Revert "fix: disable cookie for static files (#1656)"

This reverts commit 312412ffe4.

.github/workflows/build.yml

@@ -9,19 +9,18 @@ jobs:
     runs-on: ubuntu-latest
     services:
       mysql:
-        image: mysql:5.7
-        env:
-          MYSQL_DATABASE: casdoor
-          MYSQL_ROOT_PASSWORD: 123456
-        ports:
-          - 3306:3306
-        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
+          image: mysql:5.7
+          env:
+            MYSQL_DATABASE: casdoor
+            MYSQL_ROOT_PASSWORD: 123456
+          ports:
+              - 3306:3306
+          options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
+      - uses: actions/checkout@v2
+      - uses: actions/setup-go@v2
         with:
           go-version: '^1.16.5'
-          cache-dependency-path: ./go.mod
       - name: Tests
         run: |
           go test -v $(go list ./...) -tags skipCi
@@ -32,12 +31,14 @@ jobs:
     runs-on: ubuntu-latest
     needs: [ go-tests ]
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v2
+      - uses: actions/setup-node@v2
         with:
           node-version: 16
-          cache: 'yarn'
-          cache-dependency-path: ./web/yarn.lock
+      # cache
+      - uses: c-hive/gha-yarn-cache@v2
+        with:
+          directory: ./web
       - run: yarn install && CI=false yarn run build
         working-directory: ./web
 
@@ -46,11 +47,10 @@ jobs:
     runs-on: ubuntu-latest
     needs: [ go-tests ]
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
+      - uses: actions/checkout@v2
+      - uses: actions/setup-go@v2
         with:
           go-version: '^1.16.5'
-          cache-dependency-path: ./go.mod
       - run: go version
       - name: Build
         run: |
@@ -63,14 +63,13 @@ jobs:
     needs: [ go-tests ]
     steps:
       - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
+      - uses: actions/setup-go@v3
         with:
           go-version: '^1.16.5'
-          cache: false
 
       # gen a dummy config file
       - run: touch dummy.yml
-
+      
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         with:
@@ -83,35 +82,35 @@ jobs:
     needs: [ go-tests ]
     services:
       mysql:
-        image: mysql:5.7
-        env:
-          MYSQL_DATABASE: casdoor
-          MYSQL_ROOT_PASSWORD: 123456
-        ports:
-          - 3306:3306
-        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
+          image: mysql:5.7
+          env:
+            MYSQL_DATABASE: casdoor
+            MYSQL_ROOT_PASSWORD: 123456
+          ports:
+              - 3306:3306
+          options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
+      - uses: actions/checkout@v2
+      - uses: actions/setup-go@v2
         with:
           go-version: '^1.16.5'
-          cache-dependency-path: ./go.mod
-      - name: start backend
+      - uses: actions/setup-node@v2
+        with:
+          node-version: 16    
+      - name: back start
         run: nohup go run ./main.go &
         working-directory: ./
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 16
-          cache: 'yarn'
-          cache-dependency-path: ./web/yarn.lock
-      - run: yarn install
+      - name: front install
+        run: yarn install
         working-directory: ./web
-      - uses: cypress-io/github-action@v5
+      - name: front start
+        run: nohup yarn start &
+        working-directory: ./web  
+      - uses: cypress-io/github-action@v4
         with:
-          start: yarn start
+          working-directory: ./web
           wait-on: 'http://localhost:7001'
           wait-on-timeout: 180
-          working-directory: ./web
 
       - uses: actions/upload-artifact@v3
         if: failure()
@@ -122,7 +121,7 @@ jobs:
         if: always()
         with:
           name: cypress-videos
-          path: ./web/cypress/videos
+          path: ./web/cypress/videos    
 
   release-and-push:
     name: Release And Push
@@ -131,11 +130,11 @@ jobs:
     needs: [ frontend, backend, linter, e2e ]
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v2
         with:
-          fetch-depth: -1
+          fetch-depth: 0
       - name: Setup Node.js
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v2
         with:
           node-version: 16
 
@@ -167,10 +166,10 @@ jobs:
           elif [ ${old_array[1]} != ${new_array[1]} ]
           then 
               echo ::set-output name=push::'true'
-          
+              
           else
               echo ::set-output name=push::'false'
-          
+              
           fi
 
       - name: Set up QEMU
@@ -193,7 +192,6 @@ jobs:
         uses: docker/build-push-action@v3
         if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
         with:
-          context: .
           target: STANDARD
           platforms: linux/amd64,linux/arm64
           push: true
@@ -203,7 +201,6 @@ jobs:
         uses: docker/build-push-action@v3
         if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
         with:
-          context: .
           target: ALLINONE
           platforms: linux/amd64,linux/arm64
           push: true

.gitignore

@@ -29,6 +29,4 @@ lastupdate.tmp
 commentsRouter*.go
 
 # ignore build result
-casdoor
-server_linux_arm64
-server_linux_amd64
+casdoor

Dockerfile

@@ -1,15 +1,15 @@
-FROM node:16.18.0 AS FRONT
+FROM node:16.13.0 AS FRONT
 WORKDIR /web
 COPY ./web .
 RUN yarn config set registry https://registry.npmmirror.com
 RUN yarn install --frozen-lockfile --network-timeout 1000000 && yarn run build
 
 
-FROM golang:1.19.9 AS BACK
+FROM golang:1.17.5 AS BACK
 WORKDIR /go/src/casdoor
 COPY . .
 RUN ./build.sh
-RUN go test -v -run TestGetVersionInfo ./util/system_test.go ./util/system.go > version_info.txt
+
 
 FROM alpine:latest AS STANDARD
 LABEL MAINTAINER="https://casdoor.org/"
@@ -34,7 +34,6 @@ WORKDIR /
 COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/server_${BUILDX_ARCH} ./server
 COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/swagger ./swagger
 COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/conf/app.conf ./conf/app.conf
-COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/version_info.txt ./go/src/casdoor/version_info.txt
 COPY --from=FRONT --chown=$USER:$USER /web/build ./web/build
 
 ENTRYPOINT ["/server"]
@@ -62,9 +61,7 @@ COPY --from=BACK /go/src/casdoor/server_${BUILDX_ARCH} ./server
 COPY --from=BACK /go/src/casdoor/swagger ./swagger
 COPY --from=BACK /go/src/casdoor/docker-entrypoint.sh /docker-entrypoint.sh
 COPY --from=BACK /go/src/casdoor/conf/app.conf ./conf/app.conf
-COPY --from=BACK /go/src/casdoor/version_info.txt ./go/src/casdoor/version_info.txt
 COPY --from=FRONT /web/build ./web/build
-RUN mkdir tempFiles
 
 ENTRYPOINT ["/bin/bash"]
 CMD ["/docker-entrypoint.sh"]

ai/ai.go

@@ -1,141 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package ai
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/sashabaranov/go-openai"
-)
-
-func queryAnswer(authToken string, question string, timeout int) (string, error) {
-	// fmt.Printf("Question: %s\n", question)
-
-	client := getProxyClientFromToken(authToken)
-
-	ctx, cancel := context.WithTimeout(context.Background(), time.Duration(2+timeout*2)*time.Second)
-	defer cancel()
-
-	resp, err := client.CreateChatCompletion(
-		ctx,
-		openai.ChatCompletionRequest{
-			Model: openai.GPT3Dot5Turbo,
-			Messages: []openai.ChatCompletionMessage{
-				{
-					Role:    openai.ChatMessageRoleUser,
-					Content: question,
-				},
-			},
-		},
-	)
-	if err != nil {
-		return "", err
-	}
-
-	res := resp.Choices[0].Message.Content
-	res = strings.Trim(res, "\n")
-	// fmt.Printf("Answer: %s\n\n", res)
-	return res, nil
-}
-
-func QueryAnswerSafe(authToken string, question string) string {
-	var res string
-	var err error
-	for i := 0; i < 10; i++ {
-		res, err = queryAnswer(authToken, question, i)
-		if err != nil {
-			if i > 0 {
-				fmt.Printf("\tFailed (%d): %s\n", i+1, err.Error())
-			}
-		} else {
-			break
-		}
-	}
-	if err != nil {
-		panic(err)
-	}
-
-	return res
-}
-
-func QueryAnswerStream(authToken string, question string, writer io.Writer, builder *strings.Builder) error {
-	client := getProxyClientFromToken(authToken)
-
-	ctx := context.Background()
-	flusher, ok := writer.(http.Flusher)
-	if !ok {
-		return fmt.Errorf("writer does not implement http.Flusher")
-	}
-	// https://platform.openai.com/tokenizer
-	// https://github.com/pkoukk/tiktoken-go#available-encodings
-	promptTokens, err := getTokenSize(openai.GPT3TextDavinci003, question)
-	if err != nil {
-		return err
-	}
-
-	// https://platform.openai.com/docs/models/gpt-3-5
-	maxTokens := 4097 - promptTokens
-
-	respStream, err := client.CreateCompletionStream(
-		ctx,
-		openai.CompletionRequest{
-			Model:     openai.GPT3TextDavinci003,
-			Prompt:    question,
-			MaxTokens: maxTokens,
-			Stream:    true,
-		},
-	)
-	if err != nil {
-		return err
-	}
-	defer respStream.Close()
-
-	isLeadingReturn := true
-	for {
-		completion, streamErr := respStream.Recv()
-		if streamErr != nil {
-			if streamErr == io.EOF {
-				break
-			}
-			return streamErr
-		}
-
-		data := completion.Choices[0].Text
-		if isLeadingReturn && len(data) != 0 {
-			if strings.Count(data, "\n") == len(data) {
-				continue
-			} else {
-				isLeadingReturn = false
-			}
-		}
-
-		fmt.Printf("%s", data)
-
-		// Write the streamed data as Server-Sent Events
-		if _, err = fmt.Fprintf(writer, "data: %s\n\n", data); err != nil {
-			return err
-		}
-		flusher.Flush()
-		// Append the response to the strings.Builder
-		builder.WriteString(data)
-	}
-
-	return nil
-}

ai/ai_test.go

@@ -1,42 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-//go:build !skipCi
-// +build !skipCi
-
-package ai
-
-import (
-	"testing"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/proxy"
-	"github.com/sashabaranov/go-openai"
-)
-
-func TestRun(t *testing.T) {
-	object.InitConfig()
-	proxy.InitHttpClient()
-
-	text, err := queryAnswer("", "hi", 5)
-	if err != nil {
-		panic(err)
-	}
-
-	println(text)
-}
-
-func TestToken(t *testing.T) {
-	println(getTokenSize(openai.GPT3TextDavinci003, ""))
-}

ai/proxy.go

@@ -1,28 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package ai
-
-import (
-	"github.com/casdoor/casdoor/proxy"
-	"github.com/sashabaranov/go-openai"
-)
-
-func getProxyClientFromToken(authToken string) *openai.Client {
-	config := openai.DefaultConfig(authToken)
-	config.HTTPClient = proxy.ProxyHttpClient
-
-	c := openai.NewClientWithConfig(config)
-	return c
-}

ai/util.go

@@ -1,28 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package ai
-
-import "github.com/pkoukk/tiktoken-go"
-
-func getTokenSize(model string, prompt string) (int, error) {
-	tkm, err := tiktoken.EncodingForModel(model)
-	if err != nil {
-		return 0, err
-	}
-
-	token := tkm.Encode(prompt, nil, nil)
-	res := len(token)
-	return res, nil
-}

authz/authz.go

@@ -15,13 +15,13 @@
 package authz
 
 import (
+	"fmt"
 	"strings"
 
 	"github.com/casbin/casbin/v2"
 	"github.com/casbin/casbin/v2/model"
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
 	xormadapter "github.com/casdoor/xorm-adapter/v3"
 	stringadapter "github.com/qiangmzsx/string-adapter/v2"
 )
@@ -87,11 +87,8 @@ p, *, *, POST, /api/logout, *, *
 p, *, *, GET, /api/logout, *, *
 p, *, *, GET, /api/get-account, *, *
 p, *, *, GET, /api/userinfo, *, *
-p, *, *, GET, /api/user, *, *
-p, *, *, GET, /api/health, *, *
 p, *, *, POST, /api/webhook, *, *
 p, *, *, GET, /api/get-webhook-event, *, *
-p, *, *, GET, /api/get-captcha-status, *, *
 p, *, *, *, /api/login/oauth, *, *
 p, *, *, GET, /api/get-application, *, *
 p, *, *, GET, /api/get-organization-applications, *, *
@@ -110,7 +107,6 @@ p, *, *, POST, /api/set-password, *, *
 p, *, *, POST, /api/send-verification-code, *, *
 p, *, *, GET, /api/get-captcha, *, *
 p, *, *, POST, /api/verify-captcha, *, *
-p, *, *, POST, /api/verify-code, *, *
 p, *, *, POST, /api/reset-email-or-phone, *, *
 p, *, *, POST, /api/upload-resource, *, *
 p, *, *, GET, /.well-known/openid-configuration, *, *
@@ -122,11 +118,6 @@ p, *, *, *, /cas, *, *
 p, *, *, *, /api/webauthn, *, *
 p, *, *, GET, /api/get-release, *, *
 p, *, *, GET, /api/get-default-application, *, *
-p, *, *, GET, /api/get-prometheus-info, *, *
-p, *, *, *, /api/metrics, *, *
-p, *, *, GET, /api/get-pricing, *, *
-p, *, *, GET, /api/get-plan, *, *
-p, *, *, GET, /api/get-organization-names, *, *
 `
 
 		sa := stringadapter.NewAdapter(ruleText)
@@ -153,12 +144,9 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o
 		}
 	}
 
-	user, err := object.GetUser(util.GetId(subOwner, subName))
-	if err != nil {
-		panic(err)
-	}
-
-	if user != nil && user.IsAdmin && (subOwner == objOwner || (objOwner == "admin")) {
+	userId := fmt.Sprintf("%s/%s", subOwner, subName)
+	user := object.GetUser(userId)
+	if user != nil && user.IsAdmin && (subOwner == objOwner || (objOwner == "admin" && subOwner == objName)) {
 		return true
 	}
 

conf/app.conf

@@ -20,6 +20,5 @@ staticBaseUrl = "https://cdn.casbin.org"
 isDemoMode = false
 batchSize = 100
 ldapServerPort = 389
+languages = en,zh,es,fr,de,ja,ko,ru,vi
 quota = {"organization": -1, "user": -1, "application": -1, "provider": -1}
-logConfig = {"filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}
-initDataFile = "./init_data.json"

conf/conf.go

@@ -16,6 +16,7 @@ package conf
 
 import (
 	"encoding/json"
+	"fmt"
 	"os"
 	"runtime"
 	"strconv"
@@ -66,21 +67,20 @@ func GetConfigString(key string) string {
 	if res == "" {
 		if key == "staticBaseUrl" {
 			res = "https://cdn.casbin.org"
-		} else if key == "logConfig" {
-			res = "{\"filename\": \"logs/casdoor.log\", \"maxdays\":99999, \"perm\":\"0770\"}"
 		}
 	}
 
 	return res
 }
 
-func GetConfigBool(key string) bool {
+func GetConfigBool(key string) (bool, error) {
 	value := GetConfigString(key)
 	if value == "true" {
-		return true
-	} else {
-		return false
+		return true, nil
+	} else if value == "false" {
+		return false, nil
 	}
+	return false, fmt.Errorf("value %s cannot be converted into bool", value)
 }
 
 func GetConfigInt64(key string) (int64, error) {
@@ -110,10 +110,15 @@ func GetLanguage(language string) string {
 		return "en"
 	}
 
-	if len(language) != 2 || language == "nu" {
+	if len(language) < 2 {
 		return "en"
-	} else {
+	}
+
+	language = language[0:2]
+	if strings.Contains(GetConfigString("languages"), language) {
 		return language
+	} else {
+		return "en"
 	}
 }
 

conf/conf_test.go

@@ -87,7 +87,7 @@ func TestGetConfBool(t *testing.T) {
 	assert.Nil(t, err)
 	for _, scenery := range scenarios {
 		t.Run(scenery.description, func(t *testing.T) {
-			actual := GetConfigBool(scenery.input)
+			actual, err := GetConfigBool(scenery.input)
 			assert.Nil(t, err)
 			assert.Equal(t, scenery.expected, actual)
 		})
@@ -109,19 +109,3 @@ func TestGetConfigQuota(t *testing.T) {
 		assert.Equal(t, scenery.expected, quota)
 	}
 }
-
-func TestGetConfigLogs(t *testing.T) {
-	scenarios := []struct {
-		description string
-		expected    string
-	}{
-		{"Default log config", `{"filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}`},
-	}
-
-	err := beego.LoadAppConfig("ini", "app.conf")
-	assert.Nil(t, err)
-	for _, scenery := range scenarios {
-		quota := GetConfigString("logConfig")
-		assert.Equal(t, scenery.expected, quota)
-	}
-}

controllers/account.go

@@ -21,7 +21,6 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/casdoor/casdoor/form"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -35,6 +34,43 @@ const (
 	ResponseTypeCas     = "cas"
 )
 
+type RequestForm struct {
+	Type string `json:"type"`
+
+	Organization string `json:"organization"`
+	Username     string `json:"username"`
+	Password     string `json:"password"`
+	Name         string `json:"name"`
+	FirstName    string `json:"firstName"`
+	LastName     string `json:"lastName"`
+	Email        string `json:"email"`
+	Phone        string `json:"phone"`
+	Affiliation  string `json:"affiliation"`
+	IdCard       string `json:"idCard"`
+	Region       string `json:"region"`
+
+	Application string `json:"application"`
+	Provider    string `json:"provider"`
+	Code        string `json:"code"`
+	State       string `json:"state"`
+	RedirectUri string `json:"redirectUri"`
+	Method      string `json:"method"`
+
+	EmailCode   string `json:"emailCode"`
+	PhoneCode   string `json:"phoneCode"`
+	CountryCode string `json:"countryCode"`
+
+	AutoSignin bool `json:"autoSignin"`
+
+	RelayState   string `json:"relayState"`
+	SamlRequest  string `json:"samlRequest"`
+	SamlResponse string `json:"samlResponse"`
+
+	CaptchaType  string `json:"captchaType"`
+	CaptchaToken string `json:"captchaToken"`
+	ClientSecret string `json:"clientSecret"`
+}
+
 type Response struct {
 	Status string      `json:"status"`
 	Msg    string      `json:"msg"`
@@ -67,42 +103,32 @@ type Captcha struct {
 // @router /signup [post]
 func (c *ApiController) Signup() {
 	if c.GetSessionUsername() != "" {
-		c.ResponseError(c.T("account:Please sign out first"), c.GetSessionUsername())
+		c.ResponseError(c.T("account:Please sign out first before signing up"), c.GetSessionUsername())
 		return
 	}
 
-	var authForm form.AuthForm
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &authForm)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	application, err := object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
+	var form RequestForm
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
+	application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
 	if !application.EnableSignUp {
 		c.ResponseError(c.T("account:The application does not allow to sign up new account"))
 		return
 	}
 
-	organization, err := object.GetOrganization(util.GetId("admin", authForm.Organization))
-	if err != nil {
-		c.ResponseError(c.T(err.Error()))
-		return
-	}
-
-	msg := object.CheckUserSignup(application, organization, &authForm, c.GetAcceptLanguage())
+	organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", form.Organization))
+	msg := object.CheckUserSignup(application, organization, form.Username, form.Password, form.Name, form.FirstName, form.LastName, form.Email, form.Phone, form.CountryCode, form.Affiliation, c.GetAcceptLanguage())
 	if msg != "" {
 		c.ResponseError(msg)
 		return
 	}
 
-	if application.IsSignupItemVisible("Email") && application.GetSignupItemRule("Email") != "No verification" && authForm.Email != "" {
-		checkResult := object.CheckVerificationCode(authForm.Email, authForm.EmailCode, c.GetAcceptLanguage())
+	if application.IsSignupItemVisible("Email") && application.GetSignupItemRule("Email") != "No verification" && form.Email != "" {
+		checkResult := object.CheckVerificationCode(form.Email, form.EmailCode, c.GetAcceptLanguage())
 		if checkResult.Code != object.VerificationSuccess {
 			c.ResponseError(checkResult.Msg)
 			return
@@ -110,9 +136,9 @@ func (c *ApiController) Signup() {
 	}
 
 	var checkPhone string
-	if application.IsSignupItemVisible("Phone") && application.GetSignupItemRule("Phone") != "No verification" && authForm.Phone != "" {
-		checkPhone, _ = util.GetE164Number(authForm.Phone, authForm.CountryCode)
-		checkResult := object.CheckVerificationCode(checkPhone, authForm.PhoneCode, c.GetAcceptLanguage())
+	if application.IsSignupItemVisible("Phone") && form.Phone != "" {
+		checkPhone, _ = util.GetE164Number(form.Phone, form.CountryCode)
+		checkResult := object.CheckVerificationCode(checkPhone, form.PhoneCode, c.GetAcceptLanguage())
 		if checkResult.Code != object.VerificationSuccess {
 			c.ResponseError(checkResult.Msg)
 			return
@@ -121,11 +147,7 @@ func (c *ApiController) Signup() {
 
 	id := util.GenerateId()
 	if application.GetSignupItemRule("ID") == "Incremental" {
-		lastUser, err := object.GetLastUser(authForm.Organization)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		lastUser := object.GetLastUser(form.Organization)
 
 		lastIdInt := -1
 		if lastUser != nil {
@@ -135,40 +157,33 @@ func (c *ApiController) Signup() {
 		id = strconv.Itoa(lastIdInt + 1)
 	}
 
-	username := authForm.Username
+	username := form.Username
 	if !application.IsSignupItemVisible("Username") {
 		username = id
 	}
 
-	password := authForm.Password
-	msg = object.CheckPasswordComplexityByOrg(organization, password)
-	if msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
-	initScore, err := organization.GetInitScore()
+	initScore, err := getInitScore(organization)
 	if err != nil {
 		c.ResponseError(fmt.Errorf(c.T("account:Get init score failed, error: %w"), err).Error())
 		return
 	}
 
 	user := &object.User{
-		Owner:             authForm.Organization,
+		Owner:             form.Organization,
 		Name:              username,
 		CreatedTime:       util.GetCurrentTime(),
 		Id:                id,
 		Type:              "normal-user",
-		Password:          authForm.Password,
-		DisplayName:       authForm.Name,
+		Password:          form.Password,
+		DisplayName:       form.Name,
 		Avatar:            organization.DefaultAvatar,
-		Email:             authForm.Email,
-		Phone:             authForm.Phone,
-		CountryCode:       authForm.CountryCode,
+		Email:             form.Email,
+		Phone:             form.Phone,
+		CountryCode:       form.CountryCode,
 		Address:           []string{},
-		Affiliation:       authForm.Affiliation,
-		IdCard:            authForm.IdCard,
-		Region:            authForm.Region,
+		Affiliation:       form.Affiliation,
+		IdCard:            form.IdCard,
+		Region:            form.Region,
 		Score:             initScore,
 		IsAdmin:           false,
 		IsGlobalAdmin:     false,
@@ -187,55 +202,28 @@ func (c *ApiController) Signup() {
 	}
 
 	if application.GetSignupItemRule("Display name") == "First, last" {
-		if authForm.FirstName != "" || authForm.LastName != "" {
-			user.DisplayName = fmt.Sprintf("%s %s", authForm.FirstName, authForm.LastName)
-			user.FirstName = authForm.FirstName
-			user.LastName = authForm.LastName
+		if form.FirstName != "" || form.LastName != "" {
+			user.DisplayName = fmt.Sprintf("%s %s", form.FirstName, form.LastName)
+			user.FirstName = form.FirstName
+			user.LastName = form.LastName
 		}
 	}
 
-	affected, err := object.AddUser(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	affected := object.AddUser(user)
 	if !affected {
-		c.ResponseError(c.T("account:Failed to add user"), util.StructToJson(user))
+		c.ResponseError(c.T("account:Invalid information"), util.StructToJson(user))
 		return
 	}
 
-	err = object.AddUserToOriginalDatabase(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.AddUserToOriginalDatabase(user)
 
 	if application.HasPromptPage() {
 		// The prompt page needs the user to be signed in
 		c.SetSessionUsername(user.GetId())
 	}
 
-	err = object.DisableVerificationCode(authForm.Email)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	err = object.DisableVerificationCode(checkPhone)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	isSignupFromPricing := authForm.Plan != "" && authForm.Pricing != ""
-	if isSignupFromPricing {
-		_, err = object.Subscribe(organization.Name, user.Name, authForm.Plan, authForm.Pricing)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
+	object.DisableVerificationCode(form.Email)
+	object.DisableVerificationCode(checkPhone)
 
 	record := object.NewRecord(c.Ctx)
 	record.Organization = application.Organization
@@ -274,11 +262,7 @@ func (c *ApiController) Logout() {
 
 		c.ClearUserSession()
 		owner, username := util.GetOwnerAndNameFromId(user)
-		_, err := object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
 
 		util.LogInfo(c.Ctx, "API: [%s] logged out", user)
 
@@ -299,12 +283,7 @@ func (c *ApiController) Logout() {
 			return
 		}
 
-		affected, application, token, err := object.ExpireTokenByAccessToken(accessToken)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		affected, application, token := object.ExpireTokenByAccessToken(accessToken)
 		if !affected {
 			c.ResponseError(c.T("token:Token not found, invalid accessToken"))
 			return
@@ -324,12 +303,7 @@ func (c *ApiController) Logout() {
 			// TODO https://github.com/casdoor/casdoor/pull/1494#discussion_r1095675265
 			owner, username := util.GetOwnerAndNameFromId(user)
 
-			_, err := object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
+			object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
 			util.LogInfo(c.Ctx, "API: [%s] logged out", user)
 
 			c.Ctx.Redirect(http.StatusFound, fmt.Sprintf("%s?state=%s", strings.TrimRight(redirectUri, "/"), state))
@@ -347,7 +321,6 @@ func (c *ApiController) Logout() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /get-account [get]
 func (c *ApiController) GetAccount() {
-	var err error
 	user, ok := c.RequireSignedInUser()
 	if !ok {
 		return
@@ -355,40 +328,20 @@ func (c *ApiController) GetAccount() {
 
 	managedAccounts := c.Input().Get("managedAccounts")
 	if managedAccounts == "1" {
-		user, err = object.ExtendManagedAccountsWithUser(user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		user = object.ExtendManagedAccountsWithUser(user)
 	}
 
-	err = object.ExtendUserWithRolesAndPermissions(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.ExtendUserWithRolesAndPermissions(user)
 
 	user.Permissions = object.GetMaskedPermissions(user.Permissions)
 	user.Roles = object.GetMaskedRoles(user.Roles)
-	user.MultiFactorAuths = object.GetAllMfaProps(user, true)
-
-	organization, err := object.GetMaskedOrganization(object.GetOrganizationByUser(user))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	u, err := object.GetMaskedUser(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
 
+	organization := object.GetMaskedOrganization(object.GetOrganizationByUser(user))
 	resp := Response{
 		Status: "ok",
 		Sub:    user.Id,
 		Name:   user.Name,
-		Data:   u,
+		Data:   object.GetMaskedUser(user),
 		Data2:  organization,
 	}
 	c.Data["json"] = resp
@@ -416,43 +369,6 @@ func (c *ApiController) GetUserinfo() {
 	c.ServeJSON()
 }
 
-// GetUserinfo2
-// LaravelResponse
-// @Title UserInfo2
-// @Tag Account API
-// @Description return Laravel compatible user information according to OAuth 2.0
-// @Success 200 {object} LaravelResponse The Response object
-// @router /user [get]
-func (c *ApiController) GetUserinfo2() {
-	user, ok := c.RequireSignedInUser()
-	if !ok {
-		return
-	}
-
-	// this API is used by "Api URL" of Flarum's FoF Passport plugin
-	// https://github.com/FriendsOfFlarum/passport
-	type LaravelResponse struct {
-		Id              string `json:"id"`
-		Name            string `json:"name"`
-		Email           string `json:"email"`
-		EmailVerifiedAt string `json:"email_verified_at"`
-		CreatedAt       string `json:"created_at"`
-		UpdatedAt       string `json:"updated_at"`
-	}
-
-	response := LaravelResponse{
-		Id:              user.Id,
-		Name:            user.Name,
-		Email:           user.Email,
-		EmailVerifiedAt: user.CreatedTime,
-		CreatedAt:       user.CreatedTime,
-		UpdatedAt:       user.UpdatedTime,
-	}
-
-	c.Data["json"] = response
-	c.ServeJSON()
-}
-
 // GetCaptcha ...
 // @Tag Login API
 // @Title GetCaptcha
@@ -469,12 +385,7 @@ func (c *ApiController) GetCaptcha() {
 
 	if captchaProvider != nil {
 		if captchaProvider.Type == "Default" {
-			id, img, err := object.GetCaptcha()
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
+			id, img := object.GetCaptcha()
 			c.ResponseOk(Captcha{Type: captchaProvider.Type, CaptchaId: id, CaptchaImage: img})
 			return
 		} else if captchaProvider.Type != "" {

controllers/application.go

@@ -40,35 +40,21 @@ func (c *ApiController) GetApplications() {
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	organization := c.Input().Get("organization")
-	var err error
+
 	if limit == "" || page == "" {
 		var applications []*object.Application
 		if organization == "" {
-			applications, err = object.GetApplications(owner)
+			applications = object.GetApplications(owner)
 		} else {
-			applications, err = object.GetOrganizationApplications(owner, organization)
-		}
-
-		if err != nil {
-			panic(err)
+			applications = object.GetOrganizationApplications(owner, organization)
 		}
 
 		c.Data["json"] = object.GetMaskedApplications(applications, userId)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetApplicationCount(owner, field, value)
-		if err != nil {
-			panic(err)
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		app, err := object.GetPaginationApplications(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			panic(err)
-		}
-
-		applications := object.GetMaskedApplications(app, userId)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetApplicationCount(owner, field, value)))
+		applications := object.GetMaskedApplications(object.GetPaginationApplications(owner, paginator.Offset(), limit, field, value, sortField, sortOrder), userId)
 		c.ResponseOk(applications, paginator.Nums())
 	}
 }
@@ -83,12 +69,8 @@ func (c *ApiController) GetApplications() {
 func (c *ApiController) GetApplication() {
 	userId := c.GetSessionUsername()
 	id := c.Input().Get("id")
-	app, err := object.GetApplication(id)
-	if err != nil {
-		panic(err)
-	}
 
-	c.Data["json"] = object.GetMaskedApplication(app, userId)
+	c.Data["json"] = object.GetMaskedApplication(object.GetApplication(id), userId)
 	c.ServeJSON()
 }
 
@@ -102,22 +84,13 @@ func (c *ApiController) GetApplication() {
 func (c *ApiController) GetUserApplication() {
 	userId := c.GetSessionUsername()
 	id := c.Input().Get("id")
-	user, err := object.GetUser(id)
-	if err != nil {
-		panic(err)
-	}
-
+	user := object.GetUser(id)
 	if user == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), id))
 		return
 	}
 
-	app, err := object.GetApplicationByUser(user)
-	if err != nil {
-		panic(err)
-	}
-
-	c.Data["json"] = object.GetMaskedApplication(app, userId)
+	c.Data["json"] = object.GetMaskedApplication(object.GetApplicationByUser(user), userId)
 	c.ServeJSON()
 }
 
@@ -145,30 +118,14 @@ func (c *ApiController) GetOrganizationApplications() {
 	}
 
 	if limit == "" || page == "" {
-		applications, err := object.GetOrganizationApplications(owner, organization)
-		if err != nil {
-			panic(err)
-		}
-
+		var applications []*object.Application
+		applications = object.GetOrganizationApplications(owner, organization)
 		c.Data["json"] = object.GetMaskedApplications(applications, userId)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-
-		count, err := object.GetOrganizationApplicationCount(owner, organization, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		app, err := object.GetPaginationOrganizationApplications(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		applications := object.GetMaskedApplications(app, userId)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetOrganizationApplicationCount(owner, organization, field, value)))
+		applications := object.GetMaskedApplications(object.GetPaginationOrganizationApplications(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder), userId)
 		c.ResponseOk(applications, paginator.Nums())
 	}
 }
@@ -210,13 +167,8 @@ func (c *ApiController) AddApplication() {
 		return
 	}
 
-	count, err := object.GetApplicationCount("", "", "")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if err := checkQuotaForApplication(int(count)); err != nil {
+	count := object.GetApplicationCount("", "", "")
+	if err := checkQuotaForApplication(count); err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

controllers/auth.go

@@ -24,10 +24,10 @@ import (
 	"strconv"
 	"strings"
 	"sync"
+	"time"
 
 	"github.com/casdoor/casdoor/captcha"
 	"github.com/casdoor/casdoor/conf"
-	"github.com/casdoor/casdoor/form"
 	"github.com/casdoor/casdoor/idp"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/proxy"
@@ -56,7 +56,7 @@ func tokenToResponse(token *object.Token) *Response {
 }
 
 // HandleLoggedIn ...
-func (c *ApiController) HandleLoggedIn(application *object.Application, user *object.User, form *form.AuthForm) (resp *Response) {
+func (c *ApiController) HandleLoggedIn(application *object.Application, user *object.User, form *RequestForm) (resp *Response) {
 	userId := user.GetId()
 
 	allowed, err := object.CheckAccessPermission(userId, application)
@@ -69,12 +69,6 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		return
 	}
 
-	if form.Password != "" && user.IsMfaEnabled() {
-		c.setMfaSessionData(&object.MfaSessionData{UserId: userId})
-		resp = &Response{Status: object.NextMfa, Data: user.GetPreferredMfaProps(true)}
-		return
-	}
-
 	if form.Type == ResponseTypeLogin {
 		c.SetSessionUsername(userId)
 		util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
@@ -93,12 +87,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 			c.ResponseError(c.T("auth:Challenge method should be S256"))
 			return
 		}
-		code, err := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce, codeChallenge, c.Ctx.Request.Host, c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(err.Error(), nil)
-			return
-		}
-
+		code := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce, codeChallenge, c.Ctx.Request.Host, c.GetAcceptLanguage())
 		resp = codeToResponse(code)
 
 		if application.EnableSigninSession || application.HasPromptPage() {
@@ -143,20 +132,20 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 
 	// if user did not check auto signin
 	if resp.Status == "ok" && !form.AutoSignin {
-		c.setExpireForSession()
+		timestamp := time.Now().Unix()
+		timestamp += 3600 * 24
+		c.SetSessionData(&SessionData{
+			ExpireTime: timestamp,
+		})
 	}
 
-	if resp.Status == "ok" {
-		_, err = object.AddSession(&object.Session{
+	if resp.Status == "ok" && user.Owner == object.CasdoorOrganization && application.Name == object.CasdoorApplication {
+		object.AddSession(&object.Session{
 			Owner:       user.Owner,
 			Name:        user.Name,
 			Application: application.Name,
 			SessionId:   []string{c.Ctx.Input.CruSession.SessionID()},
 		})
-		if err != nil {
-			c.ResponseError(err.Error(), nil)
-			return
-		}
 	}
 
 	return resp
@@ -180,12 +169,7 @@ func (c *ApiController) GetApplicationLogin() {
 	scope := c.Input().Get("scope")
 	state := c.Input().Get("state")
 
-	msg, application, err := object.CheckOAuthLogin(clientId, responseType, redirectUri, scope, state, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	msg, application := object.CheckOAuthLogin(clientId, responseType, redirectUri, scope, state, c.GetAcceptLanguage())
 	application = object.GetMaskedApplication(application, "")
 	if msg != "" {
 		c.ResponseError(msg, application)
@@ -237,23 +221,23 @@ func isProxyProviderType(providerType string) bool {
 // @Param nonce     query    string  false nonce
 // @Param code_challenge_method   query    string  false code_challenge_method
 // @Param code_challenge          query    string  false code_challenge
-// @Param   form   body   controllers.AuthForm  true        "Login information"
+// @Param   form   body   controllers.RequestForm  true        "Login information"
 // @Success 200 {object} Response The Response object
 // @router /login [post]
 func (c *ApiController) Login() {
 	resp := &Response{}
 
-	var authForm form.AuthForm
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &authForm)
+	var form RequestForm
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &form)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	if authForm.Username != "" {
-		if authForm.Type == ResponseTypeLogin {
+	if form.Username != "" {
+		if form.Type == ResponseTypeLogin {
 			if c.GetSessionUsername() != "" {
-				c.ResponseError(c.T("account:Please sign out first"), c.GetSessionUsername())
+				c.ResponseError(c.T("account:Please sign out first before signing in"), c.GetSessionUsername())
 				return
 			}
 		}
@@ -261,136 +245,103 @@ func (c *ApiController) Login() {
 		var user *object.User
 		var msg string
 
-		if authForm.Password == "" {
-			if user, err = object.GetUserByFields(authForm.Organization, authForm.Username); err != nil {
-				c.ResponseError(err.Error(), nil)
-				return
-			} else if user == nil {
-				c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(authForm.Organization, authForm.Username)))
-				return
+		if form.Password == "" {
+			var verificationCodeType string
+			var checkResult string
+
+			if form.Name != "" {
+				user = object.GetUserByFields(form.Organization, form.Name)
 			}
 
-			verificationCodeType := object.GetVerifyType(authForm.Username)
+			// check result through Email or Phone
 			var checkDest string
-			if verificationCodeType == object.VerifyTypePhone {
-				authForm.CountryCode = user.GetCountryCode(authForm.CountryCode)
+			if strings.Contains(form.Username, "@") {
+				verificationCodeType = "email"
+				if user != nil && util.GetMaskedEmail(user.Email) == form.Username {
+					form.Username = user.Email
+				}
+				checkDest = form.Username
+			} else {
+				verificationCodeType = "phone"
+				if user != nil && util.GetMaskedPhone(user.Phone) == form.Username {
+					form.Username = user.Phone
+				}
+			}
+
+			if user = object.GetUserByFields(form.Organization, form.Username); user == nil {
+				c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(form.Organization, form.Username)))
+				return
+			}
+			if verificationCodeType == "phone" {
+				form.CountryCode = user.GetCountryCode(form.CountryCode)
 				var ok bool
-				if checkDest, ok = util.GetE164Number(authForm.Username, authForm.CountryCode); !ok {
-					c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), authForm.CountryCode))
+				if checkDest, ok = util.GetE164Number(form.Username, form.CountryCode); !ok {
+					c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), form.CountryCode))
 					return
 				}
 			}
 
-			// check result through Email or Phone
-			checkResult := object.CheckSigninCode(user, checkDest, authForm.Code, c.GetAcceptLanguage())
+			checkResult = object.CheckSigninCode(user, checkDest, form.Code, c.GetAcceptLanguage())
 			if len(checkResult) != 0 {
 				c.ResponseError(fmt.Sprintf("%s - %s", verificationCodeType, checkResult))
 				return
 			}
 
 			// disable the verification code
-			err := object.DisableVerificationCode(checkDest)
-			if err != nil {
-				c.ResponseError(err.Error(), nil)
-				return
-			}
+			object.DisableVerificationCode(checkDest)
 		} else {
-			application, err := object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
-			if err != nil {
-				c.ResponseError(err.Error(), nil)
-				return
-			}
-
+			application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
 			if application == nil {
-				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
+				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), form.Application))
 				return
 			}
 			if !application.EnablePassword {
 				c.ResponseError(c.T("auth:The login method: login with password is not enabled for the application"))
 				return
 			}
-			var enableCaptcha bool
-			if enableCaptcha, err = object.CheckToEnableCaptcha(application, authForm.Organization, authForm.Username); err != nil {
-				c.ResponseError(err.Error())
-				return
-			} else if enableCaptcha {
-				isHuman, err := captcha.VerifyCaptchaByCaptchaType(authForm.CaptchaType, authForm.CaptchaToken, authForm.ClientSecret)
+
+			if object.CheckToEnableCaptcha(application) {
+				isHuman, err := captcha.VerifyCaptchaByCaptchaType(form.CaptchaType, form.CaptchaToken, form.ClientSecret)
 				if err != nil {
 					c.ResponseError(err.Error())
 					return
 				}
 
 				if !isHuman {
-					c.ResponseError(c.T("verification:Turing test failed."))
+					c.ResponseError(c.T("auth:Turing test failed."))
 					return
 				}
 			}
 
-			password := authForm.Password
-			user, msg = object.CheckUserPassword(authForm.Organization, authForm.Username, password, c.GetAcceptLanguage(), enableCaptcha)
+			password := form.Password
+			user, msg = object.CheckUserPassword(form.Organization, form.Username, password, c.GetAcceptLanguage())
 		}
 
 		if msg != "" {
 			resp = &Response{Status: "error", Msg: msg}
 		} else {
-			application, err := object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
+			application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
 			if application == nil {
-				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
+				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), form.Application))
 				return
 			}
 
-			resp = c.HandleLoggedIn(application, user, &authForm)
-
-			organization, err := object.GetOrganizationByUser(user)
-			if err != nil {
-				c.ResponseError(err.Error())
-			}
-
-			if user != nil && organization.HasRequiredMfa() && !user.IsMfaEnabled() {
-				resp.Msg = object.RequiredMfa
-			}
+			resp = c.HandleLoggedIn(application, user, &form)
 
 			record := object.NewRecord(c.Ctx)
 			record.Organization = application.Organization
 			record.User = user.Name
 			util.SafeGoroutine(func() { object.AddRecord(record) })
 		}
-	} else if authForm.Provider != "" {
-		var application *object.Application
-		if authForm.ClientId != "" {
-			application, err = object.GetApplicationByClientId(authForm.ClientId)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-		} else {
-			application, err = object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-		}
-
+	} else if form.Provider != "" {
+		application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
 		if application == nil {
-			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
-			return
-		}
-		organization, err := object.GetOrganization(util.GetId("admin", application.Organization))
-		if err != nil {
-			c.ResponseError(c.T(err.Error()))
-		}
-
-		provider, err := object.GetProvider(util.GetId("admin", authForm.Provider))
-		if err != nil {
-			c.ResponseError(err.Error())
+			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), form.Application))
 			return
 		}
 
+		organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", application.Organization))
+		provider := object.GetProvider(util.GetId("admin", form.Provider))
 		providerItem := application.GetProviderItem(provider.Name)
 		if !providerItem.IsProviderVisible() {
 			c.ResponseError(fmt.Sprintf(c.T("auth:The provider: %s is not enabled for the application"), provider.Name))
@@ -400,7 +351,7 @@ func (c *ApiController) Login() {
 		userInfo := &idp.UserInfo{}
 		if provider.Category == "SAML" {
 			// SAML
-			userInfo.Id, err = object.ParseSamlResponse(authForm.SamlResponse, provider, c.Ctx.Request.Host)
+			userInfo.Id, err = object.ParseSamlResponse(form.SamlResponse, provider.Type)
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
@@ -415,21 +366,21 @@ func (c *ApiController) Login() {
 				clientSecret = provider.ClientSecret2
 			}
 
-			idProvider := idp.GetIdProvider(provider.Type, provider.SubType, clientId, clientSecret, provider.AppId, authForm.RedirectUri, provider.Domain, provider.CustomAuthUrl, provider.CustomTokenUrl, provider.CustomUserInfoUrl)
+			idProvider := idp.GetIdProvider(provider.Type, provider.SubType, clientId, clientSecret, provider.AppId, form.RedirectUri, provider.Domain, provider.CustomAuthUrl, provider.CustomTokenUrl, provider.CustomUserInfoUrl)
 			if idProvider == nil {
-				c.ResponseError(fmt.Sprintf(c.T("storage:The provider type: %s is not supported"), provider.Type))
+				c.ResponseError(fmt.Sprintf(c.T("auth:The provider type: %s is not supported"), provider.Type))
 				return
 			}
 
 			setHttpClient(idProvider, provider.Type)
 
-			if authForm.State != conf.GetConfigString("authState") && authForm.State != application.Name {
-				c.ResponseError(fmt.Sprintf(c.T("auth:State expected: %s, but got: %s"), conf.GetConfigString("authState"), authForm.State))
+			if form.State != conf.GetConfigString("authState") && form.State != application.Name {
+				c.ResponseError(fmt.Sprintf(c.T("auth:State expected: %s, but got: %s"), conf.GetConfigString("authState"), form.State))
 				return
 			}
 
 			// https://github.com/golang/oauth2/issues/123#issuecomment-103715338
-			token, err := idProvider.GetToken(authForm.Code)
+			token, err := idProvider.GetToken(form.Code)
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
@@ -447,30 +398,22 @@ func (c *ApiController) Login() {
 			}
 		}
 
-		if authForm.Method == "signup" {
+		if form.Method == "signup" {
 			user := &object.User{}
 			if provider.Category == "SAML" {
-				user, err = object.GetUser(util.GetId(application.Organization, userInfo.Id))
-				if err != nil {
-					c.ResponseError(err.Error())
-					return
-				}
+				user = object.GetUser(fmt.Sprintf("%s/%s", application.Organization, userInfo.Id))
 			} else if provider.Category == "OAuth" {
-				user, err = object.GetUserByField(application.Organization, provider.Type, userInfo.Id)
-				if err != nil {
-					c.ResponseError(err.Error())
-					return
-				}
+				user = object.GetUserByField(application.Organization, provider.Type, userInfo.Id)
 			}
 
 			if user != nil && !user.IsDeleted {
 				// Sign in via OAuth (want to sign up but already have account)
 
 				if user.IsForbidden {
-					c.ResponseError(c.T("check:The user is forbidden to sign in, please contact the administrator"))
+					c.ResponseError(c.T("auth:The user is forbidden to sign in, please contact the administrator"))
 				}
 
-				resp = c.HandleLoggedIn(application, user, &authForm)
+				resp = c.HandleLoggedIn(application, user, &form)
 
 				record := object.NewRecord(c.Ctx)
 				record.Organization = application.Organization
@@ -478,44 +421,24 @@ func (c *ApiController) Login() {
 				util.SafeGoroutine(func() { object.AddRecord(record) })
 			} else if provider.Category == "OAuth" {
 				// Sign up via OAuth
-				if application.EnableLinkWithEmail {
-					if userInfo.Email != "" {
-						// Find existing user with Email
-						user, err = object.GetUserByField(application.Organization, "email", userInfo.Email)
-						if err != nil {
-							c.ResponseError(err.Error())
-							return
-						}
-					}
+				if !application.EnableSignUp {
+					c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support"), provider.Type, userInfo.Username, userInfo.DisplayName))
+					return
+				}
 
-					if user == nil && userInfo.Phone != "" {
-						// Find existing user with phone number
-						user, err = object.GetUserByField(application.Organization, "phone", userInfo.Phone)
-						if err != nil {
-							c.ResponseError(err.Error())
-							return
-						}
-					}
+				if !providerItem.CanSignUp {
+					c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up"), provider.Type, userInfo.Username, userInfo.DisplayName, provider.Type))
+					return
+				}
+
+				if application.EnableLinkWithEmail {
+					// find user that has the same email
+					user = object.GetUserByField(application.Organization, "email", userInfo.Email)
 				}
 
 				if user == nil || user.IsDeleted {
-					if !application.EnableSignUp {
-						c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support"), provider.Type, userInfo.Username, userInfo.DisplayName))
-						return
-					}
-
-					if !providerItem.CanSignUp {
-						c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up"), provider.Type, userInfo.Username, userInfo.DisplayName, provider.Type))
-						return
-					}
-
 					// Handle username conflicts
-					tmpUser, err := object.GetUser(util.GetId(application.Organization, userInfo.Username))
-					if err != nil {
-						c.ResponseError(err.Error())
-						return
-					}
-
+					tmpUser := object.GetUser(fmt.Sprintf("%s/%s", application.Organization, userInfo.Username))
 					if tmpUser != nil {
 						uid, err := uuid.NewRandom()
 						if err != nil {
@@ -528,14 +451,8 @@ func (c *ApiController) Login() {
 					}
 
 					properties := map[string]string{}
-					count, err := object.GetUserCount(application.Organization, "", "", "")
-					if err != nil {
-						c.ResponseError(err.Error())
-						return
-					}
-
-					properties["no"] = strconv.Itoa(int(count + 2))
-					initScore, err := organization.GetInitScore()
+					properties["no"] = strconv.Itoa(object.GetUserCount(application.Organization, "", "") + 2)
+					initScore, err := getInitScore(organization)
 					if err != nil {
 						c.ResponseError(fmt.Errorf(c.T("account:Get init score failed, error: %w"), err).Error())
 						return
@@ -551,9 +468,6 @@ func (c *ApiController) Login() {
 						Avatar:            userInfo.AvatarUrl,
 						Address:           []string{},
 						Email:             userInfo.Email,
-						Phone:             userInfo.Phone,
-						CountryCode:       userInfo.CountryCode,
-						Region:            userInfo.CountryCode,
 						Score:             initScore,
 						IsAdmin:           false,
 						IsGlobalAdmin:     false,
@@ -563,12 +477,7 @@ func (c *ApiController) Login() {
 						Properties:        properties,
 					}
 
-					affected, err := object.AddUser(user)
-					if err != nil {
-						c.ResponseError(err.Error())
-						return
-					}
-
+					affected := object.AddUser(user)
 					if !affected {
 						c.ResponseError(fmt.Sprintf(c.T("auth:Failed to create user, user information is invalid: %s"), util.StructToJson(user)))
 						return
@@ -576,19 +485,10 @@ func (c *ApiController) Login() {
 				}
 
 				// sync info from 3rd-party if possible
-				_, err := object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
-				if err != nil {
-					c.ResponseError(err.Error())
-					return
-				}
+				object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
+				object.LinkUserAccount(user, provider.Type, userInfo.Id)
 
-				_, err = object.LinkUserAccount(user, provider.Type, userInfo.Id)
-				if err != nil {
-					c.ResponseError(err.Error())
-					return
-				}
-
-				resp = c.HandleLoggedIn(application, user, &authForm)
+				resp = c.HandleLoggedIn(application, user, &form)
 
 				record := object.NewRecord(c.Ctx)
 				record.Organization = application.Organization
@@ -604,118 +504,49 @@ func (c *ApiController) Login() {
 				resp = &Response{Status: "error", Msg: fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(application.Organization, userInfo.Id))}
 			}
 			// resp = &Response{Status: "ok", Msg: "", Data: res}
-		} else { // authForm.Method != "signup"
+		} else { // form.Method != "signup"
 			userId := c.GetSessionUsername()
 			if userId == "" {
 				c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(application.Organization, userInfo.Id)), userInfo)
 				return
 			}
 
-			oldUser, err := object.GetUserByField(application.Organization, provider.Type, userInfo.Id)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
+			oldUser := object.GetUserByField(application.Organization, provider.Type, userInfo.Id)
 			if oldUser != nil {
 				c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)"), provider.Type, userInfo.Username, userInfo.DisplayName, oldUser.Name, oldUser.DisplayName))
 				return
 			}
 
-			user, err := object.GetUser(userId)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
+			user := object.GetUser(userId)
 
 			// sync info from 3rd-party if possible
-			_, err = object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			isLinked, err := object.LinkUserAccount(user, provider.Type, userInfo.Id)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
+			object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
 
+			isLinked := object.LinkUserAccount(user, provider.Type, userInfo.Id)
 			if isLinked {
 				resp = &Response{Status: "ok", Msg: "", Data: isLinked}
 			} else {
 				resp = &Response{Status: "error", Msg: "Failed to link user account", Data: isLinked}
 			}
 		}
-	} else if c.getMfaSessionData() != nil {
-		mfaSession := c.getMfaSessionData()
-		user, err := object.GetUser(mfaSession.UserId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if authForm.Passcode != "" {
-			mfaUtil := object.GetMfaUtil(authForm.MfaType, user.GetPreferredMfaProps(false))
-			if mfaUtil == nil {
-				c.ResponseError("Invalid multi-factor authentication type")
-				return
-			}
-
-			err = mfaUtil.Verify(authForm.Passcode)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-		}
-		if authForm.RecoveryCode != "" {
-			err = object.MfaRecover(user, authForm.RecoveryCode)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-		}
-
-		application, err := object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if application == nil {
-			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
-			return
-		}
-
-		resp = c.HandleLoggedIn(application, user, &authForm)
-
-		record := object.NewRecord(c.Ctx)
-		record.Organization = application.Organization
-		record.User = user.Name
-		util.SafeGoroutine(func() { object.AddRecord(record) })
 	} else {
 		if c.GetSessionUsername() != "" {
 			// user already signed in to Casdoor, so let the user click the avatar button to do the quick sign-in
-			application, err := object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
+			application := object.GetApplication(fmt.Sprintf("admin/%s", form.Application))
 			if application == nil {
-				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
+				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), form.Application))
 				return
 			}
 
 			user := c.getCurrentUser()
-			resp = c.HandleLoggedIn(application, user, &authForm)
+			resp = c.HandleLoggedIn(application, user, &form)
 
 			record := object.NewRecord(c.Ctx)
 			record.Organization = application.Organization
 			record.User = user.Name
 			util.SafeGoroutine(func() { object.AddRecord(record) })
 		} else {
-			c.ResponseError(fmt.Sprintf(c.T("auth:Unknown authentication type (not password or provider), form = %s"), util.StructToJson(authForm)))
+			c.ResponseError(fmt.Sprintf(c.T("auth:Unknown authentication type (not password or provider), form = %s"), util.StructToJson(form)))
 			return
 		}
 	}
@@ -727,7 +558,7 @@ func (c *ApiController) Login() {
 func (c *ApiController) GetSamlLogin() {
 	providerId := c.Input().Get("id")
 	relayState := c.Input().Get("relayState")
-	authURL, method, err := object.GenerateSamlRequest(providerId, relayState, c.Ctx.Request.Host, c.GetAcceptLanguage())
+	authURL, method, err := object.GenerateSamlLoginUrl(providerId, relayState, c.GetAcceptLanguage())
 	if err != nil {
 		c.ResponseError(err.Error())
 	}
@@ -756,9 +587,8 @@ func (c *ApiController) HandleSamlLogin() {
 func (c *ApiController) HandleOfficialAccountEvent() {
 	respBytes, err := ioutil.ReadAll(c.Ctx.Request.Body)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 	}
-
 	var data struct {
 		MsgType  string `xml:"MsgType"`
 		Event    string `xml:"Event"`
@@ -766,9 +596,8 @@ func (c *ApiController) HandleOfficialAccountEvent() {
 	}
 	err = xml.Unmarshal(respBytes, &data)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
 	}
-
 	lock.Lock()
 	defer lock.Unlock()
 	if data.EventKey != "" {
@@ -793,26 +622,3 @@ func (c *ApiController) GetWebhookEventType() {
 	wechatScanType = ""
 	c.ServeJSON()
 }
-
-// GetCaptchaStatus
-// @Title GetCaptchaStatus
-// @Tag Token API
-// @Description Get Login Error Counts
-// @Param   id     query    string  true        "The id ( owner/name ) of user"
-// @Success 200 {object} controllers.Response The Response object
-// @router /api/get-captcha-status [get]
-func (c *ApiController) GetCaptchaStatus() {
-	organization := c.Input().Get("organization")
-	userId := c.Input().Get("user_id")
-	user, err := object.GetUserByFields(organization, userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	var captchaEnabled bool
-	if user != nil && user.SigninWrongTimes >= object.SigninWrongTimesLimit {
-		captchaEnabled = true
-	}
-	c.ResponseOk(captchaEnabled)
-}

controllers/base.go

@@ -41,48 +41,18 @@ type SessionData struct {
 }
 
 func (c *ApiController) IsGlobalAdmin() bool {
-	isGlobalAdmin, _ := c.isGlobalAdmin()
-
-	return isGlobalAdmin
-}
-
-func (c *ApiController) IsAdmin() bool {
-	isGlobalAdmin, user := c.isGlobalAdmin()
-	if !isGlobalAdmin && user == nil {
-		return false
-	}
-
-	return isGlobalAdmin || user.IsAdmin
-}
-
-func (c *ApiController) isGlobalAdmin() (bool, *object.User) {
 	username := c.GetSessionUsername()
 	if strings.HasPrefix(username, "app/") {
 		// e.g., "app/app-casnode"
-		return true, nil
+		return true
 	}
 
-	user := c.getCurrentUser()
+	user := object.GetUser(username)
 	if user == nil {
-		return false, nil
+		return false
 	}
 
-	return user.Owner == "built-in" || user.IsGlobalAdmin, user
-}
-
-func (c *ApiController) getCurrentUser() *object.User {
-	var user *object.User
-	var err error
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		user = nil
-	} else {
-		user, err = object.GetUser(userId)
-		if err != nil {
-			panic(err)
-		}
-	}
-	return user
+	return user.Owner == "built-in" || user.IsGlobalAdmin
 }
 
 // GetSessionUsername ...
@@ -110,11 +80,7 @@ func (c *ApiController) GetSessionApplication() *object.Application {
 	if clientId == nil {
 		return nil
 	}
-	application, err := object.GetApplicationByClientId(clientId.(string))
-	if err != nil {
-		panic(err)
-	}
-
+	application := object.GetApplicationByClientId(clientId.(string))
 	return application
 }
 
@@ -176,38 +142,8 @@ func (c *ApiController) SetSessionData(s *SessionData) {
 	c.SetSession("SessionData", util.StructToJson(s))
 }
 
-func (c *ApiController) setMfaSessionData(data *object.MfaSessionData) {
-	if data == nil {
-		c.SetSession(object.MfaSessionUserId, nil)
-		return
-	}
-	c.SetSession(object.MfaSessionUserId, data.UserId)
-}
-
-func (c *ApiController) getMfaSessionData() *object.MfaSessionData {
-	userId := c.GetSession(object.MfaSessionUserId)
-	if userId == nil {
-		return nil
-	}
-
-	data := &object.MfaSessionData{
-		UserId: userId.(string),
-	}
-	return data
-}
-
-func (c *ApiController) setExpireForSession() {
-	timestamp := time.Now().Unix()
-	timestamp += 3600 * 24
-	c.SetSessionData(&SessionData{
-		ExpireTime: timestamp,
-	})
-}
-
-func wrapActionResponse(affected bool, e ...error) *Response {
-	if len(e) != 0 && e[0] != nil {
-		return &Response{Status: "error", Msg: e[0].Error()}
-	} else if affected {
+func wrapActionResponse(affected bool) *Response {
+	if affected {
 		return &Response{Status: "ok", Msg: "", Data: "Affected"}
 	} else {
 		return &Response{Status: "ok", Msg: "", Data: "Unaffected"}
@@ -221,14 +157,3 @@ func wrapErrorResponse(err error) *Response {
 		return &Response{Status: "error", Msg: err.Error()}
 	}
 }
-
-func (c *ApiController) Finish() {
-	if strings.HasPrefix(c.Ctx.Input.URL(), "/api") {
-		startTime := c.Ctx.Input.GetData("startTime")
-		if startTime != nil {
-			latency := time.Since(startTime.(time.Time)).Milliseconds()
-			object.ApiLatency.WithLabelValues(c.Ctx.Input.URL(), c.Ctx.Input.Method()).Observe(float64(latency))
-		}
-	}
-	c.Controller.Finish()
-}

controllers/cas.go

@@ -72,11 +72,6 @@ func (c *RootController) CasProxyValidate() {
 	c.CasP3ServiceAndProxyValidate()
 }
 
-func queryUnescape(service string) string {
-	s, _ := url.QueryUnescape(service)
-	return s
-}
-
 func (c *RootController) CasP3ServiceAndProxyValidate() {
 	ticket := c.Input().Get("ticket")
 	format := c.Input().Get("format")
@@ -96,7 +91,7 @@ func (c *RootController) CasP3ServiceAndProxyValidate() {
 	// find the token
 	if ok {
 		// check whether service is the one for which we previously issued token
-		if strings.HasPrefix(service, issuedService) || strings.HasPrefix(queryUnescape(service), issuedService) {
+		if strings.HasPrefix(service, issuedService) {
 			serviceResponse.Success = response
 		} else {
 			// service not match

controllers/casbin_adapter.go

@@ -23,13 +23,6 @@ import (
 	xormadapter "github.com/casdoor/xorm-adapter/v3"
 )
 
-// GetCasbinAdapters
-// @Title GetCasbinAdapters
-// @Tag Adapter API
-// @Description get adapters
-// @Param   owner     query    string  true        "The owner of adapters"
-// @Success 200 {array} object.Adapter The Response object
-// @router /get-adapters [get]
 func (c *ApiController) GetCasbinAdapters() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
@@ -38,61 +31,23 @@ func (c *ApiController) GetCasbinAdapters() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		adapters, err := object.GetCasbinAdapters(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		adapters := object.GetCasbinAdapters(owner)
 		c.ResponseOk(adapters)
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetCasbinAdapterCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		adapters, err := object.GetPaginationCasbinAdapters(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetCasbinAdapterCount(owner, field, value)))
+		adapters := object.GetPaginationCasbinAdapters(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(adapters, paginator.Nums())
 	}
 }
 
-// GetCasbinAdapter
-// @Title GetCasbinAdapter
-// @Tag Adapter API
-// @Description get adapter
-// @Param   id     query    string  true        "The id ( owner/name ) of the adapter"
-// @Success 200 {object} object.Adapter The Response object
-// @router /get-adapter [get]
 func (c *ApiController) GetCasbinAdapter() {
 	id := c.Input().Get("id")
-
-	adapter, err := object.GetCasbinAdapter(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	adapter := object.GetCasbinAdapter(id)
 	c.ResponseOk(adapter)
 }
 
-// UpdateCasbinAdapter
-// @Title UpdateCasbinAdapter
-// @Tag Adapter API
-// @Description update adapter
-// @Param   id     query    string  true        "The id ( owner/name ) of the adapter"
-// @Param   body    body   object.Adapter  true        "The details of the adapter"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-adapter [post]
 func (c *ApiController) UpdateCasbinAdapter() {
 	id := c.Input().Get("id")
 
@@ -107,13 +62,6 @@ func (c *ApiController) UpdateCasbinAdapter() {
 	c.ServeJSON()
 }
 
-// AddCasbinAdapter
-// @Title AddCasbinAdapter
-// @Tag Adapter API
-// @Description add adapter
-// @Param   body    body   object.Adapter  true        "The details of the adapter"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-adapter [post]
 func (c *ApiController) AddCasbinAdapter() {
 	var casbinAdapter object.CasbinAdapter
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &casbinAdapter)
@@ -126,13 +74,6 @@ func (c *ApiController) AddCasbinAdapter() {
 	c.ServeJSON()
 }
 
-// DeleteCasbinAdapter
-// @Title DeleteCasbinAdapter
-// @Tag Adapter API
-// @Description delete adapter
-// @Param   body    body   object.Adapter  true        "The details of the adapter"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-adapter [post]
 func (c *ApiController) DeleteCasbinAdapter() {
 	var casbinAdapter object.CasbinAdapter
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &casbinAdapter)
@@ -147,11 +88,7 @@ func (c *ApiController) DeleteCasbinAdapter() {
 
 func (c *ApiController) SyncPolicies() {
 	id := c.Input().Get("id")
-	adapter, err := object.GetCasbinAdapter(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	adapter := object.GetCasbinAdapter(id)
 
 	policies, err := object.SyncPolicies(adapter)
 	if err != nil {
@@ -164,14 +101,9 @@ func (c *ApiController) SyncPolicies() {
 
 func (c *ApiController) UpdatePolicy() {
 	id := c.Input().Get("id")
-	adapter, err := object.GetCasbinAdapter(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	adapter := object.GetCasbinAdapter(id)
 	var policies []xormadapter.CasbinRule
-	err = json.Unmarshal(c.Ctx.Input.RequestBody, &policies)
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policies)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -188,14 +120,9 @@ func (c *ApiController) UpdatePolicy() {
 
 func (c *ApiController) AddPolicy() {
 	id := c.Input().Get("id")
-	adapter, err := object.GetCasbinAdapter(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	adapter := object.GetCasbinAdapter(id)
 	var policy xormadapter.CasbinRule
-	err = json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -212,14 +139,9 @@ func (c *ApiController) AddPolicy() {
 
 func (c *ApiController) RemovePolicy() {
 	id := c.Input().Get("id")
-	adapter, err := object.GetCasbinAdapter(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	adapter := object.GetCasbinAdapter(id)
 	var policy xormadapter.CasbinRule
-	err = json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return

controllers/cert.go

@@ -37,67 +37,13 @@ func (c *ApiController) GetCerts() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		maskedCerts, err := object.GetMaskedCerts(object.GetCerts(owner))
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = maskedCerts
+		c.Data["json"] = object.GetMaskedCerts(object.GetCerts(owner))
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetCertCount(owner, field, value)
-		if err != nil {
-			panic(err)
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		certs, err := object.GetMaskedCerts(object.GetPaginationCerts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
-		if err != nil {
-			panic(err)
-		}
-
-		c.ResponseOk(certs, paginator.Nums())
-	}
-}
-
-// GetGlobleCerts
-// @Title GetGlobleCerts
-// @Tag Cert API
-// @Description get globle certs
-// @Success 200 {array} object.Cert The Response object
-// @router /get-globle-certs [get]
-func (c *ApiController) GetGlobleCerts() {
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		maskedCerts, err := object.GetMaskedCerts(object.GetGlobleCerts())
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = maskedCerts
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetGlobalCertsCount(field, value)
-		if err != nil {
-			panic(err)
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		certs, err := object.GetMaskedCerts(object.GetPaginationGlobalCerts(paginator.Offset(), limit, field, value, sortField, sortOrder))
-		if err != nil {
-			panic(err)
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetCertCount(owner, field, value)))
+		certs := object.GetMaskedCerts(object.GetPaginationCerts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
 		c.ResponseOk(certs, paginator.Nums())
 	}
 }
@@ -111,12 +57,8 @@ func (c *ApiController) GetGlobleCerts() {
 // @router /get-cert [get]
 func (c *ApiController) GetCert() {
 	id := c.Input().Get("id")
-	cert, err := object.GetCert(id)
-	if err != nil {
-		panic(err)
-	}
 
-	c.Data["json"] = object.GetMaskedCert(cert)
+	c.Data["json"] = object.GetMaskedCert(object.GetCert(id))
 	c.ServeJSON()
 }
 

controllers/chat.go

@@ -1,145 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetChats
-// @Title GetChats
-// @Tag Chat API
-// @Description get chats
-// @Param   owner     query    string  true        "The owner of chats"
-// @Success 200 {array} object.Chat The Response object
-// @router /get-chats [get]
-func (c *ApiController) GetChats() {
-	owner := "admin"
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		maskedChats, err := object.GetMaskedChats(object.GetChats(owner))
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = maskedChats
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetChatCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		chats, err := object.GetMaskedChats(object.GetPaginationChats(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(chats, paginator.Nums())
-	}
-}
-
-// GetChat
-// @Title GetChat
-// @Tag Chat API
-// @Description get chat
-// @Param   id     query    string  true        "The id ( owner/name ) of the chat"
-// @Success 200 {object} object.Chat The Response object
-// @router /get-chat [get]
-func (c *ApiController) GetChat() {
-	id := c.Input().Get("id")
-
-	maskedChat, err := object.GetMaskedChat(object.GetChat(id))
-	if err != nil {
-		panic(err)
-	}
-
-	c.Data["json"] = maskedChat
-	c.ServeJSON()
-}
-
-// UpdateChat
-// @Title UpdateChat
-// @Tag Chat API
-// @Description update chat
-// @Param   id     query    string  true        "The id ( owner/name ) of the chat"
-// @Param   body    body   object.Chat  true        "The details of the chat"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-chat [post]
-func (c *ApiController) UpdateChat() {
-	id := c.Input().Get("id")
-
-	var chat object.Chat
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &chat)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateChat(id, &chat))
-	c.ServeJSON()
-}
-
-// AddChat
-// @Title AddChat
-// @Tag Chat API
-// @Description add chat
-// @Param   body    body   object.Chat  true        "The details of the chat"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-chat [post]
-func (c *ApiController) AddChat() {
-	var chat object.Chat
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &chat)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddChat(&chat))
-	c.ServeJSON()
-}
-
-// DeleteChat
-// @Title DeleteChat
-// @Tag Chat API
-// @Description delete chat
-// @Param   body    body   object.Chat  true        "The details of the chat"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-chat [post]
-func (c *ApiController) DeleteChat() {
-	var chat object.Chat
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &chat)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteChat(&chat))
-	c.ServeJSON()
-}

controllers/enforcer.go

@@ -18,181 +18,30 @@ import (
 	"encoding/json"
 
 	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
 )
 
-// Enforce
-// @Title Enforce
-// @Tag Enforce API
-// @Description Call Casbin Enforce API
-// @Param   body    body   object.CasbinRequest  true   "Casbin request"
-// @Param   permissionId    query   string  false   "permission id"
-// @Param   modelId    query   string  false   "model id"
-// @Param   resourceId    query   string  false   "resource id"
-// @Success 200 {object} controllers.Response The Response object
-// @router /enforce [post]
 func (c *ApiController) Enforce() {
-	permissionId := c.Input().Get("permissionId")
-	modelId := c.Input().Get("modelId")
-	resourceId := c.Input().Get("resourceId")
-
-	var request object.CasbinRequest
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &request)
+	var permissionRule object.PermissionRule
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permissionRule)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	if permissionId != "" {
-		permission, err := object.GetPermission(permissionId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res := []bool{}
-
-		if permission == nil {
-			res = append(res, false)
-		} else {
-			enforceResult, err := object.Enforce(permission, &request)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			res = append(res, enforceResult)
-		}
-
-		c.ResponseOk(res)
-		return
-	}
-
-	permissions := []*object.Permission{}
-	if modelId != "" {
-		owner, modelName := util.GetOwnerAndNameFromId(modelId)
-		permissions, err = object.GetPermissionsByModel(owner, modelName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else if resourceId != "" {
-		permissions, err = object.GetPermissionsByResource(resourceId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	res := []bool{}
-
-	listPermissionIdMap := object.GroupPermissionsByModelAdapter(permissions)
-	for _, permissionIds := range listPermissionIdMap {
-		firstPermission, err := object.GetPermission(permissionIds[0])
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		enforceResult, err := object.Enforce(firstPermission, &request, permissionIds...)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res = append(res, enforceResult)
-	}
-
-	c.ResponseOk(res)
+	c.Data["json"] = object.Enforce(&permissionRule)
+	c.ServeJSON()
 }
 
-// BatchEnforce
-// @Title BatchEnforce
-// @Tag Enforce API
-// @Description Call Casbin BatchEnforce API
-// @Param   body    body   object.CasbinRequest  true   "array of casbin requests"
-// @Param   permissionId    query   string  false   "permission id"
-// @Param   modelId    query   string  false   "model id"
-// @Success 200 {object} controllers.Response The Response object
-// @router /batch-enforce [post]
 func (c *ApiController) BatchEnforce() {
-	permissionId := c.Input().Get("permissionId")
-	modelId := c.Input().Get("modelId")
-
-	var requests []object.CasbinRequest
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &requests)
+	var permissionRules []object.PermissionRule
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &permissionRules)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	if permissionId != "" {
-		permission, err := object.GetPermission(permissionId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res := [][]bool{}
-
-		if permission == nil {
-			l := len(requests)
-			resRequest := make([]bool, l)
-			for i := 0; i < l; i++ {
-				resRequest[i] = false
-			}
-
-			res = append(res, resRequest)
-		} else {
-			enforceResult, err := object.BatchEnforce(permission, &requests)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			res = append(res, enforceResult)
-		}
-
-		c.ResponseOk(res)
-		return
-	}
-
-	permissions := []*object.Permission{}
-	if modelId != "" {
-		owner, modelName := util.GetOwnerAndNameFromId(modelId)
-		permissions, err = object.GetPermissionsByModel(owner, modelName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	res := [][]bool{}
-
-	listPermissionIdMap := object.GroupPermissionsByModelAdapter(permissions)
-	for _, permissionIds := range listPermissionIdMap {
-		firstPermission, err := object.GetPermission(permissionIds[0])
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		enforceResult, err := object.BatchEnforce(firstPermission, &requests, permissionIds...)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res = append(res, enforceResult)
-	}
-
-	c.ResponseOk(res)
+	c.Data["json"] = object.BatchEnforce(permissionRules)
+	c.ServeJSON()
 }
 
 func (c *ApiController) GetAllObjects() {
@@ -202,7 +51,8 @@ func (c *ApiController) GetAllObjects() {
 		return
 	}
 
-	c.ResponseOk(object.GetAllObjects(userId))
+	c.Data["json"] = object.GetAllObjects(userId)
+	c.ServeJSON()
 }
 
 func (c *ApiController) GetAllActions() {
@@ -212,7 +62,8 @@ func (c *ApiController) GetAllActions() {
 		return
 	}
 
-	c.ResponseOk(object.GetAllActions(userId))
+	c.Data["json"] = object.GetAllActions(userId)
+	c.ServeJSON()
 }
 
 func (c *ApiController) GetAllRoles() {
@@ -222,5 +73,6 @@ func (c *ApiController) GetAllRoles() {
 		return
 	}
 
-	c.ResponseOk(object.GetAllRoles(userId))
+	c.Data["json"] = object.GetAllRoles(userId)
+	c.ServeJSON()
 }

controllers/group.go

@@ -1,148 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetGroups
-// @Title GetGroups
-// @Tag Group API
-// @Description get groups
-// @Param   owner     query    string  true        "The owner of groups"
-// @Success 200 {array} object.Group The Response object
-// @router /get-groups [get]
-func (c *ApiController) GetGroups() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	withTree := c.Input().Get("withTree")
-
-	if limit == "" || page == "" {
-		groups, err := object.GetGroups(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		} else {
-			if withTree == "true" {
-				c.ResponseOk(object.ConvertToTreeData(groups, owner))
-				return
-			}
-			c.ResponseOk(groups)
-		}
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetGroupCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		groups, err := object.GetPaginationGroups(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		} else {
-			c.ResponseOk(groups, paginator.Nums())
-		}
-	}
-}
-
-// GetGroup
-// @Title GetGroup
-// @Tag Group API
-// @Description get group
-// @Param   id     query    string  true        "The id ( owner/name ) of the group"
-// @Success 200 {object} object.Group The Response object
-// @router /get-group [get]
-func (c *ApiController) GetGroup() {
-	id := c.Input().Get("id")
-
-	group, err := object.GetGroup(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-	} else {
-		c.ResponseOk(group)
-	}
-}
-
-// UpdateGroup
-// @Title UpdateGroup
-// @Tag Group API
-// @Description update group
-// @Param   id     query    string  true        "The id ( owner/name ) of the group"
-// @Param   body    body   object.Group  true        "The details of the group"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-group [post]
-func (c *ApiController) UpdateGroup() {
-	id := c.Input().Get("id")
-
-	var group object.Group
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &group)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateGroup(id, &group))
-	c.ServeJSON()
-}
-
-// AddGroup
-// @Title AddGroup
-// @Tag Group API
-// @Description add group
-// @Param   body    body   object.Group  true      "The details of the group"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-group [post]
-func (c *ApiController) AddGroup() {
-	var group object.Group
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &group)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddGroup(&group))
-	c.ServeJSON()
-}
-
-// DeleteGroup
-// @Title DeleteGroup
-// @Tag Group API
-// @Description delete group
-// @Param   body    body   object.Group  true        "The details of the group"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-group [post]
-func (c *ApiController) DeleteGroup() {
-	var group object.Group
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &group)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteGroup(&group))
-	c.ServeJSON()
-}

controllers/ldap.go

@@ -23,8 +23,7 @@ import (
 
 type LdapResp struct {
 	// Groups []LdapRespGroup `json:"groups"`
-	Users      []object.LdapUser `json:"users"`
-	ExistUuids []string          `json:"existUuids"`
+	Users []object.LdapRespUser `json:"users"`
 }
 
 //type LdapRespGroup struct {
@@ -33,8 +32,8 @@ type LdapResp struct {
 //}
 
 type LdapSyncResp struct {
-	Exist  []object.LdapUser `json:"exist"`
-	Failed []object.LdapUser `json:"failed"`
+	Exist  []object.LdapRespUser `json:"exist"`
+	Failed []object.LdapRespUser `json:"failed"`
 }
 
 // GetLdapUsers
@@ -45,11 +44,7 @@ func (c *ApiController) GetLdapUsers() {
 	id := c.Input().Get("id")
 
 	_, ldapId := util.GetOwnerAndNameFromId(id)
-	ldapServer, err := object.GetLdap(ldapId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	ldapServer := object.GetLdap(ldapId)
 
 	conn, err := ldapServer.GetLdapConn()
 	if err != nil {
@@ -70,27 +65,32 @@ func (c *ApiController) GetLdapUsers() {
 	//	})
 	//}
 
-	users, err := conn.GetLdapUsers(ldapServer)
+	users, err := conn.GetLdapUsers(ldapServer.BaseDn)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
+	var resp LdapResp
 	uuids := make([]string, len(users))
-	for i, user := range users {
-		uuids[i] = user.GetLdapUuid()
-	}
-	existUuids, err := object.GetExistUuids(ldapServer.Owner, uuids)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
+	for _, user := range users {
+		resp.Users = append(resp.Users, object.LdapRespUser{
+			UidNumber: user.UidNumber,
+			Uid:       user.Uid,
+			Cn:        user.Cn,
+			GroupId:   user.GidNumber,
+			// GroupName: groupsMap[user.GidNumber].Cn,
+			Uuid:    user.Uuid,
+			Email:   util.GetMaxLenStr(user.Mail, user.Email, user.EmailAddress),
+			Phone:   util.GetMaxLenStr(user.TelephoneNumber, user.Mobile, user.MobileTelephoneNumber),
+			Address: util.GetMaxLenStr(user.RegisteredAddress, user.PostalAddress),
+		})
+		uuids = append(uuids, user.Uuid)
 	}
 
-	resp := LdapResp{
-		Users:      object.AutoAdjustLdapUser(users),
-		ExistUuids: existUuids,
-	}
-	c.ResponseOk(resp)
+	existUuids := object.CheckLdapUuidExist(ldapServer.Owner, uuids)
+
+	c.ResponseOk(resp, existUuids)
 }
 
 // GetLdaps
@@ -131,28 +131,22 @@ func (c *ApiController) AddLdap() {
 		return
 	}
 
-	if util.IsStringsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Username, ldap.Password, ldap.BaseDn) {
+	if util.IsStringsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Admin, ldap.Passwd, ldap.BaseDn) {
 		c.ResponseError(c.T("general:Missing parameter"))
 		return
 	}
 
-	if ok, err := object.CheckLdapExist(&ldap); err != nil {
-		c.ResponseError(err.Error())
-		return
-	} else if ok {
+	if object.CheckLdapExist(&ldap) {
 		c.ResponseError(c.T("ldap:Ldap server exist"))
 		return
 	}
 
-	resp := wrapActionResponse(object.AddLdap(&ldap))
+	affected := object.AddLdap(&ldap)
+	resp := wrapActionResponse(affected)
 	resp.Data2 = ldap
 
 	if ldap.AutoSync != 0 {
-		err = object.GetLdapAutoSynchronizer().StartAutoSync(ldap.Id)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		object.GetLdapAutoSynchronizer().StartAutoSync(ldap.Id)
 	}
 
 	c.Data["json"] = resp
@@ -166,29 +160,16 @@ func (c *ApiController) AddLdap() {
 func (c *ApiController) UpdateLdap() {
 	var ldap object.Ldap
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &ldap)
-	if err != nil || util.IsStringsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Username, ldap.Password, ldap.BaseDn) {
+	if err != nil || util.IsStringsEmpty(ldap.Owner, ldap.ServerName, ldap.Host, ldap.Admin, ldap.Passwd, ldap.BaseDn) {
 		c.ResponseError(c.T("general:Missing parameter"))
 		return
 	}
 
-	prevLdap, err := object.GetLdap(ldap.Id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.UpdateLdap(&ldap)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	prevLdap := object.GetLdap(ldap.Id)
+	affected := object.UpdateLdap(&ldap)
 
 	if ldap.AutoSync != 0 {
-		err := object.GetLdapAutoSynchronizer().StartAutoSync(ldap.Id)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		object.GetLdapAutoSynchronizer().StartAutoSync(ldap.Id)
 	} else if ldap.AutoSync == 0 && prevLdap.AutoSync != 0 {
 		object.GetLdapAutoSynchronizer().StopAutoSync(ldap.Id)
 	}
@@ -209,11 +190,7 @@ func (c *ApiController) DeleteLdap() {
 		return
 	}
 
-	affected, err := object.DeleteLdap(&ldap)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	affected := object.DeleteLdap(&ldap)
 
 	object.GetLdapAutoSynchronizer().StopAutoSync(ldap.Id)
 
@@ -228,23 +205,19 @@ func (c *ApiController) DeleteLdap() {
 func (c *ApiController) SyncLdapUsers() {
 	owner := c.Input().Get("owner")
 	ldapId := c.Input().Get("ldapId")
-	var users []object.LdapUser
+	var users []object.LdapRespUser
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &users)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	err = object.UpdateLdapSyncTime(ldapId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.UpdateLdapSyncTime(ldapId)
 
-	exist, failed, _ := object.SyncLdapUsers(owner, users, ldapId)
+	exist, failed := object.SyncLdapUsers(owner, users, ldapId)
 
 	c.ResponseOk(&LdapSyncResp{
-		Exist:  exist,
-		Failed: failed,
+		Exist:  *exist,
+		Failed: *failed,
 	})
 }

controllers/ldapserver.go

@@ -0,0 +1,138 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"fmt"
+	"log"
+
+	"github.com/casdoor/casdoor/conf"
+	"github.com/casdoor/casdoor/object"
+	"github.com/forestmgy/ldapserver"
+	"github.com/lor00x/goldap/message"
+)
+
+func StartLdapServer() {
+	server := ldapserver.NewServer()
+	routes := ldapserver.NewRouteMux()
+
+	routes.Bind(handleBind)
+	routes.Search(handleSearch).Label(" SEARCH****")
+
+	server.Handle(routes)
+	server.ListenAndServe("0.0.0.0:" + conf.GetConfigString("ldapServerPort"))
+}
+
+func handleBind(w ldapserver.ResponseWriter, m *ldapserver.Message) {
+	r := m.GetBindRequest()
+	res := ldapserver.NewBindResponse(ldapserver.LDAPResultSuccess)
+
+	if r.AuthenticationChoice() == "simple" {
+		bindusername, bindorg, err := object.GetNameAndOrgFromDN(string(r.Name()))
+		if err != "" {
+			log.Printf("Bind failed ,ErrMsg=%s", err)
+			res.SetResultCode(ldapserver.LDAPResultInvalidDNSyntax)
+			res.SetDiagnosticMessage("bind failed ErrMsg: " + err)
+			w.Write(res)
+			return
+		}
+		bindpassword := string(r.AuthenticationSimple())
+		binduser, err := object.CheckUserPassword(bindorg, bindusername, bindpassword, "en")
+		if err != "" {
+			log.Printf("Bind failed User=%s, Pass=%#v, ErrMsg=%s", string(r.Name()), r.Authentication(), err)
+			res.SetResultCode(ldapserver.LDAPResultInvalidCredentials)
+			res.SetDiagnosticMessage("invalid credentials ErrMsg: " + err)
+			w.Write(res)
+			return
+		}
+		if bindorg == "built-in" {
+			m.Client.IsGlobalAdmin, m.Client.IsOrgAdmin = true, true
+		} else if binduser.IsAdmin {
+			m.Client.IsOrgAdmin = true
+		}
+		m.Client.IsAuthenticated = true
+		m.Client.UserName = bindusername
+		m.Client.OrgName = bindorg
+	} else {
+		res.SetResultCode(ldapserver.LDAPResultAuthMethodNotSupported)
+		res.SetDiagnosticMessage("Authentication method not supported,Please use Simple Authentication")
+	}
+	w.Write(res)
+}
+
+func handleSearch(w ldapserver.ResponseWriter, m *ldapserver.Message) {
+	res := ldapserver.NewSearchResultDoneResponse(ldapserver.LDAPResultSuccess)
+	if !m.Client.IsAuthenticated {
+		res.SetResultCode(ldapserver.LDAPResultUnwillingToPerform)
+		w.Write(res)
+		return
+	}
+	r := m.GetSearchRequest()
+	if r.FilterString() == "(objectClass=*)" {
+		w.Write(res)
+		return
+	}
+	name, org, errCode := object.GetUserNameAndOrgFromBaseDnAndFilter(string(r.BaseObject()), r.FilterString())
+	if errCode != ldapserver.LDAPResultSuccess {
+		res.SetResultCode(errCode)
+		w.Write(res)
+		return
+	}
+	// Handle Stop Signal (server stop / client disconnected / Abandoned request....)
+	select {
+	case <-m.Done:
+		log.Print("Leaving handleSearch...")
+		return
+	default:
+	}
+	users, errCode := object.GetFilteredUsers(m, name, org)
+	if errCode != ldapserver.LDAPResultSuccess {
+		res.SetResultCode(errCode)
+		w.Write(res)
+		return
+	}
+	for i := 0; i < len(users); i++ {
+		user := users[i]
+		dn := fmt.Sprintf("cn=%s,%s", user.Name, string(r.BaseObject()))
+		e := ldapserver.NewSearchResultEntry(dn)
+		e.AddAttribute("cn", message.AttributeValue(user.Name))
+		e.AddAttribute("uid", message.AttributeValue(user.Name))
+		e.AddAttribute("email", message.AttributeValue(user.Email))
+		e.AddAttribute("mobile", message.AttributeValue(user.Phone))
+		e.AddAttribute("userPassword", message.AttributeValue(getUserPasswordWithType(user)))
+		// e.AddAttribute("postalAddress", message.AttributeValue(user.Address[0]))
+		w.Write(e)
+	}
+	w.Write(res)
+}
+
+// get user password with hash type prefix
+// TODO not handle salt yet
+// @return {md5}5f4dcc3b5aa765d61d8327deb882cf99
+func getUserPasswordWithType(user *object.User) string {
+	org := object.GetOrganizationByUser(user)
+	if org.PasswordType == "" || org.PasswordType == "plain" {
+		return user.Password
+	}
+	prefix := org.PasswordType
+	if prefix == "salt" {
+		prefix = "sha256"
+	} else if prefix == "md5-salt" {
+		prefix = "md5"
+	} else if prefix == "pbkdf2-salt" {
+		prefix = "pbkdf2"
+	}
+	return fmt.Sprintf("{%s}%s", prefix, user.Password)
+}

controllers/link.go

@@ -53,12 +53,7 @@ func (c *ApiController) Unlink() {
 
 	if user.Id == unlinkedUser.Id && !user.IsGlobalAdmin {
 		// if the user is unlinking themselves, should check the provider can be unlinked, if not, we should return an error.
-		application, err := object.GetApplicationByUser(user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		application := object.GetApplicationByUser(user)
 		if application == nil {
 			c.ResponseError(c.T("link:You can't unlink yourself, you are not a member of any application"))
 			return
@@ -93,17 +88,8 @@ func (c *ApiController) Unlink() {
 		return
 	}
 
-	_, err = object.ClearUserOAuthProperties(&unlinkedUser, providerType)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	_, err = object.LinkUserAccount(&unlinkedUser, providerType, "")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.ClearUserOAuthProperties(&unlinkedUser, providerType)
 
+	object.LinkUserAccount(&unlinkedUser, providerType, "")
 	c.ResponseOk()
 }

controllers/message.go

@@ -1,310 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-	"fmt"
-	"strings"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/ai"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetMessages
-// @Title GetMessages
-// @Tag Message API
-// @Description get messages
-// @Param   owner     query    string  true        "The owner of messages"
-// @Success 200 {array} object.Message The Response object
-// @router /get-messages [get]
-func (c *ApiController) GetMessages() {
-	owner := c.Input().Get("owner")
-	organization := c.Input().Get("organization")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	chat := c.Input().Get("chat")
-
-	if limit == "" || page == "" {
-		var messages []*object.Message
-		var err error
-		if chat == "" {
-			messages, err = object.GetMessages(owner)
-		} else {
-			messages, err = object.GetChatMessages(chat)
-		}
-
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = object.GetMaskedMessages(messages)
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetMessageCount(owner, organization, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		paginationMessages, err := object.GetPaginationMessages(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		messages := object.GetMaskedMessages(paginationMessages)
-		c.ResponseOk(messages, paginator.Nums())
-	}
-}
-
-// GetMessage
-// @Title GetMessage
-// @Tag Message API
-// @Description get message
-// @Param   id     query    string  true        "The id ( owner/name ) of the message"
-// @Success 200 {object} object.Message The Response object
-// @router /get-message [get]
-func (c *ApiController) GetMessage() {
-	id := c.Input().Get("id")
-	message, err := object.GetMessage(id)
-	if err != nil {
-		panic(err)
-	}
-
-	c.Data["json"] = object.GetMaskedMessage(message)
-	c.ServeJSON()
-}
-
-func (c *ApiController) ResponseErrorStream(errorText string) {
-	event := fmt.Sprintf("event: myerror\ndata: %s\n\n", errorText)
-	_, err := c.Ctx.ResponseWriter.Write([]byte(event))
-	if err != nil {
-		panic(err)
-	}
-}
-
-// GetMessageAnswer
-// @Title GetMessageAnswer
-// @Tag Message API
-// @Description get message answer
-// @Param   id     query    string  true        "The id ( owner/name ) of the message"
-// @Success 200 {object} object.Message The Response object
-// @router /get-message-answer [get]
-func (c *ApiController) GetMessageAnswer() {
-	id := c.Input().Get("id")
-
-	c.Ctx.ResponseWriter.Header().Set("Content-Type", "text/event-stream")
-	c.Ctx.ResponseWriter.Header().Set("Cache-Control", "no-cache")
-	c.Ctx.ResponseWriter.Header().Set("Connection", "keep-alive")
-
-	message, err := object.GetMessage(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if message == nil {
-		c.ResponseErrorStream(fmt.Sprintf(c.T("chat:The message: %s is not found"), id))
-		return
-	}
-
-	if message.Author != "AI" || message.ReplyTo == "" || message.Text != "" {
-		c.ResponseErrorStream(c.T("chat:The message is invalid"))
-		return
-	}
-
-	chatId := util.GetId("admin", message.Chat)
-	chat, err := object.GetChat(chatId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if chat == nil || chat.Organization != message.Organization {
-		c.ResponseErrorStream(fmt.Sprintf(c.T("chat:The chat: %s is not found"), chatId))
-		return
-	}
-
-	if chat.Type != "AI" {
-		c.ResponseErrorStream(c.T("chat:The chat type must be \"AI\""))
-		return
-	}
-
-	questionMessage, err := object.GetMessage(message.ReplyTo)
-	if questionMessage == nil {
-		c.ResponseErrorStream(fmt.Sprintf(c.T("chat:The message: %s is not found"), id))
-		return
-	}
-
-	providerId := util.GetId(chat.Owner, chat.User2)
-	provider, err := object.GetProvider(providerId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if provider == nil {
-		c.ResponseErrorStream(fmt.Sprintf(c.T("chat:The provider: %s is not found"), providerId))
-		return
-	}
-
-	if provider.Category != "AI" || provider.ClientSecret == "" {
-		c.ResponseErrorStream(fmt.Sprintf(c.T("chat:The provider: %s is invalid"), providerId))
-		return
-	}
-
-	c.Ctx.ResponseWriter.Header().Set("Content-Type", "text/event-stream")
-	c.Ctx.ResponseWriter.Header().Set("Cache-Control", "no-cache")
-	c.Ctx.ResponseWriter.Header().Set("Connection", "keep-alive")
-
-	authToken := provider.ClientSecret
-	question := questionMessage.Text
-	var stringBuilder strings.Builder
-
-	fmt.Printf("Question: [%s]\n", questionMessage.Text)
-	fmt.Printf("Answer: [")
-
-	err = ai.QueryAnswerStream(authToken, question, c.Ctx.ResponseWriter, &stringBuilder)
-	if err != nil {
-		c.ResponseErrorStream(err.Error())
-		return
-	}
-
-	fmt.Printf("]\n")
-
-	event := fmt.Sprintf("event: end\ndata: %s\n\n", "end")
-	_, err = c.Ctx.ResponseWriter.Write([]byte(event))
-	if err != nil {
-		panic(err)
-	}
-
-	answer := stringBuilder.String()
-
-	message.Text = answer
-	_, err = object.UpdateMessage(message.GetId(), message)
-	if err != nil {
-		panic(err)
-	}
-}
-
-// UpdateMessage
-// @Title UpdateMessage
-// @Tag Message API
-// @Description update message
-// @Param   id     query    string  true        "The id ( owner/name ) of the message"
-// @Param   body    body   object.Message  true        "The details of the message"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-message [post]
-func (c *ApiController) UpdateMessage() {
-	id := c.Input().Get("id")
-
-	var message object.Message
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &message)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateMessage(id, &message))
-	c.ServeJSON()
-}
-
-// AddMessage
-// @Title AddMessage
-// @Tag Message API
-// @Description add message
-// @Param   body    body   object.Message  true        "The details of the message"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-message [post]
-func (c *ApiController) AddMessage() {
-	var message object.Message
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &message)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	var chat *object.Chat
-	if message.Chat != "" {
-		chatId := util.GetId("admin", message.Chat)
-		chat, err = object.GetChat(chatId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if chat == nil || chat.Organization != message.Organization {
-			c.ResponseError(fmt.Sprintf(c.T("chat:The chat: %s is not found"), chatId))
-			return
-		}
-	}
-
-	affected, err := object.AddMessage(&message)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if affected {
-		if chat != nil && chat.Type == "AI" {
-			answerMessage := &object.Message{
-				Owner:        message.Owner,
-				Name:         fmt.Sprintf("message_%s", util.GetRandomName()),
-				CreatedTime:  util.GetCurrentTimeEx(message.CreatedTime),
-				Organization: message.Organization,
-				Chat:         message.Chat,
-				ReplyTo:      message.GetId(),
-				Author:       "AI",
-				Text:         "",
-			}
-			_, err = object.AddMessage(answerMessage)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-		}
-	}
-
-	c.Data["json"] = wrapActionResponse(affected)
-	c.ServeJSON()
-}
-
-// DeleteMessage
-// @Title DeleteMessage
-// @Tag Message API
-// @Description delete message
-// @Param   body    body   object.Message  true        "The details of the message"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-message [post]
-func (c *ApiController) DeleteMessage() {
-	var message object.Message
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &message)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteMessage(&message))
-	c.ServeJSON()
-}

controllers/mfa.go

@@ -1,207 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"net/http"
-
-	"github.com/beego/beego"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// MfaSetupInitiate
-// @Title MfaSetupInitiate
-// @Tag MFA API
-// @Description setup MFA
-// @param owner	form	string	true	"owner of user"
-// @param name	form	string	true	"name of user"
-// @param type	form	string	true	"MFA auth type"
-// @Success 200 {object}   The Response object
-// @router /mfa/setup/initiate [post]
-func (c *ApiController) MfaSetupInitiate() {
-	owner := c.Ctx.Request.Form.Get("owner")
-	name := c.Ctx.Request.Form.Get("name")
-	mfaType := c.Ctx.Request.Form.Get("mfaType")
-	userId := util.GetId(owner, name)
-
-	if len(userId) == 0 {
-		c.ResponseError(http.StatusText(http.StatusBadRequest))
-		return
-	}
-
-	MfaUtil := object.GetMfaUtil(mfaType, nil)
-	if MfaUtil == nil {
-		c.ResponseError("Invalid auth type")
-	}
-
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if user == nil {
-		c.ResponseError("User doesn't exist")
-		return
-	}
-
-	issuer := beego.AppConfig.String("appname")
-	accountName := user.GetId()
-
-	mfaProps, err := MfaUtil.Initiate(c.Ctx, issuer, accountName)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	resp := mfaProps
-	c.ResponseOk(resp)
-}
-
-// MfaSetupVerify
-// @Title MfaSetupVerify
-// @Tag MFA API
-// @Description setup verify totp
-// @param	secret		form	string	true	"MFA secret"
-// @param	passcode	form 	string 	true	"MFA passcode"
-// @Success 200 {object}  Response object
-// @router /mfa/setup/verify [post]
-func (c *ApiController) MfaSetupVerify() {
-	mfaType := c.Ctx.Request.Form.Get("mfaType")
-	passcode := c.Ctx.Request.Form.Get("passcode")
-
-	if mfaType == "" || passcode == "" {
-		c.ResponseError("missing auth type or passcode")
-		return
-	}
-	mfaUtil := object.GetMfaUtil(mfaType, nil)
-	if mfaUtil == nil {
-		c.ResponseError("Invalid multi-factor authentication type")
-		return
-	}
-
-	err := mfaUtil.SetupVerify(c.Ctx, passcode)
-	if err != nil {
-		c.ResponseError(err.Error())
-	} else {
-		c.ResponseOk(http.StatusText(http.StatusOK))
-	}
-}
-
-// MfaSetupEnable
-// @Title MfaSetupEnable
-// @Tag MFA API
-// @Description enable totp
-// @param owner	form	string	true	"owner of user"
-// @param name	form	string	true	"name of user"
-// @param type	form	string	true	"MFA auth type"
-// @Success 200 {object}  Response object
-// @router /mfa/setup/enable [post]
-func (c *ApiController) MfaSetupEnable() {
-	owner := c.Ctx.Request.Form.Get("owner")
-	name := c.Ctx.Request.Form.Get("name")
-	mfaType := c.Ctx.Request.Form.Get("mfaType")
-
-	user, err := object.GetUser(util.GetId(owner, name))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if user == nil {
-		c.ResponseError("User doesn't exist")
-		return
-	}
-
-	mfaUtil := object.GetMfaUtil(mfaType, nil)
-	if mfaUtil == nil {
-		c.ResponseError("Invalid multi-factor authentication type")
-		return
-	}
-
-	err = mfaUtil.Enable(c.Ctx, user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(http.StatusText(http.StatusOK))
-}
-
-// DeleteMfa
-// @Title DeleteMfa
-// @Tag MFA API
-// @Description: Delete MFA
-// @param owner	form	string	true	"owner of user"
-// @param name	form	string	true	"name of user"
-// @Success 200 {object}  Response object
-// @router /delete-mfa/ [post]
-func (c *ApiController) DeleteMfa() {
-	owner := c.Ctx.Request.Form.Get("owner")
-	name := c.Ctx.Request.Form.Get("name")
-	userId := util.GetId(owner, name)
-
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if user == nil {
-		c.ResponseError("User doesn't exist")
-		return
-	}
-
-	err = object.DisabledMultiFactorAuth(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(object.GetAllMfaProps(user, true))
-}
-
-// SetPreferredMfa
-// @Title SetPreferredMfa
-// @Tag MFA API
-// @Description: Set specific Mfa Preferred
-// @param owner	form	string	true	"owner of user"
-// @param name	form	string	true	"name of user"
-// @param id	form	string	true	"id of user's MFA props"
-// @Success 200 {object}  Response object
-// @router /set-preferred-mfa [post]
-func (c *ApiController) SetPreferredMfa() {
-	mfaType := c.Ctx.Request.Form.Get("mfaType")
-	owner := c.Ctx.Request.Form.Get("owner")
-	name := c.Ctx.Request.Form.Get("name")
-	userId := util.GetId(owner, name)
-
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	if user == nil {
-		c.ResponseError("User doesn't exist")
-		return
-	}
-
-	err = object.SetPreferredMultiFactorAuth(user, mfaType)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.ResponseOk(object.GetAllMfaProps(user, true))
-}

controllers/model.go

@@ -37,30 +37,13 @@ func (c *ApiController) GetModels() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		models, err := object.GetModels(owner)
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = models
+		c.Data["json"] = object.GetModels(owner)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetModelCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		models, err := object.GetPaginationModels(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetModelCount(owner, field, value)))
+		models := object.GetPaginationModels(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(models, paginator.Nums())
 	}
 }
@@ -75,12 +58,7 @@ func (c *ApiController) GetModels() {
 func (c *ApiController) GetModel() {
 	id := c.Input().Get("id")
 
-	model, err := object.GetModel(id)
-	if err != nil {
-		panic(err)
-	}
-
-	c.Data["json"] = model
+	c.Data["json"] = object.GetModel(id)
 	c.ServeJSON()
 }
 

controllers/organization.go

@@ -37,41 +37,14 @@ func (c *ApiController) GetOrganizations() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		maskedOrganizations, err := object.GetMaskedOrganizations(object.GetOrganizations(owner))
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = maskedOrganizations
+		c.Data["json"] = object.GetMaskedOrganizations(object.GetOrganizations(owner))
 		c.ServeJSON()
 	} else {
-		isGlobalAdmin := c.IsGlobalAdmin()
-		if !isGlobalAdmin {
-			maskedOrganizations, err := object.GetMaskedOrganizations(object.GetOrganizations(owner, c.getCurrentUser().Owner))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-			c.ResponseOk(maskedOrganizations)
-		} else {
-			limit := util.ParseInt(limit)
-			count, err := object.GetOrganizationCount(owner, field, value)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			paginator := pagination.SetPaginator(c.Ctx, limit, count)
-			organizations, err := object.GetMaskedOrganizations(object.GetPaginationOrganizations(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			c.ResponseOk(organizations, paginator.Nums())
-		}
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetOrganizationCount(owner, field, value)))
+		organizations := object.GetMaskedOrganizations(object.GetPaginationOrganizations(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
+		c.ResponseOk(organizations, paginator.Nums())
 	}
 }
 
@@ -84,13 +57,9 @@ func (c *ApiController) GetOrganizations() {
 // @router /get-organization [get]
 func (c *ApiController) GetOrganization() {
 	id := c.Input().Get("id")
-	maskedOrganization, err := object.GetMaskedOrganization(object.GetOrganization(id))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
 
-	c.ResponseOk(maskedOrganization)
+	c.Data["json"] = object.GetMaskedOrganization(object.GetOrganization(id))
+	c.ServeJSON()
 }
 
 // UpdateOrganization ...
@@ -130,13 +99,8 @@ func (c *ApiController) AddOrganization() {
 		return
 	}
 
-	count, err := object.GetOrganizationCount("", "", "")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if err = checkQuotaForOrganization(int(count)); err != nil {
+	count := object.GetOrganizationCount("", "", "")
+	if err := checkQuotaForOrganization(count); err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
@@ -184,21 +148,3 @@ func (c *ApiController) GetDefaultApplication() {
 	maskedApplication := object.GetMaskedApplication(application, userId)
 	c.ResponseOk(maskedApplication)
 }
-
-// GetOrganizationNames ...
-// @Title GetOrganizationNames
-// @Tag Organization API
-// @Param   owner     query    string    true   "owner"
-// @Description get all organization name and displayName
-// @Success 200 {array} object.Organization The Response object
-// @router /get-organization-names [get]
-func (c *ApiController) GetOrganizationNames() {
-	owner := c.Input().Get("owner")
-	organizationNames, err := object.GetOrganizationsByFields(owner, []string{"name", "display_name"}...)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(organizationNames)
-}

controllers/payment.go

@@ -16,6 +16,7 @@ package controllers
 
 import (
 	"encoding/json"
+	"fmt"
 
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
@@ -31,35 +32,19 @@ import (
 // @router /get-payments [get]
 func (c *ApiController) GetPayments() {
 	owner := c.Input().Get("owner")
-	organization := c.Input().Get("organization")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		payments, err := object.GetPayments(owner)
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = payments
+		c.Data["json"] = object.GetPayments(owner)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetPaymentCount(owner, organization, field, value)
-		if err != nil {
-			panic(err)
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		payments, err := object.GetPaginationPayments(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			panic(err)
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetPaymentCount(owner, field, value)))
+		payments := object.GetPaginationPayments(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(payments, paginator.Nums())
 	}
 }
@@ -78,12 +63,7 @@ func (c *ApiController) GetUserPayments() {
 	organization := c.Input().Get("organization")
 	user := c.Input().Get("user")
 
-	payments, err := object.GetUserPayments(owner, organization, user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	payments := object.GetUserPayments(owner, organization, user)
 	c.ResponseOk(payments)
 }
 
@@ -97,12 +77,7 @@ func (c *ApiController) GetUserPayments() {
 func (c *ApiController) GetPayment() {
 	id := c.Input().Get("id")
 
-	payment, err := object.GetPayment(id)
-	if err != nil {
-		panic(err)
-	}
-
-	c.Data["json"] = payment
+	c.Data["json"] = object.GetPayment(id)
 	c.ServeJSON()
 }
 
@@ -178,19 +153,18 @@ func (c *ApiController) NotifyPayment() {
 	providerName := c.Ctx.Input.Param(":provider")
 	productName := c.Ctx.Input.Param(":product")
 	paymentName := c.Ctx.Input.Param(":payment")
-	orderId := c.Ctx.Input.Param("order")
 
 	body := c.Ctx.Input.RequestBody
 
-	err, errorResponse := object.NotifyPayment(c.Ctx.Request, body, owner, providerName, productName, paymentName, orderId)
-
-	_, err2 := c.Ctx.ResponseWriter.Write([]byte(errorResponse))
-	if err2 != nil {
-		panic(err2)
-	}
-
-	if err != nil {
-		panic(err)
+	ok := object.NotifyPayment(c.Ctx.Request, body, owner, providerName, productName, paymentName)
+	if ok {
+		_, err := c.Ctx.ResponseWriter.Write([]byte("success"))
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+	} else {
+		panic(fmt.Errorf("NotifyPayment() failed: %v", ok))
 	}
 }
 
@@ -204,12 +178,7 @@ func (c *ApiController) NotifyPayment() {
 func (c *ApiController) InvoicePayment() {
 	id := c.Input().Get("id")
 
-	payment, err := object.GetPayment(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	payment := object.GetPayment(id)
 	invoiceUrl, err := object.InvoicePayment(payment)
 	if err != nil {
 		c.ResponseError(err.Error())

controllers/permission.go

@@ -37,28 +37,13 @@ func (c *ApiController) GetPermissions() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		permissions, err := object.GetPermissions(owner)
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = permissions
+		c.Data["json"] = object.GetPermissions(owner)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetPermissionCount(owner, field, value)
-		if err != nil {
-			panic(err)
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		permissions, err := object.GetPaginationPermissions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			panic(err)
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetPermissionCount(owner, field, value)))
+		permissions := object.GetPaginationPermissions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(permissions, paginator.Nums())
 	}
 }
@@ -75,12 +60,7 @@ func (c *ApiController) GetPermissionsBySubmitter() {
 		return
 	}
 
-	permissions, err := object.GetPermissionsBySubmitter(user.Owner, user.Name)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	permissions := object.GetPermissionsBySubmitter(user.Owner, user.Name)
 	c.ResponseOk(permissions, len(permissions))
 	return
 }
@@ -94,12 +74,7 @@ func (c *ApiController) GetPermissionsBySubmitter() {
 // @router /get-permissions-by-role [get]
 func (c *ApiController) GetPermissionsByRole() {
 	id := c.Input().Get("id")
-	permissions, err := object.GetPermissionsByRole(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	permissions := object.GetPermissionsByRole(id)
 	c.ResponseOk(permissions, len(permissions))
 	return
 }
@@ -114,12 +89,7 @@ func (c *ApiController) GetPermissionsByRole() {
 func (c *ApiController) GetPermission() {
 	id := c.Input().Get("id")
 
-	permission, err := object.GetPermission(id)
-	if err != nil {
-		panic(err)
-	}
-
-	c.Data["json"] = permission
+	c.Data["json"] = object.GetPermission(id)
 	c.ServeJSON()
 }
 

controllers/permission_upload.go

@@ -1,54 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"fmt"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-func (c *ApiController) UploadPermissions() {
-	userId := c.GetSessionUsername()
-	owner, user := util.GetOwnerAndNameFromId(userId)
-
-	file, header, err := c.Ctx.Request.FormFile("file")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
-
-	path := util.GetUploadXlsxPath(fileId)
-	util.EnsureFileFolderExists(path)
-	err = saveFile(path, &file)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.UploadPermissions(owner, fileId)
-	if err != nil {
-		c.ResponseError(err.Error())
-	}
-
-	if affected {
-		c.ResponseOk()
-	} else {
-		c.ResponseError(c.T("user_upload:Failed to import users"))
-	}
-}

controllers/plan.go

@@ -1,160 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetPlans
-// @Title GetPlans
-// @Tag Plan API
-// @Description get plans
-// @Param   owner     query    string  true        "The owner of plans"
-// @Success 200 {array} object.Plan The Response object
-// @router /get-plans [get]
-func (c *ApiController) GetPlans() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		plans, err := object.GetPlans(owner)
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = plans
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetPlanCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		plan, err := object.GetPaginatedPlans(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(plan, paginator.Nums())
-	}
-}
-
-// GetPlan
-// @Title GetPlan
-// @Tag Plan API
-// @Description get plan
-// @Param   id     query    string  true        "The id ( owner/name ) of the plan"
-// @Param   includeOption     query    bool  false        "Should include plan's option"
-// @Success 200 {object} object.Plan The Response object
-// @router /get-plan [get]
-func (c *ApiController) GetPlan() {
-	id := c.Input().Get("id")
-	includeOption := c.Input().Get("includeOption") == "true"
-
-	plan, err := object.GetPlan(id)
-	if err != nil {
-		panic(err)
-	}
-
-	if includeOption {
-		options, err := object.GetPermissionsByRole(plan.Role)
-		if err != nil {
-			panic(err)
-		}
-
-		for _, option := range options {
-			plan.Options = append(plan.Options, option.DisplayName)
-		}
-
-		c.Data["json"] = plan
-	} else {
-		c.Data["json"] = plan
-	}
-	c.ServeJSON()
-}
-
-// UpdatePlan
-// @Title UpdatePlan
-// @Tag Plan API
-// @Description update plan
-// @Param   id     query    string  true        "The id ( owner/name ) of the plan"
-// @Param   body    body   object.Plan  true        "The details of the plan"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-plan [post]
-func (c *ApiController) UpdatePlan() {
-	id := c.Input().Get("id")
-
-	var plan object.Plan
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &plan)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdatePlan(id, &plan))
-	c.ServeJSON()
-}
-
-// AddPlan
-// @Title AddPlan
-// @Tag Plan API
-// @Description add plan
-// @Param   body    body   object.Plan  true        "The details of the plan"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-plan [post]
-func (c *ApiController) AddPlan() {
-	var plan object.Plan
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &plan)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddPlan(&plan))
-	c.ServeJSON()
-}
-
-// DeletePlan
-// @Title DeletePlan
-// @Tag Plan API
-// @Description delete plan
-// @Param   body    body   object.Plan  true        "The details of the plan"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-plan [post]
-func (c *ApiController) DeletePlan() {
-	var plan object.Plan
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &plan)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeletePlan(&plan))
-	c.ServeJSON()
-}

controllers/pricing.go

@@ -1,145 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetPricings
-// @Title GetPricings
-// @Tag Pricing API
-// @Description get pricings
-// @Param   owner     query    string  true        "The owner of pricings"
-// @Success 200 {array} object.Pricing The Response object
-// @router /get-pricings [get]
-func (c *ApiController) GetPricings() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		pricings, err := object.GetPricings(owner)
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = pricings
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetPricingCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		pricing, err := object.GetPaginatedPricings(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(pricing, paginator.Nums())
-	}
-}
-
-// GetPricing
-// @Title GetPricing
-// @Tag Pricing API
-// @Description get pricing
-// @Param   id     query    string  true        "The id ( owner/name ) of the pricing"
-// @Success 200 {object} object.pricing The Response object
-// @router /get-pricing [get]
-func (c *ApiController) GetPricing() {
-	id := c.Input().Get("id")
-
-	pricing, err := object.GetPricing(id)
-	if err != nil {
-		panic(err)
-	}
-
-	c.Data["json"] = pricing
-	c.ServeJSON()
-}
-
-// UpdatePricing
-// @Title UpdatePricing
-// @Tag Pricing API
-// @Description update pricing
-// @Param   id     query    string  true        "The id ( owner/name ) of the pricing"
-// @Param   body    body   object.Pricing  true        "The details of the pricing"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-pricing [post]
-func (c *ApiController) UpdatePricing() {
-	id := c.Input().Get("id")
-
-	var pricing object.Pricing
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &pricing)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdatePricing(id, &pricing))
-	c.ServeJSON()
-}
-
-// AddPricing
-// @Title AddPricing
-// @Tag Pricing API
-// @Description add pricing
-// @Param   body    body   object.Pricing  true        "The details of the pricing"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-pricing [post]
-func (c *ApiController) AddPricing() {
-	var pricing object.Pricing
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &pricing)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddPricing(&pricing))
-	c.ServeJSON()
-}
-
-// DeletePricing
-// @Title DeletePricing
-// @Tag Pricing API
-// @Description delete pricing
-// @Param   body    body   object.Pricing  true        "The details of the pricing"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-pricing [post]
-func (c *ApiController) DeletePricing() {
-	var pricing object.Pricing
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &pricing)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeletePricing(&pricing))
-	c.ServeJSON()
-}

controllers/product.go

@@ -38,30 +38,13 @@ func (c *ApiController) GetProducts() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		products, err := object.GetProducts(owner)
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = products
+		c.Data["json"] = object.GetProducts(owner)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetProductCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		products, err := object.GetPaginationProducts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetProductCount(owner, field, value)))
+		products := object.GetPaginationProducts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(products, paginator.Nums())
 	}
 }
@@ -76,15 +59,8 @@ func (c *ApiController) GetProducts() {
 func (c *ApiController) GetProduct() {
 	id := c.Input().Get("id")
 
-	product, err := object.GetProduct(id)
-	if err != nil {
-		panic(err)
-	}
-
-	err = object.ExtendProductWithProviders(product)
-	if err != nil {
-		panic(err)
-	}
+	product := object.GetProduct(id)
+	object.ExtendProductWithProviders(product)
 
 	c.Data["json"] = product
 	c.ServeJSON()
@@ -169,22 +145,17 @@ func (c *ApiController) BuyProduct() {
 		return
 	}
 
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	user := object.GetUser(userId)
 	if user == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
 		return
 	}
 
-	payUrl, orderId, err := object.BuyProduct(id, providerName, user, host)
+	payUrl, err := object.BuyProduct(id, providerName, user, host)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	c.ResponseOk(payUrl, orderId)
+	c.ResponseOk(payUrl)
 }

controllers/prometheus.go

@@ -1,39 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"github.com/casdoor/casdoor/object"
-)
-
-// GetPrometheusInfo
-// @Title GetPrometheusInfo
-// @Tag Prometheus API
-// @Description get Prometheus Info
-// @Success 200 {object} object.PrometheusInfo The Response object
-// @router /get-prometheus-info [get]
-func (c *ApiController) GetPrometheusInfo() {
-	_, ok := c.RequireAdmin()
-	if !ok {
-		return
-	}
-	prometheusInfo, err := object.GetPrometheusInfo()
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(prometheusInfo)
-}

controllers/provider.go

@@ -37,35 +37,13 @@ func (c *ApiController) GetProviders() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
-	ok, isMaskEnabled := c.IsMaskedEnabled()
-	if !ok {
-		return
-	}
-
 	if limit == "" || page == "" {
-		providers, err := object.GetProviders(owner)
-		if err != nil {
-			panic(err)
-		}
-
-		c.ResponseOk(object.GetMaskedProviders(providers, isMaskEnabled))
+		c.Data["json"] = object.GetMaskedProviders(object.GetProviders(owner))
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetProviderCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		paginationProviders, err := object.GetPaginationProviders(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		providers := object.GetMaskedProviders(paginationProviders, isMaskEnabled)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetProviderCount(owner, field, value)))
+		providers := object.GetMaskedProviders(object.GetPaginationProviders(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
 		c.ResponseOk(providers, paginator.Nums())
 	}
 }
@@ -83,35 +61,13 @@ func (c *ApiController) GetGlobalProviders() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
-	ok, isMaskEnabled := c.IsMaskedEnabled()
-	if !ok {
-		return
-	}
-
 	if limit == "" || page == "" {
-		globalProviders, err := object.GetGlobalProviders()
-		if err != nil {
-			panic(err)
-		}
-
-		c.ResponseOk(object.GetMaskedProviders(globalProviders, isMaskEnabled))
+		c.Data["json"] = object.GetMaskedProviders(object.GetGlobalProviders())
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetGlobalProviderCount(field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		paginationGlobalProviders, err := object.GetPaginationGlobalProviders(paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		providers := object.GetMaskedProviders(paginationGlobalProviders, isMaskEnabled)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetGlobalProviderCount(field, value)))
+		providers := object.GetMaskedProviders(object.GetPaginationGlobalProviders(paginator.Offset(), limit, field, value, sortField, sortOrder))
 		c.ResponseOk(providers, paginator.Nums())
 	}
 }
@@ -125,18 +81,8 @@ func (c *ApiController) GetGlobalProviders() {
 // @router /get-provider [get]
 func (c *ApiController) GetProvider() {
 	id := c.Input().Get("id")
-
-	ok, isMaskEnabled := c.IsMaskedEnabled()
-	if !ok {
-		return
-	}
-	provider, err := object.GetProvider(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(object.GetMaskedProvider(provider, isMaskEnabled))
+	c.Data["json"] = object.GetMaskedProvider(object.GetProvider(id))
+	c.ServeJSON()
 }
 
 // UpdateProvider
@@ -176,13 +122,8 @@ func (c *ApiController) AddProvider() {
 		return
 	}
 
-	count, err := object.GetProviderCount("", "", "")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if err := checkQuotaForProvider(int(count)); err != nil {
+	count := object.GetProviderCount("", "", "")
+	if err := checkQuotaForProvider(count); err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

controllers/record.go

@@ -42,31 +42,14 @@ func (c *ApiController) GetRecords() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		records, err := object.GetRecords()
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = records
+		c.Data["json"] = object.GetRecords()
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
 		filterRecord := &object.Record{Organization: organization}
-		count, err := object.GetRecordCount(field, value, filterRecord)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		records, err := object.GetPaginationRecords(paginator.Offset(), limit, field, value, sortField, sortOrder, filterRecord)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetRecordCount(field, value, filterRecord)))
+		records := object.GetPaginationRecords(paginator.Offset(), limit, field, value, sortField, sortOrder, filterRecord)
 		c.ResponseOk(records, paginator.Nums())
 	}
 }
@@ -84,15 +67,11 @@ func (c *ApiController) GetRecordsByFilter() {
 	record := &object.Record{}
 	err := util.JsonToStruct(body, record)
 	if err != nil {
-		panic(err)
+		c.ResponseError(err.Error())
+		return
 	}
 
-	records, err := object.GetRecordsByField(record)
-	if err != nil {
-		panic(err)
-	}
-
-	c.Data["json"] = records
+	c.Data["json"] = object.GetRecordsByField(record)
 	c.ServeJSON()
 }
 

controllers/resource.go

@@ -21,7 +21,6 @@ import (
 	"io"
 	"mime"
 	"path/filepath"
-	"strings"
 
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
@@ -51,28 +50,12 @@ func (c *ApiController) GetResources() {
 	}
 
 	if limit == "" || page == "" {
-		resources, err := object.GetResources(owner, user)
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = resources
+		c.Data["json"] = object.GetResources(owner, user)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetResourceCount(owner, user, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		resources, err := object.GetPaginationResources(owner, user, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetResourceCount(owner, user, field, value)))
+		resources := object.GetPaginationResources(owner, user, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(resources, paginator.Nums())
 	}
 }
@@ -84,12 +67,7 @@ func (c *ApiController) GetResources() {
 func (c *ApiController) GetResource() {
 	id := c.Input().Get("id")
 
-	resource, err := object.GetResource(id)
-	if err != nil {
-		panic(err)
-	}
-
-	c.Data["json"] = resource
+	c.Data["json"] = object.GetResource(id)
 	c.ServeJSON()
 }
 
@@ -139,9 +117,8 @@ func (c *ApiController) DeleteResource() {
 		return
 	}
 
-	provider, err := c.GetProviderFromContext("Storage")
-	if err != nil {
-		c.ResponseError(err.Error())
+	provider, _, ok := c.GetProviderFromContext("Storage")
+	if !ok {
 		return
 	}
 
@@ -188,9 +165,8 @@ func (c *ApiController) UploadResource() {
 		return
 	}
 
-	provider, err := c.GetProviderFromContext("Storage")
-	if err != nil {
-		c.ResponseError(err.Error())
+	provider, _, ok := c.GetProviderFromContext("Storage")
+	if !ok {
 		return
 	}
 
@@ -210,10 +186,7 @@ func (c *ApiController) UploadResource() {
 		index := len(fullFilePath) - len(ext)
 		for i := 1; ; i++ {
 			_, objectKey := object.GetUploadFileUrl(provider, fullFilePath, true)
-			if count, err := object.GetResourceCount(owner, username, "name", objectKey); err != nil {
-				c.ResponseError(err.Error())
-				return
-			} else if count == 0 {
+			if object.GetResourceCount(owner, username, "name", objectKey) == 0 {
 				break
 			}
 
@@ -222,7 +195,7 @@ func (c *ApiController) UploadResource() {
 		}
 	}
 
-	fileUrl, objectKey, err := object.UploadFileSafe(provider, fullFilePath, fileBuffer, c.GetAcceptLanguage())
+	fileUrl, objectKey, err := object.UploadFileSafe(provider, fullFilePath, fileBuffer)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -249,62 +222,23 @@ func (c *ApiController) UploadResource() {
 		Url:         fileUrl,
 		Description: description,
 	}
-	_, err = object.AddOrUpdateResource(resource)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.AddOrUpdateResource(resource)
 
 	switch tag {
 	case "avatar":
-		user, err := object.GetUserNoCheck(util.GetId(owner, username))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		user := object.GetUserNoCheck(util.GetId(owner, username))
 		if user == nil {
 			c.ResponseError(c.T("resource:User is nil for tag: avatar"))
 			return
 		}
 
 		user.Avatar = fileUrl
-		_, err = object.UpdateUser(user.GetId(), user, []string{"avatar"}, false)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		object.UpdateUser(user.GetId(), user, []string{"avatar"}, false)
 	case "termsOfUse":
-		user, err := object.GetUserNoCheck(util.GetId(owner, username))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if user == nil {
-			c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(owner, username)))
-			return
-		}
-
-		if !user.IsAdminUser() {
-			c.ResponseError(c.T("auth:Unauthorized operation"))
-			return
-		}
-
-		_, applicationId := util.GetOwnerAndNameFromIdNoCheck(strings.TrimRight(fullFilePath, ".html"))
-		applicationObj, err := object.GetApplication(applicationId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		applicationObj.TermsOfUse = fileUrl
-		_, err = object.UpdateApplication(applicationId, applicationObj)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		applicationId := fmt.Sprintf("admin/%s", parent)
+		app := object.GetApplication(applicationId)
+		app.TermsOfUse = fileUrl
+		object.UpdateApplication(applicationId, app)
 	}
 
 	c.ResponseOk(fileUrl, objectKey)

controllers/role.go

@@ -37,30 +37,13 @@ func (c *ApiController) GetRoles() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		roles, err := object.GetRoles(owner)
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = roles
+		c.Data["json"] = object.GetRoles(owner)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetRoleCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		roles, err := object.GetPaginationRoles(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetRoleCount(owner, field, value)))
+		roles := object.GetPaginationRoles(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(roles, paginator.Nums())
 	}
 }
@@ -75,12 +58,7 @@ func (c *ApiController) GetRoles() {
 func (c *ApiController) GetRole() {
 	id := c.Input().Get("id")
 
-	role, err := object.GetRole(id)
-	if err != nil {
-		panic(err)
-	}
-
-	c.Data["json"] = role
+	c.Data["json"] = object.GetRole(id)
 	c.ServeJSON()
 }
 

controllers/role_upload.go

@@ -1,54 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"fmt"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-func (c *ApiController) UploadRoles() {
-	userId := c.GetSessionUsername()
-	owner, user := util.GetOwnerAndNameFromId(userId)
-
-	file, header, err := c.Ctx.Request.FormFile("file")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
-
-	path := util.GetUploadXlsxPath(fileId)
-	util.EnsureFileFolderExists(path)
-	err = saveFile(path, &file)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.UploadRoles(owner, fileId)
-	if err != nil {
-		c.ResponseError(err.Error())
-	}
-
-	if affected {
-		c.ResponseOk()
-	} else {
-		c.ResponseError(c.T("user_upload:Failed to import users"))
-	}
-}

controllers/saml.go

@@ -23,12 +23,7 @@ import (
 func (c *ApiController) GetSamlMeta() {
 	host := c.Ctx.Request.Host
 	paramApp := c.Input().Get("application")
-	application, err := object.GetApplication(paramApp)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	application := object.GetApplication(paramApp)
 	if application == nil {
 		c.ResponseError(fmt.Sprintf(c.T("saml:Application %s not found"), paramApp))
 		return

controllers/service.go

@@ -61,17 +61,12 @@ func (c *ApiController) SendEmail() {
 	var provider *object.Provider
 	if emailForm.Provider != "" {
 		// called by frontend's TestEmailWidget, provider name is set by frontend
-		provider, err = object.GetProvider(util.GetId("admin", emailForm.Provider))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		provider = object.GetProvider(util.GetId("admin", emailForm.Provider))
 	} else {
 		// called by Casdoor SDK via Client ID & Client Secret, so the used Email provider will be the application' Email provider or the default Email provider
-		provider, err = c.GetProviderFromContext("Email")
-		if err != nil {
-			c.ResponseError(err.Error())
+		var ok bool
+		provider, _, ok = c.GetProviderFromContext("Email")
+		if !ok {
 			return
 		}
 	}
@@ -127,14 +122,13 @@ func (c *ApiController) SendEmail() {
 // @Success 200 {object}  Response object
 // @router /api/send-sms [post]
 func (c *ApiController) SendSms() {
-	provider, err := c.GetProviderFromContext("SMS")
-	if err != nil {
-		c.ResponseError(err.Error())
+	provider, _, ok := c.GetProviderFromContext("SMS")
+	if !ok {
 		return
 	}
 
 	var smsForm SmsForm
-	err = json.Unmarshal(c.Ctx.Input.RequestBody, &smsForm)
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &smsForm)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return

controllers/session.go

@@ -37,29 +37,13 @@ func (c *ApiController) GetSessions() {
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	owner := c.Input().Get("owner")
-
 	if limit == "" || page == "" {
-		sessions, err := object.GetSessions(owner)
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = sessions
+		c.Data["json"] = object.GetSessions(owner)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetSessionCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		sessions, err := object.GetPaginationSessions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetSessionCount(owner, field, value)))
+		sessions := object.GetPaginationSessions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(sessions, paginator.Nums())
 	}
 }
@@ -74,12 +58,7 @@ func (c *ApiController) GetSessions() {
 func (c *ApiController) GetSingleSession() {
 	id := c.Input().Get("sessionPkId")
 
-	session, err := object.GetSingleSession(id)
-	if err != nil {
-		panic(err)
-	}
-
-	c.Data["json"] = session
+	c.Data["json"] = object.GetSingleSession(id)
 	c.ServeJSON()
 }
 
@@ -153,11 +132,7 @@ func (c *ApiController) IsSessionDuplicated() {
 	id := c.Input().Get("sessionPkId")
 	sessionId := c.Input().Get("sessionId")
 
-	isUserSessionDuplicated, err := object.IsSessionDuplicated(id, sessionId)
-	if err != nil {
-		panic(err)
-	}
-
+	isUserSessionDuplicated := object.IsSessionDuplicated(id, sessionId)
 	c.Data["json"] = &Response{Status: "ok", Msg: "", Data: isUserSessionDuplicated}
 
 	c.ServeJSON()

controllers/subscription.go

@@ -1,145 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetSubscriptions
-// @Title GetSubscriptions
-// @Tag Subscription API
-// @Description get subscriptions
-// @Param   owner     query    string  true        "The owner of subscriptions"
-// @Success 200 {array} object.Subscription The Response object
-// @router /get-subscriptions [get]
-func (c *ApiController) GetSubscriptions() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		subscriptions, err := object.GetSubscriptions(owner)
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = subscriptions
-		c.ServeJSON()
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetSubscriptionCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		subscription, err := object.GetPaginationSubscriptions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(subscription, paginator.Nums())
-	}
-}
-
-// GetSubscription
-// @Title GetSubscription
-// @Tag Subscription API
-// @Description get subscription
-// @Param   id     query    string  true        "The id ( owner/name ) of the subscription"
-// @Success 200 {object} object.subscription The Response object
-// @router /get-subscription [get]
-func (c *ApiController) GetSubscription() {
-	id := c.Input().Get("id")
-
-	subscription, err := object.GetSubscription(id)
-	if err != nil {
-		panic(err)
-	}
-
-	c.Data["json"] = subscription
-	c.ServeJSON()
-}
-
-// UpdateSubscription
-// @Title UpdateSubscription
-// @Tag Subscription API
-// @Description update subscription
-// @Param   id     query    string  true        "The id ( owner/name ) of the subscription"
-// @Param   body    body   object.Subscription  true        "The details of the subscription"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-subscription [post]
-func (c *ApiController) UpdateSubscription() {
-	id := c.Input().Get("id")
-
-	var subscription object.Subscription
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &subscription)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateSubscription(id, &subscription))
-	c.ServeJSON()
-}
-
-// AddSubscription
-// @Title AddSubscription
-// @Tag Subscription API
-// @Description add subscription
-// @Param   body    body   object.Subscription  true        "The details of the subscription"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-subscription [post]
-func (c *ApiController) AddSubscription() {
-	var subscription object.Subscription
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &subscription)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddSubscription(&subscription))
-	c.ServeJSON()
-}
-
-// DeleteSubscription
-// @Title DeleteSubscription
-// @Tag Subscription API
-// @Description delete subscription
-// @Param   body    body   object.Subscription  true        "The details of the subscription"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-subscription [post]
-func (c *ApiController) DeleteSubscription() {
-	var subscription object.Subscription
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &subscription)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteSubscription(&subscription))
-	c.ServeJSON()
-}

controllers/syncer.go

@@ -37,31 +37,13 @@ func (c *ApiController) GetSyncers() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-	organization := c.Input().Get("organization")
-
 	if limit == "" || page == "" {
-		organizationSyncers, err := object.GetOrganizationSyncers(owner, organization)
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = organizationSyncers
+		c.Data["json"] = object.GetSyncers(owner)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetSyncerCount(owner, organization, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		syncers, err := object.GetPaginationSyncers(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetSyncerCount(owner, field, value)))
+		syncers := object.GetPaginationSyncers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(syncers, paginator.Nums())
 	}
 }
@@ -76,12 +58,7 @@ func (c *ApiController) GetSyncers() {
 func (c *ApiController) GetSyncer() {
 	id := c.Input().Get("id")
 
-	syncer, err := object.GetSyncer(id)
-	if err != nil {
-		panic(err)
-	}
-
-	c.Data["json"] = syncer
+	c.Data["json"] = object.GetSyncer(id)
 	c.ServeJSON()
 }
 
@@ -154,11 +131,7 @@ func (c *ApiController) DeleteSyncer() {
 // @router /run-syncer [get]
 func (c *ApiController) RunSyncer() {
 	id := c.Input().Get("id")
-	syncer, err := object.GetSyncer(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	syncer := object.GetSyncer(id)
 
 	object.RunSyncer(syncer)
 

controllers/system_info.go

@@ -21,8 +21,9 @@ import (
 // GetSystemInfo
 // @Title GetSystemInfo
 // @Tag System API
-// @Description get system info like CPU and memory usage
-// @Success 200 {object} util.SystemInfo The Response object
+// @Description get user's system info
+// @Param   id     query    string  true        "The id ( owner/name ) of the user"
+// @Success 200 {object} object.SystemInfo The Response object
 // @router /get-system-info [get]
 func (c *ApiController) GetSystemInfo() {
 	_, ok := c.RequireAdmin()
@@ -42,30 +43,15 @@ func (c *ApiController) GetSystemInfo() {
 // GetVersionInfo
 // @Title GetVersionInfo
 // @Tag System API
-// @Description get version info like Casdoor release version and commit ID
-// @Success 200 {object} util.VersionInfo The Response object
+// @Description get local git repo's latest release version info
+// @Success 200 {string} local latest version hash of Casdoor
 // @router /get-version-info [get]
 func (c *ApiController) GetVersionInfo() {
 	versionInfo, err := util.GetVersionInfo()
-
-	if versionInfo.Version == "" {
-		versionInfo, err = util.GetVersionInfoFromFile()
-
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
 	}
 
 	c.ResponseOk(versionInfo)
 }
-
-// Health
-// @Title Health
-// @Tag System API
-// @Description check if the system is live
-// @Success 200 {object} controllers.Response The Response object
-// @router /health [get]
-func (c *ApiController) Health() {
-	c.ResponseOk()
-}

controllers/token.go

@@ -39,30 +39,13 @@ func (c *ApiController) GetTokens() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-	organization := c.Input().Get("organization")
 	if limit == "" || page == "" {
-		token, err := object.GetTokens(owner, organization)
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = token
+		c.Data["json"] = object.GetTokens(owner)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetTokenCount(owner, organization, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		tokens, err := object.GetPaginationTokens(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetTokenCount(owner, field, value)))
+		tokens := object.GetPaginationTokens(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(tokens, paginator.Nums())
 	}
 }
@@ -76,12 +59,8 @@ func (c *ApiController) GetTokens() {
 // @router /get-token [get]
 func (c *ApiController) GetToken() {
 	id := c.Input().Get("id")
-	token, err := object.GetToken(id)
-	if err != nil {
-		panic(err)
-	}
 
-	c.Data["json"] = token
+	c.Data["json"] = object.GetToken(id)
 	c.ServeJSON()
 }
 
@@ -145,6 +124,40 @@ func (c *ApiController) DeleteToken() {
 	c.ServeJSON()
 }
 
+// GetOAuthCode
+// @Title GetOAuthCode
+// @Tag Token API
+// @Description get OAuth code
+// @Param   id     query    string  true        "The id ( owner/name ) of user"
+// @Param   client_id     query    string  true        "OAuth client id"
+// @Param   response_type     query    string  true        "OAuth response type"
+// @Param   redirect_uri     query    string  true        "OAuth redirect URI"
+// @Param   scope     query    string  true        "OAuth scope"
+// @Param   state     query    string  true        "OAuth state"
+// @Success 200 {object} object.TokenWrapper The Response object
+// @router /login/oauth/code [post]
+func (c *ApiController) GetOAuthCode() {
+	userId := c.Input().Get("user_id")
+	clientId := c.Input().Get("client_id")
+	responseType := c.Input().Get("response_type")
+	redirectUri := c.Input().Get("redirect_uri")
+	scope := c.Input().Get("scope")
+	state := c.Input().Get("state")
+	nonce := c.Input().Get("nonce")
+
+	challengeMethod := c.Input().Get("code_challenge_method")
+	codeChallenge := c.Input().Get("code_challenge")
+
+	if challengeMethod != "S256" && challengeMethod != "null" && challengeMethod != "" {
+		c.ResponseError(c.T("auth:Challenge method should be S256"))
+		return
+	}
+	host := c.Ctx.Request.Host
+
+	c.Data["json"] = object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce, codeChallenge, host, c.GetAcceptLanguage())
+	c.ServeJSON()
+}
+
 // GetOAuthToken
 // @Title GetOAuthToken
 // @Tag Token API
@@ -191,12 +204,8 @@ func (c *ApiController) GetOAuthToken() {
 		}
 	}
 	host := c.Ctx.Request.Host
-	oAuthtoken, err := object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, username, password, host, refreshToken, tag, avatar, c.GetAcceptLanguage())
-	if err != nil {
-		panic(err)
-	}
 
-	c.Data["json"] = oAuthtoken
+	c.Data["json"] = object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, username, password, host, refreshToken, tag, avatar, c.GetAcceptLanguage())
 	c.SetTokenErrorHttpStatus()
 	c.ServeJSON()
 }
@@ -234,12 +243,7 @@ func (c *ApiController) RefreshToken() {
 		}
 	}
 
-	refreshToken2, err := object.RefreshToken(grantType, refreshToken, scope, clientId, clientSecret, host)
-	if err != nil {
-		panic(err)
-	}
-
-	c.Data["json"] = refreshToken2
+	c.Data["json"] = object.RefreshToken(grantType, refreshToken, scope, clientId, clientSecret, host)
 	c.SetTokenErrorHttpStatus()
 	c.ServeJSON()
 }
@@ -274,11 +278,7 @@ func (c *ApiController) IntrospectToken() {
 			return
 		}
 	}
-	application, err := object.GetApplicationByClientId(clientId)
-	if err != nil {
-		panic(err)
-	}
-
+	application := object.GetApplicationByClientId(clientId)
 	if application == nil || application.ClientSecret != clientSecret {
 		c.ResponseError(c.T("token:Invalid application or wrong clientSecret"))
 		c.Data["json"] = &object.TokenError{
@@ -287,11 +287,7 @@ func (c *ApiController) IntrospectToken() {
 		c.SetTokenErrorHttpStatus()
 		return
 	}
-	token, err := object.GetTokenByTokenAndApplication(tokenValue, application.Name)
-	if err != nil {
-		panic(err)
-	}
-
+	token := object.GetTokenByTokenAndApplication(tokenValue, application.Name)
 	if token == nil {
 		c.Data["json"] = &object.IntrospectionResponse{Active: false}
 		c.ServeJSON()

controllers/user.go

@@ -37,36 +37,14 @@ func (c *ApiController) GetGlobalUsers() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		maskedUsers, err := object.GetMaskedUsers(object.GetGlobalUsers())
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = maskedUsers
+		c.Data["json"] = object.GetMaskedUsers(object.GetGlobalUsers())
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetGlobalUserCount(field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		users, err := object.GetPaginationGlobalUsers(paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		users, err = object.GetMaskedUsers(users)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetGlobalUserCount(field, value)))
+		users := object.GetPaginationGlobalUsers(paginator.Offset(), limit, field, value, sortField, sortOrder)
+		users = object.GetMaskedUsers(users)
 		c.ResponseOk(users, paginator.Nums())
 	}
 }
@@ -80,53 +58,20 @@ func (c *ApiController) GetGlobalUsers() {
 // @router /get-users [get]
 func (c *ApiController) GetUsers() {
 	owner := c.Input().Get("owner")
-	groupName := c.Input().Get("groupName")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		if groupName != "" {
-			maskedUsers, err := object.GetMaskedUsers(object.GetGroupUsers(groupName))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-			c.ResponseOk(maskedUsers)
-			return
-		}
-
-		maskedUsers, err := object.GetMaskedUsers(object.GetUsers(owner))
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = maskedUsers
+		c.Data["json"] = object.GetMaskedUsers(object.GetUsers(owner))
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetUserCount(owner, field, value, groupName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		users, err := object.GetPaginationUsers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder, groupName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		users, err = object.GetMaskedUsers(users)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetUserCount(owner, field, value)))
+		users := object.GetPaginationUsers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		users = object.GetMaskedUsers(users)
 		c.ResponseOk(users, paginator.Nums())
 	}
 }
@@ -135,11 +80,10 @@ func (c *ApiController) GetUsers() {
 // @Title GetUser
 // @Tag User API
 // @Description get user
-// @Param   id     query    string  false        "The id ( owner/name ) of the user"
+// @Param   id     query    string  true        "The id ( owner/name ) of the user"
 // @Param   owner  query    string  false        "The owner of the user"
 // @Param   email  query    string  false 	     "The email of the user"
 // @Param   phone  query    string  false 	     "The phone of the user"
-// @Param   userId query    string  false 	     "The userId of the user"
 // @Success 200 {object} object.User The Response object
 // @router /get-user [get]
 func (c *ApiController) GetUser() {
@@ -147,30 +91,16 @@ func (c *ApiController) GetUser() {
 	email := c.Input().Get("email")
 	phone := c.Input().Get("phone")
 	userId := c.Input().Get("userId")
+
 	owner := c.Input().Get("owner")
-	var err error
-	var userFromUserId *object.User
-	if userId != "" && owner != "" {
-		userFromUserId, err = object.GetUserByUserId(owner, userId)
-		if err != nil {
-			panic(err)
-		}
-
-		id = util.GetId(userFromUserId.Owner, userFromUserId.Name)
-	}
-
 	if owner == "" {
-		owner = util.GetOwnerFromId(id)
-	}
-
-	organization, err := object.GetOrganization(util.GetId("admin", owner))
-	if err != nil {
-		panic(err)
+		owner, _ = util.GetOwnerAndNameFromId(id)
 	}
 
+	organization := object.GetOrganization(fmt.Sprintf("%s/%s", "admin", owner))
 	if !organization.IsProfilePublic {
 		requestUserId := c.GetSessionUsername()
-		hasPermission, err := object.CheckUserPermission(requestUserId, id, false, c.GetAcceptLanguage())
+		hasPermission, err := object.CheckUserPermission(requestUserId, id, owner, false, c.GetAcceptLanguage())
 		if !hasPermission {
 			c.ResponseError(err.Error())
 			return
@@ -180,31 +110,18 @@ func (c *ApiController) GetUser() {
 	var user *object.User
 	switch {
 	case email != "":
-		user, err = object.GetUserByEmail(owner, email)
+		user = object.GetUserByEmail(owner, email)
 	case phone != "":
-		user, err = object.GetUserByPhone(owner, phone)
+		user = object.GetUserByPhone(owner, phone)
 	case userId != "":
-		user = userFromUserId
+		user = object.GetUserByUserId(owner, userId)
 	default:
-		user, err = object.GetUser(id)
+		user = object.GetUser(id)
 	}
 
-	if err != nil {
-		panic(err)
-	}
+	object.ExtendUserWithRolesAndPermissions(user)
 
-	user.MultiFactorAuths = object.GetAllMfaProps(user, true)
-	err = object.ExtendUserWithRolesAndPermissions(user)
-	if err != nil {
-		panic(err)
-	}
-
-	maskedUser, err := object.GetMaskedUser(user)
-	if err != nil {
-		panic(err)
-	}
-
-	c.Data["json"] = maskedUser
+	c.Data["json"] = object.GetMaskedUser(user)
 	c.ServeJSON()
 }
 
@@ -220,6 +137,10 @@ func (c *ApiController) UpdateUser() {
 	id := c.Input().Get("id")
 	columnsStr := c.Input().Get("columns")
 
+	if id == "" {
+		id = c.GetSessionUsername()
+	}
+
 	var user object.User
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
 	if err != nil {
@@ -227,57 +148,26 @@ func (c *ApiController) UpdateUser() {
 		return
 	}
 
-	if id == "" {
-		id = c.GetSessionUsername()
-		if id == "" {
-			c.ResponseError(c.T("general:Missing parameter"))
-			return
-		}
-	}
-	oldUser, err := object.GetUser(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if oldUser == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), id))
-		return
-	}
-
-	if oldUser.Owner == "built-in" && oldUser.Name == "admin" && (user.Owner != "built-in" || user.Name != "admin") {
-		c.ResponseError(c.T("auth:Unauthorized operation"))
-		return
-	}
-
-	if msg := object.CheckUpdateUser(oldUser, &user, c.GetAcceptLanguage()); msg != "" {
+	if msg := object.CheckUpdateUser(object.GetUser(id), &user, c.GetAcceptLanguage()); msg != "" {
 		c.ResponseError(msg)
 		return
 	}
 
-	isAdmin := c.IsAdmin()
-	if pass, err := object.CheckPermissionForUpdateUser(oldUser, &user, isAdmin, c.GetAcceptLanguage()); !pass {
-		c.ResponseError(err)
-		return
-	}
-
 	columns := []string{}
 	if columnsStr != "" {
 		columns = strings.Split(columnsStr, ",")
 	}
 
-	affected, err := object.UpdateUser(id, &user, columns, isAdmin)
-	if err != nil {
-		c.ResponseError(err.Error())
+	isGlobalAdmin := c.IsGlobalAdmin()
+
+	if pass, err := checkPermissionForUpdateUser(id, user, c); !pass {
+		c.ResponseError(err)
 		return
 	}
 
+	affected := object.UpdateUser(id, &user, columns, isGlobalAdmin)
 	if affected {
-		err = object.UpdateUserToOriginalDatabase(&user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		object.UpdateUserToOriginalDatabase(&user)
 	}
 
 	c.Data["json"] = wrapActionResponse(affected)
@@ -299,13 +189,8 @@ func (c *ApiController) AddUser() {
 		return
 	}
 
-	count, err := object.GetUserCount("", "", "", "")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if err := checkQuotaForUser(int(count)); err != nil {
+	count := object.GetUserCount("", "", "")
+	if err := checkQuotaForUser(count); err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
@@ -335,11 +220,6 @@ func (c *ApiController) DeleteUser() {
 		return
 	}
 
-	if user.Owner == "built-in" && user.Name == "admin" {
-		c.ResponseError(c.T("auth:Unauthorized operation"))
-		return
-	}
-
 	c.Data["json"] = wrapActionResponse(object.DeleteUser(&user))
 	c.ServeJSON()
 }
@@ -356,12 +236,7 @@ func (c *ApiController) GetEmailAndPhone() {
 	organization := c.Ctx.Request.Form.Get("organization")
 	username := c.Ctx.Request.Form.Get("username")
 
-	user, err := object.GetUserByFields(organization, username)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	user := object.GetUserByFields(organization, username)
 	if user == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(organization, username)))
 		return
@@ -400,44 +275,18 @@ func (c *ApiController) SetPassword() {
 	userName := c.Ctx.Request.Form.Get("userName")
 	oldPassword := c.Ctx.Request.Form.Get("oldPassword")
 	newPassword := c.Ctx.Request.Form.Get("newPassword")
-	code := c.Ctx.Request.Form.Get("code")
-
-	//if userOwner == "built-in" && userName == "admin" {
-	//	c.ResponseError(c.T("auth:Unauthorized operation"))
-	//	return
-	//}
-
-	if strings.Contains(newPassword, " ") {
-		c.ResponseError(c.T("user:New password cannot contain blank space."))
-		return
-	}
-
-	userId := util.GetId(userOwner, userName)
 
 	requestUserId := c.GetSessionUsername()
-	if requestUserId == "" && code == "" {
-		c.ResponseError(c.T("general:Please login first"), "Please login first")
-		return
-	} else if code == "" {
-		hasPermission, err := object.CheckUserPermission(requestUserId, userId, true, c.GetAcceptLanguage())
-		if !hasPermission {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else {
-		if code != c.GetSession("verifiedCode") {
-			c.ResponseError(c.T("general:Missing parameter"))
-			return
-		}
-		c.SetSession("verifiedCode", "")
-	}
+	userId := util.GetId(userOwner, userName)
 
-	targetUser, err := object.GetUser(userId)
-	if err != nil {
+	hasPermission, err := object.CheckUserPermission(requestUserId, userId, userOwner, true, c.GetAcceptLanguage())
+	if !hasPermission {
 		c.ResponseError(err.Error())
 		return
 	}
 
+	targetUser := object.GetUser(userId)
+
 	if oldPassword != "" {
 		msg := object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
 		if msg != "" {
@@ -446,19 +295,18 @@ func (c *ApiController) SetPassword() {
 		}
 	}
 
-	msg := object.CheckPasswordComplexity(targetUser, newPassword)
-	if msg != "" {
-		c.ResponseError(msg)
+	if strings.Contains(newPassword, " ") {
+		c.ResponseError(c.T("user:New password cannot contain blank space."))
+		return
+	}
+
+	if len(newPassword) <= 5 {
+		c.ResponseError(c.T("user:New password must have at least 6 characters"))
 		return
 	}
 
 	targetUser.Password = newPassword
-	_, err = object.SetUserField(targetUser, "password", targetUser.Password)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	object.SetUserField(targetUser, "password", targetUser.Password)
 	c.ResponseOk()
 }
 
@@ -496,12 +344,7 @@ func (c *ApiController) GetSortedUsers() {
 	sorter := c.Input().Get("sorter")
 	limit := util.ParseInt(c.Input().Get("limit"))
 
-	maskedUsers, err := object.GetMaskedUsers(object.GetSortedUsers(owner, sorter, limit))
-	if err != nil {
-		panic(err)
-	}
-
-	c.Data["json"] = maskedUsers
+	c.Data["json"] = object.GetMaskedUsers(object.GetSortedUsers(owner, sorter, limit))
 	c.ServeJSON()
 }
 
@@ -517,49 +360,13 @@ func (c *ApiController) GetUserCount() {
 	owner := c.Input().Get("owner")
 	isOnline := c.Input().Get("isOnline")
 
-	var count int64
-	var err error
+	count := 0
 	if isOnline == "" {
-		count, err = object.GetUserCount(owner, "", "", "")
+		count = object.GetUserCount(owner, "", "")
 	} else {
-		count, err = object.GetOnlineUserCount(owner, util.ParseInt(isOnline))
-	}
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
+		count = object.GetOnlineUserCount(owner, util.ParseInt(isOnline))
 	}
 
 	c.Data["json"] = count
 	c.ServeJSON()
 }
-
-// AddUserkeys
-// @Title AddUserkeys
-// @router /add-user-keys [post]
-// @Tag User API
-func (c *ApiController) AddUserkeys() {
-	var user object.User
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	isAdmin := c.IsAdmin()
-	affected, err := object.AddUserkeys(&user, isAdmin)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(affected)
-}
-
-func (c *ApiController) RemoveUserFromGroup() {
-	owner := c.Ctx.Request.Form.Get("owner")
-	name := c.Ctx.Request.Form.Get("name")
-	groupName := c.Ctx.Request.Form.Get("groupName")
-
-	c.Data["json"] = wrapActionResponse(object.RemoveUserFromGroup(owner, name, groupName))
-	c.ServeJSON()
-}

controllers/user_upload.go

@@ -19,14 +19,13 @@ import (
 	"io"
 	"mime/multipart"
 	"os"
-	"path/filepath"
 
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 
 func saveFile(path string, file *multipart.File) (err error) {
-	f, err := os.Create(filepath.Clean(path))
+	f, err := os.Create(path)
 	if err != nil {
 		return err
 	}
@@ -58,12 +57,7 @@ func (c *ApiController) UploadUsers() {
 		return
 	}
 
-	affected, err := object.UploadUsers(owner, fileId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	affected := object.UploadUsers(owner, fileId)
 	if affected {
 		c.ResponseOk()
 	} else {

controllers/user_util.go

@@ -0,0 +1,139 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/casdoor/casdoor/object"
+)
+
+func checkPermissionForUpdateUser(userId string, newUser object.User, c *ApiController) (bool, string) {
+	oldUser := object.GetUser(userId)
+	organization := object.GetOrganizationByUser(oldUser)
+	var itemsChanged []*object.AccountItem
+
+	if oldUser.Owner != newUser.Owner {
+		item := object.GetAccountItemByName("Organization", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Name != newUser.Name {
+		item := object.GetAccountItemByName("Name", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Id != newUser.Id {
+		item := object.GetAccountItemByName("ID", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.DisplayName != newUser.DisplayName {
+		item := object.GetAccountItemByName("Display name", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Avatar != newUser.Avatar {
+		item := object.GetAccountItemByName("Avatar", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Type != newUser.Type {
+		item := object.GetAccountItemByName("User type", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+	// The password is *** when not modified
+	if oldUser.Password != newUser.Password && newUser.Password != "***" {
+		item := object.GetAccountItemByName("Password", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Email != newUser.Email {
+		item := object.GetAccountItemByName("Email", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Phone != newUser.Phone {
+		item := object.GetAccountItemByName("Phone", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.CountryCode != newUser.CountryCode {
+		item := object.GetAccountItemByName("Country code", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Region != newUser.Region {
+		item := object.GetAccountItemByName("Country/Region", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Location != newUser.Location {
+		item := object.GetAccountItemByName("Location", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Affiliation != newUser.Affiliation {
+		item := object.GetAccountItemByName("Affiliation", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Title != newUser.Title {
+		item := object.GetAccountItemByName("Title", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Homepage != newUser.Homepage {
+		item := object.GetAccountItemByName("Homepage", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Bio != newUser.Bio {
+		item := object.GetAccountItemByName("Bio", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.Tag != newUser.Tag {
+		item := object.GetAccountItemByName("Tag", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.SignupApplication != newUser.SignupApplication {
+		item := object.GetAccountItemByName("Signup application", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+
+	oldUserPropertiesJson, _ := json.Marshal(oldUser.Properties)
+	newUserPropertiesJson, _ := json.Marshal(newUser.Properties)
+	if string(oldUserPropertiesJson) != string(newUserPropertiesJson) {
+		item := object.GetAccountItemByName("Properties", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+
+	if oldUser.IsAdmin != newUser.IsAdmin {
+		item := object.GetAccountItemByName("Is admin", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.IsGlobalAdmin != newUser.IsGlobalAdmin {
+		item := object.GetAccountItemByName("Is global admin", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.IsForbidden != newUser.IsForbidden {
+		item := object.GetAccountItemByName("Is forbidden", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+	if oldUser.IsDeleted != newUser.IsDeleted {
+		item := object.GetAccountItemByName("Is deleted", organization)
+		itemsChanged = append(itemsChanged, item)
+	}
+
+	currentUser := c.getCurrentUser()
+	if currentUser == nil && c.IsGlobalAdmin() {
+		currentUser = &object.User{
+			IsGlobalAdmin: true,
+		}
+	}
+
+	for i := range itemsChanged {
+		if pass, err := object.CheckAccountItemModifyRule(itemsChanged[i], currentUser, c.GetAcceptLanguage()); !pass {
+			return pass, err
+		}
+	}
+	return true, ""
+}

controllers/util.go

@@ -16,6 +16,7 @@ package controllers
 
 import (
 	"fmt"
+	"strconv"
 
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/i18n"
@@ -55,9 +56,6 @@ func (c *ApiController) T(error string) string {
 // GetAcceptLanguage ...
 func (c *ApiController) GetAcceptLanguage() string {
 	language := c.Ctx.Request.Header.Get("Accept-Language")
-	if len(language) > 2 {
-		language = language[0:2]
-	}
 	return conf.GetLanguage(language)
 }
 
@@ -95,11 +93,7 @@ func (c *ApiController) RequireSignedInUser() (*object.User, bool) {
 		return nil, false
 	}
 
-	user, err := object.GetUser(userId)
-	if err != nil {
-		panic(err)
-	}
-
+	user := object.GetUser(userId)
 	if user == nil {
 		c.ClearUserSession()
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
@@ -121,67 +115,43 @@ func (c *ApiController) RequireAdmin() (string, bool) {
 	return user.Owner, true
 }
 
-// IsMaskedEnabled ...
-func (c *ApiController) IsMaskedEnabled() (bool, bool) {
-	isMaskEnabled := true
-	withSecret := c.Input().Get("withSecret")
-	if withSecret == "1" {
-		isMaskEnabled = false
-
-		if conf.IsDemoMode() {
-			c.ResponseError(c.T("general:this operation is not allowed in demo mode"))
-			return false, isMaskEnabled
-		}
-
-		_, ok := c.RequireAdmin()
-		if !ok {
-			return false, isMaskEnabled
-		}
+func getInitScore(organization *object.Organization) (int, error) {
+	if organization != nil {
+		return organization.InitScore, nil
+	} else {
+		return strconv.Atoi(conf.GetConfigString("initScore"))
 	}
-
-	return true, isMaskEnabled
 }
 
-func (c *ApiController) GetProviderFromContext(category string) (*object.Provider, error) {
+func (c *ApiController) GetProviderFromContext(category string) (*object.Provider, *object.User, bool) {
 	providerName := c.Input().Get("provider")
 	if providerName != "" {
-		provider, err := object.GetProvider(util.GetId("admin", providerName))
-		if err != nil {
-			return nil, err
-		}
-
+		provider := object.GetProvider(util.GetId("admin", providerName))
 		if provider == nil {
-			err = fmt.Errorf(c.T("util:The provider: %s is not found"), providerName)
-			return nil, err
+			c.ResponseError(c.T("util:The provider: %s is not found"), providerName)
+			return nil, nil, false
 		}
-
-		return provider, nil
+		return provider, nil, true
 	}
 
 	userId, ok := c.RequireSignedIn()
 	if !ok {
-		return nil, fmt.Errorf(c.T("general:Please login first"))
-	}
-
-	application, err := object.GetApplicationByUserId(userId)
-	if err != nil {
-		return nil, err
+		return nil, nil, false
 	}
 
+	application, user := object.GetApplicationByUserId(userId)
 	if application == nil {
-		return nil, fmt.Errorf(c.T("util:No application is found for userId: %s"), userId)
-	}
-
-	provider, err := application.GetProviderByCategory(category)
-	if err != nil {
-		return nil, err
+		c.ResponseError(fmt.Sprintf(c.T("util:No application is found for userId: %s"), userId))
+		return nil, nil, false
 	}
 
+	provider := application.GetProviderByCategory(category)
 	if provider == nil {
-		return nil, fmt.Errorf(c.T("util:No provider for category: %s is found for application: %s"), category, application.Name)
+		c.ResponseError(fmt.Sprintf(c.T("util:No provider for category: %s is found for application: %s"), category, application.Name))
+		return nil, nil, false
 	}
 
-	return provider, nil
+	return provider, user, true
 }
 
 func checkQuotaForApplication(count int) error {

controllers/verification.go

@@ -15,49 +15,76 @@
 package controllers
 
 import (
-	"encoding/json"
 	"errors"
 	"fmt"
 	"strings"
 
 	"github.com/casdoor/casdoor/captcha"
-	"github.com/casdoor/casdoor/form"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 
 const (
-	SignupVerification   = "signup"
-	ResetVerification    = "reset"
-	LoginVerification    = "login"
-	ForgetVerification   = "forget"
-	MfaSetupVerification = "mfaSetup"
-	MfaAuthVerification  = "mfaAuth"
+	SignupVerification = "signup"
+	ResetVerification  = "reset"
+	LoginVerification  = "login"
+	ForgetVerification = "forget"
 )
 
+func (c *ApiController) getCurrentUser() *object.User {
+	var user *object.User
+	userId := c.GetSessionUsername()
+	if userId == "" {
+		user = nil
+	} else {
+		user = object.GetUser(userId)
+	}
+	return user
+}
+
 // SendVerificationCode ...
 // @Title SendVerificationCode
 // @Tag Verification API
 // @router /send-verification-code [post]
 func (c *ApiController) SendVerificationCode() {
-	var vform form.VerificationForm
-	err := c.ParseForm(&vform)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	destType := c.Ctx.Request.Form.Get("type")
+	dest := c.Ctx.Request.Form.Get("dest")
+	countryCode := c.Ctx.Request.Form.Get("countryCode")
+	checkType := c.Ctx.Request.Form.Get("checkType")
+	clientSecret := c.Ctx.Request.Form.Get("clientSecret")
+	captchaToken := c.Ctx.Request.Form.Get("captchaToken")
+	applicationId := c.Ctx.Request.Form.Get("applicationId")
+	method := c.Ctx.Request.Form.Get("method")
+	checkUser := c.Ctx.Request.Form.Get("checkUser")
 	remoteAddr := util.GetIPFromRequest(c.Ctx.Request)
 
-	if msg := vform.CheckParameter(form.SendVerifyCode, c.GetAcceptLanguage()); msg != "" {
-		c.ResponseError(msg)
+	if dest == "" {
+		c.ResponseError(c.T("general:Missing parameter") + ": dest.")
+		return
+	}
+	if applicationId == "" {
+		c.ResponseError(c.T("general:Missing parameter") + ": applicationId.")
+		return
+	}
+	if checkType == "" {
+		c.ResponseError(c.T("general:Missing parameter") + ": checkType.")
+		return
+	}
+	if !strings.Contains(applicationId, "/") {
+		c.ResponseError(c.T("verification:Wrong parameter") + ": applicationId.")
 		return
 	}
 
-	if vform.CaptchaType != "none" {
-		if captchaProvider := captcha.GetCaptchaProvider(vform.CaptchaType); captchaProvider == nil {
-			c.ResponseError(c.T("general:don't support captchaProvider: ") + vform.CaptchaType)
+	if checkType != "none" {
+		if captchaToken == "" {
+			c.ResponseError(c.T("general:Missing parameter") + ": captchaToken.")
 			return
-		} else if isHuman, err := captchaProvider.VerifyCaptcha(vform.CaptchaToken, vform.ClientSecret); err != nil {
+		}
+
+		if captchaProvider := captcha.GetCaptchaProvider(checkType); captchaProvider == nil {
+			c.ResponseError(c.T("general:don't support captchaProvider: ") + checkType)
+			return
+		} else if isHuman, err := captchaProvider.VerifyCaptcha(captchaToken, clientSecret); err != nil {
 			c.ResponseError(err.Error())
 			return
 		} else if !isHuman {
@@ -66,132 +93,72 @@ func (c *ApiController) SendVerificationCode() {
 		}
 	}
 
-	application, err := object.GetApplication(vform.ApplicationId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	organization, err := object.GetOrganization(util.GetId(application.Owner, application.Organization))
-	if err != nil {
-		c.ResponseError(c.T(err.Error()))
-	}
-
+	application := object.GetApplication(applicationId)
+	organization := object.GetOrganization(util.GetId(application.Owner, application.Organization))
 	if organization == nil {
-		c.ResponseError(c.T("check:Organization does not exist"))
+		c.ResponseError(c.T("verification:Organization does not exist"))
 		return
 	}
 
 	var user *object.User
 	// checkUser != "", means method is ForgetVerification
-	if vform.CheckUser != "" {
+	if checkUser != "" {
 		owner := application.Organization
-		user, err = object.GetUser(util.GetId(owner, vform.CheckUser))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	// mfaSessionData != nil, means method is MfaAuthVerification
-	if mfaSessionData := c.getMfaSessionData(); mfaSessionData != nil {
-		user, err = object.GetUser(mfaSessionData.UserId)
-		c.setMfaSessionData(nil)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		user = object.GetUser(util.GetId(owner, checkUser))
 	}
 
 	sendResp := errors.New("invalid dest type")
 
-	switch vform.Type {
-	case object.VerifyTypeEmail:
-		if !util.IsEmailValid(vform.Dest) {
-			c.ResponseError(c.T("check:Email is invalid"))
+	switch destType {
+	case "email":
+		if !util.IsEmailValid(dest) {
+			c.ResponseError(c.T("verification:Email is invalid"))
 			return
 		}
 
-		if vform.Method == LoginVerification || vform.Method == ForgetVerification {
-			if user != nil && util.GetMaskedEmail(user.Email) == vform.Dest {
-				vform.Dest = user.Email
-			}
-
-			user, err = object.GetUserByEmail(organization.Name, vform.Dest)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
+		if method == LoginVerification || method == ForgetVerification {
+			if user != nil && util.GetMaskedEmail(user.Email) == dest {
+				dest = user.Email
 			}
 
+			user = object.GetUserByEmail(organization.Name, dest)
 			if user == nil {
 				c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
 				return
 			}
-		} else if vform.Method == ResetVerification {
+		} else if method == ResetVerification {
 			user = c.getCurrentUser()
-		} else if vform.Method == MfaAuthVerification {
-			mfaProps := user.GetPreferredMfaProps(false)
-			if user != nil && util.GetMaskedEmail(mfaProps.Secret) == vform.Dest {
-				vform.Dest = mfaProps.Secret
-			}
 		}
 
-		provider, err := application.GetEmailProvider()
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, remoteAddr, vform.Dest)
-	case object.VerifyTypePhone:
-		if vform.Method == LoginVerification || vform.Method == ForgetVerification {
-			if user != nil && util.GetMaskedPhone(user.Phone) == vform.Dest {
-				vform.Dest = user.Phone
+		provider := application.GetEmailProvider()
+		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, remoteAddr, dest)
+	case "phone":
+		if method == LoginVerification || method == ForgetVerification {
+			if user != nil && util.GetMaskedPhone(user.Phone) == dest {
+				dest = user.Phone
 			}
 
-			if user, err = object.GetUserByPhone(organization.Name, vform.Dest); err != nil {
-				c.ResponseError(err.Error())
-				return
-			} else if user == nil {
+			if user = object.GetUserByPhone(organization.Name, dest); user == nil {
 				c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
 				return
 			}
 
-			vform.CountryCode = user.GetCountryCode(vform.CountryCode)
-		} else if vform.Method == ResetVerification || vform.Method == MfaSetupVerification {
-			if vform.CountryCode == "" {
-				if user = c.getCurrentUser(); user != nil {
-					vform.CountryCode = user.GetCountryCode(vform.CountryCode)
-				}
+			countryCode = user.GetCountryCode(countryCode)
+		} else if method == ResetVerification {
+			if user = c.getCurrentUser(); user != nil {
+				countryCode = user.GetCountryCode(countryCode)
 			}
-		} else if vform.Method == MfaAuthVerification {
-			mfaProps := user.GetPreferredMfaProps(false)
-			if user != nil && util.GetMaskedPhone(mfaProps.Secret) == vform.Dest {
-				vform.Dest = mfaProps.Secret
-			}
-
-			vform.CountryCode = mfaProps.CountryCode
 		}
 
-		provider, err := application.GetSmsProvider()
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if phone, ok := util.GetE164Number(vform.Dest, vform.CountryCode); !ok {
-			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), vform.CountryCode))
+		provider := application.GetSmsProvider()
+		if phone, ok := util.GetE164Number(dest, countryCode); !ok {
+			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), countryCode))
 			return
 		} else {
 			sendResp = object.SendVerificationCodeToPhone(organization, user, provider, remoteAddr, phone)
 		}
 	}
 
-	if vform.Method == MfaSetupVerification {
-		c.SetSession(object.MfaSmsCountryCodeSession, vform.CountryCode)
-		c.SetSession(object.MfaSmsDestSession, vform.Dest)
-	}
-
 	if sendResp != nil {
 		c.ResponseError(sendResp.Error())
 	} else {
@@ -199,38 +166,6 @@ func (c *ApiController) SendVerificationCode() {
 	}
 }
 
-// VerifyCaptcha ...
-// @Title VerifyCaptcha
-// @Tag Verification API
-// @router /verify-captcha [post]
-func (c *ApiController) VerifyCaptcha() {
-	var vform form.VerificationForm
-	err := c.ParseForm(&vform)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if msg := vform.CheckParameter(form.VerifyCaptcha, c.GetAcceptLanguage()); msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
-	provider := captcha.GetCaptchaProvider(vform.CaptchaType)
-	if provider == nil {
-		c.ResponseError(c.T("verification:Invalid captcha provider."))
-		return
-	}
-
-	isValid, err := provider.VerifyCaptcha(vform.CaptchaToken, vform.ClientSecret)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(isValid)
-}
-
 // ResetEmailOrPhone ...
 // @Tag Account API
 // @Title ResetEmailOrPhone
@@ -251,13 +186,8 @@ func (c *ApiController) ResetEmailOrPhone() {
 	}
 
 	checkDest := dest
-	organization, err := object.GetOrganizationByUser(user)
-	if err != nil {
-		c.ResponseError(c.T(err.Error()))
-		return
-	}
-
-	if destType == object.VerifyTypePhone {
+	organization := object.GetOrganizationByUser(user)
+	if destType == "phone" {
 		if object.HasUserByField(user.Owner, "phone", dest) {
 			c.ResponseError(c.T("check:Phone already exists"))
 			return
@@ -269,7 +199,7 @@ func (c *ApiController) ResetEmailOrPhone() {
 			return
 		}
 
-		if pass, errMsg := object.CheckAccountItemModifyRule(phoneItem, user.IsAdminUser(), c.GetAcceptLanguage()); !pass {
+		if pass, errMsg := object.CheckAccountItemModifyRule(phoneItem, user, c.GetAcceptLanguage()); !pass {
 			c.ResponseError(errMsg)
 			return
 		}
@@ -277,7 +207,7 @@ func (c *ApiController) ResetEmailOrPhone() {
 			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), user.CountryCode))
 			return
 		}
-	} else if destType == object.VerifyTypeEmail {
+	} else if destType == "email" {
 		if object.HasUserByField(user.Owner, "email", dest) {
 			c.ResponseError(c.T("check:Email already exists"))
 			return
@@ -289,103 +219,61 @@ func (c *ApiController) ResetEmailOrPhone() {
 			return
 		}
 
-		if pass, errMsg := object.CheckAccountItemModifyRule(emailItem, user.IsAdminUser(), c.GetAcceptLanguage()); !pass {
+		if pass, errMsg := object.CheckAccountItemModifyRule(emailItem, user, c.GetAcceptLanguage()); !pass {
 			c.ResponseError(errMsg)
 			return
 		}
 	}
-
 	if result := object.CheckVerificationCode(checkDest, code, c.GetAcceptLanguage()); result.Code != object.VerificationSuccess {
 		c.ResponseError(result.Msg)
 		return
 	}
 
 	switch destType {
-	case object.VerifyTypeEmail:
+	case "email":
 		user.Email = dest
-		_, err = object.SetUserField(user, "email", user.Email)
-	case object.VerifyTypePhone:
+		object.SetUserField(user, "email", user.Email)
+	case "phone":
 		user.Phone = dest
-		_, err = object.SetUserField(user, "phone", user.Phone)
+		object.SetUserField(user, "phone", user.Phone)
 	default:
 		c.ResponseError(c.T("verification:Unknown type"))
 		return
 	}
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	err = object.DisableVerificationCode(checkDest)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
 
+	object.DisableVerificationCode(checkDest)
 	c.ResponseOk()
 }
 
-// VerifyCode
+// VerifyCaptcha ...
+// @Title VerifyCaptcha
 // @Tag Verification API
-// @Title VerifyCode
-// @router /api/verify-code [post]
-func (c *ApiController) VerifyCode() {
-	var authForm form.AuthForm
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &authForm)
+// @router /verify-captcha [post]
+func (c *ApiController) VerifyCaptcha() {
+	captchaType := c.Ctx.Request.Form.Get("captchaType")
+
+	captchaToken := c.Ctx.Request.Form.Get("captchaToken")
+	clientSecret := c.Ctx.Request.Form.Get("clientSecret")
+	if captchaToken == "" {
+		c.ResponseError(c.T("general:Missing parameter") + ": captchaToken.")
+		return
+	}
+	if clientSecret == "" {
+		c.ResponseError(c.T("general:Missing parameter") + ": clientSecret.")
+		return
+	}
+
+	provider := captcha.GetCaptchaProvider(captchaType)
+	if provider == nil {
+		c.ResponseError(c.T("verification:Invalid captcha provider."))
+		return
+	}
+
+	isValid, err := provider.VerifyCaptcha(captchaToken, clientSecret)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	var user *object.User
-	if authForm.Name != "" {
-		user, err = object.GetUserByFields(authForm.Organization, authForm.Name)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
-
-	var checkDest string
-	if strings.Contains(authForm.Username, "@") {
-		if user != nil && util.GetMaskedEmail(user.Email) == authForm.Username {
-			authForm.Username = user.Email
-		}
-		checkDest = authForm.Username
-	} else {
-		if user != nil && util.GetMaskedPhone(user.Phone) == authForm.Username {
-			authForm.Username = user.Phone
-		}
-	}
-
-	if user, err = object.GetUserByFields(authForm.Organization, authForm.Username); err != nil {
-		c.ResponseError(err.Error())
-		return
-	} else if user == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(authForm.Organization, authForm.Username)))
-		return
-	}
-
-	verificationCodeType := object.GetVerifyType(authForm.Username)
-	if verificationCodeType == object.VerifyTypePhone {
-		authForm.CountryCode = user.GetCountryCode(authForm.CountryCode)
-		var ok bool
-		if checkDest, ok = util.GetE164Number(authForm.Username, authForm.CountryCode); !ok {
-			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), authForm.CountryCode))
-			return
-		}
-	}
-
-	if result := object.CheckVerificationCode(checkDest, authForm.Code, c.GetAcceptLanguage()); result.Code != object.VerificationSuccess {
-		c.ResponseError(result.Msg)
-		return
-	}
-	err = object.DisableVerificationCode(checkDest)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.SetSession("verifiedCode", authForm.Code)
-
-	c.ResponseOk()
+	c.ResponseOk(isValid)
 }

controllers/webauthn.go

@@ -19,7 +19,6 @@ import (
 	"fmt"
 	"io"
 
-	"github.com/casdoor/casdoor/form"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 	"github.com/go-webauthn/webauthn/protocol"
@@ -33,12 +32,7 @@ import (
 // @Success 200 {object} protocol.CredentialCreation The CredentialCreationOptions object
 // @router /webauthn/signup/begin [get]
 func (c *ApiController) WebAuthnSignupBegin() {
-	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	user := c.getCurrentUser()
 	if user == nil {
 		c.ResponseError(c.T("general:Please login first"))
@@ -69,12 +63,7 @@ func (c *ApiController) WebAuthnSignupBegin() {
 // @Success 200 {object} Response "The Response object"
 // @router /webauthn/signup/finish [post]
 func (c *ApiController) WebAuthnSignupFinish() {
-	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	user := c.getCurrentUser()
 	if user == nil {
 		c.ResponseError(c.T("general:Please login first"))
@@ -94,12 +83,7 @@ func (c *ApiController) WebAuthnSignupFinish() {
 		return
 	}
 	isGlobalAdmin := c.IsGlobalAdmin()
-	_, err = user.AddCredentials(*credential, isGlobalAdmin)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	user.AddCredentials(*credential, isGlobalAdmin)
 	c.ResponseOk()
 }
 
@@ -112,20 +96,10 @@ func (c *ApiController) WebAuthnSignupFinish() {
 // @Success 200 {object} protocol.CredentialAssertion The CredentialAssertion object
 // @router /webauthn/signin/begin [get]
 func (c *ApiController) WebAuthnSigninBegin() {
-	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	userOwner := c.Input().Get("owner")
 	userName := c.Input().Get("name")
-	user, err := object.GetUserByFields(userOwner, userName)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	user := object.GetUserByFields(userOwner, userName)
 	if user == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(userOwner, userName)))
 		return
@@ -154,12 +128,7 @@ func (c *ApiController) WebAuthnSigninBegin() {
 // @router /webauthn/signin/finish [post]
 func (c *ApiController) WebAuthnSigninFinish() {
 	responseType := c.Input().Get("responseType")
-	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	sessionObj := c.GetSession("authentication")
 	sessionData, ok := sessionObj.(webauthn.SessionData)
 	if !ok {
@@ -168,13 +137,8 @@ func (c *ApiController) WebAuthnSigninFinish() {
 	}
 	c.Ctx.Request.Body = io.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))
 	userId := string(sessionData.UserID)
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	_, err = webauthnObj.FinishLogin(user, sessionData, c.Ctx.Request)
+	user := object.GetUser(userId)
+	_, err := webauthnObj.FinishLogin(user, sessionData, c.Ctx.Request)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -182,15 +146,10 @@ func (c *ApiController) WebAuthnSigninFinish() {
 	c.SetSessionUsername(userId)
 	util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
 
-	application, err := object.GetApplicationByUser(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	var authForm form.AuthForm
-	authForm.Type = responseType
-	resp := c.HandleLoggedIn(application, user, &authForm)
+	application := object.GetApplicationByUser(user)
+	var form RequestForm
+	form.Type = responseType
+	resp := c.HandleLoggedIn(application, user, &form)
 	c.Data["json"] = resp
 	c.ServeJSON()
 }

controllers/webhook.go

@@ -37,32 +37,13 @@ func (c *ApiController) GetWebhooks() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-	organization := c.Input().Get("organization")
-
 	if limit == "" || page == "" {
-		webhooks, err := object.GetWebhooks(owner, organization)
-		if err != nil {
-			panic(err)
-		}
-
-		c.Data["json"] = webhooks
+		c.Data["json"] = object.GetWebhooks(owner)
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetWebhookCount(owner, organization, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-
-		webhooks, err := object.GetPaginationWebhooks(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetWebhookCount(owner, field, value)))
+		webhooks := object.GetPaginationWebhooks(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(webhooks, paginator.Nums())
 	}
 }
@@ -77,12 +58,7 @@ func (c *ApiController) GetWebhooks() {
 func (c *ApiController) GetWebhook() {
 	id := c.Input().Get("id")
 
-	webhook, err := object.GetWebhook(id)
-	if err != nil {
-		panic(err)
-	}
-
-	c.Data["json"] = webhook
+	c.Data["json"] = object.GetWebhook(id)
 	c.ServeJSON()
 }
 

deployment/deploy.go

@@ -17,7 +17,6 @@ package deployment
 import (
 	"fmt"
 	"os"
-	"path/filepath"
 	"strings"
 
 	"github.com/casdoor/casdoor/object"
@@ -46,7 +45,7 @@ func uploadFolder(storageProvider oss.StorageInterface, folder string) {
 			continue
 		}
 
-		file, err := os.Open(filepath.Clean(path + filename))
+		file, err := os.Open(path + filename)
 		if err != nil {
 			panic(err)
 		}

form/auth.go

@@ -1,60 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package form
-
-type AuthForm struct {
-	Type string `json:"type"`
-
-	Organization string `json:"organization"`
-	Username     string `json:"username"`
-	Password     string `json:"password"`
-	Name         string `json:"name"`
-	FirstName    string `json:"firstName"`
-	LastName     string `json:"lastName"`
-	Email        string `json:"email"`
-	Phone        string `json:"phone"`
-	Affiliation  string `json:"affiliation"`
-	IdCard       string `json:"idCard"`
-	Region       string `json:"region"`
-
-	Application string `json:"application"`
-	ClientId    string `json:"clientId"`
-	Provider    string `json:"provider"`
-	Code        string `json:"code"`
-	State       string `json:"state"`
-	RedirectUri string `json:"redirectUri"`
-	Method      string `json:"method"`
-
-	EmailCode   string `json:"emailCode"`
-	PhoneCode   string `json:"phoneCode"`
-	CountryCode string `json:"countryCode"`
-
-	AutoSignin bool `json:"autoSignin"`
-
-	RelayState   string `json:"relayState"`
-	SamlRequest  string `json:"samlRequest"`
-	SamlResponse string `json:"samlResponse"`
-
-	CaptchaType  string `json:"captchaType"`
-	CaptchaToken string `json:"captchaToken"`
-	ClientSecret string `json:"clientSecret"`
-
-	MfaType      string `json:"mfaType"`
-	Passcode     string `json:"passcode"`
-	RecoveryCode string `json:"recoveryCode"`
-
-	Plan    string `json:"plan"`
-	Pricing string `json:"pricing"`
-}

form/verification.go

@@ -1,67 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package form
-
-import (
-	"strings"
-
-	"github.com/casdoor/casdoor/i18n"
-)
-
-type VerificationForm struct {
-	Dest          string `form:"dest"`
-	Type          string `form:"type"`
-	CountryCode   string `form:"countryCode"`
-	ApplicationId string `form:"applicationId"`
-	Method        string `form:"method"`
-	CheckUser     string `form:"checkUser"`
-
-	CaptchaType  string `form:"captchaType"`
-	ClientSecret string `form:"clientSecret"`
-	CaptchaToken string `form:"captchaToken"`
-}
-
-const (
-	SendVerifyCode = 0
-	VerifyCaptcha  = 1
-)
-
-func (form *VerificationForm) CheckParameter(checkType int, lang string) string {
-	if checkType == SendVerifyCode {
-		if form.Type == "" {
-			return i18n.Translate(lang, "general:Missing parameter") + ": type."
-		}
-		if form.Dest == "" {
-			return i18n.Translate(lang, "general:Missing parameter") + ": dest."
-		}
-		if form.CaptchaType == "" {
-			return i18n.Translate(lang, "general:Missing parameter") + ": checkType."
-		}
-		if !strings.Contains(form.ApplicationId, "/") {
-			return i18n.Translate(lang, "verification:Wrong parameter") + ": applicationId."
-		}
-	}
-
-	if form.CaptchaType != "none" {
-		if form.CaptchaToken == "" {
-			return i18n.Translate(lang, "general:Missing parameter") + ": captchaToken."
-		}
-		if form.ClientSecret == "" {
-			return i18n.Translate(lang, "general:Missing parameter") + ": clientSecret."
-		}
-	}
-
-	return ""
-}

go.mod

@@ -8,9 +8,8 @@ require (
 	github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387
 	github.com/aliyun/alibaba-cloud-sdk-go v1.62.188 // indirect
 	github.com/aws/aws-sdk-go v1.44.4
-	github.com/beego/beego v1.12.12
+	github.com/beego/beego v1.12.11
 	github.com/beevik/etree v1.1.0
-	github.com/casbin/casbin v1.9.1 // indirect
 	github.com/casbin/casbin/v2 v2.30.1
 	github.com/casdoor/go-sms-sender v0.6.1
 	github.com/casdoor/gomail/v2 v2.0.1
@@ -18,57 +17,43 @@ require (
 	github.com/casdoor/xorm-adapter/v3 v3.0.4
 	github.com/dchest/captcha v0.0.0-20200903113550-03f5f0333e1f
 	github.com/denisenkom/go-mssqldb v0.9.0
-	github.com/dlclark/regexp2 v1.9.0 // indirect
-	github.com/elazarl/go-bindata-assetfs v1.0.1 // indirect
-	github.com/fogleman/gg v1.3.0
 	github.com/forestmgy/ldapserver v1.1.0
 	github.com/go-git/go-git/v5 v5.6.0
 	github.com/go-ldap/ldap/v3 v3.3.0
 	github.com/go-mysql-org/go-mysql v1.7.0
 	github.com/go-pay/gopay v1.5.72
 	github.com/go-sql-driver/mysql v1.6.0
-	github.com/go-webauthn/webauthn v0.6.0
+	github.com/go-webauthn/webauthn v0.8.2
 	github.com/golang-jwt/jwt/v4 v4.5.0
-	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
-	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/uuid v1.3.0
-	github.com/gorilla/mux v1.7.3 // indirect
 	github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
 	github.com/lestrrat-go/jwx v1.2.21
-	github.com/lib/pq v1.10.2
+	github.com/lib/pq v1.8.0
 	github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3
 	github.com/markbates/goth v1.75.2
 	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d // indirect
 	github.com/nyaruka/phonenumbers v1.1.5
-	github.com/pkoukk/tiktoken-go v0.1.1
-	github.com/plutov/paypal/v4 v4.7.0
-	github.com/prometheus/client_golang v1.11.1
-	github.com/prometheus/client_model v0.2.0
 	github.com/qiangmzsx/string-adapter/v2 v2.1.0
 	github.com/robfig/cron/v3 v3.0.1
-	github.com/russellhaering/gosaml2 v0.9.0
-	github.com/russellhaering/goxmldsig v1.2.0
-	github.com/sashabaranov/go-openai v1.9.1
+	github.com/russellhaering/gosaml2 v0.6.0
+	github.com/russellhaering/goxmldsig v1.1.1
 	github.com/satori/go.uuid v1.2.0
-	github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 // indirect
 	github.com/shirou/gopsutil v3.21.11+incompatible
 	github.com/siddontang/go-log v0.0.0-20190221022429-1e957dd83bed
 	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
-	github.com/stretchr/testify v1.8.2
+	github.com/stretchr/testify v1.8.1
 	github.com/tealeg/xlsx v1.0.5
 	github.com/thanhpk/randstr v1.0.4
 	github.com/tklauser/go-sysconf v0.3.10 // indirect
-	github.com/xorm-io/builder v0.3.13 // indirect
 	github.com/xorm-io/core v0.7.4
 	github.com/xorm-io/xorm v1.1.6
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
 	golang.org/x/crypto v0.6.0
-	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
-	golang.org/x/net v0.7.0
+	golang.org/x/net v0.6.0
 	golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0
-	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v2 v2.3.0 // indirect
 	modernc.org/sqlite v1.10.1-0.20210314190707-798bbeb9bb84
 )

go.sum

@@ -73,7 +73,6 @@ github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuy
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387 h1:loy0fjI90vF44BPW4ZYOkE3tDkGTy7yHURusOJimt+I=
 github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387/go.mod h1:GuR5j/NW7AU7tDAQUDGCtpiPxWIOy/c3kiRDnlwiCHc=
 github.com/alicebob/gopher-json v0.0.0-20180125190556-5a6b3ba71ee6/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc=
@@ -93,8 +92,8 @@ github.com/aws/aws-sdk-go v1.44.4 h1:ePN0CVJMdiz2vYUcJH96eyxRrtKGSDMgyhP6rah2OgE
 github.com/aws/aws-sdk-go v1.44.4/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f h1:ZNv7On9kyUzm7fvRZumSyy/IUiSC7AzL0I1jKKtwooA=
 github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc=
-github.com/beego/beego v1.12.12 h1:ARY1sNVSS23N0mEQIhSqRDTyyDlx95JY0V3GogBbZbQ=
-github.com/beego/beego v1.12.12/go.mod h1:QURFL1HldOcCZAxnc1cZ7wrplsYR5dKPHFjmk6WkLAs=
+github.com/beego/beego v1.12.11 h1:MWKcnpavb7iAIS0m6uuEq6pHKkYvGNw/5umIUKqL7jM=
+github.com/beego/beego v1.12.11/go.mod h1:QURFL1HldOcCZAxnc1cZ7wrplsYR5dKPHFjmk6WkLAs=
 github.com/beego/goyaml2 v0.0.0-20130207012346-5545475820dd/go.mod h1:1b+Y/CofkYwXMUU0OhQqGvsY2Bvgr4j6jfT699wyZKQ=
 github.com/beego/x2j v0.0.0-20131220205130-a0352aadc542/go.mod h1:kSeGC/p1AbBiEp5kat81+DSQrZenVBZXklMLaELspWU=
 github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs=
@@ -107,9 +106,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
 github.com/bradfitz/gomemcache v0.0.0-20180710155616-bc664df96737/go.mod h1:PmM6Mmwb0LSuEubjR8N7PtNe1KxZLtOUHtbeikc5h60=
 github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/casbin/casbin v1.7.0 h1:PuzlE8w0JBg/DhIqnkF1Dewf3z+qmUZMVN07PonvVUQ=
 github.com/casbin/casbin v1.7.0/go.mod h1:c67qKN6Oum3UF5Q1+BByfFxkwKvhwW57ITjqwtzR1KE=
-github.com/casbin/casbin v1.9.1 h1:ucjbS5zTrmSLtH4XogqOG920Poe6QatdXtz1FEbApeM=
-github.com/casbin/casbin v1.9.1/go.mod h1:z8uPsfBJGUsnkagrt3G8QvjgTKFMBJ32UP8HpZllfog=
 github.com/casbin/casbin/v2 v2.1.0/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ=
 github.com/casbin/casbin/v2 v2.28.3/go.mod h1:vByNa/Fchek0KZUgG5wEsl7iFsiviAYKRtgrQfcJqHg=
 github.com/casbin/casbin/v2 v2.30.1 h1:P5HWadDL7olwUXNdcuKUBk+x75Y2eitFxYTcLNKeKF0=
@@ -163,24 +161,18 @@ github.com/denisenkom/go-mssqldb v0.9.0 h1:RSohk2RsiZqLZ0zCjtfn3S4Gp4exhpBWHyQ7D
 github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
 github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
-github.com/dlclark/regexp2 v1.8.1/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
-github.com/dlclark/regexp2 v1.9.0 h1:pTK/l/3qYIKaRXuHnEnIf7Y5NxfRPfpb7dis6/gdlVI=
-github.com/dlclark/regexp2 v1.9.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8=
 github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/edsrzf/mmap-go v0.0.0-20170320065105-0bce6a688712/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
 github.com/elastic/go-elasticsearch/v6 v6.8.5/go.mod h1:UwaDJsD3rWLM5rKNFzv9hgox93HoX8utj1kxD9aFUcI=
+github.com/elazarl/go-bindata-assetfs v1.0.0 h1:G/bYguwHIzWq9ZoyUQqrjTmJbbYn3j3CKKpKinvZLFk=
 github.com/elazarl/go-bindata-assetfs v1.0.0/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo7R71Vk1u8bnjau5yw4=
-github.com/elazarl/go-bindata-assetfs v1.0.1 h1:m0kkaHRKEu7tUIUFVwhGGGYClXvyl4RE03qmvRTNfbw=
-github.com/elazarl/go-bindata-assetfs v1.0.1/go.mod h1:v+YaWX3bdea5J/mo8dSETolEo7R71Vk1u8bnjau5yw4=
 github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc=
 github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/fogleman/gg v1.3.0 h1:/7zJX8F6AaYQc57WQCyN9cAIz+4bCJGO9B+dyW29am8=
-github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
 github.com/forestmgy/ldapserver v1.1.0 h1:gvil4nuLhqPEL8SugCkFhRyA0/lIvRdwZSqlrw63ll4=
 github.com/forestmgy/ldapserver v1.1.0/go.mod h1:1RZ8lox1QSY7rmbjdmy+sYQXY4Lp7SpGzpdE3+j3IyM=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible h1:TcekIExNqud5crz4xD2pavyTgWiPvpYe4Xau31I0PRk=
@@ -208,12 +200,10 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
 github.com/go-ldap/ldap/v3 v3.3.0 h1:lwx+SJpgOHd8tG6SumBQZXCmNX51zM8B1cfxJ5gv4tQ=
 github.com/go-ldap/ldap/v3 v3.3.0/go.mod h1:iYS1MdmrmceOJ1QOTnRXrIs7i3kloqtmGQjRvjKpyMg=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
-github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
 github.com/go-mysql-org/go-mysql v1.7.0 h1:qE5FTRb3ZeTQmlk3pjE+/m2ravGxxRDrVDTyDe9tvqI=
 github.com/go-mysql-org/go-mysql v1.7.0/go.mod h1:9cRWLtuXNKhamUPMkrDVzBhaomGvqLRLtBiyjvjc4pk=
 github.com/go-ole/go-ole v1.2.6 h1:/Fpf6oFPoeFik9ty7siob0G6Ke8QvQEuVcuChpwXzpY=
@@ -232,10 +222,10 @@ github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LB
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-webauthn/revoke v0.1.6 h1:3tv+itza9WpX5tryRQx4GwxCCBrCIiJ8GIkOhxiAmmU=
-github.com/go-webauthn/revoke v0.1.6/go.mod h1:TB4wuW4tPlwgF3znujA96F70/YSQXHPPWl7vgY09Iy8=
-github.com/go-webauthn/webauthn v0.6.0 h1:uLInMApSvBfP+vEFasNE0rnVPG++fjp7lmAIvNhe+UU=
-github.com/go-webauthn/webauthn v0.6.0/go.mod h1:7edMRZXwuM6JIVjN68G24Bzt+bPCvTmjiL0j+cAmXtY=
+github.com/go-webauthn/revoke v0.1.9 h1:gSJ1ckA9VaKA2GN4Ukp+kiGTk1/EXtaDb1YE8RknbS0=
+github.com/go-webauthn/revoke v0.1.9/go.mod h1:j6WKPnv0HovtEs++paan9g3ar46gm1NarktkXBaPR+w=
+github.com/go-webauthn/webauthn v0.8.2 h1:8KLIbpldjz9KVGHfqEgJNbkhd7bbRXhNw4QWFJE15oA=
+github.com/go-webauthn/webauthn v0.8.2/go.mod h1:d+ezx/jMCNDiqSMzOchuynKb9CVU1NM9BumOnokfcVQ=
 github.com/goccy/go-json v0.9.6 h1:5/4CtRQdtsX0sal8fdVhTaiMN01Ri8BExZZ8iRmHQ6E=
 github.com/goccy/go-json v0.9.6/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
@@ -244,13 +234,10 @@ github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptG
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg=
-github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg=
 github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
-github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 h1:DACJavvAHhabrF08vX0COfcOBJRhZ8lUbR+ZWIs0Y5g=
-github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -278,10 +265,8 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W
 github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
 github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
 github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/golang/protobuf v1.4.3 h1:JjCZWpVbqXDqFVmTfYWEVTMIYrL/NPdPSCHPJ0T/raM=
 github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
 github.com/golang/snappy v0.0.0-20170215233205-553a64147049/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
@@ -299,8 +284,6 @@ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
 github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
 github.com/google/go-tpm v0.1.2-0.20190725015402-ae6dd98980d4/go.mod h1:H9HbmUG2YgV/PHITkO7p6wxEEj/v5nlsVWIwumwH2NI=
@@ -330,9 +313,8 @@ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5m
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
 github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
+github.com/gorilla/mux v1.6.2 h1:Pgr17XVTNXAk3q/r4CpKzC5xBM/qW1uVLV+IhRZpIIk=
 github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.7.3 h1:gnP5JzjVOuiZD07fKKToCAOjS0yOpj/qPETTXCCS6hw=
-github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
 github.com/gorilla/pat v0.0.0-20180118222023-199c85a7f6d1 h1:LqbZZ9sNMWVjeXS4NN5oVvhMjDyLhmA1LG86oSo+IqY=
 github.com/gorilla/pat v0.0.0-20180118222023-199c85a7f6d1/go.mod h1:YeAe0gNeiNT5hoiZRI4yiOky6jVdNvfO2N6Kav/HmxY=
 github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
@@ -366,9 +348,9 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGw
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jmoiron/sqlx v1.3.3/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
+github.com/jonboulle/clockwork v0.2.0/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
 github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ=
 github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8=
-github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
 github.com/json-iterator/go v1.1.5/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
 github.com/json-iterator/go v1.1.10/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
@@ -378,7 +360,6 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
 github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 h1:iQTw/8FWTuc7uiaSepXwyf3o52HaUYcV+Tu66S3F5GA=
 github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0/go.mod h1:1NbS8ALrpOvjt0rHPNLyCIeMtbizbir8U//inJ+zuB8=
 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
@@ -388,7 +369,6 @@ github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
@@ -420,9 +400,8 @@ github.com/lestrrat-go/option v1.0.0/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmt
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.7.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.8.0 h1:9xohqzkUwzR4Ga4ivdTcawVS89YSDVxXMa3xJX3cGzg=
 github.com/lib/pq v1.8.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/lib/pq v1.10.2 h1:AqzbZs4ZoCBp+GtejcpCpcxM3zlSMx29dXbUSeVtJb8=
-github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3 h1:wIONC+HMNRqmWBjuMxhatuSzHaljStc4gjDeKycxy0A=
 github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3/go.mod h1:37YR9jabpiIxsb8X9VCIx8qFOjTDIIrIHHODa8C4gz0=
 github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ=
@@ -432,8 +411,8 @@ github.com/markbates/goth v1.75.2 h1:C7KloBMMk50JyXaHhzfqWYLW6+bDcSVIvUGHXneLWro
 github.com/markbates/goth v1.75.2/go.mod h1:X6xdNgpapSENS0O35iTBBcMHoJDQDfI9bJl+APCkYMc=
 github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A=
 github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA=
-github.com/mattermost/xml-roundtrip-validator v0.1.0 h1:RXbVD2UAl7A7nOTR4u7E3ILa4IbtvKBHw64LDsmu9hU=
-github.com/mattermost/xml-roundtrip-validator v0.1.0/go.mod h1:qccnGMcpgwcNaBnxqpJpWWUiPNr5H3O8eDgGV9gT5To=
+github.com/mattermost/xml-roundtrip-validator v0.0.0-20201208211235-fe770d50d911 h1:erppMjjp69Rertg1zlgRbLJH1u+eCmRPxKjMZ5I8/Ro=
+github.com/mattermost/xml-roundtrip-validator v0.0.0-20201208211235-fe770d50d911/go.mod h1:qccnGMcpgwcNaBnxqpJpWWUiPNr5H3O8eDgGV9gT5To=
 github.com/mattn/go-ieproxy v0.0.1 h1:qiyop7gCflfhwCzGyeT0gro3sF9AIg9HU98JORTkqfI=
 github.com/mattn/go-ieproxy v0.0.1/go.mod h1:pYabZ6IHcRpFh7vIaLfK7rdcWgFEb3SFJ6/gNWuh88E=
 github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY=
@@ -458,7 +437,6 @@ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3Rllmb
 github.com/mrjones/oauth v0.0.0-20180629183705-f4e24b6d100c h1:3wkDRdxK92dF+c1ke2dtj7ZzemFWBHB9plnJOtlwdFA=
 github.com/mrjones/oauth v0.0.0-20180629183705-f4e24b6d100c/go.mod h1:skjdDftzkFALcuGzYSklqYd8gvat6F1gZJ4YPVbkZpM=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d h1:VhgPp6v9qf9Agr/56bj7Y/xa04UccTW04VP0Qed4vnQ=
 github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d/go.mod h1:YUTz3bUH2ZwIWBy3CJBeOBEugqcmXREj14T+iG/4k4U=
@@ -493,19 +471,13 @@ github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkoukk/tiktoken-go v0.1.1 h1:jtkYlIECjyM9OW1w4rjPmTohK4arORP9V25y6TM6nXo=
-github.com/pkoukk/tiktoken-go v0.1.1/go.mod h1:boMWvk9pQCOTx11pgu0DrIdrAKgQzzJKUP6vLXaz7Rw=
-github.com/plutov/paypal/v4 v4.7.0 h1:6TRvYD4ny6yQfHaABeStNf43GFM1wpW5jU/XEDGQmq0=
-github.com/plutov/paypal/v4 v4.7.0/go.mod h1:D56boafCRGcF/fEM0w282kj0fCDKIyrwOPX/Te1jCmw=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
 github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
 github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
+github.com/prometheus/client_golang v1.7.0 h1:wCi7urQOGBsYcQROHqpUUX4ct84xp40t9R9JX0FuA/U=
 github.com/prometheus/client_golang v1.7.0/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
-github.com/prometheus/client_golang v1.11.1 h1:+4eQaD7vAZ6DsfsxB15hbE0odUjGI5ARs9yskGu1v4s=
-github.com/prometheus/client_golang v1.11.1/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
 github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
 github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
@@ -514,15 +486,13 @@ github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6T
 github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
 github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
 github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/common v0.10.0 h1:RyRA7RzGXQZiW+tGMr7sxa85G1z0yOpM1qq5c8lNawc=
 github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo=
-github.com/prometheus/common v0.26.0 h1:iMAkS2TDoNWnKM+Kopnx/8tnEStIfpYA0ur0xQzzhMQ=
-github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc=
 github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
 github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
 github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/procfs v0.1.3 h1:F0+tqvhOksq22sc6iCHF5WGlWjdwj92p0udFh1VFBS8=
 github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU=
-github.com/prometheus/procfs v0.6.0 h1:mxy4L2jP6qMonqmq+aTtOx1ifVWUgG/TAmntgbh3xv4=
-github.com/prometheus/procfs v0.6.0/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1xBZuNvfVA=
 github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
 github.com/qiangmzsx/string-adapter/v2 v2.1.0 h1:q0y8TPa/sTwtriJPRe8gWL++PuZ+XbOUuvKU+hvtTYs=
 github.com/qiangmzsx/string-adapter/v2 v2.1.0/go.mod h1:PElPB7b7HnGKTsuADAffFpOQXHqjEGJz1+U1a6yR5wA=
@@ -538,21 +508,19 @@ github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
 github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
-github.com/russellhaering/gosaml2 v0.9.0 h1:CNMnH42z/GirrKjdmNrSS6bAAs47F9bPdl4PfRmVOIk=
-github.com/russellhaering/gosaml2 v0.9.0/go.mod h1:byViER/1YPUa0Puj9ROZblpoq2jsE7h/CJmitzX0geU=
-github.com/russellhaering/goxmldsig v1.2.0 h1:Y6GTTc9Un5hCxSzVz4UIWQ/zuVwDvzJk80guqzwx6Vg=
-github.com/russellhaering/goxmldsig v1.2.0/go.mod h1:gM4MDENBQf7M+V824SGfyIUVFWydB7n0KkEubVJl+Tw=
+github.com/russellhaering/gosaml2 v0.6.0 h1:OED8FLgczXxXAPlKhnJHQfmEig52tDX2qeXdPtZRIKc=
+github.com/russellhaering/gosaml2 v0.6.0/go.mod h1:CtzxpPr4+bevsATaqR0rw3aqrNlX274b+3C6vFTLCk8=
+github.com/russellhaering/goxmldsig v1.1.0/go.mod h1:QK8GhXPB3+AfuCrfo0oRISa9NfzeCpWmxeGnqEpDF9o=
+github.com/russellhaering/goxmldsig v1.1.1 h1:vI0r2osGF1A9PLvsGdPUAGwEIrKa4Pj5sesSBsebIxM=
+github.com/russellhaering/goxmldsig v1.1.1/go.mod h1:gM4MDENBQf7M+V824SGfyIUVFWydB7n0KkEubVJl+Tw=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/sashabaranov/go-openai v1.9.1 h1:3N52HkJKo9Zlo/oe1AVv5ZkCOny0ra58/ACvAxkN3MM=
-github.com/sashabaranov/go-openai v1.9.1/go.mod h1:lj5b/K+zjTSFxVLijLSTDZuP7adOgerWeFyZLUhAKRg=
 github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
 github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
+github.com/shiena/ansicolor v0.0.0-20151119151921-a422bbe96644 h1:X+yvsM2yrEktyI+b2qND5gpH8YhURn0k8OCaeRnkINo=
 github.com/shiena/ansicolor v0.0.0-20151119151921-a422bbe96644/go.mod h1:nkxAfR/5quYxwPZhyDxgasBMnRtBZd0FCEpawpjMUFg=
-github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 h1:DAYUYH5869yV94zvCES9F51oYtN5oGlwjxJJz7ZCnik=
-github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18/go.mod h1:nkxAfR/5quYxwPZhyDxgasBMnRtBZd0FCEpawpjMUFg=
 github.com/shirou/gopsutil v3.21.11+incompatible h1:+1+c1VGhc88SSonWP6foOcLhvnKlUeu/erjjvaPEYiI=
 github.com/shirou/gopsutil v3.21.11+incompatible/go.mod h1:5b4v6he4MtMOwMlS0TUMTu2PcXUg8+E1lC7eC3UO/RA=
 github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24 h1:pntxY8Ary0t43dCZ5dqY4YTJCObLY1kIXl0uzMv+7DE=
@@ -568,7 +536,6 @@ github.com/siddontang/goredis v0.0.0-20150324035039-760763f78400/go.mod h1:DDcKz
 github.com/siddontang/rdb v0.0.0-20150307021120-fc89ed2e418d/go.mod h1:AMEsy7v5z92TR1JKMkLLoaOQk++LVnOKL3ScbJ8GNGA=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88=
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/skeema/knownhosts v1.1.0 h1:Wvr9V0MxhjRbl3f9nMnKnFfiWTJmtECJ9Njkea3ysW0=
 github.com/skeema/knownhosts v1.1.0/go.mod h1:sKFq3RD6/TKZkSWn8boUbDC7Qkgcv+8XXijpFO6roag=
@@ -595,14 +562,12 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
-github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/syndtr/goleveldb v0.0.0-20160425020131-cfa635847112/go.mod h1:Z4AUp2Km+PwemOoO/VB5AOx9XSsIItzFjoJlOSiYmn0=
 github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE=
 github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
@@ -693,10 +658,8 @@ golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20221012134737-56aed061732a/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw=
 golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
-golang.org/x/crypto v0.4.0/go.mod h1:3quD/ATkf6oY+rnes5c3ExXTbLc8mueNue5/DoinL80=
 golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc=
 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
 golang.org/x/exp v0.0.0-20181106170214-d68db9428509/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -711,7 +674,6 @@ golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b h1:+qEpEAPhDZ1o0x3tHzZTQDArnOixOzGD9HUJfcg0mb4=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -722,9 +684,8 @@ golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHl
 golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
 golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b h1:Wh+f8QHJXR411sJR8/vRBTZ7YapZaRvUcLFFJhusH0k=
 golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 h1:VLliZ0d+/avPrXXH+OakdXhpJuEoBZuwh1m2j7U6Iug=
-golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
@@ -780,10 +741,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
 golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
-golang.org/x/net v0.3.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE=
+golang.org/x/net v0.6.0 h1:L4ZwwTvKW9gr0ZMS1yrHD9GZhIuVjOBBnaKH+SPQK0Q=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g=
-golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -841,7 +800,6 @@ golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200615200032-f1bc736245b1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -852,7 +810,6 @@ golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210603081109-ebe580a85c40/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210629170331-7dc0b73dc9fb/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
@@ -876,7 +833,6 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX
 golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
-golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA=
 golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -887,7 +843,6 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo=
 golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1031,10 +986,8 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2
 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
 google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
+google.golang.org/protobuf v1.25.0 h1:Ejskq+SyPohKW+1uil0JJMtmHCgJPJ/qWTxr8qp+R4c=
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0 h1:bxAC2xTBsZGibn2RTntX0oH50xLsqy1OxA9tTL3p/lk=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk=
 gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=
@@ -1067,9 +1020,8 @@ gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.5/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
-gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gopkg.in/yaml.v3 v3.0.0/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

i18n/generate.go

@@ -99,7 +99,7 @@ func getAllFilePathsInFolder(folder string, fileSuffix string) []string {
 	return res
 }
 
-func parseAllWords(category string) *I18nData {
+func parseEnData(category string) *I18nData {
 	var paths []string
 	if category == "backend" {
 		paths = getAllFilePathsInFolder("../", ".go")
@@ -136,11 +136,3 @@ func parseAllWords(category string) *I18nData {
 
 	return &data
 }
-
-func applyToOtherLanguage(category string, language string, newData *I18nData) {
-	oldData := readI18nFile(category, language)
-	println(oldData)
-
-	applyData(newData, oldData)
-	writeI18nFile(category, language, newData)
-}

i18n/generate_test.go

@@ -17,36 +17,42 @@
 
 package i18n
 
-import "testing"
+import (
+	"testing"
+)
+
+func applyToOtherLanguage(category string, language string, i18nData *I18nData) {
+	newData := readI18nFile(category, language)
+	println(newData)
+
+	applyData(i18nData, newData)
+	writeI18nFile(category, language, i18nData)
+}
 
 func TestGenerateI18nFrontend(t *testing.T) {
-	data := parseAllWords("frontend")
+	enData := parseEnData("frontend")
+	writeI18nFile("frontend", "en", enData)
 
-	applyToOtherLanguage("frontend", "en", data)
-	applyToOtherLanguage("frontend", "zh", data)
-	applyToOtherLanguage("frontend", "es", data)
-	applyToOtherLanguage("frontend", "fr", data)
-	applyToOtherLanguage("frontend", "de", data)
-	applyToOtherLanguage("frontend", "id", data)
-	applyToOtherLanguage("frontend", "ja", data)
-	applyToOtherLanguage("frontend", "ko", data)
-	applyToOtherLanguage("frontend", "ru", data)
-	applyToOtherLanguage("frontend", "vi", data)
-	applyToOtherLanguage("frontend", "pt", data)
+	applyToOtherLanguage("frontend", "zh", enData)
+	applyToOtherLanguage("frontend", "es", enData)
+	applyToOtherLanguage("frontend", "fr", enData)
+	applyToOtherLanguage("frontend", "de", enData)
+	applyToOtherLanguage("frontend", "ja", enData)
+	applyToOtherLanguage("frontend", "ko", enData)
+	applyToOtherLanguage("frontend", "ru", enData)
+	applyToOtherLanguage("frontend", "vi", enData)
 }
 
 func TestGenerateI18nBackend(t *testing.T) {
-	data := parseAllWords("backend")
+	enData := parseEnData("backend")
+	writeI18nFile("backend", "en", enData)
 
-	applyToOtherLanguage("backend", "en", data)
-	applyToOtherLanguage("backend", "zh", data)
-	applyToOtherLanguage("backend", "es", data)
-	applyToOtherLanguage("backend", "fr", data)
-	applyToOtherLanguage("backend", "de", data)
-	applyToOtherLanguage("backend", "id", data)
-	applyToOtherLanguage("backend", "ja", data)
-	applyToOtherLanguage("backend", "ko", data)
-	applyToOtherLanguage("backend", "ru", data)
-	applyToOtherLanguage("backend", "vi", data)
-	applyToOtherLanguage("backend", "pt", data)
+	applyToOtherLanguage("backend", "zh", enData)
+	applyToOtherLanguage("backend", "es", enData)
+	applyToOtherLanguage("backend", "fr", enData)
+	applyToOtherLanguage("backend", "de", enData)
+	applyToOtherLanguage("backend", "ja", enData)
+	applyToOtherLanguage("backend", "ko", enData)
+	applyToOtherLanguage("backend", "ru", enData)
+	applyToOtherLanguage("backend", "vi", enData)
 }

i18n/locales/de/data.json

@@ -1,149 +1,146 @@
 {
   "account": {
-    "Failed to add user": "Konnte den Benutzer nicht hinzufügen",
-    "Get init score failed, error: %w": "Init-Score konnte nicht abgerufen werden, Fehler: %w",
-    "Please sign out first": "Bitte melden Sie sich zuerst ab",
-    "The application does not allow to sign up new account": "Die Anwendung erlaubt es nicht, sich für ein neues Konto anzumelden"
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid information": "Invalid information",
+    "Please sign out first before signing in": "Please sign out first before signing in",
+    "Please sign out first before signing up": "Please sign out first before signing up",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
   },
   "auth": {
-    "Challenge method should be S256": "Die Challenge-Methode sollte S256 sein",
-    "Failed to create user, user information is invalid: %s": "Es konnte kein Benutzer erstellt werden, da die Benutzerinformationen ungültig sind: %s",
-    "Failed to login in: %s": "Konnte nicht anmelden: %s",
-    "Invalid token": "Ungültiges Token",
-    "State expected: %s, but got: %s": "Erwarteter Zustand: %s, aber erhalten: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Das Konto für den Anbieter: %s und Benutzernamen: %s (%s) existiert nicht und darf nicht über %%s als neues Konto erstellt werden. Bitte nutzen Sie einen anderen Weg, um sich anzumelden",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Das Konto für den Anbieter %s und Benutzernamen %s (%s) existiert nicht und es ist nicht erlaubt, ein neues Konto anzumelden. Bitte wenden Sie sich an Ihren IT-Support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Das Konto für den Anbieter %s und Benutzernamen %s (%s) ist bereits mit einem anderen Konto verknüpft: %s (%s)",
-    "The application: %s does not exist": "Die Anwendung: %s existiert nicht",
-    "The login method: login with password is not enabled for the application": "Die Anmeldeart \"Anmeldung mit Passwort\" ist für die Anwendung nicht aktiviert",
-    "The provider: %s is not enabled for the application": "Der Anbieter: %s ist nicht für die Anwendung aktiviert",
-    "Unauthorized operation": "Nicht autorisierte Operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unbekannter Authentifizierungstyp (nicht Passwort oder Anbieter), Formular = %s"
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider type: %s is not supported": "The provider type: %s is not supported",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "Turing test failed.": "Turing test failed.",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
   },
   "cas": {
-    "Service %s and %s do not match": "Service %s und %s stimmen nicht überein"
-  },
-  "chat": {
-    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
-    "The chat: %s is not found": "The chat: %s is not found",
-    "The message is invalid": "The message is invalid",
-    "The message: %s is not found": "The message: %s is not found",
-    "The provider: %s is invalid": "The provider: %s is invalid",
-    "The provider: %s is not found": "The provider: %s is not found"
+    "Service %s and %s do not match": "Service %s and %s do not match"
   },
   "check": {
-    "Affiliation cannot be blank": "Zugehörigkeit darf nicht leer sein",
-    "DisplayName cannot be blank": "Anzeigename kann nicht leer sein",
-    "DisplayName is not valid real name": "DisplayName ist kein gültiger Vorname",
-    "Email already exists": "E-Mail existiert bereits",
-    "Email cannot be empty": "E-Mail darf nicht leer sein",
-    "Email is invalid": "E-Mail ist ungültig",
-    "Empty username.": "Leerer Benutzername.",
-    "FirstName cannot be blank": "Vorname darf nicht leer sein",
-    "LDAP user name or password incorrect": "Ldap Benutzername oder Passwort falsch",
-    "LastName cannot be blank": "Nachname darf nicht leer sein",
-    "Multiple accounts with same uid, please check your ldap server": "Mehrere Konten mit derselben uid, bitte überprüfen Sie Ihren LDAP-Server",
-    "Organization does not exist": "Organisation existiert nicht",
-    "Password must have at least 6 characters": "Das Passwort muss mindestens 6 Zeichen enthalten",
-    "Phone already exists": "Telefon existiert bereits",
-    "Phone cannot be empty": "Das Telefon darf nicht leer sein",
-    "Phone number is invalid": "Die Telefonnummer ist ungültig",
-    "Session outdated, please login again": "Sitzung abgelaufen, bitte erneut anmelden",
-    "The user is forbidden to sign in, please contact the administrator": "Dem Benutzer ist der Zugang verboten, bitte kontaktieren Sie den Administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Der Benutzername darf nur alphanumerische Zeichen, Unterstriche oder Bindestriche enthalten, keine aufeinanderfolgenden Bindestriche oder Unterstriche haben und darf nicht mit einem Bindestrich oder Unterstrich beginnen oder enden.",
-    "Username already exists": "Benutzername existiert bereits",
-    "Username cannot be an email address": "Benutzername kann keine E-Mail-Adresse sein",
-    "Username cannot contain white spaces": "Benutzername darf keine Leerzeichen enthalten",
-    "Username cannot start with a digit": "Benutzername darf nicht mit einer Ziffer beginnen",
-    "Username is too long (maximum is 39 characters).": "Benutzername ist zu lang (das Maximum beträgt 39 Zeichen).",
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
     "Username must have at least 2 characters": "Benutzername muss mindestens 2 Zeichen lang sein",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Sie haben zu oft das falsche Passwort oder den falschen Code eingegeben. Bitte warten Sie %d Minuten und versuchen Sie es erneut",
-    "Your region is not allow to signup by phone": "Ihre Region ist nicht berechtigt, sich telefonisch anzumelden",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "Das Passwort oder der Code ist falsch. Du hast noch %d Versuche übrig",
-    "unsupported password type: %s": "Nicht unterstützter Passworttyp: %s"
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
   },
   "general": {
-    "Missing parameter": "Fehlender Parameter",
-    "Please login first": "Bitte zuerst einloggen",
-    "The user: %s doesn't exist": "Der Benutzer %s existiert nicht",
-    "don't support captchaProvider: ": "Unterstütze captchaProvider nicht:",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "Missing parameter": "Missing parameter",
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "don't support captchaProvider: ": "don't support captchaProvider: "
   },
   "ldap": {
-    "Ldap server exist": "Es gibt einen LDAP-Server"
+    "Ldap server exist": "Ldap server exist"
   },
   "link": {
-    "Please link first": "Bitte verlinken Sie zuerst",
-    "This application has no providers": "Diese Anwendung hat keine Anbieter",
-    "This application has no providers of type": "Diese Anwendung hat keine Anbieter des Typs",
-    "This provider can't be unlinked": "Dieser Anbieter kann nicht entkoppelt werden",
-    "You are not the global admin, you can't unlink other users": "Sie sind nicht der globale Administrator, Sie können keine anderen Benutzer trennen",
-    "You can't unlink yourself, you are not a member of any application": "Du kannst dich nicht abmelden, du bist kein Mitglied einer Anwendung"
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
   },
   "organization": {
-    "Only admin can modify the %s.": "Nur der Administrator kann das %s ändern.",
-    "The %s is immutable.": "Das %s ist unveränderlich.",
-    "Unknown modify rule %s.": "Unbekannte Änderungsregel %s."
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
   },
   "provider": {
-    "Invalid application id": "Ungültige Anwendungs-ID",
-    "the provider: %s does not exist": "Der Anbieter %s existiert nicht"
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
   },
   "resource": {
-    "User is nil for tag: avatar": "Benutzer ist null für Tag: Avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Benutzername oder vollständiger Dateipfad sind leer: Benutzername = %s, vollständiger Dateipfad = %s"
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
   },
   "saml": {
-    "Application %s not found": "Anwendung %s wurde nicht gefunden"
+    "Application %s not found": "Application %s not found"
   },
   "saml_sp": {
-    "provider %s's category is not SAML": "Der Anbieter %s ist keine Kategorie von SAML"
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
   },
   "service": {
-    "Empty parameters for emailForm: %v": "Leere Parameter für Email-Formular: %v",
-    "Invalid Email receivers: %s": "Ungültige E-Mail-Empfänger: %s",
-    "Invalid phone receivers: %s": "Ungültige Telefonempfänger: %s"
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
   },
   "storage": {
-    "The objectKey: %s is not allowed": "Der Objektschlüssel %s ist nicht erlaubt",
-    "The provider type: %s is not supported": "Der Anbieter-Typ %s wird nicht unterstützt"
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
   },
   "token": {
-    "Empty clientId or clientSecret": "Leerer clientId oder clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s wird von dieser Anwendung nicht unterstützt",
-    "Invalid application or wrong clientSecret": "Ungültige Anwendung oder falsches clientSecret",
-    "Invalid client_id": "Ungültige client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Weiterleitungs-URI: %s ist nicht in der Liste erlaubter Weiterleitungs-URIs vorhanden",
-    "Token not found, invalid accessToken": "Token nicht gefunden, ungültiger Zugriffs-Token"
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
   },
   "user": {
-    "Display name cannot be empty": "Anzeigename darf nicht leer sein",
-    "New password cannot contain blank space.": "Das neue Passwort darf keine Leerzeichen enthalten."
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "New password must have at least 6 characters": "New password must have at least 6 characters"
   },
   "user_upload": {
-    "Failed to import users": "Fehler beim Importieren von Benutzern"
+    "Failed to import users": "Failed to import users"
   },
   "util": {
-    "No application is found for userId: %s": "Es wurde keine Anwendung für die Benutzer-ID gefunden: %s",
-    "No provider for category: %s is found for application: %s": "Kein Anbieter für die Kategorie %s gefunden für die Anwendung: %s",
-    "The provider: %s is not found": "Der Anbieter: %s wurde nicht gefunden"
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
   },
   "verification": {
-    "Code has not been sent yet!": "Der Code wurde noch nicht versendet!",
-    "Invalid captcha provider.": "Ungültiger Captcha-Anbieter.",
-    "Phone number is invalid in your region %s": "Die Telefonnummer ist in Ihrer Region %s ungültig",
-    "Turing test failed.": "Turing-Test fehlgeschlagen.",
-    "Unable to get the email modify rule.": "Nicht in der Lage, die E-Mail-Änderungsregel zu erhalten.",
-    "Unable to get the phone modify rule.": "Nicht in der Lage, die Telefon-Änderungsregel zu erhalten.",
-    "Unknown type": "Unbekannter Typ",
-    "Wrong verification code!": "Falscher Bestätigungscode!",
-    "You should verify your code in %d min!": "Du solltest deinen Code in %d Minuten verifizieren!",
-    "the user does not exist, please sign up first": "Der Benutzer existiert nicht, bitte zuerst anmelden"
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Email is invalid": "Email is invalid",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Organization does not exist": "Organization does not exist",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong parameter": "Wrong parameter",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
   },
   "webauthn": {
-    "Found no credentials for this user": "Es wurden keine Anmeldeinformationen für diesen Benutzer gefunden",
-    "Please call WebAuthnSigninBegin first": "Bitte rufen Sie zuerst WebAuthnSigninBegin auf"
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
   }
 }

i18n/locales/en/data.json

@@ -1,8 +1,9 @@
 {
   "account": {
-    "Failed to add user": "Failed to add user",
     "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
+    "Invalid information": "Invalid information",
+    "Please sign out first before signing in": "Please sign out first before signing in",
+    "Please sign out first before signing up": "Please sign out first before signing up",
     "The application does not allow to sign up new account": "The application does not allow to sign up new account"
   },
   "auth": {
@@ -16,21 +17,16 @@
     "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
     "The application: %s does not exist": "The application: %s does not exist",
     "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider type: %s is not supported": "The provider type: %s is not supported",
     "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "Turing test failed.": "Turing test failed.",
     "Unauthorized operation": "Unauthorized operation",
     "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
   },
   "cas": {
     "Service %s and %s do not match": "Service %s and %s do not match"
   },
-  "chat": {
-    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
-    "The chat: %s is not found": "The chat: %s is not found",
-    "The message is invalid": "The message is invalid",
-    "The message: %s is not found": "The message: %s is not found",
-    "The provider: %s is invalid": "The provider: %s is invalid",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
   "check": {
     "Affiliation cannot be blank": "Affiliation cannot be blank",
     "DisplayName cannot be blank": "DisplayName cannot be blank",
@@ -40,8 +36,8 @@
     "Email is invalid": "Email is invalid",
     "Empty username.": "Empty username.",
     "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
     "LastName cannot be blank": "LastName cannot be blank",
+    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
     "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
     "Organization does not exist": "Organization does not exist",
     "Password must have at least 6 characters": "Password must have at least 6 characters",
@@ -50,7 +46,6 @@
     "Phone number is invalid": "Phone number is invalid",
     "Session outdated, please login again": "Session outdated, please login again",
     "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
     "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
     "Username already exists": "Username already exists",
     "Username cannot be an email address": "Username cannot be an email address",
@@ -60,7 +55,6 @@
     "Username must have at least 2 characters": "Username must have at least 2 characters",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
     "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
     "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
     "unsupported password type: %s": "unsupported password type: %s"
   },
@@ -68,8 +62,7 @@
     "Missing parameter": "Missing parameter",
     "Please login first": "Please login first",
     "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "don't support captchaProvider: ": "don't support captchaProvider: "
   },
   "ldap": {
     "Ldap server exist": "Ldap server exist"
@@ -120,7 +113,8 @@
   },
   "user": {
     "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "New password must have at least 6 characters": "New password must have at least 6 characters"
   },
   "user_upload": {
     "Failed to import users": "Failed to import users"
@@ -132,12 +126,15 @@
   },
   "verification": {
     "Code has not been sent yet!": "Code has not been sent yet!",
+    "Email is invalid": "Email is invalid",
     "Invalid captcha provider.": "Invalid captcha provider.",
+    "Organization does not exist": "Organization does not exist",
     "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
     "Turing test failed.": "Turing test failed.",
     "Unable to get the email modify rule.": "Unable to get the email modify rule.",
     "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
     "Unknown type": "Unknown type",
+    "Wrong parameter": "Wrong parameter",
     "Wrong verification code!": "Wrong verification code!",
     "You should verify your code in %d min!": "You should verify your code in %d min!",
     "the user does not exist, please sign up first": "the user does not exist, please sign up first"

i18n/locales/es/data.json

@@ -1,149 +1,146 @@
 {
   "account": {
-    "Failed to add user": "No se pudo agregar el usuario",
-    "Get init score failed, error: %w": "Error al obtener el puntaje de inicio, error: %w",
-    "Please sign out first": "Por favor, cierra sesión primero",
-    "The application does not allow to sign up new account": "La aplicación no permite registrarse con una cuenta nueva"
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid information": "Invalid information",
+    "Please sign out first before signing in": "Please sign out first before signing in",
+    "Please sign out first before signing up": "Please sign out first before signing up",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
   },
   "auth": {
-    "Challenge method should be S256": "El método de desafío debe ser S256",
-    "Failed to create user, user information is invalid: %s": "No se pudo crear el usuario, la información del usuario es inválida: %s",
-    "Failed to login in: %s": "No se ha podido iniciar sesión en: %s",
-    "Invalid token": "Token inválido",
-    "State expected: %s, but got: %s": "Estado esperado: %s, pero se obtuvo: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "La cuenta para el proveedor: %s y nombre de usuario: %s (%s) no existe y no está permitido registrarse como una cuenta nueva a través de %%s, por favor use otro método para registrarse",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "La cuenta para el proveedor: %s y el nombre de usuario: %s (%s) no existe y no se permite registrarse como una nueva cuenta, por favor contacte a su soporte de TI",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "La cuenta para proveedor: %s y nombre de usuario: %s (%s) ya está vinculada a otra cuenta: %s (%s)",
-    "The application: %s does not exist": "La aplicación: %s no existe",
-    "The login method: login with password is not enabled for the application": "El método de inicio de sesión: inicio de sesión con contraseña no está habilitado para la aplicación",
-    "The provider: %s is not enabled for the application": "El proveedor: %s no está habilitado para la aplicación",
-    "Unauthorized operation": "Operación no autorizada",
-    "Unknown authentication type (not password or provider), form = %s": "Tipo de autenticación desconocido (no es contraseña o proveedor), formulario = %s"
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider type: %s is not supported": "The provider type: %s is not supported",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "Turing test failed.": "Turing test failed.",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
   },
   "cas": {
-    "Service %s and %s do not match": "Los servicios %s y %s no coinciden"
-  },
-  "chat": {
-    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
-    "The chat: %s is not found": "The chat: %s is not found",
-    "The message is invalid": "The message is invalid",
-    "The message: %s is not found": "The message: %s is not found",
-    "The provider: %s is invalid": "The provider: %s is invalid",
-    "The provider: %s is not found": "The provider: %s is not found"
+    "Service %s and %s do not match": "Service %s and %s do not match"
   },
   "check": {
-    "Affiliation cannot be blank": "Afiliación no puede estar en blanco",
-    "DisplayName cannot be blank": "El nombre de visualización no puede estar en blanco",
-    "DisplayName is not valid real name": "El nombre de pantalla no es un nombre real válido",
-    "Email already exists": "El correo electrónico ya existe",
-    "Email cannot be empty": "El correo electrónico no puede estar vacío",
-    "Email is invalid": "El correo electrónico no es válido",
-    "Empty username.": "Nombre de usuario vacío.",
-    "FirstName cannot be blank": "El nombre no puede estar en blanco",
-    "LDAP user name or password incorrect": "Nombre de usuario o contraseña de Ldap incorrectos",
-    "LastName cannot be blank": "El apellido no puede estar en blanco",
-    "Multiple accounts with same uid, please check your ldap server": "Cuentas múltiples con el mismo uid, por favor revise su servidor ldap",
-    "Organization does not exist": "La organización no existe",
-    "Password must have at least 6 characters": "La contraseña debe tener al menos 6 caracteres",
-    "Phone already exists": "El teléfono ya existe",
-    "Phone cannot be empty": "Teléfono no puede estar vacío",
-    "Phone number is invalid": "El número de teléfono no es válido",
-    "Session outdated, please login again": "Sesión expirada, por favor vuelva a iniciar sesión",
-    "The user is forbidden to sign in, please contact the administrator": "El usuario no está autorizado a iniciar sesión, por favor contacte al administrador",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "El nombre de usuario solo puede contener caracteres alfanuméricos, guiones bajos o guiones, no puede tener guiones o subrayados consecutivos, y no puede comenzar ni terminar con un guión o subrayado.",
-    "Username already exists": "El nombre de usuario ya existe",
-    "Username cannot be an email address": "Nombre de usuario no puede ser una dirección de correo electrónico",
-    "Username cannot contain white spaces": "Nombre de usuario no puede contener espacios en blanco",
-    "Username cannot start with a digit": "El nombre de usuario no puede empezar con un dígito",
-    "Username is too long (maximum is 39 characters).": "El nombre de usuario es demasiado largo (el máximo es de 39 caracteres).",
-    "Username must have at least 2 characters": "Nombre de usuario debe tener al menos 2 caracteres",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Has ingresado la contraseña o código incorrecto demasiadas veces, por favor espera %d minutos e intenta de nuevo",
-    "Your region is not allow to signup by phone": "Tu región no está permitida para registrarse por teléfono",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "Contraseña o código incorrecto, tienes %d intentos restantes",
-    "unsupported password type: %s": "Tipo de contraseña no compatible: %s"
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
   },
   "general": {
-    "Missing parameter": "Parámetro faltante",
-    "Please login first": "Por favor, inicia sesión primero",
-    "The user: %s doesn't exist": "El usuario: %s no existe",
-    "don't support captchaProvider: ": "No apoyo a captchaProvider",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "Missing parameter": "Missing parameter",
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "don't support captchaProvider: ": "don't support captchaProvider: "
   },
   "ldap": {
-    "Ldap server exist": "El servidor LDAP existe"
+    "Ldap server exist": "Ldap server exist"
   },
   "link": {
-    "Please link first": "Por favor, enlaza primero",
-    "This application has no providers": "Esta aplicación no tiene proveedores",
-    "This application has no providers of type": "Esta aplicación no tiene proveedores del tipo",
-    "This provider can't be unlinked": "Este proveedor no se puede desvincular",
-    "You are not the global admin, you can't unlink other users": "No eres el administrador global, no puedes desvincular a otros usuarios",
-    "You can't unlink yourself, you are not a member of any application": "No puedes desvincularte, no eres miembro de ninguna aplicación"
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
   },
   "organization": {
-    "Only admin can modify the %s.": "Solo el administrador puede modificar los %s.",
-    "The %s is immutable.": "El %s es inmutable.",
-    "Unknown modify rule %s.": "Regla de modificación desconocida %s."
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
   },
   "provider": {
-    "Invalid application id": "Identificación de aplicación no válida",
-    "the provider: %s does not exist": "El proveedor: %s no existe"
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
   },
   "resource": {
-    "User is nil for tag: avatar": "El usuario es nulo para la etiqueta: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Nombre de usuario o ruta completa de archivo está vacío: nombre de usuario = %s, ruta completa de archivo = %s"
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
   },
   "saml": {
-    "Application %s not found": "Aplicación %s no encontrada"
+    "Application %s not found": "Application %s not found"
   },
   "saml_sp": {
-    "provider %s's category is not SAML": "La categoría del proveedor %s no es SAML"
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
   },
   "service": {
-    "Empty parameters for emailForm: %v": "Parámetros vacíos para el formulario de correo electrónico: %v",
-    "Invalid Email receivers: %s": "Receptores de correo electrónico no válidos: %s",
-    "Invalid phone receivers: %s": "Receptores de teléfono no válidos: %s"
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
   },
   "storage": {
-    "The objectKey: %s is not allowed": "El objectKey: %s no está permitido",
-    "The provider type: %s is not supported": "El tipo de proveedor: %s no es compatible"
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
   },
   "token": {
-    "Empty clientId or clientSecret": "ClienteId o clienteSecret vacío",
-    "Grant_type: %s is not supported in this application": "El tipo de subvención: %s no es compatible con esta aplicación",
-    "Invalid application or wrong clientSecret": "Solicitud inválida o clientSecret incorrecto",
-    "Invalid client_id": "Identificador de cliente no válido",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "El URI de redirección: %s no existe en la lista de URI de redirección permitidos",
-    "Token not found, invalid accessToken": "Token no encontrado, accessToken inválido"
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
   },
   "user": {
-    "Display name cannot be empty": "El nombre de pantalla no puede estar vacío",
-    "New password cannot contain blank space.": "La nueva contraseña no puede contener espacios en blanco."
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "New password must have at least 6 characters": "New password must have at least 6 characters"
   },
   "user_upload": {
-    "Failed to import users": "Error al importar usuarios"
+    "Failed to import users": "Failed to import users"
   },
   "util": {
-    "No application is found for userId: %s": "No se encuentra ninguna aplicación para el Id de usuario: %s",
-    "No provider for category: %s is found for application: %s": "No se encuentra un proveedor para la categoría: %s para la aplicación: %s",
-    "The provider: %s is not found": "El proveedor: %s no se encuentra"
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
   },
   "verification": {
-    "Code has not been sent yet!": "¡El código aún no ha sido enviado!",
-    "Invalid captcha provider.": "Proveedor de captcha no válido.",
-    "Phone number is invalid in your region %s": "El número de teléfono es inválido en tu región %s",
-    "Turing test failed.": "El test de Turing falló.",
-    "Unable to get the email modify rule.": "No se puede obtener la regla de modificación de correo electrónico.",
-    "Unable to get the phone modify rule.": "No se pudo obtener la regla de modificación del teléfono.",
-    "Unknown type": "Tipo desconocido",
-    "Wrong verification code!": "¡Código de verificación incorrecto!",
-    "You should verify your code in %d min!": "¡Deberías verificar tu código en %d minutos!",
-    "the user does not exist, please sign up first": "El usuario no existe, por favor regístrese primero"
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Email is invalid": "Email is invalid",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Organization does not exist": "Organization does not exist",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong parameter": "Wrong parameter",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
   },
   "webauthn": {
-    "Found no credentials for this user": "No se encontraron credenciales para este usuario",
-    "Please call WebAuthnSigninBegin first": "Por favor, llama primero a WebAuthnSigninBegin"
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
   }
 }

i18n/locales/fr/data.json

@@ -1,149 +1,146 @@
 {
   "account": {
-    "Failed to add user": "Échec d'ajout d'utilisateur",
-    "Get init score failed, error: %w": "Obtention du score initiale échouée, erreur : %w",
-    "Please sign out first": "Veuillez vous déconnecter en premier",
-    "The application does not allow to sign up new account": "L'application ne permet pas de créer un nouveau compte"
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid information": "Invalid information",
+    "Please sign out first before signing in": "Please sign out first before signing in",
+    "Please sign out first before signing up": "Please sign out first before signing up",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
   },
   "auth": {
-    "Challenge method should be S256": "La méthode de défi doit être S256",
-    "Failed to create user, user information is invalid: %s": "Échec de la création de l'utilisateur, les informations utilisateur sont invalides : %s",
-    "Failed to login in: %s": "Échec de la connexion : %s",
-    "Invalid token": "Jeton invalide",
-    "State expected: %s, but got: %s": "État attendu : %s, mais obtenu : %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Le compte pour le fournisseur : %s et le nom d'utilisateur : %s (%s) n'existe pas et n'est pas autorisé à s'inscrire en tant que nouveau compte via %%s, veuillez utiliser une autre méthode pour vous inscrire",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Le compte pour le fournisseur : %s et le nom d'utilisateur : %s (%s) n'existe pas et n'est pas autorisé à s'inscrire comme nouveau compte, veuillez contacter votre support informatique",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Le compte du fournisseur : %s et le nom d'utilisateur : %s (%s) sont déjà liés à un autre compte : %s (%s)",
-    "The application: %s does not exist": "L'application : %s n'existe pas",
-    "The login method: login with password is not enabled for the application": "La méthode de connexion : connexion avec mot de passe n'est pas activée pour l'application",
-    "The provider: %s is not enabled for the application": "Le fournisseur :%s n'est pas activé pour l'application",
-    "Unauthorized operation": "Opération non autorisée",
-    "Unknown authentication type (not password or provider), form = %s": "Type d'authentification inconnu (pas de mot de passe ou de fournisseur), formulaire = %s"
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider type: %s is not supported": "The provider type: %s is not supported",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "Turing test failed.": "Turing test failed.",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
   },
   "cas": {
-    "Service %s and %s do not match": "Les services %s et %s ne correspondent pas"
-  },
-  "chat": {
-    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
-    "The chat: %s is not found": "The chat: %s is not found",
-    "The message is invalid": "The message is invalid",
-    "The message: %s is not found": "The message: %s is not found",
-    "The provider: %s is invalid": "The provider: %s is invalid",
-    "The provider: %s is not found": "The provider: %s is not found"
+    "Service %s and %s do not match": "Service %s and %s do not match"
   },
   "check": {
-    "Affiliation cannot be blank": "Affiliation ne peut pas être vide",
-    "DisplayName cannot be blank": "Le nom d'affichage ne peut pas être vide",
-    "DisplayName is not valid real name": "DisplayName n'est pas un nom réel valide",
-    "Email already exists": "E-mail déjà existant",
-    "Email cannot be empty": "L'e-mail ne peut pas être vide",
-    "Email is invalid": "L'adresse e-mail est invalide",
-    "Empty username.": "Nom d'utilisateur vide.",
-    "FirstName cannot be blank": "Le prénom ne peut pas être laissé vide",
-    "LDAP user name or password incorrect": "Nom d'utilisateur ou mot de passe LDAP incorrect",
-    "LastName cannot be blank": "Le nom de famille ne peut pas être vide",
-    "Multiple accounts with same uid, please check your ldap server": "Plusieurs comptes avec le même identifiant d'utilisateur, veuillez vérifier votre serveur LDAP",
-    "Organization does not exist": "L'organisation n'existe pas",
-    "Password must have at least 6 characters": "Le mot de passe doit comporter au moins 6 caractères",
-    "Phone already exists": "Le téléphone existe déjà",
-    "Phone cannot be empty": "Le téléphone ne peut pas être vide",
-    "Phone number is invalid": "Le numéro de téléphone est invalide",
-    "Session outdated, please login again": "Session expirée, veuillez vous connecter à nouveau",
-    "The user is forbidden to sign in, please contact the administrator": "L'utilisateur est interdit de se connecter, veuillez contacter l'administrateur",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Le nom d'utilisateur ne peut contenir que des caractères alphanumériques, des traits soulignés ou des tirets, ne peut pas avoir de tirets ou de traits soulignés consécutifs et ne peut pas commencer ou se terminer par un tiret ou un trait souligné.",
-    "Username already exists": "Nom d'utilisateur existe déjà",
-    "Username cannot be an email address": "Nom d'utilisateur ne peut pas être une adresse e-mail",
-    "Username cannot contain white spaces": "Nom d'utilisateur ne peut pas contenir d'espaces blancs",
-    "Username cannot start with a digit": "Nom d'utilisateur ne peut pas commencer par un chiffre",
-    "Username is too long (maximum is 39 characters).": "Nom d'utilisateur est trop long (maximum de 39 caractères).",
-    "Username must have at least 2 characters": "Le nom d'utilisateur doit comporter au moins 2 caractères",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Vous avez entré le mauvais mot de passe ou code plusieurs fois, veuillez attendre %d minutes et réessayer",
-    "Your region is not allow to signup by phone": "Votre région n'est pas autorisée à s'inscrire par téléphone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "Le mot de passe ou le code est incorrect, il vous reste %d chances",
-    "unsupported password type: %s": "Type de mot de passe non pris en charge : %s"
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
   },
   "general": {
-    "Missing parameter": "Paramètre manquant",
-    "Please login first": "Veuillez d'abord vous connecter",
-    "The user: %s doesn't exist": "L'utilisateur : %s n'existe pas",
-    "don't support captchaProvider: ": "Ne pas prendre en charge la captchaProvider",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "Missing parameter": "Missing parameter",
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "don't support captchaProvider: ": "don't support captchaProvider: "
   },
   "ldap": {
-    "Ldap server exist": "Le serveur LDAP existe"
+    "Ldap server exist": "Ldap server exist"
   },
   "link": {
-    "Please link first": "Veuillez d'abord faire le lien",
-    "This application has no providers": "Cette application n'a aucun fournisseur",
-    "This application has no providers of type": "Cette application ne dispose d'aucun fournisseur de type",
-    "This provider can't be unlinked": "Ce fournisseur ne peut pas être dissocié",
-    "You are not the global admin, you can't unlink other users": "Vous n'êtes pas l'administrateur global, vous ne pouvez pas détacher d'autres utilisateurs",
-    "You can't unlink yourself, you are not a member of any application": "Vous ne pouvez pas vous désolidariser, car vous n'êtes membre d'aucune application"
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
   },
   "organization": {
-    "Only admin can modify the %s.": "Seul l'administrateur peut modifier le %s.",
-    "The %s is immutable.": "Le %s est immuable.",
-    "Unknown modify rule %s.": "Règle de modification inconnue %s."
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
   },
   "provider": {
-    "Invalid application id": "Identifiant d'application invalide",
-    "the provider: %s does not exist": "Le fournisseur : %s n'existe pas"
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
   },
   "resource": {
-    "User is nil for tag: avatar": "L'utilisateur est nul pour la balise : avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Nom d'utilisateur ou chemin complet du fichier est vide : nom d'utilisateur = %s, chemin complet du fichier = %s"
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
   },
   "saml": {
-    "Application %s not found": "L'application %s n'a pas été trouvée"
+    "Application %s not found": "Application %s not found"
   },
   "saml_sp": {
-    "provider %s's category is not SAML": "La catégorie du fournisseur %s n'est pas SAML"
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
   },
   "service": {
-    "Empty parameters for emailForm: %v": "Paramètres vides pour emailForm : %v",
-    "Invalid Email receivers: %s": "Destinataires d'e-mail invalides : %s",
-    "Invalid phone receivers: %s": "Destinataires de téléphone invalide : %s"
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
   },
   "storage": {
-    "The objectKey: %s is not allowed": "La clé d'objet : %s n'est pas autorisée",
-    "The provider type: %s is not supported": "Le type de fournisseur : %s n'est pas pris en charge"
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
   },
   "token": {
-    "Empty clientId or clientSecret": "clientId ou clientSecret vide",
-    "Grant_type: %s is not supported in this application": "Type_de_subvention : %s n'est pas pris en charge dans cette application",
-    "Invalid application or wrong clientSecret": "Application invalide ou clientSecret incorrect",
-    "Invalid client_id": "Identifiant de client invalide",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "URI de redirection: %s n'existe pas dans la liste des URI de redirection autorisés",
-    "Token not found, invalid accessToken": "Jeton non trouvé, accessToken invalide"
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
   },
   "user": {
-    "Display name cannot be empty": "Le nom d'affichage ne peut pas être vide",
-    "New password cannot contain blank space.": "Le nouveau mot de passe ne peut pas contenir d'espace."
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "New password must have at least 6 characters": "New password must have at least 6 characters"
   },
   "user_upload": {
-    "Failed to import users": "Échec de l'importation des utilisateurs"
+    "Failed to import users": "Failed to import users"
   },
   "util": {
-    "No application is found for userId: %s": "Aucune application n'a été trouvée pour l'identifiant d'utilisateur : %s",
-    "No provider for category: %s is found for application: %s": "Aucun fournisseur pour la catégorie: %s n'est trouvé pour l'application: %s",
-    "The provider: %s is not found": "Le fournisseur : %s n'a pas été trouvé"
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
   },
   "verification": {
-    "Code has not been sent yet!": "Le code n'a pas encore été envoyé !",
-    "Invalid captcha provider.": "Fournisseur de captcha invalide.",
-    "Phone number is invalid in your region %s": "Le numéro de téléphone n'est pas valide dans votre région %s",
-    "Turing test failed.": "Le test de Turing a échoué.",
-    "Unable to get the email modify rule.": "Incapable d'obtenir la règle de modification de courriel.",
-    "Unable to get the phone modify rule.": "Impossible d'obtenir la règle de modification de téléphone.",
-    "Unknown type": "Type inconnu",
-    "Wrong verification code!": "Mauvais code de vérification !",
-    "You should verify your code in %d min!": "Vous devriez vérifier votre code en %d min !",
-    "the user does not exist, please sign up first": "L'utilisateur n'existe pas, veuillez vous inscrire d'abord"
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Email is invalid": "Email is invalid",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Organization does not exist": "Organization does not exist",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong parameter": "Wrong parameter",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
   },
   "webauthn": {
-    "Found no credentials for this user": "Aucune référence trouvée pour cet utilisateur",
-    "Please call WebAuthnSigninBegin first": "Veuillez d'abord appeler WebAuthnSigninBegin"
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
   }
 }

i18n/locales/id/data.json

@@ -1,149 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Gagal menambahkan pengguna",
-    "Get init score failed, error: %w": "Gagal mendapatkan nilai init, kesalahan: %w",
-    "Please sign out first": "Silakan keluar terlebih dahulu",
-    "The application does not allow to sign up new account": "Aplikasi tidak memperbolehkan untuk mendaftar akun baru"
-  },
-  "auth": {
-    "Challenge method should be S256": "Metode tantangan harus S256",
-    "Failed to create user, user information is invalid: %s": "Gagal membuat pengguna, informasi pengguna tidak valid: %s",
-    "Failed to login in: %s": "Gagal masuk: %s",
-    "Invalid token": "Token tidak valid",
-    "State expected: %s, but got: %s": "Diharapkan: %s, tapi diperoleh: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Akun untuk penyedia: %s dan nama pengguna: %s (%s) tidak ada dan tidak diizinkan untuk mendaftar sebagai akun baru melalui %%s, silakan gunakan cara lain untuk mendaftar",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Akun untuk penyedia: %s dan nama pengguna: %s (%s) tidak ada dan tidak diizinkan untuk mendaftar sebagai akun baru, silakan hubungi dukungan IT Anda",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Akun untuk provider: %s dan username: %s (%s) sudah terhubung dengan akun lain: %s (%s)",
-    "The application: %s does not exist": "Aplikasi: %s tidak ada",
-    "The login method: login with password is not enabled for the application": "Metode login: login dengan kata sandi tidak diaktifkan untuk aplikasi tersebut",
-    "The provider: %s is not enabled for the application": "Penyedia: %s tidak diaktifkan untuk aplikasi ini",
-    "Unauthorized operation": "Operasi tidak sah",
-    "Unknown authentication type (not password or provider), form = %s": "Jenis otentikasi tidak diketahui (bukan kata sandi atau pemberi), formulir = %s"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Layanan %s dan %s tidak cocok"
-  },
-  "chat": {
-    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
-    "The chat: %s is not found": "The chat: %s is not found",
-    "The message is invalid": "The message is invalid",
-    "The message: %s is not found": "The message: %s is not found",
-    "The provider: %s is invalid": "The provider: %s is invalid",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Keterkaitan tidak boleh kosong",
-    "DisplayName cannot be blank": "Nama Pengguna tidak boleh kosong",
-    "DisplayName is not valid real name": "DisplayName bukanlah nama asli yang valid",
-    "Email already exists": "Email sudah ada",
-    "Email cannot be empty": "Email tidak boleh kosong",
-    "Email is invalid": "Email tidak valid",
-    "Empty username.": "Nama pengguna kosong.",
-    "FirstName cannot be blank": "Nama depan tidak boleh kosong",
-    "LDAP user name or password incorrect": "Nama pengguna atau kata sandi Ldap salah",
-    "LastName cannot be blank": "Nama belakang tidak boleh kosong",
-    "Multiple accounts with same uid, please check your ldap server": "Beberapa akun dengan uid yang sama, harap periksa server ldap Anda",
-    "Organization does not exist": "Organisasi tidak ada",
-    "Password must have at least 6 characters": "Kata sandi harus memiliki minimal 6 karakter",
-    "Phone already exists": "Telepon sudah ada",
-    "Phone cannot be empty": "Telepon tidak boleh kosong",
-    "Phone number is invalid": "Nomor telepon tidak valid",
-    "Session outdated, please login again": "Sesi kedaluwarsa, silakan masuk lagi",
-    "The user is forbidden to sign in, please contact the administrator": "Pengguna dilarang masuk, silakan hubungi administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Nama pengguna hanya bisa menggunakan karakter alfanumerik, garis bawah atau tanda hubung, tidak boleh memiliki dua tanda hubung atau garis bawah berurutan, dan tidak boleh diawali atau diakhiri dengan tanda hubung atau garis bawah.",
-    "Username already exists": "Nama pengguna sudah ada",
-    "Username cannot be an email address": "Username tidak bisa menjadi alamat email",
-    "Username cannot contain white spaces": "Username tidak boleh mengandung spasi",
-    "Username cannot start with a digit": "Username tidak dapat dimulai dengan angka",
-    "Username is too long (maximum is 39 characters).": "Nama pengguna terlalu panjang (maksimum 39 karakter).",
-    "Username must have at least 2 characters": "Nama pengguna harus memiliki setidaknya 2 karakter",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Anda telah memasukkan kata sandi atau kode yang salah terlalu banyak kali, mohon tunggu selama %d menit dan coba lagi",
-    "Your region is not allow to signup by phone": "Wilayah Anda tidak diizinkan untuk mendaftar melalui telepon",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "Kata sandi atau kode salah, Anda memiliki %d kesempatan tersisa",
-    "unsupported password type: %s": "jenis sandi tidak didukung: %s"
-  },
-  "general": {
-    "Missing parameter": "Parameter hilang",
-    "Please login first": "Silahkan login terlebih dahulu",
-    "The user: %s doesn't exist": "Pengguna: %s tidak ada",
-    "don't support captchaProvider: ": "Jangan mendukung captchaProvider:",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Server ldap ada"
-  },
-  "link": {
-    "Please link first": "Tolong tautkan terlebih dahulu",
-    "This application has no providers": "Aplikasi ini tidak memiliki penyedia",
-    "This application has no providers of type": " Aplikasi ini tidak memiliki penyedia tipe ",
-    "This provider can't be unlinked": "Pemberi layanan ini tidak dapat dipisahkan",
-    "You are not the global admin, you can't unlink other users": "Anda bukan admin global, Anda tidak dapat memutuskan tautan pengguna lain",
-    "You can't unlink yourself, you are not a member of any application": "Anda tidak dapat memutuskan tautan diri sendiri, karena Anda bukan anggota dari aplikasi apa pun"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Hanya admin yang dapat memodifikasi %s.",
-    "The %s is immutable.": "%s tidak dapat diubah.",
-    "Unknown modify rule %s.": "Aturan modifikasi tidak diketahui %s."
-  },
-  "provider": {
-    "Invalid application id": "ID aplikasi tidak valid",
-    "the provider: %s does not exist": "provider: %s tidak ada"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "Pengguna kosong untuk tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Nama pengguna atau path lengkap file kosong: nama_pengguna = %s, path_lengkap_file = %s"
-  },
-  "saml": {
-    "Application %s not found": "Aplikasi %s tidak ditemukan"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "kategori penyedia %s bukan SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Parameter kosong untuk emailForm: %v",
-    "Invalid Email receivers: %s": "Penerima email tidak valid: %s",
-    "Invalid phone receivers: %s": "Penerima telepon tidak valid: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "Kunci objek: %s tidak diizinkan",
-    "The provider type: %s is not supported": "Jenis penyedia: %s tidak didukung"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Kosong clientId atau clientSecret",
-    "Grant_type: %s is not supported in this application": "Jenis grant (grant_type) %s tidak didukung dalam aplikasi ini",
-    "Invalid application or wrong clientSecret": "Aplikasi tidak valid atau clientSecret salah",
-    "Invalid client_id": "Invalid client_id = ID klien tidak valid",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "URI pengalihan: %s tidak ada dalam daftar URI Pengalihan yang diizinkan",
-    "Token not found, invalid accessToken": "Token tidak ditemukan, accessToken tidak valid"
-  },
-  "user": {
-    "Display name cannot be empty": "Nama tampilan tidak boleh kosong",
-    "New password cannot contain blank space.": "Kata sandi baru tidak boleh mengandung spasi kosong."
-  },
-  "user_upload": {
-    "Failed to import users": "Gagal mengimpor pengguna"
-  },
-  "util": {
-    "No application is found for userId: %s": "Tidak ditemukan aplikasi untuk userId: %s",
-    "No provider for category: %s is found for application: %s": "Tidak ditemukan penyedia untuk kategori: %s untuk aplikasi: %s",
-    "The provider: %s is not found": "Penyedia: %s tidak ditemukan"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Kode belum dikirimkan!",
-    "Invalid captcha provider.": "Penyedia captcha tidak valid.",
-    "Phone number is invalid in your region %s": "Nomor telepon tidak valid di wilayah anda %s",
-    "Turing test failed.": "Tes Turing gagal.",
-    "Unable to get the email modify rule.": "Tidak dapat memperoleh aturan modifikasi email.",
-    "Unable to get the phone modify rule.": "Tidak dapat memodifikasi aturan telepon.",
-    "Unknown type": "Tipe tidak diketahui",
-    "Wrong verification code!": "Kode verifikasi salah!",
-    "You should verify your code in %d min!": "Anda harus memverifikasi kode Anda dalam %d menit!",
-    "the user does not exist, please sign up first": "Pengguna tidak ada, silakan daftar terlebih dahulu"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Tidak ditemukan kredensial untuk pengguna ini",
-    "Please call WebAuthnSigninBegin first": "Harap panggil WebAuthnSigninBegin terlebih dahulu"
-  }
-}

i18n/locales/ja/data.json

@@ -1,149 +1,146 @@
 {
   "account": {
-    "Failed to add user": "ユーザーの追加に失敗しました",
-    "Get init score failed, error: %w": "イニットスコアの取得に失敗しました。エラー：%w",
-    "Please sign out first": "最初にサインアウトしてください",
-    "The application does not allow to sign up new account": "アプリケーションは新しいアカウントの登録を許可しません"
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid information": "Invalid information",
+    "Please sign out first before signing in": "Please sign out first before signing in",
+    "Please sign out first before signing up": "Please sign out first before signing up",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
   },
   "auth": {
-    "Challenge method should be S256": "チャレンジメソッドはS256である必要があります",
-    "Failed to create user, user information is invalid: %s": "ユーザーの作成に失敗しました。ユーザー情報が無効です：%s",
-    "Failed to login in: %s": "ログインできませんでした：%s",
-    "Invalid token": "無効なトークン",
-    "State expected: %s, but got: %s": "期待される状態： %s、実際には：%s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "プロバイダーのアカウント：%s とユーザー名：%s（%s）が存在せず、新しいアカウントを %%s 経由でサインアップすることはできません。他の方法でサインアップしてください",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "プロバイダー名：%sとユーザー名：%s（%s）のアカウントは存在しません。新しいアカウントとしてサインアップすることはできません。 ITサポートに連絡してください",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "プロバイダのアカウント：%s とユーザー名：%s (%s) は既に別のアカウント：%s (%s) にリンクされています",
-    "The application: %s does not exist": "アプリケーション: %sは存在しません",
-    "The login method: login with password is not enabled for the application": "ログイン方法：パスワードでのログインはアプリケーションで有効になっていません",
-    "The provider: %s is not enabled for the application": "プロバイダー：%sはアプリケーションでは有効化されていません",
-    "Unauthorized operation": "不正操作",
-    "Unknown authentication type (not password or provider), form = %s": "不明な認証タイプ（パスワードまたはプロバイダーではない）フォーム=%s"
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider type: %s is not supported": "The provider type: %s is not supported",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "Turing test failed.": "Turing test failed.",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
   },
   "cas": {
-    "Service %s and %s do not match": "サービス%sと%sは一致しません"
-  },
-  "chat": {
-    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
-    "The chat: %s is not found": "The chat: %s is not found",
-    "The message is invalid": "The message is invalid",
-    "The message: %s is not found": "The message: %s is not found",
-    "The provider: %s is invalid": "The provider: %s is invalid",
-    "The provider: %s is not found": "The provider: %s is not found"
+    "Service %s and %s do not match": "Service %s and %s do not match"
   },
   "check": {
-    "Affiliation cannot be blank": "所属は空白にできません",
-    "DisplayName cannot be blank": "表示名は空白にできません",
-    "DisplayName is not valid real name": "表示名は有効な実名ではありません",
-    "Email already exists": "メールは既に存在します",
-    "Email cannot be empty": "メールが空白にできません",
-    "Email is invalid": "電子メールは無効です",
-    "Empty username.": "空のユーザー名。",
-    "FirstName cannot be blank": "ファーストネームは空白にできません",
-    "LDAP user name or password incorrect": "Ldapのユーザー名またはパスワードが間違っています",
-    "LastName cannot be blank": "姓は空白にできません",
-    "Multiple accounts with same uid, please check your ldap server": "同じuidを持つ複数のアカウントがあります。あなたのLDAPサーバーを確認してください",
-    "Organization does not exist": "組織は存在しません",
-    "Password must have at least 6 characters": "パスワードは少なくとも6つの文字が必要です",
-    "Phone already exists": "電話はすでに存在しています",
-    "Phone cannot be empty": "電話は空っぽにできません",
-    "Phone number is invalid": "電話番号が無効です",
-    "Session outdated, please login again": "セッションが期限切れになりました。再度ログインしてください",
-    "The user is forbidden to sign in, please contact the administrator": "ユーザーはサインインできません。管理者に連絡してください",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "ユーザー名には英数字、アンダースコア、ハイフンしか含めることができません。連続したハイフンまたはアンダースコアは不可であり、ハイフンまたはアンダースコアで始まるまたは終わることもできません。",
-    "Username already exists": "ユーザー名はすでに存在しています",
-    "Username cannot be an email address": "ユーザー名には電子メールアドレスを使用できません",
-    "Username cannot contain white spaces": "ユーザ名にはスペースを含めることはできません",
-    "Username cannot start with a digit": "ユーザー名は数字で始めることはできません",
-    "Username is too long (maximum is 39 characters).": "ユーザー名が長すぎます（最大39文字）。",
-    "Username must have at least 2 characters": "ユーザー名は少なくとも2文字必要です",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "あなたは間違ったパスワードまたはコードを何度も入力しました。%d 分間待ってから再度お試しください",
-    "Your region is not allow to signup by phone": "あなたの地域は電話でサインアップすることができません",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "パスワードまたはコードが間違っています。あと%d回の試行機会があります",
-    "unsupported password type: %s": "サポートされていないパスワードタイプ：%s"
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
   },
   "general": {
-    "Missing parameter": "不足しているパラメーター",
-    "Please login first": "最初にログインしてください",
-    "The user: %s doesn't exist": "そのユーザー：%sは存在しません",
-    "don't support captchaProvider: ": "captchaProviderをサポートしないでください",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "Missing parameter": "Missing parameter",
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "don't support captchaProvider: ": "don't support captchaProvider: "
   },
   "ldap": {
-    "Ldap server exist": "LDAPサーバーは存在します"
+    "Ldap server exist": "Ldap server exist"
   },
   "link": {
-    "Please link first": "最初にリンクしてください",
-    "This application has no providers": "このアプリケーションにはプロバイダーがありません",
-    "This application has no providers of type": "「このアプリケーションには、タイプのプロバイダーがありません」と翻訳されます",
-    "This provider can't be unlinked": "このプロバイダーはリンク解除できません",
-    "You are not the global admin, you can't unlink other users": "あなたはグローバル管理者ではありません、他のユーザーとのリンクを解除することはできません",
-    "You can't unlink yourself, you are not a member of any application": "あなたは自分自身をアンリンクすることはできません、あなたはどのアプリケーションのメンバーでもありません"
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
   },
   "organization": {
-    "Only admin can modify the %s.": "管理者のみが%sを変更できます。",
-    "The %s is immutable.": "%sは不変です。",
-    "Unknown modify rule %s.": "未知の変更ルール%s。"
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
   },
   "provider": {
-    "Invalid application id": "アプリケーションIDが無効です",
-    "the provider: %s does not exist": "プロバイダー%sは存在しません"
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
   },
   "resource": {
-    "User is nil for tag: avatar": "ユーザーはタグ「アバター」に対してnilです",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "ユーザー名または完全なファイルパスが空です：ユーザー名 = %s、完全なファイルパス = %s"
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
   },
   "saml": {
-    "Application %s not found": "アプリケーション%sは見つかりません"
+    "Application %s not found": "Application %s not found"
   },
   "saml_sp": {
-    "provider %s's category is not SAML": "プロバイダ %s のカテゴリはSAMLではありません"
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
   },
   "service": {
-    "Empty parameters for emailForm: %v": "EmailFormの空のパラメーター：％v",
-    "Invalid Email receivers: %s": "無効な電子メール受信者：%s",
-    "Invalid phone receivers: %s": "電話受信者が無効です：%s"
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
   },
   "storage": {
-    "The objectKey: %s is not allowed": "オブジェクトキー %s は許可されていません",
-    "The provider type: %s is not supported": "プロバイダータイプ：%sはサポートされていません"
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
   },
   "token": {
-    "Empty clientId or clientSecret": "クライアントIDまたはクライアントシークレットが空です",
-    "Grant_type: %s is not supported in this application": "grant_type：%sはこのアプリケーションでサポートされていません",
-    "Invalid application or wrong clientSecret": "無効なアプリケーションまたは誤ったクライアントシークレットです",
-    "Invalid client_id": "client_idが無効です",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "リダイレクトURI：%sは許可されたリダイレクトURIリストに存在しません",
-    "Token not found, invalid accessToken": "トークンが見つかりません。無効なアクセストークンです"
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
   },
   "user": {
-    "Display name cannot be empty": "表示名は空にできません",
-    "New password cannot contain blank space.": "新しいパスワードにはスペースを含めることはできません。"
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "New password must have at least 6 characters": "New password must have at least 6 characters"
   },
   "user_upload": {
-    "Failed to import users": "ユーザーのインポートに失敗しました"
+    "Failed to import users": "Failed to import users"
   },
   "util": {
-    "No application is found for userId: %s": "ユーザーIDに対するアプリケーションが見つかりません： %s",
-    "No provider for category: %s is found for application: %s": "アプリケーション：%sのカテゴリ%sのプロバイダが見つかりません",
-    "The provider: %s is not found": "プロバイダー：%sが見つかりません"
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
   },
   "verification": {
-    "Code has not been sent yet!": "まだコードが送信されていません！",
-    "Invalid captcha provider.": "無効なCAPTCHAプロバイダー。",
-    "Phone number is invalid in your region %s": "電話番号はあなたの地域で無効です %s",
-    "Turing test failed.": "チューリングテストは失敗しました。",
-    "Unable to get the email modify rule.": "電子メール変更規則を取得できません。",
-    "Unable to get the phone modify rule.": "電話の変更ルールを取得できません。",
-    "Unknown type": "不明なタイプ",
-    "Wrong verification code!": "誤った検証コードです！",
-    "You should verify your code in %d min!": "あなたは%d分であなたのコードを確認する必要があります！",
-    "the user does not exist, please sign up first": "ユーザーは存在しません。まず登録してください"
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Email is invalid": "Email is invalid",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Organization does not exist": "Organization does not exist",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong parameter": "Wrong parameter",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
   },
   "webauthn": {
-    "Found no credentials for this user": "このユーザーの資格情報が見つかりませんでした",
-    "Please call WebAuthnSigninBegin first": "最初にWebAuthnSigninBeginを呼び出してください"
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
   }
 }

i18n/locales/ko/data.json

@@ -1,149 +1,146 @@
 {
   "account": {
-    "Failed to add user": "사용자 추가 실패",
-    "Get init score failed, error: %w": "초기 점수 획득 실패, 오류: %w",
-    "Please sign out first": "먼저 로그아웃해주세요",
-    "The application does not allow to sign up new account": "이 응용 프로그램은 새로운 계정 가입을 허용하지 않습니다"
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid information": "Invalid information",
+    "Please sign out first before signing in": "Please sign out first before signing in",
+    "Please sign out first before signing up": "Please sign out first before signing up",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
   },
   "auth": {
-    "Challenge method should be S256": "도전 방식은 S256이어야 합니다",
-    "Failed to create user, user information is invalid: %s": "사용자를 만들지 못했습니다. 사용자 정보가 잘못되었습니다: %s",
-    "Failed to login in: %s": "로그인에 실패했습니다.: %s",
-    "Invalid token": "유효하지 않은 토큰",
-    "State expected: %s, but got: %s": "예상한 상태: %s, 실제 상태: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "제공자 계정: %s와 사용자 이름: %s (%s)은(는) 존재하지 않으며 %%s를 통해 새 계정으로 가입하는 것이 허용되지 않습니다. 다른 방법으로 가입하십시오",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "공급자 계정 %s과 사용자 이름 %s (%s)는 존재하지 않으며 새 계정으로 등록할 수 없습니다. IT 지원팀에 문의하십시오",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "공급자 계정 %s과 사용자 이름 %s(%s)는 이미 다른 계정 %s(%s)에 연결되어 있습니다",
-    "The application: %s does not exist": "해당 애플리케이션(%s)이 존재하지 않습니다",
-    "The login method: login with password is not enabled for the application": "어플리케이션에서는 암호를 사용한 로그인 방법이 활성화되어 있지 않습니다",
-    "The provider: %s is not enabled for the application": "제공자 %s은(는) 응용 프로그램에서 활성화되어 있지 않습니다",
-    "Unauthorized operation": "무단 조작",
-    "Unknown authentication type (not password or provider), form = %s": "알 수 없는 인증 유형(암호 또는 공급자가 아님), 폼 = %s"
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider type: %s is not supported": "The provider type: %s is not supported",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "Turing test failed.": "Turing test failed.",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
   },
   "cas": {
-    "Service %s and %s do not match": "서비스 %s와 %s는 일치하지 않습니다"
-  },
-  "chat": {
-    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
-    "The chat: %s is not found": "The chat: %s is not found",
-    "The message is invalid": "The message is invalid",
-    "The message: %s is not found": "The message: %s is not found",
-    "The provider: %s is invalid": "The provider: %s is invalid",
-    "The provider: %s is not found": "The provider: %s is not found"
+    "Service %s and %s do not match": "Service %s and %s do not match"
   },
   "check": {
-    "Affiliation cannot be blank": "소속은 비워 둘 수 없습니다",
-    "DisplayName cannot be blank": "DisplayName는 비어 있을 수 없습니다",
-    "DisplayName is not valid real name": "DisplayName는 유효한 실제 이름이 아닙니다",
-    "Email already exists": "이메일이 이미 존재합니다",
-    "Email cannot be empty": "이메일은 비어 있을 수 없습니다",
-    "Email is invalid": "이메일이 유효하지 않습니다",
-    "Empty username.": "빈 사용자 이름.",
-    "FirstName cannot be blank": "이름은 공백일 수 없습니다",
-    "LDAP user name or password incorrect": "LDAP 사용자 이름 또는 암호가 잘못되었습니다",
-    "LastName cannot be blank": "성은 비어 있을 수 없습니다",
-    "Multiple accounts with same uid, please check your ldap server": "동일한 UID를 가진 여러 계정이 있습니다. LDAP 서버를 확인해주세요",
-    "Organization does not exist": "조직은 존재하지 않습니다",
-    "Password must have at least 6 characters": "암호는 적어도 6자 이상이어야 합니다",
-    "Phone already exists": "전화기는 이미 존재합니다",
-    "Phone cannot be empty": "전화는 비워 둘 수 없습니다",
-    "Phone number is invalid": "전화번호가 유효하지 않습니다",
-    "Session outdated, please login again": "세션이 만료되었습니다. 다시 로그인해주세요",
-    "The user is forbidden to sign in, please contact the administrator": "사용자는 로그인이 금지되어 있습니다. 관리자에게 문의하십시오",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "사용자 이름은 알파벳, 숫자, 밑줄 또는 하이픈만 포함할 수 있으며, 연속된 하이픈 또는 밑줄을 가질 수 없으며, 하이픈 또는 밑줄로 시작하거나 끝날 수 없습니다.",
-    "Username already exists": "사용자 이름이 이미 존재합니다",
-    "Username cannot be an email address": "사용자 이름은 이메일 주소가 될 수 없습니다",
-    "Username cannot contain white spaces": "사용자 이름에는 공백이 포함될 수 없습니다",
-    "Username cannot start with a digit": "사용자 이름은 숫자로 시작할 수 없습니다",
-    "Username is too long (maximum is 39 characters).": "사용자 이름이 너무 깁니다 (최대 39자).",
-    "Username must have at least 2 characters": "사용자 이름은 적어도 2개의 문자가 있어야 합니다",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "올바르지 않은 비밀번호나 코드를 여러 번 입력했습니다. %d분 동안 기다리신 후 다시 시도해주세요",
-    "Your region is not allow to signup by phone": "당신의 지역은 전화로 가입할 수 없습니다",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "암호 또는 코드가 올바르지 않습니다. %d번의 기회가 남아 있습니다",
-    "unsupported password type: %s": "지원되지 않는 암호 유형: %s"
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
   },
   "general": {
-    "Missing parameter": "누락된 매개변수",
-    "Please login first": "먼저 로그인 하십시오",
-    "The user: %s doesn't exist": "사용자 %s는 존재하지 않습니다",
-    "don't support captchaProvider: ": "CaptchaProvider를 지원하지 마세요",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "Missing parameter": "Missing parameter",
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "don't support captchaProvider: ": "don't support captchaProvider: "
   },
   "ldap": {
-    "Ldap server exist": "LDAP 서버가 존재합니다"
+    "Ldap server exist": "Ldap server exist"
   },
   "link": {
-    "Please link first": "먼저 링크해주세요",
-    "This application has no providers": "이 애플리케이션에는 제공자가 없습니다",
-    "This application has no providers of type": "이 응용 프로그램은 타입의 공급자가 없습니다",
-    "This provider can't be unlinked": "이 공급자는 연결이 해제될 수 없습니다",
-    "You are not the global admin, you can't unlink other users": "당신은 전역 관리자가 아니므로 다른 사용자와의 연결을 해제할 수 없습니다",
-    "You can't unlink yourself, you are not a member of any application": "당신은 어떤 애플리케이션의 회원이 아니기 때문에 스스로 링크를 해제할 수 없습니다"
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
   },
   "organization": {
-    "Only admin can modify the %s.": "관리자만 %s을(를) 수정할 수 있습니다.",
-    "The %s is immutable.": "%s 는 변경할 수 없습니다.",
-    "Unknown modify rule %s.": "미확인 수정 규칙 %s."
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
   },
   "provider": {
-    "Invalid application id": "잘못된 애플리케이션 ID입니다",
-    "the provider: %s does not exist": "제공자 %s가 존재하지 않습니다"
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
   },
   "resource": {
-    "User is nil for tag: avatar": "사용자는 아바타 태그에 대해 nil입니다",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "사용자 이름 또는 전체 파일 경로가 비어 있습니다: 사용자 이름 = %s, 전체 파일 경로 = %s"
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
   },
   "saml": {
-    "Application %s not found": "어플리케이션 %s을(를) 찾을 수 없습니다"
+    "Application %s not found": "Application %s not found"
   },
   "saml_sp": {
-    "provider %s's category is not SAML": "제공 업체 %s의 카테고리는 SAML이 아닙니다"
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
   },
   "service": {
-    "Empty parameters for emailForm: %v": "이메일 형식의 빈 매개 변수: %v",
-    "Invalid Email receivers: %s": "잘못된 이메일 수신자: %s",
-    "Invalid phone receivers: %s": "잘못된 전화 수신자: %s"
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
   },
   "storage": {
-    "The objectKey: %s is not allowed": "객체 키 : %s 는 허용되지 않습니다",
-    "The provider type: %s is not supported": "제공자 유형: %s은/는 지원되지 않습니다"
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
   },
   "token": {
-    "Empty clientId or clientSecret": "클라이언트 ID 또는 클라이언트 비밀번호가 비어 있습니다",
-    "Grant_type: %s is not supported in this application": "그랜트 유형: %s은(는) 이 어플리케이션에서 지원되지 않습니다",
-    "Invalid application or wrong clientSecret": "잘못된 어플리케이션 또는 올바르지 않은 클라이언트 시크릿입니다",
-    "Invalid client_id": "잘못된 클라이언트 ID입니다",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "허용된 Redirect URI 목록에서 %s이(가) 존재하지 않습니다",
-    "Token not found, invalid accessToken": "토큰을 찾을 수 없습니다. 잘못된 액세스 토큰입니다"
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
   },
   "user": {
-    "Display name cannot be empty": "디스플레이 이름은 비어 있을 수 없습니다",
-    "New password cannot contain blank space.": "새 비밀번호에는 공백이 포함될 수 없습니다."
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "New password must have at least 6 characters": "New password must have at least 6 characters"
   },
   "user_upload": {
-    "Failed to import users": "사용자 가져오기를 실패했습니다"
+    "Failed to import users": "Failed to import users"
   },
   "util": {
-    "No application is found for userId: %s": "어플리케이션을 찾을 수 없습니다. userId: %s",
-    "No provider for category: %s is found for application: %s": "어플리케이션 %s에서 %s 카테고리를 위한 공급자가 찾을 수 없습니다",
-    "The provider: %s is not found": "제공자: %s를 찾을 수 없습니다"
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
   },
   "verification": {
-    "Code has not been sent yet!": "코드는 아직 전송되지 않았습니다!",
-    "Invalid captcha provider.": "잘못된 captcha 제공자입니다.",
-    "Phone number is invalid in your region %s": "전화 번호가 당신의 지역 %s에서 유효하지 않습니다",
-    "Turing test failed.": "튜링 테스트 실패.",
-    "Unable to get the email modify rule.": "이메일 수정 규칙을 가져올 수 없습니다.",
-    "Unable to get the phone modify rule.": "전화 수정 규칙을 가져올 수 없습니다.",
-    "Unknown type": "알 수 없는 유형",
-    "Wrong verification code!": "잘못된 인증 코드입니다!",
-    "You should verify your code in %d min!": "당신은 %d분 안에 코드를 검증해야 합니다!",
-    "the user does not exist, please sign up first": "사용자가 존재하지 않습니다. 먼저 회원 가입 해주세요"
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Email is invalid": "Email is invalid",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Organization does not exist": "Organization does not exist",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong parameter": "Wrong parameter",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
   },
   "webauthn": {
-    "Found no credentials for this user": "이 사용자의 자격 증명을 찾을 수 없습니다",
-    "Please call WebAuthnSigninBegin first": "WebAuthnSigninBegin을 먼저 호출해주세요"
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
   }
 }

i18n/locales/pt/data.json

@@ -1,149 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Failed to add user",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "chat": {
-    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
-    "The chat: %s is not found": "The chat: %s is not found",
-    "The message is invalid": "The message is invalid",
-    "The message: %s is not found": "The message: %s is not found",
-    "The provider: %s is invalid": "The provider: %s is invalid",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong verification code!": "Wrong verification code!",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}

i18n/locales/ru/data.json

@@ -1,149 +1,146 @@
 {
   "account": {
-    "Failed to add user": "Не удалось добавить пользователя",
-    "Get init score failed, error: %w": "Не удалось получить исходный балл, ошибка: %w",
-    "Please sign out first": "Пожалуйста, сначала выйдите из системы",
-    "The application does not allow to sign up new account": "Приложение не позволяет зарегистрироваться новому аккаунту"
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid information": "Invalid information",
+    "Please sign out first before signing in": "Please sign out first before signing in",
+    "Please sign out first before signing up": "Please sign out first before signing up",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
   },
   "auth": {
-    "Challenge method should be S256": "Метод испытаний должен быть S256",
-    "Failed to create user, user information is invalid: %s": "Не удалось создать пользователя, информация о пользователе недействительна: %s",
-    "Failed to login in: %s": "Не удалось войти в систему: %s",
-    "Invalid token": "Недействительный токен",
-    "State expected: %s, but got: %s": "Ожидался статус: %s, но получен: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Аккаунт провайдера: %s и имя пользователя: %s (%s) не существует и не может быть зарегистрирован через %%s, пожалуйста, используйте другой способ регистрации",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Аккаунт для провайдера: %s и имя пользователя: %s (%s) не существует и не может быть зарегистрирован как новый аккаунт. Пожалуйста, обратитесь в службу поддержки IT",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Аккаунт поставщика: %s и имя пользователя: %s (%s) уже связаны с другим аккаунтом: %s (%s)",
-    "The application: %s does not exist": "Приложение: %s не существует",
-    "The login method: login with password is not enabled for the application": "Метод входа: вход с паролем не включен для приложения",
-    "The provider: %s is not enabled for the application": "Провайдер: %s не включен для приложения",
-    "Unauthorized operation": "Несанкционированная операция",
-    "Unknown authentication type (not password or provider), form = %s": "Неизвестный тип аутентификации (не пароль и не провайдер), форма = %s"
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider type: %s is not supported": "The provider type: %s is not supported",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "Turing test failed.": "Turing test failed.",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
   },
   "cas": {
-    "Service %s and %s do not match": "Сервисы %s и %s не совпадают"
-  },
-  "chat": {
-    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
-    "The chat: %s is not found": "The chat: %s is not found",
-    "The message is invalid": "The message is invalid",
-    "The message: %s is not found": "The message: %s is not found",
-    "The provider: %s is invalid": "The provider: %s is invalid",
-    "The provider: %s is not found": "The provider: %s is not found"
+    "Service %s and %s do not match": "Service %s and %s do not match"
   },
   "check": {
-    "Affiliation cannot be blank": "Принадлежность не может быть пустым значением",
-    "DisplayName cannot be blank": "Имя отображения не может быть пустым",
-    "DisplayName is not valid real name": "DisplayName не является действительным именем",
-    "Email already exists": "Электронная почта уже существует",
-    "Email cannot be empty": "Электронная почта не может быть пустой",
-    "Email is invalid": "Адрес электронной почты недействительный",
-    "Empty username.": "Пустое имя пользователя.",
-    "FirstName cannot be blank": "Имя не может быть пустым",
-    "LDAP user name or password incorrect": "Неправильное имя пользователя или пароль Ldap",
-    "LastName cannot be blank": "Фамилия не может быть пустой",
-    "Multiple accounts with same uid, please check your ldap server": "Множественные учетные записи с тем же UID. Пожалуйста, проверьте свой сервер LDAP",
-    "Organization does not exist": "Организация не существует",
-    "Password must have at least 6 characters": "Пароль должен содержать не менее 6 символов",
-    "Phone already exists": "Телефон уже существует",
-    "Phone cannot be empty": "Телефон не может быть пустым",
-    "Phone number is invalid": "Номер телефона является недействительным",
-    "Session outdated, please login again": "Сессия устарела, пожалуйста, войдите снова",
-    "The user is forbidden to sign in, please contact the administrator": "Пользователю запрещен вход, пожалуйста, обратитесь к администратору",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Имя пользователя может состоять только из буквенно-цифровых символов, нижних подчеркиваний или дефисов, не может содержать последовательные дефисы или подчеркивания, а также не может начинаться или заканчиваться на дефис или подчеркивание.",
-    "Username already exists": "Имя пользователя уже существует",
-    "Username cannot be an email address": "Имя пользователя не может быть адресом электронной почты",
-    "Username cannot contain white spaces": "Имя пользователя не может содержать пробелы",
-    "Username cannot start with a digit": "Имя пользователя не может начинаться с цифры",
-    "Username is too long (maximum is 39 characters).": "Имя пользователя слишком длинное (максимальная длина - 39 символов).",
-    "Username must have at least 2 characters": "Имя пользователя должно содержать не менее 2 символов",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Вы ввели неправильный пароль или код слишком много раз, пожалуйста, подождите %d минут и попробуйте снова",
-    "Your region is not allow to signup by phone": "Ваш регион не разрешает регистрацию по телефону",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "Неправильный пароль или код, у вас осталось %d попыток",
-    "unsupported password type: %s": "неподдерживаемый тип пароля: %s"
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
   },
   "general": {
-    "Missing parameter": "Отсутствующий параметр",
-    "Please login first": "Пожалуйста, сначала войдите в систему",
-    "The user: %s doesn't exist": "Пользователь %s не существует",
-    "don't support captchaProvider: ": "не поддерживайте captchaProvider:",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "Missing parameter": "Missing parameter",
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "don't support captchaProvider: ": "don't support captchaProvider: "
   },
   "ldap": {
-    "Ldap server exist": "LDAP-сервер существует"
+    "Ldap server exist": "Ldap server exist"
   },
   "link": {
-    "Please link first": "Пожалуйста, сначала установите ссылку",
-    "This application has no providers": "Это приложение не имеет провайдеров",
-    "This application has no providers of type": "Это приложение не имеет провайдеров данного типа",
-    "This provider can't be unlinked": "Этот провайдер не может быть отсоединен",
-    "You are not the global admin, you can't unlink other users": "Вы не являетесь глобальным администратором, вы не можете отсоединять других пользователей",
-    "You can't unlink yourself, you are not a member of any application": "Вы не можете отвязаться, так как вы не являетесь участником никакого приложения"
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
   },
   "organization": {
-    "Only admin can modify the %s.": "Только администратор может изменять %s.",
-    "The %s is immutable.": "%s неизменяемый.",
-    "Unknown modify rule %s.": "Неизвестное изменение правила %s."
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
   },
   "provider": {
-    "Invalid application id": "Неверный идентификатор приложения",
-    "the provider: %s does not exist": "провайдер: %s не существует"
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
   },
   "resource": {
-    "User is nil for tag: avatar": "Пользователь равен нулю для тега: аватар",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Имя пользователя или полный путь к файлу пусты: имя_пользователя = %s, полный_путь_к_файлу = %s"
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
   },
   "saml": {
-    "Application %s not found": "Приложение %s не найдено"
+    "Application %s not found": "Application %s not found"
   },
   "saml_sp": {
-    "provider %s's category is not SAML": "категория провайдера %s не является SAML"
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
   },
   "service": {
-    "Empty parameters for emailForm: %v": "Пустые параметры для emailForm: %v",
-    "Invalid Email receivers: %s": "Некорректные получатели электронной почты: %s",
-    "Invalid phone receivers: %s": "Некорректные получатели телефонных звонков: %s"
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
   },
   "storage": {
-    "The objectKey: %s is not allowed": "Объект «objectKey: %s» не разрешен",
-    "The provider type: %s is not supported": "Тип поставщика: %s не поддерживается"
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
   },
   "token": {
-    "Empty clientId or clientSecret": "Пустой идентификатор клиента или секрет клиента",
-    "Grant_type: %s is not supported in this application": "Тип предоставления: %s не поддерживается в данном приложении",
-    "Invalid application or wrong clientSecret": "Недействительное приложение или неправильный clientSecret",
-    "Invalid client_id": "Недействительный идентификатор клиента",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "URI перенаправления: %s не существует в списке разрешенных URI перенаправления",
-    "Token not found, invalid accessToken": "Токен не найден, недействительный accessToken"
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
   },
   "user": {
-    "Display name cannot be empty": "Отображаемое имя не может быть пустым",
-    "New password cannot contain blank space.": "Новый пароль не может содержать пробелы."
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "New password must have at least 6 characters": "New password must have at least 6 characters"
   },
   "user_upload": {
-    "Failed to import users": "Не удалось импортировать пользователей"
+    "Failed to import users": "Failed to import users"
   },
   "util": {
-    "No application is found for userId: %s": "Не найдено заявки для пользователя с идентификатором: %s",
-    "No provider for category: %s is found for application: %s": "Нет поставщика для категории: %s для приложения: %s",
-    "The provider: %s is not found": "Поставщик: %s не найден"
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
   },
   "verification": {
-    "Code has not been sent yet!": "Код еще не был отправлен!",
-    "Invalid captcha provider.": "Недействительный поставщик CAPTCHA.",
-    "Phone number is invalid in your region %s": "Номер телефона недействителен в вашем регионе %s",
-    "Turing test failed.": "Тест Тьюринга не удался.",
-    "Unable to get the email modify rule.": "Невозможно получить правило изменения электронной почты.",
-    "Unable to get the phone modify rule.": "Невозможно получить правило изменения телефона.",
-    "Unknown type": "Неизвестный тип",
-    "Wrong verification code!": "Неправильный код подтверждения!",
-    "You should verify your code in %d min!": "Вы должны проверить свой код через %d минут!",
-    "the user does not exist, please sign up first": "Пользователь не существует, пожалуйста, сначала зарегистрируйтесь"
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Email is invalid": "Email is invalid",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Organization does not exist": "Organization does not exist",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong parameter": "Wrong parameter",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
   },
   "webauthn": {
-    "Found no credentials for this user": "Не найдено учетных данных для этого пользователя",
-    "Please call WebAuthnSigninBegin first": "Пожалуйста, сначала вызовите WebAuthnSigninBegin"
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
   }
 }

i18n/locales/vi/data.json

@@ -1,149 +1,146 @@
 {
   "account": {
-    "Failed to add user": "Không thể thêm người dùng",
-    "Get init score failed, error: %w": "Lấy điểm khởi đầu thất bại, lỗi: %w",
-    "Please sign out first": "Vui lòng đăng xuất trước",
-    "The application does not allow to sign up new account": "Ứng dụng không cho phép đăng ký tài khoản mới"
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Invalid information": "Invalid information",
+    "Please sign out first before signing in": "Please sign out first before signing in",
+    "Please sign out first before signing up": "Please sign out first before signing up",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
   },
   "auth": {
-    "Challenge method should be S256": "Phương pháp thách thức nên là S256",
-    "Failed to create user, user information is invalid: %s": "Không thể tạo người dùng, thông tin người dùng không hợp lệ: %s",
-    "Failed to login in: %s": "Đăng nhập không thành công: %s",
-    "Invalid token": "Mã thông báo không hợp lệ",
-    "State expected: %s, but got: %s": "Trạng thái dự kiến: %s, nhưng nhận được: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "Tài khoản cho nhà cung cấp: %s và tên người dùng: %s (%s) không tồn tại và không được phép đăng ký làm tài khoản mới qua %%s, vui lòng sử dụng cách khác để đăng ký",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "Tài khoản cho nhà cung cấp: %s và tên người dùng: %s (%s) không tồn tại và không được phép đăng ký như một tài khoản mới, vui lòng liên hệ với bộ phận hỗ trợ công nghệ thông tin của bạn",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "Tài khoản cho nhà cung cấp: %s và tên người dùng: %s (%s) đã được liên kết với tài khoản khác: %s (%s)",
-    "The application: %s does not exist": "Ứng dụng: %s không tồn tại",
-    "The login method: login with password is not enabled for the application": "Phương thức đăng nhập: đăng nhập bằng mật khẩu không được kích hoạt cho ứng dụng",
-    "The provider: %s is not enabled for the application": "Nhà cung cấp: %s không được kích hoạt cho ứng dụng",
-    "Unauthorized operation": "Hoạt động không được ủy quyền",
-    "Unknown authentication type (not password or provider), form = %s": "Loại xác thực không xác định (không phải mật khẩu hoặc nhà cung cấp), biểu mẫu = %s"
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider type: %s is not supported": "The provider type: %s is not supported",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "Turing test failed.": "Turing test failed.",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
   },
   "cas": {
-    "Service %s and %s do not match": "Dịch sang tiếng Việt: Dịch vụ %s và %s không khớp"
-  },
-  "chat": {
-    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
-    "The chat: %s is not found": "The chat: %s is not found",
-    "The message is invalid": "The message is invalid",
-    "The message: %s is not found": "The message: %s is not found",
-    "The provider: %s is invalid": "The provider: %s is invalid",
-    "The provider: %s is not found": "The provider: %s is not found"
+    "Service %s and %s do not match": "Service %s and %s do not match"
   },
   "check": {
-    "Affiliation cannot be blank": "Tình trạng liên kết không thể để trống",
-    "DisplayName cannot be blank": "Tên hiển thị không thể để trống",
-    "DisplayName is not valid real name": "DisplayName không phải là tên thật hợp lệ",
-    "Email already exists": "Email đã tồn tại",
-    "Email cannot be empty": "Email không thể để trống",
-    "Email is invalid": "Địa chỉ email không hợp lệ",
-    "Empty username.": "Tên đăng nhập trống.",
-    "FirstName cannot be blank": "Tên không được để trống",
-    "LDAP user name or password incorrect": "Tên người dùng hoặc mật khẩu Ldap không chính xác",
-    "LastName cannot be blank": "Họ không thể để trống",
-    "Multiple accounts with same uid, please check your ldap server": "Nhiều tài khoản với cùng một uid, vui lòng kiểm tra máy chủ ldap của bạn",
-    "Organization does not exist": "Tổ chức không tồn tại",
-    "Password must have at least 6 characters": "Mật khẩu phải ít nhất 6 ký tự",
-    "Phone already exists": "Điện thoại đã tồn tại",
-    "Phone cannot be empty": "Điện thoại không thể để trống",
-    "Phone number is invalid": "Số điện thoại không hợp lệ",
-    "Session outdated, please login again": "Phiên làm việc hết hạn, vui lòng đăng nhập lại",
-    "The user is forbidden to sign in, please contact the administrator": "Người dùng bị cấm đăng nhập, vui lòng liên hệ với quản trị viên",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Tên người dùng chỉ có thể chứa các ký tự chữ và số, gạch dưới hoặc gạch ngang, không được có hai ký tự gạch dưới hoặc gạch ngang liền kề và không được bắt đầu hoặc kết thúc bằng dấu gạch dưới hoặc gạch ngang.",
-    "Username already exists": "Tên đăng nhập đã tồn tại",
-    "Username cannot be an email address": "Tên người dùng không thể là địa chỉ email",
-    "Username cannot contain white spaces": "Tên người dùng không thể chứa khoảng trắng",
-    "Username cannot start with a digit": "Tên người dùng không thể bắt đầu bằng chữ số",
-    "Username is too long (maximum is 39 characters).": "Tên đăng nhập quá dài (tối đa là 39 ký tự).",
-    "Username must have at least 2 characters": "Tên đăng nhập phải có ít nhất 2 ký tự",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Bạn đã nhập sai mật khẩu hoặc mã quá nhiều lần, vui lòng đợi %d phút và thử lại",
-    "Your region is not allow to signup by phone": "Vùng của bạn không được phép đăng ký bằng điện thoại",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "Mật khẩu hoặc mã không chính xác, bạn còn %d lần cơ hội",
-    "unsupported password type: %s": "Loại mật khẩu không được hỗ trợ: %s"
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Ldap user name or password incorrect": "Ldap user name or password incorrect",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
   },
   "general": {
-    "Missing parameter": "Thiếu tham số",
-    "Please login first": "Vui lòng đăng nhập trước",
-    "The user: %s doesn't exist": "Người dùng: %s không tồn tại",
-    "don't support captchaProvider: ": "không hỗ trợ captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "Missing parameter": "Missing parameter",
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "don't support captchaProvider: ": "don't support captchaProvider: "
   },
   "ldap": {
-    "Ldap server exist": "Máy chủ LDAP tồn tại"
+    "Ldap server exist": "Ldap server exist"
   },
   "link": {
-    "Please link first": "Vui lòng kết nối trước tiên",
-    "This application has no providers": "Ứng dụng này không có nhà cung cấp",
-    "This application has no providers of type": "Ứng dụng này không có nhà cung cấp loại nào",
-    "This provider can't be unlinked": "Nhà cung cấp này không thể được tách ra",
-    "You are not the global admin, you can't unlink other users": "Bạn không phải là quản trị viên toàn cầu, bạn không thể hủy liên kết người dùng khác",
-    "You can't unlink yourself, you are not a member of any application": "Bạn không thể hủy liên kết của mình, bởi vì bạn không phải là thành viên của bất kỳ ứng dụng nào"
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
   },
   "organization": {
-    "Only admin can modify the %s.": "Chỉ những người quản trị mới có thể sửa đổi %s.",
-    "The %s is immutable.": "%s không thể thay đổi được.",
-    "Unknown modify rule %s.": "Quy tắc thay đổi không xác định %s."
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
   },
   "provider": {
-    "Invalid application id": "Sai ID ứng dụng",
-    "the provider: %s does not exist": "Nhà cung cấp: %s không tồn tại"
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
   },
   "resource": {
-    "User is nil for tag: avatar": "Người dùng không có giá trị cho thẻ: hình đại diện",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Tên người dùng hoặc đường dẫn tệp đầy đủ trống: tên người dùng = %s, đường dẫn tệp đầy đủ = %s"
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
   },
   "saml": {
-    "Application %s not found": "Ứng dụng %s không tìm thấy"
+    "Application %s not found": "Application %s not found"
   },
   "saml_sp": {
-    "provider %s's category is not SAML": "Danh mục của nhà cung cấp %s không phải là SAML"
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
   },
   "service": {
-    "Empty parameters for emailForm: %v": "Tham số trống cho emailForm: %v",
-    "Invalid Email receivers: %s": "Người nhận Email không hợp lệ: %s",
-    "Invalid phone receivers: %s": "Người nhận điện thoại không hợp lệ: %s"
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
   },
   "storage": {
-    "The objectKey: %s is not allowed": "Khóa đối tượng: %s không được phép",
-    "The provider type: %s is not supported": "Loại nhà cung cấp: %s không được hỗ trợ"
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
   },
   "token": {
-    "Empty clientId or clientSecret": "ClientId hoặc clientSecret trống",
-    "Grant_type: %s is not supported in this application": "Loại cấp phép: %s không được hỗ trợ trong ứng dụng này",
-    "Invalid application or wrong clientSecret": "Đơn đăng ký không hợp lệ hoặc sai clientSecret",
-    "Invalid client_id": "Client_id không hợp lệ",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Đường dẫn chuyển hướng URI: %s không tồn tại trong danh sách URI được phép chuyển hướng",
-    "Token not found, invalid accessToken": "Token không tìm thấy, accessToken không hợp lệ"
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
   },
   "user": {
-    "Display name cannot be empty": "Tên hiển thị không thể trống",
-    "New password cannot contain blank space.": "Mật khẩu mới không thể chứa dấu trắng."
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "New password must have at least 6 characters": "New password must have at least 6 characters"
   },
   "user_upload": {
-    "Failed to import users": "Không thể nhập người dùng"
+    "Failed to import users": "Failed to import users"
   },
   "util": {
-    "No application is found for userId: %s": "Không tìm thấy ứng dụng cho ID người dùng: %s",
-    "No provider for category: %s is found for application: %s": "Không tìm thấy nhà cung cấp cho danh mục: %s cho ứng dụng: %s",
-    "The provider: %s is not found": "Nhà cung cấp: %s không được tìm thấy"
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
   },
   "verification": {
-    "Code has not been sent yet!": "Mã chưa được gửi đến!",
-    "Invalid captcha provider.": "Nhà cung cấp captcha không hợp lệ.",
-    "Phone number is invalid in your region %s": "Số điện thoại không hợp lệ trong vùng của bạn %s",
-    "Turing test failed.": "Kiểm định Turing thất bại.",
-    "Unable to get the email modify rule.": "Không thể lấy quy tắc sửa đổi email.",
-    "Unable to get the phone modify rule.": "Không thể thay đổi quy tắc trên điện thoại.",
-    "Unknown type": "Loại không xác định",
-    "Wrong verification code!": "Mã xác thực sai!",
-    "You should verify your code in %d min!": "Bạn nên kiểm tra mã của mình trong %d phút!",
-    "the user does not exist, please sign up first": "Người dùng không tồn tại, vui lòng đăng ký trước"
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Email is invalid": "Email is invalid",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Organization does not exist": "Organization does not exist",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong parameter": "Wrong parameter",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
   },
   "webauthn": {
-    "Found no credentials for this user": "Không tìm thấy thông tin xác thực cho người dùng này",
-    "Please call WebAuthnSigninBegin first": "Vui lòng gọi WebAuthnSigninBegin trước"
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
   }
 }

i18n/locales/zh/data.json

@@ -1,35 +1,31 @@
 {
   "account": {
-    "Failed to add user": "添加用户失败",
     "Get init score failed, error: %w": "初始化分数失败: %w",
-    "Please sign out first": "请先退出登录",
+    "Invalid information": "无效信息",
+    "Please sign out first before signing in": "请在登录前先退出登录",
+    "Please sign out first before signing up": "请在注册前先退出登录",
     "The application does not allow to sign up new account": "该应用不允许注册新用户"
   },
   "auth": {
-    "Challenge method should be S256": "Challenge方法应该为S256",
+    "Challenge method should be S256": "Challenge 方法应该为 S256",
     "Failed to create user, user information is invalid: %s": "创建用户失败，用户信息无效: %s",
     "Failed to login in: %s": "登录失败: %s",
     "Invalid token": "无效token",
     "State expected: %s, but got: %s": "期望状态为: %s, 实际状态为: %s",
     "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "提供商账户: %s 与用户名: %s (%s) 不存在且 不允许通过 %s 注册新账户, 请使用其他方式注册",
     "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "提供商账户: %s 与用户名: %s (%s) 不存在且 不允许注册新账户, 请联系IT支持",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "提供商账户: %s与用户名: %s (%s)已经与其他账户绑定: %s (%s)",
-    "The application: %s does not exist": "应用%s不存在",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "提供商账户: %s 与用户名: %s (%s) 已经与其他账户绑定: %s (%s)",
+    "The application: %s does not exist": "应用 %s 不存在",
     "The login method: login with password is not enabled for the application": "该应用禁止采用密码登录方式",
-    "The provider: %s is not enabled for the application": "该应用的提供商: %s未被启用",
+    "The provider type: %s is not supported": "不支持该类型的提供商: %s",
+    "The provider: %s is not enabled for the application": "该应用的提供商: %s 未被启用",
+    "The user is forbidden to sign in, please contact the administrator": "该用户被禁止登录，请联系管理员",
+    "Turing test failed.": "人机验证失败",
     "Unauthorized operation": "未授权的操作",
     "Unknown authentication type (not password or provider), form = %s": "未知的认证类型（非密码或第三方提供商）：%s"
   },
   "cas": {
-    "Service %s and %s do not match": "服务%s与%s不匹配"
-  },
-  "chat": {
-    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
-    "The chat: %s is not found": "The chat: %s is not found",
-    "The message is invalid": "The message is invalid",
-    "The message: %s is not found": "The message: %s is not found",
-    "The provider: %s is invalid": "The provider: %s is invalid",
-    "The provider: %s is not found": "The provider: %s is not found"
+    "Service %s and %s do not match": "服务 %s 与 %s 不匹配"
   },
   "check": {
     "Affiliation cannot be blank": "工作单位不可为空",
@@ -40,8 +36,8 @@
     "Email is invalid": "无效邮箱",
     "Empty username.": "用户名不可为空",
     "FirstName cannot be blank": "名不可以为空",
-    "LDAP user name or password incorrect": "LDAP密码错误",
     "LastName cannot be blank": "姓不可以为空",
+    "Ldap user name or password incorrect": "LDAP密码错误",
     "Multiple accounts with same uid, please check your ldap server": "多个帐户具有相同的uid，请检查您的 LDAP 服务器",
     "Organization does not exist": "组织不存在",
     "Password must have at least 6 characters": "新密码至少为6位",
@@ -50,7 +46,6 @@
     "Phone number is invalid": "无效手机号",
     "Session outdated, please login again": "会话已过期，请重新登录",
     "The user is forbidden to sign in, please contact the administrator": "该用户被禁止登录，请联系管理员",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
     "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "用户名只能包含字母数字字符、下划线或连字符，不能有连续的连字符或下划线，也不能以连字符或下划线开头或结尾",
     "Username already exists": "用户名已存在",
     "Username cannot be an email address": "用户名不可以是邮箱地址",
@@ -60,16 +55,14 @@
     "Username must have at least 2 characters": "用户名至少要有2个字符",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "密码错误次数已达上限，请在 %d 分后重试",
     "Your region is not allow to signup by phone": "所在地区不支持手机号注册",
-    "password or code is incorrect": "密码错误",
     "password or code is incorrect, you have %d remaining chances": "密码错误，您还有 %d 次尝试的机会",
     "unsupported password type: %s": "不支持的密码类型: %s"
   },
   "general": {
     "Missing parameter": "缺少参数",
     "Please login first": "请先登录",
-    "The user: %s doesn't exist": "用户: %s不存在",
-    "don't support captchaProvider: ": "不支持验证码提供商: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "The user: %s doesn't exist": "用户: %s 不存在",
+    "don't support captchaProvider: ": "不支持验证码提供商: "
   },
   "ldap": {
     "Ldap server exist": "LDAP服务器已存在"
@@ -83,13 +76,13 @@
     "You can't unlink yourself, you are not a member of any application": "您无法自行解绑，您不是任何应用程序的成员"
   },
   "organization": {
-    "Only admin can modify the %s.": "仅允许管理员可以修改%s",
+    "Only admin can modify the %s.": "仅允许管理员可以修改 %s",
     "The %s is immutable.": "%s 是不可变的",
     "Unknown modify rule %s.": "未知的修改规则: %s"
   },
   "provider": {
     "Invalid application id": "无效的应用ID",
-    "the provider: %s does not exist": "提供商: %s不存在"
+    "the provider: %s does not exist": "提供商: %s 不存在"
   },
   "resource": {
     "User is nil for tag: avatar": "上传头像时用户为空",
@@ -99,15 +92,15 @@
     "Application %s not found": "未找到应用: %s"
   },
   "saml_sp": {
-    "provider %s's category is not SAML": "提供商: %s不是SAML类型"
+    "provider %s's category is not SAML": "提供商: %s 不是SAML类型"
   },
   "service": {
     "Empty parameters for emailForm: %v": "邮件参数为空: %v",
-    "Invalid Email receivers: %s": "无效的邮箱收件人: %s",
+    "Invalid Email receivers: %s": " 无效的邮箱收件人: %s",
     "Invalid phone receivers: %s": "无效的手机短信收信人: %s"
   },
   "storage": {
-    "The objectKey: %s is not allowed": "objectKey: %s被禁止",
+    "The objectKey: %s is not allowed": "objectKey: %s 被禁止",
     "The provider type: %s is not supported": "不支持的提供商类型: %s"
   },
   "token": {
@@ -115,35 +108,39 @@
     "Grant_type: %s is not supported in this application": "该应用不支持Grant_type: %s",
     "Invalid application or wrong clientSecret": "无效应用或错误的clientSecret",
     "Invalid client_id": "无效的ClientId",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "重定向 URI：%s在许可跳转列表中未找到",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "重定向 URI：%s 在许可跳转列表中未找到",
     "Token not found, invalid accessToken": "未查询到对应token, accessToken无效"
   },
   "user": {
     "Display name cannot be empty": "显示名称不可为空",
-    "New password cannot contain blank space.": "新密码不可以包含空格"
+    "New password cannot contain blank space.": "新密码不可以包含空格",
+    "New password must have at least 6 characters": "新密码至少需要6位字符"
   },
   "user_upload": {
     "Failed to import users": "导入用户失败"
   },
   "util": {
-    "No application is found for userId: %s": "未找到用户: %s的应用",
-    "No provider for category: %s is found for application: %s": "未找到类别为: %s的提供商来满足应用: %s",
+    "No application is found for userId: %s": "未找到用户: %s 的应用",
+    "No provider for category: %s is found for application: %s": "未找到类别为: %s 的提供商来满足应用: %s",
     "The provider: %s is not found": "未找到提供商: %s"
   },
   "verification": {
     "Code has not been sent yet!": "验证码还未发送",
+    "Email is invalid": "非法的邮箱",
     "Invalid captcha provider.": "非法的验证码提供商",
+    "Organization does not exist": "组织不存在",
     "Phone number is invalid in your region %s": "您所在地区的电话号码无效 %s",
     "Turing test failed.": "验证码还未发送",
     "Unable to get the email modify rule.": "无法获取邮箱修改规则",
     "Unable to get the phone modify rule.": "无法获取手机号修改规则",
     "Unknown type": "未知类型",
+    "Wrong parameter": "参数错误",
     "Wrong verification code!": "验证码错误!",
     "You should verify your code in %d min!": "请在 %d 分钟内输入正确验证码",
     "the user does not exist, please sign up first": "用户不存在，请先注册"
   },
   "webauthn": {
     "Found no credentials for this user": "该用户没有 WebAuthn 凭据",
-    "Please call WebAuthnSigninBegin first": "请先调用WebAuthnSigninBegin函数"
+    "Please call WebAuthnSigninBegin first": "请先调用 WebAuthnSigninBegin"
   }
 }

i18n/util.go

@@ -73,29 +73,21 @@ func applyData(data1 *I18nData, data2 *I18nData) {
 	}
 }
 
-func Translate(language string, errorText string) string {
-	tokens := strings.SplitN(errorText, ":", 2)
-	if !strings.Contains(errorText, ":") || len(tokens) != 2 {
-		return fmt.Sprintf("Translate error: the error text doesn't contain \":\", errorText = %s", errorText)
+func Translate(lang string, error string) string {
+	parts := strings.SplitN(error, ":", 2)
+	if !strings.Contains(error, ":") || len(parts) != 2 {
+		return "Translate Error: " + error
 	}
-
-	if langMap[language] == nil {
-		file, err := f.ReadFile(fmt.Sprintf("locales/%s/data.json", language))
-		if err != nil {
-			return fmt.Sprintf("Translate error: the language \"%s\" is not supported, err = %s", language, err.Error())
-		}
-
+	if langMap[lang] != nil {
+		return langMap[lang][parts[0]][parts[1]]
+	} else {
+		file, _ := f.ReadFile("locales/" + lang + "/data.json")
 		data := I18nData{}
-		err = util.JsonToStruct(string(file), &data)
+		err := util.JsonToStruct(string(file), &data)
 		if err != nil {
 			panic(err)
 		}
-		langMap[language] = data
+		langMap[lang] = data
+		return langMap[lang][parts[0]][parts[1]]
 	}
-
-	res := langMap[language][tokens[0]][tokens[1]]
-	if res == "" {
-		res = tokens[1]
-	}
-	return res
 }

idp/casdoor.go

@@ -16,7 +16,6 @@ package idp
 
 import (
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -84,7 +83,7 @@ func (idp *CasdoorIdProvider) GetToken(code string) (*oauth2.Token, error) {
 
 	// check if token is expired
 	if pToken.ExpiresIn <= 0 {
-		return nil, errors.New(pToken.AccessToken)
+		return nil, fmt.Errorf("%s", pToken.AccessToken)
 	}
 	token := &oauth2.Token{
 		AccessToken: pToken.AccessToken,
@@ -109,8 +108,8 @@ func (idp *CasdoorIdProvider) GetToken(code string) (*oauth2.Token, error) {
 
 type CasdoorUserInfo struct {
 	Id          string `json:"sub"`
-	Name        string `json:"preferred_username,omitempty"`
-	DisplayName string `json:"name"`
+	Name        string `json:"name"`
+	DisplayName string `json:"preferred_username"`
 	Email       string `json:"email"`
 	AvatarUrl   string `json:"picture"`
 	Status      string `json:"status"`

idp/custom.go

@@ -61,8 +61,8 @@ func (idp *CustomIdProvider) GetToken(code string) (*oauth2.Token, error) {
 
 type CustomUserInfo struct {
 	Id          string `json:"sub"`
-	Name        string `json:"preferred_username,omitempty"`
-	DisplayName string `json:"name"`
+	Name        string `json:"name"`
+	DisplayName string `json:"preferred_username"`
 	Email       string `json:"email"`
 	AvatarUrl   string `json:"picture"`
 	Status      string `json:"status"`

idp/dingtalk.go

@@ -23,7 +23,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/casdoor/casdoor/util"
 	"golang.org/x/oauth2"
 )
 
@@ -126,8 +125,8 @@ type DingTalkUserResponse struct {
 	UnionId   string `json:"unionId"`
 	AvatarUrl string `json:"avatarUrl"`
 	Email     string `json:"email"`
-	Mobile    string `json:"mobile"`
-	StateCode string `json:"stateCode"`
+	Errmsg    string `json:"message"`
+	Errcode   string `json:"code"`
 }
 
 // GetUserInfo Use  access_token to get UserInfo
@@ -157,9 +156,8 @@ func (idp *DingTalkIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, erro
 		return nil, err
 	}
 
-	countryCode, err := util.GetCountryCode(dtUserInfo.StateCode, dtUserInfo.Mobile)
-	if err != nil {
-		return nil, err
+	if dtUserInfo.Errmsg != "" {
+		return nil, fmt.Errorf("userIdResp.Errcode = %s, userIdResp.Errmsg = %s", dtUserInfo.Errcode, dtUserInfo.Errmsg)
 	}
 
 	userInfo := UserInfo{
@@ -168,8 +166,6 @@ func (idp *DingTalkIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, erro
 		DisplayName: dtUserInfo.Nick,
 		UnionId:     dtUserInfo.UnionId,
 		Email:       dtUserInfo.Email,
-		Phone:       dtUserInfo.Mobile,
-		CountryCode: countryCode,
 		AvatarUrl:   dtUserInfo.AvatarUrl,
 	}
 
@@ -179,19 +175,9 @@ func (idp *DingTalkIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, erro
 		return nil, err
 	}
 
-	corpMobile, corpEmail, jobNumber, err := idp.getUserCorpEmail(userId, corpAccessToken)
-	if err == nil {
-		if corpMobile != "" {
-			userInfo.Phone = corpMobile
-		}
-
-		if corpEmail != "" {
-			userInfo.Email = corpEmail
-		}
-
-		if jobNumber != "" {
-			userInfo.Username = jobNumber
-		}
+	corpEmail, err := idp.getUserCorpEmail(userId, corpAccessToken)
+	if err == nil && corpEmail != "" {
+		userInfo.Email = corpEmail
 	}
 
 	return &userInfo, nil
@@ -261,36 +247,33 @@ func (idp *DingTalkIdProvider) getUserId(unionId string, accessToken string) (st
 		return "", err
 	}
 	if data.ErrCode == 60121 {
-		return "", fmt.Errorf("该应用只允许本企业内部用户登录，您不属于该企业，无法登录")
+		return "", fmt.Errorf("the user is not found in the organization where clientId and clientSecret belong")
 	} else if data.ErrCode != 0 {
 		return "", fmt.Errorf(data.ErrMessage)
 	}
 	return data.Result.UserId, nil
 }
 
-func (idp *DingTalkIdProvider) getUserCorpEmail(userId string, accessToken string) (string, string, string, error) {
-	// https://open.dingtalk.com/document/isvapp/query-user-details
+func (idp *DingTalkIdProvider) getUserCorpEmail(userId string, accessToken string) (string, error) {
 	body := make(map[string]string)
 	body["userid"] = userId
 	respBytes, err := idp.postWithBody(body, "https://oapi.dingtalk.com/topapi/v2/user/get?access_token="+accessToken)
 	if err != nil {
-		return "", "", "", err
+		return "", err
 	}
 
 	var data struct {
 		ErrMessage string `json:"errmsg"`
 		Result     struct {
-			Mobile    string `json:"mobile"`
-			Email     string `json:"email"`
-			JobNumber string `json:"job_number"`
+			Email string `json:"email"`
 		} `json:"result"`
 	}
 	err = json.Unmarshal(respBytes, &data)
 	if err != nil {
-		return "", "", "", err
+		return "", err
 	}
 	if data.ErrMessage != "ok" {
-		return "", "", "", fmt.Errorf(data.ErrMessage)
+		return "", fmt.Errorf(data.ErrMessage)
 	}
-	return data.Result.Mobile, data.Result.Email, data.Result.JobNumber, nil
+	return data.Result.Email, nil
 }

idp/goth.go

@@ -88,7 +88,7 @@ type GothIdProvider struct {
 	Session  goth.Session
 }
 
-func NewGothIdProvider(providerType string, clientId string, clientSecret string, redirectUrl string, hostUrl string) *GothIdProvider {
+func NewGothIdProvider(providerType string, clientId string, clientSecret string, redirectUrl string) *GothIdProvider {
 	var idp GothIdProvider
 	switch providerType {
 	case "Amazon":
@@ -102,13 +102,8 @@ func NewGothIdProvider(providerType string, clientId string, clientSecret string
 			Session:  &apple.Session{},
 		}
 	case "AzureAD":
-		domain := "common"
-		if hostUrl != "" {
-			domain = hostUrl
-		}
-
 		idp = GothIdProvider{
-			Provider: azureadv2.New(clientId, clientSecret, redirectUrl, azureadv2.ProviderOptions{Tenant: azureadv2.TenantType(domain)}),
+			Provider: azureadv2.New(clientId, clientSecret, redirectUrl, azureadv2.ProviderOptions{Tenant: "common"}),
 			Session:  &azureadv2.Session{},
 		}
 	case "Auth0":

idp/provider.go

@@ -27,8 +27,6 @@ type UserInfo struct {
 	DisplayName string
 	UnionId     string
 	Email       string
-	Phone       string
-	CountryCode string
 	AvatarUrl   string
 }
 
@@ -92,7 +90,7 @@ func GetIdProvider(typ string, subType string, clientId string, clientSecret str
 	} else if typ == "Douyin" {
 		return NewDouyinIdProvider(clientId, clientSecret, redirectUrl)
 	} else if isGothSupport(typ) {
-		return NewGothIdProvider(typ, clientId, clientSecret, redirectUrl, hostUrl)
+		return NewGothIdProvider(typ, clientId, clientSecret, redirectUrl)
 	} else if typ == "Bilibili" {
 		return NewBilibiliIdProvider(clientId, clientSecret, redirectUrl)
 	}

idp/wecom_third_party.go

@@ -75,9 +75,7 @@ func (idp *WeComIdProvider) GetToken(code string) (*oauth2.Token, error) {
 		ProviderSecret string `json:"provider_secret"`
 	}{idp.Config.ClientID, idp.Config.ClientSecret}
 	data, err := idp.postWithBody(pTokenParams, "https://qyapi.weixin.qq.com/cgi-bin/service/get_provider_token")
-	if err != nil {
-		return nil, err
-	}
+
 	pToken := &WeComProviderToken{}
 	err = json.Unmarshal(data, pToken)
 	if err != nil {

init_data.json.template

@@ -8,12 +8,11 @@
       "favicon": "",
       "passwordType": "plain",
       "passwordSalt": "",
-      "passwordOptions": ["AtLeast6"],
       "countryCodes": ["US", "ES", "CN", "FR", "DE", "GB", "JP", "KR", "VN", "ID", "SG", "IN"],
       "defaultAvatar": "",
       "defaultApplication": "",
       "tags": [],
-      "languages": ["en", "zh", "es", "fr", "de", "id", "ja", "ko", "ru", "vi"],
+      "languages": ["en", "zh", "es", "fr", "de", "ja", "ko", "ru", "vi"],
       "masterPassword": "",
       "initScore": 2000,
       "enableSoftDeletion": false,
@@ -160,8 +159,8 @@
       "serverName": "",
       "host": "",
       "port": 389,
-      "username": "",
-      "password": "",
+      "admin": "",
+      "passwd": "",
       "baseDn": "",
       "autoSync": 0,
       "lastSync": ""

ldap/server.go

@@ -1,124 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package ldap
-
-import (
-	"fmt"
-	"log"
-
-	"github.com/casdoor/casdoor/conf"
-	"github.com/casdoor/casdoor/object"
-	ldap "github.com/forestmgy/ldapserver"
-	"github.com/lor00x/goldap/message"
-)
-
-func StartLdapServer() {
-	server := ldap.NewServer()
-	routes := ldap.NewRouteMux()
-
-	routes.Bind(handleBind)
-	routes.Search(handleSearch).Label(" SEARCH****")
-
-	server.Handle(routes)
-	err := server.ListenAndServe("0.0.0.0:" + conf.GetConfigString("ldapServerPort"))
-	if err != nil {
-		return
-	}
-}
-
-func handleBind(w ldap.ResponseWriter, m *ldap.Message) {
-	r := m.GetBindRequest()
-	res := ldap.NewBindResponse(ldap.LDAPResultSuccess)
-
-	if r.AuthenticationChoice() == "simple" {
-		bindUsername, bindOrg, err := getNameAndOrgFromDN(string(r.Name()))
-		if err != "" {
-			log.Printf("Bind failed ,ErrMsg=%s", err)
-			res.SetResultCode(ldap.LDAPResultInvalidDNSyntax)
-			res.SetDiagnosticMessage("bind failed ErrMsg: " + err)
-			w.Write(res)
-			return
-		}
-
-		bindPassword := string(r.AuthenticationSimple())
-		bindUser, err := object.CheckUserPassword(bindOrg, bindUsername, bindPassword, "en")
-		if err != "" {
-			log.Printf("Bind failed User=%s, Pass=%#v, ErrMsg=%s", string(r.Name()), r.Authentication(), err)
-			res.SetResultCode(ldap.LDAPResultInvalidCredentials)
-			res.SetDiagnosticMessage("invalid credentials ErrMsg: " + err)
-			w.Write(res)
-			return
-		}
-
-		if bindOrg == "built-in" || bindUser.IsGlobalAdmin {
-			m.Client.IsGlobalAdmin, m.Client.IsOrgAdmin = true, true
-		} else if bindUser.IsAdmin {
-			m.Client.IsOrgAdmin = true
-		}
-
-		m.Client.IsAuthenticated = true
-		m.Client.UserName = bindUsername
-		m.Client.OrgName = bindOrg
-	} else {
-		res.SetResultCode(ldap.LDAPResultAuthMethodNotSupported)
-		res.SetDiagnosticMessage("Authentication method not supported,Please use Simple Authentication")
-	}
-	w.Write(res)
-}
-
-func handleSearch(w ldap.ResponseWriter, m *ldap.Message) {
-	res := ldap.NewSearchResultDoneResponse(ldap.LDAPResultSuccess)
-	if !m.Client.IsAuthenticated {
-		res.SetResultCode(ldap.LDAPResultUnwillingToPerform)
-		w.Write(res)
-		return
-	}
-
-	r := m.GetSearchRequest()
-	if r.FilterString() == "(objectClass=*)" {
-		w.Write(res)
-		return
-	}
-
-	// Handle Stop Signal (server stop / client disconnected / Abandoned request....)
-	select {
-	case <-m.Done:
-		log.Print("Leaving handleSearch...")
-		return
-	default:
-	}
-
-	users, code := GetFilteredUsers(m)
-	if code != ldap.LDAPResultSuccess {
-		res.SetResultCode(code)
-		w.Write(res)
-		return
-	}
-
-	for _, user := range users {
-		dn := fmt.Sprintf("cn=%s,%s", user.Name, string(r.BaseObject()))
-		e := ldap.NewSearchResultEntry(dn)
-
-		for _, attr := range r.Attributes() {
-			e.AddAttribute(message.AttributeDescription(attr), getAttribute(string(attr), user))
-			if string(attr) == "cn" {
-				e.AddAttribute(message.AttributeDescription(attr), getAttribute("title", user))
-			}
-		}
-
-		w.Write(e)
-	}
-	w.Write(res)
-}

ldap/util.go

@@ -1,201 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package ldap
-
-import (
-	"fmt"
-	"log"
-	"strings"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-	"github.com/lor00x/goldap/message"
-
-	ldap "github.com/forestmgy/ldapserver"
-)
-
-func getNameAndOrgFromDN(DN string) (string, string, string) {
-	DNFields := strings.Split(DN, ",")
-	params := make(map[string]string, len(DNFields))
-	for _, field := range DNFields {
-		if strings.Contains(field, "=") {
-			k := strings.Split(field, "=")
-			params[k[0]] = k[1]
-		}
-	}
-
-	if params["cn"] == "" {
-		return "", "", "please use Admin Name format like cn=xxx,ou=xxx,dc=example,dc=com"
-	}
-	if params["ou"] == "" {
-		return params["cn"], object.CasdoorOrganization, ""
-	}
-	return params["cn"], params["ou"], ""
-}
-
-func getNameAndOrgFromFilter(baseDN, filter string) (string, string, int) {
-	if !strings.Contains(baseDN, "ou=") {
-		return "", "", ldap.LDAPResultInvalidDNSyntax
-	}
-
-	name, org, _ := getNameAndOrgFromDN(fmt.Sprintf("cn=%s,", getUsername(filter)) + baseDN)
-	return name, org, ldap.LDAPResultSuccess
-}
-
-func getUsername(filter string) string {
-	nameIndex := strings.Index(filter, "cn=")
-	if nameIndex == -1 {
-		nameIndex = strings.Index(filter, "uid=")
-		if nameIndex == -1 {
-			return "*"
-		} else {
-			nameIndex += 4
-		}
-	} else {
-		nameIndex += 3
-	}
-
-	var name string
-	for i := nameIndex; filter[i] != ')'; i++ {
-		name = name + string(filter[i])
-	}
-	return name
-}
-
-func stringInSlice(value string, list []string) bool {
-	for _, item := range list {
-		if item == value {
-			return true
-		}
-	}
-	return false
-}
-
-func GetFilteredUsers(m *ldap.Message) (filteredUsers []*object.User, code int) {
-	var err error
-	r := m.GetSearchRequest()
-
-	name, org, code := getNameAndOrgFromFilter(string(r.BaseObject()), r.FilterString())
-	if code != ldap.LDAPResultSuccess {
-		return nil, code
-	}
-
-	if name == "*" && m.Client.IsOrgAdmin { // get all users from organization 'org'
-		if m.Client.IsGlobalAdmin && org == "*" {
-
-			filteredUsers, err = object.GetGlobalUsers()
-			if err != nil {
-				panic(err)
-			}
-			return filteredUsers, ldap.LDAPResultSuccess
-		}
-		if m.Client.IsGlobalAdmin || org == m.Client.OrgName {
-			filteredUsers, err = object.GetUsers(org)
-			if err != nil {
-				panic(err)
-			}
-
-			return filteredUsers, ldap.LDAPResultSuccess
-		} else {
-			return nil, ldap.LDAPResultInsufficientAccessRights
-		}
-	} else {
-		requestUserId := util.GetId(m.Client.OrgName, m.Client.UserName)
-		userId := util.GetId(org, name)
-
-		hasPermission, err := object.CheckUserPermission(requestUserId, userId, true, "en")
-		if !hasPermission {
-			log.Printf("ErrMsg = %v", err.Error())
-			return nil, ldap.LDAPResultInsufficientAccessRights
-		}
-
-		user, err := object.GetUser(userId)
-		if err != nil {
-			panic(err)
-		}
-
-		if user != nil {
-			filteredUsers = append(filteredUsers, user)
-			return filteredUsers, ldap.LDAPResultSuccess
-		}
-
-		organization, err := object.GetOrganization(util.GetId("admin", org))
-		if err != nil {
-			panic(err)
-		}
-
-		if organization == nil {
-			return nil, ldap.LDAPResultNoSuchObject
-		}
-
-		if !stringInSlice(name, organization.Tags) {
-			return nil, ldap.LDAPResultNoSuchObject
-		}
-
-		users, err := object.GetUsersByTag(org, name)
-		if err != nil {
-			panic(err)
-		}
-
-		filteredUsers = append(filteredUsers, users...)
-		return filteredUsers, ldap.LDAPResultSuccess
-	}
-}
-
-// get user password with hash type prefix
-// TODO not handle salt yet
-// @return {md5}5f4dcc3b5aa765d61d8327deb882cf99
-func getUserPasswordWithType(user *object.User) string {
-	org, err := object.GetOrganizationByUser(user)
-	if err != nil {
-		panic(err)
-	}
-
-	if org.PasswordType == "" || org.PasswordType == "plain" {
-		return user.Password
-	}
-	prefix := org.PasswordType
-	if prefix == "salt" {
-		prefix = "sha256"
-	} else if prefix == "md5-salt" {
-		prefix = "md5"
-	} else if prefix == "pbkdf2-salt" {
-		prefix = "pbkdf2"
-	}
-	return fmt.Sprintf("{%s}%s", prefix, user.Password)
-}
-
-func getAttribute(attributeName string, user *object.User) message.AttributeValue {
-	switch attributeName {
-	case "cn":
-		return message.AttributeValue(user.Name)
-	case "uid":
-		return message.AttributeValue(user.Name)
-	case "displayname":
-		return message.AttributeValue(user.DisplayName)
-	case "email":
-		return message.AttributeValue(user.Email)
-	case "mail":
-		return message.AttributeValue(user.Email)
-	case "mobile":
-		return message.AttributeValue(user.Phone)
-	case "title":
-		return message.AttributeValue(user.Tag)
-	case "userPassword":
-		return message.AttributeValue(getUserPasswordWithType(user))
-	default:
-		return ""
-	}
-}

main.go

@@ -23,25 +23,21 @@ import (
 	_ "github.com/beego/beego/session/redis"
 	"github.com/casdoor/casdoor/authz"
 	"github.com/casdoor/casdoor/conf"
-	"github.com/casdoor/casdoor/ldap"
+	"github.com/casdoor/casdoor/controllers"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/proxy"
 	"github.com/casdoor/casdoor/routers"
+	_ "github.com/casdoor/casdoor/routers"
 	"github.com/casdoor/casdoor/util"
 )
 
-func getCreateDatabaseFlag() bool {
-	res := flag.Bool("createDatabase", false, "true if you need Casdoor to create database")
-	flag.Parse()
-	return *res
-}
-
 func main() {
-	createDatabase := getCreateDatabaseFlag()
+	createDatabase := flag.Bool("createDatabase", false, "true if you need Casdoor to create database")
+	flag.Parse()
 
 	object.InitAdapter()
-	object.CreateTables(createDatabase)
 	object.DoMigration()
+	object.CreateTables(*createDatabase)
 
 	object.InitDb()
 	object.InitFromFile()
@@ -63,7 +59,6 @@ func main() {
 	beego.InsertFilter("*", beego.BeforeRouter, routers.AutoSigninFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.CorsFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.AuthzFilter)
-	beego.InsertFilter("*", beego.BeforeRouter, routers.PrometheusFilter)
 	beego.InsertFilter("*", beego.BeforeRouter, routers.RecordMessage)
 
 	beego.BConfig.WebConfig.Session.SessionOn = true
@@ -78,7 +73,7 @@ func main() {
 	beego.BConfig.WebConfig.Session.SessionCookieLifeTime = 3600 * 24 * 30
 	// beego.BConfig.WebConfig.Session.SessionCookieSameSite = http.SameSiteNoneMode
 
-	err := logs.SetLogger(logs.AdapterFile, conf.GetConfigString("logConfig"))
+	err := logs.SetLogger("file", `{"filename":"logs/casdoor.log","maxdays":99999,"perm":"0770"}`)
 	if err != nil {
 		panic(err)
 	}
@@ -86,8 +81,7 @@ func main() {
 	// logs.SetLevel(logs.LevelInformational)
 	logs.SetLogFuncCall(false)
 
-	go ldap.StartLdapServer()
-	go object.ClearThroughputPerSecond()
+	go controllers.StartLdapServer()
 
 	beego.Run(fmt.Sprintf(":%v", port))
 }

object/adapter.go

@@ -41,26 +41,18 @@ func InitConfig() {
 	beego.BConfig.WebConfig.Session.SessionOn = true
 
 	InitAdapter()
-	CreateTables(true)
 	DoMigration()
+	CreateTables(true)
 }
 
 func InitAdapter() {
 	adapter = NewAdapter(conf.GetConfigString("driverName"), conf.GetConfigDataSourceName(), conf.GetConfigString("dbName"))
-
-	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
-	tbMapper := core.NewPrefixMapper(core.SnakeMapper{}, tableNamePrefix)
-	adapter.Engine.SetTableMapper(tbMapper)
 }
 
 func CreateTables(createDatabase bool) {
 	if createDatabase {
-		err := adapter.CreateDatabase()
-		if err != nil {
-			panic(err)
-		}
+		adapter.CreateDatabase()
 	}
-
 	adapter.createTable()
 }
 
@@ -127,9 +119,13 @@ func (a *Adapter) close() {
 }
 
 func (a *Adapter) createTable() {
-	showSql := conf.GetConfigBool("showSql")
+	showSql, _ := conf.GetConfigBool("showSql")
 	a.Engine.ShowSQL(showSql)
 
+	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
+	tbMapper := core.NewPrefixMapper(core.SnakeMapper{}, tableNamePrefix)
+	a.Engine.SetTableMapper(tbMapper)
+
 	err := a.Engine.Sync2(new(Organization))
 	if err != nil {
 		panic(err)
@@ -140,11 +136,6 @@ func (a *Adapter) createTable() {
 		panic(err)
 	}
 
-	err = a.Engine.Sync2(new(Group))
-	if err != nil {
-		panic(err)
-	}
-
 	err = a.Engine.Sync2(new(Role))
 	if err != nil {
 		panic(err)
@@ -210,16 +201,6 @@ func (a *Adapter) createTable() {
 		panic(err)
 	}
 
-	err = a.Engine.Sync2(new(Chat))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Message))
-	if err != nil {
-		panic(err)
-	}
-
 	err = a.Engine.Sync2(new(Product))
 	if err != nil {
 		panic(err)
@@ -249,21 +230,6 @@ func (a *Adapter) createTable() {
 	if err != nil {
 		panic(err)
 	}
-
-	err = a.Engine.Sync2(new(Subscription))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Plan))
-	if err != nil {
-		panic(err)
-	}
-
-	err = a.Engine.Sync2(new(Pricing))
-	if err != nil {
-		panic(err)
-	}
 }
 
 func GetSession(owner string, offset, limit int, field, value, sortField, sortOrder string) *xorm.Session {
@@ -289,52 +255,3 @@ func GetSession(owner string, offset, limit int, field, value, sortField, sortOr
 	}
 	return session
 }
-
-func GetSessionForUser(owner string, offset, limit int, field, value, sortField, sortOrder string) *xorm.Session {
-	session := adapter.Engine.Prepare()
-	if offset != -1 && limit != -1 {
-		session.Limit(limit, offset)
-	}
-	if owner != "" {
-		if offset == -1 {
-			session = session.And("owner=?", owner)
-		} else {
-			session = session.And("a.owner=?", owner)
-		}
-	}
-	if field != "" && value != "" {
-		if filterField(field) {
-			if offset != -1 {
-				field = fmt.Sprintf("a.%s", field)
-			}
-			session = session.And(fmt.Sprintf("%s like ?", util.SnakeString(field)), fmt.Sprintf("%%%s%%", value))
-		}
-	}
-	if sortField == "" || sortOrder == "" {
-		sortField = "created_time"
-	}
-
-	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
-	tableName := tableNamePrefix + "user"
-	if offset == -1 {
-		if sortOrder == "ascend" {
-			session = session.Asc(util.SnakeString(sortField))
-		} else {
-			session = session.Desc(util.SnakeString(sortField))
-		}
-	} else {
-		if sortOrder == "ascend" {
-			session = session.Alias("a").
-				Join("INNER", []string{tableName, "b"}, "a.owner = b.owner and a.name = b.name").
-				Select("b.*").
-				Asc("a." + util.SnakeString(sortField))
-		} else {
-			session = session.Alias("a").
-				Join("INNER", []string{tableName, "b"}, "a.owner = b.owner and a.name = b.name").
-				Select("b.*").
-				Desc("a." + util.SnakeString(sortField))
-		}
-	}
-
-	return session
-}

object/application.go

@@ -38,7 +38,7 @@ type Application struct {
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
 
 	DisplayName         string          `xorm:"varchar(100)" json:"displayName"`
-	Logo                string          `xorm:"varchar(200)" json:"logo"`
+	Logo                string          `xorm:"varchar(100)" json:"logo"`
 	HomepageUrl         string          `xorm:"varchar(100)" json:"homepageUrl"`
 	Description         string          `xorm:"varchar(100)" json:"description"`
 	Organization        string          `xorm:"varchar(100)" json:"organization"`
@@ -51,7 +51,6 @@ type Application struct {
 	EnableSamlCompress  bool            `json:"enableSamlCompress"`
 	EnableWebAuthn      bool            `json:"enableWebAuthn"`
 	EnableLinkWithEmail bool            `json:"enableLinkWithEmail"`
-	OrgChoiceMode       string          `json:"orgChoiceMode"`
 	SamlReplyUrl        string          `xorm:"varchar(100)" json:"samlReplyUrl"`
 	Providers           []*ProviderItem `xorm:"mediumtext" json:"providers"`
 	SignupItems         []*SignupItem   `xorm:"varchar(1000)" json:"signupItems"`
@@ -73,161 +72,139 @@ type Application struct {
 	SigninHtml           string     `xorm:"mediumtext" json:"signinHtml"`
 	ThemeData            *ThemeData `xorm:"json" json:"themeData"`
 	FormCss              string     `xorm:"text" json:"formCss"`
-	FormCssMobile        string     `xorm:"text" json:"formCssMobile"`
 	FormOffset           int        `json:"formOffset"`
 	FormSideHtml         string     `xorm:"mediumtext" json:"formSideHtml"`
 	FormBackgroundUrl    string     `xorm:"varchar(200)" json:"formBackgroundUrl"`
 }
 
-func GetApplicationCount(owner, field, value string) (int64, error) {
+func GetApplicationCount(owner, field, value string) int {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	return session.Count(&Application{})
+	count, err := session.Count(&Application{})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
 }
 
-func GetOrganizationApplicationCount(owner, Organization, field, value string) (int64, error) {
+func GetOrganizationApplicationCount(owner, Organization, field, value string) int {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	return session.Count(&Application{Organization: Organization})
+	count, err := session.Count(&Application{Organization: Organization})
+	if err != nil {
+		panic(err)
+	}
+
+	return int(count)
 }
 
-func GetApplications(owner string) ([]*Application, error) {
+func GetApplications(owner string) []*Application {
 	applications := []*Application{}
 	err := adapter.Engine.Desc("created_time").Find(&applications, &Application{Owner: owner})
 	if err != nil {
-		return applications, err
+		panic(err)
 	}
 
-	return applications, nil
+	return applications
 }
 
-func GetOrganizationApplications(owner string, organization string) ([]*Application, error) {
+func GetOrganizationApplications(owner string, organization string) []*Application {
 	applications := []*Application{}
-	err := adapter.Engine.Desc("created_time").Find(&applications, &Application{Organization: organization})
+	err := adapter.Engine.Desc("created_time").Find(&applications, &Application{Owner: owner, Organization: organization})
 	if err != nil {
-		return applications, err
+		panic(err)
 	}
 
-	return applications, nil
+	return applications
 }
 
-func GetPaginationApplications(owner string, offset, limit int, field, value, sortField, sortOrder string) ([]*Application, error) {
+func GetPaginationApplications(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Application {
 	var applications []*Application
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
 	err := session.Find(&applications)
 	if err != nil {
-		return applications, err
+		panic(err)
 	}
 
-	return applications, nil
+	return applications
 }
 
-func GetPaginationOrganizationApplications(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) ([]*Application, error) {
+func GetPaginationOrganizationApplications(owner, organization string, offset, limit int, field, value, sortField, sortOrder string) []*Application {
 	applications := []*Application{}
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&applications, &Application{Organization: organization})
+	err := session.Find(&applications, &Application{Owner: owner, Organization: organization})
 	if err != nil {
-		return applications, err
+		panic(err)
 	}
 
-	return applications, nil
+	return applications
 }
 
-func getProviderMap(owner string) (m map[string]*Provider, err error) {
-	providers, err := GetProviders(owner)
-	if err != nil {
-		return nil, err
-	}
-
-	m = map[string]*Provider{}
+func getProviderMap(owner string) map[string]*Provider {
+	providers := GetProviders(owner)
+	m := map[string]*Provider{}
 	for _, provider := range providers {
 		// Get QRCode only once
-		if provider.Type == "WeChat" && provider.DisableSsl && provider.Content == "" {
-			provider.Content, err = idp.GetWechatOfficialAccountQRCode(provider.ClientId2, provider.ClientSecret2)
-			if err != nil {
-				return
-			}
+		if provider.Type == "WeChat" && provider.DisableSsl == true && provider.Content == "" {
+			provider.Content, _ = idp.GetWechatOfficialAccountQRCode(provider.ClientId2, provider.ClientSecret2)
 			UpdateProvider(provider.Owner+"/"+provider.Name, provider)
 		}
 
-		m[provider.Name] = GetMaskedProvider(provider, true)
+		m[provider.Name] = GetMaskedProvider(provider)
 	}
-
-	return m, err
+	return m
 }
 
-func extendApplicationWithProviders(application *Application) (err error) {
-	m, err := getProviderMap(application.Organization)
-	if err != nil {
-		return err
-	}
-
+func extendApplicationWithProviders(application *Application) {
+	m := getProviderMap(application.Organization)
 	for _, providerItem := range application.Providers {
 		if provider, ok := m[providerItem.Name]; ok {
 			providerItem.Provider = provider
 		}
 	}
-
-	return
 }
 
-func extendApplicationWithOrg(application *Application) (err error) {
-	organization, err := getOrganization(application.Owner, application.Organization)
+func extendApplicationWithOrg(application *Application) {
+	organization := getOrganization(application.Owner, application.Organization)
 	application.OrganizationObj = organization
-	return
 }
 
-func getApplication(owner string, name string) (*Application, error) {
+func getApplication(owner string, name string) *Application {
 	if owner == "" || name == "" {
-		return nil, nil
+		return nil
 	}
 
 	application := Application{Owner: owner, Name: name}
 	existed, err := adapter.Engine.Get(&application)
 	if err != nil {
-		return nil, err
+		panic(err)
 	}
 
 	if existed {
-		err = extendApplicationWithProviders(&application)
-		if err != nil {
-			return nil, err
-		}
-
-		err = extendApplicationWithOrg(&application)
-		if err != nil {
-			return nil, err
-		}
-
-		return &application, nil
+		extendApplicationWithProviders(&application)
+		extendApplicationWithOrg(&application)
+		return &application
 	} else {
-		return nil, nil
+		return nil
 	}
 }
 
-func GetApplicationByOrganizationName(organization string) (*Application, error) {
+func GetApplicationByOrganizationName(organization string) *Application {
 	application := Application{}
 	existed, err := adapter.Engine.Where("organization=?", organization).Get(&application)
 	if err != nil {
-		return nil, nil
+		panic(err)
 	}
 
 	if existed {
-		err = extendApplicationWithProviders(&application)
-		if err != nil {
-			return nil, err
-		}
-
-		err = extendApplicationWithOrg(&application)
-		if err != nil {
-			return nil, err
-		}
-
-		return &application, nil
+		extendApplicationWithProviders(&application)
+		extendApplicationWithOrg(&application)
+		return &application
 	} else {
-		return nil, nil
+		return nil
 	}
 }
 
-func GetApplicationByUser(user *User) (*Application, error) {
+func GetApplicationByUser(user *User) *Application {
 	if user.SignupApplication != "" {
 		return getApplication("admin", user.SignupApplication)
 	} else {
@@ -235,46 +212,38 @@ func GetApplicationByUser(user *User) (*Application, error) {
 	}
 }
 
-func GetApplicationByUserId(userId string) (application *Application, err error) {
+func GetApplicationByUserId(userId string) (*Application, *User) {
+	var application *Application
+
 	owner, name := util.GetOwnerAndNameFromId(userId)
 	if owner == "app" {
-		application, err = getApplication("admin", name)
-		return
+		application = getApplication("admin", name)
+		return application, nil
 	}
 
-	user, err := GetUser(userId)
-	if err != nil {
-		return nil, err
-	}
-	application, err = GetApplicationByUser(user)
-	return
+	user := GetUser(userId)
+	application = GetApplicationByUser(user)
+
+	return application, user
 }
 
-func GetApplicationByClientId(clientId string) (*Application, error) {
+func GetApplicationByClientId(clientId string) *Application {
 	application := Application{}
 	existed, err := adapter.Engine.Where("client_id=?", clientId).Get(&application)
 	if err != nil {
-		return nil, err
+		panic(err)
 	}
 
 	if existed {
-		err = extendApplicationWithProviders(&application)
-		if err != nil {
-			return nil, err
-		}
-
-		err = extendApplicationWithOrg(&application)
-		if err != nil {
-			return nil, err
-		}
-
-		return &application, nil
+		extendApplicationWithProviders(&application)
+		extendApplicationWithOrg(&application)
+		return &application
 	} else {
-		return nil, nil
+		return nil
 	}
 }
 
-func GetApplication(id string) (*Application, error) {
+func GetApplication(id string) *Application {
 	owner, name := util.GetOwnerAndNameFromId(id)
 	return getApplication(owner, name)
 }
@@ -317,11 +286,11 @@ func GetMaskedApplications(applications []*Application, userId string) []*Applic
 	return applications
 }
 
-func UpdateApplication(id string, application *Application) (bool, error) {
+func UpdateApplication(id string, application *Application) bool {
 	owner, name := util.GetOwnerAndNameFromId(id)
-	oldApplication, err := getApplication(owner, name)
+	oldApplication := getApplication(owner, name)
 	if oldApplication == nil {
-		return false, err
+		return false
 	}
 
 	if name == "app-built-in" {
@@ -329,19 +298,14 @@ func UpdateApplication(id string, application *Application) (bool, error) {
 	}
 
 	if name != application.Name {
-		err = applicationChangeTrigger(name, application.Name)
+		err := applicationChangeTrigger(name, application.Name)
 		if err != nil {
-			return false, err
+			return false
 		}
 	}
 
-	applicationByClientId, err := GetApplicationByClientId(application.ClientId)
-	if err != nil {
-		return false, err
-	}
-
-	if oldApplication.ClientId != application.ClientId && applicationByClientId != nil {
-		return false, err
+	if oldApplication.ClientId != application.ClientId && GetApplicationByClientId(application.ClientId) != nil {
+		return false
 	}
 
 	for _, providerItem := range application.Providers {
@@ -354,58 +318,45 @@ func UpdateApplication(id string, application *Application) (bool, error) {
 	}
 	affected, err := session.Update(application)
 	if err != nil {
-		return false, err
+		panic(err)
 	}
 
-	return affected != 0, nil
+	return affected != 0
 }
 
-func AddApplication(application *Application) (bool, error) {
-	if application.Owner == "" {
-		application.Owner = "admin"
-	}
-	if application.Organization == "" {
-		application.Organization = "built-in"
-	}
+func AddApplication(application *Application) bool {
 	if application.ClientId == "" {
 		application.ClientId = util.GenerateClientId()
 	}
 	if application.ClientSecret == "" {
 		application.ClientSecret = util.GenerateClientSecret()
 	}
-
-	app, err := GetApplicationByClientId(application.ClientId)
-	if err != nil {
-		return false, err
+	if GetApplicationByClientId(application.ClientId) != nil {
+		return false
 	}
-
-	if app != nil {
-		return false, nil
-	}
-
 	for _, providerItem := range application.Providers {
 		providerItem.Provider = nil
 	}
 
 	affected, err := adapter.Engine.Insert(application)
 	if err != nil {
-		return false, nil
+		panic(err)
 	}
 
-	return affected != 0, nil
+	return affected != 0
 }
 
-func DeleteApplication(application *Application) (bool, error) {
+func DeleteApplication(application *Application) bool {
 	if application.Name == "app-built-in" {
-		return false, nil
+		return false
 	}
 
 	affected, err := adapter.Engine.ID(core.PK{application.Owner, application.Name}).Delete(&Application{})
 	if err != nil {
-		return false, err
+		panic(err)
 	}
 
-	return affected != 0, nil
+	return affected != 0
 }
 
 func (application *Application) GetId() string {
@@ -424,43 +375,33 @@ func (application *Application) IsRedirectUriValid(redirectUri string) bool {
 	return isValid
 }
 
-func IsOriginAllowed(origin string) (bool, error) {
-	applications, err := GetApplications("")
-	if err != nil {
-		return false, err
-	}
-
+func IsOriginAllowed(origin string) bool {
+	applications := GetApplications("")
 	for _, application := range applications {
 		if application.IsRedirectUriValid(origin) {
-			return true, nil
+			return true
 		}
 	}
-	return false, nil
+	return false
 }
 
-func getApplicationMap(organization string) (map[string]*Application, error) {
-	applicationMap := make(map[string]*Application)
-	applications, err := GetOrganizationApplications("admin", organization)
-	if err != nil {
-		return applicationMap, err
-	}
+func getApplicationMap(organization string) map[string]*Application {
+	applications := GetOrganizationApplications("admin", organization)
 
+	applicationMap := make(map[string]*Application)
 	for _, application := range applications {
 		applicationMap[application.Name] = application
 	}
 
-	return applicationMap, nil
+	return applicationMap
 }
 
-func ExtendManagedAccountsWithUser(user *User) (*User, error) {
+func ExtendManagedAccountsWithUser(user *User) *User {
 	if user.ManagedAccounts == nil || len(user.ManagedAccounts) == 0 {
-		return user, nil
+		return user
 	}
 
-	applicationMap, err := getApplicationMap(user.Owner)
-	if err != nil {
-		return user, err
-	}
+	applicationMap := getApplicationMap(user.Owner)
 
 	var managedAccounts []ManagedAccount
 	for _, managedAccount := range user.ManagedAccounts {
@@ -472,7 +413,7 @@ func ExtendManagedAccountsWithUser(user *User) (*User, error) {
 	}
 	user.ManagedAccounts = managedAccounts
 
-	return user, nil
+	return user
 }
 
 func applicationChangeTrigger(oldName string, newName string) error {

object/application_item.go

@@ -14,12 +14,8 @@
 
 package object
 
-func (application *Application) GetProviderByCategory(category string) (*Provider, error) {
-	providers, err := GetProviders(application.Organization)
-	if err != nil {
-		return nil, err
-	}
-
+func (application *Application) GetProviderByCategory(category string) *Provider {
+	providers := GetProviders(application.Organization)
 	m := map[string]*Provider{}
 	for _, provider := range providers {
 		if provider.Category != category {
@@ -31,22 +27,22 @@ func (application *Application) GetProviderByCategory(category string) (*Provide
 
 	for _, providerItem := range application.Providers {
 		if provider, ok := m[providerItem.Name]; ok {
-			return provider, nil
+			return provider
 		}
 	}
 
-	return nil, nil
+	return nil
 }
 
-func (application *Application) GetEmailProvider() (*Provider, error) {
+func (application *Application) GetEmailProvider() *Provider {
 	return application.GetProviderByCategory("Email")
 }
 
-func (application *Application) GetSmsProvider() (*Provider, error) {
+func (application *Application) GetSmsProvider() *Provider {
 	return application.GetProviderByCategory("SMS")
 }
 
-func (application *Application) GetStorageProvider() (*Provider, error) {
+func (application *Application) GetStorageProvider() *Provider {
 	return application.GetProviderByCategory("Storage")
 }
 

object/avatar.go

@@ -28,11 +28,7 @@ var defaultStorageProvider *Provider = nil
 func InitDefaultStorageProvider() {
 	defaultStorageProviderStr := conf.GetConfigString("defaultStorageProvider")
 	if defaultStorageProviderStr != "" {
-		var err error
-		defaultStorageProvider, err = getProvider("admin", defaultStorageProviderStr)
-		if err != nil {
-			panic(err)
-		}
+		defaultStorageProvider = getProvider("admin", defaultStorageProviderStr)
 	}
 }
 
@@ -54,55 +50,33 @@ func downloadFile(url string) (*bytes.Buffer, error) {
 	return fileBuffer, nil
 }
 
-func getPermanentAvatarUrl(organization string, username string, url string, upload bool) (string, error) {
+func getPermanentAvatarUrl(organization string, username string, url string, upload bool) string {
 	if url == "" {
-		return "", nil
+		return ""
 	}
 
 	if defaultStorageProvider == nil {
-		return "", nil
+		return ""
 	}
 
 	fullFilePath := fmt.Sprintf("/avatar/%s/%s.png", organization, username)
 	uploadedFileUrl, _ := GetUploadFileUrl(defaultStorageProvider, fullFilePath, false)
 
 	if upload {
-		if err := DownloadAndUpload(url, fullFilePath, "en"); err != nil {
-			return "", err
-		}
+		DownloadAndUpload(url, fullFilePath)
 	}
 
-	return uploadedFileUrl, nil
+	return uploadedFileUrl
 }
 
-func DownloadAndUpload(url string, fullFilePath string, lang string) (err error) {
+func DownloadAndUpload(url string, fullFilePath string) {
 	fileBuffer, err := downloadFile(url)
 	if err != nil {
-		return
+		panic(err)
 	}
 
-	_, _, err = UploadFileSafe(defaultStorageProvider, fullFilePath, fileBuffer, lang)
+	_, _, err = UploadFileSafe(defaultStorageProvider, fullFilePath, fileBuffer)
 	if err != nil {
-		return
+		panic(err)
 	}
-
-	return
-}
-
-func getPermanentAvatarUrlFromBuffer(organization string, username string, fileBuffer *bytes.Buffer, ext string, upload bool) (string, error) {
-	if defaultStorageProvider == nil {
-		return "", nil
-	}
-
-	fullFilePath := fmt.Sprintf("/avatar/%s/%s%s", organization, username, ext)
-	uploadedFileUrl, _ := GetUploadFileUrl(defaultStorageProvider, fullFilePath, false)
-
-	if upload {
-		_, _, err := UploadFileSafe(defaultStorageProvider, fullFilePath, fileBuffer, "en")
-		if err != nil {
-			return "", err
-		}
-	}
-
-	return uploadedFileUrl, nil
 }

object/avatar_test.go

@@ -26,56 +26,14 @@ func TestSyncPermanentAvatars(t *testing.T) {
 	InitDefaultStorageProvider()
 	proxy.InitHttpClient()
 
-	users, err := GetGlobalUsers()
-	if err != nil {
-		panic(err)
-	}
-
+	users := GetGlobalUsers()
 	for i, user := range users {
 		if user.Avatar == "" {
 			continue
 		}
 
-		user.PermanentAvatar, err = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar, true)
-		if err != nil {
-			panic(err)
-		}
-
+		user.PermanentAvatar = getPermanentAvatarUrl(user.Owner, user.Name, user.Avatar, true)
 		updateUserColumn("permanent_avatar", user)
 		fmt.Printf("[%d/%d]: Update user: [%s]'s permanent avatar: %s\n", i, len(users), user.GetId(), user.PermanentAvatar)
 	}
 }
-
-func TestUpdateAvatars(t *testing.T) {
-	InitConfig()
-	InitDefaultStorageProvider()
-	proxy.InitHttpClient()
-
-	users, err := GetUsers("casdoor")
-	if err != nil {
-		panic(err)
-	}
-
-	for _, user := range users {
-		//if strings.HasPrefix(user.Avatar, "http") {
-		//	continue
-		//}
-
-		if user.AvatarType != "Auto" {
-			continue
-		}
-
-		updated, err := user.refreshAvatar()
-		if err != nil {
-			panic(err)
-		}
-
-		if updated {
-			user.PermanentAvatar = "*"
-			_, err = UpdateUser(user.GetId(), user, []string{"avatar", "avatar_type"}, true)
-			if err != nil {
-				panic(err)
-			}
-		}
-	}
-}

object/captcha.go

@@ -20,17 +20,17 @@ import (
 	"github.com/dchest/captcha"
 )
 
-func GetCaptcha() (string, []byte, error) {
+func GetCaptcha() (string, []byte) {
 	id := captcha.NewLen(5)
 
 	var buffer bytes.Buffer
 
 	err := captcha.WriteImage(&buffer, id, 200, 80)
 	if err != nil {
-		return "", nil, err
+		panic(err)
 	}
 
-	return id, buffer.Bytes(), nil
+	return id, buffer.Bytes()
 }
 
 func VerifyCaptcha(id string, digits string) bool {

object/casbin_adapter.go

@@ -30,8 +30,9 @@ type CasbinAdapter struct {
 	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
 
-	Type  string `xorm:"varchar(100)" json:"type"`
-	Model string `xorm:"varchar(100)" json:"model"`
+	Organization string `xorm:"varchar(100)" json:"organization"`
+	Type         string `xorm:"varchar(100)" json:"type"`
+	Model        string `xorm:"varchar(100)" json:"model"`
 
 	Host         string `xorm:"varchar(100)" json:"host"`
 	Port         int    `json:"port"`
@@ -45,59 +46,64 @@ type CasbinAdapter struct {
 	Adapter *xormadapter.Adapter `xorm:"-" json:"-"`
 }
 
-func GetCasbinAdapterCount(owner, field, value string) (int64, error) {
+func GetCasbinAdapterCount(owner, field, value string) int {
 	session := GetSession(owner, -1, -1, field, value, "", "")
-	return session.Count(&CasbinAdapter{})
-}
-
-func GetCasbinAdapters(owner string) ([]*CasbinAdapter, error) {
-	adapters := []*CasbinAdapter{}
-	err := adapter.Engine.Desc("created_time").Find(&adapters, &CasbinAdapter{Owner: owner})
+	count, err := session.Count(&CasbinAdapter{})
 	if err != nil {
-		return adapters, err
+		panic(err)
 	}
 
-	return adapters, nil
+	return int(count)
 }
 
-func GetPaginationCasbinAdapters(owner string, offset, limit int, field, value, sortField, sortOrder string) ([]*CasbinAdapter, error) {
+func GetCasbinAdapters(owner string) []*CasbinAdapter {
+	adapters := []*CasbinAdapter{}
+	err := adapter.Engine.Where("owner = ?", owner).Find(&adapters)
+	if err != nil {
+		panic(err)
+	}
+
+	return adapters
+}
+
+func GetPaginationCasbinAdapters(owner string, page, limit int, field, value, sort, order string) []*CasbinAdapter {
+	session := GetSession(owner, page, limit, field, value, sort, order)
 	adapters := []*CasbinAdapter{}
-	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
 	err := session.Find(&adapters)
 	if err != nil {
-		return adapters, err
+		panic(err)
 	}
 
-	return adapters, nil
+	return adapters
 }
 
-func getCasbinAdapter(owner, name string) (*CasbinAdapter, error) {
+func getCasbinAdapter(owner, name string) *CasbinAdapter {
 	if owner == "" || name == "" {
-		return nil, nil
+		return nil
 	}
 
 	casbinAdapter := CasbinAdapter{Owner: owner, Name: name}
 	existed, err := adapter.Engine.Get(&casbinAdapter)
 	if err != nil {
-		return nil, err
+		panic(err)
 	}
 
 	if existed {
-		return &casbinAdapter, nil
+		return &casbinAdapter
 	} else {
-		return nil, nil
+		return nil
 	}
 }
 
-func GetCasbinAdapter(id string) (*CasbinAdapter, error) {
+func GetCasbinAdapter(id string) *CasbinAdapter {
 	owner, name := util.GetOwnerAndNameFromId(id)
 	return getCasbinAdapter(owner, name)
 }
 
-func UpdateCasbinAdapter(id string, casbinAdapter *CasbinAdapter) (bool, error) {
+func UpdateCasbinAdapter(id string, casbinAdapter *CasbinAdapter) bool {
 	owner, name := util.GetOwnerAndNameFromId(id)
-	if casbinAdapter, err := getCasbinAdapter(owner, name); casbinAdapter == nil {
-		return false, err
+	if getCasbinAdapter(owner, name) == nil {
+		return false
 	}
 
 	session := adapter.Engine.ID(core.PK{owner, name}).AllCols()
@@ -106,28 +112,28 @@ func UpdateCasbinAdapter(id string, casbinAdapter *CasbinAdapter) (bool, error)
 	}
 	affected, err := session.Update(casbinAdapter)
 	if err != nil {
-		return false, err
+		panic(err)
 	}
 
-	return affected != 0, nil
+	return affected != 0
 }
 
-func AddCasbinAdapter(casbinAdapter *CasbinAdapter) (bool, error) {
+func AddCasbinAdapter(casbinAdapter *CasbinAdapter) bool {
 	affected, err := adapter.Engine.Insert(casbinAdapter)
 	if err != nil {
-		return false, err
+		panic(err)
 	}
 
-	return affected != 0, nil
+	return affected != 0
 }
 
-func DeleteCasbinAdapter(casbinAdapter *CasbinAdapter) (bool, error) {
+func DeleteCasbinAdapter(casbinAdapter *CasbinAdapter) bool {
 	affected, err := adapter.Engine.ID(core.PK{casbinAdapter.Owner, casbinAdapter.Name}).Delete(&CasbinAdapter{})
 	if err != nil {
-		return false, err
+		panic(err)
 	}
 
-	return affected != 0, nil
+	return affected != 0
 }
 
 func (casbinAdapter *CasbinAdapter) GetId() string {
@@ -208,15 +214,7 @@ func matrixToCasbinRules(Ptype string, policies [][]string) []*xormadapter.Casbi
 }
 
 func SyncPolicies(casbinAdapter *CasbinAdapter) ([]*xormadapter.CasbinRule, error) {
-	modelObj, err := getModel(casbinAdapter.Owner, casbinAdapter.Model)
-	if err != nil {
-		return nil, err
-	}
-
-	if modelObj == nil {
-		return nil, fmt.Errorf("The model: %s does not exist", util.GetId(casbinAdapter.Owner, casbinAdapter.Model))
-	}
-
+	modelObj := getModel(casbinAdapter.Owner, casbinAdapter.Model)
 	enforcer, err := initEnforcer(modelObj, casbinAdapter)
 	if err != nil {
 		return nil, err
@@ -231,11 +229,7 @@ func SyncPolicies(casbinAdapter *CasbinAdapter) ([]*xormadapter.CasbinRule, erro
 }
 
 func UpdatePolicy(oldPolicy, newPolicy []string, casbinAdapter *CasbinAdapter) (bool, error) {
-	modelObj, err := getModel(casbinAdapter.Owner, casbinAdapter.Model)
-	if err != nil {
-		return false, err
-	}
-
+	modelObj := getModel(casbinAdapter.Owner, casbinAdapter.Model)
 	enforcer, err := initEnforcer(modelObj, casbinAdapter)
 	if err != nil {
 		return false, err
@@ -249,11 +243,7 @@ func UpdatePolicy(oldPolicy, newPolicy []string, casbinAdapter *CasbinAdapter) (
 }
 
 func AddPolicy(policy []string, casbinAdapter *CasbinAdapter) (bool, error) {
-	modelObj, err := getModel(casbinAdapter.Owner, casbinAdapter.Model)
-	if err != nil {
-		return false, err
-	}
-
+	modelObj := getModel(casbinAdapter.Owner, casbinAdapter.Model)
 	enforcer, err := initEnforcer(modelObj, casbinAdapter)
 	if err != nil {
 		return false, err
@@ -267,11 +257,7 @@ func AddPolicy(policy []string, casbinAdapter *CasbinAdapter) (bool, error) {
 }
 
 func RemovePolicy(policy []string, casbinAdapter *CasbinAdapter) (bool, error) {
-	modelObj, err := getModel(casbinAdapter.Owner, casbinAdapter.Model)
-	if err != nil {
-		return false, err
-	}
-
+	modelObj := getModel(casbinAdapter.Owner, casbinAdapter.Model)
 	enforcer, err := initEnforcer(modelObj, casbinAdapter)
 	if err != nil {
 		return false, err

object/cert.go

@@ -47,133 +47,88 @@ func GetMaskedCert(cert *Cert) *Cert {
 	return cert
 }
 
-func GetMaskedCerts(certs []*Cert, err error) ([]*Cert, error) {
-	if err != nil {
-		return nil, err
-	}
-
+func GetMaskedCerts(certs []*Cert) []*Cert {
 	for _, cert := range certs {
 		cert = GetMaskedCert(cert)
 	}
-	return certs, nil
+	return certs
 }
 
-func GetCertCount(owner, field, value string) (int64, error) {
-	session := GetSession("", -1, -1, field, value, "", "")
-	return session.Where("owner = ? or owner = ? ", "admin", owner).Count(&Cert{})
-}
-
-func GetCerts(owner string) ([]*Cert, error) {
-	certs := []*Cert{}
-	err := adapter.Engine.Where("owner = ? or owner = ? ", "admin", owner).Desc("created_time").Find(&certs, &Cert{})
+func GetCertCount(owner, field, value string) int {
+	session := GetSession(owner, -1, -1, field, value, "", "")
+	count, err := session.Count(&Cert{})
 	if err != nil {
-		return certs, err
+		panic(err)
 	}
 
-	return certs, nil
+	return int(count)
 }
 
-func GetPaginationCerts(owner string, offset, limit int, field, value, sortField, sortOrder string) ([]*Cert, error) {
+func GetCerts(owner string) []*Cert {
 	certs := []*Cert{}
-	session := GetSession("", offset, limit, field, value, sortField, sortOrder)
-	err := session.Where("owner = ? or owner = ? ", "admin", owner).Find(&certs)
+	err := adapter.Engine.Desc("created_time").Find(&certs, &Cert{Owner: owner})
 	if err != nil {
-		return certs, err
+		panic(err)
 	}
 
-	return certs, nil
+	return certs
 }
 
-func GetGlobalCertsCount(field, value string) (int64, error) {
-	session := GetSession("", -1, -1, field, value, "", "")
-	return session.Count(&Cert{})
-}
-
-func GetGlobleCerts() ([]*Cert, error) {
+func GetPaginationCerts(owner string, offset, limit int, field, value, sortField, sortOrder string) []*Cert {
 	certs := []*Cert{}
-	err := adapter.Engine.Desc("created_time").Find(&certs)
-	if err != nil {
-		return certs, err
-	}
-
-	return certs, nil
-}
-
-func GetPaginationGlobalCerts(offset, limit int, field, value, sortField, sortOrder string) ([]*Cert, error) {
-	certs := []*Cert{}
-	session := GetSession("", offset, limit, field, value, sortField, sortOrder)
+	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
 	err := session.Find(&certs)
 	if err != nil {
-		return certs, err
+		panic(err)
 	}
 
-	return certs, nil
+	return certs
 }
 
-func getCert(owner string, name string) (*Cert, error) {
+func getCert(owner string, name string) *Cert {
 	if owner == "" || name == "" {
-		return nil, nil
+		return nil
 	}
 
 	cert := Cert{Owner: owner, Name: name}
 	existed, err := adapter.Engine.Get(&cert)
 	if err != nil {
-		return &cert, err
+		panic(err)
 	}
 
 	if existed {
-		return &cert, nil
+		return &cert
 	} else {
-		return nil, nil
+		return nil
 	}
 }
 
-func getCertByName(name string) (*Cert, error) {
-	if name == "" {
-		return nil, nil
-	}
-
-	cert := Cert{Name: name}
-	existed, err := adapter.Engine.Get(&cert)
-	if err != nil {
-		return &cert, nil
-	}
-
-	if existed {
-		return &cert, nil
-	} else {
-		return nil, nil
-	}
-}
-
-func GetCert(id string) (*Cert, error) {
+func GetCert(id string) *Cert {
 	owner, name := util.GetOwnerAndNameFromId(id)
 	return getCert(owner, name)
 }
 
-func UpdateCert(id string, cert *Cert) (bool, error) {
+func UpdateCert(id string, cert *Cert) bool {
 	owner, name := util.GetOwnerAndNameFromId(id)
-	if c, err := getCert(owner, name); err != nil {
-		return false, err
-	} else if c == nil {
-		return false, nil
+	if getCert(owner, name) == nil {
+		return false
 	}
 
 	if name != cert.Name {
 		err := certChangeTrigger(name, cert.Name)
 		if err != nil {
-			return false, nil
+			return false
 		}
 	}
 	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(cert)
 	if err != nil {
-		return false, err
+		panic(err)
 	}
 
-	return affected != 0, nil
+	return affected != 0
 }
 
-func AddCert(cert *Cert) (bool, error) {
+func AddCert(cert *Cert) bool {
 	if cert.Certificate == "" || cert.PrivateKey == "" {
 		certificate, privateKey := generateRsaKeys(cert.BitSize, cert.ExpireInYears, cert.Name, cert.Owner)
 		cert.Certificate = certificate
@@ -182,34 +137,34 @@ func AddCert(cert *Cert) (bool, error) {
 
 	affected, err := adapter.Engine.Insert(cert)
 	if err != nil {
-		return false, err
+		panic(err)
 	}
 
-	return affected != 0, nil
+	return affected != 0
 }
 
-func DeleteCert(cert *Cert) (bool, error) {
+func DeleteCert(cert *Cert) bool {
 	affected, err := adapter.Engine.ID(core.PK{cert.Owner, cert.Name}).Delete(&Cert{})
 	if err != nil {
-		return false, err
+		panic(err)
 	}
 
-	return affected != 0, nil
+	return affected != 0
 }
 
 func (p *Cert) GetId() string {
 	return fmt.Sprintf("%s/%s", p.Owner, p.Name)
 }
 
-func getCertByApplication(application *Application) (*Cert, error) {
+func getCertByApplication(application *Application) *Cert {
 	if application.Cert != "" {
-		return getCertByName(application.Cert)
+		return getCert("admin", application.Cert)
 	} else {
 		return GetDefaultCert()
 	}
 }
 
-func GetDefaultCert() (*Cert, error) {
+func GetDefaultCert() *Cert {
 	return getCert("admin", "cert-built-in")
 }
 

object/chat.go

@@ -1,166 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package object
-
-import (
-	"fmt"
-
-	"github.com/casdoor/casdoor/util"
-	"github.com/xorm-io/core"
-)
-
-type Chat struct {
-	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
-	Name        string `xorm:"varchar(100) notnull pk" json:"name"`
-	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
-	UpdatedTime string `xorm:"varchar(100)" json:"updatedTime"`
-
-	Organization string   `xorm:"varchar(100)" json:"organization"`
-	DisplayName  string   `xorm:"varchar(100)" json:"displayName"`
-	Type         string   `xorm:"varchar(100)" json:"type"`
-	Category     string   `xorm:"varchar(100)" json:"category"`
-	User1        string   `xorm:"varchar(100)" json:"user1"`
-	User2        string   `xorm:"varchar(100)" json:"user2"`
-	Users        []string `xorm:"varchar(100)" json:"users"`
-	MessageCount int      `json:"messageCount"`
-}
-
-func GetMaskedChat(chat *Chat, err ...error) (*Chat, error) {
-	if len(err) > 0 && err[0] != nil {
-		return nil, err[0]
-	}
-
-	if chat == nil {
-		return nil, nil
-	}
-
-	return chat, nil
-}
-
-func GetMaskedChats(chats []*Chat, errs ...error) ([]*Chat, error) {
-	if len(errs) > 0 && errs[0] != nil {
-		return nil, errs[0]
-	}
-	var err error
-	for _, chat := range chats {
-		chat, err = GetMaskedChat(chat)
-		if err != nil {
-			return nil, err
-		}
-	}
-	return chats, nil
-}
-
-func GetChatCount(owner, field, value string) (int64, error) {
-	session := GetSession(owner, -1, -1, field, value, "", "")
-	return session.Count(&Chat{})
-}
-
-func GetChats(owner string) ([]*Chat, error) {
-	chats := []*Chat{}
-	err := adapter.Engine.Desc("created_time").Find(&chats, &Chat{Owner: owner})
-	if err != nil {
-		return chats, err
-	}
-
-	return chats, nil
-}
-
-func GetPaginationChats(owner string, offset, limit int, field, value, sortField, sortOrder string) ([]*Chat, error) {
-	chats := []*Chat{}
-	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&chats)
-	if err != nil {
-		return chats, err
-	}
-
-	return chats, nil
-}
-
-func getChat(owner string, name string) (*Chat, error) {
-	if owner == "" || name == "" {
-		return nil, nil
-	}
-
-	chat := Chat{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&chat)
-	if err != nil {
-		return &chat, err
-	}
-
-	if existed {
-		return &chat, nil
-	} else {
-		return nil, nil
-	}
-}
-
-func GetChat(id string) (*Chat, error) {
-	owner, name := util.GetOwnerAndNameFromId(id)
-	return getChat(owner, name)
-}
-
-func UpdateChat(id string, chat *Chat) (bool, error) {
-	owner, name := util.GetOwnerAndNameFromId(id)
-	if c, err := getChat(owner, name); err != nil {
-		return false, err
-	} else if c == nil {
-		return false, nil
-	}
-
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(chat)
-	if err != nil {
-		return false, nil
-	}
-
-	return affected != 0, nil
-}
-
-func AddChat(chat *Chat) (bool, error) {
-	if chat.Type == "AI" && chat.User2 == "" {
-		provider, err := getDefaultAiProvider()
-		if err != nil {
-			return false, err
-		}
-
-		if provider != nil {
-			chat.User2 = provider.Name
-		}
-	}
-
-	affected, err := adapter.Engine.Insert(chat)
-	if err != nil {
-		return false, nil
-	}
-
-	return affected != 0, nil
-}
-
-func DeleteChat(chat *Chat) (bool, error) {
-	affected, err := adapter.Engine.ID(core.PK{chat.Owner, chat.Name}).Delete(&Chat{})
-	if err != nil {
-		return false, err
-	}
-
-	if affected != 0 {
-		return DeleteChatMessages(chat.Name)
-	}
-
-	return affected != 0, nil
-}
-
-func (p *Chat) GetId() string {
-	return fmt.Sprintf("%s/%s", p.Owner, p.Name)
-}

object/check.go

@@ -22,7 +22,6 @@ import (
 	"unicode"
 
 	"github.com/casdoor/casdoor/cred"
-	"github.com/casdoor/casdoor/form"
 	"github.com/casdoor/casdoor/i18n"
 	"github.com/casdoor/casdoor/util"
 	goldap "github.com/go-ldap/ldap/v3"
@@ -43,86 +42,86 @@ func init() {
 	reFieldWhiteList, _ = regexp.Compile(`^[A-Za-z0-9]+$`)
 }
 
-func CheckUserSignup(application *Application, organization *Organization, form *form.AuthForm, lang string) string {
+func CheckUserSignup(application *Application, organization *Organization, username string, password string, displayName string, firstName string, lastName string, email string, phone string, countryCode string, affiliation string, lang string) string {
 	if organization == nil {
 		return i18n.Translate(lang, "check:Organization does not exist")
 	}
 
 	if application.IsSignupItemVisible("Username") {
-		if len(form.Username) <= 1 {
+		if len(username) <= 1 {
 			return i18n.Translate(lang, "check:Username must have at least 2 characters")
 		}
-		if unicode.IsDigit(rune(form.Username[0])) {
+		if unicode.IsDigit(rune(username[0])) {
 			return i18n.Translate(lang, "check:Username cannot start with a digit")
 		}
-		if util.IsEmailValid(form.Username) {
+		if util.IsEmailValid(username) {
 			return i18n.Translate(lang, "check:Username cannot be an email address")
 		}
-		if reWhiteSpace.MatchString(form.Username) {
+		if reWhiteSpace.MatchString(username) {
 			return i18n.Translate(lang, "check:Username cannot contain white spaces")
 		}
 
-		if msg := CheckUsername(form.Username, lang); msg != "" {
+		if msg := CheckUsername(username, lang); msg != "" {
 			return msg
 		}
 
-		if HasUserByField(organization.Name, "name", form.Username) {
+		if HasUserByField(organization.Name, "name", username) {
 			return i18n.Translate(lang, "check:Username already exists")
 		}
-		if HasUserByField(organization.Name, "email", form.Email) {
+		if HasUserByField(organization.Name, "email", email) {
 			return i18n.Translate(lang, "check:Email already exists")
 		}
-		if HasUserByField(organization.Name, "phone", form.Phone) {
+		if HasUserByField(organization.Name, "phone", phone) {
 			return i18n.Translate(lang, "check:Phone already exists")
 		}
 	}
 
-	if len(form.Password) <= 5 {
+	if len(password) <= 5 {
 		return i18n.Translate(lang, "check:Password must have at least 6 characters")
 	}
 
 	if application.IsSignupItemVisible("Email") {
-		if form.Email == "" {
+		if email == "" {
 			if application.IsSignupItemRequired("Email") {
 				return i18n.Translate(lang, "check:Email cannot be empty")
 			}
 		} else {
-			if HasUserByField(organization.Name, "email", form.Email) {
+			if HasUserByField(organization.Name, "email", email) {
 				return i18n.Translate(lang, "check:Email already exists")
-			} else if !util.IsEmailValid(form.Email) {
+			} else if !util.IsEmailValid(email) {
 				return i18n.Translate(lang, "check:Email is invalid")
 			}
 		}
 	}
 
 	if application.IsSignupItemVisible("Phone") {
-		if form.Phone == "" {
+		if phone == "" {
 			if application.IsSignupItemRequired("Phone") {
 				return i18n.Translate(lang, "check:Phone cannot be empty")
 			}
 		} else {
-			if HasUserByField(organization.Name, "phone", form.Phone) {
+			if HasUserByField(organization.Name, "phone", phone) {
 				return i18n.Translate(lang, "check:Phone already exists")
-			} else if !util.IsPhoneAllowInRegin(form.CountryCode, organization.CountryCodes) {
+			} else if !util.IsPhoneAllowInRegin(countryCode, organization.CountryCodes) {
 				return i18n.Translate(lang, "check:Your region is not allow to signup by phone")
-			} else if !util.IsPhoneValid(form.Phone, form.CountryCode) {
+			} else if !util.IsPhoneValid(phone, countryCode) {
 				return i18n.Translate(lang, "check:Phone number is invalid")
 			}
 		}
 	}
 
 	if application.IsSignupItemVisible("Display name") {
-		if application.GetSignupItemRule("Display name") == "First, last" && (form.FirstName != "" || form.LastName != "") {
-			if form.FirstName == "" {
+		if application.GetSignupItemRule("Display name") == "First, last" && (firstName != "" || lastName != "") {
+			if firstName == "" {
 				return i18n.Translate(lang, "check:FirstName cannot be blank")
-			} else if form.LastName == "" {
+			} else if lastName == "" {
 				return i18n.Translate(lang, "check:LastName cannot be blank")
 			}
 		} else {
-			if form.Name == "" {
+			if displayName == "" {
 				return i18n.Translate(lang, "check:DisplayName cannot be blank")
 			} else if application.GetSignupItemRule("Display name") == "Real name" {
-				if !isValidRealName(form.Name) {
+				if !isValidRealName(displayName) {
 					return i18n.Translate(lang, "check:DisplayName is not valid real name")
 				}
 			}
@@ -130,7 +129,7 @@ func CheckUserSignup(application *Application, organization *Organization, form
 	}
 
 	if application.IsSignupItemVisible("Affiliation") {
-		if form.Affiliation == "" {
+		if affiliation == "" {
 			return i18n.Translate(lang, "check:Affiliation cannot be blank")
 		}
 	}
@@ -158,32 +157,18 @@ func checkSigninErrorTimes(user *User, lang string) string {
 	return ""
 }
 
-func CheckPassword(user *User, password string, lang string, options ...bool) string {
-	enableCaptcha := false
-	if len(options) > 0 {
-		enableCaptcha = options[0]
-	}
+func CheckPassword(user *User, password string, lang string) string {
 	// check the login error times
-	if !enableCaptcha {
-		if msg := checkSigninErrorTimes(user, lang); msg != "" {
-			return msg
-		}
-	}
-
-	organization, err := GetOrganizationByUser(user)
-	if err != nil {
-		panic(err)
+	if msg := checkSigninErrorTimes(user, lang); msg != "" {
+		return msg
 	}
 
+	organization := GetOrganizationByUser(user)
 	if organization == nil {
 		return i18n.Translate(lang, "check:Organization does not exist")
 	}
 
-	passwordType := user.PasswordType
-	if passwordType == "" {
-		passwordType = organization.PasswordType
-	}
-	credManager := cred.GetCredManager(passwordType)
+	credManager := cred.GetCredManager(organization.PasswordType)
 	if credManager != nil {
 		if organization.MasterPassword != "" {
 			if credManager.IsPasswordCorrect(password, organization.MasterPassword, "", organization.PasswordSalt) {
@@ -197,53 +182,35 @@ func CheckPassword(user *User, password string, lang string, options ...bool) st
 			return ""
 		}
 
-		return recordSigninErrorInfo(user, lang, enableCaptcha)
+		return recordSigninErrorInfo(user, lang)
 	} else {
 		return fmt.Sprintf(i18n.Translate(lang, "check:unsupported password type: %s"), organization.PasswordType)
 	}
 }
 
-func CheckPasswordComplexityByOrg(organization *Organization, password string) string {
-	errorMsg := checkPasswordComplexity(password, organization.PasswordOptions)
-	return errorMsg
-}
-
-func CheckPasswordComplexity(user *User, password string) string {
-	organization, _ := GetOrganizationByUser(user)
-	return CheckPasswordComplexityByOrg(organization, password)
-}
-
-func checkLdapUserPassword(user *User, password string, lang string) string {
-	ldaps, err := GetLdaps(user.Owner)
-	if err != nil {
-		return err.Error()
-	}
-
+func checkLdapUserPassword(user *User, password string, lang string) (*User, string) {
+	ldaps := GetLdaps(user.Owner)
 	ldapLoginSuccess := false
-	hit := false
-
 	for _, ldapServer := range ldaps {
 		conn, err := ldapServer.GetLdapConn()
 		if err != nil {
 			continue
 		}
-
-		searchReq := goldap.NewSearchRequest(ldapServer.BaseDn, goldap.ScopeWholeSubtree, goldap.NeverDerefAliases,
-			0, 0, false, ldapServer.buildAuthFilterString(user), []string{}, nil)
-
+		SearchFilter := fmt.Sprintf("(&(objectClass=posixAccount)(uid=%s))", user.Name)
+		searchReq := goldap.NewSearchRequest(ldapServer.BaseDn,
+			goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
+			SearchFilter, []string{}, nil)
 		searchResult, err := conn.Conn.Search(searchReq)
 		if err != nil {
-			return err.Error()
+			return nil, err.Error()
 		}
 
 		if len(searchResult.Entries) == 0 {
 			continue
-		}
-		if len(searchResult.Entries) > 1 {
-			return i18n.Translate(lang, "check:Multiple accounts with same uid, please check your ldap server")
+		} else if len(searchResult.Entries) > 1 {
+			return nil, i18n.Translate(lang, "check:Multiple accounts with same uid, please check your ldap server")
 		}
 
-		hit = true
 		dn := searchResult.Entries[0].DN
 		if err := conn.Conn.Bind(dn, password); err == nil {
 			ldapLoginSuccess = true
@@ -252,25 +219,14 @@ func checkLdapUserPassword(user *User, password string, lang string) string {
 	}
 
 	if !ldapLoginSuccess {
-		if !hit {
-			return "user not exist"
-		}
-		return i18n.Translate(lang, "check:LDAP user name or password incorrect")
+		return nil, i18n.Translate(lang, "check:Ldap user name or password incorrect")
 	}
-	return ""
+	return user, ""
 }
 
-func CheckUserPassword(organization string, username string, password string, lang string, options ...bool) (*User, string) {
-	enableCaptcha := false
-	if len(options) > 0 {
-		enableCaptcha = options[0]
-	}
-	user, err := GetUserByFields(organization, username)
-	if err != nil {
-		panic(err)
-	}
-
-	if user == nil || user.IsDeleted {
+func CheckUserPassword(organization string, username string, password string, lang string) (*User, string) {
+	user := GetUserByFields(organization, username)
+	if user == nil || user.IsDeleted == true {
 		return nil, fmt.Sprintf(i18n.Translate(lang, "general:The user: %s doesn't exist"), util.GetId(organization, username))
 	}
 
@@ -280,14 +236,10 @@ func CheckUserPassword(organization string, username string, password string, la
 
 	if user.Ldap != "" {
 		// ONLY for ldap users
-		if msg := checkLdapUserPassword(user, password, lang); msg != "" {
-			if msg == "user not exist" {
-				return nil, fmt.Sprintf(i18n.Translate(lang, "check:The user: %s doesn't exist in LDAP server"), username)
-			}
-			return nil, msg
-		}
+		return checkLdapUserPassword(user, password, lang)
 	} else {
-		if msg := CheckPassword(user, password, lang, enableCaptcha); msg != "" {
+		msg := CheckPassword(user, password, lang)
+		if msg != "" {
 			return nil, msg
 		}
 	}
@@ -298,24 +250,14 @@ func filterField(field string) bool {
 	return reFieldWhiteList.MatchString(field)
 }
 
-func CheckUserPermission(requestUserId, userId string, strict bool, lang string) (bool, error) {
+func CheckUserPermission(requestUserId, userId, userOwner string, strict bool, lang string) (bool, error) {
 	if requestUserId == "" {
 		return false, fmt.Errorf(i18n.Translate(lang, "general:Please login first"))
 	}
 
-	userOwner := util.GetOwnerFromId(userId)
-
 	if userId != "" {
-		targetUser, err := GetUser(userId)
-		if err != nil {
-			panic(err)
-		}
-
+		targetUser := GetUser(userId)
 		if targetUser == nil {
-			if strings.HasPrefix(requestUserId, "built-in/") {
-				return true, nil
-			}
-
 			return false, fmt.Errorf(i18n.Translate(lang, "general:The user: %s doesn't exist"), userId)
 		}
 
@@ -326,11 +268,7 @@ func CheckUserPermission(requestUserId, userId string, strict bool, lang string)
 	if strings.HasPrefix(requestUserId, "app/") {
 		hasPermission = true
 	} else {
-		requestUser, err := GetUser(requestUserId)
-		if err != nil {
-			return false, err
-		}
-
+		requestUser := GetUser(requestUserId)
 		if requestUser == nil {
 			return false, fmt.Errorf(i18n.Translate(lang, "check:Session outdated, please login again"))
 		}
@@ -351,19 +289,11 @@ func CheckUserPermission(requestUserId, userId string, strict bool, lang string)
 }
 
 func CheckAccessPermission(userId string, application *Application) (bool, error) {
-	var err error
-	if userId == "built-in/admin" {
-		return true, nil
-	}
-
-	permissions, err := GetPermissions(application.Organization)
-	if err != nil {
-		return false, err
-	}
-
+	permissions := GetPermissions(application.Organization)
 	allowed := true
+	var err error
 	for _, permission := range permissions {
-		if !permission.IsEnabled {
+		if !permission.IsEnabled || len(permission.Users) == 0 {
 			continue
 		}
 
@@ -396,6 +326,11 @@ func CheckUsername(username string, lang string) string {
 		return i18n.Translate(lang, "check:Username is too long (maximum is 39 characters).")
 	}
 
+	exclude, _ := regexp.Compile("^[\u0021-\u007E]+$")
+	if !exclude.MatchString(username) {
+		return ""
+	}
+
 	// https://stackoverflow.com/questions/58726546/github-username-convention-using-regex
 	re, _ := regexp.Compile("^[a-zA-Z0-9]+((?:-[a-zA-Z0-9]+)|(?:_[a-zA-Z0-9]+))*$")
 	if !re.MatchString(username) {
@@ -405,7 +340,7 @@ func CheckUsername(username string, lang string) string {
 	return ""
 }
 
-func CheckUpdateUser(oldUser, user *User, lang string) string {
+func CheckUpdateUser(oldUser *User, user *User, lang string) string {
 	if user.DisplayName == "" {
 		return i18n.Translate(lang, "user:Display name cannot be empty")
 	}
@@ -432,9 +367,9 @@ func CheckUpdateUser(oldUser, user *User, lang string) string {
 	return ""
 }
 
-func CheckToEnableCaptcha(application *Application, organization, username string) (bool, error) {
+func CheckToEnableCaptcha(application *Application) bool {
 	if len(application.Providers) == 0 {
-		return false, nil
+		return false
 	}
 
 	for _, providerItem := range application.Providers {
@@ -442,16 +377,9 @@ func CheckToEnableCaptcha(application *Application, organization, username strin
 			continue
 		}
 		if providerItem.Provider.Category == "Captcha" {
-			if providerItem.Rule == "Dynamic" {
-				user, err := GetUserByFields(organization, username)
-				if err != nil {
-					return false, err
-				}
-				return user != nil && user.SigninWrongTimes >= SigninWrongTimesLimit, nil
-			}
-			return providerItem.Rule == "Always", nil
+			return providerItem.Rule == "Always"
 		}
 	}
 
-	return false, nil
+	return false
 }

object/check_password_complexity.go

@@ -1,98 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package object
-
-import (
-	"regexp"
-)
-
-type ValidatorFunc func(password string) string
-
-var (
-	regexLowerCase = regexp.MustCompile(`[a-z]`)
-	regexUpperCase = regexp.MustCompile(`[A-Z]`)
-	regexDigit     = regexp.MustCompile(`\d`)
-	regexSpecial   = regexp.MustCompile(`[!@#$%^&*]`)
-)
-
-func isValidOption_AtLeast6(password string) string {
-	if len(password) < 6 {
-		return "The password must have at least 6 characters"
-	}
-	return ""
-}
-
-func isValidOption_AtLeast8(password string) string {
-	if len(password) < 8 {
-		return "The password must have at least 8 characters"
-	}
-	return ""
-}
-
-func isValidOption_Aa123(password string) string {
-	hasLowerCase := regexLowerCase.MatchString(password)
-	hasUpperCase := regexUpperCase.MatchString(password)
-	hasDigit := regexDigit.MatchString(password)
-
-	if !hasLowerCase || !hasUpperCase || !hasDigit {
-		return "The password must contain at least one uppercase letter, one lowercase letter and one digit"
-	}
-	return ""
-}
-
-func isValidOption_SpecialChar(password string) string {
-	if !regexSpecial.MatchString(password) {
-		return "The password must contain at least one special character"
-	}
-	return ""
-}
-
-func isValidOption_NoRepeat(password string) string {
-	for i := 0; i < len(password)-1; i++ {
-		if password[i] == password[i+1] {
-			return "The password must not contain any repeated characters"
-		}
-	}
-	return ""
-}
-
-func checkPasswordComplexity(password string, options []string) string {
-	if len(password) == 0 {
-		return "Please input your password!"
-	}
-
-	if len(options) == 0 {
-		options = []string{"AtLeast6"}
-	}
-
-	checkers := map[string]ValidatorFunc{
-		"AtLeast6":    isValidOption_AtLeast6,
-		"AtLeast8":    isValidOption_AtLeast8,
-		"Aa123":       isValidOption_Aa123,
-		"SpecialChar": isValidOption_SpecialChar,
-		"NoRepeat":    isValidOption_NoRepeat,
-	}
-
-	for _, option := range options {
-		checkerFunc, ok := checkers[option]
-		if ok {
-			errorMsg := checkerFunc(password)
-			if errorMsg != "" {
-				return errorMsg
-			}
-		}
-	}
-	return ""
-}

object/check_util.go

@@ -45,15 +45,9 @@ func resetUserSigninErrorTimes(user *User) {
 	UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, user.IsGlobalAdmin)
 }
 
-func recordSigninErrorInfo(user *User, lang string, options ...bool) string {
-	enableCaptcha := false
-	if len(options) > 0 {
-		enableCaptcha = options[0]
-	}
+func recordSigninErrorInfo(user *User, lang string) string {
 	// increase failed login count
-	if user.SigninWrongTimes < SigninWrongTimesLimit {
-		user.SigninWrongTimes++
-	}
+	user.SigninWrongTimes++
 
 	if user.SigninWrongTimes >= SigninWrongTimesLimit {
 		// record the latest failed login time
@@ -63,11 +57,10 @@ func recordSigninErrorInfo(user *User, lang string, options ...bool) string {
 	// update user
 	UpdateUser(user.GetId(), user, []string{"signin_wrong_times", "last_signin_wrong_time"}, user.IsGlobalAdmin)
 	leftChances := SigninWrongTimesLimit - user.SigninWrongTimes
-	if leftChances == 0 && enableCaptcha {
-		return fmt.Sprint(i18n.Translate(lang, "check:password or code is incorrect"))
-	} else if leftChances >= 0 {
+	if leftChances > 0 {
 		return fmt.Sprintf(i18n.Translate(lang, "check:password or code is incorrect, you have %d remaining chances"), leftChances)
 	}
+
 	// don't show the chance error message if the user has no chance left
 	return fmt.Sprintf(i18n.Translate(lang, "check:You have entered the wrong password or code too many times, please wait for %d minutes and try again"), int(LastSignWrongTimeDuration.Minutes()))
 }

object/email.go

@@ -24,9 +24,11 @@ import (
 
 func getDialer(provider *Provider) *gomail.Dialer {
 	dialer := &gomail.Dialer{}
-	dialer = gomail.NewDialer(provider.Host, provider.Port, provider.ClientId, provider.ClientSecret)
 	if provider.Type == "SUBMAIL" {
+		dialer = gomail.NewDialer(provider.Host, provider.Port, provider.AppId, provider.ClientSecret)
 		dialer.TLSConfig = &tls.Config{InsecureSkipVerify: true}
+	} else {
+		dialer = gomail.NewDialer(provider.Host, provider.Port, provider.ClientId, provider.ClientSecret)
 	}
 
 	dialer.SSL = !provider.DisableSsl
@@ -38,23 +40,14 @@ func SendEmail(provider *Provider, title string, content string, dest string, se
 	dialer := getDialer(provider)
 
 	message := gomail.NewMessage()
-
-	fromAddress := provider.ClientId2
-	if fromAddress == "" {
-		fromAddress = provider.ClientId
-	}
-
-	fromName := provider.ClientSecret2
-	if fromName == "" {
-		fromName = sender
-	}
-
-	message.SetAddressHeader("From", fromAddress, fromName)
+	message.SetAddressHeader("From", provider.ClientId, sender)
 	message.SetHeader("To", dest)
 	message.SetHeader("Subject", title)
 	message.SetBody("text/html", content)
 
-	message.SkipUsernameCheck = true
+	if provider.Type == "Mailtrap" {
+		message.SkipUsernameCheck = true
+	}
 
 	return dialer.DialAndSend(message)
 }

object/group.go

@@ -1,304 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package object
-
-import (
-	"errors"
-	"fmt"
-
-	"github.com/casdoor/casdoor/util"
-	"github.com/xorm-io/builder"
-	"github.com/xorm-io/core"
-)
-
-type Group struct {
-	Owner       string `xorm:"varchar(100) notnull pk" json:"owner"`
-	Name        string `xorm:"varchar(100) notnull pk unique index" json:"name"`
-	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
-	UpdatedTime string `xorm:"varchar(100)" json:"updatedTime"`
-
-	DisplayName  string  `xorm:"varchar(100)" json:"displayName"`
-	Manager      string  `xorm:"varchar(100)" json:"manager"`
-	ContactEmail string  `xorm:"varchar(100)" json:"contactEmail"`
-	Type         string  `xorm:"varchar(100)" json:"type"`
-	ParentId     string  `xorm:"varchar(100)" json:"parentId"`
-	IsTopGroup   bool    `xorm:"bool" json:"isTopGroup"`
-	Users        []*User `xorm:"-" json:"users"`
-
-	Title    string   `json:"title,omitempty"`
-	Key      string   `json:"key,omitempty"`
-	Children []*Group `json:"children,omitempty"`
-
-	IsEnabled bool `json:"isEnabled"`
-}
-
-type GroupNode struct{}
-
-func GetGroupCount(owner, field, value string) (int64, error) {
-	session := GetSession(owner, -1, -1, field, value, "", "")
-	count, err := session.Count(&Group{})
-	if err != nil {
-		return 0, err
-	}
-
-	return count, nil
-}
-
-func GetGroups(owner string) ([]*Group, error) {
-	groups := []*Group{}
-	err := adapter.Engine.Desc("created_time").Find(&groups, &Group{Owner: owner})
-	if err != nil {
-		return nil, err
-	}
-
-	return groups, nil
-}
-
-func GetPaginationGroups(owner string, offset, limit int, field, value, sortField, sortOrder string) ([]*Group, error) {
-	groups := []*Group{}
-	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&groups)
-	if err != nil {
-		return nil, err
-	}
-
-	return groups, nil
-}
-
-func getGroup(owner string, name string) (*Group, error) {
-	if owner == "" || name == "" {
-		return nil, nil
-	}
-
-	group := Group{Owner: owner, Name: name}
-	existed, err := adapter.Engine.Get(&group)
-	if err != nil {
-		return nil, err
-	}
-
-	if existed {
-		return &group, nil
-	} else {
-		return nil, nil
-	}
-}
-
-func GetGroup(id string) (*Group, error) {
-	owner, name := util.GetOwnerAndNameFromId(id)
-	return getGroup(owner, name)
-}
-
-func UpdateGroup(id string, group *Group) (bool, error) {
-	owner, name := util.GetOwnerAndNameFromId(id)
-	oldGroup, err := getGroup(owner, name)
-	if oldGroup == nil {
-		return false, err
-	}
-
-	if name != group.Name {
-		err := GroupChangeTrigger(name, group.Name)
-		if err != nil {
-			return false, err
-		}
-	}
-
-	affected, err := adapter.Engine.ID(core.PK{owner, name}).AllCols().Update(group)
-	if err != nil {
-		return false, err
-	}
-
-	return affected != 0, nil
-}
-
-func AddGroup(group *Group) (bool, error) {
-	affected, err := adapter.Engine.Insert(group)
-	if err != nil {
-		return false, err
-	}
-
-	return affected != 0, nil
-}
-
-func AddGroups(groups []*Group) (bool, error) {
-	if len(groups) == 0 {
-		return false, nil
-	}
-	affected, err := adapter.Engine.Insert(groups)
-	if err != nil {
-		return false, err
-	}
-	return affected != 0, nil
-}
-
-func DeleteGroup(group *Group) (bool, error) {
-	_, err := adapter.Engine.Get(group)
-	if err != nil {
-		return false, err
-	}
-
-	if count, err := adapter.Engine.Where("parent_id = ?", group.Name).Count(&Group{}); err != nil {
-		return false, err
-	} else if count > 0 {
-		return false, errors.New("group has children group")
-	}
-
-	if count, err := GetGroupUserCount(group.Name, "", ""); err != nil {
-		return false, err
-	} else if count > 0 {
-		return false, errors.New("group has users")
-	}
-
-	affected, err := adapter.Engine.ID(core.PK{group.Owner, group.Name}).Delete(&Group{})
-	if err != nil {
-		return false, err
-	}
-
-	return affected != 0, nil
-}
-
-func (group *Group) GetId() string {
-	return fmt.Sprintf("%s/%s", group.Owner, group.Name)
-}
-
-func ConvertToTreeData(groups []*Group, parentId string) []*Group {
-	treeData := []*Group{}
-
-	for _, group := range groups {
-		if group.ParentId == parentId {
-			node := &Group{
-				Title: group.DisplayName,
-				Key:   group.Name,
-				Type:  group.Type,
-				Owner: group.Owner,
-			}
-			children := ConvertToTreeData(groups, group.Name)
-			if len(children) > 0 {
-				node.Children = children
-			}
-			treeData = append(treeData, node)
-		}
-	}
-	return treeData
-}
-
-func RemoveUserFromGroup(owner, name, groupName string) (bool, error) {
-	user, err := getUser(owner, name)
-	if err != nil {
-		return false, err
-	}
-	if user == nil {
-		return false, errors.New("user not exist")
-	}
-
-	user.Groups = util.DeleteVal(user.Groups, groupName)
-	affected, err := updateUser(user.GetId(), user, []string{"groups"})
-	if err != nil {
-		return false, err
-	}
-	return affected != 0, err
-}
-
-func GetGroupUserCount(groupName string, field, value string) (int64, error) {
-	if field == "" && value == "" {
-		return adapter.Engine.Where(builder.Like{"`groups`", groupName}).
-			Count(&User{})
-	} else {
-		return adapter.Engine.Table("user").
-			Where(builder.Like{"`groups`", groupName}).
-			And(fmt.Sprintf("user.%s LIKE ?", util.CamelToSnakeCase(field)), "%"+value+"%").
-			Count()
-	}
-}
-
-func GetPaginationGroupUsers(groupName string, offset, limit int, field, value, sortField, sortOrder string) ([]*User, error) {
-	users := []*User{}
-	session := adapter.Engine.Table("user").
-		Where(builder.Like{"`groups`", groupName})
-
-	if offset != -1 && limit != -1 {
-		session.Limit(limit, offset)
-	}
-
-	if field != "" && value != "" {
-		session = session.And(fmt.Sprintf("user.%s LIKE ?", util.CamelToSnakeCase(field)), "%"+value+"%")
-	}
-
-	if sortField == "" || sortOrder == "" {
-		sortField = "created_time"
-	}
-	if sortOrder == "ascend" {
-		session = session.Asc(fmt.Sprintf("user.%s", util.SnakeString(sortField)))
-	} else {
-		session = session.Desc(fmt.Sprintf("user.%s", util.SnakeString(sortField)))
-	}
-
-	err := session.Find(&users)
-	if err != nil {
-		return nil, err
-	}
-
-	return users, nil
-}
-
-func GetGroupUsers(groupName string) ([]*User, error) {
-	users := []*User{}
-	err := adapter.Engine.Table("user").
-		Where(builder.Like{"`groups`", groupName}).
-		Find(&users)
-	if err != nil {
-		return nil, err
-	}
-
-	return users, nil
-}
-
-func GroupChangeTrigger(oldName, newName string) error {
-	session := adapter.Engine.NewSession()
-	defer session.Close()
-	err := session.Begin()
-	if err != nil {
-		return err
-	}
-
-	users := []*User{}
-	err = session.Where(builder.Like{"`groups`", oldName}).Find(&users)
-	if err != nil {
-		return err
-	}
-
-	for _, user := range users {
-		user.Groups = util.ReplaceVal(user.Groups, oldName, newName)
-		_, err := updateUser(user.GetId(), user, []string{"groups"})
-		if err != nil {
-			return err
-		}
-	}
-
-	groups := []*Group{}
-	err = session.Where("parent_id = ?", oldName).Find(&groups)
-	for _, group := range groups {
-		group.ParentId = newName
-		_, err := session.ID(core.PK{group.Owner, group.Name}).Cols("parent_id").Update(group)
-		if err != nil {
-			return err
-		}
-	}
-
-	err = session.Commit()
-	if err != nil {
-		return err
-	}
-	return nil
-}

object/init.go

@@ -61,25 +61,19 @@ func getBuiltInAccountItems() []*AccountItem {
 		{Name: "Signup application", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
 		{Name: "Roles", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
 		{Name: "Permissions", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
-		{Name: "Groups", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
 		{Name: "3rd-party logins", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
 		{Name: "Properties", Visible: false, ViewRule: "Admin", ModifyRule: "Admin"},
 		{Name: "Is admin", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
 		{Name: "Is global admin", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
 		{Name: "Is forbidden", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
 		{Name: "Is deleted", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
-		{Name: "Multi-factor authentication", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
 		{Name: "WebAuthn credentials", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
 		{Name: "Managed accounts", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
 	}
 }
 
 func initBuiltInOrganization() bool {
-	organization, err := getOrganization("admin", "built-in")
-	if err != nil {
-		panic(err)
-	}
-
+	organization := getOrganization("admin", "built-in")
 	if organization != nil {
 		return true
 	}
@@ -92,29 +86,21 @@ func initBuiltInOrganization() bool {
 		WebsiteUrl:         "https://example.com",
 		Favicon:            fmt.Sprintf("%s/img/casbin/favicon.ico", conf.GetConfigString("staticBaseUrl")),
 		PasswordType:       "plain",
-		PasswordOptions:    []string{"AtLeast6"},
 		CountryCodes:       []string{"US", "ES", "CN", "FR", "DE", "GB", "JP", "KR", "VN", "ID", "SG", "IN"},
 		DefaultAvatar:      fmt.Sprintf("%s/img/casbin.svg", conf.GetConfigString("staticBaseUrl")),
 		Tags:               []string{},
-		Languages:          []string{"en", "zh", "es", "fr", "de", "id", "ja", "ko", "ru", "vi", "pt"},
+		Languages:          []string{"en", "zh", "es", "fr", "de", "ja", "ko", "ru", "vi"},
 		InitScore:          2000,
 		AccountItems:       getBuiltInAccountItems(),
 		EnableSoftDeletion: false,
 		IsProfilePublic:    false,
 	}
-	_, err = AddOrganization(organization)
-	if err != nil {
-		panic(err)
-	}
-
+	AddOrganization(organization)
 	return false
 }
 
 func initBuiltInUser() {
-	user, err := getUser("built-in", "admin")
-	if err != nil {
-		panic(err)
-	}
+	user := getUser("built-in", "admin")
 	if user != nil {
 		return
 	}
@@ -144,18 +130,11 @@ func initBuiltInUser() {
 		CreatedIp:         "127.0.0.1",
 		Properties:        make(map[string]string),
 	}
-	_, err = AddUser(user)
-	if err != nil {
-		panic(err)
-	}
+	AddUser(user)
 }
 
 func initBuiltInApplication() {
-	application, err := getApplication("admin", "app-built-in")
-	if err != nil {
-		panic(err)
-	}
-
+	application := getApplication("admin", "app-built-in")
 	if application != nil {
 		return
 	}
@@ -188,10 +167,7 @@ func initBuiltInApplication() {
 		ExpireInHours: 168,
 		FormOffset:    2,
 	}
-	_, err = AddApplication(application)
-	if err != nil {
-		panic(err)
-	}
+	AddApplication(application)
 }
 
 func readTokenFromFile() (string, string) {
@@ -210,11 +186,7 @@ func readTokenFromFile() (string, string) {
 
 func initBuiltInCert() {
 	tokenJwtCertificate, tokenJwtPrivateKey := readTokenFromFile()
-	cert, err := getCert("admin", "cert-built-in")
-	if err != nil {
-		panic(err)
-	}
-
+	cert := getCert("admin", "cert-built-in")
 	if cert != nil {
 		return
 	}
@@ -232,18 +204,11 @@ func initBuiltInCert() {
 		Certificate:     tokenJwtCertificate,
 		PrivateKey:      tokenJwtPrivateKey,
 	}
-	_, err = AddCert(cert)
-	if err != nil {
-		panic(err)
-	}
+	AddCert(cert)
 }
 
 func initBuiltInLdap() {
-	ldap, err := GetLdap("ldap-built-in")
-	if err != nil {
-		panic(err)
-	}
-
+	ldap := GetLdap("ldap-built-in")
 	if ldap != nil {
 		return
 	}
@@ -254,24 +219,17 @@ func initBuiltInLdap() {
 		ServerName: "BuildIn LDAP Server",
 		Host:       "example.com",
 		Port:       389,
-		Username:   "cn=buildin,dc=example,dc=com",
-		Password:   "123",
+		Admin:      "cn=buildin,dc=example,dc=com",
+		Passwd:     "123",
 		BaseDn:     "ou=BuildIn,dc=example,dc=com",
 		AutoSync:   0,
 		LastSync:   "",
 	}
-	_, err = AddLdap(ldap)
-	if err != nil {
-		panic(err)
-	}
+	AddLdap(ldap)
 }
 
 func initBuiltInProvider() {
-	provider, err := GetProvider(util.GetId("admin", "provider_captcha_default"))
-	if err != nil {
-		panic(err)
-	}
-
+	provider := GetProvider(util.GetId("admin", "provider_captcha_default"))
 	if provider != nil {
 		return
 	}
@@ -284,10 +242,7 @@ func initBuiltInProvider() {
 		Category:    "Captcha",
 		Type:        "Default",
 	}
-	_, err = AddProvider(provider)
-	if err != nil {
-		panic(err)
-	}
+	AddProvider(provider)
 }
 
 func initWebAuthn() {
@@ -295,11 +250,7 @@ func initWebAuthn() {
 }
 
 func initBuiltInModel() {
-	model, err := GetModel("built-in/model-built-in")
-	if err != nil {
-		panic(err)
-	}
-
+	model := GetModel("built-in/model-built-in")
 	if model != nil {
 		return
 	}
@@ -322,17 +273,11 @@ e = some(where (p.eft == allow))
 [matchers]
 m = r.sub == p.sub && r.obj == p.obj && r.act == p.act`,
 	}
-	_, err = AddModel(model)
-	if err != nil {
-		panic(err)
-	}
+	AddModel(model)
 }
 
 func initBuiltInPermission() {
-	permission, err := GetPermission("built-in/permission-built-in")
-	if err != nil {
-		panic(err)
-	}
+	permission := GetPermission("built-in/permission-built-in")
 	if permission != nil {
 		return
 	}
@@ -352,8 +297,5 @@ func initBuiltInPermission() {
 		Effect:       "Allow",
 		IsEnabled:    true,
 	}
-	_, err = AddPermission(permission)
-	if err != nil {
-		panic(err)
-	}
+	AddPermission(permission)
 }

object/init_data.go

@@ -14,10 +14,7 @@
 
 package object
 
-import (
-	"github.com/casdoor/casdoor/conf"
-	"github.com/casdoor/casdoor/util"
-)
+import "github.com/casdoor/casdoor/util"
 
 type InitData struct {
 	Organizations []*Organization `json:"organizations"`
@@ -38,16 +35,7 @@ type InitData struct {
 }
 
 func InitFromFile() {
-	initDataFile := conf.GetConfigString("initDataFile")
-	if initDataFile == "" {
-		return
-	}
-
-	initData, err := readInitDataFromFile(initDataFile)
-	if err != nil {
-		panic(err)
-	}
-
+	initData := readInitDataFromFile("./init_data.json")
 	if initData != nil {
 		for _, organization := range initData.Organizations {
 			initDefinedOrganization(organization)
@@ -97,9 +85,9 @@ func InitFromFile() {
 	}
 }
 
-func readInitDataFromFile(filePath string) (*InitData, error) {
+func readInitDataFromFile(filePath string) *InitData {
 	if !util.FileExist(filePath) {
-		return nil, nil
+		return nil
 	}
 
 	s := util.ReadStringFromPath(filePath)
@@ -123,7 +111,7 @@ func readInitDataFromFile(filePath string) (*InitData, error) {
 	}
 	err := util.JsonToStruct(s, data)
 	if err != nil {
-		return nil, err
+		panic(err)
 	}
 
 	// transform nil slice to empty slice
@@ -182,246 +170,142 @@ func readInitDataFromFile(filePath string) (*InitData, error) {
 		}
 	}
 
-	return data, nil
+	return data
 }
 
 func initDefinedOrganization(organization *Organization) {
-	existed, err := getOrganization(organization.Owner, organization.Name)
-	if err != nil {
-		panic(err)
-	}
-
+	existed := getOrganization(organization.Owner, organization.Name)
 	if existed != nil {
 		return
 	}
 	organization.CreatedTime = util.GetCurrentTime()
 	organization.AccountItems = getBuiltInAccountItems()
 
-	_, err = AddOrganization(organization)
-	if err != nil {
-		panic(err)
-	}
+	AddOrganization(organization)
 }
 
 func initDefinedApplication(application *Application) {
-	existed, err := getApplication(application.Owner, application.Name)
-	if err != nil {
-		panic(err)
-	}
-
+	existed := getApplication(application.Owner, application.Name)
 	if existed != nil {
 		return
 	}
 	application.CreatedTime = util.GetCurrentTime()
-	_, err = AddApplication(application)
-	if err != nil {
-		panic(err)
-	}
+	AddApplication(application)
 }
 
 func initDefinedUser(user *User) {
-	existed, err := getUser(user.Owner, user.Name)
-	if err != nil {
-		panic(err)
-	}
+	existed := getUser(user.Owner, user.Name)
 	if existed != nil {
 		return
 	}
 	user.CreatedTime = util.GetCurrentTime()
 	user.Id = util.GenerateId()
 	user.Properties = make(map[string]string)
-	_, err = AddUser(user)
-	if err != nil {
-		panic(err)
-	}
+	AddUser(user)
 }
 
 func initDefinedCert(cert *Cert) {
-	existed, err := getCert(cert.Owner, cert.Name)
-	if err != nil {
-		panic(err)
-	}
-
+	existed := getCert(cert.Owner, cert.Name)
 	if existed != nil {
 		return
 	}
 	cert.CreatedTime = util.GetCurrentTime()
-	_, err = AddCert(cert)
-	if err != nil {
-		panic(err)
-	}
+	AddCert(cert)
 }
 
 func initDefinedLdap(ldap *Ldap) {
-	existed, err := GetLdap(ldap.Id)
-	if err != nil {
-		panic(err)
-	}
-
+	existed := GetLdap(ldap.Id)
 	if existed != nil {
 		return
 	}
-	_, err = AddLdap(ldap)
-	if err != nil {
-		panic(err)
-	}
+	AddLdap(ldap)
 }
 
 func initDefinedProvider(provider *Provider) {
-	existed, err := GetProvider(util.GetId("admin", provider.Name))
-	if err != nil {
-		panic(err)
-	}
-
+	existed := GetProvider(util.GetId("admin", provider.Name))
 	if existed != nil {
 		return
 	}
-	_, err = AddProvider(provider)
-	if err != nil {
-		panic(err)
-	}
+	AddProvider(provider)
 }
 
 func initDefinedModel(model *Model) {
-	existed, err := GetModel(model.GetId())
-	if err != nil {
-		panic(err)
-	}
-
+	existed := GetModel(model.GetId())
 	if existed != nil {
 		return
 	}
 	model.CreatedTime = util.GetCurrentTime()
-	_, err = AddModel(model)
-	if err != nil {
-		panic(err)
-	}
+	AddModel(model)
 }
 
 func initDefinedPermission(permission *Permission) {
-	existed, err := GetPermission(permission.GetId())
-	if err != nil {
-		panic(err)
-	}
-
+	existed := GetPermission(permission.GetId())
 	if existed != nil {
 		return
 	}
 	permission.CreatedTime = util.GetCurrentTime()
-	_, err = AddPermission(permission)
-	if err != nil {
-		panic(err)
-	}
+	AddPermission(permission)
 }
 
 func initDefinedPayment(payment *Payment) {
-	existed, err := GetPayment(payment.GetId())
-	if err != nil {
-		panic(err)
-	}
-
+	existed := GetPayment(payment.GetId())
 	if existed != nil {
 		return
 	}
 	payment.CreatedTime = util.GetCurrentTime()
-	_, err = AddPayment(payment)
-	if err != nil {
-		panic(err)
-	}
+	AddPayment(payment)
 }
 
 func initDefinedProduct(product *Product) {
-	existed, err := GetProduct(product.GetId())
-	if err != nil {
-		panic(err)
-	}
-
+	existed := GetProduct(product.GetId())
 	if existed != nil {
 		return
 	}
 	product.CreatedTime = util.GetCurrentTime()
-	_, err = AddProduct(product)
-	if err != nil {
-		panic(err)
-	}
+	AddProduct(product)
 }
 
 func initDefinedResource(resource *Resource) {
-	existed, err := GetResource(resource.GetId())
-	if err != nil {
-		panic(err)
-	}
-
+	existed := GetResource(resource.GetId())
 	if existed != nil {
 		return
 	}
 	resource.CreatedTime = util.GetCurrentTime()
-	_, err = AddResource(resource)
-	if err != nil {
-		panic(err)
-	}
+	AddResource(resource)
 }
 
 func initDefinedRole(role *Role) {
-	existed, err := GetRole(role.GetId())
-	if err != nil {
-		panic(err)
-	}
-
+	existed := GetRole(role.GetId())
 	if existed != nil {
 		return
 	}
 	role.CreatedTime = util.GetCurrentTime()
-	_, err = AddRole(role)
-	if err != nil {
-		panic(err)
-	}
+	AddRole(role)
 }
 
 func initDefinedSyncer(syncer *Syncer) {
-	existed, err := GetSyncer(syncer.GetId())
-	if err != nil {
-		panic(err)
-	}
-
+	existed := GetSyncer(syncer.GetId())
 	if existed != nil {
 		return
 	}
 	syncer.CreatedTime = util.GetCurrentTime()
-	_, err = AddSyncer(syncer)
-	if err != nil {
-		panic(err)
-	}
+	AddSyncer(syncer)
 }
 
 func initDefinedToken(token *Token) {
-	existed, err := GetToken(token.GetId())
-	if err != nil {
-		panic(err)
-	}
-
+	existed := GetToken(token.GetId())
 	if existed != nil {
 		return
 	}
 	token.CreatedTime = util.GetCurrentTime()
-	_, err = AddToken(token)
-	if err != nil {
-		panic(err)
-	}
+	AddToken(token)
 }
 
 func initDefinedWebhook(webhook *Webhook) {
-	existed, err := GetWebhook(webhook.GetId())
-	if err != nil {
-		panic(err)
-	}
-
+	existed := GetWebhook(webhook.GetId())
 	if existed != nil {
 		return
 	}
 	webhook.CreatedTime = util.GetCurrentTime()
-	_, err = AddWebhook(webhook)
-	if err != nil {
-		panic(err)
-	}
+	AddWebhook(webhook)
 }

object/ldap.go

@@ -15,7 +15,14 @@
 package object
 
 import (
+	"errors"
+	"fmt"
+	"strings"
+
+	"github.com/beego/beego"
 	"github.com/casdoor/casdoor/util"
+	goldap "github.com/go-ldap/ldap/v3"
+	"github.com/thanhpk/randstr"
 )
 
 type Ldap struct {
@@ -23,21 +30,264 @@ type Ldap struct {
 	Owner       string `xorm:"varchar(100)" json:"owner"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`
 
-	ServerName   string   `xorm:"varchar(100)" json:"serverName"`
-	Host         string   `xorm:"varchar(100)" json:"host"`
-	Port         int      `xorm:"int" json:"port"`
-	EnableSsl    bool     `xorm:"bool" json:"enableSsl"`
-	Username     string   `xorm:"varchar(100)" json:"username"`
-	Password     string   `xorm:"varchar(100)" json:"password"`
-	BaseDn       string   `xorm:"varchar(100)" json:"baseDn"`
-	Filter       string   `xorm:"varchar(200)" json:"filter"`
-	FilterFields []string `xorm:"varchar(100)" json:"filterFields"`
+	ServerName string `xorm:"varchar(100)" json:"serverName"`
+	Host       string `xorm:"varchar(100)" json:"host"`
+	Port       int    `json:"port"`
+	EnableSsl  bool   `xorm:"bool" json:"enableSsl"`
+	Admin      string `xorm:"varchar(100)" json:"admin"`
+	Passwd     string `xorm:"varchar(100)" json:"passwd"`
+	BaseDn     string `xorm:"varchar(100)" json:"baseDn"`
 
 	AutoSync int    `json:"autoSync"`
 	LastSync string `xorm:"varchar(100)" json:"lastSync"`
 }
 
-func AddLdap(ldap *Ldap) (bool, error) {
+type ldapConn struct {
+	Conn *goldap.Conn
+	IsAD bool
+}
+
+//type ldapGroup struct {
+//	GidNumber string
+//	Cn        string
+//}
+
+type ldapUser struct {
+	UidNumber string
+	Uid       string
+	Cn        string
+	GidNumber string
+	// Gcn                   string
+	Uuid                  string
+	Mail                  string
+	Email                 string
+	EmailAddress          string
+	TelephoneNumber       string
+	Mobile                string
+	MobileTelephoneNumber string
+	RegisteredAddress     string
+	PostalAddress         string
+}
+
+type LdapRespUser struct {
+	UidNumber string `json:"uidNumber"`
+	Uid       string `json:"uid"`
+	Cn        string `json:"cn"`
+	GroupId   string `json:"groupId"`
+	// GroupName string `json:"groupName"`
+	Uuid    string `json:"uuid"`
+	Email   string `json:"email"`
+	Phone   string `json:"phone"`
+	Address string `json:"address"`
+}
+
+type ldapServerType struct {
+	Vendorname           string
+	Vendorversion        string
+	IsGlobalCatalogReady string
+	ForestFunctionality  string
+}
+
+func LdapUsersToLdapRespUsers(users []ldapUser) []LdapRespUser {
+	returnAnyNotEmpty := func(strs ...string) string {
+		for _, str := range strs {
+			if str != "" {
+				return str
+			}
+		}
+		return ""
+	}
+
+	res := make([]LdapRespUser, 0)
+	for _, user := range users {
+		res = append(res, LdapRespUser{
+			UidNumber: user.UidNumber,
+			Uid:       user.Uid,
+			Cn:        user.Cn,
+			GroupId:   user.GidNumber,
+			Uuid:      user.Uuid,
+			Email:     returnAnyNotEmpty(user.Email, user.EmailAddress, user.Mail),
+			Phone:     returnAnyNotEmpty(user.Mobile, user.MobileTelephoneNumber, user.TelephoneNumber),
+			Address:   returnAnyNotEmpty(user.PostalAddress, user.RegisteredAddress),
+		})
+	}
+	return res
+}
+
+func isMicrosoftAD(Conn *goldap.Conn) (bool, error) {
+	SearchFilter := "(objectclass=*)"
+	SearchAttributes := []string{"vendorname", "vendorversion", "isGlobalCatalogReady", "forestFunctionality"}
+
+	searchReq := goldap.NewSearchRequest("",
+		goldap.ScopeBaseObject, goldap.NeverDerefAliases, 0, 0, false,
+		SearchFilter, SearchAttributes, nil)
+	searchResult, err := Conn.Search(searchReq)
+	if err != nil {
+		return false, err
+	}
+	if len(searchResult.Entries) == 0 {
+		return false, errors.New("no result")
+	}
+	isMicrosoft := false
+	var ldapServerType ldapServerType
+	for _, entry := range searchResult.Entries {
+		for _, attribute := range entry.Attributes {
+			switch attribute.Name {
+			case "vendorname":
+				ldapServerType.Vendorname = attribute.Values[0]
+			case "vendorversion":
+				ldapServerType.Vendorversion = attribute.Values[0]
+			case "isGlobalCatalogReady":
+				ldapServerType.IsGlobalCatalogReady = attribute.Values[0]
+			case "forestFunctionality":
+				ldapServerType.ForestFunctionality = attribute.Values[0]
+			}
+		}
+	}
+	if ldapServerType.Vendorname == "" &&
+		ldapServerType.Vendorversion == "" &&
+		ldapServerType.IsGlobalCatalogReady == "TRUE" &&
+		ldapServerType.ForestFunctionality != "" {
+		isMicrosoft = true
+	}
+	return isMicrosoft, err
+}
+
+func (ldap *Ldap) GetLdapConn() (c *ldapConn, err error) {
+	var conn *goldap.Conn
+	if ldap.EnableSsl {
+		conn, err = goldap.DialTLS("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port), nil)
+	} else {
+		conn, err = goldap.Dial("tcp", fmt.Sprintf("%s:%d", ldap.Host, ldap.Port))
+	}
+
+	if err != nil {
+		return nil, err
+	}
+
+	err = conn.Bind(ldap.Admin, ldap.Passwd)
+	if err != nil {
+		return nil, err
+	}
+
+	isAD, err := isMicrosoftAD(conn)
+	if err != nil {
+		return nil, err
+	}
+	return &ldapConn{Conn: conn, IsAD: isAD}, nil
+}
+
+//FIXME: The Base DN does not necessarily contain the Group
+//func (l *ldapConn) GetLdapGroups(baseDn string) (map[string]ldapGroup, error) {
+//	SearchFilter := "(objectClass=posixGroup)"
+//	SearchAttributes := []string{"cn", "gidNumber"}
+//	groupMap := make(map[string]ldapGroup)
+//
+//	searchReq := goldap.NewSearchRequest(baseDn,
+//		goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
+//		SearchFilter, SearchAttributes, nil)
+//	searchResult, err := l.Conn.Search(searchReq)
+//	if err != nil {
+//		return nil, err
+//	}
+//
+//	if len(searchResult.Entries) == 0 {
+//		return nil, errors.New("no result")
+//	}
+//
+//	for _, entry := range searchResult.Entries {
+//		var ldapGroupItem ldapGroup
+//		for _, attribute := range entry.Attributes {
+//			switch attribute.Name {
+//			case "gidNumber":
+//				ldapGroupItem.GidNumber = attribute.Values[0]
+//				break
+//			case "cn":
+//				ldapGroupItem.Cn = attribute.Values[0]
+//				break
+//			}
+//		}
+//		groupMap[ldapGroupItem.GidNumber] = ldapGroupItem
+//	}
+//
+//	return groupMap, nil
+//}
+
+func (l *ldapConn) GetLdapUsers(baseDn string) ([]ldapUser, error) {
+	SearchFilter := "(objectClass=posixAccount)"
+	SearchAttributes := []string{
+		"uidNumber", "uid", "cn", "gidNumber", "entryUUID", "mail", "email",
+		"emailAddress", "telephoneNumber", "mobile", "mobileTelephoneNumber", "registeredAddress", "postalAddress",
+	}
+	SearchFilterMsAD := "(objectClass=user)"
+	SearchAttributesMsAD := []string{
+		"uidNumber", "sAMAccountName", "cn", "gidNumber", "entryUUID", "mail", "email",
+		"emailAddress", "telephoneNumber", "mobile", "mobileTelephoneNumber", "registeredAddress", "postalAddress",
+	}
+	var searchReq *goldap.SearchRequest
+	if l.IsAD {
+		searchReq = goldap.NewSearchRequest(baseDn,
+			goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
+			SearchFilterMsAD, SearchAttributesMsAD, nil)
+	} else {
+		searchReq = goldap.NewSearchRequest(baseDn,
+			goldap.ScopeWholeSubtree, goldap.NeverDerefAliases, 0, 0, false,
+			SearchFilter, SearchAttributes, nil)
+	}
+	searchResult, err := l.Conn.SearchWithPaging(searchReq, 100)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(searchResult.Entries) == 0 {
+		return nil, errors.New("no result")
+	}
+
+	var ldapUsers []ldapUser
+
+	for _, entry := range searchResult.Entries {
+		var ldapUserItem ldapUser
+		for _, attribute := range entry.Attributes {
+			switch attribute.Name {
+			case "uidNumber":
+				ldapUserItem.UidNumber = attribute.Values[0]
+			case "uid":
+				ldapUserItem.Uid = attribute.Values[0]
+			case "sAMAccountName":
+				ldapUserItem.Uid = attribute.Values[0]
+			case "cn":
+				ldapUserItem.Cn = attribute.Values[0]
+			case "gidNumber":
+				ldapUserItem.GidNumber = attribute.Values[0]
+			case "entryUUID":
+				ldapUserItem.Uuid = attribute.Values[0]
+			case "objectGUID":
+				ldapUserItem.Uuid = attribute.Values[0]
+			case "mail":
+				ldapUserItem.Mail = attribute.Values[0]
+			case "email":
+				ldapUserItem.Email = attribute.Values[0]
+			case "emailAddress":
+				ldapUserItem.EmailAddress = attribute.Values[0]
+			case "telephoneNumber":
+				ldapUserItem.TelephoneNumber = attribute.Values[0]
+			case "mobile":
+				ldapUserItem.Mobile = attribute.Values[0]
+			case "mobileTelephoneNumber":
+				ldapUserItem.MobileTelephoneNumber = attribute.Values[0]
+			case "registeredAddress":
+				ldapUserItem.RegisteredAddress = attribute.Values[0]
+			case "postalAddress":
+				ldapUserItem.PostalAddress = attribute.Values[0]
+			}
+		}
+		ldapUsers = append(ldapUsers, ldapUserItem)
+	}
+
+	return ldapUsers, nil
+}
+
+func AddLdap(ldap *Ldap) bool {
 	if len(ldap.Id) == 0 {
 		ldap.Id = util.GenerateId()
 	}
@@ -48,82 +298,200 @@ func AddLdap(ldap *Ldap) (bool, error) {
 
 	affected, err := adapter.Engine.Insert(ldap)
 	if err != nil {
-		return false, err
+		panic(err)
 	}
 
-	return affected != 0, nil
+	return affected != 0
 }
 
-func CheckLdapExist(ldap *Ldap) (bool, error) {
+func CheckLdapExist(ldap *Ldap) bool {
 	var result []*Ldap
 	err := adapter.Engine.Find(&result, &Ldap{
-		Owner:    ldap.Owner,
-		Host:     ldap.Host,
-		Port:     ldap.Port,
-		Username: ldap.Username,
-		Password: ldap.Password,
-		BaseDn:   ldap.BaseDn,
+		Owner:  ldap.Owner,
+		Host:   ldap.Host,
+		Port:   ldap.Port,
+		Admin:  ldap.Admin,
+		Passwd: ldap.Passwd,
+		BaseDn: ldap.BaseDn,
 	})
 	if err != nil {
-		return false, err
+		panic(err)
 	}
 
 	if len(result) > 0 {
-		return true, nil
+		return true
 	}
 
-	return false, nil
+	return false
 }
 
-func GetLdaps(owner string) ([]*Ldap, error) {
+func GetLdaps(owner string) []*Ldap {
 	var ldaps []*Ldap
 	err := adapter.Engine.Desc("created_time").Find(&ldaps, &Ldap{Owner: owner})
 	if err != nil {
-		return ldaps, err
+		panic(err)
 	}
 
-	return ldaps, nil
+	return ldaps
 }
 
-func GetLdap(id string) (*Ldap, error) {
+func GetLdap(id string) *Ldap {
 	if util.IsStringsEmpty(id) {
-		return nil, nil
+		return nil
 	}
 
 	ldap := Ldap{Id: id}
 	existed, err := adapter.Engine.Get(&ldap)
 	if err != nil {
-		return &ldap, nil
+		panic(err)
 	}
 
 	if existed {
-		return &ldap, nil
+		return &ldap
 	} else {
-		return nil, nil
+		return nil
 	}
 }
 
-func UpdateLdap(ldap *Ldap) (bool, error) {
-	if l, err := GetLdap(ldap.Id); err != nil {
-		return false, nil
-	} else if l == nil {
-		return false, nil
+func UpdateLdap(ldap *Ldap) bool {
+	if GetLdap(ldap.Id) == nil {
+		return false
 	}
 
 	affected, err := adapter.Engine.ID(ldap.Id).Cols("owner", "server_name", "host",
-		"port", "enable_ssl", "username", "password", "base_dn", "filter", "filter_fields", "auto_sync").Update(ldap)
+		"port", "enable_ssl", "admin", "passwd", "base_dn", "auto_sync").Update(ldap)
 	if err != nil {
-		return false, nil
+		panic(err)
 	}
 
-	return affected != 0, nil
+	return affected != 0
 }
 
-func DeleteLdap(ldap *Ldap) (bool, error) {
+func DeleteLdap(ldap *Ldap) bool {
 	affected, err := adapter.Engine.ID(ldap.Id).Delete(&Ldap{})
 	if err != nil {
-		return false, err
+		panic(err)
 	}
 
-	return affected != 0, nil
+	return affected != 0
+}
+
+func SyncLdapUsers(owner string, users []LdapRespUser, ldapId string) (*[]LdapRespUser, *[]LdapRespUser) {
+	var existUsers []LdapRespUser
+	var failedUsers []LdapRespUser
+	var uuids []string
+
+	for _, user := range users {
+		uuids = append(uuids, user.Uuid)
+	}
+
+	existUuids := CheckLdapUuidExist(owner, uuids)
+
+	organization := getOrganization("admin", owner)
+	ldap := GetLdap(ldapId)
+
+	var dc []string
+	for _, basedn := range strings.Split(ldap.BaseDn, ",") {
+		if strings.Contains(basedn, "dc=") {
+			dc = append(dc, basedn[3:])
+		}
+	}
+	affiliation := strings.Join(dc, ".")
+
+	var ou []string
+	for _, admin := range strings.Split(ldap.Admin, ",") {
+		if strings.Contains(admin, "ou=") {
+			ou = append(ou, admin[3:])
+		}
+	}
+	tag := strings.Join(ou, ".")
+
+	for _, user := range users {
+		found := false
+		if len(existUuids) > 0 {
+			for _, existUuid := range existUuids {
+				if user.Uuid == existUuid {
+					existUsers = append(existUsers, user)
+					found = true
+				}
+			}
+		}
+
+		if !found && !AddUser(&User{
+			Owner:       owner,
+			Name:        buildLdapUserName(user.Uid, user.UidNumber),
+			CreatedTime: util.GetCurrentTime(),
+			DisplayName: user.Cn,
+			Avatar:      organization.DefaultAvatar,
+			Email:       user.Email,
+			Phone:       user.Phone,
+			Address:     []string{user.Address},
+			Affiliation: affiliation,
+			Tag:         tag,
+			Score:       beego.AppConfig.DefaultInt("initScore", 2000),
+			Ldap:        user.Uuid,
+		}) {
+			failedUsers = append(failedUsers, user)
+			continue
+		}
+	}
+
+	return &existUsers, &failedUsers
+}
+
+func UpdateLdapSyncTime(ldapId string) {
+	_, err := adapter.Engine.ID(ldapId).Update(&Ldap{LastSync: util.GetCurrentTime()})
+	if err != nil {
+		panic(err)
+	}
+}
+
+func CheckLdapUuidExist(owner string, uuids []string) []string {
+	var results []User
+	var existUuids []string
+	existUuidSet := make(map[string]struct{})
+
+	//whereStr := ""
+	//for i, uuid := range uuids {
+	//	if i == 0 {
+	//		whereStr = fmt.Sprintf("'%s'", uuid)
+	//	} else {
+	//		whereStr = fmt.Sprintf(",'%s'", uuid)
+	//	}
+	//}
+
+	err := adapter.Engine.Where(fmt.Sprintf("ldap IN (%s) AND owner = ?", "'"+strings.Join(uuids, "','")+"'"), owner).Find(&results)
+	if err != nil {
+		panic(err)
+	}
+
+	if len(results) > 0 {
+		for _, result := range results {
+			existUuidSet[result.Ldap] = struct{}{}
+		}
+	}
+
+	for uuid := range existUuidSet {
+		existUuids = append(existUuids, uuid)
+	}
+	return existUuids
+}
+
+func buildLdapUserName(uid, uidNum string) string {
+	var result User
+	uidWithNumber := fmt.Sprintf("%s_%s", uid, uidNum)
+
+	has, err := adapter.Engine.Where("name = ? or name = ?", uid, uidWithNumber).Get(&result)
+	if err != nil {
+		panic(err)
+	}
+
+	if has {
+		if result.Name == uid {
+			return uidWithNumber
+		}
+		return fmt.Sprintf("%s_%s", uidWithNumber, randstr.Hex(6))
+	}
+
+	return uid
 }