feat: extend user with roles and permissions in GetAccount (#1449)

* Convert line endings to LF on checkout for all envs

* fix: convert line endings to LF on checkout for all envs

.gitattributes

@@ -1,2 +1,5 @@
 *.go linguist-detectable=true
-*.js linguist-detectable=false
+*.js linguist-detectable=false
+# Declare files that will always have LF line endings on checkout.
+# Git will always convert line endings to LF on checkout. You should use this for files that must keep LF endings, even on Windows.
+*.sh text eol=lf

controllers/account.go

@@ -271,12 +271,14 @@ func (c *ApiController) GetAccount() {
 		user = object.ExtendManagedAccountsWithUser(user)
 	}
 
+	object.ExtendUserWithRolesAndPermissions(user)
+
 	organization := object.GetMaskedOrganization(object.GetOrganizationByUser(user))
 	resp := Response{
 		Status: "ok",
 		Sub:    user.Id,
 		Name:   user.Name,
-		Data:   user,
+		Data:   object.GetMaskedUser(user),
 		Data2:  organization,
 	}
 	c.Data["json"] = resp

controllers/auth.go

@@ -103,12 +103,12 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 			resp = tokenToResponse(token)
 		}
 	} else if form.Type == ResponseTypeSaml { // saml flow
-		res, redirectUrl, err := object.GetSamlResponse(application, user, form.SamlRequest, c.Ctx.Request.Host)
+		res, redirectUrl, method, err := object.GetSamlResponse(application, user, form.SamlRequest, c.Ctx.Request.Host)
 		if err != nil {
 			c.ResponseError(err.Error(), nil)
 			return
 		}
-		resp = &Response{Status: "ok", Msg: "", Data: res, Data2: redirectUrl}
+		resp = &Response{Status: "ok", Msg: "", Data: res, Data2: map[string]string{"redirectUrl": redirectUrl, "method": method}}
 	} else if form.Type == ResponseTypeCas {
 		// not oauth but CAS SSO protocol
 		service := c.Input().Get("service")
@@ -265,6 +265,10 @@ func (c *ApiController) Login() {
 				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), form.Application))
 				return
 			}
+			if !application.EnablePassword {
+				c.ResponseError(c.T("auth:The login method: login with password is not enabled for the application"))
+				return
+			}
 
 			if object.CheckToEnableCaptcha(application) {
 				isHuman, err := captcha.VerifyCaptchaByCaptchaType(form.CaptchaType, form.CaptchaToken, form.ClientSecret)

controllers/user.go

@@ -17,6 +17,7 @@ package controllers
 import (
 	"encoding/json"
 	"fmt"
+	"reflect"
 	"strings"
 
 	"github.com/beego/beego/utils/pagination"
@@ -125,6 +126,117 @@ func (c *ApiController) GetUser() {
 	c.ServeJSON()
 }
 
+func checkPermissionForUpdateUser(id string, newUser object.User, c *ApiController) (bool, string) {
+	oldUser := object.GetUser(id)
+	org := object.GetOrganizationByUser(oldUser)
+	var itemsChanged []*object.AccountItem
+
+	if oldUser.Owner != newUser.Owner {
+		item := object.GetAccountItemByName("Organization", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Name != newUser.Name {
+		item := object.GetAccountItemByName("Name", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Id != newUser.Id {
+		item := object.GetAccountItemByName("ID", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.DisplayName != newUser.DisplayName {
+		item := object.GetAccountItemByName("Display name", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Avatar != newUser.Avatar {
+		item := object.GetAccountItemByName("Avatar", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Type != newUser.Type {
+		item := object.GetAccountItemByName("User type", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	// The password is *** when not modified
+	if oldUser.Password != newUser.Password && newUser.Password != "***" {
+		item := object.GetAccountItemByName("Password", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Email != newUser.Email {
+		item := object.GetAccountItemByName("Email", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Phone != newUser.Phone {
+		item := object.GetAccountItemByName("Phone", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Region != newUser.Region {
+		item := object.GetAccountItemByName("Country/Region", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Location != newUser.Location {
+		item := object.GetAccountItemByName("Location", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Affiliation != newUser.Affiliation {
+		item := object.GetAccountItemByName("Affiliation", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Title != newUser.Title {
+		item := object.GetAccountItemByName("Title", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Homepage != newUser.Homepage {
+		item := object.GetAccountItemByName("Homepage", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Bio != newUser.Bio {
+		item := object.GetAccountItemByName("Bio", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Tag != newUser.Tag {
+		item := object.GetAccountItemByName("Tag", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.SignupApplication != newUser.SignupApplication {
+		item := object.GetAccountItemByName("Signup application", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if reflect.DeepEqual(oldUser.Roles, newUser.Roles) {
+		item := object.GetAccountItemByName("Roles", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if reflect.DeepEqual(oldUser.Permissions, newUser.Permissions) {
+		item := object.GetAccountItemByName("Permissions", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if reflect.DeepEqual(oldUser.Properties, newUser.Properties) {
+		item := object.GetAccountItemByName("Properties", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.IsAdmin != newUser.IsAdmin {
+		item := object.GetAccountItemByName("Is admin", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.IsGlobalAdmin != newUser.IsGlobalAdmin {
+		item := object.GetAccountItemByName("Is global admin", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.IsForbidden != newUser.IsForbidden {
+		item := object.GetAccountItemByName("Is forbidden", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.IsDeleted != newUser.IsDeleted {
+		item := object.GetAccountItemByName("Is deleted", org)
+		itemsChanged = append(itemsChanged, item)
+	}
+
+	for i := range itemsChanged {
+		if pass, err := object.CheckAccountItemModifyRule(itemsChanged[i], c.getCurrentUser(), c.GetAcceptLanguage()); !pass {
+			return pass, err
+		}
+	}
+	return true, ""
+}
+
 // UpdateUser
 // @Title UpdateUser
 // @Tag User API
@@ -159,6 +271,12 @@ func (c *ApiController) UpdateUser() {
 	}
 
 	isGlobalAdmin := c.IsGlobalAdmin()
+
+	if pass, err := checkPermissionForUpdateUser(id, user, c); !pass {
+		c.ResponseError(c.T(err))
+		return
+	}
+
 	affected := object.UpdateUser(id, &user, columns, isGlobalAdmin)
 	if affected {
 		object.UpdateUserToOriginalDatabase(&user)

i18n/locales/de/data.json

@@ -25,6 +25,7 @@
     "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
     "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
     "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
     "The provider type: %s is not supported": "The provider type: %s is not supported",
     "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
     "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",

i18n/locales/en/data.json

@@ -25,6 +25,7 @@
     "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
     "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
     "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
     "The provider type: %s is not supported": "The provider type: %s is not supported",
     "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
     "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",

i18n/locales/es/data.json

@@ -25,6 +25,7 @@
     "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
     "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
     "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
     "The provider type: %s is not supported": "The provider type: %s is not supported",
     "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
     "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",

i18n/locales/fr/data.json

@@ -25,6 +25,7 @@
     "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
     "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
     "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
     "The provider type: %s is not supported": "The provider type: %s is not supported",
     "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
     "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",

i18n/locales/ja/data.json

@@ -25,6 +25,7 @@
     "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
     "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
     "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
     "The provider type: %s is not supported": "The provider type: %s is not supported",
     "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
     "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",

i18n/locales/ko/data.json

@@ -25,6 +25,7 @@
     "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
     "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
     "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
     "The provider type: %s is not supported": "The provider type: %s is not supported",
     "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
     "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",

i18n/locales/ru/data.json

@@ -25,6 +25,7 @@
     "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
     "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
     "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
     "The provider type: %s is not supported": "The provider type: %s is not supported",
     "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
     "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",

i18n/locales/zh/data.json

@@ -25,13 +25,14 @@
     "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "提供商账户: %s 与用户名: %s (%s) 不存在且 不允许注册新账户, 请联系IT支持",
     "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "提供商账户: %s 与用户名: %s (%s) 已经与其他账户绑定: %s (%s)",
     "The application: %s does not exist": "应用 %s 不存在",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
     "The provider type: %s is not supported": "不支持该类型的提供商: %s",
     "The provider: %s is not enabled for the application": "提供商: %s 未被启用",
     "The user is forbidden to sign in, please contact the administrator": "该用户被禁止登陆，请联系管理员",
     "The user: %s/%s doesn't exist": "用户不存在: %s/%s",
     "Turing test failed.": "真人验证失败",
     "Unauthorized operation": "未授权的操作",
-    "Unknown authentication type (not password or provider), form = %s": "未授权的操作"
+    "Unknown authentication type (not password or provider), form = %s": "未知的认证类型（非密码或第三方提供商）：%s"
   },
   "cas": {
     "Service %s and %s do not match": "服务 %s 与 %s 不匹配"

object/oidc_discovery.go

@@ -76,7 +76,7 @@ func GetOidcDiscovery(host string) OidcDiscovery {
 		JwksUri:                                fmt.Sprintf("%s/.well-known/jwks", originBackend),
 		IntrospectionEndpoint:                  fmt.Sprintf("%s/api/login/oauth/introspect", originBackend),
 		ResponseTypesSupported:                 []string{"code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token", "none"},
-		ResponseModesSupported:                 []string{"login", "code", "link"},
+		ResponseModesSupported:                 []string{"query", "fragment", "login", "code", "link"},
 		GrantTypesSupported:                    []string{"password", "authorization_code"},
 		SubjectTypesSupported:                  []string{"public"},
 		IdTokenSigningAlgValuesSupported:       []string{"RS256"},

object/saml_idp.go

@@ -223,11 +223,14 @@ func GetSamlMeta(application *Application, host string) (*IdpEntityDescriptor, e
 
 // GetSamlResponse generates a SAML2.0 response
 // parameter samlRequest is saml request in base64 format
-func GetSamlResponse(application *Application, user *User, samlRequest string, host string) (string, string, error) {
+func GetSamlResponse(application *Application, user *User, samlRequest string, host string) (string, string, string, error) {
+	// request type
+	method := "GET"
+
 	// base64 decode
 	defated, err := base64.StdEncoding.DecodeString(samlRequest)
 	if err != nil {
-		return "", "", fmt.Errorf("err: %s", err.Error())
+		return "", "", method, fmt.Errorf("err: %s", err.Error())
 	}
 	// decompress
 	var buffer bytes.Buffer
@@ -236,12 +239,12 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 	var authnRequest saml.AuthnRequest
 	err = xml.Unmarshal(buffer.Bytes(), &authnRequest)
 	if err != nil {
-		return "", "", fmt.Errorf("err: %s", err.Error())
+		return "", "", method, fmt.Errorf("err: %s", err.Error())
 	}
 
 	// verify samlRequest
 	if isValid := application.IsRedirectUriValid(authnRequest.Issuer.Url); !isValid {
-		return "", "", fmt.Errorf("err: Issuer URI: %s doesn't exist in the allowed Redirect URI list", authnRequest.Issuer.Url)
+		return "", "", method, fmt.Errorf("err: Issuer URI: %s doesn't exist in the allowed Redirect URI list", authnRequest.Issuer.Url)
 	}
 
 	// get certificate string
@@ -253,6 +256,7 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 
 	// redirect Url (Assertion Consumer Url)
 	if application.SamlReplyUrl != "" {
+		method = "POST"
 		authnRequest.AssertionConsumerServiceURL = application.SamlReplyUrl
 	}
 
@@ -275,7 +279,7 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 	doc.SetRoot(samlResponse)
 	xmlBytes, err := doc.WriteToBytes()
 	if err != nil {
-		return "", "", fmt.Errorf("err: %s", err.Error())
+		return "", "", method, fmt.Errorf("err: %s", err.Error())
 	}
 
 	// compress
@@ -283,7 +287,7 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 		flated := bytes.NewBuffer(nil)
 		writer, err := flate.NewWriter(flated, flate.DefaultCompression)
 		if err != nil {
-			return "", "", fmt.Errorf("err: %s", err.Error())
+			return "", "", method, fmt.Errorf("err: %s", err.Error())
 		}
 		writer.Write(xmlBytes)
 		writer.Close()
@@ -291,7 +295,7 @@ func GetSamlResponse(application *Application, user *User, samlRequest string, h
 	}
 	// base64 encode
 	res := base64.StdEncoding.EncodeToString(xmlBytes)
-	return res, authnRequest.AssertionConsumerServiceURL, nil
+	return res, authnRequest.AssertionConsumerServiceURL, method, nil
 }
 
 // NewSamlResponse11 return a saml1.1 response(not 2.0)

web/src/AccountTable.js

@@ -170,7 +170,7 @@ class AccountTable extends React.Component {
           }
 
           let options;
-          if (record.viewRule === "Admin") {
+          if (record.viewRule === "Admin" || record.name === "Is admin" || record.name === "Is global admin") {
             options = [
               {id: "Admin", name: "Admin"},
               {id: "Immutable", name: "Immutable"},

web/src/App.js

@@ -17,7 +17,7 @@ import "./App.less";
 import {Helmet} from "react-helmet";
 import * as Setting from "./Setting";
 import {BarsOutlined, DownOutlined, LogoutOutlined, SettingOutlined} from "@ant-design/icons";
-import {Avatar, Button, Card, ConfigProvider, Drawer, Dropdown, FloatButton, Layout, Menu, Result} from "antd";
+import {Avatar, Button, Card, ConfigProvider, Drawer, Dropdown, FloatButton, Layout, Menu, Result, theme} from "antd";
 import {Link, Redirect, Route, Switch, withRouter} from "react-router-dom";
 import OrganizationListPage from "./OrganizationListPage";
 import OrganizationEditPage from "./OrganizationEditPage";
@@ -69,6 +69,7 @@ import SystemInfo from "./SystemInfo";
 import AdapterListPage from "./AdapterListPage";
 import AdapterEditPage from "./AdapterEditPage";
 import {withTranslation} from "react-i18next";
+import SelectThemeBox from "./SelectThemeBox";
 
 const {Header, Footer, Content} = Layout;
 
@@ -81,6 +82,8 @@ class App extends Component {
       account: undefined,
       uri: null,
       menuVisible: false,
+      themeAlgorithm: null,
+      logo: null,
     };
 
     Setting.initServerUrl();
@@ -95,6 +98,16 @@ class App extends Component {
     this.getAccount();
   }
 
+  componentDidMount() {
+    localStorage.getItem("theme") ?
+      this.setState({"themeAlgorithm": this.getTheme()}) : this.setState({"themeAlgorithm": theme.defaultAlgorithm});
+    this.setState({"logo": Setting.getLogo(localStorage.getItem("theme"))});
+    addEventListener("themeChange", (e) => {
+      this.setState({"themeAlgorithm": this.getTheme()});
+      this.setState({"logo": Setting.getLogo(localStorage.getItem("theme"))});
+    });
+  }
+
   componentDidUpdate() {
     // eslint-disable-next-line no-restricted-globals
     const uri = location.pathname;
@@ -184,6 +197,10 @@ class App extends Component {
     return "";
   }
 
+  getTheme() {
+    return Setting.Themes.find(t => t.key === localStorage.getItem("theme"))["style"];
+  }
+
   setLanguage(account) {
     const language = account?.language;
     if (language !== "" && language !== i18next.language) {
@@ -465,54 +482,62 @@ class App extends Component {
 
   renderRouter() {
     return (
-      <div>
-        <Switch>
-          <Route exact path="/result" render={(props) => this.renderHomeIfLoggedIn(<ResultPage {...props} />)} />
-          <Route exact path="/result/:applicationName" render={(props) => this.renderHomeIfLoggedIn(<ResultPage {...props} />)} />
-          <Route exact path="/" render={(props) => this.renderLoginIfNotLoggedIn(<HomePage account={this.state.account} {...props} />)} />
-          <Route exact path="/account" render={(props) => this.renderLoginIfNotLoggedIn(<AccountPage account={this.state.account} {...props} />)} />
-          <Route exact path="/organizations" render={(props) => this.renderLoginIfNotLoggedIn(<OrganizationListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/organizations/:organizationName" render={(props) => this.renderLoginIfNotLoggedIn(<OrganizationEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/organizations/:organizationName/users" render={(props) => this.renderLoginIfNotLoggedIn(<UserListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/users" render={(props) => this.renderLoginIfNotLoggedIn(<UserListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/users/:organizationName/:userName" render={(props) => <UserEditPage account={this.state.account} {...props} />} />
-          <Route exact path="/roles" render={(props) => this.renderLoginIfNotLoggedIn(<RoleListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/roles/:organizationName/:roleName" render={(props) => this.renderLoginIfNotLoggedIn(<RoleEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/permissions" render={(props) => this.renderLoginIfNotLoggedIn(<PermissionListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/permissions/:organizationName/:permissionName" render={(props) => this.renderLoginIfNotLoggedIn(<PermissionEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/models" render={(props) => this.renderLoginIfNotLoggedIn(<ModelListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/models/:organizationName/:modelName" render={(props) => this.renderLoginIfNotLoggedIn(<ModelEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/adapters" render={(props) => this.renderLoginIfNotLoggedIn(<AdapterListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/adapters/:organizationName/:adapterName" render={(props) => this.renderLoginIfNotLoggedIn(<AdapterEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/providers" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/providers/:organizationName/:providerName" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/applications" render={(props) => this.renderLoginIfNotLoggedIn(<ApplicationListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/applications/:organizationName/:applicationName" render={(props) => this.renderLoginIfNotLoggedIn(<ApplicationEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/resources" render={(props) => this.renderLoginIfNotLoggedIn(<ResourceListPage account={this.state.account} {...props} />)} />
-          {/* <Route exact path="/resources/:resourceName" render={(props) => this.renderLoginIfNotLoggedIn(<ResourceEditPage account={this.state.account} {...props} />)}/>*/}
-          <Route exact path="/ldap/:ldapId" render={(props) => this.renderLoginIfNotLoggedIn(<LdapEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/ldap/sync/:ldapId" render={(props) => this.renderLoginIfNotLoggedIn(<LdapSyncPage account={this.state.account} {...props} />)} />
-          <Route exact path="/tokens" render={(props) => this.renderLoginIfNotLoggedIn(<TokenListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/tokens/:tokenName" render={(props) => this.renderLoginIfNotLoggedIn(<TokenEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/webhooks" render={(props) => this.renderLoginIfNotLoggedIn(<WebhookListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/webhooks/:webhookName" render={(props) => this.renderLoginIfNotLoggedIn(<WebhookEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/syncers" render={(props) => this.renderLoginIfNotLoggedIn(<SyncerListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/syncers/:syncerName" render={(props) => this.renderLoginIfNotLoggedIn(<SyncerEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/certs" render={(props) => this.renderLoginIfNotLoggedIn(<CertListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/certs/:certName" render={(props) => this.renderLoginIfNotLoggedIn(<CertEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/products" render={(props) => this.renderLoginIfNotLoggedIn(<ProductListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/products/:productName" render={(props) => this.renderLoginIfNotLoggedIn(<ProductEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/products/:productName/buy" render={(props) => this.renderLoginIfNotLoggedIn(<ProductBuyPage account={this.state.account} {...props} />)} />
-          <Route exact path="/payments" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/payments/:paymentName" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentEditPage account={this.state.account} {...props} />)} />
-          <Route exact path="/payments/:paymentName/result" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentResultPage account={this.state.account} {...props} />)} />
-          <Route exact path="/records" render={(props) => this.renderLoginIfNotLoggedIn(<RecordListPage account={this.state.account} {...props} />)} />
-          <Route exact path="/.well-known/openid-configuration" render={(props) => <OdicDiscoveryPage />} />
-          <Route exact path="/sysinfo" render={(props) => this.renderLoginIfNotLoggedIn(<SystemInfo account={this.state.account} {...props} />)} />
-          <Route path="" render={() => <Result status="404" title="404 NOT FOUND" subTitle={i18next.t("general:Sorry, the page you visited does not exist.")}
-            extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>} />} />
-        </Switch>
-      </div>
+      <ConfigProvider theme={{
+        token: {
+          colorPrimary: "rgb(89,54,213)",
+          colorInfo: "rgb(89,54,213)",
+        },
+        algorithm: this.state.themeAlgorithm,
+      }}>
+        <div>
+          <Switch>
+            <Route exact path="/result" render={(props) => this.renderHomeIfLoggedIn(<ResultPage {...props} />)} />
+            <Route exact path="/result/:applicationName" render={(props) => this.renderHomeIfLoggedIn(<ResultPage {...props} />)} />
+            <Route exact path="/" render={(props) => this.renderLoginIfNotLoggedIn(<HomePage account={this.state.account} {...props} />)} />
+            <Route exact path="/account" render={(props) => this.renderLoginIfNotLoggedIn(<AccountPage account={this.state.account} {...props} />)} />
+            <Route exact path="/organizations" render={(props) => this.renderLoginIfNotLoggedIn(<OrganizationListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/organizations/:organizationName" render={(props) => this.renderLoginIfNotLoggedIn(<OrganizationEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/organizations/:organizationName/users" render={(props) => this.renderLoginIfNotLoggedIn(<UserListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/users" render={(props) => this.renderLoginIfNotLoggedIn(<UserListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/users/:organizationName/:userName" render={(props) => <UserEditPage account={this.state.account} {...props} />} />
+            <Route exact path="/roles" render={(props) => this.renderLoginIfNotLoggedIn(<RoleListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/roles/:organizationName/:roleName" render={(props) => this.renderLoginIfNotLoggedIn(<RoleEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/permissions" render={(props) => this.renderLoginIfNotLoggedIn(<PermissionListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/permissions/:organizationName/:permissionName" render={(props) => this.renderLoginIfNotLoggedIn(<PermissionEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/models" render={(props) => this.renderLoginIfNotLoggedIn(<ModelListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/models/:organizationName/:modelName" render={(props) => this.renderLoginIfNotLoggedIn(<ModelEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/adapters" render={(props) => this.renderLoginIfNotLoggedIn(<AdapterListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/adapters/:organizationName/:adapterName" render={(props) => this.renderLoginIfNotLoggedIn(<AdapterEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/providers" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/providers/:organizationName/:providerName" render={(props) => this.renderLoginIfNotLoggedIn(<ProviderEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/applications" render={(props) => this.renderLoginIfNotLoggedIn(<ApplicationListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/applications/:organizationName/:applicationName" render={(props) => this.renderLoginIfNotLoggedIn(<ApplicationEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/resources" render={(props) => this.renderLoginIfNotLoggedIn(<ResourceListPage account={this.state.account} {...props} />)} />
+            {/* <Route exact path="/resources/:resourceName" render={(props) => this.renderLoginIfNotLoggedIn(<ResourceEditPage account={this.state.account} {...props} />)}/>*/}
+            <Route exact path="/ldap/:ldapId" render={(props) => this.renderLoginIfNotLoggedIn(<LdapEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/ldap/sync/:ldapId" render={(props) => this.renderLoginIfNotLoggedIn(<LdapSyncPage account={this.state.account} {...props} />)} />
+            <Route exact path="/tokens" render={(props) => this.renderLoginIfNotLoggedIn(<TokenListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/tokens/:tokenName" render={(props) => this.renderLoginIfNotLoggedIn(<TokenEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/webhooks" render={(props) => this.renderLoginIfNotLoggedIn(<WebhookListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/webhooks/:webhookName" render={(props) => this.renderLoginIfNotLoggedIn(<WebhookEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/syncers" render={(props) => this.renderLoginIfNotLoggedIn(<SyncerListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/syncers/:syncerName" render={(props) => this.renderLoginIfNotLoggedIn(<SyncerEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/certs" render={(props) => this.renderLoginIfNotLoggedIn(<CertListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/certs/:certName" render={(props) => this.renderLoginIfNotLoggedIn(<CertEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/products" render={(props) => this.renderLoginIfNotLoggedIn(<ProductListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/products/:productName" render={(props) => this.renderLoginIfNotLoggedIn(<ProductEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/products/:productName/buy" render={(props) => this.renderLoginIfNotLoggedIn(<ProductBuyPage account={this.state.account} {...props} />)} />
+            <Route exact path="/payments" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/payments/:paymentName" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentEditPage account={this.state.account} {...props} />)} />
+            <Route exact path="/payments/:paymentName/result" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentResultPage account={this.state.account} {...props} />)} />
+            <Route exact path="/records" render={(props) => this.renderLoginIfNotLoggedIn(<RecordListPage account={this.state.account} {...props} />)} />
+            <Route exact path="/.well-known/openid-configuration" render={(props) => <OdicDiscoveryPage />} />
+            <Route exact path="/sysinfo" render={(props) => this.renderLoginIfNotLoggedIn(<SystemInfo account={this.state.account} {...props} />)} />
+            <Route path="" render={() => <Result status="404" title="404 NOT FOUND" subTitle={i18next.t("general:Sorry, the page you visited does not exist.")}
+              extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>} />} />
+          </Switch>
+        </div>
+      </ConfigProvider>
     );
   }
 
@@ -532,30 +557,27 @@ class App extends Component {
     if (!Setting.isMobile()) {
       return (
         <Layout id="parent-area">
-          <Header style={{marginBottom: "3px", paddingInline: 0}}>
+          <Header style={{marginBottom: "3px", paddingInline: 0, backgroundColor: this.state.themeAlgorithm === theme.darkAlgorithm ? "black" : "white"}}>
             {
               Setting.isMobile() ? null : (
                 <Link to={"/"}>
-                  <div className="logo" />
+                  <div className="logo" style={{background: `url(${this.state.logo})`}} />
                 </Link>
               )
             }
-            <div>
-              <Menu
-                // theme="dark"
-                items={this.renderMenu()}
-                mode={(Setting.isMobile() && this.isStartPages()) ? "inline" : "horizontal"}
-                selectedKeys={[`${this.state.selectedMenuKey}`]}
-                style={{lineHeight: "64px", position: "absolute", left: "145px", right: "200px"}}
-              >
-              </Menu>
-              {
-                this.renderAccount()
-              }
-              {this.state.account && <SelectLanguageBox languages={this.state.account.organization.languages} />}
-            </div>
+            <Menu
+              items={this.renderMenu()}
+              mode={(Setting.isMobile() && this.isStartPages()) ? "inline" : "horizontal"}
+              selectedKeys={[`${this.state.selectedMenuKey}`]}
+              style={{position: "absolute", left: "145px", backgroundColor: this.state.themeAlgorithm === theme.darkAlgorithm ? "black" : "white"}}
+            />
+            {
+              this.renderAccount()
+            }
+            {this.state.account && <SelectThemeBox themes={this.state.account.organization.themes} />}
+            {this.state.account && <SelectLanguageBox languages={this.state.account.organization.languages} />}
           </Header>
-          <Content style={{backgroundColor: "#f5f5f5", alignItems: "stretch", display: "flex", flexDirection: "column"}}>
+          <Content style={{alignItems: "stretch", display: "flex", flexDirection: "column"}}>
             <Card className="content-warp-card">
               {
                 this.renderRouter()
@@ -570,11 +592,11 @@ class App extends Component {
     } else {
       return (
         <Layout>
-          <Header style={{padding: "0", marginBottom: "3px"}}>
+          <Header style={{padding: "0", marginBottom: "3px", backgroundColor: this.state.themeAlgorithm === theme.darkAlgorithm ? "black" : "white"}}>
             {
               Setting.isMobile() ? null : (
                 <Link to={"/"}>
-                  <div className="logo" />
+                  <div className="logo" style={{background: `url(${this.state.logo})`}} />
                 </Link>
               )
             }
@@ -592,12 +614,11 @@ class App extends Component {
             <Button icon={<BarsOutlined />} onClick={this.showMenu} type="text">
               {i18next.t("general:Menu")}
             </Button>
-            <div style = {{float: "right"}}>
-              {
-                this.renderAccount()
-              }
-              {this.state.account && <SelectLanguageBox languages={this.state.account.organization.languages} />}
-            </div>
+            {
+              this.renderAccount()
+            }
+            {this.state.account && <SelectThemeBox themes={this.state.account.organization.themes} />}
+            {this.state.account && <SelectLanguageBox languages={this.state.account.organization.languages} />}
           </Header>
           <Content style={{display: "flex", flexDirection: "column"}} >{
             this.renderRouter()}
@@ -617,12 +638,10 @@ class App extends Component {
         {!this.state.account ? null : <div style={{display: "none"}} id="CasdoorApplicationName" value={this.state.account.signupApplication} />}
         <Footer id="footer" style={
           {
-            borderTop: "1px solid #e8e8e8",
-            backgroundColor: "white",
             textAlign: "center",
           }
         }>
-          Powered by <a target="_blank" href="https://casdoor.org" rel="noreferrer"><img style={{paddingBottom: "3px"}} height={"20px"} alt={"Casdoor"} src={`${Setting.StaticBaseUrl}/img/casdoor-logo_1185x256.png`} /></a>
+          Powered by <a target="_blank" href="https://casdoor.org" rel="noreferrer"><img style={{paddingBottom: "3px"}} height={"20px"} alt={"Casdoor"} src={this.state.logo} /></a>
         </Footer>
       </React.Fragment>
     );
@@ -690,6 +709,7 @@ class App extends Component {
               colorPrimary: "rgb(89,54,213)",
               colorInfo: "rgb(89,54,213)",
             },
+            algorithm: this.state.themeAlgorithm,
           }}>
             {
               this.renderPage()
@@ -711,6 +731,7 @@ class App extends Component {
             colorPrimary: "rgb(89,54,213)",
             colorInfo: "rgb(89,54,213)",
           },
+          algorithm: this.state.themeAlgorithm,
         }}>
           {
             this.renderPage()

web/src/App.less

@@ -13,14 +13,12 @@
 }
 
 .App-header {
-  background-color: #282c34;
   min-height: 100vh;
   display: flex;
   flex-direction: column;
   align-items: center;
   justify-content: center;
   font-size: calc(10px + 2vmin);
-  color: white;
 }
 
 .App-link {
@@ -41,7 +39,6 @@ img {
   flex-direction: column;
   height: 100%;
   min-height: 100vh;
-  background-color: #f5f5f5;
 }
 
 .panel-logo {
@@ -55,7 +52,7 @@ img {
   background-repeat: no-repeat;
   border-radius: 5px;
   width: 45px;
-  height: 65px;
+  height: 100%;
   float: right;
   cursor: pointer;
 
@@ -64,9 +61,32 @@ img {
   }
 }
 
+.login-form .language-box {
+  height: 65px;
+}
+
+.theme-box {
+  background: url("@{StaticBaseUrl}/img/muti_language.svg");
+  background-size: 25px, 25px;
+  background-position: center !important;
+  background-repeat: no-repeat !important;
+  border-radius: 5px;
+  width: 45px;
+  height: 100%;
+  float: right;
+  cursor: pointer;
+
+  &:hover {
+    background-color: #f5f5f5 !important;
+  }
+}
+
 .rightDropDown {
+  border-radius: 7px;
+
   &:hover {
     background-color: #f5f5f5;
+    color: black;
   }
 }
 
@@ -128,3 +148,9 @@ img {
   background-size: 100% 100%;
   background-attachment: fixed;
 }
+
+.ant-menu-horizontal {
+  border-bottom: none !important;
+  margin-right: 30px;
+  right: 230px;
+}

web/src/ApplicationEditPage.js

@@ -726,7 +726,7 @@ class ApplicationEditPage extends React.Component {
   renderSignupSigninPreview() {
     let signUpUrl = `/signup/${this.state.application.name}`;
     const signInUrl = `/login/oauth/authorize?client_id=${this.state.application.clientId}&response_type=code&redirect_uri=${this.state.application.redirectUris[0]}&scope=read&state=casdoor`;
-    const maskStyle = {position: "absolute", top: "0px", left: "0px", zIndex: 10, height: "100%", width: "100%", background: "rgba(0,0,0,0.4)"};
+    const maskStyle = {position: "absolute", top: "0px", left: "0px", zIndex: 10, height: "97%", width: "100%", background: "rgba(0,0,0,0.4)"};
     if (!this.state.application.enablePassword) {
       signUpUrl = signInUrl.replace("/login/oauth/authorize", "/signup/oauth/authorize");
     }
@@ -742,15 +742,19 @@ class ApplicationEditPage extends React.Component {
             {i18next.t("application:Copy signup page URL")}
           </Button>
           <br />
-          <div style={{position: "relative", width: previewWidth, border: "1px solid rgb(217,217,217)", boxShadow: "10px 10px 5px #888888", alignItems: "center", overflow: "auto", flexDirection: "column", flex: "auto"}}>
+          <div style={{position: "relative", width: previewWidth, border: "1px solid rgb(217,217,217)", boxShadow: "10px 10px 5px #888888", overflow: "auto"}}>
             {
               this.state.application.enablePassword ? (
-                <SignupPage application={this.state.application} />
+                <div className="loginBackground" style={{backgroundImage: `url(${this.state.application?.formBackgroundUrl})`, overflow: "auto"}}>
+                  <SignupPage application={this.state.application} preview = "auto" />
+                </div>
               ) : (
-                <LoginPage type={"login"} mode={"signup"} application={this.state.application} />
+                <div className="loginBackground" style={{backgroundImage: `url(${this.state.application?.formBackgroundUrl})`, overflow: "auto"}}>
+                  <LoginPage type={"login"} mode={"signup"} application={this.state.application} preview = "auto" />
+                </div>
               )
             }
-            <div style={maskStyle} />
+            <div style={{overflow: "auto", ...maskStyle}} />
           </div>
         </Col>
         <Col span={previewGrid}>
@@ -762,9 +766,11 @@ class ApplicationEditPage extends React.Component {
             {i18next.t("application:Copy signin page URL")}
           </Button>
           <br />
-          <div style={{position: "relative", width: previewWidth, border: "1px solid rgb(217,217,217)", boxShadow: "10px 10px 5px #888888", alignItems: "center", overflow: "auto", flexDirection: "column", flex: "auto"}}>
-            <LoginPage type={"login"} mode={"signin"} application={this.state.application} />
-            <div style={maskStyle} />
+          <div style={{position: "relative", width: previewWidth, border: "1px solid rgb(217,217,217)", boxShadow: "10px 10px 5px #888888", overflow: "auto"}}>
+            <div className="loginBackground" style={{backgroundImage: `url(${this.state.application?.formBackgroundUrl})`, overflow: "auto"}}>
+              <LoginPage type={"login"} mode={"signin"} application={this.state.application} preview = "auto" />
+            </div>
+            <div style={{overflow: "auto", ...maskStyle}} />
           </div>
         </Col>
       </React.Fragment>

web/src/SelectThemeBox.js

@@ -0,0 +1,81 @@
+// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import * as Setting from "./Setting";
+import {Dropdown} from "antd";
+import "./App.less";
+import i18next from "i18next";
+
+function themeIcon(themeKey) {
+  return <img width={24} alt={themeKey} src={getLogoURL(themeKey)} />;
+}
+
+function getLogoURL(themeKey) {
+  if (themeKey) {
+    return Setting.Themes.find(t => t.key === themeKey)["selectThemeLogo"];
+  } else {
+    return Setting.Themes.find(t => t.key === localStorage.getItem("theme"))["selectThemeLogo"];
+  }
+}
+
+class SelectThemeBox extends React.Component {
+  constructor(props) {
+    super(props);
+    this.state = {
+      classes: props,
+      themes: props.theme ?? ["Default", "Dark", "Compact"],
+      icon: null,
+    };
+  }
+
+  items = this.getThemes();
+
+  componentDidMount() {
+    i18next.on("languageChanged", () => {
+      this.items = this.getThemes();
+    });
+    localStorage.getItem("theme") ? this.setState({"icon": getLogoURL()}) : this.setState({"icon": getLogoURL("Default")});
+    addEventListener("themeChange", (e) => {
+      this.setState({"icon": getLogoURL()});
+    });
+  }
+
+  getThemes() {
+    return Setting.Themes.map((theme) => Setting.getItem(i18next.t(`general:${theme.label}`), theme.key, themeIcon(theme.key)));
+  }
+
+  getOrganizationThemes(themes) {
+    const select = [];
+    for (const theme of themes) {
+      this.items.map((item, index) => item.key === theme ? select.push(item) : null);
+    }
+    return select;
+  }
+
+  render() {
+    const themeItems = this.getOrganizationThemes(this.state.themes);
+    const onClick = (e) => {
+      Setting.setTheme(e.key);
+    };
+
+    return (
+      <Dropdown menu={{items: themeItems, onClick}} >
+        <div className="theme-box" style={{display: themeItems.length === 0 ? "none" : null, background: `url(${this.state.icon})`, ...this.props.style}} />
+      </Dropdown>
+    );
+  }
+}
+
+export default SelectThemeBox;

web/src/Setting.js

@@ -14,7 +14,7 @@
 
 import React from "react";
 import {Link} from "react-router-dom";
-import {Tag, Tooltip, message} from "antd";
+import {Tag, Tooltip, message, theme} from "antd";
 import {QuestionCircleTwoTone} from "@ant-design/icons";
 import {isMobile as isMobileDevice} from "react-device-detect";
 import "./i18n";
@@ -43,6 +43,13 @@ export const Countries = [{label: "English", key: "en", country: "US", alt: "Eng
   {label: "Русский", key: "ru", country: "RU", alt: "Русский"},
 ];
 
+const {defaultAlgorithm, darkAlgorithm, compactAlgorithm} = theme;
+
+export const Themes = [{label: "Dark", key: "Dark", style: darkAlgorithm, selectThemeLogo: `${StaticBaseUrl}/img/dark.svg`},
+  {label: "Compact", key: "Compact", style: compactAlgorithm, selectThemeLogo: `${StaticBaseUrl}/img/compact.svg`},
+  {label: "Default", key: "Default", style: defaultAlgorithm, selectThemeLogo: `${StaticBaseUrl}/img/light.svg`},
+];
+
 export const OtherProviderInfo = {
   SMS: {
     "Aliyun SMS": {
@@ -562,6 +569,14 @@ export function getAvatarColor(s) {
   return colorList[hash % 4];
 }
 
+export function getLogo(theme) {
+  if (theme === "Dark") {
+    return `${StaticBaseUrl}/img/casdoor-logo_1185x256_dark.png`;
+  } else {
+    return `${StaticBaseUrl}/img/casdoor-logo_1185x256.png`;
+  }
+}
+
 export function getLanguageText(text) {
   if (!text.includes("|")) {
     return text;
@@ -587,6 +602,11 @@ export function setLanguage(language) {
   i18next.changeLanguage(language);
 }
 
+export function setTheme(themeKey) {
+  localStorage.setItem("theme", themeKey);
+  dispatchEvent(new Event("themeChange"));
+}
+
 export function getAcceptLanguage() {
   if (i18next.language === null || i18next.language === "") {
     return "en;q=0.9,en;q=0.8";
@@ -800,7 +820,7 @@ export function renderLoginLink(application, text) {
 export function redirectToLoginPage(application, history) {
   const loginLink = getLoginLink(application);
   if (loginLink.indexOf("http") === 0 || loginLink.indexOf("https") === 0) {
-    openLink(loginLink);
+    window.location.replace(loginLink);
   }
   history.push(loginLink);
 }

web/src/UserEditPage.js

@@ -28,11 +28,7 @@ import SamlWidget from "./common/SamlWidget";
 import SelectRegionBox from "./SelectRegionBox";
 import WebAuthnCredentialTable from "./WebauthnCredentialTable";
 import ManagedAccountTable from "./ManagedAccountTable";
-
-import {Controlled as CodeMirror} from "react-codemirror2";
-import "codemirror/lib/codemirror.css";
-require("codemirror/theme/material-darker.css");
-require("codemirror/mode/javascript/javascript");
+import PropertyTable from "./propertyTable";
 
 const {Option} = Select;
 
@@ -490,13 +486,10 @@ class UserEditPage extends React.Component {
       return (
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {i18next.t("user:Properties")}:
+            {Setting.getLabel(i18next.t("user:Properties"), i18next.t("user:Properties - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <CodeMirror
-              value={JSON.stringify(this.state.user.properties, null, 4)}
-              options={{mode: "javascript", theme: "material-darker"}}
-            />
+            <PropertyTable properties={this.state.user.properties} onUpdateTable={(value) => {this.updateUserField("properties", value);}} />
           </Col>
         </Row>
       );
@@ -507,7 +500,7 @@ class UserEditPage extends React.Component {
             {Setting.getLabel(i18next.t("user:Is admin"), i18next.t("user:Is admin - Tooltip"))} :
           </Col>
           <Col span={(Setting.isMobile()) ? 22 : 2} >
-            <Switch disabled={this.state.user.owner === "built-in"} checked={this.state.user.isAdmin} onChange={checked => {
+            <Switch disabled={disabled} checked={this.state.user.isAdmin} onChange={checked => {
               this.updateUserField("isAdmin", checked);
             }} />
           </Col>
@@ -520,7 +513,7 @@ class UserEditPage extends React.Component {
             {Setting.getLabel(i18next.t("user:Is global admin"), i18next.t("user:Is global admin - Tooltip"))} :
           </Col>
           <Col span={(Setting.isMobile()) ? 22 : 2} >
-            <Switch disabled={this.state.user.owner === "built-in"} checked={this.state.user.isGlobalAdmin} onChange={checked => {
+            <Switch disabled={disabled} checked={this.state.user.isGlobalAdmin} onChange={checked => {
               this.updateUserField("isGlobalAdmin", checked);
             }} />
           </Col>

web/src/auth/AuthCallback.js

@@ -20,6 +20,7 @@ import * as Util from "./Util";
 import {authConfig} from "./Auth";
 import * as Setting from "../Setting";
 import i18next from "i18next";
+import RedirectForm from "../common/RedirectForm";
 
 class AuthCallback extends React.Component {
   constructor(props) {
@@ -27,6 +28,9 @@ class AuthCallback extends React.Component {
     this.state = {
       classes: props,
       msg: null,
+      samlResponse: "",
+      relayState: "",
+      redirectUrl: "",
     };
   }
 
@@ -164,9 +168,17 @@ class AuthCallback extends React.Component {
             const from = innerParams.get("from");
             Setting.goToLinkSoft(this, from);
           } else if (responseType === "saml") {
-            const SAMLResponse = res.data;
-            const redirectUri = res.data2;
-            Setting.goToLink(`${redirectUri}?SAMLResponse=${encodeURIComponent(SAMLResponse)}&RelayState=${oAuthParams.relayState}`);
+            if (res.data2.method === "POST") {
+              this.setState({
+                samlResponse: res.data,
+                redirectUrl: res.data2.redirectUrl,
+                relayState: oAuthParams.relayState,
+              });
+            } else {
+              const SAMLResponse = res.data;
+              const redirectUri = res.data2.redirectUrl;
+              Setting.goToLink(`${redirectUri}?SAMLResponse=${encodeURIComponent(SAMLResponse)}&RelayState=${oAuthParams.relayState}`);
+            }
           }
         } else {
           this.setState({
@@ -177,6 +189,10 @@ class AuthCallback extends React.Component {
   }
 
   render() {
+    if (this.state.samlResponse !== "") {
+      return <RedirectForm samlResponse={this.state.samlResponse} redirectUrl={this.state.redirectUrl} relayState={this.state.relayState} />;
+    }
+
     return (
       <div style={{display: "flex", justifyContent: "center", alignItems: "center"}}>
         {

web/src/auth/CasLogout.js

@@ -40,6 +40,7 @@ class CasLogout extends React.Component {
         if (res.status === "ok") {
           Setting.showMessage("success", "Logged out successfully");
           this.props.onUpdateAccount(null);
+          this.onUpdateApplication(null);
           const redirectUri = res.data2;
           if (redirectUri !== null && redirectUri !== undefined && redirectUri !== "") {
             Setting.goToLink(redirectUri);
@@ -49,6 +50,7 @@ class CasLogout extends React.Component {
             Setting.goToLinkSoft(this, `/cas/${this.state.owner}/${this.state.applicationName}/login`);
           }
         } else {
+          this.onUpdateApplication(null);
           Setting.showMessage("error", `Failed to log out: ${res.msg}`);
         }
       });

web/src/auth/LoginPage.js

@@ -102,6 +102,7 @@ class LoginPage extends React.Component {
           });
         } else {
           // Setting.showMessage("error", res.msg);
+          this.onUpdateApplication(null);
           this.setState({
             application: res.data,
             msg: res.msg,
@@ -133,6 +134,7 @@ class LoginPage extends React.Component {
               applicationName: res.data.name,
             });
           } else {
+            this.onUpdateApplication(null);
             Setting.showMessage("error", res.msg);
           }
         });
@@ -318,15 +320,15 @@ class LoginPage extends React.Component {
               const accessToken = res.data;
               Setting.goToLink(`${oAuthParams.redirectUri}#${responseType}=${accessToken}?state=${oAuthParams.state}&token_type=bearer`);
             } else if (responseType === "saml") {
-              const SAMLResponse = res.data;
-              const redirectUri = res.data2;
-              if (this.state.application.assertionConsumerUrl !== "") {
+              if (res.data2.method === "POST") {
                 this.setState({
                   samlResponse: res.data,
-                  redirectUrl: res.data2,
+                  redirectUrl: res.data2.redirectUrl,
                   relayState: oAuthParams.relayState,
                 });
               } else {
+                const SAMLResponse = res.data;
+                const redirectUri = res.data2.redirectUrl;
                 Setting.goToLink(`${redirectUri}?SAMLResponse=${encodeURIComponent(SAMLResponse)}&RelayState=${oAuthParams.relayState}`);
               }
             }
@@ -614,13 +616,13 @@ class LoginPage extends React.Component {
       this.sendSilentSigninData("signing-in");
 
       const values = {};
-      values["application"] = this.state.application.name;
+      values["application"] = application.name;
       this.onFinish(values);
     }
 
     if (application.enableAutoSignin) {
       const values = {};
-      values["application"] = this.state.application.name;
+      values["application"] = application.name;
       this.onFinish(values);
     }
 
@@ -635,7 +637,7 @@ class LoginPage extends React.Component {
         <br />
         <SelfLoginButton account={this.props.account} onClick={() => {
           const values = {};
-          values["application"] = this.state.application.name;
+          values["application"] = application.name;
           this.onFinish(values);
         }} />
         <br />
@@ -800,7 +802,7 @@ class LoginPage extends React.Component {
     return (
       <React.Fragment>
         <CustomGithubCorner />
-        <div className="login-content" style={{margin: this.parseOffset(application.formOffset)}}>
+        <div className="login-content" style={{margin: this.props.preview ?? this.parseOffset(application.formOffset)}}>
           {Setting.inIframe() || Setting.isMobile() ? null : <div dangerouslySetInnerHTML={{__html: application.formCss}} />}
           <div className="login-panel">
             <div className="side-image" style={{display: application.formOffset !== 4 ? "none" : null}}>

web/src/auth/SignupPage.js

@@ -637,7 +637,7 @@ class SignupPage extends React.Component {
     return (
       <React.Fragment>
         <CustomGithubCorner />
-        <div className="login-content" style={{margin: this.parseOffset(application.formOffset)}}>
+        <div className="login-content" style={{margin: this.props.preview ?? this.parseOffset(application.formOffset)}}>
           {Setting.inIframe() || Setting.isMobile() ? null : <div dangerouslySetInnerHTML={{__html: application.formCss}} />}
           <div className="login-panel" >
             <div className="side-image" style={{display: application.formOffset !== 4 ? "none" : null}}>

web/src/index.css

@@ -28,7 +28,7 @@ code {
 
 .logo {
   background: url("https://cdn.casbin.org/img/casdoor-logo_1185x256.png");
-  background-size: 130px, 27px;
+  background-size: 130px, 27px !important;
   width: 130px;
   height: 27px;
   margin: 17px 0 16px 15px;
@@ -45,7 +45,3 @@ code {
 .ant-list-sm .ant-list-item {
   padding: 2px !important;
 }
-
-.ant-layout-header {
-  background-color: white !important;
-}

web/src/locales/de/data.json

@@ -156,7 +156,10 @@
     "Click to Upload": "Click to Upload",
     "Client IP": "Client-IP",
     "Close": "Close",
+    "Compact": "Compact",
     "Created time": "Erstellte Zeit",
+    "Dark": "Dark",
+    "Default": "Default",
     "Default application": "Default application",
     "Default application - Tooltip": "Default application - Tooltip",
     "Default avatar": "Standard Avatar",
@@ -723,6 +726,7 @@
     "Is forbidden - Tooltip": "Whether the account is disabled",
     "Is global admin": "Ist globaler Admin",
     "Is global admin - Tooltip": "Is the application global administrator",
+    "Keys": "Keys",
     "Link": "Link",
     "Location": "Standort",
     "Location - Tooltip": "Standort - Tooltip",
@@ -738,6 +742,7 @@
     "Password Set": "Passwort setzen",
     "Please select avatar from resources": "Please select avatar from resources",
     "Properties": "Eigenschaften",
+    "Properties - Tooltip": "Properties - Tooltip",
     "Re-enter New": "Neu erneut eingeben",
     "Reset Email...": "Reset Email...",
     "Reset Phone...": "Telefon zurücksetzen...",
@@ -753,6 +758,7 @@
     "Unlink": "Link aufheben",
     "Upload (.xlsx)": "Upload (.xlsx)",
     "Upload a photo": "Foto hochladen",
+    "Values": "Values",
     "WebAuthn credentials": "WebAuthn credentials",
     "input password": "Passwort eingeben"
   },

web/src/locales/en/data.json

@@ -156,7 +156,10 @@
     "Click to Upload": "Click to Upload",
     "Client IP": "Client IP",
     "Close": "Close",
+    "Compact": "Compact",
     "Created time": "Created time",
+    "Dark": "Dark",
+    "Default": "Default",
     "Default application": "Default application",
     "Default application - Tooltip": "Default application - Tooltip",
     "Default avatar": "Default avatar",
@@ -723,6 +726,7 @@
     "Is forbidden - Tooltip": "Is forbidden - Tooltip",
     "Is global admin": "Is global admin",
     "Is global admin - Tooltip": "Is global admin - Tooltip",
+    "Keys": "Keys",
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "Location - Tooltip",
@@ -738,6 +742,7 @@
     "Password Set": "Password Set",
     "Please select avatar from resources": "Please select avatar from resources",
     "Properties": "Properties",
+    "Properties - Tooltip": "Properties - Tooltip",
     "Re-enter New": "Re-enter New",
     "Reset Email...": "Reset Email...",
     "Reset Phone...": "Reset Phone...",
@@ -753,6 +758,7 @@
     "Unlink": "Unlink",
     "Upload (.xlsx)": "Upload (.xlsx)",
     "Upload a photo": "Upload a photo",
+    "Values": "Values",
     "WebAuthn credentials": "WebAuthn credentials",
     "input password": "input password"
   },

web/src/locales/fr/data.json

@@ -156,7 +156,10 @@
     "Click to Upload": "Click to Upload",
     "Client IP": "IP du client",
     "Close": "Close",
+    "Compact": "Compact",
     "Created time": "Date de création",
+    "Dark": "Dark",
+    "Default": "Default",
     "Default application": "Default application",
     "Default application - Tooltip": "Default application - Tooltip",
     "Default avatar": "Avatar par défaut",
@@ -723,6 +726,7 @@
     "Is forbidden - Tooltip": "Whether the account is disabled",
     "Is global admin": "Est un administrateur global",
     "Is global admin - Tooltip": "Is the application global administrator",
+    "Keys": "Keys",
     "Link": "Lier",
     "Location": "Localisation",
     "Location - Tooltip": "Localisation - Infobulle",
@@ -738,6 +742,7 @@
     "Password Set": "Mot de passe défini",
     "Please select avatar from resources": "Please select avatar from resources",
     "Properties": "Propriétés",
+    "Properties - Tooltip": "Properties - Tooltip",
     "Re-enter New": "Nouvelle entrée",
     "Reset Email...": "Reset Email...",
     "Reset Phone...": "Réinitialiser le téléphone...",
@@ -753,6 +758,7 @@
     "Unlink": "Délier",
     "Upload (.xlsx)": "Télécharger (.xlsx)",
     "Upload a photo": "Télécharger une photo",
+    "Values": "Values",
     "WebAuthn credentials": "WebAuthn credentials",
     "input password": "saisir le mot de passe"
   },

web/src/locales/ja/data.json

@@ -156,7 +156,10 @@
     "Click to Upload": "Click to Upload",
     "Client IP": "クライアント IP",
     "Close": "Close",
+    "Compact": "Compact",
     "Created time": "作成日時",
+    "Dark": "Dark",
+    "Default": "Default",
     "Default application": "Default application",
     "Default application - Tooltip": "Default application - Tooltip",
     "Default avatar": "デフォルトのアバター",
@@ -723,6 +726,7 @@
     "Is forbidden - Tooltip": "Whether the account is disabled",
     "Is global admin": "グローバル管理者",
     "Is global admin - Tooltip": "Is the application global administrator",
+    "Keys": "Keys",
     "Link": "リンク",
     "Location": "場所",
     "Location - Tooltip": "場所 → ツールチップ",
@@ -738,6 +742,7 @@
     "Password Set": "パスワード設定",
     "Please select avatar from resources": "Please select avatar from resources",
     "Properties": "プロパティー",
+    "Properties - Tooltip": "Properties - Tooltip",
     "Re-enter New": "新しい入力",
     "Reset Email...": "Reset Email...",
     "Reset Phone...": "電話番号をリセット...",
@@ -753,6 +758,7 @@
     "Unlink": "リンクを解除",
     "Upload (.xlsx)": "アップロード (.xlsx)",
     "Upload a photo": "写真をアップロード",
+    "Values": "Values",
     "WebAuthn credentials": "WebAuthn credentials",
     "input password": "パスワードを入力"
   },

web/src/locales/ko/data.json

@@ -156,7 +156,10 @@
     "Click to Upload": "Click to Upload",
     "Client IP": "Client IP",
     "Close": "Close",
+    "Compact": "Compact",
     "Created time": "Created time",
+    "Dark": "Dark",
+    "Default": "Default",
     "Default application": "Default application",
     "Default application - Tooltip": "Default application - Tooltip",
     "Default avatar": "Default avatar",
@@ -723,6 +726,7 @@
     "Is forbidden - Tooltip": "Whether the account is disabled",
     "Is global admin": "Is global admin",
     "Is global admin - Tooltip": "Is the application global administrator",
+    "Keys": "Keys",
     "Link": "Link",
     "Location": "Location",
     "Location - Tooltip": "Location - Tooltip",
@@ -738,6 +742,7 @@
     "Password Set": "Password Set",
     "Please select avatar from resources": "Please select avatar from resources",
     "Properties": "Properties",
+    "Properties - Tooltip": "Properties - Tooltip",
     "Re-enter New": "Re-enter New",
     "Reset Email...": "Reset Email...",
     "Reset Phone...": "Reset Phone...",
@@ -753,6 +758,7 @@
     "Unlink": "Unlink",
     "Upload (.xlsx)": "Upload (.xlsx)",
     "Upload a photo": "Upload a photo",
+    "Values": "Values",
     "WebAuthn credentials": "WebAuthn credentials",
     "input password": "input password"
   },

web/src/locales/ru/data.json

@@ -156,7 +156,10 @@
     "Click to Upload": "Нажмите здесь, чтобы загрузить",
     "Client IP": "IP клиента",
     "Close": "Close",
+    "Compact": "Compact",
     "Created time": "Время создания",
+    "Dark": "Dark",
+    "Default": "Default",
     "Default application": "Default application",
     "Default application - Tooltip": "Default application - Tooltip",
     "Default avatar": "Аватар по умолчанию",
@@ -723,6 +726,7 @@
     "Is forbidden - Tooltip": "Whether the account is disabled",
     "Is global admin": "Глобальный администратор",
     "Is global admin - Tooltip": "Is the application global administrator",
+    "Keys": "Keys",
     "Link": "Ссылка",
     "Location": "Местоположение",
     "Location - Tooltip": "Расположение - Подсказка",
@@ -738,6 +742,7 @@
     "Password Set": "Пароль установлен",
     "Please select avatar from resources": "Please select avatar from resources",
     "Properties": "Свойства",
+    "Properties - Tooltip": "Properties - Tooltip",
     "Re-enter New": "Введите еще раз",
     "Reset Email...": "Reset Email...",
     "Reset Phone...": "Сбросить телефон...",
@@ -753,6 +758,7 @@
     "Unlink": "Отвязать",
     "Upload (.xlsx)": "Загрузить (.xlsx)",
     "Upload a photo": "Загрузить фото",
+    "Values": "Values",
     "WebAuthn credentials": "WebAuthn credentials",
     "input password": "пароль для ввода"
   },

web/src/locales/zh/data.json

@@ -156,7 +156,10 @@
     "Click to Upload": "点击上传",
     "Client IP": "客户端IP",
     "Close": "关闭",
+    "Compact": "紧凑",
     "Created time": "创建时间",
+    "Dark": "黑暗",
+    "Default": "默认",
     "Default application": "默认应用",
     "Default application - Tooltip": "默认应用",
     "Default avatar": "默认头像",
@@ -723,6 +726,7 @@
     "Is forbidden - Tooltip": "账户是否已被禁用",
     "Is global admin": "是全局管理员",
     "Is global admin - Tooltip": "是应用程序管理员",
+    "Keys": "键",
     "Link": "绑定",
     "Location": "城市",
     "Location - Tooltip": "居住地址所在的城市",
@@ -738,6 +742,7 @@
     "Password Set": "密码已设置",
     "Please select avatar from resources": "从资源中选择...",
     "Properties": "属性",
+    "Properties - Tooltip": "属性",
     "Re-enter New": "重复新密码",
     "Reset Email...": "重置邮箱...",
     "Reset Phone...": "重置手机号...",
@@ -753,6 +758,7 @@
     "Unlink": "解绑",
     "Upload (.xlsx)": "上传（.xlsx）",
     "Upload a photo": "上传头像",
+    "Values": "值",
     "WebAuthn credentials": "WebAuthn凭据",
     "input password": "输入密码"
   },

web/src/propertyTable.js

@@ -0,0 +1,131 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Button, Input, Table} from "antd";
+import i18next from "i18next";
+import {DeleteOutlined} from "@ant-design/icons";
+import * as Setting from "./Setting";
+
+class PropertyTable extends React.Component {
+  constructor(props) {
+    super(props);
+    this.state = {
+      properties: [],
+      count: Object.entries(this.props.properties).length,
+    };
+    // transfer the Object to object[]
+    Object.entries(this.props.properties).map((item, index) => {
+      this.state.properties.push({key: index, name: item[0], value: item[1]});
+    });
+  }
+
+  page = 1;
+
+  updateTable(table) {
+    this.setState({properties: table});
+    const properties = {};
+    table.map((item) => {
+      properties[item.name] = item.value;
+    });
+    this.props.onUpdateTable(properties);
+  }
+
+  addRow(table) {
+    const row = {key: this.state.count, name: "", value: ""};
+    if (table === undefined) {
+      table = [];
+    }
+    table = Setting.addRow(table, row);
+    this.setState({count: this.state.count + 1});
+    this.updateTable(table);
+  }
+
+  deleteRow(table, index) {
+    table = Setting.deleteRow(table, this.getIndex(index));
+    this.updateTable(table);
+  }
+
+  getIndex(index) {
+    // Parameter is the row index in table, need to calculate the index in dataSource. 10 is the pageSize.
+    return index + (this.page - 1) * 10;
+  }
+
+  updateField(table, index, key, value) {
+    table[this.getIndex(index)][key] = value;
+    this.updateTable(table);
+  }
+
+  renderTable(table) {
+    const columns = [
+      {
+        title: i18next.t("user:Keys"),
+        dataIndex: "name",
+        width: "200px",
+        render: (text, record, index) => {
+          return (
+            <Input value={text} onChange={e => {
+              this.updateField(table, index, "name", e.target.value);
+            }} />
+          );
+        },
+      },
+      {
+        title: i18next.t("user:Values"),
+        dataIndex: "value",
+        width: "200px",
+        render: (text, record, index) => {
+          return (
+            <Input value={text} onChange={e => {
+              this.updateField(table, index, "value", e.target.value);
+            }} />
+          );
+        },
+      },
+      {
+        title: i18next.t("general:Action"),
+        dataIndex: "operation",
+        width: "20px",
+        render: (text, record, index) => {
+          return (
+            <Button icon={<DeleteOutlined />} size="small" onClick={() => this.deleteRow(table, index)} />
+          );
+        },
+      },
+    ];
+
+    return (
+      <Table title={() => (
+        <div>
+          <Button style={{marginRight: "5px"}} type="primary" size="small" onClick={() => this.addRow(table)}>{i18next.t("general:Add")}</Button>
+        </div>
+      )}
+      pagination={{onChange: page => {this.page = page;}}}
+      columns={columns} dataSource={table} rowKey="key" size="middle" bordered
+      />
+    );
+  }
+
+  render() {
+    return (
+      <React.Fragment>
+        {
+          this.renderTable(this.state.properties)
+        }
+      </React.Fragment>
+    );
+  }
+}
+
+export default PropertyTable;