fix: fix golangci-lint (#1775 )

Can add/delete chat
Add loading to chat box
2025-07-31 00:30:32 +08:00 · 2023-04-23 17:02:29 +08:00 · 2023-04-23 01:19:44 +08:00 · 2023-04-23 00:25:09 +08:00 · 2023-04-22 23:20:40 +08:00 · 2023-04-22 21:15:06 +08:00
114 changed files with 5505 additions and 1169 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -66,7 +66,7 @@ jobs:
      - uses: actions/setup-go@v4
        with:
          go-version: '^1.16.5'
-          cache-dependency-path: ./go.mod
+          cache: false

      # gen a dummy config file
      - run: touch dummy.yml
--- a/1
+++ b/1
@@ -64,6 +64,7 @@ COPY --from=BACK /go/src/casdoor/docker-entrypoint.sh /docker-entrypoint.sh
 COPY --from=BACK /go/src/casdoor/conf/app.conf ./conf/app.conf
 COPY --from=BACK /go/src/casdoor/version_info.txt ./go/src/casdoor/version_info.txt
 COPY --from=FRONT /web/build ./web/build
+RUN mkdir tempFiles

 ENTRYPOINT ["/bin/bash"]
 CMD ["/docker-entrypoint.sh"]
--- a/authz/authz.go
+++ b/authz/authz.go
@@ -90,6 +90,7 @@ p, *, *, GET, /api/userinfo, *, *
 p, *, *, GET, /api/user, *, *
 p, *, *, POST, /api/webhook, *, *
 p, *, *, GET, /api/get-webhook-event, *, *
+p, *, *, GET, /api/get-captcha-status, *, *
 p, *, *, *, /api/login/oauth, *, *
 p, *, *, GET, /api/get-application, *, *
 p, *, *, GET, /api/get-organization-applications, *, *
@@ -108,6 +109,7 @@ p, *, *, POST, /api/set-password, *, *
 p, *, *, POST, /api/send-verification-code, *, *
 p, *, *, GET, /api/get-captcha, *, *
 p, *, *, POST, /api/verify-captcha, *, *
+p, *, *, POST, /api/verify-code, *, *
 p, *, *, POST, /api/reset-email-or-phone, *, *
 p, *, *, POST, /api/upload-resource, *, *
 p, *, *, GET, /.well-known/openid-configuration, *, *
--- a/controllers/account.go
+++ b/controllers/account.go
@@ -137,7 +137,7 @@ func (c *ApiController) Signup() {
 	}

 	var checkPhone string
-	if application.IsSignupItemVisible("Phone") && form.Phone != "" {
+	if application.IsSignupItemVisible("Phone") && application.GetSignupItemRule("Phone") != "No verification" && form.Phone != "" {
 		checkPhone, _ = util.GetE164Number(form.Phone, form.CountryCode)
 		checkResult := object.CheckVerificationCode(checkPhone, form.PhoneCode, c.GetAcceptLanguage())
 		if checkResult.Code != object.VerificationSuccess {
--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -246,33 +246,14 @@ func (c *ApiController) Login() {
 		var msg string

 		if form.Password == "" {
-			var verificationCodeType string
-			var checkResult string
-
-			if form.Name != "" {
-				user = object.GetUserByFields(form.Organization, form.Name)
-			}
-
-			// check result through Email or Phone
-			var checkDest string
-			if strings.Contains(form.Username, "@") {
-				verificationCodeType = "email"
-				if user != nil && util.GetMaskedEmail(user.Email) == form.Username {
-					form.Username = user.Email
-				}
-				checkDest = form.Username
-			} else {
-				verificationCodeType = "phone"
-				if user != nil && util.GetMaskedPhone(user.Phone) == form.Username {
-					form.Username = user.Phone
-				}
-			}
-
 			if user = object.GetUserByFields(form.Organization, form.Username); user == nil {
 				c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(form.Organization, form.Username)))
 				return
 			}
-			if verificationCodeType == "phone" {
+
+			verificationCodeType := object.GetVerifyType(form.Username)
+			var checkDest string
+			if verificationCodeType == object.VerifyTypePhone {
 				form.CountryCode = user.GetCountryCode(form.CountryCode)
 				var ok bool
 				if checkDest, ok = util.GetE164Number(form.Username, form.CountryCode); !ok {
@@ -281,7 +262,8 @@ func (c *ApiController) Login() {
 				}
 			}

-			checkResult = object.CheckSigninCode(user, checkDest, form.Code, c.GetAcceptLanguage())
+			// check result through Email or Phone
+			checkResult := object.CheckSigninCode(user, checkDest, form.Code, c.GetAcceptLanguage())
 			if len(checkResult) != 0 {
 				c.ResponseError(fmt.Sprintf("%s - %s", verificationCodeType, checkResult))
 				return
@@ -299,8 +281,8 @@ func (c *ApiController) Login() {
 				c.ResponseError(c.T("auth:The login method: login with password is not enabled for the application"))
 				return
 			}
-
-			if object.CheckToEnableCaptcha(application) {
+			var enableCaptcha bool
+			if enableCaptcha = object.CheckToEnableCaptcha(application, form.Organization, form.Username); enableCaptcha {
 				isHuman, err := captcha.VerifyCaptchaByCaptchaType(form.CaptchaType, form.CaptchaToken, form.ClientSecret)
 				if err != nil {
 					c.ResponseError(err.Error())
@@ -314,7 +296,8 @@ func (c *ApiController) Login() {
 			}

 			password := form.Password
-			user, msg = object.CheckUserPassword(form.Organization, form.Username, password, c.GetAcceptLanguage())
+			user, msg = object.CheckUserPassword(form.Organization, form.Username, password, c.GetAcceptLanguage(), enableCaptcha)
+
 		}

 		if msg != "" {
@@ -357,7 +340,7 @@ func (c *ApiController) Login() {
 		userInfo := &idp.UserInfo{}
 		if provider.Category == "SAML" {
 			// SAML
-			userInfo.Id, err = object.ParseSamlResponse(form.SamlResponse, provider.Type)
+			userInfo.Id, err = object.ParseSamlResponse(form.SamlResponse, provider, c.Ctx.Request.Host)
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
@@ -564,7 +547,7 @@ func (c *ApiController) Login() {
 func (c *ApiController) GetSamlLogin() {
 	providerId := c.Input().Get("id")
 	relayState := c.Input().Get("relayState")
-	authURL, method, err := object.GenerateSamlLoginUrl(providerId, relayState, c.GetAcceptLanguage())
+	authURL, method, err := object.GenerateSamlRequest(providerId, relayState, c.Ctx.Request.Host, c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(err.Error())
 	}
@@ -628,3 +611,21 @@ func (c *ApiController) GetWebhookEventType() {
 	wechatScanType = ""
 	c.ServeJSON()
 }
+
+// GetCaptchaStatus
+// @Title GetCaptchaStatus
+// @Tag Token API
+// @Description Get Login Error Counts
+// @Param   id     query    string  true        "The id ( owner/name ) of user"
+// @Success 200 {object} controllers.Response The Response object
+// @router /api/get-captcha-status [get]
+func (c *ApiController) GetCaptchaStatus() {
+	organization := c.Input().Get("organization")
+	userId := c.Input().Get("user_id")
+	user := object.GetUserByFields(organization, userId)
+	var captchaEnabled bool
+	if user != nil && user.SigninWrongTimes >= object.SigninWrongTimesLimit {
+		captchaEnabled = true
+	}
+	c.ResponseOk(captchaEnabled)
+}
--- a/controllers/cas.go
+++ b/controllers/cas.go
@@ -72,6 +72,11 @@ func (c *RootController) CasProxyValidate() {
 	c.CasP3ServiceAndProxyValidate()
 }

+func queryUnescape(service string) string {
+	s, _ := url.QueryUnescape(service)
+	return s
+}
+
 func (c *RootController) CasP3ServiceAndProxyValidate() {
 	ticket := c.Input().Get("ticket")
 	format := c.Input().Get("format")
@@ -91,7 +96,7 @@ func (c *RootController) CasP3ServiceAndProxyValidate() {
 	// find the token
 	if ok {
 		// check whether service is the one for which we previously issued token
-		if strings.HasPrefix(service, issuedService) {
+		if strings.HasPrefix(service, issuedService) || strings.HasPrefix(queryUnescape(service), issuedService) {
 			serviceResponse.Success = response
 		} else {
 			// service not match
--- a/controllers/chat.go
+++ b/controllers/chat.go
@@ -0,0 +1,123 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/beego/beego/utils/pagination"
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
+)
+
+// GetChats
+// @Title GetChats
+// @Tag Chat API
+// @Description get chats
+// @Param   owner     query    string  true        "The owner of chats"
+// @Success 200 {array} object.Chat The Response object
+// @router /get-chats [get]
+func (c *ApiController) GetChats() {
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	if limit == "" || page == "" {
+		c.Data["json"] = object.GetMaskedChats(object.GetChats(owner))
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetChatCount(owner, field, value)))
+		chats := object.GetMaskedChats(object.GetPaginationChats(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
+		c.ResponseOk(chats, paginator.Nums())
+	}
+}
+
+// GetChat
+// @Title GetChat
+// @Tag Chat API
+// @Description get chat
+// @Param   id     query    string  true        "The id ( owner/name ) of the chat"
+// @Success 200 {object} object.Chat The Response object
+// @router /get-chat [get]
+func (c *ApiController) GetChat() {
+	id := c.Input().Get("id")
+
+	c.Data["json"] = object.GetMaskedChat(object.GetChat(id))
+	c.ServeJSON()
+}
+
+// UpdateChat
+// @Title UpdateChat
+// @Tag Chat API
+// @Description update chat
+// @Param   id     query    string  true        "The id ( owner/name ) of the chat"
+// @Param   body    body   object.Chat  true        "The details of the chat"
+// @Success 200 {object} controllers.Response The Response object
+// @router /update-chat [post]
+func (c *ApiController) UpdateChat() {
+	id := c.Input().Get("id")
+
+	var chat object.Chat
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &chat)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.UpdateChat(id, &chat))
+	c.ServeJSON()
+}
+
+// AddChat
+// @Title AddChat
+// @Tag Chat API
+// @Description add chat
+// @Param   body    body   object.Chat  true        "The details of the chat"
+// @Success 200 {object} controllers.Response The Response object
+// @router /add-chat [post]
+func (c *ApiController) AddChat() {
+	var chat object.Chat
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &chat)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.AddChat(&chat))
+	c.ServeJSON()
+}
+
+// DeleteChat
+// @Title DeleteChat
+// @Tag Chat API
+// @Description delete chat
+// @Param   body    body   object.Chat  true        "The details of the chat"
+// @Success 200 {object} controllers.Response The Response object
+// @router /delete-chat [post]
+func (c *ApiController) DeleteChat() {
+	var chat object.Chat
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &chat)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.DeleteChat(&chat))
+	c.ServeJSON()
+}
--- a/controllers/ldap.go
+++ b/controllers/ldap.go
@@ -65,7 +65,7 @@ func (c *ApiController) GetLdapUsers() {
 	//	})
 	//}

-	users, err := conn.GetLdapUsers(ldapServer.BaseDn)
+	users, err := conn.GetLdapUsers(ldapServer)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -80,15 +80,16 @@ func (c *ApiController) GetLdapUsers() {
 			Cn:        user.Cn,
 			GroupId:   user.GidNumber,
 			// GroupName: groupsMap[user.GidNumber].Cn,
-			Uuid:    user.Uuid,
-			Email:   util.GetMaxLenStr(user.Mail, user.Email, user.EmailAddress),
-			Phone:   util.GetMaxLenStr(user.TelephoneNumber, user.Mobile, user.MobileTelephoneNumber),
-			Address: util.GetMaxLenStr(user.RegisteredAddress, user.PostalAddress),
+			Uuid:        user.Uuid,
+			DisplayName: user.DisplayName,
+			Email:       util.GetMaxLenStr(user.Mail, user.Email, user.EmailAddress),
+			Phone:       util.GetMaxLenStr(user.TelephoneNumber, user.Mobile, user.MobileTelephoneNumber),
+			Address:     util.GetMaxLenStr(user.RegisteredAddress, user.PostalAddress),
 		})
 		uuids = append(uuids, user.Uuid)
 	}

-	existUuids := object.CheckLdapUuidExist(ldapServer.Owner, uuids)
+	existUuids := object.GetExistUuids(ldapServer.Owner, uuids)

 	c.ResponseOk(resp, existUuids)
 }
@@ -131,7 +132,7 @@ func (c *ApiController) AddLdap() {
 		return
 	}

-	if util.IsStringsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Admin, ldap.Passwd, ldap.BaseDn) {
+	if util.IsStringsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Username, ldap.Password, ldap.BaseDn) {
 		c.ResponseError(c.T("general:Missing parameter"))
 		return
 	}
@@ -160,7 +161,7 @@ func (c *ApiController) AddLdap() {
 func (c *ApiController) UpdateLdap() {
 	var ldap object.Ldap
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldap)
-	if err != nil || util.IsStringsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Admin, ldap.Passwd, ldap.BaseDn) {
+	if err != nil || util.IsStringsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Username, ldap.Password, ldap.BaseDn) {
 		c.ResponseError(c.T("general:Missing parameter"))
 		return
 	}
--- a/controllers/message.go
+++ b/controllers/message.go
@@ -0,0 +1,132 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/beego/beego/utils/pagination"
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
+)
+
+// GetMessages
+// @Title GetMessages
+// @Tag Message API
+// @Description get messages
+// @Param   owner     query    string  true        "The owner of messages"
+// @Success 200 {array} object.Message The Response object
+// @router /get-messages [get]
+func (c *ApiController) GetMessages() {
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	chat := c.Input().Get("chat")
+
+	if limit == "" || page == "" {
+		var messages []*object.Message
+		if chat == "" {
+			messages = object.GetMessages(owner)
+		} else {
+			messages = object.GetChatMessages(chat)
+		}
+
+		c.Data["json"] = object.GetMaskedMessages(messages)
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetMessageCount(owner, field, value)))
+		messages := object.GetMaskedMessages(object.GetPaginationMessages(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
+		c.ResponseOk(messages, paginator.Nums())
+	}
+}
+
+// GetMessage
+// @Title GetMessage
+// @Tag Message API
+// @Description get message
+// @Param   id     query    string  true        "The id ( owner/name ) of the message"
+// @Success 200 {object} object.Message The Response object
+// @router /get-message [get]
+func (c *ApiController) GetMessage() {
+	id := c.Input().Get("id")
+
+	c.Data["json"] = object.GetMaskedMessage(object.GetMessage(id))
+	c.ServeJSON()
+}
+
+// UpdateMessage
+// @Title UpdateMessage
+// @Tag Message API
+// @Description update message
+// @Param   id     query    string  true        "The id ( owner/name ) of the message"
+// @Param   body    body   object.Message  true        "The details of the message"
+// @Success 200 {object} controllers.Response The Response object
+// @router /update-message [post]
+func (c *ApiController) UpdateMessage() {
+	id := c.Input().Get("id")
+
+	var message object.Message
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &message)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.UpdateMessage(id, &message))
+	c.ServeJSON()
+}
+
+// AddMessage
+// @Title AddMessage
+// @Tag Message API
+// @Description add message
+// @Param   body    body   object.Message  true        "The details of the message"
+// @Success 200 {object} controllers.Response The Response object
+// @router /add-message [post]
+func (c *ApiController) AddMessage() {
+	var message object.Message
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &message)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.AddMessage(&message))
+	c.ServeJSON()
+}
+
+// DeleteMessage
+// @Title DeleteMessage
+// @Tag Message API
+// @Description delete message
+// @Param   body    body   object.Message  true        "The details of the message"
+// @Success 200 {object} controllers.Response The Response object
+// @router /delete-message [post]
+func (c *ApiController) DeleteMessage() {
+	var message object.Message
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &message)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.DeleteMessage(&message))
+	c.ServeJSON()
+}
--- a/controllers/token.go
+++ b/controllers/token.go
@@ -124,40 +124,6 @@ func (c *ApiController) DeleteToken() {
 	c.ServeJSON()
 }

-// GetOAuthCode
-// @Title GetOAuthCode
-// @Tag Token API
-// @Description get OAuth code
-// @Param   id     query    string  true        "The id ( owner/name ) of user"
-// @Param   client_id     query    string  true        "OAuth client id"
-// @Param   response_type     query    string  true        "OAuth response type"
-// @Param   redirect_uri     query    string  true        "OAuth redirect URI"
-// @Param   scope     query    string  true        "OAuth scope"
-// @Param   state     query    string  true        "OAuth state"
-// @Success 200 {object} object.TokenWrapper The Response object
-// @router /login/oauth/code [post]
-func (c *ApiController) GetOAuthCode() {
-	userId := c.Input().Get("user_id")
-	clientId := c.Input().Get("client_id")
-	responseType := c.Input().Get("response_type")
-	redirectUri := c.Input().Get("redirect_uri")
-	scope := c.Input().Get("scope")
-	state := c.Input().Get("state")
-	nonce := c.Input().Get("nonce")
-
-	challengeMethod := c.Input().Get("code_challenge_method")
-	codeChallenge := c.Input().Get("code_challenge")
-
-	if challengeMethod != "S256" && challengeMethod != "null" && challengeMethod != "" {
-		c.ResponseError(c.T("auth:Challenge method should be S256"))
-		return
-	}
-	host := c.Ctx.Request.Host
-
-	c.Data["json"] = object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce, codeChallenge, host, c.GetAcceptLanguage())
-	c.ServeJSON()
-}
-
 // GetOAuthToken
 // @Title GetOAuthToken
 // @Tag Token API
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -95,13 +95,13 @@ func (c *ApiController) GetUser() {

 	owner := c.Input().Get("owner")
 	if owner == "" {
-		owner, _ = util.GetOwnerAndNameFromId(id)
+		owner = util.GetOwnerFromId(id)
 	}

 	organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", owner))
 	if !organization.IsProfilePublic {
 		requestUserId := c.GetSessionUsername()
-		hasPermission, err := object.CheckUserPermission(requestUserId, id, owner, false, c.GetAcceptLanguage())
+		hasPermission, err := object.CheckUserPermission(requestUserId, id, false, c.GetAcceptLanguage())
 		if !hasPermission {
 			c.ResponseError(err.Error())
 			return
@@ -138,10 +138,6 @@ func (c *ApiController) UpdateUser() {
 	id := c.Input().Get("id")
 	columnsStr := c.Input().Get("columns")

-	if id == "" {
-		id = c.GetSessionUsername()
-	}
-
 	var user object.User
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
 	if err != nil {
@@ -149,10 +145,27 @@ func (c *ApiController) UpdateUser() {
 		return
 	}

-	if msg := object.CheckUpdateUser(object.GetUser(id), &user, c.GetAcceptLanguage()); msg != "" {
+	if id == "" {
+		id = c.GetSessionUsername()
+		if id == "" {
+			c.ResponseError(c.T("general:Missing parameter"))
+			return
+		}
+	}
+	oldUser := object.GetUser(id)
+	if oldUser == nil {
+		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), id))
+		return
+	}
+
+	if msg := object.CheckUpdateUser(oldUser, &user, c.GetAcceptLanguage()); msg != "" {
 		c.ResponseError(msg)
 		return
 	}
+	if pass, err := checkPermissionForUpdateUser(oldUser, &user, c); !pass {
+		c.ResponseError(err)
+		return
+	}

 	columns := []string{}
 	if columnsStr != "" {
@@ -161,11 +174,6 @@ func (c *ApiController) UpdateUser() {

 	isGlobalAdmin := c.IsGlobalAdmin()

-	if pass, err := checkPermissionForUpdateUser(id, user, c); !pass {
-		c.ResponseError(err)
-		return
-	}
-
 	affected := object.UpdateUser(id, &user, columns, isGlobalAdmin)
 	if affected {
 		object.UpdateUserToOriginalDatabase(&user)
@@ -276,14 +284,34 @@ func (c *ApiController) SetPassword() {
 	userName := c.Ctx.Request.Form.Get("userName")
 	oldPassword := c.Ctx.Request.Form.Get("oldPassword")
 	newPassword := c.Ctx.Request.Form.Get("newPassword")
+	code := c.Ctx.Request.Form.Get("code")
+
+	if strings.Contains(newPassword, " ") {
+		c.ResponseError(c.T("user:New password cannot contain blank space."))
+		return
+	}
+	if len(newPassword) <= 5 {
+		c.ResponseError(c.T("user:New password must have at least 6 characters"))
+		return
+	}

-	requestUserId := c.GetSessionUsername()
 	userId := util.GetId(userOwner, userName)

-	hasPermission, err := object.CheckUserPermission(requestUserId, userId, userOwner, true, c.GetAcceptLanguage())
-	if !hasPermission {
-		c.ResponseError(err.Error())
+	requestUserId := c.GetSessionUsername()
+	if requestUserId == "" && code == "" {
 		return
+	} else if code == "" {
+		hasPermission, err := object.CheckUserPermission(requestUserId, userId, true, c.GetAcceptLanguage())
+		if !hasPermission {
+			c.ResponseError(err.Error())
+			return
+		}
+	} else {
+		if code != c.GetSession("verifiedCode") {
+			c.ResponseError("")
+			return
+		}
+		c.SetSession("verifiedCode", "")
 	}

 	targetUser := object.GetUser(userId)
@@ -296,16 +324,6 @@ func (c *ApiController) SetPassword() {
 		}
 	}

-	if strings.Contains(newPassword, " ") {
-		c.ResponseError(c.T("user:New password cannot contain blank space."))
-		return
-	}
-
-	if len(newPassword) <= 5 {
-		c.ResponseError(c.T("user:New password must have at least 6 characters"))
-		return
-	}
-
 	targetUser.Password = newPassword
 	object.SetUserField(targetUser, "password", targetUser.Password)
 	c.ResponseOk()
--- a/controllers/user_util.go
+++ b/controllers/user_util.go
@@ -20,8 +20,7 @@ import (
 	"github.com/casdoor/casdoor/object"
 )

-func checkPermissionForUpdateUser(userId string, newUser object.User, c *ApiController) (bool, string) {
-	oldUser := object.GetUser(userId)
+func checkPermissionForUpdateUser(oldUser, newUser *object.User, c *ApiController) (bool, string) {
 	organization := object.GetOrganizationByUser(oldUser)
 	var itemsChanged []*object.AccountItem

--- a/controllers/verification.go
+++ b/controllers/verification.go
@@ -15,6 +15,7 @@
 package controllers

 import (
+	"encoding/json"
 	"errors"
 	"fmt"
 	"strings"
@@ -110,7 +111,7 @@ func (c *ApiController) SendVerificationCode() {
 	sendResp := errors.New("invalid dest type")

 	switch destType {
-	case "email":
+	case object.VerifyTypeEmail:
 		if !util.IsEmailValid(dest) {
 			c.ResponseError(c.T("check:Email is invalid"))
 			return
@@ -132,7 +133,7 @@ func (c *ApiController) SendVerificationCode() {

 		provider := application.GetEmailProvider()
 		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, remoteAddr, dest)
-	case "phone":
+	case object.VerifyTypePhone:
 		if method == LoginVerification || method == ForgetVerification {
 			if user != nil && util.GetMaskedPhone(user.Phone) == dest {
 				dest = user.Phone
@@ -187,7 +188,7 @@ func (c *ApiController) ResetEmailOrPhone() {

 	checkDest := dest
 	organization := object.GetOrganizationByUser(user)
-	if destType == "phone" {
+	if destType == object.VerifyTypePhone {
 		if object.HasUserByField(user.Owner, "phone", dest) {
 			c.ResponseError(c.T("check:Phone already exists"))
 			return
@@ -207,7 +208,7 @@ func (c *ApiController) ResetEmailOrPhone() {
 			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), user.CountryCode))
 			return
 		}
-	} else if destType == "email" {
+	} else if destType == object.VerifyTypeEmail {
 		if object.HasUserByField(user.Owner, "email", dest) {
 			c.ResponseError(c.T("check:Email already exists"))
 			return
@@ -230,10 +231,10 @@ func (c *ApiController) ResetEmailOrPhone() {
 	}

 	switch destType {
-	case "email":
+	case object.VerifyTypeEmail:
 		user.Email = dest
 		object.SetUserField(user, "email", user.Email)
-	case "phone":
+	case object.VerifyTypePhone:
 		user.Phone = dest
 		object.SetUserField(user, "phone", user.Phone)
 	default:
@@ -245,6 +246,60 @@ func (c *ApiController) ResetEmailOrPhone() {
 	c.ResponseOk()
 }

+// VerifyCode
+// @Tag Account API
+// @Title VerifyCode
+// @router /api/verify-code [post]
+func (c *ApiController) VerifyCode() {
+	var form RequestForm
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	var user *object.User
+	if form.Name != "" {
+		user = object.GetUserByFields(form.Organization, form.Name)
+	}
+
+	var checkDest string
+	if strings.Contains(form.Username, "@") {
+		if user != nil && util.GetMaskedEmail(user.Email) == form.Username {
+			form.Username = user.Email
+		}
+		checkDest = form.Username
+	} else {
+		if user != nil && util.GetMaskedPhone(user.Phone) == form.Username {
+			form.Username = user.Phone
+		}
+	}
+
+	if user = object.GetUserByFields(form.Organization, form.Username); user == nil {
+		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(form.Organization, form.Username)))
+		return
+	}
+
+	verificationCodeType := object.GetVerifyType(form.Username)
+	if verificationCodeType == object.VerifyTypePhone {
+		form.CountryCode = user.GetCountryCode(form.CountryCode)
+		var ok bool
+		if checkDest, ok = util.GetE164Number(form.Username, form.CountryCode); !ok {
+			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), form.CountryCode))
+			return
+		}
+	}
+
+	if result := object.CheckVerificationCode(checkDest, form.Code, c.GetAcceptLanguage()); result.Code != object.VerificationSuccess {
+		c.ResponseError(result.Msg)
+		return
+	}
+	object.DisableVerificationCode(checkDest)
+	c.SetSession("verifiedCode", form.Code)
+
+	c.ResponseOk()
+}
+
 // VerifyCaptcha ...
 // @Title VerifyCaptcha
 // @Tag Verification API
--- a/go.mod
+++ b/go.mod
@@ -17,14 +17,16 @@ require (
 	github.com/casdoor/xorm-adapter/v3 v3.0.4
 	github.com/dchest/captcha v0.0.0-20200903113550-03f5f0333e1f
 	github.com/denisenkom/go-mssqldb v0.9.0
+	github.com/fogleman/gg v1.3.0
 	github.com/forestmgy/ldapserver v1.1.0
 	github.com/go-git/go-git/v5 v5.6.0
 	github.com/go-ldap/ldap/v3 v3.3.0
 	github.com/go-mysql-org/go-mysql v1.7.0
 	github.com/go-pay/gopay v1.5.72
 	github.com/go-sql-driver/mysql v1.6.0
-	github.com/go-webauthn/webauthn v0.8.2
+	github.com/go-webauthn/webauthn v0.6.0
 	github.com/golang-jwt/jwt/v4 v4.5.0
+	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/uuid v1.3.0
 	github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
--- a/go.sum
+++ b/go.sum
@@ -173,6 +173,8 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/fogleman/gg v1.3.0 h1:/7zJX8F6AaYQc57WQCyN9cAIz+4bCJGO9B+dyW29am8=
+github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
 github.com/forestmgy/ldapserver v1.1.0 h1:gvil4nuLhqPEL8SugCkFhRyA0/lIvRdwZSqlrw63ll4=
 github.com/forestmgy/ldapserver v1.1.0/go.mod h1:1RZ8lox1QSY7rmbjdmy+sYQXY4Lp7SpGzpdE3+j3IyM=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk=
@@ -222,10 +224,10 @@ github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LB
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-webauthn/revoke v0.1.9 h1:gSJ1ckA9VaKA2GN4Ukp+kiGTk1/EXtaDb1YE8RknbS0=
-github.com/go-webauthn/revoke v0.1.9/go.mod h1:j6WKPnv0HovtEs++paan9g3ar46gm1NarktkXBaPR+w=
-github.com/go-webauthn/webauthn v0.8.2 h1:8KLIbpldjz9KVGHfqEgJNbkhd7bbRXhNw4QWFJE15oA=
-github.com/go-webauthn/webauthn v0.8.2/go.mod h1:d+ezx/jMCNDiqSMzOchuynKb9CVU1NM9BumOnokfcVQ=
+github.com/go-webauthn/revoke v0.1.6 h1:3tv+itza9WpX5tryRQx4GwxCCBrCIiJ8GIkOhxiAmmU=
+github.com/go-webauthn/revoke v0.1.6/go.mod h1:TB4wuW4tPlwgF3znujA96F70/YSQXHPPWl7vgY09Iy8=
+github.com/go-webauthn/webauthn v0.6.0 h1:uLInMApSvBfP+vEFasNE0rnVPG++fjp7lmAIvNhe+UU=
+github.com/go-webauthn/webauthn v0.6.0/go.mod h1:7edMRZXwuM6JIVjN68G24Bzt+bPCvTmjiL0j+cAmXtY=
 github.com/goccy/go-json v0.9.6 h1:5/4CtRQdtsX0sal8fdVhTaiMN01Ri8BExZZ8iRmHQ6E=
 github.com/goccy/go-json v0.9.6/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
@@ -234,10 +236,13 @@ github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptG
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
+github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
+github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 h1:DACJavvAHhabrF08vX0COfcOBJRhZ8lUbR+ZWIs0Y5g=
+github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -658,8 +663,10 @@ golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+golang.org/x/crypto v0.0.0-20221012134737-56aed061732a/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
 golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/exp v0.0.0-20181106170214-d68db9428509/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -674,6 +681,7 @@ golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b h1:+qEpEAPhDZ1o0x3tHzZTQDArnOixOzGD9HUJfcg0mb4=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -741,6 +749,7 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
+golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
 golang.org/x/net v0.6.0 h1:L4ZwwTvKW9gr0ZMS1yrHD9GZhIuVjOBBnaKH+SPQK0Q=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -833,6 +842,7 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX
 golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
+golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -843,6 +853,7 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
--- a/i18n/locales/de/data.json
+++ b/i18n/locales/de/data.json
@@ -32,8 +32,8 @@
    "Email is invalid": "E-Mail ist ungültig",
    "Empty username.": "Leerer Benutzername.",
    "FirstName cannot be blank": "Vorname darf nicht leer sein",
+    "LDAP user name or password incorrect": "Ldap Benutzername oder Passwort falsch",
    "LastName cannot be blank": "Nachname darf nicht leer sein",
-    "Ldap user name or password incorrect": "Ldap Benutzername oder Passwort falsch",
    "Multiple accounts with same uid, please check your ldap server": "Mehrere Konten mit derselben uid, bitte überprüfen Sie Ihren LDAP-Server",
    "Organization does not exist": "Organisation existiert nicht",
    "Password must have at least 6 characters": "Das Passwort muss mindestens 6 Zeichen enthalten",
@@ -42,6 +42,7 @@
    "Phone number is invalid": "Die Telefonnummer ist ungültig",
    "Session outdated, please login again": "Sitzung abgelaufen, bitte erneut anmelden",
    "The user is forbidden to sign in, please contact the administrator": "Dem Benutzer ist der Zugang verboten, bitte kontaktieren Sie den Administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Der Benutzername darf nur alphanumerische Zeichen, Unterstriche oder Bindestriche enthalten, keine aufeinanderfolgenden Bindestriche oder Unterstriche haben und darf nicht mit einem Bindestrich oder Unterstrich beginnen oder enden.",
    "Username already exists": "Benutzername existiert bereits",
    "Username cannot be an email address": "Benutzername kann keine E-Mail-Adresse sein",
@@ -51,6 +52,7 @@
    "Username must have at least 2 characters": "Benutzername muss mindestens 2 Zeichen lang sein",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Sie haben zu oft das falsche Passwort oder den falschen Code eingegeben. Bitte warten Sie %d Minuten und versuchen Sie es erneut",
    "Your region is not allow to signup by phone": "Ihre Region ist nicht berechtigt, sich telefonisch anzumelden",
+    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "Das Passwort oder der Code ist falsch. Du hast noch %d Versuche übrig",
    "unsupported password type: %s": "Nicht unterstützter Passworttyp: %s"
  },
--- a/i18n/locales/en/data.json
+++ b/i18n/locales/en/data.json
@@ -32,8 +32,8 @@
    "Email is invalid": "Email is invalid",
    "Empty username.": "Empty username.",
    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
    "LastName cannot be blank": "LastName cannot be blank",
-    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
    "Organization does not exist": "Organization does not exist",
    "Password must have at least 6 characters": "Password must have at least 6 characters",
@@ -42,6 +42,7 @@
    "Phone number is invalid": "Phone number is invalid",
    "Session outdated, please login again": "Session outdated, please login again",
    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
    "Username already exists": "Username already exists",
    "Username cannot be an email address": "Username cannot be an email address",
@@ -51,6 +52,7 @@
    "Username must have at least 2 characters": "Username must have at least 2 characters",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
    "unsupported password type: %s": "unsupported password type: %s"
  },
--- a/i18n/locales/es/data.json
+++ b/i18n/locales/es/data.json
@@ -32,8 +32,8 @@
    "Email is invalid": "El correo electrónico no es válido",
    "Empty username.": "Nombre de usuario vacío.",
    "FirstName cannot be blank": "El nombre no puede estar en blanco",
+    "LDAP user name or password incorrect": "Nombre de usuario o contraseña de Ldap incorrectos",
    "LastName cannot be blank": "El apellido no puede estar en blanco",
-    "Ldap user name or password incorrect": "Nombre de usuario o contraseña de Ldap incorrectos",
    "Multiple accounts with same uid, please check your ldap server": "Cuentas múltiples con el mismo uid, por favor revise su servidor ldap",
    "Organization does not exist": "La organización no existe",
    "Password must have at least 6 characters": "La contraseña debe tener al menos 6 caracteres",
@@ -42,6 +42,7 @@
    "Phone number is invalid": "El número de teléfono no es válido",
    "Session outdated, please login again": "Sesión expirada, por favor vuelva a iniciar sesión",
    "The user is forbidden to sign in, please contact the administrator": "El usuario no está autorizado a iniciar sesión, por favor contacte al administrador",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "El nombre de usuario solo puede contener caracteres alfanuméricos, guiones bajos o guiones, no puede tener guiones o subrayados consecutivos, y no puede comenzar ni terminar con un guión o subrayado.",
    "Username already exists": "El nombre de usuario ya existe",
    "Username cannot be an email address": "Nombre de usuario no puede ser una dirección de correo electrónico",
@@ -51,6 +52,7 @@
    "Username must have at least 2 characters": "Nombre de usuario debe tener al menos 2 caracteres",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Has ingresado la contraseña o código incorrecto demasiadas veces, por favor espera %d minutos e intenta de nuevo",
    "Your region is not allow to signup by phone": "Tu región no está permitida para registrarse por teléfono",
+    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "Contraseña o código incorrecto, tienes %d intentos restantes",
    "unsupported password type: %s": "Tipo de contraseña no compatible: %s"
  },
--- a/i18n/locales/fr/data.json
+++ b/i18n/locales/fr/data.json
@@ -32,8 +32,8 @@
    "Email is invalid": "L'adresse e-mail est invalide",
    "Empty username.": "Nom d'utilisateur vide.",
    "FirstName cannot be blank": "Le prénom ne peut pas être laissé vide",
+    "LDAP user name or password incorrect": "Nom d'utilisateur ou mot de passe LDAP incorrect",
    "LastName cannot be blank": "Le nom de famille ne peut pas être vide",
-    "Ldap user name or password incorrect": "Nom d'utilisateur ou mot de passe LDAP incorrect",
    "Multiple accounts with same uid, please check your ldap server": "Plusieurs comptes avec le même identifiant d'utilisateur, veuillez vérifier votre serveur LDAP",
    "Organization does not exist": "L'organisation n'existe pas",
    "Password must have at least 6 characters": "Le mot de passe doit comporter au moins 6 caractères",
@@ -42,6 +42,7 @@
    "Phone number is invalid": "Le numéro de téléphone est invalide",
    "Session outdated, please login again": "Session expirée, veuillez vous connecter à nouveau",
    "The user is forbidden to sign in, please contact the administrator": "L'utilisateur est interdit de se connecter, veuillez contacter l'administrateur",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Le nom d'utilisateur ne peut contenir que des caractères alphanumériques, des traits soulignés ou des tirets, ne peut pas avoir de tirets ou de traits soulignés consécutifs et ne peut pas commencer ou se terminer par un tiret ou un trait souligné.",
    "Username already exists": "Nom d'utilisateur existe déjà",
    "Username cannot be an email address": "Nom d'utilisateur ne peut pas être une adresse e-mail",
@@ -51,6 +52,7 @@
    "Username must have at least 2 characters": "Le nom d'utilisateur doit comporter au moins 2 caractères",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Vous avez entré le mauvais mot de passe ou code plusieurs fois, veuillez attendre %d minutes et réessayer",
    "Your region is not allow to signup by phone": "Votre région n'est pas autorisée à s'inscrire par téléphone",
+    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "Le mot de passe ou le code est incorrect, il vous reste %d chances",
    "unsupported password type: %s": "Type de mot de passe non pris en charge : %s"
  },
--- a/i18n/locales/id/data.json
+++ b/i18n/locales/id/data.json
@@ -32,8 +32,8 @@
    "Email is invalid": "Email tidak valid",
    "Empty username.": "Nama pengguna kosong.",
    "FirstName cannot be blank": "Nama depan tidak boleh kosong",
+    "LDAP user name or password incorrect": "Nama pengguna atau kata sandi Ldap salah",
    "LastName cannot be blank": "Nama belakang tidak boleh kosong",
-    "Ldap user name or password incorrect": "Nama pengguna atau kata sandi Ldap salah",
    "Multiple accounts with same uid, please check your ldap server": "Beberapa akun dengan uid yang sama, harap periksa server ldap Anda",
    "Organization does not exist": "Organisasi tidak ada",
    "Password must have at least 6 characters": "Kata sandi harus memiliki minimal 6 karakter",
@@ -42,6 +42,7 @@
    "Phone number is invalid": "Nomor telepon tidak valid",
    "Session outdated, please login again": "Sesi kedaluwarsa, silakan masuk lagi",
    "The user is forbidden to sign in, please contact the administrator": "Pengguna dilarang masuk, silakan hubungi administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Nama pengguna hanya bisa menggunakan karakter alfanumerik, garis bawah atau tanda hubung, tidak boleh memiliki dua tanda hubung atau garis bawah berurutan, dan tidak boleh diawali atau diakhiri dengan tanda hubung atau garis bawah.",
    "Username already exists": "Nama pengguna sudah ada",
    "Username cannot be an email address": "Username tidak bisa menjadi alamat email",
@@ -51,6 +52,7 @@
    "Username must have at least 2 characters": "Nama pengguna harus memiliki setidaknya 2 karakter",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Anda telah memasukkan kata sandi atau kode yang salah terlalu banyak kali, mohon tunggu selama %d menit dan coba lagi",
    "Your region is not allow to signup by phone": "Wilayah Anda tidak diizinkan untuk mendaftar melalui telepon",
+    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "Kata sandi atau kode salah, Anda memiliki %d kesempatan tersisa",
    "unsupported password type: %s": "jenis sandi tidak didukung: %s"
  },
--- a/i18n/locales/ja/data.json
+++ b/i18n/locales/ja/data.json
@@ -32,8 +32,8 @@
    "Email is invalid": "電子メールは無効です",
    "Empty username.": "空のユーザー名。",
    "FirstName cannot be blank": "ファーストネームは空白にできません",
+    "LDAP user name or password incorrect": "Ldapのユーザー名またはパスワードが間違っています",
    "LastName cannot be blank": "姓は空白にできません",
-    "Ldap user name or password incorrect": "Ldapのユーザー名またはパスワードが間違っています",
    "Multiple accounts with same uid, please check your ldap server": "同じuidを持つ複数のアカウントがあります。あなたのLDAPサーバーを確認してください",
    "Organization does not exist": "組織は存在しません",
    "Password must have at least 6 characters": "パスワードは少なくとも6つの文字が必要です",
@@ -42,6 +42,7 @@
    "Phone number is invalid": "電話番号が無効です",
    "Session outdated, please login again": "セッションが期限切れになりました。再度ログインしてください",
    "The user is forbidden to sign in, please contact the administrator": "ユーザーはサインインできません。管理者に連絡してください",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "ユーザー名には英数字、アンダースコア、ハイフンしか含めることができません。連続したハイフンまたはアンダースコアは不可であり、ハイフンまたはアンダースコアで始まるまたは終わることもできません。",
    "Username already exists": "ユーザー名はすでに存在しています",
    "Username cannot be an email address": "ユーザー名には電子メールアドレスを使用できません",
@@ -51,6 +52,7 @@
    "Username must have at least 2 characters": "ユーザー名は少なくとも2文字必要です",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "あなたは間違ったパスワードまたはコードを何度も入力しました。%d 分間待ってから再度お試しください",
    "Your region is not allow to signup by phone": "あなたの地域は電話でサインアップすることができません",
+    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "パスワードまたはコードが間違っています。あと%d回の試行機会があります",
    "unsupported password type: %s": "サポートされていないパスワードタイプ：%s"
  },
--- a/i18n/locales/ko/data.json
+++ b/i18n/locales/ko/data.json
@@ -32,8 +32,8 @@
    "Email is invalid": "이메일이 유효하지 않습니다",
    "Empty username.": "빈 사용자 이름.",
    "FirstName cannot be blank": "이름은 공백일 수 없습니다",
+    "LDAP user name or password incorrect": "LDAP 사용자 이름 또는 암호가 잘못되었습니다",
    "LastName cannot be blank": "성은 비어 있을 수 없습니다",
-    "Ldap user name or password incorrect": "LDAP 사용자 이름 또는 암호가 잘못되었습니다",
    "Multiple accounts with same uid, please check your ldap server": "동일한 UID를 가진 여러 계정이 있습니다. LDAP 서버를 확인해주세요",
    "Organization does not exist": "조직은 존재하지 않습니다",
    "Password must have at least 6 characters": "암호는 적어도 6자 이상이어야 합니다",
@@ -42,6 +42,7 @@
    "Phone number is invalid": "전화번호가 유효하지 않습니다",
    "Session outdated, please login again": "세션이 만료되었습니다. 다시 로그인해주세요",
    "The user is forbidden to sign in, please contact the administrator": "사용자는 로그인이 금지되어 있습니다. 관리자에게 문의하십시오",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "사용자 이름은 알파벳, 숫자, 밑줄 또는 하이픈만 포함할 수 있으며, 연속된 하이픈 또는 밑줄을 가질 수 없으며, 하이픈 또는 밑줄로 시작하거나 끝날 수 없습니다.",
    "Username already exists": "사용자 이름이 이미 존재합니다",
    "Username cannot be an email address": "사용자 이름은 이메일 주소가 될 수 없습니다",
@@ -51,6 +52,7 @@
    "Username must have at least 2 characters": "사용자 이름은 적어도 2개의 문자가 있어야 합니다",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "올바르지 않은 비밀번호나 코드를 여러 번 입력했습니다. %d분 동안 기다리신 후 다시 시도해주세요",
    "Your region is not allow to signup by phone": "당신의 지역은 전화로 가입할 수 없습니다",
+    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "암호 또는 코드가 올바르지 않습니다. %d번의 기회가 남아 있습니다",
    "unsupported password type: %s": "지원되지 않는 암호 유형: %s"
  },
--- a/i18n/locales/ru/data.json
+++ b/i18n/locales/ru/data.json
@@ -32,8 +32,8 @@
    "Email is invalid": "Адрес электронной почты недействительный",
    "Empty username.": "Пустое имя пользователя.",
    "FirstName cannot be blank": "Имя не может быть пустым",
+    "LDAP user name or password incorrect": "Неправильное имя пользователя или пароль Ldap",
    "LastName cannot be blank": "Фамилия не может быть пустой",
-    "Ldap user name or password incorrect": "Неправильное имя пользователя или пароль Ldap",
    "Multiple accounts with same uid, please check your ldap server": "Множественные учетные записи с тем же UID. Пожалуйста, проверьте свой сервер LDAP",
    "Organization does not exist": "Организация не существует",
    "Password must have at least 6 characters": "Пароль должен содержать не менее 6 символов",
@@ -42,6 +42,7 @@
    "Phone number is invalid": "Номер телефона является недействительным",
    "Session outdated, please login again": "Сессия устарела, пожалуйста, войдите снова",
    "The user is forbidden to sign in, please contact the administrator": "Пользователю запрещен вход, пожалуйста, обратитесь к администратору",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Имя пользователя может состоять только из буквенно-цифровых символов, нижних подчеркиваний или дефисов, не может содержать последовательные дефисы или подчеркивания, а также не может начинаться или заканчиваться на дефис или подчеркивание.",
    "Username already exists": "Имя пользователя уже существует",
    "Username cannot be an email address": "Имя пользователя не может быть адресом электронной почты",
@@ -51,6 +52,7 @@
    "Username must have at least 2 characters": "Имя пользователя должно содержать не менее 2 символов",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Вы ввели неправильный пароль или код слишком много раз, пожалуйста, подождите %d минут и попробуйте снова",
    "Your region is not allow to signup by phone": "Ваш регион не разрешает регистрацию по телефону",
+    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "Неправильный пароль или код, у вас осталось %d попыток",
    "unsupported password type: %s": "неподдерживаемый тип пароля: %s"
  },
--- a/i18n/locales/vi/data.json
+++ b/i18n/locales/vi/data.json
@@ -32,8 +32,8 @@
    "Email is invalid": "Địa chỉ email không hợp lệ",
    "Empty username.": "Tên đăng nhập trống.",
    "FirstName cannot be blank": "Tên không được để trống",
+    "LDAP user name or password incorrect": "Tên người dùng hoặc mật khẩu Ldap không chính xác",
    "LastName cannot be blank": "Họ không thể để trống",
-    "Ldap user name or password incorrect": "Tên người dùng hoặc mật khẩu Ldap không chính xác",
    "Multiple accounts with same uid, please check your ldap server": "Nhiều tài khoản với cùng một uid, vui lòng kiểm tra máy chủ ldap của bạn",
    "Organization does not exist": "Tổ chức không tồn tại",
    "Password must have at least 6 characters": "Mật khẩu phải ít nhất 6 ký tự",
@@ -42,6 +42,7 @@
    "Phone number is invalid": "Số điện thoại không hợp lệ",
    "Session outdated, please login again": "Phiên làm việc hết hạn, vui lòng đăng nhập lại",
    "The user is forbidden to sign in, please contact the administrator": "Người dùng bị cấm đăng nhập, vui lòng liên hệ với quản trị viên",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Tên người dùng chỉ có thể chứa các ký tự chữ và số, gạch dưới hoặc gạch ngang, không được có hai ký tự gạch dưới hoặc gạch ngang liền kề và không được bắt đầu hoặc kết thúc bằng dấu gạch dưới hoặc gạch ngang.",
    "Username already exists": "Tên đăng nhập đã tồn tại",
    "Username cannot be an email address": "Tên người dùng không thể là địa chỉ email",
@@ -51,6 +52,7 @@
    "Username must have at least 2 characters": "Tên đăng nhập phải có ít nhất 2 ký tự",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Bạn đã nhập sai mật khẩu hoặc mã quá nhiều lần, vui lòng đợi %d phút và thử lại",
    "Your region is not allow to signup by phone": "Vùng của bạn không được phép đăng ký bằng điện thoại",
+    "password or code is incorrect": "password or code is incorrect",
    "password or code is incorrect, you have %d remaining chances": "Mật khẩu hoặc mã không chính xác, bạn còn %d lần cơ hội",
    "unsupported password type: %s": "Loại mật khẩu không được hỗ trợ: %s"
  },
--- a/i18n/locales/zh/data.json
+++ b/i18n/locales/zh/data.json
@@ -32,8 +32,8 @@
    "Email is invalid": "无效邮箱",
    "Empty username.": "用户名不可为空",
    "FirstName cannot be blank": "名不可以为空",
+    "LDAP user name or password incorrect": "LDAP密码错误",
    "LastName cannot be blank": "姓不可以为空",
-    "Ldap user name or password incorrect": "LDAP密码错误",
    "Multiple accounts with same uid, please check your ldap server": "多个帐户具有相同的uid，请检查您的 LDAP 服务器",
    "Organization does not exist": "组织不存在",
    "Password must have at least 6 characters": "新密码至少为6位",
@@ -42,6 +42,7 @@
    "Phone number is invalid": "无效手机号",
    "Session outdated, please login again": "会话已过期，请重新登录",
    "The user is forbidden to sign in, please contact the administrator": "该用户被禁止登录，请联系管理员",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "用户名只能包含字母数字字符、下划线或连字符，不能有连续的连字符或下划线，也不能以连字符或下划线开头或结尾",
    "Username already exists": "用户名已存在",
    "Username cannot be an email address": "用户名不可以是邮箱地址",
@@ -51,6 +52,7 @@
    "Username must have at least 2 characters": "用户名至少要有2个字符",
    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "密码错误次数已达上限，请在 %d 分后重试",
    "Your region is not allow to signup by phone": "所在地区不支持手机号注册",
+    "password or code is incorrect": "密码错误",
    "password or code is incorrect, you have %d remaining chances": "密码错误，您还有 %d 次尝试的机会",
    "unsupported password type: %s": "不支持的密码类型: %s"
  },
--- a/init_data.json.template
+++ b/init_data.json.template
@@ -159,8 +159,8 @@
      "serverName": "",
      "host": "",
      "port": 389,
-      "admin": "",
-      "passwd": "",
+      "username": "",
+      "password": "",
      "baseDn": "",
      "autoSync": 0,
      "lastSync": ""
--- a/ldap/server.go
+++ b/ldap/server.go
@@ -110,12 +110,11 @@ func handleSearch(w ldap.ResponseWriter, m *ldap.Message) {
 	for _, user := range users {
 		dn := fmt.Sprintf("cn=%s,%s", user.Name, string(r.BaseObject()))
 		e := ldap.NewSearchResultEntry(dn)
-		e.AddAttribute("cn", message.AttributeValue(user.Name))
-		e.AddAttribute("uid", message.AttributeValue(user.Name))
-		e.AddAttribute("email", message.AttributeValue(user.Email))
-		e.AddAttribute("mobile", message.AttributeValue(user.Phone))
-		e.AddAttribute("userPassword", message.AttributeValue(getUserPasswordWithType(user)))
-		// e.AddAttribute("postalAddress", message.AttributeValue(user.Address[0]))
+
+		for _, attr := range r.Attributes() {
+			e.AddAttribute(message.AttributeDescription(attr), getAttribute(string(attr), user))
+		}
+
 		w.Write(e)
 	}
 	w.Write(res)
--- a/ldap/util.go
+++ b/ldap/util.go
@@ -21,6 +21,7 @@ import (

 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
+	"github.com/lor00x/goldap/message"

 	ldap "github.com/forestmgy/ldapserver"
 )
@@ -68,6 +69,7 @@ func getUsername(filter string) string {

 func GetFilteredUsers(m *ldap.Message) (filteredUsers []*object.User, code int) {
 	r := m.GetSearchRequest()
+
 	name, org, code := getNameAndOrgFromFilter(string(r.BaseObject()), r.FilterString())
 	if code != ldap.LDAPResultSuccess {
 		return nil, code
@@ -85,7 +87,7 @@ func GetFilteredUsers(m *ldap.Message) (filteredUsers []*object.User, code int)
 			return nil, ldap.LDAPResultInsufficientAccessRights
 		}
 	} else {
-		hasPermission, err := object.CheckUserPermission(fmt.Sprintf("%s/%s", m.Client.OrgName, m.Client.UserName), fmt.Sprintf("%s/%s", org, name), org, true, "en")
+		hasPermission, err := object.CheckUserPermission(fmt.Sprintf("%s/%s", m.Client.OrgName, m.Client.UserName), fmt.Sprintf("%s/%s", org, name), true, "en")
 		if !hasPermission {
 			log.Printf("ErrMsg = %v", err.Error())
 			return nil, ldap.LDAPResultInsufficientAccessRights
@@ -114,3 +116,20 @@ func getUserPasswordWithType(user *object.User) string {
 	}
 	return fmt.Sprintf("{%s}%s", prefix, user.Password)
 }
+
+func getAttribute(attributeName string, user *object.User) message.AttributeValue {
+	switch attributeName {
+	case "cn":
+		return message.AttributeValue(user.Name)
+	case "uid":
+		return message.AttributeValue(user.Name)
+	case "email":
+		return message.AttributeValue(user.Email)
+	case "mobile":
+		return message.AttributeValue(user.Phone)
+	case "userPassword":
+		return message.AttributeValue(getUserPasswordWithType(user))
+	default:
+		return ""
+	}
+}
--- a/object/adapter.go
+++ b/object/adapter.go
@@ -201,6 +201,16 @@ func (a *Adapter) createTable() {
 		panic(err)
 	}

+	err = a.Engine.Sync2(new(Chat))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Message))
+	if err != nil {
+		panic(err)
+	}
+
 	err = a.Engine.Sync2(new(Product))
 	if err != nil {
 		panic(err)
--- a/object/avatar.go
+++ b/object/avatar.go
@@ -80,3 +80,21 @@ func DownloadAndUpload(url string, fullFilePath string, lang string) {
 		panic(err)
 	}
 }
+
+func getPermanentAvatarUrlFromBuffer(organization string, username string, fileBuffer *bytes.Buffer, ext string, upload bool) string {
+	if defaultStorageProvider == nil {
+		return ""
+	}
+
+	fullFilePath := fmt.Sprintf("/avatar/%s/%s%s", organization, username, ext)
+	uploadedFileUrl, _ := GetUploadFileUrl(defaultStorageProvider, fullFilePath, false)
+
+	if upload {
+		_, _, err := UploadFileSafe(defaultStorageProvider, fullFilePath, fileBuffer, "en")
+		if err != nil {
+			panic(err)
+		}
+	}
+
+	return uploadedFileUrl
+}
--- a/object/avatar_test.go
+++ b/object/avatar_test.go
@@ -16,6 +16,7 @@ package object

 import (
 	"fmt"
+	"strings"
 	"testing"

 	"github.com/casdoor/casdoor/proxy"
@@ -37,3 +38,22 @@ func TestSyncPermanentAvatars(t *testing.T) {
 		fmt.Printf("[%d/%d]: Update user: [%s]'s permanent avatar: %s\n", i, len(users), user.GetId(), user.PermanentAvatar)
 	}
 }
+
+func TestUpdateAvatars(t *testing.T) {
+	InitConfig()
+	InitDefaultStorageProvider()
+	proxy.InitHttpClient()
+
+	users := GetUsers("casdoor")
+	for _, user := range users {
+		if strings.HasPrefix(user.Avatar, "http") {
+			continue
+		}
+
+		updated := user.refreshAvatar()
+		if updated {
+			user.PermanentAvatar = "*"
+			UpdateUser(user.GetId(), user, []string{"avatar"}, true)
+		}
+	}
+}
--- a/object/avatar_util.go
+++ b/object/avatar_util.go
@@ -0,0 +1,167 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"bytes"
+	"crypto/md5"
+	"fmt"
+	"image"
+	"image/color"
+	"image/png"
+	"io"
+	"net/http"
+	"strings"
+
+	"github.com/fogleman/gg"
+)
+
+func hasGravatar(client *http.Client, email string) (bool, error) {
+	// Clean and lowercase the email
+	email = strings.TrimSpace(strings.ToLower(email))
+
+	// Generate MD5 hash of the email
+	hash := md5.New()
+	io.WriteString(hash, email)
+	hashedEmail := fmt.Sprintf("%x", hash.Sum(nil))
+
+	// Create Gravatar URL with d=404 parameter
+	gravatarURL := fmt.Sprintf("https://www.gravatar.com/avatar/%s?d=404", hashedEmail)
+
+	// Send a request to Gravatar
+	req, err := http.NewRequest("GET", gravatarURL, nil)
+	if err != nil {
+		return false, err
+	}
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return false, err
+	}
+	defer resp.Body.Close()
+
+	// Check if the user has a custom Gravatar image
+	if resp.StatusCode == http.StatusOK {
+		return true, nil
+	} else if resp.StatusCode == http.StatusNotFound {
+		return false, nil
+	} else {
+		return false, fmt.Errorf("failed to fetch gravatar image: %s", resp.Status)
+	}
+}
+
+func getGravatarFileBuffer(client *http.Client, email string) (*bytes.Buffer, string, error) {
+	// Clean and lowercase the email
+	email = strings.TrimSpace(strings.ToLower(email))
+
+	// Generate MD5 hash of the email
+	hash := md5.New()
+	io.WriteString(hash, email)
+	hashedEmail := fmt.Sprintf("%x", hash.Sum(nil))
+
+	// Create Gravatar URL
+	gravatarURL := fmt.Sprintf("https://www.gravatar.com/avatar/%s", hashedEmail)
+
+	// Download the image
+	req, err := http.NewRequest("GET", gravatarURL, nil)
+	if err != nil {
+		return nil, "", err
+	}
+
+	resp, err := client.Do(req)
+	if err != nil {
+		return nil, "", err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return nil, "", fmt.Errorf("failed to download gravatar image: %s", resp.Status)
+	}
+
+	// Get the content type and determine the file extension
+	contentType := resp.Header.Get("Content-Type")
+	fileExtension := ""
+	switch contentType {
+	case "image/jpeg":
+		fileExtension = ".jpg"
+	case "image/png":
+		fileExtension = ".png"
+	case "image/gif":
+		fileExtension = ".gif"
+	default:
+		return nil, "", fmt.Errorf("unsupported content type: %s", contentType)
+	}
+
+	// Save the image to a bytes.Buffer
+	buffer := &bytes.Buffer{}
+	_, err = io.Copy(buffer, resp.Body)
+	if err != nil {
+		return nil, "", err
+	}
+
+	return buffer, fileExtension, nil
+}
+
+func getColor(data []byte) color.RGBA {
+	r := int(data[0]) % 256
+	g := int(data[1]) % 256
+	b := int(data[2]) % 256
+	return color.RGBA{uint8(r), uint8(g), uint8(b), 255}
+}
+
+func getIdenticonFileBuffer(username string) (*bytes.Buffer, string, error) {
+	username = strings.TrimSpace(strings.ToLower(username))
+
+	hash := md5.New()
+	io.WriteString(hash, username)
+	hashedUsername := hash.Sum(nil)
+
+	// Define the size of the image
+	const imageSize = 420
+	const cellSize = imageSize / 7
+
+	// Create a new image
+	img := image.NewRGBA(image.Rect(0, 0, imageSize, imageSize))
+
+	// Create a context
+	dc := gg.NewContextForRGBA(img)
+
+	// Set a background color
+	dc.SetColor(color.RGBA{240, 240, 240, 255})
+	dc.Clear()
+
+	// Get avatar color
+	avatarColor := getColor(hashedUsername)
+
+	// Draw cells
+	for i := 0; i < 7; i++ {
+		for j := 0; j < 7; j++ {
+			if (hashedUsername[i] >> uint(j) & 1) == 1 {
+				dc.SetColor(avatarColor)
+				dc.DrawRectangle(float64(j*cellSize), float64(i*cellSize), float64(cellSize), float64(cellSize))
+				dc.Fill()
+			}
+		}
+	}
+
+	// Save image to a bytes.Buffer
+	buffer := &bytes.Buffer{}
+	err := png.Encode(buffer, img)
+	if err != nil {
+		return nil, "", fmt.Errorf("failed to save image: %w", err)
+	}
+
+	return buffer, ".png", nil
+}
--- a/object/chat.go
+++ b/object/chat.go
@@ -0,0 +1,147 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+
+	"github.com/casdoor/casdoor/util"
+	"github.com/xorm-io/core"
+)
+
+type Chat struct {
+	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
+	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
+	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
+	UpdatedTime string `xorm:"varchar(100)" json:"updatedTime"`
+
+	Organization string   `xorm:"varchar(100)" json:"organization"`
+	DisplayName  string   `xorm:"varchar(100)" json:"displayName"`
+	Type         string   `xorm:"varchar(100)" json:"type"`
+	Category     string   `xorm:"varchar(100)" json:"category"`
+	User1        string   `xorm:"varchar(100)" json:"user1"`
+	User2        string   `xorm:"varchar(100)" json:"user2"`
+	Users        []string `xorm:"varchar(100)" json:"users"`
+	MessageCount int      `json:"messageCount"`
+}
+
+func GetMaskedChat(chat *Chat) *Chat {
+	if chat == nil {
+		return nil
+	}
+
+	return chat
+}
+
+func GetMaskedChats(chats []*Chat) []*Chat {
+	for _, chat := range chats {
+		chat = GetMaskedChat(chat)
+	}
+	return chats
+}
+
+func GetChatCount(owner, field, value string) int {
+	session := GetSession(owner, -1, -1, field, value, "", "")
+	count, err := session.Count(&Chat{})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
+}
+
+func GetChats(owner string) []*Chat {
+	chats := []*Chat{}
+	err := adapter.Engine.Desc("created_time").Find(&chats, &Chat{Owner: owner})
+	if err != nil {
+		panic(err)
+	}
+
+	return chats
+}
+
+func GetPaginationChats(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Chat {
+	chats := []*Chat{}
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&chats)
+	if err != nil {
+		panic(err)
+	}
+
+	return chats
+}
+
+func getChat(owner string, name string) *Chat {
+	if owner == "" || name == "" {
+		return nil
+	}
+
+	chat := Chat{Owner: owner, Name: name}
+	existed, err := adapter.Engine.Get(&chat)
+	if err != nil {
+		panic(err)
+	}
+
+	if existed {
+		return &chat
+	} else {
+		return nil
+	}
+}
+
+func GetChat(id string) *Chat {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	return getChat(owner, name)
+}
+
+func UpdateChat(id string, chat *Chat) bool {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	if getChat(owner, name) == nil {
+		return false
+	}
+
+	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(chat)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func AddChat(chat *Chat) bool {
+	affected, err := adapter.Engine.Insert(chat)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func DeleteChat(chat *Chat) bool {
+	affected, err := adapter.Engine.ID(core.PK{chat.Owner, chat.Name}).Delete(&Chat{})
+	if err != nil {
+		panic(err)
+	}
+
+	if affected != 0 {
+		return DeleteChatMessages(chat.Name)
+	}
+
+	return affected != 0
+}
+
+func (p *Chat) GetId() string {
+	return fmt.Sprintf("%s/%s", p.Owner, p.Name)
+}
--- a/object/check.go
+++ b/object/check.go
@@ -157,10 +157,16 @@ func checkSigninErrorTimes(user *User, lang string) string {
 	return ""
 }

-func CheckPassword(user *User, password string, lang string) string {
+func CheckPassword(user *User, password string, lang string, options ...bool) string {
+	enableCaptcha := false
+	if len(options) > 0 {
+		enableCaptcha = options[0]
+	}
 	// check the login error times
-	if msg := checkSigninErrorTimes(user, lang); msg != "" {
-		return msg
+	if !enableCaptcha {
+		if msg := checkSigninErrorTimes(user, lang); msg != "" {
+			return msg
+		}
 	}

 	organization := GetOrganizationByUser(user)
@@ -182,35 +188,39 @@ func CheckPassword(user *User, password string, lang string) string {
 			return ""
 		}

-		return recordSigninErrorInfo(user, lang)
+		return recordSigninErrorInfo(user, lang, enableCaptcha)
 	} else {
 		return fmt.Sprintf(i18n.Translate(lang, "check:unsupported password type: %s"), organization.PasswordType)
 	}
 }

-func checkLdapUserPassword(user *User, password string, lang string) (*User, string) {
+func checkLdapUserPassword(user *User, password string, lang string) string {
 	ldaps := GetLdaps(user.Owner)
 	ldapLoginSuccess := false
+	hit := false
+
 	for _, ldapServer := range ldaps {
 		conn, err := ldapServer.GetLdapConn()
 		if err != nil {
 			continue
 		}
-		SearchFilter := fmt.Sprintf("(&(objectClass=posixAccount)(uid=%s))", user.Name)
-		searchReq := goldap.NewSearchRequest(ldapServer.BaseDn,
-			goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
-			SearchFilter, []string{}, nil)
+
+		searchReq := goldap.NewSearchRequest(ldapServer.BaseDn, goldap.ScopeWholeSubtree, goldap.NeverDerefAliases,
+			0, 0, false, ldapServer.buildFilterString(user), []string{}, nil)
+
 		searchResult, err := conn.Conn.Search(searchReq)
 		if err != nil {
-			return nil, err.Error()
+			return err.Error()
 		}

 		if len(searchResult.Entries) == 0 {
 			continue
-		} else if len(searchResult.Entries) > 1 {
-			return nil, i18n.Translate(lang, "check:Multiple accounts with same uid, please check your ldap server")
+		}
+		if len(searchResult.Entries) > 1 {
+			return i18n.Translate(lang, "check:Multiple accounts with same uid, please check your ldap server")
 		}

+		hit = true
 		dn := searchResult.Entries[0].DN
 		if err := conn.Conn.Bind(dn, password); err == nil {
 			ldapLoginSuccess = true
@@ -219,12 +229,19 @@ func checkLdapUserPassword(user *User, password string, lang string) (*User, str
 	}

 	if !ldapLoginSuccess {
-		return nil, i18n.Translate(lang, "check:Ldap user name or password incorrect")
+		if !hit {
+			return "user not exist"
+		}
+		return i18n.Translate(lang, "check:LDAP user name or password incorrect")
 	}
-	return user, ""
+	return ""
 }

-func CheckUserPassword(organization string, username string, password string, lang string) (*User, string) {
+func CheckUserPassword(organization string, username string, password string, lang string, options ...bool) (*User, string) {
+	enableCaptcha := false
+	if len(options) > 0 {
+		enableCaptcha = options[0]
+	}
 	user := GetUserByFields(organization, username)
 	if user == nil || user.IsDeleted == true {
 		return nil, fmt.Sprintf(i18n.Translate(lang, "general:The user: %s doesn't exist"), util.GetId(organization, username))
@@ -236,10 +253,14 @@ func CheckUserPassword(organization string, username string, password string, la

 	if user.Ldap != "" {
 		// ONLY for ldap users
-		return checkLdapUserPassword(user, password, lang)
+		if msg := checkLdapUserPassword(user, password, lang); msg != "" {
+			if msg == "user not exist" {
+				return nil, fmt.Sprintf(i18n.Translate(lang, "check:The user: %s doesn't exist in LDAP server"), username)
+			}
+			return nil, msg
+		}
 	} else {
-		msg := CheckPassword(user, password, lang)
-		if msg != "" {
+		if msg := CheckPassword(user, password, lang, enableCaptcha); msg != "" {
 			return nil, msg
 		}
 	}
@@ -250,11 +271,13 @@ func filterField(field string) bool {
 	return reFieldWhiteList.MatchString(field)
 }

-func CheckUserPermission(requestUserId, userId, userOwner string, strict bool, lang string) (bool, error) {
+func CheckUserPermission(requestUserId, userId string, strict bool, lang string) (bool, error) {
 	if requestUserId == "" {
 		return false, fmt.Errorf(i18n.Translate(lang, "general:Please login first"))
 	}

+	userOwner := util.GetOwnerFromId(userId)
+
 	if userId != "" {
 		targetUser := GetUser(userId)
 		if targetUser == nil {
@@ -340,7 +363,7 @@ func CheckUsername(username string, lang string) string {
 	return ""
 }

-func CheckUpdateUser(oldUser *User, user *User, lang string) string {
+func CheckUpdateUser(oldUser, user *User, lang string) string {
 	if user.DisplayName == "" {
 		return i18n.Translate(lang, "user:Display name cannot be empty")
 	}
@@ -367,7 +390,7 @@ func CheckUpdateUser(oldUser *User, user *User, lang string) string {
 	return ""
 }

-func CheckToEnableCaptcha(application *Application) bool {
+func CheckToEnableCaptcha(application *Application, organization, username string) bool {
 	if len(application.Providers) == 0 {
 		return false
 	}
@@ -377,6 +400,10 @@ func CheckToEnableCaptcha(application *Application) bool {
 			continue
 		}
 		if providerItem.Provider.Category == "Captcha" {
+			if providerItem.Rule == "Dynamic" {
+				user := GetUserByFields(organization, username)
+				return user != nil && user.SigninWrongTimes >= SigninWrongTimesLimit
+			}
 			return providerItem.Rule == "Always"
 		}
 	}
--- a/object/check_util.go
+++ b/object/check_util.go
@@ -45,9 +45,15 @@ func resetUserSigninErrorTimes(user *User) {
 	UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, user.IsGlobalAdmin)
 }

-func recordSigninErrorInfo(user *User, lang string) string {
+func recordSigninErrorInfo(user *User, lang string, options ...bool) string {
+	enableCaptcha := false
+	if len(options) > 0 {
+		enableCaptcha = options[0]
+	}
 	// increase failed login count
-	user.SigninWrongTimes++
+	if user.SigninWrongTimes < SigninWrongTimesLimit {
+		user.SigninWrongTimes++
+	}

 	if user.SigninWrongTimes >= SigninWrongTimesLimit {
 		// record the latest failed login time
@@ -57,10 +63,11 @@ func recordSigninErrorInfo(user *User, lang string) string {
 	// update user
 	UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, user.IsGlobalAdmin)
 	leftChances := SigninWrongTimesLimit - user.SigninWrongTimes
-	if leftChances > 0 {
+	if leftChances == 0 && enableCaptcha {
+		return fmt.Sprint(i18n.Translate(lang, "check:password or code is incorrect"))
+	} else if leftChances >= 0 {
 		return fmt.Sprintf(i18n.Translate(lang, "check:password or code is incorrect, you have %d remaining chances"), leftChances)
 	}
-
 	// don't show the chance error message if the user has no chance left
 	return fmt.Sprintf(i18n.Translate(lang, "check:You have entered the wrong password or code too many times, please wait for %d minutes and try again"), int(LastSignWrongTimeDuration.Minutes()))
 }
--- a/object/init.go
+++ b/object/init.go
@@ -219,8 +219,8 @@ func initBuiltInLdap() {
 		ServerName: "BuildIn LDAP Server",
 		Host:       "example.com",
 		Port:       389,
-		Admin:      "cn=buildin,dc=example,dc=com",
-		Passwd:     "123",
+		Username:   "cn=buildin,dc=example,dc=com",
+		Password:   "123",
 		BaseDn:     "ou=BuildIn,dc=example,dc=com",
 		AutoSync:   0,
 		LastSync:   "",
--- a/object/ldap.go
+++ b/object/ldap.go
@@ -15,14 +15,7 @@
 package object

 import (
-	"errors"
-	"fmt"
-	"strings"
-
-	"github.com/beego/beego"
 	"github.com/casdoor/casdoor/util"
-	goldap "github.com/go-ldap/ldap/v3"
-	"github.com/thanhpk/randstr"
 )

 type Ldap struct {
@@ -30,263 +23,20 @@ type Ldap struct {
 	Owner       string `xorm:"varchar(100)" json:"owner"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`

-	ServerName string `xorm:"varchar(100)" json:"serverName"`
-	Host       string `xorm:"varchar(100)" json:"host"`
-	Port       int    `json:"port"`
-	EnableSsl  bool   `xorm:"bool" json:"enableSsl"`
-	Admin      string `xorm:"varchar(100)" json:"admin"`
-	Passwd     string `xorm:"varchar(100)" json:"passwd"`
-	BaseDn     string `xorm:"varchar(100)" json:"baseDn"`
+	ServerName   string   `xorm:"varchar(100)" json:"serverName"`
+	Host         string   `xorm:"varchar(100)" json:"host"`
+	Port         int      `xorm:"int" json:"port"`
+	EnableSsl    bool     `xorm:"bool" json:"enableSsl"`
+	Username     string   `xorm:"varchar(100)" json:"username"`
+	Password     string   `xorm:"varchar(100)" json:"password"`
+	BaseDn       string   `xorm:"varchar(100)" json:"baseDn"`
+	Filter       string   `xorm:"varchar(200)" json:"filter"`
+	FilterFields []string `xorm:"varchar(100)" json:"filterFields"`

 	AutoSync int    `json:"autoSync"`
 	LastSync string `xorm:"varchar(100)" json:"lastSync"`
 }

-type ldapConn struct {
-	Conn *goldap.Conn
-	IsAD bool
-}
-
-//type ldapGroup struct {
-//	GidNumber string
-//	Cn        string
-//}
-
-type ldapUser struct {
-	UidNumber string
-	Uid       string
-	Cn        string
-	GidNumber string
-	// Gcn                   string
-	Uuid                  string
-	Mail                  string
-	Email                 string
-	EmailAddress          string
-	TelephoneNumber       string
-	Mobile                string
-	MobileTelephoneNumber string
-	RegisteredAddress     string
-	PostalAddress         string
-}
-
-type LdapRespUser struct {
-	UidNumber string `json:"uidNumber"`
-	Uid       string `json:"uid"`
-	Cn        string `json:"cn"`
-	GroupId   string `json:"groupId"`
-	// GroupName string `json:"groupName"`
-	Uuid    string `json:"uuid"`
-	Email   string `json:"email"`
-	Phone   string `json:"phone"`
-	Address string `json:"address"`
-}
-
-type ldapServerType struct {
-	Vendorname           string
-	Vendorversion        string
-	IsGlobalCatalogReady string
-	ForestFunctionality  string
-}
-
-func LdapUsersToLdapRespUsers(users []ldapUser) []LdapRespUser {
-	returnAnyNotEmpty := func(strs ...string) string {
-		for _, str := range strs {
-			if str != "" {
-				return str
-			}
-		}
-		return ""
-	}
-
-	res := make([]LdapRespUser, 0)
-	for _, user := range users {
-		res = append(res, LdapRespUser{
-			UidNumber: user.UidNumber,
-			Uid:       user.Uid,
-			Cn:        user.Cn,
-			GroupId:   user.GidNumber,
-			Uuid:      user.Uuid,
-			Email:     returnAnyNotEmpty(user.Email, user.EmailAddress, user.Mail),
-			Phone:     returnAnyNotEmpty(user.Mobile, user.MobileTelephoneNumber, user.TelephoneNumber),
-			Address:   returnAnyNotEmpty(user.PostalAddress, user.RegisteredAddress),
-		})
-	}
-	return res
-}
-
-func isMicrosoftAD(Conn *goldap.Conn) (bool, error) {
-	SearchFilter := "(objectClass=*)"
-	SearchAttributes := []string{"vendorname", "vendorversion", "isGlobalCatalogReady", "forestFunctionality"}
-
-	searchReq := goldap.NewSearchRequest("",
-		goldap.ScopeBaseObject, goldap.NeverDerefAliases, 0, 0, false,
-		SearchFilter, SearchAttributes, nil)
-	searchResult, err := Conn.Search(searchReq)
-	if err != nil {
-		return false, err
-	}
-	if len(searchResult.Entries) == 0 {
-		return false, nil
-	}
-	isMicrosoft := false
-	var ldapServerType ldapServerType
-	for _, entry := range searchResult.Entries {
-		for _, attribute := range entry.Attributes {
-			switch attribute.Name {
-			case "vendorname":
-				ldapServerType.Vendorname = attribute.Values[0]
-			case "vendorversion":
-				ldapServerType.Vendorversion = attribute.Values[0]
-			case "isGlobalCatalogReady":
-				ldapServerType.IsGlobalCatalogReady = attribute.Values[0]
-			case "forestFunctionality":
-				ldapServerType.ForestFunctionality = attribute.Values[0]
-			}
-		}
-	}
-	if ldapServerType.Vendorname == "" &&
-		ldapServerType.Vendorversion == "" &&
-		ldapServerType.IsGlobalCatalogReady == "TRUE" &&
-		ldapServerType.ForestFunctionality != "" {
-		isMicrosoft = true
-	}
-	return isMicrosoft, err
-}
-
-func (ldap *Ldap) GetLdapConn() (c *ldapConn, err error) {
-	var conn *goldap.Conn
-	if ldap.EnableSsl {
-		conn, err = goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port), nil)
-	} else {
-		conn, err = goldap.Dial("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port))
-	}
-
-	if err != nil {
-		return nil, err
-	}
-
-	err = conn.Bind(ldap.Admin, ldap.Passwd)
-	if err != nil {
-		return nil, err
-	}
-
-	isAD, err := isMicrosoftAD(conn)
-	if err != nil {
-		return nil, err
-	}
-	return &ldapConn{Conn: conn, IsAD: isAD}, nil
-}
-
-//FIXME: The Base DN does not necessarily contain the Group
-//func (l *ldapConn) GetLdapGroups(baseDn string) (map[string]ldapGroup, error) {
-//	SearchFilter := "(objectClass=posixGroup)"
-//	SearchAttributes := []string{"cn", "gidNumber"}
-//	groupMap := make(map[string]ldapGroup)
-//
-//	searchReq := goldap.NewSearchRequest(baseDn,
-//		goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
-//		SearchFilter, SearchAttributes, nil)
-//	searchResult, err := l.Conn.Search(searchReq)
-//	if err != nil {
-//		return nil, err
-//	}
-//
-//	if len(searchResult.Entries) == 0 {
-//		return nil, errors.New("no result")
-//	}
-//
-//	for _, entry := range searchResult.Entries {
-//		var ldapGroupItem ldapGroup
-//		for _, attribute := range entry.Attributes {
-//			switch attribute.Name {
-//			case "gidNumber":
-//				ldapGroupItem.GidNumber = attribute.Values[0]
-//				break
-//			case "cn":
-//				ldapGroupItem.Cn = attribute.Values[0]
-//				break
-//			}
-//		}
-//		groupMap[ldapGroupItem.GidNumber] = ldapGroupItem
-//	}
-//
-//	return groupMap, nil
-//}
-
-func (l *ldapConn) GetLdapUsers(baseDn string) ([]ldapUser, error) {
-	SearchFilter := "(objectClass=posixAccount)"
-	SearchAttributes := []string{
-		"uidNumber", "uid", "cn", "gidNumber", "entryUUID", "mail", "email",
-		"emailAddress", "telephoneNumber", "mobile", "mobileTelephoneNumber", "registeredAddress", "postalAddress",
-	}
-	SearchFilterMsAD := "(objectClass=user)"
-	SearchAttributesMsAD := []string{
-		"uidNumber", "sAMAccountName", "cn", "gidNumber", "entryUUID", "mail", "email",
-		"emailAddress", "telephoneNumber", "mobile", "mobileTelephoneNumber", "registeredAddress", "postalAddress",
-	}
-	var searchReq *goldap.SearchRequest
-	if l.IsAD {
-		searchReq = goldap.NewSearchRequest(baseDn,
-			goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
-			SearchFilterMsAD, SearchAttributesMsAD, nil)
-	} else {
-		searchReq = goldap.NewSearchRequest(baseDn,
-			goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
-			SearchFilter, SearchAttributes, nil)
-	}
-	searchResult, err := l.Conn.SearchWithPaging(searchReq, 100)
-	if err != nil {
-		return nil, err
-	}
-
-	if len(searchResult.Entries) == 0 {
-		return nil, errors.New("no result")
-	}
-
-	var ldapUsers []ldapUser
-
-	for _, entry := range searchResult.Entries {
-		var ldapUserItem ldapUser
-		for _, attribute := range entry.Attributes {
-			switch attribute.Name {
-			case "uidNumber":
-				ldapUserItem.UidNumber = attribute.Values[0]
-			case "uid":
-				ldapUserItem.Uid = attribute.Values[0]
-			case "sAMAccountName":
-				ldapUserItem.Uid = attribute.Values[0]
-			case "cn":
-				ldapUserItem.Cn = attribute.Values[0]
-			case "gidNumber":
-				ldapUserItem.GidNumber = attribute.Values[0]
-			case "entryUUID":
-				ldapUserItem.Uuid = attribute.Values[0]
-			case "objectGUID":
-				ldapUserItem.Uuid = attribute.Values[0]
-			case "mail":
-				ldapUserItem.Mail = attribute.Values[0]
-			case "email":
-				ldapUserItem.Email = attribute.Values[0]
-			case "emailAddress":
-				ldapUserItem.EmailAddress = attribute.Values[0]
-			case "telephoneNumber":
-				ldapUserItem.TelephoneNumber = attribute.Values[0]
-			case "mobile":
-				ldapUserItem.Mobile = attribute.Values[0]
-			case "mobileTelephoneNumber":
-				ldapUserItem.MobileTelephoneNumber = attribute.Values[0]
-			case "registeredAddress":
-				ldapUserItem.RegisteredAddress = attribute.Values[0]
-			case "postalAddress":
-				ldapUserItem.PostalAddress = attribute.Values[0]
-			}
-		}
-		ldapUsers = append(ldapUsers, ldapUserItem)
-	}
-
-	return ldapUsers, nil
-}
-
 func AddLdap(ldap *Ldap) bool {
 	if len(ldap.Id) == 0 {
 		ldap.Id = util.GenerateId()
@@ -307,12 +57,12 @@ func AddLdap(ldap *Ldap) bool {
 func CheckLdapExist(ldap *Ldap) bool {
 	var result []*Ldap
 	err := adapter.Engine.Find(&result, &Ldap{
-		Owner:  ldap.Owner,
-		Host:   ldap.Host,
-		Port:   ldap.Port,
-		Admin:  ldap.Admin,
-		Passwd: ldap.Passwd,
-		BaseDn: ldap.BaseDn,
+		Owner:    ldap.Owner,
+		Host:     ldap.Host,
+		Port:     ldap.Port,
+		Username: ldap.Username,
+		Password: ldap.Password,
+		BaseDn:   ldap.BaseDn,
 	})
 	if err != nil {
 		panic(err)
@@ -359,7 +109,7 @@ func UpdateLdap(ldap *Ldap) bool {
 	}

 	affected, err := adapter.Engine.ID(ldap.Id).Cols("owner", "server_name", "host",
-		"port", "enable_ssl", "admin", "passwd", "base_dn", "auto_sync").Update(ldap)
+		"port", "enable_ssl", "username", "password", "base_dn", "filter", "filter_fields", "auto_sync").Update(ldap)
 	if err != nil {
 		panic(err)
 	}
@@ -375,123 +125,3 @@ func DeleteLdap(ldap *Ldap) bool {

 	return affected != 0
 }
-
-func SyncLdapUsers(owner string, users []LdapRespUser, ldapId string) (*[]LdapRespUser, *[]LdapRespUser) {
-	var existUsers []LdapRespUser
-	var failedUsers []LdapRespUser
-	var uuids []string
-
-	for _, user := range users {
-		uuids = append(uuids, user.Uuid)
-	}
-
-	existUuids := CheckLdapUuidExist(owner, uuids)
-
-	organization := getOrganization("admin", owner)
-	ldap := GetLdap(ldapId)
-
-	var dc []string
-	for _, basedn := range strings.Split(ldap.BaseDn, ",") {
-		if strings.Contains(basedn, "dc=") {
-			dc = append(dc, basedn[3:])
-		}
-	}
-	affiliation := strings.Join(dc, ".")
-
-	var ou []string
-	for _, admin := range strings.Split(ldap.Admin, ",") {
-		if strings.Contains(admin, "ou=") {
-			ou = append(ou, admin[3:])
-		}
-	}
-	tag := strings.Join(ou, ".")
-
-	for _, user := range users {
-		found := false
-		if len(existUuids) > 0 {
-			for _, existUuid := range existUuids {
-				if user.Uuid == existUuid {
-					existUsers = append(existUsers, user)
-					found = true
-				}
-			}
-		}
-
-		if !found && !AddUser(&User{
-			Owner:       owner,
-			Name:        buildLdapUserName(user.Uid, user.UidNumber),
-			CreatedTime: util.GetCurrentTime(),
-			DisplayName: user.Cn,
-			Avatar:      organization.DefaultAvatar,
-			Email:       user.Email,
-			Phone:       user.Phone,
-			Address:     []string{user.Address},
-			Affiliation: affiliation,
-			Tag:         tag,
-			Score:       beego.AppConfig.DefaultInt("initScore", 2000),
-			Ldap:        user.Uuid,
-		}) {
-			failedUsers = append(failedUsers, user)
-			continue
-		}
-	}
-
-	return &existUsers, &failedUsers
-}
-
-func UpdateLdapSyncTime(ldapId string) {
-	_, err := adapter.Engine.ID(ldapId).Update(&Ldap{LastSync: util.GetCurrentTime()})
-	if err != nil {
-		panic(err)
-	}
-}
-
-func CheckLdapUuidExist(owner string, uuids []string) []string {
-	var results []User
-	var existUuids []string
-	existUuidSet := make(map[string]struct{})
-
-	//whereStr := ""
-	//for i, uuid := range uuids {
-	//	if i == 0 {
-	//		whereStr = fmt.Sprintf("'%s'", uuid)
-	//	} else {
-	//		whereStr = fmt.Sprintf(",'%s'", uuid)
-	//	}
-	//}
-
-	err := adapter.Engine.Where(fmt.Sprintf("ldap IN (%s) AND owner = ?", "'"+strings.Join(uuids, "','")+"'"), owner).Find(&results)
-	if err != nil {
-		panic(err)
-	}
-
-	if len(results) > 0 {
-		for _, result := range results {
-			existUuidSet[result.Ldap] = struct{}{}
-		}
-	}
-
-	for uuid := range existUuidSet {
-		existUuids = append(existUuids, uuid)
-	}
-	return existUuids
-}
-
-func buildLdapUserName(uid, uidNum string) string {
-	var result User
-	uidWithNumber := fmt.Sprintf("%s_%s", uid, uidNum)
-
-	has, err := adapter.Engine.Where("name = ? or name = ?", uid, uidWithNumber).Get(&result)
-	if err != nil {
-		panic(err)
-	}
-
-	if has {
-		if result.Name == uid {
-			return uidWithNumber
-		}
-		return fmt.Sprintf("%s_%s", uidWithNumber, randstr.Hex(6))
-	}
-
-	return uid
-}
--- a/object/ldap_autosync.go
+++ b/object/ldap_autosync.go
@@ -82,7 +82,7 @@ func (l *LdapAutoSynchronizer) syncRoutine(ldap *Ldap, stopChan chan struct{}) {
 			continue
 		}

-		users, err := conn.GetLdapUsers(ldap.BaseDn)
+		users, err := conn.GetLdapUsers(ldap)
 		if err != nil {
 			logs.Warning(fmt.Sprintf("autoSync failed for %s, error %s", ldap.Id, err))
 			continue
@@ -112,3 +112,10 @@ func (l *LdapAutoSynchronizer) LdapAutoSynchronizerStartUpAll() {
 		}
 	}
 }
+
+func UpdateLdapSyncTime(ldapId string) {
+	_, err := adapter.Engine.ID(ldapId).Update(&Ldap{LastSync: util.GetCurrentTime()})
+	if err != nil {
+		panic(err)
+	}
+}
--- a/object/ldap_conn.go
+++ b/object/ldap_conn.go
@@ -0,0 +1,403 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/beego/beego"
+	"github.com/casdoor/casdoor/util"
+	goldap "github.com/go-ldap/ldap/v3"
+	"github.com/thanhpk/randstr"
+)
+
+type LdapConn struct {
+	Conn *goldap.Conn
+	IsAD bool
+}
+
+//type ldapGroup struct {
+//	GidNumber string
+//	Cn        string
+//}
+
+type ldapUser struct {
+	UidNumber string
+	Uid       string
+	Cn        string
+	GidNumber string
+	// Gcn                   string
+	Uuid                  string
+	DisplayName           string
+	Mail                  string
+	Email                 string
+	EmailAddress          string
+	TelephoneNumber       string
+	Mobile                string
+	MobileTelephoneNumber string
+	RegisteredAddress     string
+	PostalAddress         string
+}
+
+type LdapRespUser struct {
+	UidNumber string `json:"uidNumber"`
+	Uid       string `json:"uid"`
+	Cn        string `json:"cn"`
+	GroupId   string `json:"groupId"`
+	// GroupName string `json:"groupName"`
+	Uuid        string `json:"uuid"`
+	DisplayName string `json:"displayName"`
+	Email       string `json:"email"`
+	Phone       string `json:"phone"`
+	Address     string `json:"address"`
+}
+
+func (ldap *Ldap) GetLdapConn() (c *LdapConn, err error) {
+	var conn *goldap.Conn
+	if ldap.EnableSsl {
+		conn, err = goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port), nil)
+	} else {
+		conn, err = goldap.Dial("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port))
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	err = conn.Bind(ldap.Username, ldap.Password)
+	if err != nil {
+		return nil, err
+	}
+
+	isAD, err := isMicrosoftAD(conn)
+	if err != nil {
+		return nil, err
+	}
+	return &LdapConn{Conn: conn, IsAD: isAD}, nil
+}
+
+func isMicrosoftAD(Conn *goldap.Conn) (bool, error) {
+	SearchFilter := "(objectClass=*)"
+	SearchAttributes := []string{"vendorname", "vendorversion", "isGlobalCatalogReady", "forestFunctionality"}
+
+	searchReq := goldap.NewSearchRequest("",
+		goldap.ScopeBaseObject, goldap.NeverDerefAliases, 0, 0, false,
+		SearchFilter, SearchAttributes, nil)
+	searchResult, err := Conn.Search(searchReq)
+	if err != nil {
+		return false, err
+	}
+	if len(searchResult.Entries) == 0 {
+		return false, nil
+	}
+	isMicrosoft := false
+
+	type ldapServerType struct {
+		Vendorname           string
+		Vendorversion        string
+		IsGlobalCatalogReady string
+		ForestFunctionality  string
+	}
+	var ldapServerTypes ldapServerType
+	for _, entry := range searchResult.Entries {
+		for _, attribute := range entry.Attributes {
+			switch attribute.Name {
+			case "vendorname":
+				ldapServerTypes.Vendorname = attribute.Values[0]
+			case "vendorversion":
+				ldapServerTypes.Vendorversion = attribute.Values[0]
+			case "isGlobalCatalogReady":
+				ldapServerTypes.IsGlobalCatalogReady = attribute.Values[0]
+			case "forestFunctionality":
+				ldapServerTypes.ForestFunctionality = attribute.Values[0]
+			}
+		}
+	}
+	if ldapServerTypes.Vendorname == "" &&
+		ldapServerTypes.Vendorversion == "" &&
+		ldapServerTypes.IsGlobalCatalogReady == "TRUE" &&
+		ldapServerTypes.ForestFunctionality != "" {
+		isMicrosoft = true
+	}
+	return isMicrosoft, err
+}
+
+func (l *LdapConn) GetLdapUsers(ldapServer *Ldap) ([]ldapUser, error) {
+	SearchAttributes := []string{
+		"uidNumber", "cn", "sn", "gidNumber", "entryUUID", "displayName", "mail", "email",
+		"emailAddress", "telephoneNumber", "mobile", "mobileTelephoneNumber", "registeredAddress", "postalAddress",
+	}
+	if l.IsAD {
+		SearchAttributes = append(SearchAttributes, "sAMAccountName")
+	} else {
+		SearchAttributes = append(SearchAttributes, "uid")
+	}
+
+	searchReq := goldap.NewSearchRequest(ldapServer.BaseDn, goldap.ScopeWholeSubtree, goldap.NeverDerefAliases,
+		0, 0, false,
+		ldapServer.Filter, SearchAttributes, nil)
+	searchResult, err := l.Conn.SearchWithPaging(searchReq, 100)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(searchResult.Entries) == 0 {
+		return nil, errors.New("no result")
+	}
+
+	var ldapUsers []ldapUser
+	for _, entry := range searchResult.Entries {
+		var user ldapUser
+		for _, attribute := range entry.Attributes {
+			switch attribute.Name {
+			case "uidNumber":
+				user.UidNumber = attribute.Values[0]
+			case "uid":
+				user.Uid = attribute.Values[0]
+			case "sAMAccountName":
+				user.Uid = attribute.Values[0]
+			case "cn":
+				user.Cn = attribute.Values[0]
+			case "gidNumber":
+				user.GidNumber = attribute.Values[0]
+			case "entryUUID":
+				user.Uuid = attribute.Values[0]
+			case "objectGUID":
+				user.Uuid = attribute.Values[0]
+			case "displayName":
+				user.DisplayName = attribute.Values[0]
+			case "mail":
+				user.Mail = attribute.Values[0]
+			case "email":
+				user.Email = attribute.Values[0]
+			case "emailAddress":
+				user.EmailAddress = attribute.Values[0]
+			case "telephoneNumber":
+				user.TelephoneNumber = attribute.Values[0]
+			case "mobile":
+				user.Mobile = attribute.Values[0]
+			case "mobileTelephoneNumber":
+				user.MobileTelephoneNumber = attribute.Values[0]
+			case "registeredAddress":
+				user.RegisteredAddress = attribute.Values[0]
+			case "postalAddress":
+				user.PostalAddress = attribute.Values[0]
+			}
+		}
+		ldapUsers = append(ldapUsers, user)
+	}
+
+	return ldapUsers, nil
+}
+
+// FIXME: The Base DN does not necessarily contain the Group
+//
+//	func (l *ldapConn) GetLdapGroups(baseDn string) (map[string]ldapGroup, error) {
+//		SearchFilter := "(objectClass=posixGroup)"
+//		SearchAttributes := []string{"cn", "gidNumber"}
+//		groupMap := make(map[string]ldapGroup)
+//
+//		searchReq := goldap.NewSearchRequest(baseDn,
+//			goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
+//			SearchFilter, SearchAttributes, nil)
+//		searchResult, err := l.Conn.Search(searchReq)
+//		if err != nil {
+//			return nil, err
+//		}
+//
+//		if len(searchResult.Entries) == 0 {
+//			return nil, errors.New("no result")
+//		}
+//
+//		for _, entry := range searchResult.Entries {
+//			var ldapGroupItem ldapGroup
+//			for _, attribute := range entry.Attributes {
+//				switch attribute.Name {
+//				case "gidNumber":
+//					ldapGroupItem.GidNumber = attribute.Values[0]
+//					break
+//				case "cn":
+//					ldapGroupItem.Cn = attribute.Values[0]
+//					break
+//				}
+//			}
+//			groupMap[ldapGroupItem.GidNumber] = ldapGroupItem
+//		}
+//
+//		return groupMap, nil
+//	}
+
+func LdapUsersToLdapRespUsers(users []ldapUser) []LdapRespUser {
+	res := make([]LdapRespUser, 0)
+	for _, user := range users {
+		res = append(res, LdapRespUser{
+			UidNumber:   user.UidNumber,
+			Uid:         user.Uid,
+			Cn:          user.Cn,
+			GroupId:     user.GidNumber,
+			Uuid:        user.Uuid,
+			DisplayName: user.DisplayName,
+			Email:       util.ReturnAnyNotEmpty(user.Email, user.EmailAddress, user.Mail),
+			Phone:       util.ReturnAnyNotEmpty(user.Mobile, user.MobileTelephoneNumber, user.TelephoneNumber),
+			Address:     util.ReturnAnyNotEmpty(user.PostalAddress, user.RegisteredAddress),
+		})
+	}
+	return res
+}
+
+func SyncLdapUsers(owner string, respUsers []LdapRespUser, ldapId string) (*[]LdapRespUser, *[]LdapRespUser) {
+	var existUsers []LdapRespUser
+	var failedUsers []LdapRespUser
+	var uuids []string
+
+	for _, user := range respUsers {
+		uuids = append(uuids, user.Uuid)
+	}
+
+	existUuids := GetExistUuids(owner, uuids)
+
+	organization := getOrganization("admin", owner)
+	ldap := GetLdap(ldapId)
+
+	var dc []string
+	for _, basedn := range strings.Split(ldap.BaseDn, ",") {
+		if strings.Contains(basedn, "dc=") {
+			dc = append(dc, basedn[3:])
+		}
+	}
+	affiliation := strings.Join(dc, ".")
+
+	var ou []string
+	for _, admin := range strings.Split(ldap.Username, ",") {
+		if strings.Contains(admin, "ou=") {
+			ou = append(ou, admin[3:])
+		}
+	}
+	tag := strings.Join(ou, ".")
+
+	for _, respUser := range respUsers {
+		found := false
+		if len(existUuids) > 0 {
+			for _, existUuid := range existUuids {
+				if respUser.Uuid == existUuid {
+					existUsers = append(existUsers, respUser)
+					found = true
+				}
+			}
+		}
+
+		if !found {
+			newUser := &User{
+				Owner:       owner,
+				Name:        respUser.buildLdapUserName(),
+				CreatedTime: util.GetCurrentTime(),
+				DisplayName: respUser.buildLdapDisplayName(),
+				Avatar:      organization.DefaultAvatar,
+				Email:       respUser.Email,
+				Phone:       respUser.Phone,
+				Address:     []string{respUser.Address},
+				Affiliation: affiliation,
+				Tag:         tag,
+				Score:       beego.AppConfig.DefaultInt("initScore", 2000),
+				Ldap:        respUser.Uuid,
+			}
+
+			affected := AddUser(newUser)
+			if !affected {
+				failedUsers = append(failedUsers, respUser)
+				continue
+			}
+		}
+	}
+
+	return &existUsers, &failedUsers
+}
+
+func GetExistUuids(owner string, uuids []string) []string {
+	var users []User
+	var existUuids []string
+	existUuidSet := make(map[string]struct{})
+
+	err := adapter.Engine.Where(fmt.Sprintf("ldap IN (%s) AND owner = ?", "'"+strings.Join(uuids, "','")+"'"), owner).Find(&users)
+	if err != nil {
+		panic(err)
+	}
+
+	if len(users) > 0 {
+		for _, result := range users {
+			existUuidSet[result.Ldap] = struct{}{}
+		}
+	}
+
+	for uuid := range existUuidSet {
+		existUuids = append(existUuids, uuid)
+	}
+	return existUuids
+}
+
+func (ldapUser *LdapRespUser) buildLdapUserName() string {
+	user := User{}
+	uidWithNumber := fmt.Sprintf("%s_%s", ldapUser.Uid, ldapUser.UidNumber)
+	has, err := adapter.Engine.Where("name = ? or name = ?", ldapUser.Uid, uidWithNumber).Get(&user)
+	if err != nil {
+		panic(err)
+	}
+
+	if has {
+		if user.Name == ldapUser.Uid {
+			return uidWithNumber
+		}
+		return fmt.Sprintf("%s_%s", uidWithNumber, randstr.Hex(6))
+	}
+
+	return ldapUser.Uid
+}
+
+func (ldapUser *LdapRespUser) buildLdapDisplayName() string {
+	if ldapUser.DisplayName != "" {
+		return ldapUser.DisplayName
+	}
+
+	return ldapUser.Cn
+}
+
+func (ldap *Ldap) buildFilterString(user *User) string {
+	if len(ldap.FilterFields) == 0 {
+		return fmt.Sprintf("(&%s(uid=%s))", ldap.Filter, user.Name)
+	}
+
+	filter := fmt.Sprintf("(&%s(|", ldap.Filter)
+	for _, field := range ldap.FilterFields {
+		filter = fmt.Sprintf("%s(%s=%s)", filter, field, user.getFieldFromLdapAttribute(field))
+	}
+	filter = fmt.Sprintf("%s))", filter)
+
+	return filter
+}
+
+func (user *User) getFieldFromLdapAttribute(attribute string) string {
+	switch attribute {
+	case "uid":
+		return user.Name
+	case "mail":
+		return user.Email
+	case "mobile":
+		return user.Phone
+	default:
+		return ""
+	}
+}
--- a/object/message.go
+++ b/object/message.go
@@ -0,0 +1,157 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+
+	"github.com/casdoor/casdoor/util"
+	"github.com/xorm-io/core"
+)
+
+type Message struct {
+	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
+	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
+	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
+
+	Organization string `xorm:"varchar(100)" json:"organization"`
+	Chat         string `xorm:"varchar(100) index" json:"chat"`
+	Author       string `xorm:"varchar(100)" json:"author"`
+	Text         string `xorm:"mediumtext" json:"text"`
+}
+
+func GetMaskedMessage(message *Message) *Message {
+	if message == nil {
+		return nil
+	}
+
+	return message
+}
+
+func GetMaskedMessages(messages []*Message) []*Message {
+	for _, message := range messages {
+		message = GetMaskedMessage(message)
+	}
+	return messages
+}
+
+func GetMessageCount(owner, field, value string) int {
+	session := GetSession(owner, -1, -1, field, value, "", "")
+	count, err := session.Count(&Message{})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
+}
+
+func GetMessages(owner string) []*Message {
+	messages := []*Message{}
+	err := adapter.Engine.Desc("created_time").Find(&messages, &Message{Owner: owner})
+	if err != nil {
+		panic(err)
+	}
+
+	return messages
+}
+
+func GetChatMessages(chat string) []*Message {
+	messages := []*Message{}
+	err := adapter.Engine.Asc("created_time").Find(&messages, &Message{Chat: chat})
+	if err != nil {
+		panic(err)
+	}
+
+	return messages
+}
+
+func GetPaginationMessages(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Message {
+	messages := []*Message{}
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&messages)
+	if err != nil {
+		panic(err)
+	}
+
+	return messages
+}
+
+func getMessage(owner string, name string) *Message {
+	if owner == "" || name == "" {
+		return nil
+	}
+
+	message := Message{Owner: owner, Name: name}
+	existed, err := adapter.Engine.Get(&message)
+	if err != nil {
+		panic(err)
+	}
+
+	if existed {
+		return &message
+	} else {
+		return nil
+	}
+}
+
+func GetMessage(id string) *Message {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	return getMessage(owner, name)
+}
+
+func UpdateMessage(id string, message *Message) bool {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	if getMessage(owner, name) == nil {
+		return false
+	}
+
+	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(message)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func AddMessage(message *Message) bool {
+	affected, err := adapter.Engine.Insert(message)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func DeleteMessage(message *Message) bool {
+	affected, err := adapter.Engine.ID(core.PK{message.Owner, message.Name}).Delete(&Message{})
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func DeleteChatMessages(chat string) bool {
+	affected, err := adapter.Engine.Delete(&Message{Chat: chat})
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func (p *Message) GetId() string {
+	return fmt.Sprintf("%s/%s", p.Owner, p.Name)
+}
--- a/object/oidc_discovery.go
+++ b/object/oidc_discovery.go
@@ -18,6 +18,7 @@ import (
 	"crypto/x509"
 	"encoding/pem"
 	"fmt"
+	"net"
 	"strings"

 	"github.com/casdoor/casdoor/conf"
@@ -43,6 +44,26 @@ type OidcDiscovery struct {
 	EndSessionEndpoint                     string   `json:"end_session_endpoint"`
 }

+func isIpAddress(host string) bool {
+	// Attempt to split the host and port, ignoring the error
+	hostWithoutPort, _, err := net.SplitHostPort(host)
+	if err != nil {
+		// If an error occurs, it might be because there's no port
+		// In that case, use the original host string
+		hostWithoutPort = host
+	}
+
+	// Attempt to parse the host as an IP address (both IPv4 and IPv6)
+	ip := net.ParseIP(hostWithoutPort)
+	if ip != nil {
+		// The host is an IP address
+		return true
+	}
+
+	// The host is not an IP address
+	return false
+}
+
 func getOriginFromHost(host string) (string, string) {
 	origin := conf.GetConfigString("origin")
 	if origin != "" {
@@ -52,6 +73,8 @@ func getOriginFromHost(host string) (string, string) {
 	protocol := "https://"
 	if strings.HasPrefix(host, "localhost") {
 		protocol = "http://"
+	} else if isIpAddress(host) {
+		protocol = "http://"
 	}

 	if host == "localhost:8000" {
--- a/object/organization.go
+++ b/object/organization.go
@@ -16,7 +16,6 @@ package object

 import (
 	"fmt"
-	"strings"

 	"github.com/casdoor/casdoor/cred"
 	"github.com/casdoor/casdoor/i18n"
@@ -299,18 +298,16 @@ func organizationChangeTrigger(oldName string, newName string) error {
 	}
 	for i, u := range role.Users {
 		// u = organization/username
-		split := strings.Split(u, "/")
-		if split[0] == oldName {
-			split[0] = newName
-			role.Users[i] = split[0] + "/" + split[1]
+		owner, name := util.GetOwnerAndNameFromId(u)
+		if name == oldName {
+			role.Users[i] = util.GetId(owner, newName)
 		}
 	}
 	for i, u := range role.Roles {
 		// u = organization/username
-		split := strings.Split(u, "/")
-		if split[0] == oldName {
-			split[0] = newName
-			role.Roles[i] = split[0] + "/" + split[1]
+		owner, name := util.GetOwnerAndNameFromId(u)
+		if name == oldName {
+			role.Roles[i] = util.GetId(owner, newName)
 		}
 	}
 	role.Owner = newName
@@ -326,18 +323,16 @@ func organizationChangeTrigger(oldName string, newName string) error {
 	}
 	for i, u := range permission.Users {
 		// u = organization/username
-		split := strings.Split(u, "/")
-		if split[0] == oldName {
-			split[0] = newName
-			permission.Users[i] = split[0] + "/" + split[1]
+		owner, name := util.GetOwnerAndNameFromId(u)
+		if name == oldName {
+			permission.Users[i] = util.GetId(owner, newName)
 		}
 	}
 	for i, u := range permission.Roles {
 		// u = organization/username
-		split := strings.Split(u, "/")
-		if split[0] == oldName {
-			split[0] = newName
-			permission.Roles[i] = split[0] + "/" + split[1]
+		owner, name := util.GetOwnerAndNameFromId(u)
+		if name == oldName {
+			permission.Roles[i] = util.GetId(owner, newName)
 		}
 	}
 	permission.Owner = newName
--- a/object/permission_enforcer.go
+++ b/object/permission_enforcer.go
@@ -29,7 +29,10 @@ import (
 func getEnforcer(permission *Permission) *casbin.Enforcer {
 	tableName := "permission_rule"
 	if len(permission.Adapter) != 0 {
-		tableName = permission.Adapter
+		adapterObj := getCasbinAdapter(permission.Owner, permission.Adapter)
+		if adapterObj != nil && adapterObj.Table != "" {
+			tableName = adapterObj.Table
+		}
 	}
 	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
 	driverName := conf.GetConfigString("driverName")
@@ -130,7 +133,7 @@ func getGroupingPolicies(permission *Permission) [][]string {
 		for _, subUser := range roleObj.Users {
 			if domainExist {
 				for _, domain := range permission.Domains {
-					groupingPolicies = append(groupingPolicies, []string{subUser, domain, role, "", "", permissionId})
+					groupingPolicies = append(groupingPolicies, []string{subUser, role, domain, "", "", permissionId})
 				}
 			} else {
 				groupingPolicies = append(groupingPolicies, []string{subUser, role, "", "", "", permissionId})
@@ -140,7 +143,7 @@ func getGroupingPolicies(permission *Permission) [][]string {
 		for _, subRole := range roleObj.Roles {
 			if domainExist {
 				for _, domain := range permission.Domains {
-					groupingPolicies = append(groupingPolicies, []string{subRole, domain, role, "", "", permissionId})
+					groupingPolicies = append(groupingPolicies, []string{subRole, role, domain, "", "", permissionId})
 				}
 			} else {
 				groupingPolicies = append(groupingPolicies, []string{subRole, role, "", "", "", permissionId})
--- a/object/product_test.go
+++ b/object/product_test.go
@@ -30,7 +30,10 @@ func TestProduct(t *testing.T) {
 	product := GetProduct("admin/product_123")
 	provider := getProvider(product.Owner, "provider_pay_alipay")
 	cert := getCert(product.Owner, "cert-pay-alipay")
-	pProvider := pp.GetPaymentProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.Host, cert.Certificate, cert.PrivateKey, cert.AuthorityPublicKey, cert.AuthorityRootPublicKey)
+	pProvider, err := pp.GetPaymentProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.Host, cert.Certificate, cert.PrivateKey, cert.AuthorityPublicKey, cert.AuthorityRootPublicKey, provider.ClientId2)
+	if err != nil {
+		panic(err)
+	}

 	paymentName := util.GenerateTimeId()
 	returnUrl := ""
--- a/object/provider.go
+++ b/object/provider.go
@@ -221,6 +221,10 @@ func UpdateProvider(id string, provider *Provider) bool {
 	if provider.ClientSecret2 == "***" {
 		session = session.Omit("client_secret2")
 	}
+
+	provider.Endpoint = util.GetEndPoint(provider.Endpoint)
+	provider.IntranetEndpoint = util.GetEndPoint(provider.IntranetEndpoint)
+
 	affected, err := session.Update(provider)
 	if err != nil {
 		panic(err)
@@ -230,6 +234,9 @@ func UpdateProvider(id string, provider *Provider) bool {
 }

 func AddProvider(provider *Provider) bool {
+	provider.Endpoint = util.GetEndPoint(provider.Endpoint)
+	provider.IntranetEndpoint = util.GetEndPoint(provider.IntranetEndpoint)
+
 	affected, err := adapter.Engine.Insert(provider)
 	if err != nil {
 		panic(err)
@@ -256,7 +263,11 @@ func (p *Provider) getPaymentProvider() (pp.PaymentProvider, *Cert, error) {
 		}
 	}

-	pProvider := pp.GetPaymentProvider(p.Type, p.ClientId, p.ClientSecret, p.Host, cert.Certificate, cert.PrivateKey, cert.AuthorityPublicKey, cert.AuthorityRootPublicKey)
+	pProvider, err := pp.GetPaymentProvider(p.Type, p.ClientId, p.ClientSecret, p.Host, cert.Certificate, cert.PrivateKey, cert.AuthorityPublicKey, cert.AuthorityRootPublicKey, p.ClientId2)
+	if err != nil {
+		return nil, cert, err
+	}
+
 	if pProvider == nil {
 		return nil, cert, fmt.Errorf("the payment provider type: %s is not supported", p.Type)
 	}
--- a/object/role.go
+++ b/object/role.go
@@ -16,7 +16,6 @@ package object

 import (
 	"fmt"
-	"strings"

 	"github.com/casdoor/casdoor/util"
 	"github.com/xorm-io/core"
@@ -182,13 +181,12 @@ func roleChangeTrigger(oldName string, newName string) error {
 	}
 	for _, role := range roles {
 		for j, u := range role.Roles {
-			split := strings.Split(u, "/")
-			if split[1] == oldName {
-				split[1] = newName
-				role.Roles[j] = split[0] + "/" + split[1]
+			owner, name := util.GetOwnerAndNameFromId(u)
+			if name == oldName {
+				role.Roles[j] = util.GetId(owner, newName)
 			}
 		}
-		_, err = session.Where("name=?", role.Name).Update(role)
+		_, err = session.Where("name=?", role.Name).And("owner=?", role.Owner).Update(role)
 		if err != nil {
 			return err
 		}
@@ -202,13 +200,12 @@ func roleChangeTrigger(oldName string, newName string) error {
 	for _, permission := range permissions {
 		for j, u := range permission.Roles {
 			// u = organization/username
-			split := strings.Split(u, "/")
-			if split[1] == oldName {
-				split[1] = newName
-				permission.Roles[j] = split[0] + "/" + split[1]
+			owner, name := util.GetOwnerAndNameFromId(u)
+			if name == oldName {
+				permission.Roles[j] = util.GetId(owner, newName)
 			}
 		}
-		_, err = session.Where("name=?", permission.Name).Update(permission)
+		_, err = session.Where("name=?", permission.Name).And("owner=?", permission.Owner).Update(permission)
 		if err != nil {
 			return err
 		}
--- a/object/saml_sp.go
+++ b/object/saml_sp.go
@@ -23,29 +23,32 @@ import (
 	"regexp"
 	"strings"

-	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/i18n"
 	saml2 "github.com/russellhaering/gosaml2"
 	dsig "github.com/russellhaering/goxmldsig"
 )

-func ParseSamlResponse(samlResponse string, providerType string) (string, error) {
+func ParseSamlResponse(samlResponse string, provider *Provider, host string) (string, error) {
 	samlResponse, _ = url.QueryUnescape(samlResponse)
-	sp, err := buildSp(&Provider{Type: providerType}, samlResponse)
+	sp, err := buildSp(provider, samlResponse, host)
 	if err != nil {
 		return "", err
 	}
-	assertionInfo, err := sp.RetrieveAssertionInfo(samlResponse)

+	assertionInfo, err := sp.RetrieveAssertionInfo(samlResponse)
+	if err != nil {
+		return "", err
+	}
 	return assertionInfo.NameID, err
 }

-func GenerateSamlLoginUrl(id, relayState, lang string) (auth string, method string, err error) {
+func GenerateSamlRequest(id, relayState, host, lang string) (auth string, method string, err error) {
 	provider := GetProvider(id)
 	if provider.Category != "SAML" {
 		return "", "", fmt.Errorf(i18n.Translate(lang, "saml_sp:provider %s's category is not SAML"), provider.Name)
 	}
-	sp, err := buildSp(provider, "")
+
+	sp, err := buildSp(provider, "", host)
 	if err != nil {
 		return "", "", err
 	}
@@ -67,35 +70,22 @@ func GenerateSamlLoginUrl(id, relayState, lang string) (auth string, method stri
 	return auth, method, nil
 }

-func buildSp(provider *Provider, samlResponse string) (*saml2.SAMLServiceProvider, error) {
-	origin := conf.GetConfigString("origin")
+func buildSp(provider *Provider, samlResponse string, host string) (*saml2.SAMLServiceProvider, error) {
+	_, origin := getOriginFromHost(host)

-	certStore := dsig.MemoryX509CertificateStore{
-		Roots: []*x509.Certificate{},
-	}
-
-	certEncodedData := ""
-	if samlResponse != "" {
-		certEncodedData = parseSamlResponse(samlResponse, provider.Type)
-	} else if provider.IdP != "" {
-		certEncodedData = provider.IdP
-	}
-	certData, err := base64.StdEncoding.DecodeString(certEncodedData)
+	certStore, err := buildSpCertificateStore(provider, samlResponse)
 	if err != nil {
 		return nil, err
 	}
-	idpCert, err := x509.ParseCertificate(certData)
-	if err != nil {
-		return nil, err
-	}
-	certStore.Roots = append(certStore.Roots, idpCert)
+
 	sp := &saml2.SAMLServiceProvider{
 		ServiceProviderIssuer:       fmt.Sprintf("%s/api/acs", origin),
 		AssertionConsumerServiceURL: fmt.Sprintf("%s/api/acs", origin),
-		IDPCertificateStore:         &certStore,
 		SignAuthnRequests:           false,
+		IDPCertificateStore:         &certStore,
 		SPKeyStore:                  dsig.RandomKeyStoreForTest(),
 	}
+
 	if provider.Endpoint != "" {
 		sp.IdentityProviderSSOURL = provider.Endpoint
 		sp.IdentityProviderIssuer = provider.IssuerUrl
@@ -104,10 +94,45 @@ func buildSp(provider *Provider, samlResponse string) (*saml2.SAMLServiceProvide
 		sp.SignAuthnRequests = true
 		sp.SPKeyStore = buildSpKeyStore()
 	}
+
 	return sp, nil
 }

-func parseSamlResponse(samlResponse string, providerType string) string {
+func buildSpKeyStore() dsig.X509KeyStore {
+	keyPair, err := tls.LoadX509KeyPair("object/token_jwt_key.pem", "object/token_jwt_key.key")
+	if err != nil {
+		panic(err)
+	}
+	return &dsig.TLSCertKeyStore{
+		PrivateKey:  keyPair.PrivateKey,
+		Certificate: keyPair.Certificate,
+	}
+}
+
+func buildSpCertificateStore(provider *Provider, samlResponse string) (dsig.MemoryX509CertificateStore, error) {
+	certEncodedData := ""
+	if samlResponse != "" {
+		certEncodedData = getCertificateFromSamlResponse(samlResponse, provider.Type)
+	} else if provider.IdP != "" {
+		certEncodedData = provider.IdP
+	}
+
+	certData, err := base64.StdEncoding.DecodeString(certEncodedData)
+	if err != nil {
+		return dsig.MemoryX509CertificateStore{}, err
+	}
+	idpCert, err := x509.ParseCertificate(certData)
+	if err != nil {
+		return dsig.MemoryX509CertificateStore{}, err
+	}
+
+	certStore := dsig.MemoryX509CertificateStore{
+		Roots: []*x509.Certificate{idpCert},
+	}
+	return certStore, nil
+}
+
+func getCertificateFromSamlResponse(samlResponse string, providerType string) string {
 	de, err := base64.StdEncoding.DecodeString(samlResponse)
 	if err != nil {
 		panic(err)
@@ -122,14 +147,3 @@ func parseSamlResponse(samlResponse string, providerType string) string {
 	res := regexp.MustCompile(expression).FindStringSubmatch(deStr)
 	return res[1]
 }
-
-func buildSpKeyStore() dsig.X509KeyStore {
-	keyPair, err := tls.LoadX509KeyPair("object/token_jwt_key.pem", "object/token_jwt_key.key")
-	if err != nil {
-		panic(err)
-	}
-	return &dsig.TLSCertKeyStore{
-		PrivateKey:  keyPair.PrivateKey,
-		Certificate: keyPair.Certificate,
-	}
-}
--- a/object/user.go
+++ b/object/user.go
@@ -15,10 +15,12 @@
 package object

 import (
+	"bytes"
 	"fmt"
 	"strings"

 	"github.com/casdoor/casdoor/conf"
+	"github.com/casdoor/casdoor/proxy"
 	"github.com/casdoor/casdoor/util"
 	"github.com/go-webauthn/webauthn/webauthn"
 	"github.com/xorm-io/core"
@@ -48,6 +50,7 @@ type User struct {
 	EmailVerified     bool     `json:"emailVerified"`
 	Phone             string   `xorm:"varchar(20) index" json:"phone"`
 	CountryCode       string   `xorm:"varchar(6)" json:"countryCode"`
+	Region            string   `xorm:"varchar(100)" json:"region"`
 	Location          string   `xorm:"varchar(100)" json:"location"`
 	Address           []string `json:"address"`
 	Affiliation       string   `xorm:"varchar(100)" json:"affiliation"`
@@ -57,7 +60,6 @@ type User struct {
 	Homepage          string   `xorm:"varchar(100)" json:"homepage"`
 	Bio               string   `xorm:"varchar(100)" json:"bio"`
 	Tag               string   `xorm:"varchar(100)" json:"tag"`
-	Region            string   `xorm:"varchar(100)" json:"region"`
 	Language          string   `xorm:"varchar(100)" json:"language"`
 	Gender            string   `xorm:"varchar(100)" json:"gender"`
 	Birthday          string   `xorm:"varchar(100)" json:"birthday"`
@@ -449,7 +451,7 @@ func UpdateUser(id string, user *User, columns []string, isGlobalAdmin bool) boo
 	if len(columns) == 0 {
 		columns = []string{
 			"owner", "display_name", "avatar",
-			"location", "address", "country_code", "region", "language", "affiliation", "title", "homepage", "bio", "score", "tag", "signup_application",
+			"location", "address", "country_code", "region", "language", "affiliation", "title", "homepage", "bio", "tag", "language", "gender", "birthday", "education", "score", "karma", "ranking", "signup_application",
 			"is_admin", "is_global_admin", "is_forbidden", "is_deleted", "hash", "is_default_avatar", "properties", "webauthnCredentials", "managedAccounts",
 			"signin_wrong_times", "last_signin_wrong_time",
 		}
@@ -513,7 +515,10 @@ func AddUser(user *User) bool {
 	user.UpdateUserHash()
 	user.PreHash = user.Hash

-	user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar, false)
+	updated := user.refreshAvatar()
+	if updated && user.PermanentAvatar != "*" {
+		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar, false)
+	}

 	user.Ranking = GetUserCount(user.Owner, "", "") + 1

@@ -652,13 +657,12 @@ func userChangeTrigger(oldName string, newName string) error {
 	for _, role := range roles {
 		for j, u := range role.Users {
 			// u = organization/username
-			split := strings.Split(u, "/")
-			if split[1] == oldName {
-				split[1] = newName
-				role.Users[j] = split[0] + "/" + split[1]
+			owner, name := util.GetOwnerAndNameFromId(u)
+			if name == oldName {
+				role.Users[j] = util.GetId(owner, newName)
 			}
 		}
-		_, err = session.Where("name=?", role.Name).Update(role)
+		_, err = session.Where("name=?", role.Name).And("owner=?", role.Owner).Update(role)
 		if err != nil {
 			return err
 		}
@@ -672,13 +676,12 @@ func userChangeTrigger(oldName string, newName string) error {
 	for _, permission := range permissions {
 		for j, u := range permission.Users {
 			// u = organization/username
-			split := strings.Split(u, "/")
-			if split[1] == oldName {
-				split[1] = newName
-				permission.Users[j] = split[0] + "/" + split[1]
+			owner, name := util.GetOwnerAndNameFromId(u)
+			if name == oldName {
+				permission.Users[j] = util.GetId(owner, newName)
 			}
 		}
-		_, err = session.Where("name=?", permission.Name).Update(permission)
+		_, err = session.Where("name=?", permission.Name).And("owner=?", permission.Owner).Update(permission)
 		if err != nil {
 			return err
 		}
@@ -693,3 +696,40 @@ func userChangeTrigger(oldName string, newName string) error {

 	return session.Commit()
 }
+
+func (user *User) refreshAvatar() bool {
+	var err error
+	var fileBuffer *bytes.Buffer
+	var ext string
+
+	// Gravatar + Identicon
+	if strings.Contains(user.Avatar, "Gravatar") && user.Email != "" {
+		client := proxy.ProxyHttpClient
+		has, err := hasGravatar(client, user.Email)
+		if err != nil {
+			panic(err)
+		}
+
+		if has {
+			fileBuffer, ext, err = getGravatarFileBuffer(client, user.Email)
+			if err != nil {
+				panic(err)
+			}
+		}
+	}
+
+	if fileBuffer == nil && strings.Contains(user.Avatar, "Identicon") {
+		fileBuffer, ext, err = getIdenticonFileBuffer(user.Name)
+		if err != nil {
+			panic(err)
+		}
+	}
+
+	if fileBuffer != nil {
+		avatarUrl := getPermanentAvatarUrlFromBuffer(user.Owner, user.Name, fileBuffer, ext, true)
+		user.Avatar = avatarUrl
+		return true
+	}
+
+	return false
+}
--- a/object/user_util.go
+++ b/object/user_util.go
@@ -131,6 +131,12 @@ func SetUserOAuthProperties(organization *Organization, user *User, providerType
 		if user.DisplayName == "" {
 			user.DisplayName = userInfo.DisplayName
 		}
+	} else if user.DisplayName == "" {
+		if userInfo.Username != "" {
+			user.DisplayName = userInfo.Username
+		} else {
+			user.DisplayName = userInfo.Id
+		}
 	}
 	if userInfo.Email != "" {
 		propertyName := fmt.Sprintf("oauth_%s_email", providerType)
--- a/object/verification.go
+++ b/object/verification.go
@@ -18,6 +18,7 @@ import (
 	"errors"
 	"fmt"
 	"math/rand"
+	"strings"
 	"time"

 	"github.com/casdoor/casdoor/conf"
@@ -38,6 +39,11 @@ const (
 	timeoutError            = 3
 )

+const (
+	VerifyTypePhone = "phone"
+	VerifyTypeEmail = "email"
+)
+
 type VerificationRecord struct {
 	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
@@ -213,6 +219,14 @@ func CheckSigninCode(user *User, dest, code, lang string) string {
 	}
 }

+func GetVerifyType(username string) (verificationCodeType string) {
+	if strings.Contains(username, "@") {
+		return VerifyTypeEmail
+	} else {
+		return VerifyTypeEmail
+	}
+}
+
 // From Casnode/object/validateCode.go line 116
 var stdNums = []byte("0123456789")

--- a/pp/alipay.go
+++ b/pp/alipay.go
@@ -28,21 +28,21 @@ type AlipayPaymentProvider struct {
 	Client *alipay.Client
 }

-func NewAlipayPaymentProvider(appId string, appCertificate string, appPrivateKey string, authorityPublicKey string, authorityRootPublicKey string) *AlipayPaymentProvider {
+func NewAlipayPaymentProvider(appId string, appCertificate string, appPrivateKey string, authorityPublicKey string, authorityRootPublicKey string) (*AlipayPaymentProvider, error) {
 	pp := &AlipayPaymentProvider{}

 	client, err := alipay.NewClient(appId, appPrivateKey, true)
 	if err != nil {
-		panic(err)
+		return nil, err
 	}

 	err = client.SetCertSnByContent([]byte(appCertificate), []byte(authorityRootPublicKey), []byte(authorityPublicKey))
 	if err != nil {
-		panic(err)
+		return nil, err
 	}

 	pp.Client = client
-	return pp
+	return pp, nil
 }

 func (pp *AlipayPaymentProvider) Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, returnUrl string, notifyUrl string) (string, error) {
--- a/pp/provider.go
+++ b/pp/provider.go
@@ -22,11 +22,23 @@ type PaymentProvider interface {
 	GetInvoice(paymentName string, personName string, personIdCard string, personEmail string, personPhone string, invoiceType string, invoiceTitle string, invoiceTaxId string) (string, error)
 }

-func GetPaymentProvider(typ string, appId string, clientSecret string, host string, appCertificate string, appPrivateKey string, authorityPublicKey string, authorityRootPublicKey string) PaymentProvider {
+func GetPaymentProvider(typ string, appId string, clientSecret string, host string, appCertificate string, appPrivateKey string, authorityPublicKey string, authorityRootPublicKey string, clientId2 string) (PaymentProvider, error) {
 	if typ == "Alipay" {
-		return NewAlipayPaymentProvider(appId, appCertificate, appPrivateKey, authorityPublicKey, authorityRootPublicKey)
+		newAlipayPaymentProvider, err := NewAlipayPaymentProvider(appId, appCertificate, appPrivateKey, authorityPublicKey, authorityRootPublicKey)
+		if err != nil {
+			return nil, err
+		}
+		return newAlipayPaymentProvider, nil
 	} else if typ == "GC" {
-		return NewGcPaymentProvider(appId, clientSecret, host)
+		return NewGcPaymentProvider(appId, clientSecret, host), nil
+	} else if typ == "WeChat Pay" {
+		// appId, mchId, mchCertSerialNumber, apiV3Key, privateKey
+		newWechatPaymentProvider, err := NewWechatPaymentProvider(clientId2, appId, appCertificate, clientSecret, appPrivateKey)
+		if err != nil {
+			return nil, err
+		}
+		return newWechatPaymentProvider, nil
 	}
-	return nil
+
+	return nil, nil
 }
--- a/pp/wechatpay.go
+++ b/pp/wechatpay.go
@@ -0,0 +1,102 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package pp
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/casdoor/casdoor/util"
+	"github.com/go-pay/gopay"
+	"github.com/go-pay/gopay/wechat/v3"
+)
+
+type WechatPaymentProvider struct {
+	ClientV3 *wechat.ClientV3
+	appId    string
+}
+
+func NewWechatPaymentProvider(appId string, mchId string, mchCertSerialNumber string, apiV3Key string, privateKey string) (*WechatPaymentProvider, error) {
+	pp := &WechatPaymentProvider{appId: appId}
+
+	clientV3, err := wechat.NewClientV3(mchId, mchCertSerialNumber, apiV3Key, privateKey)
+	if err != nil {
+		return nil, err
+	}
+
+	err = clientV3.AutoVerifySign()
+	if err != nil {
+		return nil, err
+	}
+	pp.ClientV3 = clientV3
+	return pp, nil
+}
+
+func (pp *WechatPaymentProvider) Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, returnUrl string, notifyUrl string) (string, error) {
+	// pp.Client.DebugSwitch = gopay.DebugOn
+
+	bm := gopay.BodyMap{}
+
+	bm.Set("providerName", providerName)
+	bm.Set("productName", productName)
+
+	bm.Set("return_url", returnUrl)
+	bm.Set("notify_url", notifyUrl)
+
+	bm.Set("body", productDisplayName)
+	bm.Set("out_trade_no", paymentName)
+	bm.Set("total_fee", getPriceString(price))
+
+	wechatRsp, err := pp.ClientV3.V3TransactionJsapi(context.Background(), bm)
+	if err != nil {
+		return "", err
+	}
+
+	payUrl := fmt.Sprintf("https://open.weixin.qq.com/connect/oauth2/authorize?appid=%s&redirect_uri=%s&response_type=code&scope=snsapi_base&state=STATE#wechat_redirect", pp.appId, wechatRsp.Response.PrepayId)
+	return payUrl, nil
+}
+
+func (pp *WechatPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string) (string, string, float64, string, string, error) {
+	bm, err := wechat.V3ParseNotifyToBodyMap(request)
+	if err != nil {
+		return "", "", 0, "", "", err
+	}
+
+	providerName := bm.Get("providerName")
+	productName := bm.Get("productName")
+
+	productDisplayName := bm.Get("body")
+	paymentName := bm.Get("out_trade_no")
+	price := util.ParseFloat(bm.Get("total_fee"))
+
+	notifyReq, err := wechat.V3ParseNotify(request)
+	if err != nil {
+		panic(err)
+	}
+
+	cert := pp.ClientV3.WxPublicKey()
+
+	err = notifyReq.VerifySignByPK(cert)
+	if err != nil {
+		return "", "", 0, "", "", err
+	}
+
+	return productDisplayName, paymentName, price, productName, providerName, nil
+}
+
+func (pp *WechatPaymentProvider) GetInvoice(paymentName string, personName string, personIdCard string, personEmail string, personPhone string, invoiceType string, invoiceTitle string, invoiceTaxId string) (string, error) {
+	return "", nil
+}
--- a/routers/router.go
+++ b/routers/router.go
@@ -57,6 +57,7 @@ func initAPI() {
 	beego.Router("/api/saml/metadata", &controllers.ApiController{}, "GET:GetSamlMeta")
 	beego.Router("/api/webhook", &controllers.ApiController{}, "POST:HandleOfficialAccountEvent")
 	beego.Router("/api/get-webhook-event", &controllers.ApiController{}, "GET:GetWebhookEventType")
+	beego.Router("/api/get-captcha-status", &controllers.ApiController{}, "GET:GetCaptchaStatus")

 	beego.Router("/api/get-organizations", &controllers.ApiController{}, "GET:GetOrganizations")
 	beego.Router("/api/get-organization", &controllers.ApiController{}, "GET:GetOrganization")
@@ -115,6 +116,7 @@ func initAPI() {
 	beego.Router("/api/check-user-password", &controllers.ApiController{}, "POST:CheckUserPassword")
 	beego.Router("/api/get-email-and-phone", &controllers.ApiController{}, "GET:GetEmailAndPhone")
 	beego.Router("/api/send-verification-code", &controllers.ApiController{}, "POST:SendVerificationCode")
+	beego.Router("/api/verify-code", &controllers.ApiController{}, "POST:VerifyCode")
 	beego.Router("/api/verify-captcha", &controllers.ApiController{}, "POST:VerifyCaptcha")
 	beego.Router("/api/reset-email-or-phone", &controllers.ApiController{}, "POST:ResetEmailOrPhone")
 	beego.Router("/api/get-captcha", &controllers.ApiController{}, "GET:GetCaptcha")
@@ -154,7 +156,6 @@ func initAPI() {
 	beego.Router("/api/update-token", &controllers.ApiController{}, "POST:UpdateToken")
 	beego.Router("/api/add-token", &controllers.ApiController{}, "POST:AddToken")
 	beego.Router("/api/delete-token", &controllers.ApiController{}, "POST:DeleteToken")
-	beego.Router("/api/login/oauth/code", &controllers.ApiController{}, "POST:GetOAuthCode")
 	beego.Router("/api/login/oauth/access_token", &controllers.ApiController{}, "POST:GetOAuthToken")
 	beego.Router("/api/login/oauth/refresh_token", &controllers.ApiController{}, "POST:RefreshToken")
 	beego.Router("/api/login/oauth/introspect", &controllers.ApiController{}, "POST:IntrospectToken")
@@ -188,6 +189,18 @@ func initAPI() {
 	beego.Router("/api/add-cert", &controllers.ApiController{}, "POST:AddCert")
 	beego.Router("/api/delete-cert", &controllers.ApiController{}, "POST:DeleteCert")

+	beego.Router("/api/get-chats", &controllers.ApiController{}, "GET:GetChats")
+	beego.Router("/api/get-chat", &controllers.ApiController{}, "GET:GetChat")
+	beego.Router("/api/update-chat", &controllers.ApiController{}, "POST:UpdateChat")
+	beego.Router("/api/add-chat", &controllers.ApiController{}, "POST:AddChat")
+	beego.Router("/api/delete-chat", &controllers.ApiController{}, "POST:DeleteChat")
+
+	beego.Router("/api/get-messages", &controllers.ApiController{}, "GET:GetMessages")
+	beego.Router("/api/get-message", &controllers.ApiController{}, "GET:GetMessage")
+	beego.Router("/api/update-message", &controllers.ApiController{}, "POST:UpdateMessage")
+	beego.Router("/api/add-message", &controllers.ApiController{}, "POST:AddMessage")
+	beego.Router("/api/delete-message", &controllers.ApiController{}, "POST:DeleteMessage")
+
 	beego.Router("/api/get-products", &controllers.ApiController{}, "GET:GetProducts")
 	beego.Router("/api/get-product", &controllers.ApiController{}, "GET:GetProduct")
 	beego.Router("/api/update-product", &controllers.ApiController{}, "POST:UpdateProduct")
--- a/routers/static_filter.go
+++ b/routers/static_filter.go
@@ -51,6 +51,12 @@ func StaticFilter(ctx *context.Context) {
 		path += urlPath
 	}

+	path2 := strings.TrimLeft(path, "web/build/images/")
+	if util.FileExist(path2) {
+		http.ServeFile(ctx.ResponseWriter, ctx.Request, path2)
+		return
+	}
+
 	if !util.FileExist(path) {
 		path = "web/build/index.html"
 	}
--- a/swagger/swagger.json
+++ b/swagger/swagger.json
@@ -99,6 +99,34 @@
                }
            }
        },
+        "/api/add-chat": {
+            "post": {
+                "tags": [
+                    "Chat API"
+                ],
+                "description": "add chat",
+                "operationId": "ApiController.AddChat",
+                "parameters": [
+                    {
+                        "in": "body",
+                        "name": "body",
+                        "description": "The details of the chat",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/object.Chat"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/controllers.Response"
+                        }
+                    }
+                }
+            }
+        },
        "/api/add-ldap": {
            "post": {
                "tags": [
@@ -107,6 +135,34 @@
                "operationId": "ApiController.AddLdap"
            }
        },
+        "/api/add-message": {
+            "post": {
+                "tags": [
+                    "Message API"
+                ],
+                "description": "add message",
+                "operationId": "ApiController.AddMessage",
+                "parameters": [
+                    {
+                        "in": "body",
+                        "name": "body",
+                        "description": "The details of the message",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/object.Message"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/controllers.Response"
+                        }
+                    }
+                }
+            }
+        },
        "/api/add-model": {
            "post": {
                "tags": [
@@ -496,6 +552,14 @@
            }
        },
        "/api/api/get-webhook-event": {
+            "get": {
+                "tags": [
+                    "GetCaptchaStatus API"
+                ],
+                "operationId": "ApiController.GetCaptchaStatus"
+            }
+        },
+        "/api/api/get-captcha-status": {
            "get": {
                "tags": [
                    "GetWebhookEventType API"
@@ -595,6 +659,14 @@
                }
            }
        },
+        "/api/api/verify-code": {
+            "post": {
+                "tags": [
+                    "Account API"
+                ],
+                "operationId": "ApiController.VerifyCode"
+            }
+        },
        "/api/api/webhook": {
            "post": {
                "tags": [
@@ -700,6 +772,34 @@
                }
            }
        },
+        "/api/delete-chat": {
+            "post": {
+                "tags": [
+                    "Chat API"
+                ],
+                "description": "delete chat",
+                "operationId": "ApiController.DeleteChat",
+                "parameters": [
+                    {
+                        "in": "body",
+                        "name": "body",
+                        "description": "The details of the chat",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/object.Chat"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/controllers.Response"
+                        }
+                    }
+                }
+            }
+        },
        "/api/delete-ldap": {
            "post": {
                "tags": [
@@ -708,6 +808,34 @@
                "operationId": "ApiController.DeleteLdap"
            }
        },
+        "/api/delete-message": {
+            "post": {
+                "tags": [
+                    "Message API"
+                ],
+                "description": "delete message",
+                "operationId": "ApiController.DeleteMessage",
+                "parameters": [
+                    {
+                        "in": "body",
+                        "name": "body",
+                        "description": "The details of the message",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/object.Message"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/controllers.Response"
+                        }
+                    }
+                }
+            }
+        },
        "/api/delete-model": {
            "post": {
                "tags": [
@@ -1234,6 +1362,61 @@
                }
            }
        },
+        "/api/get-chat": {
+            "get": {
+                "tags": [
+                    "Chat API"
+                ],
+                "description": "get chat",
+                "operationId": "ApiController.GetChat",
+                "parameters": [
+                    {
+                        "in": "query",
+                        "name": "id",
+                        "description": "The id ( owner/name ) of the chat",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/object.Chat"
+                        }
+                    }
+                }
+            }
+        },
+        "/api/get-chats": {
+            "get": {
+                "tags": [
+                    "Chat API"
+                ],
+                "description": "get chats",
+                "operationId": "ApiController.GetChats",
+                "parameters": [
+                    {
+                        "in": "query",
+                        "name": "owner",
+                        "description": "The owner of chats",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "type": "array",
+                            "items": {
+                                "$ref": "#/definitions/object.Chat"
+                            }
+                        }
+                    }
+                }
+            }
+        },
        "/api/get-default-application": {
            "get": {
                "tags": [
@@ -1357,6 +1540,61 @@
                "operationId": "ApiController.GetLdaps"
            }
        },
+        "/api/get-message": {
+            "get": {
+                "tags": [
+                    "Message API"
+                ],
+                "description": "get message",
+                "operationId": "ApiController.GetMessage",
+                "parameters": [
+                    {
+                        "in": "query",
+                        "name": "id",
+                        "description": "The id ( owner/name ) of the message",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/object.Message"
+                        }
+                    }
+                }
+            }
+        },
+        "/api/get-messages": {
+            "get": {
+                "tags": [
+                    "Message API"
+                ],
+                "description": "get messages",
+                "operationId": "ApiController.GetMessages",
+                "parameters": [
+                    {
+                        "in": "query",
+                        "name": "owner",
+                        "description": "The owner of messages",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "type": "array",
+                            "items": {
+                                "$ref": "#/definitions/object.Message"
+                            }
+                        }
+                    }
+                }
+            }
+        },
        "/api/get-model": {
            "get": {
                "tags": [
@@ -2587,67 +2825,6 @@
                }
            }
        },
-        "/api/login/oauth/code": {
-            "post": {
-                "tags": [
-                    "Token API"
-                ],
-                "description": "get OAuth code",
-                "operationId": "ApiController.GetOAuthCode",
-                "parameters": [
-                    {
-                        "in": "query",
-                        "name": "id",
-                        "description": "The id ( owner/name ) of user",
-                        "required": true,
-                        "type": "string"
-                    },
-                    {
-                        "in": "query",
-                        "name": "client_id",
-                        "description": "OAuth client id",
-                        "required": true,
-                        "type": "string"
-                    },
-                    {
-                        "in": "query",
-                        "name": "response_type",
-                        "description": "OAuth response type",
-                        "required": true,
-                        "type": "string"
-                    },
-                    {
-                        "in": "query",
-                        "name": "redirect_uri",
-                        "description": "OAuth redirect URI",
-                        "required": true,
-                        "type": "string"
-                    },
-                    {
-                        "in": "query",
-                        "name": "scope",
-                        "description": "OAuth scope",
-                        "required": true,
-                        "type": "string"
-                    },
-                    {
-                        "in": "query",
-                        "name": "state",
-                        "description": "OAuth state",
-                        "required": true,
-                        "type": "string"
-                    }
-                ],
-                "responses": {
-                    "200": {
-                        "description": "The Response object",
-                        "schema": {
-                            "$ref": "#/definitions/object.TokenWrapper"
-                        }
-                    }
-                }
-            }
-        },
        "/api/login/oauth/introspect": {
            "post": {
                "description": "The introspection endpoint is an OAuth 2.0 endpoint that takes a",
@@ -3056,6 +3233,41 @@
                }
            }
        },
+        "/api/update-chat": {
+            "post": {
+                "tags": [
+                    "Chat API"
+                ],
+                "description": "update chat",
+                "operationId": "ApiController.UpdateChat",
+                "parameters": [
+                    {
+                        "in": "query",
+                        "name": "id",
+                        "description": "The id ( owner/name ) of the chat",
+                        "required": true,
+                        "type": "string"
+                    },
+                    {
+                        "in": "body",
+                        "name": "body",
+                        "description": "The details of the chat",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/object.Chat"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/controllers.Response"
+                        }
+                    }
+                }
+            }
+        },
        "/api/update-ldap": {
            "post": {
                "tags": [
@@ -3064,6 +3276,41 @@
                "operationId": "ApiController.UpdateLdap"
            }
        },
+        "/api/update-message": {
+            "post": {
+                "tags": [
+                    "Message API"
+                ],
+                "description": "update message",
+                "operationId": "ApiController.UpdateMessage",
+                "parameters": [
+                    {
+                        "in": "query",
+                        "name": "id",
+                        "description": "The id ( owner/name ) of the message",
+                        "required": true,
+                        "type": "string"
+                    },
+                    {
+                        "in": "body",
+                        "name": "body",
+                        "description": "The details of the message",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/object.Message"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/controllers.Response"
+                        }
+                    }
+                }
+            }
+        },
        "/api/update-model": {
            "post": {
                "tags": [
@@ -3644,11 +3891,11 @@
        }
    },
    "definitions": {
-        "2306.0xc0003a4480.false": {
+        "2306.0xc0004a1410.false": {
            "title": "false",
            "type": "object"
        },
-        "2340.0xc0003a44b0.false": {
+        "2340.0xc0004a1440.false": {
            "title": "false",
            "type": "object"
        },
@@ -3782,10 +4029,10 @@
            "type": "object",
            "properties": {
                "data": {
-                    "$ref": "#/definitions/2306.0xc0003a4480.false"
+                    "$ref": "#/definitions/2306.0xc0004a1410.false"
                },
                "data2": {
-                    "$ref": "#/definitions/2340.0xc0003a44b0.false"
+                    "$ref": "#/definitions/2340.0xc0004a1440.false"
                },
                "msg": {
                    "type": "string"
@@ -4047,6 +4294,52 @@
                }
            }
        },
+        "object.Chat": {
+            "title": "Chat",
+            "type": "object",
+            "properties": {
+                "category": {
+                    "type": "string"
+                },
+                "createdTime": {
+                    "type": "string"
+                },
+                "displayName": {
+                    "type": "string"
+                },
+                "messageCount": {
+                    "type": "integer",
+                    "format": "int64"
+                },
+                "name": {
+                    "type": "string"
+                },
+                "organization": {
+                    "type": "string"
+                },
+                "owner": {
+                    "type": "string"
+                },
+                "type": {
+                    "type": "string"
+                },
+                "updatedTime": {
+                    "type": "string"
+                },
+                "user1": {
+                    "type": "string"
+                },
+                "user2": {
+                    "type": "string"
+                },
+                "users": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                }
+            }
+        },
        "object.Header": {
            "title": "Header",
            "type": "object",
@@ -4125,6 +4418,33 @@
                }
            }
        },
+        "object.Message": {
+            "title": "Message",
+            "type": "object",
+            "properties": {
+                "author": {
+                    "type": "string"
+                },
+                "chat": {
+                    "type": "string"
+                },
+                "createdTime": {
+                    "type": "string"
+                },
+                "name": {
+                    "type": "string"
+                },
+                "organization": {
+                    "type": "string"
+                },
+                "owner": {
+                    "type": "string"
+                },
+                "text": {
+                    "type": "string"
+                }
+            }
+        },
        "object.Model": {
            "title": "Model",
            "type": "object",
--- a/swagger/swagger.yml
+++ b/swagger/swagger.yml
@@ -64,11 +64,47 @@ paths:
          description: The Response object
          schema:
            $ref: '#/definitions/controllers.Response'
+  /api/add-chat:
+    post:
+      tags:
+      - Chat API
+      description: add chat
+      operationId: ApiController.AddChat
+      parameters:
+      - in: body
+        name: body
+        description: The details of the chat
+        required: true
+        schema:
+          $ref: '#/definitions/object.Chat'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/add-ldap:
    post:
      tags:
      - Account API
      operationId: ApiController.AddLdap
+  /api/add-message:
+    post:
+      tags:
+      - Message API
+      description: add message
+      operationId: ApiController.AddMessage
+      parameters:
+      - in: body
+        name: body
+        description: The details of the message
+        required: true
+        schema:
+          $ref: '#/definitions/object.Message'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/add-model:
    post:
      tags:
@@ -324,6 +360,11 @@ paths:
      tags:
      - GetWebhookEventType API
      operationId: ApiController.GetWebhookEventType
+  /api/api/get-captcha-status:
+    get:
+      tags:
+      - GetCaptchaStatus API
+      operationId: ApiController.GetCaptchaStatus
  /api/api/reset-email-or-phone:
    post:
      tags:
@@ -385,6 +426,11 @@ paths:
          description: object
          schema:
            $ref: '#/definitions/Response'
+  /api/api/verify-code:
+    post:
+      tags:
+      - Account API
+      operationId: ApiController.VerifyCode
  /api/api/webhook:
    post:
      tags:
@@ -453,11 +499,47 @@ paths:
          description: The Response object
          schema:
            $ref: '#/definitions/controllers.Response'
+  /api/delete-chat:
+    post:
+      tags:
+      - Chat API
+      description: delete chat
+      operationId: ApiController.DeleteChat
+      parameters:
+      - in: body
+        name: body
+        description: The details of the chat
+        required: true
+        schema:
+          $ref: '#/definitions/object.Chat'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/delete-ldap:
    post:
      tags:
      - Account API
      operationId: ApiController.DeleteLdap
+  /api/delete-message:
+    post:
+      tags:
+      - Message API
+      description: delete message
+      operationId: ApiController.DeleteMessage
+      parameters:
+      - in: body
+        name: body
+        description: The details of the message
+        required: true
+        schema:
+          $ref: '#/definitions/object.Message'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/delete-model:
    post:
      tags:
@@ -800,6 +882,42 @@ paths:
            type: array
            items:
              $ref: '#/definitions/object.Cert'
+  /api/get-chat:
+    get:
+      tags:
+      - Chat API
+      description: get chat
+      operationId: ApiController.GetChat
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of the chat
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/object.Chat'
+  /api/get-chats:
+    get:
+      tags:
+      - Chat API
+      description: get chats
+      operationId: ApiController.GetChats
+      parameters:
+      - in: query
+        name: owner
+        description: The owner of chats
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            type: array
+            items:
+              $ref: '#/definitions/object.Chat'
  /api/get-default-application:
    get:
      tags:
@@ -880,6 +998,42 @@ paths:
      tags:
      - Account API
      operationId: ApiController.GetLdaps
+  /api/get-message:
+    get:
+      tags:
+      - Message API
+      description: get message
+      operationId: ApiController.GetMessage
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of the message
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/object.Message'
+  /api/get-messages:
+    get:
+      tags:
+      - Message API
+      description: get messages
+      operationId: ApiController.GetMessages
+      parameters:
+      - in: query
+        name: owner
+        description: The owner of messages
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            type: array
+            items:
+              $ref: '#/definitions/object.Message'
  /api/get-model:
    get:
      tags:
@@ -1690,48 +1844,6 @@ paths:
          description: The Response object
          schema:
            $ref: '#/definitions/object.TokenError'
-  /api/login/oauth/code:
-    post:
-      tags:
-      - Token API
-      description: get OAuth code
-      operationId: ApiController.GetOAuthCode
-      parameters:
-      - in: query
-        name: id
-        description: The id ( owner/name ) of user
-        required: true
-        type: string
-      - in: query
-        name: client_id
-        description: OAuth client id
-        required: true
-        type: string
-      - in: query
-        name: response_type
-        description: OAuth response type
-        required: true
-        type: string
-      - in: query
-        name: redirect_uri
-        description: OAuth redirect URI
-        required: true
-        type: string
-      - in: query
-        name: scope
-        description: OAuth scope
-        required: true
-        type: string
-      - in: query
-        name: state
-        description: OAuth state
-        required: true
-        type: string
-      responses:
-        "200":
-          description: The Response object
-          schema:
-            $ref: '#/definitions/object.TokenWrapper'
  /api/login/oauth/introspect:
    post:
      description: The introspection endpoint is an OAuth 2.0 endpoint that takes a
@@ -2001,11 +2113,57 @@ paths:
          description: The Response object
          schema:
            $ref: '#/definitions/controllers.Response'
+  /api/update-chat:
+    post:
+      tags:
+      - Chat API
+      description: update chat
+      operationId: ApiController.UpdateChat
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of the chat
+        required: true
+        type: string
+      - in: body
+        name: body
+        description: The details of the chat
+        required: true
+        schema:
+          $ref: '#/definitions/object.Chat'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/update-ldap:
    post:
      tags:
      - Account API
      operationId: ApiController.UpdateLdap
+  /api/update-message:
+    post:
+      tags:
+      - Message API
+      description: update message
+      operationId: ApiController.UpdateMessage
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of the message
+        required: true
+        type: string
+      - in: body
+        name: body
+        description: The details of the message
+        required: true
+        schema:
+          $ref: '#/definitions/object.Message'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/update-model:
    post:
      tags:
@@ -2385,10 +2543,10 @@ paths:
          schema:
            $ref: '#/definitions/Response'
 definitions:
-  2306.0xc0003a4480.false:
+  2306.0xc0004a1410.false:
    title: "false"
    type: object
-  2340.0xc0003a44b0.false:
+  2340.0xc0004a1440.false:
    title: "false"
    type: object
  LaravelResponse:
@@ -2480,9 +2638,9 @@ definitions:
    type: object
    properties:
      data:
-        $ref: '#/definitions/2306.0xc0003a4480.false'
+        $ref: '#/definitions/2306.0xc0004a1410.false'
      data2:
-        $ref: '#/definitions/2340.0xc0003a44b0.false'
+        $ref: '#/definitions/2340.0xc0004a1440.false'
      msg:
        type: string
      name:
@@ -2657,6 +2815,37 @@ definitions:
        type: string
      type:
        type: string
+  object.Chat:
+    title: Chat
+    type: object
+    properties:
+      category:
+        type: string
+      createdTime:
+        type: string
+      displayName:
+        type: string
+      messageCount:
+        type: integer
+        format: int64
+      name:
+        type: string
+      organization:
+        type: string
+      owner:
+        type: string
+      type:
+        type: string
+      updatedTime:
+        type: string
+      user1:
+        type: string
+      user2:
+        type: string
+      users:
+        type: array
+        items:
+          type: string
  object.Header:
    title: Header
    type: object
@@ -2710,6 +2899,24 @@ definitions:
        type: string
      username:
        type: string
+  object.Message:
+    title: Message
+    type: object
+    properties:
+      author:
+        type: string
+      chat:
+        type: string
+      createdTime:
+        type: string
+      name:
+        type: string
+      organization:
+        type: string
+      owner:
+        type: string
+      text:
+        type: string
  object.Model:
    title: Model
    type: object
--- a/util/slice.go
+++ b/util/slice.go
@@ -30,3 +30,12 @@ func ContainsString(values []string, val string) bool {
 	sort.Strings(values)
 	return sort.SearchStrings(values, val) != len(values)
 }
+
+func ReturnAnyNotEmpty(strs ...string) string {
+	for _, str := range strs {
+		if str != "" {
+			return str
+		}
+	}
+	return ""
+}
--- a/util/string.go
+++ b/util/string.go
@@ -95,6 +95,15 @@ func GetOwnerAndNameFromId(id string) (string, string) {
 	return tokens[0], tokens[1]
 }

+func GetOwnerFromId(id string) string {
+	tokens := strings.Split(id, "/")
+	if len(tokens) != 2 {
+		panic(errors.New("GetOwnerAndNameFromId() error, wrong token count for ID: " + id))
+	}
+
+	return tokens[0]
+}
+
 func GetOwnerAndNameFromIdNoCheck(id string) (string, string) {
 	tokens := strings.SplitN(id, "/", 2)
 	return tokens[0], tokens[1]
@@ -250,3 +259,11 @@ func maskString(str string) string {
 		return fmt.Sprintf("%c%s%c", str[0], strings.Repeat("*", len(str)-2), str[len(str)-1])
 	}
 }
+
+// GetEndPoint remove scheme from url
+func GetEndPoint(endpoint string) string {
+	for _, prefix := range []string{"https://", "http://"} {
+		endpoint = strings.TrimPrefix(endpoint, prefix)
+	}
+	return endpoint
+}
--- a/web/package.json
+++ b/web/package.json
@@ -3,7 +3,7 @@
  "version": "0.1.0",
  "private": true,
  "dependencies": {
-    "@ant-design/cssinjs": "^1.5.6",
+    "@ant-design/cssinjs": "^1.8.1",
    "@ant-design/icons": "^4.7.0",
    "@craco/craco": "^6.4.5",
    "@crowdin/cli": "^3.7.10",
@@ -12,7 +12,7 @@
    "@testing-library/jest-dom": "^4.2.4",
    "@testing-library/react": "^9.3.2",
    "@testing-library/user-event": "^7.1.2",
-    "antd": "5.1.6",
+    "antd": "5.2.3",
    "antd-token-previewer": "^1.1.0-22",
    "codemirror": "^5.61.1",
    "copy-to-clipboard": "^3.3.1",
@@ -76,7 +76,6 @@
    "eslint-plugin-react": "^7.31.1",
    "husky": "^4.3.8",
    "lint-staged": "^13.0.3",
-    "path-browserify": "^1.0.1",
    "stylelint": "^14.11.0",
    "stylelint-config-recommended-less": "^1.0.4",
    "stylelint-config-standard": "^28.0.0"
--- a/web/src/AdapterEditPage.js
+++ b/web/src/AdapterEditPage.js
@@ -112,6 +112,7 @@ class AdapterEditPage extends React.Component {
            <Select virtual={false} style={{width: "100%"}} value={this.state.adapter.organization} onChange={(value => {
              this.getModels(value);
              this.updateAdapterField("organization", value);
+              this.updateAdapterField("owner", value);
            })}>
              {
                this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
@@ -266,7 +267,7 @@ class AdapterEditPage extends React.Component {

  submitAdapterEdit(willExist) {
    const adapter = Setting.deepCopy(this.state.adapter);
-    AdapterBackend.updateAdapter(this.state.adapter.owner, this.state.adapterName, adapter)
+    AdapterBackend.updateAdapter(this.state.owner, this.state.adapterName, adapter)
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully saved"));
--- a/web/src/AdapterListPage.js
+++ b/web/src/AdapterListPage.js
@@ -225,7 +225,7 @@ class AdapterListPage extends BaseListPage {

    return (
      <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={adapters} rowKey="name" size="middle" bordered pagination={paginationProps}
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={adapters} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
          title={() => (
            <div>
              {i18next.t("general:Adapters")}&nbsp;&nbsp;&nbsp;&nbsp;
--- a/web/src/App.js
+++ b/web/src/App.js
@@ -17,7 +17,7 @@ import "./App.less";
 import {Helmet} from "react-helmet";
 import * as Setting from "./Setting";
 import {StyleProvider, legacyLogicalPropertiesTransformer} from "@ant-design/cssinjs";
-import {BarsOutlined, DownOutlined, InfoCircleFilled, LogoutOutlined, SettingOutlined} from "@ant-design/icons";
+import {BarsOutlined, CommentOutlined, DownOutlined, InfoCircleFilled, LogoutOutlined, SettingOutlined} from "@ant-design/icons";
 import {Alert, Avatar, Button, Card, ConfigProvider, Drawer, Dropdown, FloatButton, Layout, Menu, Result} from "antd";
 import {Link, Redirect, Route, Switch, withRouter} from "react-router-dom";
 import OrganizationListPage from "./OrganizationListPage";
@@ -44,6 +44,11 @@ import SyncerListPage from "./SyncerListPage";
 import SyncerEditPage from "./SyncerEditPage";
 import CertListPage from "./CertListPage";
 import CertEditPage from "./CertEditPage";
+import ChatListPage from "./ChatListPage";
+import ChatEditPage from "./ChatEditPage";
+import ChatPage from "./ChatPage";
+import MessageEditPage from "./MessageEditPage";
+import MessageListPage from "./MessageListPage";
 import ProductListPage from "./ProductListPage";
 import ProductEditPage from "./ProductEditPage";
 import ProductBuyPage from "./ProductBuyPage";
@@ -147,6 +152,10 @@ class App extends Component {
      this.setState({selectedMenuKey: "/syncers"});
    } else if (uri.includes("/certs")) {
      this.setState({selectedMenuKey: "/certs"});
+    } else if (uri.includes("/chats")) {
+      this.setState({selectedMenuKey: "/chats"});
+    } else if (uri.includes("/messages")) {
+      this.setState({selectedMenuKey: "/messages"});
    } else if (uri.includes("/products")) {
      this.setState({selectedMenuKey: "/products"});
    } else if (uri.includes("/payments")) {
@@ -317,12 +326,17 @@ class App extends Component {
    items.push(Setting.getItem(<><SettingOutlined />&nbsp;&nbsp;{i18next.t("account:My Account")}</>,
      "/account"
    ));
+    items.push(Setting.getItem(<><CommentOutlined />&nbsp;&nbsp;{i18next.t("account:Chats & Messages")}</>,
+      "/chat"
+    ));
    items.push(Setting.getItem(<><LogoutOutlined />&nbsp;&nbsp;{i18next.t("account:Logout")}</>,
      "/logout"));

    const onClick = (e) => {
      if (e.key === "/account") {
        this.props.history.push("/account");
+      } else if (e.key === "/chat") {
+        this.props.history.push("/chat");
      } else if (e.key === "/logout") {
        this.logout();
      }
@@ -415,6 +429,14 @@ class App extends Component {
        "/providers"
      ));

+      res.push(Setting.getItem(<Link to="/chats">{i18next.t("general:Chats")}</Link>,
+        "/chats"
+      ));
+
+      res.push(Setting.getItem(<Link to="/messages">{i18next.t("general:Messages")}</Link>,
+        "/messages"
+      ));
+
      res.push(Setting.getItem(<Link to="/resources">{i18next.t("general:Resources")}</Link>,
        "/resources"
      ));
@@ -529,6 +551,11 @@ class App extends Component {
        <Route exact path="/syncers/:syncerName" render={(props) => this.renderLoginIfNotLoggedIn(<SyncerEditPage account={this.state.account} {...props} />)} />
        <Route exact path="/certs" render={(props) => this.renderLoginIfNotLoggedIn(<CertListPage account={this.state.account} {...props} />)} />
        <Route exact path="/certs/:certName" render={(props) => this.renderLoginIfNotLoggedIn(<CertEditPage account={this.state.account} {...props} />)} />
+        <Route exact path="/chats" render={(props) => this.renderLoginIfNotLoggedIn(<ChatListPage account={this.state.account} {...props} />)} />
+        <Route exact path="/chats/:chatName" render={(props) => this.renderLoginIfNotLoggedIn(<ChatEditPage account={this.state.account} {...props} />)} />
+        <Route exact path="/chat" render={(props) => this.renderLoginIfNotLoggedIn(<ChatPage account={this.state.account} {...props} />)} />
+        <Route exact path="/messages" render={(props) => this.renderLoginIfNotLoggedIn(<MessageListPage account={this.state.account} {...props} />)} />
+        <Route exact path="/messages/:messageName" render={(props) => this.renderLoginIfNotLoggedIn(<MessageEditPage account={this.state.account} {...props} />)} />
        <Route exact path="/products" render={(props) => this.renderLoginIfNotLoggedIn(<ProductListPage account={this.state.account} {...props} />)} />
        <Route exact path="/products/:productName" render={(props) => this.renderLoginIfNotLoggedIn(<ProductEditPage account={this.state.account} {...props} />)} />
        <Route exact path="/products/:productName/buy" render={(props) => this.renderLoginIfNotLoggedIn(<ProductBuyPage account={this.state.account} {...props} />)} />
@@ -602,7 +629,7 @@ class App extends Component {
          }
        </Header>
        <Content style={{display: "flex", flexDirection: "column"}} >
-          {Setting.isMobile() ?
+          {(Setting.isMobile() || window.location.pathname === "/chat") ?
            this.renderRouter() :
            <Card className="content-warp-card">
              {this.renderRouter()}
--- a/web/src/ApplicationListPage.js
+++ b/web/src/ApplicationListPage.js
@@ -254,7 +254,7 @@ class ApplicationListPage extends BaseListPage {

    return (
      <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={applications} rowKey="name" size="middle" bordered pagination={paginationProps}
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={applications} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
          title={() => (
            <div>
              {i18next.t("general:Applications")}&nbsp;&nbsp;&nbsp;&nbsp;
--- a/web/src/ChatBox.js
+++ b/web/src/ChatBox.js
@@ -0,0 +1,199 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Avatar, Input, List, Spin} from "antd";
+import {CopyOutlined, DislikeOutlined, LikeOutlined, SendOutlined} from "@ant-design/icons";
+import i18next from "i18next";
+
+const {TextArea} = Input;
+
+class ChatBox extends React.Component {
+  constructor(props) {
+    super(props);
+    this.state = {
+      inputValue: "",
+    };
+
+    this.listContainerRef = React.createRef();
+  }
+
+  componentDidUpdate(prevProps) {
+    if (prevProps.messages !== this.props.messages && this.props.messages !== null) {
+      this.scrollToListItem(this.props.messages.length);
+    }
+  }
+
+  handleKeyDown = (e) => {
+    if (e.key === "Enter" && !e.shiftKey) {
+      e.preventDefault();
+
+      if (this.state.inputValue !== "") {
+        this.send(this.state.inputValue);
+        this.setState({inputValue: ""});
+      }
+    }
+  };
+
+  scrollToListItem(index) {
+    const listContainerElement = this.listContainerRef.current;
+
+    if (!listContainerElement) {
+      return;
+    }
+
+    const targetItem = listContainerElement.querySelector(
+      `#chatbox-list-item-${index}`
+    );
+
+    if (!targetItem) {
+      return;
+    }
+
+    const scrollDistance = targetItem.offsetTop - listContainerElement.offsetTop;
+
+    listContainerElement.scrollTo({
+      top: scrollDistance,
+      behavior: "smooth",
+    });
+  }
+
+  send = (text) => {
+    this.props.sendMessage(text);
+    this.setState({inputValue: ""});
+  };
+
+  renderList() {
+    if (this.props.messages === undefined || this.props.messages === null) {
+      return (
+        <div style={{display: "flex", justifyContent: "center", alignItems: "center"}}>
+          <Spin size="large" tip={i18next.t("login:Loading")} style={{paddingTop: "20%"}} />
+        </div>
+      );
+    }
+
+    return (
+      <div ref={this.listContainerRef} style={{position: "relative", maxHeight: "calc(100vh - 140px)", overflowY: "auto"}}>
+        <List
+          itemLayout="horizontal"
+          dataSource={[...this.props.messages, {}]}
+          renderItem={(item, index) => {
+            if (Object.keys(item).length === 0 && item.constructor === Object) {
+              return <List.Item id={`chatbox-list-item-${index}`} style={{
+                height: "160px",
+                backgroundColor: index % 2 === 0 ? "white" : "rgb(247,247,248)",
+                borderBottom: "1px solid rgb(229, 229, 229)",
+                position: "relative",
+              }} />;
+            }
+
+            return (
+              <List.Item id={`chatbox-list-item-${index}`} style={{
+                backgroundColor: index % 2 === 0 ? "white" : "rgb(247,247,248)",
+                borderBottom: "1px solid rgb(229, 229, 229)",
+                position: "relative",
+              }}>
+                <div style={{width: "800px", margin: "0 auto", position: "relative"}}>
+                  <List.Item.Meta
+                    avatar={<Avatar style={{width: "30px", height: "30px", borderRadius: "3px"}} src={item.author === `${this.props.account.owner}/${this.props.account.name}` ? this.props.account.avatar : "https://cdn.casbin.com/casdoor/resource/built-in/admin/gpt.png"} />}
+                    title={<div style={{fontSize: "16px", fontWeight: "normal", lineHeight: "24px", marginTop: "-15px", marginLeft: "5px", marginRight: "80px"}}>{item.text}</div>}
+                  />
+                  <div style={{position: "absolute", top: "0px", right: "0px"}}
+                  >
+                    <CopyOutlined style={{color: "rgb(172,172,190)", margin: "5px"}} />
+                    <LikeOutlined style={{color: "rgb(172,172,190)", margin: "5px"}} />
+                    <DislikeOutlined style={{color: "rgb(172,172,190)", margin: "5px"}} />
+                  </div>
+                </div>
+              </List.Item>
+            );
+          }}
+        />
+        <div style={{
+          position: "absolute",
+          bottom: 0,
+          left: 0,
+          right: 0,
+          height: "120px",
+          background: "linear-gradient(transparent 0%, rgba(255, 255, 255, 0.8) 50%, white 100%)",
+          pointerEvents: "none",
+        }} />
+      </div>
+    );
+  }
+
+  renderInput() {
+    return (
+      <div
+        style={{
+          position: "fixed",
+          bottom: "90px",
+          width: "100%",
+          display: "flex",
+          justifyContent: "center",
+        }}
+      >
+        <div style={{position: "relative", width: "760px", marginLeft: "-280px"}}>
+          <TextArea
+            placeholder={"Send a message..."}
+            autoSize={{maxRows: 8}}
+            value={this.state.inputValue}
+            onChange={(e) => this.setState({inputValue: e.target.value})}
+            onKeyDown={this.handleKeyDown}
+            style={{
+              fontSize: "16px",
+              fontWeight: "normal",
+              lineHeight: "24px",
+              width: "770px",
+              height: "48px",
+              borderRadius: "6px",
+              borderColor: "rgb(229,229,229)",
+              boxShadow: "0 0 15px rgba(0, 0, 0, 0.1)",
+              paddingLeft: "17px",
+              paddingRight: "17px",
+              paddingTop: "12px",
+              paddingBottom: "12px",
+            }}
+            suffix={<SendOutlined style={{color: "rgb(210,210,217"}} onClick={() => this.send(this.state.inputValue)} />}
+            autoComplete="off"
+          />
+          <SendOutlined
+            style={{
+              color: this.state.inputValue === "" ? "rgb(210,210,217)" : "rgb(142,142,160)",
+              position: "absolute",
+              bottom: "17px",
+              right: "17px",
+            }}
+            onClick={() => this.send(this.state.inputValue)}
+          />
+        </div>
+      </div>
+    );
+  }
+
+  render() {
+    return (
+      <div>
+        {
+          this.renderList()
+        }
+        {
+          this.renderInput()
+        }
+      </div>
+    );
+  }
+}
+
+export default ChatBox;
--- a/web/src/ChatEditPage.js
+++ b/web/src/ChatEditPage.js
@@ -0,0 +1,243 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Button, Card, Col, Input, Row, Select} from "antd";
+import * as ChatBackend from "./backend/ChatBackend";
+import * as OrganizationBackend from "./backend/OrganizationBackend";
+import * as UserBackend from "./backend/UserBackend";
+import * as Setting from "./Setting";
+import i18next from "i18next";
+
+class ChatEditPage extends React.Component {
+  constructor(props) {
+    super(props);
+    this.state = {
+      classes: props,
+      chatName: props.match.params.chatName,
+      chat: null,
+      organizations: [],
+      users: [],
+      mode: props.location.mode !== undefined ? props.location.mode : "edit",
+    };
+  }
+
+  UNSAFE_componentWillMount() {
+    this.getChat();
+    this.getOrganizations();
+  }
+
+  getChat() {
+    ChatBackend.getChat("admin", this.state.chatName)
+      .then((chat) => {
+        this.setState({
+          chat: chat,
+        });
+
+        this.getUsers(chat.organization);
+      });
+  }
+
+  getOrganizations() {
+    OrganizationBackend.getOrganizations("admin")
+      .then((res) => {
+        this.setState({
+          organizations: (res.msg === undefined) ? res : [],
+        });
+      });
+  }
+
+  getUsers(organizationName) {
+    UserBackend.getUsers(organizationName)
+      .then((res) => {
+        this.setState({
+          users: res,
+        });
+      });
+  }
+
+  parseChatField(key, value) {
+    if ([].includes(key)) {
+      value = Setting.myParseInt(value);
+    }
+    return value;
+  }
+
+  updateChatField(key, value) {
+    value = this.parseChatField(key, value);
+
+    const chat = this.state.chat;
+    chat[key] = value;
+    this.setState({
+      chat: chat,
+    });
+  }
+
+  renderChat() {
+    return (
+      <Card size="small" title={
+        <div>
+          {this.state.mode === "add" ? i18next.t("chat:New Chat") : i18next.t("chat:Edit Chat")}&nbsp;&nbsp;&nbsp;&nbsp;
+          <Button onClick={() => this.submitChatEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: "20px"}} type="primary" onClick={() => this.submitChatEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+          {this.state.mode === "add" ? <Button style={{marginLeft: "20px"}} onClick={() => this.deleteChat()}>{i18next.t("general:Cancel")}</Button> : null}
+        </div>
+      } style={(Setting.isMobile()) ? {margin: "5px"} : {}} type="inner">
+        <Row style={{marginTop: "10px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} value={this.state.chat.organization} onChange={(value => {this.updateChatField("organization", value);})}
+              options={this.state.organizations.map((organization) => Setting.getOption(organization.name, organization.name))
+              } />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.chat.name} onChange={e => {
+              this.updateChatField("name", e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Display name"), i18next.t("general:Display name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.chat.displayName} onChange={e => {
+              this.updateChatField("displayName", e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("provider:Type"), i18next.t("provider:Type - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} value={this.state.chat.type} onChange={(value => {
+              this.updateChatField("type", value);
+            })}
+            options={[
+              {value: "Single", name: i18next.t("chat:Single")},
+              {value: "Group", name: i18next.t("chat:Group")},
+              {value: "AI", name: i18next.t("chat:AI")},
+            ].map((item) => Setting.getOption(item.name, item.value))}
+            />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("provider:Category"), i18next.t("provider:Category - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.chat.category} onChange={e => {
+              this.updateChatField("category", e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("chat:User1"), i18next.t("chat:User1 - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} value={this.state.chat.user1} onChange={(value => {this.updateChatField("user1", value);})}
+              options={this.state.users.map((user) => Setting.getOption(`${user.owner}/${user.name}`, `${user.owner}/${user.name}`))
+              } />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("chat:User2"), i18next.t("chat:User2 - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} value={this.state.chat.user2} onChange={(value => {this.updateChatField("user2", value);})}
+              options={this.state.users.map((user) => Setting.getOption(`${user.owner}/${user.name}`, `${user.owner}/${user.name}`))
+              } />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Users"), i18next.t("chat:Users - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select mode="tags" style={{width: "100%"}} value={this.state.chat.users}
+              onChange={(value => {this.updateChatField("users", value);})}
+              options={this.state.users.map((user) => Setting.getOption(`${user.owner}/${user.name}`, `${user.owner}/${user.name}`))}
+            />
+          </Col>
+        </Row>
+      </Card>
+    );
+  }
+
+  submitChatEdit(willExist) {
+    const chat = Setting.deepCopy(this.state.chat);
+    ChatBackend.updateChat(this.state.chat.owner, this.state.chatName, chat)
+      .then((res) => {
+        if (res.status === "ok") {
+          Setting.showMessage("success", i18next.t("general:Successfully saved"));
+          this.setState({
+            chatName: this.state.chat.name,
+          });
+
+          if (willExist) {
+            this.props.history.push("/chats");
+          } else {
+            this.props.history.push(`/chats/${this.state.chat.name}`);
+          }
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);
+          this.updateChatField("name", this.state.chatName);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  deleteChat() {
+    ChatBackend.deleteChat(this.state.chat)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.props.history.push("/chats");
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  render() {
+    return (
+      <div>
+        {
+          this.state.chat !== null ? this.renderChat() : null
+        }
+        <div style={{marginTop: "20px", marginLeft: "40px"}}>
+          <Button size="large" onClick={() => this.submitChatEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: "20px"}} type="primary" size="large" onClick={() => this.submitChatEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+          {this.state.mode === "add" ? <Button style={{marginLeft: "20px"}} size="large" onClick={() => this.deleteChat()}>{i18next.t("general:Cancel")}</Button> : null}
+        </div>
+      </div>
+    );
+  }
+}
+
+export default ChatEditPage;
--- a/web/src/ChatListPage.js
+++ b/web/src/ChatListPage.js
@@ -0,0 +1,294 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Link} from "react-router-dom";
+import {Button, Table} from "antd";
+import moment from "moment";
+import * as Setting from "./Setting";
+import * as ChatBackend from "./backend/ChatBackend";
+import i18next from "i18next";
+import BaseListPage from "./BaseListPage";
+import PopconfirmModal from "./PopconfirmModal";
+
+class ChatListPage extends BaseListPage {
+  newChat() {
+    const randomName = Setting.getRandomName();
+    return {
+      owner: "admin", // this.props.account.applicationName,
+      name: `chat_${randomName}`,
+      createdTime: moment().format(),
+      updatedTime: moment().format(),
+      organization: this.props.account.owner,
+      displayName: `New Chat - ${randomName}`,
+      type: "Single",
+      category: "Chat Category - 1",
+      user1: `${this.props.account.owner}/${this.props.account.name}`,
+      user2: "",
+      users: [`${this.props.account.owner}/${this.props.account.name}`],
+      messageCount: 0,
+    };
+  }
+
+  addChat() {
+    const newChat = this.newChat();
+    ChatBackend.addChat(newChat)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.props.history.push({pathname: `/chats/${newChat.name}`, mode: "add"});
+          Setting.showMessage("success", i18next.t("general:Successfully added"));
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to add")}: ${res.msg}`);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  deleteChat(i) {
+    ChatBackend.deleteChat(this.state.data[i])
+      .then((res) => {
+        if (res.status === "ok") {
+          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
+          });
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  renderTable(chats) {
+    const columns = [
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "organization",
+        key: "organization",
+        width: "150px",
+        sorter: true,
+        ...this.getColumnSearchProps("organization"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:Name"),
+        dataIndex: "name",
+        key: "name",
+        width: "120px",
+        fixed: "left",
+        sorter: true,
+        ...this.getColumnSearchProps("name"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/chats/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:Created time"),
+        dataIndex: "createdTime",
+        key: "createdTime",
+        width: "150px",
+        sorter: true,
+        render: (text, record, index) => {
+          return Setting.getFormattedDate(text);
+        },
+      },
+      {
+        title: i18next.t("general:Updated time"),
+        dataIndex: "updatedTime",
+        key: "updatedTime",
+        width: "15  0px",
+        sorter: true,
+        render: (text, record, index) => {
+          return Setting.getFormattedDate(text);
+        },
+      },
+      {
+        title: i18next.t("general:Display name"),
+        dataIndex: "displayName",
+        key: "displayName",
+        // width: '100px',
+        sorter: true,
+        ...this.getColumnSearchProps("displayName"),
+      },
+      {
+        title: i18next.t("provider:Type"),
+        dataIndex: "type",
+        key: "type",
+        width: "110px",
+        sorter: true,
+        filterMultiple: false,
+        filters: [
+          {text: "Single", value: "Single"},
+          {text: "Group", value: "Group"},
+          {text: "AI", value: "AI"},
+        ],
+        render: (text, record, index) => {
+          return i18next.t(`chat:${text}`);
+        },
+      },
+      {
+        title: i18next.t("provider:Category"),
+        dataIndex: "category",
+        key: "category",
+        // width: '100px',
+        sorter: true,
+        ...this.getColumnSearchProps("category"),
+      },
+      {
+        title: i18next.t("chat:User1"),
+        dataIndex: "user1",
+        key: "user1",
+        width: "120px",
+        fixed: "left",
+        sorter: true,
+        ...this.getColumnSearchProps("user1"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/users/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("chat:User2"),
+        dataIndex: "user2",
+        key: "user2",
+        width: "120px",
+        fixed: "left",
+        sorter: true,
+        ...this.getColumnSearchProps("user2"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/users/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:Users"),
+        dataIndex: "users",
+        key: "users",
+        // width: '100px',
+        sorter: true,
+        ...this.getColumnSearchProps("users"),
+        render: (text, record, index) => {
+          return Setting.getTags(text, "users");
+        },
+      },
+      {
+        title: i18next.t("chat:Message count"),
+        dataIndex: "messageCount",
+        key: "messageCount",
+        // width: '100px',
+        sorter: true,
+        ...this.getColumnSearchProps("messageCount"),
+      },
+      {
+        title: i18next.t("general:Action"),
+        dataIndex: "",
+        key: "op",
+        width: "170px",
+        fixed: (Setting.isMobile()) ? "false" : "right",
+        render: (text, record, index) => {
+          return (
+            <div>
+              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/chats/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <PopconfirmModal
+                title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
+                onConfirm={() => this.deleteChat(index)}
+              >
+              </PopconfirmModal>
+            </div>
+          );
+        },
+      },
+    ];
+
+    const paginationProps = {
+      total: this.state.pagination.total,
+      showQuickJumper: true,
+      showSizeChanger: true,
+      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
+    };
+
+    return (
+      <div>
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={chats} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
+          title={() => (
+            <div>
+              {i18next.t("general:Chats")}&nbsp;&nbsp;&nbsp;&nbsp;
+              <Button type="primary" size="small" onClick={this.addChat.bind(this)}>{i18next.t("general:Add")}</Button>
+            </div>
+          )}
+          loading={this.state.loading}
+          onChange={this.handleTableChange}
+        />
+      </div>
+    );
+  }
+
+  fetch = (params = {}) => {
+    let field = params.searchedColumn, value = params.searchText;
+    const sortField = params.sortField, sortOrder = params.sortOrder;
+    if (params.category !== undefined && params.category !== null) {
+      field = "category";
+      value = params.category;
+    } else if (params.type !== undefined && params.type !== null) {
+      field = "type";
+      value = params.type;
+    }
+    this.setState({loading: true});
+    ChatBackend.getChats("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            loading: false,
+            data: res.data,
+            pagination: {
+              ...params.pagination,
+              total: res.data2,
+            },
+            searchText: params.searchText,
+            searchedColumn: params.searchedColumn,
+          });
+        } else {
+          if (Setting.isResponseDenied(res)) {
+            this.setState({
+              loading: false,
+              isAuthorized: false,
+            });
+          }
+        }
+      });
+  };
+}
+
+export default ChatListPage;
--- a/web/src/ChatMenu.js
+++ b/web/src/ChatMenu.js
@@ -0,0 +1,167 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Button, Menu} from "antd";
+import {DeleteOutlined, LayoutOutlined, PlusOutlined} from "@ant-design/icons";
+
+class ChatMenu extends React.Component {
+  constructor(props) {
+    super(props);
+
+    const items = this.chatsToItems(this.props.chats);
+    const openKeys = items.map((item) => item.key);
+
+    this.state = {
+      openKeys: openKeys,
+      selectedKeys: ["0-0"],
+    };
+  }
+
+  chatsToItems(chats) {
+    const categories = {};
+    chats.forEach((chat) => {
+      if (!categories[chat.category]) {
+        categories[chat.category] = [];
+      }
+      categories[chat.category].push(chat);
+    });
+
+    const selectedKeys = this.state === undefined ? [] : this.state.selectedKeys;
+    return Object.keys(categories).map((category, index) => {
+      return {
+        key: `${index}`,
+        icon: <LayoutOutlined />,
+        label: category,
+        children: categories[category].map((chat, chatIndex) => {
+          const globalChatIndex = chats.indexOf(chat);
+          const isSelected = selectedKeys.includes(`${index}-${chatIndex}`);
+          return {
+            key: `${index}-${chatIndex}`,
+            index: globalChatIndex,
+            label: (
+              <div
+                className="menu-item-container"
+                style={{
+                  display: "flex",
+                  justifyContent: "space-between",
+                  alignItems: "center",
+                }}
+              >
+                {chat.displayName}
+                {isSelected && (
+                  <DeleteOutlined
+                    className="menu-item-delete-icon"
+                    style={{
+                      visibility: "visible",
+                      color: "inherit",
+                      transition: "color 0.3s",
+                    }}
+                    onMouseEnter={(e) => {
+                      e.currentTarget.style.color = "rgba(89,54,213,0.6)";
+                    }}
+                    onMouseLeave={(e) => {
+                      e.currentTarget.style.color = "inherit";
+                    }}
+                    onMouseDown={(e) => {
+                      e.currentTarget.style.color = "rgba(89,54,213,0.4)";
+                    }}
+                    onMouseUp={(e) => {
+                      e.currentTarget.style.color = "rgba(89,54,213,0.6)";
+                    }}
+                    onClick={(e) => {
+                      e.stopPropagation();
+                      if (this.props.onDeleteChat) {
+                        this.props.onDeleteChat(globalChatIndex);
+                      }
+                    }}
+                  />
+                )}
+              </div>
+            ),
+          };
+        }),
+      };
+    });
+  }
+
+  onSelect = (info) => {
+    const [categoryIndex, chatIndex] = info.selectedKeys[0].split("-").map(Number);
+    const selectedItem = this.chatsToItems(this.props.chats)[categoryIndex].children[chatIndex];
+    this.setState({selectedKeys: [`${categoryIndex}-${chatIndex}`]});
+
+    if (this.props.onSelectChat) {
+      this.props.onSelectChat(selectedItem.index);
+    }
+  };
+
+  getRootSubmenuKeys(items) {
+    return items.map((item, index) => `${index}`);
+  }
+
+  onOpenChange = (keys) => {
+    const items = this.chatsToItems(this.props.chats);
+    const rootSubmenuKeys = this.getRootSubmenuKeys(items);
+    const latestOpenKey = keys.find((key) => this.state.openKeys.indexOf(key) === -1);
+
+    if (rootSubmenuKeys.indexOf(latestOpenKey) === -1) {
+      this.setState({openKeys: keys});
+    } else {
+      this.setState({openKeys: latestOpenKey ? [latestOpenKey] : []});
+    }
+  };
+
+  render() {
+    const items = this.chatsToItems(this.props.chats);
+
+    return (
+      <>
+        <Button
+          icon={<PlusOutlined />}
+          style={{
+            width: "calc(100% - 8px)",
+            height: "40px",
+            margin: "4px",
+            borderColor: "rgb(229,229,229)",
+          }}
+          onMouseEnter={(e) => {
+            e.currentTarget.style.borderColor = "rgba(89,54,213,0.6)";
+          }}
+          onMouseLeave={(e) => {
+            e.currentTarget.style.borderColor = "rgba(0, 0, 0, 0.1)";
+          }}
+          onMouseDown={(e) => {
+            e.currentTarget.style.borderColor = "rgba(89,54,213,0.4)";
+          }}
+          onMouseUp={(e) => {
+            e.currentTarget.style.borderColor = "rgba(89,54,213,0.6)";
+          }}
+          onClick={this.props.onAddChat}
+        >
+          New Chat
+        </Button>
+        <Menu
+          mode="inline"
+          openKeys={this.state.openKeys}
+          selectedKeys={this.state.selectedKeys}
+          onOpenChange={this.onOpenChange}
+          onSelect={this.onSelect}
+          items={items}
+        />
+      </>
+    );
+  }
+}
+
+export default ChatMenu;
--- a/web/src/ChatPage.js
+++ b/web/src/ChatPage.js
@@ -0,0 +1,242 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Spin} from "antd";
+import moment from "moment";
+import ChatMenu from "./ChatMenu";
+import ChatBox from "./ChatBox";
+import * as Setting from "./Setting";
+import * as ChatBackend from "./backend/ChatBackend";
+import * as MessageBackend from "./backend/MessageBackend";
+import i18next from "i18next";
+import BaseListPage from "./BaseListPage";
+
+class ChatPage extends BaseListPage {
+  newChat(chat) {
+    const randomName = Setting.getRandomName();
+    return {
+      owner: "admin", // this.props.account.applicationName,
+      name: `chat_${randomName}`,
+      createdTime: moment().format(),
+      updatedTime: moment().format(),
+      organization: this.props.account.owner,
+      displayName: `New Chat - ${randomName}`,
+      type: "AI",
+      category: chat !== undefined ? chat.category : "Chat Category - 1",
+      user1: `${this.props.account.owner}/${this.props.account.name}`,
+      user2: "",
+      users: [`${this.props.account.owner}/${this.props.account.name}`],
+      messageCount: 0,
+    };
+  }
+
+  newMessage(text) {
+    const randomName = Setting.getRandomName();
+    return {
+      owner: "admin", // this.props.account.messagename,
+      name: `message_${randomName}`,
+      createdTime: moment().format(),
+      organization: this.props.account.owner,
+      chat: this.state.chatName,
+      author: `${this.props.account.owner}/${this.props.account.name}`,
+      text: text,
+    };
+  }
+
+  sendMessage(text) {
+    const newMessage = this.newMessage(text);
+    MessageBackend.addMessage(newMessage)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.getMessages(this.state.chatName);
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to add")}: ${res.msg}`);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  getMessages(chatName) {
+    MessageBackend.getChatMessages(chatName)
+      .then((messages) => {
+        this.setState({
+          messages: messages,
+        });
+
+        Setting.scrollToDiv(`chatbox-list-item-${messages.length}`);
+      });
+  }
+
+  addChat(chat) {
+    const newChat = this.newChat(chat);
+    ChatBackend.addChat(newChat)
+      .then((res) => {
+        if (res.status === "ok") {
+          Setting.showMessage("success", i18next.t("general:Successfully added"));
+          this.setState({
+            chatName: newChat.name,
+            messages: null,
+          });
+          this.getMessages(newChat.name);
+
+          const {pagination} = this.state;
+          this.fetch({pagination});
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to add")}: ${res.msg}`);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  deleteChat(chats, i, chat) {
+    ChatBackend.deleteChat(chat)
+      .then((res) => {
+        if (res.status === "ok") {
+          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
+          const data = Setting.deleteRow(this.state.data, i);
+          const j = Math.min(i, data.length - 1);
+          if (j < 0) {
+            this.setState({
+              chatName: undefined,
+              messages: undefined,
+              data: data,
+            });
+          } else {
+            const focusedChat = data[j];
+            this.setState({
+              chatName: focusedChat.name,
+              messages: null,
+              data: data,
+            });
+            this.getMessages(focusedChat.name);
+          }
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  renderTable(chats) {
+    const onSelectChat = (i) => {
+      const chat = chats[i];
+      this.setState({
+        chatName: chat.name,
+        messages: null,
+      });
+      this.getMessages(chat.name);
+    };
+
+    const onAddChat = () => {
+      const chat = this.state.data.filter(chat => chat.name === this.state.chatName)[0];
+      this.addChat(chat);
+    };
+
+    const onDeleteChat = (i) => {
+      const chat = chats[i];
+      this.deleteChat(chats, i, chat);
+    };
+
+    if (this.state.loading) {
+      return (
+        <div style={{display: "flex", justifyContent: "center", alignItems: "center"}}>
+          <Spin size="large" tip={i18next.t("login:Loading")} style={{paddingTop: "10%"}} />
+        </div>
+      );
+    }
+
+    return (
+      <div style={{display: "flex", height: "calc(100vh - 140px)"}}>
+        <div style={{width: "250px", height: "100%", backgroundColor: "white", borderRight: "1px solid rgb(245,245,245)"}}>
+          <ChatMenu chats={chats} onSelectChat={onSelectChat} onAddChat={onAddChat} onDeleteChat={onDeleteChat} />
+        </div>
+        <div style={{flex: 1, height: "100%", backgroundColor: "white", position: "relative"}}>
+          {
+            this.state.messages === null ? null : (
+              <div style={{
+                position: "absolute",
+                top: -50,
+                left: 0,
+                right: 0,
+                bottom: 0,
+                backgroundImage: "url(https://cdn.casbin.org/img/casdoor-logo_1185x256.png)",
+                backgroundPosition: "center",
+                backgroundRepeat: "no-repeat",
+                backgroundSize: "200px auto",
+                backgroundBlendMode: "luminosity",
+                filter: "grayscale(80%) brightness(140%) contrast(90%)",
+                opacity: 0.5,
+              }}>
+              </div>
+            )
+          }
+          <ChatBox messages={this.state.messages} sendMessage={(text) => {this.sendMessage(text);}} account={this.props.account} />
+        </div>
+      </div>
+    );
+  }
+
+  fetch = (params = {}) => {
+    let field = params.searchedColumn, value = params.searchText;
+    const sortField = params.sortField, sortOrder = params.sortOrder;
+    if (params.category !== undefined && params.category !== null) {
+      field = "category";
+      value = params.category;
+    } else if (params.type !== undefined && params.type !== null) {
+      field = "type";
+      value = params.type;
+    }
+    this.setState({loading: true});
+    ChatBackend.getChats("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            loading: false,
+            data: res.data,
+            pagination: {
+              ...params.pagination,
+              total: res.data2,
+            },
+            searchText: params.searchText,
+            searchedColumn: params.searchedColumn,
+          });
+
+          const chats = res.data;
+          if (this.state.chatName === undefined && chats.length > 0) {
+            const chat = chats[0];
+            this.getMessages(chat.name);
+            this.setState({
+              chatName: chat.name,
+            });
+          }
+        } else {
+          if (Setting.isResponseDenied(res)) {
+            this.setState({
+              loading: false,
+              isAuthorized: false,
+            });
+          }
+        }
+      });
+  };
+}
+
+export default ChatPage;
--- a/web/src/EntryPage.js
+++ b/web/src/EntryPage.js
@@ -25,6 +25,7 @@ import SelfForgetPage from "./auth/SelfForgetPage";
 import ForgetPage from "./auth/ForgetPage";
 import PromptPage from "./auth/PromptPage";
 import CasLogout from "./auth/CasLogout";
+import {authConfig} from "./auth/Auth";

 class EntryPage extends React.Component {
  constructor(props) {
@@ -69,9 +70,9 @@ class EntryPage extends React.Component {

    return (
      <div className="loginBackground" style={{backgroundImage: Setting.inIframe() || Setting.isMobile() ? null : `url(${this.state.application?.formBackgroundUrl})`}}>
-        <Spin spinning={this.state.application === undefined} tip={i18next.t("login:Loading")} style={{margin: "0 auto"}} />
+        <Spin size="large" spinning={this.state.application === undefined} tip={i18next.t("login:Loading")} style={{margin: "0 auto"}} />
        <Switch>
-          <Route exact path="/signup" render={(props) => this.renderHomeIfLoggedIn(<SignupPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
+          <Route exact path="/signup" render={(props) => this.renderHomeIfLoggedIn(<SignupPage {...this.props} application={this.state.application} applicationName={authConfig.appName} onUpdateApplication={onUpdateApplication} {...props} />)} />
          <Route exact path="/signup/:applicationName" render={(props) => this.renderHomeIfLoggedIn(<SignupPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
          <Route exact path="/login" render={(props) => this.renderHomeIfLoggedIn(<SelfLoginPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
          <Route exact path="/login/:owner" render={(props) => this.renderHomeIfLoggedIn(<SelfLoginPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
@@ -84,7 +85,7 @@ class EntryPage extends React.Component {
          <Route exact path="/prompt" render={(props) => this.renderLoginIfNotLoggedIn(<PromptPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
          <Route exact path="/prompt/:applicationName" render={(props) => this.renderLoginIfNotLoggedIn(<PromptPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
          <Route exact path="/cas/:owner/:casApplicationName/logout" render={(props) => this.renderHomeIfLoggedIn(<CasLogout {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
-          <Route exact path="/cas/:owner/:casApplicationName/login" render={(props) => {return (<LoginPage {...this.props} application={this.state.application} type={"cas"} mode={"signup"} onUpdateApplication={onUpdateApplication} {...props} />);}} />
+          <Route exact path="/cas/:owner/:casApplicationName/login" render={(props) => {return (<LoginPage {...this.props} application={this.state.application} type={"cas"} mode={"signin"} onUpdateApplication={onUpdateApplication} {...props} />);}} />
        </Switch>
      </div>
    );
--- a/web/src/LdapEditPage.js
+++ b/web/src/LdapEditPage.js
@@ -166,13 +166,37 @@ class LdapEditPage extends React.Component {
            }} />
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}}>
+          <Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
+            {Setting.getLabel(i18next.t("ldap:Search Filter"), i18next.t("ldap:Search Filter - Tooltip"))} :
+          </Col>
+          <Col span={21}>
+            <Input value={this.state.ldap.filter} onChange={e => {
+              this.updateLdapField("filter", e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}}>
+          <Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
+            {Setting.getLabel(i18next.t("ldap:Filter fields"), i18next.t("ldap:Filter fields - Tooltip"))} :
+          </Col>
+          <Col span={21}>
+            <Select value={this.state.ldap.filterFields ?? []} style={{width: "100%"}} mode={"multiple"} options={[
+              {value: "uid", label: "uid"},
+              {value: "mail", label: "Email"},
+              {value: "mobile", label: "mobile"},
+            ].map((item) => Setting.getOption(item.label, item.value))} onChange={value => {
+              this.updateLdapField("filterFields", value);
+            }} />
+          </Col>
+        </Row>
        <Row style={{marginTop: "20px"}}>
          <Col style={{lineHeight: "32px", textAlign: "right", paddingRight: "25px"}} span={3}>
            {Setting.getLabel(i18next.t("ldap:Admin"), i18next.t("ldap:Admin - Tooltip"))} :
          </Col>
          <Col span={21}>
-            <Input value={this.state.ldap.admin} onChange={e => {
-              this.updateLdapField("admin", e.target.value);
+            <Input value={this.state.ldap.username} onChange={e => {
+              this.updateLdapField("username", e.target.value);
            }} />
          </Col>
        </Row>
@@ -182,9 +206,9 @@ class LdapEditPage extends React.Component {
          </Col>
          <Col span={21}>
            <Input.Password
-              iconRender={visible => (visible ? <EyeTwoTone /> : <EyeInvisibleOutlined />)} value={this.state.ldap.passwd}
+              iconRender={visible => (visible ? <EyeTwoTone /> : <EyeInvisibleOutlined />)} value={this.state.ldap.password}
              onChange={e => {
-                this.updateLdapField("passwd", e.target.value);
+                this.updateLdapField("password", e.target.value);
              }}
            />
          </Col>
--- a/web/src/LdapListPage.js
+++ b/web/src/LdapListPage.js
@@ -1,192 +0,0 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-import React from "react";
-import {Link} from "react-router-dom";
-import {Button, Col, Row, Table} from "antd";
-import * as Setting from "./Setting";
-import * as LdapBackend from "./backend/LdapBackend";
-import i18next from "i18next";
-import PopconfirmModal from "./PopconfirmModal";
-
-class LdapListPage extends React.Component {
-  constructor(props) {
-    super(props);
-    this.state = {
-      ldaps: null,
-    };
-  }
-
-  UNSAFE_componentWillMount() {
-    this.getLdaps();
-  }
-
-  getLdaps() {
-    LdapBackend.getLdaps("")
-      .then((res) => {
-        let ldapsData = [];
-        if (res.status === "ok") {
-          ldapsData = res.data;
-        } else {
-          Setting.showMessage("error", res.msg);
-        }
-        this.setState((prevState) => {
-          prevState.ldaps = ldapsData;
-          return prevState;
-        });
-      });
-  }
-
-  deleteLdap(index) {
-
-  }
-
-  renderTable(ldaps) {
-    const columns = [
-      {
-        title: i18next.t("ldap:Server name"),
-        dataIndex: "serverName",
-        key: "serverName",
-        width: "200px",
-        sorter: (a, b) => a.serverName.localeCompare(b.serverName),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/ldaps/${record.id}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
-      {
-        title: i18next.t("general:Organization"),
-        dataIndex: "owner",
-        key: "owner",
-        width: "140px",
-        sorter: (a, b) => a.owner.localeCompare(b.owner),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/organizations/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
-      {
-        title: i18next.t("ldap:Server"),
-        dataIndex: "host",
-        key: "host",
-        ellipsis: true,
-        sorter: (a, b) => a.host.localeCompare(b.host),
-        render: (text, record, index) => {
-          return `${text}:${record.port}`;
-        },
-      },
-      {
-        title: i18next.t("ldap:Base DN"),
-        dataIndex: "baseDn",
-        key: "baseDn",
-        ellipsis: true,
-        sorter: (a, b) => a.baseDn.localeCompare(b.baseDn),
-      },
-      {
-        title: i18next.t("ldap:Admin"),
-        dataIndex: "admin",
-        key: "admin",
-        ellipsis: true,
-        sorter: (a, b) => a.admin.localeCompare(b.admin),
-      },
-      {
-        title: i18next.t("ldap:Auto Sync"),
-        dataIndex: "autoSync",
-        key: "autoSync",
-        width: "100px",
-        sorter: (a, b) => a.autoSync.localeCompare(b.autoSync),
-        render: (text, record, index) => {
-          return text === 0 ? (<span style={{color: "#faad14"}}>Disable</span>) : (
-            <span style={{color: "#52c41a"}}>{text + " mins"}</span>);
-        },
-      },
-      {
-        title: i18next.t("ldap:Last Sync"),
-        dataIndex: "lastSync",
-        key: "lastSync",
-        ellipsis: true,
-        sorter: (a, b) => a.lastSync.localeCompare(b.lastSync),
-        render: (text, record, index) => {
-          return text;
-        },
-      },
-      {
-        title: i18next.t("general:Action"),
-        dataIndex: "",
-        key: "op",
-        width: "240px",
-        render: (text, record, index) => {
-          return (
-            <div>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}}
-                type="primary"
-                onClick={() => Setting.goToLink(`/ldap/sync/${record.id}`)}>{i18next.t("general:Sync")}</Button>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}}
-                onClick={() => Setting.goToLink(`/ldap/${record.id}`)}>{i18next.t("general:Edit")}</Button>
-              <PopconfirmModal
-                title={i18next.t("general:Sure to delete") + `: ${record.serverName} ?`}
-                onConfirm={() => this.deleteLdap(index)}
-              >
-              </PopconfirmModal>
-            </div>
-          );
-        },
-      },
-    ];
-
-    return (
-      <div>
-        <Table columns={columns} dataSource={ldaps} rowKey="id" size="middle" bordered
-          pagination={{pageSize: 100}}
-          title={() => (
-            <div>
-              <span>{i18next.t("general:LDAPs")}</span>
-              <Button type="primary" size="small" style={{marginLeft: "10px"}}
-                onClick={() => {
-                  this.addLdap();
-                }}>{i18next.t("general:Add")}</Button>
-            </div>
-          )}
-          loading={ldaps === null}
-        />
-      </div>
-    );
-  }
-
-  render() {
-    return (
-      <div>
-        <Row style={{width: "100%"}}>
-          <Col span={1}>
-          </Col>
-          <Col span={22}>
-            {
-              this.renderTable(this.state.ldaps)
-            }
-          </Col>
-          <Col span={1}>
-          </Col>
-        </Row>
-      </div>
-    );
-  }
-}
-
-export default LdapListPage;
--- a/web/src/LdapSyncPage.js
+++ b/web/src/LdapSyncPage.js
@@ -13,10 +13,11 @@
 // limitations under the License.

 import React from "react";
-import {Button, Col, Popconfirm, Row, Table} from "antd";
+import {Button, Popconfirm, Table} from "antd";
 import * as Setting from "./Setting";
 import * as LdapBackend from "./backend/LdapBackend";
 import i18next from "i18next";
+import {Link} from "react-router-dom";

 class LdapSyncPage extends React.Component {
  constructor(props) {
@@ -77,9 +78,8 @@ class LdapSyncPage extends React.Component {
    LdapBackend.getLdap(this.state.organizationName, this.state.ldapId)
      .then((res) => {
        if (res.status === "ok") {
-          this.setState((prevState) => {
-            prevState.ldap = res.data;
-            return prevState;
+          this.setState({
+            ldap: res.data,
          });
          this.getLdapUser();
        } else {
@@ -139,22 +139,46 @@ class LdapSyncPage extends React.Component {
        dataIndex: "cn",
        key: "cn",
        sorter: (a, b) => a.cn.localeCompare(b.cn),
+        render: (text, record, index) => {
+          return (<div style={{display: "flex", justifyContent: "space-between"}}>
+            <div>
+              {text}
+            </div>
+            {this.state.existUuids.includes(record.uuid) ?
+              Setting.getTag("green", i18next.t("ldap:synced")) :
+              Setting.getTag("red", i18next.t("ldap:unsynced"))
+            }
+          </div>);
+        },
      },
      {
-        title: i18next.t("ldap:UidNumber / Uid"),
+        title: "Uid",
+        dataIndex: "uid",
+        key: "uid",
+        sorter: (a, b) => a.uid.localeCompare(b.uid),
+        render: (text, record, index) => {
+          return (
+            this.state.existUuids.includes(record.uuid) ?
+              <Link to={`/users/${this.state.organizationName}/${text}`}>
+                {text}
+              </Link> :
+              text
+          );
+        },
+      },
+      {
+        title: "UidNumber",
        dataIndex: "uidNumber",
        key: "uidNumber",
-        width: "200px",
        sorter: (a, b) => a.uidNumber.localeCompare(b.uidNumber),
        render: (text, record, index) => {
-          return `${text} / ${record.uid}`;
+          return text;
        },
      },
      {
        title: i18next.t("ldap:Group ID"),
        dataIndex: "groupId",
        key: "groupId",
-        width: "140px",
        sorter: (a, b) => a.groupId.localeCompare(b.groupId),
        filters: this.buildFilter(this.state.users, "groupId"),
        onFilter: (value, record) => record.groupId.indexOf(value) === 0,
@@ -163,14 +187,12 @@ class LdapSyncPage extends React.Component {
        title: i18next.t("general:Email"),
        dataIndex: "email",
        key: "email",
-        width: "240px",
        sorter: (a, b) => a.email.localeCompare(b.email),
      },
      {
        title: i18next.t("general:Phone"),
        dataIndex: "phone",
        key: "phone",
-        width: "160px",
        sorter: (a, b) => a.phone.localeCompare(b.phone),
      },
      {
@@ -183,9 +205,8 @@ class LdapSyncPage extends React.Component {

    const rowSelection = {
      onChange: (selectedRowKeys, selectedRows) => {
-        this.setState(prevState => {
-          prevState.selectedUsers = selectedRows;
-          return prevState;
+        this.setState({
+          selectedUsers: selectedRows,
        });
      },
      getCheckboxProps: record => ({
@@ -194,42 +215,36 @@ class LdapSyncPage extends React.Component {
    };

    return (
-      <div>
-        <Table rowSelection={rowSelection} columns={columns} dataSource={users} rowKey="uuid" bordered
-          pagination={{defaultPageSize: 10, showQuickJumper: true, showSizeChanger: true}}
-          title={() => (
-            <div>
-              <span>{this.state.ldap?.serverName}</span>
-              <Popconfirm placement={"right"}
-                title={"Please confirm to sync selected users"}
-                onConfirm={() => this.syncUsers()}
-              >
-                <Button type="primary" style={{marginLeft: "10px"}}>
-                  {i18next.t("general:Sync")}
-                </Button>
-              </Popconfirm>
-              <Button style={{marginLeft: "20px"}}
-                onClick={() => Setting.goToLink(`/ldap/${this.state.organizationName}/${this.state.ldapId}`)}>
-                {i18next.t("general:Edit")} LDAP
+      <Table rowSelection={rowSelection} columns={columns} dataSource={users} rowKey="uuid" bordered size="small"
+        pagination={{defaultPageSize: 10, showQuickJumper: true, showSizeChanger: true}}
+        title={() => (
+          <div>
+            {this.state.ldap?.serverName}
+            <Popconfirm placement={"right"} disabled={this.state.selectedUsers.length === 0}
+              title={"Please confirm to sync selected users"}
+              onConfirm={() => this.syncUsers()}
+            >
+              <Button type="primary" style={{marginLeft: "10px"}} disabled={this.state.selectedUsers.length === 0}>
+                {i18next.t("general:Sync")}
              </Button>
-            </div>
-          )}
-          loading={users === null}
-        />
-      </div>
+            </Popconfirm>
+            <Button style={{marginLeft: "20px"}}
+              onClick={() => Setting.goToLink(`/ldap/${this.state.organizationName}/${this.state.ldapId}`)}>
+              {i18next.t("general:Edit")} LDAP
+            </Button>
+          </div>
+        )}
+        loading={users === null}
+      />
    );
  }

  render() {
    return (
      <div>
-        <Row style={{width: "100%", justifyContent: "center"}}>
-          <Col span={22}>
-            {
-              this.renderTable(this.state.users)
-            }
-          </Col>
-        </Row>
+        {
+          this.renderTable(this.state.users)
+        }
        <div style={{marginTop: "20px", marginLeft: "40px"}}>
          <Button style={{marginLeft: "20px"}} type="primary" size="large" onClick={() => {
            this.props.history.push(`/organizations/${this.state.organizationName}`);
--- a/web/src/MessageEditPage.js
+++ b/web/src/MessageEditPage.js
@@ -0,0 +1,220 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Button, Card, Col, Input, Row, Select} from "antd";
+import * as ChatBackend from "./backend/ChatBackend";
+import * as MessageBackend from "./backend/MessageBackend";
+import * as OrganizationBackend from "./backend/OrganizationBackend";
+import * as UserBackend from "./backend/UserBackend";
+import * as Setting from "./Setting";
+import i18next from "i18next";
+
+const {TextArea} = Input;
+
+class MessageEditPage extends React.Component {
+  constructor(props) {
+    super(props);
+    this.state = {
+      classes: props,
+      messageName: props.match.params.messageName,
+      message: null,
+      organizations: [],
+      chats: [],
+      users: [],
+      mode: props.location.mode !== undefined ? props.location.mode : "edit",
+    };
+  }
+
+  UNSAFE_componentWillMount() {
+    this.getMessage();
+    this.getOrganizations();
+    this.getChats();
+  }
+
+  getMessage() {
+    MessageBackend.getMessage("admin", this.state.messageName)
+      .then((message) => {
+        this.setState({
+          message: message,
+        });
+
+        this.getUsers(message.organization);
+      });
+  }
+
+  getOrganizations() {
+    OrganizationBackend.getOrganizations("admin")
+      .then((res) => {
+        this.setState({
+          organizations: (res.msg === undefined) ? res : [],
+        });
+      });
+  }
+
+  getChats() {
+    ChatBackend.getChats("admin")
+      .then((res) => {
+        this.setState({
+          chats: (res.msg === undefined) ? res : [],
+        });
+      });
+  }
+
+  getUsers(organizationName) {
+    UserBackend.getUsers(organizationName)
+      .then((res) => {
+        this.setState({
+          users: res,
+        });
+      });
+  }
+
+  parseMessageField(key, value) {
+    if ([].includes(key)) {
+      value = Setting.myParseInt(value);
+    }
+    return value;
+  }
+
+  updateMessageField(key, value) {
+    value = this.parseMessageField(key, value);
+
+    const message = this.state.message;
+    message[key] = value;
+    this.setState({
+      message: message,
+    });
+  }
+
+  renderMessage() {
+    return (
+      <Card size="small" title={
+        <div>
+          {this.state.mode === "add" ? i18next.t("message:New Message") : i18next.t("message:Edit Message")}&nbsp;&nbsp;&nbsp;&nbsp;
+          <Button onClick={() => this.submitMessageEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: "20px"}} type="primary" onClick={() => this.submitMessageEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+          {this.state.mode === "add" ? <Button style={{marginLeft: "20px"}} onClick={() => this.deleteMessage()}>{i18next.t("general:Cancel")}</Button> : null}
+        </div>
+      } style={(Setting.isMobile()) ? {margin: "5px"} : {}} type="inner">
+        <Row style={{marginTop: "10px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} value={this.state.message.organization} onChange={(value => {this.updateMessageField("organization", value);})}
+              options={this.state.organizations.map((organization) => Setting.getOption(organization.name, organization.name))
+              } />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.message.name} onChange={e => {
+              this.updateMessageField("name", e.target.value);
+            }} />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("message:Chat"), i18next.t("message:Chat - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} value={this.state.message.chat} onChange={(value => {this.updateMessageField("chat", value);})}
+              options={this.state.chats.map((chat) => Setting.getOption(chat.name, chat.name))
+              } />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("message:Author"), i18next.t("message:Author - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} value={this.state.message.author} onChange={(value => {this.updateMessageField("author", value);})}
+              options={this.state.users.map((user) => Setting.getOption(`${user.owner}/${user.name}`, `${user.owner}/${user.name}`))
+              } />
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("message:Text"), i18next.t("message:Text - Tooltip"))} :
+          </Col>
+          <Col span={22}>
+            <TextArea rows={10} value={this.state.message.text} onChange={e => {
+              this.updateMessageField("text", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      </Card>
+    );
+  }
+
+  submitMessageEdit(willExist) {
+    const message = Setting.deepCopy(this.state.message);
+    MessageBackend.updateMessage(this.state.message.owner, this.state.messageName, message)
+      .then((res) => {
+        if (res.status === "ok") {
+          Setting.showMessage("success", i18next.t("general:Successfully saved"));
+          this.setState({
+            messageName: this.state.message.name,
+          });
+
+          if (willExist) {
+            this.props.history.push("/messages");
+          } else {
+            this.props.history.push(`/messages/${this.state.message.name}`);
+          }
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);
+          this.updateMessageField("name", this.state.messageName);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  deleteMessage() {
+    MessageBackend.deleteMessage(this.state.message)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.props.history.push("/messages");
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  render() {
+    return (
+      <div>
+        {
+          this.state.message !== null ? this.renderMessage() : null
+        }
+        <div style={{marginTop: "20px", marginLeft: "40px"}}>
+          <Button size="large" onClick={() => this.submitMessageEdit(false)}>{i18next.t("general:Save")}</Button>
+          <Button style={{marginLeft: "20px"}} type="primary" size="large" onClick={() => this.submitMessageEdit(true)}>{i18next.t("general:Save & Exit")}</Button>
+          {this.state.mode === "add" ? <Button style={{marginLeft: "20px"}} size="large" onClick={() => this.deleteMessage()}>{i18next.t("general:Cancel")}</Button> : null}
+        </div>
+      </div>
+    );
+  }
+}
+
+export default MessageEditPage;
--- a/web/src/MessageListPage.js
+++ b/web/src/MessageListPage.js
@@ -0,0 +1,236 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import {Link} from "react-router-dom";
+import {Button, Table} from "antd";
+import moment from "moment";
+import * as Setting from "./Setting";
+import * as MessageBackend from "./backend/MessageBackend";
+import i18next from "i18next";
+import BaseListPage from "./BaseListPage";
+import PopconfirmModal from "./PopconfirmModal";
+
+class MessageListPage extends BaseListPage {
+  newMessage() {
+    const randomName = Setting.getRandomName();
+    return {
+      owner: "admin", // this.props.account.messagename,
+      name: `message_${randomName}`,
+      createdTime: moment().format(),
+      organization: this.props.account.owner,
+      chat: "",
+      author: `${this.props.account.owner}/${this.props.account.name}`,
+      text: "",
+    };
+  }
+
+  addMessage() {
+    const newMessage = this.newMessage();
+    MessageBackend.addMessage(newMessage)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.props.history.push({pathname: `/messages/${newMessage.name}`, mode: "add"});
+          Setting.showMessage("success", i18next.t("general:Successfully added"));
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to add")}: ${res.msg}`);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  deleteMessage(i) {
+    MessageBackend.deleteMessage(this.state.data[i])
+      .then((res) => {
+        if (res.status === "ok") {
+          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
+          this.setState({
+            data: Setting.deleteRow(this.state.data, i),
+            pagination: {total: this.state.pagination.total - 1},
+          });
+        } else {
+          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
+        }
+      })
+      .catch(error => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      });
+  }
+
+  renderTable(messages) {
+    const columns = [
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "organization",
+        key: "organization",
+        width: "150px",
+        sorter: true,
+        ...this.getColumnSearchProps("organization"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:Name"),
+        dataIndex: "name",
+        key: "name",
+        width: "120px",
+        fixed: "left",
+        sorter: true,
+        ...this.getColumnSearchProps("name"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/messages/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("general:Created time"),
+        dataIndex: "createdTime",
+        key: "createdTime",
+        width: "150px",
+        sorter: true,
+        render: (text, record, index) => {
+          return Setting.getFormattedDate(text);
+        },
+      },
+      {
+        title: i18next.t("message:Chat"),
+        dataIndex: "chat",
+        key: "chat",
+        width: "120px",
+        fixed: "left",
+        sorter: true,
+        ...this.getColumnSearchProps("chat"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/chats/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("message:Author"),
+        dataIndex: "author",
+        key: "author",
+        width: "120px",
+        fixed: "left",
+        sorter: true,
+        ...this.getColumnSearchProps("author"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/users/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
+      {
+        title: i18next.t("message:Text"),
+        dataIndex: "text",
+        key: "text",
+        // width: '100px',
+        sorter: true,
+        ...this.getColumnSearchProps("text"),
+      },
+      {
+        title: i18next.t("general:Action"),
+        dataIndex: "",
+        key: "op",
+        width: "170px",
+        fixed: (Setting.isMobile()) ? "false" : "right",
+        render: (text, record, index) => {
+          return (
+            <div>
+              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/messages/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <PopconfirmModal
+                title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
+                onConfirm={() => this.deleteMessage(index)}
+              >
+              </PopconfirmModal>
+            </div>
+          );
+        },
+      },
+    ];
+
+    const paginationProps = {
+      total: this.state.pagination.total,
+      showQuickJumper: true,
+      showSizeChanger: true,
+      showTotal: () => i18next.t("general:{total} in total").replace("{total}", this.state.pagination.total),
+    };
+
+    return (
+      <div>
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={messages} rowKey={(record) => `${record.owner}/${record.name}`}size="middle" bordered pagination={paginationProps}
+          title={() => (
+            <div>
+              {i18next.t("general:Messages")}&nbsp;&nbsp;&nbsp;&nbsp;
+              <Button type="primary" size="small" onClick={this.addMessage.bind(this)}>{i18next.t("general:Add")}</Button>
+            </div>
+          )}
+          loading={this.state.loading}
+          onChange={this.handleTableChange}
+        />
+      </div>
+    );
+  }
+
+  fetch = (params = {}) => {
+    let field = params.searchedColumn, value = params.searchText;
+    const sortField = params.sortField, sortOrder = params.sortOrder;
+    if (params.category !== undefined && params.category !== null) {
+      field = "category";
+      value = params.category;
+    } else if (params.type !== undefined && params.type !== null) {
+      field = "type";
+      value = params.type;
+    }
+    this.setState({loading: true});
+    MessageBackend.getMessages("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            loading: false,
+            data: res.data,
+            pagination: {
+              ...params.pagination,
+              total: res.data2,
+            },
+            searchText: params.searchText,
+            searchedColumn: params.searchedColumn,
+          });
+        } else {
+          if (Setting.isResponseDenied(res)) {
+            this.setState({
+              loading: false,
+              isAuthorized: false,
+            });
+          }
+        }
+      });
+  };
+}
+
+export default MessageListPage;
--- a/web/src/ModelListPage.js
+++ b/web/src/ModelListPage.js
@@ -163,7 +163,7 @@ class ModelListPage extends BaseListPage {

    return (
      <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={models} rowKey="name" size="middle" bordered
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={models} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered
          pagination={paginationProps}
          title={() => (
            <div>
--- a/web/src/PaymentListPage.js
+++ b/web/src/PaymentListPage.js
@@ -243,7 +243,7 @@ class PaymentListPage extends BaseListPage {

    return (
      <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={payments} rowKey="name" size="middle" bordered pagination={paginationProps}
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={payments} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
          title={() => (
            <div>
              {i18next.t("general:Payments")}&nbsp;&nbsp;&nbsp;&nbsp;
--- a/web/src/PermissionListPage.js
+++ b/web/src/PermissionListPage.js
@@ -139,7 +139,7 @@ class PermissionListPage extends BaseListPage {
        sorter: true,
        ...this.getColumnSearchProps("users"),
        render: (text, record, index) => {
-          return Setting.getTags(text);
+          return Setting.getTags(text, "users");
        },
      },
      {
@@ -150,7 +150,7 @@ class PermissionListPage extends BaseListPage {
        sorter: true,
        ...this.getColumnSearchProps("roles"),
        render: (text, record, index) => {
-          return Setting.getTags(text);
+          return Setting.getTags(text, "roles");
        },
      },
      {
@@ -321,7 +321,7 @@ class PermissionListPage extends BaseListPage {

    return (
      <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={permissions} rowKey="name" size="middle" bordered pagination={paginationProps}
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={permissions} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
          title={() => (
            <div>
              {i18next.t("general:Permissions")}&nbsp;&nbsp;&nbsp;&nbsp;
--- a/web/src/ProviderEditPage.js
+++ b/web/src/ProviderEditPage.js
@@ -125,6 +125,8 @@ class ProviderEditPage extends React.Component {
      } else {
        return Setting.getLabel(i18next.t("provider:Secret key"), i18next.t("provider:Secret key - Tooltip"));
      }
+    case "AI":
+      return Setting.getLabel(i18next.t("provider:Secret key"), i18next.t("provider:Secret key - Tooltip"));
    default:
      return Setting.getLabel(i18next.t("provider:Client secret"), i18next.t("provider:Client secret - Tooltip"));
    }
@@ -278,17 +280,20 @@ class ProviderEditPage extends React.Component {
                this.updateProviderField("type", "Alipay");
              } else if (value === "Captcha") {
                this.updateProviderField("type", "Default");
+              } else if (value === "AI") {
+                this.updateProviderField("type", "OpenAI API - GPT");
              }
            })}>
              {
                [
-                  {id: "OAuth", name: "OAuth"},
+                  {id: "AI", name: "AI"},
+                  {id: "Captcha", name: "Captcha"},
                  {id: "Email", name: "Email"},
+                  {id: "OAuth", name: "OAuth"},
+                  {id: "Payment", name: "Payment"},
+                  {id: "SAML", name: "SAML"},
                  {id: "SMS", name: "SMS"},
                  {id: "Storage", name: "Storage"},
-                  {id: "SAML", name: "SAML"},
-                  {id: "Payment", name: "Payment"},
-                  {id: "Captcha", name: "Captcha"},
                ]
                  .sort((a, b) => a.name.localeCompare(b.name))
                  .map((providerCategory, index) => <Option key={index} value={providerCategory.id}>{providerCategory.name}</Option>)
@@ -352,7 +357,7 @@ class ProviderEditPage extends React.Component {
                          [
                            {id: "Normal", name: i18next.t("provider:Normal")},
                            {id: "Silent", name: i18next.t("provider:Silent")},
-                          ].map((method, index) => <Option key={index} value={method.name}>{method.name}</Option>)
+                          ].map((method, index) => <Option key={index} value={method.id}>{method.name}</Option>)
                        }
                      </Select>
                    </Col>
@@ -437,16 +442,20 @@ class ProviderEditPage extends React.Component {
        {
          this.state.provider.category === "Captcha" && this.state.provider.type === "Default" ? null : (
            <React.Fragment>
-              <Row style={{marginTop: "20px"}} >
-                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-                  {this.getClientIdLabel(this.state.provider)}
-                </Col>
-                <Col span={22} >
-                  <Input value={this.state.provider.clientId} onChange={e => {
-                    this.updateProviderField("clientId", e.target.value);
-                  }} />
-                </Col>
-              </Row>
+              {
+                this.state.provider.category === "AI" ? null : (
+                  <Row style={{marginTop: "20px"}} >
+                    <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                      {this.getClientIdLabel(this.state.provider)}
+                    </Col>
+                    <Col span={22} >
+                      <Input value={this.state.provider.clientId} onChange={e => {
+                        this.updateProviderField("clientId", e.target.value);
+                      }} />
+                    </Col>
+                  </Row>
+                )
+              }
              <Row style={{marginTop: "20px"}} >
                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
                  {this.getClientSecretLabel(this.state.provider)}
@@ -461,13 +470,15 @@ class ProviderEditPage extends React.Component {
          )
        }
        {
-          this.state.provider.type !== "WeChat" && this.state.provider.type !== "Aliyun Captcha" ? null : (
+          this.state.provider.type !== "WeChat" && this.state.provider.type !== "Aliyun Captcha" && this.state.provider.type !== "WeChat Pay" ? null : (
            <React.Fragment>
              <Row style={{marginTop: "20px"}} >
                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
                  {this.state.provider.type === "Aliyun Captcha"
                    ? Setting.getLabel(i18next.t("provider:Scene"), i18next.t("provider:Scene - Tooltip"))
-                    : Setting.getLabel(i18next.t("provider:Client ID 2"), i18next.t("provider:Client ID 2 - Tooltip"))}
+                    : this.state.provider.type === "WeChat Pay"
+                      ? Setting.getLabel("appId", "appId")
+                      : Setting.getLabel(i18next.t("provider:Client ID 2"), i18next.t("provider:Client ID 2 - Tooltip"))}
                </Col>
                <Col span={22} >
                  <Input value={this.state.provider.clientId2} onChange={e => {
@@ -475,18 +486,22 @@ class ProviderEditPage extends React.Component {
                  }} />
                </Col>
              </Row>
-              <Row style={{marginTop: "20px"}} >
-                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-                  {this.state.provider.type === "Aliyun Captcha"
-                    ? Setting.getLabel(i18next.t("provider:App key"), i18next.t("provider:App key - Tooltip"))
-                    : Setting.getLabel(i18next.t("provider:Client secret 2"), i18next.t("provider:Client secret 2 - Tooltip"))}
-                </Col>
-                <Col span={22} >
-                  <Input value={this.state.provider.clientSecret2} onChange={e => {
-                    this.updateProviderField("clientSecret2", e.target.value);
-                  }} />
-                </Col>
-              </Row>
+              {
+                this.state.provider.type === "WeChat Pay" ? null : (
+                  <Row style={{marginTop: "20px"}} >
+                    <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                      {this.state.provider.type === "Aliyun Captcha"
+                        ? Setting.getLabel(i18next.t("provider:App key"), i18next.t("provider:App key - Tooltip"))
+                        : Setting.getLabel(i18next.t("provider:Client secret 2"), i18next.t("provider:Client secret 2 - Tooltip"))}
+                    </Col>
+                    <Col span={22} >
+                      <Input value={this.state.provider.clientSecret2} onChange={e => {
+                        this.updateProviderField("clientSecret2", e.target.value);
+                      }} />
+                    </Col>
+                  </Row>
+                )
+              }
            </React.Fragment>
          )
        }
@@ -815,6 +830,20 @@ class ProviderEditPage extends React.Component {
            </React.Fragment>
          ) : null
        }
+        {
+          this.state.provider.type === "WeChat Pay" ? (
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel("cert", "cert")} :
+              </Col>
+              <Col span={22} >
+                <Input value={this.state.provider.cert} onChange={e => {
+                  this.updateProviderField("cert", e.target.value);
+                }} />
+              </Col>
+            </Row>
+          ) : null
+        }
        {this.getAppIdRow(this.state.provider)}
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
--- a/web/src/ProviderListPage.js
+++ b/web/src/ProviderListPage.js
@@ -227,7 +227,7 @@ class ProviderListPage extends BaseListPage {

    return (
      <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={providers} rowKey="name" size="middle" bordered pagination={paginationProps}
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={providers} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
          title={() => (
            <div>
              {i18next.t("general:Providers")}&nbsp;&nbsp;&nbsp;&nbsp;
--- a/web/src/RoleListPage.js
+++ b/web/src/RoleListPage.js
@@ -130,7 +130,7 @@ class RoleListPage extends BaseListPage {
        sorter: true,
        ...this.getColumnSearchProps("users"),
        render: (text, record, index) => {
-          return Setting.getTags(text);
+          return Setting.getTags(text, "users");
        },
      },
      {
@@ -141,7 +141,7 @@ class RoleListPage extends BaseListPage {
        sorter: true,
        ...this.getColumnSearchProps("roles"),
        render: (text, record, index) => {
-          return Setting.getTags(text);
+          return Setting.getTags(text, "roles");
        },
      },
      {
@@ -196,7 +196,7 @@ class RoleListPage extends BaseListPage {

    return (
      <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={roles} rowKey="name" size="middle" bordered pagination={paginationProps}
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={roles} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
          title={() => (
            <div>
              {i18next.t("general:Roles")}&nbsp;&nbsp;&nbsp;&nbsp;
--- a/web/src/SessionListPage.js
+++ b/web/src/SessionListPage.js
@@ -118,7 +118,7 @@ class SessionListPage extends BaseListPage {

    return (
      <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={sessions} rowKey="name" size="middle" bordered pagination={paginationProps}
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={sessions} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
          loading={this.state.loading}
          onChange={this.handleTableChange}
        />
--- a/web/src/Setting.js
+++ b/web/src/Setting.js
@@ -24,7 +24,6 @@ import {authConfig} from "./auth/Auth";
 import {Helmet} from "react-helmet";
 import * as Conf from "./Conf";
 import * as phoneNumber from "libphonenumber-js";
-import * as path from "path-browserify";

 const {Option} = Select;

@@ -42,7 +41,7 @@ export const Countries = [{label: "English", key: "en", country: "US", alt: "Eng
  {label: "日本語", key: "ja", country: "JP", alt: "日本語"},
  {label: "한국어", key: "ko", country: "KR", alt: "한국어"},
  {label: "Русский", key: "ru", country: "RU", alt: "Русский"},
-  {label: "TiếngViệt", key: "vi", country: "VI", alt: "TiếngViệt"},
+  {label: "TiếngViệt", key: "vi", country: "VN", alt: "TiếngViệt"},
 ];

 export function getThemeData(organization, application) {
@@ -205,6 +204,12 @@ export const OtherProviderInfo = {
      url: "https://www.cloudflare.com/products/turnstile/",
    },
  },
+  AI: {
+    "OpenAI API - GPT": {
+      logo: `${StaticBaseUrl}/img/social_openai.svg`,
+      url: "https://platform.openai.com",
+    },
+  },
 };

 export function initCountries() {
@@ -856,6 +861,10 @@ export function getProviderTypeOptions(category) {
      {id: "GEETEST", name: "GEETEST"},
      {id: "Cloudflare Turnstile", name: "Cloudflare Turnstile"},
    ]);
+  } else if (category === "AI") {
+    return ([
+      {id: "OpenAI API - GPT", name: "OpenAI API - GPT"},
+    ]);
  } else {
    return [];
  }
@@ -888,7 +897,7 @@ export function getLoginLink(application) {
  } else if (authConfig.appName === application.name) {
    url = "/login";
  } else if (application.signinUrl === "") {
-    url = path.join(application.homepageUrl, "/login");
+    url = trim(application.homepageUrl, "/") + "/login";
  } else {
    url = application.signinUrl;
  }
@@ -902,10 +911,11 @@ export function renderLoginLink(application, text) {

 export function redirectToLoginPage(application, history) {
  const loginLink = getLoginLink(application);
-  if (loginLink.indexOf("http") === 0 || loginLink.indexOf("https") === 0) {
-    window.location.replace(loginLink);
+  if (loginLink.startsWith("http://") || loginLink.startsWith("https://")) {
+    goToLink(loginLink);
+  } else {
+    history.push(loginLink);
  }
-  history.push(loginLink);
 }

 function renderLink(url, text, onClick) {
@@ -1070,18 +1080,28 @@ export function getTagColor(s) {
  return "processing";
 }

-export function getTags(tags) {
+export function getTags(tags, urlPrefix = null) {
  const res = [];
  if (!tags) {
    return res;
  }

  tags.forEach((tag, i) => {
-    res.push(
-      <Tag color={getTagColor(tag)}>
-        {tag}
-      </Tag>
-    );
+    if (urlPrefix === null) {
+      res.push(
+        <Tag color={getTagColor(tag)}>
+          {tag}
+        </Tag>
+      );
+    } else {
+      res.push(
+        <Link to={`/${urlPrefix}/${tag}`}>
+          <Tag color={getTagColor(tag)}>
+            {tag}
+          </Tag>
+        </Link>
+      );
+    }
  });
  return res;
 }
--- a/web/src/SyncerListPage.js
+++ b/web/src/SyncerListPage.js
@@ -253,7 +253,7 @@ class SyncerListPage extends BaseListPage {

    return (
      <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={syncers} rowKey="name" size="middle" bordered pagination={paginationProps}
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={syncers} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
          title={() => (
            <div>
              {i18next.t("general:Syncers")}&nbsp;&nbsp;&nbsp;&nbsp;
--- a/web/src/TokenListPage.js
+++ b/web/src/TokenListPage.js
@@ -222,7 +222,7 @@ class TokenListPage extends BaseListPage {

    return (
      <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={tokens} rowKey="name" size="middle" bordered pagination={paginationProps}
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={tokens} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
          title={() => (
            <div>
              {i18next.t("general:Tokens")}&nbsp;&nbsp;&nbsp;&nbsp;
--- a/web/src/UserEditPage.js
+++ b/web/src/UserEditPage.js
@@ -13,7 +13,7 @@
 // limitations under the License.

 import React from "react";
-import {Button, Card, Col, Input, Result, Row, Select, Spin, Switch} from "antd";
+import {Button, Card, Col, Input, InputNumber, Result, Row, Select, Spin, Switch} from "antd";
 import * as UserBackend from "./backend/UserBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as Setting from "./Setting";
@@ -110,9 +110,9 @@ class UserEditPage extends React.Component {
  }

  parseUserField(key, value) {
-    // if ([].includes(key)) {
-    //   value = Setting.myParseInt(value);
-    // }
+    if (["score", "karma", "ranking"].includes(key)) {
+      value = Setting.myParseInt(value);
+    }
    return value;
  }

@@ -360,6 +360,19 @@ class UserEditPage extends React.Component {
          </Col>
        </Row>
      );
+    } else if (accountItem.name === "Address") {
+      return (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("user:Address"), i18next.t("user:Address - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.user.address} onChange={e => {
+              this.updateUserField("address", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      );
    } else if (accountItem.name === "Affiliation") {
      return (
        (this.state.application === null || this.state.user === null) ? null : (
@@ -379,6 +392,32 @@ class UserEditPage extends React.Component {
          </Col>
        </Row>
      );
+    } else if (accountItem.name === "ID card type") {
+      return (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("user:ID card type"), i18next.t("user:ID card type - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.user.idCardType} onChange={e => {
+              this.updateUserField("idCardType", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      );
+    } else if (accountItem.name === "ID card") {
+      return (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("user:ID card"), i18next.t("user:ID card - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.user.idCard} onChange={e => {
+              this.updateUserField("idCard", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      );
    } else if (accountItem.name === "Homepage") {
      return (
        <Row style={{marginTop: "20px"}} >
@@ -431,6 +470,97 @@ class UserEditPage extends React.Component {
          </Col>
        </Row>
      );
+    } else if (accountItem.name === "Language") {
+      return (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("user:Language"), i18next.t("user:Language - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.user.language} onChange={e => {
+              this.updateUserField("language", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      );
+    } else if (accountItem.name === "Gender") {
+      return (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("user:Gender"), i18next.t("user:Gender - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.user.gender} onChange={e => {
+              this.updateUserField("gender", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      );
+    } else if (accountItem.name === "Birthday") {
+      return (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("user:Birthday"), i18next.t("user:Birthday - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.user.birthday} onChange={e => {
+              this.updateUserField("birthday", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      );
+    } else if (accountItem.name === "Education") {
+      return (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("user:Education"), i18next.t("user:Education - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Input value={this.state.user.education} onChange={e => {
+              this.updateUserField("education", e.target.value);
+            }} />
+          </Col>
+        </Row>
+      );
+    } else if (accountItem.name === "Score") {
+      return (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("user:Score"), i18next.t("user:Score - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <InputNumber value={this.state.user.score} onChange={value => {
+              this.updateUserField("score", value);
+            }} />
+          </Col>
+        </Row>
+      );
+    } else if (accountItem.name === "Karma") {
+      return (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("user:Karma"), i18next.t("user:Karma - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <InputNumber value={this.state.user.karma} onChange={value => {
+              this.updateUserField("karma", value);
+            }} />
+          </Col>
+        </Row>
+      );
+    } else if (accountItem.name === "Ranking") {
+      return (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("user:Ranking"), i18next.t("user:Ranking - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <InputNumber value={this.state.user.ranking} onChange={value => {
+              this.updateUserField("ranking", value);
+            }} />
+          </Col>
+        </Row>
+      );
    } else if (accountItem.name === "Signup application") {
      return (
        <Row style={{marginTop: "20px"}} >
--- a/web/src/WebhookEditPage.js
+++ b/web/src/WebhookEditPage.js
@@ -244,7 +244,7 @@ class WebhookEditPage extends React.Component {
              }} >
              {
                (
-                  ["signup", "login", "logout", "add-user", "update-user", "add-organization", "update-organization", "add-provider", "update-provider"].map((option, index) => {
+                  ["signup", "login", "logout", "add-user", "update-user", "delete-user", "add-organization", "update-organization", "delete-organization", "add-application", "update-application", "delete-application", "add-provider", "update-provider", "delete-provider"].map((option, index) => {
                    return (
                      <Option key={option} value={option}>{option}</Option>
                    );
--- a/web/src/WebhookListPage.js
+++ b/web/src/WebhookListPage.js
@@ -218,7 +218,7 @@ class WebhookListPage extends BaseListPage {

    return (
      <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={webhooks} rowKey="name" size="middle" bordered pagination={paginationProps}
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={webhooks} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
          title={() => (
            <div>
              {i18next.t("general:Webhooks")}&nbsp;&nbsp;&nbsp;&nbsp;
--- a/web/src/auth/AuthBackend.js
+++ b/web/src/auth/AuthBackend.js
@@ -139,3 +139,13 @@ export function getWechatMessageEvent() {
    },
  }).then(res => res.json());
 }
+
+export function getCaptchaStatus(values) {
+  return fetch(`${Setting.ServerUrl}/api/get-captcha-status?organization=${values["organization"]}&user_id=${values["username"]}`, {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
--- a/web/src/auth/ForgetPage.js
+++ b/web/src/auth/ForgetPage.js
@@ -33,9 +33,8 @@ class ForgetPage extends React.Component {
      classes: props,
      applicationName: props.applicationName ?? props.match.params?.applicationName,
      msg: null,
-      userId: "",
-      username: "",
      name: "",
+      username: "",
      phone: "",
      email: "",
      dest: "",
@@ -86,7 +85,7 @@ class ForgetPage extends React.Component {
            const phone = res.data.phone;
            const email = res.data.email;

-            if (phone === "" && email === "") {
+            if (!phone && !email) {
              Setting.showMessage("error", "no verification method!");
            } else {
              this.setState({
@@ -124,18 +123,16 @@ class ForgetPage extends React.Component {
        });
      break;
    case "step2":
-      const oAuthParams = Util.getOAuthGetParameters();
-
-      AuthBackend.login({
+      UserBackend.verifyCode({
        application: forms.step2.getFieldValue("application"),
        organization: forms.step2.getFieldValue("organization"),
        username: forms.step2.getFieldValue("dest"),
        name: this.state.name,
        code: forms.step2.getFieldValue("code"),
        type: "login",
-      }, oAuthParams).then(res => {
+      }).then(res => {
        if (res.status === "ok") {
-          this.setState({current: 2, userId: res.data});
+          this.setState({current: 2, code: forms.step2.getFieldValue("code")});
        } else {
          Setting.showMessage("error", res.msg);
        }
@@ -150,7 +147,7 @@ class ForgetPage extends React.Component {
  onFinish(values) {
    values.username = this.state.name;
    values.userOwner = this.getApplicationObj()?.organizationObj.name;
-    UserBackend.setPassword(values.userOwner, values.username, "", values?.newPassword).then(res => {
+    UserBackend.setPassword(values.userOwner, values.username, "", values?.newPassword, this.state.code).then(res => {
      if (res.status === "ok") {
        Setting.redirectToLoginPage(this.getApplicationObj(), this.props.history);
      } else {
@@ -387,7 +384,6 @@ class ForgetPage extends React.Component {
              hasFeedback
            >
              <Input.Password
-                disabled={this.state.userId === ""}
                prefix={<LockOutlined />}
                placeholder={i18next.t("general:Password")}
              />
@@ -414,14 +410,13 @@ class ForgetPage extends React.Component {
              ]}
            >
              <Input.Password
-                disabled={this.state.userId === ""}
                prefix={<CheckCircleOutlined />}
                placeholder={i18next.t("signup:Confirm")}
              />
            </Form.Item>
            <br />
            <Form.Item hidden={this.state.current !== 2}>
-              <Button block type="primary" htmlType="submit" disabled={this.state.userId === ""}>
+              <Button block type="primary" htmlType="submit">
                {i18next.t("forget:Change Password")}
              </Button>
            </Form.Item>
--- a/web/src/auth/LoginPage.js
+++ b/web/src/auth/LoginPage.js
@@ -31,6 +31,7 @@ import CustomGithubCorner from "../common/CustomGithubCorner";
 import {SendCodeInput} from "../common/SendCodeInput";
 import LanguageSelect from "../common/select/LanguageSelect";
 import {CaptchaModal} from "../common/modal/CaptchaModal";
+import {CaptchaRule} from "../common/modal/CaptchaModal";
 import RedirectForm from "../common/RedirectForm";

 class LoginPage extends React.Component {
@@ -47,7 +48,7 @@ class LoginPage extends React.Component {
      validEmailOrPhone: false,
      validEmail: false,
      loginMethod: "password",
-      enableCaptchaModal: false,
+      enableCaptchaModal: CaptchaRule.Never,
      openCaptchaModal: false,
      verifyCaptcha: undefined,
      samlResponse: "",
@@ -81,7 +82,13 @@ class LoginPage extends React.Component {
    if (prevProps.application !== this.props.application) {
      const captchaProviderItems = this.getCaptchaProviderItems(this.props.application);
      if (captchaProviderItems) {
-        this.setState({enableCaptchaModal: captchaProviderItems.some(providerItem => providerItem.rule === "Always")});
+        if (captchaProviderItems.some(providerItem => providerItem.rule === "Always")) {
+          this.setState({enableCaptchaModal: CaptchaRule.Always});
+        } else if (captchaProviderItems.some(providerItem => providerItem.rule === "Dynamic")) {
+          this.setState({enableCaptchaModal: CaptchaRule.Dynamic});
+        } else {
+          this.setState({enableCaptchaModal: CaptchaRule.Never});
+        }
      }

      if (this.props.account && this.props.account.owner === this.props.application?.organization) {
@@ -110,6 +117,22 @@ class LoginPage extends React.Component {
    }
  }

+  checkCaptchaStatus(values) {
+    AuthBackend.getCaptchaStatus(values)
+      .then((res) => {
+        if (res.status === "ok") {
+          if (res.data) {
+            this.setState({
+              openCaptchaModal: true,
+              values: values,
+            });
+            return null;
+          }
+        }
+        this.login(values);
+      });
+  }
+
  getApplicationLogin() {
    const oAuthParams = Util.getOAuthGetParameters();
    AuthBackend.getApplicationLogin(oAuthParams)
@@ -124,7 +147,6 @@ class LoginPage extends React.Component {
          });
        }
      });
-    return null;
  }

  getApplication() {
@@ -255,15 +277,19 @@ class LoginPage extends React.Component {
      this.signInWithWebAuthn(username, values);
      return;
    }
-
-    if (this.state.loginMethod === "password" && this.state.enableCaptchaModal) {
-      this.setState({
-        openCaptchaModal: true,
-        values: values,
-      });
-    } else {
-      this.login(values);
+    if (this.state.loginMethod === "password") {
+      if (this.state.enableCaptchaModal === CaptchaRule.Always) {
+        this.setState({
+          openCaptchaModal: true,
+          values: values,
+        });
+        return;
+      } else if (this.state.enableCaptchaModal === CaptchaRule.Dynamic) {
+        this.checkCaptchaStatus(values);
+        return;
+      }
    }
+    this.login(values);
  }

  login(values) {
@@ -544,13 +570,15 @@ class LoginPage extends React.Component {
  }

  renderCaptchaModal(application) {
-    if (!this.state.enableCaptchaModal) {
+    if (this.state.enableCaptchaModal === CaptchaRule.Never) {
      return null;
    }
-
-    const provider = this.getCaptchaProviderItems(application)
-      .filter(providerItem => providerItem.rule === "Always")
-      .map(providerItem => providerItem.provider)[0];
+    const captchaProviderItems = this.getCaptchaProviderItems(application);
+    const alwaysProviderItems = captchaProviderItems.filter(providerItem => providerItem.rule === "Always");
+    const dynamicProviderItems = captchaProviderItems.filter(providerItem => providerItem.rule === "Dynamic");
+    const provider = alwaysProviderItems.length > 0
+      ? alwaysProviderItems[0].provider
+      : dynamicProviderItems[0].provider;

    return <CaptchaModal
      owner={provider.owner}
@@ -571,33 +599,20 @@ class LoginPage extends React.Component {
  }

  renderFooter(application) {
-    if (this.state.mode === "signup") {
-      return (
-        <div style={{float: "right"}}>
-          {i18next.t("signup:Have account?")}&nbsp;
-          {
-            Setting.renderLoginLink(application, i18next.t("signup:sign in now"))
-          }
-        </div>
-      );
-    } else {
-      return (
-        <React.Fragment>
-          <span style={{float: "right"}}>
-            {
-              !application.enableSignUp ? null : (
-                <React.Fragment>
-                  {i18next.t("login:No account?")}&nbsp;
-                  {
-                    Setting.renderSignupLink(application, i18next.t("login:sign up now"))
-                  }
-                </React.Fragment>
-              )
-            }
-          </span>
-        </React.Fragment>
-      );
-    }
+    return (
+      <span style={{float: "right"}}>
+        {
+          !application.enableSignUp ? null : (
+            <React.Fragment>
+              {i18next.t("login:No account?")}&nbsp;
+              {
+                Setting.renderSignupLink(application, i18next.t("login:sign up now"))
+              }
+            </React.Fragment>
+          )
+        }
+      </span>
+    );
  }

  sendSilentSigninData(data) {
@@ -746,13 +761,9 @@ class LoginPage extends React.Component {

  renderMethodChoiceBox() {
    const application = this.getApplicationObj();
-    const items = [
-      {label: i18next.t("general:Password"), key: "password"},
-    ];
-    application.enableCodeSignin ? items.push({
-      label: i18next.t("login:Verification code"),
-      key: "verificationCode",
-    }) : null;
+    const items = [];
+    items.push({label: i18next.t("general:Password"), key: "password"});
+    application.enableCodeSignin ? items.push({label: i18next.t("login:Verification code"), key: "verificationCode"}) : null;
    application.enableWebAuthn ? items.push({label: i18next.t("login:WebAuthn"), key: "webAuthn"}) : null;

    if (application.enableCodeSignin || application.enableWebAuthn) {
@@ -787,11 +798,11 @@ class LoginPage extends React.Component {
    }

    const visibleOAuthProviderItems = application.providers.filter(providerItem => this.isProviderVisible(providerItem));
-    if (this.props.application === undefined && !application.enablePassword && visibleOAuthProviderItems.length === 1) {
+    if (this.props.preview !== "auto" && !application.enablePassword && visibleOAuthProviderItems.length === 1) {
      Setting.goToLink(Provider.getAuthUrl(application, visibleOAuthProviderItems[0].provider, "signup"));
      return (
-        <div style={{display: "flex", justifyContent: "center", alignItems: "center"}}>
-          <Spin size="large" tip={i18next.t("login:Signing in...")} style={{paddingTop: "10%"}} />
+        <div style={{display: "flex", justifyContent: "center", alignItems: "center", width: "100%"}}>
+          <Spin size="large" tip={i18next.t("login:Signing in...")} />
        </div>
      );
    }
--- a/web/src/auth/ResultPage.js
+++ b/web/src/auth/ResultPage.js
@@ -13,7 +13,7 @@
 // limitations under the License.

 import React from "react";
-import {Button, Result} from "antd";
+import {Button, Result, Spin} from "antd";
 import i18next from "i18next";
 import {authConfig} from "./Auth";
 import * as ApplicationBackend from "../backend/ApplicationBackend";
@@ -53,6 +53,14 @@ class ResultPage extends React.Component {
  render() {
    const application = this.state.application;

+    if (application === null) {
+      return (
+        <div style={{display: "flex", justifyContent: "center", alignItems: "center"}}>
+          <Spin size="large" tip={i18next.t("login:Loading")} style={{paddingTop: "10%"}} />
+        </div>
+      );
+    }
+
    return (
      <div>
        {
@@ -68,7 +76,7 @@ class ResultPage extends React.Component {
              if (linkInStorage !== null && linkInStorage !== "") {
                Setting.goToLink(linkInStorage);
              } else {
-                Setting.redirectToLoginPage(application);
+                Setting.redirectToLoginPage(application, this.props.history);
              }
            }}>
              {i18next.t("login:Sign In")}
--- a/web/src/auth/SignupPage.js
+++ b/web/src/auth/SignupPage.js
@@ -66,7 +66,7 @@ class SignupPage extends React.Component {
    super(props);
    this.state = {
      classes: props,
-      applicationName: props.match?.params?.applicationName ?? authConfig.appName,
+      applicationName: props.match?.params?.applicationName ?? null,
      email: "",
      phone: "",
      countryCode: "",
@@ -92,8 +92,11 @@ class SignupPage extends React.Component {
    if (this.getApplicationObj() === undefined) {
      if (this.state.applicationName !== null) {
        this.getApplication(this.state.applicationName);
+      } else if (oAuthParams !== null) {
+        this.getApplicationLogin(oAuthParams);
      } else {
        Setting.showMessage("error", `Unknown application name: ${this.state.applicationName}`);
+        this.onUpdateApplication(null);
      }
    }
  }
@@ -109,6 +112,21 @@ class SignupPage extends React.Component {
      });
  }

+  getApplicationLogin(oAuthParams) {
+    AuthBackend.getApplicationLogin(oAuthParams)
+      .then((res) => {
+        if (res.status === "ok") {
+          const application = res.data;
+          this.onUpdateApplication(application);
+        } else {
+          this.onUpdateApplication(null);
+          this.setState({
+            msg: res.msg,
+          });
+        }
+      });
+  }
+
  getResultPath(application) {
    if (authConfig.appName === application.name) {
      return "/result";
@@ -178,11 +196,7 @@ class SignupPage extends React.Component {
  }

  isProviderVisible(providerItem) {
-    if (this.state.mode === "signup") {
-      return Setting.isProviderVisibleForSignUp(providerItem);
-    } else {
-      return Setting.isProviderVisibleForSignIn(providerItem);
-    }
+    return Setting.isProviderVisibleForSignUp(providerItem);
  }

  renderFormItem(application, signupItem) {
@@ -408,24 +422,27 @@ class SignupPage extends React.Component {
              </Form.Item>
            </Input.Group>
          </Form.Item>
-          <Form.Item
-            name="phoneCode"
-            label={i18next.t("code:Phone code")}
-            rules={[
-              {
-                required: required,
-                message: i18next.t("code:Please input your phone verification code!"),
-              },
-            ]}
-          >
-            <SendCodeInput
-              disabled={!this.state.validPhone}
-              method={"signup"}
-              onButtonClickArgs={[this.state.phone, "phone", Setting.getApplicationName(application)]}
-              application={application}
-              countryCode={this.form.current?.getFieldValue("countryCode")}
-            />
-          </Form.Item>
+          {
+            signupItem.rule !== "No verification" &&
+            <Form.Item
+              name="phoneCode"
+              label={i18next.t("code:Phone code")}
+              rules={[
+                {
+                  required: required,
+                  message: i18next.t("code:Please input your phone verification code!"),
+                },
+              ]}
+            >
+              <SendCodeInput
+                disabled={!this.state.validPhone}
+                method={"signup"}
+                onButtonClickArgs={[this.state.phone, "phone", Setting.getApplicationName(application)]}
+                application={application}
+                countryCode={this.form.current?.getFieldValue("countryCode")}
+              />
+            </Form.Item>
+          }
        </React.Fragment>
      );
    } else if (signupItem.name === "Password") {
--- a/web/src/backend/ChatBackend.js
+++ b/web/src/backend/ChatBackend.js
@@ -0,0 +1,71 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import * as Setting from "../Setting";
+
+export function getChats(owner, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-chats?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function getChat(owner, name) {
+  return fetch(`${Setting.ServerUrl}/api/get-chat?id=${owner}/${encodeURIComponent(name)}`, {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function updateChat(owner, name, chat) {
+  const newChat = Setting.deepCopy(chat);
+  return fetch(`${Setting.ServerUrl}/api/update-chat?id=${owner}/${encodeURIComponent(name)}`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(newChat),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function addChat(chat) {
+  const newChat = Setting.deepCopy(chat);
+  return fetch(`${Setting.ServerUrl}/api/add-chat`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(newChat),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function deleteChat(chat) {
+  const newChat = Setting.deepCopy(chat);
+  return fetch(`${Setting.ServerUrl}/api/delete-chat`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(newChat),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
--- a/web/src/backend/MessageBackend.js
+++ b/web/src/backend/MessageBackend.js
@@ -0,0 +1,81 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import * as Setting from "../Setting";
+
+export function getMessages(owner, page = "", pageSize = "", field = "", value = "", sortField = "", sortOrder = "") {
+  return fetch(`${Setting.ServerUrl}/api/get-messages?owner=${owner}&p=${page}&pageSize=${pageSize}&field=${field}&value=${value}&sortField=${sortField}&sortOrder=${sortOrder}`, {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function getChatMessages(chat) {
+  return fetch(`${Setting.ServerUrl}/api/get-messages?chat=${chat}`, {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function getMessage(owner, name) {
+  return fetch(`${Setting.ServerUrl}/api/get-message?id=${owner}/${encodeURIComponent(name)}`, {
+    method: "GET",
+    credentials: "include",
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function updateMessage(owner, name, message) {
+  const newMessage = Setting.deepCopy(message);
+  return fetch(`${Setting.ServerUrl}/api/update-message?id=${owner}/${encodeURIComponent(name)}`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(newMessage),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function addMessage(message) {
+  const newMessage = Setting.deepCopy(message);
+  return fetch(`${Setting.ServerUrl}/api/add-message`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(newMessage),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
+
+export function deleteMessage(message) {
+  const newMessage = Setting.deepCopy(message);
+  return fetch(`${Setting.ServerUrl}/api/delete-message`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(newMessage),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
--- a/web/src/backend/UserBackend.js
+++ b/web/src/backend/UserBackend.js
@@ -93,12 +93,16 @@ export function getAffiliationOptions(url, code) {
  }).then(res => res.json());
 }

-export function setPassword(userOwner, userName, oldPassword, newPassword) {
+export function setPassword(userOwner, userName, oldPassword, newPassword, code = "") {
  const formData = new FormData();
  formData.append("userOwner", userOwner);
  formData.append("userName", userName);
  formData.append("oldPassword", oldPassword);
  formData.append("newPassword", newPassword);
+  if (code) {
+    formData.append("code", code);
+  }
+
  return fetch(`${Setting.ServerUrl}/api/set-password`, {
    method: "POST",
    credentials: "include",
@@ -188,3 +192,14 @@ export function getCaptcha(owner, name, isCurrentProvider) {
    },
  }).then(res => res.json()).then(res => res.data);
 }
+
+export function verifyCode(values) {
+  return fetch(`${Setting.ServerUrl}/api/verify-code`, {
+    method: "POST",
+    credentials: "include",
+    body: JSON.stringify(values),
+    headers: {
+      "Accept-Language": Setting.getAcceptLanguage(),
+    },
+  }).then(res => res.json());
+}
--- a/web/src/backend/UserWebauthnBackend.js
+++ b/web/src/backend/UserWebauthnBackend.js
@@ -71,8 +71,12 @@ export function deleteUserWebAuthnCredential(credentialID) {
  }).then(res => res.json());
 }

-// Base64 to ArrayBuffer
+// Base64URL to ArrayBuffer
 export function webAuthnBufferDecode(value) {
+  value = value.replace(/-/g, "+").replace(/_/g, "/");
+  while (value.length % 4) {
+    value += "=";
+  }
  return Uint8Array.from(atob(value), c => c.charCodeAt(0));
 }

--- a/web/src/common/modal/AgreementModal.js
+++ b/web/src/common/modal/AgreementModal.js
@@ -21,7 +21,7 @@ export const AgreementModal = (props) => {
  const [doc, setDoc] = useState("");

  useEffect(() => {
-    getTermsOfUseContent(application.termsOfUseUrl).then((data) => {
+    getTermsOfUseContent(application.termsOfUse).then((data) => {
      setDoc(data);
    });
  }, []);
--- a/web/src/common/modal/CaptchaModal.js
+++ b/web/src/common/modal/CaptchaModal.js
@@ -170,3 +170,9 @@ export const CaptchaModal = (props) => {
    </Modal>
  );
 };
+
+export const CaptchaRule = {
+  Always: "Always",
+  Never: "Never",
+  Dynamic: "Dynamic",
+};
--- a/web/src/locales/de/data.json
+++ b/web/src/locales/de/data.json
@@ -1,5 +1,6 @@
 {
  "account": {
+    "Chats & Messages": "Chats & Messages",
    "Logout": "Abmelden",
    "My Account": "Mein Konto",
    "Sign Up": "Anmelden"
@@ -24,6 +25,7 @@
    "Copy prompt page URL": "URL der Prompt-Seite kopieren",
    "Copy signin page URL": "URL der Anmeldeseite kopieren",
    "Copy signup page URL": "URL der Anmeldeseite kopieren",
+    "Dynamic": "Dynamic",
    "Edit Application": "Anwendung bearbeiten",
    "Enable Email linking": "E-Mail-Verknüpfung aktivieren",
    "Enable Email linking - Tooltip": "Bei der Verwendung von Drittanbietern zur Anmeldung wird, wenn es in der Organisation einen Benutzer mit der gleichen E-Mail gibt, automatisch die Drittanbieter-Anmelde-Methode mit diesem Benutzer verbunden",
@@ -41,6 +43,7 @@
    "Enable signup - Tooltip": "Ob Benutzern erlaubt werden soll, ein neues Konto zu registrieren",
    "Failed to sign in": "Fehler bei der Anmeldung",
    "File uploaded successfully": "Datei erfolgreich hochgeladen",
+    "First, last": "First, last",
    "Follow organization theme": "Folge dem Theme der Organisation",
    "Form CSS": "Form CSS",
    "Form CSS - Edit": "Form CSS - Bearbeiten",
@@ -49,15 +52,21 @@
    "Form position - Tooltip": "Position der Anmelde-, Registrierungs- und Passwort-vergessen-Formulare",
    "Grant types": "Grant-Typen",
    "Grant types - Tooltip": "Wählen Sie aus, welche Grant-Typen im OAuth-Protokoll zulässig sind",
+    "Incremental": "Incremental",
    "Left": "Links",
    "Logged in successfully": "Erfolgreich eingeloggt",
    "Logged out successfully": "Erfolgreich ausgeloggt",
    "New Application": "Neue Anwendung",
+    "No verification": "No verification",
    "None": "kein(e)",
+    "Normal": "Normal",
+    "Only signup": "Only signup",
    "Please input your application!": "Bitte geben Sie Ihre Anwendung ein!",
    "Please input your organization!": "Bitte geben Sie Ihre Organisation ein!",
    "Please select a HTML file": "Bitte wählen Sie eine HTML-Datei aus",
    "Prompt page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Die URL der Seite wurde erfolgreich in die Zwischenablage kopiert. Bitte fügen Sie sie in einen Inkognito-Tab oder einen anderen Browser ein",
+    "Random": "Random",
+    "Real name": "Real name",
    "Redirect URL": "Weiterleitungs-URL",
    "Redirect URL (Assertion Consumer Service POST Binding URL) - Tooltip": "Weiterleitungs-URL (Assertion Consumer Service POST Binding URL)",
    "Redirect URLs": "Weiterleitungs-URLs",
@@ -74,6 +83,8 @@
    "Side panel HTML - Edit": "Sidepanel HTML - Bearbeiten",
    "Side panel HTML - Tooltip": "Passen Sie den HTML-Code für das Sidepanel der Login-Seite an",
    "Sign Up Error": "Registrierungsfehler",
+    "Signin": "Signin",
+    "Signin (Default True)": "Signin (Default True)",
    "Signin page URL copied to clipboard successfully, please paste it into the incognito window or another browser": "Die URL der Anmeldeseite wurde in die Zwischenablage kopiert. Bitte fügen Sie sie in einen Inkognito-Tab oder einen anderen Browser ein",
    "Signin session": "Anmeldesession",
    "Signup items": "Registrierungs Items",
@@ -108,6 +119,19 @@
    "Scope - Tooltip": "Nutzungsszenarien des Zertifikats",
    "Type - Tooltip": "Art des Zertifikats"
  },
+  "chat": {
+    "AI": "AI",
+    "Edit Chat": "Edit Chat",
+    "Group": "Group",
+    "Message count": "Message count",
+    "New Chat": "New Chat",
+    "Single": "Single",
+    "User1": "User1",
+    "User1 - Tooltip": "User1 - Tooltip",
+    "User2": "User2",
+    "User2 - Tooltip": "User2 - Tooltip",
+    "Users - Tooltip": "Users - Tooltip"
+  },
  "code": {
    "Code you received": "Der Code, den Sie erhalten haben",
    "Email code": "E-Mail-Code",
@@ -150,6 +174,7 @@
    "Cert": "Zertifikat",
    "Cert - Tooltip": "Das Public-Key-Zertifikat, das vom Client-SDK, das mit dieser Anwendung korrespondiert, verifiziert werden muss",
    "Certs": "Zertifikate",
+    "Chats": "Chats",
    "Click to Upload": "Klicken Sie zum Hochladen",
    "Client IP": "Client-IP",
    "Close": "Schließen",
@@ -194,6 +219,7 @@
    "Master password": "Hauptpasswort",
    "Master password - Tooltip": "Kann zum Einloggen aller Benutzer unter dieser Organisation verwendet werden, was es Administratoren bequem macht, sich als dieser Benutzer einzuloggen, um technische Probleme zu lösen",
    "Menu": "Menü",
+    "Messages": "Messages",
    "Method": "Methode",
    "Model": "Modell",
    "Model - Tooltip": "Casbin-Zugriffskontrollmodell",
@@ -260,6 +286,7 @@
    "URL": "URL",
    "URL - Tooltip": "URL-Link",
    "Up": "Oben",
+    "Updated time": "Updated time",
    "User": "Nutzer",
    "User - Tooltip": "Stellen Sie sicher, dass der Benutzername korrekt ist",
    "User containers": "Nutzerpools",
@@ -284,8 +311,12 @@
    "Edit LDAP": "LDAP bearbeiten",
    "Enable SSL": "Aktivieren Sie SSL",
    "Enable SSL - Tooltip": "Ob SSL aktiviert werden soll",
+    "Filter fields": "Filter fields",
+    "Filter fields - Tooltip": "Filter fields - Tooltip",
    "Group ID": "Gruppen-ID",
    "Last Sync": "Letzte Synchronisation",
+    "Search Filter": "Search Filter",
+    "Search Filter - Tooltip": "Search Filter - Tooltip",
    "Server": "Server",
    "Server host": "Server Host",
    "Server host - Tooltip": "LDAP-Server-Adresse",
@@ -294,7 +325,8 @@
    "Server port": "Server-Port",
    "Server port - Tooltip": "LDAP-Server-Port",
    "The Auto Sync option will sync all users to specify organization": "Die Option \"Auto Sync\" synchronisiert alle Benutzer mit der angegebenen Organisation",
-    "UidNumber / Uid": "UidNumber / Uid"
+    "synced": "synced",
+    "unsynced": "unsynced"
  },
  "login": {
    "Auto sign in": "Automatische Anmeldung",
@@ -322,6 +354,16 @@
    "sign up now": "Melde dich jetzt an",
    "username, Email or phone": "Benutzername, E-Mail oder Telefon"
  },
+  "message": {
+    "Author": "Author",
+    "Author - Tooltip": "Author - Tooltip",
+    "Chat": "Chat",
+    "Chat - Tooltip": "Chat - Tooltip",
+    "Edit Message": "Edit Message",
+    "New Message": "New Message",
+    "Text": "Text",
+    "Text - Tooltip": "Text - Tooltip"
+  },
  "model": {
    "Edit Model": "Modell bearbeiten",
    "Model text": "Modelltext",
@@ -504,6 +546,8 @@
    "Host - Tooltip": "Name des Hosts",
    "IdP": "IdP",
    "IdP certificate": "IdP-Zertifikat",
+    "Intelligent Validation": "Intelligent Validation",
+    "Internal": "Internal",
    "Issuer URL": "Issuer-URL",
    "Issuer URL - Tooltip": "Emittenten-URL",
    "Link copied to clipboard successfully": "Link wurde erfolgreich in die Zwischenablage kopiert",
@@ -511,6 +555,7 @@
    "Metadata - Tooltip": "SAML-Metadaten",
    "Method - Tooltip": "Anmeldeverfahren, QR-Code oder Silent-Login",
    "New Provider": "Neuer Provider",
+    "Normal": "Normal",
    "Parse": "parsen",
    "Parse metadata successfully": "Metadaten erfolgreich analysiert",
    "Path prefix": "Pfadpräfix",
@@ -555,8 +600,10 @@
    "Signup HTML": "Registrierungs-HTML",
    "Signup HTML - Edit": "Registrierung HTML - Bearbeiten",
    "Signup HTML - Tooltip": "Benutzerdefiniertes HTML zur Ersetzung des Standard-Registrierungs-Seitenstils",
+    "Silent": "Silent",
    "Site key": "Site-Key",
    "Site key - Tooltip": "Seitenschlüssel",
+    "Sliding Validation": "Sliding Validation",
    "Sub type": "Untertyp",
    "Sub type - Tooltip": "Unterart",
    "Template code": "Template-Code",
@@ -564,6 +611,7 @@
    "Test Email": "Test E-Mail",
    "Test Email - Tooltip": "E-Mail-Adresse zum Empfangen von Test-E-Mails",
    "Test SMTP Connection": "Testen Sie die SMTP-Verbindung",
+    "Third-party": "Third-party",
    "Token URL": "Token-URL",
    "Token URL - Tooltip": "Token-URL",
    "Type": "Typ",
@@ -621,6 +669,7 @@
    "The input is not valid Email!": "Die Eingabe ist keine gültige E-Mail-Adresse!",
    "The input is not valid Phone!": "Die Eingabe ist kein gültiges Telefon!",
    "Username": "Benutzername",
+    "Username - Tooltip": "Username - Tooltip",
    "Your account has been created!": "Ihr Konto wurde erstellt!",
    "Your confirmed password is inconsistent with the password!": "Dein bestätigtes Passwort stimmt nicht mit dem Passwort überein!",
    "sign in now": "Jetzt anmelden"
@@ -693,18 +742,27 @@
    "Affiliation - Tooltip": "Arbeitgeber, wie Firmenname oder Organisationsname",
    "Bio": "Bio",
    "Bio - Tooltip": "Selbstvorstellung des Nutzers",
+    "Birthday": "Birthday",
+    "Birthday - Tooltip": "Birthday - Tooltip",
    "Captcha Verify Failed": "Captcha-Überprüfung fehlgeschlagen",
    "Captcha Verify Success": "Captcha-Verifizierung Erfolgreich",
    "Country code": "Ländercode",
    "Country/Region": "Land/Region",
    "Country/Region - Tooltip": "Land oder Region",
    "Edit User": "Benutzer bearbeiten",
+    "Education": "Education",
+    "Education - Tooltip": "Education - Tooltip",
    "Email cannot be empty": "E-Mail darf nicht leer sein",
    "Email/phone reset successfully": "E-Mail-/Telefon-Zurücksetzung erfolgreich durchgeführt",
    "Empty input!": "Leere Eingabe!",
+    "Gender": "Gender",
+    "Gender - Tooltip": "Gender - Tooltip",
    "Homepage": "Startseite des Benutzers",
    "Homepage - Tooltip": "Homepage-URL des Benutzers",
    "ID card": "Ausweis",
+    "ID card - Tooltip": "ID card - Tooltip",
+    "ID card type": "ID card type",
+    "ID card type - Tooltip": "ID card type - Tooltip",
    "Input your email": "Geben Sie Ihre E-Mail-Adresse ein",
    "Input your phone number": "Geben Sie Ihre Telefonnummer ein",
    "Is admin": "Ist Admin",
@@ -715,7 +773,12 @@
    "Is forbidden - Tooltip": "Verbotene Benutzer können sich nicht mehr einloggen",
    "Is global admin": "Ist globaler Administrator",
    "Is global admin - Tooltip": "Ist ein Administrator von Casdoor",
+    "Is online": "Is online",
+    "Karma": "Karma",
+    "Karma - Tooltip": "Karma - Tooltip",
    "Keys": "Keys",
+    "Language": "Language",
+    "Language - Tooltip": "Language - Tooltip",
    "Link": "Link",
    "Location": "Ort",
    "Location - Tooltip": "Stadt des Wohnsitzes",
@@ -731,9 +794,13 @@
    "Please select avatar from resources": "Bitte wählen Sie einen Avatar aus den Ressourcen aus",
    "Properties": "Eigenschaften",
    "Properties - Tooltip": "Eigenschaften des Benutzers",
+    "Ranking": "Ranking",
+    "Ranking - Tooltip": "Ranking - Tooltip",
    "Re-enter New": "Neueingabe wiederholen",
    "Reset Email...": "E-Mail zurücksetzen...",
    "Reset Phone...": "Telefon zurücksetzen...",
+    "Score": "Score",
+    "Score - Tooltip": "Score - Tooltip",
    "Select a photo...": "Wählen Sie ein Foto aus...",
    "Set Password": "Passwort festlegen",
    "Set new profile picture": "Neues Profilbild festlegen",
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
OutOfEastGate	8c73cb5395	fix: fix golangci-lint (#1775 )	2023-04-23 17:02:29 +08:00
Yang Luo	06ebc04032	Can add/delete chat	2023-04-23 01:19:44 +08:00
Yang Luo	0ee98e2582	Add loading to chat box	2023-04-23 00:25:09 +08:00
Yang Luo	d25508fa56	Improve chat UI	2023-04-22 23:20:40 +08:00
OutOfEastGate	916a55b633	fix: fixed failed to update information when name duplicate (#1773 ) * fix: fixed failed to update information when name duplicate * fix: Use GetOwnerAndNameFromId and GetId functions instead of split * Update organization.go * Update role.go --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>	2023-04-22 21:15:06 +08:00
OutOfEastGate	a6c7b95f97	fix: fixed rows duplicates after sort by column (#1772 )	2023-04-22 20:18:38 +08:00
Yaodong Yu	4f8dd771bc	feat: fix bug that can not get application in signup/oauth/ router (#1766 )	2023-04-22 18:20:45 +08:00
UsherFall	e0028f5eed	fix: add more events to webhooks (#1771 )	2023-04-22 17:11:28 +08:00
XDTD	6d6cbc7e6f	feat: add dynamic mode for provider to enable verification code when the login password is wrong (#1753 ) * fix: update webAuthnBufferDecode to support Base64URL for WebAuthn updates * feat: enable verification code when the login password is wrong * fix: only enable captcha when login in password * fix: disable login error limits when captcha on * fix: pass "enableCaptcha" as an optional param * fix: change enbleCapctah to optional bool param	2023-04-22 16:16:25 +08:00
Yang Luo	ee8c2650c3	Remove useless "/api/login/oauth/code" API and update Swagger	2023-04-22 09:47:52 +08:00
Yang Luo	f3ea39d20c	Fix result page button link	2023-04-21 23:56:33 +08:00
Yang Luo	e78d9e5d2b	Fix local file system storage provider path error	2023-04-21 10:12:09 +08:00
Yaodong Yu	19209718ea	feat: fix wrong CAS login mode (#1762 )	2023-04-20 22:18:02 +08:00
Yang Luo	e75d26260a	Fix table name in getEnforcer()	2023-04-20 01:33:47 +08:00
Wenpeng Chen	6572ab69ce	fix: fix pemContent decode error bug for WeChat Pay provider (#1751 )	2023-04-19 22:13:13 +08:00
Jinhongyu	8db87a7559	fix: function comments (#1757 ) Modify the function annotation so that the swagger can parse correctly	2023-04-19 21:19:48 +08:00
Yaodong Yu	0dcccfc19c	feat: rollback anted to v5.2.3 (#1755 )	2023-04-19 11:30:49 +08:00
imp2002	96219442f5	feat: fix Tencent Cloud OSS storage connect incorrect issue (#1752 ) * fix: fix Tencent Cloud OSS storage connect incorrect * Update provider.go --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>	2023-04-18 21:30:46 +08:00
Yaodong Yu	903745c540	fix: improve LDAP page UI (#1749 ) * refactor: improve LDAP sync page * refactor: update anted version * chore: i18	2023-04-17 22:03:05 +08:00
Yang Luo	df741805cd	Fix chat send	2023-04-17 20:50:03 +08:00
OutOfEastGate	ee5c3f3f39	feat: fix display name null error during 3rd-party binding (#1747 )	2023-04-17 15:39:33 +08:00
Yang Luo	714f69be7b	Use HTTP for IP host in getOriginFromHost()	2023-04-17 00:55:40 +08:00
Yang Luo	0d12972e92	Fix "auto single OAuth signin doesn't work" bug	2023-04-17 00:38:48 +08:00
Yang Luo	78b62c28ab	Fix the wrong order of g policy in enforce() API	2023-04-16 22:26:22 +08:00
wht	5c26335fd6	feat: add rule option for phone in application's signup page (#1745 )	2023-04-16 20:34:06 +08:00
Yang Luo	7edaeafea5	Call refreshAvatar() in addUser()	2023-04-16 01:00:02 +08:00
Yang Luo	336f3f7a7b	Add user.refreshAvatar()	2023-04-16 01:00:02 +08:00
Yaodong Yu	47dc3715f9	feat: handle error when parsing samlResponse (#1744 ) * fix: handle err from parse samlResponse * fix: lint	2023-04-16 00:36:25 +08:00
Yang Luo	7503e05a4a	Improve menu style	2023-04-15 18:08:21 +08:00
Yang Luo	b89cf1de07	Add karma to account items	2023-04-15 16:05:33 +08:00
Yang Luo	be87078c25	Fix vi i18n	2023-04-15 14:16:49 +08:00
Yang Luo	faf352acc5	Fix i18n	2023-04-15 11:17:31 +08:00
Yang Luo	0db61dd658	Add empty list item and expand menu by default	2023-04-15 10:54:56 +08:00
Yang Luo	ebe8ad8669	Improve UI effect	2023-04-15 10:54:56 +08:00
Yang Luo	2e01f0d10e	Add input box	2023-04-15 10:54:55 +08:00
Yang Luo	754fa1e745	Add chat box	2023-04-15 10:54:55 +08:00
Yang Luo	8b9e0ba96b	Add chat page	2023-04-15 10:54:55 +08:00
Yang Luo	b0656aca36	Add chat and message pages	2023-04-15 10:54:54 +08:00
erguotou	623b4fee17	feat: pre-ensure tempFiles folder exists before uploading files (#1739 ) When deployed with docker, the user `casdoor` has no permission to mkdir `tempFiles`, so let's create the folder first.	2023-04-14 19:14:59 +08:00
Yaodong Yu	1b1de1dd01	feat: add LDAP custom filter support (#1719 ) * refactor: improve ldap server code * feat: custom filter * fix: fix displayName mapping * feat: add custom filter search fields * chore: add license * chore: i18n * chore: i18n * chore: update init field	2023-04-13 14:12:31 +08:00
XDTD	968d8646b2	fix: update webAuthnBufferDecode to support Base64URL for WebAuthn updates (#1734 )	2023-04-12 21:33:54 +08:00
imp2002	94eef7dceb	feat: fix `adapter` set organizations invalid bug (#1729 )	2023-04-11 22:38:00 +08:00
rune	fe647939ce	fix: fix CAS callback url not match bug (#1728 ) Co-authored-by: mfk <mfk@hengwei.com.cn>	2023-04-11 19:26:57 +08:00
Dzung Do	984a69cb4b	feat: fix wrong Vietnamese flag (#1724 ) * fix wrong Vietnam country code * fix wrong Vietnam country code * fix wrong Vietnam country code * fix wrong Vietnam country code	2023-04-10 22:42:12 +08:00
XDTD	098a1ece68	fix: rollback the version of webauthn in go mod to fix "atob" bug (#1721 )	2023-04-10 20:14:27 +08:00
Wenpeng Chen	ad6f2ad2e1	feat: add wechatpay support. (#1710 ) * feat: add wechatpay support. * feat: add wechatpay support. * Update wechatv3pay.go * fix: update format. * Update wechatv3pay.go * Update wechatv3pay.go * Update wechatv3pay.go * fix: update file format. * fix: improve the front of wechat payment. * fix: change clientId2 to clientId. * fix: fix the code format. * fix: return backend error information to frontend.	2023-04-10 18:04:10 +08:00
Yang Luo	2d55252261	Add chat and message pages	2023-04-09 15:54:22 +08:00
Yang Luo	30ea3a1335	Improve getTags()	2023-04-09 15:54:21 +08:00
Yaodong Yu	b7d78d1e27	fix: validate parameter and nil in func updateUser (#1714 ) * fix: validate parameter and nil in func updateUser * fix: delete blank line	2023-04-09 10:35:30 +08:00
jivfly	3d5a645a3b	feat: fix field name error of termsOfUse (#1715 )	2023-04-09 01:01:04 +08:00
Gucheng Wang	4ad21e7781	fix: fix WeCom provider method	2023-04-07 01:10:46 +08:00
Yaodong Yu	b99a0c3ca2	feat: optimize the "forget password" page (#1709 )	2023-04-06 23:06:18 +08:00