feat: add "Sender number" input for Twilio SMS provider

feat: fix bug that themeEditor can not load saved theme data (#2085 )
feat: refactor code to add getStorageProvider()
2025-08-11 08:07:45 +08:00 · 2023-07-18 22:46:56 +08:00 · 2023-07-17 22:57:55 +08:00 · 2023-07-17 15:59:37 +08:00 · 2023-07-16 17:11:32 +08:00 · 2023-07-15 19:29:48 +08:00
122 changed files with 3165 additions and 1048 deletions
--- a/README.md
+++ b/README.md
@@ -37,8 +37,8 @@
  <a href="https://crowdin.com/project/casdoor-site">
    <img alt="Crowdin" src="https://badges.crowdin.net/casdoor-site/localized.svg">
  </a>
-  <a href="https://gitter.im/casbin/casdoor">
-    <img alt="Gitter" src="https://badges.gitter.im/casbin/casdoor.svg">
+  <a href="https://discord.gg/5rPsrAzK7S">
+    <img alt="Discord" src="https://img.shields.io/discord/1022748306096537660?style=flat-square&logo=discord&label=discord&color=5865F2">
  </a>
 </p>

@@ -71,7 +71,7 @@ https://casdoor.org/docs/category/integrations

 ## How to contact?

- Gitter: https://gitter.im/casbin/casdoor
+- Discord: https://discord.gg/5rPsrAzK7S
 - Forum: https://forum.casbin.com
 - Contact: https://tawk.to/chat/623352fea34c2456412b8c51/1fuc7od6e

--- a/ai/ai.go
+++ b/ai/ai.go
@@ -129,7 +129,7 @@ func QueryAnswerStream(authToken string, question string, writer io.Writer, buil
 		fmt.Printf("%s", data)

 		// Write the streamed data as Server-Sent Events
-		if _, err = fmt.Fprintf(writer, "data: %s\n\n", data); err != nil {
+		if _, err = fmt.Fprintf(writer, "event: message\ndata: %s\n\n", data); err != nil {
 			return err
 		}
 		flusher.Flush()
--- a/controllers/account.go
+++ b/controllers/account.go
@@ -368,9 +368,11 @@ func (c *ApiController) GetAccount() {
 		return
 	}

-	user.Permissions = object.GetMaskedPermissions(user.Permissions)
-	user.Roles = object.GetMaskedRoles(user.Roles)
-	user.MultiFactorAuths = object.GetAllMfaProps(user, true)
+	if user != nil {
+		user.Permissions = object.GetMaskedPermissions(user.Permissions)
+		user.Roles = object.GetMaskedRoles(user.Roles)
+		user.MultiFactorAuths = object.GetAllMfaProps(user, true)
+	}

 	organization, err := object.GetMaskedOrganization(object.GetOrganizationByUser(user))
 	if err != nil {
--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -69,10 +69,13 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		return
 	}

-	if form.Password != "" && user.IsMfaEnabled() {
-		c.setMfaSessionData(&object.MfaSessionData{UserId: userId})
-		resp = &Response{Status: object.NextMfa, Data: user.GetPreferredMfaProps(true)}
-		return
+	// check user's tag
+	if !user.IsGlobalAdmin && !user.IsAdmin && len(application.Tags) > 0 {
+		// only users with the tag that is listed in the application tags can login
+		if !util.InSlice(application.Tags, user.Tag) {
+			c.ResponseError(fmt.Sprintf(c.T("auth:User's tag: %s is not listed in the application's tags"), user.Tag))
+			return
+		}
 	}

 	if form.Type == ResponseTypeLogin {
@@ -120,6 +123,11 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 			return
 		}
 		resp = &Response{Status: "ok", Msg: "", Data: res, Data2: map[string]string{"redirectUrl": redirectUrl, "method": method}}
+
+		if application.EnableSigninSession || application.HasPromptPage() {
+			// The prompt page needs the user to be signed in
+			c.SetSessionUsername(userId)
+		}
 	} else if form.Type == ResponseTypeCas {
 		// not oauth but CAS SSO protocol
 		service := c.Input().Get("service")
@@ -132,11 +140,11 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 				resp.Data = st
 			}
 		}
+
 		if application.EnableSigninSession || application.HasPromptPage() {
 			// The prompt page needs the user to be signed in
 			c.SetSessionUsername(userId)
 		}
-
 	} else {
 		resp = wrapErrorResponse(fmt.Errorf("unknown response type: %s", form.Type))
 	}
@@ -238,7 +246,7 @@ func isProxyProviderType(providerType string) bool {
 // @Param code_challenge_method   query    string  false code_challenge_method
 // @Param code_challenge          query    string  false code_challenge
 // @Param   form   body   controllers.AuthForm  true        "Login information"
-// @Success 200 {object} Response The Response object
+// @Success 200 {object} controllers.Response The Response object
 // @router /login [post]
 func (c *ApiController) Login() {
 	resp := &Response{}
@@ -344,17 +352,26 @@ func (c *ApiController) Login() {
 				return
 			}

-			resp = c.HandleLoggedIn(application, user, &authForm)
-
 			organization, err := object.GetOrganizationByUser(user)
 			if err != nil {
 				c.ResponseError(err.Error())
 			}

-			if user != nil && organization.HasRequiredMfa() && !user.IsMfaEnabled() {
-				resp.Msg = object.RequiredMfa
+			if object.IsNeedPromptMfa(organization, user) {
+				// The prompt page needs the user to be signed in
+				c.SetSessionUsername(user.GetId())
+				c.ResponseOk(object.RequiredMfa)
+				return
 			}

+			if user.IsMfaEnabled() {
+				c.setMfaUserSession(user.GetId())
+				c.ResponseOk(object.NextMfa, user.GetPreferredMfaProps(true))
+				return
+			}
+
+			resp = c.HandleLoggedIn(application, user, &authForm)
+
 			record := object.NewRecord(c.Ctx)
 			record.Organization = application.Organization
 			record.User = user.Name
@@ -407,15 +424,8 @@ func (c *ApiController) Login() {
 			}
 		} else if provider.Category == "OAuth" {
 			// OAuth
-
-			clientId := provider.ClientId
-			clientSecret := provider.ClientSecret
-			if provider.Type == "WeChat" && strings.Contains(c.Ctx.Request.UserAgent(), "MicroMessenger") {
-				clientId = provider.ClientId2
-				clientSecret = provider.ClientSecret2
-			}
-
-			idProvider := idp.GetIdProvider(provider.Type, provider.SubType, clientId, clientSecret, provider.AppId, authForm.RedirectUri, provider.Domain, provider.CustomAuthUrl, provider.CustomTokenUrl, provider.CustomUserInfoUrl)
+			idpInfo := object.FromProviderToIdpInfo(c.Ctx, provider)
+			idProvider := idp.GetIdProvider(idpInfo, authForm.RedirectUri)
 			if idProvider == nil {
 				c.ResponseError(fmt.Sprintf(c.T("storage:The provider type: %s is not supported"), provider.Type))
 				return
@@ -647,13 +657,16 @@ func (c *ApiController) Login() {
 				resp = &Response{Status: "error", Msg: "Failed to link user account", Data: isLinked}
 			}
 		}
-	} else if c.getMfaSessionData() != nil {
-		mfaSession := c.getMfaSessionData()
-		user, err := object.GetUser(mfaSession.UserId)
+	} else if c.getMfaUserSession() != "" {
+		user, err := object.GetUser(c.getMfaUserSession())
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
+		if user == nil {
+			c.ResponseError("expired user session")
+			return
+		}

 		if authForm.Passcode != "" {
 			mfaUtil := object.GetMfaUtil(authForm.MfaType, user.GetPreferredMfaProps(false))
@@ -667,13 +680,15 @@ func (c *ApiController) Login() {
 				c.ResponseError(err.Error())
 				return
 			}
-		}
-		if authForm.RecoveryCode != "" {
+		} else if authForm.RecoveryCode != "" {
 			err = object.MfaRecover(user, authForm.RecoveryCode)
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
 			}
+		} else {
+			c.ResponseError("missing passcode or recovery code")
+			return
 		}

 		application, err := object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
@@ -688,6 +703,7 @@ func (c *ApiController) Login() {
 		}

 		resp = c.HandleLoggedIn(application, user, &authForm)
+		c.setMfaUserSession("")

 		record := object.NewRecord(c.Ctx)
 		record.Organization = application.Organization
--- a/controllers/base.go
+++ b/controllers/base.go
@@ -178,24 +178,16 @@ func (c *ApiController) SetSessionData(s *SessionData) {
 	c.SetSession("SessionData", util.StructToJson(s))
 }

-func (c *ApiController) setMfaSessionData(data *object.MfaSessionData) {
-	if data == nil {
-		c.SetSession(object.MfaSessionUserId, nil)
-		return
-	}
-	c.SetSession(object.MfaSessionUserId, data.UserId)
+func (c *ApiController) setMfaUserSession(userId string) {
+	c.SetSession(object.MfaSessionUserId, userId)
 }

-func (c *ApiController) getMfaSessionData() *object.MfaSessionData {
-	userId := c.GetSession(object.MfaSessionUserId)
+func (c *ApiController) getMfaUserSession() string {
+	userId := c.Ctx.Input.CruSession.Get(object.MfaSessionUserId)
 	if userId == nil {
-		return nil
+		return ""
 	}
-
-	data := &object.MfaSessionData{
-		UserId: userId.(string),
-	}
-	return data
+	return userId.(string)
 }

 func (c *ApiController) setExpireForSession() {
--- a/controllers/ldap.go
+++ b/controllers/ldap.go
@@ -100,7 +100,7 @@ func (c *ApiController) GetLdapUsers() {
 func (c *ApiController) GetLdaps() {
 	owner := c.Input().Get("owner")

-	c.ResponseOk(object.GetLdaps(owner))
+	c.ResponseOk(object.GetMaskedLdaps(object.GetLdaps(owner)))
 }

 // GetLdap
@@ -116,7 +116,7 @@ func (c *ApiController) GetLdap() {
 	}

 	_, name := util.GetOwnerAndNameFromId(id)
-	c.ResponseOk(object.GetLdap(name))
+	c.ResponseOk(object.GetMaskedLdap(object.GetLdap(name)))
 }

 // AddLdap
@@ -226,8 +226,9 @@ func (c *ApiController) DeleteLdap() {
 // @Title SyncLdapUsers
 // @router /sync-ldap-users [post]
 func (c *ApiController) SyncLdapUsers() {
-	owner := c.Input().Get("owner")
-	ldapId := c.Input().Get("ldapId")
+	id := c.Input().Get("id")
+
+	owner, ldapId := util.GetOwnerAndNameFromId(id)
 	var users []object.LdapUser
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &users)
 	if err != nil {
--- a/controllers/mfa.go
+++ b/controllers/mfa.go
@@ -28,7 +28,7 @@ import (
 // @param owner	form	string	true	"owner of user"
 // @param name	form	string	true	"name of user"
 // @param type	form	string	true	"MFA auth type"
-// @Success 200 {object}   The Response object
+// @Success 200 {object} controllers.Response The Response object
 // @router /mfa/setup/initiate [post]
 func (c *ApiController) MfaSetupInitiate() {
 	owner := c.Ctx.Request.Form.Get("owner")
--- a/controllers/organization.go
+++ b/controllers/organization.go
@@ -37,6 +37,7 @@ func (c *ApiController) GetOrganizations() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
+	organizationName := c.Input().Get("organizationName")

 	isGlobalAdmin := c.IsGlobalAdmin()
 	if limit == "" || page == "" {
@@ -73,7 +74,7 @@ func (c *ApiController) GetOrganizations() {
 			}

 			paginator := pagination.SetPaginator(c.Ctx, limit, count)
-			organizations, err := object.GetMaskedOrganizations(object.GetPaginationOrganizations(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
+			organizations, err := object.GetMaskedOrganizations(object.GetPaginationOrganizations(owner, organizationName, paginator.Offset(), limit, field, value, sortField, sortOrder))
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
--- a/controllers/pricing.go
+++ b/controllers/pricing.go
@@ -71,7 +71,7 @@ func (c *ApiController) GetPricings() {
 // @Tag Pricing API
 // @Description get pricing
 // @Param   id     query    string  true        "The id ( owner/name ) of the pricing"
-// @Success 200 {object} object.pricing The Response object
+// @Success 200 {object} object.Pricing The Response object
 // @router /get-pricing [get]
 func (c *ApiController) GetPricing() {
 	id := c.Input().Get("id")
--- a/controllers/record.go
+++ b/controllers/record.go
@@ -42,6 +42,7 @@ func (c *ApiController) GetRecords() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
+	organizationName := c.Input().Get("organizationName")

 	if limit == "" || page == "" {
 		records, err := object.GetRecords()
@@ -54,6 +55,9 @@ func (c *ApiController) GetRecords() {
 		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
+		if c.IsGlobalAdmin() && organizationName != "" {
+			organization = organizationName
+		}
 		filterRecord := &object.Record{Organization: organization}
 		count, err := object.GetRecordCount(field, value, filterRecord)
 		if err != nil {
--- a/controllers/resource.go
+++ b/controllers/resource.go
@@ -29,9 +29,19 @@ import (
 )

 // GetResources
-// @router /get-resources [get]
 // @Tag Resource API
 // @Title GetResources
+// @Description get resources
+// @Param		owner 		query 		string 				true 				"Owner"
+// @Param		user 		query 		string 				true 				"User"
+// @Param 		pageSize 	query 		integer 			false 				"Page Size"
+// @Param 		p 			query 		integer 				false 				"Page Number"
+// @Param 		field 		query 		string 				false 				"Field"
+// @Param 		value 		query 		string 				false 				"Value"
+// @Param 		sortField 	query 		string 				false 				"Sort Field"
+// @Param 		sortOrder 	query 		string 				false 				"Sort Order"
+// @Success		200 		{array} 	object.Resource 	The Response object
+// @router /get-resources [get]
 func (c *ApiController) GetResources() {
 	owner := c.Input().Get("owner")
 	user := c.Input().Get("user")
@@ -81,6 +91,9 @@ func (c *ApiController) GetResources() {
 // GetResource
 // @Tag Resource API
 // @Title GetResource
+// @Description get resource
+// @Param   	id			query   	string     			true        		"The id ( owner/name ) of resource"
+// @Success 	200			{object}	object.Resource		The Response object
 // @router /get-resource [get]
 func (c *ApiController) GetResource() {
 	id := c.Input().Get("id")
@@ -98,6 +111,10 @@ func (c *ApiController) GetResource() {
 // UpdateResource
 // @Tag Resource API
 // @Title UpdateResource
+// @Description get resource
+// @Param   	id     		query   	string  			true				"The id ( owner/name ) of resource"
+// @Param		resource	body		object.Resource		true				"The resource object"
+// @Success 	200			{object}	controllers.Response					Success or error
 // @router /update-resource [post]
 func (c *ApiController) UpdateResource() {
 	id := c.Input().Get("id")
@@ -116,6 +133,8 @@ func (c *ApiController) UpdateResource() {
 // AddResource
 // @Tag Resource API
 // @Title AddResource
+// @Param     	resource    body    	object.Resource  	true      			"Resource object"
+// @Success 	200			{object}	controllers.Response					Success or error
 // @router /add-resource [post]
 func (c *ApiController) AddResource() {
 	var resource object.Resource
@@ -132,6 +151,8 @@ func (c *ApiController) AddResource() {
 // DeleteResource
 // @Tag Resource API
 // @Title DeleteResource
+// @Param     	resource    body    	object.Resource  	true      			"Resource object"
+// @Success 	200			{object}	controllers.Response					Success or error
 // @router /delete-resource [post]
 func (c *ApiController) DeleteResource() {
 	var resource object.Resource
@@ -160,6 +181,16 @@ func (c *ApiController) DeleteResource() {
 // UploadResource
 // @Tag Resource API
 // @Title UploadResource
+// @Param     owner           query   	string    			true      			"Owner"
+// @Param     user            query   	string    			true      			"User"
+// @Param     application     query   	string    			true     			"Application"
+// @Param     tag             query   	string    			false     			"Tag"
+// @Param     parent          query   	string    			false     			"Parent"
+// @Param     fullFilePath    query   	string    			true     			"Full File Path"
+// @Param     createdTime     query   	string    			false     			"Created Time"
+// @Param     description     query   	string    			false     			"Description"
+// @Param     file            formData 	file      			true      			"Resource file"
+// @Success   200             {object}  object.Resource  	FileUrl, objectKey
 // @router /upload-resource [post]
 func (c *ApiController) UploadResource() {
 	owner := c.Input().Get("owner")
@@ -198,16 +229,16 @@ func (c *ApiController) UploadResource() {

 	fileType := "unknown"
 	contentType := header.Header.Get("Content-Type")
-	fileType, _ = util.GetOwnerAndNameFromId(contentType)
+	fileType, _ = util.GetOwnerAndNameFromIdNoCheck(contentType + "/")

 	if fileType != "image" && fileType != "video" {
 		ext := filepath.Ext(filename)
 		mimeType := mime.TypeByExtension(ext)
-		fileType, _ = util.GetOwnerAndNameFromId(mimeType)
+		fileType, _ = util.GetOwnerAndNameFromIdNoCheck(mimeType + "/")
 	}

 	fullFilePath = object.GetTruncatedPath(provider, fullFilePath, 175)
-	if tag != "avatar" && tag != "termsOfUse" {
+	if tag != "avatar" && tag != "termsOfUse" && !strings.HasPrefix(tag, "idCard") {
 		ext := filepath.Ext(filepath.Base(fullFilePath))
 		index := len(fullFilePath) - len(ext)
 		for i := 1; ; i++ {
@@ -294,7 +325,7 @@ func (c *ApiController) UploadResource() {
 			return
 		}

-		_, applicationId := util.GetOwnerAndNameFromIdNoCheck(strings.TrimRight(fullFilePath, ".html"))
+		_, applicationId := util.GetOwnerAndNameFromIdNoCheck(strings.TrimSuffix(fullFilePath, ".html"))
 		applicationObj, err := object.GetApplication(applicationId)
 		if err != nil {
 			c.ResponseError(err.Error())
@@ -307,6 +338,25 @@ func (c *ApiController) UploadResource() {
 			c.ResponseError(err.Error())
 			return
 		}
+	case "idCardFront", "idCardBack", "idCardWithPerson":
+		user, err := object.GetUserNoCheck(util.GetId(owner, username))
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+
+		if user == nil {
+			c.ResponseError(c.T("resource:User is nil for tag: avatar"))
+			return
+		}
+
+		user.Properties[tag] = fileUrl
+		user.Properties["isIdCardVerified"] = "false"
+		_, err = object.UpdateUser(user.GetId(), user, []string{"properties"}, false)
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
 	}

 	c.ResponseOk(fileUrl, objectKey)
--- a/controllers/subscription.go
+++ b/controllers/subscription.go
@@ -71,7 +71,7 @@ func (c *ApiController) GetSubscriptions() {
 // @Tag Subscription API
 // @Description get subscription
 // @Param   id     query    string  true        "The id ( owner/name ) of the subscription"
-// @Success 200 {object} object.subscription The Response object
+// @Success 200 {object} object.Subscription The Response object
 // @router /get-subscription [get]
 func (c *ApiController) GetSubscription() {
 	id := c.Input().Get("id")
--- a/controllers/token.go
+++ b/controllers/token.go
@@ -325,7 +325,7 @@ func (c *ApiController) IntrospectToken() {
 		Sub:       jwtToken.Subject,
 		Aud:       jwtToken.Audience,
 		Iss:       jwtToken.Issuer,
-		Jti:       jwtToken.Id,
+		Jti:       jwtToken.ID,
 	}
 	c.ServeJSON()
 }
--- a/controllers/user.go
+++ b/controllers/user.go
@@ -198,7 +198,10 @@ func (c *ApiController) GetUser() {
 		return
 	}

-	user.MultiFactorAuths = object.GetAllMfaProps(user, true)
+	if user != nil {
+		user.MultiFactorAuths = object.GetAllMfaProps(user, true)
+	}
+
 	err = object.ExtendUserWithRolesAndPermissions(user)
 	if err != nil {
 		c.ResponseError(err.Error())
--- a/controllers/verification.go
+++ b/controllers/verification.go
@@ -93,10 +93,9 @@ func (c *ApiController) SendVerificationCode() {
 		}
 	}

-	// mfaSessionData != nil, means method is MfaAuthVerification
-	if mfaSessionData := c.getMfaSessionData(); mfaSessionData != nil {
-		user, err = object.GetUser(mfaSessionData.UserId)
-		c.setMfaSessionData(nil)
+	// mfaUserSession != "", means method is MfaAuthVerification
+	if mfaUserSession := c.getMfaUserSession(); mfaUserSession != "" {
+		user, err = object.GetUser(mfaUserSession)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
@@ -134,6 +133,8 @@ func (c *ApiController) SendVerificationCode() {
 			if user != nil && util.GetMaskedEmail(mfaProps.Secret) == vform.Dest {
 				vform.Dest = mfaProps.Secret
 			}
+		} else if vform.Method == MfaSetupVerification {
+			c.SetSession(object.MfaDestSession, vform.Dest)
 		}

 		provider, err := application.GetEmailProvider()
@@ -164,6 +165,11 @@ func (c *ApiController) SendVerificationCode() {
 					vform.CountryCode = user.GetCountryCode(vform.CountryCode)
 				}
 			}
+
+			if vform.Method == MfaSetupVerification {
+				c.SetSession(object.MfaCountryCodeSession, vform.CountryCode)
+				c.SetSession(object.MfaDestSession, vform.Dest)
+			}
 		} else if vform.Method == MfaAuthVerification {
 			mfaProps := user.GetPreferredMfaProps(false)
 			if user != nil && util.GetMaskedPhone(mfaProps.Secret) == vform.Dest {
@@ -187,11 +193,6 @@ func (c *ApiController) SendVerificationCode() {
 		}
 	}

-	if vform.Method == MfaSetupVerification {
-		c.SetSession(object.MfaSmsCountryCodeSession, vform.CountryCode)
-		c.SetSession(object.MfaSmsDestSession, vform.Dest)
-	}
-
 	if sendResp != nil {
 		c.ResponseError(sendResp.Error())
 	} else {
--- a/controllers/webauthn.go
+++ b/controllers/webauthn.go
@@ -66,7 +66,7 @@ func (c *ApiController) WebAuthnSignupBegin() {
 // @Tag User API
 // @Description WebAuthn Registration Flow 2nd stage
 // @Param   body    body   protocol.CredentialCreationResponse  true        "authenticator attestation Response"
-// @Success 200 {object} Response "The Response object"
+// @Success 200 {object} controllers.Response "The Response object"
 // @router /webauthn/signup/finish [post]
 func (c *ApiController) WebAuthnSignupFinish() {
 	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
@@ -150,7 +150,7 @@ func (c *ApiController) WebAuthnSigninBegin() {
 // @Tag Login API
 // @Description WebAuthn Login Flow 2nd stage
 // @Param   body    body   protocol.CredentialAssertionResponse  true        "authenticator assertion Response"
-// @Success 200 {object} Response "The Response object"
+// @Success 200 {object} controllers.Response "The Response object"
 // @router /webauthn/signin/finish [post]
 func (c *ApiController) WebAuthnSigninFinish() {
 	responseType := c.Input().Get("responseType")
--- a/deployment/deploy_test.go
+++ b/deployment/deploy_test.go
@@ -25,6 +25,12 @@ import (
 )

 func TestDeployStaticFiles(t *testing.T) {
-	provider := object.GetProvider(util.GetId("admin", "provider_storage_aliyun_oss"))
+	object.InitConfig()
+
+	provider, err := object.GetProvider(util.GetId("admin", "provider_storage_aliyun_oss"))
+	if err != nil {
+		panic(err)
+	}
+
 	deployStaticFiles(provider)
 }
--- a/go.mod
+++ b/go.mod
@@ -39,6 +39,7 @@ require (
 	github.com/lib/pq v1.10.2
 	github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3
 	github.com/markbates/goth v1.75.2
+	github.com/mitchellh/mapstructure v1.5.0
 	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d // indirect
 	github.com/nyaruka/phonenumbers v1.1.5
 	github.com/pkoukk/tiktoken-go v0.1.1
@@ -49,7 +50,7 @@ require (
 	github.com/robfig/cron/v3 v3.0.1
 	github.com/russellhaering/gosaml2 v0.9.0
 	github.com/russellhaering/goxmldsig v1.2.0
-	github.com/sashabaranov/go-openai v1.9.1
+	github.com/sashabaranov/go-openai v1.12.0
 	github.com/satori/go.uuid v1.2.0
 	github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 // indirect
 	github.com/shirou/gopsutil v3.21.11+incompatible
--- a/go.sum
+++ b/go.sum
@@ -548,6 +548,8 @@ github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/sashabaranov/go-openai v1.9.1 h1:3N52HkJKo9Zlo/oe1AVv5ZkCOny0ra58/ACvAxkN3MM=
 github.com/sashabaranov/go-openai v1.9.1/go.mod h1:lj5b/K+zjTSFxVLijLSTDZuP7adOgerWeFyZLUhAKRg=
+github.com/sashabaranov/go-openai v1.12.0 h1:aRNHH0gtVfrpIaEolD0sWrLLRnYQNK4cH/bIAHwL8Rk=
+github.com/sashabaranov/go-openai v1.12.0/go.mod h1:lj5b/K+zjTSFxVLijLSTDZuP7adOgerWeFyZLUhAKRg=
 github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
 github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
--- a/i18n/locales/de/data.json
+++ b/i18n/locales/de/data.json
@@ -18,7 +18,8 @@
    "The login method: login with password is not enabled for the application": "Die Anmeldeart \"Anmeldung mit Passwort\" ist für die Anwendung nicht aktiviert",
    "The provider: %s is not enabled for the application": "Der Anbieter: %s ist nicht für die Anwendung aktiviert",
    "Unauthorized operation": "Nicht autorisierte Operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unbekannter Authentifizierungstyp (nicht Passwort oder Anbieter), Formular = %s"
+    "Unknown authentication type (not password or provider), form = %s": "Unbekannter Authentifizierungstyp (nicht Passwort oder Anbieter), Formular = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
  },
  "cas": {
    "Service %s and %s do not match": "Service %s und %s stimmen nicht überein"
--- a/i18n/locales/en/data.json
+++ b/i18n/locales/en/data.json
@@ -18,7 +18,8 @@
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
  },
  "cas": {
    "Service %s and %s do not match": "Service %s and %s do not match"
--- a/i18n/locales/es/data.json
+++ b/i18n/locales/es/data.json
@@ -18,7 +18,8 @@
    "The login method: login with password is not enabled for the application": "El método de inicio de sesión: inicio de sesión con contraseña no está habilitado para la aplicación",
    "The provider: %s is not enabled for the application": "El proveedor: %s no está habilitado para la aplicación",
    "Unauthorized operation": "Operación no autorizada",
-    "Unknown authentication type (not password or provider), form = %s": "Tipo de autenticación desconocido (no es contraseña o proveedor), formulario = %s"
+    "Unknown authentication type (not password or provider), form = %s": "Tipo de autenticación desconocido (no es contraseña o proveedor), formulario = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
  },
  "cas": {
    "Service %s and %s do not match": "Los servicios %s y %s no coinciden"
--- a/i18n/locales/fr/data.json
+++ b/i18n/locales/fr/data.json
@@ -18,7 +18,8 @@
    "The login method: login with password is not enabled for the application": "La méthode de connexion : connexion avec mot de passe n'est pas activée pour l'application",
    "The provider: %s is not enabled for the application": "Le fournisseur :%s n'est pas activé pour l'application",
    "Unauthorized operation": "Opération non autorisée",
-    "Unknown authentication type (not password or provider), form = %s": "Type d'authentification inconnu (pas de mot de passe ou de fournisseur), formulaire = %s"
+    "Unknown authentication type (not password or provider), form = %s": "Type d'authentification inconnu (pas de mot de passe ou de fournisseur), formulaire = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
  },
  "cas": {
    "Service %s and %s do not match": "Les services %s et %s ne correspondent pas"
--- a/i18n/locales/id/data.json
+++ b/i18n/locales/id/data.json
@@ -18,7 +18,8 @@
    "The login method: login with password is not enabled for the application": "Metode login: login dengan kata sandi tidak diaktifkan untuk aplikasi tersebut",
    "The provider: %s is not enabled for the application": "Penyedia: %s tidak diaktifkan untuk aplikasi ini",
    "Unauthorized operation": "Operasi tidak sah",
-    "Unknown authentication type (not password or provider), form = %s": "Jenis otentikasi tidak diketahui (bukan kata sandi atau pemberi), formulir = %s"
+    "Unknown authentication type (not password or provider), form = %s": "Jenis otentikasi tidak diketahui (bukan kata sandi atau pemberi), formulir = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
  },
  "cas": {
    "Service %s and %s do not match": "Layanan %s dan %s tidak cocok"
--- a/i18n/locales/ja/data.json
+++ b/i18n/locales/ja/data.json
@@ -18,7 +18,8 @@
    "The login method: login with password is not enabled for the application": "ログイン方法：パスワードでのログインはアプリケーションで有効になっていません",
    "The provider: %s is not enabled for the application": "プロバイダー：%sはアプリケーションでは有効化されていません",
    "Unauthorized operation": "不正操作",
-    "Unknown authentication type (not password or provider), form = %s": "不明な認証タイプ（パスワードまたはプロバイダーではない）フォーム=%s"
+    "Unknown authentication type (not password or provider), form = %s": "不明な認証タイプ（パスワードまたはプロバイダーではない）フォーム=%s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
  },
  "cas": {
    "Service %s and %s do not match": "サービス%sと%sは一致しません"
--- a/i18n/locales/ko/data.json
+++ b/i18n/locales/ko/data.json
@@ -18,7 +18,8 @@
    "The login method: login with password is not enabled for the application": "어플리케이션에서는 암호를 사용한 로그인 방법이 활성화되어 있지 않습니다",
    "The provider: %s is not enabled for the application": "제공자 %s은(는) 응용 프로그램에서 활성화되어 있지 않습니다",
    "Unauthorized operation": "무단 조작",
-    "Unknown authentication type (not password or provider), form = %s": "알 수 없는 인증 유형(암호 또는 공급자가 아님), 폼 = %s"
+    "Unknown authentication type (not password or provider), form = %s": "알 수 없는 인증 유형(암호 또는 공급자가 아님), 폼 = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
  },
  "cas": {
    "Service %s and %s do not match": "서비스 %s와 %s는 일치하지 않습니다"
--- a/i18n/locales/pt/data.json
+++ b/i18n/locales/pt/data.json
@@ -18,7 +18,8 @@
    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
  },
  "cas": {
    "Service %s and %s do not match": "Service %s and %s do not match"
--- a/i18n/locales/ru/data.json
+++ b/i18n/locales/ru/data.json
@@ -18,7 +18,8 @@
    "The login method: login with password is not enabled for the application": "Метод входа: вход с паролем не включен для приложения",
    "The provider: %s is not enabled for the application": "Провайдер: %s не включен для приложения",
    "Unauthorized operation": "Несанкционированная операция",
-    "Unknown authentication type (not password or provider), form = %s": "Неизвестный тип аутентификации (не пароль и не провайдер), форма = %s"
+    "Unknown authentication type (not password or provider), form = %s": "Неизвестный тип аутентификации (не пароль и не провайдер), форма = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
  },
  "cas": {
    "Service %s and %s do not match": "Сервисы %s и %s не совпадают"
--- a/i18n/locales/vi/data.json
+++ b/i18n/locales/vi/data.json
@@ -18,7 +18,8 @@
    "The login method: login with password is not enabled for the application": "Phương thức đăng nhập: đăng nhập bằng mật khẩu không được kích hoạt cho ứng dụng",
    "The provider: %s is not enabled for the application": "Nhà cung cấp: %s không được kích hoạt cho ứng dụng",
    "Unauthorized operation": "Hoạt động không được ủy quyền",
-    "Unknown authentication type (not password or provider), form = %s": "Loại xác thực không xác định (không phải mật khẩu hoặc nhà cung cấp), biểu mẫu = %s"
+    "Unknown authentication type (not password or provider), form = %s": "Loại xác thực không xác định (không phải mật khẩu hoặc nhà cung cấp), biểu mẫu = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
  },
  "cas": {
    "Service %s and %s do not match": "Dịch sang tiếng Việt: Dịch vụ %s và %s không khớp"
--- a/i18n/locales/zh/data.json
+++ b/i18n/locales/zh/data.json
@@ -18,7 +18,8 @@
    "The login method: login with password is not enabled for the application": "该应用禁止采用密码登录方式",
    "The provider: %s is not enabled for the application": "该应用的提供商: %s未被启用",
    "Unauthorized operation": "未授权的操作",
-    "Unknown authentication type (not password or provider), form = %s": "未知的认证类型（非密码或第三方提供商）：%s"
+    "Unknown authentication type (not password or provider), form = %s": "未知的认证类型（非密码或第三方提供商）：%s",
+    "User's tag: %s is not listed in the application's tags": "用户的标签: %s不在该应用的标签列表中"
  },
  "cas": {
    "Service %s and %s do not match": "服务%s与%s不匹配"
--- a/idp/custom.go
+++ b/idp/custom.go
@@ -20,32 +20,37 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	_ "net/url"
-	_ "time"

+	"github.com/casdoor/casdoor/util"
+	"github.com/mitchellh/mapstructure"
 	"golang.org/x/oauth2"
 )

 type CustomIdProvider struct {
-	Client      *http.Client
-	Config      *oauth2.Config
-	UserInfoUrl string
+	Client *http.Client
+	Config *oauth2.Config
+
+	UserInfoURL string
+	TokenURL    string
+	AuthURL     string
+	UserMapping map[string]string
+	Scopes      []string
 }

-func NewCustomIdProvider(clientId string, clientSecret string, redirectUrl string, authUrl string, tokenUrl string, userInfoUrl string) *CustomIdProvider {
+func NewCustomIdProvider(idpInfo *ProviderInfo, redirectUrl string) *CustomIdProvider {
 	idp := &CustomIdProvider{}
-	idp.UserInfoUrl = userInfoUrl

-	config := &oauth2.Config{
-		ClientID:     clientId,
-		ClientSecret: clientSecret,
+	idp.Config = &oauth2.Config{
+		ClientID:     idpInfo.ClientId,
+		ClientSecret: idpInfo.ClientSecret,
 		RedirectURL:  redirectUrl,
 		Endpoint: oauth2.Endpoint{
-			AuthURL:  authUrl,
-			TokenURL: tokenUrl,
+			AuthURL:  idpInfo.AuthURL,
+			TokenURL: idpInfo.TokenURL,
 		},
 	}
-	idp.Config = config
+	idp.UserInfoURL = idpInfo.UserInfoURL
+	idp.UserMapping = idpInfo.UserMapping

 	return idp
 }
@@ -60,22 +65,20 @@ func (idp *CustomIdProvider) GetToken(code string) (*oauth2.Token, error) {
 }

 type CustomUserInfo struct {
-	Id          string `json:"sub"`
-	Name        string `json:"preferred_username,omitempty"`
-	DisplayName string `json:"name"`
-	Email       string `json:"email"`
-	AvatarUrl   string `json:"picture"`
-	Status      string `json:"status"`
-	Msg         string `json:"msg"`
+	Id          string `mapstructure:"id"`
+	Username    string `mapstructure:"username"`
+	DisplayName string `mapstructure:"displayName"`
+	Email       string `mapstructure:"email"`
+	AvatarUrl   string `mapstructure:"avatarUrl"`
 }

 func (idp *CustomIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
-	ctUserinfo := &CustomUserInfo{}
 	accessToken := token.AccessToken
-	request, err := http.NewRequest("GET", idp.UserInfoUrl, nil)
+	request, err := http.NewRequest("GET", idp.UserInfoURL, nil)
 	if err != nil {
 		return nil, err
 	}
+
 	// add accessToken to request header
 	request.Header.Add("Authorization", fmt.Sprintf("Bearer %s", accessToken))
 	resp, err := idp.Client.Do(request)
@@ -89,21 +92,40 @@ func (idp *CustomIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error)
 		return nil, err
 	}

-	err = json.Unmarshal(data, ctUserinfo)
+	var dataMap map[string]interface{}
+	err = json.Unmarshal(data, &dataMap)
 	if err != nil {
 		return nil, err
 	}

-	if ctUserinfo.Status != "" {
-		return nil, fmt.Errorf("err: %s", ctUserinfo.Msg)
+	// map user info
+	for k, v := range idp.UserMapping {
+		_, ok := dataMap[v]
+		if !ok {
+			return nil, fmt.Errorf("cannot find %s in user from castom provider", v)
+		}
+		dataMap[k] = dataMap[v]
+	}
+
+	// try to parse id to string
+	id, err := util.ParseIdToString(dataMap["id"])
+	if err != nil {
+		return nil, err
+	}
+	dataMap["id"] = id
+
+	customUserinfo := &CustomUserInfo{}
+	err = mapstructure.Decode(dataMap, customUserinfo)
+	if err != nil {
+		return nil, err
 	}

 	userInfo := &UserInfo{
-		Id:          ctUserinfo.Id,
-		Username:    ctUserinfo.Name,
-		DisplayName: ctUserinfo.DisplayName,
-		Email:       ctUserinfo.Email,
-		AvatarUrl:   ctUserinfo.AvatarUrl,
+		Id:          customUserinfo.Id,
+		Username:    customUserinfo.Username,
+		DisplayName: customUserinfo.DisplayName,
+		Email:       customUserinfo.Email,
+		AvatarUrl:   customUserinfo.AvatarUrl,
 	}
 	return userInfo, nil
 }
--- a/idp/provider.go
+++ b/idp/provider.go
@@ -32,72 +32,89 @@ type UserInfo struct {
 	AvatarUrl   string
 }

+type ProviderInfo struct {
+	Type         string
+	SubType      string
+	ClientId     string
+	ClientSecret string
+	AppId        string
+	HostUrl      string
+	RedirectUrl  string
+
+	TokenURL    string
+	AuthURL     string
+	UserInfoURL string
+	UserMapping map[string]string
+}
+
 type IdProvider interface {
 	SetHttpClient(client *http.Client)
 	GetToken(code string) (*oauth2.Token, error)
 	GetUserInfo(token *oauth2.Token) (*UserInfo, error)
 }

-func GetIdProvider(typ string, subType string, clientId string, clientSecret string, appId string, redirectUrl string, hostUrl string, authUrl string, tokenUrl string, userInfoUrl string) IdProvider {
-	if typ == "GitHub" {
-		return NewGithubIdProvider(clientId, clientSecret, redirectUrl)
-	} else if typ == "Google" {
-		return NewGoogleIdProvider(clientId, clientSecret, redirectUrl)
-	} else if typ == "QQ" {
-		return NewQqIdProvider(clientId, clientSecret, redirectUrl)
-	} else if typ == "WeChat" {
-		return NewWeChatIdProvider(clientId, clientSecret, redirectUrl)
-	} else if typ == "Facebook" {
-		return NewFacebookIdProvider(clientId, clientSecret, redirectUrl)
-	} else if typ == "DingTalk" {
-		return NewDingTalkIdProvider(clientId, clientSecret, redirectUrl)
-	} else if typ == "Weibo" {
-		return NewWeiBoIdProvider(clientId, clientSecret, redirectUrl)
-	} else if typ == "Gitee" {
-		return NewGiteeIdProvider(clientId, clientSecret, redirectUrl)
-	} else if typ == "LinkedIn" {
-		return NewLinkedInIdProvider(clientId, clientSecret, redirectUrl)
-	} else if typ == "WeCom" {
-		if subType == "Internal" {
-			return NewWeComInternalIdProvider(clientId, clientSecret, redirectUrl)
-		} else if subType == "Third-party" {
-			return NewWeComIdProvider(clientId, clientSecret, redirectUrl)
+func GetIdProvider(idpInfo *ProviderInfo, redirectUrl string) IdProvider {
+	switch idpInfo.Type {
+	case "GitHub":
+		return NewGithubIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl)
+	case "Google":
+		return NewGoogleIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl)
+	case "QQ":
+		return NewQqIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl)
+	case "WeChat":
+		return NewWeChatIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl)
+	case "Facebook":
+		return NewFacebookIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl)
+	case "DingTalk":
+		return NewDingTalkIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl)
+	case "Weibo":
+		return NewWeiBoIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl)
+	case "Gitee":
+		return NewGiteeIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl)
+	case "LinkedIn":
+		return NewLinkedInIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl)
+	case "WeCom":
+		if idpInfo.SubType == "Internal" {
+			return NewWeComInternalIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl)
+		} else if idpInfo.SubType == "Third-party" {
+			return NewWeComIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl)
 		} else {
 			return nil
 		}
-	} else if typ == "Lark" {
-		return NewLarkIdProvider(clientId, clientSecret, redirectUrl)
-	} else if typ == "GitLab" {
-		return NewGitlabIdProvider(clientId, clientSecret, redirectUrl)
-	} else if typ == "Adfs" {
-		return NewAdfsIdProvider(clientId, clientSecret, redirectUrl, hostUrl)
-	} else if typ == "Baidu" {
-		return NewBaiduIdProvider(clientId, clientSecret, redirectUrl)
-	} else if typ == "Alipay" {
-		return NewAlipayIdProvider(clientId, clientSecret, redirectUrl)
-	} else if typ == "Custom" {
-		return NewCustomIdProvider(clientId, clientSecret, redirectUrl, authUrl, tokenUrl, userInfoUrl)
-	} else if typ == "Infoflow" {
-		if subType == "Internal" {
-			return NewInfoflowInternalIdProvider(clientId, clientSecret, appId, redirectUrl)
-		} else if subType == "Third-party" {
-			return NewInfoflowIdProvider(clientId, clientSecret, appId, redirectUrl)
+	case "Lark":
+		return NewLarkIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl)
+	case "GitLab":
+		return NewGitlabIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl)
+	case "Adfs":
+		return NewAdfsIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl, idpInfo.HostUrl)
+	case "Baidu":
+		return NewBaiduIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl)
+	case "Alipay":
+		return NewAlipayIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl)
+	case "Custom":
+		return NewCustomIdProvider(idpInfo, redirectUrl)
+	case "Infoflow":
+		if idpInfo.SubType == "Internal" {
+			return NewInfoflowInternalIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, idpInfo.AppId, redirectUrl)
+		} else if idpInfo.SubType == "Third-party" {
+			return NewInfoflowIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, idpInfo.AppId, redirectUrl)
 		} else {
 			return nil
 		}
-	} else if typ == "Casdoor" {
-		return NewCasdoorIdProvider(clientId, clientSecret, redirectUrl, hostUrl)
-	} else if typ == "Okta" {
-		return NewOktaIdProvider(clientId, clientSecret, redirectUrl, hostUrl)
-	} else if typ == "Douyin" {
-		return NewDouyinIdProvider(clientId, clientSecret, redirectUrl)
-	} else if isGothSupport(typ) {
-		return NewGothIdProvider(typ, clientId, clientSecret, redirectUrl, hostUrl)
-	} else if typ == "Bilibili" {
-		return NewBilibiliIdProvider(clientId, clientSecret, redirectUrl)
+	case "Casdoor":
+		return NewCasdoorIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl, idpInfo.HostUrl)
+	case "Okta":
+		return NewOktaIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl, idpInfo.HostUrl)
+	case "Douyin":
+		return NewDouyinIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl)
+	case "Bilibili":
+		return NewBilibiliIdProvider(idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl)
+	default:
+		if isGothSupport(idpInfo.Type) {
+			return NewGothIdProvider(idpInfo.Type, idpInfo.ClientId, idpInfo.ClientSecret, redirectUrl, idpInfo.HostUrl)
+		}
+		return nil
 	}
-
-	return nil
 }

 var gothList = []string{
--- a/object/application.go
+++ b/object/application.go
@@ -57,6 +57,7 @@ type Application struct {
 	SignupItems         []*SignupItem   `xorm:"varchar(1000)" json:"signupItems"`
 	GrantTypes          []string        `xorm:"varchar(1000)" json:"grantTypes"`
 	OrganizationObj     *Organization   `xorm:"-" json:"organizationObj"`
+	Tags                []string        `xorm:"mediumtext" json:"tags"`

 	ClientId             string     `xorm:"varchar(100)" json:"clientId"`
 	ClientSecret         string     `xorm:"varchar(100)" json:"clientSecret"`
--- a/object/group.go
+++ b/object/group.go
@@ -225,7 +225,7 @@ func GetGroupUserCount(groupName string, field, value string) (int64, error) {
 func GetPaginationGroupUsers(groupName string, offset, limit int, field, value, sortField, sortOrder string) ([]*User, error) {
 	users := []*User{}
 	session := adapter.Engine.Table("user").
-		Where(builder.Like{"`groups`", groupName})
+		Where(builder.Like{"`groups`", groupName + "\""})

 	if offset != -1 && limit != -1 {
 		session.Limit(limit, offset)
@@ -255,7 +255,7 @@ func GetPaginationGroupUsers(groupName string, offset, limit int, field, value,
 func GetGroupUsers(groupName string) ([]*User, error) {
 	users := []*User{}
 	err := adapter.Engine.Table("user").
-		Where(builder.Like{"`groups`", groupName}).
+		Where(builder.Like{"`groups`", groupName + "\""}).
 		Find(&users)
 	if err != nil {
 		return nil, err
--- a/object/init.go
+++ b/object/init.go
@@ -61,7 +61,7 @@ func getBuiltInAccountItems() []*AccountItem {
 		{Name: "Signup application", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
 		{Name: "Roles", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
 		{Name: "Permissions", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
-		{Name: "Groups", Visible: true, ViewRule: "Public", ModifyRule: "Immutable"},
+		{Name: "Groups", Visible: true, ViewRule: "Public", ModifyRule: "Admin"},
 		{Name: "3rd-party logins", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
 		{Name: "Properties", Visible: false, ViewRule: "Admin", ModifyRule: "Admin"},
 		{Name: "Is admin", Visible: true, ViewRule: "Admin", ModifyRule: "Admin"},
@@ -93,7 +93,7 @@ func initBuiltInOrganization() bool {
 		Favicon:            fmt.Sprintf("%s/img/casbin/favicon.ico", conf.GetConfigString("staticBaseUrl")),
 		PasswordType:       "plain",
 		PasswordOptions:    []string{"AtLeast6"},
-		CountryCodes:       []string{"US", "ES", "CN", "FR", "DE", "GB", "JP", "KR", "VN", "ID", "SG", "IN"},
+		CountryCodes:       []string{"US", "ES", "FR", "DE", "GB", "CN", "JP", "KR", "VN", "ID", "SG", "IN"},
 		DefaultAvatar:      fmt.Sprintf("%s/img/casbin.svg", conf.GetConfigString("staticBaseUrl")),
 		Tags:               []string{},
 		Languages:          []string{"en", "zh", "es", "fr", "de", "id", "ja", "ko", "ru", "vi", "pt"},
@@ -130,7 +130,7 @@ func initBuiltInUser() {
 		Avatar:            fmt.Sprintf("%s/img/casbin.svg", conf.GetConfigString("staticBaseUrl")),
 		Email:             "admin@example.com",
 		Phone:             "12345678910",
-		CountryCode:       "CN",
+		CountryCode:       "US",
 		Address:           []string{},
 		Affiliation:       "Example Inc.",
 		Tag:               "staff",
@@ -184,6 +184,7 @@ func initBuiltInApplication() {
 			{Name: "Phone", Visible: true, Required: true, Prompted: false, Rule: "None"},
 			{Name: "Agreement", Visible: true, Required: true, Prompted: false, Rule: "None"},
 		},
+		Tags:          []string{},
 		RedirectUris:  []string{},
 		ExpireInHours: 168,
 		FormOffset:    2,
--- a/object/init_data.go
+++ b/object/init_data.go
@@ -145,6 +145,9 @@ func readInitDataFromFile(filePath string) (*InitData, error) {
 		if application.RedirectUris == nil {
 			application.RedirectUris = []string{}
 		}
+		if application.Tags == nil {
+			application.Tags = []string{}
+		}
 	}
 	for _, permission := range data.Permissions {
 		if permission.Actions == nil {
--- a/object/ldap.go
+++ b/object/ldap.go
@@ -103,6 +103,37 @@ func GetLdap(id string) (*Ldap, error) {
 	}
 }

+func GetMaskedLdap(ldap *Ldap, errs ...error) (*Ldap, error) {
+	if len(errs) > 0 && errs[0] != nil {
+		return nil, errs[0]
+	}
+
+	if ldap == nil {
+		return nil, nil
+	}
+
+	if ldap.Password != "" {
+		ldap.Password = "***"
+	}
+
+	return ldap, nil
+}
+
+func GetMaskedLdaps(ldaps []*Ldap, errs ...error) ([]*Ldap, error) {
+	if len(errs) > 0 && errs[0] != nil {
+		return nil, errs[0]
+	}
+
+	var err error
+	for _, ldap := range ldaps {
+		ldap, err = GetMaskedLdap(ldap)
+		if err != nil {
+			return nil, err
+		}
+	}
+	return ldaps, nil
+}
+
 func UpdateLdap(ldap *Ldap) (bool, error) {
 	if l, err := GetLdap(ldap.Id); err != nil {
 		return false, nil
--- a/object/mfa.go
+++ b/object/mfa.go
@@ -24,10 +24,6 @@ import (

 const MfaRecoveryCodesSession = "mfa_recovery_codes"

-type MfaSessionData struct {
-	UserId string
-}
-
 type MfaProps struct {
 	Enabled       bool     `json:"enabled"`
 	IsPreferred   bool     `json:"isPreferred"`
--- a/object/mfa_sms.go
+++ b/object/mfa_sms.go
@@ -24,8 +24,8 @@ import (
 )

 const (
-	MfaSmsCountryCodeSession = "mfa_country_code"
-	MfaSmsDestSession        = "mfa_dest"
+	MfaCountryCodeSession = "mfa_country_code"
+	MfaDestSession        = "mfa_dest"
 )

 type SmsMfa struct {
@@ -48,9 +48,19 @@ func (mfa *SmsMfa) Initiate(ctx *context.Context, userId string) (*MfaProps, err
 }

 func (mfa *SmsMfa) SetupVerify(ctx *context.Context, passCode string) error {
-	dest := ctx.Input.CruSession.Get(MfaSmsDestSession).(string)
-	countryCode := ctx.Input.CruSession.Get(MfaSmsCountryCodeSession).(string)
+	destSession := ctx.Input.CruSession.Get(MfaDestSession)
+	if destSession == nil {
+		return errors.New("dest session is missing")
+	}
+	dest := destSession.(string)
+
 	if !util.IsEmailValid(dest) {
+		countryCodeSession := ctx.Input.CruSession.Get(MfaCountryCodeSession)
+		if countryCodeSession == nil {
+			return errors.New("country code is missing")
+		}
+		countryCode := countryCodeSession.(string)
+
 		dest, _ = util.GetE164Number(dest, countryCode)
 	}

@@ -78,8 +88,8 @@ func (mfa *SmsMfa) Enable(ctx *context.Context, user *User) error {
 		columns = append(columns, "mfa_phone_enabled")

 		if user.Phone == "" {
-			user.Phone = ctx.Input.CruSession.Get(MfaSmsDestSession).(string)
-			user.CountryCode = ctx.Input.CruSession.Get(MfaSmsCountryCodeSession).(string)
+			user.Phone = ctx.Input.CruSession.Get(MfaDestSession).(string)
+			user.CountryCode = ctx.Input.CruSession.Get(MfaCountryCodeSession).(string)
 			columns = append(columns, "phone", "country_code")
 		}
 	} else if mfa.Config.MfaType == EmailType {
@@ -87,7 +97,7 @@ func (mfa *SmsMfa) Enable(ctx *context.Context, user *User) error {
 		columns = append(columns, "mfa_email_enabled")

 		if user.Email == "" {
-			user.Email = ctx.Input.CruSession.Get(MfaSmsDestSession).(string)
+			user.Email = ctx.Input.CruSession.Get(MfaDestSession).(string)
 			columns = append(columns, "email")
 		}
 	}
@@ -96,6 +106,11 @@ func (mfa *SmsMfa) Enable(ctx *context.Context, user *User) error {
 	if err != nil {
 		return err
 	}
+
+	ctx.Input.CruSession.Delete(MfaRecoveryCodesSession)
+	ctx.Input.CruSession.Delete(MfaDestSession)
+	ctx.Input.CruSession.Delete(MfaCountryCodeSession)
+
 	return nil
 }

--- a/object/mfa_totp.go
+++ b/object/mfa_totp.go
@@ -72,8 +72,11 @@ func (mfa *TotpMfa) Initiate(ctx *context.Context, userId string) (*MfaProps, er
 }

 func (mfa *TotpMfa) SetupVerify(ctx *context.Context, passcode string) error {
-	secret := ctx.Input.CruSession.Get(MfaTotpSecretSession).(string)
-	result := totp.Validate(passcode, secret)
+	secret := ctx.Input.CruSession.Get(MfaTotpSecretSession)
+	if secret == nil {
+		return errors.New("totp secret is missing")
+	}
+	result := totp.Validate(passcode, secret.(string))

 	if result {
 		return nil
@@ -104,6 +107,10 @@ func (mfa *TotpMfa) Enable(ctx *context.Context, user *User) error {
 	if err != nil {
 		return err
 	}
+
+	ctx.Input.CruSession.Delete(MfaRecoveryCodesSession)
+	ctx.Input.CruSession.Delete(MfaTotpSecretSession)
+
 	return nil
 }

--- a/object/oidc_discovery.go
+++ b/object/oidc_discovery.go
@@ -65,10 +65,13 @@ func getOriginFromHost(host string) (string, string) {
 		return origin, origin
 	}

+	// "door.casdoor.com"
 	protocol := "https://"
-	if strings.HasPrefix(host, "localhost") {
+	if !strings.Contains(host, ".") {
+		// "localhost:8000" or "computer-name:80"
 		protocol = "http://"
 	} else if isIpAddress(host) {
+		// "192.168.0.10"
 		protocol = "http://"
 	}

@@ -120,6 +123,10 @@ func GetJsonWebKeySet() (jose.JSONWebKeySet, error) {
 	// link here: https://self-issued.info/docs/draft-ietf-jose-json-web-key.html
 	// or https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key
 	for _, cert := range certs {
+		if cert.Type != "x509" {
+			continue
+		}
+
 		certPemBlock := []byte(cert.Certificate)
 		certDerBlock, _ := pem.Decode(certPemBlock)
 		x509Cert, _ := x509.ParseCertificate(certDerBlock.Bytes)
--- a/object/organization.go
+++ b/object/organization.go
@@ -69,7 +69,7 @@ type Organization struct {
 	IsProfilePublic    bool       `json:"isProfilePublic"`

 	MfaItems     []*MfaItem     `xorm:"varchar(300)" json:"mfaItems"`
-	AccountItems []*AccountItem `xorm:"varchar(3000)" json:"accountItems"`
+	AccountItems []*AccountItem `xorm:"varchar(5000)" json:"accountItems"`
 }

 func GetOrganizationCount(owner, field, value string) (int64, error) {
@@ -104,10 +104,15 @@ func GetOrganizationsByFields(owner string, fields ...string) ([]*Organization,
 	return organizations, nil
 }

-func GetPaginationOrganizations(owner string, offset, limit int, field, value, sortField, sortOrder string) ([]*Organization, error) {
+func GetPaginationOrganizations(owner string, name string, offset, limit int, field, value, sortField, sortOrder string) ([]*Organization, error) {
 	organizations := []*Organization{}
 	session := GetSession(owner, offset, limit, field, value, sortField, sortOrder)
-	err := session.Find(&organizations)
+	var err error
+	if name != "" {
+		err = session.Find(&organizations, &Organization{Name: name})
+	} else {
+		err = session.Find(&organizations)
+	}
 	if err != nil {
 		return nil, err
 	}
@@ -231,6 +236,10 @@ func DeleteOrganization(organization *Organization) (bool, error) {
 }

 func GetOrganizationByUser(user *User) (*Organization, error) {
+	if user == nil {
+		return nil, nil
+	}
+
 	return getOrganization("admin", user.Owner)
 }

@@ -467,10 +476,21 @@ func organizationChangeTrigger(oldName string, newName string) error {
 	return session.Commit()
 }

-func (org *Organization) HasRequiredMfa() bool {
+func IsNeedPromptMfa(org *Organization, user *User) bool {
+	if org == nil || user == nil {
+		return false
+	}
 	for _, item := range org.MfaItems {
 		if item.Rule == "Required" {
-			return true
+			if item.Name == EmailType && !user.MfaEmailEnabled {
+				return true
+			}
+			if item.Name == SmsType && !user.MfaPhoneEnabled {
+				return true
+			}
+			if item.Name == TotpType && user.TotpSecret == "" {
+				return true
+			}
 		}
 	}
 	return false
--- a/object/provider.go
+++ b/object/provider.go
@@ -16,8 +16,11 @@ package object

 import (
 	"fmt"
+	"strings"

+	"github.com/beego/beego/context"
 	"github.com/casdoor/casdoor/i18n"
+	"github.com/casdoor/casdoor/idp"
 	"github.com/casdoor/casdoor/pp"
 	"github.com/casdoor/casdoor/util"
 	"github.com/xorm-io/core"
@@ -28,21 +31,22 @@ type Provider struct {
 	Name        string `xorm:"varchar(100) notnull pk unique" json:"name"`
 	CreatedTime string `xorm:"varchar(100)" json:"createdTime"`

-	DisplayName       string `xorm:"varchar(100)" json:"displayName"`
-	Category          string `xorm:"varchar(100)" json:"category"`
-	Type              string `xorm:"varchar(100)" json:"type"`
-	SubType           string `xorm:"varchar(100)" json:"subType"`
-	Method            string `xorm:"varchar(100)" json:"method"`
-	ClientId          string `xorm:"varchar(100)" json:"clientId"`
-	ClientSecret      string `xorm:"varchar(2000)" json:"clientSecret"`
-	ClientId2         string `xorm:"varchar(100)" json:"clientId2"`
-	ClientSecret2     string `xorm:"varchar(100)" json:"clientSecret2"`
-	Cert              string `xorm:"varchar(100)" json:"cert"`
-	CustomAuthUrl     string `xorm:"varchar(200)" json:"customAuthUrl"`
-	CustomScope       string `xorm:"varchar(200)" json:"customScope"`
-	CustomTokenUrl    string `xorm:"varchar(200)" json:"customTokenUrl"`
-	CustomUserInfoUrl string `xorm:"varchar(200)" json:"customUserInfoUrl"`
-	CustomLogo        string `xorm:"varchar(200)" json:"customLogo"`
+	DisplayName       string            `xorm:"varchar(100)" json:"displayName"`
+	Category          string            `xorm:"varchar(100)" json:"category"`
+	Type              string            `xorm:"varchar(100)" json:"type"`
+	SubType           string            `xorm:"varchar(100)" json:"subType"`
+	Method            string            `xorm:"varchar(100)" json:"method"`
+	ClientId          string            `xorm:"varchar(100)" json:"clientId"`
+	ClientSecret      string            `xorm:"varchar(2000)" json:"clientSecret"`
+	ClientId2         string            `xorm:"varchar(100)" json:"clientId2"`
+	ClientSecret2     string            `xorm:"varchar(100)" json:"clientSecret2"`
+	Cert              string            `xorm:"varchar(100)" json:"cert"`
+	CustomAuthUrl     string            `xorm:"varchar(200)" json:"customAuthUrl"`
+	CustomTokenUrl    string            `xorm:"varchar(200)" json:"customTokenUrl"`
+	CustomUserInfoUrl string            `xorm:"varchar(200)" json:"customUserInfoUrl"`
+	CustomLogo        string            `xorm:"varchar(200)" json:"customLogo"`
+	Scopes            string            `xorm:"varchar(100)" json:"scopes"`
+	UserMapping       map[string]string `xorm:"varchar(500)" json:"userMapping"`

 	Host       string `xorm:"varchar(100)" json:"host"`
 	Port       int    `json:"port"`
@@ -225,7 +229,7 @@ func UpdateProvider(id string, provider *Provider) (bool, error) {
 		session = session.Omit("client_secret2")
 	}

-	if provider.Type != "Keycloak" {
+	if provider.Type == "Tencent Cloud COS" {
 		provider.Endpoint = util.GetEndPoint(provider.Endpoint)
 		provider.IntranetEndpoint = util.GetEndPoint(provider.IntranetEndpoint)
 	}
@@ -239,7 +243,7 @@ func UpdateProvider(id string, provider *Provider) (bool, error) {
 }

 func AddProvider(provider *Provider) (bool, error) {
-	if provider.Type != "Keycloak" {
+	if provider.Type == "Tencent Cloud COS" {
 		provider.Endpoint = util.GetEndPoint(provider.Endpoint)
 		provider.IntranetEndpoint = util.GetEndPoint(provider.IntranetEndpoint)
 	}
@@ -365,3 +369,27 @@ func providerChangeTrigger(oldName string, newName string) error {

 	return session.Commit()
 }
+
+func FromProviderToIdpInfo(ctx *context.Context, provider *Provider) *idp.ProviderInfo {
+	providerInfo := &idp.ProviderInfo{
+		Type:         provider.Type,
+		SubType:      provider.SubType,
+		ClientId:     provider.ClientId,
+		ClientSecret: provider.ClientSecret,
+		AppId:        provider.AppId,
+		HostUrl:      provider.Host,
+		TokenURL:     provider.CustomTokenUrl,
+		AuthURL:      provider.CustomAuthUrl,
+		UserInfoURL:  provider.CustomUserInfoUrl,
+		UserMapping:  provider.UserMapping,
+	}
+
+	if provider.Type == "WeChat" {
+		if ctx != nil && strings.Contains(ctx.Request.UserAgent(), "MicroMessenger") {
+			providerInfo.ClientId = provider.ClientId2
+			providerInfo.ClientSecret = provider.ClientSecret2
+		}
+	}
+
+	return providerInfo
+}
--- a/object/sms.go
+++ b/object/sms.go
@@ -42,7 +42,11 @@ func SendSms(provider *Provider, content string, phoneNumbers ...string) error {
 		return err
 	}

-	if provider.Type == sender.Aliyun {
+	if provider.Type == sender.Twilio {
+		if provider.AppId != "" {
+			phoneNumbers = append([]string{provider.AppId}, phoneNumbers...)
+		}
+	} else if provider.Type == sender.Aliyun {
 		for i, number := range phoneNumbers {
 			phoneNumbers[i] = strings.TrimPrefix(number, "+86")
 		}
--- a/object/storage.go
+++ b/object/storage.go
@@ -25,6 +25,7 @@ import (
 	"github.com/casdoor/casdoor/i18n"
 	"github.com/casdoor/casdoor/storage"
 	"github.com/casdoor/casdoor/util"
+	"github.com/casdoor/oss"
 )

 var isCloudIntranet bool
@@ -102,11 +103,11 @@ func GetUploadFileUrl(provider *Provider, fullFilePath string, hasTimestamp bool
 	return fileUrl, objectKey
 }

-func uploadFile(provider *Provider, fullFilePath string, fileBuffer *bytes.Buffer, lang string) (string, string, error) {
+func getStorageProvider(provider *Provider, lang string) (oss.StorageInterface, error) {
 	endpoint := getProviderEndpoint(provider)
 	storageProvider := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, endpoint)
 	if storageProvider == nil {
-		return "", "", fmt.Errorf(i18n.Translate(lang, "storage:The provider type: %s is not supported"), provider.Type)
+		return nil, fmt.Errorf(i18n.Translate(lang, "storage:The provider type: %s is not supported"), provider.Type)
 	}

 	if provider.Domain == "" {
@@ -114,9 +115,18 @@ func uploadFile(provider *Provider, fullFilePath string, fileBuffer *bytes.Buffe
 		UpdateProvider(provider.GetId(), provider)
 	}

+	return storageProvider, nil
+}
+
+func uploadFile(provider *Provider, fullFilePath string, fileBuffer *bytes.Buffer, lang string) (string, string, error) {
+	storageProvider, err := getStorageProvider(provider, lang)
+	if err != nil {
+		return "", "", err
+	}
+
 	fileUrl, objectKey := GetUploadFileUrl(provider, fullFilePath, true)

-	_, err := storageProvider.Put(objectKey, fileBuffer)
+	_, err = storageProvider.Put(objectKey, fileBuffer)
 	if err != nil {
 		return "", "", err
 	}
@@ -154,15 +164,9 @@ func DeleteFile(provider *Provider, objectKey string, lang string) error {
 		return fmt.Errorf(i18n.Translate(lang, "storage:The objectKey: %s is not allowed"), objectKey)
 	}

-	endpoint := getProviderEndpoint(provider)
-	storageProvider := storage.GetStorageProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.RegionId, provider.Bucket, endpoint)
-	if storageProvider == nil {
-		return fmt.Errorf(i18n.Translate(lang, "storage:The provider type: %s is not supported"), provider.Type)
-	}
-
-	if provider.Domain == "" {
-		provider.Domain = storageProvider.GetEndpoint()
-		UpdateProvider(provider.GetId(), provider)
+	storageProvider, err := getStorageProvider(provider, lang)
+	if err != nil {
+		return err
 	}

 	return storageProvider.Delete(objectKey)
--- a/object/user.go
+++ b/object/user.go
@@ -160,8 +160,8 @@ type User struct {

 	WebauthnCredentials []webauthn.Credential `xorm:"webauthnCredentials blob" json:"webauthnCredentials"`
 	PreferredMfaType    string                `xorm:"varchar(100)" json:"preferredMfaType"`
-	RecoveryCodes       []string              `xorm:"varchar(1000)" json:"recoveryCodes,omitempty"`
-	TotpSecret          string                `xorm:"varchar(100)" json:"totpSecret,omitempty"`
+	RecoveryCodes       []string              `xorm:"varchar(1000)" json:"recoveryCodes"`
+	TotpSecret          string                `xorm:"varchar(100)" json:"totpSecret"`
 	MfaPhoneEnabled     bool                  `json:"mfaPhoneEnabled"`
 	MfaEmailEnabled     bool                  `json:"mfaEmailEnabled"`
 	MultiFactorAuths    []*MfaProps           `xorm:"-" json:"multiFactorAuths,omitempty"`
@@ -832,11 +832,14 @@ func userChangeTrigger(oldName string, newName string) error {
 }

 func (user *User) IsMfaEnabled() bool {
+	if user == nil {
+		return false
+	}
 	return user.PreferredMfaType != ""
 }

 func (user *User) GetPreferredMfaProps(masked bool) *MfaProps {
-	if user.PreferredMfaType == "" {
+	if user == nil || user.PreferredMfaType == "" {
 		return nil
 	}
 	return user.GetMfaProps(user.PreferredMfaType, masked)
--- a/object/user_util.go
+++ b/object/user_util.go
@@ -293,7 +293,13 @@ func CheckPermissionForUpdateUser(oldUser, newUser *User, isAdmin bool, lang str
 		itemsChanged = append(itemsChanged, item)
 	}

+	if oldUser.Groups == nil {
+		oldUser.Groups = []string{}
+	}
 	oldUserGroupsJson, _ := json.Marshal(oldUser.Groups)
+	if newUser.Groups == nil {
+		newUser.Groups = []string{}
+	}
 	newUserGroupsJson, _ := json.Marshal(newUser.Groups)
 	if string(oldUserGroupsJson) != string(newUserGroupsJson) {
 		item := GetAccountItemByName("Groups", organization)
--- a/routers/cors_filter.go
+++ b/routers/cors_filter.go
@@ -33,6 +33,13 @@ func CorsFilter(ctx *context.Context) {
 	origin := ctx.Input.Header(headerOrigin)
 	originConf := conf.GetConfigString("origin")

+	if ctx.Request.Method == "POST" && ctx.Request.RequestURI == "/api/login/oauth/access_token" {
+		ctx.Output.Header(headerAllowOrigin, origin)
+		ctx.Output.Header(headerAllowMethods, "POST, GET, OPTIONS, DELETE")
+		ctx.Output.Header(headerAllowHeaders, "Content-Type, Authorization")
+		return
+	}
+
 	if origin != "" && originConf != "" && origin != originConf {
 		ok, err := object.IsOriginAllowed(origin)
 		if err != nil {
--- a/routers/static_filter.go
+++ b/routers/static_filter.go
@@ -55,7 +55,7 @@ func StaticFilter(ctx *context.Context) {
 		path += urlPath
 	}

-	path2 := strings.TrimLeft(path, "web/build/images/")
+	path2 := strings.TrimPrefix(path, "web/build/images/")
 	if util.FileExist(path2) {
 		makeGzipResponse(ctx.ResponseWriter, ctx.Request, path2)
 		return
--- a/swagger/swagger.json
+++ b/swagger/swagger.json
--- a/swagger/swagger.yml
+++ b/swagger/swagger.yml
@@ -28,6 +28,24 @@ paths:
          description: ""
          schema:
            $ref: '#/definitions/object.OidcDiscovery'
+  /api/add-adapter:
+    post:
+      tags:
+      - Adapter API
+      description: add adapter
+      operationId: ApiController.AddCasbinAdapter
+      parameters:
+      - in: body
+        name: body
+        description: The details of the adapter
+        required: true
+        schema:
+          $ref: '#/definitions/object.Adapter'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/add-application:
    post:
      tags:
@@ -82,6 +100,24 @@ paths:
          description: The Response object
          schema:
            $ref: '#/definitions/controllers.Response'
+  /api/add-group:
+    post:
+      tags:
+      - Group API
+      description: add group
+      operationId: ApiController.AddGroup
+      parameters:
+      - in: body
+        name: body
+        description: The details of the group
+        required: true
+        schema:
+          $ref: '#/definitions/object.Group'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/add-ldap:
    post:
      tags:
@@ -272,6 +308,18 @@ paths:
      tags:
      - Resource API
      operationId: ApiController.AddResource
+      parameters:
+      - in: body
+        name: resource
+        description: Resource object
+        required: true
+        schema:
+          $ref: '#/definitions/object.Resource'
+      responses:
+        "200":
+          description: Success or error
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/add-role:
    post:
      tags:
@@ -386,6 +434,11 @@ paths:
          description: The Response object
          schema:
            $ref: '#/definitions/controllers.Response'
+  /api/add-user-keys:
+    post:
+      tags:
+      - User API
+      operationId: ApiController.AddUserkeys
  /api/add-webhook:
    post:
      tags:
@@ -506,12 +559,12 @@ paths:
    post:
      tags:
      - Enforce API
-      description: perform enforce
+      description: Call Casbin BatchEnforce API
      operationId: ApiController.BatchEnforce
      parameters:
      - in: body
        name: body
-        description: casbin request array
+        description: array of casbin requests
        required: true
        schema:
          $ref: '#/definitions/object.CasbinRequest'
@@ -555,6 +608,24 @@ paths:
      tags:
      - User API
      operationId: ApiController.CheckUserPassword
+  /api/delete-adapter:
+    post:
+      tags:
+      - Adapter API
+      description: delete adapter
+      operationId: ApiController.DeleteCasbinAdapter
+      parameters:
+      - in: body
+        name: body
+        description: The details of the adapter
+        required: true
+        schema:
+          $ref: '#/definitions/object.Adapter'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/delete-application:
    post:
      tags:
@@ -609,6 +680,24 @@ paths:
          description: The Response object
          schema:
            $ref: '#/definitions/controllers.Response'
+  /api/delete-group:
+    post:
+      tags:
+      - Group API
+      description: delete group
+      operationId: ApiController.DeleteGroup
+      parameters:
+      - in: body
+        name: body
+        description: The details of the group
+        required: true
+        schema:
+          $ref: '#/definitions/object.Group'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/delete-ldap:
    post:
      tags:
@@ -792,6 +881,18 @@ paths:
      tags:
      - Resource API
      operationId: ApiController.DeleteResource
+      parameters:
+      - in: body
+        name: resource
+        description: Resource object
+        required: true
+        schema:
+          $ref: '#/definitions/object.Resource'
+      responses:
+        "200":
+          description: Success or error
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/delete-role:
    post:
      tags:
@@ -923,12 +1024,12 @@ paths:
    post:
      tags:
      - Enforce API
-      description: perform enforce
+      description: Call Casbin Enforce API
      operationId: ApiController.Enforce
      parameters:
      - in: body
        name: body
-        description: casbin request
+        description: Casbin request
        required: true
        schema:
          $ref: '#/definitions/object.CasbinRequest'
@@ -960,6 +1061,42 @@ paths:
          description: The Response object
          schema:
            $ref: '#/definitions/controllers.Response'
+  /api/get-adapter:
+    get:
+      tags:
+      - Adapter API
+      description: get adapter
+      operationId: ApiController.GetCasbinAdapter
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of the adapter
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/object.Adapter'
+  /api/get-adapters:
+    get:
+      tags:
+      - Adapter API
+      description: get adapters
+      operationId: ApiController.GetCasbinAdapters
+      parameters:
+      - in: query
+        name: owner
+        description: The owner of adapters
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            type: array
+            items:
+              $ref: '#/definitions/object.Adapter'
  /api/get-app-login:
    get:
      tags:
@@ -1183,6 +1320,42 @@ paths:
            type: array
            items:
              $ref: '#/definitions/object.Cert'
+  /api/get-group:
+    get:
+      tags:
+      - Group API
+      description: get group
+      operationId: ApiController.GetGroup
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of the group
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/object.Group'
+  /api/get-groups:
+    get:
+      tags:
+      - Group API
+      description: get groups
+      operationId: ApiController.GetGroups
+      parameters:
+      - in: query
+        name: owner
+        description: The owner of groups
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            type: array
+            items:
+              $ref: '#/definitions/object.Group'
  /api/get-ldap:
    get:
      tags:
@@ -1327,7 +1500,7 @@ paths:
    get:
      tags:
      - Organization API
-      description: get all organization names
+      description: get all organization name and displayName
      operationId: ApiController.GetOrganizationNames
      parameters:
      - in: query
@@ -1521,7 +1694,7 @@ paths:
        "200":
          description: The Response object
          schema:
-            $ref: '#/definitions/object.pricing'
+            $ref: '#/definitions/object.Pricing'
  /api/get-pricings:
    get:
      tags:
@@ -1669,12 +1842,67 @@ paths:
    get:
      tags:
      - Resource API
+      description: get resource
      operationId: ApiController.GetResource
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of resource
+        required: true
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/object.Resource'
  /api/get-resources:
    get:
      tags:
      - Resource API
+      description: get resources
      operationId: ApiController.GetResources
+      parameters:
+      - in: query
+        name: owner
+        description: Owner
+        required: true
+        type: string
+      - in: query
+        name: user
+        description: User
+        required: true
+        type: string
+      - in: query
+        name: pageSize
+        description: Page Size
+        type: integer
+      - in: query
+        name: p
+        description: Page Number
+        type: integer
+      - in: query
+        name: field
+        description: Field
+        type: string
+      - in: query
+        name: value
+        description: Value
+        type: string
+      - in: query
+        name: sortField
+        description: Sort Field
+        type: string
+      - in: query
+        name: sortOrder
+        description: Sort Order
+        type: string
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            type: array
+            items:
+              $ref: '#/definitions/object.Resource'
  /api/get-role:
    get:
      tags:
@@ -1793,7 +2021,7 @@ paths:
        "200":
          description: The Response object
          schema:
-            $ref: '#/definitions/object.subscription'
+            $ref: '#/definitions/object.Subscription'
  /api/get-subscriptions:
    get:
      tags:
@@ -2172,7 +2400,7 @@ paths:
        "200":
          description: The Response object
          schema:
-            $ref: '#/definitions/Response'
+            $ref: '#/definitions/controllers.Response'
  /api/login/oauth/access_token:
    post:
      tags:
@@ -2351,9 +2579,9 @@ paths:
      operationId: ApiController.MfaSetupInitiate
      responses:
        "200":
-          description: Response object
+          description: The Response object
          schema:
-            $ref: '#/definitions/The'
+            $ref: '#/definitions/controllers.Response'
  /api/mfa/setup/verify:
    post:
      tags:
@@ -2480,6 +2708,29 @@ paths:
    post:
      tags:
      - Login API
+  /api/update-adapter:
+    post:
+      tags:
+      - Adapter API
+      description: update adapter
+      operationId: ApiController.UpdateCasbinAdapter
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of the adapter
+        required: true
+        type: string
+      - in: body
+        name: body
+        description: The details of the adapter
+        required: true
+        schema:
+          $ref: '#/definitions/object.Adapter'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/update-application:
    post:
      tags:
@@ -2549,6 +2800,29 @@ paths:
          description: The Response object
          schema:
            $ref: '#/definitions/controllers.Response'
+  /api/update-group:
+    post:
+      tags:
+      - Group API
+      description: update group
+      operationId: ApiController.UpdateGroup
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of the group
+        required: true
+        type: string
+      - in: body
+        name: body
+        description: The details of the group
+        required: true
+        schema:
+          $ref: '#/definitions/object.Group'
+      responses:
+        "200":
+          description: The Response object
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/update-ldap:
    post:
      tags:
@@ -2765,7 +3039,25 @@ paths:
    post:
      tags:
      - Resource API
+      description: get resource
      operationId: ApiController.UpdateResource
+      parameters:
+      - in: query
+        name: id
+        description: The id ( owner/name ) of resource
+        required: true
+        type: string
+      - in: body
+        name: resource
+        description: The resource object
+        required: true
+        schema:
+          $ref: '#/definitions/object.Resource'
+      responses:
+        "200":
+          description: Success or error
+          schema:
+            $ref: '#/definitions/controllers.Response'
  /api/update-role:
    post:
      tags:
@@ -2928,6 +3220,53 @@ paths:
      tags:
      - Resource API
      operationId: ApiController.UploadResource
+      parameters:
+      - in: query
+        name: owner
+        description: Owner
+        required: true
+        type: string
+      - in: query
+        name: user
+        description: User
+        required: true
+        type: string
+      - in: query
+        name: application
+        description: Application
+        required: true
+        type: string
+      - in: query
+        name: tag
+        description: Tag
+        type: string
+      - in: query
+        name: parent
+        description: Parent
+        type: string
+      - in: query
+        name: fullFilePath
+        description: Full File Path
+        required: true
+        type: string
+      - in: query
+        name: createdTime
+        description: Created Time
+        type: string
+      - in: query
+        name: description
+        description: Description
+        type: string
+      - in: formData
+        name: file
+        description: Resource file
+        required: true
+        type: file
+      responses:
+        "200":
+          description: FileUrl, objectKey
+          schema:
+            $ref: '#/definitions/object.Resource'
  /api/user:
    get:
      tags:
@@ -2994,7 +3333,7 @@ paths:
        "200":
          description: '"The Response object"'
          schema:
-            $ref: '#/definitions/Response'
+            $ref: '#/definitions/controllers.Response'
  /api/webauthn/signup/begin:
    get:
      tags:
@@ -3023,23 +3362,14 @@ paths:
        "200":
          description: '"The Response object"'
          schema:
-            $ref: '#/definitions/Response'
+            $ref: '#/definitions/controllers.Response'
 definitions:
-  1225.0xc0002e2ae0.false:
-    title: "false"
-    type: object
-  1260.0xc0002e2b10.false:
-    title: "false"
-    type: object
  LaravelResponse:
    title: LaravelResponse
    type: object
  Response:
    title: Response
    type: object
-  The:
-    title: The
-    type: object
  controllers.AuthForm:
    title: AuthForm
    type: object
@@ -3064,9 +3394,13 @@ definitions:
    type: object
    properties:
      data:
-        $ref: '#/definitions/1225.0xc0002e2ae0.false'
+        additionalProperties:
+          description: support string, struct or []struct
+          type: string
      data2:
-        $ref: '#/definitions/1260.0xc0002e2b10.false'
+        additionalProperties:
+          description: support string, struct or []struct
+          type: string
      msg:
        type: string
      name:
@@ -3090,8 +3424,8 @@ definitions:
  jose.JSONWebKey:
    title: JSONWebKey
    type: object
-  object.&{179844 0xc000a02f90 false}:
-    title: '&{179844 0xc000a02f90 false}'
+  object:
+    title: object
    type: object
  object.AccountItem:
    title: AccountItem
@@ -3210,6 +3544,10 @@ definitions:
          $ref: '#/definitions/object.SignupItem'
      signupUrl:
        type: string
+      tags:
+        type: array
+        items:
+          type: string
      termsOfUse:
        type: string
      themeData:
@@ -3220,7 +3558,7 @@ definitions:
    title: CasbinRequest
    type: array
    items:
-      $ref: '#/definitions/object.&{179844 0xc000a02f90 false}'
+      $ref: '#/definitions/object.CasbinRequest'
  object.Cert:
    title: Cert
    type: object
@@ -3295,6 +3633,44 @@ definitions:
      throughput:
        type: number
        format: double
+  object.Group:
+    title: Group
+    type: object
+    properties:
+      children:
+        type: array
+        items:
+          $ref: '#/definitions/object.Group'
+      contactEmail:
+        type: string
+      createdTime:
+        type: string
+      displayName:
+        type: string
+      isEnabled:
+        type: boolean
+      isTopGroup:
+        type: boolean
+      key:
+        type: string
+      manager:
+        type: string
+      name:
+        type: string
+      owner:
+        type: string
+      parentId:
+        type: string
+      title:
+        type: string
+      type:
+        type: string
+      updatedTime:
+        type: string
+      users:
+        type: array
+        items:
+          $ref: '#/definitions/object.User'
  object.Header:
    title: Header
    type: object
@@ -3395,18 +3771,18 @@ definitions:
    properties:
      countryCode:
        type: string
-      id:
-        type: string
+      enabled:
+        type: boolean
      isPreferred:
        type: boolean
+      mfaType:
+        type: string
      recoveryCodes:
        type: array
        items:
          type: string
      secret:
        type: string
-      type:
-        type: string
      url:
        type: string
  object.Model:
@@ -3415,6 +3791,8 @@ definitions:
    properties:
      createdTime:
        type: string
+      description:
+        type: string
      displayName:
        type: string
      isEnabled:
@@ -3520,6 +3898,10 @@ definitions:
        type: string
      owner:
        type: string
+      passwordOptions:
+        type: array
+        items:
+          type: string
      passwordSalt:
        type: string
      passwordType:
@@ -3607,6 +3989,8 @@ definitions:
        type: string
      createdTime:
        type: string
+      description:
+        type: string
      displayName:
        type: string
      domains:
@@ -3687,8 +4071,6 @@ definitions:
        type: string
      displayName:
        type: string
-      hasTrial:
-        type: boolean
      isEnabled:
        type: boolean
      name:
@@ -3792,8 +4174,6 @@ definitions:
        type: string
      customLogo:
        type: string
-      customScope:
-        type: string
      customTokenUrl:
        type: string
      customUserInfoUrl:
@@ -3835,6 +4215,8 @@ definitions:
        type: string
      regionId:
        type: string
+      scopes:
+        type: string
      signName:
        type: string
      subType:
@@ -3845,6 +4227,9 @@ definitions:
        type: string
      type:
        type: string
+      userMapping:
+        additionalProperties:
+          type: string
  object.ProviderItem:
    title: ProviderItem
    type: object
@@ -3898,12 +4283,47 @@ definitions:
        type: string
      user:
        type: string
+  object.Resource:
+    title: Resource
+    type: object
+    properties:
+      application:
+        type: string
+      createdTime:
+        type: string
+      description:
+        type: string
+      fileFormat:
+        type: string
+      fileName:
+        type: string
+      fileSize:
+        type: integer
+        format: int64
+      fileType:
+        type: string
+      name:
+        type: string
+      owner:
+        type: string
+      parent:
+        type: string
+      provider:
+        type: string
+      tag:
+        type: string
+      url:
+        type: string
+      user:
+        type: string
  object.Role:
    title: Role
    type: object
    properties:
      createdTime:
        type: string
+      description:
+        type: string
      displayName:
        type: string
      domains:
@@ -3995,6 +4415,8 @@ definitions:
        type: string
      isEnabled:
        type: boolean
+      isReadOnly:
+        type: boolean
      name:
        type: string
      organization:
@@ -4117,6 +4539,10 @@ definitions:
    title: User
    type: object
    properties:
+      accessKey:
+        type: string
+      accessSecret:
+        type: string
      address:
        type: array
        items:
@@ -4135,6 +4561,8 @@ definitions:
        type: string
      avatar:
        type: string
+      avatarType:
+        type: string
      azuread:
        type: string
      baidu:
@@ -4205,6 +4633,10 @@ definitions:
        type: string
      google:
        type: string
+      groups:
+        type: array
+        items:
+          type: string
      hash:
        type: string
      heroku:
@@ -4272,6 +4704,10 @@ definitions:
          $ref: '#/definitions/object.ManagedAccount'
      meetup:
        type: string
+      mfaEmailEnabled:
+        type: boolean
+      mfaPhoneEnabled:
+        type: boolean
      microsoftonline:
        type: string
      multiFactorAuths:
@@ -4312,6 +4748,8 @@ definitions:
        type: string
      preHash:
        type: string
+      preferredMfaType:
+        type: string
      properties:
        additionalProperties:
          type: string
@@ -4320,6 +4758,10 @@ definitions:
      ranking:
        type: integer
        format: int64
+      recoveryCodes:
+        type: array
+        items:
+          type: string
      region:
        type: string
      roles:
@@ -4356,6 +4798,8 @@ definitions:
        type: string
      title:
        type: string
+      totpSecret:
+        type: string
      tumblr:
        type: string
      twitch:
@@ -4404,12 +4848,14 @@ definitions:
        type: string
      email:
        type: string
+      groups:
+        type: array
+        items:
+          type: string
      iss:
        type: string
      name:
        type: string
-      organization:
-        type: string
      phone:
        type: string
      picture:
@@ -4448,12 +4894,6 @@ definitions:
        type: string
      url:
        type: string
-  object.pricing:
-    title: pricing
-    type: object
-  object.subscription:
-    title: subscription
-    type: object
  protocol.CredentialAssertion:
    title: CredentialAssertion
    type: object
--- a/util/path.go
+++ b/util/path.go
@@ -72,6 +72,9 @@ func UrlJoin(base string, path string) string {

 func GetUrlPath(urlString string) string {
 	u, _ := url.Parse(urlString)
+	if u == nil {
+		return ""
+	}
 	return u.Path
 }

--- a/util/slice.go
+++ b/util/slice.go
@@ -43,6 +43,15 @@ func ContainsString(values []string, val string) bool {
 	return sort.SearchStrings(values, val) != len(values)
 }

+func InSlice(slice []string, elem string) bool {
+	for _, val := range slice {
+		if val == elem {
+			return true
+		}
+	}
+	return false
+}
+
 func ReturnAnyNotEmpty(strs ...string) string {
 	for _, str := range strs {
 		if str != "" {
--- a/util/string.go
+++ b/util/string.go
@@ -289,3 +289,18 @@ func HasString(strs []string, str string) bool {
 	}
 	return false
 }
+
+func ParseIdToString(input interface{}) (string, error) {
+	switch v := input.(type) {
+	case string:
+		return v, nil
+	case int:
+		return strconv.Itoa(v), nil
+	case int64:
+		return strconv.FormatInt(v, 10), nil
+	case float64:
+		return strconv.FormatFloat(v, 'f', -1, 64), nil
+	default:
+		return "", fmt.Errorf("unsupported id type: %T", input)
+	}
+}
--- a/util/string_test.go
+++ b/util/string_test.go
@@ -246,3 +246,23 @@ func TestSnakeString(t *testing.T) {
 		})
 	}
 }
+
+func TestParseId(t *testing.T) {
+	scenarios := []struct {
+		description string
+		input       interface{}
+		expected    interface{}
+	}{
+		{"Should be return 123456", "123456", "123456"},
+		{"Should be return 123456", 123456, "123456"},
+		{"Should be return 123456", int64(123456), "123456"},
+		{"Should be return 123456", float64(123456), "123456"},
+	}
+	for _, scenery := range scenarios {
+		t.Run(scenery.description, func(t *testing.T) {
+			actual, err := ParseIdToString(scenery.input)
+			assert.Nil(t, err, "The returned value not is expected")
+			assert.Equal(t, scenery.expected, actual, "The returned value not is expected")
+		})
+	}
+}
--- a/web/src/AdapterListPage.js
+++ b/web/src/AdapterListPage.js
@@ -25,8 +25,9 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class AdapterListPage extends BaseListPage {
  newAdapter() {
    const randomName = Setting.getRandomName();
+    const owner = Setting.getRequestOrganization(this.props.account);
    return {
-      owner: this.props.account.owner,
+      owner: owner,
      name: `adapter_${randomName}`,
      createdTime: moment().format(),
      type: "Database",
@@ -87,7 +88,7 @@ class AdapterListPage extends BaseListPage {
        ...this.getColumnSearchProps("name"),
        render: (text, record, index) => {
          return (
-            <Link to={`/adapters/${record.organization}/${text}`}>
+            <Link to={`/adapters/${record.owner}/${text}`}>
              {text}
            </Link>
          );
@@ -246,7 +247,7 @@ class AdapterListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    AdapterBackend.getAdapters(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    AdapterBackend.getAdapters(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/App.js
+++ b/web/src/App.js
@@ -15,9 +15,11 @@
 import React, {Component} from "react";
 import "./App.less";
 import {Helmet} from "react-helmet";
+import EnableMfaNotification from "./common/notifaction/EnableMfaNotification";
 import GroupTreePage from "./GroupTreePage";
 import GroupEditPage from "./GroupEdit";
 import GroupListPage from "./GroupList";
+import {MfaRuleRequired} from "./Setting";
 import * as Setting from "./Setting";
 import {StyleProvider, legacyLogicalPropertiesTransformer} from "@ant-design/cssinjs";
 import {BarsOutlined, CommentOutlined, DownOutlined, InfoCircleFilled, LogoutOutlined, SettingOutlined} from "@ant-design/icons";
@@ -64,6 +66,13 @@ import ProductBuyPage from "./ProductBuyPage";
 import PaymentListPage from "./PaymentListPage";
 import PaymentEditPage from "./PaymentEditPage";
 import PaymentResultPage from "./PaymentResultPage";
+import ModelListPage from "./ModelListPage";
+import ModelEditPage from "./ModelEditPage";
+import AdapterListPage from "./AdapterListPage";
+import AdapterEditPage from "./AdapterEditPage";
+import SessionListPage from "./SessionListPage";
+import MfaSetupPage from "./auth/MfaSetupPage";
+import SystemInfo from "./SystemInfo";
 import AccountPage from "./account/AccountPage";
 import HomePage from "./basic/HomePage";
 import CustomGithubCorner from "./common/CustomGithubCorner";
@@ -73,19 +82,13 @@ import * as Auth from "./auth/Auth";
 import EntryPage from "./EntryPage";
 import * as AuthBackend from "./auth/AuthBackend";
 import AuthCallback from "./auth/AuthCallback";
-import LanguageSelect from "./common/select/LanguageSelect";
-import i18next from "i18next";
 import OdicDiscoveryPage from "./auth/OidcDiscoveryPage";
 import SamlCallback from "./auth/SamlCallback";
-import ModelListPage from "./ModelListPage";
-import ModelEditPage from "./ModelEditPage";
-import SystemInfo from "./SystemInfo";
-import AdapterListPage from "./AdapterListPage";
-import AdapterEditPage from "./AdapterEditPage";
+import i18next from "i18next";
 import {withTranslation} from "react-i18next";
+import LanguageSelect from "./common/select/LanguageSelect";
 import ThemeSelect from "./common/select/ThemeSelect";
-import SessionListPage from "./SessionListPage";
-import MfaSetupPage from "./auth/MfaSetupPage";
+import OrganizationSelect from "./common/select/OrganizationSelect";

 const {Header, Footer, Content} = Layout;

@@ -101,12 +104,13 @@ class App extends Component {
      themeAlgorithm: ["default"],
      themeData: Conf.ThemeDefault,
      logo: this.getLogo(Setting.getAlgorithmNames(Conf.ThemeDefault)),
+      requiredEnableMfa: false,
    };

    Setting.initServerUrl();
    Auth.initAuthWithConfig({
      serverUrl: Setting.ServerUrl,
-      appName: "app-built-in", // the application name of Casdoor itself, do not change it
+      appName: Conf.DefaultApplication, // the application used in Casdoor root path: "/"
    });
  }

@@ -115,16 +119,29 @@ class App extends Component {
    this.getAccount();
  }

-  componentDidUpdate() {
-    // eslint-disable-next-line no-restricted-globals
+  componentDidUpdate(prevProps, prevState, snapshot) {
    const uri = location.pathname;
    if (this.state.uri !== uri) {
      this.updateMenuKey();
    }
+
+    if (this.state.account !== prevState.account) {
+      const requiredEnableMfa = Setting.isRequiredEnableMfa(this.state.account, this.state.account?.organization);
+      this.setState({
+        requiredEnableMfa: requiredEnableMfa,
+      });
+
+      if (requiredEnableMfa === true) {
+        const mfaType = Setting.getMfaItemsByRules(this.state.account, this.state.account?.organization, [MfaRuleRequired])
+          .find((item) => item.rule === MfaRuleRequired)?.name;
+        if (mfaType !== undefined) {
+          this.props.history.push(`/mfa/setup?mfaType=${mfaType}`, {from: "/login"});
+        }
+      }
+    }
  }

  updateMenuKey() {
-    // eslint-disable-next-line no-restricted-globals
    const uri = location.pathname;
    this.setState({
      uri: uri,
@@ -340,13 +357,15 @@ class App extends Component {

  renderRightDropdown() {
    const items = [];
-    items.push(Setting.getItem(<><SettingOutlined />&nbsp;&nbsp;{i18next.t("account:My Account")}</>,
-      "/account"
-    ));
-    if (Conf.EnableChatPages) {
-      items.push(Setting.getItem(<><CommentOutlined />&nbsp;&nbsp;{i18next.t("account:Chats & Messages")}</>,
-        "/chat"
+    if (this.state.requiredEnableMfa === false) {
+      items.push(Setting.getItem(<><SettingOutlined />&nbsp;&nbsp;{i18next.t("account:My Account")}</>,
+        "/account"
      ));
+      if (Conf.EnableChatPages) {
+        items.push(Setting.getItem(<><CommentOutlined />&nbsp;&nbsp;{i18next.t("account:Chats & Messages")}</>,
+          "/chat"
+        ));
+      }
    }
    items.push(Setting.getItem(<><LogoutOutlined />&nbsp;&nbsp;{i18next.t("account:Logout")}</>,
      "/logout"));
@@ -398,6 +417,17 @@ class App extends Component {
              });
            }} />
          <LanguageSelect languages={this.state.account.organization.languages} />
+          {Setting.isAdminUser(this.state.account) && !Setting.isMobile() &&
+            <OrganizationSelect
+              initValue={Setting.getOrganization()}
+              withAll={true}
+              style={{marginRight: "20px", width: "180px", display: "flex"}}
+              onChange={(value) => {
+                Setting.setOrganization(value);
+              }}
+              className="select-box"
+            />
+          }
        </React.Fragment>
      );
    }
@@ -535,14 +565,6 @@ class App extends Component {
    return res;
  }

-  renderHomeIfLoggedIn(component) {
-    if (this.state.account !== null && this.state.account !== undefined) {
-      return <Redirect to="/" />;
-    } else {
-      return component;
-    }
-  }
-
  renderLoginIfNotLoggedIn(component) {
    if (this.state.account === null) {
      sessionStorage.setItem("from", window.location.pathname);
@@ -554,12 +576,6 @@ class App extends Component {
    }
  }

-  isStartPages() {
-    return window.location.pathname.startsWith("/login") ||
-        window.location.pathname.startsWith("/signup") ||
-        window.location.pathname === "/";
-  }
-
  renderRouter() {
    return (
      <Switch>
@@ -611,13 +627,13 @@ class App extends Component {
        <Route exact path="/subscriptions" render={(props) => this.renderLoginIfNotLoggedIn(<SubscriptionListPage account={this.state.account} {...props} />)} />
        <Route exact path="/subscriptions/:organizationName/:subscriptionName" render={(props) => this.renderLoginIfNotLoggedIn(<SubscriptionEditPage account={this.state.account} {...props} />)} />
        <Route exact path="/products" render={(props) => this.renderLoginIfNotLoggedIn(<ProductListPage account={this.state.account} {...props} />)} />
-        <Route exact path="/products/:productName" render={(props) => this.renderLoginIfNotLoggedIn(<ProductEditPage account={this.state.account} {...props} />)} />
+        <Route exact path="/products/:organizationName/:productName" render={(props) => this.renderLoginIfNotLoggedIn(<ProductEditPage account={this.state.account} {...props} />)} />
        <Route exact path="/products/:productName/buy" render={(props) => this.renderLoginIfNotLoggedIn(<ProductBuyPage account={this.state.account} {...props} />)} />
        <Route exact path="/payments" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentListPage account={this.state.account} {...props} />)} />
        <Route exact path="/payments/:paymentName" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentEditPage account={this.state.account} {...props} />)} />
        <Route exact path="/payments/:paymentName/result" render={(props) => this.renderLoginIfNotLoggedIn(<PaymentResultPage account={this.state.account} {...props} />)} />
        <Route exact path="/records" render={(props) => this.renderLoginIfNotLoggedIn(<RecordListPage account={this.state.account} {...props} />)} />
-        <Route exact path="/mfa-authentication/setup" render={(props) => this.renderLoginIfNotLoggedIn(<MfaSetupPage account={this.state.account} {...props} />)} />
+        <Route exact path="/mfa/setup" render={(props) => this.renderLoginIfNotLoggedIn(<MfaSetupPage account={this.state.account} onfinish={() => this.setState({requiredEnableMfa: false})} {...props} />)} />
        <Route exact path="/.well-known/openid-configuration" render={(props) => <OdicDiscoveryPage />} />
        <Route exact path="/sysinfo" render={(props) => this.renderLoginIfNotLoggedIn(<SystemInfo account={this.state.account} {...props} />)} />
        <Route path="" render={() => <Result status="404" title="404 NOT FOUND" subTitle={i18next.t("general:Sorry, the page you visited does not exist.")}
@@ -648,18 +664,24 @@ class App extends Component {
      if (key === "/swagger") {
        window.open(Setting.isLocalhost() ? `${Setting.ServerUrl}/swagger` : "/swagger", "_blank");
      } else {
-        this.props.history.push(key);
+        if (this.state.requiredEnableMfa) {
+          Setting.showMessage("info", "Please enable MFA first!");
+        } else {
+          this.props.history.push(key);
+        }
      }
    };
+    const menuStyleRight = Setting.isAdminUser(this.state.account) && !Setting.isMobile() ? "calc(180px + 260px)" : "260px";
    return (
      <Layout id="parent-area">
-        <Header style={{padding: "0", marginBottom: "3px", backgroundColor: this.state.themeAlgorithm.includes("dark") ? "black" : "white"}}>
+        <EnableMfaNotification account={this.state.account} />
+        <Header style={{padding: "0", marginBottom: "3px", backgroundColor: this.state.themeAlgorithm.includes("dark") ? "black" : "white"}} >
          {Setting.isMobile() ? null : (
            <Link to={"/"}>
              <div className="logo" style={{background: `url(${this.state.logo})`}} />
            </Link>
          )}
-          {Setting.isMobile() ?
+          {this.state.requiredEnableMfa || (Setting.isMobile() ?
            <React.Fragment>
              <Drawer title={i18next.t("general:Close")} placement="left" visible={this.state.menuVisible} onClose={this.onClose}>
                <Menu
@@ -680,9 +702,9 @@ class App extends Component {
              items={this.getMenuItems()}
              mode={"horizontal"}
              selectedKeys={[this.state.selectedMenuKey]}
-              style={{position: "absolute", left: "145px", right: "260px"}}
+              style={{position: "absolute", left: "145px", right: menuStyleRight}}
            />
-          }
+          )}
          {
            this.renderAccountMenu()
          }
@@ -746,9 +768,11 @@ class App extends Component {
                <EntryPage
                  account={this.state.account}
                  theme={this.state.themeData}
-                  onUpdateAccount={(account) => {
-                    this.onUpdateAccount(account);
+                  onLoginSuccess={(redirectUrl) => {
+                    localStorage.setItem("mfaRedirectUrl", redirectUrl);
+                    this.getAccount();
                  }}
+                  onUpdateAccount={(account) => this.onUpdateAccount(account)}
                  updataThemeData={this.setTheme}
                /> :
                <Switch>
--- a/web/src/ApplicationEditPage.js
+++ b/web/src/ApplicationEditPage.js
@@ -132,6 +132,11 @@ class ApplicationEditPage extends React.Component {
        if (res.grantTypes === null || res.grantTypes === undefined || res.grantTypes.length === 0) {
          res.grantTypes = ["authorization_code"];
        }
+
+        if (res.tags === null || res.tags === undefined) {
+          res.tags = [];
+        }
+
        this.setState({
          application: res,
        });
@@ -312,6 +317,18 @@ class ApplicationEditPage extends React.Component {
            </Select>
          </Col>
        </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("organization:Tags"), i18next.t("application:Tags - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} mode="tags" style={{width: "100%"}} value={this.state.application.tags} onChange={(value => {this.updateApplicationField("tags", value);})}>
+              {
+                this.state.application.tags?.map((item, index) => <Option key={index} value={item}>{item}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("provider:Client ID"), i18next.t("provider:Client ID - Tooltip"))} :
--- a/web/src/ApplicationListPage.js
+++ b/web/src/ApplicationListPage.js
@@ -28,18 +28,13 @@ class ApplicationListPage extends BaseListPage {
    super(props);
  }

-  componentDidMount() {
-    this.setState({
-      organizationName: this.props.account.owner,
-    });
-  }
-
  newApplication() {
    const randomName = Setting.getRandomName();
+    const organizationName = Setting.getRequestOrganization(this.props.account);
    return {
      owner: "admin", // this.props.account.applicationName,
      name: `application_${randomName}`,
-      organization: this.state.organizationName,
+      organization: organizationName,
      createdTime: moment().format(),
      displayName: `New Application - ${randomName}`,
      logo: `${Setting.StaticBaseUrl}/img/casdoor-logo_1185x256.png`,
@@ -273,8 +268,8 @@ class ApplicationListPage extends BaseListPage {
    const field = params.searchedColumn, value = params.searchText;
    const sortField = params.sortField, sortOrder = params.sortOrder;
    this.setState({loading: true});
-    (Setting.isAdminUser(this.props.account) ? ApplicationBackend.getApplications("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder) :
-      ApplicationBackend.getApplicationsByOrganization("admin", this.props.account.organization.name, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
+    (Setting.isDefaultOrganizationSelected(this.props.account) ? ApplicationBackend.getApplications("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder) :
+      ApplicationBackend.getApplicationsByOrganization("admin", Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/BaseListPage.js
+++ b/web/src/BaseListPage.js
@@ -17,6 +17,7 @@ import {Button, Input, Result, Space} from "antd";
 import {SearchOutlined} from "@ant-design/icons";
 import Highlighter from "react-highlight-words";
 import i18next from "i18next";
+import * as Setting from "./Setting";

 class BaseListPage extends React.Component {
  constructor(props) {
@@ -35,6 +36,22 @@ class BaseListPage extends React.Component {
    };
  }

+  handleOrganizationChange = () => {
+    const {pagination} = this.state;
+    this.fetch({pagination});
+  };
+
+  componentDidMount() {
+    window.addEventListener("storageOrganizationChanged", this.handleOrganizationChange);
+    if (!Setting.isAdminUser(this.props.account)) {
+      Setting.setOrganization("All");
+    }
+  }
+
+  componentWillUnmount() {
+    window.removeEventListener("storageOrganizationChanged", this.handleOrganizationChange);
+  }
+
  UNSAFE_componentWillMount() {
    const {pagination} = this.state;
    this.fetch({pagination});
--- a/web/src/CertEditPage.js
+++ b/web/src/CertEditPage.js
@@ -158,6 +158,7 @@ class CertEditPage extends React.Component {
              {
                [
                  {id: "x509", name: "x509"},
+                  {id: "Payment", name: "Payment"},
                ].map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
              }
            </Select>
--- a/web/src/CertListPage.js
+++ b/web/src/CertListPage.js
@@ -28,6 +28,7 @@ class CertListPage extends BaseListPage {
  }

  componentDidMount() {
+    super.componentDidMount();
    this.setState({
      owner: Setting.isAdminUser(this.props.account) ? "admin" : this.props.account.owner,
    });
@@ -35,8 +36,9 @@ class CertListPage extends BaseListPage {

  newCert() {
    const randomName = Setting.getRandomName();
+    const owner = Setting.isDefaultOrganizationSelected(this.props.account) ? this.state.owner : Setting.getRequestOrganization(this.props.account);
    return {
-      owner: this.state.owner,
+      owner: owner,
      name: `cert_${randomName}`,
      createdTime: moment().format(),
      displayName: `New Cert - ${randomName}`,
@@ -149,6 +151,7 @@ class CertListPage extends BaseListPage {
        filterMultiple: false,
        filters: [
          {text: "x509", value: "x509"},
+          {text: "Payment", value: "Payment"},
        ],
        width: "110px",
        sorter: true,
@@ -211,7 +214,7 @@ class CertListPage extends BaseListPage {

    return (
      <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={certs} rowKey="name" size="middle" bordered pagination={paginationProps}
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={certs} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
          title={() => (
            <div>
              {i18next.t("general:Certs")}&nbsp;&nbsp;&nbsp;&nbsp;
@@ -236,8 +239,8 @@ class CertListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    (Setting.isAdminUser(this.props.account) ? CertBackend.getGlobleCerts(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
-      : CertBackend.getCerts(this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
+    (Setting.isDefaultOrganizationSelected(this.props.account) ? CertBackend.getGlobleCerts(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      : CertBackend.getCerts(Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/ChatListPage.js
+++ b/web/src/ChatListPage.js
@@ -25,12 +25,13 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class ChatListPage extends BaseListPage {
  newChat() {
    const randomName = Setting.getRandomName();
+    const organizationName = Setting.getRequestOrganization(this.props.account);
    return {
      owner: "admin", // this.props.account.applicationName,
      name: `chat_${randomName}`,
      createdTime: moment().format(),
      updatedTime: moment().format(),
-      organization: this.props.account.owner,
+      organization: organizationName,
      displayName: `New Chat - ${randomName}`,
      type: "Single",
      category: "Chat Category - 1",
--- a/web/src/Conf.js
+++ b/web/src/Conf.js
@@ -1,34 +1,34 @@
-// Copyright 2021 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-export const ShowGithubCorner = false;
-export const GithubRepo = "https://github.com/casdoor/casdoor";
-export const IsDemoMode = false;
-
-export const ForceLanguage = "";
-export const DefaultLanguage = "en";
-
-export const EnableExtraPages = true;
-
-export const EnableChatPages = true;
-
-export const InitThemeAlgorithm = true;
-export const ThemeDefault = {
-  themeType: "default",
-  colorPrimary: "#5734d3",
-  borderRadius: 6,
-  isCompact: false,
-};
-
-export const CustomFooter = null;
+// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+export const DefaultApplication = "app-built-in";
+
+export const ShowGithubCorner = false;
+export const IsDemoMode = false;
+
+export const ForceLanguage = "";
+export const DefaultLanguage = "en";
+
+export const EnableExtraPages = true;
+export const EnableChatPages = true;
+
+export const InitThemeAlgorithm = true;
+export const ThemeDefault = {
+  themeType: "default",
+  colorPrimary: "#5734d3",
+  borderRadius: 6,
+  isCompact: false,
+};
+
+export const CustomFooter = null;
--- a/web/src/EntryPage.js
+++ b/web/src/EntryPage.js
@@ -41,7 +41,7 @@ class EntryPage extends React.Component {

  renderHomeIfLoggedIn(component) {
    if (this.props.account !== null && this.props.account !== undefined) {
-      return <Redirect to="/" />;
+      return <Redirect to={{pathname: "/", state: {from: "/login"}}} />;
    } else {
      return component;
    }
--- a/web/src/GroupList.js
+++ b/web/src/GroupList.js
@@ -49,8 +49,9 @@ class GroupListPage extends BaseListPage {

  newGroup() {
    const randomName = Setting.getRandomName();
+    const owner = Setting.getRequestOrganization(this.props.account);
    return {
-      owner: this.props.account.owner,
+      owner: owner,
      name: `group_${randomName}`,
      createdTime: moment().format(),
      updatedTime: moment().format(),
@@ -251,7 +252,7 @@ class GroupListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    GroupBackend.getGroups(this.state.owner, false, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    GroupBackend.getGroups(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), false, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/MessageListPage.js
+++ b/web/src/MessageListPage.js
@@ -25,11 +25,12 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class MessageListPage extends BaseListPage {
  newMessage() {
    const randomName = Setting.getRandomName();
+    const organizationName = Setting.getRequestOrganization(this.props.account);
    return {
      owner: "admin", // this.props.account.messagename,
      name: `message_${randomName}`,
      createdTime: moment().format(),
-      organization: this.props.account.owner,
+      organization: organizationName,
      chat: "",
      replyTo: "",
      author: `${this.props.account.owner}/${this.props.account.name}`,
@@ -208,7 +209,7 @@ class MessageListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    MessageBackend.getMessages("admin", Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    MessageBackend.getMessages("admin", Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/ModelListPage.js
+++ b/web/src/ModelListPage.js
@@ -40,8 +40,9 @@ m = g(r.sub, p.sub) && r.obj == p.obj && r.act == p.act`;
 class ModelListPage extends BaseListPage {
  newModel() {
    const randomName = Setting.getRandomName();
+    const owner = Setting.getRequestOrganization(this.props.account);
    return {
-      owner: this.props.account.owner,
+      owner: owner,
      name: `model_${randomName}`,
      createdTime: moment().format(),
      displayName: `New Model - ${randomName}`,
@@ -202,7 +203,7 @@ class ModelListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    ModelBackend.getModels(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    ModelBackend.getModels(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/OrganizationEditPage.js
+++ b/web/src/OrganizationEditPage.js
@@ -427,6 +427,7 @@ class OrganizationEditPage extends React.Component {
          this.setState({
            organizationName: this.state.organization.name,
          });
+          window.dispatchEvent(new Event("storageOrganizationsChanged"));

          if (willExist) {
            this.props.history.push("/organizations");
@@ -448,6 +449,7 @@ class OrganizationEditPage extends React.Component {
      .then((res) => {
        if (res.status === "ok") {
          this.props.history.push("/organizations");
+          window.dispatchEvent(new Event("storageOrganizationsChanged"));
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
        }
--- a/web/src/OrganizationListPage.js
+++ b/web/src/OrganizationListPage.js
@@ -35,7 +35,7 @@ class OrganizationListPage extends BaseListPage {
      passwordType: "plain",
      PasswordSalt: "",
      passwordOptions: [],
-      countryCodes: ["CN"],
+      countryCodes: ["US"],
      defaultAvatar: `${Setting.StaticBaseUrl}/img/casbin.svg`,
      defaultApplication: "",
      tags: [],
@@ -53,25 +53,40 @@ class OrganizationListPage extends BaseListPage {
        {name: "Password", visible: true, viewRule: "Self", modifyRule: "Self"},
        {name: "Email", visible: true, viewRule: "Public", modifyRule: "Self"},
        {name: "Phone", visible: true, viewRule: "Public", modifyRule: "Self"},
+        {name: "Country code", visible: true, viewRule: "Public", modifyRule: "Self"},
        {name: "Country/Region", visible: true, viewRule: "Public", modifyRule: "Self"},
        {name: "Location", visible: true, viewRule: "Public", modifyRule: "Self"},
+        {name: "Address", visible: true, viewRule: "Public", modifyRule: "Self"},
        {name: "Affiliation", visible: true, viewRule: "Public", modifyRule: "Self"},
        {name: "Title", visible: true, viewRule: "Public", modifyRule: "Self"},
+        {name: "ID card type", visible: true, viewRule: "Public", modifyRule: "Self"},
+        {name: "ID card", visible: true, viewRule: "Public", modifyRule: "Self"},
+        {name: "ID card info", visible: true, viewRule: "Public", modifyRule: "Self"},
        {name: "Homepage", visible: true, viewRule: "Public", modifyRule: "Self"},
        {name: "Bio", visible: true, viewRule: "Public", modifyRule: "Self"},
        {name: "Tag", visible: true, viewRule: "Public", modifyRule: "Admin"},
+        {name: "Language", visible: true, viewRule: "Public", modifyRule: "Admin"},
+        {name: "Gender", visible: true, viewRule: "Public", modifyRule: "Admin"},
+        {name: "Birthday", visible: true, viewRule: "Public", modifyRule: "Admin"},
+        {name: "Education", visible: true, viewRule: "Public", modifyRule: "Admin"},
+        {name: "Score", visible: true, viewRule: "Public", modifyRule: "Admin"},
+        {name: "Karma", visible: true, viewRule: "Public", modifyRule: "Admin"},
+        {name: "Ranking", visible: true, viewRule: "Public", modifyRule: "Admin"},
        {name: "Signup application", visible: true, viewRule: "Public", modifyRule: "Admin"},
-        {name: "API key", label: i18next.t("general:API key")},
+        {name: "API key", label: i18next.t("general:API key"), modifyRule: "Self"},
+        {name: "Groups", visible: true, viewRule: "Public", modifyRule: "Admin"},
        {name: "Roles", visible: true, viewRule: "Public", modifyRule: "Immutable"},
        {name: "Permissions", visible: true, viewRule: "Public", modifyRule: "Immutable"},
-        {name: "Groups", visible: true, viewRule: "Public", modifyRule: "Immutable"},
        {name: "3rd-party logins", visible: true, viewRule: "Self", modifyRule: "Self"},
-        {Name: "Multi-factor authentication", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
        {name: "Properties", visible: false, viewRule: "Admin", modifyRule: "Admin"},
+        {name: "Is online", visible: true, viewRule: "Admin", modifyRule: "Admin"},
        {name: "Is admin", visible: true, viewRule: "Admin", modifyRule: "Admin"},
        {name: "Is global admin", visible: true, viewRule: "Admin", modifyRule: "Admin"},
        {name: "Is forbidden", visible: true, viewRule: "Admin", modifyRule: "Admin"},
        {name: "Is deleted", visible: true, viewRule: "Admin", modifyRule: "Admin"},
+        {Name: "Multi-factor authentication", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
+        {Name: "WebAuthn credentials", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
+        {Name: "Managed accounts", Visible: true, ViewRule: "Self", ModifyRule: "Self"},
      ],
    };
  }
@@ -83,6 +98,7 @@ class OrganizationListPage extends BaseListPage {
        if (res.status === "ok") {
          this.props.history.push({pathname: `/organizations/${newOrganization.name}`, mode: "add"});
          Setting.showMessage("success", i18next.t("general:Successfully added"));
+          window.dispatchEvent(new Event("storageOrganizationsChanged"));
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to add")}: ${res.msg}`);
        }
@@ -99,8 +115,11 @@ class OrganizationListPage extends BaseListPage {
          Setting.showMessage("success", i18next.t("general:Successfully deleted"));
          this.setState({
            data: Setting.deleteRow(this.state.data, i),
-            pagination: {total: this.state.pagination.total - 1},
+            pagination: {
+              ...this.state.pagination,
+              total: this.state.pagination.total - 1},
          });
+          window.dispatchEvent(new Event("storageOrganizationsChanged"));
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to delete")}: ${res.msg}`);
        }
@@ -275,7 +294,7 @@ class OrganizationListPage extends BaseListPage {
      value = params.passwordType;
    }
    this.setState({loading: true});
-    OrganizationBackend.getOrganizations("admin", params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    OrganizationBackend.getOrganizations("admin", Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/PaymentListPage.js
+++ b/web/src/PaymentListPage.js
@@ -26,6 +26,7 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class PaymentListPage extends BaseListPage {
  newPayment() {
    const randomName = Setting.getRandomName();
+    const organizationName = Setting.getRequestOrganization(this.props.account);
    return {
      owner: "admin",
      name: `payment_${randomName}`,
@@ -33,7 +34,7 @@ class PaymentListPage extends BaseListPage {
      displayName: `New Payment - ${randomName}`,
      provider: "provider_pay_paypal",
      type: "PayPal",
-      organization: this.props.account.owner,
+      organization: organizationName,
      user: "admin",
      productName: "computer-1",
      productDisplayName: "A notebook computer",
@@ -265,7 +266,7 @@ class PaymentListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    PaymentBackend.getPayments("admin", Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    PaymentBackend.getPayments("admin", Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/PermissionListPage.js
+++ b/web/src/PermissionListPage.js
@@ -26,8 +26,9 @@ import {UploadOutlined} from "@ant-design/icons";
 class PermissionListPage extends BaseListPage {
  newPermission() {
    const randomName = Setting.getRandomName();
+    const owner = Setting.getRequestOrganization(this.props.account);
    return {
-      owner: this.props.account.owner,
+      owner: owner,
      name: `permission_${randomName}`,
      createdTime: moment().format(),
      displayName: `New Permission - ${randomName}`,
@@ -383,7 +384,7 @@ class PermissionListPage extends BaseListPage {
    this.setState({loading: true});

    const getPermissions = Setting.isLocalAdminUser(this.props.account) ? PermissionBackend.getPermissions : PermissionBackend.getPermissionsBySubmitter;
-    getPermissions(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    getPermissions(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/PlanListPage.js
+++ b/web/src/PlanListPage.js
@@ -25,8 +25,7 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class PlanListPage extends BaseListPage {
  newPlan() {
    const randomName = Setting.getRandomName();
-    const owner = (this.state.organizationName !== undefined) ? this.state.organizationName : this.props.account.owner;
-
+    const owner = Setting.getRequestOrganization(this.props.account);
    return {
      owner: owner,
      name: `plan_${randomName}`,
@@ -197,7 +196,7 @@ class PlanListPage extends BaseListPage {

    return (
      <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={plans} rowKey="name" size="middle" bordered pagination={paginationProps}
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={plans} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
          title={() => (
            <div>
              {i18next.t("general:Plans")}&nbsp;&nbsp;&nbsp;&nbsp;
@@ -219,7 +218,7 @@ class PlanListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    PlanBackend.getPlans(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    PlanBackend.getPlans(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/PricingListPage.js
+++ b/web/src/PricingListPage.js
@@ -25,8 +25,7 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class PricingListPage extends BaseListPage {
  newPricing() {
    const randomName = Setting.getRandomName();
-    const owner = (this.state.organizationName !== undefined) ? this.state.organizationName : this.props.account.owner;
-
+    const owner = Setting.getRequestOrganization(this.props.account);
    return {
      owner: owner,
      name: `pricing_${randomName}`,
@@ -166,7 +165,7 @@ class PricingListPage extends BaseListPage {

    return (
      <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={pricings} rowKey="name" size="middle" bordered pagination={paginationProps}
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={pricings} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
          title={() => (
            <div>
              {i18next.t("general:Pricings")}&nbsp;&nbsp;&nbsp;&nbsp;
@@ -188,7 +187,7 @@ class PricingListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    PricingBackend.getPricings(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    PricingBackend.getPricings(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/ProductEditPage.js
+++ b/web/src/ProductEditPage.js
@@ -20,6 +20,7 @@ import i18next from "i18next";
 import {LinkOutlined} from "@ant-design/icons";
 import * as ProviderBackend from "./backend/ProviderBackend";
 import ProductBuyPage from "./ProductBuyPage";
+import * as OrganizationBackend from "./backend/OrganizationBackend";

 const {Option} = Select;

@@ -39,11 +40,12 @@ class ProductEditPage extends React.Component {

  UNSAFE_componentWillMount() {
    this.getProduct();
+    this.getOrganizations();
    this.getPaymentProviders();
  }

  getProduct() {
-    ProductBackend.getProduct(this.props.account.owner, this.state.productName)
+    ProductBackend.getProduct(this.state.organizationName, this.state.productName)
      .then((product) => {
        if (product === null) {
          this.props.history.push("/404");
@@ -56,6 +58,15 @@ class ProductEditPage extends React.Component {
      });
  }

+  getOrganizations() {
+    OrganizationBackend.getOrganizations("admin")
+      .then((res) => {
+        this.setState({
+          organizations: (res.msg === undefined) ? res : [],
+        });
+      });
+  }
+
  getPaymentProviders() {
    ProviderBackend.getProviders(this.props.account.owner)
      .then((res) => {
@@ -312,7 +323,7 @@ class ProductEditPage extends React.Component {
          if (willExist) {
            this.props.history.push("/products");
          } else {
-            this.props.history.push(`/products/${this.state.product.name}`);
+            this.props.history.push(`/products/${this.state.product.owner}/${this.state.product.name}`);
          }
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);
--- a/web/src/ProductListPage.js
+++ b/web/src/ProductListPage.js
@@ -26,8 +26,9 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class ProductListPage extends BaseListPage {
  newProduct() {
    const randomName = Setting.getRandomName();
+    const owner = Setting.getRequestOrganization(this.props.account);
    return {
-      owner: this.props.account.owner,
+      owner: owner,
      name: `product_${randomName}`,
      createdTime: moment().format(),
      displayName: `New Product - ${randomName}`,
@@ -47,7 +48,7 @@ class ProductListPage extends BaseListPage {
    ProductBackend.addProduct(newProduct)
      .then((res) => {
        if (res.status === "ok") {
-          this.props.history.push({pathname: `/products/${newProduct.name}`, mode: "add"});
+          this.props.history.push({pathname: `/products/${newProduct.owner}/${newProduct.name}`, mode: "add"});
          Setting.showMessage("success", i18next.t("general:Successfully added"));
        } else {
          Setting.showMessage("error", `${i18next.t("general:Failed to add")}: ${res.msg}`);
@@ -88,7 +89,7 @@ class ProductListPage extends BaseListPage {
        ...this.getColumnSearchProps("name"),
        render: (text, record, index) => {
          return (
-            <Link to={`/products/${text}`}>
+            <Link to={`/products/${record.owner}/${text}`}>
              {text}
            </Link>
          );
@@ -201,7 +202,7 @@ class ProductListPage extends BaseListPage {
                size="small"
                locale={{emptyText: " "}}
                dataSource={providers}
-                renderItem={(providerName, i) => {
+                renderItem={(providerName, record, i) => {
                  return (
                    <List.Item>
                      <div style={{display: "inline"}}>
@@ -247,7 +248,7 @@ class ProductListPage extends BaseListPage {
          return (
            <div>
              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} onClick={() => this.props.history.push(`/products/${record.name}/buy`)}>{i18next.t("product:Buy")}</Button>
-              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/products/${record.name}`)}>{i18next.t("general:Edit")}</Button>
+              <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/products/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
              <PopconfirmModal
                title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
                onConfirm={() => this.deleteProduct(index)}
@@ -268,7 +269,7 @@ class ProductListPage extends BaseListPage {

    return (
      <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={products} rowKey="name" size="middle" bordered pagination={paginationProps}
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={products} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
          title={() => (
            <div>
              {i18next.t("general:Products")}&nbsp;&nbsp;&nbsp;&nbsp;
@@ -290,7 +291,7 @@ class ProductListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    ProductBackend.getProducts(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    ProductBackend.getProducts(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/ProviderEditPage.js
+++ b/web/src/ProviderEditPage.js
@@ -56,8 +56,10 @@ class ProviderEditPage extends React.Component {
        }

        if (res.status === "ok") {
+          const provider = res.data;
+          provider.userMapping = provider.userMapping || {};
          this.setState({
-            provider: res.data,
+            provider: provider,
          });
        } else {
          Setting.showMessage("error", res.msg);
@@ -93,6 +95,40 @@ class ProviderEditPage extends React.Component {
    });
  }

+  updateUserMappingField(key, value) {
+    const provider = this.state.provider;
+    provider.userMapping[key] = value;
+    this.setState({
+      provider: provider,
+    });
+  }
+
+  renderUserMappingInput() {
+    return (
+      <React.Fragment>
+        {Setting.getLabel(i18next.t("general:ID"), i18next.t("general:ID - Tooltip"))} :
+        <Input value={this.state.provider.userMapping.id} onChange={e => {
+          this.updateUserMappingField("id", e.target.value);
+        }} />
+        {Setting.getLabel(i18next.t("signup:Username"), i18next.t("signup:Username - Tooltip"))} :
+        <Input value={this.state.provider.userMapping.username} onChange={e => {
+          this.updateUserMappingField("username", e.target.value);
+        }} />
+        {Setting.getLabel(i18next.t("general:Display name"), i18next.t("general:Display name - Tooltip"))} :
+        <Input value={this.state.provider.userMapping.displayName} onChange={e => {
+          this.updateUserMappingField("displayName", e.target.value);
+        }} />
+        {Setting.getLabel(i18next.t("general:Email"), i18next.t("general:Email - Tooltip"))} :
+        <Input value={this.state.provider.userMapping.email} onChange={e => {
+          this.updateUserMappingField("email", e.target.value);
+        }} />
+        {Setting.getLabel(i18next.t("general:Avatar"), i18next.t("general:Avatar - Tooltip"))} :
+        <Input value={this.state.provider.userMapping.avatarUrl} onChange={e => {
+          this.updateUserMappingField("avatarUrl", e.target.value);
+        }} />
+      </React.Fragment>
+    );
+  }
  getClientIdLabel(provider) {
    switch (provider.category) {
    case "Email":
@@ -200,7 +236,10 @@ class ProviderEditPage extends React.Component {
        tooltip = i18next.t("provider:Agent ID - Tooltip");
      }
    } else if (provider.category === "SMS") {
-      if (provider.type === "Tencent Cloud SMS") {
+      if (provider.type === "Twilio SMS") {
+        text = i18next.t("provider:Sender number");
+        tooltip = i18next.t("provider:Sender number - Tooltip");
+      } else if (provider.type === "Tencent Cloud SMS") {
        text = i18next.t("provider:App ID");
        tooltip = i18next.t("provider:App ID - Tooltip");
      } else if (provider.type === "Volc Engine SMS") {
@@ -350,7 +389,7 @@ class ProviderEditPage extends React.Component {
              }
              if (value === "Custom") {
                this.updateProviderField("customAuthUrl", "https://door.casdoor.com/login/oauth/authorize");
-                this.updateProviderField("customScope", "openid profile email");
+                this.updateProviderField("scopes", "openid profile email");
                this.updateProviderField("customTokenUrl", "https://door.casdoor.com/api/login/oauth/access_token");
                this.updateProviderField("customUserInfoUrl", "https://door.casdoor.com/api/userinfo");
              }
@@ -416,16 +455,6 @@ class ProviderEditPage extends React.Component {
                  }} />
                </Col>
              </Row>
-              <Row style={{marginTop: "20px"}} >
-                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-                  {Setting.getLabel(i18next.t("provider:Scope"), i18next.t("provider:Scope - Tooltip"))}
-                </Col>
-                <Col span={22} >
-                  <Input value={this.state.provider.customScope} onChange={e => {
-                    this.updateProviderField("customScope", e.target.value);
-                  }} />
-                </Col>
-              </Row>
              <Row style={{marginTop: "20px"}} >
                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
                  {Setting.getLabel(i18next.t("provider:Token URL"), i18next.t("provider:Token URL - Tooltip"))}
@@ -436,6 +465,16 @@ class ProviderEditPage extends React.Component {
                  }} />
                </Col>
              </Row>
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("provider:Scope"), i18next.t("provider:Scope - Tooltip"))}
+                </Col>
+                <Col span={22} >
+                  <Input value={this.state.provider.scopes} onChange={e => {
+                    this.updateProviderField("scopes", e.target.value);
+                  }} />
+                </Col>
+              </Row>
              <Row style={{marginTop: "20px"}} >
                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
                  {Setting.getLabel(i18next.t("provider:UserInfo URL"), i18next.t("provider:UserInfo URL - Tooltip"))}
@@ -446,6 +485,14 @@ class ProviderEditPage extends React.Component {
                  }} />
                </Col>
              </Row>
+              <Row style={{marginTop: "20px"}} >
+                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                  {Setting.getLabel(i18next.t("provider:User mapping"), i18next.t("provider:User mapping - Tooltip"))} :
+                </Col>
+                <Col span={22} >
+                  {this.renderUserMappingInput()}
+                </Col>
+              </Row>
              <Row style={{marginTop: "20px"}} >
                <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
                  {Setting.getLabel(i18next.t("general:Favicon"), i18next.t("general:Favicon - Tooltip"))} :
@@ -630,6 +677,7 @@ class ProviderEditPage extends React.Component {
            ) : null}
          </div>
        ) : null}
+        {this.getAppIdRow(this.state.provider)}
        {
          this.state.provider.category === "Email" ? (
            <React.Fragment>
@@ -875,7 +923,6 @@ class ProviderEditPage extends React.Component {
            </Row>
          ) : null
        }
-        {this.getAppIdRow(this.state.provider)}
        <Row style={{marginTop: "20px"}} >
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("provider:Provider URL"), i18next.t("provider:Provider URL - Tooltip"))} :
--- a/web/src/ProviderListPage.js
+++ b/web/src/ProviderListPage.js
@@ -29,6 +29,7 @@ class ProviderListPage extends BaseListPage {
  }

  componentDidMount() {
+    super.componentDidMount();
    this.setState({
      owner: Setting.isAdminUser(this.props.account) ? "admin" : this.props.account.owner,
    });
@@ -36,8 +37,9 @@ class ProviderListPage extends BaseListPage {

  newProvider() {
    const randomName = Setting.getRandomName();
+    const owner = Setting.isDefaultOrganizationSelected(this.props.account) ? this.state.owner : Setting.getRequestOrganization();
    return {
-      owner: this.state.owner,
+      owner: owner,
      name: `provider_${randomName}`,
      createdTime: moment().format(),
      displayName: `New Provider - ${randomName}`,
@@ -256,8 +258,8 @@ class ProviderListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    (Setting.isAdminUser(this.props.account) ? ProviderBackend.getGlobalProviders(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
-      : ProviderBackend.getProviders(this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
+    (Setting.isDefaultOrganizationSelected(this.props.account) ? ProviderBackend.getGlobalProviders(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+      : ProviderBackend.getProviders(Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/RecordListPage.js
+++ b/web/src/RecordListPage.js
@@ -209,7 +209,7 @@ class RecordListPage extends BaseListPage {
      value = params.method;
    }
    this.setState({loading: true});
-    RecordBackend.getRecords(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    RecordBackend.getRecords(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/ResourceListPage.js
+++ b/web/src/ResourceListPage.js
@@ -309,7 +309,7 @@ class ResourceListPage extends BaseListPage {
    const field = params.searchedColumn, value = params.searchText;
    const sortField = params.sortField, sortOrder = params.sortOrder;
    this.setState({loading: true});
-    ResourceBackend.getResources(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, this.props.account.name, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    ResourceBackend.getResources(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), this.props.account.name, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/RoleListPage.js
+++ b/web/src/RoleListPage.js
@@ -26,8 +26,9 @@ import {UploadOutlined} from "@ant-design/icons";
 class RoleListPage extends BaseListPage {
  newRole() {
    const randomName = Setting.getRandomName();
+    const owner = Setting.getRequestOrganization(this.props.account);
    return {
-      owner: this.props.account.owner,
+      owner: owner,
      name: `role_${randomName}`,
      createdTime: moment().format(),
      displayName: `New Role - ${randomName}`,
@@ -258,7 +259,7 @@ class RoleListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    RoleBackend.getRoles(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    RoleBackend.getRoles(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/SessionListPage.js
+++ b/web/src/SessionListPage.js
@@ -22,7 +22,6 @@ import * as SessionBackend from "./backend/SessionBackend";
 import PopconfirmModal from "./common/modal/PopconfirmModal";

 class SessionListPage extends BaseListPage {
-
  deleteSession(i) {
    SessionBackend.deleteSession(this.state.data[i])
      .then((res) => {
@@ -134,7 +133,7 @@ class SessionListPage extends BaseListPage {
      value = params.contentType;
    }
    this.setState({loading: true});
-    SessionBackend.getSessions(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    SessionBackend.getSessions(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/Setting.js
+++ b/web/src/Setting.js
@@ -34,10 +34,10 @@ export const ServerUrl = "";
 export const StaticBaseUrl = "https://cdn.casbin.org";

 export const Countries = [{label: "English", key: "en", country: "US", alt: "English"},
-  {label: "中文", key: "zh", country: "CN", alt: "中文"},
  {label: "Español", key: "es", country: "ES", alt: "Español"},
  {label: "Français", key: "fr", country: "FR", alt: "Français"},
  {label: "Deutsch", key: "de", country: "DE", alt: "Deutsch"},
+  {label: "中文", key: "zh", country: "CN", alt: "中文"},
  {label: "Indonesia", key: "id", country: "ID", alt: "Indonesia"},
  {label: "日本語", key: "ja", country: "JP", alt: "日本語"},
  {label: "한국어", key: "ko", country: "KR", alt: "한국어"},
@@ -482,6 +482,26 @@ export function isPromptAnswered(user, application) {
  return true;
 }

+export const MfaRuleRequired = "Required";
+export const MfaRulePrompted = "Prompted";
+export const MfaRuleOptional = "Optional";
+
+export function isRequiredEnableMfa(user, organization) {
+  if (!user || !organization || !organization.mfaItems) {
+    return false;
+  }
+  return getMfaItemsByRules(user, organization, [MfaRuleRequired]).length > 0;
+}
+
+export function getMfaItemsByRules(user, organization, mfaRules = []) {
+  if (!user || !organization || !organization.mfaItems) {
+    return [];
+  }
+
+  return organization.mfaItems.filter((mfaItem) => mfaRules.includes(mfaItem.rule))
+    .filter((mfaItem) => user.multiFactorAuths.some((mfa) => mfa.mfaType === mfaItem.name && !mfa.enabled));
+}
+
 export function parseObject(s) {
  try {
    return eval("(" + s + ")");
@@ -1164,3 +1184,27 @@ export function inIframe() {
    return true;
  }
 }
+
+export function getOrganization() {
+  const organization = localStorage.getItem("organization");
+  return organization !== null ? organization : "All";
+}
+
+export function setOrganization(organization) {
+  localStorage.setItem("organization", organization);
+  window.dispatchEvent(new Event("storageOrganizationChanged"));
+}
+
+export function getRequestOrganization(account) {
+  if (isAdminUser(account)) {
+    return getOrganization() === "All" ? account.owner : getOrganization();
+  }
+  return account.owner;
+}
+
+export function isDefaultOrganizationSelected(account) {
+  if (isAdminUser(account)) {
+    return getOrganization() === "All";
+  }
+  return false;
+}
--- a/web/src/SubscriptionListPage.js
+++ b/web/src/SubscriptionListPage.js
@@ -25,7 +25,7 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class SubscriptionListPage extends BaseListPage {
  newSubscription() {
    const randomName = Setting.getRandomName();
-    const owner = (this.state.organizationName !== undefined) ? this.state.organizationName : this.props.account.owner;
+    const owner = Setting.getRequestOrganization(this.props.account);
    const defaultDuration = 365;

    return {
@@ -215,7 +215,7 @@ class SubscriptionListPage extends BaseListPage {

    return (
      <div>
-        <Table scroll={{x: "max-content"}} columns={columns} dataSource={subscriptions} rowKey="name" size="middle" bordered pagination={paginationProps}
+        <Table scroll={{x: "max-content"}} columns={columns} dataSource={subscriptions} rowKey={(record) => `${record.owner}/${record.name}`} size="middle" bordered pagination={paginationProps}
          title={() => (
            <div>
              {i18next.t("general:Subscriptions")}&nbsp;&nbsp;&nbsp;&nbsp;
@@ -237,7 +237,7 @@ class SubscriptionListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    SubscriptionBackend.getSubscriptions(Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    SubscriptionBackend.getSubscriptions(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/SyncerListPage.js
+++ b/web/src/SyncerListPage.js
@@ -25,11 +25,12 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class SyncerListPage extends BaseListPage {
  newSyncer() {
    const randomName = Setting.getRandomName();
+    const organizationName = Setting.getRequestOrganization(this.props.account);
    return {
      owner: "admin",
      name: `syncer_${randomName}`,
      createdTime: moment().format(),
-      organization: this.props.account.owner,
+      organization: organizationName,
      type: "Database",
      host: "localhost",
      port: 3306,
@@ -276,7 +277,7 @@ class SyncerListPage extends BaseListPage {
      value = params.type;
    }
    this.setState({loading: true});
-    SyncerBackend.getSyncers("admin", Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    SyncerBackend.getSyncers("admin", Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/TokenListPage.js
+++ b/web/src/TokenListPage.js
@@ -25,12 +25,13 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class TokenListPage extends BaseListPage {
  newToken() {
    const randomName = Setting.getRandomName();
+    const organizationName = Setting.getRequestOrganization(this.props.account);
    return {
      owner: "admin", // this.props.account.tokenname,
      name: `token_${randomName}`,
      createdTime: moment().format(),
      application: "app-built-in",
-      organization: this.props.account.owner,
+      organization: organizationName,
      user: "admin",
      accessToken: "",
      expiresIn: 7200,
@@ -240,7 +241,7 @@ class TokenListPage extends BaseListPage {
    const field = params.searchedColumn, value = params.searchText;
    const sortField = params.sortField, sortOrder = params.sortOrder;
    this.setState({loading: true});
-    TokenBackend.getTokens("admin", Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    TokenBackend.getTokens("admin", Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/UserEditPage.js
+++ b/web/src/UserEditPage.js
@@ -14,6 +14,7 @@

 import React from "react";
 import {Button, Card, Col, Input, InputNumber, List, Result, Row, Select, Space, Spin, Switch, Tag} from "antd";
+import {withRouter} from "react-router-dom";
 import * as GroupBackend from "./backend/GroupBackend";
 import * as UserBackend from "./backend/UserBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
@@ -53,6 +54,7 @@ class UserEditPage extends React.Component {
      mode: props.location.mode !== undefined ? props.location.mode : "edit",
      loading: true,
      returnUrl: null,
+      idCardInfo: ["ID card front", "ID card back", "ID card with person"],
    };
  }

@@ -269,6 +271,12 @@ class UserEditPage extends React.Component {
      }
    }

+    if (accountItem.name === "ID card info" || accountItem.name === "ID card") {
+      if (this.state.user.properties?.isIdCardVerified === "true") {
+        disabled = true;
+      }
+    }
+
    let isKeysGenerated = false;
    if (this.state.user.accessKey !== "" && this.state.user.accessKey !== "") {
      isKeysGenerated = true;
@@ -365,20 +373,11 @@ class UserEditPage extends React.Component {
          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
            {Setting.getLabel(i18next.t("general:Avatar"), i18next.t("general:Avatar - Tooltip"))} :
          </Col>
-          <Col span={22} >
-            <Row style={{marginTop: "20px"}} >
-              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-                {i18next.t("general:Preview")}:
-              </Col>
-              <Col span={22} >
-                <a target="_blank" rel="noreferrer" href={this.state.user.avatar}>
-                  <img src={this.state.user.avatar} alt={this.state.user.avatar} height={90} style={{marginBottom: "20px"}} />
-                </a>
-              </Col>
-            </Row>
-            <Row style={{marginTop: "20px"}}>
-              <CropperDivModal buttonText={`${i18next.t("user:Upload a photo")}...`} title={i18next.t("user:Upload a photo")} user={this.state.user} organization={this.state.organizations.find(organization => organization.name === this.state.organizationName)} />
-            </Row>
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {i18next.t("general:Preview")}:
+          </Col>
+          <Col>
+            {this.renderImage(this.state.user.avatar, i18next.t("user:Upload a photo"), i18next.t("user:Set new profile picture"), "avatar", false)}
          </Col>
        </Row>
      );
@@ -536,12 +535,36 @@ class UserEditPage extends React.Component {
            {Setting.getLabel(i18next.t("user:ID card"), i18next.t("user:ID card - Tooltip"))} :
          </Col>
          <Col span={22} >
-            <Input value={this.state.user.idCard} onChange={e => {
+            <Input value={this.state.user.idCard} disabled={disabled} onChange={e => {
              this.updateUserField("idCard", e.target.value);
            }} />
          </Col>
        </Row>
      );
+    } else if (accountItem.name === "ID card info") {
+      return (
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("user:ID card info"), i18next.t("user:ID card info - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {i18next.t("general:Preview")}:
+              </Col>
+              {
+                [
+                  {name: "ID card front", value: "idCardFront"},
+                  {name: "ID card back", value: "idCardBack"},
+                  {name: "ID card with person", value: "idCardWithPerson"},
+                ].map((entry) => {
+                  return this.renderImage(this.state.user.properties[entry.value] || "", this.getIdCardType(entry.name), this.getIdCardText(entry.name), entry.value, disabled);
+                })
+              }
+            </Row>
+          </Col>
+        </Row>
+      );
    } else if (accountItem.name === "Homepage") {
      return (
        <Row style={{marginTop: "20px"}} >
@@ -900,7 +923,7 @@ class UserEditPage extends React.Component {
                          }
                        </Space>
                      ) : <Button type={"default"} onClick={() => {
-                        Setting.goToLink(`/mfa-authentication/setup?mfaType=${item.mfaType}`);
+                        this.props.history.push(`/mfa/setup?mfaType=${item.mfaType}`);
                      }}>
                        {i18next.t("mfa:Setup")}
                      </Button>}
@@ -942,6 +965,25 @@ class UserEditPage extends React.Component {
    }
  }

+  renderImage(imgUrl, title, set, tag, disabled) {
+    return (
+      <Col span={4} style={{textAlign: "center", margin: "auto"}} key={tag}>
+        {
+          imgUrl ?
+            <a target="_blank" rel="noreferrer" href={imgUrl} style={{marginBottom: "10px"}}>
+              <img src={imgUrl} alt={imgUrl} height={90} style={{marginBottom: "20px"}} />
+            </a>
+            :
+            <Col style={{height: "78%", border: "1px dotted grey", borderRadius: 3, marginBottom: 5}}>
+              <div style={{fontSize: 30, margin: 10}}>+</div>
+              <div style={{verticalAlign: "middle", marginBottom: 10}}>{`请上传${title}...`}</div>
+            </Col>
+        }
+        <CropperDivModal disabled={disabled} tag={tag} setTitle={set} buttonText={`${title}...`} title={title} user={this.state.user} organization={this.state.organizations.find(organization => organization.name === this.state.organizationName)} />
+      </Col>
+    );
+  }
+
  renderUser() {
    return (
      <Card size="small" title={
@@ -967,6 +1009,30 @@ class UserEditPage extends React.Component {
    );
  }

+  getIdCardType(key) {
+    if (key === "ID card front") {
+      return i18next.t("user:ID card front");
+    } else if (key === "ID card back") {
+      return i18next.t("user:ID card back");
+    } else if (key === "ID card with person") {
+      return i18next.t("user:ID card with person");
+    } else {
+      return "Unknown Id card name: " + key;
+    }
+  }
+
+  getIdCardText(key) {
+    if (key === "ID card front") {
+      return i18next.t("user:Upload ID card front picture");
+    } else if (key === "ID card back") {
+      return i18next.t("user:Upload ID card back picture");
+    } else if (key === "ID card with person") {
+      return i18next.t("user:Upload ID card with person picture");
+    } else {
+      return "Unknown Id card name: " + key;
+    }
+  }
+
  submitUserEdit(needExit) {
    const user = Setting.deepCopy(this.state.user);
    UserBackend.updateUser(this.state.organizationName, this.state.userName, user)
@@ -1053,4 +1119,4 @@ class UserEditPage extends React.Component {
  }
 }

-export default UserEditPage;
+export default withRouter(UserEditPage);
--- a/web/src/UserListPage.js
+++ b/web/src/UserListPage.js
@@ -61,7 +61,7 @@ class UserListPage extends BaseListPage {

  newUser() {
    const randomName = Setting.getRandomName();
-    const owner = this.state.organizationName;
+    const owner = Setting.isDefaultOrganizationSelected(this.props.account) ? this.state.organizationName : Setting.getRequestOrganization(this.props.account);
    return {
      owner: owner,
      name: `user_${randomName}`,
@@ -456,7 +456,7 @@ class UserListPage extends BaseListPage {
    const sortField = params.sortField, sortOrder = params.sortOrder;
    this.setState({loading: true});
    if (this.props.match?.path === "/users") {
-      (Setting.isAdminUser(this.props.account) ? UserBackend.getGlobalUsers(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder) : UserBackend.getUsers(this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
+      (Setting.isDefaultOrganizationSelected(this.props.account) ? UserBackend.getGlobalUsers(params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder) : UserBackend.getUsers(Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder))
        .then((res) => {
          this.setState({
            loading: false,
--- a/web/src/WebhookListPage.js
+++ b/web/src/WebhookListPage.js
@@ -25,11 +25,12 @@ import PopconfirmModal from "./common/modal/PopconfirmModal";
 class WebhookListPage extends BaseListPage {
  newWebhook() {
    const randomName = Setting.getRandomName();
+    const organizationName = Setting.getRequestOrganization(this.props.account);
    return {
      owner: "admin", // this.props.account.webhookname,
      name: `webhook_${randomName}`,
      createdTime: moment().format(),
-      organization: this.props.account.owner,
+      organization: organizationName,
      url: "https://example.com/callback",
      method: "POST",
      contentType: "application/json",
@@ -240,7 +241,7 @@ class WebhookListPage extends BaseListPage {
      value = params.contentType;
    }
    this.setState({loading: true});
-    WebhookBackend.getWebhooks("admin", Setting.isAdminUser(this.props.account) ? "" : this.props.account.owner, params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    WebhookBackend.getWebhooks("admin", Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
      .then((res) => {
        this.setState({
          loading: false,
--- a/web/src/auth/LoginPage.js
+++ b/web/src/auth/LoginPage.js
@@ -15,6 +15,7 @@
 import React from "react";
 import {Button, Checkbox, Col, Form, Input, Result, Row, Spin, Tabs} from "antd";
 import {ArrowLeftOutlined, LockOutlined, UserOutlined} from "@ant-design/icons";
+import {withRouter} from "react-router-dom";
 import * as UserWebauthnBackend from "../backend/UserWebauthnBackend";
 import OrganizationSelect from "../common/select/OrganizationSelect";
 import * as Conf from "../Conf";
@@ -34,7 +35,7 @@ import LanguageSelect from "../common/select/LanguageSelect";
 import {CaptchaModal} from "../common/modal/CaptchaModal";
 import {CaptchaRule} from "../common/modal/CaptchaModal";
 import RedirectForm from "../common/RedirectForm";
-import {MfaAuthVerifyForm, NextMfa, RequiredMfa} from "./MfaAuthVerifyForm";
+import {MfaAuthVerifyForm, NextMfa, RequiredMfa} from "./mfa/MfaAuthVerifyForm";

 class LoginPage extends React.Component {
  constructor(props) {
@@ -81,6 +82,10 @@ class LoginPage extends React.Component {
  }

  componentDidUpdate(prevProps, prevState, snapshot) {
+    if (prevState.loginMethod === undefined && this.state.loginMethod === undefined) {
+      const application = this.getApplicationObj();
+      this.setState({loginMethod: this.getDefaultLoginMethod(application)});
+    }
    if (prevProps.application !== this.props.application) {
      this.setState({loginMethod: this.getDefaultLoginMethod(this.props.application)});

@@ -179,6 +184,8 @@ class LoginPage extends React.Component {
          } else {
            this.onUpdateApplication(null);
            Setting.showMessage("error", res.msg);
+
+            this.props.history.push("/404");
          }
        });
    }
@@ -189,13 +196,13 @@ class LoginPage extends React.Component {
  }

  getDefaultLoginMethod(application) {
-    if (application.enablePassword) {
+    if (application?.enablePassword) {
      return "password";
    }
-    if (application.enableCodeSignin) {
+    if (application?.enableCodeSignin) {
      return "verificationCode";
    }
-    if (application.enableWebAuthn) {
+    if (application?.enableWebAuthn) {
      return "webAuthn";
    }

@@ -252,8 +259,13 @@ class LoginPage extends React.Component {
    const code = resp.data;
    const concatChar = oAuthParams?.redirectUri?.includes("?") ? "&" : "?";
    const noRedirect = oAuthParams.noRedirect;
+    const redirectUrl = `${oAuthParams.redirectUri}${concatChar}code=${code}&state=${oAuthParams.state}`;
+    if (resp.data === RequiredMfa) {
+      this.props.onLoginSuccess(window.location.href);
+      return;
+    }

-    if (Setting.hasPromptPage(application) || resp.msg === RequiredMfa) {
+    if (Setting.hasPromptPage(application)) {
      AuthBackend.getAccount()
        .then((res) => {
          if (res.status === "ok") {
@@ -261,13 +273,8 @@ class LoginPage extends React.Component {
            account.organization = res.data2;
            this.onUpdateAccount(account);

-            if (resp.msg === RequiredMfa) {
-              Setting.goToLink(`/prompt/${application.name}?redirectUri=${oAuthParams.redirectUri}&code=${code}&state=${oAuthParams.state}&promptType=mfa`);
-              return;
-            }
-
            if (Setting.isPromptAnswered(account, application)) {
-              Setting.goToLink(`${oAuthParams.redirectUri}${concatChar}code=${code}&state=${oAuthParams.state}`);
+              Setting.goToLink(redirectUrl);
            } else {
              Setting.goToLinkSoft(ths, `/prompt/${application.name}?redirectUri=${oAuthParams.redirectUri}&code=${code}&state=${oAuthParams.state}`);
            }
@@ -278,7 +285,7 @@ class LoginPage extends React.Component {
    } else {
      if (noRedirect === "true") {
        window.close();
-        const newWindow = window.open(`${oAuthParams.redirectUri}${concatChar}code=${code}&state=${oAuthParams.state}`);
+        const newWindow = window.open(redirectUrl);
        if (newWindow) {
          setInterval(() => {
            if (!newWindow.closed) {
@@ -287,7 +294,7 @@ class LoginPage extends React.Component {
          }, 1000);
        }
      } else {
-        Setting.goToLink(`${oAuthParams.redirectUri}${concatChar}code=${code}&state=${oAuthParams.state}`);
+        Setting.goToLink(redirectUrl);
        this.sendPopupData({type: "loginSuccess", data: {code: code, state: oAuthParams.state}}, oAuthParams.redirectUri);
      }
    }
@@ -353,20 +360,8 @@ class LoginPage extends React.Component {
            const responseType = values["type"];

            if (responseType === "login") {
-              if (res.msg === RequiredMfa) {
-                AuthBackend.getAccount().then((res) => {
-                  if (res.status === "ok") {
-                    const account = res.data;
-                    account.organization = res.data2;
-                    this.onUpdateAccount(account);
-                  }
-                });
-                Setting.goToLink(`/prompt/${this.getApplicationObj().name}?promptType=mfa`);
-              } else {
-                Setting.showMessage("success", i18next.t("application:Logged in successfully"));
-                const link = Setting.getFromLink();
-                Setting.goToLink(link);
-              }
+              Setting.showMessage("success", i18next.t("application:Logged in successfully"));
+              this.props.onLoginSuccess();
            } else if (responseType === "code") {
              this.postCodeLoginAction(res);
            } else if (responseType === "token" || responseType === "id_token") {
@@ -389,23 +384,25 @@ class LoginPage extends React.Component {
          };

          if (res.status === "ok") {
-            callback(res);
-          } else if (res.status === NextMfa) {
-            this.setState({
-              getVerifyTotp: () => {
-                return (
-                  <MfaAuthVerifyForm
-                    mfaProps={res.data}
-                    formValues={values}
-                    oAuthParams={oAuthParams}
-                    application={this.getApplicationObj()}
-                    onFail={() => {
-                      Setting.showMessage("error", i18next.t("mfa:Verification failed"));
-                    }}
-                    onSuccess={(res) => callback(res)}
-                  />);
-              },
-            });
+            if (res.data === NextMfa) {
+              this.setState({
+                getVerifyTotp: () => {
+                  return (
+                    <MfaAuthVerifyForm
+                      mfaProps={res.data2}
+                      formValues={values}
+                      oAuthParams={oAuthParams}
+                      application={this.getApplicationObj()}
+                      onFail={() => {
+                        Setting.showMessage("error", i18next.t("mfa:Verification failed"));
+                      }}
+                      onSuccess={(res) => callback(res)}
+                    />);
+                },
+              });
+            } else {
+              callback(res);
+            }
          } else {
            Setting.showMessage("error", `${i18next.t("application:Failed to sign in")}: ${res.msg}`);
          }
@@ -996,4 +993,4 @@ class LoginPage extends React.Component {
  }
 }

-export default LoginPage;
+export default withRouter(LoginPage);
--- a/web/src/auth/MfaSetupPage.js
+++ b/web/src/auth/MfaSetupPage.js
@@ -12,181 +12,55 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-import React, {useState} from "react";
-import {Button, Col, Form, Input, Result, Row, Steps} from "antd";
+import React from "react";
+import {Button, Col, Result, Row, Steps} from "antd";
+import {withRouter} from "react-router-dom";
 import * as ApplicationBackend from "../backend/ApplicationBackend";
 import * as Setting from "../Setting";
 import i18next from "i18next";
 import * as MfaBackend from "../backend/MfaBackend";
-import {CheckOutlined, KeyOutlined, LockOutlined, UserOutlined} from "@ant-design/icons";
-
-import * as UserBackend from "../backend/UserBackend";
-import {MfaSmsVerifyForm, MfaTotpVerifyForm, mfaSetup} from "./MfaVerifyForm";
+import {CheckOutlined, KeyOutlined, UserOutlined} from "@ant-design/icons";
+import CheckPasswordForm from "./mfa/CheckPasswordForm";
+import MfaEnableForm from "./mfa/MfaEnableForm";
+import {MfaVerifyForm} from "./mfa/MfaVerifyForm";

 export const EmailMfaType = "email";
 export const SmsMfaType = "sms";
 export const TotpMfaType = "app";
 export const RecoveryMfaType = "recovery";

-function CheckPasswordForm({user, onSuccess, onFail}) {
-  const [form] = Form.useForm();
-
-  const onFinish = ({password}) => {
-    const data = {...user, password};
-    UserBackend.checkUserPassword(data)
-      .then((res) => {
-        if (res.status === "ok") {
-          onSuccess(res);
-        } else {
-          onFail(res);
-        }
-      })
-      .finally(() => {
-        form.setFieldsValue({password: ""});
-      });
-  };
-
-  return (
-    <Form
-      form={form}
-      style={{width: "300px", marginTop: "20px"}}
-      onFinish={onFinish}
-    >
-      <Form.Item
-        name="password"
-        rules={[{required: true, message: i18next.t("login:Please input your password!")}]}
-      >
-        <Input.Password
-          prefix={<LockOutlined />}
-          placeholder={i18next.t("general:Password")}
-        />
-      </Form.Item>
-
-      <Form.Item>
-        <Button
-          style={{marginTop: 24}}
-          loading={false}
-          block
-          type="primary"
-          htmlType="submit"
-        >
-          {i18next.t("forget:Next Step")}
-        </Button>
-      </Form.Item>
-    </Form>
-  );
-}
-
-export function MfaVerifyForm({mfaProps, application, user, onSuccess, onFail}) {
-  const [form] = Form.useForm();
-
-  const onFinish = ({passcode}) => {
-    const data = {passcode, mfaType: mfaProps.mfaType, ...user};
-    MfaBackend.MfaSetupVerify(data)
-      .then((res) => {
-        if (res.status === "ok") {
-          onSuccess(res);
-        } else {
-          onFail(res);
-        }
-      })
-      .catch((error) => {
-        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
-      })
-      .finally(() => {
-        form.setFieldsValue({passcode: ""});
-      });
-  };
-
-  if (mfaProps === undefined || mfaProps === null) {
-    return <div></div>;
-  }
-
-  if (mfaProps.mfaType === SmsMfaType || mfaProps.mfaType === EmailMfaType) {
-    return <MfaSmsVerifyForm mfaProps={mfaProps} onFinish={onFinish} application={application} method={mfaSetup} user={user} />;
-  } else if (mfaProps.mfaType === TotpMfaType) {
-    return <MfaTotpVerifyForm mfaProps={mfaProps} onFinish={onFinish} />;
-  } else {
-    return <div></div>;
-  }
-}
-
-function EnableMfaForm({user, mfaType, recoveryCodes, onSuccess, onFail}) {
-  const [loading, setLoading] = useState(false);
-  const requestEnableTotp = () => {
-    const data = {
-      mfaType,
-      ...user,
-    };
-    setLoading(true);
-    MfaBackend.MfaSetupEnable(data).then(res => {
-      if (res.status === "ok") {
-        onSuccess(res);
-      } else {
-        onFail(res);
-      }
-    }
-    ).finally(() => {
-      setLoading(false);
-    });
-  };
-
-  return (
-    <div style={{width: "400px"}}>
-      <p>{i18next.t("mfa:Please save this recovery code. Once your device cannot provide an authentication code, you can reset mfa authentication by this recovery code")}</p>
-      <br />
-      <code style={{fontStyle: "solid"}}>{recoveryCodes[0]}</code>
-      <Button style={{marginTop: 24}} loading={loading} onClick={() => {
-        requestEnableTotp();
-      }} block type="primary">
-        {i18next.t("general:Enable")}
-      </Button>
-    </div>
-  );
-}
-
 class MfaSetupPage extends React.Component {
  constructor(props) {
    super(props);
+    const params = new URLSearchParams(props.location.search);
+    const {location} = this.props;
    this.state = {
      account: props.account,
-      application: this.props.application ?? null,
+      application: null,
      applicationName: props.account.signupApplication ?? "",
-      isAuthenticated: props.isAuthenticated ?? false,
-      isPromptPage: props.isPromptPage,
-      redirectUri: props.redirectUri,
-      current: props.current ?? 0,
-      mfaType: props.mfaType ?? new URLSearchParams(props.location?.search)?.get("mfaType") ?? SmsMfaType,
+      current: location.state?.from !== undefined ? 1 : 0,
      mfaProps: null,
+      mfaType: params.get("mfaType") ?? SmsMfaType,
+      isPromptPage: props.isPromptPage || location.state?.from !== undefined,
    };
  }

  componentDidMount() {
    this.getApplication();
+    if (this.state.current === 1) {
+      this.initMfaProps();
+    }
  }

  componentDidUpdate(prevProps, prevState, snapshot) {
-    if (this.state.isAuthenticated === true && (this.state.mfaProps === null || this.state.mfaType !== prevState.mfaType)) {
-      MfaBackend.MfaSetupInitiate({
-        mfaType: this.state.mfaType,
-        ...this.getUser(),
-      }).then((res) => {
-        if (res.status === "ok") {
-          this.setState({
-            mfaProps: res.data,
-          });
-        } else {
-          Setting.showMessage("error", i18next.t("mfa:Failed to initiate MFA"));
-        }
-      });
+    if (this.state.mfaType !== prevState.mfaType || this.state.current !== prevState.current) {
+      if (this.state.current === 1) {
+        this.initMfaProps();
+      }
    }
  }

  getApplication() {
-    if (this.state.application !== null) {
-      return;
-    }
-
    ApplicationBackend.getApplication("admin", this.state.applicationName)
      .then((res) => {
        if (res !== null) {
@@ -203,11 +77,75 @@ class MfaSetupPage extends React.Component {
      });
  }

+  initMfaProps() {
+    MfaBackend.MfaSetupInitiate({
+      mfaType: this.state.mfaType,
+      ...this.getUser(),
+    }).then((res) => {
+      if (res.status === "ok") {
+        this.setState({
+          mfaProps: res.data,
+        });
+      } else {
+        Setting.showMessage("error", i18next.t("mfa:Failed to initiate MFA"));
+      }
+    });
+  }
+
  getUser() {
-    return {
-      name: this.state.account.name,
-      owner: this.state.account.owner,
+    return this.props.account;
+  }
+
+  renderMfaTypeSwitch() {
+    const renderSmsLink = () => {
+      if (this.state.mfaType === SmsMfaType || this.props.account.mfaPhoneEnabled) {
+        return null;
+      }
+      return (<Button type={"link"} onClick={() => {
+        this.setState({
+          mfaType: SmsMfaType,
+        });
+        this.props.history.push(`/mfa/setup?mfaType=${SmsMfaType}`);
+      }
+      }>{i18next.t("mfa:Use SMS")}</Button>
+      );
    };
+
+    const renderEmailLink = () => {
+      if (this.state.mfaType === EmailMfaType || this.props.account.mfaEmailEnabled) {
+        return null;
+      }
+      return (<Button type={"link"} onClick={() => {
+        this.setState({
+          mfaType: EmailMfaType,
+        });
+        this.props.history.push(`/mfa/setup?mfaType=${EmailMfaType}`);
+      }
+      }>{i18next.t("mfa:Use Email")}</Button>
+      );
+    };
+
+    const renderTotpLink = () => {
+      if (this.state.mfaType === TotpMfaType || this.props.account.totpSecret !== "") {
+        return null;
+      }
+      return (<Button type={"link"} onClick={() => {
+        this.setState({
+          mfaType: TotpMfaType,
+        });
+        this.props.history.push(`/mfa/setup?mfaType=${TotpMfaType}`);
+      }
+      }>{i18next.t("mfa:Use Authenticator App")}</Button>
+      );
+    };
+
+    return !this.state.isPromptPage ? (
+      <React.Fragment>
+        {renderSmsLink()}
+        {renderEmailLink()}
+        {renderTotpLink()}
+      </React.Fragment>
+    ) : null;
  }

  renderStep() {
@@ -219,19 +157,14 @@ class MfaSetupPage extends React.Component {
          onSuccess={() => {
            this.setState({
              current: this.state.current + 1,
-              isAuthenticated: true,
            });
          }}
          onFail={(res) => {
-            Setting.showMessage("error", i18next.t("mfa:Failed to initiate MFA"));
+            Setting.showMessage("error", i18next.t("mfa:Failed to initiate MFA") + ": " + res.msg);
          }}
        />
      );
    case 1:
-      if (!this.state.isAuthenticated) {
-        return null;
-      }
-
      return (
        <div>
          <MfaVerifyForm
@@ -244,52 +177,25 @@ class MfaSetupPage extends React.Component {
              });
            }}
            onFail={(res) => {
-              Setting.showMessage("error", i18next.t("general:Failed to verify"));
+              Setting.showMessage("error", i18next.t("general:Failed to verify") + ": " + res.msg);
            }}
          />
          <Col span={24} style={{display: "flex", justifyContent: "left"}}>
-            {(this.state.mfaType === EmailMfaType || this.props.account.mfaEmailEnabled) ? null :
-              <Button type={"link"} onClick={() => {
-                this.setState({
-                  mfaType: EmailMfaType,
-                });
-              }
-              }>{i18next.t("mfa:Use Email")}</Button>
-            }
-            {
-              (this.state.mfaType === SmsMfaType || this.props.account.mfaPhoneEnabled) ? null :
-                <Button type={"link"} onClick={() => {
-                  this.setState({
-                    mfaType: SmsMfaType,
-                  });
-                }
-                }>{i18next.t("mfa:Use SMS")}</Button>
-            }
-            {
-              (this.state.mfaType === TotpMfaType) ? null :
-                <Button type={"link"} onClick={() => {
-                  this.setState({
-                    mfaType: TotpMfaType,
-                  });
-                }
-                }>{i18next.t("mfa:Use Authenticator App")}</Button>
-            }
+            {this.renderMfaTypeSwitch()}
          </Col>
        </div>
      );
    case 2:
-      if (!this.state.isAuthenticated) {
-        return null;
-      }
-
      return (
-        <EnableMfaForm user={this.getUser()} mfaType={this.state.mfaType} recoveryCodes={this.state.mfaProps.recoveryCodes}
+        <MfaEnableForm user={this.getUser()} mfaType={this.state.mfaType} recoveryCodes={this.state.mfaProps.recoveryCodes}
          onSuccess={() => {
            Setting.showMessage("success", i18next.t("general:Enabled successfully"));
-            if (this.state.isPromptPage && this.state.redirectUri) {
-              Setting.goToLink(this.state.redirectUri);
+            this.props.onfinish();
+            if (localStorage.getItem("mfaRedirectUrl") !== null) {
+              Setting.goToLink(localStorage.getItem("mfaRedirectUrl"));
+              localStorage.removeItem("mfaRedirectUrl");
            } else {
-              Setting.goToLink("/account");
+              this.props.history.push("/account");
            }
          }}
          onFail={(res) => {
@@ -308,7 +214,7 @@ class MfaSetupPage extends React.Component {
          status="403"
          title="403 Unauthorized"
          subTitle={i18next.t("general:Sorry, you do not have permission to access this page or logged in status invalid.")}
-          extra={<a href="/"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>}
+          extra={<a href="/web/public"><Button type="primary">{i18next.t("general:Back Home")}</Button></a>}
        />
      );
    }
@@ -343,4 +249,4 @@ class MfaSetupPage extends React.Component {
  }
 }

-export default MfaSetupPage;
+export default withRouter(MfaSetupPage);
--- a/web/src/auth/MfaVerifyForm.js
+++ b/web/src/auth/MfaVerifyForm.js
@@ -1,193 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-import {Button, Col, Form, Input, QRCode, Space} from "antd";
-import i18next from "i18next";
-import {CopyOutlined, UserOutlined} from "@ant-design/icons";
-import {SendCodeInput} from "../common/SendCodeInput";
-import * as Setting from "../Setting";
-import React, {useEffect} from "react";
-import copy from "copy-to-clipboard";
-import {CountryCodeSelect} from "../common/select/CountryCodeSelect";
-import {EmailMfaType, SmsMfaType} from "./MfaSetupPage";
-
-export const mfaAuth = "mfaAuth";
-export const mfaSetup = "mfaSetup";
-
-export const MfaSmsVerifyForm = ({mfaProps, application, onFinish, method, user}) => {
-  const [dest, setDest] = React.useState(mfaProps.secret ?? "");
-  const [form] = Form.useForm();
-
-  useEffect(() => {
-    if (mfaProps.mfaType === SmsMfaType) {
-      setDest(user.phone);
-    }
-
-    if (mfaProps.mfaType === EmailMfaType) {
-      setDest(user.email);
-    }
-  }, [mfaProps.mfaType]);
-
-  const isEmail = () => {
-    return mfaProps.mfaType === EmailMfaType;
-  };
-
-  return (
-    <Form
-      form={form}
-      style={{width: "300px"}}
-      onFinish={onFinish}
-      initialValues={{
-        countryCode: mfaProps.countryCode,
-      }}
-    >
-      {dest !== "" ?
-        <div style={{marginBottom: 20, textAlign: "left", gap: 8}}>
-          {isEmail() ? i18next.t("mfa:Your email is") : i18next.t("mfa:Your phone is")} {dest}
-        </div> :
-        (<React.Fragment>
-          <p>{isEmail() ? i18next.t("mfa:Please bind your email first, the system will automatically uses the mail for multi-factor authentication") :
-            i18next.t("mfa:Please bind your phone first, the system automatically uses the phone for multi-factor authentication")}
-          </p>
-          <Input.Group compact style={{width: "300Px", marginBottom: "30px"}}>
-            {isEmail() ? null :
-              <Form.Item
-                name="countryCode"
-                noStyle
-                rules={[
-                  {
-                    required: false,
-                    message: i18next.t("signup:Please select your country code!"),
-                  },
-                ]}
-              >
-                <CountryCodeSelect
-                  initValue={mfaProps.countryCode}
-                  style={{width: "30%"}}
-                  countryCodes={application.organizationObj.countryCodes}
-                />
-              </Form.Item>
-            }
-            <Form.Item
-              name="dest"
-              noStyle
-              rules={[{required: true, message: i18next.t("login:Please input your Email or Phone!")}]}
-            >
-              <Input
-                style={{width: isEmail() ? "100% " : "70%"}}
-                onChange={(e) => {setDest(e.target.value);}}
-                prefix={<UserOutlined />}
-                placeholder={isEmail() ? i18next.t("general:Email") : i18next.t("general:Phone")}
-              />
-            </Form.Item>
-          </Input.Group>
-        </React.Fragment>
-        )
-      }
-      <Form.Item
-        name="passcode"
-        rules={[{required: true, message: i18next.t("login:Please input your code!")}]}
-      >
-        <SendCodeInput
-          countryCode={form.getFieldValue("countryCode")}
-          method={method}
-          onButtonClickArgs={[mfaProps.secret || dest, isEmail() ? "email" : "phone", Setting.getApplicationName(application)]}
-          application={application}
-        />
-      </Form.Item>
-      <Form.Item>
-        <Button
-          style={{marginTop: 24}}
-          loading={false}
-          block
-          type="primary"
-          htmlType="submit"
-        >
-          {i18next.t("forget:Next Step")}
-        </Button>
-      </Form.Item>
-    </Form>
-  );
-};
-
-export const MfaTotpVerifyForm = ({mfaProps, onFinish}) => {
-  const [form] = Form.useForm();
-
-  const renderSecret = () => {
-    if (!mfaProps.secret) {
-      return null;
-    }
-
-    return (
-      <React.Fragment>
-        <Col span={24} style={{display: "flex", justifyContent: "center"}}>
-          <QRCode
-            errorLevel="H"
-            value={mfaProps.url}
-            icon={"https://cdn.casdoor.com/static/favicon.png"}
-          />
-        </Col>
-        <p style={{textAlign: "center"}}>{i18next.t("mfa:Scan the QR code with your Authenticator App")}</p>
-        <p style={{textAlign: "center"}}>{i18next.t("mfa:Or copy the secret to your Authenticator App")}</p>
-        <Col span={24}>
-          <Space>
-            <Input value={mfaProps.secret} />
-            <Button
-              type="primary"
-              shape="round"
-              icon={<CopyOutlined />}
-              onClick={() => {
-                copy(`${mfaProps.secret}`);
-                Setting.showMessage(
-                  "success",
-                  i18next.t("mfa:Multi-factor secret to clipboard successfully")
-                );
-              }}
-            />
-          </Space>
-        </Col>
-      </React.Fragment>
-    );
-  };
-  return (
-    <Form
-      form={form}
-      style={{width: "300px"}}
-      onFinish={onFinish}
-    >
-      {renderSecret()}
-      <Form.Item
-        name="passcode"
-        rules={[{required: true, message: "Please input your passcode"}]}
-      >
-        <Input
-          style={{marginTop: 24}}
-          prefix={<UserOutlined />}
-          placeholder={i18next.t("mfa:Passcode")}
-        />
-      </Form.Item>
-      <Form.Item>
-        <Button
-          style={{marginTop: 24}}
-          loading={false}
-          block
-          type="primary"
-          htmlType="submit"
-        >
-          {i18next.t("forget:Next Step")}
-        </Button>
-      </Form.Item>
-    </Form>
-  );
-};
--- a/web/src/auth/PromptPage.js
+++ b/web/src/auth/PromptPage.js
@@ -16,14 +16,13 @@ import React from "react";
 import {Button, Card, Col, Result, Row} from "antd";
 import * as ApplicationBackend from "../backend/ApplicationBackend";
 import * as UserBackend from "../backend/UserBackend";
-import * as AuthBackend from "./AuthBackend";
 import * as Setting from "../Setting";
 import i18next from "i18next";
 import AffiliationSelect from "../common/select/AffiliationSelect";
 import OAuthWidget from "../common/OAuthWidget";
 import RegionSelect from "../common/select/RegionSelect";
 import {withRouter} from "react-router-dom";
-import MfaSetupPage from "./MfaSetupPage";
+import * as AuthBackend from "./AuthBackend";

 class PromptPage extends React.Component {
  constructor(props) {
@@ -34,7 +33,9 @@ class PromptPage extends React.Component {
      applicationName: props.applicationName ?? (props.match === undefined ? null : props.match.params.applicationName),
      application: null,
      user: null,
-      promptType: new URLSearchParams(this.props.location.search).get("promptType"),
+      steps: null,
+      current: 0,
+      finished: false,
    };
  }

@@ -45,6 +46,12 @@ class PromptPage extends React.Component {
    }
  }

+  componentDidUpdate(prevProps, prevState, snapshot) {
+    if (this.state.user !== null && this.getApplicationObj() !== null && this.state.steps === null) {
+      this.initSteps(this.state.user, this.getApplicationObj());
+    }
+  }
+
  getUser() {
    const organizationName = this.props.account.owner;
    const userName = this.props.account.name;
@@ -198,22 +205,25 @@ class PromptPage extends React.Component {
      .then((res) => {
        if (res.status === "ok") {
          this.onUpdateAccount(null);
-
-          let redirectUrl = this.getRedirectUrl();
-          if (redirectUrl === "") {
-            redirectUrl = res.data2;
-          }
-          if (redirectUrl !== "" && redirectUrl !== null) {
-            Setting.goToLink(redirectUrl);
-          } else {
-            Setting.redirectToLoginPage(this.getApplicationObj(), this.props.history);
-          }
        } else {
-          Setting.showMessage("error", `Failed to log out: ${res.msg}`);
+          Setting.showMessage("error", res.msg);
        }
      });
  }

+  finishAndJump() {
+    this.setState({
+      finished: true,
+    }, () => {
+      const redirectUrl = this.getRedirectUrl();
+      if (redirectUrl !== "" && redirectUrl !== null) {
+        Setting.goToLink(redirectUrl);
+      } else {
+        Setting.redirectToLoginPage(this.getApplicationObj(), this.props.history);
+      }
+    });
+  }
+
  submitUserEdit(isFinal) {
    const user = Setting.deepCopy(this.state.user);
    UserBackend.updateUser(this.state.user.owner, this.state.user.name, user)
@@ -221,8 +231,7 @@ class PromptPage extends React.Component {
        if (res.status === "ok") {
          if (isFinal) {
            Setting.showMessage("success", i18next.t("general:Successfully saved"));
-
-            this.logout();
+            this.finishAndJump();
          }
        } else {
          if (isFinal) {
@@ -238,25 +247,45 @@ class PromptPage extends React.Component {
  }

  renderPromptProvider(application) {
-    return <>
-      {this.renderContent(application)}
-      <div style={{marginTop: "50px"}}>
-        <Button disabled={!Setting.isPromptAnswered(this.state.user, application)} type="primary" size="large" onClick={() => {this.submitUserEdit(true);}}>{i18next.t("code:Submit and complete")}</Button>
-      </div>
-    </>;
+    return (
+      <div style={{display: "flex", alignItems: "center", flexDirection: "column"}}>
+        {this.renderContent(application)}
+        <Button style={{marginTop: "50px", width: "200px"}}
+          disabled={!Setting.isPromptAnswered(this.state.user, application)}
+          type="primary" size="large" onClick={() => {
+            this.submitUserEdit(true);
+          }}>
+          {i18next.t("code:Submit and complete")}
+        </Button>
+      </div>);
  }

-  renderPromptMfa() {
+  initSteps(user, application) {
+    const steps = [];
+    if (!Setting.isPromptAnswered(user, application) && this.state.promptType === "provider") {
+      steps.push({
+        content: this.renderPromptProvider(application),
+        name: "provider",
+        title: i18next.t("application:Binding providers"),
+      });
+    }
+
+    this.setState({
+      steps: steps,
+    });
+  }
+
+  renderSteps() {
+    if (this.state.steps === null || this.state.steps?.length === 0) {
+      return null;
+    }
+
    return (
-      <MfaSetupPage
-        application={this.getApplicationObj()}
-        account={this.props.account}
-        current={1}
-        isAuthenticated={true}
-        isPromptPage={true}
-        redirectUri={this.getRedirectUrl()}
-        {...this.props}
-      />
+      <Card style={{marginTop: "20px", marginBottom: "20px"}}
+        title={this.state.steps[this.state.current].title}
+      >
+        <div >{this.state.steps[this.state.current].content}</div>
+      </Card>
    );
  }

@@ -266,7 +295,7 @@ class PromptPage extends React.Component {
      return null;
    }

-    if (!Setting.hasPromptPage(application) && this.state.promptType !== "mfa") {
+    if (this.state.steps?.length === 0) {
      return (
        <Result
          style={{display: "flex", flex: "1 1 0%", justifyContent: "center", flexDirection: "column"}}
@@ -287,17 +316,7 @@ class PromptPage extends React.Component {

    return (
      <div style={{display: "flex", flex: "1", justifyContent: "center"}}>
-        <Card>
-          <div style={{marginTop: "30px", marginBottom: "30px", textAlign: "center"}}>
-            {
-              Setting.renderHelmet(application)
-            }
-            {
-              Setting.renderLogo(application)
-            }
-            {this.state.promptType !== "mfa" ? this.renderPromptProvider(application) : this.renderPromptMfa(application)}
-          </div>
-        </Card>
+        {this.renderSteps()}
      </div>
    );
  }
--- a/web/src/auth/Provider.js
+++ b/web/src/auth/Provider.js
@@ -448,7 +448,7 @@ export function getAuthUrl(application, provider, method) {
  } else if (provider.type === "Douyin" || provider.type === "TikTok") {
    return `${endpoint}?client_key=${provider.clientId}&redirect_uri=${redirectUri}&state=${state}&response_type=code&scope=${scope}`;
  } else if (provider.type === "Custom") {
-    return `${provider.customAuthUrl}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&scope=${provider.customScope}&response_type=code&state=${state}`;
+    return `${provider.customAuthUrl}?client_id=${provider.clientId}&redirect_uri=${redirectUri}&scope=${provider.scopes}&response_type=code&state=${state}`;
  } else if (provider.type === "Bilibili") {
    return `${endpoint}#/?client_id=${provider.clientId}&return_url=${redirectUri}&state=${state}&response_type=code`;
  } else if (provider.type === "Deezer") {
--- a/web/src/auth/mfa/CheckPasswordForm.js
+++ b/web/src/auth/mfa/CheckPasswordForm.js
@@ -0,0 +1,56 @@
+import {LockOutlined} from "@ant-design/icons";
+import {Button, Form, Input} from "antd";
+import i18next from "i18next";
+import React from "react";
+import * as UserBackend from "../../backend/UserBackend";
+
+function CheckPasswordForm({user, onSuccess, onFail}) {
+  const [form] = Form.useForm();
+
+  const onFinish = ({password}) => {
+    const data = {...user, password};
+    UserBackend.checkUserPassword(data)
+      .then((res) => {
+        if (res.status === "ok") {
+          onSuccess(res);
+        } else {
+          onFail(res);
+        }
+      })
+      .finally(() => {
+        form.setFieldsValue({password: ""});
+      });
+  };
+
+  return (
+    <Form
+      form={form}
+      style={{width: "300px", marginTop: "20px"}}
+      onFinish={onFinish}
+    >
+      <Form.Item
+        name="password"
+        rules={[{required: true, message: i18next.t("login:Please input your password!")}]}
+      >
+        <Input.Password
+          prefix={<LockOutlined />}
+          placeholder={i18next.t("general:Password")}
+        />
+      </Form.Item>
+
+      <Form.Item>
+        <Button
+          style={{marginTop: 24}}
+          loading={false}
+          block
+          type="primary"
+          htmlType="submit"
+        >
+          {i18next.t("forget:Next Step")}
+        </Button>
+      </Form.Item>
+    </Form>
+  );
+}
+
+export default CheckPasswordForm;
--- a/web/src/auth/mfa/MfaAuthVerifyForm.js
+++ b/web/src/auth/mfa/MfaAuthVerifyForm.js
@@ -15,9 +15,11 @@
 import React, {useState} from "react";
 import i18next from "i18next";
 import {Button, Input} from "antd";
-import * as AuthBackend from "./AuthBackend";
-import {EmailMfaType, RecoveryMfaType, SmsMfaType} from "./MfaSetupPage";
-import {MfaSmsVerifyForm, MfaTotpVerifyForm, mfaAuth} from "./MfaVerifyForm";
+import * as AuthBackend from "../AuthBackend";
+import {EmailMfaType, RecoveryMfaType, SmsMfaType} from "../MfaSetupPage";
+import {mfaAuth} from "./MfaVerifyForm";
+import MfaVerifySmsForm from "./MfaVerifySmsForm";
+import MfaVerifyTotpForm from "./MfaVerifyTotpForm";

 export const NextMfa = "NextMfa";
 export const RequiredMfa = "RequiredMfa";
@@ -70,13 +72,13 @@ export function MfaAuthVerifyForm({formValues, oAuthParams, mfaProps, applicatio
          {i18next.t("mfa:Multi-factor authentication description")}
        </div>
        {mfaType === SmsMfaType || mfaType === EmailMfaType ? (
-          <MfaSmsVerifyForm
+          <MfaVerifySmsForm
            mfaProps={mfaProps}
            method={mfaAuth}
            onFinish={verify}
            application={application}
          />) : (
-          <MfaTotpVerifyForm
+          <MfaVerifyTotpForm
            mfaProps={mfaProps}
            onFinish={verify}
          />
--- a/web/src/auth/mfa/MfaEnableForm.js
+++ b/web/src/auth/mfa/MfaEnableForm.js
@@ -0,0 +1,40 @@
+import {Button} from "antd";
+import i18next from "i18next";
+import React, {useState} from "react";
+import * as MfaBackend from "../../backend/MfaBackend";
+
+export function MfaEnableForm({user, mfaType, recoveryCodes, onSuccess, onFail}) {
+  const [loading, setLoading] = useState(false);
+  const requestEnableMfa = () => {
+    const data = {
+      mfaType,
+      ...user,
+    };
+    setLoading(true);
+    MfaBackend.MfaSetupEnable(data).then(res => {
+      if (res.status === "ok") {
+        onSuccess(res);
+      } else {
+        onFail(res);
+      }
+    }
+    ).finally(() => {
+      setLoading(false);
+    });
+  };
+
+  return (
+    <div style={{width: "400px"}}>
+      <p>{i18next.t("mfa:Please save this recovery code. Once your device cannot provide an authentication code, you can reset mfa authentication by this recovery code")}</p>
+      <br />
+      <code style={{fontStyle: "solid"}}>{recoveryCodes[0]}</code>
+      <Button style={{marginTop: 24}} loading={loading} onClick={() => {
+        requestEnableMfa();
+      }} block type="primary">
+        {i18next.t("general:Enable")}
+      </Button>
+    </div>
+  );
+}
+
+export default MfaEnableForm;
--- a/web/src/auth/mfa/MfaVerifyForm.js
+++ b/web/src/auth/mfa/MfaVerifyForm.js
@@ -0,0 +1,58 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import {Form} from "antd";
+import i18next from "i18next";
+import * as MfaBackend from "../../backend/MfaBackend";
+import * as Setting from "../../Setting";
+import React from "react";
+import {EmailMfaType, SmsMfaType, TotpMfaType} from "../MfaSetupPage";
+import MfaVerifySmsForm from "./MfaVerifySmsForm";
+import MfaVerifyTotpForm from "./MfaVerifyTotpForm";
+
+export const mfaAuth = "mfaAuth";
+export const mfaSetup = "mfaSetup";
+
+export function MfaVerifyForm({mfaProps, application, user, onSuccess, onFail}) {
+  const [form] = Form.useForm();
+  const onFinish = ({passcode}) => {
+    const data = {passcode, mfaType: mfaProps.mfaType, ...user};
+    MfaBackend.MfaSetupVerify(data)
+      .then((res) => {
+        if (res.status === "ok") {
+          onSuccess(res);
+        } else {
+          onFail(res);
+        }
+      })
+      .catch((error) => {
+        Setting.showMessage("error", `${i18next.t("general:Failed to connect to server")}: ${error}`);
+      })
+      .finally(() => {
+        form.setFieldsValue({passcode: ""});
+      });
+  };
+
+  if (mfaProps === undefined || mfaProps === null || application === undefined || application === null || user === undefined || user === null) {
+    return <div></div>;
+  }
+
+  if (mfaProps.mfaType === SmsMfaType || mfaProps.mfaType === EmailMfaType) {
+    return <MfaVerifySmsForm mfaProps={mfaProps} onFinish={onFinish} application={application} method={mfaSetup} user={user} />;
+  } else if (mfaProps.mfaType === TotpMfaType) {
+    return <MfaVerifyTotpForm mfaProps={mfaProps} onFinish={onFinish} />;
+  } else {
+    return <div></div>;
+  }
+}
--- a/web/src/auth/mfa/MfaVerifySmsForm.js
+++ b/web/src/auth/mfa/MfaVerifySmsForm.js
@@ -0,0 +1,125 @@
+import {UserOutlined} from "@ant-design/icons";
+import {Button, Form, Input} from "antd";
+import i18next from "i18next";
+import React, {useEffect} from "react";
+import {CountryCodeSelect} from "../../common/select/CountryCodeSelect";
+import {SendCodeInput} from "../../common/SendCodeInput";
+import * as Setting from "../../Setting";
+import {EmailMfaType, SmsMfaType} from "../MfaSetupPage";
+import {mfaAuth} from "./MfaVerifyForm";
+
+export const MfaVerifySmsForm = ({mfaProps, application, onFinish, method, user}) => {
+  const [dest, setDest] = React.useState("");
+  const [form] = Form.useForm();
+
+  useEffect(() => {
+    if (method === mfaAuth) {
+      setDest(mfaProps.secret);
+      return;
+    }
+    if (mfaProps.mfaType === SmsMfaType) {
+      setDest(user.phone);
+      return;
+    }
+
+    if (mfaProps.mfaType === EmailMfaType) {
+      setDest(user.email);
+    }
+  }, [mfaProps.mfaType]);
+
+  const isShowText = () => {
+    if (method === mfaAuth) {
+      return true;
+    }
+    if (mfaProps.mfaType === SmsMfaType && user.phone !== "") {
+      return true;
+    }
+    if (mfaProps.mfaType === EmailMfaType && user.email !== "") {
+      return true;
+    }
+    return false;
+  };
+
+  const isEmail = () => {
+    return mfaProps.mfaType === EmailMfaType;
+  };
+
+  return (
+    <Form
+      form={form}
+      style={{width: "300px"}}
+      onFinish={onFinish}
+      initialValues={{
+        countryCode: mfaProps.countryCode,
+      }}
+    >
+      {isShowText() ?
+        <div style={{marginBottom: 20, textAlign: "left", gap: 8}}>
+          {isEmail() ? i18next.t("mfa:Your email is") : i18next.t("mfa:Your phone is")} {dest}
+        </div> :
+        (<React.Fragment>
+          <p>{isEmail() ? i18next.t("mfa:Please bind your email first, the system will automatically uses the mail for multi-factor authentication") :
+            i18next.t("mfa:Please bind your phone first, the system automatically uses the phone for multi-factor authentication")}
+          </p>
+          <Input.Group compact style={{width: "300Px", marginBottom: "30px"}}>
+            {isEmail() ? null :
+              <Form.Item
+                name="countryCode"
+                noStyle
+                rules={[
+                  {
+                    required: false,
+                    message: i18next.t("signup:Please select your country code!"),
+                  },
+                ]}
+              >
+                <CountryCodeSelect
+                  initValue={mfaProps.countryCode}
+                  style={{width: "30%"}}
+                  countryCodes={application.organizationObj.countryCodes}
+                />
+              </Form.Item>
+            }
+            <Form.Item
+              name="dest"
+              noStyle
+              rules={[{required: true, message: i18next.t("login:Please input your Email or Phone!")}]}
+            >
+              <Input
+                style={{width: isEmail() ? "100% " : "70%"}}
+                onChange={(e) => {setDest(e.target.value);}}
+                prefix={<UserOutlined />}
+                placeholder={isEmail() ? i18next.t("general:Email") : i18next.t("general:Phone")}
+              />
+            </Form.Item>
+          </Input.Group>
+        </React.Fragment>
+        )
+      }
+      <Form.Item
+        name="passcode"
+        rules={[{required: true, message: i18next.t("login:Please input your code!")}]}
+      >
+        <SendCodeInput
+          countryCode={form.getFieldValue("countryCode")}
+          method={method}
+          onButtonClickArgs={[mfaProps.secret || dest, isEmail() ? "email" : "phone", Setting.getApplicationName(application)]}
+          application={application}
+        />
+      </Form.Item>
+      <Form.Item>
+        <Button
+          style={{marginTop: 24}}
+          loading={false}
+          block
+          type="primary"
+          htmlType="submit"
+        >
+          {i18next.t("forget:Next Step")}
+        </Button>
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default MfaVerifySmsForm;
--- a/web/src/auth/mfa/MfaVerifyTotpForm.js
+++ b/web/src/auth/mfa/MfaVerifyTotpForm.js
@@ -0,0 +1,79 @@
+import {CopyOutlined, UserOutlined} from "@ant-design/icons";
+import {Button, Col, Form, Input, QRCode, Space} from "antd";
+import copy from "copy-to-clipboard";
+import i18next from "i18next";
+import React from "react";
+import * as Setting from "../../Setting";
+
+export const MfaVerifyTotpForm = ({mfaProps, onFinish}) => {
+  const [form] = Form.useForm();
+
+  const renderSecret = () => {
+    if (!mfaProps.secret) {
+      return null;
+    }
+
+    return (
+      <React.Fragment>
+        <Col span={24} style={{display: "flex", justifyContent: "center"}}>
+          <QRCode
+            errorLevel="H"
+            value={mfaProps.url}
+            icon={"https://cdn.casdoor.com/static/favicon.png"}
+          />
+        </Col>
+        <p style={{textAlign: "center"}}>{i18next.t("mfa:Scan the QR code with your Authenticator App")}</p>
+        <p style={{textAlign: "center"}}>{i18next.t("mfa:Or copy the secret to your Authenticator App")}</p>
+        <Col span={24}>
+          <Space>
+            <Input value={mfaProps.secret} />
+            <Button
+              type="primary"
+              shape="round"
+              icon={<CopyOutlined />}
+              onClick={() => {
+                copy(`${mfaProps.secret}`);
+                Setting.showMessage(
+                  "success",
+                  i18next.t("mfa:Multi-factor secret to clipboard successfully")
+                );
+              }}
+            />
+          </Space>
+        </Col>
+      </React.Fragment>
+    );
+  };
+  return (
+    <Form
+      form={form}
+      style={{width: "300px"}}
+      onFinish={onFinish}
+    >
+      {renderSecret()}
+      <Form.Item
+        name="passcode"
+        rules={[{required: true, message: "Please input your passcode"}]}
+      >
+        <Input
+          style={{marginTop: 24}}
+          prefix={<UserOutlined />}
+          placeholder={i18next.t("mfa:Passcode")}
+        />
+      </Form.Item>
+      <Form.Item>
+        <Button
+          style={{marginTop: 24}}
+          loading={false}
+          block
+          type="primary"
+          htmlType="submit"
+        >
+          {i18next.t("forget:Next Step")}
+        </Button>
+      </Form.Item>
+    </Form>
+  );
+};
+
+export default MfaVerifyTotpForm;
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Yang Luo	6c647818ca	feat: add "Sender number" input for Twilio SMS provider	2023-07-18 22:46:56 +08:00
Yaodong Yu	8bc73d17aa	feat: fix bug that themeEditor can not load saved theme data (#2085 )	2023-07-17 22:57:55 +08:00
Yang Luo	1f37c80177	feat: refactor code to add getStorageProvider()	2023-07-17 15:59:37 +08:00
Yaodong Yu	7924fca403	fix: hidden bug of "like" query (#2082 )	2023-07-16 17:11:32 +08:00
Yang Luo	bd06996bab	Improve CorsFilter for login API	2023-07-15 19:29:48 +08:00
Yang Luo	19ab168b12	Fix panic in func (c *ApiController) GetUser() if no user exists in DB	2023-07-14 20:57:59 +08:00
UsherFall	854a74b73e	feat: fix the error when user uploads avatar to minio (https) (#2078 ) * fix: Error reported when user uploads avatar to minio (https) * Update provider.go --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>	2023-07-14 15:58:30 +08:00
yehong	beefb0b432	fix: fix event-stream streaming output in prod mode (#2076 )	2023-07-14 11:59:26 +08:00
Yang Luo	d8969e6652	Support EnableSigninSession after SAML login	2023-07-14 11:27:18 +08:00
Yang Luo	666ff48837	Use id param in /sync-ldap-users API	2023-07-13 00:14:18 +08:00
Yang Luo	0a0c1b4788	Fix "Groups is immutable" bug when updating a user	2023-07-13 00:03:18 +08:00
Yang Luo	438c999e11	Add password mask to /get-ldaps and /get-ldap APIs	2023-07-12 23:21:47 +08:00
Yang Luo	a193ceb33d	Fix bug in TestDeployStaticFiles()	2023-07-12 23:11:02 +08:00
Yang Luo	caec1d1bac	Only consider x509 certs in /.well-known/jwks API	2023-07-12 22:39:39 +08:00
Denis Plynskiy	0d48da24dc	feat: fix wrong rowKey for tables (#2070 )	2023-07-12 21:12:36 +08:00
Yaodong Yu	de9eeaa1ef	fix: init groups modify rule with admin (#2054 )	2023-07-11 09:49:49 +08:00
Baihhh	ae6e35ee73	feat: fix bug that the password input disappears in login window (#2051 ) Signed-off-by: baihhh <2542274498@qq.com>	2023-07-08 23:46:31 +08:00
Yaodong Yu	a58df645bf	fix: fix state after mfa is enabled (#2050 )	2023-07-08 22:35:31 +08:00
WintBit	68417a2d7a	fix: /api/upload-resource panics when parsing file_type (#2046 )	2023-07-07 16:18:25 +08:00
WintBit	9511fae9d9	docs: add swagger docs for Resource-API (#2044 ) swagger files are all auto generated.	2023-07-07 14:28:10 +08:00
Yaodong Yu	347d3d2b53	feat: fix bugs in MFA (#2033 ) * fix: prompt mfa binding * fix: clean session when leave promptpage * fix: css * fix: force enable mfa * fix: add prompt rule * fix: refactor directory structure * fix: prompt notification * fix: fix some bug and clean code * fix: rebase * fix: improve notification * fix: i18n * fix: router * fix: prompt * fix: remove localStorage	2023-07-07 12:30:07 +08:00
Gucheng Wang	6edfc08b28	Refactor the code	2023-07-07 00:13:05 +08:00
Baihhh	bc1c4d32f0	feat: user can upload ID card info (#2040 ) * feat:user can upload ID card(#1999) Signed-off-by: baihhh <2542274498@qq.com> * feat: user can upload ID card, add diff languages Signed-off-by: baihhh <2542274498@qq.com> --------- Signed-off-by: baihhh <2542274498@qq.com>	2023-07-06 20:36:32 +08:00
YunShu	96250aa70a	docs: replace gitter links with discord (#2041 )	2023-07-06 18:16:16 +08:00
Yaodong Yu	3d4ca1adb1	feat: support custom user mapping (#2029 ) * feat: support custom user mapping * fix: parse id to string * Update data.json * Update data.json --------- Co-authored-by: hsluoyz <hsluoyz@qq.com>	2023-07-05 20:35:02 +08:00
Yang Luo	ba97458edd	feat: fix StaticFilter issue	2023-07-05 17:54:39 +08:00
Yang Luo	855259c6e7	feat: improve getOriginFromHost() for local machine name	2023-07-05 09:51:08 +08:00
June	28297e06f7	feat: IntrospectToken return the right Jti (JWT ID instead of User Id) (#2035 )	2023-07-03 19:01:06 +08:00
Yang Luo	f3aed0b6a8	Fix null panic in GetOrganizationByUser()	2023-07-03 14:56:14 +08:00
haiwu	35e1f8538e	feat: fix panic when url.Parse() fails to parse URL (#2034 )	2023-07-03 12:35:22 +08:00
Yang Luo	30a14ff54a	Fix null issue in getDefaultApplication()	2023-07-02 09:44:48 +08:00
Yang Luo	1ab7a54133	Add DefaultApplication to conf	2023-07-02 09:15:22 +08:00
Yang Luo	0e2dad35f3	Improve OrganizationSelect width	2023-06-30 02:04:44 +08:00
Yang Luo	d31077a510	Remove conf values	2023-06-30 01:38:48 +08:00
Denis Plynskiy	eee9b8b9fe	feat: add organization context select box for admin (#2013 ) * feat: organization as context * feat: organization as context with backend filtration * Update app.conf * update app.conf and hide organization select for mobile. --------- Co-authored-by: dplynsky <dplynsky@ptsecurity.com> Co-authored-by: hsluoyz <hsluoyz@qq.com>	2023-06-30 01:32:34 +08:00
Baihhh	91cb5f393a	fix: fix Swagger docs page (#2025 ) Signed-off-by: baihhh <2542274498@qq.com>	2023-06-30 00:48:39 +08:00
haiwu	807aea5ec7	feat: add tags to application (#2027 ) * feat: add tags to application * fix: fix for merge master * feat: update i18n(backend&frontend) for application tags	2023-06-30 00:04:12 +08:00