feat: add LDAP custom filter support (#1719 )

* refactor: improve ldap server code * feat: custom filter * fix: fix displayName mapping * feat: add custom filter search fields * chore: add license * chore: i18n * chore: i18n * chore: update init field
fix: update webAuthnBufferDecode to support Base64URL for WebAuthn updates (#1734 )
2025-08-20 19:00:41 +08:00 · 2023-04-13 14:12:31 +08:00 · 2023-04-12 21:33:54 +08:00 · 2023-04-11 22:38:00 +08:00 · 2023-04-11 19:26:57 +08:00 · 2023-04-10 22:42:12 +08:00
124 changed files with 4186 additions and 1786 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -17,10 +17,11 @@ jobs:
          - 3306:3306
        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v2
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
        with:
          go-version: '^1.16.5'
+          cache-dependency-path: ./go.mod
      - name: Tests
        run: |
          go test -v $(go list ./...) -tags skipCi
@@ -31,14 +32,12 @@ jobs:
    runs-on: ubuntu-latest
    needs: [ go-tests ]
    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v2
+      - uses: actions/checkout@v3
+      - uses: actions/setup-node@v3
        with:
          node-version: 16
-      # cache
-      - uses: c-hive/gha-yarn-cache@v2
-        with:
-          directory: ./web
+          cache: 'yarn'
+          cache-dependency-path: ./web/yarn.lock
      - run: yarn install && CI=false yarn run build
        working-directory: ./web

@@ -47,10 +46,11 @@ jobs:
    runs-on: ubuntu-latest
    needs: [ go-tests ]
    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v2
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
        with:
          go-version: '^1.16.5'
+          cache-dependency-path: ./go.mod
      - run: go version
      - name: Build
        run: |
@@ -63,9 +63,10 @@ jobs:
    needs: [ go-tests ]
    steps:
      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@v4
        with:
          go-version: '^1.16.5'
+          cache-dependency-path: ./go.mod

      # gen a dummy config file
      - run: touch dummy.yml
@@ -90,27 +91,27 @@ jobs:
          - 3306:3306
        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
    steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-go@v2
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
        with:
          go-version: '^1.16.5'
-      - uses: actions/setup-node@v2
-        with:
-          node-version: 16    
-      - name: back start
+          cache-dependency-path: ./go.mod
+      - name: start backend
        run: nohup go run ./main.go &
        working-directory: ./
-      - name: front install
-        run: yarn install
-        working-directory: ./web
-      - name: front start
-        run: nohup yarn start &
-        working-directory: ./web  
-      - uses: cypress-io/github-action@v4
+      - uses: actions/setup-node@v3
        with:
+          node-version: 16
+          cache: 'yarn'
+          cache-dependency-path: ./web/yarn.lock
+      - run: yarn install
        working-directory: ./web
+      - uses: cypress-io/github-action@v5
+        with:
+          start: yarn start
          wait-on: 'http://localhost:7001'
          wait-on-timeout: 180
+          working-directory: ./web

      - uses: actions/upload-artifact@v3
        if: failure()
@@ -130,11 +131,11 @@ jobs:
    needs: [ frontend, backend, linter, e2e ]
    steps:
      - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
        with:
          fetch-depth: -1
      - name: Setup Node.js
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v3
        with:
          node-version: 16

--- a/authz/authz.go
+++ b/authz/authz.go
@@ -108,6 +108,7 @@ p, *, *, POST, /api/set-password, *, *
 p, *, *, POST, /api/send-verification-code, *, *
 p, *, *, GET, /api/get-captcha, *, *
 p, *, *, POST, /api/verify-captcha, *, *
+p, *, *, POST, /api/verify-code, *, *
 p, *, *, POST, /api/reset-email-or-phone, *, *
 p, *, *, POST, /api/upload-resource, *, *
 p, *, *, GET, /.well-known/openid-configuration, *, *
--- a/conf/app.conf
+++ b/conf/app.conf
@@ -20,5 +20,5 @@ staticBaseUrl = "https://cdn.casbin.org"
 isDemoMode = false
 batchSize = 100
 ldapServerPort = 389
-languages = en,zh,es,fr,de,id,ja,ko,ru,vi
+languages = en,zh,es,fr,de,id,ja,ko,ru,vn
 quota = {"organization": -1, "user": -1, "application": -1, "provider": -1}
--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -246,33 +246,14 @@ func (c *ApiController) Login() {
 		var msg string

 		if form.Password == "" {
-			var verificationCodeType string
-			var checkResult string
-
-			if form.Name != "" {
-				user = object.GetUserByFields(form.Organization, form.Name)
-			}
-
-			// check result through Email or Phone
-			var checkDest string
-			if strings.Contains(form.Username, "@") {
-				verificationCodeType = "email"
-				if user != nil && util.GetMaskedEmail(user.Email) == form.Username {
-					form.Username = user.Email
-				}
-				checkDest = form.Username
-			} else {
-				verificationCodeType = "phone"
-				if user != nil && util.GetMaskedPhone(user.Phone) == form.Username {
-					form.Username = user.Phone
-				}
-			}
-
 			if user = object.GetUserByFields(form.Organization, form.Username); user == nil {
 				c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(form.Organization, form.Username)))
 				return
 			}
-			if verificationCodeType == "phone" {
+
+			verificationCodeType := object.GetVerifyType(form.Username)
+			var checkDest string
+			if verificationCodeType == object.VerifyTypePhone {
 				form.CountryCode = user.GetCountryCode(form.CountryCode)
 				var ok bool
 				if checkDest, ok = util.GetE164Number(form.Username, form.CountryCode); !ok {
@@ -281,7 +262,8 @@ func (c *ApiController) Login() {
 				}
 			}

-			checkResult = object.CheckSigninCode(user, checkDest, form.Code, c.GetAcceptLanguage())
+			// check result through Email or Phone
+			checkResult := object.CheckSigninCode(user, checkDest, form.Code, c.GetAcceptLanguage())
 			if len(checkResult) != 0 {
 				c.ResponseError(fmt.Sprintf("%s - %s", verificationCodeType, checkResult))
 				return
--- a/controllers/cas.go
+++ b/controllers/cas.go
@@ -72,6 +72,11 @@ func (c *RootController) CasProxyValidate() {
 	c.CasP3ServiceAndProxyValidate()
 }

+func queryUnescape(service string) string {
+	s, _ := url.QueryUnescape(service)
+	return s
+}
+
 func (c *RootController) CasP3ServiceAndProxyValidate() {
 	ticket := c.Input().Get("ticket")
 	format := c.Input().Get("format")
@@ -91,7 +96,7 @@ func (c *RootController) CasP3ServiceAndProxyValidate() {
 	// find the token
 	if ok {
 		// check whether service is the one for which we previously issued token
-		if strings.HasPrefix(service, issuedService) {
+		if strings.HasPrefix(service, issuedService) || strings.HasPrefix(queryUnescape(service), issuedService) {
 			serviceResponse.Success = response
 		} else {
 			// service not match
--- a/controllers/chat.go
+++ b/controllers/chat.go
@@ -0,0 +1,123 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/beego/beego/utils/pagination"
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
+)
+
+// GetChats
+// @Title GetChats
+// @Tag Chat API
+// @Description get chats
+// @Param   owner     query    string  true        "The owner of chats"
+// @Success 200 {array} object.Chat The Response object
+// @router /get-chats [get]
+func (c *ApiController) GetChats() {
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	if limit == "" || page == "" {
+		c.Data["json"] = object.GetMaskedChats(object.GetChats(owner))
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetChatCount(owner, field, value)))
+		chats := object.GetMaskedChats(object.GetPaginationChats(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
+		c.ResponseOk(chats, paginator.Nums())
+	}
+}
+
+// GetChat
+// @Title GetChat
+// @Tag Chat API
+// @Description get chat
+// @Param   id     query    string  true        "The id ( owner/name ) of the chat"
+// @Success 200 {object} object.Chat The Response object
+// @router /get-chat [get]
+func (c *ApiController) GetChat() {
+	id := c.Input().Get("id")
+
+	c.Data["json"] = object.GetMaskedChat(object.GetChat(id))
+	c.ServeJSON()
+}
+
+// UpdateChat
+// @Title UpdateChat
+// @Tag Chat API
+// @Description update chat
+// @Param   id     query    string  true        "The id ( owner/name ) of the chat"
+// @Param   body    body   object.Chat  true        "The details of the chat"
+// @Success 200 {object} controllers.Response The Response object
+// @router /update-chat [post]
+func (c *ApiController) UpdateChat() {
+	id := c.Input().Get("id")
+
+	var chat object.Chat
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &chat)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.UpdateChat(id, &chat))
+	c.ServeJSON()
+}
+
+// AddChat
+// @Title AddChat
+// @Tag Chat API
+// @Description add chat
+// @Param   body    body   object.Chat  true        "The details of the chat"
+// @Success 200 {object} controllers.Response The Response object
+// @router /add-chat [post]
+func (c *ApiController) AddChat() {
+	var chat object.Chat
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &chat)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.AddChat(&chat))
+	c.ServeJSON()
+}
+
+// DeleteChat
+// @Title DeleteChat
+// @Tag Chat API
+// @Description delete chat
+// @Param   body    body   object.Chat  true        "The details of the chat"
+// @Success 200 {object} controllers.Response The Response object
+// @router /delete-chat [post]
+func (c *ApiController) DeleteChat() {
+	var chat object.Chat
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &chat)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.DeleteChat(&chat))
+	c.ServeJSON()
+}
--- a/controllers/ldap.go
+++ b/controllers/ldap.go
@@ -65,7 +65,7 @@ func (c *ApiController) GetLdapUsers() {
 	//	})
 	//}

-	users, err := conn.GetLdapUsers(ldapServer.BaseDn)
+	users, err := conn.GetLdapUsers(ldapServer)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -81,6 +81,7 @@ func (c *ApiController) GetLdapUsers() {
 			GroupId:   user.GidNumber,
 			// GroupName: groupsMap[user.GidNumber].Cn,
 			Uuid:        user.Uuid,
+			DisplayName: user.DisplayName,
 			Email:       util.GetMaxLenStr(user.Mail, user.Email, user.EmailAddress),
 			Phone:       util.GetMaxLenStr(user.TelephoneNumber, user.Mobile, user.MobileTelephoneNumber),
 			Address:     util.GetMaxLenStr(user.RegisteredAddress, user.PostalAddress),
@@ -131,7 +132,7 @@ func (c *ApiController) AddLdap() {
 		return
 	}

-	if util.IsStringsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Admin, ldap.Passwd, ldap.BaseDn) {
+	if util.IsStringsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Username, ldap.Password, ldap.BaseDn) {
 		c.ResponseError(c.T("general:Missing parameter"))
 		return
 	}
@@ -160,7 +161,7 @@ func (c *ApiController) AddLdap() {
 func (c *ApiController) UpdateLdap() {
 	var ldap object.Ldap
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldap)
-	if err != nil || util.IsStringsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Admin, ldap.Passwd, ldap.BaseDn) {
+	if err != nil || util.IsStringsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Username, ldap.Password, ldap.BaseDn) {
 		c.ResponseError(c.T("general:Missing parameter"))
 		return
 	}
--- a/controllers/ldapserver.go
+++ b/controllers/ldapserver.go
@@ -1,138 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"fmt"
-	"log"
-
-	"github.com/casdoor/casdoor/conf"
-	"github.com/casdoor/casdoor/object"
-	"github.com/forestmgy/ldapserver"
-	"github.com/lor00x/goldap/message"
-)
-
-func StartLdapServer() {
-	server := ldapserver.NewServer()
-	routes := ldapserver.NewRouteMux()
-
-	routes.Bind(handleBind)
-	routes.Search(handleSearch).Label(" SEARCH****")
-
-	server.Handle(routes)
-	server.ListenAndServe("0.0.0.0:" + conf.GetConfigString("ldapServerPort"))
-}
-
-func handleBind(w ldapserver.ResponseWriter, m *ldapserver.Message) {
-	r := m.GetBindRequest()
-	res := ldapserver.NewBindResponse(ldapserver.LDAPResultSuccess)
-
-	if r.AuthenticationChoice() == "simple" {
-		bindusername, bindorg, err := object.GetNameAndOrgFromDN(string(r.Name()))
-		if err != "" {
-			log.Printf("Bind failed ,ErrMsg=%s", err)
-			res.SetResultCode(ldapserver.LDAPResultInvalidDNSyntax)
-			res.SetDiagnosticMessage("bind failed ErrMsg: " + err)
-			w.Write(res)
-			return
-		}
-		bindpassword := string(r.AuthenticationSimple())
-		binduser, err := object.CheckUserPassword(bindorg, bindusername, bindpassword, "en")
-		if err != "" {
-			log.Printf("Bind failed User=%s, Pass=%#v, ErrMsg=%s", string(r.Name()), r.Authentication(), err)
-			res.SetResultCode(ldapserver.LDAPResultInvalidCredentials)
-			res.SetDiagnosticMessage("invalid credentials ErrMsg: " + err)
-			w.Write(res)
-			return
-		}
-		if bindorg == "built-in" {
-			m.Client.IsGlobalAdmin, m.Client.IsOrgAdmin = true, true
-		} else if binduser.IsAdmin {
-			m.Client.IsOrgAdmin = true
-		}
-		m.Client.IsAuthenticated = true
-		m.Client.UserName = bindusername
-		m.Client.OrgName = bindorg
-	} else {
-		res.SetResultCode(ldapserver.LDAPResultAuthMethodNotSupported)
-		res.SetDiagnosticMessage("Authentication method not supported,Please use Simple Authentication")
-	}
-	w.Write(res)
-}
-
-func handleSearch(w ldapserver.ResponseWriter, m *ldapserver.Message) {
-	res := ldapserver.NewSearchResultDoneResponse(ldapserver.LDAPResultSuccess)
-	if !m.Client.IsAuthenticated {
-		res.SetResultCode(ldapserver.LDAPResultUnwillingToPerform)
-		w.Write(res)
-		return
-	}
-	r := m.GetSearchRequest()
-	if r.FilterString() == "(objectClass=*)" {
-		w.Write(res)
-		return
-	}
-	name, org, errCode := object.GetUserNameAndOrgFromBaseDnAndFilter(string(r.BaseObject()), r.FilterString())
-	if errCode != ldapserver.LDAPResultSuccess {
-		res.SetResultCode(errCode)
-		w.Write(res)
-		return
-	}
-	// Handle Stop Signal (server stop / client disconnected / Abandoned request....)
-	select {
-	case <-m.Done:
-		log.Print("Leaving handleSearch...")
-		return
-	default:
-	}
-	users, errCode := object.GetFilteredUsers(m, name, org)
-	if errCode != ldapserver.LDAPResultSuccess {
-		res.SetResultCode(errCode)
-		w.Write(res)
-		return
-	}
-	for i := 0; i < len(users); i++ {
-		user := users[i]
-		dn := fmt.Sprintf("cn=%s,%s", user.Name, string(r.BaseObject()))
-		e := ldapserver.NewSearchResultEntry(dn)
-		e.AddAttribute("cn", message.AttributeValue(user.Name))
-		e.AddAttribute("uid", message.AttributeValue(user.Name))
-		e.AddAttribute("email", message.AttributeValue(user.Email))
-		e.AddAttribute("mobile", message.AttributeValue(user.Phone))
-		e.AddAttribute("userPassword", message.AttributeValue(getUserPasswordWithType(user)))
-		// e.AddAttribute("postalAddress", message.AttributeValue(user.Address[0]))
-		w.Write(e)
-	}
-	w.Write(res)
-}
-
-// get user password with hash type prefix
-// TODO not handle salt yet
-// @return {md5}5f4dcc3b5aa765d61d8327deb882cf99
-func getUserPasswordWithType(user *object.User) string {
-	org := object.GetOrganizationByUser(user)
-	if org.PasswordType == "" || org.PasswordType == "plain" {
-		return user.Password
-	}
-	prefix := org.PasswordType
-	if prefix == "salt" {
-		prefix = "sha256"
-	} else if prefix == "md5-salt" {
-		prefix = "md5"
-	} else if prefix == "pbkdf2-salt" {
-		prefix = "pbkdf2"
-	}
-	return fmt.Sprintf("{%s}%s", prefix, user.Password)
-}
--- a/controllers/message.go
+++ b/controllers/message.go
@@ -0,0 +1,123 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/beego/beego/utils/pagination"
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
+)
+
+// GetMessages
+// @Title GetMessages
+// @Tag Message API
+// @Description get messages
+// @Param   owner     query    string  true        "The owner of messages"
+// @Success 200 {array} object.Message The Response object
+// @router /get-messages [get]
+func (c *ApiController) GetMessages() {
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	if limit == "" || page == "" {
+		c.Data["json"] = object.GetMaskedMessages(object.GetMessages(owner))
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetMessageCount(owner, field, value)))
+		messages := object.GetMaskedMessages(object.GetPaginationMessages(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
+		c.ResponseOk(messages, paginator.Nums())
+	}
+}
+
+// GetMessage
+// @Title GetMessage
+// @Tag Message API
+// @Description get message
+// @Param   id     query    string  true        "The id ( owner/name ) of the message"
+// @Success 200 {object} object.Message The Response object
+// @router /get-message [get]
+func (c *ApiController) GetMessage() {
+	id := c.Input().Get("id")
+
+	c.Data["json"] = object.GetMaskedMessage(object.GetMessage(id))
+	c.ServeJSON()
+}
+
+// UpdateMessage
+// @Title UpdateMessage
+// @Tag Message API
+// @Description update message
+// @Param   id     query    string  true        "The id ( owner/name ) of the message"
+// @Param   body    body   object.Message  true        "The details of the message"
+// @Success 200 {object} controllers.Response The Response object
+// @router /update-message [post]
+func (c *ApiController) UpdateMessage() {
+	id := c.Input().Get("id")
+
+	var message object.Message
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &message)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.UpdateMessage(id, &message))
+	c.ServeJSON()
+}
+
+// AddMessage
+// @Title AddMessage
+// @Tag Message API
+// @Description add message
+// @Param   body    body   object.Message  true        "The details of the message"
+// @Success 200 {object} controllers.Response The Response object
+// @router /add-message [post]
+func (c *ApiController) AddMessage() {
+	var message object.Message
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &message)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.AddMessage(&message))
+	c.ServeJSON()
+}
+
+// DeleteMessage
+// @Title DeleteMessage
+// @Tag Message API
+// @Description delete message
+// @Param   body    body   object.Message  true        "The details of the message"
+// @Success 200 {object} controllers.Response The Response object
+// @router /delete-message [post]
+func (c *ApiController) DeleteMessage() {
+	var message object.Message
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &message)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.DeleteMessage(&message))
+	c.ServeJSON()
+}
--- a/controllers/system_info.go
+++ b/controllers/system_info.go
@@ -21,9 +21,8 @@ import (
 // GetSystemInfo
 // @Title GetSystemInfo
 // @Tag System API
-// @Description get user's system info
-// @Param   id     query    string  true        "The id ( owner/name ) of the user"
-// @Success 200 {object} object.SystemInfo The Response object
+// @Description get system info like CPU and memory usage
+// @Success 200 {object} util.SystemInfo The Response object
 // @router /get-system-info [get]
 func (c *ApiController) GetSystemInfo() {
 	_, ok := c.RequireAdmin()
@@ -43,8 +42,8 @@ func (c *ApiController) GetSystemInfo() {
 // GetVersionInfo
 // @Title GetVersionInfo
 // @Tag System API
-// @Description get local git repo's latest release version info
-// @Success 200 {string} local latest version hash of Casdoor
+// @Description get version info like Casdoor release version and commit ID
+// @Success 200 {object} util.VersionInfo The Response object
 // @router /get-version-info [get]
 func (c *ApiController) GetVersionInfo() {
 	versionInfo, err := util.GetVersionInfo()
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -84,6 +84,7 @@ func (c *ApiController) GetUsers() {
 // @Param   owner  query    string  false        "The owner of the user"
 // @Param   email  query    string  false 	     "The email of the user"
 // @Param   phone  query    string  false 	     "The phone of the user"
+// @Param   userId query    string  false 	     "The userId of the user"
 // @Success 200 {object} object.User The Response object
 // @router /get-user [get]
 func (c *ApiController) GetUser() {
@@ -94,13 +95,13 @@ func (c *ApiController) GetUser() {

 	owner := c.Input().Get("owner")
 	if owner == "" {
-		owner, _ = util.GetOwnerAndNameFromId(id)
+		owner = util.GetOwnerFromId(id)
 	}

 	organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", owner))
 	if !organization.IsProfilePublic {
 		requestUserId := c.GetSessionUsername()
-		hasPermission, err := object.CheckUserPermission(requestUserId, id, owner, false, c.GetAcceptLanguage())
+		hasPermission, err := object.CheckUserPermission(requestUserId, id, false, c.GetAcceptLanguage())
 		if !hasPermission {
 			c.ResponseError(err.Error())
 			return
@@ -137,10 +138,6 @@ func (c *ApiController) UpdateUser() {
 	id := c.Input().Get("id")
 	columnsStr := c.Input().Get("columns")

-	if id == "" {
-		id = c.GetSessionUsername()
-	}
-
 	var user object.User
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
 	if err != nil {
@@ -148,10 +145,27 @@ func (c *ApiController) UpdateUser() {
 		return
 	}

-	if msg := object.CheckUpdateUser(object.GetUser(id), &user, c.GetAcceptLanguage()); msg != "" {
+	if id == "" {
+		id = c.GetSessionUsername()
+		if id == "" {
+			c.ResponseError(c.T("general:Missing parameter"))
+			return
+		}
+	}
+	oldUser := object.GetUser(id)
+	if oldUser == nil {
+		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), id))
+		return
+	}
+
+	if msg := object.CheckUpdateUser(oldUser, &user, c.GetAcceptLanguage()); msg != "" {
 		c.ResponseError(msg)
 		return
 	}
+	if pass, err := checkPermissionForUpdateUser(oldUser, &user, c); !pass {
+		c.ResponseError(err)
+		return
+	}

 	columns := []string{}
 	if columnsStr != "" {
@@ -160,11 +174,6 @@ func (c *ApiController) UpdateUser() {

 	isGlobalAdmin := c.IsGlobalAdmin()

-	if pass, err := checkPermissionForUpdateUser(id, user, c); !pass {
-		c.ResponseError(err)
-		return
-	}
-
 	affected := object.UpdateUser(id, &user, columns, isGlobalAdmin)
 	if affected {
 		object.UpdateUserToOriginalDatabase(&user)
@@ -275,15 +284,35 @@ func (c *ApiController) SetPassword() {
 	userName := c.Ctx.Request.Form.Get("userName")
 	oldPassword := c.Ctx.Request.Form.Get("oldPassword")
 	newPassword := c.Ctx.Request.Form.Get("newPassword")
+	code := c.Ctx.Request.Form.Get("code")
+
+	if strings.Contains(newPassword, " ") {
+		c.ResponseError(c.T("user:New password cannot contain blank space."))
+		return
+	}
+	if len(newPassword) <= 5 {
+		c.ResponseError(c.T("user:New password must have at least 6 characters"))
+		return
+	}

-	requestUserId := c.GetSessionUsername()
 	userId := util.GetId(userOwner, userName)

-	hasPermission, err := object.CheckUserPermission(requestUserId, userId, userOwner, true, c.GetAcceptLanguage())
+	requestUserId := c.GetSessionUsername()
+	if requestUserId == "" && code == "" {
+		return
+	} else if code == "" {
+		hasPermission, err := object.CheckUserPermission(requestUserId, userId, true, c.GetAcceptLanguage())
 		if !hasPermission {
 			c.ResponseError(err.Error())
 			return
 		}
+	} else {
+		if code != c.GetSession("verifiedCode") {
+			c.ResponseError("")
+			return
+		}
+		c.SetSession("verifiedCode", "")
+	}

 	targetUser := object.GetUser(userId)

@@ -295,16 +324,6 @@ func (c *ApiController) SetPassword() {
 		}
 	}

-	if strings.Contains(newPassword, " ") {
-		c.ResponseError(c.T("user:New password cannot contain blank space."))
-		return
-	}
-
-	if len(newPassword) <= 5 {
-		c.ResponseError(c.T("user:New password must have at least 6 characters"))
-		return
-	}
-
 	targetUser.Password = newPassword
 	object.SetUserField(targetUser, "password", targetUser.Password)
 	c.ResponseOk()
--- a/controllers/user_util.go
+++ b/controllers/user_util.go
@@ -20,8 +20,7 @@ import (
 	"github.com/casdoor/casdoor/object"
 )

-func checkPermissionForUpdateUser(userId string, newUser object.User, c *ApiController) (bool, string) {
-	oldUser := object.GetUser(userId)
+func checkPermissionForUpdateUser(oldUser, newUser *object.User, c *ApiController) (bool, string) {
 	organization := object.GetOrganizationByUser(oldUser)
 	var itemsChanged []*object.AccountItem

--- a/controllers/verification.go
+++ b/controllers/verification.go
@@ -15,6 +15,7 @@
 package controllers

 import (
+	"encoding/json"
 	"errors"
 	"fmt"
 	"strings"
@@ -110,7 +111,7 @@ func (c *ApiController) SendVerificationCode() {
 	sendResp := errors.New("invalid dest type")

 	switch destType {
-	case "email":
+	case object.VerifyTypeEmail:
 		if !util.IsEmailValid(dest) {
 			c.ResponseError(c.T("check:Email is invalid"))
 			return
@@ -132,7 +133,7 @@ func (c *ApiController) SendVerificationCode() {

 		provider := application.GetEmailProvider()
 		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, remoteAddr, dest)
-	case "phone":
+	case object.VerifyTypePhone:
 		if method == LoginVerification || method == ForgetVerification {
 			if user != nil && util.GetMaskedPhone(user.Phone) == dest {
 				dest = user.Phone
@@ -187,7 +188,7 @@ func (c *ApiController) ResetEmailOrPhone() {

 	checkDest := dest
 	organization := object.GetOrganizationByUser(user)
-	if destType == "phone" {
+	if destType == object.VerifyTypePhone {
 		if object.HasUserByField(user.Owner, "phone", dest) {
 			c.ResponseError(c.T("check:Phone already exists"))
 			return
@@ -207,7 +208,7 @@ func (c *ApiController) ResetEmailOrPhone() {
 			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), user.CountryCode))
 			return
 		}
-	} else if destType == "email" {
+	} else if destType == object.VerifyTypeEmail {
 		if object.HasUserByField(user.Owner, "email", dest) {
 			c.ResponseError(c.T("check:Email already exists"))
 			return
@@ -230,10 +231,10 @@ func (c *ApiController) ResetEmailOrPhone() {
 	}

 	switch destType {
-	case "email":
+	case object.VerifyTypeEmail:
 		user.Email = dest
 		object.SetUserField(user, "email", user.Email)
-	case "phone":
+	case object.VerifyTypePhone:
 		user.Phone = dest
 		object.SetUserField(user, "phone", user.Phone)
 	default:
@@ -245,6 +246,60 @@ func (c *ApiController) ResetEmailOrPhone() {
 	c.ResponseOk()
 }

+// VerifyCode
+// @Tag Account API
+// @Title VerifyCode
+// @router /api/verify-code [post]
+func (c *ApiController) VerifyCode() {
+	var form RequestForm
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	var user *object.User
+	if form.Name != "" {
+		user = object.GetUserByFields(form.Organization, form.Name)
+	}
+
+	var checkDest string
+	if strings.Contains(form.Username, "@") {
+		if user != nil && util.GetMaskedEmail(user.Email) == form.Username {
+			form.Username = user.Email
+		}
+		checkDest = form.Username
+	} else {
+		if user != nil && util.GetMaskedPhone(user.Phone) == form.Username {
+			form.Username = user.Phone
+		}
+	}
+
+	if user = object.GetUserByFields(form.Organization, form.Username); user == nil {
+		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(form.Organization, form.Username)))
+		return
+	}
+
+	verificationCodeType := object.GetVerifyType(form.Username)
+	if verificationCodeType == object.VerifyTypePhone {
+		form.CountryCode = user.GetCountryCode(form.CountryCode)
+		var ok bool
+		if checkDest, ok = util.GetE164Number(form.Username, form.CountryCode); !ok {
+			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), form.CountryCode))
+			return
+		}
+	}
+
+	if result := object.CheckVerificationCode(checkDest, form.Code, c.GetAcceptLanguage()); result.Code != object.VerificationSuccess {
+		c.ResponseError(result.Msg)
+		return
+	}
+	object.DisableVerificationCode(checkDest)
+	c.SetSession("verifiedCode", form.Code)
+
+	c.ResponseOk()
+}
+
 // VerifyCaptcha ...
 // @Title VerifyCaptcha
 // @Tag Verification API
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
 	github.com/go-mysql-org/go-mysql v1.7.0
 	github.com/go-pay/gopay v1.5.72
 	github.com/go-sql-driver/mysql v1.6.0
-	github.com/go-webauthn/webauthn v0.8.2
+	github.com/go-webauthn/webauthn v0.6.0
 	github.com/golang-jwt/jwt/v4 v4.5.0
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/uuid v1.3.0
--- a/go.sum
+++ b/go.sum
@@ -222,10 +222,10 @@ github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LB
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-webauthn/revoke v0.1.9 h1:gSJ1ckA9VaKA2GN4Ukp+kiGTk1/EXtaDb1YE8RknbS0=
-github.com/go-webauthn/revoke v0.1.9/go.mod h1:j6WKPnv0HovtEs++paan9g3ar46gm1NarktkXBaPR+w=
-github.com/go-webauthn/webauthn v0.8.2 h1:8KLIbpldjz9KVGHfqEgJNbkhd7bbRXhNw4QWFJE15oA=
-github.com/go-webauthn/webauthn v0.8.2/go.mod h1:d+ezx/jMCNDiqSMzOchuynKb9CVU1NM9BumOnokfcVQ=
+github.com/go-webauthn/revoke v0.1.6 h1:3tv+itza9WpX5tryRQx4GwxCCBrCIiJ8GIkOhxiAmmU=
+github.com/go-webauthn/revoke v0.1.6/go.mod h1:TB4wuW4tPlwgF3znujA96F70/YSQXHPPWl7vgY09Iy8=
+github.com/go-webauthn/webauthn v0.6.0 h1:uLInMApSvBfP+vEFasNE0rnVPG++fjp7lmAIvNhe+UU=
+github.com/go-webauthn/webauthn v0.6.0/go.mod h1:7edMRZXwuM6JIVjN68G24Bzt+bPCvTmjiL0j+cAmXtY=
 github.com/goccy/go-json v0.9.6 h1:5/4CtRQdtsX0sal8fdVhTaiMN01Ri8BExZZ8iRmHQ6E=
 github.com/goccy/go-json v0.9.6/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
@@ -234,6 +234,7 @@ github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptG
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
+github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
@@ -658,8 +659,10 @@ golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20221012134737-56aed061732a/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
 golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/exp v0.0.0-20181106170214-d68db9428509/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -741,6 +744,7 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/net v0.6.0 h1:L4ZwwTvKW9gr0ZMS1yrHD9GZhIuVjOBBnaKH+SPQK0Q=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -833,6 +837,7 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX
 golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -843,6 +848,7 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
--- a/i18n/generate_test.go
+++ b/i18n/generate_test.go
@@ -31,7 +31,7 @@ func TestGenerateI18nFrontend(t *testing.T) {
 	applyToOtherLanguage("frontend", "ja", data)
 	applyToOtherLanguage("frontend", "ko", data)
 	applyToOtherLanguage("frontend", "ru", data)
-	applyToOtherLanguage("frontend", "vi", data)
+	applyToOtherLanguage("frontend", "vn", data)
 }

 func TestGenerateI18nBackend(t *testing.T) {
@@ -46,5 +46,5 @@ func TestGenerateI18nBackend(t *testing.T) {
 	applyToOtherLanguage("backend", "ja", data)
 	applyToOtherLanguage("backend", "ko", data)
 	applyToOtherLanguage("backend", "ru", data)
-	applyToOtherLanguage("backend", "vi", data)
+	applyToOtherLanguage("backend", "vn", data)
 }
--- a/i18n/locales/de/data.json
+++ b/i18n/locales/de/data.json
@@ -32,8 +32,8 @@
    "Email is invalid": "E-Mail ist ungültig",
    "Empty username.": "Leerer Benutzername.",
    "FirstName cannot be blank": "Vorname darf nicht leer sein",
+    "LDAP user name or password incorrect": "Ldap Benutzername oder Passwort falsch",
    "LastName cannot be blank": "Nachname darf nicht leer sein",
-    "Ldap user name or password incorrect": "Ldap Benutzername oder Passwort falsch",
    "Multiple accounts with same uid, please check your ldap server": "Mehrere Konten mit derselben uid, bitte überprüfen Sie Ihren LDAP-Server",
    "Organization does not exist": "Organisation existiert nicht",
    "Password must have at least 6 characters": "Das Passwort muss mindestens 6 Zeichen enthalten",
@@ -42,6 +42,7 @@
    "Phone number is invalid": "Die Telefonnummer ist ungültig",
    "Session outdated, please login again": "Sitzung abgelaufen, bitte erneut anmelden",
    "The user is forbidden to sign in, please contact the administrator": "Dem Benutzer ist der Zugang verboten, bitte kontaktieren Sie den Administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Der Benutzername darf nur alphanumerische Zeichen, Unterstriche oder Bindestriche enthalten, keine aufeinanderfolgenden Bindestriche oder Unterstriche haben und darf nicht mit einem Bindestrich oder Unterstrich beginnen oder enden.",
    "Username already exists": "Benutzername existiert bereits",
    "Username cannot be an email address": "Benutzername kann keine E-Mail-Adresse sein",
--- a/i18n/locales/en/data.json
+++ b/i18n/locales/en/data.json
@@ -32,8 +32,8 @@
    "Email is invalid": "Email is invalid",
    "Empty username.": "Empty username.",
    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
    "LastName cannot be blank": "LastName cannot be blank",
-    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
    "Organization does not exist": "Organization does not exist",
    "Password must have at least 6 characters": "Password must have at least 6 characters",
@@ -42,6 +42,7 @@
    "Phone number is invalid": "Phone number is invalid",
    "Session outdated, please login again": "Session outdated, please login again",
    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
    "Username already exists": "Username already exists",
    "Username cannot be an email address": "Username cannot be an email address",
--- a/i18n/locales/es/data.json
+++ b/i18n/locales/es/data.json
@@ -32,8 +32,8 @@
    "Email is invalid": "El correo electrónico no es válido",
    "Empty username.": "Nombre de usuario vacío.",
    "FirstName cannot be blank": "El nombre no puede estar en blanco",
+    "LDAP user name or password incorrect": "Nombre de usuario o contraseña de Ldap incorrectos",
    "LastName cannot be blank": "El apellido no puede estar en blanco",
-    "Ldap user name or password incorrect": "Nombre de usuario o contraseña de Ldap incorrectos",
    "Multiple accounts with same uid, please check your ldap server": "Cuentas múltiples con el mismo uid, por favor revise su servidor ldap",
    "Organization does not exist": "La organización no existe",
    "Password must have at least 6 characters": "La contraseña debe tener al menos 6 caracteres",
@@ -42,6 +42,7 @@
    "Phone number is invalid": "El número de teléfono no es válido",
    "Session outdated, please login again": "Sesión expirada, por favor vuelva a iniciar sesión",
    "The user is forbidden to sign in, please contact the administrator": "El usuario no está autorizado a iniciar sesión, por favor contacte al administrador",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "El nombre de usuario solo puede contener caracteres alfanuméricos, guiones bajos o guiones, no puede tener guiones o subrayados consecutivos, y no puede comenzar ni terminar con un guión o subrayado.",
    "Username already exists": "El nombre de usuario ya existe",
    "Username cannot be an email address": "Nombre de usuario no puede ser una dirección de correo electrónico",
--- a/i18n/locales/fr/data.json
+++ b/i18n/locales/fr/data.json
@@ -32,8 +32,8 @@
    "Email is invalid": "L'adresse e-mail est invalide",
    "Empty username.": "Nom d'utilisateur vide.",
    "FirstName cannot be blank": "Le prénom ne peut pas être laissé vide",
+    "LDAP user name or password incorrect": "Nom d'utilisateur ou mot de passe LDAP incorrect",
    "LastName cannot be blank": "Le nom de famille ne peut pas être vide",
-    "Ldap user name or password incorrect": "Nom d'utilisateur ou mot de passe LDAP incorrect",
    "Multiple accounts with same uid, please check your ldap server": "Plusieurs comptes avec le même identifiant d'utilisateur, veuillez vérifier votre serveur LDAP",
    "Organization does not exist": "L'organisation n'existe pas",
    "Password must have at least 6 characters": "Le mot de passe doit comporter au moins 6 caractères",
@@ -42,6 +42,7 @@
    "Phone number is invalid": "Le numéro de téléphone est invalide",
    "Session outdated, please login again": "Session expirée, veuillez vous connecter à nouveau",
    "The user is forbidden to sign in, please contact the administrator": "L'utilisateur est interdit de se connecter, veuillez contacter l'administrateur",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Le nom d'utilisateur ne peut contenir que des caractères alphanumériques, des traits soulignés ou des tirets, ne peut pas avoir de tirets ou de traits soulignés consécutifs et ne peut pas commencer ou se terminer par un tiret ou un trait souligné.",
    "Username already exists": "Nom d'utilisateur existe déjà",
    "Username cannot be an email address": "Nom d'utilisateur ne peut pas être une adresse e-mail",
--- a/i18n/locales/id/data.json
+++ b/i18n/locales/id/data.json
@@ -32,8 +32,8 @@
    "Email is invalid": "Email tidak valid",
    "Empty username.": "Nama pengguna kosong.",
    "FirstName cannot be blank": "Nama depan tidak boleh kosong",
+    "LDAP user name or password incorrect": "Nama pengguna atau kata sandi Ldap salah",
    "LastName cannot be blank": "Nama belakang tidak boleh kosong",
-    "Ldap user name or password incorrect": "Nama pengguna atau kata sandi Ldap salah",
    "Multiple accounts with same uid, please check your ldap server": "Beberapa akun dengan uid yang sama, harap periksa server ldap Anda",
    "Organization does not exist": "Organisasi tidak ada",
    "Password must have at least 6 characters": "Kata sandi harus memiliki minimal 6 karakter",
@@ -42,6 +42,7 @@
    "Phone number is invalid": "Nomor telepon tidak valid",
    "Session outdated, please login again": "Sesi kedaluwarsa, silakan masuk lagi",
    "The user is forbidden to sign in, please contact the administrator": "Pengguna dilarang masuk, silakan hubungi administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Nama pengguna hanya bisa menggunakan karakter alfanumerik, garis bawah atau tanda hubung, tidak boleh memiliki dua tanda hubung atau garis bawah berurutan, dan tidak boleh diawali atau diakhiri dengan tanda hubung atau garis bawah.",
    "Username already exists": "Nama pengguna sudah ada",
    "Username cannot be an email address": "Username tidak bisa menjadi alamat email",
--- a/i18n/locales/ja/data.json
+++ b/i18n/locales/ja/data.json
@@ -32,8 +32,8 @@
    "Email is invalid": "電子メールは無効です",
    "Empty username.": "空のユーザー名。",
    "FirstName cannot be blank": "ファーストネームは空白にできません",
+    "LDAP user name or password incorrect": "Ldapのユーザー名またはパスワードが間違っています",
    "LastName cannot be blank": "姓は空白にできません",
-    "Ldap user name or password incorrect": "Ldapのユーザー名またはパスワードが間違っています",
    "Multiple accounts with same uid, please check your ldap server": "同じuidを持つ複数のアカウントがあります。あなたのLDAPサーバーを確認してください",
    "Organization does not exist": "組織は存在しません",
    "Password must have at least 6 characters": "パスワードは少なくとも6つの文字が必要です",
@@ -42,6 +42,7 @@
    "Phone number is invalid": "電話番号が無効です",
    "Session outdated, please login again": "セッションが期限切れになりました。再度ログインしてください",
    "The user is forbidden to sign in, please contact the administrator": "ユーザーはサインインできません。管理者に連絡してください",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "ユーザー名には英数字、アンダースコア、ハイフンしか含めることができません。連続したハイフンまたはアンダースコアは不可であり、ハイフンまたはアンダースコアで始まるまたは終わることもできません。",
    "Username already exists": "ユーザー名はすでに存在しています",
    "Username cannot be an email address": "ユーザー名には電子メールアドレスを使用できません",
--- a/i18n/locales/ko/data.json
+++ b/i18n/locales/ko/data.json
@@ -32,8 +32,8 @@
    "Email is invalid": "이메일이 유효하지 않습니다",
    "Empty username.": "빈 사용자 이름.",
    "FirstName cannot be blank": "이름은 공백일 수 없습니다",
+    "LDAP user name or password incorrect": "LDAP 사용자 이름 또는 암호가 잘못되었습니다",
    "LastName cannot be blank": "성은 비어 있을 수 없습니다",
-    "Ldap user name or password incorrect": "LDAP 사용자 이름 또는 암호가 잘못되었습니다",
    "Multiple accounts with same uid, please check your ldap server": "동일한 UID를 가진 여러 계정이 있습니다. LDAP 서버를 확인해주세요",
    "Organization does not exist": "조직은 존재하지 않습니다",
    "Password must have at least 6 characters": "암호는 적어도 6자 이상이어야 합니다",
@@ -42,6 +42,7 @@
    "Phone number is invalid": "전화번호가 유효하지 않습니다",
    "Session outdated, please login again": "세션이 만료되었습니다. 다시 로그인해주세요",
    "The user is forbidden to sign in, please contact the administrator": "사용자는 로그인이 금지되어 있습니다. 관리자에게 문의하십시오",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "사용자 이름은 알파벳, 숫자, 밑줄 또는 하이픈만 포함할 수 있으며, 연속된 하이픈 또는 밑줄을 가질 수 없으며, 하이픈 또는 밑줄로 시작하거나 끝날 수 없습니다.",
    "Username already exists": "사용자 이름이 이미 존재합니다",
    "Username cannot be an email address": "사용자 이름은 이메일 주소가 될 수 없습니다",
--- a/i18n/locales/ru/data.json
+++ b/i18n/locales/ru/data.json
@@ -32,8 +32,8 @@
    "Email is invalid": "Адрес электронной почты недействительный",
    "Empty username.": "Пустое имя пользователя.",
    "FirstName cannot be blank": "Имя не может быть пустым",
+    "LDAP user name or password incorrect": "Неправильное имя пользователя или пароль Ldap",
    "LastName cannot be blank": "Фамилия не может быть пустой",
-    "Ldap user name or password incorrect": "Неправильное имя пользователя или пароль Ldap",
    "Multiple accounts with same uid, please check your ldap server": "Множественные учетные записи с тем же UID. Пожалуйста, проверьте свой сервер LDAP",
    "Organization does not exist": "Организация не существует",
    "Password must have at least 6 characters": "Пароль должен содержать не менее 6 символов",
@@ -42,6 +42,7 @@
    "Phone number is invalid": "Номер телефона является недействительным",
    "Session outdated, please login again": "Сессия устарела, пожалуйста, войдите снова",
    "The user is forbidden to sign in, please contact the administrator": "Пользователю запрещен вход, пожалуйста, обратитесь к администратору",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Имя пользователя может состоять только из буквенно-цифровых символов, нижних подчеркиваний или дефисов, не может содержать последовательные дефисы или подчеркивания, а также не может начинаться или заканчиваться на дефис или подчеркивание.",
    "Username already exists": "Имя пользователя уже существует",
    "Username cannot be an email address": "Имя пользователя не может быть адресом электронной почты",
--- a/i18n/locales/vn/data.json
+++ b/i18n/locales/vn/data.json
@@ -32,8 +32,8 @@
    "Email is invalid": "Địa chỉ email không hợp lệ",
    "Empty username.": "Tên đăng nhập trống.",
    "FirstName cannot be blank": "Tên không được để trống",
+    "LDAP user name or password incorrect": "Tên người dùng hoặc mật khẩu Ldap không chính xác",
    "LastName cannot be blank": "Họ không thể để trống",
-    "Ldap user name or password incorrect": "Tên người dùng hoặc mật khẩu Ldap không chính xác",
    "Multiple accounts with same uid, please check your ldap server": "Nhiều tài khoản với cùng một uid, vui lòng kiểm tra máy chủ ldap của bạn",
    "Organization does not exist": "Tổ chức không tồn tại",
    "Password must have at least 6 characters": "Mật khẩu phải ít nhất 6 ký tự",
@@ -42,6 +42,7 @@
    "Phone number is invalid": "Số điện thoại không hợp lệ",
    "Session outdated, please login again": "Phiên làm việc hết hạn, vui lòng đăng nhập lại",
    "The user is forbidden to sign in, please contact the administrator": "Người dùng bị cấm đăng nhập, vui lòng liên hệ với quản trị viên",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Tên người dùng chỉ có thể chứa các ký tự chữ và số, gạch dưới hoặc gạch ngang, không được có hai ký tự gạch dưới hoặc gạch ngang liền kề và không được bắt đầu hoặc kết thúc bằng dấu gạch dưới hoặc gạch ngang.",
    "Username already exists": "Tên đăng nhập đã tồn tại",
    "Username cannot be an email address": "Tên người dùng không thể là địa chỉ email",
--- a/i18n/locales/zh/data.json
+++ b/i18n/locales/zh/data.json
@@ -32,8 +32,8 @@
    "Email is invalid": "无效邮箱",
    "Empty username.": "用户名不可为空",
    "FirstName cannot be blank": "名不可以为空",
+    "LDAP user name or password incorrect": "LDAP密码错误",
    "LastName cannot be blank": "姓不可以为空",
-    "Ldap user name or password incorrect": "LDAP密码错误",
    "Multiple accounts with same uid, please check your ldap server": "多个帐户具有相同的uid，请检查您的 LDAP 服务器",
    "Organization does not exist": "组织不存在",
    "Password must have at least 6 characters": "新密码至少为6位",
@@ -42,6 +42,7 @@
    "Phone number is invalid": "无效手机号",
    "Session outdated, please login again": "会话已过期，请重新登录",
    "The user is forbidden to sign in, please contact the administrator": "该用户被禁止登录，请联系管理员",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "用户名只能包含字母数字字符、下划线或连字符，不能有连续的连字符或下划线，也不能以连字符或下划线开头或结尾",
    "Username already exists": "用户名已存在",
    "Username cannot be an email address": "用户名不可以是邮箱地址",
--- a/idp/casdoor.go
+++ b/idp/casdoor.go
@@ -108,8 +108,8 @@ func (idp *CasdoorIdProvider) GetToken(code string) (*oauth2.Token, error) {

 type CasdoorUserInfo struct {
 	Id          string `json:"sub"`
-	Name        string `json:"name"`
-	DisplayName string `json:"preferred_username"`
+	Name        string `json:"preferred_username,omitempty"`
+	DisplayName string `json:"name"`
 	Email       string `json:"email"`
 	AvatarUrl   string `json:"picture"`
 	Status      string `json:"status"`
--- a/idp/custom.go
+++ b/idp/custom.go
@@ -61,8 +61,8 @@ func (idp *CustomIdProvider) GetToken(code string) (*oauth2.Token, error) {

 type CustomUserInfo struct {
 	Id          string `json:"sub"`
-	Name        string `json:"name"`
-	DisplayName string `json:"preferred_username"`
+	Name        string `json:"preferred_username,omitempty"`
+	DisplayName string `json:"name"`
 	Email       string `json:"email"`
 	AvatarUrl   string `json:"picture"`
 	Status      string `json:"status"`
--- a/idp/goth.go
+++ b/idp/goth.go
@@ -88,7 +88,7 @@ type GothIdProvider struct {
 	Session  goth.Session
 }

-func NewGothIdProvider(providerType string, clientId string, clientSecret string, redirectUrl string) *GothIdProvider {
+func NewGothIdProvider(providerType string, clientId string, clientSecret string, redirectUrl string, hostUrl string) *GothIdProvider {
 	var idp GothIdProvider
 	switch providerType {
 	case "Amazon":
@@ -102,8 +102,13 @@ func NewGothIdProvider(providerType string, clientId string, clientSecret string
 			Session:  &apple.Session{},
 		}
 	case "AzureAD":
+		domain := "common"
+		if hostUrl != "" {
+			domain = hostUrl
+		}
+
 		idp = GothIdProvider{
-			Provider: azureadv2.New(clientId, clientSecret, redirectUrl, azureadv2.ProviderOptions{Tenant: "common"}),
+			Provider: azureadv2.New(clientId, clientSecret, redirectUrl, azureadv2.ProviderOptions{Tenant: azureadv2.TenantType(domain)}),
 			Session:  &azureadv2.Session{},
 		}
 	case "Auth0":
--- a/idp/provider.go
+++ b/idp/provider.go
@@ -90,7 +90,7 @@ func GetIdProvider(typ string, subType string, clientId string, clientSecret str
 	} else if typ == "Douyin" {
 		return NewDouyinIdProvider(clientId, clientSecret, redirectUrl)
 	} else if isGothSupport(typ) {
-		return NewGothIdProvider(typ, clientId, clientSecret, redirectUrl)
+		return NewGothIdProvider(typ, clientId, clientSecret, redirectUrl, hostUrl)
 	} else if typ == "Bilibili" {
 		return NewBilibiliIdProvider(clientId, clientSecret, redirectUrl)
 	}
--- a/init_data.json.template
+++ b/init_data.json.template
@@ -12,7 +12,7 @@
      "defaultAvatar": "",
      "defaultApplication": "",
      "tags": [],
-      "languages": ["en", "zh", "es", "fr", "de", "id", "ja", "ko", "ru", "vi"],
+      "languages": ["en", "zh", "es", "fr", "de", "id", "ja", "ko", "ru", "vn"],
      "masterPassword": "",
      "initScore": 2000,
      "enableSoftDeletion": false,
@@ -159,8 +159,8 @@
      "serverName": "",
      "host": "",
      "port": 389,
-      "admin": "",
-      "passwd": "",
+      "username": "",
+      "password": "",
      "baseDn": "",
      "autoSync": 0,
      "lastSync": ""
--- a/ldap/server.go
+++ b/ldap/server.go
@@ -0,0 +1,121 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package ldap
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/casdoor/casdoor/conf"
+	"github.com/casdoor/casdoor/object"
+	ldap "github.com/forestmgy/ldapserver"
+	"github.com/lor00x/goldap/message"
+)
+
+func StartLdapServer() {
+	server := ldap.NewServer()
+	routes := ldap.NewRouteMux()
+
+	routes.Bind(handleBind)
+	routes.Search(handleSearch).Label(" SEARCH****")
+
+	server.Handle(routes)
+	err := server.ListenAndServe("0.0.0.0:" + conf.GetConfigString("ldapServerPort"))
+	if err != nil {
+		return
+	}
+}
+
+func handleBind(w ldap.ResponseWriter, m *ldap.Message) {
+	r := m.GetBindRequest()
+	res := ldap.NewBindResponse(ldap.LDAPResultSuccess)
+
+	if r.AuthenticationChoice() == "simple" {
+		bindUsername, bindOrg, err := getNameAndOrgFromDN(string(r.Name()))
+		if err != "" {
+			log.Printf("Bind failed ,ErrMsg=%s", err)
+			res.SetResultCode(ldap.LDAPResultInvalidDNSyntax)
+			res.SetDiagnosticMessage("bind failed ErrMsg: " + err)
+			w.Write(res)
+			return
+		}
+
+		bindPassword := string(r.AuthenticationSimple())
+		bindUser, err := object.CheckUserPassword(object.CasdoorOrganization, bindUsername, bindPassword, "en")
+		if err != "" {
+			log.Printf("Bind failed User=%s, Pass=%#v, ErrMsg=%s", string(r.Name()), r.Authentication(), err)
+			res.SetResultCode(ldap.LDAPResultInvalidCredentials)
+			res.SetDiagnosticMessage("invalid credentials ErrMsg: " + err)
+			w.Write(res)
+			return
+		}
+
+		if bindOrg == "built-in" || bindUser.IsGlobalAdmin {
+			m.Client.IsGlobalAdmin, m.Client.IsOrgAdmin = true, true
+		} else if bindUser.IsAdmin {
+			m.Client.IsOrgAdmin = true
+		}
+
+		m.Client.IsAuthenticated = true
+		m.Client.UserName = bindUsername
+		m.Client.OrgName = bindOrg
+	} else {
+		res.SetResultCode(ldap.LDAPResultAuthMethodNotSupported)
+		res.SetDiagnosticMessage("Authentication method not supported,Please use Simple Authentication")
+	}
+	w.Write(res)
+}
+
+func handleSearch(w ldap.ResponseWriter, m *ldap.Message) {
+	res := ldap.NewSearchResultDoneResponse(ldap.LDAPResultSuccess)
+	if !m.Client.IsAuthenticated {
+		res.SetResultCode(ldap.LDAPResultUnwillingToPerform)
+		w.Write(res)
+		return
+	}
+
+	r := m.GetSearchRequest()
+	if r.FilterString() == "(objectClass=*)" {
+		w.Write(res)
+		return
+	}
+
+	// Handle Stop Signal (server stop / client disconnected / Abandoned request....)
+	select {
+	case <-m.Done:
+		log.Print("Leaving handleSearch...")
+		return
+	default:
+	}
+
+	users, code := GetFilteredUsers(m)
+	if code != ldap.LDAPResultSuccess {
+		res.SetResultCode(code)
+		w.Write(res)
+		return
+	}
+
+	for _, user := range users {
+		dn := fmt.Sprintf("cn=%s,%s", user.Name, string(r.BaseObject()))
+		e := ldap.NewSearchResultEntry(dn)
+
+		for _, attr := range r.Attributes() {
+			e.AddAttribute(message.AttributeDescription(attr), getAttribute(string(attr), user))
+		}
+
+		w.Write(e)
+	}
+	w.Write(res)
+}
--- a/ldap/util.go
+++ b/ldap/util.go
@@ -0,0 +1,135 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package ldap
+
+import (
+	"fmt"
+	"log"
+	"strings"
+
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
+	"github.com/lor00x/goldap/message"
+
+	ldap "github.com/forestmgy/ldapserver"
+)
+
+func getNameAndOrgFromDN(DN string) (string, string, string) {
+	DNFields := strings.Split(DN, ",")
+	params := make(map[string]string, len(DNFields))
+	for _, field := range DNFields {
+		if strings.Contains(field, "=") {
+			k := strings.Split(field, "=")
+			params[k[0]] = k[1]
+		}
+	}
+
+	if params["cn"] == "" {
+		return "", "", "please use Admin Name format like cn=xxx,ou=xxx,dc=example,dc=com"
+	}
+	if params["ou"] == "" {
+		return params["cn"], object.CasdoorOrganization, ""
+	}
+	return params["cn"], params["ou"], ""
+}
+
+func getNameAndOrgFromFilter(baseDN, filter string) (string, string, int) {
+	if !strings.Contains(baseDN, "ou=") {
+		return "", "", ldap.LDAPResultInvalidDNSyntax
+	}
+
+	name, org, _ := getNameAndOrgFromDN(fmt.Sprintf("cn=%s,", getUsername(filter)) + baseDN)
+	return name, org, ldap.LDAPResultSuccess
+}
+
+func getUsername(filter string) string {
+	nameIndex := strings.Index(filter, "cn=")
+	if nameIndex == -1 {
+		return "*"
+	}
+
+	var name string
+	for i := nameIndex + 3; filter[i] != ')'; i++ {
+		name = name + string(filter[i])
+	}
+	return name
+}
+
+func GetFilteredUsers(m *ldap.Message) (filteredUsers []*object.User, code int) {
+	r := m.GetSearchRequest()
+
+	name, org, code := getNameAndOrgFromFilter(string(r.BaseObject()), r.FilterString())
+	if code != ldap.LDAPResultSuccess {
+		return nil, code
+	}
+
+	if name == "*" && m.Client.IsOrgAdmin { // get all users from organization 'org'
+		if m.Client.IsGlobalAdmin && org == "*" {
+			filteredUsers = object.GetGlobalUsers()
+			return filteredUsers, ldap.LDAPResultSuccess
+		}
+		if m.Client.IsGlobalAdmin || org == m.Client.OrgName {
+			filteredUsers = object.GetUsers(org)
+			return filteredUsers, ldap.LDAPResultSuccess
+		} else {
+			return nil, ldap.LDAPResultInsufficientAccessRights
+		}
+	} else {
+		hasPermission, err := object.CheckUserPermission(fmt.Sprintf("%s/%s", m.Client.OrgName, m.Client.UserName), fmt.Sprintf("%s/%s", org, name), true, "en")
+		if !hasPermission {
+			log.Printf("ErrMsg = %v", err.Error())
+			return nil, ldap.LDAPResultInsufficientAccessRights
+		}
+		user := object.GetUser(util.GetId(org, name))
+		filteredUsers = append(filteredUsers, user)
+		return filteredUsers, ldap.LDAPResultSuccess
+	}
+}
+
+// get user password with hash type prefix
+// TODO not handle salt yet
+// @return {md5}5f4dcc3b5aa765d61d8327deb882cf99
+func getUserPasswordWithType(user *object.User) string {
+	org := object.GetOrganizationByUser(user)
+	if org.PasswordType == "" || org.PasswordType == "plain" {
+		return user.Password
+	}
+	prefix := org.PasswordType
+	if prefix == "salt" {
+		prefix = "sha256"
+	} else if prefix == "md5-salt" {
+		prefix = "md5"
+	} else if prefix == "pbkdf2-salt" {
+		prefix = "pbkdf2"
+	}
+	return fmt.Sprintf("{%s}%s", prefix, user.Password)
+}
+
+func getAttribute(attributeName string, user *object.User) message.AttributeValue {
+	switch attributeName {
+	case "cn":
+		return message.AttributeValue(user.Name)
+	case "uid":
+		return message.AttributeValue(user.Name)
+	case "email":
+		return message.AttributeValue(user.Email)
+	case "mobile":
+		return message.AttributeValue(user.Phone)
+	case "userPassword":
+		return message.AttributeValue(getUserPasswordWithType(user))
+	default:
+		return ""
+	}
+}
--- a/main.go
+++ b/main.go
@@ -23,7 +23,7 @@ import (
 	_ "github.com/beego/beego/session/redis"
 	"github.com/casdoor/casdoor/authz"
 	"github.com/casdoor/casdoor/conf"
-	"github.com/casdoor/casdoor/controllers"
+	"github.com/casdoor/casdoor/ldap"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/proxy"
 	"github.com/casdoor/casdoor/routers"
@@ -81,7 +81,7 @@ func main() {
 	// logs.SetLevel(logs.LevelInformational)
 	logs.SetLogFuncCall(false)

-	go controllers.StartLdapServer()
+	go ldap.StartLdapServer()

 	beego.Run(fmt.Sprintf(":%v", port))
 }
--- a/object/adapter.go
+++ b/object/adapter.go
@@ -201,6 +201,16 @@ func (a *Adapter) createTable() {
 		panic(err)
 	}

+	err = a.Engine.Sync2(new(Chat))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Message))
+	if err != nil {
+		panic(err)
+	}
+
 	err = a.Engine.Sync2(new(Product))
 	if err != nil {
 		panic(err)
--- a/object/chat.go
+++ b/object/chat.go
@@ -0,0 +1,141 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+
+	"github.com/casdoor/casdoor/util"
+	"github.com/xorm-io/core"
+)
+
+type Chat struct {
+	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
+	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
+	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
+	UpdatedTime string `xorm:"varchar(100)" json:"updatedTime"`
+
+	Organization string   `xorm:"varchar(100)" json:"organization"`
+	DisplayName  string   `xorm:"varchar(100)" json:"displayName"`
+	User1        string   `xorm:"varchar(100)" json:"user1"`
+	User2        string   `xorm:"varchar(100)" json:"user2"`
+	Users        []string `xorm:"varchar(100)" json:"users"`
+	MessageCount int      `json:"messageCount"`
+}
+
+func GetMaskedChat(chat *Chat) *Chat {
+	if chat == nil {
+		return nil
+	}
+
+	return chat
+}
+
+func GetMaskedChats(chats []*Chat) []*Chat {
+	for _, chat := range chats {
+		chat = GetMaskedChat(chat)
+	}
+	return chats
+}
+
+func GetChatCount(owner, field, value string) int {
+	session := GetSession(owner, -1, -1, field, value, "", "")
+	count, err := session.Count(&Chat{})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
+}
+
+func GetChats(owner string) []*Chat {
+	chats := []*Chat{}
+	err := adapter.Engine.Desc("created_time").Find(&chats, &Chat{Owner: owner})
+	if err != nil {
+		panic(err)
+	}
+
+	return chats
+}
+
+func GetPaginationChats(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Chat {
+	chats := []*Chat{}
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&chats)
+	if err != nil {
+		panic(err)
+	}
+
+	return chats
+}
+
+func getChat(owner string, name string) *Chat {
+	if owner == "" || name == "" {
+		return nil
+	}
+
+	chat := Chat{Owner: owner, Name: name}
+	existed, err := adapter.Engine.Get(&chat)
+	if err != nil {
+		panic(err)
+	}
+
+	if existed {
+		return &chat
+	} else {
+		return nil
+	}
+}
+
+func GetChat(id string) *Chat {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	return getChat(owner, name)
+}
+
+func UpdateChat(id string, chat *Chat) bool {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	if getChat(owner, name) == nil {
+		return false
+	}
+
+	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(chat)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func AddChat(chat *Chat) bool {
+	affected, err := adapter.Engine.Insert(chat)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func DeleteChat(chat *Chat) bool {
+	affected, err := adapter.Engine.ID(core.PK{chat.Owner, chat.Name}).Delete(&Chat{})
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func (p *Chat) GetId() string {
+	return fmt.Sprintf("%s/%s", p.Owner, p.Name)
+}
--- a/object/check.go
+++ b/object/check.go
@@ -188,29 +188,33 @@ func CheckPassword(user *User, password string, lang string) string {
 	}
 }

-func checkLdapUserPassword(user *User, password string, lang string) (*User, string) {
+func checkLdapUserPassword(user *User, password string, lang string) string {
 	ldaps := GetLdaps(user.Owner)
 	ldapLoginSuccess := false
+	hit := false
+
 	for _, ldapServer := range ldaps {
 		conn, err := ldapServer.GetLdapConn()
 		if err != nil {
 			continue
 		}
-		SearchFilter := fmt.Sprintf("(&(objectClass=posixAccount)(uid=%s))", user.Name)
-		searchReq := goldap.NewSearchRequest(ldapServer.BaseDn,
-			goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
-			SearchFilter, []string{}, nil)
+
+		searchReq := goldap.NewSearchRequest(ldapServer.BaseDn, goldap.ScopeWholeSubtree, goldap.NeverDerefAliases,
+			0, 0, false, ldapServer.buildFilterString(user), []string{}, nil)
+
 		searchResult, err := conn.Conn.Search(searchReq)
 		if err != nil {
-			return nil, err.Error()
+			return err.Error()
 		}

 		if len(searchResult.Entries) == 0 {
 			continue
-		} else if len(searchResult.Entries) > 1 {
-			return nil, i18n.Translate(lang, "check:Multiple accounts with same uid, please check your ldap server")
+		}
+		if len(searchResult.Entries) > 1 {
+			return i18n.Translate(lang, "check:Multiple accounts with same uid, please check your ldap server")
 		}

+		hit = true
 		dn := searchResult.Entries[0].DN
 		if err := conn.Conn.Bind(dn, password); err == nil {
 			ldapLoginSuccess = true
@@ -219,9 +223,12 @@ func checkLdapUserPassword(user *User, password string, lang string) (*User, str
 	}

 	if !ldapLoginSuccess {
-		return nil, i18n.Translate(lang, "check:Ldap user name or password incorrect")
+		if !hit {
+			return "user not exist"
 		}
-	return user, ""
+		return i18n.Translate(lang, "check:LDAP user name or password incorrect")
+	}
+	return ""
 }

 func CheckUserPassword(organization string, username string, password string, lang string) (*User, string) {
@@ -236,10 +243,14 @@ func CheckUserPassword(organization string, username string, password string, la

 	if user.Ldap != "" {
 		// ONLY for ldap users
-		return checkLdapUserPassword(user, password, lang)
+		if msg := checkLdapUserPassword(user, password, lang); msg != "" {
+			if msg == "user not exist" {
+				return nil, fmt.Sprintf(i18n.Translate(lang, "check:The user: %s doesn't exist in LDAP server"), username)
+			}
+			return nil, msg
+		}
 	} else {
-		msg := CheckPassword(user, password, lang)
-		if msg != "" {
+		if msg := CheckPassword(user, password, lang); msg != "" {
 			return nil, msg
 		}
 	}
@@ -250,11 +261,13 @@ func filterField(field string) bool {
 	return reFieldWhiteList.MatchString(field)
 }

-func CheckUserPermission(requestUserId, userId, userOwner string, strict bool, lang string) (bool, error) {
+func CheckUserPermission(requestUserId, userId string, strict bool, lang string) (bool, error) {
 	if requestUserId == "" {
 		return false, fmt.Errorf(i18n.Translate(lang, "general:Please login first"))
 	}

+	userOwner := util.GetOwnerFromId(userId)
+
 	if userId != "" {
 		targetUser := GetUser(userId)
 		if targetUser == nil {
@@ -340,7 +353,7 @@ func CheckUsername(username string, lang string) string {
 	return ""
 }

-func CheckUpdateUser(oldUser *User, user *User, lang string) string {
+func CheckUpdateUser(oldUser, user *User, lang string) string {
 	if user.DisplayName == "" {
 		return i18n.Translate(lang, "user:Display name cannot be empty")
 	}
--- a/object/init.go
+++ b/object/init.go
@@ -89,7 +89,7 @@ func initBuiltInOrganization() bool {
 		CountryCodes:       []string{"US", "ES", "CN", "FR", "DE", "GB", "JP", "KR", "VN", "ID", "SG", "IN"},
 		DefaultAvatar:      fmt.Sprintf("%s/img/casbin.svg", conf.GetConfigString("staticBaseUrl")),
 		Tags:               []string{},
-		Languages:          []string{"en", "zh", "es", "fr", "de", "id", "ja", "ko", "ru", "vi"},
+		Languages:          []string{"en", "zh", "es", "fr", "de", "id", "ja", "ko", "ru", "vn"},
 		InitScore:          2000,
 		AccountItems:       getBuiltInAccountItems(),
 		EnableSoftDeletion: false,
@@ -219,8 +219,8 @@ func initBuiltInLdap() {
 		ServerName: "BuildIn LDAP Server",
 		Host:       "example.com",
 		Port:       389,
-		Admin:      "cn=buildin,dc=example,dc=com",
-		Passwd:     "123",
+		Username:   "cn=buildin,dc=example,dc=com",
+		Password:   "123",
 		BaseDn:     "ou=BuildIn,dc=example,dc=com",
 		AutoSync:   0,
 		LastSync:   "",
--- a/object/ldap.go
+++ b/object/ldap.go
@@ -15,14 +15,7 @@
 package object

 import (
-	"errors"
-	"fmt"
-	"strings"
-
-	"github.com/beego/beego"
 	"github.com/casdoor/casdoor/util"
-	goldap "github.com/go-ldap/ldap/v3"
-	"github.com/thanhpk/randstr"
 )

 type Ldap struct {
@@ -32,261 +25,18 @@ type Ldap struct {

 	ServerName   string   `xorm:"varchar(100)" json:"serverName"`
 	Host         string   `xorm:"varchar(100)" json:"host"`
-	Port       int    `json:"port"`
+	Port         int      `xorm:"int" json:"port"`
 	EnableSsl    bool     `xorm:"bool" json:"enableSsl"`
-	Admin      string `xorm:"varchar(100)" json:"admin"`
-	Passwd     string `xorm:"varchar(100)" json:"passwd"`
+	Username     string   `xorm:"varchar(100)" json:"username"`
+	Password     string   `xorm:"varchar(100)" json:"password"`
 	BaseDn       string   `xorm:"varchar(100)" json:"baseDn"`
+	Filter       string   `xorm:"varchar(200)" json:"filter"`
+	FilterFields []string `xorm:"varchar(100)" json:"filterFields"`

 	AutoSync int    `json:"autoSync"`
 	LastSync string `xorm:"varchar(100)" json:"lastSync"`
 }

-type ldapConn struct {
-	Conn *goldap.Conn
-	IsAD bool
-}
-
-//type ldapGroup struct {
-//	GidNumber string
-//	Cn        string
-//}
-
-type ldapUser struct {
-	UidNumber string
-	Uid       string
-	Cn        string
-	GidNumber string
-	// Gcn                   string
-	Uuid                  string
-	Mail                  string
-	Email                 string
-	EmailAddress          string
-	TelephoneNumber       string
-	Mobile                string
-	MobileTelephoneNumber string
-	RegisteredAddress     string
-	PostalAddress         string
-}
-
-type LdapRespUser struct {
-	UidNumber string `json:"uidNumber"`
-	Uid       string `json:"uid"`
-	Cn        string `json:"cn"`
-	GroupId   string `json:"groupId"`
-	// GroupName string `json:"groupName"`
-	Uuid    string `json:"uuid"`
-	Email   string `json:"email"`
-	Phone   string `json:"phone"`
-	Address string `json:"address"`
-}
-
-type ldapServerType struct {
-	Vendorname           string
-	Vendorversion        string
-	IsGlobalCatalogReady string
-	ForestFunctionality  string
-}
-
-func LdapUsersToLdapRespUsers(users []ldapUser) []LdapRespUser {
-	returnAnyNotEmpty := func(strs ...string) string {
-		for _, str := range strs {
-			if str != "" {
-				return str
-			}
-		}
-		return ""
-	}
-
-	res := make([]LdapRespUser, 0)
-	for _, user := range users {
-		res = append(res, LdapRespUser{
-			UidNumber: user.UidNumber,
-			Uid:       user.Uid,
-			Cn:        user.Cn,
-			GroupId:   user.GidNumber,
-			Uuid:      user.Uuid,
-			Email:     returnAnyNotEmpty(user.Email, user.EmailAddress, user.Mail),
-			Phone:     returnAnyNotEmpty(user.Mobile, user.MobileTelephoneNumber, user.TelephoneNumber),
-			Address:   returnAnyNotEmpty(user.PostalAddress, user.RegisteredAddress),
-		})
-	}
-	return res
-}
-
-func isMicrosoftAD(Conn *goldap.Conn) (bool, error) {
-	SearchFilter := "(objectclass=*)"
-	SearchAttributes := []string{"vendorname", "vendorversion", "isGlobalCatalogReady", "forestFunctionality"}
-
-	searchReq := goldap.NewSearchRequest("",
-		goldap.ScopeBaseObject, goldap.NeverDerefAliases, 0, 0, false,
-		SearchFilter, SearchAttributes, nil)
-	searchResult, err := Conn.Search(searchReq)
-	if err != nil {
-		return false, err
-	}
-	if len(searchResult.Entries) == 0 {
-		return false, errors.New("no result")
-	}
-	isMicrosoft := false
-	var ldapServerType ldapServerType
-	for _, entry := range searchResult.Entries {
-		for _, attribute := range entry.Attributes {
-			switch attribute.Name {
-			case "vendorname":
-				ldapServerType.Vendorname = attribute.Values[0]
-			case "vendorversion":
-				ldapServerType.Vendorversion = attribute.Values[0]
-			case "isGlobalCatalogReady":
-				ldapServerType.IsGlobalCatalogReady = attribute.Values[0]
-			case "forestFunctionality":
-				ldapServerType.ForestFunctionality = attribute.Values[0]
-			}
-		}
-	}
-	if ldapServerType.Vendorname == "" &&
-		ldapServerType.Vendorversion == "" &&
-		ldapServerType.IsGlobalCatalogReady == "TRUE" &&
-		ldapServerType.ForestFunctionality != "" {
-		isMicrosoft = true
-	}
-	return isMicrosoft, err
-}
-
-func (ldap *Ldap) GetLdapConn() (c *ldapConn, err error) {
-	var conn *goldap.Conn
-	if ldap.EnableSsl {
-		conn, err = goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port), nil)
-	} else {
-		conn, err = goldap.Dial("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port))
-	}
-
-	if err != nil {
-		return nil, err
-	}
-
-	err = conn.Bind(ldap.Admin, ldap.Passwd)
-	if err != nil {
-		return nil, err
-	}
-
-	isAD, err := isMicrosoftAD(conn)
-	if err != nil {
-		return nil, err
-	}
-	return &ldapConn{Conn: conn, IsAD: isAD}, nil
-}
-
-//FIXME: The Base DN does not necessarily contain the Group
-//func (l *ldapConn) GetLdapGroups(baseDn string) (map[string]ldapGroup, error) {
-//	SearchFilter := "(objectClass=posixGroup)"
-//	SearchAttributes := []string{"cn", "gidNumber"}
-//	groupMap := make(map[string]ldapGroup)
-//
-//	searchReq := goldap.NewSearchRequest(baseDn,
-//		goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
-//		SearchFilter, SearchAttributes, nil)
-//	searchResult, err := l.Conn.Search(searchReq)
-//	if err != nil {
-//		return nil, err
-//	}
-//
-//	if len(searchResult.Entries) == 0 {
-//		return nil, errors.New("no result")
-//	}
-//
-//	for _, entry := range searchResult.Entries {
-//		var ldapGroupItem ldapGroup
-//		for _, attribute := range entry.Attributes {
-//			switch attribute.Name {
-//			case "gidNumber":
-//				ldapGroupItem.GidNumber = attribute.Values[0]
-//				break
-//			case "cn":
-//				ldapGroupItem.Cn = attribute.Values[0]
-//				break
-//			}
-//		}
-//		groupMap[ldapGroupItem.GidNumber] = ldapGroupItem
-//	}
-//
-//	return groupMap, nil
-//}
-
-func (l *ldapConn) GetLdapUsers(baseDn string) ([]ldapUser, error) {
-	SearchFilter := "(objectClass=posixAccount)"
-	SearchAttributes := []string{
-		"uidNumber", "uid", "cn", "gidNumber", "entryUUID", "mail", "email",
-		"emailAddress", "telephoneNumber", "mobile", "mobileTelephoneNumber", "registeredAddress", "postalAddress",
-	}
-	SearchFilterMsAD := "(objectClass=user)"
-	SearchAttributesMsAD := []string{
-		"uidNumber", "sAMAccountName", "cn", "gidNumber", "entryUUID", "mail", "email",
-		"emailAddress", "telephoneNumber", "mobile", "mobileTelephoneNumber", "registeredAddress", "postalAddress",
-	}
-	var searchReq *goldap.SearchRequest
-	if l.IsAD {
-		searchReq = goldap.NewSearchRequest(baseDn,
-			goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
-			SearchFilterMsAD, SearchAttributesMsAD, nil)
-	} else {
-		searchReq = goldap.NewSearchRequest(baseDn,
-			goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
-			SearchFilter, SearchAttributes, nil)
-	}
-	searchResult, err := l.Conn.SearchWithPaging(searchReq, 100)
-	if err != nil {
-		return nil, err
-	}
-
-	if len(searchResult.Entries) == 0 {
-		return nil, errors.New("no result")
-	}
-
-	var ldapUsers []ldapUser
-
-	for _, entry := range searchResult.Entries {
-		var ldapUserItem ldapUser
-		for _, attribute := range entry.Attributes {
-			switch attribute.Name {
-			case "uidNumber":
-				ldapUserItem.UidNumber = attribute.Values[0]
-			case "uid":
-				ldapUserItem.Uid = attribute.Values[0]
-			case "sAMAccountName":
-				ldapUserItem.Uid = attribute.Values[0]
-			case "cn":
-				ldapUserItem.Cn = attribute.Values[0]
-			case "gidNumber":
-				ldapUserItem.GidNumber = attribute.Values[0]
-			case "entryUUID":
-				ldapUserItem.Uuid = attribute.Values[0]
-			case "objectGUID":
-				ldapUserItem.Uuid = attribute.Values[0]
-			case "mail":
-				ldapUserItem.Mail = attribute.Values[0]
-			case "email":
-				ldapUserItem.Email = attribute.Values[0]
-			case "emailAddress":
-				ldapUserItem.EmailAddress = attribute.Values[0]
-			case "telephoneNumber":
-				ldapUserItem.TelephoneNumber = attribute.Values[0]
-			case "mobile":
-				ldapUserItem.Mobile = attribute.Values[0]
-			case "mobileTelephoneNumber":
-				ldapUserItem.MobileTelephoneNumber = attribute.Values[0]
-			case "registeredAddress":
-				ldapUserItem.RegisteredAddress = attribute.Values[0]
-			case "postalAddress":
-				ldapUserItem.PostalAddress = attribute.Values[0]
-			}
-		}
-		ldapUsers = append(ldapUsers, ldapUserItem)
-	}
-
-	return ldapUsers, nil
-}
-
 func AddLdap(ldap *Ldap) bool {
 	if len(ldap.Id) == 0 {
 		ldap.Id = util.GenerateId()
@@ -310,8 +60,8 @@ func CheckLdapExist(ldap *Ldap) bool {
 		Owner:    ldap.Owner,
 		Host:     ldap.Host,
 		Port:     ldap.Port,
-		Admin:  ldap.Admin,
-		Passwd: ldap.Passwd,
+		Username: ldap.Username,
+		Password: ldap.Password,
 		BaseDn:   ldap.BaseDn,
 	})
 	if err != nil {
@@ -359,7 +109,7 @@ func UpdateLdap(ldap *Ldap) bool {
 	}

 	affected, err := adapter.Engine.ID(ldap.Id).Cols("owner", "server_name", "host",
-		"port", "enable_ssl", "admin", "passwd", "base_dn", "auto_sync").Update(ldap)
+		"port", "enable_ssl", "username", "password", "base_dn", "filter", "filter_fields", "auto_sync").Update(ldap)
 	if err != nil {
 		panic(err)
 	}
@@ -375,123 +125,3 @@ func DeleteLdap(ldap *Ldap) bool {

 	return affected != 0
 }
-
-func SyncLdapUsers(owner string, users []LdapRespUser, ldapId string) (*[]LdapRespUser, *[]LdapRespUser) {
-	var existUsers []LdapRespUser
-	var failedUsers []LdapRespUser
-	var uuids []string
-
-	for _, user := range users {
-		uuids = append(uuids, user.Uuid)
-	}
-
-	existUuids := CheckLdapUuidExist(owner, uuids)
-
-	organization := getOrganization("admin", owner)
-	ldap := GetLdap(ldapId)
-
-	var dc []string
-	for _, basedn := range strings.Split(ldap.BaseDn, ",") {
-		if strings.Contains(basedn, "dc=") {
-			dc = append(dc, basedn[3:])
-		}
-	}
-	affiliation := strings.Join(dc, ".")
-
-	var ou []string
-	for _, admin := range strings.Split(ldap.Admin, ",") {
-		if strings.Contains(admin, "ou=") {
-			ou = append(ou, admin[3:])
-		}
-	}
-	tag := strings.Join(ou, ".")
-
-	for _, user := range users {
-		found := false
-		if len(existUuids) > 0 {
-			for _, existUuid := range existUuids {
-				if user.Uuid == existUuid {
-					existUsers = append(existUsers, user)
-					found = true
-				}
-			}
-		}
-
-		if !found && !AddUser(&User{
-			Owner:       owner,
-			Name:        buildLdapUserName(user.Uid, user.UidNumber),
-			CreatedTime: util.GetCurrentTime(),
-			DisplayName: user.Cn,
-			Avatar:      organization.DefaultAvatar,
-			Email:       user.Email,
-			Phone:       user.Phone,
-			Address:     []string{user.Address},
-			Affiliation: affiliation,
-			Tag:         tag,
-			Score:       beego.AppConfig.DefaultInt("initScore", 2000),
-			Ldap:        user.Uuid,
-		}) {
-			failedUsers = append(failedUsers, user)
-			continue
-		}
-	}
-
-	return &existUsers, &failedUsers
-}
-
-func UpdateLdapSyncTime(ldapId string) {
-	_, err := adapter.Engine.ID(ldapId).Update(&Ldap{LastSync: util.GetCurrentTime()})
-	if err != nil {
-		panic(err)
-	}
-}
-
-func CheckLdapUuidExist(owner string, uuids []string) []string {
-	var results []User
-	var existUuids []string
-	existUuidSet := make(map[string]struct{})
-
-	//whereStr := ""
-	//for i, uuid := range uuids {
-	//	if i == 0 {
-	//		whereStr = fmt.Sprintf("'%s'", uuid)
-	//	} else {
-	//		whereStr = fmt.Sprintf(",'%s'", uuid)
-	//	}
-	//}
-
-	err := adapter.Engine.Where(fmt.Sprintf("ldap IN (%s) AND owner = ?", "'"+strings.Join(uuids, "','")+"'"), owner).Find(&results)
-	if err != nil {
-		panic(err)
-	}
-
-	if len(results) > 0 {
-		for _, result := range results {
-			existUuidSet[result.Ldap] = struct{}{}
-		}
-	}
-
-	for uuid := range existUuidSet {
-		existUuids = append(existUuids, uuid)
-	}
-	return existUuids
-}
-
-func buildLdapUserName(uid, uidNum string) string {
-	var result User
-	uidWithNumber := fmt.Sprintf("%s_%s", uid, uidNum)
-
-	has, err := adapter.Engine.Where("name = ? or name = ?", uid, uidWithNumber).Get(&result)
-	if err != nil {
-		panic(err)
-	}
-
-	if has {
-		if result.Name == uid {
-			return uidWithNumber
-		}
-		return fmt.Sprintf("%s_%s", uidWithNumber, randstr.Hex(6))
-	}
-
-	return uid
-}
--- a/object/ldap_autosync.go
+++ b/object/ldap_autosync.go
@@ -82,7 +82,7 @@ func (l *LdapAutoSynchronizer) syncRoutine(ldap *Ldap, stopChan chan struct{}) {
 			continue
 		}

-		users, err := conn.GetLdapUsers(ldap.BaseDn)
+		users, err := conn.GetLdapUsers(ldap)
 		if err != nil {
 			logs.Warning(fmt.Sprintf("autoSync failed for %s, error %s", ldap.Id, err))
 			continue
@@ -112,3 +112,10 @@ func (l *LdapAutoSynchronizer) LdapAutoSynchronizerStartUpAll() {
 		}
 	}
 }
+
+func UpdateLdapSyncTime(ldapId string) {
+	_, err := adapter.Engine.ID(ldapId).Update(&Ldap{LastSync: util.GetCurrentTime()})
+	if err != nil {
+		panic(err)
+	}
+}
--- a/object/ldap_conn.go
+++ b/object/ldap_conn.go
@@ -0,0 +1,403 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/beego/beego"
+	"github.com/casdoor/casdoor/util"
+	goldap "github.com/go-ldap/ldap/v3"
+	"github.com/thanhpk/randstr"
+)
+
+type LdapConn struct {
+	Conn *goldap.Conn
+	IsAD bool
+}
+
+//type ldapGroup struct {
+//	GidNumber string
+//	Cn        string
+//}
+
+type ldapUser struct {
+	UidNumber string
+	Uid       string
+	Cn        string
+	GidNumber string
+	// Gcn                   string
+	Uuid                  string
+	DisplayName           string
+	Mail                  string
+	Email                 string
+	EmailAddress          string
+	TelephoneNumber       string
+	Mobile                string
+	MobileTelephoneNumber string
+	RegisteredAddress     string
+	PostalAddress         string
+}
+
+type LdapRespUser struct {
+	UidNumber string `json:"uidNumber"`
+	Uid       string `json:"uid"`
+	Cn        string `json:"cn"`
+	GroupId   string `json:"groupId"`
+	// GroupName string `json:"groupName"`
+	Uuid        string `json:"uuid"`
+	DisplayName string `json:"displayName"`
+	Email       string `json:"email"`
+	Phone       string `json:"phone"`
+	Address     string `json:"address"`
+}
+
+func (ldap *Ldap) GetLdapConn() (c *LdapConn, err error) {
+	var conn *goldap.Conn
+	if ldap.EnableSsl {
+		conn, err = goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port), nil)
+	} else {
+		conn, err = goldap.Dial("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port))
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	err = conn.Bind(ldap.Username, ldap.Password)
+	if err != nil {
+		return nil, err
+	}
+
+	isAD, err := isMicrosoftAD(conn)
+	if err != nil {
+		return nil, err
+	}
+	return &LdapConn{Conn: conn, IsAD: isAD}, nil
+}
+
+func isMicrosoftAD(Conn *goldap.Conn) (bool, error) {
+	SearchFilter := "(objectClass=*)"
+	SearchAttributes := []string{"vendorname", "vendorversion", "isGlobalCatalogReady", "forestFunctionality"}
+
+	searchReq := goldap.NewSearchRequest("",
+		goldap.ScopeBaseObject, goldap.NeverDerefAliases, 0, 0, false,
+		SearchFilter, SearchAttributes, nil)
+	searchResult, err := Conn.Search(searchReq)
+	if err != nil {
+		return false, err
+	}
+	if len(searchResult.Entries) == 0 {
+		return false, nil
+	}
+	isMicrosoft := false
+
+	type ldapServerType struct {
+		Vendorname           string
+		Vendorversion        string
+		IsGlobalCatalogReady string
+		ForestFunctionality  string
+	}
+	var ldapServerTypes ldapServerType
+	for _, entry := range searchResult.Entries {
+		for _, attribute := range entry.Attributes {
+			switch attribute.Name {
+			case "vendorname":
+				ldapServerTypes.Vendorname = attribute.Values[0]
+			case "vendorversion":
+				ldapServerTypes.Vendorversion = attribute.Values[0]
+			case "isGlobalCatalogReady":
+				ldapServerTypes.IsGlobalCatalogReady = attribute.Values[0]
+			case "forestFunctionality":
+				ldapServerTypes.ForestFunctionality = attribute.Values[0]
+			}
+		}
+	}
+	if ldapServerTypes.Vendorname == "" &&
+		ldapServerTypes.Vendorversion == "" &&
+		ldapServerTypes.IsGlobalCatalogReady == "TRUE" &&
+		ldapServerTypes.ForestFunctionality != "" {
+		isMicrosoft = true
+	}
+	return isMicrosoft, err
+}
+
+func (l *LdapConn) GetLdapUsers(ldapServer *Ldap) ([]ldapUser, error) {
+	SearchAttributes := []string{
+		"uidNumber", "cn", "sn", "gidNumber", "entryUUID", "displayName", "mail", "email",
+		"emailAddress", "telephoneNumber", "mobile", "mobileTelephoneNumber", "registeredAddress", "postalAddress",
+	}
+	if l.IsAD {
+		SearchAttributes = append(SearchAttributes, "sAMAccountName")
+	} else {
+		SearchAttributes = append(SearchAttributes, "uid")
+	}
+
+	searchReq := goldap.NewSearchRequest(ldapServer.BaseDn, goldap.ScopeWholeSubtree, goldap.NeverDerefAliases,
+		0, 0, false,
+		ldapServer.Filter, SearchAttributes, nil)
+	searchResult, err := l.Conn.SearchWithPaging(searchReq, 100)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(searchResult.Entries) == 0 {
+		return nil, errors.New("no result")
+	}
+
+	var ldapUsers []ldapUser
+	for _, entry := range searchResult.Entries {
+		var user ldapUser
+		for _, attribute := range entry.Attributes {
+			switch attribute.Name {
+			case "uidNumber":
+				user.UidNumber = attribute.Values[0]
+			case "uid":
+				user.Uid = attribute.Values[0]
+			case "sAMAccountName":
+				user.Uid = attribute.Values[0]
+			case "cn":
+				user.Cn = attribute.Values[0]
+			case "gidNumber":
+				user.GidNumber = attribute.Values[0]
+			case "entryUUID":
+				user.Uuid = attribute.Values[0]
+			case "objectGUID":
+				user.Uuid = attribute.Values[0]
+			case "displayName":
+				user.DisplayName = attribute.Values[0]
+			case "mail":
+				user.Mail = attribute.Values[0]
+			case "email":
+				user.Email = attribute.Values[0]
+			case "emailAddress":
+				user.EmailAddress = attribute.Values[0]
+			case "telephoneNumber":
+				user.TelephoneNumber = attribute.Values[0]
+			case "mobile":
+				user.Mobile = attribute.Values[0]
+			case "mobileTelephoneNumber":
+				user.MobileTelephoneNumber = attribute.Values[0]
+			case "registeredAddress":
+				user.RegisteredAddress = attribute.Values[0]
+			case "postalAddress":
+				user.PostalAddress = attribute.Values[0]
+			}
+		}
+		ldapUsers = append(ldapUsers, user)
+	}
+
+	return ldapUsers, nil
+}
+
+// FIXME: The Base DN does not necessarily contain the Group
+//
+//	func (l *ldapConn) GetLdapGroups(baseDn string) (map[string]ldapGroup, error) {
+//		SearchFilter := "(objectClass=posixGroup)"
+//		SearchAttributes := []string{"cn", "gidNumber"}
+//		groupMap := make(map[string]ldapGroup)
+//
+//		searchReq := goldap.NewSearchRequest(baseDn,
+//			goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
+//			SearchFilter, SearchAttributes, nil)
+//		searchResult, err := l.Conn.Search(searchReq)
+//		if err != nil {
+//			return nil, err
+//		}
+//
+//		if len(searchResult.Entries) == 0 {
+//			return nil, errors.New("no result")
+//		}
+//
+//		for _, entry := range searchResult.Entries {
+//			var ldapGroupItem ldapGroup
+//			for _, attribute := range entry.Attributes {
+//				switch attribute.Name {
+//				case "gidNumber":
+//					ldapGroupItem.GidNumber = attribute.Values[0]
+//					break
+//				case "cn":
+//					ldapGroupItem.Cn = attribute.Values[0]
+//					break
+//				}
+//			}
+//			groupMap[ldapGroupItem.GidNumber] = ldapGroupItem
+//		}
+//
+//		return groupMap, nil
+//	}
+
+func LdapUsersToLdapRespUsers(users []ldapUser) []LdapRespUser {
+	res := make([]LdapRespUser, 0)
+	for _, user := range users {
+		res = append(res, LdapRespUser{
+			UidNumber:   user.UidNumber,
+			Uid:         user.Uid,
+			Cn:          user.Cn,
+			GroupId:     user.GidNumber,
+			Uuid:        user.Uuid,
+			DisplayName: user.DisplayName,
+			Email:       util.ReturnAnyNotEmpty(user.Email, user.EmailAddress, user.Mail),
+			Phone:       util.ReturnAnyNotEmpty(user.Mobile, user.MobileTelephoneNumber, user.TelephoneNumber),
+			Address:     util.ReturnAnyNotEmpty(user.PostalAddress, user.RegisteredAddress),
+		})
+	}
+	return res
+}
+
+func SyncLdapUsers(owner string, respUsers []LdapRespUser, ldapId string) (*[]LdapRespUser, *[]LdapRespUser) {
+	var existUsers []LdapRespUser
+	var failedUsers []LdapRespUser
+	var uuids []string
+
+	for _, user := range respUsers {
+		uuids = append(uuids, user.Uuid)
+	}
+
+	existUuids := CheckLdapUuidExist(owner, uuids)
+
+	organization := getOrganization("admin", owner)
+	ldap := GetLdap(ldapId)
+
+	var dc []string
+	for _, basedn := range strings.Split(ldap.BaseDn, ",") {
+		if strings.Contains(basedn, "dc=") {
+			dc = append(dc, basedn[3:])
+		}
+	}
+	affiliation := strings.Join(dc, ".")
+
+	var ou []string
+	for _, admin := range strings.Split(ldap.Username, ",") {
+		if strings.Contains(admin, "ou=") {
+			ou = append(ou, admin[3:])
+		}
+	}
+	tag := strings.Join(ou, ".")
+
+	for _, respUser := range respUsers {
+		found := false
+		if len(existUuids) > 0 {
+			for _, existUuid := range existUuids {
+				if respUser.Uuid == existUuid {
+					existUsers = append(existUsers, respUser)
+					found = true
+				}
+			}
+		}
+
+		if !found {
+			newUser := &User{
+				Owner:       owner,
+				Name:        respUser.buildLdapUserName(),
+				CreatedTime: util.GetCurrentTime(),
+				DisplayName: respUser.buildLdapDisplayName(),
+				Avatar:      organization.DefaultAvatar,
+				Email:       respUser.Email,
+				Phone:       respUser.Phone,
+				Address:     []string{respUser.Address},
+				Affiliation: affiliation,
+				Tag:         tag,
+				Score:       beego.AppConfig.DefaultInt("initScore", 2000),
+				Ldap:        respUser.Uuid,
+			}
+
+			affected := AddUser(newUser)
+			if !affected {
+				failedUsers = append(failedUsers, respUser)
+				continue
+			}
+		}
+	}
+
+	return &existUsers, &failedUsers
+}
+
+func CheckLdapUuidExist(owner string, uuids []string) []string {
+	var results []User
+	var existUuids []string
+	existUuidSet := make(map[string]struct{})
+
+	err := adapter.Engine.Where(fmt.Sprintf("ldap IN (%s) AND owner = ?", "'"+strings.Join(uuids, "','")+"'"), owner).Find(&results)
+	if err != nil {
+		panic(err)
+	}
+
+	if len(results) > 0 {
+		for _, result := range results {
+			existUuidSet[result.Ldap] = struct{}{}
+		}
+	}
+
+	for uuid := range existUuidSet {
+		existUuids = append(existUuids, uuid)
+	}
+	return existUuids
+}
+
+func (ldapUser *LdapRespUser) buildLdapUserName() string {
+	user := User{}
+	uidWithNumber := fmt.Sprintf("%s_%s", ldapUser.Uid, ldapUser.UidNumber)
+	has, err := adapter.Engine.Where("name = ? or name = ?", ldapUser.Uid, uidWithNumber).Get(&user)
+	if err != nil {
+		panic(err)
+	}
+
+	if has {
+		if user.Name == ldapUser.Uid {
+			return uidWithNumber
+		}
+		return fmt.Sprintf("%s_%s", uidWithNumber, randstr.Hex(6))
+	}
+
+	return ldapUser.Uid
+}
+
+func (ldapUser *LdapRespUser) buildLdapDisplayName() string {
+	if ldapUser.DisplayName != "" {
+		return ldapUser.DisplayName
+	}
+
+	return ldapUser.Cn
+}
+
+func (ldap *Ldap) buildFilterString(user *User) string {
+	if len(ldap.FilterFields) == 0 {
+		return fmt.Sprintf("(&%s(uid=%s))", ldap.Filter, user.Name)
+	}
+
+	filter := fmt.Sprintf("(&%s(|", ldap.Filter)
+	for _, field := range ldap.FilterFields {
+		filter = fmt.Sprintf("%s(%s=%s)", filter, field, user.getFieldFromLdapAttribute(field))
+	}
+	filter = fmt.Sprintf("%s))", filter)
+
+	return filter
+}
+
+func (user *User) getFieldFromLdapAttribute(attribute string) string {
+	switch attribute {
+	case "uid":
+		return user.Name
+	case "mail":
+		return user.Email
+	case "mobile":
+		return user.Phone
+	default:
+		return ""
+	}
+}
--- a/object/ldapserver.go
+++ b/object/ldapserver.go
@@ -1,74 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package object
-
-import (
-	"fmt"
-	"log"
-	"strings"
-
-	"github.com/forestmgy/ldapserver"
-)
-
-func GetNameAndOrgFromDN(DN string) (string, string, string) {
-	DNValue := strings.Split(DN, ",")
-	if len(DNValue) == 1 || strings.ToLower(DNValue[0])[0] != 'c' || strings.ToLower(DNValue[1])[0] != 'o' {
-		return "", "", "please use correct Admin Name format like cn=xxx,ou=xxx,dc=example,dc=com"
-	}
-	return DNValue[0][3:], DNValue[1][3:], ""
-}
-
-func GetUserNameAndOrgFromBaseDnAndFilter(baseDN, filter string) (string, string, int) {
-	if !strings.Contains(baseDN, "ou=") || !strings.Contains(filter, "cn=") {
-		return "", "", ldapserver.LDAPResultInvalidDNSyntax
-	}
-	name := getUserNameFromFilter(filter)
-	_, org, _ := GetNameAndOrgFromDN(fmt.Sprintf("cn=%s,", name) + baseDN)
-	errCode := ldapserver.LDAPResultSuccess
-	return name, org, errCode
-}
-
-func getUserNameFromFilter(filter string) string {
-	nameIndex := strings.Index(filter, "cn=")
-	var name string
-	for i := nameIndex + 3; filter[i] != ')'; i++ {
-		name = name + string(filter[i])
-	}
-	return name
-}
-
-func GetFilteredUsers(m *ldapserver.Message, name, org string) ([]*User, int) {
-	var filteredUsers []*User
-	if name == "*" && m.Client.IsOrgAdmin { // get all users from organization 'org'
-		if m.Client.OrgName == "built-in" && org == "*" {
-			filteredUsers = GetGlobalUsers()
-			return filteredUsers, ldapserver.LDAPResultSuccess
-		} else if m.Client.OrgName == "built-in" || org == m.Client.OrgName {
-			filteredUsers = GetUsers(org)
-			return filteredUsers, ldapserver.LDAPResultSuccess
-		} else {
-			return nil, ldapserver.LDAPResultInsufficientAccessRights
-		}
-	} else {
-		hasPermission, err := CheckUserPermission(fmt.Sprintf("%s/%s", m.Client.OrgName, m.Client.UserName), fmt.Sprintf("%s/%s", org, name), org, true, "en")
-		if !hasPermission {
-			log.Printf("ErrMsg = %v", err.Error())
-			return nil, ldapserver.LDAPResultInsufficientAccessRights
-		}
-		user := getUser(org, name)
-		filteredUsers = append(filteredUsers, user)
-		return filteredUsers, ldapserver.LDAPResultSuccess
-	}
-}
--- a/object/message.go
+++ b/object/message.go
@@ -0,0 +1,138 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+
+	"github.com/casdoor/casdoor/util"
+	"github.com/xorm-io/core"
+)
+
+type Message struct {
+	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
+	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
+	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
+
+	Organization string `xorm:"varchar(100)" json:"organization"`
+	Chat         string `xorm:"varchar(100)" json:"chat"`
+	Author       string `xorm:"varchar(100)" json:"author"`
+	Text         string `xorm:"mediumtext" json:"text"`
+}
+
+func GetMaskedMessage(message *Message) *Message {
+	if message == nil {
+		return nil
+	}
+
+	return message
+}
+
+func GetMaskedMessages(messages []*Message) []*Message {
+	for _, message := range messages {
+		message = GetMaskedMessage(message)
+	}
+	return messages
+}
+
+func GetMessageCount(owner, field, value string) int {
+	session := GetSession(owner, -1, -1, field, value, "", "")
+	count, err := session.Count(&Message{})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
+}
+
+func GetMessages(owner string) []*Message {
+	messages := []*Message{}
+	err := adapter.Engine.Desc("created_time").Find(&messages, &Message{Owner: owner})
+	if err != nil {
+		panic(err)
+	}
+
+	return messages
+}
+
+func GetPaginationMessages(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Message {
+	messages := []*Message{}
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&messages)
+	if err != nil {
+		panic(err)
+	}
+
+	return messages
+}
+
+func getMessage(owner string, name string) *Message {
+	if owner == "" || name == "" {
+		return nil
+	}
+
+	message := Message{Owner: owner, Name: name}
+	existed, err := adapter.Engine.Get(&message)
+	if err != nil {
+		panic(err)
+	}
+
+	if existed {
+		return &message
+	} else {
+		return nil
+	}
+}
+
+func GetMessage(id string) *Message {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	return getMessage(owner, name)
+}
+
+func UpdateMessage(id string, message *Message) bool {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	if getMessage(owner, name) == nil {
+		return false
+	}
+
+	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(message)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func AddMessage(message *Message) bool {
+	affected, err := adapter.Engine.Insert(message)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func DeleteMessage(message *Message) bool {
+	affected, err := adapter.Engine.ID(core.PK{message.Owner, message.Name}).Delete(&Message{})
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func (p *Message) GetId() string {
+	return fmt.Sprintf("%s/%s", p.Owner, p.Name)
+}
--- a/object/product_test.go
+++ b/object/product_test.go
@@ -30,7 +30,7 @@ func TestProduct(t *testing.T) {
 	product := GetProduct("admin/product_123")
 	provider := getProvider(product.Owner, "provider_pay_alipay")
 	cert := getCert(product.Owner, "cert-pay-alipay")
-	pProvider := pp.GetPaymentProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.Host, cert.Certificate, cert.PrivateKey, cert.AuthorityPublicKey, cert.AuthorityRootPublicKey)
+	pProvider := pp.GetPaymentProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.Host, cert.Certificate, cert.PrivateKey, cert.AuthorityPublicKey, cert.AuthorityRootPublicKey, provider.ClientId2)

 	paymentName := util.GenerateTimeId()
 	returnUrl := ""
--- a/object/provider.go
+++ b/object/provider.go
@@ -256,7 +256,11 @@ func (p *Provider) getPaymentProvider() (pp.PaymentProvider, *Cert, error) {
 		}
 	}

-	pProvider := pp.GetPaymentProvider(p.Type, p.ClientId, p.ClientSecret, p.Host, cert.Certificate, cert.PrivateKey, cert.AuthorityPublicKey, cert.AuthorityRootPublicKey)
+	pProvider, err := pp.GetPaymentProvider(p.Type, p.ClientId, p.ClientSecret, p.Host, cert.Certificate, cert.PrivateKey, cert.AuthorityPublicKey, cert.AuthorityRootPublicKey, p.ClientId2)
+	if err != nil {
+		return nil, cert, err
+	}
+
 	if pProvider == nil {
 		return nil, cert, fmt.Errorf("the payment provider type: %s is not supported", p.Type)
 	}
--- a/object/saml_idp.go
+++ b/object/saml_idp.go
@@ -86,19 +86,30 @@ func NewSamlResponse(user *User, host string, certificate string, destination st
 	authnStatement.CreateElement("saml:AuthnContext").CreateElement("saml:AuthnContextClassRef").SetText("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport")

 	attributes := assertion.CreateElement("saml:AttributeStatement")
+
 	email := attributes.CreateElement("saml:Attribute")
 	email.CreateAttr("Name", "Email")
 	email.CreateAttr("NameFormat", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic")
 	email.CreateElement("saml:AttributeValue").CreateAttr("xsi:type", "xs:string").Element().SetText(user.Email)
+
 	name := attributes.CreateElement("saml:Attribute")
 	name.CreateAttr("Name", "Name")
 	name.CreateAttr("NameFormat", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic")
 	name.CreateElement("saml:AttributeValue").CreateAttr("xsi:type", "xs:string").Element().SetText(user.Name)
+
 	displayName := attributes.CreateElement("saml:Attribute")
 	displayName.CreateAttr("Name", "DisplayName")
 	displayName.CreateAttr("NameFormat", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic")
 	displayName.CreateElement("saml:AttributeValue").CreateAttr("xsi:type", "xs:string").Element().SetText(user.DisplayName)

+	roles := attributes.CreateElement("saml:Attribute")
+	roles.CreateAttr("Name", "Roles")
+	roles.CreateAttr("NameFormat", "urn:oasis:names:tc:SAML:2.0:attrname-format:basic")
+	ExtendUserWithRolesAndPermissions(user)
+	for _, role := range user.Roles {
+		roles.CreateElement("saml:AttributeValue").CreateAttr("xsi:type", "xs:string").Element().SetText(role.Name)
+	}
+
 	return samlResponse, nil
 }

--- a/object/token.go
+++ b/object/token.go
@@ -51,7 +51,7 @@ type Token struct {
 	Organization string `xorm:"varchar(100)" json:"organization"`
 	User         string `xorm:"varchar(100)" json:"user"`

-	Code          string `xorm:"varchar(100)" json:"code"`
+	Code          string `xorm:"varchar(100) index" json:"code"`
 	AccessToken   string `xorm:"mediumtext" json:"accessToken"`
 	RefreshToken  string `xorm:"mediumtext" json:"refreshToken"`
 	ExpiresIn     int    `json:"expiresIn"`
@@ -362,7 +362,8 @@ func GetOAuthToken(grantType string, clientId string, clientSecret string, code
 	}

 	token.CodeIsUsed = true
-	updateUsedByCode(token)
+	go updateUsedByCode(token)
+
 	tokenWrapper := &TokenWrapper{
 		AccessToken:  token.AccessToken,
 		IdToken:      token.AccessToken,
@@ -613,7 +614,8 @@ func GetClientCredentialsToken(application *Application, clientSecret string, sc
 	nullUser := &User{
 		Owner: application.Owner,
 		Id:    application.GetId(),
-		Name:  fmt.Sprintf("app/%s", application.Name),
+		Name:  application.Name,
+		Type:  "application",
 	}

 	accessToken, _, tokenName, err := generateJwtToken(application, nullUser, "", scope, host)
--- a/object/verification.go
+++ b/object/verification.go
@@ -18,6 +18,7 @@ import (
 	"errors"
 	"fmt"
 	"math/rand"
+	"strings"
 	"time"

 	"github.com/casdoor/casdoor/conf"
@@ -38,6 +39,11 @@ const (
 	timeoutError            = 3
 )

+const (
+	VerifyTypePhone = "phone"
+	VerifyTypeEmail = "email"
+)
+
 type VerificationRecord struct {
 	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
@@ -213,6 +219,14 @@ func CheckSigninCode(user *User, dest, code, lang string) string {
 	}
 }

+func GetVerifyType(username string) (verificationCodeType string) {
+	if strings.Contains(username, "@") {
+		return VerifyTypeEmail
+	} else {
+		return VerifyTypeEmail
+	}
+}
+
 // From Casnode/object/validateCode.go line 116
 var stdNums = []byte("0123456789")

--- a/pp/alipay.go
+++ b/pp/alipay.go
@@ -28,21 +28,21 @@ type AlipayPaymentProvider struct {
 	Client *alipay.Client
 }

-func NewAlipayPaymentProvider(appId string, appCertificate string, appPrivateKey string, authorityPublicKey string, authorityRootPublicKey string) *AlipayPaymentProvider {
+func NewAlipayPaymentProvider(appId string, appCertificate string, appPrivateKey string, authorityPublicKey string, authorityRootPublicKey string) (*AlipayPaymentProvider, error) {
 	pp := &AlipayPaymentProvider{}

 	client, err := alipay.NewClient(appId, appPrivateKey, true)
 	if err != nil {
-		panic(err)
+		return nil, err
 	}

 	err = client.SetCertSnByContent([]byte(appCertificate), []byte(authorityRootPublicKey), []byte(authorityPublicKey))
 	if err != nil {
-		panic(err)
+		return nil, err
 	}

 	pp.Client = client
-	return pp
+	return pp, nil
 }

 func (pp *AlipayPaymentProvider) Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, returnUrl string, notifyUrl string) (string, error) {
--- a/pp/provider.go
+++ b/pp/provider.go
@@ -22,11 +22,23 @@ type PaymentProvider interface {
 	GetInvoice(paymentName string, personName string, personIdCard string, personEmail string, personPhone string, invoiceType string, invoiceTitle string, invoiceTaxId string) (string, error)
 }

-func GetPaymentProvider(typ string, appId string, clientSecret string, host string, appCertificate string, appPrivateKey string, authorityPublicKey string, authorityRootPublicKey string) PaymentProvider {
+func GetPaymentProvider(typ string, appId string, clientSecret string, host string, appCertificate string, appPrivateKey string, authorityPublicKey string, authorityRootPublicKey string, clientId2 string) (PaymentProvider, error) {
 	if typ == "Alipay" {
-		return NewAlipayPaymentProvider(appId, appCertificate, appPrivateKey, authorityPublicKey, authorityRootPublicKey)
-	} else if typ == "GC" {
-		return NewGcPaymentProvider(appId, clientSecret, host)
+		newAlipayPaymentProvider, err := NewAlipayPaymentProvider(appId, appCertificate, appPrivateKey, authorityPublicKey, authorityRootPublicKey)
+		if err != nil {
+			return nil, err
 		}
-	return nil
+		return newAlipayPaymentProvider, nil
+	} else if typ == "GC" {
+		return NewGcPaymentProvider(appId, clientSecret, host), nil
+	} else if typ == "WeChat Pay" {
+		// appId, mchId, mchCertSerialNumber, apiV3Key, privateKey
+		newWechatPaymentProvider, err := NewWechatPaymentProvider(clientId2, appId, authorityPublicKey, clientSecret, appPrivateKey)
+		if err != nil {
+			return nil, err
+		}
+		return newWechatPaymentProvider, nil
+	}
+
+	return nil, nil
 }
--- a/pp/wechatpay.go
+++ b/pp/wechatpay.go
@@ -0,0 +1,102 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package pp
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/casdoor/casdoor/util"
+	"github.com/go-pay/gopay"
+	"github.com/go-pay/gopay/wechat/v3"
+)
+
+type WechatPaymentProvider struct {
+	ClientV3 *wechat.ClientV3
+	appId    string
+}
+
+func NewWechatPaymentProvider(appId string, mchId string, mchCertSerialNumber string, apiV3Key string, privateKey string) (*WechatPaymentProvider, error) {
+	pp := &WechatPaymentProvider{appId: appId}
+
+	clientV3, err := wechat.NewClientV3(mchId, mchCertSerialNumber, apiV3Key, privateKey)
+	if err != nil {
+		return nil, err
+	}
+
+	err = clientV3.AutoVerifySign()
+	if err != nil {
+		return nil, err
+	}
+	pp.ClientV3 = clientV3
+	return pp, nil
+}
+
+func (pp *WechatPaymentProvider) Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, returnUrl string, notifyUrl string) (string, error) {
+	// pp.Client.DebugSwitch = gopay.DebugOn
+
+	bm := gopay.BodyMap{}
+
+	bm.Set("providerName", providerName)
+	bm.Set("productName", productName)
+
+	bm.Set("return_url", returnUrl)
+	bm.Set("notify_url", notifyUrl)
+
+	bm.Set("body", productDisplayName)
+	bm.Set("out_trade_no", paymentName)
+	bm.Set("total_fee", getPriceString(price))
+
+	wechatRsp, err := pp.ClientV3.V3TransactionJsapi(context.Background(), bm)
+	if err != nil {
+		return "", err
+	}
+
+	payUrl := fmt.Sprintf("https://open.weixin.qq.com/connect/oauth2/authorize?appid=%s&redirect_uri=%s&response_type=code&scope=snsapi_base&state=STATE#wechat_redirect", pp.appId, wechatRsp.Response.PrepayId)
+	return payUrl, nil
+}
+
+func (pp *WechatPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string) (string, string, float64, string, string, error) {
+	bm, err := wechat.V3ParseNotifyToBodyMap(request)
+	if err != nil {
+		return "", "", 0, "", "", err
+	}
+
+	providerName := bm.Get("providerName")
+	productName := bm.Get("productName")
+
+	productDisplayName := bm.Get("body")
+	paymentName := bm.Get("out_trade_no")
+	price := util.ParseFloat(bm.Get("total_fee"))
+
+	notifyReq, err := wechat.V3ParseNotify(request)
+	if err != nil {
+		panic(err)
+	}
+
+	cert := pp.ClientV3.WxPublicKey()
+
+	err = notifyReq.VerifySignByPK(cert)
+	if err != nil {
+		return "", "", 0, "", "", err
+	}
+
+	return productDisplayName, paymentName, price, productName, providerName, nil
+}
+
+func (pp *WechatPaymentProvider) GetInvoice(paymentName string, personName string, personIdCard string, personEmail string, personPhone string, invoiceType string, invoiceTitle string, invoiceTaxId string) (string, error) {
+	return "", nil
+}
--- a/routers/router.go
+++ b/routers/router.go
@@ -115,6 +115,7 @@ func initAPI() {
 	beego.Router("/api/check-user-password", &controllers.ApiController{}, "POST:CheckUserPassword")
 	beego.Router("/api/get-email-and-phone", &controllers.ApiController{}, "GET:GetEmailAndPhone")
 	beego.Router("/api/send-verification-code", &controllers.ApiController{}, "POST:SendVerificationCode")
+	beego.Router("/api/verify-code", &controllers.ApiController{}, "POST:VerifyCode")
 	beego.Router("/api/verify-captcha", &controllers.ApiController{}, "POST:VerifyCaptcha")
 	beego.Router("/api/reset-email-or-phone", &controllers.ApiController{}, "POST:ResetEmailOrPhone")
 	beego.Router("/api/get-captcha", &controllers.ApiController{}, "GET:GetCaptcha")
@@ -188,6 +189,18 @@ func initAPI() {
 	beego.Router("/api/add-cert", &controllers.ApiController{}, "POST:AddCert")
 	beego.Router("/api/delete-cert", &controllers.ApiController{}, "POST:DeleteCert")

+	beego.Router("/api/get-chats", &controllers.ApiController{}, "GET:GetChats")
+	beego.Router("/api/get-chat", &controllers.ApiController{}, "GET:GetChat")
+	beego.Router("/api/update-chat", &controllers.ApiController{}, "POST:UpdateChat")
+	beego.Router("/api/add-chat", &controllers.ApiController{}, "POST:AddChat")
+	beego.Router("/api/delete-chat", &controllers.ApiController{}, "POST:DeleteChat")
+
+	beego.Router("/api/get-messages", &controllers.ApiController{}, "GET:GetMessages")
+	beego.Router("/api/get-message", &controllers.ApiController{}, "GET:GetMessage")
+	beego.Router("/api/update-message", &controllers.ApiController{}, "POST:UpdateMessage")
+	beego.Router("/api/add-message", &controllers.ApiController{}, "POST:AddMessage")
+	beego.Router("/api/delete-message", &controllers.ApiController{}, "POST:DeleteMessage")
+
 	beego.Router("/api/get-products", &controllers.ApiController{}, "GET:GetProducts")
 	beego.Router("/api/get-product", &controllers.ApiController{}, "GET:GetProduct")
 	beego.Router("/api/update-product", &controllers.ApiController{}, "POST:UpdateProduct")
--- a/swagger/swagger.json
+++ b/swagger/swagger.json
@@ -2058,22 +2058,13 @@
                "tags": [
                    "System API"
                ],
-                "description": "get user's system info",
+                "description": "get system info like CPU and memory usage",
                "operationId": "ApiController.GetSystemInfo",
-                "parameters": [
-                    {
-                        "in": "query",
-                        "name": "id",
-                        "description": "The id ( owner/name ) of the user",
-                        "required": true,
-                        "type": "string"
-                    }
-                ],
                "responses": {
                    "200": {
                        "description": "The Response object",
                        "schema": {
-                            "$ref": "#/definitions/object.SystemInfo"
+                            "$ref": "#/definitions/util.SystemInfo"
                        }
                    }
                }
@@ -2180,6 +2171,12 @@
                        "name": "phone",
                        "description": "The phone of the user",
                        "type": "string"
+                    },
+                    {
+                        "in": "query",
+                        "name": "userId",
+                        "description": "The userId of the user",
+                        "type": "string"
                    }
                ],
                "responses": {
@@ -2323,11 +2320,14 @@
                "tags": [
                    "System API"
                ],
-                "description": "get local git repo's latest release version info",
+                "description": "get version info like Casdoor release version and commit ID",
                "operationId": "ApiController.GetVersionInfo",
                "responses": {
                    "200": {
-                        "description": "{string} local latest version hash of Casdoor"
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/util.VersionInfo"
+                        }
                    }
                }
            }
@@ -3494,6 +3494,23 @@
                "operationId": "ApiController.UploadResource"
            }
        },
+        "/api/user": {
+            "get": {
+                "tags": [
+                    "Account API"
+                ],
+                "description": "return Laravel compatible user information according to OAuth 2.0",
+                "operationId": "ApiController.UserInfo2",
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/LaravelResponse"
+                        }
+                    }
+                }
+            }
+        },
        "/api/userinfo": {
            "get": {
                "tags": [
@@ -3627,14 +3644,18 @@
        }
    },
    "definitions": {
-        "2268.0xc000528cf0.false": {
+        "2306.0xc0003a4480.false": {
            "title": "false",
            "type": "object"
        },
-        "2302.0xc000528d20.false": {
+        "2340.0xc0003a44b0.false": {
            "title": "false",
            "type": "object"
        },
+        "LaravelResponse": {
+            "title": "LaravelResponse",
+            "type": "object"
+        },
        "Response": {
            "title": "Response",
            "type": "object"
@@ -3682,6 +3703,9 @@
                "captchaType": {
                    "type": "string"
                },
+                "clientId": {
+                    "type": "string"
+                },
                "clientSecret": {
                    "type": "string"
                },
@@ -3758,10 +3782,10 @@
            "type": "object",
            "properties": {
                "data": {
-                    "$ref": "#/definitions/2268.0xc000528cf0.false"
+                    "$ref": "#/definitions/2306.0xc0003a4480.false"
                },
                "data2": {
-                    "$ref": "#/definitions/2302.0xc000528d20.false"
+                    "$ref": "#/definitions/2340.0xc0003a44b0.false"
                },
                "msg": {
                    "type": "string"
@@ -4830,10 +4854,6 @@
                }
            }
        },
-        "object.SystemInfo": {
-            "title": "SystemInfo",
-            "type": "object"
-        },
        "object.TableColumn": {
            "title": "TableColumn",
            "type": "object",
@@ -5475,6 +5495,43 @@
            "title": "CredentialCreationResponse",
            "type": "object"
        },
+        "util.SystemInfo": {
+            "title": "SystemInfo",
+            "type": "object",
+            "properties": {
+                "cpuUsage": {
+                    "type": "array",
+                    "items": {
+                        "type": "number",
+                        "format": "double"
+                    }
+                },
+                "memoryTotal": {
+                    "type": "integer",
+                    "format": "int64"
+                },
+                "memoryUsed": {
+                    "type": "integer",
+                    "format": "int64"
+                }
+            }
+        },
+        "util.VersionInfo": {
+            "title": "VersionInfo",
+            "type": "object",
+            "properties": {
+                "commitId": {
+                    "type": "string"
+                },
+                "commitOffset": {
+                    "type": "integer",
+                    "format": "int64"
+                },
+                "version": {
+                    "type": "string"
+                }
+            }
+        },
        "webauthn.Credential": {
            "title": "Credential",
            "type": "object"
--- a/swagger/swagger.yml
+++ b/swagger/swagger.yml
@@ -1340,19 +1340,13 @@ paths:
    get:
      tags:
      - System API
-      description: get user's system info
+      description: get system info like CPU and memory usage
      operationId: ApiController.GetSystemInfo
-      parameters:
-      - in: query
-        name: id
-        description: The id ( owner/name ) of the user
-        required: true
-        type: string
      responses:
        "200":
          description: The Response object
          schema:
-            $ref: '#/definitions/object.SystemInfo'
+            $ref: '#/definitions/util.SystemInfo'
  /api/get-token:
    get:
      tags:
@@ -1423,6 +1417,10 @@ paths:
        name: phone
        description: The phone of the user
        type: string
+      - in: query
+        name: userId
+        description: The userId of the user
+        type: string
      responses:
        "200":
          description: The Response object
@@ -1515,11 +1513,13 @@ paths:
    get:
      tags:
      - System API
-      description: get local git repo's latest release version info
+      description: get version info like Casdoor release version and commit ID
      operationId: ApiController.GetVersionInfo
      responses:
        "200":
-          description: '{string} local latest version hash of Casdoor'
+          description: The Response object
+          schema:
+            $ref: '#/definitions/util.VersionInfo'
  /api/get-webhook:
    get:
      tags:
@@ -2288,6 +2288,17 @@ paths:
      tags:
      - Resource API
      operationId: ApiController.UploadResource
+  /api/user:
+    get:
+      tags:
+      - Account API
+      description: return Laravel compatible user information according to OAuth 2.0
+      operationId: ApiController.UserInfo2
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/LaravelResponse'
  /api/userinfo:
    get:
      tags:
@@ -2374,12 +2385,15 @@ paths:
          schema:
            $ref: '#/definitions/Response'
 definitions:
-  2268.0xc000528cf0.false:
+  2306.0xc0003a4480.false:
    title: "false"
    type: object
-  2302.0xc000528d20.false:
+  2340.0xc0003a44b0.false:
    title: "false"
    type: object
+  LaravelResponse:
+    title: LaravelResponse
+    type: object
  Response:
    title: Response
    type: object
@@ -2413,6 +2427,8 @@ definitions:
        type: string
      captchaType:
        type: string
+      clientId:
+        type: string
      clientSecret:
        type: string
      code:
@@ -2464,9 +2480,9 @@ definitions:
    type: object
    properties:
      data:
-        $ref: '#/definitions/2268.0xc000528cf0.false'
+        $ref: '#/definitions/2306.0xc0003a4480.false'
      data2:
-        $ref: '#/definitions/2302.0xc000528d20.false'
+        $ref: '#/definitions/2340.0xc0003a44b0.false'
      msg:
        type: string
      name:
@@ -3183,9 +3199,6 @@ definitions:
        type: string
      user:
        type: string
-  object.SystemInfo:
-    title: SystemInfo
-    type: object
  object.TableColumn:
    title: TableColumn
    type: object
@@ -3617,6 +3630,32 @@ definitions:
  protocol.CredentialCreationResponse:
    title: CredentialCreationResponse
    type: object
+  util.SystemInfo:
+    title: SystemInfo
+    type: object
+    properties:
+      cpuUsage:
+        type: array
+        items:
+          type: number
+          format: double
+      memoryTotal:
+        type: integer
+        format: int64
+      memoryUsed:
+        type: integer
+        format: int64
+  util.VersionInfo:
+    title: VersionInfo
+    type: object
+    properties:
+      commitId:
+        type: string
+      commitOffset:
+        type: integer
+        format: int64
+      version:
+        type: string
  webauthn.Credential:
    title: Credential
    type: object
--- a/util/slice.go
+++ b/util/slice.go
@@ -30,3 +30,12 @@ func ContainsString(values []string, val string) bool {
 	sort.Strings(values)
 	return sort.SearchStrings(values, val) != len(values)
 }
+
+func ReturnAnyNotEmpty(strs ...string) string {
+	for _, str := range strs {
+		if str != "" {
+			return str
+		}
+	}
+	return ""
+}
--- a/util/string.go
+++ b/util/string.go
@@ -95,6 +95,15 @@ func GetOwnerAndNameFromId(id string) (string, string) {
 	return tokens[0], tokens[1]
 }

+func GetOwnerFromId(id string) string {
+	tokens := strings.Split(id, "/")
+	if len(tokens) != 2 {
+		panic(errors.New("GetOwnerAndNameFromId() error, wrong token count for ID: " + id))
+	}
+
+	return tokens[0]
+}
+
 func GetOwnerAndNameFromIdNoCheck(id string) (string, string) {
 	tokens := strings.SplitN(id, "/", 2)
 	return tokens[0], tokens[1]
--- a/util/system.go
+++ b/util/system.go
@@ -59,7 +59,7 @@ func getMemoryUsage() (uint64, uint64, error) {
 	var m runtime.MemStats
 	runtime.ReadMemStats(&m)

-	return m.TotalAlloc, virtualMem.Total, nil
+	return m.Alloc, virtualMem.Total, nil
 }

 func GetSystemInfo() (*SystemInfo, error) {
--- a/web/src/AdapterEditPage.js
+++ b/web/src/AdapterEditPage.js
@@ -21,7 +21,7 @@ import i18next from "i18next";

 import "codemirror/lib/codemirror.css";
 import * as ModelBackend from "./backend/ModelBackend";
-import PolicyTable from "./common/PoliciyTable";
+import PolicyTable from "./table/PoliciyTable";
 require("codemirror/theme/material-darker.css");
 require("codemirror/mode/javascript/javascript");

@@ -112,6 +112,7 @@ class AdapterEditPage extends React.Component {
            <Select virtual={false} style={{width: "100%"}} value={this.state.adapter.organization} onChange={(value => {
              this.getModels(value);
              this.updateAdapterField("organization", value);
+              this.updateAdapterField("owner", value);
            })}>
              {
                this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
@@ -266,7 +267,7 @@ class AdapterEditPage extends React.Component {

  submitAdapterEdit(willExist) {
    const adapter = Setting.deepCopy(this.state.adapter);
-    AdapterBackend.updateAdapter(this.state.adapter.owner, this.state.adapterName, adapter)
+    AdapterBackend.updateAdapter(this.state.owner, this.state.adapterName, adapter)
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully saved"));
--- a/web/src/App.js
+++ b/web/src/App.js
@@ -44,6 +44,10 @@ import SyncerListPage from "./SyncerListPage";
 import SyncerEditPage from "./SyncerEditPage";
 import CertListPage from "./CertListPage";
 import CertEditPage from "./CertEditPage";
+import ChatEditPage from "./ChatEditPage";
+import ChatListPage from "./ChatListPage";
+import MessageEditPage from "./MessageEditPage";
+import MessageListPage from "./MessageListPage";
 import ProductListPage from "./ProductListPage";
 import ProductEditPage from "./ProductEditPage";
 import ProductBuyPage from "./ProductBuyPage";
@@ -52,7 +56,7 @@ import PaymentEditPage from "./PaymentEditPage";
 import PaymentResultPage from "./PaymentResultPage";
 import AccountPage from "./account/AccountPage";
 import HomePage from "./basic/HomePage";
-import CustomGithubCorner from "./CustomGithubCorner";
+import CustomGithubCorner from "./common/CustomGithubCorner";
 import * as Conf from "./Conf";

 import * as Auth from "./auth/Auth";
@@ -60,7 +64,7 @@ import EntryPage from "./EntryPage";
 import ResultPage from "./auth/ResultPage";
 import * as AuthBackend from "./auth/AuthBackend";
 import AuthCallback from "./auth/AuthCallback";
-import SelectLanguageBox from "./SelectLanguageBox";
+import LanguageSelect from "./common/select/LanguageSelect";
 import i18next from "i18next";
 import OdicDiscoveryPage from "./auth/OidcDiscoveryPage";
 import SamlCallback from "./auth/SamlCallback";
@@ -70,7 +74,7 @@ import SystemInfo from "./SystemInfo";
 import AdapterListPage from "./AdapterListPage";
 import AdapterEditPage from "./AdapterEditPage";
 import {withTranslation} from "react-i18next";
-import SelectThemeBox from "./SelectThemeBox";
+import ThemeSelect from "./common/select/ThemeSelect";
 import SessionListPage from "./SessionListPage";

 const {Header, Footer, Content} = Layout;
@@ -135,16 +139,22 @@ class App extends Component {
      this.setState({selectedMenuKey: "/applications"});
    } else if (uri.includes("/resources")) {
      this.setState({selectedMenuKey: "/resources"});
-    } else if (uri.includes("/tokens")) {
-      this.setState({selectedMenuKey: "/tokens"});
    } else if (uri.includes("/records")) {
      this.setState({selectedMenuKey: "/records"});
+    } else if (uri.includes("/tokens")) {
+      this.setState({selectedMenuKey: "/tokens"});
+    } else if (uri.includes("/sessions")) {
+      this.setState({selectedMenuKey: "/sessions"});
    } else if (uri.includes("/webhooks")) {
      this.setState({selectedMenuKey: "/webhooks"});
    } else if (uri.includes("/syncers")) {
      this.setState({selectedMenuKey: "/syncers"});
    } else if (uri.includes("/certs")) {
      this.setState({selectedMenuKey: "/certs"});
+    } else if (uri.includes("/chats")) {
+      this.setState({selectedMenuKey: "/chats"});
+    } else if (uri.includes("/messages")) {
+      this.setState({selectedMenuKey: "/messages"});
    } else if (uri.includes("/products")) {
      this.setState({selectedMenuKey: "/products"});
    } else if (uri.includes("/payments")) {
@@ -352,7 +362,7 @@ class App extends Component {
      return (
        <React.Fragment>
          {this.renderRightDropdown()}
-          <SelectThemeBox
+          <ThemeSelect
            themeAlgorithm={this.state.themeAlgorithm}
            onChange={(nextThemeAlgorithm) => {
              this.setState({
@@ -360,7 +370,7 @@ class App extends Component {
                logo: this.getLogo(nextThemeAlgorithm),
              });
            }} />
-          <SelectLanguageBox languages={this.state.account.organization.languages} />
+          <LanguageSelect languages={this.state.account.organization.languages} />
        </React.Fragment>
      );
    }
@@ -413,6 +423,14 @@ class App extends Component {
        "/providers"
      ));

+      res.push(Setting.getItem(<Link to="/chats">{i18next.t("general:Chats")}</Link>,
+        "/chats"
+      ));
+
+      res.push(Setting.getItem(<Link to="/messages">{i18next.t("general:Messages")}</Link>,
+        "/messages"
+      ));
+
      res.push(Setting.getItem(<Link to="/resources">{i18next.t("general:Resources")}</Link>,
        "/resources"
      ));
@@ -527,6 +545,10 @@ class App extends Component {
        <Route exact path="/syncers/:syncerName" render={(props) => this.renderLoginIfNotLoggedIn(<SyncerEditPage account={this.state.account} {...props} />)} />
        <Route exact path="/certs" render={(props) => this.renderLoginIfNotLoggedIn(<CertListPage account={this.state.account} {...props} />)} />
        <Route exact path="/certs/:certName" render={(props) => this.renderLoginIfNotLoggedIn(<CertEditPage account={this.state.account} {...props} />)} />
+        <Route exact path="/chats" render={(props) => this.renderLoginIfNotLoggedIn(<ChatListPage account={this.state.account} {...props} />)} />
+        <Route exact path="/chats/:chatName" render={(props) => this.renderLoginIfNotLoggedIn(<ChatEditPage account={this.state.account} {...props} />)} />
+        <Route exact path="/messages" render={(props) => this.renderLoginIfNotLoggedIn(<MessageListPage account={this.state.account} {...props} />)} />
+        <Route exact path="/messages/:messageName" render={(props) => this.renderLoginIfNotLoggedIn(<MessageEditPage account={this.state.account} {...props} />)} />
        <Route exact path="/products" render={(props) => this.renderLoginIfNotLoggedIn(<ProductListPage account={this.state.account} {...props} />)} />
        <Route exact path="/products/:productName" render={(props) => this.renderLoginIfNotLoggedIn(<ProductEditPage account={this.state.account} {...props} />)} />
        <Route exact path="/products/:productName/buy" render={(props) => this.renderLoginIfNotLoggedIn(<ProductBuyPage account={this.state.account} {...props} />)} />
--- a/web/src/ApplicationEditPage.js
+++ b/web/src/ApplicationEditPage.js
@@ -25,9 +25,9 @@ import * as ResourceBackend from "./backend/ResourceBackend";
 import SignupPage from "./auth/SignupPage";
 import LoginPage from "./auth/LoginPage";
 import i18next from "i18next";
-import UrlTable from "./UrlTable";
-import ProviderTable from "./ProviderTable";
-import SignupTable from "./SignupTable";
+import UrlTable from "./table/UrlTable";
+import ProviderTable from "./table/ProviderTable";
+import SignupTable from "./table/SignupTable";
 import PromptPage from "./auth/PromptPage";
 import copy from "copy-to-clipboard";

@@ -867,6 +867,8 @@ class ApplicationEditPage extends React.Component {

  submitApplicationEdit(willExist) {
    const application = Setting.deepCopy(this.state.application);
+    application.providers = application.providers?.filter(provider => this.state.providers.map(provider => provider.name).includes(provider.name));
+
    ApplicationBackend.updateApplication("admin", this.state.applicationName, application)
      .then((res) => {
        if (res.status === "ok") {
--- a/web/src/ChatEditPage.js
+++ b/web/src/ChatEditPage.js
@@ -0,0 +1,217 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Button, Card, Col, Input, Row, Select} from "antd";
+import * as ChatBackend from "./backend/ChatBackend";
+import * as OrganizationBackend from "./backend/OrganizationBackend";
+import * as UserBackend from "./backend/UserBackend";
+import * as Setting from "./Setting";
+import i18next from "i18next";
+
+class ChatEditPage extends React.Component {
+  constructor(props) {
+    super(props);
+    this.state = {
+      classes: props,
+      chatName: props.match.params.chatName,
+      chat: null,
+      organizations: [],
+      users: [],
+      mode: props.location.mode !== undefined ? props.location.mode : "edit",
+    };
+  }
+
+  UNSAFE_componentWillMount() {
+    this.getChat();
+    this.getOrganizations();
+  }
+
+  getChat() {
+    ChatBackend.getChat("admin", this.state.chatName)
+      .then((chat) => {
+        this.setState({
+          chat: chat,
+        });
+
+        this.getUsers(chat.organization);
+      });
+  }
+
+  getOrganizations() {
+    OrganizationBackend.getOrganizations("admin")
+      .then((res) => {
+        this.setState({
+          organizations: (res.msg === undefined) ? res : [],
+        });
+      });
+  }
+
+  getUsers(organizationName) {
+    UserBackend.getUsers(organizationName)
+      .then((res) => {
+        this.setState({
+          users: res,
+        });
+      });
+  }
+
+  parseChatField(key, value) {
+    if ([].includes(key)) {
+      value = Setting.myParseInt(value);
+    }
+    return value;
+  }
+
+  updateChatField(key, value) {
+    value = this.parseChatField(key, value);
+
+    const chat = this.state.chat;
+    chat[key] = value;
+    this.setState({
+      chat: chat,
+    });
+  }
+
+  renderChat() {
+    return (
+      <Card size="small" title={
+        <div>
+          {this.state.mode === "add" ? i18next.t("chat:New Chat") : i18next.t("chat:Edit Chat")}&nbsp;&nbsp;&nbsp;&nbsp;
+          <Button onClick={() => this.submitChatEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: "20px"}} type="primary" onClick={() => this.submitChatEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+          {this.state.mode === "add" ? <Button style={{marginLeft: "20px"}} onClick={() => this.deleteChat()}>{i18next.t("general:Cancel")}</Button> : null}
+        </div>
+      } style={(Setting.isMobile()) ? {margin: "5px"} : {}} type="inner">
+        <Row style={{marginTop: "10px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} value={this.state.chat.organization} onChange={(value => {this.updateChatField("organization", value);})}
+              options={this.state.organizations.map((organization) => Setting.getOption(organization.name, organization.name))
+              } />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.chat.name} onChange={e => {
+              this.updateChatField("name", e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Display name"), i18next.t("general:Display name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.chat.displayName} onChange={e => {
+              this.updateChatField("displayName", e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("chat:User1"), i18next.t("general:User1 - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} value={this.state.chat.user1} onChange={(value => {this.updateChatField("user1", value);})}
+              options={this.state.users.map((user) => Setting.getOption(`${user.owner}/${user.name}`, `${user.owner}/${user.name}`))
+              } />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("chat:User2"), i18next.t("general:User2 - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} value={this.state.chat.user2} onChange={(value => {this.updateChatField("user2", value);})}
+              options={this.state.users.map((user) => Setting.getOption(`${user.owner}/${user.name}`, `${user.owner}/${user.name}`))
+              } />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("chat:Sub users"), i18next.t("chat:Sub users - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select mode="tags" style={{width: "100%"}} value={this.state.chat.users}
+              onChange={(value => {this.updateChatField("users", value);})}
+              options={this.state.users.map((user) => Setting.getOption(`${user.owner}/${user.name}`, `${user.owner}/${user.name}`))}
+            />
+          </Col>
+        </Row>
+      </Card>
+    );
+  }
+
+  submitChatEdit(willExist) {
+    const chat = Setting.deepCopy(this.state.chat);
+    ChatBackend.updateChat(this.state.chat.owner, this.state.chatName, chat)
+      .then((res) => {
+        if (res.status === "ok") {
+          Setting.showMessage("success", i18next.t("general:Successfully saved"));
+          this.setState({
+            chatName: this.state.chat.name,
+          });
+
+          if (willExist) {
+            this.props.history.push("/chats");
+          } else {
+            this.props.history.push(`/chats/${this.state.chat.name}`);
+          }
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);
+          this.updateChatField("name", this.state.chatName);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  deleteChat() {
+    ChatBackend.deleteChat(this.state.chat)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.props.history.push("/chats");
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  render() {
+    return (
+      <div>
+        {
+          this.state.chat !== null ? this.renderChat() : null
+        }
+        <div style={{marginTop: "20px", marginLeft: "40px"}}>
+          <Button size="large" onClick={() => this.submitChatEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: "20px"}} type="primary" size="large" onClick={() => this.submitChatEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+          {this.state.mode === "add" ? <Button style={{marginLeft: "20px"}} size="large" onClick={() => this.deleteChat()}>{i18next.t("general:Cancel")}</Button> : null}
+        </div>
+      </div>
+    );
+  }
+}
+
+export default ChatEditPage;
--- a/web/src/ChatListPage.js
+++ b/web/src/ChatListPage.js
@@ -0,0 +1,268 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Link} from "react-router-dom";
+import {Button, Table} from "antd";
+import moment from "moment";
+import * as Setting from "./Setting";
+import * as ChatBackend from "./backend/ChatBackend";
+import i18next from "i18next";
+import BaseListPage from "./BaseListPage";
+import PopconfirmModal from "./PopconfirmModal";
+
+class ChatListPage extends BaseListPage {
+  newChat() {
+    const randomName = Setting.getRandomName();
+    return {
+      owner: "admin", // this.props.account.applicationName,
+      name: `chat_${randomName}`,
+      createdTime: moment().format(),
+      updatedTime: moment().format(),
+      organization: this.props.account.owner,
+      displayName: `New Chat - ${randomName}`,
+      user1: `${this.props.account.owner}/${this.props.account.name}`,
+      user2: "",
+      users: [`${this.props.account.owner}/${this.props.account.name}`],
+      messageCount: 0,
+    };
+  }
+
+  addChat() {
+    const newChat = this.newChat();
+    ChatBackend.addChat(newChat)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.props.history.push({pathname: `/chats/${newChat.name}`, mode: "add"});
+          Setting.showMessage("success", i18next.t("general:Successfully added"));
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to add")}: ${res.msg}`);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  deleteChat(i) {
+    ChatBackend.deleteChat(this.state.data[i])
+      .then((res) => {
+        if (res.status === "ok") {
+          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
+          });
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  renderTable(chats) {
+    const columns = [
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "organization",
+        key: "organization",
+        width: "150px",
+        sorter: true,
+        ...this.getColumnSearchProps("organization"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:Name"),
+        dataIndex: "name",
+        key: "name",
+        width: "120px",
+        fixed: "left",
+        sorter: true,
+        ...this.getColumnSearchProps("name"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/chats/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:Created time"),
+        dataIndex: "createdTime",
+        key: "createdTime",
+        width: "150px",
+        sorter: true,
+        render: (text, record, index) => {
+          return Setting.getFormattedDate(text);
+        },
+      },
+      {
+        title: i18next.t("general:Updated time"),
+        dataIndex: "updatedTime",
+        key: "updatedTime",
+        width: "15  0px",
+        sorter: true,
+        render: (text, record, index) => {
+          return Setting.getFormattedDate(text);
+        },
+      },
+      {
+        title: i18next.t("general:Display name"),
+        dataIndex: "displayName",
+        key: "displayName",
+        // width: '100px',
+        sorter: true,
+        ...this.getColumnSearchProps("displayName"),
+      },
+      {
+        title: i18next.t("chat:User1"),
+        dataIndex: "user1",
+        key: "user1",
+        width: "120px",
+        fixed: "left",
+        sorter: true,
+        ...this.getColumnSearchProps("user1"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/users/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("chat:User2"),
+        dataIndex: "user2",
+        key: "user2",
+        width: "120px",
+        fixed: "left",
+        sorter: true,
+        ...this.getColumnSearchProps("user2"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/users/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:Users"),
+        dataIndex: "users",
+        key: "users",
+        // width: '100px',
+        sorter: true,
+        ...this.getColumnSearchProps("users"),
+        render: (text, record, index) => {
+          return Setting.getTags(text, "users");
+        },
+      },
+      {
+        title: i18next.t("chat:Message count"),
+        dataIndex: "messageCount",
+        key: "messageCount",
+        // width: '100px',
+        sorter: true,
+        ...this.getColumnSearchProps("messageCount"),
+      },
+      {
+        title: i18next.t("general:Action"),
+        dataIndex: "",
+        key: "op",
+        width: "170px",
+        fixed: (Setting.isMobile()) ? "false" : "right",
+        render: (text, record, index) => {
+          return (
+            <div>
+              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/chats/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <PopconfirmModal
+                title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
+                onConfirm={() => this.deleteChat(index)}
+              >
+              </PopconfirmModal>
+            </div>
+          );
+        },
+      },
+    ];
+
+    const paginationProps = {
+      total: this.state.pagination.total,
+      showQuickJumper: true,
+      showSizeChanger: true,
+      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
+    };
+
+    return (
+      <div>
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={chats} rowKey="name" size="middle" bordered pagination={paginationProps}
+          title={() => (
+            <div>
+              {i18next.t("general:Chats")}&nbsp;&nbsp;&nbsp;&nbsp;
+              <Button type="primary" size="small" onClick={this.addChat.bind(this)}>{i18next.t("general:Add")}</Button>
+            </div>
+          )}
+          loading={this.state.loading}
+          onChange={this.handleTableChange}
+        />
+      </div>
+    );
+  }
+
+  fetch = (params = {}) => {
+    let field = params.searchedColumn, value = params.searchText;
+    const sortField = params.sortField, sortOrder = params.sortOrder;
+    if (params.category !== undefined && params.category !== null) {
+      field = "category";
+      value = params.category;
+    } else if (params.type !== undefined && params.type !== null) {
+      field = "type";
+      value = params.type;
+    }
+    this.setState({loading: true});
+    ChatBackend.getChats("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            loading: false,
+            data: res.data,
+            pagination: {
+              ...params.pagination,
+              total: res.data2,
+            },
+            searchText: params.searchText,
+            searchedColumn: params.searchedColumn,
+          });
+        } else {
+          if (Setting.isResponseDenied(res)) {
+            this.setState({
+              loading: false,
+              isAuthorized: false,
+            });
+          }
+        }
+      });
+  };
+}
+
+export default ChatListPage;
--- a/web/src/LdapEditPage.js
+++ b/web/src/LdapEditPage.js
@@ -166,13 +166,37 @@ class LdapEditPage extends React.Component {
            }} />
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}}>
+          <Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
+            {Setting.getLabel(i18next.t("ldap:Search Filter"), i18next.t("ldap:Search Filter - Tooltip"))} :
+          </Col>
+          <Col span={21}>
+            <Input value={this.state.ldap.filter} onChange={e => {
+              this.updateLdapField("filter", e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}}>
+          <Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
+            {Setting.getLabel(i18next.t("ldap:Filter fields"), i18next.t("ldap:Filter fields - Tooltip"))} :
+          </Col>
+          <Col span={21}>
+            <Select value={this.state.ldap.filterFields ?? []} style={{width: "100%"}} mode={"multiple"} options={[
+              {value: "uid", label: "uid"},
+              {value: "mail", label: "Email"},
+              {value: "mobile", label: "mobile"},
+            ].map((item) => Setting.getOption(item.label, item.value))} onChange={value => {
+              this.updateLdapField("filterFields", value);
+            }} />
+          </Col>
+        </Row>
        <Row style={{marginTop: "20px"}}>
          <Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
            {Setting.getLabel(i18next.t("ldap:Admin"), i18next.t("ldap:Admin - Tooltip"))} :
          </Col>
          <Col span={21}>
-            <Input value={this.state.ldap.admin} onChange={e => {
-              this.updateLdapField("admin", e.target.value);
+            <Input value={this.state.ldap.username} onChange={e => {
+              this.updateLdapField("username", e.target.value);
            }} />
          </Col>
        </Row>
@@ -182,9 +206,9 @@ class LdapEditPage extends React.Component {
          </Col>
          <Col span={21}>
            <Input.Password
-              iconRender={visible => (visible ? <EyeTwoTone /> : <EyeInvisibleOutlined />)} value={this.state.ldap.passwd}
+              iconRender={visible => (visible ? <EyeTwoTone /> : <EyeInvisibleOutlined />)} value={this.state.ldap.password}
              onChange={e => {
-                this.updateLdapField("passwd", e.target.value);
+                this.updateLdapField("password", e.target.value);
              }}
            />
          </Col>
--- a/web/src/LdapListPage.js
+++ b/web/src/LdapListPage.js
@@ -1,192 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-import React from "react";
-import {Link} from "react-router-dom";
-import {Button, Col, Row, Table} from "antd";
-import * as Setting from "./Setting";
-import * as LdapBackend from "./backend/LdapBackend";
-import i18next from "i18next";
-import PopconfirmModal from "./PopconfirmModal";
-
-class LdapListPage extends React.Component {
-  constructor(props) {
-    super(props);
-    this.state = {
-      ldaps: null,
-    };
-  }
-
-  UNSAFE_componentWillMount() {
-    this.getLdaps();
-  }
-
-  getLdaps() {
-    LdapBackend.getLdaps("")
-      .then((res) => {
-        let ldapsData = [];
-        if (res.status === "ok") {
-          ldapsData = res.data;
-        } else {
-          Setting.showMessage("error", res.msg);
-        }
-        this.setState((prevState) => {
-          prevState.ldaps = ldapsData;
-          return prevState;
-        });
-      });
-  }
-
-  deleteLdap(index) {
-
-  }
-
-  renderTable(ldaps) {
-    const columns = [
-      {
-        title: i18next.t("ldap:Server name"),
-        dataIndex: "serverName",
-        key: "serverName",
-        width: "200px",
-        sorter: (a, b) => a.serverName.localeCompare(b.serverName),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/ldaps/${record.id}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
-      {
-        title: i18next.t("general:Organization"),
-        dataIndex: "owner",
-        key: "owner",
-        width: "140px",
-        sorter: (a, b) => a.owner.localeCompare(b.owner),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/organizations/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
-      {
-        title: i18next.t("ldap:Server"),
-        dataIndex: "host",
-        key: "host",
-        ellipsis: true,
-        sorter: (a, b) => a.host.localeCompare(b.host),
-        render: (text, record, index) => {
-          return `${text}:${record.port}`;
-        },
-      },
-      {
-        title: i18next.t("ldap:Base DN"),
-        dataIndex: "baseDn",
-        key: "baseDn",
-        ellipsis: true,
-        sorter: (a, b) => a.baseDn.localeCompare(b.baseDn),
-      },
-      {
-        title: i18next.t("ldap:Admin"),
-        dataIndex: "admin",
-        key: "admin",
-        ellipsis: true,
-        sorter: (a, b) => a.admin.localeCompare(b.admin),
-      },
-      {
-        title: i18next.t("ldap:Auto Sync"),
-        dataIndex: "autoSync",
-        key: "autoSync",
-        width: "100px",
-        sorter: (a, b) => a.autoSync.localeCompare(b.autoSync),
-        render: (text, record, index) => {
-          return text === 0 ? (<span style={{color: "#faad14"}}>Disable</span>) : (
-            <span style={{color: "#52c41a"}}>{text + " mins"}</span>);
-        },
-      },
-      {
-        title: i18next.t("ldap:Last Sync"),
-        dataIndex: "lastSync",
-        key: "lastSync",
-        ellipsis: true,
-        sorter: (a, b) => a.lastSync.localeCompare(b.lastSync),
-        render: (text, record, index) => {
-          return text;
-        },
-      },
-      {
-        title: i18next.t("general:Action"),
-        dataIndex: "",
-        key: "op",
-        width: "240px",
-        render: (text, record, index) => {
-          return (
-            <div>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}}
-                type="primary"
-                onClick={() => Setting.goToLink(`/ldap/sync/${record.id}`)}>{i18next.t("general:Sync")}</Button>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}}
-                onClick={() => Setting.goToLink(`/ldap/${record.id}`)}>{i18next.t("general:Edit")}</Button>
-              <PopconfirmModal
-                title={i18next.t("general:Sure to delete") + `: ${record.serverName} ?`}
-                onConfirm={() => this.deleteLdap(index)}
-              >
-              </PopconfirmModal>
-            </div>
-          );
-        },
-      },
-    ];
-
-    return (
-      <div>
-        <Table columns={columns} dataSource={ldaps} rowKey="id" size="middle" bordered
-          pagination={{pageSize: 100}}
-          title={() => (
-            <div>
-              <span>{i18next.t("general:LDAPs")}</span>
-              <Button type="primary" size="small" style={{marginLeft: "10px"}}
-                onClick={() => {
-                  this.addLdap();
-                }}>{i18next.t("general:Add")}</Button>
-            </div>
-          )}
-          loading={ldaps === null}
-        />
-      </div>
-    );
-  }
-
-  render() {
-    return (
-      <div>
-        <Row style={{width: "100%"}}>
-          <Col span={1}>
-          </Col>
-          <Col span={22}>
-            {
-              this.renderTable(this.state.ldaps)
-            }
-          </Col>
-          <Col span={1}>
-          </Col>
-        </Row>
-      </div>
-    );
-  }
-}
-
-export default LdapListPage;
--- a/web/src/MessageEditPage.js
+++ b/web/src/MessageEditPage.js
@@ -0,0 +1,220 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Button, Card, Col, Input, Row, Select} from "antd";
+import * as ChatBackend from "./backend/ChatBackend";
+import * as MessageBackend from "./backend/MessageBackend";
+import * as OrganizationBackend from "./backend/OrganizationBackend";
+import * as UserBackend from "./backend/UserBackend";
+import * as Setting from "./Setting";
+import i18next from "i18next";
+
+const {TextArea} = Input;
+
+class MessageEditPage extends React.Component {
+  constructor(props) {
+    super(props);
+    this.state = {
+      classes: props,
+      messageName: props.match.params.messageName,
+      message: null,
+      organizations: [],
+      chats: [],
+      users: [],
+      mode: props.location.mode !== undefined ? props.location.mode : "edit",
+    };
+  }
+
+  UNSAFE_componentWillMount() {
+    this.getMessage();
+    this.getOrganizations();
+    this.getChats();
+  }
+
+  getMessage() {
+    MessageBackend.getMessage("admin", this.state.messageName)
+      .then((message) => {
+        this.setState({
+          message: message,
+        });
+
+        this.getUsers(message.organization);
+      });
+  }
+
+  getOrganizations() {
+    OrganizationBackend.getOrganizations("admin")
+      .then((res) => {
+        this.setState({
+          organizations: (res.msg === undefined) ? res : [],
+        });
+      });
+  }
+
+  getChats() {
+    ChatBackend.getChats("admin")
+      .then((res) => {
+        this.setState({
+          chats: (res.msg === undefined) ? res : [],
+        });
+      });
+  }
+
+  getUsers(organizationName) {
+    UserBackend.getUsers(organizationName)
+      .then((res) => {
+        this.setState({
+          users: res,
+        });
+      });
+  }
+
+  parseMessageField(key, value) {
+    if ([].includes(key)) {
+      value = Setting.myParseInt(value);
+    }
+    return value;
+  }
+
+  updateMessageField(key, value) {
+    value = this.parseMessageField(key, value);
+
+    const message = this.state.message;
+    message[key] = value;
+    this.setState({
+      message: message,
+    });
+  }
+
+  renderMessage() {
+    return (
+      <Card size="small" title={
+        <div>
+          {this.state.mode === "add" ? i18next.t("message:New Message") : i18next.t("message:Edit Message")}&nbsp;&nbsp;&nbsp;&nbsp;
+          <Button onClick={() => this.submitMessageEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: "20px"}} type="primary" onClick={() => this.submitMessageEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+          {this.state.mode === "add" ? <Button style={{marginLeft: "20px"}} onClick={() => this.deleteMessage()}>{i18next.t("general:Cancel")}</Button> : null}
+        </div>
+      } style={(Setting.isMobile()) ? {margin: "5px"} : {}} type="inner">
+        <Row style={{marginTop: "10px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} value={this.state.message.organization} onChange={(value => {this.updateMessageField("organization", value);})}
+              options={this.state.organizations.map((organization) => Setting.getOption(organization.name, organization.name))
+              } />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.message.name} onChange={e => {
+              this.updateMessageField("name", e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("message:Chat"), i18next.t("message:Chat - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} value={this.state.message.chat} onChange={(value => {this.updateMessageField("chat", value);})}
+              options={this.state.chats.map((chat) => Setting.getOption(chat.name, chat.name))
+              } />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("message:Author"), i18next.t("general:Author - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} value={this.state.message.author} onChange={(value => {this.updateMessageField("author", value);})}
+              options={this.state.users.map((user) => Setting.getOption(`${user.owner}/${user.name}`, `${user.owner}/${user.name}`))
+              } />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("message:Text"), i18next.t("message:Text - Tooltip"))} :
+          </Col>
+          <Col span={22}>
+            <TextArea rows={10} value={this.state.message.text} onChange={e => {
+              this.updateMessageField("text", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      </Card>
+    );
+  }
+
+  submitMessageEdit(willExist) {
+    const message = Setting.deepCopy(this.state.message);
+    MessageBackend.updateMessage(this.state.message.owner, this.state.messageName, message)
+      .then((res) => {
+        if (res.status === "ok") {
+          Setting.showMessage("success", i18next.t("general:Successfully saved"));
+          this.setState({
+            messageName: this.state.message.name,
+          });
+
+          if (willExist) {
+            this.props.history.push("/messages");
+          } else {
+            this.props.history.push(`/messages/${this.state.message.name}`);
+          }
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);
+          this.updateMessageField("name", this.state.messageName);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  deleteMessage() {
+    MessageBackend.deleteMessage(this.state.message)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.props.history.push("/messages");
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  render() {
+    return (
+      <div>
+        {
+          this.state.message !== null ? this.renderMessage() : null
+        }
+        <div style={{marginTop: "20px", marginLeft: "40px"}}>
+          <Button size="large" onClick={() => this.submitMessageEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: "20px"}} type="primary" size="large" onClick={() => this.submitMessageEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+          {this.state.mode === "add" ? <Button style={{marginLeft: "20px"}} size="large" onClick={() => this.deleteMessage()}>{i18next.t("general:Cancel")}</Button> : null}
+        </div>
+      </div>
+    );
+  }
+}
+
+export default MessageEditPage;
--- a/web/src/MessageListPage.js
+++ b/web/src/MessageListPage.js
@@ -0,0 +1,236 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Link} from "react-router-dom";
+import {Button, Table} from "antd";
+import moment from "moment";
+import * as Setting from "./Setting";
+import * as MessageBackend from "./backend/MessageBackend";
+import i18next from "i18next";
+import BaseListPage from "./BaseListPage";
+import PopconfirmModal from "./PopconfirmModal";
+
+class MessageListPage extends BaseListPage {
+  newMessage() {
+    const randomName = Setting.getRandomName();
+    return {
+      owner: "admin", // this.props.account.messagename,
+      name: `message_${randomName}`,
+      createdTime: moment().format(),
+      organization: this.props.account.owner,
+      chat: "",
+      author: `${this.props.account.owner}/${this.props.account.name}`,
+      text: "",
+    };
+  }
+
+  addMessage() {
+    const newMessage = this.newMessage();
+    MessageBackend.addMessage(newMessage)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.props.history.push({pathname: `/messages/${newMessage.name}`, mode: "add"});
+          Setting.showMessage("success", i18next.t("general:Successfully added"));
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to add")}: ${res.msg}`);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  deleteMessage(i) {
+    MessageBackend.deleteMessage(this.state.data[i])
+      .then((res) => {
+        if (res.status === "ok") {
+          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
+          });
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  renderTable(messages) {
+    const columns = [
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "organization",
+        key: "organization",
+        width: "150px",
+        sorter: true,
+        ...this.getColumnSearchProps("organization"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:Name"),
+        dataIndex: "name",
+        key: "name",
+        width: "120px",
+        fixed: "left",
+        sorter: true,
+        ...this.getColumnSearchProps("name"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/messages/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:Created time"),
+        dataIndex: "createdTime",
+        key: "createdTime",
+        width: "150px",
+        sorter: true,
+        render: (text, record, index) => {
+          return Setting.getFormattedDate(text);
+        },
+      },
+      {
+        title: i18next.t("message:Chat"),
+        dataIndex: "chat",
+        key: "chat",
+        width: "120px",
+        fixed: "left",
+        sorter: true,
+        ...this.getColumnSearchProps("chat"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/chats/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("message:Author"),
+        dataIndex: "author",
+        key: "author",
+        width: "120px",
+        fixed: "left",
+        sorter: true,
+        ...this.getColumnSearchProps("author"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/users/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("message:Text"),
+        dataIndex: "text",
+        key: "text",
+        // width: '100px',
+        sorter: true,
+        ...this.getColumnSearchProps("text"),
+      },
+      {
+        title: i18next.t("general:Action"),
+        dataIndex: "",
+        key: "op",
+        width: "170px",
+        fixed: (Setting.isMobile()) ? "false" : "right",
+        render: (text, record, index) => {
+          return (
+            <div>
+              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/messages/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <PopconfirmModal
+                title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
+                onConfirm={() => this.deleteMessage(index)}
+              >
+              </PopconfirmModal>
+            </div>
+          );
+        },
+      },
+    ];
+
+    const paginationProps = {
+      total: this.state.pagination.total,
+      showQuickJumper: true,
+      showSizeChanger: true,
+      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
+    };
+
+    return (
+      <div>
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={messages} rowKey="name" size="middle" bordered pagination={paginationProps}
+          title={() => (
+            <div>
+              {i18next.t("general:Messages")}&nbsp;&nbsp;&nbsp;&nbsp;
+              <Button type="primary" size="small" onClick={this.addMessage.bind(this)}>{i18next.t("general:Add")}</Button>
+            </div>
+          )}
+          loading={this.state.loading}
+          onChange={this.handleTableChange}
+        />
+      </div>
+    );
+  }
+
+  fetch = (params = {}) => {
+    let field = params.searchedColumn, value = params.searchText;
+    const sortField = params.sortField, sortOrder = params.sortOrder;
+    if (params.category !== undefined && params.category !== null) {
+      field = "category";
+      value = params.category;
+    } else if (params.type !== undefined && params.type !== null) {
+      field = "type";
+      value = params.type;
+    }
+    this.setState({loading: true});
+    MessageBackend.getMessages("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            loading: false,
+            data: res.data,
+            pagination: {
+              ...params.pagination,
+              total: res.data2,
+            },
+            searchText: params.searchText,
+            searchedColumn: params.searchedColumn,
+          });
+        } else {
+          if (Setting.isResponseDenied(res)) {
+            this.setState({
+              loading: false,
+              isAuthorized: false,
+            });
+          }
+        }
+      });
+  };
+}
+
+export default MessageListPage;
--- a/web/src/OrganizationEditPage.js
+++ b/web/src/OrganizationEditPage.js
@@ -21,8 +21,8 @@ import * as Setting from "./Setting";
 import * as Conf from "./Conf";
 import i18next from "i18next";
 import {LinkOutlined} from "@ant-design/icons";
-import LdapTable from "./LdapTable";
-import AccountTable from "./AccountTable";
+import LdapTable from "./table/LdapTable";
+import AccountTable from "./table/AccountTable";
 import ThemeEditor from "./common/theme/ThemeEditor";

 const {Option} = Select;
--- a/web/src/PermissionListPage.js
+++ b/web/src/PermissionListPage.js
@@ -139,7 +139,7 @@ class PermissionListPage extends BaseListPage {
        sorter: true,
        ...this.getColumnSearchProps("users"),
        render: (text, record, index) => {
-          return Setting.getTags(text);
+          return Setting.getTags(text, "users");
        },
      },
      {
@@ -150,7 +150,7 @@ class PermissionListPage extends BaseListPage {
        sorter: true,
        ...this.getColumnSearchProps("roles"),
        render: (text, record, index) => {
-          return Setting.getTags(text);
+          return Setting.getTags(text, "roles");
        },
      },
      {
--- a/web/src/ProviderEditPage.js
+++ b/web/src/ProviderEditPage.js
@@ -19,12 +19,12 @@ import * as ProviderBackend from "./backend/ProviderBackend";
 import * as Setting from "./Setting";
 import i18next from "i18next";
 import {authConfig} from "./auth/Auth";
-import * as ProviderEditTestEmail from "./TestEmailWidget";
-import * as ProviderEditTestSms from "./TestSmsWidget";
+import * as ProviderEditTestEmail from "./common/TestEmailWidget";
+import * as ProviderEditTestSms from "./common/TestSmsWidget";
 import copy from "copy-to-clipboard";
 import {CaptchaPreview} from "./common/CaptchaPreview";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
-import {CountryCodeSelect} from "./common/CountryCodeSelect";
+import {CountryCodeSelect} from "./common/select/CountryCodeSelect";

 const {Option} = Select;
 const {TextArea} = Input;
@@ -110,7 +110,7 @@ class ProviderEditPage extends React.Component {
  getClientSecretLabel(provider) {
    switch (provider.category) {
    case "Email":
-      return Setting.getLabel(i18next.t("login:Password"), i18next.t("login:Password - Tooltip"));
+      return Setting.getLabel(i18next.t("general:Password"), i18next.t("general:Password - Tooltip"));
    case "SMS":
      if (provider.type === "Volc Engine SMS") {
        return Setting.getLabel(i18next.t("provider:Secret access key"), i18next.t("provider:Secret access key - Tooltip"));
@@ -130,6 +130,24 @@ class ProviderEditPage extends React.Component {
    }
  }

+  getProviderSubTypeOptions(type) {
+    if (type === "WeCom" || type === "Infoflow") {
+      return (
+        [
+          {id: "Internal", name: i18next.t("provider:Internal")},
+          {id: "Third-party", name: i18next.t("provider:Third-party")},
+        ]
+      );
+    } else if (type === "Aliyun Captcha") {
+      return [
+        {id: "nc", name: i18next.t("provider:Sliding Validation")},
+        {id: "ic", name: i18next.t("provider:Intelligent Validation")},
+      ];
+    } else {
+      return [];
+    }
+  }
+
  getAppIdRow(provider) {
    let text = "";
    let tooltip = "";
@@ -315,7 +333,7 @@ class ProviderEditPage extends React.Component {
                    this.updateProviderField("subType", value);
                  }}>
                    {
-                      Setting.getProviderSubTypeOptions(this.state.provider.type).map((providerSubType, index) => <Option key={index} value={providerSubType.id}>{providerSubType.name}</Option>)
+                      this.getProviderSubTypeOptions(this.state.provider.type).map((providerSubType, index) => <Option key={index} value={providerSubType.id}>{providerSubType.name}</Option>)
                    }
                  </Select>
                </Col>
@@ -331,7 +349,10 @@ class ProviderEditPage extends React.Component {
                        this.updateProviderField("method", value);
                      }}>
                        {
-                          [{name: "Normal"}, {name: "Silent"}].map((method, index) => <Option key={index} value={method.name}>{method.name}</Option>)
+                          [
+                            {id: "Normal", name: i18next.t("provider:Normal")},
+                            {id: "Silent", name: i18next.t("provider:Silent")},
+                          ].map((method, index) => <Option key={index} value={method.id}>{method.name}</Option>)
                        }
                      </Select>
                    </Col>
@@ -440,12 +461,14 @@ class ProviderEditPage extends React.Component {
          )
        }
        {
-          this.state.provider.type !== "WeChat" && this.state.provider.type !== "Aliyun Captcha" ? null : (
+          this.state.provider.type !== "WeChat" && this.state.provider.type !== "Aliyun Captcha" && this.state.provider.type !== "WeChat Pay" ? null : (
            <React.Fragment>
              <Row style={{marginTop: "20px"}} >
                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
                  {this.state.provider.type === "Aliyun Captcha"
                    ? Setting.getLabel(i18next.t("provider:Scene"), i18next.t("provider:Scene - Tooltip"))
+                    : this.state.provider.type === "WeChat Pay"
+                      ? Setting.getLabel("appId", "appId")
                      : Setting.getLabel(i18next.t("provider:Client ID 2"), i18next.t("provider:Client ID 2 - Tooltip"))}
                </Col>
                <Col span={22} >
@@ -454,6 +477,8 @@ class ProviderEditPage extends React.Component {
                  }} />
                </Col>
              </Row>
+              {
+                this.state.provider.type === "WeChat Pay" ? null : (
                  <Row style={{marginTop: "20px"}} >
                    <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
                      {this.state.provider.type === "Aliyun Captcha"
@@ -466,6 +491,8 @@ class ProviderEditPage extends React.Component {
                      }} />
                    </Col>
                  </Row>
+                )
+              }
            </React.Fragment>
          )
        }
--- a/web/src/RoleListPage.js
+++ b/web/src/RoleListPage.js
@@ -130,7 +130,7 @@ class RoleListPage extends BaseListPage {
        sorter: true,
        ...this.getColumnSearchProps("users"),
        render: (text, record, index) => {
-          return Setting.getTags(text);
+          return Setting.getTags(text, "users");
        },
      },
      {
@@ -141,7 +141,7 @@ class RoleListPage extends BaseListPage {
        sorter: true,
        ...this.getColumnSearchProps("roles"),
        render: (text, record, index) => {
-          return Setting.getTags(text);
+          return Setting.getTags(text, "roles");
        },
      },
      {
--- a/web/src/Setting.js
+++ b/web/src/Setting.js
@@ -14,7 +14,7 @@

 import React from "react";
 import {Link} from "react-router-dom";
-import {Checkbox, Form, Modal, Select, Tag, Tooltip, message, theme} from "antd";
+import {Select, Tag, Tooltip, message, theme} from "antd";
 import {QuestionCircleTwoTone} from "@ant-design/icons";
 import {isMobile as isMobileDevice} from "react-device-detect";
 import "./i18n";
@@ -42,7 +42,7 @@ export const Countries = [{label: "English", key: "en", country: "US", alt: "Eng
  {label: "日本語", key: "ja", country: "JP", alt: "日本語"},
  {label: "한국어", key: "ko", country: "KR", alt: "한국어"},
  {label: "Русский", key: "ru", country: "RU", alt: "Русский"},
-  {label: "TiếngViệt", key: "vi", country: "VI", alt: "TiếngViệt"},
+  {label: "TiếngViệt", key: "vn", country: "VN", alt: "TiếngViệt"},
 ];

 export function getThemeData(organization, application) {
@@ -552,10 +552,6 @@ export function addRow(array, row, position = "end") {
  return position === "end" ? [...array, row] : [row, ...array];
 }

-export function prependRow(array, row) {
-  return [row, ...array];
-}
-
 export function deleteRow(array, i) {
  // return array = array.slice(0, i).concat(array.slice(i + 1));
  return [...array.slice(0, i), ...array.slice(i + 1)];
@@ -585,76 +581,6 @@ export function isMobile() {
  return isMobileDevice;
 }

-export function getTermsOfUseContent(url, setTermsOfUseContent) {
-  fetch(url, {
-    method: "GET",
-  }).then(r => {
-    r.text().then(setTermsOfUseContent);
-  });
-}
-
-export function isAgreementRequired(application) {
-  if (application) {
-    const agreementItem = application.signupItems.find(item => item.name === "Agreement");
-    if (!agreementItem || agreementItem.rule === "None" || !agreementItem.rule) {
-      return false;
-    }
-    if (agreementItem.required) {
-      return true;
-    }
-  }
-  return false;
-}
-
-export function isDefaultTrue(application) {
-  const agreementItem = application.signupItems.find(item => item.name === "Agreement");
-
-  return isAgreementRequired(application) && agreementItem.rule === "Signin (Default True)";
-}
-
-export function renderAgreement(required, onClick, noStyle, layout, initialValue) {
-  return (
-    <Form.Item
-      name="agreement"
-      key="agreement"
-      valuePropName="checked"
-      rules={[
-        {
-          required: required,
-          message: i18next.t("signup:Please accept the agreement!"),
-        },
-      ]}
-      {...layout}
-      noStyle={noStyle}
-      initialValue={initialValue}
-    >
-      <Checkbox style={{float: "left"}}>
-        {i18next.t("signup:Accept")}&nbsp;
-        <a onClick={onClick}>
-          {i18next.t("signup:Terms of Use")}
-        </a>
-      </Checkbox>
-    </Form.Item>
-  );
-}
-
-export function renderModal(isOpen, onOk, onCancel, doc) {
-  return (
-    <Modal
-      title={i18next.t("signup:Terms of Use")}
-      open={isOpen}
-      width={"55vw"}
-      closable={false}
-      okText={i18next.t("signup:Accept")}
-      cancelText={i18next.t("signup:Decline")}
-      onOk={onOk}
-      onCancel={onCancel}
-    >
-      <iframe title={"terms"} style={{border: 0, width: "100%", height: "60vh"}} srcDoc={doc} />
-    </Modal>
-  );
-}
-
 export function getFormattedDate(date) {
  if (date === undefined) {
    return null;
@@ -731,14 +657,6 @@ export function getAvatarColor(s) {
  return colorList[hash % 4];
 }

-export function getLogo(theme) {
-  if (theme === "Dark") {
-    return `${StaticBaseUrl}/img/casdoor-logo_1185x256_dark.png`;
-  } else {
-    return `${StaticBaseUrl}/img/casdoor-logo_1185x256.png`;
-  }
-}
-
 export function getLanguageText(text) {
  if (!text.includes("|")) {
    return text;
@@ -763,11 +681,6 @@ export function setLanguage(language) {
  i18next.changeLanguage(language);
 }

-export function setTheme(themeKey) {
-  localStorage.setItem("theme", themeKey);
-  dispatchEvent(new Event("changeTheme"));
-}
-
 export function getAcceptLanguage() {
  if (i18next.language === null || i18next.language === "") {
    return "en;q=0.9,en;q=0.8";
@@ -948,24 +861,6 @@ export function getProviderTypeOptions(category) {
  }
 }

-export function getProviderSubTypeOptions(type) {
-  if (type === "WeCom" || type === "Infoflow") {
-    return (
-      [
-        {id: "Internal", name: "Internal"},
-        {id: "Third-party", name: "Third-party"},
-      ]
-    );
-  } else if (type === "Aliyun Captcha") {
-    return [
-      {id: "nc", name: "Sliding Validation"},
-      {id: "ic", name: "Intelligent Validation"},
-    ];
-  } else {
-    return [];
-  }
-}
-
 export function renderLogo(application) {
  if (application === null) {
    return null;
@@ -1175,18 +1070,28 @@ export function getTagColor(s) {
  return "processing";
 }

-export function getTags(tags) {
+export function getTags(tags, urlPrefix = null) {
  const res = [];
  if (!tags) {
    return res;
  }

  tags.forEach((tag, i) => {
+    if (urlPrefix === null) {
      res.push(
        <Tag color={getTagColor(tag)}>
          {tag}
        </Tag>
      );
+    } else {
+      res.push(
+        <Link to={`/${urlPrefix}/${tag}`}>
+          <Tag color={getTagColor(tag)}>
+            {tag}
+          </Tag>
+        </Link>
+      );
+    }
  });
  return res;
 }
@@ -1239,94 +1144,3 @@ export function inIframe() {
    return true;
  }
 }
-
-export function getSyncerTableColumns(syncer) {
-  switch (syncer.type) {
-  case "Keycloak":
-    return [
-      {
-        "name": "ID",
-        "type": "string",
-        "casdoorName": "Id",
-        "isHashed": true,
-        "values": [
-
-        ],
-      },
-      {
-        "name": "USERNAME",
-        "type": "string",
-        "casdoorName": "Name",
-        "isHashed": true,
-        "values": [
-
-        ],
-      },
-      {
-        "name": "LAST_NAME+FIRST_NAME",
-        "type": "string",
-        "casdoorName": "DisplayName",
-        "isHashed": true,
-        "values": [
-
-        ],
-      },
-      {
-        "name": "EMAIL",
-        "type": "string",
-        "casdoorName": "Email",
-        "isHashed": true,
-        "values": [
-
-        ],
-      },
-      {
-        "name": "EMAIL_VERIFIED",
-        "type": "boolean",
-        "casdoorName": "EmailVerified",
-        "isHashed": true,
-        "values": [
-
-        ],
-      },
-      {
-        "name": "FIRST_NAME",
-        "type": "string",
-        "casdoorName": "FirstName",
-        "isHashed": true,
-        "values": [
-
-        ],
-      },
-      {
-        "name": "LAST_NAME",
-        "type": "string",
-        "casdoorName": "LastName",
-        "isHashed": true,
-        "values": [
-
-        ],
-      },
-      {
-        "name": "CREATED_TIMESTAMP",
-        "type": "string",
-        "casdoorName": "CreatedTime",
-        "isHashed": true,
-        "values": [
-
-        ],
-      },
-      {
-        "name": "ENABLED",
-        "type": "boolean",
-        "casdoorName": "IsForbidden",
-        "isHashed": true,
-        "values": [
-
-        ],
-      },
-    ];
-  default:
-    return [];
-  }
-}
--- a/web/src/SyncerEditPage.js
+++ b/web/src/SyncerEditPage.js
@@ -19,7 +19,7 @@ import * as SyncerBackend from "./backend/SyncerBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as Setting from "./Setting";
 import i18next from "i18next";
-import SyncerTableColumnTable from "./SyncerTableColumnTable";
+import SyncerTableColumnTable from "./table/SyncerTableColumnTable";

 import {Controlled as CodeMirror} from "react-codemirror2";
 import "codemirror/lib/codemirror.css";
@@ -80,6 +80,97 @@ class SyncerEditPage extends React.Component {
    });
  }

+  getSyncerTableColumns(syncer) {
+    switch (syncer.type) {
+    case "Keycloak":
+      return [
+        {
+          "name": "ID",
+          "type": "string",
+          "casdoorName": "Id",
+          "isHashed": true,
+          "values": [
+
+          ],
+        },
+        {
+          "name": "USERNAME",
+          "type": "string",
+          "casdoorName": "Name",
+          "isHashed": true,
+          "values": [
+
+          ],
+        },
+        {
+          "name": "LAST_NAME+FIRST_NAME",
+          "type": "string",
+          "casdoorName": "DisplayName",
+          "isHashed": true,
+          "values": [
+
+          ],
+        },
+        {
+          "name": "EMAIL",
+          "type": "string",
+          "casdoorName": "Email",
+          "isHashed": true,
+          "values": [
+
+          ],
+        },
+        {
+          "name": "EMAIL_VERIFIED",
+          "type": "boolean",
+          "casdoorName": "EmailVerified",
+          "isHashed": true,
+          "values": [
+
+          ],
+        },
+        {
+          "name": "FIRST_NAME",
+          "type": "string",
+          "casdoorName": "FirstName",
+          "isHashed": true,
+          "values": [
+
+          ],
+        },
+        {
+          "name": "LAST_NAME",
+          "type": "string",
+          "casdoorName": "LastName",
+          "isHashed": true,
+          "values": [
+
+          ],
+        },
+        {
+          "name": "CREATED_TIMESTAMP",
+          "type": "string",
+          "casdoorName": "CreatedTime",
+          "isHashed": true,
+          "values": [
+
+          ],
+        },
+        {
+          "name": "ENABLED",
+          "type": "boolean",
+          "casdoorName": "IsForbidden",
+          "isHashed": true,
+          "values": [
+
+          ],
+        },
+      ];
+    default:
+      return [];
+    }
+  }
+
  renderSyncer() {
    return (
      <Card size="small" title={
@@ -120,7 +211,7 @@ class SyncerEditPage extends React.Component {
            <Select virtual={false} style={{width: "100%"}} value={this.state.syncer.type} onChange={(value => {
              this.updateSyncerField("type", value);
              const syncer = this.state.syncer;
-              syncer["tableColumns"] = Setting.getSyncerTableColumns(this.state.syncer);
+              syncer["tableColumns"] = this.getSyncerTableColumns(this.state.syncer);
              syncer.table = (value === "Keycloak") ? "user_entity" : this.state.syncer.table;
              this.setState({
                syncer: syncer,
--- a/web/src/SystemInfo.js
+++ b/web/src/SystemInfo.js
@@ -45,7 +45,7 @@ class SystemInfo extends React.Component {
        }).catch(error => {
          Setting.showMessage("error", `System info failed to get: ${error}`);
        });
-      }, 1000 * 3);
+      }, 1000 * 2);
      this.setState({intervalId: id});
    }).catch(error => {
      Setting.showMessage("error", `System info failed to get: ${error}`);
--- a/web/src/UserEditPage.js
+++ b/web/src/UserEditPage.js
@@ -18,18 +18,18 @@ import * as UserBackend from "./backend/UserBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as Setting from "./Setting";
 import i18next from "i18next";
-import CropperDiv from "./CropperDiv.js";
+import CropperDivModal from "./common/modal/CropperDivModal.js";
 import * as ApplicationBackend from "./backend/ApplicationBackend";
-import PasswordModal from "./PasswordModal";
-import ResetModal from "./ResetModal";
-import AffiliationSelect from "./common/AffiliationSelect";
+import PasswordModal from "./common/modal/PasswordModal";
+import ResetModal from "./common/modal/ResetModal";
+import AffiliationSelect from "./common/select/AffiliationSelect";
 import OAuthWidget from "./common/OAuthWidget";
 import SamlWidget from "./common/SamlWidget";
-import SelectRegionBox from "./SelectRegionBox";
-import WebAuthnCredentialTable from "./WebauthnCredentialTable";
-import ManagedAccountTable from "./ManagedAccountTable";
-import PropertyTable from "./propertyTable";
-import {CountryCodeSelect} from "./common/CountryCodeSelect";
+import RegionSelect from "./common/select/RegionSelect";
+import WebAuthnCredentialTable from "./table/WebauthnCredentialTable";
+import ManagedAccountTable from "./table/ManagedAccountTable";
+import PropertyTable from "./table/propertyTable";
+import {CountryCodeSelect} from "./common/select/CountryCodeSelect";

 const {Option} = Select;

@@ -253,7 +253,7 @@ class UserEditPage extends React.Component {
              </Col>
            </Row>
            <Row style={{marginTop: "20px"}}>
-              <CropperDiv buttonText={`${i18next.t("user:Upload a photo")}...`} title={i18next.t("user:Upload a photo")} user={this.state.user} organization={this.state.organizations.find(organization => organization.name === this.state.organizationName)} />
+              <CropperDivModal buttonText={`${i18next.t("user:Upload a photo")}...`} title={i18next.t("user:Upload a photo")} user={this.state.user} organization={this.state.organizations.find(organization => organization.name === this.state.organizationName)} />
            </Row>
          </Col>
        </Row>
@@ -341,7 +341,7 @@ class UserEditPage extends React.Component {
            {Setting.getLabel(i18next.t("user:Country/Region"), i18next.t("user:Country/Region - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <SelectRegionBox defaultValue={this.state.user.region} onChange={(value) => {
+            <RegionSelect defaultValue={this.state.user.region} onChange={(value) => {
              this.updateUserField("region", value);
            }} />
          </Col>
@@ -614,7 +614,7 @@ class UserEditPage extends React.Component {
    );
  }

-  submitUserEdit(willExist) {
+  submitUserEdit(needExit) {
    const user = Setting.deepCopy(this.state.user);
    UserBackend.updateUser(this.state.organizationName, this.state.userName, user)
      .then((res) => {
@@ -626,13 +626,18 @@ class UserEditPage extends React.Component {
          });

          if (this.props.history !== undefined) {
-            if (willExist) {
+            if (needExit) {
+              const userListUrl = sessionStorage.getItem("userListUrl");
+              if (userListUrl !== null) {
+                this.props.history.push(userListUrl);
+              } else {
                this.props.history.push("/users");
+              }
            } else {
              this.props.history.push(`/users/${this.state.user.owner}/${this.state.user.name}`);
            }
          } else {
-            if (willExist) {
+            if (needExit) {
              if (this.state.returnUrl) {
                window.location.href = this.state.returnUrl;
              }
--- a/web/src/UserListPage.js
+++ b/web/src/UserListPage.js
@@ -70,6 +70,7 @@ class UserListPage extends BaseListPage {
    UserBackend.addUser(newUser)
      .then((res) => {
        if (res.status === "ok") {
+          sessionStorage.setItem("userListUrl", window.location.pathname);
          this.props.history.push({pathname: `/users/${newUser.owner}/${newUser.name}`, mode: "add"});
          Setting.showMessage("success", i18next.t("general:Successfully added"));
        } else {
@@ -341,7 +342,10 @@ class UserListPage extends BaseListPage {
          const disabled = (record.owner === this.props.account.owner && record.name === this.props.account.name);
          return (
            <div>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/users/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => {
+                sessionStorage.setItem("userListUrl", window.location.pathname);
+                this.props.history.push(`/users/${record.owner}/${record.name}`);
+              }}>{i18next.t("general:Edit")}</Button>
              <PopconfirmModal
                title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
                onConfirm={() => this.deleteUser(index)}
@@ -402,6 +406,8 @@ class UserListPage extends BaseListPage {
            const users = res.data;
            if (users.length > 0) {
              this.getOrganization(users[0].owner);
+            } else {
+              this.getOrganization(this.state.organizationName);
            }
          } else {
            if (Setting.isResponseDenied(res)) {
@@ -430,6 +436,8 @@ class UserListPage extends BaseListPage {
            const users = res.data;
            if (users.length > 0) {
              this.getOrganization(users[0].owner);
+            } else {
+              this.getOrganization(this.state.organizationName);
            }
          } else {
            if (Setting.isResponseDenied(res)) {
--- a/web/src/WebhookEditPage.js
+++ b/web/src/WebhookEditPage.js
@@ -19,7 +19,7 @@ import * as WebhookBackend from "./backend/WebhookBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as Setting from "./Setting";
 import i18next from "i18next";
-import WebhookHeaderTable from "./WebhookHeaderTable";
+import WebhookHeaderTable from "./table/WebhookHeaderTable";

 import {Controlled as CodeMirror} from "react-codemirror2";
 import "codemirror/lib/codemirror.css";
--- a/web/src/auth/ForgetPage.js
+++ b/web/src/auth/ForgetPage.js
@@ -22,7 +22,7 @@ import i18next from "i18next";
 import {SendCodeInput} from "../common/SendCodeInput";
 import * as UserBackend from "../backend/UserBackend";
 import {CheckCircleOutlined, KeyOutlined, LockOutlined, SolutionOutlined, UserOutlined} from "@ant-design/icons";
-import CustomGithubCorner from "../CustomGithubCorner";
+import CustomGithubCorner from "../common/CustomGithubCorner";
 import {withRouter} from "react-router-dom";
 const {Option} = Select;

@@ -33,9 +33,8 @@ class ForgetPage extends React.Component {
      classes: props,
      applicationName: props.applicationName ?? props.match.params?.applicationName,
      msg: null,
-      userId: "",
-      username: "",
      name: "",
+      username: "",
      phone: "",
      email: "",
      dest: "",
@@ -86,7 +85,7 @@ class ForgetPage extends React.Component {
            const phone = res.data.phone;
            const email = res.data.email;

-            if (phone === "" && email === "") {
+            if (!phone && !email) {
              Setting.showMessage("error", "no verification method!");
            } else {
              this.setState({
@@ -124,18 +123,16 @@ class ForgetPage extends React.Component {
        });
      break;
    case "step2":
-      const oAuthParams = Util.getOAuthGetParameters();
-
-      AuthBackend.login({
+      UserBackend.verifyCode({
        application: forms.step2.getFieldValue("application"),
        organization: forms.step2.getFieldValue("organization"),
        username: forms.step2.getFieldValue("dest"),
        name: this.state.name,
        code: forms.step2.getFieldValue("code"),
        type: "login",
-      }, oAuthParams).then(res => {
+      }).then(res => {
        if (res.status === "ok") {
-          this.setState({current: 2, userId: res.data});
+          this.setState({current: 2, code: forms.step2.getFieldValue("code")});
        } else {
          Setting.showMessage("error", res.msg);
        }
@@ -150,7 +147,7 @@ class ForgetPage extends React.Component {
  onFinish(values) {
    values.username = this.state.name;
    values.userOwner = this.getApplicationObj()?.organizationObj.name;
-    UserBackend.setPassword(values.userOwner, values.username, "", values?.newPassword).then(res => {
+    UserBackend.setPassword(values.userOwner, values.username, "", values?.newPassword, this.state.code).then(res => {
      if (res.status === "ok") {
        Setting.redirectToLoginPage(this.getApplicationObj(), this.props.history);
      } else {
@@ -387,7 +384,6 @@ class ForgetPage extends React.Component {
              hasFeedback
            >
              <Input.Password
-                disabled={this.state.userId === ""}
                prefix={<LockOutlined />}
                placeholder={i18next.t("general:Password")}
              />
@@ -414,14 +410,13 @@ class ForgetPage extends React.Component {
              ]}
            >
              <Input.Password
-                disabled={this.state.userId === ""}
                prefix={<CheckCircleOutlined />}
                placeholder={i18next.t("signup:Confirm")}
              />
            </Form.Item>
            <br />
            <Form.Item hidden={this.state.current !== 2}>
-              <Button block type="primary" htmlType="submit" disabled={this.state.userId === ""}>
+              <Button block type="primary" htmlType="submit">
                {i18next.t("forget:Change Password")}
              </Button>
            </Form.Item>
--- a/web/src/auth/LoginButton.js
+++ b/web/src/auth/LoginButton.js
@@ -14,11 +14,10 @@

 import i18next from "i18next";
 import {createButton} from "react-social-login-buttons";
-import {StaticBaseUrl} from "../Setting";

-function LoginButton({type, align = "center", style = {background: "#ffffff", color: "#000000"}, activeStyle = {background: "#ededee"}}) {
+function LoginButton({type, logoUrl, align = "center", style = {background: "#ffffff", color: "#000000"}, activeStyle = {background: "#ededee"}}) {
  function Icon({width = 24, height = 24, color}) {
-    return <img src={`${StaticBaseUrl}/buttons/${type.toLowerCase()}.svg`} alt={`Sign in with ${type}`} style={{width: width, height: height}} />;
+    return <img src={logoUrl} alt={`Sign in with ${type}`} style={{width: width, height: height}} />;
  }
  const config = {
    text: `Sign in with ${type}`,
--- a/web/src/auth/LoginPage.js
+++ b/web/src/auth/LoginPage.js
@@ -24,12 +24,13 @@ import * as Provider from "./Provider";
 import * as ProviderButton from "./ProviderButton";
 import * as Util from "./Util";
 import * as Setting from "../Setting";
+import * as AgreementModal from "../common/modal/AgreementModal";
 import SelfLoginButton from "./SelfLoginButton";
 import i18next from "i18next";
-import CustomGithubCorner from "../CustomGithubCorner";
+import CustomGithubCorner from "../common/CustomGithubCorner";
 import {SendCodeInput} from "../common/SendCodeInput";
-import SelectLanguageBox from "../SelectLanguageBox";
-import {CaptchaModal} from "../common/CaptchaModal";
+import LanguageSelect from "../common/select/LanguageSelect";
+import {CaptchaModal} from "../common/modal/CaptchaModal";
 import RedirectForm from "../common/RedirectForm";

 class LoginPage extends React.Component {
@@ -135,12 +136,6 @@ class LoginPage extends React.Component {
      ApplicationBackend.getApplication("admin", this.state.applicationName)
        .then((application) => {
          this.onUpdateApplication(application);
-
-          if (application !== null && application !== undefined) {
-            Setting.getTermsOfUseContent(application.termsOfUse, res => {
-              this.setState({termsOfUseContent: res});
-            });
-          }
        });
    } else {
      OrganizationBackend.getDefaultApplication("admin", this.state.owner)
@@ -151,12 +146,6 @@ class LoginPage extends React.Component {
            this.setState({
              applicationName: res.data.name,
            });
-
-            if (application !== null && application !== undefined) {
-              Setting.getTermsOfUseContent(application.termsOfUse, res => {
-                this.setState({termsOfUseContent: res});
-              });
-            }
          } else {
            this.onUpdateApplication(null);
            Setting.showMessage("error", res.msg);
@@ -470,25 +459,17 @@ class LoginPage extends React.Component {
              this.renderPasswordOrCodeInput()
            }
          </Row>
-          <Form.Item>
-            {
-              Setting.isAgreementRequired(application) ?
-                Setting.renderAgreement(true, () => {
-                  this.setState({
-                    isTermsOfUseVisible: true,
-                  });
-                }, true, {}, Setting.isDefaultTrue(application)) : (
+          <div style={{display: "inline-flex", justifyContent: "space-between", width: "320px", marginBottom: AgreementModal.isAgreementRequired(application) ? "5px" : "25px"}}>
            <Form.Item name="autoSignin" valuePropName="checked" noStyle>
              <Checkbox style={{float: "left"}} disabled={!application.enablePassword}>
                {i18next.t("login:Auto sign in")}
              </Checkbox>
            </Form.Item>
-                )
-            }
            {
              Setting.renderForgetLink(application, i18next.t("login:Forgot password?"))
            }
-          </Form.Item>
+          </div>
+          {AgreementModal.isAgreementRequired(application) ? AgreementModal.renderAgreementFormItem(application, true, {}, this) : null}
          <Form.Item>
            <Button
              type="primary"
@@ -833,26 +814,13 @@ class LoginPage extends React.Component {
                  {
                    Setting.renderLogo(application)
                  }
-                  <SelectLanguageBox languages={application.organizationObj.languages} style={{top: "55px", right: "5px", position: "absolute"}} />
+                  <LanguageSelect languages={application.organizationObj.languages} style={{top: "55px", right: "5px", position: "absolute"}} />
                  {
                    this.renderSignedInBox()
                  }
                  {
                    this.renderForm(application)
                  }
-                  {
-                    Setting.renderModal(this.state.isTermsOfUseVisible, () => {
-                      this.form.current.setFieldsValue({agreement: true});
-                      this.setState({
-                        isTermsOfUseVisible: false,
-                      });
-                    }, () => {
-                      this.form.current.setFieldsValue({agreement: false});
-                      this.setState({
-                        isTermsOfUseVisible: false,
-                      });
-                    }, this.state.termsOfUseContent)
-                  }
                </div>
              </div>
            </div>
--- a/web/src/auth/PromptPage.js
+++ b/web/src/auth/PromptPage.js
@@ -19,9 +19,9 @@ import * as UserBackend from "../backend/UserBackend";
 import * as AuthBackend from "./AuthBackend";
 import * as Setting from "../Setting";
 import i18next from "i18next";
-import AffiliationSelect from "../common/AffiliationSelect";
+import AffiliationSelect from "../common/select/AffiliationSelect";
 import OAuthWidget from "../common/OAuthWidget";
-import SelectRegionBox from "../SelectRegionBox";
+import RegionSelect from "../common/select/RegionSelect";
 import {withRouter} from "react-router-dom";

 class PromptPage extends React.Component {
@@ -151,7 +151,7 @@ class PromptPage extends React.Component {
                      </span>
                    </Col>
                    <Col >
-                      <SelectRegionBox defaultValue={this.state.user.region} onChange={(value) => {
+                      <RegionSelect defaultValue={this.state.user.region} onChange={(value) => {
                        this.updateUserFieldWithoutSubmit("region", value);
                      }} />
                    </Col>
--- a/web/src/auth/ProviderButton.js
+++ b/web/src/auth/ProviderButton.js
@@ -44,62 +44,62 @@ import * as AuthBackend from "./AuthBackend";
 import {getEvent} from "./Util";
 import {Modal} from "antd";

-function getSigninButton(type) {
-  const text = i18next.t("login:Sign in with {type}").replace("{type}", type);
-  if (type === "GitHub") {
+function getSigninButton(provider) {
+  const text = i18next.t("login:Sign in with {type}").replace("{type}", provider.type);
+  if (provider.type === "GitHub") {
    return <GithubLoginButton text={text} align={"center"} />;
-  } else if (type === "Google") {
+  } else if (provider.type === "Google") {
    return <GoogleLoginButton text={text} align={"center"} />;
-  } else if (type === "QQ") {
+  } else if (provider.type === "QQ") {
    return <QqLoginButton text={text} align={"center"} />;
-  } else if (type === "Facebook") {
+  } else if (provider.type === "Facebook") {
    return <FacebookLoginButton text={text} align={"center"} />;
-  } else if (type === "Weibo") {
+  } else if (provider.type === "Weibo") {
    return <WeiboLoginButton text={text} align={"center"} />;
-  } else if (type === "Gitee") {
+  } else if (provider.type === "Gitee") {
    return <GiteeLoginButton text={text} align={"center"} />;
-  } else if (type === "WeChat") {
+  } else if (provider.type === "WeChat") {
    return <WechatLoginButton text={text} align={"center"} />;
-  } else if (type === "DingTalk") {
+  } else if (provider.type === "DingTalk") {
    return <DingTalkLoginButton text={text} align={"center"} />;
-  } else if (type === "LinkedIn") {
+  } else if (provider.type === "LinkedIn") {
    return <LinkedInLoginButton text={text} align={"center"} />;
-  } else if (type === "WeCom") {
+  } else if (provider.type === "WeCom") {
    return <WeComLoginButton text={text} align={"center"} />;
-  } else if (type === "Lark") {
+  } else if (provider.type === "Lark") {
    return <LarkLoginButton text={text} align={"center"} />;
-  } else if (type === "GitLab") {
+  } else if (provider.type === "GitLab") {
    return <GitLabLoginButton text={text} align={"center"} />;
-  } else if (type === "Adfs") {
+  } else if (provider.type === "Adfs") {
    return <AdfsLoginButton text={text} align={"center"} />;
-  } else if (type === "Casdoor") {
+  } else if (provider.type === "Casdoor") {
    return <CasdoorLoginButton text={text} align={"center"} />;
-  } else if (type === "Baidu") {
+  } else if (provider.type === "Baidu") {
    return <BaiduLoginButton text={text} align={"center"} />;
-  } else if (type === "Alipay") {
+  } else if (provider.type === "Alipay") {
    return <AlipayLoginButton text={text} align={"center"} />;
-  } else if (type === "Infoflow") {
+  } else if (provider.type === "Infoflow") {
    return <InfoflowLoginButton text={text} align={"center"} />;
-  } else if (type === "Apple") {
+  } else if (provider.type === "Apple") {
    return <AppleLoginButton text={text} align={"center"} />;
-  } else if (type === "AzureAD") {
+  } else if (provider.type === "AzureAD") {
    return <AzureADLoginButton text={text} align={"center"} />;
-  } else if (type === "Slack") {
+  } else if (provider.type === "Slack") {
    return <SlackLoginButton text={text} align={"center"} />;
-  } else if (type === "Steam") {
+  } else if (provider.type === "Steam") {
    return <SteamLoginButton text={text} align={"center"} />;
-  } else if (type === "Bilibili") {
+  } else if (provider.type === "Bilibili") {
    return <BilibiliLoginButton text={text} align={"center"} />;
-  } else if (type === "Okta") {
+  } else if (provider.type === "Okta") {
    return <OktaLoginButton text={text} align={"center"} />;
-  } else if (type === "Douyin") {
+  } else if (provider.type === "Douyin") {
    return <DouyinLoginButton text={text} align={"center"} />;
  } else {
-    return <LoginButton key={type} type={type} />;
+    return <LoginButton key={provider.type} type={provider.type} logoUrl={getProviderLogoURL(provider)} />;
  }
 }

-function getSamlUrl(provider, location) {
+function goToSamlUrl(provider, location) {
  const params = new URLSearchParams(location.search);
  const clientId = params.get("client_id") ?? "";
  const state = params.get("state");
@@ -149,12 +149,11 @@ export function renderProviderLogo(provider, application, width, margin, size, l
      }
    } else if (provider.category === "SAML") {
      return (
-        <a key={provider.displayName} onClick={() => getSamlUrl(provider, location)}>
+        <a key={provider.displayName} onClick={() => goToSamlUrl(provider, location)}>
          <img width={width} height={width} src={getProviderLogoURL(provider)} alt={provider.displayName} style={{margin: margin}} />
        </a>
      );
    }
-
  } else if (provider.type === "Custom") {
    // style definition
    const text = i18next.t("login:Sign in with {type}").replace("{type}", provider.displayName);
@@ -173,7 +172,7 @@ export function renderProviderLogo(provider, application, width, margin, size, l
      );
    } else if (provider.category === "SAML") {
      return (
-        <a key={provider.displayName} onClick={() => getSamlUrl(provider, location)} style={customAStyle}>
+        <a key={provider.displayName} onClick={() => goToSamlUrl(provider, location)} style={customAStyle}>
          <button style={customButtonStyle}>
            <img width={26} src={getProviderLogoURL(provider)} alt={provider.displayName} style={customImgStyle} />
            <span style={customSpanStyle}>{text}</span>
@@ -181,15 +180,28 @@ export function renderProviderLogo(provider, application, width, margin, size, l
        </a>
      );
    }
+  } else {
+    // big button, for disable password signin
+    if (provider.category === "SAML") {
+      return (
+        <div key={provider.displayName} style={{marginBottom: "10px"}}>
+          <a onClick={() => goToSamlUrl(provider, location)}>
+            {
+              getSigninButton(provider)
+            }
+          </a>
+        </div>
+      );
    } else {
      return (
        <div key={provider.displayName} style={{marginBottom: "10px"}}>
          <a href={Provider.getAuthUrl(application, provider, "signup")}>
            {
-            getSigninButton(provider.type)
+              getSigninButton(provider)
            }
          </a>
        </div>
      );
    }
+  }
 }
--- a/web/src/auth/SignupPage.js
+++ b/web/src/auth/SignupPage.js
@@ -21,12 +21,13 @@ import i18next from "i18next";
 import * as Util from "./Util";
 import {authConfig} from "./Auth";
 import * as ApplicationBackend from "../backend/ApplicationBackend";
+import * as AgreementModal from "../common/modal/AgreementModal";
 import {SendCodeInput} from "../common/SendCodeInput";
-import SelectRegionBox from "../SelectRegionBox";
-import CustomGithubCorner from "../CustomGithubCorner";
-import SelectLanguageBox from "../SelectLanguageBox";
+import RegionSelect from "../common/select/RegionSelect";
+import CustomGithubCorner from "../common/CustomGithubCorner";
+import LanguageSelect from "../common/select/LanguageSelect";
 import {withRouter} from "react-router-dom";
-import {CountryCodeSelect} from "../common/CountryCodeSelect";
+import {CountryCodeSelect} from "../common/select/CountryCodeSelect";

 const formItemLayout = {
  labelCol: {
@@ -47,7 +48,7 @@ const formItemLayout = {
  },
 };

-const tailFormItemLayout = {
+export const tailFormItemLayout = {
  wrapperCol: {
    xs: {
      span: 24,
@@ -105,12 +106,6 @@ class SignupPage extends React.Component {
    ApplicationBackend.getApplication("admin", applicationName)
      .then((application) => {
        this.onUpdateApplication(application);
-
-        if (application !== null && application !== undefined) {
-          Setting.getTermsOfUseContent(application.termsOfUse, res => {
-            this.setState({termsOfUseContent: res});
-          });
-        }
      });
  }

@@ -311,7 +306,7 @@ class SignupPage extends React.Component {
            },
          ]}
        >
-          <SelectRegionBox onChange={(value) => {this.setState({region: value});}} />
+          <RegionSelect onChange={(value) => {this.setState({region: value});}} />
        </Form.Item>
      );
    } else if (signupItem.name === "Email") {
@@ -391,11 +386,11 @@ class SignupPage extends React.Component {
                  },
                  ({getFieldValue}) => ({
                    validator: (_, value) => {
-                      if (!required && value === "") {
+                      if (!required && !value) {
                        return Promise.resolve();
                      }

-                      if (value !== "" && !Setting.isValidPhone(value, getFieldValue("countryCode"))) {
+                      if (value && !Setting.isValidPhone(value, getFieldValue("countryCode"))) {
                        this.setState({validPhone: false});
                        return Promise.reject(i18next.t("signup:The input is not valid Phone!"));
                      }
@@ -477,32 +472,10 @@ class SignupPage extends React.Component {
        </Form.Item>
      );
    } else if (signupItem.name === "Agreement") {
-      return (
-        Setting.renderAgreement(Setting.isAgreementRequired(application), () => {
-          this.setState({
-            isTermsOfUseVisible: true,
-          });
-        }, false, tailFormItemLayout, Setting.isDefaultTrue(application))
-      );
+      return AgreementModal.renderAgreementFormItem(application, required, tailFormItemLayout, this);
    }
  }

-  renderModal() {
-    return (
-      Setting.renderModal(this.state.isTermsOfUseVisible, () => {
-        this.form.current.setFieldsValue({agreement: true});
-        this.setState({
-          isTermsOfUseVisible: false,
-        });
-      }, () => {
-        this.form.current.setFieldsValue({agreement: false});
-        this.setState({
-          isTermsOfUseVisible: false,
-        });
-      }, this.state.termsOfUseContent)
-    );
-  }
-
  renderForm(application) {
    if (!application.enableSignUp) {
      return (
@@ -615,16 +588,13 @@ class SignupPage extends React.Component {
              {
                Setting.renderLogo(application)
              }
-              <SelectLanguageBox languages={application.organizationObj.languages} style={{top: "55px", right: "5px", position: "absolute"}} />
+              <LanguageSelect languages={application.organizationObj.languages} style={{top: "55px", right: "5px", position: "absolute"}} />
              {
                this.renderForm(application)
              }
            </div>
          </div>
        </div>
-        {
-          this.renderModal()
-        }
      </React.Fragment>
    );
  }
--- a/web/src/backend/ApplicationBackend.js
+++ b/web/src/backend/ApplicationBackend.js
@@ -55,11 +55,10 @@ export function getUserApplication(owner, name) {
 }

 export function updateApplication(owner, name, application) {
-  const newApplication = Setting.deepCopy(application);
  return fetch(`${Setting.ServerUrl}/api/update-application?id=${owner}/${encodeURIComponent(name)}`, {
    method: "POST",
    credentials: "include",
-    body: JSON.stringify(newApplication),
+    body: JSON.stringify(application),
    headers: {
      "Accept-Language": Setting.getAcceptLanguage(),
    },
--- a/web/src/backend/ChatBackend.js
+++ b/web/src/backend/ChatBackend.js
@@ -0,0 +1,71 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import * as Setting from "../Setting";
+
+export function getChats(owner, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-chats?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function getChat(owner, name) {
+  return fetch(`${Setting.ServerUrl}/api/get-chat?id=${owner}/${encodeURIComponent(name)}`, {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function updateChat(owner, name, chat) {
+  const newChat = Setting.deepCopy(chat);
+  return fetch(`${Setting.ServerUrl}/api/update-chat?id=${owner}/${encodeURIComponent(name)}`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(newChat),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function addChat(chat) {
+  const newChat = Setting.deepCopy(chat);
+  return fetch(`${Setting.ServerUrl}/api/add-chat`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(newChat),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function deleteChat(chat) {
+  const newChat = Setting.deepCopy(chat);
+  return fetch(`${Setting.ServerUrl}/api/delete-chat`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(newChat),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
--- a/web/src/backend/MessageBackend.js
+++ b/web/src/backend/MessageBackend.js
@@ -0,0 +1,71 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import * as Setting from "../Setting";
+
+export function getMessages(owner, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-messages?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function getMessage(owner, name) {
+  return fetch(`${Setting.ServerUrl}/api/get-message?id=${owner}/${encodeURIComponent(name)}`, {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function updateMessage(owner, name, message) {
+  const newMessage = Setting.deepCopy(message);
+  return fetch(`${Setting.ServerUrl}/api/update-message?id=${owner}/${encodeURIComponent(name)}`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(newMessage),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function addMessage(message) {
+  const newMessage = Setting.deepCopy(message);
+  return fetch(`${Setting.ServerUrl}/api/add-message`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(newMessage),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function deleteMessage(message) {
+  const newMessage = Setting.deepCopy(message);
+  return fetch(`${Setting.ServerUrl}/api/delete-message`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(newMessage),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
--- a/web/src/backend/UserBackend.js
+++ b/web/src/backend/UserBackend.js
@@ -93,12 +93,16 @@ export function getAffiliationOptions(url, code) {
  }).then(res => res.json());
 }

-export function setPassword(userOwner, userName, oldPassword, newPassword) {
+export function setPassword(userOwner, userName, oldPassword, newPassword, code = "") {
  const formData = new FormData();
  formData.append("userOwner", userOwner);
  formData.append("userName", userName);
  formData.append("oldPassword", oldPassword);
  formData.append("newPassword", newPassword);
+  if (code) {
+    formData.append("code", code);
+  }
+
  return fetch(`${Setting.ServerUrl}/api/set-password`, {
    method: "POST",
    credentials: "include",
@@ -188,3 +192,14 @@ export function getCaptcha(owner, name, isCurrentProvider) {
    },
  }).then(res => res.json()).then(res => res.data);
 }
+
+export function verifyCode(values) {
+  return fetch(`${Setting.ServerUrl}/api/verify-code`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(values),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
--- a/web/src/backend/UserWebauthnBackend.js
+++ b/web/src/backend/UserWebauthnBackend.js
@@ -71,8 +71,12 @@ export function deleteUserWebAuthnCredential(credentialID) {
  }).then(res => res.json());
 }

-// Base64 to ArrayBuffer
+// Base64URL to ArrayBuffer
 export function webAuthnBufferDecode(value) {
+  value = value.replace(/-/g, "+").replace(/_/g, "/");
+  while (value.length % 4) {
+    value += "=";
+  }
  return Uint8Array.from(atob(value), c => c.charCodeAt(0));
 }

--- a/web/src/common/CaptchaPreview.js
+++ b/web/src/common/CaptchaPreview.js
@@ -15,7 +15,7 @@
 import {Button} from "antd";
 import React from "react";
 import i18next from "i18next";
-import {CaptchaModal} from "./CaptchaModal";
+import {CaptchaModal} from "./modal/CaptchaModal";
 import * as UserBackend from "../backend/UserBackend";

 export const CaptchaPreview = (props) => {
--- a/web/src/common/CustomGithubCorner.js
+++ b/web/src/common/CustomGithubCorner.js
@@ -13,7 +13,7 @@
 // limitations under the License.

 import React from "react";
-import * as Conf from "./Conf";
+import * as Conf from "../Conf";
 import GithubCorner from "react-github-corner";

 class CustomGithubCorner extends React.Component {
--- a/web/src/common/SendCodeInput.js
+++ b/web/src/common/SendCodeInput.js
@@ -17,7 +17,7 @@ import React from "react";
 import i18next from "i18next";
 import * as UserBackend from "../backend/UserBackend";
 import {SafetyOutlined} from "@ant-design/icons";
-import {CaptchaModal} from "./CaptchaModal";
+import {CaptchaModal} from "./modal/CaptchaModal";

 const {Search} = Input;

--- a/web/src/common/TestEmailWidget.js
+++ b/web/src/common/TestEmailWidget.js
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-import * as Setting from "./Setting";
+import * as Setting from "../Setting";
 import i18next from "i18next";

 export function sendTestEmail(provider, email) {
--- a/web/src/common/TestSmsWidget.js
+++ b/web/src/common/TestSmsWidget.js
@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-import * as Setting from "./Setting";
+import * as Setting from "../Setting";
 import i18next from "i18next";

 export function sendTestSms(provider, phone) {
--- a/web/src/common/modal/AgreementModal.js
+++ b/web/src/common/modal/AgreementModal.js
@@ -0,0 +1,126 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import {Checkbox, Form, Modal} from "antd";
+import i18next from "i18next";
+import React, {useEffect, useState} from "react";
+
+export const AgreementModal = (props) => {
+  const {open, onOk, onCancel, application} = props;
+  const [doc, setDoc] = useState("");
+
+  useEffect(() => {
+    getTermsOfUseContent(application.termsOfUse).then((data) => {
+      setDoc(data);
+    });
+  }, []);
+
+  return (
+
+    <Modal
+      title={i18next.t("signup:Terms of Use")}
+      open={open}
+      width={"55vw"}
+      closable={false}
+      okText={i18next.t("signup:Accept")}
+      cancelText={i18next.t("signup:Decline")}
+      onOk={onOk}
+      onCancel={onCancel}
+    >
+      <iframe title={"terms"} style={{border: 0, width: "100%", height: "60vh"}} srcDoc={doc} />
+    </Modal>
+  );
+};
+
+function getTermsOfUseContent(url) {
+  return fetch(url, {
+    method: "GET",
+  }).then(r => r.text());
+}
+
+export function isAgreementRequired(application) {
+  if (application) {
+    const agreementItem = application.signupItems.find(item => item.name === "Agreement");
+    if (!agreementItem || agreementItem.rule === "None" || !agreementItem.rule) {
+      return false;
+    }
+    if (agreementItem.required) {
+      return true;
+    }
+  }
+  return false;
+}
+
+function initDefaultValue(application) {
+  const agreementItem = application.signupItems.find(item => item.name === "Agreement");
+
+  return isAgreementRequired(application) && agreementItem.rule === "Signin (Default True)";
+}
+
+export function renderAgreementFormItem(application, required, layout, ths) {
+  return (<React.Fragment>
+    <Form.Item
+      name="agreement"
+      key="agreement"
+      valuePropName="checked"
+      rules={[
+        {
+          required: required,
+        },
+        () => ({
+          validator: (_, value) => {
+            if (!required) {
+              return Promise.resolve();
+            }
+
+            if (!value) {
+              return Promise.reject(i18next.t("signup:Please accept the agreement!"));
+            } else {
+              return Promise.resolve();
+            }
+          },
+        }),
+      ]
+      }
+      {...layout}
+      initialValue={initDefaultValue(application)}
+    >
+      <Checkbox style={{float: "left"}}>
+        {i18next.t("signup:Accept")}&nbsp;
+        <a onClick={() => {
+          ths.setState({
+            isTermsOfUseVisible: true,
+          });
+        }}
+        >
+          {i18next.t("signup:Terms of Use")}
+        </a>
+      </Checkbox>
+    </Form.Item>
+    <AgreementModal application={application} layout={layout} open={ths.state.isTermsOfUseVisible}
+      onOk={() => {
+        ths.form.current.setFieldsValue({agreement: true});
+        ths.setState({
+          isTermsOfUseVisible: false,
+        });
+      }}
+      onCancel={() => {
+        ths.form.current.setFieldsValue({agreement: false});
+        ths.setState({
+          isTermsOfUseVisible: false,
+        });
+      }} />
+  </React.Fragment>
+  );
+}
--- a/web/src/common/modal/CaptchaModal.js
+++ b/web/src/common/modal/CaptchaModal.js
@@ -15,8 +15,8 @@
 import {Button, Col, Input, Modal, Row} from "antd";
 import i18next from "i18next";
 import React, {useEffect} from "react";
-import * as UserBackend from "../backend/UserBackend";
-import {CaptchaWidget} from "./CaptchaWidget";
+import * as UserBackend from "../../backend/UserBackend";
+import {CaptchaWidget} from "../CaptchaWidget";
 import {SafetyOutlined} from "@ant-design/icons";

 export const CaptchaModal = (props) => {
--- a/web/src/common/modal/CropperDivModal.js
+++ b/web/src/common/modal/CropperDivModal.js
@@ -15,12 +15,12 @@
 import React, {useEffect, useState} from "react";
 import Cropper from "react-cropper";
 import "cropperjs/dist/cropper.css";
-import * as Setting from "./Setting";
+import * as Setting from "../../Setting";
 import {Button, Col, Modal, Row, Select} from "antd";
 import i18next from "i18next";
-import * as ResourceBackend from "./backend/ResourceBackend";
+import * as ResourceBackend from "../../backend/ResourceBackend";

-export const CropperDiv = (props) => {
+export const CropperDivModal = (props) => {
  const [loading, setLoading] = useState(true);
  const [options, setOptions] = useState([]);
  const [image, setImage] = useState("");
@@ -60,7 +60,7 @@ export const CropperDiv = (props) => {
      // Setting.showMessage("success", "uploading...");
      const extension = image.substring(image.indexOf("/") + 1, image.indexOf(";base64"));
      const fullFilePath = `avatar/${user.owner}/${user.name}.${extension}`;
-      ResourceBackend.uploadResource(user.owner, user.name, "avatar", "CropperDiv", fullFilePath, blob)
+      ResourceBackend.uploadResource(user.owner, user.name, "avatar", "CropperDivModal", fullFilePath, blob)
        .then((res) => {
          if (res.status === "ok") {
            window.location.href = window.location.pathname;
@@ -187,4 +187,4 @@ export const CropperDiv = (props) => {
  );
 };

-export default CropperDiv;
+export default CropperDivModal;
--- a/web/src/common/modal/PasswordModal.js
+++ b/web/src/common/modal/PasswordModal.js
@@ -15,8 +15,8 @@
 import {Button, Col, Input, Modal, Row} from "antd";
 import i18next from "i18next";
 import React from "react";
-import * as UserBackend from "./backend/UserBackend";
-import * as Setting from "./Setting";
+import * as UserBackend from "../../backend/UserBackend";
+import * as Setting from "../../Setting";

 export const PasswordModal = (props) => {
  const [visible, setVisible] = React.useState(false);
--- a/web/src/common/modal/ResetModal.js
+++ b/web/src/common/modal/ResetModal.js
@@ -15,9 +15,9 @@
 import {Button, Col, Input, Modal, Row} from "antd";
 import i18next from "i18next";
 import React from "react";
-import * as Setting from "./Setting";
-import * as UserBackend from "./backend/UserBackend";
-import {SendCodeInput} from "./common/SendCodeInput";
+import * as Setting from "../../Setting";
+import * as UserBackend from "../../backend/UserBackend";
+import {SendCodeInput} from "../SendCodeInput";
 import {MailOutlined, PhoneOutlined} from "@ant-design/icons";

 export const ResetModal = (props) => {
--- a/web/src/common/select/AffiliationSelect.js
+++ b/web/src/common/select/AffiliationSelect.js
@@ -15,8 +15,8 @@
 import React from "react";
 import {Cascader, Col, Input, Row, Select} from "antd";
 import i18next from "i18next";
-import * as UserBackend from "../backend/UserBackend";
-import * as Setting from "../Setting";
+import * as UserBackend from "../../backend/UserBackend";
+import * as Setting from "../../Setting";

 class AffiliationSelect extends React.Component {
  constructor(props) {
@@ -28,7 +28,7 @@ class AffiliationSelect extends React.Component {
    };
  }

-  UNSAFE_componentWillMount() {
+  componentDidMount() {
    this.getAddressOptions(this.props.application);
    this.getAffiliationOptions(this.props.application, this.props.user);
  }
--- a/web/src/common/select/CountryCodeSelect.js
+++ b/web/src/common/select/CountryCodeSelect.js
@@ -13,7 +13,7 @@
 // limitations under the License.

 import {Select} from "antd";
-import * as Setting from "../Setting";
+import * as Setting from "../../Setting";
 import React from "react";

 export const CountryCodeSelect = (props) => {
--- a/web/src/common/select/LanguageSelect.js
+++ b/web/src/common/select/LanguageSelect.js
@@ -13,9 +13,9 @@
 // limitations under the License.

 import React from "react";
-import * as Setting from "./Setting";
+import * as Setting from "../../Setting";
 import {Dropdown} from "antd";
-import "./App.less";
+import "../../App.less";
 import {GlobalOutlined} from "@ant-design/icons";

 function flagIcon(country, alt) {
@@ -24,7 +24,7 @@ function flagIcon(country, alt) {
  );
 }

-class SelectLanguageBox extends React.Component {
+class LanguageSelect extends React.Component {
  constructor(props) {
    super(props);
    this.state = {
@@ -63,4 +63,4 @@ class SelectLanguageBox extends React.Component {
  }
 }

-export default SelectLanguageBox;
+export default LanguageSelect;
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Yaodong Yu	1b1de1dd01	feat: add LDAP custom filter support (#1719 ) * refactor: improve ldap server code * feat: custom filter * fix: fix displayName mapping * feat: add custom filter search fields * chore: add license * chore: i18n * chore: i18n * chore: update init field	2023-04-13 14:12:31 +08:00
XDTD	968d8646b2	fix: update webAuthnBufferDecode to support Base64URL for WebAuthn updates (#1734 )	2023-04-12 21:33:54 +08:00
imp2002	94eef7dceb	feat: fix `adapter` set organizations invalid bug (#1729 )	2023-04-11 22:38:00 +08:00
rune	fe647939ce	fix: fix CAS callback url not match bug (#1728 ) Co-authored-by: mfk <mfk@hengwei.com.cn>	2023-04-11 19:26:57 +08:00
Dzung Do	984a69cb4b	feat: fix wrong Vietnamese flag (#1724 ) * fix wrong Vietnam country code * fix wrong Vietnam country code * fix wrong Vietnam country code * fix wrong Vietnam country code	2023-04-10 22:42:12 +08:00
XDTD	098a1ece68	fix: rollback the version of webauthn in go mod to fix "atob" bug (#1721 )	2023-04-10 20:14:27 +08:00
Wenpeng Chen	ad6f2ad2e1	feat: add wechatpay support. (#1710 ) * feat: add wechatpay support. * feat: add wechatpay support. * Update wechatv3pay.go * fix: update format. * Update wechatv3pay.go * Update wechatv3pay.go * Update wechatv3pay.go * fix: update file format. * fix: improve the front of wechat payment. * fix: change clientId2 to clientId. * fix: fix the code format. * fix: return backend error information to frontend.	2023-04-10 18:04:10 +08:00
Yang Luo	2d55252261	Add chat and message pages	2023-04-09 15:54:22 +08:00
Yang Luo	30ea3a1335	Improve getTags()	2023-04-09 15:54:21 +08:00
Yaodong Yu	b7d78d1e27	fix: validate parameter and nil in func updateUser (#1714 ) * fix: validate parameter and nil in func updateUser * fix: delete blank line	2023-04-09 10:35:30 +08:00
jivfly	3d5a645a3b	feat: fix field name error of termsOfUse (#1715 )	2023-04-09 01:01:04 +08:00
Gucheng Wang	4ad21e7781	fix: fix WeCom provider method	2023-04-07 01:10:46 +08:00
Yaodong Yu	b99a0c3ca2	feat: optimize the "forget password" page (#1709 )	2023-04-06 23:06:18 +08:00
Yaodong Yu	e1842f6b80	feat: fix LDAP server handle filter without CN field as * (#1705 ) * fix: set ldap server default filter name as * * fix: default use built-in organization to bind * chore: use cache reduce the ci test time	2023-04-04 20:51:28 +08:00
Max Baier	0781a3835d	feat: improve i18n to have proper German translation in web/ (#1702 )	2023-04-02 10:52:30 +08:00
Yang Luo	98a99f0215	Fix bug in getMemoryUsage()	2023-04-02 10:50:41 +08:00
Yang Luo	681b086de0	Fix session page highlight	2023-04-01 17:36:50 +08:00
Yaodong Yu	cdcc0b39e2	feat: filter not selected provider item (#1701 )	2023-04-01 10:22:18 +08:00
Gucheng Wang	8eb68ba817	fix: fix AAD single-tenant mode bug	2023-03-31 19:24:03 +08:00
Yang Luo	8d1ae4ea08	Fix organization page bug	2023-03-31 18:35:57 +08:00
zzjin	9c8ea027ef	feat: add the missing userId param docs for get-user API (#1698 ) * Add roles to SAML response * Fix: Add back missing get-user userId param doc. Signed-off-by: zzjin <tczzjin@gmail.com> * Update user.go --------- Signed-off-by: zzjin <tczzjin@gmail.com> Co-authored-by: Yang Luo <hsluoyz@qq.com>	2023-03-30 18:39:14 +08:00
Yang Luo	aaa56d3354	Add roles to SAML response	2023-03-30 14:43:34 +08:00
Yaodong Yu	b45c49d3a4	feat: fix incorrect preferred_username field mapping in OIDC (#1697 )	2023-03-29 22:18:12 +08:00
Yaodong Yu	5b3202cc89	feat: fix phone validation bug in signup page (#1693 )	2023-03-27 22:52:49 +08:00
Gucheng Wang	5280f872dc	Speed up GetOAuthToken()	2023-03-27 14:05:44 +08:00
Yaodong Yu	fd61b963d5	feat: [SAML + long button crash] fix `Disabling "Enable password" leads to white app page when SAML provider is active` (#1691 ) * fix: saml long button crush * fix: sue svg * Update Setting.js * Update LoginButton.js * Update ProviderButton.js --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>	2023-03-26 23:56:43 +08:00
Yaodong Yu	a8937d3046	feat: refactor agreement modal and create folders to classify components (#1686 ) * refactor: refactor agreement modal and create folders to classify components * fix: i18 * fix: i18 * fix: i18n	2023-03-26 18:44:47 +08:00
Yang Luo	32b05047dc	Update system info API swagger	2023-03-26 10:19:59 +08:00
hsluoyz	117ee509cf	feat: fix name format in application login: GetClientCredentialsToken() (#1639 )	2023-03-25 23:02:08 +08:00