feat: IntrospectToken return the right Jti (JWT ID instead of User Id) (#2035)

* feat: organization as context

* feat: organization as context with backend filtration

* Update app.conf

* update app.conf and hide organization select for mobile.

---------

Co-authored-by: dplynsky <dplynsky@ptsecurity.com>
Co-authored-by: hsluoyz <hsluoyz@qq.com>

controllers/application.go

@@ -50,7 +50,8 @@ func (c *ApiController) GetApplications() {
 		}
 
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = object.GetMaskedApplications(applications, userId)
@@ -59,13 +60,15 @@ func (c *ApiController) GetApplications() {
 		limit := util.ParseInt(limit)
 		count, err := object.GetApplicationCount(owner, field, value)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		app, err := object.GetPaginationApplications(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		applications := object.GetMaskedApplications(app, userId)
@@ -85,7 +88,8 @@ func (c *ApiController) GetApplication() {
 	id := c.Input().Get("id")
 	app, err := object.GetApplication(id)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = object.GetMaskedApplication(app, userId)
@@ -104,7 +108,8 @@ func (c *ApiController) GetUserApplication() {
 	id := c.Input().Get("id")
 	user, err := object.GetUser(id)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	if user == nil {
@@ -114,7 +119,8 @@ func (c *ApiController) GetUserApplication() {
 
 	app, err := object.GetApplicationByUser(user)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = object.GetMaskedApplication(app, userId)
@@ -147,7 +153,8 @@ func (c *ApiController) GetOrganizationApplications() {
 	if limit == "" || page == "" {
 		applications, err := object.GetOrganizationApplications(owner, organization)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = object.GetMaskedApplications(applications, userId)

controllers/auth.go

@@ -69,6 +69,15 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		return
 	}
 
+	// check user's tag
+	if !user.IsGlobalAdmin && !user.IsAdmin && len(application.Tags) > 0 {
+		// only users with the tag that is listed in the application tags can login
+		if !util.InSlice(application.Tags, user.Tag) {
+			c.ResponseError(fmt.Sprintf(c.T("auth:User's tag: %s is not listed in the application's tags"), user.Tag))
+			return
+		}
+	}
+
 	if form.Password != "" && user.IsMfaEnabled() {
 		c.setMfaSessionData(&object.MfaSessionData{UserId: userId})
 		resp = &Response{Status: object.NextMfa, Data: user.GetPreferredMfaProps(true)}
@@ -238,7 +247,7 @@ func isProxyProviderType(providerType string) bool {
 // @Param code_challenge_method   query    string  false code_challenge_method
 // @Param code_challenge          query    string  false code_challenge
 // @Param   form   body   controllers.AuthForm  true        "Login information"
-// @Success 200 {object} Response The Response object
+// @Success 200 {object} controllers.Response The Response object
 // @router /login [post]
 func (c *ApiController) Login() {
 	resp := &Response{}
@@ -756,7 +765,8 @@ func (c *ApiController) HandleSamlLogin() {
 func (c *ApiController) HandleOfficialAccountEvent() {
 	respBytes, err := ioutil.ReadAll(c.Ctx.Request.Body)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	var data struct {
@@ -766,7 +776,8 @@ func (c *ApiController) HandleOfficialAccountEvent() {
 	}
 	err = xml.Unmarshal(respBytes, &data)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	lock.Lock()

controllers/base.go

@@ -79,7 +79,8 @@ func (c *ApiController) getCurrentUser() *object.User {
 	} else {
 		user, err = object.GetUser(userId)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return nil
 		}
 	}
 	return user
@@ -112,7 +113,8 @@ func (c *ApiController) GetSessionApplication() *object.Application {
 	}
 	application, err := object.GetApplicationByClientId(clientId.(string))
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return nil
 	}
 
 	return application

controllers/cert.go

@@ -41,7 +41,8 @@ func (c *ApiController) GetCerts() {
 	if limit == "" || page == "" {
 		maskedCerts, err := object.GetMaskedCerts(object.GetCerts(owner))
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = maskedCerts
@@ -50,13 +51,15 @@ func (c *ApiController) GetCerts() {
 		limit := util.ParseInt(limit)
 		count, err := object.GetCertCount(owner, field, value)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		certs, err := object.GetMaskedCerts(object.GetPaginationCerts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.ResponseOk(certs, paginator.Nums())
@@ -80,7 +83,8 @@ func (c *ApiController) GetGlobleCerts() {
 	if limit == "" || page == "" {
 		maskedCerts, err := object.GetMaskedCerts(object.GetGlobleCerts())
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = maskedCerts
@@ -89,13 +93,15 @@ func (c *ApiController) GetGlobleCerts() {
 		limit := util.ParseInt(limit)
 		count, err := object.GetGlobalCertsCount(field, value)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		certs, err := object.GetMaskedCerts(object.GetPaginationGlobalCerts(paginator.Offset(), limit, field, value, sortField, sortOrder))
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.ResponseOk(certs, paginator.Nums())
@@ -113,7 +119,8 @@ func (c *ApiController) GetCert() {
 	id := c.Input().Get("id")
 	cert, err := object.GetCert(id)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = object.GetMaskedCert(cert)

controllers/chat.go

@@ -41,7 +41,8 @@ func (c *ApiController) GetChats() {
 	if limit == "" || page == "" {
 		maskedChats, err := object.GetMaskedChats(object.GetChats(owner))
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = maskedChats
@@ -77,7 +78,8 @@ func (c *ApiController) GetChat() {
 
 	maskedChat, err := object.GetMaskedChat(object.GetChat(id))
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = maskedChat

controllers/message.go

@@ -53,7 +53,8 @@ func (c *ApiController) GetMessages() {
 		}
 
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = object.GetMaskedMessages(messages)
@@ -89,7 +90,8 @@ func (c *ApiController) GetMessage() {
 	id := c.Input().Get("id")
 	message, err := object.GetMessage(id)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = object.GetMaskedMessage(message)
@@ -100,7 +102,8 @@ func (c *ApiController) ResponseErrorStream(errorText string) {
 	event := fmt.Sprintf("event: myerror\ndata: %s\n\n", errorText)
 	_, err := c.Ctx.ResponseWriter.Write([]byte(event))
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 }
 
@@ -196,7 +199,8 @@ func (c *ApiController) GetMessageAnswer() {
 	event := fmt.Sprintf("event: end\ndata: %s\n\n", "end")
 	_, err = c.Ctx.ResponseWriter.Write([]byte(event))
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	answer := stringBuilder.String()
@@ -204,7 +208,8 @@ func (c *ApiController) GetMessageAnswer() {
 	message.Text = answer
 	_, err = object.UpdateMessage(message.GetId(), message)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 }
 

controllers/mfa.go

@@ -17,7 +17,6 @@ package controllers
 import (
 	"net/http"
 
-	"github.com/beego/beego"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -29,7 +28,7 @@ import (
 // @param owner	form	string	true	"owner of user"
 // @param name	form	string	true	"name of user"
 // @param type	form	string	true	"MFA auth type"
-// @Success 200 {object}   The Response object
+// @Success 200 {object} controllers.Response The Response object
 // @router /mfa/setup/initiate [post]
 func (c *ApiController) MfaSetupInitiate() {
 	owner := c.Ctx.Request.Form.Get("owner")
@@ -58,10 +57,7 @@ func (c *ApiController) MfaSetupInitiate() {
 		return
 	}
 
-	issuer := beego.AppConfig.String("appname")
-	accountName := user.GetId()
-
-	mfaProps, err := MfaUtil.Initiate(c.Ctx, issuer, accountName)
+	mfaProps, err := MfaUtil.Initiate(c.Ctx, user.GetId())
 	if err != nil {
 		c.ResponseError(err.Error())
 		return

controllers/model.go

@@ -41,7 +41,8 @@ func (c *ApiController) GetModels() {
 	if limit == "" || page == "" {
 		models, err := object.GetModels(owner)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = models
@@ -77,7 +78,8 @@ func (c *ApiController) GetModel() {
 
 	model, err := object.GetModel(id)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = model

controllers/organization.go

@@ -37,17 +37,27 @@ func (c *ApiController) GetOrganizations() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
+	organizationName := c.Input().Get("organizationName")
 
+	isGlobalAdmin := c.IsGlobalAdmin()
 	if limit == "" || page == "" {
-		maskedOrganizations, err := object.GetMaskedOrganizations(object.GetOrganizations(owner))
+		var maskedOrganizations []*object.Organization
+		var err error
+
+		if isGlobalAdmin {
+			maskedOrganizations, err = object.GetMaskedOrganizations(object.GetOrganizations(owner))
+		} else {
+			maskedOrganizations, err = object.GetMaskedOrganizations(object.GetOrganizations(owner, c.getCurrentUser().Owner))
+		}
+
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = maskedOrganizations
 		c.ServeJSON()
 	} else {
-		isGlobalAdmin := c.IsGlobalAdmin()
 		if !isGlobalAdmin {
 			maskedOrganizations, err := object.GetMaskedOrganizations(object.GetOrganizations(owner, c.getCurrentUser().Owner))
 			if err != nil {
@@ -64,7 +74,7 @@ func (c *ApiController) GetOrganizations() {
 			}
 
 			paginator := pagination.SetPaginator(c.Ctx, limit, count)
-			organizations, err := object.GetMaskedOrganizations(object.GetPaginationOrganizations(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
+			organizations, err := object.GetMaskedOrganizations(object.GetPaginationOrganizations(owner, organizationName, paginator.Offset(), limit, field, value, sortField, sortOrder))
 			if err != nil {
 				c.ResponseError(err.Error())
 				return

controllers/payment.go

@@ -42,7 +42,8 @@ func (c *ApiController) GetPayments() {
 	if limit == "" || page == "" {
 		payments, err := object.GetPayments(owner)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = payments
@@ -51,13 +52,15 @@ func (c *ApiController) GetPayments() {
 		limit := util.ParseInt(limit)
 		count, err := object.GetPaymentCount(owner, organization, field, value)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		payments, err := object.GetPaginationPayments(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.ResponseOk(payments, paginator.Nums())
@@ -99,7 +102,8 @@ func (c *ApiController) GetPayment() {
 
 	payment, err := object.GetPayment(id)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = payment
@@ -190,7 +194,8 @@ func (c *ApiController) NotifyPayment() {
 	}
 
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 }
 

controllers/permission.go

@@ -41,7 +41,8 @@ func (c *ApiController) GetPermissions() {
 	if limit == "" || page == "" {
 		permissions, err := object.GetPermissions(owner)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = permissions
@@ -50,13 +51,15 @@ func (c *ApiController) GetPermissions() {
 		limit := util.ParseInt(limit)
 		count, err := object.GetPermissionCount(owner, field, value)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
 		permissions, err := object.GetPaginationPermissions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.ResponseOk(permissions, paginator.Nums())
@@ -116,7 +119,8 @@ func (c *ApiController) GetPermission() {
 
 	permission, err := object.GetPermission(id)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = permission

controllers/plan.go

@@ -41,7 +41,8 @@ func (c *ApiController) GetPlans() {
 	if limit == "" || page == "" {
 		plans, err := object.GetPlans(owner)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = plans
@@ -79,13 +80,15 @@ func (c *ApiController) GetPlan() {
 
 	plan, err := object.GetPlan(id)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	if includeOption {
 		options, err := object.GetPermissionsByRole(plan.Role)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		for _, option := range options {

controllers/pricing.go

@@ -41,7 +41,8 @@ func (c *ApiController) GetPricings() {
 	if limit == "" || page == "" {
 		pricings, err := object.GetPricings(owner)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = pricings
@@ -70,14 +71,15 @@ func (c *ApiController) GetPricings() {
 // @Tag Pricing API
 // @Description get pricing
 // @Param   id     query    string  true        "The id ( owner/name ) of the pricing"
-// @Success 200 {object} object.pricing The Response object
+// @Success 200 {object} object.Pricing The Response object
 // @router /get-pricing [get]
 func (c *ApiController) GetPricing() {
 	id := c.Input().Get("id")
 
 	pricing, err := object.GetPricing(id)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = pricing

controllers/product.go

@@ -42,7 +42,8 @@ func (c *ApiController) GetProducts() {
 	if limit == "" || page == "" {
 		products, err := object.GetProducts(owner)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = products
@@ -78,12 +79,14 @@ func (c *ApiController) GetProduct() {
 
 	product, err := object.GetProduct(id)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	err = object.ExtendProductWithProviders(product)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = product

controllers/provider.go

@@ -46,7 +46,8 @@ func (c *ApiController) GetProviders() {
 	if limit == "" || page == "" {
 		providers, err := object.GetProviders(owner)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.ResponseOk(object.GetMaskedProviders(providers, isMaskEnabled))
@@ -92,7 +93,8 @@ func (c *ApiController) GetGlobalProviders() {
 	if limit == "" || page == "" {
 		globalProviders, err := object.GetGlobalProviders()
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.ResponseOk(object.GetMaskedProviders(globalProviders, isMaskEnabled))

controllers/record.go

@@ -42,17 +42,22 @@ func (c *ApiController) GetRecords() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
+	organizationName := c.Input().Get("organizationName")
 
 	if limit == "" || page == "" {
 		records, err := object.GetRecords()
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = records
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
+		if c.IsGlobalAdmin() && organizationName != "" {
+			organization = organizationName
+		}
 		filterRecord := &object.Record{Organization: organization}
 		count, err := object.GetRecordCount(field, value, filterRecord)
 		if err != nil {
@@ -84,12 +89,14 @@ func (c *ApiController) GetRecordsByFilter() {
 	record := &object.Record{}
 	err := util.JsonToStruct(body, record)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	records, err := object.GetRecordsByField(record)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = records

controllers/resource.go

@@ -53,7 +53,8 @@ func (c *ApiController) GetResources() {
 	if limit == "" || page == "" {
 		resources, err := object.GetResources(owner, user)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = resources
@@ -86,7 +87,8 @@ func (c *ApiController) GetResource() {
 
 	resource, err := object.GetResource(id)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = resource

controllers/role.go

@@ -41,7 +41,8 @@ func (c *ApiController) GetRoles() {
 	if limit == "" || page == "" {
 		roles, err := object.GetRoles(owner)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = roles
@@ -77,7 +78,8 @@ func (c *ApiController) GetRole() {
 
 	role, err := object.GetRole(id)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = role

controllers/session.go

@@ -41,7 +41,8 @@ func (c *ApiController) GetSessions() {
 	if limit == "" || page == "" {
 		sessions, err := object.GetSessions(owner)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = sessions
@@ -76,7 +77,8 @@ func (c *ApiController) GetSingleSession() {
 
 	session, err := object.GetSingleSession(id)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = session
@@ -155,7 +157,8 @@ func (c *ApiController) IsSessionDuplicated() {
 
 	isUserSessionDuplicated, err := object.IsSessionDuplicated(id, sessionId)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = &Response{Status: "ok", Msg: "", Data: isUserSessionDuplicated}

controllers/subscription.go

@@ -41,7 +41,8 @@ func (c *ApiController) GetSubscriptions() {
 	if limit == "" || page == "" {
 		subscriptions, err := object.GetSubscriptions(owner)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = subscriptions
@@ -70,14 +71,15 @@ func (c *ApiController) GetSubscriptions() {
 // @Tag Subscription API
 // @Description get subscription
 // @Param   id     query    string  true        "The id ( owner/name ) of the subscription"
-// @Success 200 {object} object.subscription The Response object
+// @Success 200 {object} object.Subscription The Response object
 // @router /get-subscription [get]
 func (c *ApiController) GetSubscription() {
 	id := c.Input().Get("id")
 
 	subscription, err := object.GetSubscription(id)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = subscription

controllers/syncer.go

@@ -42,7 +42,8 @@ func (c *ApiController) GetSyncers() {
 	if limit == "" || page == "" {
 		organizationSyncers, err := object.GetOrganizationSyncers(owner, organization)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = organizationSyncers
@@ -78,7 +79,8 @@ func (c *ApiController) GetSyncer() {
 
 	syncer, err := object.GetSyncer(id)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = syncer

controllers/token.go

@@ -43,7 +43,8 @@ func (c *ApiController) GetTokens() {
 	if limit == "" || page == "" {
 		token, err := object.GetTokens(owner, organization)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = token
@@ -78,7 +79,8 @@ func (c *ApiController) GetToken() {
 	id := c.Input().Get("id")
 	token, err := object.GetToken(id)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = token
@@ -193,7 +195,8 @@ func (c *ApiController) GetOAuthToken() {
 	host := c.Ctx.Request.Host
 	oAuthtoken, err := object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, username, password, host, refreshToken, tag, avatar, c.GetAcceptLanguage())
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = oAuthtoken
@@ -236,7 +239,8 @@ func (c *ApiController) RefreshToken() {
 
 	refreshToken2, err := object.RefreshToken(grantType, refreshToken, scope, clientId, clientSecret, host)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = refreshToken2
@@ -276,7 +280,8 @@ func (c *ApiController) IntrospectToken() {
 	}
 	application, err := object.GetApplicationByClientId(clientId)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	if application == nil || application.ClientSecret != clientSecret {
@@ -289,7 +294,8 @@ func (c *ApiController) IntrospectToken() {
 	}
 	token, err := object.GetTokenByTokenAndApplication(tokenValue, application.Name)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	if token == nil {
@@ -319,7 +325,7 @@ func (c *ApiController) IntrospectToken() {
 		Sub:       jwtToken.Subject,
 		Aud:       jwtToken.Audience,
 		Iss:       jwtToken.Issuer,
-		Jti:       jwtToken.Id,
+		Jti:       jwtToken.ID,
 	}
 	c.ServeJSON()
 }

controllers/user.go

@@ -41,7 +41,8 @@ func (c *ApiController) GetGlobalUsers() {
 	if limit == "" || page == "" {
 		maskedUsers, err := object.GetMaskedUsers(object.GetGlobalUsers())
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = maskedUsers
@@ -101,7 +102,8 @@ func (c *ApiController) GetUsers() {
 
 		maskedUsers, err := object.GetMaskedUsers(object.GetUsers(owner))
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = maskedUsers
@@ -153,7 +155,8 @@ func (c *ApiController) GetUser() {
 	if userId != "" && owner != "" {
 		userFromUserId, err = object.GetUserByUserId(owner, userId)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		id = util.GetId(userFromUserId.Owner, userFromUserId.Name)
@@ -165,7 +168,8 @@ func (c *ApiController) GetUser() {
 
 	organization, err := object.GetOrganization(util.GetId("admin", owner))
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	if !organization.IsProfilePublic {
@@ -190,18 +194,21 @@ func (c *ApiController) GetUser() {
 	}
 
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	user.MultiFactorAuths = object.GetAllMfaProps(user, true)
 	err = object.ExtendUserWithRolesAndPermissions(user)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	maskedUser, err := object.GetMaskedUser(user)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = maskedUser
@@ -498,7 +505,8 @@ func (c *ApiController) GetSortedUsers() {
 
 	maskedUsers, err := object.GetMaskedUsers(object.GetSortedUsers(owner, sorter, limit))
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = maskedUsers

controllers/util.go

@@ -97,7 +97,8 @@ func (c *ApiController) RequireSignedInUser() (*object.User, bool) {
 
 	user, err := object.GetUser(userId)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return nil, false
 	}
 
 	if user == nil {

controllers/webauthn.go

@@ -66,7 +66,7 @@ func (c *ApiController) WebAuthnSignupBegin() {
 // @Tag User API
 // @Description WebAuthn Registration Flow 2nd stage
 // @Param   body    body   protocol.CredentialCreationResponse  true        "authenticator attestation Response"
-// @Success 200 {object} Response "The Response object"
+// @Success 200 {object} controllers.Response "The Response object"
 // @router /webauthn/signup/finish [post]
 func (c *ApiController) WebAuthnSignupFinish() {
 	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
@@ -150,7 +150,7 @@ func (c *ApiController) WebAuthnSigninBegin() {
 // @Tag Login API
 // @Description WebAuthn Login Flow 2nd stage
 // @Param   body    body   protocol.CredentialAssertionResponse  true        "authenticator assertion Response"
-// @Success 200 {object} Response "The Response object"
+// @Success 200 {object} controllers.Response "The Response object"
 // @router /webauthn/signin/finish [post]
 func (c *ApiController) WebAuthnSigninFinish() {
 	responseType := c.Input().Get("responseType")

controllers/webhook.go

@@ -42,7 +42,8 @@ func (c *ApiController) GetWebhooks() {
 	if limit == "" || page == "" {
 		webhooks, err := object.GetWebhooks(owner, organization)
 		if err != nil {
-			panic(err)
+			c.ResponseError(err.Error())
+			return
 		}
 
 		c.Data["json"] = webhooks
@@ -79,7 +80,8 @@ func (c *ApiController) GetWebhook() {
 
 	webhook, err := object.GetWebhook(id)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.Data["json"] = webhook

go.mod

@@ -42,14 +42,14 @@ require (
 	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d // indirect
 	github.com/nyaruka/phonenumbers v1.1.5
 	github.com/pkoukk/tiktoken-go v0.1.1
-	github.com/plutov/paypal/v4 v4.7.0
+	github.com/pquerna/otp v1.4.0
 	github.com/prometheus/client_golang v1.11.1
 	github.com/prometheus/client_model v0.2.0
 	github.com/qiangmzsx/string-adapter/v2 v2.1.0
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/russellhaering/gosaml2 v0.9.0
 	github.com/russellhaering/goxmldsig v1.2.0
-	github.com/sashabaranov/go-openai v1.9.1
+	github.com/sashabaranov/go-openai v1.12.0
 	github.com/satori/go.uuid v1.2.0
 	github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 // indirect
 	github.com/shirou/gopsutil v3.21.11+incompatible
@@ -59,7 +59,7 @@ require (
 	github.com/tealeg/xlsx v1.0.5
 	github.com/thanhpk/randstr v1.0.4
 	github.com/tklauser/go-sysconf v0.3.10 // indirect
-	github.com/xorm-io/builder v0.3.13 // indirect
+	github.com/xorm-io/builder v0.3.13
 	github.com/xorm-io/core v0.7.4
 	github.com/xorm-io/xorm v1.1.6
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect

go.sum

@@ -105,6 +105,8 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc h1:biVzkmvwrH8WK8raXaxBx6fRVTlJILwEwQGL1I/ByEI=
+github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/bradfitz/gomemcache v0.0.0-20180710155616-bc664df96737/go.mod h1:PmM6Mmwb0LSuEubjR8N7PtNe1KxZLtOUHtbeikc5h60=
 github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
 github.com/casbin/casbin v1.7.0/go.mod h1:c67qKN6Oum3UF5Q1+BByfFxkwKvhwW57ITjqwtzR1KE=
@@ -495,10 +497,10 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkoukk/tiktoken-go v0.1.1 h1:jtkYlIECjyM9OW1w4rjPmTohK4arORP9V25y6TM6nXo=
 github.com/pkoukk/tiktoken-go v0.1.1/go.mod h1:boMWvk9pQCOTx11pgu0DrIdrAKgQzzJKUP6vLXaz7Rw=
-github.com/plutov/paypal/v4 v4.7.0 h1:6TRvYD4ny6yQfHaABeStNf43GFM1wpW5jU/XEDGQmq0=
-github.com/plutov/paypal/v4 v4.7.0/go.mod h1:D56boafCRGcF/fEM0w282kj0fCDKIyrwOPX/Te1jCmw=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pquerna/otp v1.4.0 h1:wZvl1TIVxKRThZIBiwOOHOGP/1+nZyWBil9Y2XNEDzg=
+github.com/pquerna/otp v1.4.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
@@ -546,6 +548,8 @@ github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sashabaranov/go-openai v1.9.1 h1:3N52HkJKo9Zlo/oe1AVv5ZkCOny0ra58/ACvAxkN3MM=
 github.com/sashabaranov/go-openai v1.9.1/go.mod h1:lj5b/K+zjTSFxVLijLSTDZuP7adOgerWeFyZLUhAKRg=
+github.com/sashabaranov/go-openai v1.12.0 h1:aRNHH0gtVfrpIaEolD0sWrLLRnYQNK4cH/bIAHwL8Rk=
+github.com/sashabaranov/go-openai v1.12.0/go.mod h1:lj5b/K+zjTSFxVLijLSTDZuP7adOgerWeFyZLUhAKRg=
 github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
@@ -595,7 +599,6 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=

i18n/locales/de/data.json

@@ -18,7 +18,8 @@
     "The login method: login with password is not enabled for the application": "Die Anmeldeart \"Anmeldung mit Passwort\" ist für die Anwendung nicht aktiviert",
     "The provider: %s is not enabled for the application": "Der Anbieter: %s ist nicht für die Anwendung aktiviert",
     "Unauthorized operation": "Nicht autorisierte Operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unbekannter Authentifizierungstyp (nicht Passwort oder Anbieter), Formular = %s"
+    "Unknown authentication type (not password or provider), form = %s": "Unbekannter Authentifizierungstyp (nicht Passwort oder Anbieter), Formular = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
   },
   "cas": {
     "Service %s and %s do not match": "Service %s und %s stimmen nicht überein"

i18n/locales/en/data.json

@@ -18,7 +18,8 @@
     "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
     "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
     "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
   },
   "cas": {
     "Service %s and %s do not match": "Service %s and %s do not match"

i18n/locales/es/data.json

@@ -18,7 +18,8 @@
     "The login method: login with password is not enabled for the application": "El método de inicio de sesión: inicio de sesión con contraseña no está habilitado para la aplicación",
     "The provider: %s is not enabled for the application": "El proveedor: %s no está habilitado para la aplicación",
     "Unauthorized operation": "Operación no autorizada",
-    "Unknown authentication type (not password or provider), form = %s": "Tipo de autenticación desconocido (no es contraseña o proveedor), formulario = %s"
+    "Unknown authentication type (not password or provider), form = %s": "Tipo de autenticación desconocido (no es contraseña o proveedor), formulario = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
   },
   "cas": {
     "Service %s and %s do not match": "Los servicios %s y %s no coinciden"

i18n/locales/fr/data.json

@@ -18,7 +18,8 @@
     "The login method: login with password is not enabled for the application": "La méthode de connexion : connexion avec mot de passe n'est pas activée pour l'application",
     "The provider: %s is not enabled for the application": "Le fournisseur :%s n'est pas activé pour l'application",
     "Unauthorized operation": "Opération non autorisée",
-    "Unknown authentication type (not password or provider), form = %s": "Type d'authentification inconnu (pas de mot de passe ou de fournisseur), formulaire = %s"
+    "Unknown authentication type (not password or provider), form = %s": "Type d'authentification inconnu (pas de mot de passe ou de fournisseur), formulaire = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
   },
   "cas": {
     "Service %s and %s do not match": "Les services %s et %s ne correspondent pas"

i18n/locales/id/data.json

@@ -18,7 +18,8 @@
     "The login method: login with password is not enabled for the application": "Metode login: login dengan kata sandi tidak diaktifkan untuk aplikasi tersebut",
     "The provider: %s is not enabled for the application": "Penyedia: %s tidak diaktifkan untuk aplikasi ini",
     "Unauthorized operation": "Operasi tidak sah",
-    "Unknown authentication type (not password or provider), form = %s": "Jenis otentikasi tidak diketahui (bukan kata sandi atau pemberi), formulir = %s"
+    "Unknown authentication type (not password or provider), form = %s": "Jenis otentikasi tidak diketahui (bukan kata sandi atau pemberi), formulir = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
   },
   "cas": {
     "Service %s and %s do not match": "Layanan %s dan %s tidak cocok"

i18n/locales/ja/data.json

@@ -18,7 +18,8 @@
     "The login method: login with password is not enabled for the application": "ログイン方法：パスワードでのログインはアプリケーションで有効になっていません",
     "The provider: %s is not enabled for the application": "プロバイダー：%sはアプリケーションでは有効化されていません",
     "Unauthorized operation": "不正操作",
-    "Unknown authentication type (not password or provider), form = %s": "不明な認証タイプ（パスワードまたはプロバイダーではない）フォーム=%s"
+    "Unknown authentication type (not password or provider), form = %s": "不明な認証タイプ（パスワードまたはプロバイダーではない）フォーム=%s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
   },
   "cas": {
     "Service %s and %s do not match": "サービス%sと%sは一致しません"

i18n/locales/ko/data.json

@@ -18,7 +18,8 @@
     "The login method: login with password is not enabled for the application": "어플리케이션에서는 암호를 사용한 로그인 방법이 활성화되어 있지 않습니다",
     "The provider: %s is not enabled for the application": "제공자 %s은(는) 응용 프로그램에서 활성화되어 있지 않습니다",
     "Unauthorized operation": "무단 조작",
-    "Unknown authentication type (not password or provider), form = %s": "알 수 없는 인증 유형(암호 또는 공급자가 아님), 폼 = %s"
+    "Unknown authentication type (not password or provider), form = %s": "알 수 없는 인증 유형(암호 또는 공급자가 아님), 폼 = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
   },
   "cas": {
     "Service %s and %s do not match": "서비스 %s와 %s는 일치하지 않습니다"

i18n/locales/pt/data.json

@@ -18,7 +18,8 @@
     "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
     "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
     "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
   },
   "cas": {
     "Service %s and %s do not match": "Service %s and %s do not match"

i18n/locales/ru/data.json

@@ -18,7 +18,8 @@
     "The login method: login with password is not enabled for the application": "Метод входа: вход с паролем не включен для приложения",
     "The provider: %s is not enabled for the application": "Провайдер: %s не включен для приложения",
     "Unauthorized operation": "Несанкционированная операция",
-    "Unknown authentication type (not password or provider), form = %s": "Неизвестный тип аутентификации (не пароль и не провайдер), форма = %s"
+    "Unknown authentication type (not password or provider), form = %s": "Неизвестный тип аутентификации (не пароль и не провайдер), форма = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
   },
   "cas": {
     "Service %s and %s do not match": "Сервисы %s и %s не совпадают"

i18n/locales/vi/data.json

@@ -18,7 +18,8 @@
     "The login method: login with password is not enabled for the application": "Phương thức đăng nhập: đăng nhập bằng mật khẩu không được kích hoạt cho ứng dụng",
     "The provider: %s is not enabled for the application": "Nhà cung cấp: %s không được kích hoạt cho ứng dụng",
     "Unauthorized operation": "Hoạt động không được ủy quyền",
-    "Unknown authentication type (not password or provider), form = %s": "Loại xác thực không xác định (không phải mật khẩu hoặc nhà cung cấp), biểu mẫu = %s"
+    "Unknown authentication type (not password or provider), form = %s": "Loại xác thực không xác định (không phải mật khẩu hoặc nhà cung cấp), biểu mẫu = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
   },
   "cas": {
     "Service %s and %s do not match": "Dịch sang tiếng Việt: Dịch vụ %s và %s không khớp"

i18n/locales/zh/data.json

@@ -18,7 +18,8 @@
     "The login method: login with password is not enabled for the application": "该应用禁止采用密码登录方式",
     "The provider: %s is not enabled for the application": "该应用的提供商: %s未被启用",
     "Unauthorized operation": "未授权的操作",
-    "Unknown authentication type (not password or provider), form = %s": "未知的认证类型（非密码或第三方提供商）：%s"
+    "Unknown authentication type (not password or provider), form = %s": "未知的认证类型（非密码或第三方提供商）：%s",
+    "User's tag: %s is not listed in the application's tags": "用户的标签: %s不在该应用的标签列表中"
   },
   "cas": {
     "Service %s and %s do not match": "服务%s与%s不匹配"

idp/wechat.go

@@ -198,12 +198,22 @@ func (idp *WeChatIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error)
 func GetWechatOfficialAccountAccessToken(clientId string, clientSecret string) (string, error) {
 	accessTokenUrl := fmt.Sprintf("https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=%s&secret=%s", clientId, clientSecret)
 	request, err := http.NewRequest("GET", accessTokenUrl, nil)
+	if err != nil {
+		return "", err
+	}
+
 	client := new(http.Client)
 	resp, err := client.Do(request)
+	if err != nil {
+		return "", err
+	}
+	defer resp.Body.Close()
+
 	respBytes, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
 		return "", err
 	}
+
 	var data struct {
 		ExpireIn    int    `json:"expires_in"`
 		AccessToken string `json:"access_token"`
@@ -212,20 +222,30 @@ func GetWechatOfficialAccountAccessToken(clientId string, clientSecret string) (
 	if err != nil {
 		return "", err
 	}
+
 	return data.AccessToken, nil
 }
 
 func GetWechatOfficialAccountQRCode(clientId string, clientSecret string) (string, error) {
 	accessToken, err := GetWechatOfficialAccountAccessToken(clientId, clientSecret)
 	client := new(http.Client)
-	params := "{\"action_name\": \"QR_LIMIT_STR_SCENE\", \"action_info\": {\"scene\": {\"scene_str\": \"test\"}}}"
+
+	weChatEndpoint := "https://api.weixin.qq.com/cgi-bin/qrcode/create"
+	qrCodeUrl := fmt.Sprintf("%s?access_token=%s", weChatEndpoint, accessToken)
+	params := `{"action_name": "QR_LIMIT_STR_SCENE", "action_info": {"scene": {"scene_str": "test"}}}`
+
 	bodyData := bytes.NewReader([]byte(params))
-	qrCodeUrl := fmt.Sprintf("https://api.weixin.qq.com/cgi-bin/qrcode/create?access_token=%s", accessToken)
 	requeset, err := http.NewRequest("POST", qrCodeUrl, bodyData)
+	if err != nil {
+		return "", err
+	}
+
 	resp, err := client.Do(requeset)
 	if err != nil {
 		return "", err
 	}
+	defer resp.Body.Close()
+
 	respBytes, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
 		return "", err

object/adapter.go

@@ -275,7 +275,7 @@ func GetSession(owner string, offset, limit int, field, value, sortField, sortOr
 		session = session.And("owner=?", owner)
 	}
 	if field != "" && value != "" {
-		if filterField(field) {
+		if util.FilterField(field) {
 			session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
 		}
 	}
@@ -303,7 +303,7 @@ func GetSessionForUser(owner string, offset, limit int, field, value, sortField,
 		}
 	}
 	if field != "" && value != "" {
-		if filterField(field) {
+		if util.FilterField(field) {
 			if offset != -1 {
 				field = fmt.Sprintf("a.%s", field)
 			}

object/application.go

@@ -57,6 +57,7 @@ type Application struct {
 	SignupItems         []*SignupItem   `xorm:"varchar(1000)" json:"signupItems"`
 	GrantTypes          []string        `xorm:"varchar(1000)" json:"grantTypes"`
 	OrganizationObj     *Organization   `xorm:"-" json:"organizationObj"`
+	Tags                []string        `xorm:"mediumtext" json:"tags"`
 
 	ClientId             string     `xorm:"varchar(100)" json:"clientId"`
 	ClientSecret         string     `xorm:"varchar(100)" json:"clientSecret"`

object/check.go

@@ -16,7 +16,6 @@ package object
 
 import (
 	"fmt"
-	"regexp"
 	"strings"
 	"time"
 	"unicode"
@@ -28,21 +27,11 @@ import (
 	goldap "github.com/go-ldap/ldap/v3"
 )
 
-var (
-	reWhiteSpace     *regexp.Regexp
-	reFieldWhiteList *regexp.Regexp
-)
-
 const (
 	SigninWrongTimesLimit     = 5
 	LastSignWrongTimeDuration = time.Minute * 15
 )
 
-func init() {
-	reWhiteSpace, _ = regexp.Compile(`\s`)
-	reFieldWhiteList, _ = regexp.Compile(`^[A-Za-z0-9]+$`)
-}
-
 func CheckUserSignup(application *Application, organization *Organization, form *form.AuthForm, lang string) string {
 	if organization == nil {
 		return i18n.Translate(lang, "check:Organization does not exist")
@@ -58,7 +47,7 @@ func CheckUserSignup(application *Application, organization *Organization, form
 		if util.IsEmailValid(form.Username) {
 			return i18n.Translate(lang, "check:Username cannot be an email address")
 		}
-		if reWhiteSpace.MatchString(form.Username) {
+		if util.ReWhiteSpace.MatchString(form.Username) {
 			return i18n.Translate(lang, "check:Username cannot contain white spaces")
 		}
 
@@ -294,10 +283,6 @@ func CheckUserPassword(organization string, username string, password string, la
 	return user, ""
 }
 
-func filterField(field string) bool {
-	return reFieldWhiteList.MatchString(field)
-}
-
 func CheckUserPermission(requestUserId, userId string, strict bool, lang string) (bool, error) {
 	if requestUserId == "" {
 		return false, fmt.Errorf(i18n.Translate(lang, "general:Please login first"))
@@ -397,8 +382,8 @@ func CheckUsername(username string, lang string) string {
 	}
 
 	// https://stackoverflow.com/questions/58726546/github-username-convention-using-regex
-	re, _ := regexp.Compile("^[a-zA-Z0-9]+((?:-[a-zA-Z0-9]+)|(?:_[a-zA-Z0-9]+))*$")
-	if !re.MatchString(username) {
+
+	if !util.ReUserName.MatchString(username) {
 		return i18n.Translate(lang, "check:The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.")
 	}
 

object/init.go

@@ -184,6 +184,7 @@ func initBuiltInApplication() {
 			{Name: "Phone", Visible: true, Required: true, Prompted: false, Rule: "None"},
 			{Name: "Agreement", Visible: true, Required: true, Prompted: false, Rule: "None"},
 		},
+		Tags:          []string{},
 		RedirectUris:  []string{},
 		ExpireInHours: 168,
 		FormOffset:    2,

object/init_data.go

@@ -145,6 +145,9 @@ func readInitDataFromFile(filePath string) (*InitData, error) {
 		if application.RedirectUris == nil {
 			application.RedirectUris = []string{}
 		}
+		if application.Tags == nil {
+			application.Tags = []string{}
+		}
 	}
 	for _, permission := range data.Permissions {
 		if permission.Actions == nil {

object/mfa.go

@@ -22,6 +22,8 @@ import (
 	"github.com/beego/beego/context"
 )
 
+const MfaRecoveryCodesSession = "mfa_recovery_codes"
+
 type MfaSessionData struct {
 	UserId string
 }
@@ -37,10 +39,10 @@ type MfaProps struct {
 }
 
 type MfaInterface interface {
-	SetupVerify(ctx *context.Context, passCode string) error
-	Verify(passCode string) error
-	Initiate(ctx *context.Context, name1 string, name2 string) (*MfaProps, error)
+	Initiate(ctx *context.Context, userId string) (*MfaProps, error)
+	SetupVerify(ctx *context.Context, passcode string) error
 	Enable(ctx *context.Context, user *User) error
+	Verify(passcode string) error
 }
 
 const (
@@ -58,11 +60,11 @@ const (
 func GetMfaUtil(mfaType string, config *MfaProps) MfaInterface {
 	switch mfaType {
 	case SmsType:
-		return NewSmsTwoFactor(config)
+		return NewSmsMfaUtil(config)
 	case EmailType:
-		return NewEmailTwoFactor(config)
+		return NewEmailMfaUtil(config)
 	case TotpType:
-		return nil
+		return NewTotpMfaUtil(config)
 	}
 
 	return nil
@@ -97,23 +99,9 @@ func MfaRecover(user *User, recoveryCode string) error {
 func GetAllMfaProps(user *User, masked bool) []*MfaProps {
 	mfaProps := []*MfaProps{}
 
-	if user.MfaPhoneEnabled {
-		mfaProps = append(mfaProps, user.GetMfaProps(SmsType, masked))
-	} else {
-		mfaProps = append(mfaProps, &MfaProps{
-			Enabled: false,
-			MfaType: SmsType,
-		})
+	for _, mfaType := range []string{SmsType, EmailType, TotpType} {
+		mfaProps = append(mfaProps, user.GetMfaProps(mfaType, masked))
 	}
-	if user.MfaEmailEnabled {
-		mfaProps = append(mfaProps, user.GetMfaProps(EmailType, masked))
-	} else {
-		mfaProps = append(mfaProps, &MfaProps{
-			Enabled: false,
-			MfaType: EmailType,
-		})
-	}
-
 	return mfaProps
 }
 
@@ -121,6 +109,13 @@ func (user *User) GetMfaProps(mfaType string, masked bool) *MfaProps {
 	mfaProps := &MfaProps{}
 
 	if mfaType == SmsType {
+		if !user.MfaPhoneEnabled {
+			return &MfaProps{
+				Enabled: false,
+				MfaType: mfaType,
+			}
+		}
+
 		mfaProps = &MfaProps{
 			Enabled:     user.MfaPhoneEnabled,
 			MfaType:     mfaType,
@@ -132,6 +127,13 @@ func (user *User) GetMfaProps(mfaType string, masked bool) *MfaProps {
 			mfaProps.Secret = user.Phone
 		}
 	} else if mfaType == EmailType {
+		if !user.MfaEmailEnabled {
+			return &MfaProps{
+				Enabled: false,
+				MfaType: mfaType,
+			}
+		}
+
 		mfaProps = &MfaProps{
 			Enabled: user.MfaEmailEnabled,
 			MfaType: mfaType,
@@ -142,9 +144,22 @@ func (user *User) GetMfaProps(mfaType string, masked bool) *MfaProps {
 			mfaProps.Secret = user.Email
 		}
 	} else if mfaType == TotpType {
+		if user.TotpSecret == "" {
+			return &MfaProps{
+				Enabled: false,
+				MfaType: mfaType,
+			}
+		}
+
 		mfaProps = &MfaProps{
+			Enabled: true,
 			MfaType: mfaType,
 		}
+		if masked {
+			mfaProps.Secret = ""
+		} else {
+			mfaProps.Secret = user.TotpSecret
+		}
 	}
 
 	if user.PreferredMfaType == mfaType {
@@ -158,8 +173,9 @@ func DisabledMultiFactorAuth(user *User) error {
 	user.RecoveryCodes = []string{}
 	user.MfaPhoneEnabled = false
 	user.MfaEmailEnabled = false
+	user.TotpSecret = ""
 
-	_, err := UpdateUser(user.GetId(), user, []string{"preferred_mfa_type", "recovery_codes", "mfa_phone_enabled", "mfa_email_enabled"}, user.IsAdminUser())
+	_, err := updateUser(user.GetId(), user, []string{"preferred_mfa_type", "recovery_codes", "mfa_phone_enabled", "mfa_email_enabled", "totp_secret"})
 	if err != nil {
 		return err
 	}

object/mfa_sms.go

@@ -18,26 +18,24 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/casdoor/casdoor/util"
-
 	"github.com/beego/beego/context"
+	"github.com/casdoor/casdoor/util"
 	"github.com/google/uuid"
 )
 
 const (
-	MfaSmsCountryCodeSession   = "mfa_country_code"
-	MfaSmsDestSession          = "mfa_dest"
-	MfaSmsRecoveryCodesSession = "mfa_recovery_codes"
+	MfaSmsCountryCodeSession = "mfa_country_code"
+	MfaSmsDestSession        = "mfa_dest"
 )
 
 type SmsMfa struct {
 	Config *MfaProps
 }
 
-func (mfa *SmsMfa) Initiate(ctx *context.Context, name string, secret string) (*MfaProps, error) {
+func (mfa *SmsMfa) Initiate(ctx *context.Context, userId string) (*MfaProps, error) {
 	recoveryCode := uuid.NewString()
 
-	err := ctx.Input.CruSession.Set(MfaSmsRecoveryCodesSession, []string{recoveryCode})
+	err := ctx.Input.CruSession.Set(MfaRecoveryCodesSession, []string{recoveryCode})
 	if err != nil {
 		return nil, err
 	}
@@ -63,9 +61,9 @@ func (mfa *SmsMfa) SetupVerify(ctx *context.Context, passCode string) error {
 }
 
 func (mfa *SmsMfa) Enable(ctx *context.Context, user *User) error {
-	recoveryCodes := ctx.Input.CruSession.Get(MfaSmsRecoveryCodesSession).([]string)
+	recoveryCodes := ctx.Input.CruSession.Get(MfaRecoveryCodesSession).([]string)
 	if len(recoveryCodes) == 0 {
-		return fmt.Errorf("recovery codes is empty")
+		return fmt.Errorf("recovery codes is missing")
 	}
 
 	columns := []string{"recovery_codes", "preferred_mfa_type"}
@@ -111,7 +109,7 @@ func (mfa *SmsMfa) Verify(passCode string) error {
 	return nil
 }
 
-func NewSmsTwoFactor(config *MfaProps) *SmsMfa {
+func NewSmsMfaUtil(config *MfaProps) *SmsMfa {
 	if config == nil {
 		config = &MfaProps{
 			MfaType: SmsType,
@@ -122,7 +120,7 @@ func NewSmsTwoFactor(config *MfaProps) *SmsMfa {
 	}
 }
 
-func NewEmailTwoFactor(config *MfaProps) *SmsMfa {
+func NewEmailMfaUtil(config *MfaProps) *SmsMfa {
 	if config == nil {
 		config = &MfaProps{
 			MfaType: EmailType,

object/mfa_totp.go

@@ -0,0 +1,133 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package object
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/beego/beego"
+	"github.com/beego/beego/context"
+	"github.com/google/uuid"
+	"github.com/pquerna/otp"
+	"github.com/pquerna/otp/totp"
+)
+
+const MfaTotpSecretSession = "mfa_totp_secret"
+
+type TotpMfa struct {
+	Config     *MfaProps
+	period     uint
+	secretSize uint
+	digits     otp.Digits
+}
+
+func (mfa *TotpMfa) Initiate(ctx *context.Context, userId string) (*MfaProps, error) {
+	issuer := beego.AppConfig.String("appname")
+	if issuer == "" {
+		issuer = "casdoor"
+	}
+
+	key, err := totp.Generate(totp.GenerateOpts{
+		Issuer:      issuer,
+		AccountName: userId,
+		Period:      mfa.period,
+		SecretSize:  mfa.secretSize,
+		Digits:      mfa.digits,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	err = ctx.Input.CruSession.Set(MfaTotpSecretSession, key.Secret())
+	if err != nil {
+		return nil, err
+	}
+
+	recoveryCode := uuid.NewString()
+	err = ctx.Input.CruSession.Set(MfaRecoveryCodesSession, []string{recoveryCode})
+	if err != nil {
+		return nil, err
+	}
+
+	mfaProps := MfaProps{
+		MfaType:       mfa.Config.MfaType,
+		RecoveryCodes: []string{recoveryCode},
+		Secret:        key.Secret(),
+		URL:           key.URL(),
+	}
+	return &mfaProps, nil
+}
+
+func (mfa *TotpMfa) SetupVerify(ctx *context.Context, passcode string) error {
+	secret := ctx.Input.CruSession.Get(MfaTotpSecretSession).(string)
+	result := totp.Validate(passcode, secret)
+
+	if result {
+		return nil
+	} else {
+		return errors.New("totp passcode error")
+	}
+}
+
+func (mfa *TotpMfa) Enable(ctx *context.Context, user *User) error {
+	recoveryCodes := ctx.Input.CruSession.Get(MfaRecoveryCodesSession).([]string)
+	if len(recoveryCodes) == 0 {
+		return fmt.Errorf("recovery codes is missing")
+	}
+	secret := ctx.Input.CruSession.Get(MfaTotpSecretSession).(string)
+	if secret == "" {
+		return fmt.Errorf("totp secret is missing")
+	}
+
+	columns := []string{"recovery_codes", "preferred_mfa_type", "totp_secret"}
+
+	user.RecoveryCodes = append(user.RecoveryCodes, recoveryCodes...)
+	user.TotpSecret = secret
+	if user.PreferredMfaType == "" {
+		user.PreferredMfaType = mfa.Config.MfaType
+	}
+
+	_, err := updateUser(user.GetId(), user, columns)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+func (mfa *TotpMfa) Verify(passcode string) error {
+	result := totp.Validate(passcode, mfa.Config.Secret)
+
+	if result {
+		return nil
+	} else {
+		return errors.New("totp passcode error")
+	}
+}
+
+func NewTotpMfaUtil(config *MfaProps) *TotpMfa {
+	if config == nil {
+		config = &MfaProps{
+			MfaType: TotpType,
+		}
+	}
+
+	return &TotpMfa{
+		Config:     config,
+		period:     30,
+		secretSize: 20,
+		digits:     otp.DigitsSix,
+	}
+}

object/organization.go

@@ -104,10 +104,15 @@ func GetOrganizationsByFields(owner string, fields ...string) ([]*Organization,
 	return organizations, nil
 }
 
-func GetPaginationOrganizations(owner string, offset, limit int, field, value, sortField, sortOrder string) ([]*Organization, error) {
+func GetPaginationOrganizations(owner string, name string, offset, limit int, field, value, sortField, sortOrder string) ([]*Organization, error) {
 	organizations := []*Organization{}
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&organizations)
+	var err error
+	if name != "" {
+		err = session.Find(&organizations, &Organization{Name: name})
+	} else {
+		err = session.Find(&organizations)
+	}
 	if err != nil {
 		return nil, err
 	}
@@ -231,6 +236,10 @@ func DeleteOrganization(organization *Organization) (bool, error) {
 }
 
 func GetOrganizationByUser(user *User) (*Organization, error) {
+	if user == nil {
+		return nil, nil
+	}
+
 	return getOrganization("admin", user.Owner)
 }
 

object/syncer_util.go

@@ -170,6 +170,7 @@ func (syncer *Syncer) getOriginalUsersFromMap(results []map[string]string) []*Or
 		originalUser := &OriginalUser{
 			Address:    []string{},
 			Properties: map[string]string{},
+			Groups:     []string{},
 		}
 
 		for _, tableColumn := range syncer.TableColumns {

object/user.go

@@ -161,6 +161,7 @@ type User struct {
 	WebauthnCredentials []webauthn.Credential `xorm:"webauthnCredentials blob" json:"webauthnCredentials"`
 	PreferredMfaType    string                `xorm:"varchar(100)" json:"preferredMfaType"`
 	RecoveryCodes       []string              `xorm:"varchar(1000)" json:"recoveryCodes,omitempty"`
+	TotpSecret          string                `xorm:"varchar(100)" json:"totpSecret,omitempty"`
 	MfaPhoneEnabled     bool                  `json:"mfaPhoneEnabled"`
 	MfaEmailEnabled     bool                  `json:"mfaEmailEnabled"`
 	MultiFactorAuths    []*MfaProps           `xorm:"-" json:"multiFactorAuths,omitempty"`
@@ -432,16 +433,19 @@ func GetMaskedUser(user *User, errs ...error) (*User, error) {
 	if user.AccessSecret != "" {
 		user.AccessSecret = "***"
 	}
-	if user.RecoveryCodes != nil {
-		user.RecoveryCodes = nil
-	}
-
 	if user.ManagedAccounts != nil {
 		for _, manageAccount := range user.ManagedAccounts {
 			manageAccount.Password = "***"
 		}
 	}
 
+	if user.TotpSecret != "" {
+		user.TotpSecret = ""
+	}
+	if user.RecoveryCodes != nil {
+		user.RecoveryCodes = nil
+	}
+
 	return user, nil
 }
 

swagger/swagger.json

@@ -43,6 +43,34 @@
                 }
             }
         },
+        "/api/add-adapter": {
+            "post": {
+                "tags": [
+                    "Adapter API"
+                ],
+                "description": "add adapter",
+                "operationId": "ApiController.AddCasbinAdapter",
+                "parameters": [
+                    {
+                        "in": "body",
+                        "name": "body",
+                        "description": "The details of the adapter",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/object.Adapter"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/controllers.Response"
+                        }
+                    }
+                }
+            }
+        },
         "/api/add-application": {
             "post": {
                 "tags": [
@@ -127,6 +155,34 @@
                 }
             }
         },
+        "/api/add-group": {
+            "post": {
+                "tags": [
+                    "Group API"
+                ],
+                "description": "add group",
+                "operationId": "ApiController.AddGroup",
+                "parameters": [
+                    {
+                        "in": "body",
+                        "name": "body",
+                        "description": "The details of the group",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/object.Group"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/controllers.Response"
+                        }
+                    }
+                }
+            }
+        },
         "/api/add-ldap": {
             "post": {
                 "tags": [
@@ -599,6 +655,14 @@
                 }
             }
         },
+        "/api/add-user-keys": {
+            "post": {
+                "tags": [
+                    "User API"
+                ],
+                "operationId": "ApiController.AddUserkeys"
+            }
+        },
         "/api/add-webhook": {
             "post": {
                 "tags": [
@@ -782,13 +846,13 @@
                 "tags": [
                     "Enforce API"
                 ],
-                "description": "perform enforce",
+                "description": "Call Casbin BatchEnforce API",
                 "operationId": "ApiController.BatchEnforce",
                 "parameters": [
                     {
                         "in": "body",
                         "name": "body",
-                        "description": "casbin request array",
+                        "description": "array of casbin requests",
                         "required": true,
                         "schema": {
                             "$ref": "#/definitions/object.CasbinRequest"
@@ -858,6 +922,34 @@
                 "operationId": "ApiController.CheckUserPassword"
             }
         },
+        "/api/delete-adapter": {
+            "post": {
+                "tags": [
+                    "Adapter API"
+                ],
+                "description": "delete adapter",
+                "operationId": "ApiController.DeleteCasbinAdapter",
+                "parameters": [
+                    {
+                        "in": "body",
+                        "name": "body",
+                        "description": "The details of the adapter",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/object.Adapter"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/controllers.Response"
+                        }
+                    }
+                }
+            }
+        },
         "/api/delete-application": {
             "post": {
                 "tags": [
@@ -942,6 +1034,34 @@
                 }
             }
         },
+        "/api/delete-group": {
+            "post": {
+                "tags": [
+                    "Group API"
+                ],
+                "description": "delete group",
+                "operationId": "ApiController.DeleteGroup",
+                "parameters": [
+                    {
+                        "in": "body",
+                        "name": "body",
+                        "description": "The details of the group",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/object.Group"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/controllers.Response"
+                        }
+                    }
+                }
+            }
+        },
         "/api/delete-ldap": {
             "post": {
                 "tags": [
@@ -1429,13 +1549,13 @@
                 "tags": [
                     "Enforce API"
                 ],
-                "description": "perform enforce",
+                "description": "Call Casbin Enforce API",
                 "operationId": "ApiController.Enforce",
                 "parameters": [
                     {
                         "in": "body",
                         "name": "body",
-                        "description": "casbin request",
+                        "description": "Casbin request",
                         "required": true,
                         "schema": {
                             "$ref": "#/definitions/object.CasbinRequest"
@@ -1487,6 +1607,61 @@
                 }
             }
         },
+        "/api/get-adapter": {
+            "get": {
+                "tags": [
+                    "Adapter API"
+                ],
+                "description": "get adapter",
+                "operationId": "ApiController.GetCasbinAdapter",
+                "parameters": [
+                    {
+                        "in": "query",
+                        "name": "id",
+                        "description": "The id ( owner/name ) of the adapter",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/object.Adapter"
+                        }
+                    }
+                }
+            }
+        },
+        "/api/get-adapters": {
+            "get": {
+                "tags": [
+                    "Adapter API"
+                ],
+                "description": "get adapters",
+                "operationId": "ApiController.GetCasbinAdapters",
+                "parameters": [
+                    {
+                        "in": "query",
+                        "name": "owner",
+                        "description": "The owner of adapters",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "type": "array",
+                            "items": {
+                                "$ref": "#/definitions/object.Adapter"
+                            }
+                        }
+                    }
+                }
+            }
+        },
         "/api/get-app-login": {
             "get": {
                 "tags": [
@@ -1825,6 +2000,61 @@
                 }
             }
         },
+        "/api/get-group": {
+            "get": {
+                "tags": [
+                    "Group API"
+                ],
+                "description": "get group",
+                "operationId": "ApiController.GetGroup",
+                "parameters": [
+                    {
+                        "in": "query",
+                        "name": "id",
+                        "description": "The id ( owner/name ) of the group",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/object.Group"
+                        }
+                    }
+                }
+            }
+        },
+        "/api/get-groups": {
+            "get": {
+                "tags": [
+                    "Group API"
+                ],
+                "description": "get groups",
+                "operationId": "ApiController.GetGroups",
+                "parameters": [
+                    {
+                        "in": "query",
+                        "name": "owner",
+                        "description": "The owner of groups",
+                        "required": true,
+                        "type": "string"
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "type": "array",
+                            "items": {
+                                "$ref": "#/definitions/object.Group"
+                            }
+                        }
+                    }
+                }
+            }
+        },
         "/api/get-ldap": {
             "get": {
                 "tags": [
@@ -2045,7 +2275,7 @@
                 "tags": [
                     "Organization API"
                 ],
-                "description": "get all organization names",
+                "description": "get all organization name and displayName",
                 "operationId": "ApiController.GetOrganizationNames",
                 "parameters": [
                     {
@@ -2338,7 +2568,7 @@
                     "200": {
                         "description": "The Response object",
                         "schema": {
-                            "$ref": "#/definitions/object.pricing"
+                            "$ref": "#/definitions/object.Pricing"
                         }
                     }
                 }
@@ -2753,7 +2983,7 @@
                     "200": {
                         "description": "The Response object",
                         "schema": {
-                            "$ref": "#/definitions/object.subscription"
+                            "$ref": "#/definitions/object.Subscription"
                         }
                     }
                 }
@@ -3328,7 +3558,7 @@
                     "200": {
                         "description": "The Response object",
                         "schema": {
-                            "$ref": "#/definitions/Response"
+                            "$ref": "#/definitions/controllers.Response"
                         }
                     }
                 }
@@ -3598,9 +3828,9 @@
                 "operationId": "ApiController.MfaSetupInitiate",
                 "responses": {
                     "200": {
-                        "description": "Response object",
+                        "description": "The Response object",
                         "schema": {
-                            "$ref": "#/definitions/The"
+                            "$ref": "#/definitions/controllers.Response"
                         }
                     }
                 }
@@ -3799,6 +4029,41 @@
                 ]
             }
         },
+        "/api/update-adapter": {
+            "post": {
+                "tags": [
+                    "Adapter API"
+                ],
+                "description": "update adapter",
+                "operationId": "ApiController.UpdateCasbinAdapter",
+                "parameters": [
+                    {
+                        "in": "query",
+                        "name": "id",
+                        "description": "The id ( owner/name ) of the adapter",
+                        "required": true,
+                        "type": "string"
+                    },
+                    {
+                        "in": "body",
+                        "name": "body",
+                        "description": "The details of the adapter",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/object.Adapter"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/controllers.Response"
+                        }
+                    }
+                }
+            }
+        },
         "/api/update-application": {
             "post": {
                 "tags": [
@@ -3904,6 +4169,41 @@
                 }
             }
         },
+        "/api/update-group": {
+            "post": {
+                "tags": [
+                    "Group API"
+                ],
+                "description": "update group",
+                "operationId": "ApiController.UpdateGroup",
+                "parameters": [
+                    {
+                        "in": "query",
+                        "name": "id",
+                        "description": "The id ( owner/name ) of the group",
+                        "required": true,
+                        "type": "string"
+                    },
+                    {
+                        "in": "body",
+                        "name": "body",
+                        "description": "The details of the group",
+                        "required": true,
+                        "schema": {
+                            "$ref": "#/definitions/object.Group"
+                        }
+                    }
+                ],
+                "responses": {
+                    "200": {
+                        "description": "The Response object",
+                        "schema": {
+                            "$ref": "#/definitions/controllers.Response"
+                        }
+                    }
+                }
+            }
+        },
         "/api/update-ldap": {
             "post": {
                 "tags": [
@@ -4579,7 +4879,7 @@
                     "200": {
                         "description": "\"The Response object\"",
                         "schema": {
-                            "$ref": "#/definitions/Response"
+                            "$ref": "#/definitions/controllers.Response"
                         }
                     }
                 }
@@ -4624,7 +4924,7 @@
                     "200": {
                         "description": "\"The Response object\"",
                         "schema": {
-                            "$ref": "#/definitions/Response"
+                            "$ref": "#/definitions/controllers.Response"
                         }
                     }
                 }
@@ -4632,14 +4932,6 @@
         }
     },
     "definitions": {
-        "1225.0xc0002e2ae0.false": {
-            "title": "false",
-            "type": "object"
-        },
-        "1260.0xc0002e2b10.false": {
-            "title": "false",
-            "type": "object"
-        },
         "LaravelResponse": {
             "title": "LaravelResponse",
             "type": "object"
@@ -4648,10 +4940,6 @@
             "title": "Response",
             "type": "object"
         },
-        "The": {
-            "title": "The",
-            "type": "object"
-        },
         "controllers.AuthForm": {
             "title": "AuthForm",
             "type": "object"
@@ -4685,10 +4973,16 @@
             "type": "object",
             "properties": {
                 "data": {
-                    "$ref": "#/definitions/1225.0xc0002e2ae0.false"
+                    "additionalProperties": {
+                        "description": "support string | class | List\u003cclass\u003e and os on",
+                        "type": "string"
+                    }
                 },
                 "data2": {
-                    "$ref": "#/definitions/1260.0xc0002e2b10.false"
+                    "additionalProperties": {
+                        "description": "support string | class | List\u003cclass\u003e and os on",
+                        "type": "string"
+                    }
                 },
                 "msg": {
                     "type": "string"
@@ -4726,8 +5020,8 @@
             "title": "JSONWebKey",
             "type": "object"
         },
-        "object.\u0026{179844 0xc000a02f90 false}": {
-            "title": "\u0026{179844 0xc000a02f90 false}",
+        "object": {
+            "title": "object",
             "type": "object"
         },
         "object.AccountItem": {
@@ -4917,7 +5211,7 @@
             "title": "CasbinRequest",
             "type": "array",
             "items": {
-                "$ref": "#/definitions/object.\u0026{179844 0xc000a02f90 false}"
+                "$ref": "#/definitions/object.CasbinRequest"
             }
         },
         "object.Cert": {
@@ -5029,6 +5323,63 @@
                 }
             }
         },
+        "object.Group": {
+            "title": "Group",
+            "type": "object",
+            "properties": {
+                "children": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/object.Group"
+                    }
+                },
+                "contactEmail": {
+                    "type": "string"
+                },
+                "createdTime": {
+                    "type": "string"
+                },
+                "displayName": {
+                    "type": "string"
+                },
+                "isEnabled": {
+                    "type": "boolean"
+                },
+                "isTopGroup": {
+                    "type": "boolean"
+                },
+                "key": {
+                    "type": "string"
+                },
+                "manager": {
+                    "type": "string"
+                },
+                "name": {
+                    "type": "string"
+                },
+                "owner": {
+                    "type": "string"
+                },
+                "parentId": {
+                    "type": "string"
+                },
+                "title": {
+                    "type": "string"
+                },
+                "type": {
+                    "type": "string"
+                },
+                "updatedTime": {
+                    "type": "string"
+                },
+                "users": {
+                    "type": "array",
+                    "items": {
+                        "$ref": "#/definitions/object.User"
+                    }
+                }
+            }
+        },
         "object.Header": {
             "title": "Header",
             "type": "object",
@@ -5175,12 +5526,15 @@
                 "countryCode": {
                     "type": "string"
                 },
-                "id": {
-                    "type": "string"
+                "enabled": {
+                    "type": "boolean"
                 },
                 "isPreferred": {
                     "type": "boolean"
                 },
+                "mfaType": {
+                    "type": "string"
+                },
                 "recoveryCodes": {
                     "type": "array",
                     "items": {
@@ -5190,9 +5544,6 @@
                 "secret": {
                     "type": "string"
                 },
-                "type": {
-                    "type": "string"
-                },
                 "url": {
                     "type": "string"
                 }
@@ -5205,6 +5556,9 @@
                 "createdTime": {
                     "type": "string"
                 },
+                "description": {
+                    "type": "string"
+                },
                 "displayName": {
                     "type": "string"
                 },
@@ -5362,6 +5716,12 @@
                 "owner": {
                     "type": "string"
                 },
+                "passwordOptions": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                },
                 "passwordSalt": {
                     "type": "string"
                 },
@@ -5492,6 +5852,9 @@
                 "createdTime": {
                     "type": "string"
                 },
+                "description": {
+                    "type": "string"
+                },
                 "displayName": {
                     "type": "string"
                 },
@@ -5611,9 +5974,6 @@
                 "displayName": {
                     "type": "string"
                 },
-                "hasTrial": {
-                    "type": "boolean"
-                },
                 "isEnabled": {
                     "type": "boolean"
                 },
@@ -5933,6 +6293,9 @@
                 "createdTime": {
                     "type": "string"
                 },
+                "description": {
+                    "type": "string"
+                },
                 "displayName": {
                     "type": "string"
                 },
@@ -6068,6 +6431,9 @@
                 "isEnabled": {
                     "type": "boolean"
                 },
+                "isReadOnly": {
+                    "type": "boolean"
+                },
                 "name": {
                     "type": "string"
                 },
@@ -6248,6 +6614,12 @@
             "title": "User",
             "type": "object",
             "properties": {
+                "accessKey": {
+                    "type": "string"
+                },
+                "accessSecret": {
+                    "type": "string"
+                },
                 "address": {
                     "type": "array",
                     "items": {
@@ -6275,6 +6647,9 @@
                 "avatar": {
                     "type": "string"
                 },
+                "avatarType": {
+                    "type": "string"
+                },
                 "azuread": {
                     "type": "string"
                 },
@@ -6380,6 +6755,12 @@
                 "google": {
                     "type": "string"
                 },
+                "groups": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                },
                 "hash": {
                     "type": "string"
                 },
@@ -6480,6 +6861,12 @@
                 "meetup": {
                     "type": "string"
                 },
+                "mfaEmailEnabled": {
+                    "type": "boolean"
+                },
+                "mfaPhoneEnabled": {
+                    "type": "boolean"
+                },
                 "microsoftonline": {
                     "type": "string"
                 },
@@ -6540,6 +6927,9 @@
                 "preHash": {
                     "type": "string"
                 },
+                "preferredMfaType": {
+                    "type": "string"
+                },
                 "properties": {
                     "additionalProperties": {
                         "type": "string"
@@ -6552,6 +6942,12 @@
                     "type": "integer",
                     "format": "int64"
                 },
+                "recoveryCodes": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                },
                 "region": {
                     "type": "string"
                 },
@@ -6605,6 +7001,9 @@
                 "title": {
                     "type": "string"
                 },
+                "totpSecret": {
+                    "type": "string"
+                },
                 "tumblr": {
                     "type": "string"
                 },
@@ -6677,15 +7076,18 @@
                 "email": {
                     "type": "string"
                 },
+                "groups": {
+                    "type": "array",
+                    "items": {
+                        "type": "string"
+                    }
+                },
                 "iss": {
                     "type": "string"
                 },
                 "name": {
                     "type": "string"
                 },
-                "organization": {
-                    "type": "string"
-                },
                 "phone": {
                     "type": "string"
                 },
@@ -6745,14 +7147,6 @@
                 }
             }
         },
-        "object.pricing": {
-            "title": "pricing",
-            "type": "object"
-        },
-        "object.subscription": {
-            "title": "subscription",
-            "type": "object"
-        },
         "protocol.CredentialAssertion": {
             "title": "CredentialAssertion",
             "type": "object"

swagger/swagger.yml

@@ -28,6 +28,24 @@ paths:
           description: ""
           schema:
             $ref: '#/definitions/object.OidcDiscovery'
+  /api/add-adapter:
+    post:
+      tags:
+      - Adapter API
+      description: add adapter
+      operationId: ApiController.AddCasbinAdapter
+      parameters:
+      - in: body
+        name: body
+        description: The details of the adapter
+        required: true
+        schema:
+          $ref: '#/definitions/object.Adapter'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
   /api/add-application:
     post:
       tags:
@@ -82,6 +100,24 @@ paths:
           description: The Response object
           schema:
             $ref: '#/definitions/controllers.Response'
+  /api/add-group:
+    post:
+      tags:
+      - Group API
+      description: add group
+      operationId: ApiController.AddGroup
+      parameters:
+      - in: body
+        name: body
+        description: The details of the group
+        required: true
+        schema:
+          $ref: '#/definitions/object.Group'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
   /api/add-ldap:
     post:
       tags:
@@ -386,6 +422,11 @@ paths:
           description: The Response object
           schema:
             $ref: '#/definitions/controllers.Response'
+  /api/add-user-keys:
+    post:
+      tags:
+      - User API
+      operationId: ApiController.AddUserkeys
   /api/add-webhook:
     post:
       tags:
@@ -506,12 +547,12 @@ paths:
     post:
       tags:
       - Enforce API
-      description: perform enforce
+      description: Call Casbin BatchEnforce API
       operationId: ApiController.BatchEnforce
       parameters:
       - in: body
         name: body
-        description: casbin request array
+        description: array of casbin requests
         required: true
         schema:
           $ref: '#/definitions/object.CasbinRequest'
@@ -555,6 +596,24 @@ paths:
       tags:
       - User API
       operationId: ApiController.CheckUserPassword
+  /api/delete-adapter:
+    post:
+      tags:
+      - Adapter API
+      description: delete adapter
+      operationId: ApiController.DeleteCasbinAdapter
+      parameters:
+      - in: body
+        name: body
+        description: The details of the adapter
+        required: true
+        schema:
+          $ref: '#/definitions/object.Adapter'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
   /api/delete-application:
     post:
       tags:
@@ -609,6 +668,24 @@ paths:
           description: The Response object
           schema:
             $ref: '#/definitions/controllers.Response'
+  /api/delete-group:
+    post:
+      tags:
+      - Group API
+      description: delete group
+      operationId: ApiController.DeleteGroup
+      parameters:
+      - in: body
+        name: body
+        description: The details of the group
+        required: true
+        schema:
+          $ref: '#/definitions/object.Group'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
   /api/delete-ldap:
     post:
       tags:
@@ -923,12 +1000,12 @@ paths:
     post:
       tags:
       - Enforce API
-      description: perform enforce
+      description: Call Casbin Enforce API
       operationId: ApiController.Enforce
       parameters:
       - in: body
         name: body
-        description: casbin request
+        description: Casbin request
         required: true
         schema:
           $ref: '#/definitions/object.CasbinRequest'
@@ -960,6 +1037,42 @@ paths:
           description: The Response object
           schema:
             $ref: '#/definitions/controllers.Response'
+  /api/get-adapter:
+    get:
+      tags:
+      - Adapter API
+      description: get adapter
+      operationId: ApiController.GetCasbinAdapter
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of the adapter
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/object.Adapter'
+  /api/get-adapters:
+    get:
+      tags:
+      - Adapter API
+      description: get adapters
+      operationId: ApiController.GetCasbinAdapters
+      parameters:
+      - in: query
+        name: owner
+        description: The owner of adapters
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            type: array
+            items:
+              $ref: '#/definitions/object.Adapter'
   /api/get-app-login:
     get:
       tags:
@@ -1183,6 +1296,42 @@ paths:
             type: array
             items:
               $ref: '#/definitions/object.Cert'
+  /api/get-group:
+    get:
+      tags:
+      - Group API
+      description: get group
+      operationId: ApiController.GetGroup
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of the group
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/object.Group'
+  /api/get-groups:
+    get:
+      tags:
+      - Group API
+      description: get groups
+      operationId: ApiController.GetGroups
+      parameters:
+      - in: query
+        name: owner
+        description: The owner of groups
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            type: array
+            items:
+              $ref: '#/definitions/object.Group'
   /api/get-ldap:
     get:
       tags:
@@ -1327,7 +1476,7 @@ paths:
     get:
       tags:
       - Organization API
-      description: get all organization names
+      description: get all organization name and displayName
       operationId: ApiController.GetOrganizationNames
       parameters:
       - in: query
@@ -1521,7 +1670,7 @@ paths:
         "200":
           description: The Response object
           schema:
-            $ref: '#/definitions/object.pricing'
+            $ref: '#/definitions/object.Pricing'
   /api/get-pricings:
     get:
       tags:
@@ -1793,7 +1942,7 @@ paths:
         "200":
           description: The Response object
           schema:
-            $ref: '#/definitions/object.subscription'
+            $ref: '#/definitions/object.Subscription'
   /api/get-subscriptions:
     get:
       tags:
@@ -2172,7 +2321,7 @@ paths:
         "200":
           description: The Response object
           schema:
-            $ref: '#/definitions/Response'
+            $ref: '#/definitions/controllers.Response'
   /api/login/oauth/access_token:
     post:
       tags:
@@ -2351,9 +2500,9 @@ paths:
       operationId: ApiController.MfaSetupInitiate
       responses:
         "200":
-          description: Response object
+          description: The Response object
           schema:
-            $ref: '#/definitions/The'
+            $ref: '#/definitions/controllers.Response'
   /api/mfa/setup/verify:
     post:
       tags:
@@ -2480,6 +2629,29 @@ paths:
     post:
       tags:
       - Login API
+  /api/update-adapter:
+    post:
+      tags:
+      - Adapter API
+      description: update adapter
+      operationId: ApiController.UpdateCasbinAdapter
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of the adapter
+        required: true
+        type: string
+      - in: body
+        name: body
+        description: The details of the adapter
+        required: true
+        schema:
+          $ref: '#/definitions/object.Adapter'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
   /api/update-application:
     post:
       tags:
@@ -2549,6 +2721,29 @@ paths:
           description: The Response object
           schema:
             $ref: '#/definitions/controllers.Response'
+  /api/update-group:
+    post:
+      tags:
+      - Group API
+      description: update group
+      operationId: ApiController.UpdateGroup
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of the group
+        required: true
+        type: string
+      - in: body
+        name: body
+        description: The details of the group
+        required: true
+        schema:
+          $ref: '#/definitions/object.Group'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
   /api/update-ldap:
     post:
       tags:
@@ -2994,7 +3189,7 @@ paths:
         "200":
           description: '"The Response object"'
           schema:
-            $ref: '#/definitions/Response'
+            $ref: '#/definitions/controllers.Response'
   /api/webauthn/signup/begin:
     get:
       tags:
@@ -3023,23 +3218,14 @@ paths:
         "200":
           description: '"The Response object"'
           schema:
-            $ref: '#/definitions/Response'
+            $ref: '#/definitions/controllers.Response'
 definitions:
-  1225.0xc0002e2ae0.false:
-    title: "false"
-    type: object
-  1260.0xc0002e2b10.false:
-    title: "false"
-    type: object
   LaravelResponse:
     title: LaravelResponse
     type: object
   Response:
     title: Response
     type: object
-  The:
-    title: The
-    type: object
   controllers.AuthForm:
     title: AuthForm
     type: object
@@ -3064,9 +3250,13 @@ definitions:
     type: object
     properties:
       data:
-        $ref: '#/definitions/1225.0xc0002e2ae0.false'
+        additionalProperties:
+          description: support string | class | List<class> and os on
+          type: string
       data2:
-        $ref: '#/definitions/1260.0xc0002e2b10.false'
+        additionalProperties:
+          description: support string | class | List<class> and os on
+          type: string
       msg:
         type: string
       name:
@@ -3090,8 +3280,8 @@ definitions:
   jose.JSONWebKey:
     title: JSONWebKey
     type: object
-  object.&{179844 0xc000a02f90 false}:
-    title: '&{179844 0xc000a02f90 false}'
+  object:
+    title: object
     type: object
   object.AccountItem:
     title: AccountItem
@@ -3220,7 +3410,7 @@ definitions:
     title: CasbinRequest
     type: array
     items:
-      $ref: '#/definitions/object.&{179844 0xc000a02f90 false}'
+      $ref: '#/definitions/object.CasbinRequest'
   object.Cert:
     title: Cert
     type: object
@@ -3295,6 +3485,44 @@ definitions:
       throughput:
         type: number
         format: double
+  object.Group:
+    title: Group
+    type: object
+    properties:
+      children:
+        type: array
+        items:
+          $ref: '#/definitions/object.Group'
+      contactEmail:
+        type: string
+      createdTime:
+        type: string
+      displayName:
+        type: string
+      isEnabled:
+        type: boolean
+      isTopGroup:
+        type: boolean
+      key:
+        type: string
+      manager:
+        type: string
+      name:
+        type: string
+      owner:
+        type: string
+      parentId:
+        type: string
+      title:
+        type: string
+      type:
+        type: string
+      updatedTime:
+        type: string
+      users:
+        type: array
+        items:
+          $ref: '#/definitions/object.User'
   object.Header:
     title: Header
     type: object
@@ -3395,18 +3623,18 @@ definitions:
     properties:
       countryCode:
         type: string
-      id:
-        type: string
+      enabled:
+        type: boolean
       isPreferred:
         type: boolean
+      mfaType:
+        type: string
       recoveryCodes:
         type: array
         items:
           type: string
       secret:
         type: string
-      type:
-        type: string
       url:
         type: string
   object.Model:
@@ -3415,6 +3643,8 @@ definitions:
     properties:
       createdTime:
         type: string
+      description:
+        type: string
       displayName:
         type: string
       isEnabled:
@@ -3520,6 +3750,10 @@ definitions:
         type: string
       owner:
         type: string
+      passwordOptions:
+        type: array
+        items:
+          type: string
       passwordSalt:
         type: string
       passwordType:
@@ -3607,6 +3841,8 @@ definitions:
         type: string
       createdTime:
         type: string
+      description:
+        type: string
       displayName:
         type: string
       domains:
@@ -3687,8 +3923,6 @@ definitions:
         type: string
       displayName:
         type: string
-      hasTrial:
-        type: boolean
       isEnabled:
         type: boolean
       name:
@@ -3904,6 +4138,8 @@ definitions:
     properties:
       createdTime:
         type: string
+      description:
+        type: string
       displayName:
         type: string
       domains:
@@ -3995,6 +4231,8 @@ definitions:
         type: string
       isEnabled:
         type: boolean
+      isReadOnly:
+        type: boolean
       name:
         type: string
       organization:
@@ -4117,6 +4355,10 @@ definitions:
     title: User
     type: object
     properties:
+      accessKey:
+        type: string
+      accessSecret:
+        type: string
       address:
         type: array
         items:
@@ -4135,6 +4377,8 @@ definitions:
         type: string
       avatar:
         type: string
+      avatarType:
+        type: string
       azuread:
         type: string
       baidu:
@@ -4205,6 +4449,10 @@ definitions:
         type: string
       google:
         type: string
+      groups:
+        type: array
+        items:
+          type: string
       hash:
         type: string
       heroku:
@@ -4272,6 +4520,10 @@ definitions:
           $ref: '#/definitions/object.ManagedAccount'
       meetup:
         type: string
+      mfaEmailEnabled:
+        type: boolean
+      mfaPhoneEnabled:
+        type: boolean
       microsoftonline:
         type: string
       multiFactorAuths:
@@ -4312,6 +4564,8 @@ definitions:
         type: string
       preHash:
         type: string
+      preferredMfaType:
+        type: string
       properties:
         additionalProperties:
           type: string
@@ -4320,6 +4574,10 @@ definitions:
       ranking:
         type: integer
         format: int64
+      recoveryCodes:
+        type: array
+        items:
+          type: string
       region:
         type: string
       roles:
@@ -4356,6 +4614,8 @@ definitions:
         type: string
       title:
         type: string
+      totpSecret:
+        type: string
       tumblr:
         type: string
       twitch:
@@ -4404,12 +4664,14 @@ definitions:
         type: string
       email:
         type: string
+      groups:
+        type: array
+        items:
+          type: string
       iss:
         type: string
       name:
         type: string
-      organization:
-        type: string
       phone:
         type: string
       picture:
@@ -4448,12 +4710,6 @@ definitions:
         type: string
       url:
         type: string
-  object.pricing:
-    title: pricing
-    type: object
-  object.subscription:
-    title: subscription
-    type: object
   protocol.CredentialAssertion:
     title: CredentialAssertion
     type: object

util/path.go

@@ -72,6 +72,9 @@ func UrlJoin(base string, path string) string {
 
 func GetUrlPath(urlString string) string {
 	u, _ := url.Parse(urlString)
+	if u == nil {
+		return ""
+	}
 	return u.Path
 }
 

util/slice.go

@@ -43,6 +43,15 @@ func ContainsString(values []string, val string) bool {
 	return sort.SearchStrings(values, val) != len(values)
 }
 
+func InSlice(slice []string, elem string) bool {
+	for _, val := range slice {
+		if val == elem {
+			return true
+		}
+	}
+	return false
+}
+
 func ReturnAnyNotEmpty(strs ...string) string {
 	for _, str := range strs {
 		if str != "" {

util/validation.go

@@ -22,10 +22,18 @@ import (
 	"github.com/nyaruka/phonenumbers"
 )
 
-var rePhone *regexp.Regexp
+var (
+	rePhone          *regexp.Regexp
+	ReWhiteSpace     *regexp.Regexp
+	ReFieldWhiteList *regexp.Regexp
+	ReUserName       *regexp.Regexp
+)
 
 func init() {
 	rePhone, _ = regexp.Compile(`(\d{3})\d*(\d{4})`)
+	ReWhiteSpace, _ = regexp.Compile(`\s`)
+	ReFieldWhiteList, _ = regexp.Compile(`^[A-Za-z0-9]+$`)
+	ReUserName, _ = regexp.Compile("^[a-zA-Z0-9]+((?:-[a-zA-Z0-9]+)|(?:_[a-zA-Z0-9]+))*$")
 }
 
 func IsEmailValid(email string) bool {
@@ -70,3 +78,7 @@ func GetCountryCode(prefix string, phone string) (string, error) {
 
 	return countryCode, nil
 }
+
+func FilterField(field string) bool {
+	return ReFieldWhiteList.MatchString(field)
+}

web/package.json

@@ -24,8 +24,6 @@
     "i18next": "^19.8.9",
     "libphonenumber-js": "^1.10.19",
     "moment": "^2.29.1",
-    "qrcode.react": "^3.1.0",
-    "qs": "^6.10.2",
     "react": "^18.2.0",
     "react-app-polyfill": "^3.0.0",
     "react-codemirror2": "^7.2.1",

web/src/AdapterEditPage.js

@@ -76,6 +76,10 @@ class AdapterEditPage extends React.Component {
   getModels(organizationName) {
     ModelBackend.getModels(organizationName)
       .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
         this.setState({
           models: res,
         });

web/src/AdapterListPage.js

@@ -25,8 +25,9 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class AdapterListPage extends BaseListPage {
   newAdapter() {
     const randomName = Setting.getRandomName();
+    const owner = Setting.getRequestOrganization(this.props.account);
     return {
-      owner: this.props.account.owner,
+      owner: owner,
       name: `adapter_${randomName}`,
       createdTime: moment().format(),
       type: "Database",
@@ -87,7 +88,7 @@ class AdapterListPage extends BaseListPage {
         ...this.getColumnSearchProps("name"),
         render: (text, record, index) => {
           return (
-            <Link to={`/adapters/${record.organization}/${text}`}>
+            <Link to={`/adapters/${record.owner}/${text}`}>
               {text}
             </Link>
           );
@@ -246,7 +247,7 @@ class AdapterListPage extends BaseListPage {
       value = params.type;
     }
     this.setState({loading: true});
-    AdapterBackend.getAdapters(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    AdapterBackend.getAdapters(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         this.setState({
           loading: false,

web/src/App.js

@@ -86,6 +86,7 @@ import {withTranslation} from "react-i18next";
 import ThemeSelect from "./common/select/ThemeSelect";
 import SessionListPage from "./SessionListPage";
 import MfaSetupPage from "./auth/MfaSetupPage";
+import OrganizationSelect from "./common/select/OrganizationSelect";
 
 const {Header, Footer, Content} = Layout;
 
@@ -106,7 +107,7 @@ class App extends Component {
     Setting.initServerUrl();
     Auth.initAuthWithConfig({
       serverUrl: Setting.ServerUrl,
-      appName: "app-built-in", // the application name of Casdoor itself, do not change it
+      appName: Conf.DefaultApplication, // the application used in Casdoor root path: "/"
     });
   }
 
@@ -398,6 +399,17 @@ class App extends Component {
               });
             }} />
           <LanguageSelect languages={this.state.account.organization.languages} />
+          {Setting.isAdminUser(this.state.account) && !Setting.isMobile() &&
+            <OrganizationSelect
+              initValue={Setting.getOrganization()}
+              withAll={true}
+              style={{marginRight: "20px", width: "180px", display: "flex"}}
+              onChange={(value) => {
+                Setting.setOrganization(value);
+              }}
+              className="select-box"
+            />
+          }
         </React.Fragment>
       );
     }
@@ -611,7 +623,7 @@ class App extends Component {
         <Route exact path="/subscriptions" render={(props) => this.renderLoginIfNotLoggedIn(<SubscriptionListPage account={this.state.account} {...props} />)} />
         <Route exact path="/subscriptions/:organizationName/:subscriptionName" render={(props) => this.renderLoginIfNotLoggedIn(<SubscriptionEditPage account={this.state.account} {...props} />)} />
         <Route exact path="/products" render={(props) => this.renderLoginIfNotLoggedIn(<ProductListPage account={this.state.account} {...props} />)} />
-        <Route exact path="/products/:productName" render={(props) => this.renderLoginIfNotLoggedIn(<ProductEditPage account={this.state.account} {...props} />)} />
+        <Route exact path="/products/:organizationName/:productName" render={(props) => this.renderLoginIfNotLoggedIn(<ProductEditPage account={this.state.account} {...props} />)} />
         <Route exact path="/products/:productName/buy" render={(props) => this.renderLoginIfNotLoggedIn(<ProductBuyPage account={this.state.account} {...props} />)} />
         <Route exact path="/payments" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentListPage account={this.state.account} {...props} />)} />
         <Route exact path="/payments/:paymentName" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentEditPage account={this.state.account} {...props} />)} />
@@ -651,6 +663,7 @@ class App extends Component {
         this.props.history.push(key);
       }
     };
+    const menuStyleRight = Setting.isAdminUser(this.state.account) && !Setting.isMobile() ? "calc(180px + 260px)" : "260px";
     return (
       <Layout id="parent-area">
         <Header style={{padding: "0", marginBottom: "3px", backgroundColor: this.state.themeAlgorithm.includes("dark") ? "black" : "white"}}>
@@ -680,7 +693,7 @@ class App extends Component {
               items={this.getMenuItems()}
               mode={"horizontal"}
               selectedKeys={[this.state.selectedMenuKey]}
-              style={{position: "absolute", left: "145px", right: "260px"}}
+              style={{position: "absolute", left: "145px", right: menuStyleRight}}
             />
           }
           {

web/src/ApplicationEditPage.js

@@ -118,20 +118,30 @@ class ApplicationEditPage extends React.Component {
 
   getApplication() {
     ApplicationBackend.getApplication("admin", this.state.applicationName)
-      .then((application) => {
-        if (application === null) {
+      .then((res) => {
+        if (res === null) {
           this.props.history.push("/404");
           return;
         }
 
-        if (application.grantTypes === null || application.grantTypes === undefined || application.grantTypes.length === 0) {
-          application.grantTypes = ["authorization_code"];
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
         }
+
+        if (res.grantTypes === null || res.grantTypes === undefined || res.grantTypes.length === 0) {
+          res.grantTypes = ["authorization_code"];
+        }
+
+        if (res.tags === null || res.tags === undefined) {
+          res.tags = [];
+        }
+
         this.setState({
-          application: application,
+          application: res,
         });
 
-        this.getCerts(application.organization);
+        this.getCerts(res.organization);
       });
   }
 
@@ -307,6 +317,18 @@ class ApplicationEditPage extends React.Component {
             </Select>
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("organization:Tags"), i18next.t("application:Tags - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} mode="tags" style={{width: "100%"}} value={this.state.application.tags} onChange={(value => {this.updateApplicationField("tags", value);})}>
+              {
+                this.state.application.tags?.map((item, index) => <Option key={index} value={item}>{item}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("provider:Client ID"), i18next.t("provider:Client ID - Tooltip"))} :

web/src/ApplicationListPage.js

@@ -28,18 +28,13 @@ class ApplicationListPage extends BaseListPage {
     super(props);
   }
 
-  componentDidMount() {
-    this.setState({
-      organizationName: this.props.account.owner,
-    });
-  }
-
   newApplication() {
     const randomName = Setting.getRandomName();
+    const organizationName = Setting.getRequestOrganization(this.props.account);
     return {
       owner: "admin", // this.props.account.applicationName,
       name: `application_${randomName}`,
-      organization: this.state.organizationName,
+      organization: organizationName,
       createdTime: moment().format(),
       displayName: `New Application - ${randomName}`,
       logo: `${Setting.StaticBaseUrl}/img/casdoor-logo_1185x256.png`,
@@ -273,8 +268,8 @@ class ApplicationListPage extends BaseListPage {
     const field = params.searchedColumn, value = params.searchText;
     const sortField = params.sortField, sortOrder = params.sortOrder;
     this.setState({loading: true});
-    (Setting.isAdminUser(this.props.account) ? ApplicationBackend.getApplications("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder) :
-      ApplicationBackend.getApplicationsByOrganization("admin", this.props.account.organization.name, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
+    (Setting.isDefaultOrganizationSelected(this.props.account) ? ApplicationBackend.getApplications("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder) :
+      ApplicationBackend.getApplicationsByOrganization("admin", Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
       .then((res) => {
         this.setState({
           loading: false,

web/src/BaseListPage.js

@@ -17,6 +17,7 @@ import {Button, Input, Result, Space} from "antd";
 import {SearchOutlined} from "@ant-design/icons";
 import Highlighter from "react-highlight-words";
 import i18next from "i18next";
+import * as Setting from "./Setting";
 
 class BaseListPage extends React.Component {
   constructor(props) {
@@ -35,6 +36,22 @@ class BaseListPage extends React.Component {
     };
   }
 
+  handleOrganizationChange = () => {
+    const {pagination} = this.state;
+    this.fetch({pagination});
+  };
+
+  componentDidMount() {
+    window.addEventListener("storageOrganizationChanged", this.handleOrganizationChange);
+    if (!Setting.isAdminUser(this.props.account)) {
+      Setting.setOrganization("All");
+    }
+  }
+
+  componentWillUnmount() {
+    window.removeEventListener("storageOrganizationChanged", this.handleOrganizationChange);
+  }
+
   UNSAFE_componentWillMount() {
     const {pagination} = this.state;
     this.fetch({pagination});

web/src/CertEditPage.js

@@ -44,14 +44,19 @@ class CertEditPage extends React.Component {
 
   getCert() {
     CertBackend.getCert(this.state.owner, this.state.certName)
-      .then((cert) => {
-        if (cert === null) {
+      .then((res) => {
+        if (res === null) {
           this.props.history.push("/404");
           return;
         }
 
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
+
         this.setState({
-          cert: cert,
+          cert: res,
         });
       });
   }

web/src/CertListPage.js

@@ -28,6 +28,7 @@ class CertListPage extends BaseListPage {
   }
 
   componentDidMount() {
+    super.componentDidMount();
     this.setState({
       owner: Setting.isAdminUser(this.props.account) ? "admin" : this.props.account.owner,
     });
@@ -35,8 +36,9 @@ class CertListPage extends BaseListPage {
 
   newCert() {
     const randomName = Setting.getRandomName();
+    const owner = Setting.isDefaultOrganizationSelected(this.props.account) ? this.state.owner : Setting.getRequestOrganization(this.props.account);
     return {
-      owner: this.state.owner,
+      owner: owner,
       name: `cert_${randomName}`,
       createdTime: moment().format(),
       displayName: `New Cert - ${randomName}`,
@@ -236,8 +238,8 @@ class CertListPage extends BaseListPage {
       value = params.type;
     }
     this.setState({loading: true});
-    (Setting.isAdminUser(this.props.account) ? CertBackend.getGlobleCerts(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
-      : CertBackend.getCerts(this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
+    (Setting.isDefaultOrganizationSelected(this.props.account) ? CertBackend.getGlobleCerts(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      : CertBackend.getCerts(Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
       .then((res) => {
         this.setState({
           loading: false,

web/src/ChatEditPage.js

@@ -40,17 +40,21 @@ class ChatEditPage extends React.Component {
 
   getChat() {
     ChatBackend.getChat("admin", this.state.chatName)
-      .then((chat) => {
-        if (chat === null) {
+      .then((res) => {
+        if (res === null) {
           this.props.history.push("/404");
           return;
         }
 
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
         this.setState({
-          chat: chat,
+          chat: res,
         });
 
-        this.getUsers(chat.organization);
+        this.getUsers(res.organization);
       });
   }
 
@@ -66,6 +70,11 @@ class ChatEditPage extends React.Component {
   getUsers(organizationName) {
     UserBackend.getUsers(organizationName)
       .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
+
         this.setState({
           users: res,
         });

web/src/ChatListPage.js

@@ -25,12 +25,13 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class ChatListPage extends BaseListPage {
   newChat() {
     const randomName = Setting.getRandomName();
+    const organizationName = Setting.getRequestOrganization(this.props.account);
     return {
       owner: "admin", // this.props.account.applicationName,
       name: `chat_${randomName}`,
       createdTime: moment().format(),
       updatedTime: moment().format(),
-      organization: this.props.account.owner,
+      organization: organizationName,
       displayName: `New Chat - ${randomName}`,
       type: "Single",
       category: "Chat Category - 1",

web/src/Conf.js

@@ -1,34 +1,34 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-export const ShowGithubCorner = false;
-export const GithubRepo = "https://github.com/casdoor/casdoor";
-export const IsDemoMode = false;
-
-export const ForceLanguage = "";
-export const DefaultLanguage = "en";
-
-export const EnableExtraPages = true;
-
-export const EnableChatPages = true;
-
-export const InitThemeAlgorithm = true;
-export const ThemeDefault = {
-  themeType: "default",
-  colorPrimary: "#5734d3",
-  borderRadius: 6,
-  isCompact: false,
-};
-
-export const CustomFooter = null;
+// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+export const DefaultApplication = "app-built-in";
+
+export const ShowGithubCorner = false;
+export const IsDemoMode = false;
+
+export const ForceLanguage = "";
+export const DefaultLanguage = "en";
+
+export const EnableExtraPages = true;
+export const EnableChatPages = true;
+
+export const InitThemeAlgorithm = true;
+export const ThemeDefault = {
+  themeType: "default",
+  colorPrimary: "#5734d3",
+  borderRadius: 6,
+  isCompact: false,
+};
+
+export const CustomFooter = null;

web/src/EntryPage.js

@@ -74,8 +74,12 @@ class EntryPage extends React.Component {
       });
 
       ApplicationBackend.getApplication("admin", pricing.application)
-        .then((application) => {
-          const themeData = application !== null ? Setting.getThemeData(application.organizationObj, application) : Conf.ThemeDefault;
+        .then((res) => {
+          if (res.status === "error") {
+            Setting.showMessage("error", res.msg);
+            return;
+          }
+          const themeData = res !== null ? Setting.getThemeData(res.organizationObj, res) : Conf.ThemeDefault;
           this.props.updataThemeData(themeData);
         });
     };

web/src/GroupList.js

@@ -49,8 +49,9 @@ class GroupListPage extends BaseListPage {
 
   newGroup() {
     const randomName = Setting.getRandomName();
+    const owner = Setting.getRequestOrganization(this.props.account);
     return {
-      owner: this.props.account.owner,
+      owner: owner,
       name: `group_${randomName}`,
       createdTime: moment().format(),
       updatedTime: moment().format(),
@@ -251,7 +252,7 @@ class GroupListPage extends BaseListPage {
       value = params.type;
     }
     this.setState({loading: true});
-    GroupBackend.getGroups(this.state.owner, false, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    GroupBackend.getGroups(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), false, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         this.setState({
           loading: false,

web/src/MessageEditPage.js

@@ -45,17 +45,20 @@ class MessageEditPage extends React.Component {
 
   getMessage() {
     MessageBackend.getMessage("admin", this.state.messageName)
-      .then((message) => {
-        if (message === null) {
+      .then((res) => {
+        if (res === null) {
           this.props.history.push("/404");
           return;
         }
-
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
         this.setState({
-          message: message,
+          message: res,
         });
 
-        this.getUsers(message.organization);
+        this.getUsers(res.organization);
       });
   }
 
@@ -80,6 +83,10 @@ class MessageEditPage extends React.Component {
   getUsers(organizationName) {
     UserBackend.getUsers(organizationName)
       .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
         this.setState({
           users: res,
         });

web/src/MessageListPage.js

@@ -25,11 +25,12 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class MessageListPage extends BaseListPage {
   newMessage() {
     const randomName = Setting.getRandomName();
+    const organizationName = Setting.getRequestOrganization(this.props.account);
     return {
       owner: "admin", // this.props.account.messagename,
       name: `message_${randomName}`,
       createdTime: moment().format(),
-      organization: this.props.account.owner,
+      organization: organizationName,
       chat: "",
       replyTo: "",
       author: `${this.props.account.owner}/${this.props.account.name}`,
@@ -208,7 +209,7 @@ class MessageListPage extends BaseListPage {
       value = params.type;
     }
     this.setState({loading: true});
-    MessageBackend.getMessages("admin", Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    MessageBackend.getMessages("admin", Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         this.setState({
           loading: false,

web/src/ModelEditPage.js

@@ -47,14 +47,19 @@ class ModelEditPage extends React.Component {
 
   getModel() {
     ModelBackend.getModel(this.state.organizationName, this.state.modelName)
-      .then((model) => {
-        if (model === null) {
+      .then((res) => {
+        if (res === null) {
           this.props.history.push("/404");
           return;
         }
 
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
+
         this.setState({
-          model: model,
+          model: res,
         });
       });
   }

web/src/ModelListPage.js

@@ -40,8 +40,9 @@ m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act`;
 class ModelListPage extends BaseListPage {
   newModel() {
     const randomName = Setting.getRandomName();
+    const owner = Setting.getRequestOrganization(this.props.account);
     return {
-      owner: this.props.account.owner,
+      owner: owner,
       name: `model_${randomName}`,
       createdTime: moment().format(),
       displayName: `New Model - ${randomName}`,
@@ -202,7 +203,7 @@ class ModelListPage extends BaseListPage {
       value = params.type;
     }
     this.setState({loading: true});
-    ModelBackend.getModels(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    ModelBackend.getModels(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         this.setState({
           loading: false,

web/src/OrganizationEditPage.js

@@ -68,9 +68,14 @@ class OrganizationEditPage extends React.Component {
 
   getApplications() {
     ApplicationBackend.getApplicationsByOrganization("admin", this.state.organizationName)
-      .then((applications) => {
+      .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
+
         this.setState({
-          applications: applications,
+          applications: res,
         });
       });
   }
@@ -422,6 +427,7 @@ class OrganizationEditPage extends React.Component {
           this.setState({
             organizationName: this.state.organization.name,
           });
+          window.dispatchEvent(new Event("storageOrganizationsChanged"));
 
           if (willExist) {
             this.props.history.push("/organizations");
@@ -443,6 +449,7 @@ class OrganizationEditPage extends React.Component {
       .then((res) => {
         if (res.status === "ok") {
           this.props.history.push("/organizations");
+          window.dispatchEvent(new Event("storageOrganizationsChanged"));
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
         }

web/src/OrganizationListPage.js

@@ -83,6 +83,7 @@ class OrganizationListPage extends BaseListPage {
         if (res.status === "ok") {
           this.props.history.push({pathname: `/organizations/${newOrganization.name}`, mode: "add"});
           Setting.showMessage("success", i18next.t("general:Successfully added"));
+          window.dispatchEvent(new Event("storageOrganizationsChanged"));
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to add")}: ${res.msg}`);
         }
@@ -99,8 +100,11 @@ class OrganizationListPage extends BaseListPage {
           Setting.showMessage("success", i18next.t("general:Successfully deleted"));
           this.setState({
             data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+            pagination: {
+              ...this.state.pagination,
+              total: this.state.pagination.total - 1},
           });
+          window.dispatchEvent(new Event("storageOrganizationsChanged"));
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
         }
@@ -275,7 +279,7 @@ class OrganizationListPage extends BaseListPage {
       value = params.passwordType;
     }
     this.setState({loading: true});
-    OrganizationBackend.getOrganizations("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    OrganizationBackend.getOrganizations("admin", Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         this.setState({
           loading: false,

web/src/PaymentListPage.js

@@ -26,6 +26,7 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class PaymentListPage extends BaseListPage {
   newPayment() {
     const randomName = Setting.getRandomName();
+    const organizationName = Setting.getRequestOrganization(this.props.account);
     return {
       owner: "admin",
       name: `payment_${randomName}`,
@@ -33,7 +34,7 @@ class PaymentListPage extends BaseListPage {
       displayName: `New Payment - ${randomName}`,
       provider: "provider_pay_paypal",
       type: "PayPal",
-      organization: this.props.account.owner,
+      organization: organizationName,
       user: "admin",
       productName: "computer-1",
       productDisplayName: "A notebook computer",
@@ -265,7 +266,7 @@ class PaymentListPage extends BaseListPage {
       value = params.type;
     }
     this.setState({loading: true});
-    PaymentBackend.getPayments("admin", Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    PaymentBackend.getPayments("admin", Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         this.setState({
           loading: false,

web/src/PermissionEditPage.js

@@ -49,21 +49,26 @@ class PermissionEditPage extends React.Component {
 
   getPermission() {
     PermissionBackend.getPermission(this.state.organizationName, this.state.permissionName)
-      .then((permission) => {
-        if (permission === null) {
+      .then((res) => {
+        if (res === null) {
           this.props.history.push("/404");
           return;
         }
 
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
+
         this.setState({
-          permission: permission,
+          permission: res,
         });
 
-        this.getUsers(permission.owner);
-        this.getRoles(permission.owner);
-        this.getModels(permission.owner);
-        this.getResources(permission.owner);
-        this.getModel(permission.owner, permission.model);
+        this.getUsers(res.owner);
+        this.getRoles(res.owner);
+        this.getModels(res.owner);
+        this.getResources(res.owner);
+        this.getModel(res.owner, res.model);
       });
   }
 
@@ -79,6 +84,10 @@ class PermissionEditPage extends React.Component {
   getUsers(organizationName) {
     UserBackend.getUsers(organizationName)
       .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
         this.setState({
           users: res,
         });
@@ -88,6 +97,10 @@ class PermissionEditPage extends React.Component {
   getRoles(organizationName) {
     RoleBackend.getRoles(organizationName)
       .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
         this.setState({
           roles: res,
         });
@@ -97,6 +110,10 @@ class PermissionEditPage extends React.Component {
   getModels(organizationName) {
     ModelBackend.getModels(organizationName)
       .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
         this.setState({
           models: res,
         });
@@ -106,6 +123,10 @@ class PermissionEditPage extends React.Component {
   getModel(organizationName, modelName) {
     ModelBackend.getModel(organizationName, modelName)
       .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
         this.setState({
           model: res,
         });

web/src/PermissionListPage.js

@@ -26,8 +26,9 @@ import {UploadOutlined} from "@ant-design/icons";
 class PermissionListPage extends BaseListPage {
   newPermission() {
     const randomName = Setting.getRandomName();
+    const owner = Setting.getRequestOrganization(this.props.account);
     return {
-      owner: this.props.account.owner,
+      owner: owner,
       name: `permission_${randomName}`,
       createdTime: moment().format(),
       displayName: `New Permission - ${randomName}`,
@@ -383,7 +384,7 @@ class PermissionListPage extends BaseListPage {
     this.setState({loading: true});
 
     const getPermissions = Setting.isLocalAdminUser(this.props.account) ? PermissionBackend.getPermissions : PermissionBackend.getPermissionsBySubmitter;
-    getPermissions(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    getPermissions(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         this.setState({
           loading: false,

web/src/PlanEditPage.js

@@ -64,6 +64,10 @@ class PlanEditPage extends React.Component {
   getRoles(organizationName) {
     RoleBackend.getRoles(organizationName)
       .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
         this.setState({
           roles: res,
         });
@@ -73,6 +77,10 @@ class PlanEditPage extends React.Component {
   getUsers(organizationName) {
     UserBackend.getUsers(organizationName)
       .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
         this.setState({
           users: res,
         });

web/src/PlanListPage.js

@@ -25,8 +25,7 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class PlanListPage extends BaseListPage {
   newPlan() {
     const randomName = Setting.getRandomName();
-    const owner = (this.state.organizationName !== undefined) ? this.state.organizationName : this.props.account.owner;
-
+    const owner = Setting.getRequestOrganization(this.props.account);
     return {
       owner: owner,
       name: `plan_${randomName}`,
@@ -219,7 +218,7 @@ class PlanListPage extends BaseListPage {
       value = params.type;
     }
     this.setState({loading: true});
-    PlanBackend.getPlans(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    PlanBackend.getPlans(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         this.setState({
           loading: false,

web/src/PricingEditPage.js

@@ -49,22 +49,31 @@ class PricingEditPage extends React.Component {
 
   getPricing() {
     PricingBackend.getPricing(this.state.organizationName, this.state.pricingName)
-      .then((pricing) => {
-        if (pricing === null) {
+      .then((res) => {
+        if (res === null) {
           this.props.history.push("/404");
           return;
         }
 
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
+
         this.setState({
-          pricing: pricing,
+          pricing: res,
         });
-        this.getPlans(pricing.owner);
+        this.getPlans(res.owner);
       });
   }
 
   getPlans(organizationName) {
     PlanBackend.getPlans(organizationName)
       .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
         this.setState({
           plans: res,
         });
@@ -109,9 +118,13 @@ class PricingEditPage extends React.Component {
 
   getUserApplication() {
     ApplicationBackend.getUserApplication(this.state.organizationName, this.state.userName)
-      .then((application) => {
+      .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
         this.setState({
-          application: application,
+          application: res,
         });
       });
   }

web/src/PricingListPage.js

@@ -25,8 +25,7 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class PricingListPage extends BaseListPage {
   newPricing() {
     const randomName = Setting.getRandomName();
-    const owner = (this.state.organizationName !== undefined) ? this.state.organizationName : this.props.account.owner;
-
+    const owner = Setting.getRequestOrganization(this.props.account);
     return {
       owner: owner,
       name: `pricing_${randomName}`,
@@ -188,7 +187,7 @@ class PricingListPage extends BaseListPage {
       value = params.type;
     }
     this.setState({loading: true});
-    PricingBackend.getPricings(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    PricingBackend.getPricings(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         this.setState({
           loading: false,

web/src/ProductBuyPage.js

@@ -41,9 +41,14 @@ class ProductBuyPage extends React.Component {
     }
 
     ProductBackend.getProduct(this.props.account.owner, this.state.productName)
-      .then((product) => {
+      .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
+
         this.setState({
-          product: product,
+          product: res,
         });
       });
   }

web/src/ProductEditPage.js

@@ -20,6 +20,7 @@ import i18next from "i18next";
 import {LinkOutlined} from "@ant-design/icons";
 import * as ProviderBackend from "./backend/ProviderBackend";
 import ProductBuyPage from "./ProductBuyPage";
+import * as OrganizationBackend from "./backend/OrganizationBackend";
 
 const {Option} = Select;
 
@@ -39,11 +40,12 @@ class ProductEditPage extends React.Component {
 
   UNSAFE_componentWillMount() {
     this.getProduct();
+    this.getOrganizations();
     this.getPaymentProviders();
   }
 
   getProduct() {
-    ProductBackend.getProduct(this.props.account.owner, this.state.productName)
+    ProductBackend.getProduct(this.state.organizationName, this.state.productName)
       .then((product) => {
         if (product === null) {
           this.props.history.push("/404");
@@ -56,6 +58,15 @@ class ProductEditPage extends React.Component {
       });
   }
 
+  getOrganizations() {
+    OrganizationBackend.getOrganizations("admin")
+      .then((res) => {
+        this.setState({
+          organizations: (res.msg === undefined) ? res : [],
+        });
+      });
+  }
+
   getPaymentProviders() {
     ProviderBackend.getProviders(this.props.account.owner)
       .then((res) => {
@@ -312,7 +323,7 @@ class ProductEditPage extends React.Component {
           if (willExist) {
             this.props.history.push("/products");
           } else {
-            this.props.history.push(`/products/${this.state.product.name}`);
+            this.props.history.push(`/products/${this.state.product.owner}/${this.state.product.name}`);
           }
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);

web/src/ProductListPage.js

@@ -26,8 +26,9 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class ProductListPage extends BaseListPage {
   newProduct() {
     const randomName = Setting.getRandomName();
+    const owner = Setting.getRequestOrganization(this.props.account);
     return {
-      owner: this.props.account.owner,
+      owner: owner,
       name: `product_${randomName}`,
       createdTime: moment().format(),
       displayName: `New Product - ${randomName}`,
@@ -47,7 +48,7 @@ class ProductListPage extends BaseListPage {
     ProductBackend.addProduct(newProduct)
       .then((res) => {
         if (res.status === "ok") {
-          this.props.history.push({pathname: `/products/${newProduct.name}`, mode: "add"});
+          this.props.history.push({pathname: `/products/${newProduct.owner}/${newProduct.name}`, mode: "add"});
           Setting.showMessage("success", i18next.t("general:Successfully added"));
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to add")}: ${res.msg}`);
@@ -88,7 +89,7 @@ class ProductListPage extends BaseListPage {
         ...this.getColumnSearchProps("name"),
         render: (text, record, index) => {
           return (
-            <Link to={`/products/${text}`}>
+            <Link to={`/products/${record.owner}/${text}`}>
               {text}
             </Link>
           );
@@ -201,7 +202,7 @@ class ProductListPage extends BaseListPage {
                 size="small"
                 locale={{emptyText: " "}}
                 dataSource={providers}
-                renderItem={(providerName, i) => {
+                renderItem={(providerName, record, i) => {
                   return (
                     <List.Item>
                       <div style={{display: "inline"}}>
@@ -247,7 +248,7 @@ class ProductListPage extends BaseListPage {
           return (
             <div>
               <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} onClick={() => this.props.history.push(`/products/${record.name}/buy`)}>{i18next.t("product:Buy")}</Button>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/products/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/products/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
               <PopconfirmModal
                 title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
                 onConfirm={() => this.deleteProduct(index)}
@@ -268,7 +269,7 @@ class ProductListPage extends BaseListPage {
 
     return (
       <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={products} rowKey="name" size="middle" bordered pagination={paginationProps}
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={products} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
           title={() => (
             <div>
               {i18next.t("general:Products")}&nbsp;&nbsp;&nbsp;&nbsp;
@@ -290,7 +291,7 @@ class ProductListPage extends BaseListPage {
       value = params.type;
     }
     this.setState({loading: true});
-    ProductBackend.getProducts(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    ProductBackend.getProducts(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         this.setState({
           loading: false,

web/src/ProviderListPage.js

@@ -29,6 +29,7 @@ class ProviderListPage extends BaseListPage {
   }
 
   componentDidMount() {
+    super.componentDidMount();
     this.setState({
       owner: Setting.isAdminUser(this.props.account) ? "admin" : this.props.account.owner,
     });
@@ -36,8 +37,9 @@ class ProviderListPage extends BaseListPage {
 
   newProvider() {
     const randomName = Setting.getRandomName();
+    const owner = Setting.isDefaultOrganizationSelected(this.props.account) ? this.state.owner : Setting.getRequestOrganization();
     return {
-      owner: this.state.owner,
+      owner: owner,
       name: `provider_${randomName}`,
       createdTime: moment().format(),
       displayName: `New Provider - ${randomName}`,
@@ -256,8 +258,8 @@ class ProviderListPage extends BaseListPage {
       value = params.type;
     }
     this.setState({loading: true});
-    (Setting.isAdminUser(this.props.account) ? ProviderBackend.getGlobalProviders(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
-      : ProviderBackend.getProviders(this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
+    (Setting.isDefaultOrganizationSelected(this.props.account) ? ProviderBackend.getGlobalProviders(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      : ProviderBackend.getProviders(Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
       .then((res) => {
         this.setState({
           loading: false,

web/src/RecordListPage.js

@@ -209,7 +209,7 @@ class RecordListPage extends BaseListPage {
       value = params.method;
     }
     this.setState({loading: true});
-    RecordBackend.getRecords(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    RecordBackend.getRecords(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         this.setState({
           loading: false,

web/src/ResourceListPage.js

@@ -309,7 +309,7 @@ class ResourceListPage extends BaseListPage {
     const field = params.searchedColumn, value = params.searchText;
     const sortField = params.sortField, sortOrder = params.sortOrder;
     this.setState({loading: true});
-    ResourceBackend.getResources(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, this.props.account.name, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    ResourceBackend.getResources(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), this.props.account.name, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         this.setState({
           loading: false,

web/src/RoleEditPage.js

@@ -42,18 +42,22 @@ class RoleEditPage extends React.Component {
 
   getRole() {
     RoleBackend.getRole(this.state.organizationName, this.state.roleName)
-      .then((role) => {
-        if (role === null) {
+      .then((res) => {
+        if (res === null) {
           this.props.history.push("/404");
           return;
         }
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
 
         this.setState({
-          role: role,
+          role: res,
         });
 
-        this.getUsers(role.owner);
-        this.getRoles(role.owner);
+        this.getUsers(res.owner);
+        this.getRoles(res.owner);
       });
   }
 
@@ -69,6 +73,10 @@ class RoleEditPage extends React.Component {
   getUsers(organizationName) {
     UserBackend.getUsers(organizationName)
       .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
         this.setState({
           users: res,
         });
@@ -78,6 +86,10 @@ class RoleEditPage extends React.Component {
   getRoles(organizationName) {
     RoleBackend.getRoles(organizationName)
       .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
         this.setState({
           roles: res,
         });

web/src/RoleListPage.js

@@ -26,8 +26,9 @@ import {UploadOutlined} from "@ant-design/icons";
 class RoleListPage extends BaseListPage {
   newRole() {
     const randomName = Setting.getRandomName();
+    const owner = Setting.getRequestOrganization(this.props.account);
     return {
-      owner: this.props.account.owner,
+      owner: owner,
       name: `role_${randomName}`,
       createdTime: moment().format(),
       displayName: `New Role - ${randomName}`,
@@ -258,7 +259,7 @@ class RoleListPage extends BaseListPage {
       value = params.type;
     }
     this.setState({loading: true});
-    RoleBackend.getRoles(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    RoleBackend.getRoles(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         this.setState({
           loading: false,

web/src/SessionListPage.js

@@ -22,7 +22,6 @@ import * as SessionBackend from "./backend/SessionBackend";
 import PopconfirmModal from "./common/modal/PopconfirmModal";
 
 class SessionListPage extends BaseListPage {
-
   deleteSession(i) {
     SessionBackend.deleteSession(this.state.data[i])
       .then((res) => {
@@ -134,7 +133,7 @@ class SessionListPage extends BaseListPage {
       value = params.contentType;
     }
     this.setState({loading: true});
-    SessionBackend.getSessions(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    SessionBackend.getSessions(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         this.setState({
           loading: false,

web/src/Setting.js

@@ -1164,3 +1164,27 @@ export function inIframe() {
     return true;
   }
 }
+
+export function getOrganization() {
+  const organization = localStorage.getItem("organization");
+  return organization !== null ? organization : "All";
+}
+
+export function setOrganization(organization) {
+  localStorage.setItem("organization", organization);
+  window.dispatchEvent(new Event("storageOrganizationChanged"));
+}
+
+export function getRequestOrganization(account) {
+  if (isAdminUser(account)) {
+    return getOrganization() === "All" ? account.owner : getOrganization();
+  }
+  return account.owner;
+}
+
+export function isDefaultOrganizationSelected(account) {
+  if (isAdminUser(account)) {
+    return getOrganization() === "All";
+  }
+  return false;
+}

web/src/SubscriptionEditPage.js

@@ -46,18 +46,23 @@ class SubscriptionEditPage extends React.Component {
 
   getSubscription() {
     SubscriptionBackend.getSubscription(this.state.organizationName, this.state.subscriptionName)
-      .then((subscription) => {
-        if (subscription === null) {
+      .then((res) => {
+        if (res === null) {
           this.props.history.push("/404");
           return;
         }
 
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
+
         this.setState({
-          subscription: subscription,
+          subscription: res,
         });
 
-        this.getUsers(subscription.owner);
-        this.getPlanes(subscription.owner);
+        this.getUsers(res.owner);
+        this.getPlanes(res.owner);
       });
   }
 
@@ -73,6 +78,10 @@ class SubscriptionEditPage extends React.Component {
   getUsers(organizationName) {
     UserBackend.getUsers(organizationName)
       .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
         this.setState({
           users: res,
         });

web/src/SubscriptionListPage.js

@@ -25,7 +25,7 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class SubscriptionListPage extends BaseListPage {
   newSubscription() {
     const randomName = Setting.getRandomName();
-    const owner = (this.state.organizationName !== undefined) ? this.state.organizationName : this.props.account.owner;
+    const owner = Setting.getRequestOrganization(this.props.account);
     const defaultDuration = 365;
 
     return {
@@ -237,7 +237,7 @@ class SubscriptionListPage extends BaseListPage {
       value = params.type;
     }
     this.setState({loading: true});
-    SubscriptionBackend.getSubscriptions(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    SubscriptionBackend.getSubscriptions(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         this.setState({
           loading: false,

web/src/SyncerEditPage.js

@@ -47,14 +47,19 @@ class SyncerEditPage extends React.Component {
 
   getSyncer() {
     SyncerBackend.getSyncer("admin", this.state.syncerName)
-      .then((syncer) => {
-        if (syncer === null) {
+      .then((res) => {
+        if (res === null) {
           this.props.history.push("/404");
           return;
         }
 
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
+
         this.setState({
-          syncer: syncer,
+          syncer: res,
         });
       });
   }

web/src/SyncerListPage.js

@@ -25,11 +25,12 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class SyncerListPage extends BaseListPage {
   newSyncer() {
     const randomName = Setting.getRandomName();
+    const organizationName = Setting.getRequestOrganization(this.props.account);
     return {
       owner: "admin",
       name: `syncer_${randomName}`,
       createdTime: moment().format(),
-      organization: this.props.account.owner,
+      organization: organizationName,
       type: "Database",
       host: "localhost",
       port: 3306,
@@ -276,7 +277,7 @@ class SyncerListPage extends BaseListPage {
       value = params.type;
     }
     this.setState({loading: true});
-    SyncerBackend.getSyncers("admin", Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    SyncerBackend.getSyncers("admin", Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         this.setState({
           loading: false,

web/src/TokenEditPage.js

@@ -35,14 +35,19 @@ class TokenEditPage extends React.Component {
 
   getToken() {
     TokenBackend.getToken("admin", this.state.tokenName)
-      .then((token) => {
-        if (token === null) {
+      .then((res) => {
+        if (res === null) {
           this.props.history.push("/404");
           return;
         }
 
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
+
         this.setState({
-          token: token,
+          token: res,
         });
       });
   }

web/src/TokenListPage.js

@@ -25,12 +25,13 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class TokenListPage extends BaseListPage {
   newToken() {
     const randomName = Setting.getRandomName();
+    const organizationName = Setting.getRequestOrganization(this.props.account);
     return {
       owner: "admin", // this.props.account.tokenname,
       name: `token_${randomName}`,
       createdTime: moment().format(),
       application: "app-built-in",
-      organization: this.props.account.owner,
+      organization: organizationName,
       user: "admin",
       accessToken: "",
       expiresIn: 7200,
@@ -240,7 +241,7 @@ class TokenListPage extends BaseListPage {
     const field = params.searchedColumn, value = params.searchText;
     const sortField = params.sortField, sortOrder = params.sortOrder;
     this.setState({loading: true});
-    TokenBackend.getTokens("admin", Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    TokenBackend.getTokens("admin", Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         this.setState({
           loading: false,

web/src/UserEditPage.js

@@ -121,13 +121,17 @@ class UserEditPage extends React.Component {
 
   getUserApplication() {
     ApplicationBackend.getUserApplication(this.state.organizationName, this.state.userName)
-      .then((application) => {
+      .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
         this.setState({
-          application: application,
+          application: res,
         });
 
         this.setState({
-          isGroupsVisible: application.organizationObj.accountItems?.some((item) => item.name === "Groups" && item.visible),
+          isGroupsVisible: res.organizationObj.accountItems?.some((item) => item.name === "Groups" && item.visible),
         });
       });
   }