setting.showMessage("error", i18next.t(`signup:${res.msg}`));
      }
@ -356,14 +353,14 @@ class ForgetPage extends React.Component {
              <CountDownInput
                disabled={this.state.username === "" || this.state.verifyType === ""}
                method={"forget"}
-                onButtonClickArgs={[this.state.email, "email", Setting.getApplicationName(this.state.application), this.state.name]}
+                onButtonClickArgs={[this.state.email, "email", Setting.getApplicationName(this.getApplicationObj()), this.state.name]}
                application={application}
              />
            ) : (
              <CountDownInput
                disabled={this.state.username === "" || this.state.verifyType === ""}
                method={"forget"}
-                onButtonClickArgs={[this.state.phone, "phone", Setting.getApplicationName(this.state.application), this.state.name]}
+                onButtonClickArgs={[this.state.phone, "phone", Setting.getApplicationName(this.getApplicationObj()), this.state.name]}
                application={application}
              />
            )}
@ -492,7 +489,7 @@ class ForgetPage extends React.Component {
    }
    return (
-      <div className="loginBackground" style={{backgroundImage: Setting.inIframe() || Setting.isMobile() ? null : `url(${application.formBackgroundUrl})`}}>
+      <React.Fragment>
        <CustomGithubCorner />
        <div className="forget-content" style={{padding: Setting.isMobile() ? "0" : null, boxShadow: Setting.isMobile() ? "none" : null}}>
          <Row>
@ -550,7 +547,7 @@ class ForgetPage extends React.Component {
            </Col>
          </Row>
        </div>
-      </div>
+      </React.Fragment>
    );
  }
 }
--- a/web/src/auth/LineLoginButton.js
+++ b/web/src/auth/LineLoginButton.js
@ -0,0 +1,32 @@
 // Copyright 2021 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 import {createButton} from "react-social-login-buttons";
 import {StaticBaseUrl} from "../Setting";
 function Icon({width = 24, height = 24, color}) {
  return <img src={`${StaticBaseUrl}/buttons/line.svg`} alt="Sign in with Line" style={{width: 24, height: 24}} />;
 }
 const config = {
  text: "Sign in with Line",
  icon: Icon,
  iconFormat: name => `fa fa-${name}`,
  style: {background: "#ffffff", color: "#000000"},
  activeStyle: {background: "#ededee"},
 };
 const LineLoginButton = createButton(config);
 export default LineLoginButton;
--- a/web/src/auth/LoginPage.js
+++ b/web/src/auth/LoginPage.js
@ -61,19 +61,19 @@ class LoginPage extends React.Component {
    }
  }
  UNSAFE_componentWillMount() {
    if (this.state.type === "login" || this.state.type === "cas") {
      this.getApplication();
    } else if (this.state.type === "code") {
      this.getApplicationLogin();
    } else if (this.state.type === "saml") {
      this.getSamlApplication();
    } else {
      Setting.showMessage("error", `Unknown authentication type: ${this.state.type}`);
    }
  }
  componentDidMount() {
    if (this.getApplicationObj() === null) {
      if (this.state.type === "login" || this.state.type === "cas") {
        this.getApplication();
      } else if (this.state.type === "code") {
        this.getApplicationLogin();
      } else if (this.state.type === "saml") {
        this.getSamlApplication();
      } else {
        Setting.showMessage("error", `Unknown authentication type: ${this.state.type}`);
      }
    }
    Setting.Countries.forEach((country) => {
      new Image().src = `${Setting.StaticBaseUrl}/flag-icons/${country.country}.svg`;
    });
@ -96,11 +96,13 @@ class LoginPage extends React.Component {
    AuthBackend.getApplicationLogin(oAuthParams)
      .then((res) => {
        if (res.status === "ok") {
          this.onUpdateApplication(res.data);
          this.setState({
            application: res.data,
          });
        } else {
          // Setting.showMessage("error", res.msg);
          this.onUpdateApplication(null);
          this.setState({
            application: res.data,
            msg: res.msg,
@ -117,6 +119,7 @@ class LoginPage extends React.Component {
    if (this.state.owner === null || this.state.owner === undefined || this.state.owner === "") {
      ApplicationBackend.getApplication("admin", this.state.applicationName)
        .then((application) => {
          this.onUpdateApplication(application);
          this.setState({
            application: application,
          });
@ -125,11 +128,13 @@ class LoginPage extends React.Component {
      OrganizationBackend.getDefaultApplication("admin", this.state.owner)
        .then((res) => {
          if (res.status === "ok") {
            this.onUpdateApplication(res.data);
            this.setState({
              application: res.data,
              applicationName: res.data.name,
            });
          } else {
            this.onUpdateApplication(null);
            Setting.showMessage("error", res.msg);
          }
        });
@ -142,25 +147,25 @@ class LoginPage extends React.Component {
    }
    ApplicationBackend.getApplication(this.state.owner, this.state.applicationName)
      .then((application) => {
        this.onUpdateApplication(application);
        this.setState({
          application: application,
        });
-      }
+      });
      );
  }
  getApplicationObj() {
-    if (this.props.application !== undefined) {
+    return this.props.application ?? this.state.application;
      return this.props.application;
    } else {
      return this.state.application;
    }
  }
  onUpdateAccount(account) {
    this.props.onUpdateAccount(account);
  }
  onUpdateApplication(application) {
    this.props.onUpdateApplication(application);
  }
  parseOffset(offset) {
    if (offset === 2 || offset === 4 || Setting.inIframe() || Setting.isMobile()) {
      return "0 auto";
@ -191,8 +196,8 @@ class LoginPage extends React.Component {
      values["relayState"] = oAuthParams.relayState;
    }
-    if (this.state.application.organization !== null && this.state.application.organization !== undefined) {
+    if (this.getApplicationObj()?.organization) {
-      values["organization"] = this.state.application.organization;
+      values["organization"] = this.getApplicationObj().organization;
    }
  }
  postCodeLoginAction(res) {
@ -315,15 +320,15 @@ class LoginPage extends React.Component {
              const accessToken = res.data;
              Setting.goToLink(`${oAuthParams.redirectUri}#${responseType}=${accessToken}?state=${oAuthParams.state}&token_type=bearer`);
            } else if (responseType === "saml") {
-              const SAMLResponse = res.data;
+              if (res.data2.method === "POST") {
              const redirectUri = res.data2;
              if (this.state.application.assertionConsumerUrl !== "") {
                this.setState({
                  samlResponse: res.data,
-                  redirectUrl: res.data2,
+                  redirectUrl: res.data2.redirectUrl,
                  relayState: oAuthParams.relayState,
                });
              } else {
                const SAMLResponse = res.data;
                const redirectUri = res.data2.redirectUrl;
                Setting.goToLink(`${redirectUri}?SAMLResponse=${encodeURIComponent(SAMLResponse)}&RelayState=${oAuthParams.relayState}`);
              }
            }
@ -573,12 +578,12 @@ class LoginPage extends React.Component {
          <span style={{float: "right"}}>
            {
              !application.enableSignUp ? null : (
-                <>
+                <React.Fragment>
                  {i18next.t("login:No account?")}&nbsp;
                  {
                    Setting.renderSignupLink(application, i18next.t("login:sign up now"))
                  }
-                </>
+                </React.Fragment>
              )
            }
          </span>
@ -611,13 +616,13 @@ class LoginPage extends React.Component {
      this.sendSilentSigninData("signing-in");
      const values = {};
-      values["application"] = this.state.application.name;
+      values["application"] = application.name;
      this.onFinish(values);
    }
    if (application.enableAutoSignin) {
      const values = {};
-      values["application"] = this.state.application.name;
+      values["application"] = application.name;
      this.onFinish(values);
    }
@ -632,7 +637,7 @@ class LoginPage extends React.Component {
        <br />
        <SelfLoginButton account={this.props.account} onClick={() => {
          const values = {};
-          values["application"] = this.state.application.name;
+          values["application"] = application.name;
          this.onFinish(values);
        }} />
        <br />
@ -788,16 +793,16 @@ class LoginPage extends React.Component {
    if (this.props.application === undefined && !application.enablePassword && visibleOAuthProviderItems.length === 1) {
      Setting.goToLink(Provider.getAuthUrl(application, visibleOAuthProviderItems[0].provider, "signup"));
      return (
-        <div style={{textAlign: "center"}}>
+        <div style={{display: "flex", justifyContent: "center", alignItems: "center"}}>
          <Spin size="large" tip={i18next.t("login:Signing in...")} style={{paddingTop: "10%"}} />
        </div>
      );
    }
    return (
-      <div className="loginBackground" style={{backgroundImage: Setting.inIframe() || Setting.isMobile() ? null : `url(${application.formBackgroundUrl})`}}>
+      <React.Fragment>
        <CustomGithubCorner />
-        <div className="login-content" style={{margin: this.parseOffset(application.formOffset)}}>
+        <div className="login-content" style={{margin: this.props.preview ?? this.parseOffset(application.formOffset)}}>
          {Setting.inIframe() || Setting.isMobile() ? null : <div dangerouslySetInnerHTML={{__html: application.formCss}} />}
          <div className="login-panel">
            <div className="side-image" style={{display: application.formOffset !== 4 ? "none" : null}}>
@ -827,7 +832,7 @@ class LoginPage extends React.Component {
            </div>
          </div>
        </div>
-      </div>
+      </React.Fragment>
    );
  }
 }
--- a/web/src/auth/PromptPage.js
+++ b/web/src/auth/PromptPage.js
@ -13,7 +13,7 @@
 // limitations under the License.
 import React from "react";
-import {Button, Col, Result, Row} from "antd";
+import {Button, Card, Col, Result, Row} from "antd";
 import * as ApplicationBackend from "../backend/ApplicationBackend";
 import * as UserBackend from "../backend/UserBackend";
 import * as AuthBackend from "./AuthBackend";
@ -30,7 +30,7 @@ class PromptPage extends React.Component {
    this.state = {
      classes: props,
      type: props.type,
-      applicationName: props.applicationName !== undefined ? props.applicationName : (props.match === undefined ? null : props.match.params.applicationName),
+      applicationName: props.applicationName ?? (props.match === undefined ? null : props.match.params.applicationName),
      application: null,
      user: null,
    };
@ -38,7 +38,9 @@ class PromptPage extends React.Component {
  UNSAFE_componentWillMount() {
    this.getUser();
-    this.getApplication();
+    if (this.getApplicationObj() === null) {
      this.getApplication();
    }
  }
  getUser() {
@ -59,6 +61,7 @@ class PromptPage extends React.Component {
    ApplicationBackend.getApplication("admin", this.state.applicationName)
      .then((application) => {
        this.onUpdateApplication(application);
        this.setState({
          application: application,
        });
@ -66,11 +69,11 @@ class PromptPage extends React.Component {
  }
  getApplicationObj() {
-    if (this.props.application !== undefined) {
+    return this.props.application ?? this.state.application;
-      return this.props.application;
+  }
-    } else {
+
-      return this.state.application;
+  onUpdateApplication(application) {
-    }
+    this.props.onUpdateApplication(application);
  }
  parseUserField(key, value) {
@ -122,7 +125,7 @@ class PromptPage extends React.Component {
  renderContent(application) {
    return (
-      <div style={{width: "400px"}}>
+      <div style={{width: "500px"}}>
        {
          this.renderAffiliation(application)
        }
@ -247,9 +250,9 @@ class PromptPage extends React.Component {
    }
    return (
-      <Row>
+      <div style={{display: "flex", flex: "1", justifyContent: "center"}}>
-        <Col span={24} style={{display: "flex", justifyContent: "center"}}>
+        <Card>
-          <div style={{marginTop: "80px", marginBottom: "50px", textAlign: "center"}}>
+          <div style={{marginTop: "30px", marginBottom: "30px", textAlign: "center"}}>
            {
              Setting.renderHelmet(application)
            }
@ -259,16 +262,12 @@ class PromptPage extends React.Component {
            {
              this.renderContent(application)
            }
            <Row style={{margin: 10}}>
              <Col span={18}>
              </Col>
            </Row>
            <div style={{marginTop: "50px"}}>
              <Button disabled={!Setting.isPromptAnswered(this.state.user, application)} type="primary" size="large" onClick={() => {this.submitUserEdit(true);}}>{i18next.t("code:Submit and complete")}</Button>
            </div>
          </div>
-        </Col>
+        </Card>
-      </Row>
+      </div>
    );
  }
 }
--- a/web/src/auth/Provider.js
+++ b/web/src/auth/Provider.js
@ -121,6 +121,10 @@ const authInfo = {
  Bilibili: {
    endpoint: "https://passport.bilibili.com/register/pc_oauth2.html",
  },
  Line: {
    scope: "profile%20openid%20email",
    endpoint: "https://access.line.me/oauth2/v2.1/authorize",
  },
 };
 export function getProviderUrl(provider) {
@ -256,5 +260,7 @@ export function getAuthUrl(application, provider, method) {
    return `${provider.customAuthUrl}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&scope=${provider.customScope}&response_type=code&state=${state}`;
  } else if (provider.type === "Bilibili") {
    return `${endpoint}#/?client_id=${provider.clientId}&return_url=${redirectUri}&state=${state}&response_type=code`;
  } else if (provider.type === "Line") {
    return `${endpoint}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&response_type=code&scope=${scope}`;
  }
 }
--- a/web/src/auth/ProviderButton.js
+++ b/web/src/auth/ProviderButton.js
@ -39,6 +39,7 @@ import SteamLoginButton from "./SteamLoginButton";
 import BilibiliLoginButton from "./BilibiliLoginButton";
 import OktaLoginButton from "./OktaLoginButton";
 import DouyinLoginButton from "./DouyinLoginButton";
 import LineLoginButton from "./LineLoginButton";
 import * as AuthBackend from "./AuthBackend";
 import {getEvent} from "./Util";
 import {Modal} from "antd";
@ -93,6 +94,8 @@ function getSigninButton(type) {
    return <OktaLoginButton text={text} align={"center"} />;
  } else if (type === "Douyin") {
    return <DouyinLoginButton text={text} align={"center"} />;
  } else if (type === "Line") {
    return <LineLoginButton text={text} align={"center"} />;
  }
  return text;
--- a/web/src/auth/SamlCallback.js
+++ b/web/src/auth/SamlCallback.js
@ -95,7 +95,7 @@ class SamlCallback extends React.Component {
  render() {
    return (
-      <div style={{textAlign: "center"}}>
+      <div style={{display: "flex", justifyContent: "center", alignItems: "center"}}>
        {
          (this.state.msg === null) ? (
            <Spin size="large" tip={i18next.t("login:Signing in...")} style={{paddingTop: "10%"}} />
--- a/web/src/auth/SelfForgetPage.js
+++ b/web/src/auth/SelfForgetPage.js
@ -22,7 +22,6 @@ class SelfForgetPage extends React.Component {
      <ForgetPage
        type={"forgotPassword"}
        applicationName={authConfig.appName}
        account={this.props.account}
        {...this.props}
      />
    );
--- a/web/src/auth/SelfLoginPage.js
+++ b/web/src/auth/SelfLoginPage.js
@ -19,7 +19,7 @@ import {authConfig} from "./Auth";
 class SelfLoginPage extends React.Component {
  render() {
    return (
-      <LoginPage type={"login"} mode={"signin"} applicationName={authConfig.appName} account={this.props.account} {...this.props} />
+      <LoginPage type={"login"} mode={"signin"} applicationName={authConfig.appName} {...this.props} />
    );
  }
 }
--- a/web/src/auth/SignupPage.js
+++ b/web/src/auth/SignupPage.js
@ -65,7 +65,7 @@ class SignupPage extends React.Component {
    super(props);
    this.state = {
      classes: props,
-      applicationName: props.match?.params.applicationName !== undefined ? props.match.params.applicationName : authConfig.appName,
+      applicationName: props.match.params?.applicationName ?? authConfig.appName,
      application: null,
      email: "",
      phone: "",
@ -91,10 +91,12 @@ class SignupPage extends React.Component {
      sessionStorage.setItem("signinUrl", signinUrl);
    }
-    if (applicationName !== undefined) {
+    if (this.getApplicationObj() === null) {
-      this.getApplication(applicationName);
+      if (applicationName !== undefined) {
-    } else {
+        this.getApplication(applicationName);
-      Setting.showMessage("error", `Unknown application name: ${applicationName}`);
+      } else {
        Setting.showMessage("error", `Unknown application name: ${applicationName}`);
      }
    }
  }
@ -105,6 +107,7 @@ class SignupPage extends React.Component {
    ApplicationBackend.getApplication("admin", applicationName)
      .then((application) => {
        this.onUpdateApplication(application);
        this.setState({
          application: application,
        });
@ -128,11 +131,7 @@ class SignupPage extends React.Component {
  }
  getApplicationObj() {
-    if (this.props.application !== undefined) {
+    return this.props.application ?? this.state.application;
      return this.props.application;
    } else {
      return this.state.application;
    }
  }
  getTermsofuseContent(url) {
@ -149,6 +148,10 @@ class SignupPage extends React.Component {
    this.props.onUpdateAccount(account);
  }
  onUpdateApplication(application) {
    this.props.onUpdateApplication(application);
  }
  parseOffset(offset) {
    if (offset === 2 || offset === 4 || Setting.inIframe() || Setting.isMobile()) {
      return "0 auto";
@ -632,9 +635,9 @@ class SignupPage extends React.Component {
    }
    return (
-      <div className="loginBackground" style={{backgroundImage: Setting.inIframe() || Setting.isMobile() ? null : `url(${application.formBackgroundUrl})`}}>
+      <React.Fragment>
        <CustomGithubCorner />
-        <div className="login-content" style={{margin: this.parseOffset(application.formOffset)}}>
+        <div className="login-content" style={{margin: this.props.preview ?? this.parseOffset(application.formOffset)}}>
          {Setting.inIframe() || Setting.isMobile() ? null : <div dangerouslySetInnerHTML={{__html: application.formCss}} />}
          <div className="login-panel" >
            <div className="side-image" style={{display: application.formOffset !== 4 ? "none" : null}}>
@ -657,7 +660,7 @@ class SignupPage extends React.Component {
        {
          this.renderModal()
        }
-      </div>
+      </React.Fragment>
    );
  }
 }
--- a/web/src/backend/SessionBackend.js
+++ b/web/src/backend/SessionBackend.js
@ -0,0 +1,36 @@
 // Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
 import * as Setting from "../Setting";
 export function getSessions(owner, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
  return fetch(`${Setting.ServerUrl}/api/get-sessions?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
    method: "GET",
    credentials: "include",
    headers: {
      "Accept-Language": Setting.getAcceptLanguage(),
    },
  }).then(res => res.json());
 }
 export function deleteSession(session) {
  return fetch(`${Setting.ServerUrl}/api/delete-session`, {
    method: "POST",
    credentials: "include",
    body: JSON.stringify(session),
    headers: {
      "Accept-Language": Setting.getAcceptLanguage(),
    },
  }).then(res => res.json());
 }
--- a/web/src/common/OAuthWidget.js
+++ b/web/src/common/OAuthWidget.js
@ -147,7 +147,7 @@ class OAuthWidget extends React.Component {
        </Col>
        <Col span={24 - this.props.labelSpan} >
          <img style={{marginRight: "10px"}} width={30} height={30} src={avatarUrl} alt={name} referrerPolicy="no-referrer" />
-          <span style={{width: this.props.labelSpan === 3 ? "300px" : "130px", display: (Setting.isMobile()) ? "inline" : "inline-block"}}>
+          <span style={{width: this.props.labelSpan === 3 ? "300px" : "200px", display: (Setting.isMobile()) ? "inline" : "inline-block"}}>
            {
              linkedValue === "" ? (
                "(empty)"
--- a/web/src/common/PoliciyTable.js
+++ b/web/src/common/PoliciyTable.js
@ -293,14 +293,15 @@ class PolicyTable extends React.Component {
  }
  render() {
-    return (<>
+    return (
-      <Button type="primary" disabled={this.state.editingIndex !== ""} onClick={() => {this.synPolicies();}}>
+      <React.Fragment>
-        {i18next.t("adapter:Sync")}
+        <Button type="primary" disabled={this.state.editingIndex !== ""} onClick={() => {this.synPolicies();}}>
-      </Button>
+          {i18next.t("adapter:Sync")}
-      {
+        </Button>
-        this.renderTable(this.state.policyLists)
+        {
-      }
+          this.renderTable(this.state.policyLists)
-    </>
+        }
      </React.Fragment>
    );
  }
 }
--- a/web/src/common/RedirectForm.js
+++ b/web/src/common/RedirectForm.js
@ -13,6 +13,7 @@
 // limitations under the License.
 import React, {useEffect} from "react";
 import i18next from "i18next";
 export const RedirectForm = (props) => {
@ -20,23 +21,24 @@ export const RedirectForm = (props) => {
    document.getElementById("saml").submit();
  }, []);
-  return (<>
+  return (
-    <p>Redirecting, please wait.</p>
+    <React.Fragment>
-    <form id="saml" method="post" action={props.redirectUrl}>
+      <p>{i18next.t("login:Redirecting, please wait.")}</p>
-      <input
+      <form id="saml" method="post" action={props.redirectUrl}>
-        type="hidden"
+        <input
-        name="SAMLResponse"
+          type="hidden"
-        id="samlResponse"
+          name="SAMLResponse"
-        value={props.samlResponse}
+          id="samlResponse"
-      />
+          value={props.samlResponse}
-      <input
+        />
-        type="hidden"
+        <input
-        name="RelayState"
+          type="hidden"
-        id="relayState"
+          name="RelayState"
-        value={props.relayState}
+          id="relayState"
-      />
+          value={props.relayState}
-    </form>
+        />
-  </>
+      </form>
    </React.Fragment>
  );
 };
--- a/web/src/index.css
+++ b/web/src/index.css
@ -28,7 +28,7 @@ code {
 .logo {
  background: url("https://cdn.casbin.org/img/casdoor-logo_1185x256.png");
-  background-size: 130px, 27px;
+  background-size: 130px, 27px !important;
  width: 130px;
  height: 27px;
  margin: 17px 0 16px 15px;
@ -45,7 +45,3 @@ code {
 .ant-list-sm .ant-list-item {
  padding: 2px !important;
 }
 .ant-layout-header {
  background-color: white !important;
 }
--- a/web/src/locales/de/data.json
+++ b/web/src/locales/de/data.json
@ -156,7 +156,10 @@
    "Click to Upload": "Click to Upload",
    "Client IP": "Client-IP",
    "Close": "Close",
    "Compact": "Compact",
    "Created time": "Erstellte Zeit",
    "Dark": "Dark",
    "Default": "Default",
    "Default application": "Default application",
    "Default application - Tooltip": "Default application - Tooltip",
    "Default avatar": "Standard Avatar",
@ -233,6 +236,8 @@
    "Roles - Tooltip": "Roles - Tooltip",
    "Save": "Speichern",
    "Save & Exit": "Speichern & Beenden",
    "Session ID": "Session ID",
    "Sessions": "Sessions",
    "Signin URL": "Anmelde-URL",
    "Signin URL - Tooltip": "sign in url",
    "Signup URL": "Registrierungs-URL",
@ -241,7 +246,7 @@
    "Signup application - Tooltip": "Signup application - Tooltip",
    "Sorry, the page you visited does not exist.": "Die von Ihnen besuchte Seite existiert leider nicht.",
    "Sorry, the user you visited does not exist or you are not authorized to access this user.": "Sorry, the user you visited does not exist or you are not authorized to access this user.",
-    "Sorry, you do not have permission to access this page.": "Sorry, you do not have permission to access this page.",
+    "Sorry, you do not have permission to access this page or logged in status invalid.": "Sorry, you do not have permission to access this page or logged in status invalid.",
    "State": "State",
    "State - Tooltip": "State - Tooltip",
    "Successfully added": "Successfully added",
@ -299,6 +304,7 @@
    "Continue with": "Weiter mit",
    "Email or phone": "E-Mail oder Telefon",
    "Forgot password?": "Passwort vergessen?",
    "Loading": "Loading",
    "Logging out...": "Logging out...",
    "No account?": "Kein Konto?",
    "Or sign in with another account": "Oder melden Sie sich mit einem anderen Konto an",
@ -308,6 +314,7 @@
    "Please input your password!": "Bitte geben Sie Ihr Passwort ein!",
    "Please input your password, at least 6 characters!": "Bitte geben Sie Ihr Passwort ein, mindestens 6 Zeichen!",
    "Please input your username, Email or phone!": "Bitte geben Sie Ihren Benutzernamen, E-Mail oder Telefon ein!",
    "Redirecting, please wait.": "Redirecting, please wait.",
    "Sign In": "Anmelden",
    "Sign in with WebAuthn": "Sign in with WebAuthn",
    "Sign in with {type}": "Mit {type} anmelden",
@ -707,6 +714,7 @@
    "Country/Region": "Land/Region",
    "Country/Region - Tooltip": "Country/Region",
    "Edit User": "Benutzer bearbeiten",
    "Email cannot be empty": "Email cannot be empty",
    "Empty input!": "Empty input!",
    "Homepage": "Homepage",
    "Homepage - Tooltip": "Startseite - Tooltip",
@ -721,6 +729,7 @@
    "Is forbidden - Tooltip": "Whether the account is disabled",
    "Is global admin": "Ist globaler Admin",
    "Is global admin - Tooltip": "Is the application global administrator",
    "Keys": "Keys",
    "Link": "Link",
    "Location": "Standort",
    "Location - Tooltip": "Standort - Tooltip",
@ -734,8 +743,10 @@
    "Old Password": "Altes Passwort",
    "Password": "Passwort",
    "Password Set": "Passwort setzen",
    "Phone cannot be empty": "Phone cannot be empty",
    "Please select avatar from resources": "Please select avatar from resources",
    "Properties": "Eigenschaften",
    "Properties - Tooltip": "Properties - Tooltip",
    "Re-enter New": "Neu erneut eingeben",
    "Reset Email...": "Reset Email...",
    "Reset Phone...": "Telefon zurücksetzen...",
@ -751,6 +762,7 @@
    "Unlink": "Link aufheben",
    "Upload (.xlsx)": "Upload (.xlsx)",
    "Upload a photo": "Foto hochladen",
    "Values": "Values",
    "WebAuthn credentials": "WebAuthn credentials",
    "input password": "Passwort eingeben"
  },
--- a/web/src/locales/en/data.json
+++ b/web/src/locales/en/data.json
@ -156,7 +156,10 @@
    "Click to Upload": "Click to Upload",
    "Client IP": "Client IP",
    "Close": "Close",
    "Compact": "Compact",
    "Created time": "Created time",
    "Dark": "Dark",
    "Default": "Default",
    "Default application": "Default application",
    "Default application - Tooltip": "Default application - Tooltip",
    "Default avatar": "Default avatar",
@ -233,6 +236,8 @@
    "Roles - Tooltip": "Roles - Tooltip",
    "Save": "Save",
    "Save & Exit": "Save & Exit",
    "Session ID": "Session ID",
    "Sessions": "Sessions",
    "Signin URL": "Signin URL",
    "Signin URL - Tooltip": "Signin URL - Tooltip",
    "Signup URL": "Signup URL",
@ -241,7 +246,7 @@
    "Signup application - Tooltip": "Signup application - Tooltip",
    "Sorry, the page you visited does not exist.": "Sorry, the page you visited does not exist.",
    "Sorry, the user you visited does not exist or you are not authorized to access this user.": "Sorry, the user you visited does not exist or you are not authorized to access this user.",
-    "Sorry, you do not have permission to access this page.": "Sorry, you do not have permission to access this page.",
+    "Sorry, you do not have permission to access this page or logged in status invalid.": "Sorry, you do not have permission to access this page or logged in status invalid.",
    "State": "State",
    "State - Tooltip": "State - Tooltip",
    "Successfully added": "Successfully added",
@ -299,6 +304,7 @@
    "Continue with": "Continue with",
    "Email or phone": "Email or phone",
    "Forgot password?": "Forgot password?",
    "Loading": "Loading",
    "Logging out...": "Logging out...",
    "No account?": "No account?",
    "Or sign in with another account": "Or sign in with another account",
@ -308,6 +314,7 @@
    "Please input your password!": "Please input your password!",
    "Please input your password, at least 6 characters!": "Please input your password, at least 6 characters!",
    "Please input your username, Email or phone!": "Please input your username, Email or phone!",
    "Redirecting, please wait.": "Redirecting, please wait.",
    "Sign In": "Sign In",
    "Sign in with WebAuthn": "Sign in with WebAuthn",
    "Sign in with {type}": "Sign in with {type}",
@ -707,6 +714,7 @@
    "Country/Region": "Country/Region",
    "Country/Region - Tooltip": "Country/Region - Tooltip",
    "Edit User": "Edit User",
    "Email cannot be empty": "Email cannot be empty",
    "Empty input!": "Empty input!",
    "Homepage": "Homepage",
    "Homepage - Tooltip": "Homepage - Tooltip",
@ -721,6 +729,7 @@
    "Is forbidden - Tooltip": "Is forbidden - Tooltip",
    "Is global admin": "Is global admin",
    "Is global admin - Tooltip": "Is global admin - Tooltip",
    "Keys": "Keys",
    "Link": "Link",
    "Location": "Location",
    "Location - Tooltip": "Location - Tooltip",
@ -734,8 +743,10 @@
    "Old Password": "Old Password",
    "Password": "Password",
    "Password Set": "Password Set",
    "Phone cannot be empty": "Phone cannot be empty",
    "Please select avatar from resources": "Please select avatar from resources",
    "Properties": "Properties",
    "Properties - Tooltip": "Properties - Tooltip",
    "Re-enter New": "Re-enter New",
    "Reset Email...": "Reset Email...",
    "Reset Phone...": "Reset Phone...",
@ -751,6 +762,7 @@
    "Unlink": "Unlink",
    "Upload (.xlsx)": "Upload (.xlsx)",
    "Upload a photo": "Upload a photo",
    "Values": "Values",
    "WebAuthn credentials": "WebAuthn credentials",
    "input password": "input password"
  },
--- a/web/src/locales/es/data.json
+++ b/web/src/locales/es/data.json
@ -5,7 +5,23 @@
    "My Account": "Mi cuenta",
    "Sign Up": "Registrarme"
  },
  "adapter": {
    "Edit Adapter": "Edit Adapter",
    "Failed to sync policies": "Failed to sync policies",
    "New Adapter": "New Adapter",
    "Policies": "Policies",
    "Policies - Tooltip": "Policies - Tooltip",
    "Repeated policy rules": "Repeated policy rules",
    "Sync": "Sync",
    "Sync policies successfully": "Sync policies successfully"
  },
  "application": {
    "Always": "Always",
    "Auto signin": "Auto signin",
    "Auto signin - Tooltip": "Auto signin - Tooltip",
    "Background URL": "Background URL",
    "Background URL - Tooltip": "Background URL - Tooltip",
    "Center": "Center",
    "Copy SAML metadata URL": "Copiar SAML metadata URL",
    "Copy prompt page URL": "Copy prompt page URL",
    "Copy signin page URL": "Copiar URL de inicio de sesión",
@ -17,39 +33,57 @@
    "Enable WebAuthn signin - Tooltip": "Habilitar inicio de sesión de WebAuthn - Tooltip",
    "Enable code signin": "Habilitar inicio de sesión por código",
    "Enable code signin - Tooltip": "Habilitar inicio de sesión por código - Tooltip",
    "Enable side panel": "Enable side panel",
    "Enable signin session - Tooltip": "Enable signin session - Tooltip",
    "Enable signup": "Habilitar nuevos registros",
    "Enable signup - Tooltip": "Habilitar nuevos registros - Tooltip",
    "Failed to sign in": "Failed to sign in",
    "File uploaded successfully": "El archivo ha sido subido con éxito",
    "Form CSS": "Form CSS",
    "Form CSS - Edit": "Form CSS - Edit",
    "Form CSS - Tooltip": "Form CSS - Tooltip",
    "Form position": "Form position",
    "Form position - Tooltip": "Form position - Tooltip",
    "Grant types": "Grant types",
    "Grant types - Tooltip": "Grant types - Tooltip",
    "Left": "Left",
    "Logged in successfully": "Logged in successfully",
    "Logged out successfully": "Logged out successfully",
    "New Application": "Nueva Aplicación",
    "None": "None",
    "Password ON": "Constraseña ON",
    "Password ON - Tooltip": "Constraseña ON - Tooltip",
    "Please input your application!": "Please input your application!",
    "Please input your organization!": "Please input your organization!",
    "Please select a HTML file": "Seleccione un archivo HTML",
    "Prompt page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Prompt page URL copied to clipboard successfully, please paste it into the incognito window or another browser",
    "Redirect URL": "URL de redirección",
    "Redirect URL (Assertion Consumer Service POST Binding URL) - Tooltip": "Redirect URL (Assertion Consumer Service POST Binding URL) - Tooltip",
    "Redirect URLs": "URLs de redirección",
    "Redirect URLs - Tooltip": "URL de redirección - Tooltip",
    "Refresh token expire": "Expiración del Refresh Token",
    "Refresh token expire - Tooltip": "Expiración del Refresh Token - Tooltip",
    "Right": "Right",
    "Rule": "Rule",
    "SAML Reply URL": "SAML Reply URL",
    "SAML metadata": "SAML metadata",
    "SAML metadata - Tooltip": "SAML metadata - Tooltip",
    "SAML metadata URL copied to clipboard successfully": "SAML metadata URL copiado al portapapeles con éxito",
    "Side panel HTML": "Side panel HTML",
    "Side panel HTML - Edit": "Side panel HTML - Edit",
    "Side panel HTML - Tooltip": "Side panel HTML - Tooltip",
    "Sign Up Error": "Sign Up Error",
    "Signin page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Signin page URL copied to clipboard successfully, please paste it into the incognito window or another browser",
    "Signin session": "Signin session",
    "Sign Up Error": "Sign Up Error",
    "Signup items": "Signup items",
    "Signup items - Tooltip": "Signup items - Tooltip",
    "Signup page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Signup page URL copied to clipboard successfully, please paste it into the incognito window or another browser",
    "The application does not allow to sign up new account": "The application does not allow to sign up new account",
    "Token expire": "Expiración del Token",
    "Token expire - Tooltip": "Expiración del Token - Tooltip",
    "Token format": "Formato del Token",
    "Token format - Tooltip": "Formato del Token - Tooltip",
-    "You are unexpected to see this prompt page": "You are unexpected to see this prompt page",
+    "You are unexpected to see this prompt page": "You are unexpected to see this prompt page"
    "Rule": "Rule",
    "None": "None",
    "Always": "Always"
  },
  "cert": {
    "Bit size": "Tamaño del Bit",
@ -97,13 +131,14 @@
    "Please input your username!": "Por favor ingrese su nombre de usuario!",
    "Reset": "Reiniciar",
    "Retrieve password": "Recuperar Contraseña",
-    "Unknown forget type": "Tipo de olvido desconocido",
+    "Unknown forget type: ": "Unknown forget type: ",
    "Verify": "Verificar"
  },
  "general": {
    "Action": "Acción",
    "Adapter": "Adaptador",
    "Adapter - Tooltip": "Adaptador - Tooltip",
    "Adapters": "Adapters",
    "Add": "Agregar",
    "Affiliation URL": "URL de Afiliación",
    "Affiliation URL - Tooltip": "URL de Afiliación - Tooltip",
@ -120,7 +155,13 @@
    "Certs": "Certificados",
    "Click to Upload": "Click para subir archivo",
    "Client IP": "IP del Cliente",
    "Close": "Close",
    "Compact": "Compact",
    "Created time": "Fecha de creación",
    "Dark": "Dark",
    "Default": "Default",
    "Default application": "Default application",
    "Default application - Tooltip": "Default application - Tooltip",
    "Default avatar": "Avatar por defecto",
    "Default avatar - Tooltip": "Avatar por defecto - Tooltip",
    "Delete": "Eliminar",
@ -132,6 +173,10 @@
    "Edit": "Editar",
    "Email": "Email",
    "Email - Tooltip": "Email - Tooltip",
    "Failed to add": "Failed to add",
    "Failed to connect to server": "Failed to connect to server",
    "Failed to delete": "Failed to delete",
    "Failed to save": "Failed to save",
    "Favicon": "Favicon",
    "Favicon - Tooltip": "Favicon - Tooltip",
    "First name": "Nombre",
@ -145,11 +190,14 @@
    "Is enabled - Tooltip": "Está habilitado - Tooltip",
    "LDAPs": "LDAPs",
    "LDAPs - Tooltip": "LDAPs - Tooltip",
    "Languages": "Languages",
    "Languages - Tooltip": "Languages - Tooltip",
    "Last name": "Apellido",
    "Logo": "Logo",
    "Logo - Tooltip": "Logo - Tooltip",
    "Master password": "Contraseña maestra",
    "Master password - Tooltip": "Contraseña maestra - Tooltip",
    "Menu": "Menu",
    "Method": "Metodo",
    "Model": "Modelo",
    "Model - Tooltip": "Modelo - Tooltip",
@ -188,6 +236,8 @@
    "Roles - Tooltip": "Roles - Tooltip",
    "Save": "Guardar",
    "Save & Exit": "Guardar & Volver",
    "Session ID": "Session ID",
    "Sessions": "Sessions",
    "Signin URL": "URL de inicio de sesión",
    "Signin URL - Tooltip": "URL de inicio de sesión - Tooltip",
    "Signup URL": "URL de registro",
@ -196,12 +246,16 @@
    "Signup application - Tooltip": "Aplicación de inicio de sesión - Tooltip",
    "Sorry, the page you visited does not exist.": "Lo sentimos, la página que visitaste no existe.",
    "Sorry, the user you visited does not exist or you are not authorized to access this user.": "Lo sentimos, el usuario que visitaste no existe o no estás autorizado para acceder.",
-    "Sorry, you do not have permission to access this page.": "Lo sentimos, no tienes permiso para acceder a esta página.",
+    "Sorry, you do not have permission to access this page or logged in status invalid.": "Sorry, you do not have permission to access this page or logged in status invalid.",
    "State": "Estado",
    "State - Tooltip": "Estado - Tooltip",
    "Successfully added": "Successfully added",
    "Successfully deleted": "Successfully deleted",
    "Successfully saved": "Successfully saved",
    "Swagger": "Swagger",
    "Sync": "Sincronizador",
    "Syncers": "Sincronizadores",
    "SysInfo": "SysInfo",
    "Timestamp": "Timestamp",
    "Tokens": "Tokens",
    "URL": "URL",
@ -250,6 +304,7 @@
    "Continue with": "Continuar con",
    "Email or phone": "Email o teléfono",
    "Forgot password?": "¿Olvidó su contraseña?",
    "Loading": "Loading",
    "Logging out...": "Cerrando su sesión...",
    "No account?": "¿No estás registrado?",
    "Or sign in with another account": "O inicia sesión con otra cuenta",
@ -259,14 +314,16 @@
    "Please input your password!": "¡Por favor ingrese su contraseña!",
    "Please input your password, at least 6 characters!": "Su contraseña debe contener al menos 6 caracteres.",
    "Please input your username, Email or phone!": "¡Ingrese su nombre de usuario, correo electrónico o teléfono!",
    "Redirecting, please wait.": "Redirecting, please wait.",
    "Sign In": "Iniciar de sesión",
    "Sign in with WebAuthn": "Iniciar de sesión con WebAuthn",
    "Sign in with code": "Iniciar de sesión con código",
    "Sign in with password": "Iniciar de sesión con contraseña",
    "Sign in with {type}": "Iniciar de sesión con {type}",
    "Signing in...": "Iniciando de sesión...",
    "Successfully logged in with webauthn credentials": "Successfully logged in with webauthn credentials",
    "The input is not valid Email or Phone!": "El valor ingresado no es un Email o Teléfono válido!",
    "To access": "Para ingresar",
    "Verification Code": "Verification Code",
    "WebAuthn": "WebAuthn",
    "sign up now": "Regístrate ahora",
    "username, Email or phone": "nombre de usuario, correo electrónico o teléfono"
  },
@ -282,17 +339,20 @@
    "Default avatar": "Avatar por defecto",
    "Edit Organization": "Editar Organización",
    "Favicon": "Favicon",
    "InitScore": "InitScore",
    "Is profile public": "Es el perfil publico",
    "Is profile public - Tooltip": "Es el perfil publico - Tooltip",
    "Modify rule": "Modify rule",
    "New Organization": "Nueva Organización",
    "Soft deletion": "Eliminación Soft",
    "Soft deletion - Tooltip": "Eliminación Soft - Tooltip",
    "Tags": "Etiquetas",
    "Tags - Tooltip": "Etiquetas - Tooltip",
    "The user's initScore - Tooltip": "The user's initScore - Tooltip",
    "View rule": "View rule",
    "Visible": "Visible",
    "Website URL": "URL del sitio web",
-    "Website URL - Tooltip": "URL del sitio web - Tooltip",
+    "Website URL - Tooltip": "URL del sitio web - Tooltip"
    "modifyRule": "modifyRule",
    "viewRule": "viewRule"
  },
  "payment": {
    "Confirm your invoice information": "Confirma la información de tu factura",
@ -349,14 +409,20 @@
  "permission": {
    "Actions": "Acciones",
    "Actions - Tooltip": "Acciones - Tooltip",
    "Admin": "Admin",
    "Allow": "Allow",
    "Approve time": "Fecha de aprobación",
    "Approve time - Tooltip": "Fecha de aprobación - Tooltip",
    "Approved": "Approved",
    "Approver": "Aprobador",
    "Approver - Tooltip": "Aprobador - Tooltip",
    "Deny": "Deny",
    "Edit Permission": "Editar Permiso",
    "Effect": "Effect",
    "Effect - Tooltip": "Effect - Tooltip",
    "New Permission": "Nuevo Permiso",
    "Pending": "Pending",
    "Read": "Read",
    "Resource type": "Tipo de recurso",
    "Resource type - Tooltip": "Tipo de recurso - Tooltip",
    "Resources": "Recursos",
@ -364,7 +430,9 @@
    "State": "Estado",
    "State - Tooltip": "Estado - Tooltip",
    "Submitter": "Submitter",
-    "Submitter - Tooltip": "Submitter - Tooltip"
+    "Submitter - Tooltip": "Submitter - Tooltip",
    "TreeNode": "TreeNode",
    "Write": "Write"
  },
  "product": {
    "Alipay": "Alipay",
@ -373,9 +441,12 @@
    "CNY": "CNY",
    "Currency": "Moneda",
    "Currency - Tooltip": "Moneda - Tooltip",
    "Description": "Description",
    "Description - Tooltip": "Description - Tooltip",
    "Detail": "Detalle",
    "Detail - Tooltip": "Detalle - Tooltip",
    "Edit Product": "Editar Producto",
    "I have completed the payment": "I have completed the payment",
    "Image": "Imagen",
    "Image - Tooltip": "Imagen - Tooltip",
    "New Product": "Nuevo producto",
@ -384,6 +455,8 @@
    "Payment providers - Tooltip": "Pasarelas de pago - Tooltip",
    "Paypal": "Paypal",
    "Placing order...": "Creando su pedido...",
    "Please provide your username in the remark": "Please provide your username in the remark",
    "Please scan the QR code to pay": "Please scan the QR code to pay",
    "Price": "Precio",
    "Price - Tooltip": "Precio - Tooltip",
    "Quantity": "Cantidad",
@ -417,6 +490,9 @@
    "Bucket": "Bucket",
    "Bucket - Tooltip": "Bucket - Tooltip",
    "Can not parse Metadata": "Can not parse Metadata",
    "Can signin": "Can signin",
    "Can signup": "Can signup",
    "Can unlink": "Can unlink",
    "Category": "Categoria",
    "Category - Tooltip": "Categoria - Tooltip",
    "Channel No.": "Channel No.",
@ -439,6 +515,8 @@
    "Email Content - Tooltip": "Contenido del Email - Tooltip",
    "Email Title": "Titulo del Email",
    "Email Title - Tooltip": "Titulo del Email - Tooltip",
    "Enable QR code": "Enable QR code",
    "Enable QR code - Tooltip": "Enable QR code - Tooltip",
    "Endpoint": "Endpoint",
    "Endpoint (Intranet)": "Endpoint (Intranet)",
    "Host": "Host",
@ -456,14 +534,18 @@
    "New Provider": "Nuevo Proveedor",
    "Parse": "Parsear",
    "Parse Metadata successfully": "Metadata parseada con éxito",
    "Path prefix": "Path prefix",
    "Please use WeChat and scan the QR code to sign in": "Please use WeChat and scan the QR code to sign in",
    "Port": "Puerto",
    "Port - Tooltip": "Puerto - Tooltip",
    "Prompted": "Prompted",
    "Provider URL": "URL del Proveedor",
    "Provider URL - Tooltip": "URL del Proveedor - Tooltip",
    "Region ID": "Region ID",
    "Region ID - Tooltip": "Region ID - Tooltip",
    "Region endpoint for Internet": "Region endpoint for Internet",
    "Region endpoint for Intranet": "Region endpoint for Intranet",
    "Required": "Required",
    "SAML 2.0 Endpoint (HTTP)": "SAML 2.0 Endpoint (HTTP)",
    "SMS account": "SMS account",
    "SMS account - Tooltip": "SMS account - Tooltip",
@ -500,19 +582,16 @@
    "Test Connection": "Probar Conexión",
    "Test Email": "Probar Email",
    "Test Email - Tooltip": "Probar Email - Tooltip",
    "The prefix path of the file - Tooltip": "The prefix path of the file - Tooltip",
    "Token URL": "Token URL",
    "Token URL - Tooltip": "Token URL - Tooltip",
    "Type": "Tipo",
    "Type - Tooltip": "Tipo - Tooltip",
    "UserInfo URL": "UserInfo URL",
    "UserInfo URL - Tooltip": "UserInfo URL - Tooltip",
-    "alertType": "alertType",
+    "Visible": "Visible",
-    "canSignIn": "canSignIn",
+    "admin (share)": "admin (share)",
-    "canSignUp": "canSignUp",
+    "alertType": "alertType"
    "canUnlink": "canUnlink",
    "prompted": "prompted",
    "required": "required",
    "visible": "visible"
  },
  "record": {
    "Is Triggered": "Esta activado"
@ -597,6 +676,18 @@
    "Table primary key": "Clave primaria de la tabla",
    "Table primary key - Tooltip": "Clave primaria de la tabla - Tooltip"
  },
  "system": {
    "About Casdoor": "About Casdoor",
    "An Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML and CAS": "An Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML and CAS",
    "CPU Usage": "CPU Usage",
    "Community": "Community",
    "Get CPU Usage Failed": "Get CPU Usage Failed",
    "Get Memory Usage Failed": "Get Memory Usage Failed",
    "Memory Usage": "Memory Usage",
    "Official Website": "Official Website",
    "Unknown Version": "Unknown Version",
    "Version": "Version"
  },
  "token": {
    "Access token": "Token de acceso",
    "Authorization code": "Código de autorización",
@ -623,6 +714,7 @@
    "Country/Region": "Pais/Región",
    "Country/Region - Tooltip": "Pais/Región - Tooltip",
    "Edit User": "Editar usuario",
    "Email cannot be empty": "Email cannot be empty",
    "Empty input!": "Campo requerido!",
    "Homepage": "Página de Inicio",
    "Homepage - Tooltip": "Página de Inicio - Tooltip",
@ -637,9 +729,11 @@
    "Is forbidden - Tooltip": "Está prohibido - Tooltip",
    "Is global admin": "Es admin global",
    "Is global admin - Tooltip": "Es admin global - Tooltip",
    "Keys": "Keys",
    "Link": "Enlace",
    "Location": "Ubicación",
    "Location - Tooltip": "Ubicación - Tooltip",
    "Managed accounts": "Managed accounts",
    "Modify password...": "Cambiar contraseña...",
    "New Email": "Nuevo Email",
    "New Password": "Nueva Contraseña",
@ -649,7 +743,10 @@
    "Old Password": "Contraseña anterior",
    "Password": "Contraseña",
    "Password Set": "Password Set",
    "Phone cannot be empty": "Phone cannot be empty",
    "Please select avatar from resources": "Please select avatar from resources",
    "Properties": "Propiedades",
    "Properties - Tooltip": "Properties - Tooltip",
    "Re-enter New": "Reingrese de nuevo",
    "Reset Email...": "Cambiar Email...",
    "Reset Phone...": "Cambiar Phone...",
@ -665,6 +762,7 @@
    "Unlink": "Desvincular",
    "Upload (.xlsx)": "Subir archivo (.xlsx)",
    "Upload a photo": "Subir foto",
    "Values": "Values",
    "WebAuthn credentials": "WebAuthn credentials",
    "input password": "input password"
  },
--- a/web/src/locales/fr/data.json
+++ b/web/src/locales/fr/data.json
@ -156,7 +156,10 @@
    "Click to Upload": "Click to Upload",
    "Client IP": "IP du client",
    "Close": "Close",
    "Compact": "Compact",
    "Created time": "Date de création",
    "Dark": "Dark",
    "Default": "Default",
    "Default application": "Default application",
    "Default application - Tooltip": "Default application - Tooltip",
    "Default avatar": "Avatar par défaut",
@ -233,6 +236,8 @@
    "Roles - Tooltip": "Roles - Tooltip",
    "Save": "Enregistrer",
    "Save & Exit": "Enregistrer & Quitter",
    "Session ID": "Session ID",
    "Sessions": "Sessions",
    "Signin URL": "URL de connexion",
    "Signin URL - Tooltip": "sign in url",
    "Signup URL": "URL d'inscription",
@ -241,7 +246,7 @@
    "Signup application - Tooltip": "Signup application - Tooltip",
    "Sorry, the page you visited does not exist.": "Désolé, la page que vous avez visitée n'existe pas.",
    "Sorry, the user you visited does not exist or you are not authorized to access this user.": "Sorry, the user you visited does not exist or you are not authorized to access this user.",
-    "Sorry, you do not have permission to access this page.": "Désolé, vous n'avez pas la permission d'accéder à cette page.",
+    "Sorry, you do not have permission to access this page or logged in status invalid.": "Sorry, you do not have permission to access this page or logged in status invalid.",
    "State": "State",
    "State - Tooltip": "State - Tooltip",
    "Successfully added": "Successfully added",
@ -299,6 +304,7 @@
    "Continue with": "Continuer avec",
    "Email or phone": "Courriel ou téléphone",
    "Forgot password?": "Mot de passe oublié ?",
    "Loading": "Loading",
    "Logging out...": "Logging out...",
    "No account?": "Pas de compte ?",
    "Or sign in with another account": "Ou connectez-vous avec un autre compte",
@ -308,6 +314,7 @@
    "Please input your password!": "Veuillez saisir votre mot de passe !",
    "Please input your password, at least 6 characters!": "Veuillez entrer votre mot de passe, au moins 6 caractères !",
    "Please input your username, Email or phone!": "Veuillez entrer votre nom d'utilisateur, votre e-mail ou votre téléphone!",
    "Redirecting, please wait.": "Redirecting, please wait.",
    "Sign In": "Se connecter",
    "Sign in with WebAuthn": "Sign in with WebAuthn",
    "Sign in with {type}": "Se connecter avec {type}",
@ -707,6 +714,7 @@
    "Country/Region": "Pays/Région",
    "Country/Region - Tooltip": "Country/Region",
    "Edit User": "Editer l'utilisateur",
    "Email cannot be empty": "Email cannot be empty",
    "Empty input!": "Empty input!",
    "Homepage": "Page d'accueil",
    "Homepage - Tooltip": "Page d'accueil - infobulle",
@ -721,6 +729,7 @@
    "Is forbidden - Tooltip": "Whether the account is disabled",
    "Is global admin": "Est un administrateur global",
    "Is global admin - Tooltip": "Is the application global administrator",
    "Keys": "Keys",
    "Link": "Lier",
    "Location": "Localisation",
    "Location - Tooltip": "Localisation - Infobulle",
@ -734,8 +743,10 @@
    "Old Password": "Ancien mot de passe",
    "Password": "Mot de passe",
    "Password Set": "Mot de passe défini",
    "Phone cannot be empty": "Phone cannot be empty",
    "Please select avatar from resources": "Please select avatar from resources",
    "Properties": "Propriétés",
    "Properties - Tooltip": "Properties - Tooltip",
    "Re-enter New": "Nouvelle entrée",
    "Reset Email...": "Reset Email...",
    "Reset Phone...": "Réinitialiser le téléphone...",
@ -751,6 +762,7 @@
    "Unlink": "Délier",
    "Upload (.xlsx)": "Télécharger (.xlsx)",
    "Upload a photo": "Télécharger une photo",
    "Values": "Values",
    "WebAuthn credentials": "WebAuthn credentials",
    "input password": "saisir le mot de passe"
  },
--- a/web/src/locales/ja/data.json
+++ b/web/src/locales/ja/data.json
@ -156,7 +156,10 @@
    "Click to Upload": "Click to Upload",
    "Client IP": "クライアント IP",
    "Close": "Close",
    "Compact": "Compact",
    "Created time": "作成日時",
    "Dark": "Dark",
    "Default": "Default",
    "Default application": "Default application",
    "Default application - Tooltip": "Default application - Tooltip",
    "Default avatar": "デフォルトのアバター",
@ -233,6 +236,8 @@
    "Roles - Tooltip": "Roles - Tooltip",
    "Save": "保存",
    "Save & Exit": "保存して終了",
    "Session ID": "Session ID",
    "Sessions": "Sessions",
    "Signin URL": "サインインURL",
    "Signin URL - Tooltip": "sign in url",
    "Signup URL": "サインアップURL",
@ -241,7 +246,7 @@
    "Signup application - Tooltip": "Signup application - Tooltip",
    "Sorry, the page you visited does not exist.": "申し訳ありませんが、訪問したページは存在しません。",
    "Sorry, the user you visited does not exist or you are not authorized to access this user.": "Sorry, the user you visited does not exist or you are not authorized to access this user.",
-    "Sorry, you do not have permission to access this page.": "申し訳ありませんが、このページにアクセスする権限がありません。",
+    "Sorry, you do not have permission to access this page or logged in status invalid.": "Sorry, you do not have permission to access this page or logged in status invalid.",
    "State": "State",
    "State - Tooltip": "State - Tooltip",
    "Successfully added": "Successfully added",
@ -299,6 +304,7 @@
    "Continue with": "次で続ける",
    "Email or phone": "Eメールまたは電話番号",
    "Forgot password?": "パスワードを忘れましたか？",
    "Loading": "Loading",
    "Logging out...": "Logging out...",
    "No account?": "アカウントがありませんか？",
    "Or sign in with another account": "または別のアカウントでサインイン",
@ -308,6 +314,7 @@
    "Please input your password!": "パスワードを入力してください！",
    "Please input your password, at least 6 characters!": "6文字以上でパスワードを入力してください！",
    "Please input your username, Email or phone!": "ユーザー名、メールアドレスまたは電話番号を入力してください。",
    "Redirecting, please wait.": "Redirecting, please wait.",
    "Sign In": "サインイン",
    "Sign in with WebAuthn": "Sign in with WebAuthn",
    "Sign in with {type}": "{type} でサインイン",
@ -707,6 +714,7 @@
    "Country/Region": "国/地域",
    "Country/Region - Tooltip": "Country/Region",
    "Edit User": "ユーザーを編集",
    "Email cannot be empty": "Email cannot be empty",
    "Empty input!": "Empty input!",
    "Homepage": "ホームページ",
    "Homepage - Tooltip": "ホームページ - ツールチップ",
@ -721,6 +729,7 @@
    "Is forbidden - Tooltip": "Whether the account is disabled",
    "Is global admin": "グローバル管理者",
    "Is global admin - Tooltip": "Is the application global administrator",
    "Keys": "Keys",
    "Link": "リンク",
    "Location": "場所",
    "Location - Tooltip": "場所 → ツールチップ",
@ -734,8 +743,10 @@
    "Old Password": "古いパスワード",
    "Password": "パスワード",
    "Password Set": "パスワード設定",
    "Phone cannot be empty": "Phone cannot be empty",
    "Please select avatar from resources": "Please select avatar from resources",
    "Properties": "プロパティー",
    "Properties - Tooltip": "Properties - Tooltip",
    "Re-enter New": "新しい入力",
    "Reset Email...": "Reset Email...",
    "Reset Phone...": "電話番号をリセット...",
@ -751,6 +762,7 @@
    "Unlink": "リンクを解除",
    "Upload (.xlsx)": "アップロード (.xlsx)",
    "Upload a photo": "写真をアップロード",
    "Values": "Values",
    "WebAuthn credentials": "WebAuthn credentials",
    "input password": "パスワードを入力"
  },
--- a/web/src/locales/ko/data.json
+++ b/web/src/locales/ko/data.json
@ -156,7 +156,10 @@
    "Click to Upload": "Click to Upload",
    "Client IP": "Client IP",
    "Close": "Close",
    "Compact": "Compact",
    "Created time": "Created time",
    "Dark": "Dark",
    "Default": "Default",
    "Default application": "Default application",
    "Default application - Tooltip": "Default application - Tooltip",
    "Default avatar": "Default avatar",
@ -233,6 +236,8 @@
    "Roles - Tooltip": "Roles - Tooltip",
    "Save": "Save",
    "Save & Exit": "Save & Exit",
    "Session ID": "Session ID",
    "Sessions": "Sessions",
    "Signin URL": "Signin URL",
    "Signin URL - Tooltip": "sign in url",
    "Signup URL": "Signup URL",
@ -241,7 +246,7 @@
    "Signup application - Tooltip": "Signup application - Tooltip",
    "Sorry, the page you visited does not exist.": "Sorry, the page you visited does not exist.",
    "Sorry, the user you visited does not exist or you are not authorized to access this user.": "Sorry, the user you visited does not exist or you are not authorized to access this user.",
-    "Sorry, you do not have permission to access this page.": "Sorry, you do not have permission to access this page.",
+    "Sorry, you do not have permission to access this page or logged in status invalid.": "Sorry, you do not have permission to access this page or logged in status invalid.",
    "State": "State",
    "State - Tooltip": "State - Tooltip",
    "Successfully added": "Successfully added",
@ -299,6 +304,7 @@
    "Continue with": "Continue with",
    "Email or phone": "Email or phone",
    "Forgot password?": "Forgot password?",
    "Loading": "Loading",
    "Logging out...": "Logging out...",
    "No account?": "No account?",
    "Or sign in with another account": "Or sign in with another account",
@ -308,6 +314,7 @@
    "Please input your password!": "Please input your password!",
    "Please input your password, at least 6 characters!": "Please input your password, at least 6 characters!",
    "Please input your username, Email or phone!": "Please input your username, Email or phone!",
    "Redirecting, please wait.": "Redirecting, please wait.",
    "Sign In": "Sign In",
    "Sign in with WebAuthn": "Sign in with WebAuthn",
    "Sign in with {type}": "Sign in with {type}",
@ -707,6 +714,7 @@
    "Country/Region": "Country/Region",
    "Country/Region - Tooltip": "Country/Region",
    "Edit User": "Edit User",
    "Email cannot be empty": "Email cannot be empty",
    "Empty input!": "Empty input!",
    "Homepage": "Homepage",
    "Homepage - Tooltip": "Homepage - Tooltip",
@ -721,6 +729,7 @@
    "Is forbidden - Tooltip": "Whether the account is disabled",
    "Is global admin": "Is global admin",
    "Is global admin - Tooltip": "Is the application global administrator",
    "Keys": "Keys",
    "Link": "Link",
    "Location": "Location",
    "Location - Tooltip": "Location - Tooltip",
@ -734,8 +743,10 @@
    "Old Password": "Old Password",
    "Password": "Password",
    "Password Set": "Password Set",
    "Phone cannot be empty": "Phone cannot be empty",
    "Please select avatar from resources": "Please select avatar from resources",
    "Properties": "Properties",
    "Properties - Tooltip": "Properties - Tooltip",
    "Re-enter New": "Re-enter New",
    "Reset Email...": "Reset Email...",
    "Reset Phone...": "Reset Phone...",
@ -751,6 +762,7 @@
    "Unlink": "Unlink",
    "Upload (.xlsx)": "Upload (.xlsx)",
    "Upload a photo": "Upload a photo",
    "Values": "Values",
    "WebAuthn credentials": "WebAuthn credentials",
    "input password": "input password"
  },
--- a/web/src/locales/ru/data.json
+++ b/web/src/locales/ru/data.json
@ -156,7 +156,10 @@
    "Click to Upload": "Нажмите здесь, чтобы загрузить",
    "Client IP": "IP клиента",
    "Close": "Close",
    "Compact": "Compact",
    "Created time": "Время создания",
    "Dark": "Dark",
    "Default": "Default",
    "Default application": "Default application",
    "Default application - Tooltip": "Default application - Tooltip",
    "Default avatar": "Аватар по умолчанию",
@ -233,6 +236,8 @@
    "Roles - Tooltip": "Roles - Tooltip",
    "Save": "Сохранить",
    "Save & Exit": "Сохранить и выйти",
    "Session ID": "Session ID",
    "Sessions": "Sessions",
    "Signin URL": "URL входа",
    "Signin URL - Tooltip": "sign in url",
    "Signup URL": "URL регистрации",
@ -241,7 +246,7 @@
    "Signup application - Tooltip": "Signup application - Tooltip",
    "Sorry, the page you visited does not exist.": "Извините, посещенная вами страница не существует.",
    "Sorry, the user you visited does not exist or you are not authorized to access this user.": "Sorry, the user you visited does not exist or you are not authorized to access this user.",
-    "Sorry, you do not have permission to access this page.": "Извините, вы не имеете права доступа к этой странице.",
+    "Sorry, you do not have permission to access this page or logged in status invalid.": "Sorry, you do not have permission to access this page or logged in status invalid.",
    "State": "State",
    "State - Tooltip": "State - Tooltip",
    "Successfully added": "Successfully added",
@ -299,6 +304,7 @@
    "Continue with": "Продолжить с",
    "Email or phone": "Электронная почта или телефон",
    "Forgot password?": "Забыли пароль?",
    "Loading": "Loading",
    "Logging out...": "Выход...",
    "No account?": "Нет учетной записи?",
    "Or sign in with another account": "Или войти с помощью другой учетной записи",
@ -308,6 +314,7 @@
    "Please input your password!": "Пожалуйста, введите ваш пароль!",
    "Please input your password, at least 6 characters!": "Пожалуйста, введите ваш пароль, по крайней мере 6 символов!",
    "Please input your username, Email or phone!": "Пожалуйста, введите ваше имя пользователя, адрес электронной почты или телефон!",
    "Redirecting, please wait.": "Redirecting, please wait.",
    "Sign In": "Войти",
    "Sign in with WebAuthn": "Sign in with WebAuthn",
    "Sign in with {type}": "Войти с помощью {type}",
@ -707,6 +714,7 @@
    "Country/Region": "Страна/регион",
    "Country/Region - Tooltip": "Country/Region",
    "Edit User": "Изменить пользователя",
    "Email cannot be empty": "Email cannot be empty",
    "Empty input!": "Empty input!",
    "Homepage": "Главная страница",
    "Homepage - Tooltip": "Главная страница - Подсказки",
@ -721,6 +729,7 @@
    "Is forbidden - Tooltip": "Whether the account is disabled",
    "Is global admin": "Глобальный администратор",
    "Is global admin - Tooltip": "Is the application global administrator",
    "Keys": "Keys",
    "Link": "Ссылка",
    "Location": "Местоположение",
    "Location - Tooltip": "Расположение - Подсказка",
@ -734,8 +743,10 @@
    "Old Password": "Старый пароль",
    "Password": "Пароль",
    "Password Set": "Пароль установлен",
    "Phone cannot be empty": "Phone cannot be empty",
    "Please select avatar from resources": "Please select avatar from resources",
    "Properties": "Свойства",
    "Properties - Tooltip": "Properties - Tooltip",
    "Re-enter New": "Введите еще раз",
    "Reset Email...": "Reset Email...",
    "Reset Phone...": "Сбросить телефон...",
@ -751,6 +762,7 @@
    "Unlink": "Отвязать",
    "Upload (.xlsx)": "Загрузить (.xlsx)",
    "Upload a photo": "Загрузить фото",
    "Values": "Values",
    "WebAuthn credentials": "WebAuthn credentials",
    "input password": "пароль для ввода"
  },
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Yaodong Yu	ead844131e	feat: improve user edit page to fix missing fields and page crash (#1463 )	2023-01-11 16:15:06 +08:00
Yaodong Yu	ce2a4bbf6e	feat: check uniqueness for email and phone when updating user (#1461 ) * fix: check unique field when update user * Update data.json Co-authored-by: hsluoyz <hsluoyz@qq.com>	2023-01-10 22:34:08 +08:00
疯魔慕薇	fcb80b800f	feat: add refresh token to token login response (#1458 ) Signed-off-by: 疯魔慕薇 <kfanjian@gmail.com> Signed-off-by: 疯魔慕薇 <kfanjian@gmail.com>	2023-01-09 23:33:03 +08:00
jakiuncle	6daadf8d3c	feat: add e2e test (#1445 ) * add cypress * feat: add crypress ci	2023-01-09 00:16:32 +08:00
Gucheng Wang	090389b86a	Fix bug in CheckAccountItemModifyRule()	2023-01-07 13:49:06 +08:00
Gucheng Wang	b566af8e11	Improve i18n	2023-01-06 20:32:18 +08:00
Gucheng Wang	57028c2059	Remove duplicated i18n words	2023-01-06 20:24:14 +08:00
Gucheng Wang	a6e9084973	Remove duplicated i18n words	2023-01-06 20:12:32 +08:00
Gucheng Wang	6fb3e2cd7f	Remove check_util i18n words	2023-01-06 19:57:13 +08:00
Gucheng Wang	8b6bde6d82	Remove generate_backend.go	2023-01-06 19:42:47 +08:00
Gucheng Wang	fb2b03f00f	Add category to applyToOtherLanguage()	2023-01-06 19:26:00 +08:00
Gucheng Wang	1681138729	Add getAllFilePathsInFolder()	2023-01-06 19:04:38 +08:00
Ngọc Long	1d8b0a264e	feat(login): add code login limit (#1442 )	2023-01-06 18:51:43 +08:00
Yaodong Yu	b525210835	feat: destroy session after delete user (#1441 ) * fix: destroy session after delete user * feat: visual session * fix: go lint * feat: add translation * feat: auto flush after offline * fix: delete one session * fix: move 403 page to baseListPage	2023-01-06 15:04:13 +08:00
imp2002	4ab2ca7a25	feat: fix `checkPermissionForUpdateUser()` logic (#1454 ) * fix: fix `checkPermissionForUpdateUser()` logic * fix: fix `checkPermissionForUpdateUser()` logic	2023-01-06 00:03:40 +08:00
June	dcf148fb7f	fix: add GetMaskedRoles and GetMaskedPermissions when GetAccount (#1456 )	2023-01-06 00:02:52 +08:00
Mr Forest	c8846f1a2d	feat: fix translate bug in `UpdateUser()` (#1451 ) * fix: fix translate error * fix translate bug in UpdateUser() * Delete DiscordLoginButton.js	2023-01-04 22:54:50 +08:00
June	0559298d6c	feat: extend user with roles and permissions in GetAccount (#1449 )	2023-01-04 20:23:57 +08:00
June	ddb5e26fcd	fix: mask user in get-account response (#1450 )	2023-01-04 18:40:36 +08:00
Liu	1f39027b78	fix: convert line endings to LF on checkout for all envs (#1448 ) * Convert line endings to LF on checkout for all envs * fix: convert line endings to LF on checkout for all envs	2023-01-04 18:36:38 +08:00
Yaodong Yu	eae3b0d367	feat: fix saml login failed by using oauth (#1443 )	2023-01-03 19:42:12 +08:00
imp2002	186f0ac97b	feat: check permission when update user (#1438 ) * feat: check permission when update user * feat: check permission when update user * fix: fix organization accountItem modifyRule * fix: fix organization accountItem modifyRule	2023-01-02 09:27:25 +08:00
imp2002	308f305c53	feat: add query and fragment response mode declare in OIDC (#1439 )	2023-01-01 21:46:12 +08:00
Yaodong Yu	d498bc60ce	feat: edit user properties (#1435 )	2022-12-31 15:27:53 +08:00
Mr Forest	7bbe1e38c1	fix: fix translate error (#1432 ) * fix:fix translate error * Delete TelegramLoginButton.js * Update data.json * Update data.json Co-authored-by: hsluoyz <hsluoyz@qq.com>	2022-12-30 12:10:18 +08:00
Chell	f465fc6ce0	feat: support changing theme in antd 5 (#1430 ) * feat: add global theme change function * feat: add icons * feat: in app theme changer * feat: use antd built-in themes * fix: multiple styling problem * fix: theme init from localstorage * feat: dark mode footer * feat: casdoor logo color theme * feat: select theme box icon adaptive to theme * fix: menu bar style * fix: language box style * feat: translation * feat: update translation of select theme box without reloading * fix: mobile view * fix: better structured select theme box * feat: add compact icon * fix: redundant theme fetch * fix: redundant theme fetch * fix: various styling problems	2022-12-29 22:30:37 +08:00
June	c952c2f2f4	feat: fix login with password bug when feature is disabled (#1428 )	2022-12-27 14:46:57 +08:00
Yaodong Yu	86ae97d1e5	feat: fix the bug that spin is always showing when response error (#1424 )	2022-12-24 17:55:36 +08:00
Yaodong Yu	6ea73e3eca	fix: show background image in preview (#1425 )	2022-12-24 17:47:05 +08:00
Chell	a71a190db5	feat: fix bug in redirectToLoginPage() (#1422 )	2022-12-24 01:10:02 +08:00
Yaodong Yu	da69d94445	feat: fix the bug that spin in oauth is always showing (#1421 )	2022-12-23 15:06:51 +08:00
imp2002	b8b915abe1	feat: check AccessPermission in multiple permissions (#1420 )	2022-12-23 14:06:02 +08:00
Chell	5d1548e989	feat: fix absolute URL redirection (#1419 ) * fix: redirect to absolute url * fix: original jump	2022-12-23 11:05:15 +08:00
Yaodong Yu	a0dc6e06cd	feat: add EntryPage for login, signup pages to fix background flashing issue (#1416 ) * feat: fix flush in login Pages * fix: code format * fix: improve code * Update App.js * Update EntryPage.js * fix: optimize api request * Update App.js * Update App.js * fix: fix css * fix: css and getApllicationObj Co-authored-by: hsluoyz <hsluoyz@qq.com>	2022-12-22 23:39:02 +08:00
WangGuan	ae130788ec	feat: add Line support as OAuth 3rd-party login (#1413 )	2022-12-21 02:25:58 +08:00
Gucheng Wang	f075d0fd74	Refactor out application.IsRedirectUriValid()	2022-12-21 00:35:33 +08:00