feat: fix UI in IE11 (#1878 )

Fix state encoding for Moodle
Fix getObject() bug for some API
2025-07-31 00:30:32 +08:00 · 2023-05-22 16:59:37 +08:00 · 2023-05-21 15:47:18 +08:00 · 2023-05-21 11:07:01 +08:00 · 2023-05-21 00:43:42 +08:00 · 2023-05-20 15:56:21 +08:00
164 changed files with 7405 additions and 1197 deletions
--- a/4
+++ b/4
@@ -1,11 +1,11 @@
-FROM node:16.13.0 AS FRONT
+FROM node:16.18.0 AS FRONT
 WORKDIR /web
 COPY ./web .
 RUN yarn config set registry https://registry.npmmirror.com
 RUN yarn install --frozen-lockfile --network-timeout 1000000 && yarn run build


-FROM golang:1.17.5 AS BACK
+FROM golang:1.19.9 AS BACK
 WORKDIR /go/src/casdoor
 COPY . .
 RUN ./build.sh
--- a/ai/ai.go
+++ b/ai/ai.go
@@ -18,6 +18,7 @@ import (
 	"context"
 	"fmt"
 	"io"
+	"net/http"
 	"strings"
 	"time"

@@ -78,7 +79,10 @@ func QueryAnswerStream(authToken string, question string, writer io.Writer, buil
 	client := getProxyClientFromToken(authToken)

 	ctx := context.Background()
-
+	flusher, ok := writer.(http.Flusher)
+	if !ok {
+		return fmt.Errorf("writer does not implement http.Flusher")
+	}
 	// https://platform.openai.com/tokenizer
 	// https://github.com/pkoukk/tiktoken-go#available-encodings
 	promptTokens, err := getTokenSize(openai.GPT3TextDavinci003, question)
@@ -122,11 +126,13 @@ func QueryAnswerStream(authToken string, question string, writer io.Writer, buil
 			}
 		}

+		fmt.Printf("%s", data)
+
 		// Write the streamed data as Server-Sent Events
 		if _, err = fmt.Fprintf(writer, "data: %s\n\n", data); err != nil {
 			return err
 		}
-
+		flusher.Flush()
 		// Append the response to the strings.Builder
 		builder.WriteString(data)
 	}
--- a/authz/authz.go
+++ b/authz/authz.go
@@ -15,13 +15,13 @@
 package authz

 import (
-	"fmt"
 	"strings"

 	"github.com/casbin/casbin/v2"
 	"github.com/casbin/casbin/v2/model"
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
 	xormadapter "github.com/casdoor/xorm-adapter/v3"
 	stringadapter "github.com/qiangmzsx/string-adapter/v2"
 )
@@ -88,6 +88,7 @@ p, *, *, GET, /api/logout, *, *
 p, *, *, GET, /api/get-account, *, *
 p, *, *, GET, /api/userinfo, *, *
 p, *, *, GET, /api/user, *, *
+p, *, *, GET, /api/health, *, *
 p, *, *, POST, /api/webhook, *, *
 p, *, *, GET, /api/get-webhook-event, *, *
 p, *, *, GET, /api/get-captcha-status, *, *
@@ -123,6 +124,9 @@ p, *, *, GET, /api/get-release, *, *
 p, *, *, GET, /api/get-default-application, *, *
 p, *, *, GET, /api/get-prometheus-info, *, *
 p, *, *, *, /api/metrics, *, *
+p, *, *, GET, /api/get-subscriptions, *, *
+p, *, *, GET, /api/get-pricing, *, *
+p, *, *, GET, /api/get-plan, *, *
 `

 		sa := stringadapter.NewAdapter(ruleText)
@@ -149,9 +153,8 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o
 		}
 	}

-	userId := fmt.Sprintf("%s/%s", subOwner, subName)
-	user := object.GetUser(userId)
-	if user != nil && user.IsAdmin && (subOwner == objOwner || (objOwner == "admin" && subOwner == objName)) {
+	user := object.GetUser(util.GetId(subOwner, subName))
+	if user != nil && user.IsAdmin && (subOwner == objOwner || (objOwner == "admin")) {
 		return true
 	}

--- a/conf/app.conf
+++ b/conf/app.conf
@@ -20,5 +20,4 @@ staticBaseUrl = "https://cdn.casbin.org"
 isDemoMode = false
 batchSize = 100
 ldapServerPort = 389
-languages = en,zh,es,fr,de,id,ja,ko,ru,vi
 quota = {"organization": -1, "user": -1, "application": -1, "provider": -1}
--- a/conf/conf.go
+++ b/conf/conf.go
@@ -112,13 +112,8 @@ func GetLanguage(language string) string {

 	if len(language) < 2 {
 		return "en"
-	}
-
-	language = language[0:2]
-	if strings.Contains(GetConfigString("languages"), language) {
-		return language
 	} else {
-		return "en"
+		return language[0:2]
 	}
 }

--- a/controllers/account.go
+++ b/controllers/account.go
@@ -84,7 +84,7 @@ func (c *ApiController) Signup() {
 		return
 	}

-	organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", authForm.Organization))
+	organization := object.GetOrganization(util.GetId("admin", authForm.Organization))
 	msg := object.CheckUserSignup(application, organization, &authForm, c.GetAcceptLanguage())
 	if msg != "" {
 		c.ResponseError(msg)
@@ -126,7 +126,7 @@ func (c *ApiController) Signup() {
 		username = id
 	}

-	initScore, err := getInitScore(organization)
+	initScore, err := organization.GetInitScore()
 	if err != nil {
 		c.ResponseError(fmt.Errorf(c.T("account:Get init score failed, error: %w"), err).Error())
 		return
@@ -189,6 +189,11 @@ func (c *ApiController) Signup() {
 	object.DisableVerificationCode(authForm.Email)
 	object.DisableVerificationCode(checkPhone)

+	isSignupFromPricing := authForm.Plan != "" && authForm.Pricing != ""
+	if isSignupFromPricing {
+		object.Subscribe(organization.Name, user.Name, authForm.Plan, authForm.Pricing)
+	}
+
 	record := object.NewRecord(c.Ctx)
 	record.Organization = application.Organization
 	record.User = user.Name
--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -141,7 +141,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		c.setExpireForSession()
 	}

-	if resp.Status == "ok" && user.Owner == object.CasdoorOrganization && application.Name == object.CasdoorApplication {
+	if resp.Status == "ok" {
 		object.AddSession(&object.Session{
 			Owner:       user.Owner,
 			Name:        user.Name,
@@ -312,6 +312,11 @@ func (c *ApiController) Login() {

 			resp = c.HandleLoggedIn(application, user, &authForm)

+			organization := object.GetOrganizationByUser(user)
+			if user != nil && organization.HasRequiredMfa() && !user.IsMfaEnabled() {
+				resp.Msg = object.RequiredMfa
+			}
+
 			record := object.NewRecord(c.Ctx)
 			record.Organization = application.Organization
 			record.User = user.Name
@@ -330,7 +335,7 @@ func (c *ApiController) Login() {
 			return
 		}

-		organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", application.Organization))
+		organization := object.GetOrganization(util.GetId("admin", application.Organization))
 		provider := object.GetProvider(util.GetId("admin", authForm.Provider))
 		providerItem := application.GetProviderItem(provider.Name)
 		if !providerItem.IsProviderVisible() {
@@ -391,7 +396,7 @@ func (c *ApiController) Login() {
 		if authForm.Method == "signup" {
 			user := &object.User{}
 			if provider.Category == "SAML" {
-				user = object.GetUser(fmt.Sprintf("%s/%s", application.Organization, userInfo.Id))
+				user = object.GetUser(util.GetId(application.Organization, userInfo.Id))
 			} else if provider.Category == "OAuth" {
 				user = object.GetUserByField(application.Organization, provider.Type, userInfo.Id)
 			}
@@ -411,24 +416,31 @@ func (c *ApiController) Login() {
 				util.SafeGoroutine(func() { object.AddRecord(record) })
 			} else if provider.Category == "OAuth" {
 				// Sign up via OAuth
-				if !application.EnableSignUp {
-					c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support"), provider.Type, userInfo.Username, userInfo.DisplayName))
-					return
-				}
-
-				if !providerItem.CanSignUp {
-					c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up"), provider.Type, userInfo.Username, userInfo.DisplayName, provider.Type))
-					return
-				}
-
 				if application.EnableLinkWithEmail {
-					// find user that has the same email
-					user = object.GetUserByField(application.Organization, "email", userInfo.Email)
+					if userInfo.Email != "" {
+						// Find existing user with Email
+						user = object.GetUserByField(application.Organization, "email", userInfo.Email)
+					}
+
+					if user == nil && userInfo.Phone != "" {
+						// Find existing user with phone number
+						user = object.GetUserByField(application.Organization, "phone", userInfo.Phone)
+					}
 				}

 				if user == nil || user.IsDeleted {
+					if !application.EnableSignUp {
+						c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support"), provider.Type, userInfo.Username, userInfo.DisplayName))
+						return
+					}
+
+					if !providerItem.CanSignUp {
+						c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up"), provider.Type, userInfo.Username, userInfo.DisplayName, provider.Type))
+						return
+					}
+
 					// Handle username conflicts
-					tmpUser := object.GetUser(fmt.Sprintf("%s/%s", application.Organization, userInfo.Username))
+					tmpUser := object.GetUser(util.GetId(application.Organization, userInfo.Username))
 					if tmpUser != nil {
 						uid, err := uuid.NewRandom()
 						if err != nil {
@@ -442,7 +454,7 @@ func (c *ApiController) Login() {

 					properties := map[string]string{}
 					properties["no"] = strconv.Itoa(object.GetUserCount(application.Organization, "", "") + 2)
-					initScore, err := getInitScore(organization)
+					initScore, err := organization.GetInitScore()
 					if err != nil {
 						c.ResponseError(fmt.Errorf(c.T("account:Get init score failed, error: %w"), err).Error())
 						return
--- a/controllers/base.go
+++ b/controllers/base.go
@@ -48,7 +48,7 @@ func (c *ApiController) IsGlobalAdmin() bool {

 func (c *ApiController) IsAdmin() bool {
 	isGlobalAdmin, user := c.isGlobalAdmin()
-	if user == nil {
+	if !isGlobalAdmin && user == nil {
 		return false
 	}

--- a/controllers/casbin_adapter.go
+++ b/controllers/casbin_adapter.go
@@ -31,13 +31,14 @@ func (c *ApiController) GetCasbinAdapters() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
+	organization := c.Input().Get("organization")
 	if limit == "" || page == "" {
-		adapters := object.GetCasbinAdapters(owner)
+		adapters := object.GetCasbinAdapters(owner, organization)
 		c.ResponseOk(adapters)
 	} else {
 		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetCasbinAdapterCount(owner, field, value)))
-		adapters := object.GetPaginationCasbinAdapters(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetCasbinAdapterCount(owner, organization, field, value)))
+		adapters := object.GetPaginationCasbinAdapters(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(adapters, paginator.Nums())
 	}
 }
--- a/controllers/cert.go
+++ b/controllers/cert.go
@@ -48,6 +48,30 @@ func (c *ApiController) GetCerts() {
 	}
 }

+// GetGlobleCerts
+// @Title GetGlobleCerts
+// @Tag Cert API
+// @Description get globle certs
+// @Success 200 {array} object.Cert The Response object
+// @router /get-globle-certs [get]
+func (c *ApiController) GetGlobleCerts() {
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	if limit == "" || page == "" {
+		c.Data["json"] = object.GetMaskedCerts(object.GetGlobleCerts())
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetGlobalCertsCount(field, value)))
+		certs := object.GetMaskedCerts(object.GetPaginationGlobalCerts(paginator.Offset(), limit, field, value, sortField, sortOrder))
+		c.ResponseOk(certs, paginator.Nums())
+	}
+}
+
 // GetCert
 // @Title GetCert
 // @Tag Cert API
--- a/controllers/chat.go
+++ b/controllers/chat.go
@@ -31,6 +31,7 @@ import (
 // @router /get-chats [get]
 func (c *ApiController) GetChats() {
 	owner := c.Input().Get("owner")
+	owner = "admin"
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
--- a/controllers/enforcer.go
+++ b/controllers/enforcer.go
@@ -18,30 +18,69 @@ import (
 	"encoding/json"

 	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
 )

 func (c *ApiController) Enforce() {
-	var permissionRule object.PermissionRule
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permissionRule)
+	permissionId := c.Input().Get("permissionId")
+	modelId := c.Input().Get("modelId")
+	resourceId := c.Input().Get("resourceId")
+
+	var request object.CasbinRequest
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &request)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	c.Data["json"] = object.Enforce(&permissionRule)
+	if permissionId != "" {
+		c.Data["json"] = object.Enforce(permissionId, &request)
+		c.ServeJSON()
+		return
+	}
+
+	permissions := make([]*object.Permission, 0)
+	res := []bool{}
+
+	if modelId != "" {
+		owner, modelName := util.GetOwnerAndNameFromId(modelId)
+		permissions = object.GetPermissionsByModel(owner, modelName)
+	} else {
+		permissions = object.GetPermissionsByResource(resourceId)
+	}
+
+	for _, permission := range permissions {
+		res = append(res, object.Enforce(permission.GetId(), &request))
+	}
+	c.Data["json"] = res
 	c.ServeJSON()
 }

 func (c *ApiController) BatchEnforce() {
-	var permissionRules []object.PermissionRule
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permissionRules)
+	permissionId := c.Input().Get("permissionId")
+	modelId := c.Input().Get("modelId")
+
+	var requests []object.CasbinRequest
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &requests)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

-	c.Data["json"] = object.BatchEnforce(permissionRules)
-	c.ServeJSON()
+	if permissionId != "" {
+		c.Data["json"] = object.BatchEnforce(permissionId, &requests)
+		c.ServeJSON()
+	} else {
+		owner, modelName := util.GetOwnerAndNameFromId(modelId)
+		permissions := object.GetPermissionsByModel(owner, modelName)
+
+		res := [][]bool{}
+		for _, permission := range permissions {
+			res = append(res, object.BatchEnforce(permission.GetId(), &requests))
+		}
+		c.Data["json"] = res
+		c.ServeJSON()
+	}
 }

 func (c *ApiController) GetAllObjects() {
--- a/controllers/ldap.go
+++ b/controllers/ldap.go
@@ -23,7 +23,8 @@ import (

 type LdapResp struct {
 	// Groups []LdapRespGroup `json:"groups"`
-	Users []object.LdapRespUser `json:"users"`
+	Users      []object.LdapUser `json:"users"`
+	ExistUuids []string          `json:"existUuids"`
 }

 //type LdapRespGroup struct {
@@ -32,8 +33,8 @@ type LdapResp struct {
 //}

 type LdapSyncResp struct {
-	Exist  []object.LdapRespUser `json:"exist"`
-	Failed []object.LdapRespUser `json:"failed"`
+	Exist  []object.LdapUser `json:"exist"`
+	Failed []object.LdapUser `json:"failed"`
 }

 // GetLdapUsers
@@ -71,27 +72,17 @@ func (c *ApiController) GetLdapUsers() {
 		return
 	}

-	var resp LdapResp
 	uuids := make([]string, len(users))
-	for _, user := range users {
-		resp.Users = append(resp.Users, object.LdapRespUser{
-			UidNumber: user.UidNumber,
-			Uid:       user.Uid,
-			Cn:        user.Cn,
-			GroupId:   user.GidNumber,
-			// GroupName: groupsMap[user.GidNumber].Cn,
-			Uuid:        user.Uuid,
-			DisplayName: user.DisplayName,
-			Email:       util.GetMaxLenStr(user.Mail, user.Email, user.EmailAddress),
-			Phone:       util.GetMaxLenStr(user.TelephoneNumber, user.Mobile, user.MobileTelephoneNumber),
-			Address:     util.GetMaxLenStr(user.RegisteredAddress, user.PostalAddress),
-		})
-		uuids = append(uuids, user.Uuid)
+	for i, user := range users {
+		uuids[i] = user.GetLdapUuid()
 	}
-
 	existUuids := object.GetExistUuids(ldapServer.Owner, uuids)

-	c.ResponseOk(resp, existUuids)
+	resp := LdapResp{
+		Users:      object.AutoAdjustLdapUser(users),
+		ExistUuids: existUuids,
+	}
+	c.ResponseOk(resp)
 }

 // GetLdaps
@@ -206,7 +197,7 @@ func (c *ApiController) DeleteLdap() {
 func (c *ApiController) SyncLdapUsers() {
 	owner := c.Input().Get("owner")
 	ldapId := c.Input().Get("ldapId")
-	var users []object.LdapRespUser
+	var users []object.LdapUser
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &users)
 	if err != nil {
 		c.ResponseError(err.Error())
@@ -215,10 +206,10 @@ func (c *ApiController) SyncLdapUsers() {

 	object.UpdateLdapSyncTime(ldapId)

-	exist, failed := object.SyncLdapUsers(owner, users, ldapId)
+	exist, failed, _ := object.SyncLdapUsers(owner, users, ldapId)

 	c.ResponseOk(&LdapSyncResp{
-		Exist:  *exist,
-		Failed: *failed,
+		Exist:  exist,
+		Failed: failed,
 	})
 }
--- a/controllers/message.go
+++ b/controllers/message.go
@@ -41,7 +41,7 @@ func (c *ApiController) GetMessages() {
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	chat := c.Input().Get("chat")
-
+	organization := c.Input().Get("organization")
 	if limit == "" || page == "" {
 		var messages []*object.Message
 		if chat == "" {
@@ -54,8 +54,8 @@ func (c *ApiController) GetMessages() {
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetMessageCount(owner, field, value)))
-		messages := object.GetMaskedMessages(object.GetPaginationMessages(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetMessageCount(owner, organization, field, value)))
+		messages := object.GetMaskedMessages(object.GetPaginationMessages(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder))
 		c.ResponseOk(messages, paginator.Nums())
 	}
 }
@@ -107,9 +107,9 @@ func (c *ApiController) GetMessageAnswer() {
 		return
 	}

-	chatId := util.GetId(message.Owner, message.Chat)
+	chatId := util.GetId("admin", message.Chat)
 	chat := object.GetChat(chatId)
-	if chat == nil {
+	if chat == nil || chat.Organization != message.Organization {
 		c.ResponseErrorStream(fmt.Sprintf(c.T("chat:The chat: %s is not found"), chatId))
 		return
 	}
@@ -144,12 +144,18 @@ func (c *ApiController) GetMessageAnswer() {
 	authToken := provider.ClientSecret
 	question := questionMessage.Text
 	var stringBuilder strings.Builder
+
+	fmt.Printf("Question: [%s]\n", questionMessage.Text)
+	fmt.Printf("Answer: [")
+
 	err := ai.QueryAnswerStream(authToken, question, c.Ctx.ResponseWriter, &stringBuilder)
 	if err != nil {
 		c.ResponseErrorStream(err.Error())
 		return
 	}

+	fmt.Printf("]\n")
+
 	event := fmt.Sprintf("event: end\ndata: %s\n\n", "end")
 	_, err = c.Ctx.ResponseWriter.Write([]byte(event))
 	if err != nil {
@@ -158,9 +164,6 @@ func (c *ApiController) GetMessageAnswer() {

 	answer := stringBuilder.String()

-	fmt.Printf("Question: [%s]\n", questionMessage.Text)
-	fmt.Printf("Answer: [%s]\n", answer)
-
 	message.Text = answer
 	object.UpdateMessage(message.GetId(), message)
 }
@@ -202,10 +205,18 @@ func (c *ApiController) AddMessage() {
 		return
 	}

+	var chat *object.Chat
+	if message.Chat != "" {
+		chatId := util.GetId("admin", message.Chat)
+		chat = object.GetChat(chatId)
+		if chat == nil || chat.Organization != message.Organization {
+			c.ResponseError(fmt.Sprintf(c.T("chat:The chat: %s is not found"), chatId))
+			return
+		}
+	}
+
 	affected := object.AddMessage(&message)
 	if affected {
-		chatId := util.GetId(message.Owner, message.Chat)
-		chat := object.GetChat(chatId)
 		if chat != nil && chat.Type == "AI" {
 			answerMessage := &object.Message{
 				Owner:        message.Owner,
--- a/controllers/plan.go
+++ b/controllers/plan.go
@@ -0,0 +1,137 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/beego/beego/utils/pagination"
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
+)
+
+// GetPlans
+// @Title GetPlans
+// @Tag Plan API
+// @Description get plans
+// @Param   owner     query    string  true        "The owner of plans"
+// @Success 200 {array} object.Plan The Response object
+// @router /get-plans [get]
+func (c *ApiController) GetPlans() {
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	if limit == "" || page == "" {
+		c.Data["json"] = object.GetPlans(owner)
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetPlanCount(owner, field, value)))
+		plan := object.GetPaginatedPlans(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		c.ResponseOk(plan, paginator.Nums())
+	}
+}
+
+// GetPlan
+// @Title GetPlan
+// @Tag Plan API
+// @Description get plan
+// @Param   id     query    string  true        "The id ( owner/name ) of the plan"
+// @Param   includeOption     query    bool  false        "Should include plan's option"
+// @Success 200 {object} object.Plan The Response object
+// @router /get-plan [get]
+func (c *ApiController) GetPlan() {
+	id := c.Input().Get("id")
+	includeOption := c.Input().Get("includeOption") == "true"
+
+	plan := object.GetPlan(id)
+
+	if includeOption {
+		options := object.GetPermissionsByRole(plan.Role)
+
+		for _, option := range options {
+			plan.Options = append(plan.Options, option.DisplayName)
+		}
+
+		c.Data["json"] = plan
+	} else {
+		c.Data["json"] = plan
+	}
+	c.ServeJSON()
+}
+
+// UpdatePlan
+// @Title UpdatePlan
+// @Tag Plan API
+// @Description update plan
+// @Param   id     query    string  true        "The id ( owner/name ) of the plan"
+// @Param   body    body   object.Plan  true        "The details of the plan"
+// @Success 200 {object} controllers.Response The Response object
+// @router /update-plan [post]
+func (c *ApiController) UpdatePlan() {
+	id := c.Input().Get("id")
+
+	var plan object.Plan
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &plan)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.UpdatePlan(id, &plan))
+	c.ServeJSON()
+}
+
+// AddPlan
+// @Title AddPlan
+// @Tag Plan API
+// @Description add plan
+// @Param   body    body   object.Plan  true        "The details of the plan"
+// @Success 200 {object} controllers.Response The Response object
+// @router /add-plan [post]
+func (c *ApiController) AddPlan() {
+	var plan object.Plan
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &plan)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.AddPlan(&plan))
+	c.ServeJSON()
+}
+
+// DeletePlan
+// @Title DeletePlan
+// @Tag Plan API
+// @Description delete plan
+// @Param   body    body   object.Plan  true        "The details of the plan"
+// @Success 200 {object} controllers.Response The Response object
+// @router /delete-plan [post]
+func (c *ApiController) DeletePlan() {
+	var plan object.Plan
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &plan)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.DeletePlan(&plan))
+	c.ServeJSON()
+}
--- a/controllers/pricing.go
+++ b/controllers/pricing.go
@@ -0,0 +1,125 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/beego/beego/utils/pagination"
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
+)
+
+// GetPricings
+// @Title GetPricings
+// @Tag Pricing API
+// @Description get pricings
+// @Param   owner     query    string  true        "The owner of pricings"
+// @Success 200 {array} object.Pricing The Response object
+// @router /get-pricings [get]
+func (c *ApiController) GetPricings() {
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	if limit == "" || page == "" {
+		c.Data["json"] = object.GetPricings(owner)
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetPricingCount(owner, field, value)))
+		pricing := object.GetPaginatedPricings(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		c.ResponseOk(pricing, paginator.Nums())
+	}
+}
+
+// GetPricing
+// @Title GetPricing
+// @Tag Pricing API
+// @Description get pricing
+// @Param   id     query    string  true        "The id ( owner/name ) of the pricing"
+// @Success 200 {object} object.pricing The Response object
+// @router /get-pricing [get]
+func (c *ApiController) GetPricing() {
+	id := c.Input().Get("id")
+
+	pricing := object.GetPricing(id)
+
+	c.Data["json"] = pricing
+	c.ServeJSON()
+}
+
+// UpdatePricing
+// @Title UpdatePricing
+// @Tag Pricing API
+// @Description update pricing
+// @Param   id     query    string  true        "The id ( owner/name ) of the pricing"
+// @Param   body    body   object.Pricing  true        "The details of the pricing"
+// @Success 200 {object} controllers.Response The Response object
+// @router /update-pricing [post]
+func (c *ApiController) UpdatePricing() {
+	id := c.Input().Get("id")
+
+	var pricing object.Pricing
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &pricing)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.UpdatePricing(id, &pricing))
+	c.ServeJSON()
+}
+
+// AddPricing
+// @Title AddPricing
+// @Tag Pricing API
+// @Description add pricing
+// @Param   body    body   object.Pricing  true        "The details of the pricing"
+// @Success 200 {object} controllers.Response The Response object
+// @router /add-pricing [post]
+func (c *ApiController) AddPricing() {
+	var pricing object.Pricing
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &pricing)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.AddPricing(&pricing))
+	c.ServeJSON()
+}
+
+// DeletePricing
+// @Title DeletePricing
+// @Tag Pricing API
+// @Description delete pricing
+// @Param   body    body   object.Pricing  true        "The details of the pricing"
+// @Success 200 {object} controllers.Response The Response object
+// @router /delete-pricing [post]
+func (c *ApiController) DeletePricing() {
+	var pricing object.Pricing
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &pricing)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.DeletePricing(&pricing))
+	c.ServeJSON()
+}
--- a/controllers/provider.go
+++ b/controllers/provider.go
@@ -37,13 +37,19 @@ func (c *ApiController) GetProviders() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
+
+	ok, isMaskEnabled := c.IsMaskedEnabled()
+	if !ok {
+		return
+	}
+
 	if limit == "" || page == "" {
-		c.Data["json"] = object.GetMaskedProviders(object.GetProviders(owner))
+		c.Data["json"] = object.GetMaskedProviders(object.GetProviders(owner), isMaskEnabled)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
 		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetProviderCount(owner, field, value)))
-		providers := object.GetMaskedProviders(object.GetPaginationProviders(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
+		providers := object.GetMaskedProviders(object.GetPaginationProviders(owner, paginator.Offset(), limit, field, value, sortField, sortOrder), isMaskEnabled)
 		c.ResponseOk(providers, paginator.Nums())
 	}
 }
@@ -61,13 +67,19 @@ func (c *ApiController) GetGlobalProviders() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
+
+	ok, isMaskEnabled := c.IsMaskedEnabled()
+	if !ok {
+		return
+	}
+
 	if limit == "" || page == "" {
-		c.Data["json"] = object.GetMaskedProviders(object.GetGlobalProviders())
+		c.Data["json"] = object.GetMaskedProviders(object.GetGlobalProviders(), isMaskEnabled)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
 		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetGlobalProviderCount(field, value)))
-		providers := object.GetMaskedProviders(object.GetPaginationGlobalProviders(paginator.Offset(), limit, field, value, sortField, sortOrder))
+		providers := object.GetMaskedProviders(object.GetPaginationGlobalProviders(paginator.Offset(), limit, field, value, sortField, sortOrder), isMaskEnabled)
 		c.ResponseOk(providers, paginator.Nums())
 	}
 }
@@ -81,7 +93,13 @@ func (c *ApiController) GetGlobalProviders() {
 // @router /get-provider [get]
 func (c *ApiController) GetProvider() {
 	id := c.Input().Get("id")
-	c.Data["json"] = object.GetMaskedProvider(object.GetProvider(id))
+
+	ok, isMaskEnabled := c.IsMaskedEnabled()
+	if !ok {
+		return
+	}
+
+	c.Data["json"] = object.GetMaskedProvider(object.GetProvider(id), isMaskEnabled)
 	c.ServeJSON()
 }

--- a/controllers/resource.go
+++ b/controllers/resource.go
@@ -21,6 +21,7 @@ import (
 	"io"
 	"mime"
 	"path/filepath"
+	"strings"

 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
@@ -235,10 +236,21 @@ func (c *ApiController) UploadResource() {
 		user.Avatar = fileUrl
 		object.UpdateUser(user.GetId(), user, []string{"avatar"}, false)
 	case "termsOfUse":
-		applicationId := fmt.Sprintf("admin/%s", parent)
-		app := object.GetApplication(applicationId)
-		app.TermsOfUse = fileUrl
-		object.UpdateApplication(applicationId, app)
+		user := object.GetUserNoCheck(util.GetId(owner, username))
+		if user == nil {
+			c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(owner, username)))
+			return
+		}
+
+		if !user.IsAdminUser() {
+			c.ResponseError(c.T("auth:Unauthorized operation"))
+			return
+		}
+
+		_, applicationId := util.GetOwnerAndNameFromIdNoCheck(strings.TrimRight(fullFilePath, ".html"))
+		applicationObj := object.GetApplication(applicationId)
+		applicationObj.TermsOfUse = fileUrl
+		object.UpdateApplication(applicationId, applicationObj)
 	}

 	c.ResponseOk(fileUrl, objectKey)
--- a/controllers/subscription.go
+++ b/controllers/subscription.go
@@ -0,0 +1,125 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/beego/beego/utils/pagination"
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
+)
+
+// GetSubscriptions
+// @Title GetSubscriptions
+// @Tag Subscription API
+// @Description get subscriptions
+// @Param   owner     query    string  true        "The owner of subscriptions"
+// @Success 200 {array} object.Subscription The Response object
+// @router /get-subscriptions [get]
+func (c *ApiController) GetSubscriptions() {
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	if limit == "" || page == "" {
+		c.Data["json"] = object.GetSubscriptions(owner)
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetSubscriptionCount(owner, field, value)))
+		subscription := object.GetPaginationSubscriptions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		c.ResponseOk(subscription, paginator.Nums())
+	}
+}
+
+// GetSubscription
+// @Title GetSubscription
+// @Tag Subscription API
+// @Description get subscription
+// @Param   id     query    string  true        "The id ( owner/name ) of the subscription"
+// @Success 200 {object} object.subscription The Response object
+// @router /get-subscription [get]
+func (c *ApiController) GetSubscription() {
+	id := c.Input().Get("id")
+
+	subscription := object.GetSubscription(id)
+
+	c.Data["json"] = subscription
+	c.ServeJSON()
+}
+
+// UpdateSubscription
+// @Title UpdateSubscription
+// @Tag Subscription API
+// @Description update subscription
+// @Param   id     query    string  true        "The id ( owner/name ) of the subscription"
+// @Param   body    body   object.Subscription  true        "The details of the subscription"
+// @Success 200 {object} controllers.Response The Response object
+// @router /update-subscription [post]
+func (c *ApiController) UpdateSubscription() {
+	id := c.Input().Get("id")
+
+	var subscription object.Subscription
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &subscription)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.UpdateSubscription(id, &subscription))
+	c.ServeJSON()
+}
+
+// AddSubscription
+// @Title AddSubscription
+// @Tag Subscription API
+// @Description add subscription
+// @Param   body    body   object.Subscription  true        "The details of the subscription"
+// @Success 200 {object} controllers.Response The Response object
+// @router /add-subscription [post]
+func (c *ApiController) AddSubscription() {
+	var subscription object.Subscription
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &subscription)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.AddSubscription(&subscription))
+	c.ServeJSON()
+}
+
+// DeleteSubscription
+// @Title DeleteSubscription
+// @Tag Subscription API
+// @Description delete subscription
+// @Param   body    body   object.Subscription  true        "The details of the subscription"
+// @Success 200 {object} controllers.Response The Response object
+// @router /delete-subscription [post]
+func (c *ApiController) DeleteSubscription() {
+	var subscription object.Subscription
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &subscription)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.DeleteSubscription(&subscription))
+	c.ServeJSON()
+}
--- a/controllers/syncer.go
+++ b/controllers/syncer.go
@@ -37,13 +37,14 @@ func (c *ApiController) GetSyncers() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
+	organization := c.Input().Get("organization")
 	if limit == "" || page == "" {
-		c.Data["json"] = object.GetSyncers(owner)
+		c.Data["json"] = object.GetOrganizationSyncers(owner, organization)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetSyncerCount(owner, field, value)))
-		syncers := object.GetPaginationSyncers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetSyncerCount(owner, organization, field, value)))
+		syncers := object.GetPaginationSyncers(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(syncers, paginator.Nums())
 	}
 }
--- a/controllers/system_info.go
+++ b/controllers/system_info.go
@@ -59,3 +59,13 @@ func (c *ApiController) GetVersionInfo() {

 	c.ResponseOk(versionInfo)
 }
+
+// Health
+// @Title Health
+// @Tag System API
+// @Description check if the system is live
+// @Success 200 {object} controllers.Response The Response object
+// @router /health [get]
+func (c *ApiController) Health() {
+	c.ResponseOk()
+}
--- a/controllers/token.go
+++ b/controllers/token.go
@@ -39,13 +39,14 @@ func (c *ApiController) GetTokens() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
+	organization := c.Input().Get("organization")
 	if limit == "" || page == "" {
-		c.Data["json"] = object.GetTokens(owner)
+		c.Data["json"] = object.GetTokens(owner, organization)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetTokenCount(owner, field, value)))
-		tokens := object.GetPaginationTokens(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetTokenCount(owner, organization, field, value)))
+		tokens := object.GetPaginationTokens(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(tokens, paginator.Nums())
 	}
 }
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -80,7 +80,7 @@ func (c *ApiController) GetUsers() {
 // @Title GetUser
 // @Tag User API
 // @Description get user
-// @Param   id     query    string  true        "The id ( owner/name ) of the user"
+// @Param   id     query    string  false        "The id ( owner/name ) of the user"
 // @Param   owner  query    string  false        "The owner of the user"
 // @Param   email  query    string  false 	     "The email of the user"
 // @Param   phone  query    string  false 	     "The phone of the user"
@@ -92,13 +92,19 @@ func (c *ApiController) GetUser() {
 	email := c.Input().Get("email")
 	phone := c.Input().Get("phone")
 	userId := c.Input().Get("userId")
-
 	owner := c.Input().Get("owner")
+
+	var userFromUserId *object.User
+	if userId != "" && owner != "" {
+		userFromUserId = object.GetUserByUserId(owner, userId)
+		id = util.GetId(userFromUserId.Owner, userFromUserId.Name)
+	}
+
 	if owner == "" {
 		owner = util.GetOwnerFromId(id)
 	}

-	organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", owner))
+	organization := object.GetOrganization(util.GetId("admin", owner))
 	if !organization.IsProfilePublic {
 		requestUserId := c.GetSessionUsername()
 		hasPermission, err := object.CheckUserPermission(requestUserId, id, false, c.GetAcceptLanguage())
@@ -115,7 +121,7 @@ func (c *ApiController) GetUser() {
 	case phone != "":
 		user = object.GetUserByPhone(owner, phone)
 	case userId != "":
-		user = object.GetUserByUserId(owner, userId)
+		user = userFromUserId
 	default:
 		user = object.GetUser(id)
 	}
--- a/controllers/util.go
+++ b/controllers/util.go
@@ -16,7 +16,6 @@ package controllers

 import (
 	"fmt"
-	"strconv"

 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/i18n"
@@ -115,12 +114,25 @@ func (c *ApiController) RequireAdmin() (string, bool) {
 	return user.Owner, true
 }

-func getInitScore(organization *object.Organization) (int, error) {
-	if organization != nil {
-		return organization.InitScore, nil
-	} else {
-		return strconv.Atoi(conf.GetConfigString("initScore"))
+// IsMaskedEnabled ...
+func (c *ApiController) IsMaskedEnabled() (bool, bool) {
+	isMaskEnabled := true
+	withSecret := c.Input().Get("withSecret")
+	if withSecret == "1" {
+		isMaskEnabled = false
+
+		if conf.IsDemoMode() {
+			c.ResponseError(c.T("general:this operation is not allowed in demo mode"))
+			return false, isMaskEnabled
+		}
+
+		_, ok := c.RequireAdmin()
+		if !ok {
+			return false, isMaskEnabled
+		}
 	}
+
+	return true, isMaskEnabled
 }

 func (c *ApiController) GetProviderFromContext(category string) (*object.Provider, *object.User, bool) {
--- a/controllers/webhook.go
+++ b/controllers/webhook.go
@@ -37,13 +37,14 @@ func (c *ApiController) GetWebhooks() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
+	organization := c.Input().Get("organization")
 	if limit == "" || page == "" {
-		c.Data["json"] = object.GetWebhooks(owner)
+		c.Data["json"] = object.GetWebhooks(owner, organization)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetWebhookCount(owner, field, value)))
-		webhooks := object.GetPaginationWebhooks(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetWebhookCount(owner, organization, field, value)))
+		webhooks := object.GetPaginationWebhooks(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(webhooks, paginator.Nums())
 	}
 }
--- a/form/auth.go
+++ b/form/auth.go
@@ -54,4 +54,7 @@ type AuthForm struct {
 	MfaType      string `json:"mfaType"`
 	Passcode     string `json:"passcode"`
 	RecoveryCode string `json:"recoveryCode"`
+
+	Plan    string `json:"plan"`
+	Pricing string `json:"pricing"`
 }
--- a/i18n/generate_test.go
+++ b/i18n/generate_test.go
@@ -32,6 +32,7 @@ func TestGenerateI18nFrontend(t *testing.T) {
 	applyToOtherLanguage("frontend", "ko", data)
 	applyToOtherLanguage("frontend", "ru", data)
 	applyToOtherLanguage("frontend", "vi", data)
+	applyToOtherLanguage("frontend", "pt", data)
 }

 func TestGenerateI18nBackend(t *testing.T) {
@@ -47,4 +48,5 @@ func TestGenerateI18nBackend(t *testing.T) {
 	applyToOtherLanguage("backend", "ko", data)
 	applyToOtherLanguage("backend", "ru", data)
 	applyToOtherLanguage("backend", "vi", data)
+	applyToOtherLanguage("backend", "pt", data)
 }
--- a/i18n/util.go
+++ b/i18n/util.go
@@ -73,23 +73,27 @@ func applyData(data1 *I18nData, data2 *I18nData) {
 	}
 }

-func Translate(lang string, error string) string {
-	tokens := strings.SplitN(error, ":", 2)
-	if !strings.Contains(error, ":") || len(tokens) != 2 {
-		return "Translate Error: " + error
+func Translate(language string, errorText string) string {
+	tokens := strings.SplitN(errorText, ":", 2)
+	if !strings.Contains(errorText, ":") || len(tokens) != 2 {
+		return fmt.Sprintf("Translate error: the error text doesn't contain \":\", errorText = %s", errorText)
 	}

-	if langMap[lang] == nil {
-		file, _ := f.ReadFile("locales/" + lang + "/data.json")
+	if langMap[language] == nil {
+		file, err := f.ReadFile(fmt.Sprintf("locales/%s/data.json", language))
+		if err != nil {
+			return fmt.Sprintf("Translate error: the language \"%s\" is not supported, err = %s", language, err.Error())
+		}
+
 		data := I18nData{}
-		err := util.JsonToStruct(string(file), &data)
+		err = util.JsonToStruct(string(file), &data)
 		if err != nil {
 			panic(err)
 		}
-		langMap[lang] = data
+		langMap[language] = data
 	}

-	res := langMap[lang][tokens[0]][tokens[1]]
+	res := langMap[language][tokens[0]][tokens[1]]
 	if res == "" {
 		res = tokens[1]
 	}
--- a/idp/dingtalk.go
+++ b/idp/dingtalk.go
@@ -179,8 +179,12 @@ func (idp *DingTalkIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, erro
 		return nil, err
 	}

-	corpEmail, jobNumber, err := idp.getUserCorpEmail(userId, corpAccessToken)
+	corpMobile, corpEmail, jobNumber, err := idp.getUserCorpEmail(userId, corpAccessToken)
 	if err == nil {
+		if corpMobile != "" {
+			userInfo.Phone = corpMobile
+		}
+
 		if corpEmail != "" {
 			userInfo.Email = corpEmail
 		}
@@ -264,27 +268,29 @@ func (idp *DingTalkIdProvider) getUserId(unionId string, accessToken string) (st
 	return data.Result.UserId, nil
 }

-func (idp *DingTalkIdProvider) getUserCorpEmail(userId string, accessToken string) (string, string, error) {
+func (idp *DingTalkIdProvider) getUserCorpEmail(userId string, accessToken string) (string, string, string, error) {
+	// https://open.dingtalk.com/document/isvapp/query-user-details
 	body := make(map[string]string)
 	body["userid"] = userId
 	respBytes, err := idp.postWithBody(body, "https://oapi.dingtalk.com/topapi/v2/user/get?access_token="+accessToken)
 	if err != nil {
-		return "", "", err
+		return "", "", "", err
 	}

 	var data struct {
 		ErrMessage string `json:"errmsg"`
 		Result     struct {
+			Mobile    string `json:"mobile"`
 			Email     string `json:"email"`
 			JobNumber string `json:"job_number"`
 		} `json:"result"`
 	}
 	err = json.Unmarshal(respBytes, &data)
 	if err != nil {
-		return "", "", err
+		return "", "", "", err
 	}
 	if data.ErrMessage != "ok" {
-		return "", "", fmt.Errorf(data.ErrMessage)
+		return "", "", "", fmt.Errorf(data.ErrMessage)
 	}
-	return data.Result.Email, data.Result.JobNumber, nil
+	return data.Result.Mobile, data.Result.Email, data.Result.JobNumber, nil
 }
--- a/ldap/server.go
+++ b/ldap/server.go
@@ -113,6 +113,9 @@ func handleSearch(w ldap.ResponseWriter, m *ldap.Message) {

 		for _, attr := range r.Attributes() {
 			e.AddAttribute(message.AttributeDescription(attr), getAttribute(string(attr), user))
+			if string(attr) == "cn" {
+				e.AddAttribute(message.AttributeDescription(attr), getAttribute("title", user))
+			}
 		}

 		w.Write(e)
--- a/ldap/util.go
+++ b/ldap/util.go
@@ -74,6 +74,15 @@ func getUsername(filter string) string {
 	return name
 }

+func stringInSlice(value string, list []string) bool {
+	for _, item := range list {
+		if item == value {
+			return true
+		}
+	}
+	return false
+}
+
 func GetFilteredUsers(m *ldap.Message) (filteredUsers []*object.User, code int) {
 	r := m.GetSearchRequest()

@@ -94,13 +103,32 @@ func GetFilteredUsers(m *ldap.Message) (filteredUsers []*object.User, code int)
 			return nil, ldap.LDAPResultInsufficientAccessRights
 		}
 	} else {
-		hasPermission, err := object.CheckUserPermission(fmt.Sprintf("%s/%s", m.Client.OrgName, m.Client.UserName), fmt.Sprintf("%s/%s", org, name), true, "en")
+		requestUserId := util.GetId(m.Client.OrgName, m.Client.UserName)
+		userId := util.GetId(org, name)
+
+		hasPermission, err := object.CheckUserPermission(requestUserId, userId, true, "en")
 		if !hasPermission {
 			log.Printf("ErrMsg = %v", err.Error())
 			return nil, ldap.LDAPResultInsufficientAccessRights
 		}
-		user := object.GetUser(util.GetId(org, name))
-		filteredUsers = append(filteredUsers, user)
+
+		user := object.GetUser(userId)
+		if user != nil {
+			filteredUsers = append(filteredUsers, user)
+			return filteredUsers, ldap.LDAPResultSuccess
+		}
+
+		organization := object.GetOrganization(util.GetId("admin", org))
+		if organization == nil {
+			return nil, ldap.LDAPResultNoSuchObject
+		}
+
+		if !stringInSlice(name, organization.Tags) {
+			return nil, ldap.LDAPResultNoSuchObject
+		}
+
+		users := object.GetUsersByTag(org, name)
+		filteredUsers = append(filteredUsers, users...)
 		return filteredUsers, ldap.LDAPResultSuccess
 	}
 }
@@ -130,12 +158,16 @@ func getAttribute(attributeName string, user *object.User) message.AttributeValu
 		return message.AttributeValue(user.Name)
 	case "uid":
 		return message.AttributeValue(user.Name)
+	case "displayname":
+		return message.AttributeValue(user.DisplayName)
 	case "email":
 		return message.AttributeValue(user.Email)
 	case "mail":
 		return message.AttributeValue(user.Email)
 	case "mobile":
 		return message.AttributeValue(user.Phone)
+	case "title":
+		return message.AttributeValue(user.Tag)
 	case "userPassword":
 		return message.AttributeValue(getUserPasswordWithType(user))
 	default:
--- a/main.go
+++ b/main.go
@@ -59,8 +59,8 @@ func main() {
 	beego.InsertFilter("*", beego.BeforeRouter, routers.AutoSigninFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.CorsFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.AuthzFilter)
-	beego.InsertFilter("*", beego.BeforeRouter, routers.RecordMessage)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.PrometheusFilter)
+	beego.InsertFilter("*", beego.BeforeRouter, routers.RecordMessage)

 	beego.BConfig.WebConfig.Session.SessionOn = true
 	beego.BConfig.WebConfig.Session.SessionName = "casdoor_session_id"
--- a/object/adapter.go
+++ b/object/adapter.go
@@ -240,6 +240,21 @@ func (a *Adapter) createTable() {
 	if err != nil {
 		panic(err)
 	}
+
+	err = a.Engine.Sync2(new(Subscription))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Plan))
+	if err != nil {
+		panic(err)
+	}
+
+	err = a.Engine.Sync2(new(Pricing))
+	if err != nil {
+		panic(err)
+	}
 }

 func GetSession(owner string, offset, limit int, field, value, sortField, sortOrder string) *xorm.Session {
--- a/object/application.go
+++ b/object/application.go
@@ -72,6 +72,7 @@ type Application struct {
 	SigninHtml           string     `xorm:"mediumtext" json:"signinHtml"`
 	ThemeData            *ThemeData `xorm:"json" json:"themeData"`
 	FormCss              string     `xorm:"text" json:"formCss"`
+	FormCssMobile        string     `xorm:"text" json:"formCssMobile"`
 	FormOffset           int        `json:"formOffset"`
 	FormSideHtml         string     `xorm:"mediumtext" json:"formSideHtml"`
 	FormBackgroundUrl    string     `xorm:"varchar(200)" json:"formBackgroundUrl"`
@@ -109,7 +110,7 @@ func GetApplications(owner string) []*Application {

 func GetOrganizationApplications(owner string, organization string) []*Application {
 	applications := []*Application{}
-	err := adapter.Engine.Desc("created_time").Find(&applications, &Application{Owner: owner, Organization: organization})
+	err := adapter.Engine.Desc("created_time").Find(&applications, &Application{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@@ -131,7 +132,7 @@ func GetPaginationApplications(owner string, offset, limit int, field, value, so
 func GetPaginationOrganizationApplications(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) []*Application {
 	applications := []*Application{}
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&applications, &Application{Owner: owner, Organization: organization})
+	err := session.Find(&applications, &Application{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@@ -149,7 +150,7 @@ func getProviderMap(owner string) map[string]*Provider {
 			UpdateProvider(provider.Owner+"/"+provider.Name, provider)
 		}

-		m[provider.Name] = GetMaskedProvider(provider)
+		m[provider.Name] = GetMaskedProvider(provider, true)
 	}
 	return m
 }
@@ -325,6 +326,12 @@ func UpdateApplication(id string, application *Application) bool {
 }

 func AddApplication(application *Application) bool {
+	if application.Owner == "" {
+		application.Owner = "admin"
+	}
+	if application.Organization == "" {
+		application.Organization = "built-in"
+	}
 	if application.ClientId == "" {
 		application.ClientId = util.GenerateClientId()
 	}
--- a/object/casbin_adapter.go
+++ b/object/casbin_adapter.go
@@ -46,9 +46,9 @@ type CasbinAdapter struct {
 	Adapter *xormadapter.Adapter `xorm:"-" json:"-"`
 }

-func GetCasbinAdapterCount(owner, field, value string) int {
+func GetCasbinAdapterCount(owner, organization, field, value string) int {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	count, err := session.Count(&CasbinAdapter{})
+	count, err := session.Count(&CasbinAdapter{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@@ -56,9 +56,9 @@ func GetCasbinAdapterCount(owner, field, value string) int {
 	return int(count)
 }

-func GetCasbinAdapters(owner string) []*CasbinAdapter {
+func GetCasbinAdapters(owner string, organization string) []*CasbinAdapter {
 	adapters := []*CasbinAdapter{}
-	err := adapter.Engine.Where("owner = ?", owner).Find(&adapters)
+	err := adapter.Engine.Where("owner = ? and organization = ?", owner, organization).Find(&adapters)
 	if err != nil {
 		panic(err)
 	}
@@ -66,10 +66,10 @@ func GetCasbinAdapters(owner string) []*CasbinAdapter {
 	return adapters
 }

-func GetPaginationCasbinAdapters(owner string, page, limit int, field, value, sort, order string) []*CasbinAdapter {
+func GetPaginationCasbinAdapters(owner, organization string, page, limit int, field, value, sort, order string) []*CasbinAdapter {
 	session := GetSession(owner, page, limit, field, value, sort, order)
 	adapters := []*CasbinAdapter{}
-	err := session.Find(&adapters)
+	err := session.Find(&adapters, &CasbinAdapter{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
--- a/object/cert.go
+++ b/object/cert.go
@@ -55,8 +55,8 @@ func GetMaskedCerts(certs []*Cert) []*Cert {
 }

 func GetCertCount(owner, field, value string) int {
-	session := GetSession(owner, -1, -1, field, value, "", "")
-	count, err := session.Count(&Cert{})
+	session := GetSession("", -1, -1, field, value, "", "")
+	count, err := session.Where("owner = ? or owner = ? ", "admin", owner).Count(&Cert{})
 	if err != nil {
 		panic(err)
 	}
@@ -66,7 +66,7 @@ func GetCertCount(owner, field, value string) int {

 func GetCerts(owner string) []*Cert {
 	certs := []*Cert{}
-	err := adapter.Engine.Desc("created_time").Find(&certs, &Cert{Owner: owner})
+	err := adapter.Engine.Where("owner = ? or owner = ? ", "admin", owner).Desc("created_time").Find(&certs, &Cert{})
 	if err != nil {
 		panic(err)
 	}
@@ -76,7 +76,38 @@ func GetCerts(owner string) []*Cert {

 func GetPaginationCerts(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Cert {
 	certs := []*Cert{}
-	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	session := GetSession("", offset, limit, field, value, sortField, sortOrder)
+	err := session.Where("owner = ? or owner = ? ", "admin", owner).Find(&certs)
+	if err != nil {
+		panic(err)
+	}
+
+	return certs
+}
+
+func GetGlobalCertsCount(field, value string) int {
+	session := GetSession("", -1, -1, field, value, "", "")
+	count, err := session.Count(&Cert{})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
+}
+
+func GetGlobleCerts() []*Cert {
+	certs := []*Cert{}
+	err := adapter.Engine.Desc("created_time").Find(&certs)
+	if err != nil {
+		panic(err)
+	}
+
+	return certs
+}
+
+func GetPaginationGlobalCerts(offset, limit int, field, value, sortField, sortOrder string) []*Cert {
+	certs := []*Cert{}
+	session := GetSession("", offset, limit, field, value, sortField, sortOrder)
 	err := session.Find(&certs)
 	if err != nil {
 		panic(err)
@@ -103,6 +134,24 @@ func getCert(owner string, name string) *Cert {
 	}
 }

+func getCertByName(name string) *Cert {
+	if name == "" {
+		return nil
+	}
+
+	cert := Cert{Name: name}
+	existed, err := adapter.Engine.Get(&cert)
+	if err != nil {
+		panic(err)
+	}
+
+	if existed {
+		return &cert
+	} else {
+		return nil
+	}
+}
+
 func GetCert(id string) *Cert {
 	owner, name := util.GetOwnerAndNameFromId(id)
 	return getCert(owner, name)
@@ -158,7 +207,7 @@ func (p *Cert) GetId() string {

 func getCertByApplication(application *Application) *Cert {
 	if application.Cert != "" {
-		return getCert("admin", application.Cert)
+		return getCertByName(application.Cert)
 	} else {
 		return GetDefaultCert()
 	}
--- a/object/check.go
+++ b/object/check.go
@@ -175,7 +175,11 @@ func CheckPassword(user *User, password string, lang string, options ...bool) st
 		return i18n.Translate(lang, "check:Organization does not exist")
 	}

-	credManager := cred.GetCredManager(organization.PasswordType)
+	passwordType := user.PasswordType
+	if passwordType == "" {
+		passwordType = organization.PasswordType
+	}
+	credManager := cred.GetCredManager(passwordType)
 	if credManager != nil {
 		if organization.MasterPassword != "" {
 			if credManager.IsPasswordCorrect(password, organization.MasterPassword, "", organization.PasswordSalt) {
@@ -207,7 +211,7 @@ func checkLdapUserPassword(user *User, password string, lang string) string {
 		}

 		searchReq := goldap.NewSearchRequest(ldapServer.BaseDn, goldap.ScopeWholeSubtree, goldap.NeverDerefAliases,
-			0, 0, false, ldapServer.buildFilterString(user), []string{}, nil)
+			0, 0, false, ldapServer.buildAuthFilterString(user), []string{}, nil)

 		searchResult, err := conn.Conn.Search(searchReq)
 		if err != nil {
@@ -282,6 +286,10 @@ func CheckUserPermission(requestUserId, userId string, strict bool, lang string)
 	if userId != "" {
 		targetUser := GetUser(userId)
 		if targetUser == nil {
+			if strings.HasPrefix(requestUserId, "built-in/") {
+				return true, nil
+			}
+
 			return false, fmt.Errorf(i18n.Translate(lang, "general:The user: %s doesn't exist"), userId)
 		}

@@ -313,6 +321,10 @@ func CheckUserPermission(requestUserId, userId string, strict bool, lang string)
 }

 func CheckAccessPermission(userId string, application *Application) (bool, error) {
+	if userId == "built-in/admin" {
+		return true, nil
+	}
+
 	permissions := GetPermissions(application.Organization)
 	allowed := true
 	var err error
--- a/object/init.go
+++ b/object/init.go
@@ -90,7 +90,7 @@ func initBuiltInOrganization() bool {
 		CountryCodes:       []string{"US", "ES", "CN", "FR", "DE", "GB", "JP", "KR", "VN", "ID", "SG", "IN"},
 		DefaultAvatar:      fmt.Sprintf("%s/img/casbin.svg", conf.GetConfigString("staticBaseUrl")),
 		Tags:               []string{},
-		Languages:          []string{"en", "zh", "es", "fr", "de", "id", "ja", "ko", "ru", "vi"},
+		Languages:          []string{"en", "zh", "es", "fr", "de", "id", "ja", "ko", "ru", "vi", "pt"},
 		InitScore:          2000,
 		AccountItems:       getBuiltInAccountItems(),
 		EnableSoftDeletion: false,
--- a/object/ldap_autosync.go
+++ b/object/ldap_autosync.go
@@ -87,11 +87,13 @@ func (l *LdapAutoSynchronizer) syncRoutine(ldap *Ldap, stopChan chan struct{}) {
 			logs.Warning(fmt.Sprintf("autoSync failed for %s, error %s", ldap.Id, err))
 			continue
 		}
-		existed, failed := SyncLdapUsers(ldap.Owner, LdapUsersToLdapRespUsers(users), ldap.Id)
-		if len(*failed) != 0 {
-			logs.Warning(fmt.Sprintf("ldap autosync,%d new users,but %d user failed during :", len(users)-len(*existed)-len(*failed), len(*failed)), *failed)
+
+		existed, failed, err := SyncLdapUsers(ldap.Owner, AutoAdjustLdapUser(users), ldap.Id)
+		if len(failed) != 0 {
+			logs.Warning(fmt.Sprintf("ldap autosync,%d new users,but %d user failed during :", len(users)-len(existed)-len(failed), len(failed)), failed)
+			logs.Warning(err.Error())
 		} else {
-			logs.Info(fmt.Sprintf("ldap autosync success, %d new users, %d existing users", len(users)-len(*existed), len(*existed)))
+			logs.Info(fmt.Sprintf("ldap autosync success, %d new users, %d existing users", len(users)-len(existed), len(existed)))
 		}
 	}
 }
--- a/object/ldap_conn.go
+++ b/object/ldap_conn.go
@@ -19,7 +19,6 @@ import (
 	"fmt"
 	"strings"

-	"github.com/beego/beego"
 	"github.com/casdoor/casdoor/util"
 	goldap "github.com/go-ldap/ldap/v3"
 	"github.com/thanhpk/randstr"
@@ -35,35 +34,26 @@ type LdapConn struct {
 //	Cn        string
 //}

-type ldapUser struct {
-	UidNumber string
-	Uid       string
-	Cn        string
-	GidNumber string
+type LdapUser struct {
+	UidNumber string `json:"uidNumber"`
+	Uid       string `json:"uid"`
+	Cn        string `json:"cn"`
+	GidNumber string `json:"gidNumber"`
 	// Gcn                   string
-	Uuid                  string
-	DisplayName           string
+	Uuid                  string `json:"uuid"`
+	DisplayName           string `json:"displayName"`
 	Mail                  string
-	Email                 string
+	Email                 string `json:"email"`
 	EmailAddress          string
 	TelephoneNumber       string
 	Mobile                string
 	MobileTelephoneNumber string
 	RegisteredAddress     string
 	PostalAddress         string
-}

-type LdapRespUser struct {
-	UidNumber string `json:"uidNumber"`
-	Uid       string `json:"uid"`
-	Cn        string `json:"cn"`
-	GroupId   string `json:"groupId"`
-	// GroupName string `json:"groupName"`
-	Uuid        string `json:"uuid"`
-	DisplayName string `json:"displayName"`
-	Email       string `json:"email"`
-	Phone       string `json:"phone"`
-	Address     string `json:"address"`
+	GroupId string `json:"groupId"`
+	Phone   string `json:"phone"`
+	Address string `json:"address"`
 }

 func (ldap *Ldap) GetLdapConn() (c *LdapConn, err error) {
@@ -136,7 +126,7 @@ func isMicrosoftAD(Conn *goldap.Conn) (bool, error) {
 	return isMicrosoft, err
 }

-func (l *LdapConn) GetLdapUsers(ldapServer *Ldap) ([]ldapUser, error) {
+func (l *LdapConn) GetLdapUsers(ldapServer *Ldap) ([]LdapUser, error) {
 	SearchAttributes := []string{
 		"uidNumber", "cn", "sn", "gidNumber", "entryUUID", "displayName", "mail", "email",
 		"emailAddress", "telephoneNumber", "mobile", "mobileTelephoneNumber", "registeredAddress", "postalAddress",
@@ -159,9 +149,9 @@ func (l *LdapConn) GetLdapUsers(ldapServer *Ldap) ([]ldapUser, error) {
 		return nil, errors.New("no result")
 	}

-	var ldapUsers []ldapUser
+	var ldapUsers []LdapUser
 	for _, entry := range searchResult.Entries {
-		var user ldapUser
+		var user LdapUser
 		for _, attribute := range entry.Attributes {
 			switch attribute.Name {
 			case "uidNumber":
@@ -241,35 +231,30 @@ func (l *LdapConn) GetLdapUsers(ldapServer *Ldap) ([]ldapUser, error) {
 //		return groupMap, nil
 //	}

-func LdapUsersToLdapRespUsers(users []ldapUser) []LdapRespUser {
-	res := make([]LdapRespUser, 0)
-	for _, user := range users {
-		res = append(res, LdapRespUser{
-			UidNumber:   user.UidNumber,
-			Uid:         user.Uid,
-			Cn:          user.Cn,
-			GroupId:     user.GidNumber,
-			Uuid:        user.Uuid,
-			DisplayName: user.DisplayName,
-			Email:       util.ReturnAnyNotEmpty(user.Email, user.EmailAddress, user.Mail),
-			Phone:       util.ReturnAnyNotEmpty(user.Mobile, user.MobileTelephoneNumber, user.TelephoneNumber),
-			Address:     util.ReturnAnyNotEmpty(user.PostalAddress, user.RegisteredAddress),
-		})
+func AutoAdjustLdapUser(users []LdapUser) []LdapUser {
+	res := make([]LdapUser, len(users))
+	for i, user := range users {
+		res[i] = LdapUser{
+			UidNumber:         user.UidNumber,
+			Uid:               user.Uid,
+			Cn:                user.Cn,
+			GroupId:           user.GidNumber,
+			Uuid:              user.GetLdapUuid(),
+			DisplayName:       user.DisplayName,
+			Email:             util.ReturnAnyNotEmpty(user.Email, user.EmailAddress, user.Mail),
+			Mobile:            util.ReturnAnyNotEmpty(user.Mobile, user.MobileTelephoneNumber, user.TelephoneNumber),
+			RegisteredAddress: util.ReturnAnyNotEmpty(user.PostalAddress, user.RegisteredAddress),
+		}
 	}
 	return res
 }

-func SyncLdapUsers(owner string, respUsers []LdapRespUser, ldapId string) (*[]LdapRespUser, *[]LdapRespUser) {
-	var existUsers []LdapRespUser
-	var failedUsers []LdapRespUser
+func SyncLdapUsers(owner string, syncUsers []LdapUser, ldapId string) (existUsers []LdapUser, failedUsers []LdapUser, err error) {
 	var uuids []string
-
-	for _, user := range respUsers {
+	for _, user := range syncUsers {
 		uuids = append(uuids, user.Uuid)
 	}

-	existUuids := GetExistUuids(owner, uuids)
-
 	organization := getOrganization("admin", owner)
 	ldap := GetLdap(ldapId)

@@ -289,67 +274,59 @@ func SyncLdapUsers(owner string, respUsers []LdapRespUser, ldapId string) (*[]Ld
 	}
 	tag := strings.Join(ou, ".")

-	for _, respUser := range respUsers {
+	for _, syncUser := range syncUsers {
+		existUuids := GetExistUuids(owner, uuids)
 		found := false
 		if len(existUuids) > 0 {
 			for _, existUuid := range existUuids {
-				if respUser.Uuid == existUuid {
-					existUsers = append(existUsers, respUser)
+				if syncUser.Uuid == existUuid {
+					existUsers = append(existUsers, syncUser)
 					found = true
 				}
 			}
 		}

 		if !found {
+			score, _ := organization.GetInitScore()
 			newUser := &User{
 				Owner:       owner,
-				Name:        respUser.buildLdapUserName(),
+				Name:        syncUser.buildLdapUserName(),
 				CreatedTime: util.GetCurrentTime(),
-				DisplayName: respUser.buildLdapDisplayName(),
+				DisplayName: syncUser.buildLdapDisplayName(),
 				Avatar:      organization.DefaultAvatar,
-				Email:       respUser.Email,
-				Phone:       respUser.Phone,
-				Address:     []string{respUser.Address},
+				Email:       syncUser.Email,
+				Phone:       syncUser.Phone,
+				Address:     []string{syncUser.Address},
 				Affiliation: affiliation,
 				Tag:         tag,
-				Score:       beego.AppConfig.DefaultInt("initScore", 2000),
-				Ldap:        respUser.Uuid,
+				Score:       score,
+				Ldap:        syncUser.Uuid,
 			}

 			affected := AddUser(newUser)
 			if !affected {
-				failedUsers = append(failedUsers, respUser)
+				failedUsers = append(failedUsers, syncUser)
 				continue
 			}
 		}
 	}

-	return &existUsers, &failedUsers
+	return existUsers, failedUsers, err
 }

 func GetExistUuids(owner string, uuids []string) []string {
-	var users []User
 	var existUuids []string
-	existUuidSet := make(map[string]struct{})

-	err := adapter.Engine.Where(fmt.Sprintf("ldap IN (%s) AND owner = ?", "'"+strings.Join(uuids, "','")+"'"), owner).Find(&users)
+	err := adapter.Engine.Table("user").Where("owner = ?", owner).Cols("ldap").
+		In("ldap", uuids).Select("DISTINCT ldap").Find(&existUuids)
 	if err != nil {
 		panic(err)
 	}

-	if len(users) > 0 {
-		for _, result := range users {
-			existUuidSet[result.Ldap] = struct{}{}
-		}
-	}
-
-	for uuid := range existUuidSet {
-		existUuids = append(existUuids, uuid)
-	}
 	return existUuids
 }

-func (ldapUser *LdapRespUser) buildLdapUserName() string {
+func (ldapUser *LdapUser) buildLdapUserName() string {
 	user := User{}
 	uidWithNumber := fmt.Sprintf("%s_%s", ldapUser.Uid, ldapUser.UidNumber)
 	has, err := adapter.Engine.Where("name = ? or name = ?", ldapUser.Uid, uidWithNumber).Get(&user)
@@ -364,10 +341,14 @@ func (ldapUser *LdapRespUser) buildLdapUserName() string {
 		return fmt.Sprintf("%s_%s", uidWithNumber, randstr.Hex(6))
 	}

-	return ldapUser.Uid
+	if ldapUser.Uid != "" {
+		return ldapUser.Uid
+	}
+
+	return ldapUser.Cn
 }

-func (ldapUser *LdapRespUser) buildLdapDisplayName() string {
+func (ldapUser *LdapUser) buildLdapDisplayName() string {
 	if ldapUser.DisplayName != "" {
 		return ldapUser.DisplayName
 	}
@@ -375,7 +356,18 @@ func (ldapUser *LdapRespUser) buildLdapDisplayName() string {
 	return ldapUser.Cn
 }

-func (ldap *Ldap) buildFilterString(user *User) string {
+func (ldapUser *LdapUser) GetLdapUuid() string {
+	if ldapUser.Uuid != "" {
+		return ldapUser.Uuid
+	}
+	if ldapUser.Uid != "" {
+		return ldapUser.Uid
+	}
+
+	return ldapUser.Cn
+}
+
+func (ldap *Ldap) buildAuthFilterString(user *User) string {
 	if len(ldap.FilterFields) == 0 {
 		return fmt.Sprintf("(&%s(uid=%s))", ldap.Filter, user.Name)
 	}
@@ -393,6 +385,8 @@ func (user *User) getFieldFromLdapAttribute(attribute string) string {
 	switch attribute {
 	case "uid":
 		return user.Name
+	case "sAMAccountName":
+		return user.Name
 	case "mail":
 		return user.Email
 	case "mobile":
--- a/object/message.go
+++ b/object/message.go
@@ -48,9 +48,9 @@ func GetMaskedMessages(messages []*Message) []*Message {
 	return messages
 }

-func GetMessageCount(owner, field, value string) int {
+func GetMessageCount(owner, organization, field, value string) int {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	count, err := session.Count(&Message{})
+	count, err := session.Count(&Message{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@@ -78,10 +78,10 @@ func GetChatMessages(chat string) []*Message {
 	return messages
 }

-func GetPaginationMessages(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Message {
+func GetPaginationMessages(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) []*Message {
 	messages := []*Message{}
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&messages)
+	err := session.Find(&messages, &Message{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
--- a/object/mfa.go
+++ b/object/mfa.go
@@ -51,6 +51,7 @@ const (
 const (
 	MfaSessionUserId = "MfaSessionUserId"
 	NextMfa          = "NextMfa"
+	RequiredMfa      = "RequiredMfa"
 )

 func GetMfaUtil(providerType string, config *MfaProps) MfaInterface {
--- a/object/migrator.go
+++ b/object/migrator.go
@@ -26,6 +26,7 @@ func DoMigration() {
 		&Migrator_1_101_0_PR_1083{},
 		&Migrator_1_235_0_PR_1530{},
 		&Migrator_1_240_0_PR_1539{},
+		&Migrator_1_314_0_PR_1841{},
 		// more migrators add here in chronological order...
 	}

--- a/object/migrator_1_314_0_PR_1841.go
+++ b/object/migrator_1_314_0_PR_1841.go
@@ -0,0 +1,75 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"github.com/xorm-io/xorm"
+	"github.com/xorm-io/xorm/migrate"
+)
+
+type Migrator_1_314_0_PR_1841 struct{}
+
+func (*Migrator_1_314_0_PR_1841) IsMigrationNeeded() bool {
+	users := []*User{}
+
+	err := adapter.Engine.Table("user").Find(&users)
+	if err != nil {
+		return false
+	}
+
+	for _, u := range users {
+		if u.PasswordType != "" {
+			return false
+		}
+	}
+
+	return true
+}
+
+func (*Migrator_1_314_0_PR_1841) DoMigration() *migrate.Migration {
+	migration := migrate.Migration{
+		ID: "20230515MigrateUser--Create a new field 'passwordType' for table `user`",
+		Migrate: func(engine *xorm.Engine) error {
+			tx := engine.NewSession()
+
+			defer tx.Close()
+
+			err := tx.Begin()
+			if err != nil {
+				return err
+			}
+
+			organizations := []*Organization{}
+			err = tx.Table("organization").Find(&organizations)
+			if err != nil {
+				return err
+			}
+
+			for _, organization := range organizations {
+				user := &User{PasswordType: organization.PasswordType}
+				_, err = tx.Where("owner = ?", organization.Name).Cols("password_type").Update(user)
+				if err != nil {
+					return err
+				}
+			}
+
+			tx.Commit()
+
+			return nil
+		},
+	}
+
+	return &migration
+}
--- a/object/organization.go
+++ b/object/organization.go
@@ -16,7 +16,9 @@ package object

 import (
 	"fmt"
+	"strconv"

+	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/cred"
 	"github.com/casdoor/casdoor/i18n"
 	"github.com/casdoor/casdoor/util"
@@ -38,6 +40,11 @@ type ThemeData struct {
 	IsEnabled    bool   `xorm:"bool" json:"isEnabled"`
 }

+type MfaItem struct {
+	Name string `json:"name"`
+	Rule string `json:"rule"`
+}
+
 type Organization struct {
 	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
@@ -59,6 +66,7 @@ type Organization struct {
 	EnableSoftDeletion bool       `json:"enableSoftDeletion"`
 	IsProfilePublic    bool       `json:"isProfilePublic"`

+	MfaItems     []*MfaItem     `xorm:"varchar(300)" json:"mfaItems"`
 	AccountItems []*AccountItem `xorm:"varchar(3000)" json:"accountItems"`
 }

@@ -408,3 +416,20 @@ func organizationChangeTrigger(oldName string, newName string) error {

 	return session.Commit()
 }
+
+func (org *Organization) HasRequiredMfa() bool {
+	for _, item := range org.MfaItems {
+		if item.Rule == "Required" {
+			return true
+		}
+	}
+	return false
+}
+
+func (org *Organization) GetInitScore() (int, error) {
+	if org != nil {
+		return org.InitScore, nil
+	} else {
+		return strconv.Atoi(conf.GetConfigString("initScore"))
+	}
+}
--- a/object/permission.go
+++ b/object/permission.go
@@ -15,8 +15,6 @@
 package object

 import (
-	"fmt"
-
 	"github.com/casdoor/casdoor/util"
 	"github.com/xorm-io/core"
 )
@@ -65,30 +63,6 @@ func (p *Permission) GetId() string {
 	return util.GetId(p.Owner, p.Name)
 }

-func (p *PermissionRule) GetRequest(adapterName string, permissionId string) ([]interface{}, error) {
-	request := []interface{}{p.V0, p.V1, p.V2}
-
-	if p.V3 != "" {
-		request = append(request, p.V3)
-	}
-
-	if p.V4 != "" {
-		request = append(request, p.V4)
-	}
-
-	if adapterName == builtInAdapter {
-		if p.V5 != "" {
-			return nil, fmt.Errorf("too many parameters. The maximum parameter number cannot exceed %d", builtInAvailableField)
-		}
-		return request, nil
-	} else {
-		if p.V5 != "" {
-			request = append(request, p.V5)
-		}
-		return request, nil
-	}
-}
-
 func GetPermissionCount(owner, field, value string) int {
 	session := GetSession(owner, -1, -1, field, value, "", "")
 	count, err := session.Count(&Permission{})
@@ -261,6 +235,16 @@ func GetPermissionsByRole(roleId string) []*Permission {
 	return permissions
 }

+func GetPermissionsByResource(resourceId string) []*Permission {
+	permissions := []*Permission{}
+	err := adapter.Engine.Where("resources like ?", "%"+resourceId+"\"%").Find(&permissions)
+	if err != nil {
+		panic(err)
+	}
+
+	return permissions
+}
+
 func GetPermissionsBySubmitter(owner string, submitter string) []*Permission {
 	permissions := []*Permission{}
 	err := adapter.Engine.Desc("created_time").Find(&permissions, &Permission{Owner: owner, Submitter: submitter})
@@ -271,6 +255,16 @@ func GetPermissionsBySubmitter(owner string, submitter string) []*Permission {
 	return permissions
 }

+func GetPermissionsByModel(owner string, model string) []*Permission {
+	permissions := []*Permission{}
+	err := adapter.Engine.Desc("created_time").Find(&permissions, &Permission{Owner: owner, Model: model})
+	if err != nil {
+		panic(err)
+	}
+
+	return permissions
+}
+
 func ContainsAsterisk(userId string, users []string) bool {
 	containsAsterisk := false
 	group, _ := util.GetOwnerAndNameFromId(userId)
--- a/object/permission_enforcer.go
+++ b/object/permission_enforcer.go
@@ -62,7 +62,11 @@ func getEnforcer(permission *Permission) *casbin.Enforcer {
 		panic(err)
 	}

-	enforcer.InitWithModelAndAdapter(m, nil)
+	err = enforcer.InitWithModelAndAdapter(m, nil)
+	if err != nil {
+		panic(err)
+	}
+
 	enforcer.SetAdapter(adapter)

 	policyFilter := xormadapter.Filter{
@@ -216,28 +220,23 @@ func removePolicies(permission *Permission) {
 	}
 }

-func Enforce(permissionRule *PermissionRule) bool {
-	permission := GetPermission(permissionRule.Id)
+type CasbinRequest = []interface{}
+
+func Enforce(permissionId string, request *CasbinRequest) bool {
+	permission := GetPermission(permissionId)
 	enforcer := getEnforcer(permission)

-	request, _ := permissionRule.GetRequest(builtInAdapter, permissionRule.Id)
-
-	allow, err := enforcer.Enforce(request...)
+	allow, err := enforcer.Enforce(*request...)
 	if err != nil {
 		panic(err)
 	}
 	return allow
 }

-func BatchEnforce(permissionRules []PermissionRule) []bool {
-	var requests [][]interface{}
-	for _, permissionRule := range permissionRules {
-		request, _ := permissionRule.GetRequest(builtInAdapter, permissionRule.Id)
-		requests = append(requests, request)
-	}
-	permission := GetPermission(permissionRules[0].Id)
+func BatchEnforce(permissionId string, requests *[]CasbinRequest) []bool {
+	permission := GetPermission(permissionId)
 	enforcer := getEnforcer(permission)
-	allow, err := enforcer.BatchEnforce(requests)
+	allow, err := enforcer.BatchEnforce(*requests)
 	if err != nil {
 		panic(err)
 	}
--- a/object/plan.go
+++ b/object/plan.go
@@ -0,0 +1,145 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+
+	"github.com/casdoor/casdoor/util"
+	"github.com/xorm-io/core"
+)
+
+type Plan struct {
+	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
+	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
+	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
+	DisplayName string `xorm:"varchar(100)" json:"displayName"`
+	Description string `xorm:"varchar(100)" json:"description"`
+
+	PricePerMonth float64 `json:"pricePerMonth"`
+	PricePerYear  float64 `json:"pricePerYear"`
+	Currency      string  `xorm:"varchar(100)" json:"currency"`
+	IsEnabled     bool    `json:"isEnabled"`
+
+	Role    string   `xorm:"varchar(100)" json:"role"`
+	Options []string `xorm:"-" json:"options"`
+}
+
+func GetPlanCount(owner, field, value string) int {
+	session := GetSession(owner, -1, -1, field, value, "", "")
+	count, err := session.Count(&Plan{})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
+}
+
+func GetPlans(owner string) []*Plan {
+	plans := []*Plan{}
+	err := adapter.Engine.Desc("created_time").Find(&plans, &Plan{Owner: owner})
+	if err != nil {
+		panic(err)
+	}
+	return plans
+}
+
+func GetPaginatedPlans(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Plan {
+	plans := []*Plan{}
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&plans)
+	if err != nil {
+		panic(err)
+	}
+	return plans
+}
+
+func getPlan(owner, name string) *Plan {
+	if owner == "" || name == "" {
+		return nil
+	}
+
+	plan := Plan{Owner: owner, Name: name}
+	existed, err := adapter.Engine.Get(&plan)
+	if err != nil {
+		panic(err)
+	}
+	if existed {
+		return &plan
+	} else {
+		return nil
+	}
+}
+
+func GetPlan(id string) *Plan {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	return getPlan(owner, name)
+}
+
+func UpdatePlan(id string, plan *Plan) bool {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	if getPlan(owner, name) == nil {
+		return false
+	}
+
+	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(plan)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func AddPlan(plan *Plan) bool {
+	affected, err := adapter.Engine.Insert(plan)
+	if err != nil {
+		panic(err)
+	}
+	return affected != 0
+}
+
+func DeletePlan(plan *Plan) bool {
+	affected, err := adapter.Engine.ID(core.PK{plan.Owner, plan.Name}).Delete(plan)
+	if err != nil {
+		panic(err)
+	}
+	return affected != 0
+}
+
+func (plan *Plan) GetId() string {
+	return fmt.Sprintf("%s/%s", plan.Owner, plan.Name)
+}
+
+func Subscribe(owner string, user string, plan string, pricing string) *Subscription {
+	selectedPricing := GetPricing(fmt.Sprintf("%s/%s", owner, pricing))
+
+	valid := selectedPricing != nil && selectedPricing.IsEnabled
+
+	if !valid {
+		return nil
+	}
+
+	planBelongToPricing := selectedPricing.HasPlan(owner, plan)
+
+	if planBelongToPricing {
+		newSubscription := NewSubscription(owner, user, plan, selectedPricing.TrialDuration)
+		affected := AddSubscription(newSubscription)
+
+		if affected {
+			return newSubscription
+		}
+	}
+	return nil
+}
--- a/object/pricing.go
+++ b/object/pricing.go
@@ -0,0 +1,147 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/casdoor/casdoor/util"
+	"github.com/xorm-io/core"
+)
+
+type Pricing struct {
+	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
+	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
+	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
+	DisplayName string `xorm:"varchar(100)" json:"displayName"`
+	Description string `xorm:"varchar(100)" json:"description"`
+
+	Plans         []string `xorm:"mediumtext" json:"plans"`
+	IsEnabled     bool     `json:"isEnabled"`
+	HasTrial      bool     `json:"hasTrial"`
+	TrialDuration int      `json:"trialDuration"`
+	Application   string   `xorm:"varchar(100)" json:"application"`
+
+	Submitter   string `xorm:"varchar(100)" json:"submitter"`
+	Approver    string `xorm:"varchar(100)" json:"approver"`
+	ApproveTime string `xorm:"varchar(100)" json:"approveTime"`
+
+	State string `xorm:"varchar(100)" json:"state"`
+}
+
+func GetPricingCount(owner, field, value string) int {
+	session := GetSession(owner, -1, -1, field, value, "", "")
+	count, err := session.Count(&Pricing{})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
+}
+
+func GetPricings(owner string) []*Pricing {
+	pricings := []*Pricing{}
+	err := adapter.Engine.Desc("created_time").Find(&pricings, &Pricing{Owner: owner})
+	if err != nil {
+		panic(err)
+	}
+	return pricings
+}
+
+func GetPaginatedPricings(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Pricing {
+	pricings := []*Pricing{}
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&pricings)
+	if err != nil {
+		panic(err)
+	}
+	return pricings
+}
+
+func getPricing(owner, name string) *Pricing {
+	if owner == "" || name == "" {
+		return nil
+	}
+
+	pricing := Pricing{Owner: owner, Name: name}
+	existed, err := adapter.Engine.Get(&pricing)
+	if err != nil {
+		panic(err)
+	}
+	if existed {
+		return &pricing
+	} else {
+		return nil
+	}
+}
+
+func GetPricing(id string) *Pricing {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	return getPricing(owner, name)
+}
+
+func UpdatePricing(id string, pricing *Pricing) bool {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	if getPricing(owner, name) == nil {
+		return false
+	}
+
+	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(pricing)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func AddPricing(pricing *Pricing) bool {
+	affected, err := adapter.Engine.Insert(pricing)
+	if err != nil {
+		panic(err)
+	}
+	return affected != 0
+}
+
+func DeletePricing(pricing *Pricing) bool {
+	affected, err := adapter.Engine.ID(core.PK{pricing.Owner, pricing.Name}).Delete(pricing)
+	if err != nil {
+		panic(err)
+	}
+	return affected != 0
+}
+
+func (pricing *Pricing) GetId() string {
+	return fmt.Sprintf("%s/%s", pricing.Owner, pricing.Name)
+}
+
+func (pricing *Pricing) HasPlan(owner string, plan string) bool {
+	selectedPlan := GetPlan(fmt.Sprintf("%s/%s", owner, plan))
+
+	if selectedPlan == nil {
+		return false
+	}
+
+	result := false
+
+	for _, pricingPlan := range pricing.Plans {
+		if strings.Contains(pricingPlan, selectedPlan.Name) {
+			result = true
+			break
+		}
+	}
+
+	return result
+}
--- a/object/provider.go
+++ b/object/provider.go
@@ -70,7 +70,11 @@ type Provider struct {
 	ProviderUrl string `xorm:"varchar(200)" json:"providerUrl"`
 }

-func GetMaskedProvider(provider *Provider) *Provider {
+func GetMaskedProvider(provider *Provider, isMaskEnabled bool) *Provider {
+	if !isMaskEnabled {
+		return provider
+	}
+
 	if provider == nil {
 		return nil
 	}
@@ -88,9 +92,13 @@ func GetMaskedProvider(provider *Provider) *Provider {
 	return provider
 }

-func GetMaskedProviders(providers []*Provider) []*Provider {
+func GetMaskedProviders(providers []*Provider, isMaskEnabled bool) []*Provider {
+	if !isMaskEnabled {
+		return providers
+	}
+
 	for _, provider := range providers {
-		provider = GetMaskedProvider(provider)
+		provider = GetMaskedProvider(provider, isMaskEnabled)
 	}
 	return providers
 }
@@ -310,7 +318,7 @@ func GetCaptchaProviderByApplication(applicationId, isCurrentProvider, lang stri
 			continue
 		}
 		if provider.Provider.Category == "Captcha" {
-			return GetCaptchaProviderByOwnerName(fmt.Sprintf("%s/%s", provider.Provider.Owner, provider.Provider.Name), lang)
+			return GetCaptchaProviderByOwnerName(util.GetId(provider.Provider.Owner, provider.Provider.Name), lang)
 		}
 	}
 	return nil, nil
--- a/object/record.go
+++ b/object/record.go
@@ -47,7 +47,8 @@ type Record struct {
 	RequestUri   string `xorm:"varchar(1000)" json:"requestUri"`
 	Action       string `xorm:"varchar(1000)" json:"action"`

-	ExtendedUser *User `xorm:"-" json:"extendedUser"`
+	Object       string `xorm:"-" json:"object"`
+	ExtendedUser *User  `xorm:"-" json:"extendedUser"`

 	IsTriggered bool `json:"isTriggered"`
 }
@@ -60,6 +61,11 @@ func NewRecord(ctx *context.Context) *Record {
 		requestUri = requestUri[0:1000]
 	}

+	object := ""
+	if ctx.Input.RequestBody != nil && len(ctx.Input.RequestBody) != 0 {
+		object = string(ctx.Input.RequestBody)
+	}
+
 	record := Record{
 		Name:        util.GenerateId(),
 		CreatedTime: util.GetCurrentTime(),
@@ -68,6 +74,7 @@ func NewRecord(ctx *context.Context) *Record {
 		Method:      ctx.Request.Method,
 		RequestUri:  requestUri,
 		Action:      action,
+		Object:      object,
 		IsTriggered: false,
 	}
 	return &record
@@ -159,7 +166,7 @@ func SendWebhooks(record *Record) error {

 		if matched {
 			if webhook.IsUserExtended {
-				user := getUser(record.Organization, record.User)
+				user := GetMaskedUser(getUser(record.Organization, record.User))
 				record.ExtendedUser = user
 			}

--- a/object/subscription.go
+++ b/object/subscription.go
@@ -0,0 +1,154 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/casdoor/casdoor/util"
+	"github.com/xorm-io/core"
+)
+
+const defaultStatus = "Pending"
+
+type Subscription struct {
+	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
+	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
+	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
+	DisplayName string `xorm:"varchar(100)" json:"displayName"`
+	Duration    int    `json:"duration"`
+
+	Description string `xorm:"varchar(100)" json:"description"`
+	Plan        string `xorm:"varchar(100)" json:"plan"`
+
+	StartDate time.Time `json:"startDate"`
+	EndDate   time.Time `json:"endDate"`
+
+	User string `xorm:"mediumtext" json:"user"`
+
+	IsEnabled   bool   `json:"isEnabled"`
+	Submitter   string `xorm:"varchar(100)" json:"submitter"`
+	Approver    string `xorm:"varchar(100)" json:"approver"`
+	ApproveTime string `xorm:"varchar(100)" json:"approveTime"`
+
+	State string `xorm:"varchar(100)" json:"state"`
+}
+
+func NewSubscription(owner string, user string, plan string, duration int) *Subscription {
+	id := util.GenerateId()[:6]
+	return &Subscription{
+		Name:        "Subscription_" + id,
+		DisplayName: "New Subscription - " + id,
+		Owner:       owner,
+		User:        owner + "/" + user,
+		Plan:        owner + "/" + plan,
+		CreatedTime: util.GetCurrentTime(),
+		State:       defaultStatus,
+		Duration:    duration,
+		StartDate:   time.Now(),
+		EndDate:     time.Now().AddDate(0, 0, duration),
+	}
+}
+
+func GetSubscriptionCount(owner, field, value string) int {
+	session := GetSession(owner, -1, -1, field, value, "", "")
+	count, err := session.Count(&Subscription{})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
+}
+
+func GetSubscriptions(owner string) []*Subscription {
+	subscriptions := []*Subscription{}
+	err := adapter.Engine.Desc("created_time").Find(&subscriptions, &Subscription{Owner: owner})
+	if err != nil {
+		panic(err)
+	}
+
+	return subscriptions
+}
+
+func GetPaginationSubscriptions(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Subscription {
+	subscriptions := []*Subscription{}
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
+	err := session.Find(&subscriptions)
+	if err != nil {
+		panic(err)
+	}
+
+	return subscriptions
+}
+
+func getSubscription(owner string, name string) *Subscription {
+	if owner == "" || name == "" {
+		return nil
+	}
+
+	subscription := Subscription{Owner: owner, Name: name}
+	existed, err := adapter.Engine.Get(&subscription)
+	if err != nil {
+		panic(err)
+	}
+
+	if existed {
+		return &subscription
+	} else {
+		return nil
+	}
+}
+
+func GetSubscription(id string) *Subscription {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	return getSubscription(owner, name)
+}
+
+func UpdateSubscription(id string, subscription *Subscription) bool {
+	owner, name := util.GetOwnerAndNameFromId(id)
+	if getSubscription(owner, name) == nil {
+		return false
+	}
+
+	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(subscription)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func AddSubscription(subscription *Subscription) bool {
+	affected, err := adapter.Engine.Insert(subscription)
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func DeleteSubscription(subscription *Subscription) bool {
+	affected, err := adapter.Engine.ID(core.PK{subscription.Owner, subscription.Name}).Delete(&Subscription{})
+	if err != nil {
+		panic(err)
+	}
+
+	return affected != 0
+}
+
+func (subscription *Subscription) GetId() string {
+	return fmt.Sprintf("%s/%s", subscription.Owner, subscription.Name)
+}
--- a/object/syncer.go
+++ b/object/syncer.go
@@ -55,9 +55,9 @@ type Syncer struct {
 	Adapter *Adapter `xorm:"-" json:"-"`
 }

-func GetSyncerCount(owner, field, value string) int {
+func GetSyncerCount(owner, organization, field, value string) int {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	count, err := session.Count(&Syncer{})
+	count, err := session.Count(&Syncer{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@@ -75,10 +75,20 @@ func GetSyncers(owner string) []*Syncer {
 	return syncers
 }

-func GetPaginationSyncers(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Syncer {
+func GetOrganizationSyncers(owner, organization string) []*Syncer {
+	syncers := []*Syncer{}
+	err := adapter.Engine.Desc("created_time").Find(&syncers, &Syncer{Owner: owner, Organization: organization})
+	if err != nil {
+		panic(err)
+	}
+
+	return syncers
+}
+
+func GetPaginationSyncers(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) []*Syncer {
 	syncers := []*Syncer{}
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&syncers)
+	err := session.Find(&syncers, &Syncer{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
--- a/object/token.go
+++ b/object/token.go
@@ -91,9 +91,9 @@ type IntrospectionResponse struct {
 	Jti       string   `json:"jti,omitempty"`
 }

-func GetTokenCount(owner, field, value string) int {
+func GetTokenCount(owner, organization, field, value string) int {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	count, err := session.Count(&Token{})
+	count, err := session.Count(&Token{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@@ -101,9 +101,9 @@ func GetTokenCount(owner, field, value string) int {
 	return int(count)
 }

-func GetTokens(owner string) []*Token {
+func GetTokens(owner string, organization string) []*Token {
 	tokens := []*Token{}
-	err := adapter.Engine.Desc("created_time").Find(&tokens, &Token{Owner: owner})
+	err := adapter.Engine.Desc("created_time").Find(&tokens, &Token{Owner: owner, Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@@ -111,10 +111,10 @@ func GetTokens(owner string) []*Token {
 	return tokens
 }

-func GetPaginationTokens(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Token {
+func GetPaginationTokens(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) []*Token {
 	tokens := []*Token{}
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&tokens)
+	err := session.Find(&tokens, &Token{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
--- a/object/token_jwt.go
+++ b/object/token_jwt.go
@@ -224,13 +224,16 @@ func generateJwtToken(application *Application, user *User, nonce string, scope
 	nowTime := time.Now()
 	expireTime := nowTime.Add(time.Duration(application.ExpireInHours) * time.Hour)
 	refreshExpireTime := nowTime.Add(time.Duration(application.RefreshExpireInHours) * time.Hour)
+	if application.RefreshExpireInHours == 0 {
+		refreshExpireTime = expireTime
+	}

 	user = refineUser(user)

 	_, originBackend := getOriginFromHost(host)

 	name := util.GenerateId()
-	jti := fmt.Sprintf("%s/%s", application.Owner, name)
+	jti := util.GetId(application.Owner, name)

 	claims := Claims{
 		User:      user,
--- a/object/user.go
+++ b/object/user.go
@@ -41,6 +41,7 @@ type User struct {
 	Type              string   `xorm:"varchar(100)" json:"type"`
 	Password          string   `xorm:"varchar(100)" json:"password"`
 	PasswordSalt      string   `xorm:"varchar(100)" json:"passwordSalt"`
+	PasswordType      string   `xorm:"varchar(100)" json:"passwordType"`
 	DisplayName       string   `xorm:"varchar(100)" json:"displayName"`
 	FirstName         string   `xorm:"varchar(100)" json:"firstName"`
 	LastName          string   `xorm:"varchar(100)" json:"lastName"`
@@ -250,6 +251,16 @@ func GetUsers(owner string) []*User {
 	return users
 }

+func GetUsersByTag(owner string, tag string) []*User {
+	users := []*User{}
+	err := adapter.Engine.Desc("created_time").Find(&users, &User{Owner: owner, Tag: tag})
+	if err != nil {
+		panic(err)
+	}
+
+	return users
+}
+
 func GetSortedUsers(owner string, sorter string, limit int) []*User {
 	users := []*User{}
 	err := adapter.Engine.Desc(sorter).Limit(limit, 0).Find(&users, &User{Owner: owner})
@@ -461,6 +472,13 @@ func UpdateUser(id string, user *User, columns []string, isAdmin bool) bool {
 			"location", "address", "country_code", "region", "language", "affiliation", "title", "homepage", "bio", "tag", "language", "gender", "birthday", "education", "score", "karma", "ranking", "signup_application",
 			"is_admin", "is_global_admin", "is_forbidden", "is_deleted", "hash", "is_default_avatar", "properties", "webauthnCredentials", "managedAccounts",
 			"signin_wrong_times", "last_signin_wrong_time",
+			"github", "google", "qq", "wechat", "facebook", "dingtalk", "weibo", "gitee", "linkedin", "wecom", "lark", "gitlab", "adfs",
+			"baidu", "alipay", "casdoor", "infoflow", "apple", "azuread", "slack", "steam", "bilibili", "okta", "douyin", "line", "amazon",
+			"auth0", "battlenet", "bitbucket", "box", "cloudfoundry", "dailymotion", "deezer", "digitalocean", "discord", "dropbox",
+			"eveonline", "fitbit", "gitea", "heroku", "influxcloud", "instagram", "intercom", "kakao", "lastfm", "mailru", "meetup",
+			"microsoftonline", "naver", "nextcloud", "onedrive", "oura", "patreon", "paypal", "salesforce", "shopify", "soundcloud",
+			"spotify", "strava", "stripe", "tiktok", "tumblr", "twitch", "twitter", "typetalk", "uber", "vk", "wepay", "xero", "yahoo",
+			"yammer", "yandex", "zoom", "custom",
 		}
 	}
 	if isAdmin {
--- a/object/user_cred.go
+++ b/object/user_cred.go
@@ -35,5 +35,6 @@ func (user *User) UpdateUserPassword(organization *Organization) {
 	if credManager != nil {
 		hashedPassword := credManager.GetHashedPassword(user.Password, user.PasswordSalt, organization.PasswordSalt)
 		user.Password = hashedPassword
+		user.PasswordType = organization.PasswordType
 	}
 }
--- a/object/user_util.go
+++ b/object/user_util.go
@@ -77,13 +77,17 @@ func GetUserByFields(organization string, field string) *User {
 }

 func SetUserField(user *User, field string, value string) bool {
+	bean := make(map[string]interface{})
 	if field == "password" {
 		organization := GetOrganizationByUser(user)
 		user.UpdateUserPassword(organization)
-		value = user.Password
+		bean[strings.ToLower(field)] = user.Password
+		bean["password_type"] = user.PasswordType
+	} else {
+		bean[strings.ToLower(field)] = value
 	}

-	affected, err := adapter.Engine.Table(user).ID(core.PK{user.Owner, user.Name}).Update(map[string]interface{}{strings.ToLower(field): value})
+	affected, err := adapter.Engine.Table(user).ID(core.PK{user.Owner, user.Name}).Update(bean)
 	if err != nil {
 		panic(err)
 	}
--- a/object/webhook.go
+++ b/object/webhook.go
@@ -42,9 +42,9 @@ type Webhook struct {
 	IsEnabled      bool      `json:"isEnabled"`
 }

-func GetWebhookCount(owner, field, value string) int {
+func GetWebhookCount(owner, organization, field, value string) int {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	count, err := session.Count(&Webhook{})
+	count, err := session.Count(&Webhook{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@@ -52,9 +52,9 @@ func GetWebhookCount(owner, field, value string) int {
 	return int(count)
 }

-func GetWebhooks(owner string) []*Webhook {
+func GetWebhooks(owner string, organization string) []*Webhook {
 	webhooks := []*Webhook{}
-	err := adapter.Engine.Desc("created_time").Find(&webhooks, &Webhook{Owner: owner})
+	err := adapter.Engine.Desc("created_time").Find(&webhooks, &Webhook{Owner: owner, Organization: organization})
 	if err != nil {
 		panic(err)
 	}
@@ -62,10 +62,10 @@ func GetWebhooks(owner string) []*Webhook {
 	return webhooks
 }

-func GetPaginationWebhooks(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Webhook {
+func GetPaginationWebhooks(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) []*Webhook {
 	webhooks := []*Webhook{}
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&webhooks)
+	err := session.Find(&webhooks, &Webhook{Organization: organization})
 	if err != nil {
 		panic(err)
 	}
--- a/routers/authz_filter.go
+++ b/routers/authz_filter.go
@@ -125,7 +125,11 @@ func AuthzFilter(ctx *context.Context) {
 	subOwner, subName := getSubject(ctx)
 	method := ctx.Request.Method
 	urlPath := getUrlPath(ctx.Request.URL.Path)
-	objOwner, objName := getObject(ctx)
+
+	objOwner, objName := "", ""
+	if urlPath != "/api/get-app-login" {
+		objOwner, objName = getObject(ctx)
+	}

 	if strings.HasPrefix(urlPath, "/api/notify-payment") {
 		urlPath = "/api/notify-payment"
--- a/routers/auto_signin_filter.go
+++ b/routers/auto_signin_filter.go
@@ -43,7 +43,7 @@ func AutoSigninFilter(ctx *context.Context) {
 			return
 		}

-		userId := fmt.Sprintf("%s/%s", token.Organization, token.User)
+		userId := util.GetId(token.Organization, token.User)
 		application, _ := object.GetApplicationByUserId(fmt.Sprintf("app/%s", token.Application))
 		setSessionUser(ctx, userId)
 		setSessionOidc(ctx, token.Scope, application.ClientId)
--- a/routers/record.go
+++ b/routers/record.go
@@ -15,8 +15,6 @@
 package routers

 import (
-	"fmt"
-
 	"github.com/beego/beego/context"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
@@ -50,7 +48,7 @@ func getUserByClientIdSecret(ctx *context.Context) string {
 		return ""
 	}

-	return fmt.Sprintf("%s/%s", application.Organization, application.Name)
+	return util.GetId(application.Organization, application.Name)
 }

 func RecordMessage(ctx *context.Context) {
--- a/routers/router.go
+++ b/routers/router.go
@@ -184,6 +184,7 @@ func initAPI() {
 	beego.Router("/api/run-syncer", &controllers.ApiController{}, "GET:RunSyncer")

 	beego.Router("/api/get-certs", &controllers.ApiController{}, "GET:GetCerts")
+	beego.Router("/api/get-globle-certs", &controllers.ApiController{}, "GET:GetGlobleCerts")
 	beego.Router("/api/get-cert", &controllers.ApiController{}, "GET:GetCert")
 	beego.Router("/api/update-cert", &controllers.ApiController{}, "POST:UpdateCert")
 	beego.Router("/api/add-cert", &controllers.ApiController{}, "POST:AddCert")
@@ -202,6 +203,24 @@ func initAPI() {
 	beego.Router("/api/add-message", &controllers.ApiController{}, "POST:AddMessage")
 	beego.Router("/api/delete-message", &controllers.ApiController{}, "POST:DeleteMessage")

+	beego.Router("/api/get-subscriptions", &controllers.ApiController{}, "GET:GetSubscriptions")
+	beego.Router("/api/get-subscription", &controllers.ApiController{}, "GET:GetSubscription")
+	beego.Router("/api/update-subscription", &controllers.ApiController{}, "POST:UpdateSubscription")
+	beego.Router("/api/add-subscription", &controllers.ApiController{}, "POST:AddSubscription")
+	beego.Router("/api/delete-subscription", &controllers.ApiController{}, "POST:DeleteSubscription")
+
+	beego.Router("/api/get-plans", &controllers.ApiController{}, "GET:GetPlans")
+	beego.Router("/api/get-plan", &controllers.ApiController{}, "GET:GetPlan")
+	beego.Router("/api/update-plan", &controllers.ApiController{}, "POST:UpdatePlan")
+	beego.Router("/api/add-plan", &controllers.ApiController{}, "POST:AddPlan")
+	beego.Router("/api/delete-plan", &controllers.ApiController{}, "POST:DeletePlan")
+
+	beego.Router("/api/get-pricings", &controllers.ApiController{}, "GET:GetPricings")
+	beego.Router("/api/get-pricing", &controllers.ApiController{}, "GET:GetPricing")
+	beego.Router("/api/update-pricing", &controllers.ApiController{}, "POST:UpdatePricing")
+	beego.Router("/api/add-pricing", &controllers.ApiController{}, "POST:AddPricing")
+	beego.Router("/api/delete-pricing", &controllers.ApiController{}, "POST:DeletePricing")
+
 	beego.Router("/api/get-products", &controllers.ApiController{}, "GET:GetProducts")
 	beego.Router("/api/get-product", &controllers.ApiController{}, "GET:GetProduct")
 	beego.Router("/api/update-product", &controllers.ApiController{}, "POST:UpdateProduct")
@@ -246,6 +265,7 @@ func initAPI() {

 	beego.Router("/api/get-system-info", &controllers.ApiController{}, "GET:GetSystemInfo")
 	beego.Router("/api/get-version-info", &controllers.ApiController{}, "GET:GetVersionInfo")
+	beego.Router("/api/health", &controllers.ApiController{}, "GET:Health")
 	beego.Router("/api/get-prometheus-info", &controllers.ApiController{}, "GET:GetPrometheusInfo")

 	beego.Handler("/api/metrics", promhttp.Handler())
--- a/storage/minio_s3.go
+++ b/storage/minio_s3.go
@@ -29,7 +29,7 @@ func NewMinIOS3StorageProvider(clientId string, clientSecret string, region stri
 		Endpoint:         endpoint,
 		S3Endpoint:       endpoint,
 		ACL:              awss3.BucketCannedACLPublicRead,
-		S3ForcePathStyle: true,
+		S3ForcePathStyle: false,
 	})

 	return sp
--- a/swagger/swagger.json
+++ b/swagger/swagger.json
--- a/swagger/swagger.yml
+++ b/swagger/swagger.yml
@@ -177,6 +177,42 @@ paths:
          description: The Response object
          schema:
            $ref: '#/definitions/controllers.Response'
+  /api/add-plan:
+    post:
+      tags:
+      - Plan API
+      description: add plan
+      operationId: ApiController.AddPlan
+      parameters:
+      - in: body
+        name: body
+        description: The details of the plan
+        required: true
+        schema:
+          $ref: '#/definitions/object.Plan'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
+  /api/add-pricing:
+    post:
+      tags:
+      - Pricing API
+      description: add pricing
+      operationId: ApiController.AddPricing
+      parameters:
+      - in: body
+        name: body
+        description: The details of the pricing
+        required: true
+        schema:
+          $ref: '#/definitions/object.Pricing'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/add-product:
    post:
      tags:
@@ -278,6 +314,24 @@ paths:
            type: array
            items:
              type: string
+  /api/add-subscription:
+    post:
+      tags:
+      - Subscription API
+      description: add subscription
+      operationId: ApiController.AddSubscription
+      parameters:
+      - in: body
+        name: body
+        description: The details of the subscription
+        required: true
+        schema:
+          $ref: '#/definitions/object.Subscription'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/add-syncer:
    post:
      tags:
@@ -552,6 +606,17 @@ paths:
          description: The Response object
          schema:
            $ref: '#/definitions/controllers.Response'
+  /api/delete-mfa/:
+    post:
+      tags:
+      - MFA API
+      description: ': Delete MFA'
+      operationId: ApiController.DeleteMfa
+      responses:
+        "200":
+          description: object
+          schema:
+            $ref: '#/definitions/Response'
  /api/delete-model:
    post:
      tags:
@@ -624,6 +689,42 @@ paths:
          description: The Response object
          schema:
            $ref: '#/definitions/controllers.Response'
+  /api/delete-plan:
+    post:
+      tags:
+      - Plan API
+      description: delete plan
+      operationId: ApiController.DeletePlan
+      parameters:
+      - in: body
+        name: body
+        description: The details of the plan
+        required: true
+        schema:
+          $ref: '#/definitions/object.Plan'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
+  /api/delete-pricing:
+    post:
+      tags:
+      - Pricing API
+      description: delete pricing
+      operationId: ApiController.DeletePricing
+      parameters:
+      - in: body
+        name: body
+        description: The details of the pricing
+        required: true
+        schema:
+          $ref: '#/definitions/object.Pricing'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/delete-product:
    post:
      tags:
@@ -702,6 +803,24 @@ paths:
            type: array
            items:
              type: string
+  /api/delete-subscription:
+    post:
+      tags:
+      - Subscription API
+      description: delete subscription
+      operationId: ApiController.DeleteSubscription
+      parameters:
+      - in: body
+        name: body
+        description: The details of the subscription
+        required: true
+        schema:
+          $ref: '#/definitions/object.Subscription'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/delete-syncer:
    post:
      tags:
@@ -995,6 +1114,19 @@ paths:
            type: array
            items:
              $ref: '#/definitions/object.User'
+  /api/get-globle-certs:
+    get:
+      tags:
+      - Cert API
+      description: get globle certs
+      operationId: ApiController.GetGlobleCerts
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            type: array
+            items:
+              $ref: '#/definitions/object.Cert'
  /api/get-ldap:
    get:
      tags:
@@ -1027,6 +1159,23 @@ paths:
          description: The Response object
          schema:
            $ref: '#/definitions/object.Message'
+  /api/get-message-answer:
+    get:
+      tags:
+      - Message API
+      description: get message answer
+      operationId: ApiController.GetMessageAnswer
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of the message
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/object.Message'
  /api/get-messages:
    get:
      tags:
@@ -1241,6 +1390,82 @@ paths:
            type: array
            items:
              $ref: '#/definitions/object.Permission'
+  /api/get-plan:
+    get:
+      tags:
+      - Plan API
+      description: get plan
+      operationId: ApiController.GetPlan
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of the plan
+        required: true
+        type: string
+      - in: query
+        name: includeOption
+        description: Should include plan's option
+        type: boolean
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/object.Plan'
+  /api/get-plans:
+    get:
+      tags:
+      - Plan API
+      description: get plans
+      operationId: ApiController.GetPlans
+      parameters:
+      - in: query
+        name: owner
+        description: The owner of plans
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            type: array
+            items:
+              $ref: '#/definitions/object.Plan'
+  /api/get-pricing:
+    get:
+      tags:
+      - Pricing API
+      description: get pricing
+      operationId: ApiController.GetPricing
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of the pricing
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/object.pricing'
+  /api/get-pricings:
+    get:
+      tags:
+      - Pricing API
+      description: get pricings
+      operationId: ApiController.GetPricings
+      parameters:
+      - in: query
+        name: owner
+        description: The owner of pricings
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            type: array
+            items:
+              $ref: '#/definitions/object.Pricing'
  /api/get-product:
    get:
      tags:
@@ -1277,6 +1502,17 @@ paths:
            type: array
            items:
              $ref: '#/definitions/object.Product'
+  /api/get-prometheus-info:
+    get:
+      tags:
+      - Prometheus API
+      description: get Prometheus Info
+      operationId: ApiController.GetPrometheusInfo
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/object.PrometheusInfo'
  /api/get-provider:
    get:
      tags:
@@ -1466,6 +1702,42 @@ paths:
            type: array
            items:
              $ref: '#/definitions/object.User'
+  /api/get-subscription:
+    get:
+      tags:
+      - Subscription API
+      description: get subscription
+      operationId: ApiController.GetSubscription
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of the subscription
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/object.subscription'
+  /api/get-subscriptions:
+    get:
+      tags:
+      - Subscription API
+      description: get subscriptions
+      operationId: ApiController.GetSubscriptions
+      parameters:
+      - in: query
+        name: owner
+        description: The owner of subscriptions
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            type: array
+            items:
+              $ref: '#/definitions/object.Subscription'
  /api/get-syncer:
    get:
      tags:
@@ -1975,6 +2247,39 @@ paths:
          description: The Response object
          schema:
            $ref: '#/definitions/controllers.Response'
+  /api/mfa/setup/enable:
+    post:
+      tags:
+      - MFA API
+      description: enable totp
+      operationId: ApiController.MfaSetupEnable
+      responses:
+        "200":
+          description: object
+          schema:
+            $ref: '#/definitions/Response'
+  /api/mfa/setup/initiate:
+    post:
+      tags:
+      - MFA API
+      description: setup MFA
+      operationId: ApiController.MfaSetupInitiate
+      responses:
+        "200":
+          description: Response object
+          schema:
+            $ref: '#/definitions/The'
+  /api/mfa/setup/verify:
+    post:
+      tags:
+      - MFA API
+      description: setup verify totp
+      operationId: ApiController.MfaSetupVerify
+      responses:
+        "200":
+          description: object
+          schema:
+            $ref: '#/definitions/Response'
  /api/notify-payment:
    post:
      tags:
@@ -2048,6 +2353,17 @@ paths:
          description: The Response object
          schema:
            $ref: '#/definitions/controllers.Response'
+  /api/set-preferred-mfa:
+    post:
+      tags:
+      - MFA API
+      description: ': Set specific Mfa Preferred'
+      operationId: ApiController.SetPreferredMfa
+      responses:
+        "200":
+          description: object
+          schema:
+            $ref: '#/definitions/Response'
  /api/signup:
    post:
      tags:
@@ -2268,6 +2584,52 @@ paths:
          description: The Response object
          schema:
            $ref: '#/definitions/controllers.Response'
+  /api/update-plan:
+    post:
+      tags:
+      - Plan API
+      description: update plan
+      operationId: ApiController.UpdatePlan
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of the plan
+        required: true
+        type: string
+      - in: body
+        name: body
+        description: The details of the plan
+        required: true
+        schema:
+          $ref: '#/definitions/object.Plan'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
+  /api/update-pricing:
+    post:
+      tags:
+      - Pricing API
+      description: update pricing
+      operationId: ApiController.UpdatePricing
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of the pricing
+        required: true
+        type: string
+      - in: body
+        name: body
+        description: The details of the pricing
+        required: true
+        schema:
+          $ref: '#/definitions/object.Pricing'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/update-product:
    post:
      tags:
@@ -2361,6 +2723,29 @@ paths:
            type: array
            items:
              type: string
+  /api/update-subscription:
+    post:
+      tags:
+      - Subscription API
+      description: update subscription
+      operationId: ApiController.UpdateSubscription
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of the subscription
+        required: true
+        type: string
+      - in: body
+        name: body
+        description: The details of the subscription
+        required: true
+        schema:
+          $ref: '#/definitions/object.Subscription'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/update-syncer:
    post:
      tags:
@@ -2555,10 +2940,10 @@ paths:
          schema:
            $ref: '#/definitions/Response'
 definitions:
-  1183.0xc000455050.false:
+  1183.0x1400042eb70.false:
    title: "false"
    type: object
-  1217.0xc000455080.false:
+  1217.0x1400042eba0.false:
    title: "false"
    type: object
  LaravelResponse:
@@ -2567,6 +2952,9 @@ definitions:
  Response:
    title: Response
    type: object
+  The:
+    title: The
+    type: object
  controllers.AuthForm:
    title: AuthForm
    type: object
@@ -2591,9 +2979,9 @@ definitions:
    type: object
    properties:
      data:
-        $ref: '#/definitions/1183.0xc000455050.false'
+        $ref: '#/definitions/1183.0x1400042eb70.false'
      data2:
-        $ref: '#/definitions/1217.0xc000455080.false'
+        $ref: '#/definitions/1217.0x1400042eba0.false'
      msg:
        type: string
      name:
@@ -2799,6 +3187,17 @@ definitions:
        type: array
        items:
          type: string
+  object.GaugeVecInfo:
+    title: GaugeVecInfo
+    type: object
+    properties:
+      method:
+        type: string
+      name:
+        type: string
+      throughput:
+        type: number
+        format: double
  object.Header:
    title: Header
    type: object
@@ -2807,6 +3206,19 @@ definitions:
        type: string
      value:
        type: string
+  object.HistogramVecInfo:
+    title: HistogramVecInfo
+    type: object
+    properties:
+      count:
+        type: integer
+        format: int64
+      latency:
+        type: string
+      method:
+        type: string
+      name:
+        type: string
  object.IntrospectionResponse:
    title: IntrospectionResponse
    type: object
@@ -2868,8 +3280,30 @@ definitions:
        type: string
      owner:
        type: string
+      replyTo:
+        type: string
      text:
        type: string
+  object.MfaProps:
+    title: MfaProps
+    type: object
+    properties:
+      countryCode:
+        type: string
+      id:
+        type: string
+      isPreferred:
+        type: boolean
+      recoveryCodes:
+        type: array
+        items:
+          type: string
+      secret:
+        type: string
+      type:
+        type: string
+      url:
+        type: string
  object.Model:
    title: Model
    type: object
@@ -3098,6 +3532,67 @@ definitions:
        type: array
        items:
          type: string
+  object.Plan:
+    title: Plan
+    type: object
+    properties:
+      createdTime:
+        type: string
+      currency:
+        type: string
+      description:
+        type: string
+      displayName:
+        type: string
+      name:
+        type: string
+      owner:
+        type: string
+      pricePerMonth:
+        type: number
+        format: double
+      pricePerYear:
+        type: number
+        format: double
+      role:
+        type: string
+      options:
+        type: array
+  object.Pricing:
+    title: Pricing
+    type: object
+    properties:
+      application:
+        type: string
+      approveTime:
+        type: string
+      approver:
+        type: string
+      createdTime:
+        type: string
+      description:
+        type: string
+      displayName:
+        type: string
+      hasTrial:
+        type: boolean
+      isEnabled:
+        type: boolean
+      name:
+        type: string
+      owner:
+        type: string
+      plans:
+        type: array
+        items:
+          type: string
+      state:
+        type: string
+      submitter:
+        type: string
+      trialDuration:
+        type: integer
+        format: int64
  object.Product:
    title: Product
    type: object
@@ -3141,6 +3636,21 @@ definitions:
        type: string
      tag:
        type: string
+  object.PrometheusInfo:
+    title: PrometheusInfo
+    type: object
+    properties:
+      apiLatency:
+        type: array
+        items:
+          $ref: '#/definitions/object.HistogramVecInfo'
+      apiThroughput:
+        type: array
+        items:
+          $ref: '#/definitions/object.GaugeVecInfo'
+      totalThroughput:
+        type: number
+        format: double
  object.Provider:
    title: Provider
    type: object
@@ -3313,6 +3823,43 @@ definitions:
        type: string
      visible:
        type: boolean
+  object.Subscription:
+    title: Subscription
+    type: object
+    properties:
+      approveTime:
+        type: string
+      approver:
+        type: string
+      createdTime:
+        type: string
+      description:
+        type: string
+      displayName:
+        type: string
+      duration:
+        type: integer
+        format: int64
+      endDate:
+        type: string
+        format: datetime
+      isEnabled:
+        type: boolean
+      name:
+        type: string
+      owner:
+        type: string
+      plan:
+        type: string
+      startDate:
+        type: string
+        format: datetime
+      state:
+        type: string
+      submitter:
+        type: string
+      user:
+        type: string
  object.Syncer:
    title: Syncer
    type: object
@@ -3612,6 +4159,10 @@ definitions:
        type: string
      microsoftonline:
        type: string
+      multiFactorAuths:
+        type: array
+        items:
+          $ref: '#/definitions/object.MfaProps'
      name:
        type: string
      naver:
@@ -3778,6 +4329,12 @@ definitions:
        type: string
      url:
        type: string
+  object.pricing:
+    title: pricing
+    type: object
+  object.subscription:
+    title: subscription
+    type: object
  protocol.CredentialAssertion:
    title: CredentialAssertion
    type: object
--- a/web/cypress/e2e/adapter.cy.js
+++ b/web/cypress/e2e/adapter.cy.js
@@ -1,16 +1,14 @@
 describe('Test adapter', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    const selector = {
        add: ".ant-table-title > div > .ant-btn"
      };
    it("test adapter", () => {
-        cy.visit("http://localhost:7001");
        cy.visit("http://localhost:7001/adapters");
        cy.url().should("eq", "http://localhost:7001/adapters");
-        cy.get(selector.add).click();
+        cy.get(selector.add,{timeout:10000}).click();
        cy.url().should("include","http://localhost:7001/adapters/built-in/")
    });
 })
--- a/web/cypress/e2e/application.cy.js
+++ b/web/cypress/e2e/application.cy.js
@@ -1,6 +1,5 @@
 describe('Test aplication', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test aplication", () => {
--- a/web/cypress/e2e/certs.cy.js
+++ b/web/cypress/e2e/certs.cy.js
@@ -1,6 +1,5 @@
 describe('Test certs', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test certs", () => {
--- a/web/cypress/e2e/models.cy.js
+++ b/web/cypress/e2e/models.cy.js
@@ -1,6 +1,5 @@
 describe('Test models', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test org", () => {
--- a/web/cypress/e2e/orgnazition.cy.js
+++ b/web/cypress/e2e/orgnazition.cy.js
@@ -1,6 +1,5 @@
 describe('Test Orgnazition', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test org", () => {
--- a/web/cypress/e2e/payments.cy.js
+++ b/web/cypress/e2e/payments.cy.js
@@ -1,16 +1,14 @@
 describe('Test payments', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    const selector = {
        add: ".ant-table-title > div > .ant-btn"
      };
    it("test payments", () => {
-        cy.visit("http://localhost:7001");
        cy.visit("http://localhost:7001/payments");
        cy.url().should("eq", "http://localhost:7001/payments");
-        cy.get(selector.add).click();
+        cy.get(selector.add,{timeout:10000}).click();
        cy.url().should("include","http://localhost:7001/payments/")
    });
 })
--- a/web/cypress/e2e/permissions.cy.js
+++ b/web/cypress/e2e/permissions.cy.js
@@ -1,6 +1,5 @@
 describe('Test permissions', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test permissions", () => {
--- a/web/cypress/e2e/products.cy.js
+++ b/web/cypress/e2e/products.cy.js
@@ -1,16 +1,14 @@
 describe('Test products', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    const selector = {
        add: ".ant-table-title > div > .ant-btn > span"
      };
    it("test products", () => {
-        cy.visit("http://localhost:7001");
        cy.visit("http://localhost:7001/products");
        cy.url().should("eq", "http://localhost:7001/products");
-        cy.get(selector.add).click();
+        cy.get(selector.add,{timeout:10000}).click();
        cy.url().should("include","http://localhost:7001/products/")
    });
 })
--- a/web/cypress/e2e/providers.cy.js
+++ b/web/cypress/e2e/providers.cy.js
@@ -1,6 +1,5 @@
 describe('Test providers', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test providers", () => {
--- a/web/cypress/e2e/records.cy.js
+++ b/web/cypress/e2e/records.cy.js
@@ -1,6 +1,5 @@
 describe('Test records', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test records", () => {
--- a/web/cypress/e2e/resource.cy.js
+++ b/web/cypress/e2e/resource.cy.js
@@ -1,6 +1,5 @@
 describe('Test resource', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test resource", () => {
--- a/web/cypress/e2e/role.cy.js
+++ b/web/cypress/e2e/role.cy.js
@@ -1,6 +1,5 @@
 describe('Test roles', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test role", () => {
--- a/web/cypress/e2e/sessions.cy.js
+++ b/web/cypress/e2e/sessions.cy.js
@@ -1,6 +1,5 @@
 describe('Test sessions', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test sessions", () => {
--- a/web/cypress/e2e/syncers.cy.js
+++ b/web/cypress/e2e/syncers.cy.js
@@ -1,16 +1,14 @@
 describe('Test syncers', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    const selector = {
        add: ".ant-table-title > div > .ant-btn"
      };
    it("test syncers", () => {
-        cy.visit("http://localhost:7001");
        cy.visit("http://localhost:7001/syncers");
        cy.url().should("eq", "http://localhost:7001/syncers");
-        cy.get(selector.add).click();
+        cy.get(selector.add,{timeout:10000}).click();
        cy.url().should("include","http://localhost:7001/syncers/")
    });
 })
--- a/web/cypress/e2e/sysinfo.cy.js
+++ b/web/cypress/e2e/sysinfo.cy.js
@@ -1,6 +1,5 @@
 describe('Test sysinfo', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test sysinfo", () => {
--- a/web/cypress/e2e/tokens.cy.js
+++ b/web/cypress/e2e/tokens.cy.js
@@ -1,16 +1,14 @@
 describe('Test tokens', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    const selector = {
        add: ".ant-table-title > div > .ant-btn"
      };
    it("test records", () => {
-        cy.visit("http://localhost:7001");
        cy.visit("http://localhost:7001/tokens");
        cy.url().should("eq", "http://localhost:7001/tokens");
-        cy.get(selector.add).click();
+        cy.get(selector.add,{timeout:10000}).click();
        cy.url().should("include","http://localhost:7001/tokens/")
    });
 })
--- a/web/cypress/e2e/user.cy.js
+++ b/web/cypress/e2e/user.cy.js
@@ -1,6 +1,5 @@
 describe('Test User', () => {
    beforeEach(()=>{
-        cy.visit("http://localhost:7001");
        cy.login();
    })
    it("test user", () => {
--- a/web/cypress/e2e/webhooks.cy.js
+++ b/web/cypress/e2e/webhooks.cy.js
@@ -7,10 +7,10 @@ describe('Test webhooks', () => {
        add: ".ant-table-title > div > .ant-btn"
      };
    it("test webhooks", () => {
-        cy.visit("http://localhost:7001");
+
        cy.visit("http://localhost:7001/webhooks");
        cy.url().should("eq", "http://localhost:7001/webhooks");
-        cy.get(selector.add).click();
-        cy.url().should("include","http://localhost:7001/webhooks/")
+        cy.get(selector.add,{timeout:10000}).click();
+        cy.url().should("include","http://localhost:7001/webhooks/");
    });
 })
--- a/web/cypress/support/commands.js
+++ b/web/cypress/support/commands.js
@@ -23,19 +23,15 @@
 //
 // -- This will overwrite an existing command --
 // Cypress.Commands.overwrite('visit', (originalFn, url, options) => { ... })
+const selector = {
+  username: "#input",
+  password: "#normal_login_password",
+  loginButton: ".ant-btn",
+};
 Cypress.Commands.add('login', ()=>{
-    cy.request({
-        method: "POST",
-        url: "http://localhost:7001/api/login",
-        body: {
-          "application": "app-built-in",
-          "organization": "built-in",
-          "username": "admin",
-          "password": "123",
-          "autoSignin": true,
-          "type": "login",
-        },
-      }).then((Response) => {
-        expect(Response).property("body").property("status").to.equal("ok");
-      });
+  cy.visit("http://localhost:7001");
+  cy.get(selector.username).type("admin");
+  cy.get(selector.password).type("123");
+  cy.get(selector.loginButton).click();
+  cy.url().should("eq", "http://localhost:7001/");
 })
--- a/web/package.json
+++ b/web/package.json
@@ -3,7 +3,7 @@
  "version": "0.1.0",
  "private": true,
  "dependencies": {
-    "@ant-design/cssinjs": "^1.8.1",
+    "@ant-design/cssinjs": "1.9.1",
    "@ant-design/icons": "^4.7.0",
    "@craco/craco": "^6.4.5",
    "@crowdin/cli": "^3.7.10",
@@ -12,19 +12,17 @@
    "@testing-library/jest-dom": "^4.2.4",
    "@testing-library/react": "^9.3.2",
    "@testing-library/user-event": "^7.1.2",
-    "antd": "5.2.3",
+    "antd": "5.5.0",
    "antd-token-previewer": "^1.1.0-22",
    "codemirror": "^5.61.1",
    "copy-to-clipboard": "^3.3.1",
    "core-js": "^3.25.0",
    "craco-less": "^2.0.0",
-    "eslint-plugin-unused-imports": "^2.0.0",
    "file-saver": "^2.0.5",
    "i18n-iso-countries": "^7.0.0",
    "i18next": "^19.8.9",
    "libphonenumber-js": "^1.10.19",
    "moment": "^2.29.1",
-    "qrcode.react": "^3.1.0",
    "qs": "^6.10.2",
    "react": "^18.2.0",
    "react-app-polyfill": "^3.0.0",
@@ -72,6 +70,7 @@
    "@babel/eslint-parser": "^7.18.9",
    "@babel/preset-react": "^7.18.6",
    "cross-env": "^7.0.3",
+    "eslint-plugin-unused-imports": "^2.0.0",
    "cypress": "^12.5.1",
    "eslint": "8.22.0",
    "eslint-plugin-react": "^7.31.1",
--- a/web/src/AdapterEditPage.js
+++ b/web/src/AdapterEditPage.js
@@ -47,7 +47,7 @@ class AdapterEditPage extends React.Component {
  }

  getAdapter() {
-    AdapterBackend.getAdapter(this.state.owner, this.state.adapterName)
+    AdapterBackend.getAdapter("admin", this.state.adapterName)
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
@@ -60,7 +60,7 @@ class AdapterEditPage extends React.Component {
  }

  getOrganizations() {
-    OrganizationBackend.getOrganizations("admin")
+    OrganizationBackend.getOrganizations(this.state.organizationName)
      .then((res) => {
        this.setState({
          organizations: (res.msg === undefined) ? res : [],
@@ -109,7 +109,7 @@ class AdapterEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.adapter.organization} onChange={(value => {
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.adapter.organization} onChange={(value => {
              this.getModels(value);
              this.updateAdapterField("organization", value);
              this.updateAdapterField("owner", value);
--- a/web/src/AdapterListPage.js
+++ b/web/src/AdapterListPage.js
@@ -26,10 +26,10 @@ class AdapterListPage extends BaseListPage {
  newAdapter() {
    const randomName = Setting.getRandomName();
    return {
-      owner: "built-in",
+      owner: "admin",
      name: `adapter_${randomName}`,
      createdTime: moment().format(),
-      organization: "built-in",
+      organization: this.props.account.owner,
      type: "Database",
      host: "localhost",
      port: 3306,
@@ -247,7 +247,7 @@ class AdapterListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    AdapterBackend.getAdapters("", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    AdapterBackend.getAdapters("admin", Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
--- a/web/src/App.js
+++ b/web/src/App.js
@@ -44,6 +44,12 @@ import SyncerListPage from "./SyncerListPage";
 import SyncerEditPage from "./SyncerEditPage";
 import CertListPage from "./CertListPage";
 import CertEditPage from "./CertEditPage";
+import SubscriptionListPage from "./SubscriptionListPage";
+import SubscriptionEditPage from "./SubscriptionEditPage";
+import PricingListPage from "./PricingListPage";
+import PricingEditPage from "./PricingEditPage";
+import PlanListPage from "./PlanListPage";
+import PlanEditPage from "./PlanEditPage";
 import ChatListPage from "./ChatListPage";
 import ChatEditPage from "./ChatEditPage";
 import ChatPage from "./ChatPage";
@@ -168,6 +174,12 @@ class App extends Component {
      this.setState({selectedMenuKey: "/result"});
    } else if (uri.includes("/sysinfo")) {
      this.setState({selectedMenuKey: "/sysinfo"});
+    } else if (uri.includes("/subscriptions")) {
+      this.setState({selectedMenuKey: "/subscriptions"});
+    } else if (uri.includes("/plans")) {
+      this.setState({selectedMenuKey: "/plans"});
+    } else if (uri.includes("/pricings")) {
+      this.setState({selectedMenuKey: "/pricings"});
    } else {
      this.setState({selectedMenuKey: -1});
    }
@@ -335,6 +347,8 @@ class App extends Component {
    const onClick = (e) => {
      if (e.key === "/account") {
        this.props.history.push("/account");
+      } else if (e.key === "/subscription") {
+        this.props.history.push("/subscription");
      } else if (e.key === "/chat") {
        this.props.history.push("/chat");
      } else if (e.key === "/logout") {
@@ -410,7 +424,7 @@ class App extends Component {
      ));
    }

-    if (Setting.isAdminUser(this.state.account)) {
+    if (Setting.isLocalAdminUser(this.state.account)) {
      res.push(Setting.getItem(<Link to="/models">{i18next.t("general:Models")}</Link>,
        "/models"
      ));
@@ -444,9 +458,22 @@ class App extends Component {
      res.push(Setting.getItem(<Link to="/records">{i18next.t("general:Records")}</Link>,
        "/records"
      ));
+
+      res.push(Setting.getItem(<Link to="/plans">{i18next.t("general:Plans")}</Link>,
+        "/plans"
+      ));
+
+      res.push(Setting.getItem(<Link to="/pricings">{i18next.t("general:Pricings")}</Link>,
+        "/pricings"
+      ));
+
+      res.push(Setting.getItem(<Link to="/subscriptions">{i18next.t("general:Subscriptions")}</Link>,
+        "/subscriptions"
+      ));
+
    }

-    if (Setting.isAdminUser(this.state.account)) {
+    if (Setting.isLocalAdminUser(this.state.account)) {
      res.push(Setting.getItem(<Link to="/tokens">{i18next.t("general:Tokens")}</Link>,
        "/tokens"
      ));
@@ -468,6 +495,7 @@ class App extends Component {
      ));

      if (Conf.EnableExtraPages) {
+
        res.push(Setting.getItem(<Link to="/products">{i18next.t("general:Products")}</Link>,
          "/products"
        ));
@@ -475,11 +503,13 @@ class App extends Component {
        res.push(Setting.getItem(<Link to="/payments">{i18next.t("general:Payments")}</Link>,
          "/payments"
        ));
-
-        res.push(Setting.getItem(<Link to="/sysinfo">{i18next.t("general:System Info")}</Link>,
-          "/sysinfo"
-        ));
      }
+
+    }
+    if (Setting.isAdminUser(this.state.account)) {
+      res.push(Setting.getItem(<Link to="/sysinfo">{i18next.t("general:System Info")}</Link>,
+        "/sysinfo"
+      ));
      res.push(Setting.getItem(<a target="_blank" rel="noreferrer"
        href={Setting.isLocalhost() ? `${Setting.ServerUrl}/swagger` : "/swagger"}>{i18next.t("general:Swagger")}</a>,
      "/swagger"
@@ -548,12 +578,18 @@ class App extends Component {
        <Route exact path="/syncers" render={(props) => this.renderLoginIfNotLoggedIn(<SyncerListPage account={this.state.account} {...props} />)} />
        <Route exact path="/syncers/:syncerName" render={(props) => this.renderLoginIfNotLoggedIn(<SyncerEditPage account={this.state.account} {...props} />)} />
        <Route exact path="/certs" render={(props) => this.renderLoginIfNotLoggedIn(<CertListPage account={this.state.account} {...props} />)} />
-        <Route exact path="/certs/:certName" render={(props) => this.renderLoginIfNotLoggedIn(<CertEditPage account={this.state.account} {...props} />)} />
+        <Route exact path="/certs/:organizationName/:certName" render={(props) => this.renderLoginIfNotLoggedIn(<CertEditPage account={this.state.account} {...props} />)} />
        <Route exact path="/chats" render={(props) => this.renderLoginIfNotLoggedIn(<ChatListPage account={this.state.account} {...props} />)} />
        <Route exact path="/chats/:chatName" render={(props) => this.renderLoginIfNotLoggedIn(<ChatEditPage account={this.state.account} {...props} />)} />
        <Route exact path="/chat" render={(props) => this.renderLoginIfNotLoggedIn(<ChatPage account={this.state.account} {...props} />)} />
        <Route exact path="/messages" render={(props) => this.renderLoginIfNotLoggedIn(<MessageListPage account={this.state.account} {...props} />)} />
        <Route exact path="/messages/:messageName" render={(props) => this.renderLoginIfNotLoggedIn(<MessageEditPage account={this.state.account} {...props} />)} />
+        <Route exact path="/plans" render={(props) => this.renderLoginIfNotLoggedIn(<PlanListPage account={this.state.account} {...props} />)} />
+        <Route exact path="/plan/:organizationName/:planName" render={(props) => this.renderLoginIfNotLoggedIn(<PlanEditPage account={this.state.account} {...props} />)} />
+        <Route exact path="/pricings" render={(props) => this.renderLoginIfNotLoggedIn(<PricingListPage account={this.state.account} {...props} />)} />
+        <Route exact path="/pricing/:organizationName/:pricingName" render={(props) => this.renderLoginIfNotLoggedIn(<PricingEditPage account={this.state.account} {...props} />)} />
+        <Route exact path="/subscriptions" render={(props) => this.renderLoginIfNotLoggedIn(<SubscriptionListPage account={this.state.account} {...props} />)} />
+        <Route exact path="/subscription/:organizationName/:subscriptionName" render={(props) => this.renderLoginIfNotLoggedIn(<SubscriptionEditPage account={this.state.account} {...props} />)} />
        <Route exact path="/products" render={(props) => this.renderLoginIfNotLoggedIn(<ProductListPage account={this.state.account} {...props} />)} />
        <Route exact path="/products/:productName" render={(props) => this.renderLoginIfNotLoggedIn(<ProductEditPage account={this.state.account} {...props} />)} />
        <Route exact path="/products/:productName/buy" render={(props) => this.renderLoginIfNotLoggedIn(<ProductBuyPage account={this.state.account} {...props} />)} />
@@ -649,7 +685,13 @@ class App extends Component {
            textAlign: "center",
          }
        }>
-            Powered by <a target="_blank" href="https://casdoor.org" rel="noreferrer"><img style={{paddingBottom: "3px"}} height={"20px"} alt={"Casdoor"} src={this.state.logo} /></a>
+          {
+            Conf.CustomFooter !== null ? Conf.CustomFooter : (
+              <React.Fragment>
+                Powered by <a target="_blank" href="https://casdoor.org" rel="noreferrer"><img style={{paddingBottom: "3px"}} height={"20px"} alt={"Casdoor"} src={this.state.logo} /></a>
+              </React.Fragment>
+            )
+          }
        </Footer>
      </React.Fragment>
    );
@@ -666,7 +708,8 @@ class App extends Component {
        window.location.pathname.startsWith("/prompt") ||
        window.location.pathname.startsWith("/result") ||
        window.location.pathname.startsWith("/cas") ||
-        window.location.pathname.startsWith("/auto-signup");
+        window.location.pathname.startsWith("/auto-signup") ||
+        window.location.pathname.startsWith("/select-plan");
  }

  renderPage() {
--- a/web/src/ApplicationEditPage.js
+++ b/web/src/ApplicationEditPage.js
@@ -112,7 +112,6 @@ class ApplicationEditPage extends React.Component {
  UNSAFE_componentWillMount() {
    this.getApplication();
    this.getOrganizations();
-    this.getCerts();
    this.getProviders();
    this.getSamlMetadata();
  }
@@ -126,6 +125,8 @@ class ApplicationEditPage extends React.Component {
        this.setState({
          application: application,
        });
+
+        this.getCerts(application.organization);
      });
  }

@@ -144,8 +145,8 @@ class ApplicationEditPage extends React.Component {
      });
  }

-  getCerts() {
-    CertBackend.getCerts("admin")
+  getCerts(owner) {
+    CertBackend.getCerts(owner)
      .then((res) => {
        this.setState({
          certs: (res.msg === undefined) ? res : [],
@@ -510,9 +511,7 @@ class ApplicationEditPage extends React.Component {
                />
              </div>
            } title={i18next.t("provider:Signup HTML - Edit")} trigger="click">
-              <Input value={this.state.application.signupHtml} style={{marginBottom: "10px"}} onChange={e => {
-                this.updateApplicationField("signupHtml", e.target.value);
-              }} />
+              <Button>{i18next.t("general:Edit")}</Button>
            </Popover>
          </Col>
        </Row>
@@ -532,9 +531,7 @@ class ApplicationEditPage extends React.Component {
                />
              </div>
            } title={i18next.t("provider:Signin HTML - Edit")} trigger="click">
-              <Input value={this.state.application.signinHtml} style={{marginBottom: "10px"}} onChange={e => {
-                this.updateApplicationField("signinHtml", e.target.value);
-              }} />
+              <Button>{i18next.t("general:Edit")}</Button>
            </Popover>
          </Col>
        </Row>
@@ -650,7 +647,7 @@ class ApplicationEditPage extends React.Component {
            </Row>
          </Col>
        </Row>
-        <Row>
+        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("application:Form CSS"), i18next.t("application:Form CSS - Tooltip"))} :
          </Col>
@@ -665,9 +662,26 @@ class ApplicationEditPage extends React.Component {
                />
              </div>
            } title={i18next.t("application:Form CSS - Edit")} trigger="click">
-              <Input value={this.state.application.formCss} style={{marginBottom: "10px"}} onChange={e => {
-                this.updateApplicationField("formCss", e.target.value);
-              }} />
+              <Button>{i18next.t("general:Edit")}</Button>
+            </Popover>
+          </Col>
+        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("application:Form CSS Mobile"), i18next.t("application:Form CSS Mobile - Tooltip"))} :
+          </Col>
+          <Col span={22}>
+            <Popover placement="right" content={
+              <div style={{width: "900px", height: "300px"}} >
+                <CodeMirror value={this.state.application.formCssMobile === "" ? template : this.state.application.formCssMobile}
+                  options={{mode: "css", theme: "material-darker"}}
+                  onBeforeChange={(editor, data, value) => {
+                    this.updateApplicationField("formCssMobile", value);
+                  }}
+                />
+              </div>
+            } title={i18next.t("application:Form CSS Mobile - Edit")} trigger="click">
+              <Button>{i18next.t("general:Edit")}</Button>
            </Popover>
          </Col>
        </Row>
@@ -702,9 +716,7 @@ class ApplicationEditPage extends React.Component {
                      />
                    </div>
                  } title={i18next.t("application:Side panel HTML - Edit")} trigger="click">
-                    <Input value={this.state.application.formSideHtml} style={{marginBottom: "10px"}} onChange={e => {
-                      this.updateApplicationField("formSideHtml", e.target.value);
-                    }} />
+                    <Button>{i18next.t("general:Edit")}</Button>
                  </Popover>
                </Col>
              </Row>
@@ -769,7 +781,7 @@ class ApplicationEditPage extends React.Component {
    let signUpUrl = `/signup/${this.state.application.name}`;

    let redirectUri;
-    if (this.state.application.redirectUris.length !== 0) {
+    if (this.state.application.redirectUris?.length > 0) {
      redirectUri = this.state.application.redirectUris[0];
    } else {
      redirectUri = "\"ERROR: You must specify at least one Redirect URL in 'Redirect URLs'\"";
--- a/web/src/ApplicationListPage.js
+++ b/web/src/ApplicationListPage.js
@@ -65,6 +65,7 @@ class ApplicationListPage extends BaseListPage {
      redirectUris: ["http://localhost:9000/callback"],
      tokenFormat: "JWT",
      expireInHours: 24 * 7,
+      refreshExpireInHours: 24 * 7,
      formOffset: 2,
    };
  }
@@ -175,7 +176,7 @@ class ApplicationListPage extends BaseListPage {
        // width: '600px',
        render: (text, record, index) => {
          const providers = text;
-          if (providers.length === 0) {
+          if (providers === null || providers.length === 0) {
            return `(${i18next.t("general:empty")})`;
          }

@@ -273,7 +274,7 @@ class ApplicationListPage extends BaseListPage {
    const sortField = params.sortField, sortOrder = params.sortOrder;
    this.setState({loading: true});
    (Setting.isAdminUser(this.props.account) ? ApplicationBackend.getApplications("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder) :
-      ApplicationBackend.getApplicationsByOrganization("admin", this.state.organizationName, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
+      ApplicationBackend.getApplicationsByOrganization("admin", this.props.account.organization.name, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
--- a/web/src/CertEditPage.js
+++ b/web/src/CertEditPage.js
@@ -15,6 +15,7 @@
 import React from "react";
 import {Button, Card, Col, Input, InputNumber, Row, Select} from "antd";
 import * as CertBackend from "./backend/CertBackend";
+import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as Setting from "./Setting";
 import i18next from "i18next";
 import copy from "copy-to-clipboard";
@@ -29,17 +30,20 @@ class CertEditPage extends React.Component {
    this.state = {
      classes: props,
      certName: props.match.params.certName,
+      owner: props.match.params.organizationName,
      cert: null,
+      organizations: [],
      mode: props.location.mode !== undefined ? props.location.mode : "edit",
    };
  }

  UNSAFE_componentWillMount() {
    this.getCert();
+    this.getOrganizations();
  }

  getCert() {
-    CertBackend.getCert("admin", this.state.certName)
+    CertBackend.getCert(this.state.owner, this.state.certName)
      .then((cert) => {
        this.setState({
          cert: cert,
@@ -47,6 +51,15 @@ class CertEditPage extends React.Component {
      });
  }

+  getOrganizations() {
+    OrganizationBackend.getOrganizations("admin")
+      .then((res) => {
+        this.setState({
+          organizations: (res.msg === undefined) ? res : [],
+        });
+      });
+  }
+
  parseCertField(key, value) {
    if (["port"].includes(key)) {
      value = Setting.myParseInt(value);
@@ -75,6 +88,19 @@ class CertEditPage extends React.Component {
          {this.state.mode === "add" ? <Button style={{marginLeft: "20px"}} onClick={() => this.deleteCert()}>{i18next.t("general:Cancel")}</Button> : null}
        </div>
      } style={(Setting.isMobile()) ? {margin: "5px"} : {}} type="inner">
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.cert.owner} onChange={(value => {this.updateCertField("owner", value);})}>
+              {Setting.isAdminUser(this.props.account) ? <Option key={"admin"} value={"admin"}>{i18next.t("provider:admin (Shared)")}</Option> : null}
+              {
+                this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
        <Row style={{marginTop: "10px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
@@ -216,7 +242,7 @@ class CertEditPage extends React.Component {

  submitCertEdit(willExist) {
    const cert = Setting.deepCopy(this.state.cert);
-    CertBackend.updateCert(this.state.cert.owner, this.state.certName, cert)
+    CertBackend.updateCert(this.state.owner, this.state.certName, cert)
      .then((res) => {
        if (res.status === "ok") {
          Setting.showMessage("success", i18next.t("general:Successfully saved"));
@@ -227,7 +253,7 @@ class CertEditPage extends React.Component {
          if (willExist) {
            this.props.history.push("/certs");
          } else {
-            this.props.history.push(`/certs/${this.state.cert.name}`);
+            this.props.history.push(`/certs/${this.state.cert.owner}/${this.state.cert.name}`);
          }
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);
--- a/web/src/CertListPage.js
+++ b/web/src/CertListPage.js
@@ -23,10 +23,20 @@ import BaseListPage from "./BaseListPage";
 import PopconfirmModal from "./common/modal/PopconfirmModal";

 class CertListPage extends BaseListPage {
+  constructor(props) {
+    super(props);
+  }
+
+  componentDidMount() {
+    this.setState({
+      owner: Setting.isAdminUser(this.props.account) ? "admin" : this.props.account.owner,
+    });
+  }
+
  newCert() {
    const randomName = Setting.getRandomName();
    return {
-      owner: "admin", // this.props.account.certname,
+      owner: this.state.owner,
      name: `cert_${randomName}`,
      createdTime: moment().format(),
      displayName: `New Cert - ${randomName}`,
@@ -45,7 +55,7 @@ class CertListPage extends BaseListPage {
    CertBackend.addCert(newCert)
      .then((res) => {
        if (res.status === "ok") {
-          this.props.history.push({pathname: `/certs/${newCert.name}`, mode: "add"});
+          this.props.history.push({pathname: `/certs/${newCert.owner}/${newCert.name}`, mode: "add"});
          Setting.showMessage("success", i18next.t("general:Successfully added"));
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to add")}: ${res.msg}`);
@@ -86,12 +96,23 @@ class CertListPage extends BaseListPage {
        ...this.getColumnSearchProps("name"),
        render: (text, record, index) => {
          return (
-            <Link to={`/certs/${text}`}>
+            <Link to={`/certs/${record.owner}/${text}`}>
              {text}
            </Link>
          );
        },
      },
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "owner",
+        key: "owner",
+        width: "150px",
+        sorter: true,
+        ...this.getColumnSearchProps("organization"),
+        render: (text, record, index) => {
+          return (text !== "admin") ? text : i18next.t("provider:admin (Shared)");
+        },
+      },
      {
        title: i18next.t("general:Created time"),
        dataIndex: "createdTime",
@@ -168,8 +189,9 @@ class CertListPage extends BaseListPage {
        render: (text, record, index) => {
          return (
            <div>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/certs/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <Button disabled={!Setting.isAdminUser(this.props.account) && (record.owner !== this.props.account.owner)} style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/certs/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
              <PopconfirmModal
+                disabled={!Setting.isAdminUser(this.props.account) && (record.owner !== this.props.account.owner)}
                title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
                onConfirm={() => this.deleteCert(index)}
              >
@@ -214,7 +236,8 @@ class CertListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    CertBackend.getCerts("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    (Setting.isAdminUser(this.props.account) ? CertBackend.getGlobleCerts(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      : CertBackend.getCerts(this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
      .then((res) => {
        if (res.status === "ok") {
          this.setState({
--- a/web/src/ChatEditPage.js
+++ b/web/src/ChatEditPage.js
@@ -99,7 +99,7 @@ class ChatEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.chat.organization} onChange={(value => {this.updateChatField("organization", value);})}
+            <Select virtual={false} disabled={!Setting.isAdminUser(this.props.account)} style={{width: "100%"}} value={this.state.chat.organization} onChange={(value => {this.updateChatField("organization", value);})}
              options={this.state.organizations.map((organization) => Setting.getOption(organization.name, organization.name))
              } />
          </Col>
--- a/web/src/ChatPage.js
+++ b/web/src/ChatPage.js
@@ -51,7 +51,7 @@ class ChatPage extends BaseListPage {
  newMessage(text) {
    const randomName = Setting.getRandomName();
    return {
-      owner: "admin", // this.props.account.messagename,
+      owner: this.props.account.owner, // this.props.account.messagename,
      name: `message_${randomName}`,
      createdTime: moment().format(),
      organization: this.props.account.owner,
--- a/web/src/Conf.js
+++ b/web/src/Conf.js
@@ -28,3 +28,5 @@ export const ThemeDefault = {
  borderRadius: 6,
  isCompact: false,
 };
+
+export const CustomFooter = null;
--- a/web/src/EntryPage.js
+++ b/web/src/EntryPage.js
@@ -16,6 +16,8 @@ import React from "react";
 import {Redirect, Route, Switch} from "react-router-dom";
 import {Spin} from "antd";
 import i18next from "i18next";
+import * as ApplicationBackend from "./backend/ApplicationBackend";
+import PricingPage from "./pricing/PricingPage";
 import * as Setting from "./Setting";
 import * as Conf from "./Conf";
 import SignupPage from "./auth/SignupPage";
@@ -33,6 +35,7 @@ class EntryPage extends React.Component {
    super(props);
    this.state = {
      application: undefined,
+      pricing: undefined,
    };
  }

@@ -65,9 +68,23 @@ class EntryPage extends React.Component {
      this.props.updataThemeData(themeData);
    };

+    const onUpdatePricing = (pricing) => {
+      this.setState({
+        pricing: pricing,
+      });
+
+      ApplicationBackend.getApplication("admin", pricing.application)
+        .then((application) => {
+          const themeData = application !== null ? Setting.getThemeData(application.organizationObj, application) : Conf.ThemeDefault;
+          this.props.updataThemeData(themeData);
+        });
+    };
+
    return (
-      <div className="loginBackground" style={{backgroundImage: Setting.inIframe() || Setting.isMobile() ? null : `url(${this.state.application?.formBackgroundUrl})`}}>
-        <Spin size="large" spinning={this.state.application === undefined} tip={i18next.t("login:Loading")} style={{margin: "0 auto"}} />
+      <div className="loginBackground"
+        style={{backgroundImage: Setting.inIframe() || Setting.isMobile() ? null : `url(${this.state.application?.formBackgroundUrl})`}}>
+        <Spin size="large" spinning={this.state.application === undefined && this.state.pricing === undefined} tip={i18next.t("login:Loading")}
+          style={{margin: "0 auto"}} />
        <Switch>
          <Route exact path="/signup" render={(props) => this.renderHomeIfLoggedIn(<SignupPage {...this.props} application={this.state.application} applicationName={authConfig.appName} onUpdateApplication={onUpdateApplication} {...props} />)} />
          <Route exact path="/signup/:applicationName" render={(props) => this.renderHomeIfLoggedIn(<SignupPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
@@ -85,6 +102,7 @@ class EntryPage extends React.Component {
          <Route exact path="/result/:applicationName" render={(props) => this.renderHomeIfLoggedIn(<ResultPage {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
          <Route exact path="/cas/:owner/:casApplicationName/logout" render={(props) => this.renderHomeIfLoggedIn(<CasLogout {...this.props} application={this.state.application} onUpdateApplication={onUpdateApplication} {...props} />)} />
          <Route exact path="/cas/:owner/:casApplicationName/login" render={(props) => {return (<LoginPage {...this.props} application={this.state.application} type={"cas"} mode={"signin"} onUpdateApplication={onUpdateApplication} {...props} />);}} />
+          <Route exact path="/select-plan/:pricingName" render={(props) => this.renderHomeIfLoggedIn(<PricingPage {...this.props} pricing={this.state.pricing} onUpdatePricing={onUpdatePricing} {...props} />)} />
        </Switch>
      </div>
    );
--- a/web/src/LdapEditPage.js
+++ b/web/src/LdapEditPage.js
@@ -185,6 +185,7 @@ class LdapEditPage extends React.Component {
              {value: "uid", label: "uid"},
              {value: "mail", label: "Email"},
              {value: "mobile", label: "mobile"},
+              {value: "sAMAccountName", label: "sAMAccountName"},
            ].map((item) => Setting.getOption(item.label, item.value))} onChange={value => {
              this.updateLdapField("filterFields", value);
            }} />
--- a/web/src/LdapSyncPage.js
+++ b/web/src/LdapSyncPage.js
@@ -94,7 +94,7 @@ class LdapSyncPage extends React.Component {
        if (res.status === "ok") {
          this.setState((prevState) => {
            prevState.users = res.data.users;
-            prevState.existUuids = res.data2?.length > 0 ? res.data2 : [];
+            prevState.existUuids = res.data.existUuids?.length > 0 ? res.data.existUuids.filter(uuid => uuid !== "") : [];
            return prevState;
          });
        } else {
--- a/web/src/MessageEditPage.js
+++ b/web/src/MessageEditPage.js
@@ -113,7 +113,7 @@ class MessageEditPage extends React.Component {
            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.message.organization} onChange={(value => {this.updateMessageField("organization", value);})}
+            <Select virtual={false} disabled={!Setting.isAdminUser(this.props.account)} style={{width: "100%"}} value={this.state.message.organization} onChange={(value => {this.updateMessageField("organization", value);})}
              options={this.state.organizations.map((organization) => Setting.getOption(organization.name, organization.name))
              } />
          </Col>
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Yaodong Yu	44cd55e55f	feat: fix UI in IE11 (#1878 )	2023-05-22 16:59:37 +08:00
Yang Luo	6b42d35223	Fix state encoding for Moodle	2023-05-21 15:47:18 +08:00
Yang Luo	c84150cede	Fix getObject() bug for some API	2023-05-21 11:07:01 +08:00
hsluoyz	de2689ac39	fix: revert "feat: fix UI in IE11" (#1873 ) * Revert "feat: fix UI in IE11 (#1871)" This reverts commit `319031da28`. * Update MfaVerifyForm.js	2023-05-21 00:43:42 +08:00
Ilya Sulimanov	88c0856d17	feat: add subscription managment (#1858 ) * feat: subscription managment * fix: remove console log * fix: webhooks * fix linter * fix: fix via gofumpt * fix: review changes * fix: Copyright 2023 * Update account.go --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>	2023-05-20 15:56:21 +08:00
Yaodong Yu	319031da28	feat: fix UI in IE11 (#1871 )	2023-05-19 21:47:02 +08:00
June	d20f3eb039	feat: support get user by userId and owner (#1870 ) * feat: support get user by userId and owner * Update user.go --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>	2023-05-19 21:46:44 +08:00
Yaodong Yu	3e13e61d8f	fix: sdk user is not Global Admin (#1868 )	2023-05-19 21:24:55 +08:00
Yaodong Yu	1260354b36	fix: add sAMAccountName for AD search (#1869 )	2023-05-19 21:16:59 +08:00
Jadson Santos	af79fdedf2	feat: add new language: "pt" (#1837 ) * feat: Added new locales pt-br * fix: Changed pt-br to pt * feat: Updated app.conf * feat: Updated Setting.js * feat: Changed folder locales pt-br to pt --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>	2023-05-19 16:57:44 +08:00
Yang Luo	02333f2f0c	Add "pt" language to backend	2023-05-19 16:42:31 +08:00
Yang Luo	79bd58e0e6	Use util.GetId()	2023-05-19 14:26:32 +08:00
Yang Luo	de73ff0e60	Add IsMaskedEnabled to provider API	2023-05-19 13:09:53 +08:00
Yang Luo	a9d662f1bd	Improve Migrator_1_314_0_PR_1841 speed	2023-05-19 02:55:36 +08:00
Yaodong Yu	65dcbd2236	feat: compatible different uid of LDAP server (#1860 ) * feat: compatible different uid of LDAP server * Update organization.go --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>	2023-05-19 02:34:25 +08:00
Yaodong Yu	6455734807	fix: fix incorrect LDAP sync status (#1859 )	2023-05-18 22:03:53 +08:00
Trần Thanh Tịnh	2eefeaffa7	feat: enforce by using resourceId (#1855 ) * feat: enforce by using resourceId * Update permission.go * chore: fix cilint for enforcer.go --------- Co-authored-by: tinhtt4 <tinhtt4@vng.com.vn> Co-authored-by: hsluoyz <hsluoyz@qq.com>	2023-05-18 16:36:03 +08:00
Yang Luo	04eaad1c80	Fix getCertByApplication()	2023-05-18 16:32:43 +08:00
Yang Luo	9f084a0799	Can update user with OAuth values	2023-05-18 15:58:41 +08:00
Yang Luo	293b9f1036	Remove languages in app.conf	2023-05-18 15:44:11 +08:00
Yang Luo	437376c472	Fix CheckAccessPermission()	2023-05-18 13:36:16 +08:00
Yang Luo	cc528c5d8c	Add object to webhook	2023-05-17 23:57:14 +08:00
Yang Luo	54e2055ffb	Fix Beego filter: RecordMessage	2023-05-17 23:01:59 +08:00
Yang Luo	983a30a2e0	Dingtalk now supports linking with corpMobile	2023-05-17 22:14:57 +08:00
Yang Luo	37d0157d41	Fix application.EnableSignUp bug	2023-05-17 21:56:36 +08:00
Yang Luo	d4dc236770	Fix refreshExpireInHours zero value issue	2023-05-17 20:47:59 +08:00
Yang Luo	596742d782	Show org column better for admin (shared)	2023-05-17 17:30:47 +08:00
XDTD	ce921c00cd	fix: resolve the problem of cert being unable to be accessed properly (#1850 ) * fix: resolve the problem of cert being unable to be accessed properly * Update CertEditPage.js --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>	2023-05-17 17:17:58 +08:00
Yang Luo	3830e443b0	Put webhook's RecordMessage() to FinishRouter stage	2023-05-17 16:32:12 +08:00
Yaodong Yu	9092cad631	feat: support forced binding MFA after login (#1845 )	2023-05-17 01:13:13 +08:00
Yang Luo	0b5ecca5c8	Support empty application in page	2023-05-16 22:17:39 +08:00
Yang Luo	3d9b305bbb	Add /api/health API	2023-05-16 21:47:34 +08:00
Yang Luo	0217e359e7	Update to Go 1.19.9 and Node 16.18.0 in Dockerfile	2023-05-16 20:33:31 +08:00
Yang Luo	695a612e77	Improve passwordType in CheckPassword()	2023-05-16 20:14:05 +08:00
Alexander Egorov	645d53e2c6	feat: User should have PasswordType like Organization (#1841 ) * fixes #1840: [backend] User should have PasswordType like Organization is * Update migrator.go * Update and rename migrator_1_314_0_PR_1838.go to migrator_1_314_0_PR_1841.go * Update user.go --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>	2023-05-16 20:11:19 +08:00
Yang Luo	73b9d73f64	Add CustomFooter to Conf.js	2023-05-15 16:49:45 +08:00
1307	c6675ee4e6	feat: AI responses support streaming (#1826 ) Is an AI response that supports streaming return	2023-05-13 11:31:20 +08:00
Yang Luo	6f0b7f3f24	Support modelId arg in Enforce() API	2023-05-12 21:39:57 +08:00
Yang Luo	776a682fae	Improve args of Enforce() API	2023-05-12 21:32:48 +08:00
Yang Luo	96a3db21a1	Support LDAP search by user tag	2023-05-12 13:03:43 +08:00
Yang Luo	c33d537ac1	Add formCssMobile to application	2023-05-12 12:16:03 +08:00
Yang Luo	5214d48486	Fix authorized issue of UploadResource() API	2023-05-12 01:00:06 +08:00
Yang Luo	e360b06d12	Fix termsOfUse upload in application edit page	2023-05-10 23:57:03 +08:00
Yang Luo	3c871c38df	Fix message and chat owner bug	2023-05-10 22:32:32 +08:00
jakiuncle	7df043fb15	fix: fix cypress error (#1817 ) * fix: fix cypress error * fix: fix cypress error * fix: fix cypress error * fix: fix cypress error * fix: fix cypress error * fix: fix cypress error * fix: fix cypress error * fix: fix cypress error * fix: fix cypress error	2023-05-09 20:51:07 +08:00
XDTD	cb542ae46a	feat: fix org admin permissions (#1822 )	2023-05-09 00:06:52 +08:00
imp2002	3699177837	fix: fix URL path in MinIO storage provider(#1818 )	2023-05-08 16:48:56 +08:00