feat: fix JSON tag of EmailVerified (#2322)

Signed-off-by: Cattī Crūdēlēs <17695588+wzy9607@users.noreply.github.com>

Dockerfile

@@ -64,7 +64,6 @@ COPY --from=BACK /go/src/casdoor/docker-entrypoint.sh /docker-entrypoint.sh
 COPY --from=BACK /go/src/casdoor/conf/app.conf ./conf/app.conf
 COPY --from=BACK /go/src/casdoor/version_info.txt ./go/src/casdoor/version_info.txt
 COPY --from=FRONT /web/build ./web/build
-RUN mkdir tempFiles
 
 ENTRYPOINT ["/bin/bash"]
 CMD ["/docker-entrypoint.sh"]

authz/authz.go

@@ -88,6 +88,7 @@ p, *, *, *, /api/metrics, *, *
 p, *, *, GET, /api/get-pricing, *, *
 p, *, *, GET, /api/get-plan, *, *
 p, *, *, GET, /api/get-subscription, *, *
+p, *, *, GET, /api/get-provider, *, *
 p, *, *, GET, /api/get-organization-names, *, *
 `
 
@@ -120,6 +121,10 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o
 		panic(err)
 	}
 
+	if subOwner == "app" {
+		return true
+	}
+
 	if user != nil && user.IsAdmin && (subOwner == objOwner || (objOwner == "admin")) {
 		return true
 	}

controllers/account.go

@@ -140,13 +140,6 @@ func (c *ApiController) Signup() {
 		username = id
 	}
 
-	password := authForm.Password
-	msg = object.CheckPasswordComplexityByOrg(organization, password)
-	if msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
 	initScore, err := organization.GetInitScore()
 	if err != nil {
 		c.ResponseError(fmt.Errorf(c.T("account:Get init score failed, error: %w"), err).Error())

controllers/application.go

@@ -62,13 +62,13 @@ func (c *ApiController) GetApplications() {
 		}
 
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		app, err := object.GetPaginationApplications(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		application, err := object.GetPaginationApplications(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 
-		applications := object.GetMaskedApplications(app, userId)
+		applications := object.GetMaskedApplications(application, userId)
 		c.ResponseOk(applications, paginator.Nums())
 	}
 }
@@ -84,13 +84,23 @@ func (c *ApiController) GetApplication() {
 	userId := c.GetSessionUsername()
 	id := c.Input().Get("id")
 
-	app, err := object.GetApplication(id)
+	application, err := object.GetApplication(id)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	c.ResponseOk(object.GetMaskedApplication(app, userId))
+	if c.Input().Get("withKey") != "" && application.Cert != "" {
+		cert, err := object.GetCert(util.GetId(application.Owner, application.Cert))
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+
+		application.CertPublicKey = cert.Certificate
+	}
+
+	c.ResponseOk(object.GetMaskedApplication(application, userId))
 }
 
 // GetUserApplication
@@ -164,13 +174,13 @@ func (c *ApiController) GetOrganizationApplications() {
 		}
 
 		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		app, err := object.GetPaginationOrganizationApplications(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		application, err := object.GetPaginationOrganizationApplications(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
 
-		applications := object.GetMaskedApplications(app, userId)
+		applications := object.GetMaskedApplications(application, userId)
 		c.ResponseOk(applications, paginator.Nums())
 	}
 }

controllers/base.go

@@ -61,6 +61,10 @@ func (c *ApiController) IsAdminOrSelf(user2 *object.User) bool {
 		return true
 	}
 
+	if user == nil || user2 == nil {
+		return false
+	}
+
 	if user.Owner == user2.Owner && user.Name == user2.Name {
 		return true
 	}

controllers/cas.go

@@ -35,6 +35,11 @@ const (
 	UnauthorizedService      string = "UNAUTHORIZED_SERVICE"
 )
 
+func queryUnescape(service string) string {
+	s, _ := url.QueryUnescape(service)
+	return s
+}
+
 func (c *RootController) CasValidate() {
 	ticket := c.Input().Get("ticket")
 	service := c.Input().Get("service")
@@ -60,24 +65,25 @@ func (c *RootController) CasServiceValidate() {
 	if !strings.HasPrefix(ticket, "ST") {
 		c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format)
 	}
-	c.CasP3ServiceAndProxyValidate()
+	c.CasP3ProxyValidate()
 }
 
 func (c *RootController) CasProxyValidate() {
+	// https://apereo.github.io/cas/6.6.x/protocol/CAS-Protocol-Specification.html#26-proxyvalidate-cas-20
+	// "/proxyValidate" should accept both service tickets and proxy tickets.
+	c.CasP3ProxyValidate()
+}
+
+func (c *RootController) CasP3ServiceValidate() {
 	ticket := c.Input().Get("ticket")
 	format := c.Input().Get("format")
-	if !strings.HasPrefix(ticket, "PT") {
+	if !strings.HasPrefix(ticket, "ST") {
 		c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format)
 	}
-	c.CasP3ServiceAndProxyValidate()
+	c.CasP3ProxyValidate()
 }
 
-func queryUnescape(service string) string {
-	s, _ := url.QueryUnescape(service)
-	return s
-}
-
-func (c *RootController) CasP3ServiceAndProxyValidate() {
+func (c *RootController) CasP3ProxyValidate() {
 	ticket := c.Input().Get("ticket")
 	format := c.Input().Get("format")
 	service := c.Input().Get("service")
@@ -115,15 +121,17 @@ func (c *RootController) CasP3ServiceAndProxyValidate() {
 		pgtiou := serviceResponse.Success.ProxyGrantingTicket
 		// todo: check whether it is https
 		pgtUrlObj, err := url.Parse(pgtUrl)
+		if err != nil {
+			c.sendCasAuthenticationResponseErr(InvalidProxyCallback, err.Error(), format)
+			return
+		}
+
 		if pgtUrlObj.Scheme != "https" {
 			c.sendCasAuthenticationResponseErr(InvalidProxyCallback, "callback is not https", format)
 			return
 		}
+
 		// make a request to pgturl passing pgt and pgtiou
-		if err != nil {
-			c.sendCasAuthenticationResponseErr(InternalError, err.Error(), format)
-			return
-		}
 		param := pgtUrlObj.Query()
 		param.Add("pgtId", pgt)
 		param.Add("pgtIou", pgtiou)
@@ -263,7 +271,6 @@ func (c *RootController) sendCasAuthenticationResponseErr(code, msg, format stri
 			Message: msg,
 		},
 	}
-
 	if format == "json" {
 		c.Data["json"] = serviceResponse
 		c.ServeJSON()

controllers/enforcer.go

@@ -83,7 +83,7 @@ func (c *ApiController) GetEnforcer() {
 		return
 	}
 
-	if loadModelCfg == "true" {
+	if loadModelCfg == "true" && enforcer.Model != "" {
 		err := enforcer.LoadModelCfg()
 		if err != nil {
 			return

controllers/payment.go

@@ -176,11 +176,10 @@ func (c *ApiController) DeletePayment() {
 func (c *ApiController) NotifyPayment() {
 	owner := c.Ctx.Input.Param(":owner")
 	paymentName := c.Ctx.Input.Param(":payment")
-	orderId := c.Ctx.Input.Param("order")
 
 	body := c.Ctx.Input.RequestBody
 
-	payment, err := object.NotifyPayment(c.Ctx.Request, body, owner, paymentName, orderId)
+	payment, err := object.NotifyPayment(c.Ctx.Request, body, owner, paymentName)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return

controllers/plan.go

@@ -114,7 +114,7 @@ func (c *ApiController) GetPlan() {
 // @router /update-plan [post]
 func (c *ApiController) UpdatePlan() {
 	id := c.Input().Get("id")
-
+	owner := util.GetOwnerFromId(id)
 	var plan object.Plan
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &plan)
 	if err != nil {
@@ -122,17 +122,19 @@ func (c *ApiController) UpdatePlan() {
 		return
 	}
 	if plan.Product != "" {
-		planId := util.GetId(plan.Owner, plan.Product)
-		product, err := object.GetProduct(planId)
+		productId := util.GetId(owner, plan.Product)
+		product, err := object.GetProduct(productId)
 		if err != nil {
 			c.ResponseError(err.Error())
 			return
 		}
-		object.UpdateProductForPlan(&plan, product)
-		_, err = object.UpdateProduct(planId, product)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
+		if product != nil {
+			object.UpdateProductForPlan(&plan, product)
+			_, err = object.UpdateProduct(productId, product)
+			if err != nil {
+				c.ResponseError(err.Error())
+				return
+			}
 		}
 	}
 	c.Data["json"] = wrapActionResponse(object.UpdatePlan(id, &plan))

controllers/product.go

@@ -187,11 +187,11 @@ func (c *ApiController) BuyProduct() {
 		return
 	}
 
-	payUrl, orderId, err := object.BuyProduct(id, user, providerName, pricingName, planName, host)
+	payment, err := object.BuyProduct(id, user, providerName, pricingName, planName, host)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	c.ResponseOk(payUrl, orderId)
+	c.ResponseOk(payment)
 }

controllers/syncer.go

@@ -160,7 +160,11 @@ func (c *ApiController) RunSyncer() {
 		return
 	}
 
-	object.RunSyncer(syncer)
+	err = object.RunSyncer(syncer)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
 
 	c.ResponseOk()
 }

controllers/user.go

@@ -258,6 +258,13 @@ func (c *ApiController) UpdateUser() {
 		return
 	}
 
+	if c.Input().Get("allowEmpty") == "" {
+		if user.DisplayName == "" {
+			c.ResponseError(c.T("user:Display name cannot be empty"))
+			return
+		}
+	}
+
 	if msg := object.CheckUpdateUser(oldUser, &user, c.GetAcceptLanguage()); msg != "" {
 		c.ResponseError(msg)
 		return
@@ -441,6 +448,10 @@ func (c *ApiController) SetPassword() {
 	}
 
 	targetUser, err := object.GetUser(userId)
+	if targetUser == nil {
+		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
+		return
+	}
 	if err != nil {
 		c.ResponseError(err.Error())
 		return

go.mod

@@ -6,14 +6,14 @@ require (
 	github.com/Masterminds/squirrel v1.5.3
 	github.com/RobotsAndPencils/go-saml v0.0.0-20170520135329-fb13cb52a46b
 	github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387
-	github.com/aliyun/alibaba-cloud-sdk-go v1.62.188 // indirect
-	github.com/aws/aws-sdk-go v1.44.4
+	github.com/aws/aws-sdk-go v1.45.5
 	github.com/beego/beego v1.12.12
 	github.com/beevik/etree v1.1.0
 	github.com/casbin/casbin v1.9.1 // indirect
-	github.com/casbin/casbin/v2 v2.30.1
-	github.com/casdoor/go-sms-sender v0.12.0
+	github.com/casbin/casbin/v2 v2.37.0
+	github.com/casdoor/go-sms-sender v0.14.0
 	github.com/casdoor/gomail/v2 v2.0.1
+	github.com/casdoor/notify v0.43.0
 	github.com/casdoor/oss v1.3.0
 	github.com/casdoor/xorm-adapter/v3 v3.0.4
 	github.com/casvisor/casvisor-go-sdk v1.0.3
@@ -30,14 +30,13 @@ require (
 	github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible
 	github.com/go-webauthn/webauthn v0.6.0
 	github.com/golang-jwt/jwt/v4 v4.5.0
-	github.com/google/uuid v1.3.0
+	github.com/google/uuid v1.3.1
 	github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
 	github.com/lestrrat-go/jwx v1.2.21
 	github.com/lib/pq v1.10.9
 	github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3
 	github.com/markbates/goth v1.75.2
 	github.com/mitchellh/mapstructure v1.5.0
-	github.com/nikoksr/notify v0.41.0
 	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d // indirect
 	github.com/nyaruka/phonenumbers v1.1.5
 	github.com/pquerna/otp v1.4.0
@@ -60,10 +59,12 @@ require (
 	github.com/xorm-io/core v0.7.4
 	github.com/xorm-io/xorm v1.1.6
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
-	golang.org/x/crypto v0.11.0
-	golang.org/x/net v0.13.0
-	golang.org/x/oauth2 v0.10.0
+	golang.org/x/crypto v0.12.0
+	golang.org/x/net v0.14.0
+	golang.org/x/oauth2 v0.11.0
+	google.golang.org/api v0.138.0
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0
+	maunium.net/go/mautrix v0.16.0
 	modernc.org/sqlite v1.18.2
 )

i18n/generate_test.go

@@ -38,7 +38,13 @@ func TestGenerateI18nFrontend(t *testing.T) {
 	applyToOtherLanguage("frontend", "tr", data)
 	applyToOtherLanguage("frontend", "ar", data)
 	applyToOtherLanguage("frontend", "he", data)
+	applyToOtherLanguage("frontend", "nl", data)
+	applyToOtherLanguage("frontend", "pl", data)
 	applyToOtherLanguage("frontend", "fi", data)
+	applyToOtherLanguage("frontend", "sv", data)
+	applyToOtherLanguage("frontend", "uk", data)
+	applyToOtherLanguage("frontend", "kk", data)
+	applyToOtherLanguage("frontend", "fa", data)
 }
 
 func TestGenerateI18nBackend(t *testing.T) {
@@ -60,5 +66,11 @@ func TestGenerateI18nBackend(t *testing.T) {
 	applyToOtherLanguage("backend", "tr", data)
 	applyToOtherLanguage("backend", "ar", data)
 	applyToOtherLanguage("backend", "he", data)
+	applyToOtherLanguage("backend", "nl", data)
+	applyToOtherLanguage("backend", "pl", data)
 	applyToOtherLanguage("backend", "fi", data)
+	applyToOtherLanguage("backend", "sv", data)
+	applyToOtherLanguage("backend", "uk", data)
+	applyToOtherLanguage("backend", "kk", data)
+	applyToOtherLanguage("backend", "fa", data)
 }

i18n/locales/fa/data.json

@@ -0,0 +1,142 @@
+{
+  "account": {
+    "Failed to add user": "Failed to add user",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Please sign out first": "Please sign out first",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "auth": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "general": {
+    "Missing parameter": "Missing parameter",
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "don't support captchaProvider: ": "don't support captchaProvider: ",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "token": {
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space."
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
+  "verification": {
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
+  }
+}

i18n/locales/kk/data.json

@@ -0,0 +1,142 @@
+{
+  "account": {
+    "Failed to add user": "Failed to add user",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Please sign out first": "Please sign out first",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "auth": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "general": {
+    "Missing parameter": "Missing parameter",
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "don't support captchaProvider: ": "don't support captchaProvider: ",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "token": {
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space."
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
+  "verification": {
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
+  }
+}

i18n/locales/nl/data.json

@@ -0,0 +1,142 @@
+{
+  "account": {
+    "Failed to add user": "Failed to add user",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Please sign out first": "Please sign out first",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "auth": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "general": {
+    "Missing parameter": "Missing parameter",
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "don't support captchaProvider: ": "don't support captchaProvider: ",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "token": {
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space."
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
+  "verification": {
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
+  }
+}

i18n/locales/pl/data.json

@@ -0,0 +1,142 @@
+{
+  "account": {
+    "Failed to add user": "Failed to add user",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Please sign out first": "Please sign out first",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "auth": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "general": {
+    "Missing parameter": "Missing parameter",
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "don't support captchaProvider: ": "don't support captchaProvider: ",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "token": {
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space."
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
+  "verification": {
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
+  }
+}

i18n/locales/sv/data.json

@@ -0,0 +1,142 @@
+{
+  "account": {
+    "Failed to add user": "Failed to add user",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Please sign out first": "Please sign out first",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "auth": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "general": {
+    "Missing parameter": "Missing parameter",
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "don't support captchaProvider: ": "don't support captchaProvider: ",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "token": {
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space."
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
+  "verification": {
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
+  }
+}

i18n/locales/uk/data.json

@@ -0,0 +1,142 @@
+{
+  "account": {
+    "Failed to add user": "Failed to add user",
+    "Get init score failed, error: %w": "Get init score failed, error: %w",
+    "Please sign out first": "Please sign out first",
+    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
+  },
+  "auth": {
+    "Challenge method should be S256": "Challenge method should be S256",
+    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
+    "Failed to login in: %s": "Failed to login in: %s",
+    "Invalid token": "Invalid token",
+    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
+    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
+    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
+    "The application: %s does not exist": "The application: %s does not exist",
+    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
+    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
+    "Unauthorized operation": "Unauthorized operation",
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
+    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
+  },
+  "cas": {
+    "Service %s and %s do not match": "Service %s and %s do not match"
+  },
+  "check": {
+    "Affiliation cannot be blank": "Affiliation cannot be blank",
+    "DisplayName cannot be blank": "DisplayName cannot be blank",
+    "DisplayName is not valid real name": "DisplayName is not valid real name",
+    "Email already exists": "Email already exists",
+    "Email cannot be empty": "Email cannot be empty",
+    "Email is invalid": "Email is invalid",
+    "Empty username.": "Empty username.",
+    "FirstName cannot be blank": "FirstName cannot be blank",
+    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
+    "LastName cannot be blank": "LastName cannot be blank",
+    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
+    "Organization does not exist": "Organization does not exist",
+    "Password must have at least 6 characters": "Password must have at least 6 characters",
+    "Phone already exists": "Phone already exists",
+    "Phone cannot be empty": "Phone cannot be empty",
+    "Phone number is invalid": "Phone number is invalid",
+    "Session outdated, please login again": "Session outdated, please login again",
+    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
+    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
+    "Username already exists": "Username already exists",
+    "Username cannot be an email address": "Username cannot be an email address",
+    "Username cannot contain white spaces": "Username cannot contain white spaces",
+    "Username cannot start with a digit": "Username cannot start with a digit",
+    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
+    "Username must have at least 2 characters": "Username must have at least 2 characters",
+    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
+    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
+    "password or code is incorrect": "password or code is incorrect",
+    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
+    "unsupported password type: %s": "unsupported password type: %s"
+  },
+  "general": {
+    "Missing parameter": "Missing parameter",
+    "Please login first": "Please login first",
+    "The user: %s doesn't exist": "The user: %s doesn't exist",
+    "don't support captchaProvider: ": "don't support captchaProvider: ",
+    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+  },
+  "ldap": {
+    "Ldap server exist": "Ldap server exist"
+  },
+  "link": {
+    "Please link first": "Please link first",
+    "This application has no providers": "This application has no providers",
+    "This application has no providers of type": "This application has no providers of type",
+    "This provider can't be unlinked": "This provider can't be unlinked",
+    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
+    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
+  },
+  "organization": {
+    "Only admin can modify the %s.": "Only admin can modify the %s.",
+    "The %s is immutable.": "The %s is immutable.",
+    "Unknown modify rule %s.": "Unknown modify rule %s."
+  },
+  "provider": {
+    "Invalid application id": "Invalid application id",
+    "the provider: %s does not exist": "the provider: %s does not exist"
+  },
+  "resource": {
+    "User is nil for tag: avatar": "User is nil for tag: avatar",
+    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
+  },
+  "saml": {
+    "Application %s not found": "Application %s not found"
+  },
+  "saml_sp": {
+    "provider %s's category is not SAML": "provider %s's category is not SAML"
+  },
+  "service": {
+    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
+    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
+    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
+  },
+  "storage": {
+    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
+    "The provider type: %s is not supported": "The provider type: %s is not supported"
+  },
+  "token": {
+    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
+    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
+    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
+    "Invalid client_id": "Invalid client_id",
+    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
+    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
+  },
+  "user": {
+    "Display name cannot be empty": "Display name cannot be empty",
+    "New password cannot contain blank space.": "New password cannot contain blank space."
+  },
+  "user_upload": {
+    "Failed to import users": "Failed to import users"
+  },
+  "util": {
+    "No application is found for userId: %s": "No application is found for userId: %s",
+    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
+  "verification": {
+    "Code has not been sent yet!": "Code has not been sent yet!",
+    "Invalid captcha provider.": "Invalid captcha provider.",
+    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
+    "Turing test failed.": "Turing test failed.",
+    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
+    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
+    "Unknown type": "Unknown type",
+    "Wrong verification code!": "Wrong verification code!",
+    "You should verify your code in %d min!": "You should verify your code in %d min!",
+    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
+  },
+  "webauthn": {
+    "Found no credentials for this user": "Found no credentials for this user",
+    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
+  }
+}

idp/facebook.go

@@ -72,13 +72,13 @@ type FacebookCheckToken struct {
 }
 
 // FacebookCheckTokenData
-// Get more detail via: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#checktoken
+// Get more detail via: https://developers.facebook.com/docs/facebook-login/guides/advanced/manual-flow#checktoken
 type FacebookCheckTokenData struct {
 	UserId string `json:"user_id"`
 }
 
 // GetToken use code get access_token (*operation of getting code ought to be done in front)
-// get more detail via: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#confirm
+// get more detail via: https://developers.facebook.com/docs/facebook-login/guides/advanced/manual-flow#confirm
 func (idp *FacebookIdProvider) GetToken(code string) (*oauth2.Token, error) {
 	params := url.Values{}
 	params.Add("client_id", idp.Config.ClientID)

init_data.json.template

@@ -9,11 +9,11 @@
       "passwordType": "plain",
       "passwordSalt": "",
       "passwordOptions": ["AtLeast6"],
-      "countryCodes": ["US", "ES", "CN", "FR", "DE", "GB", "JP", "KR", "VN", "ID", "SG", "IN", "IT", "MY", "TR", "DZ", "IL", "PH"],
+      "countryCodes": ["US", "GB", "ES", "FR", "DE", "CN", "JP", "KR", "VN", "ID", "SG", "IN", "IT", "MY", "TR", "DZ", "IL", "PH", "NL", "PL", "FI", "SE", "UA", "KZ"],
       "defaultAvatar": "",
       "defaultApplication": "",
       "tags": [],
-      "languages": ["en", "zh", "es", "fr", "de", "id", "ja", "ko", "ru", "vi", "it", "ms", "tr","ar", "he", "fi"],
+      "languages": ["en", "zh", "es", "fr", "de", "id", "ja", "ko", "ru", "vi", "it", "ms", "tr","ar", "he", "nl", "pl", "fi", "sv", "uk", "kk", "fa"],
       "masterPassword": "",
       "initScore": 2000,
       "enableSoftDeletion": false,

notification/bark.go

@@ -0,0 +1,29 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package notification
+
+import (
+	"github.com/casdoor/notify"
+	"github.com/casdoor/notify/service/bark"
+)
+
+func NewBarkProvider(deviceKey string) (notify.Notifier, error) {
+	barkSrv := bark.New(deviceKey)
+
+	notifier := notify.New()
+	notifier.UseServices(barkSrv)
+
+	return notifier, nil
+}

notification/dingtalk.go

@@ -0,0 +1,33 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package notification
+
+import (
+	"github.com/casdoor/notify"
+	"github.com/casdoor/notify/service/dingding"
+)
+
+func NewDingTalkProvider(token string, secret string) (notify.Notifier, error) {
+	cfg := dingding.Config{
+		Token:  token,
+		Secret: secret,
+	}
+	dingtalkSrv := dingding.New(&cfg)
+
+	notifier := notify.New()
+	notifier.UseServices(dingtalkSrv)
+
+	return notifier, nil
+}

notification/discord.go

@@ -0,0 +1,37 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package notification
+
+import (
+	"github.com/casdoor/casdoor/proxy"
+	"github.com/casdoor/notify"
+	"github.com/casdoor/notify/service/discord"
+)
+
+func NewDiscordProvider(token string, channelId string) (*notify.Notify, error) {
+	discordSrv := discord.New()
+
+	err := discordSrv.AuthenticateWithBotToken(token)
+	if err != nil {
+		return nil, err
+	}
+
+	discordSrv.SetHttpClient(proxy.ProxyHttpClient)
+	discordSrv.AddReceivers(channelId)
+
+	notifier := notify.NewWithServices(discordSrv)
+
+	return notifier, nil
+}

notification/google_chat.go

@@ -0,0 +1,53 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package notification
+
+import (
+	"context"
+	"strings"
+
+	"github.com/casdoor/notify"
+	"github.com/casdoor/notify/service/googlechat"
+	"google.golang.org/api/chat/v1"
+	"google.golang.org/api/option"
+)
+
+func NewGoogleChatProvider(credentials string) (*notify.Notify, error) {
+	withCred := option.WithCredentialsJSON([]byte(credentials))
+	withSpacesScope := option.WithScopes("https://www.googleapis.com/auth/chat.spaces")
+
+	listSvc, err := chat.NewService(context.Background(), withCred, withSpacesScope)
+	spaces, err := listSvc.Spaces.List().Do()
+	if err != nil {
+		return nil, err
+	}
+
+	receivers := make([]string, 0)
+	for _, space := range spaces.Spaces {
+		name := strings.Replace(space.Name, "spaces/", "", 1)
+		receivers = append(receivers, name)
+	}
+
+	googleChatSrv, err := googlechat.New(withCred)
+	if err != nil {
+		return nil, err
+	}
+
+	googleChatSrv.AddReceivers(receivers...)
+
+	notifier := notify.NewWithServices(googleChatSrv)
+
+	return notifier, nil
+}

notification/lark.go

@@ -0,0 +1,29 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package notification
+
+import (
+	"github.com/casdoor/notify"
+	"github.com/casdoor/notify/service/lark"
+)
+
+func NewLarkProvider(webhookURL string) (notify.Notifier, error) {
+	larkSrv := lark.NewWebhookService(webhookURL)
+
+	notifier := notify.New()
+	notifier.UseServices(larkSrv)
+
+	return notifier, nil
+}

notification/line.go

@@ -0,0 +1,32 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package notification
+
+import (
+	"github.com/casdoor/casdoor/proxy"
+	"github.com/casdoor/notify"
+	"github.com/casdoor/notify/service/line"
+)
+
+func NewLineProvider(channelSecret string, accessToken string, receiver string) (*notify.Notify, error) {
+	lineSrv, _ := line.NewWithHttpClient(channelSecret, accessToken, proxy.ProxyHttpClient)
+
+	lineSrv.AddReceivers(receiver)
+
+	notifier := notify.New()
+	notifier.UseServices(lineSrv)
+
+	return notifier, nil
+}

notification/matrix.go

@@ -0,0 +1,36 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package notification
+
+import (
+	"github.com/casdoor/casdoor/proxy"
+	"github.com/casdoor/notify"
+	"github.com/casdoor/notify/service/matrix"
+	"maunium.net/go/mautrix/id"
+)
+
+func NewMatrixProvider(userId string, roomId string, accessToken string, homeServer string) (*notify.Notify, error) {
+	matrixSrv, err := matrix.New(id.UserID(userId), id.RoomID(roomId), homeServer, accessToken)
+	if err != nil {
+		return nil, err
+	}
+
+	matrixSrv.SetHttpClient(proxy.ProxyHttpClient)
+
+	notifier := notify.New()
+	notifier.UseServices(matrixSrv)
+
+	return notifier, nil
+}

notification/microsoft_teams.go

@@ -0,0 +1,31 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package notification
+
+import (
+	"github.com/casdoor/notify"
+	"github.com/casdoor/notify/service/msteams"
+)
+
+func NewMicrosoftTeamsProvider(webhookURL string) (notify.Notifier, error) {
+	msTeamsSrv := msteams.New()
+
+	msTeamsSrv.AddReceivers(webhookURL)
+
+	notifier := notify.New()
+	notifier.UseServices(msTeamsSrv)
+
+	return notifier, nil
+}

notification/provider.go

@@ -14,13 +14,45 @@
 
 package notification
 
-import "github.com/nikoksr/notify"
+import "github.com/casdoor/notify"
 
-func GetNotificationProvider(typ string, appId string, receiver string, method string, title string) (notify.Notifier, error) {
+func GetNotificationProvider(typ string, clientId string, clientSecret string, clientId2 string, clientSecret2 string, appId string, receiver string, method string, title string, metaData string) (notify.Notifier, error) {
 	if typ == "Telegram" {
 		return NewTelegramProvider(appId, receiver)
 	} else if typ == "Custom HTTP" {
 		return NewCustomHttpProvider(receiver, method, title)
+	} else if typ == "DingTalk" {
+		return NewDingTalkProvider(appId, receiver)
+	} else if typ == "Lark" {
+		return NewLarkProvider(receiver)
+	} else if typ == "Microsoft Teams" {
+		return NewMicrosoftTeamsProvider(receiver)
+	} else if typ == "Bark" {
+		return NewBarkProvider(receiver)
+	} else if typ == "Pushover" {
+		return NewPushoverProvider(appId, receiver)
+	} else if typ == "Pushbullet" {
+		return NewPushbulletProvider(appId, receiver)
+	} else if typ == "Slack" {
+		return NewSlackProvider(appId, receiver)
+	} else if typ == "Webpush" {
+		return NewWebpushProvider(clientId, clientSecret, receiver)
+	} else if typ == "Discord" {
+		return NewDiscordProvider(appId, receiver)
+	} else if typ == "Google Chat" {
+		return NewGoogleChatProvider(metaData)
+	} else if typ == "Line" {
+		return NewLineProvider(clientSecret, appId, receiver)
+	} else if typ == "Matrix" {
+		return NewMatrixProvider(clientId, clientSecret, appId, receiver)
+	} else if typ == "Twitter" {
+		return NewTwitterProvider(clientId, clientSecret, clientId2, clientSecret2, receiver)
+	} else if typ == "Reddit" {
+		return NewRedditProvider(clientId, clientSecret, clientId2, clientSecret2, receiver)
+	} else if typ == "Rocket Chat" {
+		return NewRocketChatProvider(clientId, clientSecret, appId, receiver)
+	} else if typ == "Viber" {
+		return NewViberProvider(clientId, clientSecret, appId, receiver)
 	}
 
 	return nil, nil

notification/pushbullet.go

@@ -0,0 +1,31 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package notification
+
+import (
+	"github.com/casdoor/notify"
+	"github.com/casdoor/notify/service/pushbullet"
+)
+
+func NewPushbulletProvider(apiToken string, deviceNickname string) (notify.Notifier, error) {
+	pushbulletSrv := pushbullet.New(apiToken)
+
+	pushbulletSrv.AddReceivers(deviceNickname)
+
+	notifier := notify.New()
+	notifier.UseServices(pushbulletSrv)
+
+	return notifier, nil
+}

notification/pushover.go

@@ -0,0 +1,31 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package notification
+
+import (
+	"github.com/casdoor/notify"
+	"github.com/casdoor/notify/service/pushover"
+)
+
+func NewPushoverProvider(appToken string, recipientID string) (notify.Notifier, error) {
+	pushoverSrv := pushover.New(appToken)
+
+	pushoverSrv.AddReceivers(recipientID)
+
+	notifier := notify.New()
+	notifier.UseServices(pushoverSrv)
+
+	return notifier, nil
+}

notification/reddit.go

@@ -0,0 +1,34 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package notification
+
+import (
+	"github.com/casdoor/notify"
+	"github.com/casdoor/notify/service/reddit"
+)
+
+func NewRedditProvider(clientId string, clientSecret string, username string, password string, recipient string) (notify.Notifier, error) {
+	redditSrv, err := reddit.New(clientId, clientSecret, username, password)
+	if err != nil {
+		return nil, err
+	}
+
+	redditSrv.AddReceivers(recipient)
+
+	notifier := notify.New()
+	notifier.UseServices(redditSrv)
+
+	return notifier, nil
+}

notification/rocket_chat.go

@@ -0,0 +1,47 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package notification
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/casdoor/notify"
+	"github.com/casdoor/notify/service/rocketchat"
+)
+
+func NewRocketChatProvider(clientId string, clientSecret string, endpoint string, channelName string) (notify.Notifier, error) {
+	parts := strings.Split(endpoint, "://")
+
+	var scheme, serverURL string
+	if len(parts) >= 2 {
+		scheme = parts[0]
+		serverURL = parts[1]
+	} else {
+		return nil, fmt.Errorf("parse endpoint error")
+	}
+
+	rocketChatSrv, err := rocketchat.New(serverURL, scheme, clientId, clientSecret)
+	if err != nil {
+		return nil, err
+	}
+
+	rocketChatSrv.AddReceivers(channelName)
+
+	notifier := notify.New()
+	notifier.UseServices(rocketChatSrv)
+
+	return notifier, nil
+}

notification/slack.go

@@ -0,0 +1,30 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package notification
+
+import (
+	"github.com/casdoor/notify"
+	"github.com/casdoor/notify/service/slack"
+)
+
+func NewSlackProvider(apiToken string, channelID string) (*notify.Notify, error) {
+	slackSrv := slack.New(apiToken)
+	slackSrv.AddReceivers(channelID)
+
+	notifier := notify.New()
+	notifier.UseServices(slackSrv)
+
+	return notifier, nil
+}

notification/telegram.go

@@ -18,9 +18,9 @@ import (
 	"strconv"
 
 	"github.com/casdoor/casdoor/proxy"
+	"github.com/casdoor/notify"
+	"github.com/casdoor/notify/service/telegram"
 	api "github.com/go-telegram-bot-api/telegram-bot-api"
-	"github.com/nikoksr/notify"
-	"github.com/nikoksr/notify/service/telegram"
 )
 
 func NewTelegramProvider(apiToken string, chatIdStr string) (notify.Notifier, error) {
@@ -28,15 +28,18 @@ func NewTelegramProvider(apiToken string, chatIdStr string) (notify.Notifier, er
 	if err != nil {
 		return nil, err
 	}
-	t := &telegram.Telegram{}
-	t.SetClient(client)
+	telegramSrv := &telegram.Telegram{}
+	telegramSrv.SetClient(client)
 
 	chatId, err := strconv.ParseInt(chatIdStr, 10, 64)
 	if err != nil {
 		return nil, err
 	}
 
-	t.AddReceivers(chatId)
+	telegramSrv.AddReceivers(chatId)
 
-	return t, nil
+	notifier := notify.New()
+	notifier.UseServices(telegramSrv)
+
+	return notifier, nil
 }

notification/twitter.go

@@ -0,0 +1,41 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package notification
+
+import (
+	"github.com/casdoor/casdoor/proxy"
+	"github.com/casdoor/notify"
+	"github.com/casdoor/notify/service/twitter"
+)
+
+func NewTwitterProvider(consumerKey string, consumerSecret string, accessToken string, accessTokenSecret string, twitterId string) (*notify.Notify, error) {
+	credentials := twitter.Credentials{
+		ConsumerKey:       consumerKey,
+		ConsumerSecret:    consumerSecret,
+		AccessToken:       accessToken,
+		AccessTokenSecret: accessTokenSecret,
+	}
+	twitterSrv, err := twitter.NewWithHttpClient(credentials, proxy.ProxyHttpClient)
+	if err != nil {
+		return nil, err
+	}
+
+	twitterSrv.AddReceivers(twitterId)
+
+	notifier := notify.New()
+	notifier.UseServices(twitterSrv)
+
+	return notifier, nil
+}

notification/viber.go

@@ -0,0 +1,36 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package notification
+
+import (
+	"github.com/casdoor/notify"
+	"github.com/casdoor/notify/service/viber"
+)
+
+func NewViberProvider(senderName string, appKey string, webhookURL string, receiverId string) (notify.Notifier, error) {
+	viberSrv := viber.New(appKey, senderName, "")
+
+	err := viberSrv.SetWebhook(webhookURL)
+	if err != nil {
+		return nil, err
+	}
+
+	viberSrv.AddReceivers(receiverId)
+
+	notifier := notify.New()
+	notifier.UseServices(viberSrv)
+
+	return notifier, nil
+}

notification/webpush.go

@@ -0,0 +1,33 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package notification
+
+import (
+	"github.com/casdoor/notify"
+	"github.com/casdoor/notify/service/webpush"
+)
+
+func NewWebpushProvider(publicKey string, privateKey string, endpoint string) (*notify.Notify, error) {
+	webpushSrv := webpush.New(publicKey, privateKey)
+
+	subscription := webpush.Subscription{
+		Endpoint: endpoint,
+	}
+	webpushSrv.AddReceivers(subscription)
+
+	notifier := notify.NewWithServices(webpushSrv)
+
+	return notifier, nil
+}

object/adapter.go

@@ -151,7 +151,7 @@ func (adapter *Adapter) InitAdapter() error {
 	if adapter.Adapter == nil {
 		var dataSourceName string
 
-		if adapter.builtInAdapter() {
+		if adapter.isBuiltIn() {
 			dataSourceName = conf.GetConfigString("dataSourceName")
 			if adapter.DatabaseType == "mysql" {
 				dataSourceName = dataSourceName + adapter.Database
@@ -183,6 +183,14 @@ func (adapter *Adapter) InitAdapter() error {
 
 		var err error
 		engine, err := xorm.NewEngine(adapter.DatabaseType, dataSourceName)
+
+		if adapter.isBuiltIn() && adapter.DatabaseType == "postgres" {
+			schema := util.GetValueFromDataSourceName("search_path", dataSourceName)
+			if schema != "" {
+				engine.SetSchema(schema)
+			}
+		}
+
 		adapter.Adapter, err = xormadapter.NewAdapterByEngineWithTableName(engine, adapter.getTable(), adapter.TableNamePrefix)
 		if err != nil {
 			return err
@@ -211,7 +219,7 @@ func adapterChangeTrigger(oldName string, newName string) error {
 	return session.Commit()
 }
 
-func (adapter *Adapter) builtInAdapter() bool {
+func (adapter *Adapter) isBuiltIn() bool {
 	if adapter.Owner != "built-in" {
 		return false
 	}

object/application.go

@@ -57,6 +57,7 @@ type Application struct {
 	SignupItems         []*SignupItem   `xorm:"varchar(1000)" json:"signupItems"`
 	GrantTypes          []string        `xorm:"varchar(1000)" json:"grantTypes"`
 	OrganizationObj     *Organization   `xorm:"-" json:"organizationObj"`
+	CertPublicKey       string          `xorm:"-" json:"certPublicKey"`
 	Tags                []string        `xorm:"mediumtext" json:"tags"`
 	InvitationCodes     []string        `xorm:"varchar(200)" json:"invitationCodes"`
 
@@ -427,15 +428,14 @@ func (application *Application) GetId() string {
 }
 
 func (application *Application) IsRedirectUriValid(redirectUri string) bool {
-	isValid := false
-	for _, targetUri := range application.RedirectUris {
+	redirectUris := append([]string{"http://localhost:"}, application.RedirectUris...)
+	for _, targetUri := range redirectUris {
 		targetUriRegex := regexp.MustCompile(targetUri)
 		if targetUriRegex.MatchString(redirectUri) || strings.Contains(redirectUri, targetUri) {
-			isValid = true
-			break
+			return true
 		}
 	}
-	return isValid
+	return false
 }
 
 func IsOriginAllowed(origin string) (bool, error) {

object/check.go

@@ -66,8 +66,11 @@ func CheckUserSignup(application *Application, organization *Organization, form
 		}
 	}
 
-	if len(form.Password) <= 5 {
-		return i18n.Translate(lang, "check:Password must have at least 6 characters")
+	if application.IsSignupItemVisible("Password") {
+		msg := CheckPasswordComplexityByOrg(organization, form.Password)
+		if msg != "" {
+			return msg
+		}
 	}
 
 	if application.IsSignupItemVisible("Email") {
@@ -126,7 +129,9 @@ func CheckUserSignup(application *Application, organization *Organization, form
 
 	if len(application.InvitationCodes) > 0 {
 		if form.InvitationCode == "" {
-			return i18n.Translate(lang, "check:Invitation code cannot be blank")
+			if application.IsSignupItemRequired("Invitation code") {
+				return i18n.Translate(lang, "check:Invitation code cannot be blank")
+			}
 		} else {
 			if !util.InSlice(application.InvitationCodes, form.InvitationCode) {
 				return i18n.Translate(lang, "check:Invitation code is invalid")
@@ -401,10 +406,6 @@ func CheckUsername(username string, lang string) string {
 }
 
 func CheckUpdateUser(oldUser, user *User, lang string) string {
-	if user.DisplayName == "" {
-		return i18n.Translate(lang, "user:Display name cannot be empty")
-	}
-
 	if oldUser.Name != user.Name {
 		if msg := CheckUsername(user.Name, lang); msg != "" {
 			return msg
@@ -414,7 +415,7 @@ func CheckUpdateUser(oldUser, user *User, lang string) string {
 		}
 	}
 	if oldUser.Email != user.Email {
-		if HasUserByField(user.Name, "email", user.Email) {
+		if HasUserByField(user.Owner, "email", user.Email) {
 			return i18n.Translate(lang, "check:Email already exists")
 		}
 	}

object/mfa_totp.go

@@ -81,12 +81,15 @@ func (mfa *TotpMfa) SetupVerify(ctx *context.Context, passcode string) error {
 		return errors.New("totp secret is missing")
 	}
 
-	result, _ := totp.ValidateCustom(passcode, secret.(string), time.Now().UTC(), totp.ValidateOpts{
+	result, err := totp.ValidateCustom(passcode, secret.(string), time.Now().UTC(), totp.ValidateOpts{
 		Period:    MfaTotpPeriodInSeconds,
 		Skew:      1,
 		Digits:    otp.DigitsSix,
 		Algorithm: otp.AlgorithmSHA1,
 	})
+	if err != nil {
+		return err
+	}
 
 	if result {
 		return nil
@@ -125,7 +128,15 @@ func (mfa *TotpMfa) Enable(ctx *context.Context, user *User) error {
 }
 
 func (mfa *TotpMfa) Verify(passcode string) error {
-	result := totp.Validate(passcode, mfa.Config.Secret)
+	result, err := totp.ValidateCustom(passcode, mfa.Config.Secret, time.Now().UTC(), totp.ValidateOpts{
+		Period:    MfaTotpPeriodInSeconds,
+		Skew:      1,
+		Digits:    otp.DigitsSix,
+		Algorithm: otp.AlgorithmSHA1,
+	})
+	if err != nil {
+		return err
+	}
 
 	if result {
 		return nil

object/notification.go

@@ -18,12 +18,12 @@ import (
 	"context"
 
 	"github.com/casdoor/casdoor/notification"
-	"github.com/nikoksr/notify"
+	"github.com/casdoor/notify"
 )
 
 func getNotificationClient(provider *Provider) (notify.Notifier, error) {
 	var client notify.Notifier
-	client, err := notification.GetNotificationProvider(provider.Type, provider.AppId, provider.Receiver, provider.Method, provider.Title)
+	client, err := notification.GetNotificationProvider(provider.Type, provider.ClientId, provider.ClientSecret, provider.ClientId2, provider.ClientSecret2, provider.AppId, provider.Receiver, provider.Method, provider.Title, provider.Metadata)
 	if err != nil {
 		return nil, err
 	}

object/ormer.go

@@ -18,11 +18,14 @@ import (
 	"database/sql"
 	"flag"
 	"fmt"
+	"os"
+	"regexp"
 	"runtime"
 	"strings"
 
 	"github.com/beego/beego"
 	"github.com/casdoor/casdoor/conf"
+	"github.com/casdoor/casdoor/util"
 	xormadapter "github.com/casdoor/xorm-adapter/v3"
 	_ "github.com/denisenkom/go-mssqldb" // db = mssql
 	_ "github.com/go-sql-driver/mysql"   // db = mysql
@@ -65,6 +68,17 @@ func InitConfig() {
 }
 
 func InitAdapter() {
+	if conf.GetConfigString("driverName") == "" {
+		if !util.FileExist("conf/app.conf") {
+			dir, err := os.Getwd()
+			if err != nil {
+				panic(err)
+			}
+			dir = strings.ReplaceAll(dir, "\\", "/")
+			panic(fmt.Sprintf("The Casdoor config file: \"app.conf\" was not found, it should be placed at: \"%s/conf/app.conf\"", dir))
+		}
+	}
+
 	if createDatabase {
 		err := createDatabaseForPostgres(conf.GetConfigString("driverName"), conf.GetConfigDataSourceName(), conf.GetConfigString("dbName"))
 		if err != nil {
@@ -122,9 +136,14 @@ func NewAdapter(driverName string, dataSourceName string, dbName string) *Ormer
 	return a
 }
 
+func refineDataSourceNameForPostgres(dataSourceName string) string {
+	reg := regexp.MustCompile(`dbname=[^ ]+\s*`)
+	return reg.ReplaceAllString(dataSourceName, "")
+}
+
 func createDatabaseForPostgres(driverName string, dataSourceName string, dbName string) error {
 	if driverName == "postgres" {
-		db, err := sql.Open(driverName, dataSourceName)
+		db, err := sql.Open(driverName, refineDataSourceNameForPostgres(dataSourceName))
 		if err != nil {
 			return err
 		}
@@ -136,6 +155,21 @@ func createDatabaseForPostgres(driverName string, dataSourceName string, dbName
 				return err
 			}
 		}
+		schema := util.GetValueFromDataSourceName("search_path", dataSourceName)
+		if schema != "" {
+			db, err = sql.Open(driverName, dataSourceName)
+			if err != nil {
+				return err
+			}
+			defer db.Close()
+
+			_, err = db.Exec(fmt.Sprintf("CREATE SCHEMA %s;", schema))
+			if err != nil {
+				if !strings.Contains(err.Error(), "already exists") {
+					return err
+				}
+			}
+		}
 
 		return nil
 	} else {
@@ -168,6 +202,12 @@ func (a *Ormer) open() {
 	if err != nil {
 		panic(err)
 	}
+	if a.driverName == "postgres" {
+		schema := util.GetValueFromDataSourceName("search_path", dataSourceName)
+		if schema != "" {
+			engine.SetSchema(schema)
+		}
+	}
 
 	a.Engine = engine
 }

object/payment.go

@@ -55,6 +55,7 @@ type Payment struct {
 	// Order Info
 	OutOrderId string          `xorm:"varchar(100)" json:"outOrderId"`
 	PayUrl     string          `xorm:"varchar(2000)" json:"payUrl"`
+	SuccessUrl string          `xorm:"varchar(2000)" json:"successUrl""` // `successUrl` is redirected from `payUrl` after pay success
 	State      pp.PaymentState `xorm:"varchar(100)" json:"state"`
 	Message    string          `xorm:"varchar(2000)" json:"message"`
 }
@@ -152,7 +153,7 @@ func DeletePayment(payment *Payment) (bool, error) {
 	return affected != 0, nil
 }
 
-func notifyPayment(request *http.Request, body []byte, owner string, paymentName string, orderId string) (*Payment, *pp.NotifyResult, error) {
+func notifyPayment(request *http.Request, body []byte, owner string, paymentName string) (*Payment, *pp.NotifyResult, error) {
 	payment, err := getPayment(owner, paymentName)
 	if err != nil {
 		return nil, nil, err
@@ -180,11 +181,7 @@ func notifyPayment(request *http.Request, body []byte, owner string, paymentName
 		return nil, nil, err
 	}
 
-	if orderId == "" {
-		orderId = payment.OutOrderId
-	}
-
-	notifyResult, err := pProvider.Notify(request, body, cert.AuthorityPublicKey, orderId)
+	notifyResult, err := pProvider.Notify(request, body, cert.AuthorityPublicKey, payment.OutOrderId)
 	if err != nil {
 		return payment, nil, err
 	}
@@ -205,8 +202,8 @@ func notifyPayment(request *http.Request, body []byte, owner string, paymentName
 	return payment, notifyResult, nil
 }
 
-func NotifyPayment(request *http.Request, body []byte, owner string, paymentName string, orderId string) (*Payment, error) {
-	payment, notifyResult, err := notifyPayment(request, body, owner, paymentName, orderId)
+func NotifyPayment(request *http.Request, body []byte, owner string, paymentName string) (*Payment, error) {
+	payment, notifyResult, err := notifyPayment(request, body, owner, paymentName)
 	if payment != nil {
 		if err != nil {
 			payment.State = pp.PaymentStateError

object/permission.go

@@ -30,6 +30,7 @@ type Permission struct {
 	Description string `xorm:"varchar(100)" json:"description"`
 
 	Users   []string `xorm:"mediumtext" json:"users"`
+	Groups  []string `xorm:"mediumtext" json:"groups"`
 	Roles   []string `xorm:"mediumtext" json:"roles"`
 	Domains []string `xorm:"mediumtext" json:"domains"`
 

object/permission_enforcer.go

@@ -79,9 +79,7 @@ func (p *Permission) setEnforcerAdapter(enforcer *casbin.Enforcer) error {
 		}
 	}
 	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
-	driverName := conf.GetConfigString("driverName")
-	dataSourceName := conf.GetConfigRealDataSourceName(driverName)
-	adapter, err := xormadapter.NewAdapterWithTableName(driverName, dataSourceName, tableName, tableNamePrefix, true)
+	adapter, err := xormadapter.NewAdapterByEngineWithTableName(ormer.Engine, tableName, tableNamePrefix)
 	if err != nil {
 		return err
 	}

object/plan.go

@@ -16,6 +16,7 @@ package object
 
 import (
 	"fmt"
+	"time"
 
 	"github.com/casdoor/casdoor/util"
 	"github.com/xorm-io/core"
@@ -28,10 +29,10 @@ type Plan struct {
 	DisplayName string `xorm:"varchar(100)" json:"displayName"`
 	Description string `xorm:"varchar(100)" json:"description"`
 
-	PricePerMonth    float64  `json:"pricePerMonth"`
-	PricePerYear     float64  `json:"pricePerYear"`
+	Price            float64  `json:"price"`
 	Currency         string   `xorm:"varchar(100)" json:"currency"`
-	Product          string   `json:"product"`                              // related product id
+	Period           string   `xorm:"varchar(100)" json:"period"`
+	Product          string   `xorm:"varchar(100)" json:"product"`
 	PaymentProviders []string `xorm:"varchar(100)" json:"paymentProviders"` // payment providers for related product
 	IsEnabled        bool     `json:"isEnabled"`
 
@@ -39,10 +40,28 @@ type Plan struct {
 	Options []string `xorm:"-" json:"options"`
 }
 
+const (
+	PeriodMonthly = "Monthly"
+	PeriodYearly  = "Yearly"
+)
+
 func (plan *Plan) GetId() string {
 	return fmt.Sprintf("%s/%s", plan.Owner, plan.Name)
 }
 
+func GetDuration(period string) (startTime time.Time, endTime time.Time) {
+	if period == PeriodYearly {
+		startTime = time.Now()
+		endTime = startTime.AddDate(1, 0, 0)
+	} else if period == PeriodMonthly {
+		startTime = time.Now()
+		endTime = startTime.AddDate(0, 1, 0)
+	} else {
+		panic(fmt.Sprintf("invalid period: %s", period))
+	}
+	return
+}
+
 func GetPlanCount(owner, field, value string) (int64, error) {
 	session := GetSession(owner, -1, -1, field, value, "", "")
 	return session.Count(&Plan{})

object/pricing.go

@@ -32,12 +32,6 @@ type Pricing struct {
 	IsEnabled     bool     `json:"isEnabled"`
 	TrialDuration int      `json:"trialDuration"`
 	Application   string   `xorm:"varchar(100)" json:"application"`
-
-	Submitter   string `xorm:"varchar(100)" json:"submitter"`
-	Approver    string `xorm:"varchar(100)" json:"approver"`
-	ApproveTime string `xorm:"varchar(100)" json:"approveTime"`
-
-	State string `xorm:"varchar(100)" json:"state"`
 }
 
 func (pricing *Pricing) GetId() string {

object/product.go

@@ -37,7 +37,7 @@ type Product struct {
 	Price       float64  `json:"price"`
 	Quantity    int      `json:"quantity"`
 	Sold        int      `json:"sold"`
-	Providers   []string `xorm:"varchar(100)" json:"providers"`
+	Providers   []string `xorm:"varchar(255)" json:"providers"`
 	ReturnUrl   string   `xorm:"varchar(1000)" json:"returnUrl"`
 
 	State string `xorm:"varchar(100)" json:"state"`
@@ -158,24 +158,23 @@ func (product *Product) getProvider(providerName string) (*Provider, error) {
 	return provider, nil
 }
 
-func BuyProduct(id string, user *User, providerName, pricingName, planName, host string) (string, string, error) {
+func BuyProduct(id string, user *User, providerName, pricingName, planName, host string) (*Payment, error) {
 	product, err := GetProduct(id)
 	if err != nil {
-		return "", "", err
+		return nil, err
 	}
-
 	if product == nil {
-		return "", "", fmt.Errorf("the product: %s does not exist", id)
+		return nil, fmt.Errorf("the product: %s does not exist", id)
 	}
 
 	provider, err := product.getProvider(providerName)
 	if err != nil {
-		return "", "", err
+		return nil, err
 	}
 
 	pProvider, _, err := provider.getPaymentProvider()
 	if err != nil {
-		return "", "", err
+		return nil, err
 	}
 
 	owner := product.Owner
@@ -190,10 +189,17 @@ func BuyProduct(id string, user *User, providerName, pricingName, planName, host
 	if user.Type == "paid-user" {
 		// Create a subscription for `paid-user`
 		if pricingName != "" && planName != "" {
-			sub := NewSubscription(owner, user.Name, pricingName, planName, paymentName)
-			_, err := AddSubscription(sub)
+			plan, err := GetPlan(util.GetId(owner, planName))
 			if err != nil {
-				return "", "", err
+				return nil, err
+			}
+			if plan == nil {
+				return nil, fmt.Errorf("the plan: %s does not exist", planName)
+			}
+			sub := NewSubscription(owner, user.Name, plan.Name, paymentName, plan.Period)
+			_, err = AddSubscription(sub)
+			if err != nil {
+				return nil, err
 			}
 			returnUrl = fmt.Sprintf("%s/buy-plan/%s/%s/result?subscription=%s", originFrontend, owner, pricingName, sub.Name)
 		}
@@ -201,10 +207,10 @@ func BuyProduct(id string, user *User, providerName, pricingName, planName, host
 	// Create an OrderId and get the payUrl
 	payUrl, orderId, err := pProvider.Pay(providerName, productName, payerName, paymentName, productDisplayName, product.Price, product.Currency, returnUrl, notifyUrl)
 	if err != nil {
-		return "", "", err
+		return nil, err
 	}
 	// Create a Payment linked with Product and Order
-	payment := Payment{
+	payment := &Payment{
 		Owner:       product.Owner,
 		Name:        paymentName,
 		CreatedTime: util.GetCurrentTime(),
@@ -223,6 +229,7 @@ func BuyProduct(id string, user *User, providerName, pricingName, planName, host
 
 		User:       user.Name,
 		PayUrl:     payUrl,
+		SuccessUrl: returnUrl,
 		State:      pp.PaymentStateCreated,
 		OutOrderId: orderId,
 	}
@@ -231,15 +238,15 @@ func BuyProduct(id string, user *User, providerName, pricingName, planName, host
 		payment.State = pp.PaymentStatePaid
 	}
 
-	affected, err := AddPayment(&payment)
+	affected, err := AddPayment(payment)
 	if err != nil {
-		return "", "", err
+		return nil, err
 	}
 
 	if !affected {
-		return "", "", fmt.Errorf("failed to add payment: %s", util.StructToJson(payment))
+		return nil, fmt.Errorf("failed to add payment: %s", util.StructToJson(payment))
 	}
-	return payUrl, orderId, err
+	return payment, err
 }
 
 func ExtendProductWithProviders(product *Product) error {
@@ -267,14 +274,14 @@ func CreateProductForPlan(plan *Plan) *Product {
 	product := &Product{
 		Owner:       plan.Owner,
 		Name:        fmt.Sprintf("product_%v", util.GetRandomName()),
-		DisplayName: fmt.Sprintf("Auto Created Product for Plan %v(%v)", plan.GetId(), plan.DisplayName),
+		DisplayName: fmt.Sprintf("Product for Plan %v/%v/%v", plan.Name, plan.DisplayName, plan.Period),
 		CreatedTime: plan.CreatedTime,
 
 		Image:       "https://cdn.casbin.org/img/casdoor-logo_1185x256.png", // TODO
-		Detail:      fmt.Sprintf("This Product was auto created for Plan %v(%v)", plan.GetId(), plan.DisplayName),
+		Detail:      fmt.Sprintf("This product was auto created for plan %v(%v), subscription period is %v", plan.Name, plan.DisplayName, plan.Period),
 		Description: plan.Description,
 		Tag:         "auto_created_product_for_plan",
-		Price:       plan.PricePerMonth, // TODO
+		Price:       plan.Price,
 		Currency:    plan.Currency,
 
 		Quantity: 999,
@@ -290,9 +297,10 @@ func CreateProductForPlan(plan *Plan) *Product {
 }
 
 func UpdateProductForPlan(plan *Plan, product *Product) {
-	product.DisplayName = fmt.Sprintf("Auto Created Product for Plan %v(%v)", plan.GetId(), plan.DisplayName)
-	product.Detail = fmt.Sprintf("This Product was auto created for Plan %v(%v)", plan.GetId(), plan.DisplayName)
-	product.Price = plan.PricePerMonth // TODO
-	product.Providers = plan.PaymentProviders
+	product.Owner = plan.Owner
+	product.DisplayName = fmt.Sprintf("Product for Plan %v/%v/%v", plan.Name, plan.DisplayName, plan.Period)
+	product.Detail = fmt.Sprintf("This product was auto created for plan %v(%v), subscription period is %v", plan.Name, plan.DisplayName, plan.Period)
+	product.Price = plan.Price
 	product.Currency = plan.Currency
+	product.Providers = plan.PaymentProviders
 }

object/subscription.go

@@ -50,7 +50,7 @@ type Subscription struct {
 
 	StartTime time.Time         `json:"startTime"`
 	EndTime   time.Time         `json:"endTime"`
-	Duration  int               `json:"duration"`
+	Period    string            `xorm:"varchar(100)" json:"period"`
 	State     SubscriptionState `xorm:"varchar(100)" json:"state"`
 }
 
@@ -103,7 +103,8 @@ func (sub *Subscription) UpdateState() error {
 	return nil
 }
 
-func NewSubscription(owner, userName, pricingName, planName, paymentName string) *Subscription {
+func NewSubscription(owner, userName, planName, paymentName, period string) *Subscription {
+	startTime, endTime := GetDuration(period)
 	id := util.GenerateId()[:6]
 	return &Subscription{
 		Owner:       owner,
@@ -112,13 +113,12 @@ func NewSubscription(owner, userName, pricingName, planName, paymentName string)
 		CreatedTime: util.GetCurrentTime(),
 
 		User:    userName,
-		Pricing: pricingName,
 		Plan:    planName,
 		Payment: paymentName,
 
-		StartTime: time.Now(),
-		EndTime:   time.Now().AddDate(0, 0, 30),
-		Duration:  30,              // TODO
+		StartTime: startTime,
+		EndTime:   endTime,
+		Period:    period,
 		State:     SubStatePending, // waiting for payment complete
 	}
 }

object/syncer.go

@@ -37,12 +37,13 @@ type Syncer struct {
 
 	Organization string `xorm:"varchar(100)" json:"organization"`
 	Type         string `xorm:"varchar(100)" json:"type"`
+	DatabaseType string `xorm:"varchar(100)" json:"databaseType"`
+	SslMode      string `xorm:"varchar(100)" json:"sslMode"`
 
 	Host             string         `xorm:"varchar(100)" json:"host"`
 	Port             int            `json:"port"`
 	User             string         `xorm:"varchar(100)" json:"user"`
 	Password         string         `xorm:"varchar(100)" json:"password"`
-	DatabaseType     string         `xorm:"varchar(100)" json:"databaseType"`
 	Database         string         `xorm:"varchar(100)" json:"database"`
 	Table            string         `xorm:"varchar(100)" json:"table"`
 	TableColumns     []*TableColumn `xorm:"mediumtext" json:"tableColumns"`
@@ -250,7 +251,7 @@ func (syncer *Syncer) getKey() string {
 	return key
 }
 
-func RunSyncer(syncer *Syncer) {
+func RunSyncer(syncer *Syncer) error {
 	syncer.initAdapter()
-	syncer.syncUsers()
+	return syncer.syncUsers()
 }

object/syncer_cron.go

@@ -52,11 +52,14 @@ func addSyncerJob(syncer *Syncer) error {
 
 	syncer.initAdapter()
 
-	syncer.syncUsers()
+	err := syncer.syncUsers()
+	if err != nil {
+		return err
+	}
 
 	schedule := fmt.Sprintf("@every %ds", syncer.SyncInterval)
 	cron := getCronMap(syncer.Name)
-	_, err := cron.AddFunc(schedule, syncer.syncUsers)
+	_, err = cron.AddFunc(schedule, syncer.syncUsersNoError)
 	if err != nil {
 		return err
 	}

object/syncer_sync.go

@@ -19,15 +19,15 @@ import (
 	"time"
 )
 
-func (syncer *Syncer) syncUsers() {
+func (syncer *Syncer) syncUsers() error {
 	if len(syncer.TableColumns) == 0 {
-		return
+		return fmt.Errorf("The syncer table columns should not be empty")
 	}
 
 	fmt.Printf("Running syncUsers()..\n")
 
 	users, _, _ := syncer.getUserMap()
-	oUsers, oUserMap, err := syncer.getOriginalUserMap()
+	oUsers, _, err := syncer.getOriginalUserMap()
 	if err != nil {
 		fmt.Printf(err.Error())
 
@@ -35,10 +35,8 @@ func (syncer *Syncer) syncUsers() {
 		line := fmt.Sprintf("[%s] %s\n", timestamp, err.Error())
 		_, err = updateSyncerErrorText(syncer, line)
 		if err != nil {
-			panic(err)
+			return err
 		}
-
-		return
 	}
 
 	fmt.Printf("Users: %d, oUsers: %d\n", len(users), len(oUsers))
@@ -55,6 +53,11 @@ func (syncer *Syncer) syncUsers() {
 		myUsers[syncer.getUserValue(m, key)] = m
 	}
 
+	myOUsers := map[string]*User{}
+	for _, m := range oUsers {
+		myOUsers[syncer.getUserValue(m, key)] = m
+	}
+
 	newUsers := []*User{}
 	for _, oUser := range oUsers {
 		primary := syncer.getUserValue(oUser, key)
@@ -71,28 +74,30 @@ func (syncer *Syncer) syncUsers() {
 					updatedUser := syncer.createUserFromOriginalUser(oUser, affiliationMap)
 					updatedUser.Hash = oHash
 					updatedUser.PreHash = oHash
+
+					fmt.Printf("Update from oUser to user: %v\n", updatedUser)
 					_, err = syncer.updateUserForOriginalByFields(updatedUser, key)
 					if err != nil {
-						panic(err)
+						return err
 					}
-					fmt.Printf("Update from oUser to user: %v\n", updatedUser)
 				}
 			} else {
 				if user.PreHash == oHash {
 					if !syncer.IsReadOnly {
 						updatedOUser := syncer.createOriginalUserFromUser(user)
+
+						fmt.Printf("Update from user to oUser: %v\n", updatedOUser)
 						_, err = syncer.updateUser(updatedOUser)
 						if err != nil {
-							panic(err)
+							return err
 						}
-						fmt.Printf("Update from user to oUser: %v\n", updatedOUser)
 					}
 
 					// update preHash
 					user.PreHash = user.Hash
 					_, err = SetUserField(user, "pre_hash", user.PreHash)
 					if err != nil {
-						panic(err)
+						return err
 					}
 				} else {
 					if user.Hash == oHash {
@@ -100,17 +105,18 @@ func (syncer *Syncer) syncUsers() {
 						user.PreHash = user.Hash
 						_, err = SetUserField(user, "pre_hash", user.PreHash)
 						if err != nil {
-							panic(err)
+							return err
 						}
 					} else {
 						updatedUser := syncer.createUserFromOriginalUser(oUser, affiliationMap)
 						updatedUser.Hash = oHash
 						updatedUser.PreHash = oHash
+
+						fmt.Printf("Update from oUser to user (2nd condition): %v\n", updatedUser)
 						_, err = syncer.updateUserForOriginalByFields(updatedUser, key)
 						if err != nil {
-							panic(err)
+							return err
 						}
-						fmt.Printf("Update from oUser to user (2nd condition): %v\n", updatedUser)
 					}
 				}
 			}
@@ -118,20 +124,30 @@ func (syncer *Syncer) syncUsers() {
 	}
 	_, err = AddUsersInBatch(newUsers)
 	if err != nil {
-		panic(err)
+		return err
 	}
 
 	if !syncer.IsReadOnly {
 		for _, user := range users {
-			id := user.Id
-			if _, ok := oUserMap[id]; !ok {
+			primary := syncer.getUserValue(user, key)
+			if _, ok := myOUsers[primary]; !ok {
 				newOUser := syncer.createOriginalUserFromUser(user)
+
+				fmt.Printf("New oUser: %v\n", newOUser)
 				_, err = syncer.addUser(newOUser)
 				if err != nil {
-					panic(err)
+					return err
 				}
-				fmt.Printf("New oUser: %v\n", newOUser)
 			}
 		}
 	}
+
+	return nil
+}
+
+func (syncer *Syncer) syncUsersNoError() {
+	err := syncer.syncUsers()
+	if err != nil {
+		fmt.Printf("syncUsersNoError() error: %s\n", err.Error())
+	}
 }

object/syncer_user.go

@@ -31,8 +31,8 @@ type Credential struct {
 }
 
 func (syncer *Syncer) getOriginalUsers() ([]*OriginalUser, error) {
-	sql := fmt.Sprintf("select * from %s", syncer.getTable())
-	results, err := syncer.Ormer.Engine.QueryString(sql)
+	var results []map[string]string
+	err := syncer.Ormer.Engine.Table(syncer.getTable()).Find(&results)
 	if err != nil {
 		return nil, err
 	}
@@ -64,19 +64,10 @@ func (syncer *Syncer) getOriginalUserMap() ([]*OriginalUser, map[string]*Origina
 
 func (syncer *Syncer) addUser(user *OriginalUser) (bool, error) {
 	m := syncer.getMapFromOriginalUser(user)
-	keyString, valueString := syncer.getSqlKeyValueStringFromMap(m)
-
-	sql := fmt.Sprintf("insert into %s (%s) values (%s)", syncer.getTable(), keyString, valueString)
-	res, err := syncer.Ormer.Engine.Exec(sql)
+	affected, err := syncer.Ormer.Engine.Table(syncer.getTable()).Insert(m)
 	if err != nil {
 		return false, err
 	}
-
-	affected, err := res.RowsAffected()
-	if err != nil {
-		return false, err
-	}
-
 	return affected != 0, nil
 }
 
@@ -93,23 +84,14 @@ func (syncer *Syncer) getCasdoorColumns() []string {
 
 func (syncer *Syncer) updateUser(user *OriginalUser) (bool, error) {
 	key := syncer.getKey()
-
 	m := syncer.getMapFromOriginalUser(user)
 	pkValue := m[key]
 	delete(m, key)
-	setString := syncer.getSqlSetStringFromMap(m)
 
-	sql := fmt.Sprintf("update %s set %s where %s = %s", syncer.getTable(), setString, key, pkValue)
-	res, err := syncer.Ormer.Engine.Exec(sql)
+	affected, err := syncer.Ormer.Engine.Table(syncer.getTable()).ID(pkValue).Update(&m)
 	if err != nil {
 		return false, err
 	}
-
-	affected, err := res.RowsAffected()
-	if err != nil {
-		return false, err
-	}
-
 	return affected != 0, nil
 }
 
@@ -185,7 +167,11 @@ func (syncer *Syncer) initAdapter() {
 		if syncer.DatabaseType == "mssql" {
 			dataSourceName = fmt.Sprintf("sqlserver://%s:%s@%s:%d?database=%s", syncer.User, syncer.Password, syncer.Host, syncer.Port, syncer.Database)
 		} else if syncer.DatabaseType == "postgres" {
-			dataSourceName = fmt.Sprintf("user=%s password=%s host=%s port=%d sslmode=disable dbname=%s", syncer.User, syncer.Password, syncer.Host, syncer.Port, syncer.Database)
+			sslMode := "disable"
+			if syncer.SslMode != "" {
+				sslMode = syncer.SslMode
+			}
+			dataSourceName = fmt.Sprintf("user=%s password=%s host=%s port=%d sslmode=%s dbname=%s", syncer.User, syncer.Password, syncer.Host, syncer.Port, sslMode, syncer.Database)
 		} else {
 			dataSourceName = fmt.Sprintf("%s:%s@tcp(%s:%d)/", syncer.User, syncer.Password, syncer.Host, syncer.Port)
 		}

object/syncer_util.go

@@ -322,19 +322,3 @@ func (syncer *Syncer) getSqlSetStringFromMap(m map[string]string) string {
 	}
 	return strings.Join(tokens, ", ")
 }
-
-func (syncer *Syncer) getSqlKeyValueStringFromMap(m map[string]string) (string, string) {
-	typeMap := syncer.getTableColumnsTypeMap()
-
-	keys := []string{}
-	values := []string{}
-	for k, v := range m {
-		if typeMap[k] == "string" {
-			v = fmt.Sprintf("'%s'", v)
-		}
-
-		keys = append(keys, k)
-		values = append(values, v)
-	}
-	return strings.Join(keys, ", "), strings.Join(values, ", ")
-}

object/token_cas.go

@@ -185,38 +185,52 @@ func StoreCasTokenForProxyTicket(token *CasAuthenticationSuccess, targetService,
 }
 
 func GenerateCasToken(userId string, service string) (string, error) {
-	if user, err := GetUser(userId); err != nil {
+	user, err := GetUser(userId)
+	if err != nil {
 		return "", err
-	} else if user != nil {
-		authenticationSuccess := CasAuthenticationSuccess{
-			User: user.Name,
-			Attributes: &CasAttributes{
-				AuthenticationDate: time.Now(),
-				UserAttributes:     &CasUserAttributes{},
-			},
-			ProxyGrantingTicket: fmt.Sprintf("PGTIOU-%s", util.GenerateId()),
-		}
-		data, _ := json.Marshal(user)
-		tmp := map[string]string{}
-		json.Unmarshal(data, &tmp)
-		for k, v := range tmp {
-			if v != "" {
-				authenticationSuccess.Attributes.UserAttributes.Attributes = append(authenticationSuccess.Attributes.UserAttributes.Attributes, &CasNamedAttribute{
-					Name:  k,
-					Value: v,
-				})
-			}
-		}
-		st := fmt.Sprintf("ST-%d", rand.Int())
-		stToServiceResponse.Store(st, &CasAuthenticationSuccessWrapper{
-			AuthenticationSuccess: &authenticationSuccess,
-			Service:               service,
-			UserId:                userId,
-		})
-		return st, nil
-	} else {
-		return "", fmt.Errorf("invalid user Id")
 	}
+	if user == nil {
+		return "", fmt.Errorf("The user: %s doesn't exist", userId)
+	}
+
+	user, _ = GetMaskedUser(user, false)
+
+	authenticationSuccess := CasAuthenticationSuccess{
+		User: user.Name,
+		Attributes: &CasAttributes{
+			AuthenticationDate: time.Now(),
+			UserAttributes:     &CasUserAttributes{},
+		},
+		ProxyGrantingTicket: fmt.Sprintf("PGTIOU-%s", util.GenerateId()),
+	}
+
+	data, err := json.Marshal(user)
+	if err != nil {
+		return "", err
+	}
+
+	tmp := map[string]string{}
+	err = json.Unmarshal(data, &tmp)
+	if err != nil {
+		return "", err
+	}
+
+	for k, v := range tmp {
+		if v != "" {
+			authenticationSuccess.Attributes.UserAttributes.Attributes = append(authenticationSuccess.Attributes.UserAttributes.Attributes, &CasNamedAttribute{
+				Name:  k,
+				Value: v,
+			})
+		}
+	}
+
+	st := fmt.Sprintf("ST-%d", rand.Int())
+	stToServiceResponse.Store(st, &CasAuthenticationSuccessWrapper{
+		AuthenticationSuccess: &authenticationSuccess,
+		Service:               service,
+		UserId:                userId,
+	})
+	return st, nil
 }
 
 // GetValidationBySaml

object/user.go

@@ -194,16 +194,17 @@ type User struct {
 }
 
 type Userinfo struct {
-	Sub         string   `json:"sub"`
-	Iss         string   `json:"iss"`
-	Aud         string   `json:"aud"`
-	Name        string   `json:"preferred_username,omitempty"`
-	DisplayName string   `json:"name,omitempty"`
-	Email       string   `json:"email,omitempty"`
-	Avatar      string   `json:"picture,omitempty"`
-	Address     string   `json:"address,omitempty"`
-	Phone       string   `json:"phone,omitempty"`
-	Groups      []string `json:"groups,omitempty"`
+	Sub           string   `json:"sub"`
+	Iss           string   `json:"iss"`
+	Aud           string   `json:"aud"`
+	Name          string   `json:"preferred_username,omitempty"`
+	DisplayName   string   `json:"name,omitempty"`
+	Email         string   `json:"email,omitempty"`
+	EmailVerified bool     `json:"email_verified,omitempty"`
+	Avatar        string   `json:"picture,omitempty"`
+	Address       string   `json:"address,omitempty"`
+	Phone         string   `json:"phone,omitempty"`
+	Groups        []string `json:"groups,omitempty"`
 }
 
 type ManagedAccount struct {
@@ -627,12 +628,10 @@ func AddUser(user *User) (bool, error) {
 		return false, nil
 	}
 
-	if user.PasswordType == "" && organization.PasswordType != "" {
-		user.PasswordType = organization.PasswordType
+	if user.PasswordType == "" || user.PasswordType == "plain" {
+		user.UpdateUserPassword(organization)
 	}
 
-	user.UpdateUserPassword(organization)
-
 	err = user.UpdateUserHash()
 	if err != nil {
 		return false, err
@@ -759,6 +758,7 @@ func GetUserInfo(user *User, scope string, aud string, host string) *Userinfo {
 	}
 	if strings.Contains(scope, "email") {
 		resp.Email = user.Email
+		resp.EmailVerified = user.EmailVerified
 	}
 	if strings.Contains(scope, "address") {
 		resp.Address = user.Location

pp/dummy.go

@@ -14,10 +14,7 @@
 
 package pp
 
-import (
-	"fmt"
-	"net/http"
-)
+import "net/http"
 
 type DummyPaymentProvider struct{}
 
@@ -27,8 +24,7 @@ func NewDummyPaymentProvider() (*DummyPaymentProvider, error) {
 }
 
 func (pp *DummyPaymentProvider) Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, currency string, returnUrl string, notifyUrl string) (string, string, error) {
-	payUrl := fmt.Sprintf("/payments/%s/result", paymentName)
-	return payUrl, "", nil
+	return returnUrl, "", nil
 }
 
 func (pp *DummyPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (*NotifyResult, error) {

pp/provider.go

@@ -14,9 +14,7 @@
 
 package pp
 
-import (
-	"net/http"
-)
+import "net/http"
 
 type PaymentState string
 

pp/wechatpay.go

@@ -17,6 +17,7 @@ package pp
 import (
 	"context"
 	"errors"
+	"fmt"
 	"net/http"
 
 	"github.com/casdoor/casdoor/util"
@@ -31,17 +32,22 @@ type WechatPayNotifyResponse struct {
 
 type WechatPaymentProvider struct {
 	Client *wechat.ClientV3
-	appId  string
+	AppId  string
 }
 
-func NewWechatPaymentProvider(mchId string, apiV3Key string, appId string, mchCertSerialNumber string, privateKey string) (*WechatPaymentProvider, error) {
-	if appId == "" && mchId == "" && mchCertSerialNumber == "" && apiV3Key == "" && privateKey == "" {
+func NewWechatPaymentProvider(mchId string, apiV3Key string, appId string, serialNo string, privateKey string) (*WechatPaymentProvider, error) {
+	// https://pay.weixin.qq.com/docs/merchant/products/native-payment/preparation.html
+	// clientId => mchId
+	// clientSecret => apiV3Key
+	// clientId2 => appId
+
+	// appCertificate => serialNo
+	// appPrivateKey => privateKey
+	if appId == "" || mchId == "" || serialNo == "" || apiV3Key == "" || privateKey == "" {
 		return &WechatPaymentProvider{}, nil
 	}
 
-	pp := &WechatPaymentProvider{appId: appId}
-
-	clientV3, err := wechat.NewClientV3(mchId, mchCertSerialNumber, apiV3Key, privateKey)
+	clientV3, err := wechat.NewClientV3(mchId, serialNo, apiV3Key, privateKey)
 	if err != nil {
 		return nil, err
 	}
@@ -50,73 +56,70 @@ func NewWechatPaymentProvider(mchId string, apiV3Key string, appId string, mchCe
 	if err != nil {
 		return nil, err
 	}
-
-	pp.Client = clientV3.SetPlatformCert([]byte(platformCert), serialNo)
+	pp := &WechatPaymentProvider{
+		Client: clientV3.SetPlatformCert([]byte(platformCert), serialNo),
+		AppId:  appId,
+	}
 
 	return pp, nil
 }
 
 func (pp *WechatPaymentProvider) Pay(providerName string, productName string, payerName string, paymentName string, productDisplayName string, price float64, currency string, returnUrl string, notifyUrl string) (string, string, error) {
-	// pp.Client.DebugSwitch = gopay.DebugOn
-
 	bm := gopay.BodyMap{}
-
 	bm.Set("attach", joinAttachString([]string{productDisplayName, productName, providerName}))
-	bm.Set("appid", pp.appId)
+	bm.Set("appid", pp.AppId)
 	bm.Set("description", productDisplayName)
 	bm.Set("notify_url", notifyUrl)
 	bm.Set("out_trade_no", paymentName)
 	bm.SetBodyMap("amount", func(bm gopay.BodyMap) {
-		bm.Set("total", int(price*100))
-		bm.Set("currency", "CNY")
+		bm.Set("total", priceFloat64ToInt64(price))
+		bm.Set("currency", currency)
 	})
 
-	wxRsp, err := pp.Client.V3TransactionNative(context.Background(), bm)
+	nativeRsp, err := pp.Client.V3TransactionNative(context.Background(), bm)
 	if err != nil {
 		return "", "", err
 	}
-
-	if wxRsp.Code != wechat.Success {
-		return "", "", errors.New(wxRsp.Error)
+	if nativeRsp.Code != wechat.Success {
+		return "", "", errors.New(nativeRsp.Error)
 	}
 
-	return wxRsp.Response.CodeUrl, "", nil
+	return nativeRsp.Response.CodeUrl, paymentName, nil // Wechat can use paymentName as the OutTradeNo to query order status
 }
 
 func (pp *WechatPaymentProvider) Notify(request *http.Request, body []byte, authorityPublicKey string, orderId string) (*NotifyResult, error) {
-	notifyReq, err := wechat.V3ParseNotify(request)
+	notifyResult := &NotifyResult{}
+	queryRsp, err := pp.Client.V3TransactionQueryOrder(context.Background(), wechat.OutTradeNo, orderId)
 	if err != nil {
 		return nil, err
 	}
-
-	cert := pp.Client.WxPublicKey()
-	err = notifyReq.VerifySignByPK(cert)
-	if err != nil {
-		return nil, err
+	if queryRsp.Code != wechat.Success {
+		return nil, errors.New(queryRsp.Error)
 	}
 
-	apiKey := string(pp.Client.ApiV3Key)
-	result, err := notifyReq.DecryptCipherText(apiKey)
-	if err != nil {
-		return nil, err
+	switch queryRsp.Response.TradeState {
+	case "SUCCESS":
+		// skip
+	case "CLOSED":
+		notifyResult.PaymentStatus = PaymentStateCanceled
+		return notifyResult, nil
+	case "NOTPAY", "USERPAYING": // not-pad: waiting for user to pay; user-paying: user is paying
+		notifyResult.PaymentStatus = PaymentStateCreated
+		return notifyResult, nil
+	default:
+		notifyResult.PaymentStatus = PaymentStateError
+		notifyResult.NotifyMessage = fmt.Sprintf("unexpected wechat trade state: %v", queryRsp.Response.TradeState)
+		return notifyResult, nil
 	}
-
-	paymentName := result.OutTradeNo
-	price := float64(result.Amount.PayerTotal) / 100
-
-	productDisplayName, productName, providerName, err := parseAttachString(result.Attach)
-	if err != nil {
-		return nil, err
-	}
-
-	notifyResult := &NotifyResult{
+	productDisplayName, productName, providerName, _ := parseAttachString(queryRsp.Response.Attach)
+	notifyResult = &NotifyResult{
 		ProductName:        productName,
 		ProductDisplayName: productDisplayName,
 		ProviderName:       providerName,
 		OrderId:            orderId,
-		Price:              price,
+		Price:              priceInt64ToFloat64(int64(queryRsp.Response.Amount.Total)),
 		PaymentStatus:      PaymentStatePaid,
-		PaymentName:        paymentName,
+		PaymentName:        queryRsp.Response.OutTradeNo,
 	}
 	return notifyResult, nil
 }

routers/auto_signin_filter.go

@@ -29,7 +29,13 @@ func AutoSigninFilter(ctx *context.Context) {
 
 	// GET parameter like "/page?access_token=123" or
 	// HTTP Bearer token like "Authorization: Bearer 123"
-	accessToken := util.GetMaxLenStr(ctx.Input.Query("accessToken"), ctx.Input.Query("access_token"), parseBearerToken(ctx))
+	accessToken := ctx.Input.Query("accessToken")
+	if accessToken == "" {
+		accessToken = ctx.Input.Query("access_token")
+	}
+	if accessToken == "" {
+		accessToken = parseBearerToken(ctx)
+	}
 
 	if accessToken != "" {
 		token, err := object.GetTokenByAccessToken(accessToken)

routers/router.go

@@ -273,7 +273,7 @@ func initAPI() {
 	beego.Router("/cas/:organization/:application/proxy", &controllers.RootController{}, "GET:CasProxy")
 	beego.Router("/cas/:organization/:application/validate", &controllers.RootController{}, "GET:CasValidate")
 
-	beego.Router("/cas/:organization/:application/p3/serviceValidate", &controllers.RootController{}, "GET:CasP3ServiceAndProxyValidate")
-	beego.Router("/cas/:organization/:application/p3/proxyValidate", &controllers.RootController{}, "GET:CasP3ServiceAndProxyValidate")
+	beego.Router("/cas/:organization/:application/p3/serviceValidate", &controllers.RootController{}, "GET:CasP3ServiceValidate")
+	beego.Router("/cas/:organization/:application/p3/proxyValidate", &controllers.RootController{}, "GET:CasP3ProxyValidate")
 	beego.Router("/cas/:organization/:application/samlValidate", &controllers.RootController{}, "POST:SamlValidate")
 }

routers/static_filter.go

@@ -16,6 +16,7 @@ package routers
 
 import (
 	"compress/gzip"
+	"fmt"
 	"io"
 	"net/http"
 	"os"
@@ -59,6 +60,13 @@ func StaticFilter(ctx *context.Context) {
 		path = "web/build/index.html"
 	}
 	if !util.FileExist(path) {
+		dir, err := os.Getwd()
+		if err != nil {
+			panic(err)
+		}
+		dir = strings.ReplaceAll(dir, "\\", "/")
+		errorText := fmt.Sprintf("The Casdoor frontend HTML file: \"index.html\" was not found, it should be placed at: \"%s/web/build/index.html\". For more information, see: https://casdoor.org/docs/basic/server-installation/#frontend-1", dir)
+		http.ServeContent(ctx.ResponseWriter, ctx.Request, "Casdoor frontend has encountered error...", time.Now(), strings.NewReader(errorText))
 		return
 	}
 

storage/local_file_system.go

@@ -15,6 +15,7 @@
 package storage
 
 import (
+	"fmt"
 	"io"
 	"os"
 	"path/filepath"
@@ -23,76 +24,69 @@ import (
 	"github.com/casdoor/oss"
 )
 
-var baseFolder = "files"
-
-// FileSystem file system storage
-type FileSystem struct {
-	Base string
+// LocalFileSystemProvider file system storage
+type LocalFileSystemProvider struct {
+	BaseDir string
 }
 
-// NewFileSystem initialize the local file system storage
-func NewFileSystem(base string) *FileSystem {
-	absBase, err := filepath.Abs(base)
+// NewLocalFileSystemStorageProvider initialize the local file system storage
+func NewLocalFileSystemStorageProvider() *LocalFileSystemProvider {
+	baseFolder := "files"
+	absBase, err := filepath.Abs(baseFolder)
 	if err != nil {
-		panic("local file system storage's base folder is not initialized")
+		panic(err)
 	}
 
-	return &FileSystem{Base: absBase}
+	return &LocalFileSystemProvider{BaseDir: absBase}
 }
 
 // GetFullPath get full path from absolute/relative path
-func (fileSystem FileSystem) GetFullPath(path string) string {
+func (sp LocalFileSystemProvider) GetFullPath(path string) string {
 	fullPath := path
-	if !strings.HasPrefix(path, fileSystem.Base) {
-		fullPath, _ = filepath.Abs(filepath.Join(fileSystem.Base, path))
+	if !strings.HasPrefix(path, sp.BaseDir) {
+		fullPath, _ = filepath.Abs(filepath.Join(sp.BaseDir, path))
 	}
 	return fullPath
 }
 
 // Get receive file with given path
-func (fileSystem FileSystem) Get(path string) (*os.File, error) {
-	return os.Open(fileSystem.GetFullPath(path))
+func (sp LocalFileSystemProvider) Get(path string) (*os.File, error) {
+	return os.Open(sp.GetFullPath(path))
 }
 
 // GetStream get file as stream
-func (fileSystem FileSystem) GetStream(path string) (io.ReadCloser, error) {
-	return os.Open(fileSystem.GetFullPath(path))
+func (sp LocalFileSystemProvider) GetStream(path string) (io.ReadCloser, error) {
+	return os.Open(sp.GetFullPath(path))
 }
 
 // Put store a reader into given path
-func (fileSystem FileSystem) Put(path string, reader io.Reader) (*oss.Object, error) {
-	var (
-		fullPath = fileSystem.GetFullPath(path)
-		err      = os.MkdirAll(filepath.Dir(fullPath), os.ModePerm)
-	)
+func (sp LocalFileSystemProvider) Put(path string, reader io.Reader) (*oss.Object, error) {
+	fullPath := sp.GetFullPath(path)
 
+	err := os.MkdirAll(filepath.Dir(fullPath), os.ModePerm)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("Casdoor fails to create folder: \"%s\" for local file system storage provider: %s. Make sure Casdoor process has correct permission to create/access it, or you can create it manually in advance", filepath.Dir(fullPath), err.Error())
 	}
 
 	dst, err := os.Create(filepath.Clean(fullPath))
-
 	if err == nil {
 		if seeker, ok := reader.(io.ReadSeeker); ok {
 			seeker.Seek(0, 0)
 		}
 		_, err = io.Copy(dst, reader)
 	}
-
-	return &oss.Object{Path: path, Name: filepath.Base(path), StorageInterface: fileSystem}, err
+	return &oss.Object{Path: path, Name: filepath.Base(path), StorageInterface: sp}, err
 }
 
 // Delete delete file
-func (fileSystem FileSystem) Delete(path string) error {
-	return os.Remove(fileSystem.GetFullPath(path))
+func (sp LocalFileSystemProvider) Delete(path string) error {
+	return os.Remove(sp.GetFullPath(path))
 }
 
 // List list all objects under current path
-func (fileSystem FileSystem) List(path string) ([]*oss.Object, error) {
-	var (
-		objects  []*oss.Object
-		fullPath = fileSystem.GetFullPath(path)
-	)
+func (sp LocalFileSystemProvider) List(path string) ([]*oss.Object, error) {
+	objects := []*oss.Object{}
+	fullPath := sp.GetFullPath(path)
 
 	filepath.Walk(fullPath, func(path string, info os.FileInfo, err error) error {
 		if path == fullPath {
@@ -102,10 +96,10 @@ func (fileSystem FileSystem) List(path string) ([]*oss.Object, error) {
 		if err == nil && !info.IsDir() {
 			modTime := info.ModTime()
 			objects = append(objects, &oss.Object{
-				Path:             strings.TrimPrefix(path, fileSystem.Base),
+				Path:             strings.TrimPrefix(path, sp.BaseDir),
 				Name:             info.Name(),
 				LastModified:     &modTime,
-				StorageInterface: fileSystem,
+				StorageInterface: sp,
 			})
 		}
 		return nil
@@ -114,16 +108,12 @@ func (fileSystem FileSystem) List(path string) ([]*oss.Object, error) {
 	return objects, nil
 }
 
-// GetEndpoint get endpoint, FileSystem's endpoint is /
-func (fileSystem FileSystem) GetEndpoint() string {
+// GetEndpoint get endpoint, LocalFileSystemProvider's endpoint is /
+func (sp LocalFileSystemProvider) GetEndpoint() string {
 	return "/"
 }
 
 // GetURL get public accessible URL
-func (fileSystem FileSystem) GetURL(path string) (url string, err error) {
+func (sp LocalFileSystemProvider) GetURL(path string) (url string, err error) {
 	return path, nil
 }
-
-func NewLocalFileSystemStorageProvider(clientId string, clientSecret string, region string, bucket string, endpoint string) oss.StorageInterface {
-	return NewFileSystem(baseFolder)
-}

storage/storage.go

@@ -19,7 +19,7 @@ import "github.com/casdoor/oss"
 func GetStorageProvider(providerType string, clientId string, clientSecret string, region string, bucket string, endpoint string) oss.StorageInterface {
 	switch providerType {
 	case "Local File System":
-		return NewLocalFileSystemStorageProvider(clientId, clientSecret, region, bucket, endpoint)
+		return NewLocalFileSystemStorageProvider()
 	case "AWS S3":
 		return NewAwsS3StorageProvider(clientId, clientSecret, region, bucket, endpoint)
 	case "MinIO":

util/string.go

@@ -23,6 +23,7 @@ import (
 	"math/rand"
 	"os"
 	"path/filepath"
+	"regexp"
 	"strconv"
 	"strings"
 	"time"
@@ -186,32 +187,6 @@ func IsStringsEmpty(strs ...string) bool {
 	return false
 }
 
-func GetMaxLenStr(strs ...string) string {
-	m := 0
-	i := 0
-	for j, str := range strs {
-		l := len(str)
-		if l > m {
-			m = l
-			i = j
-		}
-	}
-	return strs[i]
-}
-
-func GetMinLenStr(strs ...string) string {
-	m := int(^uint(0) >> 1)
-	i := 0
-	for j, str := range strs {
-		l := len(str)
-		if l < m {
-			m = l
-			i = j
-		}
-	}
-	return strs[i]
-}
-
 func ReadStringFromPath(path string) string {
 	data, err := os.ReadFile(filepath.Clean(path))
 	if err != nil {
@@ -315,3 +290,13 @@ func ParseIdToString(input interface{}) (string, error) {
 		return "", fmt.Errorf("unsupported id type: %T", input)
 	}
 }
+
+func GetValueFromDataSourceName(key string, dataSourceName string) string {
+	reg := regexp.MustCompile(key + "=([^ ]+)")
+	matches := reg.FindStringSubmatch(dataSourceName)
+	if len(matches) >= 2 {
+		return matches[1]
+	}
+
+	return ""
+}

util/string_test.go

@@ -189,45 +189,6 @@ func TestIsStrsEmpty(t *testing.T) {
 	}
 }
 
-func TestGetMaxLenStr(t *testing.T) {
-	scenarios := []struct {
-		description string
-		input       []string
-		expected    interface{}
-	}{
-		{"Should be return casdoor", []string{"", "casdoor", "casbin"}, "casdoor"},
-		{"Should be return casdoor_jdk", []string{"", "casdoor", "casbin", "casdoor_jdk"}, "casdoor_jdk"},
-		{"Should be return empty string", []string{""}, ""},
-	}
-	for _, scenery := range scenarios {
-		t.Run(scenery.description, func(t *testing.T) {
-			actual := GetMaxLenStr(scenery.input...)
-			assert.Equal(t, scenery.expected, actual, "The returned value not is expected")
-		})
-	}
-}
-
-func TestGetMinLenStr(t *testing.T) {
-	scenarios := []struct {
-		description string
-		input       []string
-		expected    interface{}
-	}{
-		{"Should be return casbin", []string{"casdoor", "casbin"}, "casbin"},
-		{"Should be return casbin", []string{"casdoor", "casbin", "casdoor_jdk"}, "casbin"},
-		{"Should be return empty string", []string{"a", "", "casbin"}, ""},
-		{"Should be return a", []string{"a", "casdoor", "casbin"}, "a"},
-		{"Should be return a", []string{"casdoor", "a", "casbin"}, "a"},
-		{"Should be return a", []string{"casbin", "casdoor", "a"}, "a"},
-	}
-	for _, scenery := range scenarios {
-		t.Run(scenery.description, func(t *testing.T) {
-			actual := GetMinLenStr(scenery.input...)
-			assert.Equal(t, scenery.expected, actual, "The returned value not is expected")
-		})
-	}
-}
-
 func TestSnakeString(t *testing.T) {
 	scenarios := []struct {
 		description string

web/package.json

@@ -34,6 +34,7 @@
     "i18next": "^19.8.9",
     "libphonenumber-js": "^1.10.19",
     "moment": "^2.29.1",
+    "qrcode.react": "^3.1.0",
     "react": "^18.2.0",
     "react-app-polyfill": "^3.0.0",
     "react-codemirror2": "^7.2.1",
@@ -52,7 +53,7 @@
   },
   "scripts": {
     "start": "cross-env PORT=7001 craco start",
-    "build": "craco --max_old_space_size=4096 build",
+    "build": "craco build",
     "test": "craco test",
     "eject": "craco eject",
     "crowdin:sync": "crowdin upload && crowdin download",
@@ -82,6 +83,9 @@
     "@babel/eslint-parser": "^7.18.9",
     "@babel/plugin-proposal-private-property-in-object": "^7.21.11",
     "@babel/preset-react": "^7.18.6",
+    "@testing-library/jest-dom": "^4.2.4",
+    "@testing-library/react": "^9.3.2",
+    "@testing-library/user-event": "^7.1.2",
     "cross-env": "^7.0.3",
     "cypress": "^12.5.1",
     "eslint": "8.22.0",
@@ -91,10 +95,7 @@
     "lint-staged": "^13.0.3",
     "stylelint": "^14.11.0",
     "stylelint-config-recommended-less": "^1.0.4",
-    "stylelint-config-standard": "^28.0.0",
-    "@testing-library/jest-dom": "^4.2.4",
-    "@testing-library/react": "^9.3.2",
-    "@testing-library/user-event": "^7.1.2"
+    "stylelint-config-standard": "^28.0.0"
   },
   "lint-staged": {
     "src/**/*.{css,less}": [

web/src/App.js

@@ -89,6 +89,7 @@ import ThemeSelect from "./common/select/ThemeSelect";
 import OrganizationSelect from "./common/select/OrganizationSelect";
 import {clearWeb3AuthToken} from "./auth/Web3Auth";
 import AccountAvatar from "./account/AccountAvatar";
+import OpenTour from "./common/OpenTour";
 
 const {Header, Footer, Content} = Layout;
 
@@ -379,6 +380,7 @@ class App extends Component {
               });
             }} />
           <LanguageSelect languages={this.state.account.organization.languages} />
+          <OpenTour />
           {Setting.isAdminUser(this.state.account) && !Setting.isMobile() &&
             <OrganizationSelect
               initValue={Setting.getOrganization()}
@@ -662,7 +664,8 @@ class App extends Component {
         window.location.pathname.startsWith("/cas") ||
         window.location.pathname.startsWith("/auto-signup") ||
         window.location.pathname.startsWith("/select-plan") ||
-        window.location.pathname.startsWith("/buy-plan");
+        window.location.pathname.startsWith("/buy-plan") ||
+        window.location.pathname.startsWith("/qrcode") ;
   }
 
   renderPage() {

web/src/ApplicationEditPage.js

@@ -542,7 +542,7 @@ class ApplicationEditPage extends React.Component {
             {Setting.getLabel(i18next.t("signup:Terms of Use"), i18next.t("signup:Terms of Use - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Input value={this.state.application.termsOfUse} style={{marginBottom: "10px"}} onChange={e => {
+            <Input prefix={<LinkOutlined />} value={this.state.application.termsOfUse} style={{marginBottom: "10px"}} onChange={e => {
               this.updateApplicationField("termsOfUse", e.target.value);
             }} />
             <Upload maxCount={1} accept=".html" showUploadList={false}

web/src/BaseListPage.js

@@ -13,11 +13,12 @@
 // limitations under the License.
 
 import React from "react";
-import {Button, Input, Result, Space} from "antd";
+import {Button, Input, Result, Space, Tour} from "antd";
 import {SearchOutlined} from "@ant-design/icons";
 import Highlighter from "react-highlight-words";
 import i18next from "i18next";
 import * as Setting from "./Setting";
+import * as TourConfig from "./TourConfig";
 
 class BaseListPage extends React.Component {
   constructor(props) {
@@ -33,6 +34,7 @@ class BaseListPage extends React.Component {
       searchText: "",
       searchedColumn: "",
       isAuthorized: true,
+      isTourVisible: TourConfig.getTourVisible(),
     };
   }
 
@@ -41,14 +43,23 @@ class BaseListPage extends React.Component {
     this.fetch({pagination});
   };
 
+  handleTourChange = () => {
+    this.setState({isTourVisible: TourConfig.getTourVisible()});
+  };
+
   componentDidMount() {
     window.addEventListener("storageOrganizationChanged", this.handleOrganizationChange);
+    window.addEventListener("storageTourChanged", this.handleTourChange);
     if (!Setting.isAdminUser(this.props.account)) {
       Setting.setOrganization("All");
     }
   }
 
   componentWillUnmount() {
+    if (this.state.intervalId !== null) {
+      clearInterval(this.state.intervalId);
+    }
+    window.removeEventListener("storageTourChanged", this.handleTourChange);
     window.removeEventListener("storageOrganizationChanged", this.handleOrganizationChange);
   }
 
@@ -144,6 +155,37 @@ class BaseListPage extends React.Component {
     });
   };
 
+  setIsTourVisible = () => {
+    TourConfig.setIsTourVisible(false);
+    this.setState({isTourVisible: false});
+  };
+
+  getSteps = () => {
+    const nextPathName = TourConfig.getNextUrl();
+    const steps = TourConfig.getSteps();
+    steps.map((item, index) => {
+      if (!index) {
+        item.target = () => document.querySelector("table");
+      } else {
+        item.target = () => document.getElementById(item.id) || null;
+      }
+      if (index === steps.length - 1) {
+        item.nextButtonProps = {
+          children: TourConfig.getNextButtonChild(nextPathName),
+        };
+      }
+    });
+    return steps;
+  };
+
+  handleTourComplete = () => {
+    const nextPathName = TourConfig.getNextUrl();
+    if (nextPathName !== "") {
+      this.props.history.push("/" + nextPathName);
+      TourConfig.setIsTourVisible(true);
+    }
+  };
+
   render() {
     if (!this.state.isAuthorized) {
       return (
@@ -161,6 +203,17 @@ class BaseListPage extends React.Component {
         {
           this.renderTable(this.state.data)
         }
+        <Tour
+          open={Setting.isMobile() ? false : this.state.isTourVisible}
+          onClose={this.setIsTourVisible}
+          steps={this.getSteps()}
+          indicatorsRender={(current, total) => (
+            <span>
+              {current + 1} / {total}
+            </span>
+          )}
+          onFinish={this.handleTourComplete}
+        />
       </div>
     );
   }

web/src/EntryPage.js

@@ -31,6 +31,7 @@ import CasLogout from "./auth/CasLogout";
 import {authConfig} from "./auth/Auth";
 import ProductBuyPage from "./ProductBuyPage";
 import PaymentResultPage from "./PaymentResultPage";
+import QrCodePage from "./QrCodePage";
 
 class EntryPage extends React.Component {
   constructor(props) {
@@ -113,6 +114,7 @@ class EntryPage extends React.Component {
           <Route exact path="/select-plan/:owner/:pricingName" render={(props) => <PricingPage {...this.props} pricing={this.state.pricing} onUpdatePricing={onUpdatePricing} {...props} />} />
           <Route exact path="/buy-plan/:owner/:pricingName" render={(props) => <ProductBuyPage {...this.props} pricing={this.state.pricing} onUpdatePricing={onUpdatePricing} {...props} />} />
           <Route exact path="/buy-plan/:owner/:pricingName/result" render={(props) => <PaymentResultPage {...this.props} pricing={this.state.pricing} onUpdatePricing={onUpdatePricing} {...props} />} />
+          <Route exact path="/qrcode/:owner/:paymentName" render={(props) => <QrCodePage {...this.props} onUpdateApplication={onUpdateApplication} {...props} />} />
         </Switch>
       </div>
     );

web/src/PaymentListPage.js

@@ -101,6 +101,21 @@ class PaymentListPage extends BaseListPage {
           );
         },
       },
+      {
+        title: i18next.t("general:Organization"),
+        dataIndex: "owner",
+        key: "owner",
+        width: "120px",
+        sorter: true,
+        ...this.getColumnSearchProps("owner"),
+        render: (text, record, index) => {
+          return (
+            <Link to={`/organizations/${text}`}>
+              {text}
+            </Link>
+          );
+        },
+      },
       {
         title: i18next.t("general:Provider"),
         dataIndex: "provider",
@@ -117,21 +132,6 @@ class PaymentListPage extends BaseListPage {
           );
         },
       },
-      {
-        title: i18next.t("general:Organization"),
-        dataIndex: "owner",
-        key: "owner",
-        width: "120px",
-        sorter: true,
-        ...this.getColumnSearchProps("owner"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/organizations/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
       {
         title: i18next.t("general:User"),
         dataIndex: "user",
@@ -264,7 +264,7 @@ class PaymentListPage extends BaseListPage {
       value = params.type;
     }
     this.setState({loading: true});
-    PaymentBackend.getPayments(Setting.getRequestOrganization(this.props.account), Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
+    PaymentBackend.getPayments(Setting.isDefaultOrganizationSelected(this.props.account) ? "" : Setting.getRequestOrganization(this.props.account), params.pagination.current, params.pagination.pageSize, field, value, sortField, sortOrder)
       .then((res) => {
         this.setState({
           loading: false,

web/src/PermissionEditPage.js

@@ -17,6 +17,7 @@ import {Button, Card, Col, Input, Row, Select, Switch} from "antd";
 import * as PermissionBackend from "./backend/PermissionBackend";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as UserBackend from "./backend/UserBackend";
+import * as GroupBackend from "./backend/GroupBackend";
 import * as Setting from "./Setting";
 import i18next from "i18next";
 import * as RoleBackend from "./backend/RoleBackend";
@@ -35,6 +36,7 @@ class PermissionEditPage extends React.Component {
       organizations: [],
       model: null,
       users: [],
+      groups: [],
       roles: [],
       models: [],
       resources: [],
@@ -67,6 +69,7 @@ class PermissionEditPage extends React.Component {
         });
 
         this.getUsers(permission.owner);
+        this.getGroups(permission.owner);
         this.getRoles(permission.owner);
         this.getModels(permission.owner);
         this.getResources(permission.owner);
@@ -97,6 +100,20 @@ class PermissionEditPage extends React.Component {
       });
   }
 
+  getGroups(organizationName) {
+    GroupBackend.getGroups(organizationName)
+      .then((res) => {
+        if (res.status === "error") {
+          Setting.showMessage("error", res.msg);
+          return;
+        }
+
+        this.setState({
+          groups: res.data,
+        });
+      });
+  }
+
   getRoles(organizationName) {
     RoleBackend.getRoles(organizationName)
       .then((res) => {
@@ -192,6 +209,7 @@ class PermissionEditPage extends React.Component {
             <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.permission.owner} onChange={(owner => {
               this.updatePermissionField("owner", owner);
               this.getUsers(owner);
+              this.getGroups(owner);
               this.getRoles(owner);
               this.getModels(owner);
               this.getResources(owner);
@@ -263,6 +281,17 @@ class PermissionEditPage extends React.Component {
             />
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("role:Sub groups"), i18next.t("role:Sub groups - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} mode="multiple" style={{width: "100%"}} value={this.state.permission.groups}
+              onChange={(value => {this.updatePermissionField("groups", value);})}
+              options={this.state.groups.map((group) => Setting.getOption(`${group.owner}/${group.name}`, `${group.owner}/${group.name}`))}
+            />
+          </Col>
+        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("role:Sub roles"), i18next.t("role:Sub roles - Tooltip"))} :

web/src/PermissionListPage.js

@@ -33,6 +33,7 @@ class PermissionListPage extends BaseListPage {
       createdTime: moment().format(),
       displayName: `New Permission - ${randomName}`,
       users: [`${this.props.account.owner}/${this.props.account.name}`],
+      groups: [],
       roles: [],
       domains: [],
       resourceType: "Application",
@@ -110,11 +111,12 @@ class PermissionListPage extends BaseListPage {
 
     return (
       <Upload {...props}>
-        <Button type="primary" size="small">
+        <Button id="upload-button" type="primary" size="small">
           <UploadOutlined /> {i18next.t("user:Upload (.xlsx)")}
         </Button></Upload>
     );
   }
+
   renderTable(permissions) {
     const columns = [
       // https://github.com/ant-design/ant-design/issues/22184
@@ -178,6 +180,17 @@ class PermissionListPage extends BaseListPage {
           return Setting.getTags(text, "users");
         },
       },
+      {
+        title: i18next.t("role:Sub groups"),
+        dataIndex: "groups",
+        key: "groups",
+        // width: '100px',
+        sorter: true,
+        ...this.getColumnSearchProps("groups"),
+        render: (text, record, index) => {
+          return Setting.getTags(text, "groups");
+        },
+      },
       {
         title: i18next.t("role:Sub roles"),
         dataIndex: "roles",
@@ -361,7 +374,7 @@ class PermissionListPage extends BaseListPage {
           title={() => (
             <div>
               {i18next.t("general:Permissions")}&nbsp;&nbsp;&nbsp;&nbsp;
-              <Button style={{marginRight: "5px"}} type="primary" size="small" onClick={this.addPermission.bind(this)}>{i18next.t("general:Add")}</Button>
+              <Button id="add-button" style={{marginRight: "5px"}} type="primary" size="small" onClick={this.addPermission.bind(this)}>{i18next.t("general:Add")}</Button>
               {
                 this.renderPermissionUpload()
               }

web/src/PlanEditPage.js

@@ -197,22 +197,27 @@ class PlanEditPage extends React.Component {
         </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("plan:Price per month"), i18next.t("plan:Price per month - Tooltip"))} :
+            {Setting.getLabel(i18next.t("plan:Price"), i18next.t("plan:Price - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <InputNumber value={this.state.plan.pricePerMonth} onChange={value => {
-              this.updatePlanField("pricePerMonth", value);
+            <InputNumber value={this.state.plan.price} onChange={value => {
+              this.updatePlanField("price", value);
             }} />
           </Col>
         </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("plan:Price per year"), i18next.t("plan:Price per year - Tooltip"))} :
+            {Setting.getLabel(i18next.t("plan:Period"), i18next.t("plan:Period - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <InputNumber value={this.state.plan.pricePerYear} onChange={value => {
-              this.updatePlanField("pricePerYear", value);
-            }} />
+            <Select virtual={false} style={{width: "100%"}} value={this.state.plan.period} onChange={value => {
+              this.updatePlanField("period", value);
+            }}
+            options={[
+              {value: "Monthly", label: "Monthly"},
+              {value: "Yearly", label: "Yearly"},
+            ]}
+            />
           </Col>
         </Row>
         <Row style={{marginTop: "20px"}} >

web/src/PlanListPage.js

@@ -32,9 +32,9 @@ class PlanListPage extends BaseListPage {
       createdTime: moment().format(),
       displayName: `New Plan - ${randomName}`,
       description: "",
-      pricePerMonth: 10,
-      pricePerYear: 100,
+      price: 10,
       currency: "USD",
+      period: "Monthly",
       isEnabled: true,
       paymentProviders: [],
       role: "",
@@ -136,18 +136,18 @@ class PlanListPage extends BaseListPage {
         ...this.getColumnSearchProps("currency"),
       },
       {
-        title: i18next.t("plan:Price per month"),
-        dataIndex: "pricePerMonth",
-        key: "pricePerMonth",
+        title: i18next.t("plan:Price"),
+        dataIndex: "price",
+        key: "price",
         width: "130px",
-        ...this.getColumnSearchProps("pricePerMonth"),
+        ...this.getColumnSearchProps("price"),
       },
       {
-        title: i18next.t("plan:Price per year"),
-        dataIndex: "pricePerYear",
-        key: "pricePerYear",
+        title: i18next.t("plan:Period"),
+        dataIndex: "period",
+        key: "period",
         width: "130px",
-        ...this.getColumnSearchProps("pricePerYear"),
+        ...this.getColumnSearchProps("period"),
       },
       {
         title: i18next.t("general:Role"),

web/src/ProductBuyPage.js

@@ -13,8 +13,7 @@
 // limitations under the License.
 
 import React from "react";
-import {Button, Descriptions, Modal, Spin} from "antd";
-import {CheckCircleTwoTone} from "@ant-design/icons";
+import {Button, Descriptions, Spin} from "antd";
 import i18next from "i18next";
 import * as ProductBackend from "./backend/ProductBackend";
 import * as PlanBackend from "./backend/PlanBackend";
@@ -36,7 +35,6 @@ class ProductBuyPage extends React.Component {
       pricing: props?.pricing ?? null,
       plan: null,
       isPlacingOrder: false,
-      qrCodeModalProvider: null,
     };
   }
 
@@ -76,11 +74,10 @@ class ProductBuyPage extends React.Component {
           throw new Error(res.msg);
         }
         const plan = res.data;
-        const productName = plan.product;
         await this.setStateAsync({
           pricing: pricing,
           plan: plan,
-          productName: productName,
+          productName: plan.product,
         });
         this.onUpdatePricing(pricing);
       }
@@ -131,13 +128,6 @@ class ProductBuyPage extends React.Component {
   }
 
   buyProduct(product, provider) {
-    if (provider.clientId.startsWith("http")) {
-      this.setState({
-        qrCodeModalProvider: provider,
-      });
-      return;
-    }
-
     this.setState({
       isPlacingOrder: true,
     });
@@ -145,7 +135,11 @@ class ProductBuyPage extends React.Component {
     ProductBackend.buyProduct(product.owner, product.name, provider.name, this.state.pricingName ?? "", this.state.planName ?? "", this.state.userName ?? "")
       .then((res) => {
         if (res.status === "ok") {
-          const payUrl = res.data;
+          const payment = res.data;
+          let payUrl = payment.payUrl;
+          if (provider.type === "WeChat Pay") {
+            payUrl = `/qrcode/${payment.owner}/${payment.name}?providerName=${provider.name}&payUrl=${encodeURI(payment.payUrl)}&successUrl=${encodeURI(payment.successUrl)}`;
+          }
           Setting.goToLink(payUrl);
         } else {
           Setting.showMessage("error", `${i18next.t("general:Failed to save")}: ${res.msg}`);
@@ -160,45 +154,6 @@ class ProductBuyPage extends React.Component {
       });
   }
 
-  renderQrCodeModal() {
-    if (this.state.qrCodeModalProvider === undefined || this.state.qrCodeModalProvider === null) {
-      return null;
-    }
-
-    return (
-      <Modal title={
-        <div>
-          <CheckCircleTwoTone twoToneColor="rgb(45,120,213)" />
-          {" " + i18next.t("product:Please scan the QR code to pay")}
-        </div>
-      }
-      open={this.state.qrCodeModalProvider !== undefined && this.state.qrCodeModalProvider !== null}
-      onOk={() => {
-        Setting.goToLink(this.state.product.returnUrl);
-      }}
-      onCancel={() => {
-        this.setState({
-          qrCodeModalProvider: null,
-        });
-      }}
-      okText={i18next.t("product:I have completed the payment")}
-      cancelText={i18next.t("general:Cancel")}>
-        <p key={this.state.qrCodeModalProvider?.name}>
-          {
-            i18next.t("product:Please provide your username in the remark")
-          }
-          :&nbsp;&nbsp;
-          {
-            Setting.getTag("default", this.props.account.name)
-          }
-          <br />
-          <br />
-          <img src={this.state.qrCodeModalProvider?.clientId} alt={this.state.qrCodeModalProvider?.name} width={"472px"} style={{marginBottom: "20px"}} />
-        </p>
-      </Modal>
-    );
-  }
-
   getPayButton(provider) {
     let text = provider.type;
     if (provider.type === "Dummy") {
@@ -291,9 +246,6 @@ class ProductBuyPage extends React.Component {
             </Descriptions.Item>
           </Descriptions>
         </Spin>
-        {
-          this.renderQrCodeModal()
-        }
       </div>
     );
   }

web/src/ProductEditPage.js

@@ -98,6 +98,7 @@ class ProductEditPage extends React.Component {
   }
 
   renderProduct() {
+    const isCreatedByPlan = this.state.product.tag === "auto_created_product_for_plan";
     return (
       <Card size="small" title={
         <div>
@@ -107,12 +108,24 @@ class ProductEditPage extends React.Component {
           {this.state.mode === "add" ? <Button style={{marginLeft: "20px"}} onClick={() => this.deleteProduct()}>{i18next.t("general:Cancel")}</Button> : null}
         </div>
       } style={(Setting.isMobile()) ? {margin: "5px"} : {}} type="inner">
+        <Row style={{marginTop: "10px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account) || isCreatedByPlan} value={this.state.product.owner} onChange={(value => {this.updateProductField("owner", value);})}>
+              {
+                this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("general:Name"), i18next.t("general:Name - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Input value={this.state.product.name} onChange={e => {
+            <Input value={this.state.product.name} disabled={isCreatedByPlan} onChange={e => {
               this.updateProductField("name", e.target.value);
             }} />
           </Col>
@@ -127,18 +140,6 @@ class ProductEditPage extends React.Component {
             }} />
           </Col>
         </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("general:Organization"), i18next.t("general:Organization - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} disabled={!Setting.isAdminUser(this.props.account)} value={this.state.product.owner} onChange={(value => {this.updateProductField("owner", value);})}>
-              {
-                this.state.organizations.map((organization, index) => <Option key={index} value={organization.name}>{organization.name}</Option>)
-              }
-            </Select>
-          </Col>
-        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("product:Image"), i18next.t("product:Image - Tooltip"))} :
@@ -171,7 +172,7 @@ class ProductEditPage extends React.Component {
             {Setting.getLabel(i18next.t("user:Tag"), i18next.t("product:Tag - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Input value={this.state.product.tag} onChange={e => {
+            <Input value={this.state.product.tag} disabled={isCreatedByPlan} onChange={e => {
               this.updateProductField("tag", e.target.value);
             }} />
           </Col>
@@ -201,7 +202,7 @@ class ProductEditPage extends React.Component {
             {Setting.getLabel(i18next.t("payment:Currency"), i18next.t("payment:Currency - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.product.currency} onChange={(value => {
+            <Select virtual={false} style={{width: "100%"}} value={this.state.product.currency} disabled={isCreatedByPlan} onChange={(value => {
               this.updateProductField("currency", value);
             })}>
               {
@@ -218,7 +219,7 @@ class ProductEditPage extends React.Component {
             {Setting.getLabel(i18next.t("product:Price"), i18next.t("product:Price - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <InputNumber value={this.state.product.price} onChange={value => {
+            <InputNumber value={this.state.product.price} disabled={isCreatedByPlan} onChange={value => {
               this.updateProductField("price", value);
             }} />
           </Col>
@@ -228,7 +229,7 @@ class ProductEditPage extends React.Component {
             {Setting.getLabel(i18next.t("product:Quantity"), i18next.t("product:Quantity - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <InputNumber value={this.state.product.quantity} onChange={value => {
+            <InputNumber value={this.state.product.quantity} disabled={isCreatedByPlan} onChange={value => {
               this.updateProductField("quantity", value);
             }} />
           </Col>
@@ -238,7 +239,7 @@ class ProductEditPage extends React.Component {
             {Setting.getLabel(i18next.t("product:Sold"), i18next.t("product:Sold - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <InputNumber value={this.state.product.sold} onChange={value => {
+            <InputNumber value={this.state.product.sold} disabled={isCreatedByPlan} onChange={value => {
               this.updateProductField("sold", value);
             }} />
           </Col>
@@ -248,7 +249,7 @@ class ProductEditPage extends React.Component {
             {Setting.getLabel(i18next.t("product:Payment providers"), i18next.t("product:Payment providers - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Select virtual={false} mode="multiple" style={{width: "100%"}} value={this.state.product.providers} onChange={(value => {this.updateProductField("providers", value);})}>
+            <Select virtual={false} mode="multiple" style={{width: "100%"}} disabled={isCreatedByPlan} value={this.state.product.providers} onChange={(value => {this.updateProductField("providers", value);})}>
               {
                 this.state.providers.map((provider, index) => <Option key={index} value={provider.name}>{provider.name}</Option>)
               }
@@ -312,7 +313,7 @@ class ProductEditPage extends React.Component {
 
   submitProductEdit(willExist) {
     const product = Setting.deepCopy(this.state.product);
-    ProductBackend.updateProduct(this.state.product.owner, this.state.productName, product)
+    ProductBackend.updateProduct(this.state.organizationName, this.state.productName, product)
       .then((res) => {
         if (res.status === "ok") {
           Setting.showMessage("success", i18next.t("general:Successfully saved"));

web/src/ProductListPage.js

@@ -253,11 +253,13 @@ class ProductListPage extends BaseListPage {
         width: "230px",
         fixed: (Setting.isMobile()) ? "false" : "right",
         render: (text, record, index) => {
+          const isCreatedByPlan = record.tag === "auto_created_product_for_plan";
           return (
             <div>
               <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} onClick={() => this.props.history.push(`/products/${record.owner}/${record.name}/buy`)}>{i18next.t("product:Buy")}</Button>
               <Button style={{marginTop: "10px", marginBottom: "10px", marginRight: "10px"}} type="primary" onClick={() => this.props.history.push(`/products/${record.owner}/${record.name}`)}>{i18next.t("general:Edit")}</Button>
               <PopconfirmModal
+                disabled={isCreatedByPlan}
                 title={i18next.t("general:Sure to delete") + `: ${record.name} ?`}
                 onConfirm={() => this.deleteProduct(index)}
               >

web/src/ProviderEditPage.js

@@ -16,6 +16,8 @@ import React from "react";
 import {Button, Card, Checkbox, Col, Input, InputNumber, Row, Select, Switch} from "antd";
 import {LinkOutlined} from "@ant-design/icons";
 import * as ProviderBackend from "./backend/ProviderBackend";
+import * as OrganizationBackend from "./backend/OrganizationBackend";
+import * as CertBackend from "./backend/CertBackend";
 import * as Setting from "./Setting";
 import i18next from "i18next";
 import {authConfig} from "./auth/Auth";
@@ -24,7 +26,6 @@ import * as ProviderNotification from "./common/TestNotificationWidget";
 import * as ProviderEditTestSms from "./common/TestSmsWidget";
 import copy from "copy-to-clipboard";
 import {CaptchaPreview} from "./common/CaptchaPreview";
-import * as OrganizationBackend from "./backend/OrganizationBackend";
 import {CountryCodeSelect} from "./common/select/CountryCodeSelect";
 import * as Web3Auth from "./auth/Web3Auth";
 
@@ -39,6 +40,7 @@ class ProviderEditPage extends React.Component {
       providerName: props.match.params.providerName,
       owner: props.organizationName !== undefined ? props.organizationName : props.match.params.organizationName,
       provider: null,
+      certs: [],
       organizations: [],
       mode: props.location.mode !== undefined ? props.location.mode : "edit",
     };
@@ -47,6 +49,7 @@ class ProviderEditPage extends React.Component {
   UNSAFE_componentWillMount() {
     this.getOrganizations();
     this.getProvider();
+    this.getCerts(this.state.owner);
   }
 
   getProvider() {
@@ -80,6 +83,17 @@ class ProviderEditPage extends React.Component {
     }
   }
 
+  getCerts(owner) {
+    CertBackend.getCerts(owner)
+      .then((res) => {
+        if (res.status === "ok") {
+          this.setState({
+            certs: res.data || [],
+          });
+        }
+      });
+  }
+
   parseProviderField(key, value) {
     if (["port"].includes(key)) {
       value = Setting.myParseInt(value);
@@ -91,6 +105,11 @@ class ProviderEditPage extends React.Component {
     value = this.parseProviderField(key, value);
 
     const provider = this.state.provider;
+    if (key === "owner" && provider["owner"] !== value) {
+      // the provider change the owner, reset the cert
+      provider["cert"] = "";
+      this.getCerts(value);
+    }
     provider[key] = value;
     this.setState({
       provider: provider,
@@ -182,6 +201,12 @@ class ProviderEditPage extends React.Component {
       } else {
         return Setting.getLabel(i18next.t("provider:Secret key"), i18next.t("provider:Secret key - Tooltip"));
       }
+    case "Notification":
+      if (provider.type === "Line") {
+        return Setting.getLabel(i18next.t("provider:Secret key"), i18next.t("provider:Secret key - Tooltip"));
+      } else {
+        return Setting.getLabel(i18next.t("provider:Client secret"), i18next.t("provider:Client secret - Tooltip"));
+      }
     default:
       return Setting.getLabel(i18next.t("provider:Client secret"), i18next.t("provider:Client secret - Tooltip"));
     }
@@ -277,7 +302,10 @@ class ProviderEditPage extends React.Component {
         tooltip = i18next.t("provider:App ID - Tooltip");
       }
     } else if (provider.category === "Notification") {
-      if (provider.type === "Telegram") {
+      if (provider.type === "Viber") {
+        text = i18next.t("provider:Domain");
+        tooltip = i18next.t("provider:Domain - Tooltip");
+      } else if (provider.type === "Telegram" || provider.type === "DingTalk" || provider.type === "Pushover" || provider.type === "Pushbullet" || provider.type === "Slack" || provider.type === "Discord" || provider.type === "Line" || provider.type === "Matrix" || provider.type === "Rocket Chat") {
         text = i18next.t("provider:App Key");
         tooltip = i18next.t("provider:App Key - Tooltip");
       }
@@ -305,16 +333,25 @@ class ProviderEditPage extends React.Component {
     let text = "";
     let tooltip = "";
 
-    if (provider.type === "Telegram") {
+    if (provider.type === "Telegram" || provider.type === "Pushover" || provider.type === "Pushbullet" || provider.type === "Slack" || provider.type === "Discord" || provider.type === "Line" || provider.type === "Twitter" || provider.type === "Reddit" || provider.type === "Rocket Chat" || provider.type === "Viber") {
       text = i18next.t("provider:Chat ID");
       tooltip = i18next.t("provider:Chat ID - Tooltip");
-    } else if (provider.type === "Custom HTTP") {
+    } else if (provider.type === "Custom HTTP" || provider.type === "Lark" || provider.type === "Microsoft Teams" || provider.type === "Webpush" || provider.type === "Matrix") {
       text = i18next.t("provider:Endpoint");
       tooltip = i18next.t("provider:Endpoint - Tooltip");
+    } else if (provider.type === "DingTalk" || provider.type === "Bark") {
+      text = i18next.t("provider:Secret Key");
+      tooltip = i18next.t("provider:Secret Key - Tooltip");
     }
 
     if (text === "" && tooltip === "") {
-      return null;
+      return (
+        <React.Fragment>
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel("Test Notification", "Test Notification")} :
+          </Col>
+        </React.Fragment>
+      );
     } else {
       return (
         <React.Fragment>
@@ -406,7 +443,6 @@ class ProviderEditPage extends React.Component {
                 this.updateProviderField("type", "Twilio SMS");
               } else if (value === "Storage") {
                 this.updateProviderField("type", "AWS S3");
-                this.updateProviderField("domain", Setting.getFullServerUrl());
               } else if (value === "SAML") {
                 this.updateProviderField("type", "Keycloak");
               } else if (value === "Payment") {
@@ -423,13 +459,13 @@ class ProviderEditPage extends React.Component {
                 [
                   {id: "Captcha", name: "Captcha"},
                   {id: "Email", name: "Email"},
+                  {id: "Notification", name: "Notification"},
                   {id: "OAuth", name: "OAuth"},
                   {id: "Payment", name: "Payment"},
                   {id: "SAML", name: "SAML"},
                   {id: "SMS", name: "SMS"},
                   {id: "Storage", name: "Storage"},
                   {id: "Web3", name: "Web3"},
-                  {id: "Notification", name: "Notification"},
                 ]
                   .sort((a, b) => a.name.localeCompare(b.name))
                   .map((providerCategory, index) => <Option key={index} value={providerCategory.id}>{providerCategory.name}</Option>)
@@ -591,18 +627,23 @@ class ProviderEditPage extends React.Component {
         {
           (this.state.provider.category === "Captcha" && this.state.provider.type === "Default") ||
           (this.state.provider.category === "Web3") ||
-          (this.state.provider.category === "Storage" && this.state.provider.type === "Local File System" || (this.state.provider.category === "Notification")) ? null : (
+          (this.state.provider.category === "Storage" && this.state.provider.type === "Local File System" ||
+          (this.state.provider.category === "Notification" && this.state.provider.type !== "Webpush" && this.state.provider.type !== "Line" && this.state.provider.type !== "Matrix" && this.state.provider.type !== "Twitter" && this.state.provider.type !== "Reddit" && this.state.provider.type !== "Rocket Chat" && this.state.provider.type !== "Viber")) ? null : (
               <React.Fragment>
-                <Row style={{marginTop: "20px"}} >
-                  <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-                    {this.getClientIdLabel(this.state.provider)} :
-                  </Col>
-                  <Col span={22} >
-                    <Input value={this.state.provider.clientId} onChange={e => {
-                      this.updateProviderField("clientId", e.target.value);
-                    }} />
-                  </Col>
-                </Row>
+                {
+                  this.state.provider.type === "Line" ? null : (
+                    <Row style={{marginTop: "20px"}} >
+                      <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                        {this.getClientIdLabel(this.state.provider)} :
+                      </Col>
+                      <Col span={22} >
+                        <Input value={this.state.provider.clientId} onChange={e => {
+                          this.updateProviderField("clientId", e.target.value);
+                        }} />
+                      </Col>
+                    </Row>
+                  )
+                }
                 <Row style={{marginTop: "20px"}} >
                   <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
                     {this.getClientSecretLabel(this.state.provider)} :
@@ -617,7 +658,7 @@ class ProviderEditPage extends React.Component {
             )
         }
         {
-          this.state.provider.category !== "Email" && this.state.provider.type !== "WeChat" && this.state.provider.type !== "Aliyun Captcha" && this.state.provider.type !== "WeChat Pay" ? null : (
+          this.state.provider.category !== "Email" && this.state.provider.type !== "WeChat" && this.state.provider.type !== "Aliyun Captcha" && this.state.provider.type !== "WeChat Pay" && this.state.provider.type !== "Twitter" && this.state.provider.type !== "Reddit" ? null : (
             <React.Fragment>
               <Row style={{marginTop: "20px"}} >
                 <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
@@ -783,6 +824,18 @@ class ProviderEditPage extends React.Component {
                   </Col>
                 </Row>
               ) : null}
+              {["Google Chat"].includes(this.state.provider.type) ? (
+                <Row style={{marginTop: "20px"}} >
+                  <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                    {Setting.getLabel(i18next.t("provider:Metadata"), i18next.t("provider:Metadata - Tooltip"))} :
+                  </Col>
+                  <Col span={22}>
+                    <TextArea rows={4} value={this.state.provider.metadata} onChange={e => {
+                      this.updateProviderField("metadata", e.target.value);
+                    }} />
+                  </Col>
+                </Row>
+              ) : null}
               <Row style={{marginTop: "20px"}} >
                 <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
                   {Setting.getLabel(i18next.t("provider:Content"), i18next.t("provider:Content - Tooltip"))} :
@@ -909,15 +962,15 @@ class ProviderEditPage extends React.Component {
                 <Col span={4} >
                   <Input.Group compact>
                     <CountryCodeSelect
-                      style={{width: "30%"}}
-                      value={this.state.provider.content}
+                      style={{width: "90px"}}
+                      initValue={this.state.provider.content}
                       onChange={(value) => {
                         this.updateProviderField("content", value);
                       }}
                       countryCodes={this.props.account.organization.countryCodes}
                     />
                     <Input value={this.state.provider.receiver}
-                      style={{width: "70%"}}
+                      style={{width: "150px"}}
                       placeholder = {i18next.t("user:Input your phone number")}
                       onChange={e => {
                         this.updateProviderField("receiver", e.target.value);
@@ -1042,9 +1095,11 @@ class ProviderEditPage extends React.Component {
                 {Setting.getLabel(i18next.t("general:Cert"), i18next.t("general:Cert - Tooltip"))} :
               </Col>
               <Col span={22} >
-                <Input value={this.state.provider.cert} onChange={e => {
-                  this.updateProviderField("cert", e.target.value);
-                }} />
+                <Select virtual={false} style={{width: "100%"}} value={this.state.provider.cert} onChange={(value => {this.updateProviderField("cert", value);})}>
+                  {
+                    this.state.certs.map((cert, index) => <Option key={index} value={cert.name}>{cert.name}</Option>)
+                  }
+                </Select>
               </Col>
             </Row>
           ) : null

web/src/ProviderListPage.js

@@ -142,13 +142,15 @@ class ProviderListPage extends BaseListPage {
         key: "category",
         filterMultiple: false,
         filters: [
-          {text: "OAuth", value: "OAuth"},
+          {text: "Captcha", value: "Captcha"},
           {text: "Email", value: "Email"},
+          {text: "Notification", value: "Notification"},
+          {text: "OAuth", value: "OAuth"},
+          {text: "Payment", value: "Payment"},
+          {text: "SAML", value: "SAML"},
           {text: "SMS", value: "SMS"},
           {text: "Storage", value: "Storage"},
-          {text: "SAML", value: "SAML"},
-          {text: "Captcha", value: "Captcha"},
-          {text: "Payment", value: "Payment"},
+          {text: "Web3", value: "Web3"},
         ],
         width: "110px",
         sorter: true,
@@ -161,13 +163,15 @@ class ProviderListPage extends BaseListPage {
         align: "center",
         filterMultiple: false,
         filters: [
-          {text: "OAuth", value: "OAuth", children: Setting.getProviderTypeOptions("OAuth").map((o) => {return {text: o.id, value: o.name};})},
+          {text: "Captcha", value: "Captcha", children: Setting.getProviderTypeOptions("Captcha").map((o) => {return {text: o.id, value: o.name};})},
           {text: "Email", value: "Email", children: Setting.getProviderTypeOptions("Email").map((o) => {return {text: o.id, value: o.name};})},
+          {text: "Notification", value: "Notification", children: Setting.getProviderTypeOptions("Notification").map((o) => {return {text: o.id, value: o.name};})},
+          {text: "OAuth", value: "OAuth", children: Setting.getProviderTypeOptions("OAuth").map((o) => {return {text: o.id, value: o.name};})},
+          {text: "Payment", value: "Payment", children: Setting.getProviderTypeOptions("Payment").map((o) => {return {text: o.id, value: o.name};})},
+          {text: "SAML", value: "SAML", children: Setting.getProviderTypeOptions("SAML").map((o) => {return {text: o.id, value: o.name};})},
           {text: "SMS", value: "SMS", children: Setting.getProviderTypeOptions("SMS").map((o) => {return {text: o.id, value: o.name};})},
           {text: "Storage", value: "Storage", children: Setting.getProviderTypeOptions("Storage").map((o) => {return {text: o.id, value: o.name};})},
-          {text: "SAML", value: "SAML", children: Setting.getProviderTypeOptions("SAML").map((o) => {return {text: o.id, value: o.name};})},
-          {text: "Captcha", value: "Captcha", children: Setting.getProviderTypeOptions("Captcha").map((o) => {return {text: o.id, value: o.name};})},
-          {text: "Payment", value: "Payment", children: Setting.getProviderTypeOptions("Payment").map((o) => {return {text: o.id, value: o.name};})},
+          {text: "Web3", value: "Web3", children: Setting.getProviderTypeOptions("Web3").map((o) => {return {text: o.id, value: o.name};})},
         ],
         sorter: true,
         render: (text, record, index) => {
@@ -237,7 +241,7 @@ class ProviderListPage extends BaseListPage {
           title={() => (
             <div>
               {i18next.t("general:Providers")}&nbsp;&nbsp;&nbsp;&nbsp;
-              <Button type="primary" size="small" onClick={this.addProvider.bind(this)}>{i18next.t("general:Add")}</Button>
+              <Button id="add-button" type="primary" size="small" onClick={this.addProvider.bind(this)}>{i18next.t("general:Add")}</Button>
             </div>
           )}
           loading={this.state.loading}

web/src/QrCodePage.js

@@ -0,0 +1,135 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+import React from "react";
+import QRCode from "qrcode.react";
+import {Button, Col, Row} from "antd";
+import * as PaymentBackend from "./backend/PaymentBackend";
+import * as Setting from "./Setting";
+import * as ProviderBackend from "./backend/ProviderBackend";
+import i18next from "i18next";
+
+class QrCodePage extends React.Component {
+  constructor(props) {
+    super(props);
+    const params = new URLSearchParams(window.location.search);
+    this.state = {
+      classes: props,
+      owner: props.owner ?? (props.match?.params?.owner ?? null),
+      paymentName: props.paymentName ?? (props.match?.params?.paymentName ?? null),
+      providerName: props.providerName ?? params.get("providerName"),
+      payUrl: props.payUrl ?? params.get("payUrl"),
+      successUrl: props.successUrl ?? params.get("successUrl"),
+      provider: props.provider ?? null,
+      payment: null,
+      timer: null,
+    };
+  }
+
+  async getProvider() {
+    if (!this.state.owner || !this.state.providerName) {
+      return ;
+    }
+    try {
+      const res = await ProviderBackend.getProvider(this.state.owner, this.state.providerName);
+      if (res.status !== "ok") {
+        throw new Error(res.msg);
+      }
+      const provider = res.data;
+      this.setState({
+        provider: provider,
+      });
+    } catch (err) {
+      Setting.showMessage("error", err.message);
+      return ;
+    }
+  }
+
+  setNotifyTask() {
+    if (!this.state.owner || !this.state.paymentName) {
+      return ;
+    }
+
+    const notifyTask = async() => {
+      try {
+        const res = await PaymentBackend.notifyPayment(this.state.owner, this.state.paymentName);
+        if (res.status !== "ok") {
+          throw new Error(res.msg);
+        }
+        const payment = res.data;
+        if (payment.state !== "Created") {
+          Setting.goToLink(this.state.successUrl);
+        }
+      } catch (err) {
+        Setting.showMessage("error", err.message);
+        return ;
+      }
+    };
+
+    this.setState({
+      timer: setTimeout(async() => {
+        await notifyTask();
+        this.setNotifyTask();
+      }, 2000),
+    });
+  }
+
+  componentDidMount() {
+    if (this.props.onUpdateApplication) {
+      this.props.onUpdateApplication(null);
+    }
+    this.getProvider();
+    this.setNotifyTask();
+  }
+
+  componentWillUnmount() {
+    clearInterval(this.state.timer);
+  }
+
+  renderProviderInfo(provider) {
+    if (!provider) {
+      return null;
+    }
+    const text = i18next.t(`product:${provider.type}`);
+    return (
+      <Button style={{height: "50px", borderWidth: "2px"}} shape="round" icon={
+        <img style={{marginRight: "10px"}} width={36} height={36} src={Setting.getProviderLogoURL(provider)} alt={provider.displayName} />
+      } size={"large"} >
+        {
+          text
+        }
+      </Button>
+    );
+  }
+
+  render() {
+    if (!this.state.payUrl || !this.state.successUrl || !this.state.owner || !this.state.paymentName) {
+      return null;
+    }
+    return (
+      <div className="login-content">
+        <Col>
+          <Row style={{justifyContent: "center"}}>
+            {this.renderProviderInfo(this.state.provider)}
+          </Row>
+          <Row style={{marginTop: "10px", justifyContent: "center"}}>
+            <QRCode value={this.state.payUrl} size={this.props.size ?? 200} />
+          </Row>
+        </Col>
+      </div>
+    );
+  }
+}
+
+export default QrCodePage;

web/src/ResourceListPage.js

@@ -76,7 +76,7 @@ class ResourceListPage extends BaseListPage {
     return (
       <Upload maxCount={1} accept="image/*,video/*,audio/*,.pdf,.doc,.docx,.csv,.xls,.xlsx" showUploadList={false}
         beforeUpload={file => {return false;}} onChange={info => {this.handleUpload(info);}}>
-        <Button icon={<UploadOutlined />} loading={this.state.uploading} type="primary" size="small">
+        <Button id="upload-button" icon={<UploadOutlined />} loading={this.state.uploading} type="primary" size="small">
           {i18next.t("resource:Upload a file...")}
         </Button>
       </Upload>

web/src/Setting.js

@@ -32,7 +32,8 @@ export const ServerUrl = "";
 
 export const StaticBaseUrl = "https://cdn.casbin.org";
 
-export const Countries = [{label: "English", key: "en", country: "US", alt: "English"},
+export const Countries = [
+  {label: "English", key: "en", country: "US", alt: "English"},
   {label: "Español", key: "es", country: "ES", alt: "Español"},
   {label: "Français", key: "fr", country: "FR", alt: "Français"},
   {label: "Deutsch", key: "de", country: "DE", alt: "Deutsch"},
@@ -42,13 +43,19 @@ export const Countries = [{label: "English", key: "en", country: "US", alt: "Eng
   {label: "한국어", key: "ko", country: "KR", alt: "한국어"},
   {label: "Русский", key: "ru", country: "RU", alt: "Русский"},
   {label: "TiếngViệt", key: "vi", country: "VN", alt: "TiếngViệt"},
-  {label: "Português", key: "pt", country: "BR", alt: "Português"},
-  {label: "Itariano", key: "it", country: "IT", alt: "Itariano"},
-  {label: "Marley", key: "ms", country: "MY", alt: "Marley"},
-  {label: "Tkiš", key: "tr", country: "TR", alt: "Tkiš"},
-  {label: "لغة عربية", key: "ar", country: "DZ", alt: "لغة عربية"},
+  {label: "Português", key: "pt", country: "PT", alt: "Português"},
+  {label: "Italiano", key: "it", country: "IT", alt: "Italiano"},
+  {label: "Malay", key: "ms", country: "MY", alt: "Malay"},
+  {label: "Türkçe", key: "tr", country: "TR", alt: "Türkçe"},
+  {label: "لغة عربية", key: "ar", country: "SA", alt: "لغة عربية"},
   {label: "עִבְרִית", key: "he", country: "IL", alt: "עִבְרִית"},
-  {label: "Filipino", key: "fi", country: "PH", alt: "Filipino"},
+  {label: "Nederlands", key: "nl", country: "NL", alt: "Nederlands"},
+  {label: "Polski", key: "pl", country: "PL", alt: "Polski"},
+  {label: "Suomi", key: "fi", country: "FI", alt: "Suomi"},
+  {label: "Svenska", key: "sv", country: "SE", alt: "Svenska"},
+  {label: "Українська", key: "uk", country: "UA", alt: "Українська"},
+  {label: "Қазақ", key: "kk", country: "KZ", alt: "Қазақ"},
+  {label: "فارسی", key: "fa", country: "IR", alt: "فارسی"},
 ];
 
 export function getThemeData(organization, application) {
@@ -274,7 +281,71 @@ export const OtherProviderInfo = {
     },
     "Custom HTTP": {
       logo: `${StaticBaseUrl}/img/email_default.png`,
-      url: "https://casdoor.org/docs/provider/sms/overview",
+      url: "https://casdoor.org/docs/provider/notification/overview",
+    },
+    "DingTalk": {
+      logo: `${StaticBaseUrl}/img/social_dingtalk.png`,
+      url: "https://www.dingtalk.com/",
+    },
+    "Lark": {
+      logo: `${StaticBaseUrl}/img/social_lark.png`,
+      url: "https://www.larksuite.com/",
+    },
+    "Microsoft Teams": {
+      logo: `${StaticBaseUrl}/img/social_teams.png`,
+      url: "https://www.microsoft.com/microsoft-teams",
+    },
+    "Bark": {
+      logo: `${StaticBaseUrl}/img/social_bark.png`,
+      url: "https://apps.apple.com/us/app/bark-customed-notifications/id1403753865",
+    },
+    "Pushover": {
+      logo: `${StaticBaseUrl}/img/social_pushover.png`,
+      url: "https://pushover.net/",
+    },
+    "Pushbullet": {
+      logo: `${StaticBaseUrl}/img/social_pushbullet.png`,
+      url: "https://www.pushbullet.com/",
+    },
+    "Slack": {
+      logo: `${StaticBaseUrl}/img/social_slack.png`,
+      url: "https://slack.com/",
+    },
+    "Webpush": {
+      logo: `${StaticBaseUrl}/img/email_default.png`,
+      url: "https://developer.mozilla.org/en-US/docs/Web/API/Push_API",
+    },
+    "Discord": {
+      logo: `${StaticBaseUrl}/img/social_discord.png`,
+      url: "https://discord.com/",
+    },
+    "Google Chat": {
+      logo: `${StaticBaseUrl}/img/social_google_chat.png`,
+      url: "https://workspace.google.com/intl/en/products/chat/",
+    },
+    "Line": {
+      logo: `${StaticBaseUrl}/img/social_line.png`,
+      url: "https://line.me/",
+    },
+    "Matrix": {
+      logo: `${StaticBaseUrl}/img/social_matrix.png`,
+      url: "https://www.matrix.org/",
+    },
+    "Twitter": {
+      logo: `${StaticBaseUrl}/img/social_twitter.png`,
+      url: "https://twitter.com/",
+    },
+    "Reddit": {
+      logo: `${StaticBaseUrl}/img/social_reddit.png`,
+      url: "https://www.reddit.com/",
+    },
+    "Rocket Chat": {
+      logo: `${StaticBaseUrl}/img/social_rocket_chat.png`,
+      url: "https://rocket.chat/",
+    },
+    "Viber": {
+      logo: `${StaticBaseUrl}/img/social_viber.png`,
+      url: "https://www.viber.com/",
     },
   },
 };
@@ -927,7 +998,7 @@ export function getProviderTypeOptions(category) {
         {id: "Local File System", name: "Local File System"},
         {id: "AWS S3", name: "AWS S3"},
         {id: "MinIO", name: "MinIO"},
-        {id: "Aliyun OSS", name: "Aliyun OSS"},
+        {id: "Aliyun OSS", name: "Alibaba Cloud OSS"},
         {id: "Tencent Cloud COS", name: "Tencent Cloud COS"},
         {id: "Azure Blob", name: "Azure Blob"},
         {id: "Qiniu Cloud Kodo", name: "Qiniu Cloud Kodo"},
@@ -966,6 +1037,22 @@ export function getProviderTypeOptions(category) {
     return ([
       {id: "Telegram", name: "Telegram"},
       {id: "Custom HTTP", name: "Custom HTTP"},
+      {id: "DingTalk", name: "DingTalk"},
+      {id: "Lark", name: "Lark"},
+      {id: "Microsoft Teams", name: "Microsoft Teams"},
+      {id: "Bark", name: "Bark"},
+      {id: "Pushover", name: "Pushover"},
+      {id: "Pushbullet", name: "Pushbullet"},
+      {id: "Slack", name: "Slack"},
+      {id: "Webpush", name: "Webpush"},
+      {id: "Discord", name: "Discord"},
+      {id: "Google Chat", name: "Google Chat"},
+      {id: "Line", name: "Line"},
+      {id: "Matrix", name: "Matrix"},
+      {id: "Twitter", name: "Twitter"},
+      {id: "Reddit", name: "Reddit"},
+      {id: "Rocket Chat", name: "Rocket Chat"},
+      {id: "Viber", name: "Viber"},
     ]);
   } else {
     return [];

web/src/SubscriptionEditPage.js

@@ -14,7 +14,7 @@
 
 import moment from "moment";
 import React from "react";
-import {Button, Card, Col, DatePicker, Input, InputNumber, Row, Select} from "antd";
+import {Button, Card, Col, DatePicker, Input, Row, Select} from "antd";
 import * as OrganizationBackend from "./backend/OrganizationBackend";
 import * as PricingBackend from "./backend/PricingBackend";
 import * as PlanBackend from "./backend/PlanBackend";
@@ -171,16 +171,6 @@ class SubscriptionEditPage extends React.Component {
             }} />
           </Col>
         </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("subscription:Duration"), i18next.t("subscription:Duration - Tooltip"))}
-          </Col>
-          <Col span={22} >
-            <InputNumber value={this.state.subscription.duration} onChange={value => {
-              this.updateSubscriptionField("duration", value);
-            }} />
-          </Col>
-        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("subscription:Start time"), i18next.t("subscription:Start time - Tooltip"))}
@@ -201,6 +191,23 @@ class SubscriptionEditPage extends React.Component {
             }} />
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("plan:Period"), i18next.t("plan:Period - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select
+              defaultValue={this.state.subscription.period === "" ? "Monthly" : this.state.subscription.period}
+              onChange={value => {
+                this.updateSubscriptionField("period", value);
+              }}
+              options={[
+                {value: "Monthly", label: "Monthly"},
+                {value: "Yearly", label: "Yearly"},
+              ]}
+            />
+          </Col>
+        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("general:User"), i18next.t("general:User - Tooltip"))} :

web/src/SubscriptionListPage.js

@@ -27,7 +27,6 @@ class SubscriptionListPage extends BaseListPage {
   newSubscription() {
     const randomName = Setting.getRandomName();
     const owner = Setting.getRequestOrganization(this.props.account);
-    const defaultDuration = 30;
 
     return {
       owner: owner,
@@ -35,8 +34,8 @@ class SubscriptionListPage extends BaseListPage {
       createdTime: moment().format(),
       displayName: `New Subscription - ${randomName}`,
       startTime: moment().format(),
-      endTime: moment().add(defaultDuration, "d").format(),
-      duration: defaultDuration,
+      endTime: moment().add(30, "d").format(),
+      period: "Monthly",
       description: "",
       user: "",
       plan: "",
@@ -130,11 +129,11 @@ class SubscriptionListPage extends BaseListPage {
         ...this.getColumnSearchProps("displayName"),
       },
       {
-        title: i18next.t("subscription:Duration"),
-        dataIndex: "duration",
-        key: "duration",
+        title: i18next.t("subscription:Period"),
+        dataIndex: "period",
+        key: "period",
         width: "140px",
-        ...this.getColumnSearchProps("duration"),
+        ...this.getColumnSearchProps("period"),
       },
       {
         title: i18next.t("subscription:Start time"),
@@ -150,20 +149,6 @@ class SubscriptionListPage extends BaseListPage {
         width: "140px",
         ...this.getColumnSearchProps("endTime"),
       },
-      {
-        title: i18next.t("general:Pricing"),
-        dataIndex: "pricing",
-        key: "pricing",
-        width: "140px",
-        ...this.getColumnSearchProps("pricing"),
-        render: (text, record, index) => {
-          return (
-            <Link to={`/pricings/${record.owner}/${text}`}>
-              {text}
-            </Link>
-          );
-        },
-      },
       {
         title: i18next.t("general:Plan"),
         dataIndex: "plan",

web/src/SyncerEditPage.js

@@ -234,12 +234,60 @@ class SyncerEditPage extends React.Component {
             </Select>
           </Col>
         </Row>
+        <Row style={{marginTop: "20px"}} >
+          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+            {Setting.getLabel(i18next.t("syncer:Database type"), i18next.t("syncer:Database type - Tooltip"))} :
+          </Col>
+          <Col span={22} >
+            <Select virtual={false} style={{width: "100%"}} value={this.state.syncer.databaseType} onChange={(value => {
+              this.updateSyncerField("databaseType", value);
+              if (value === "postgres") {
+                this.updateSyncerField("sslMode", "disable");
+              } else {
+                this.updateSyncerField("sslMode", "");
+              }
+            })}>
+              {
+                [
+                  {id: "mysql", name: "MySQL"},
+                  {id: "postgres", name: "PostgreSQL"},
+                  {id: "mssql", name: "SQL Server"},
+                  {id: "oracle", name: "Oracle"},
+                  {id: "sqlite3", name: "Sqlite 3"},
+                ].map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
+              }
+            </Select>
+          </Col>
+        </Row>
+        {
+          this.state.syncer.databaseType !== "postgres" ? null : (
+            <Row style={{marginTop: "20px"}} >
+              <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
+                {Setting.getLabel(i18next.t("syncer:SSL mode"), i18next.t("syncer:SSL mode - Tooltip"))} :
+              </Col>
+              <Col span={22} >
+                <Select virtual={false} style={{width: "100%"}} value={this.state.syncer.sslMode} onChange={(value => {this.updateSyncerField("sslMode", value);})}>
+                  {
+                    [
+                      {id: "disable", name: "disable"},
+                      // {id: "allow", name: "allow"},
+                      // {id: "prefer", name: "prefer"},
+                      {id: "require", name: "require"},
+                      {id: "verify-ca", name: "verify-ca"},
+                      {id: "verify-full", name: "verify-full"},
+                    ].map((item, index) => <Option key={index} value={item.id}>{item.name}</Option>)
+                  }
+                </Select>
+              </Col>
+            </Row>
+          )
+        }
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("provider:Host"), i18next.t("provider:Host - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <Input value={this.state.syncer.host} onChange={e => {
+            <Input prefix={<LinkOutlined />} value={this.state.syncer.host} onChange={e => {
               this.updateSyncerField("host", e.target.value);
             }} />
           </Col>
@@ -274,24 +322,6 @@ class SyncerEditPage extends React.Component {
             }} />
           </Col>
         </Row>
-        <Row style={{marginTop: "20px"}} >
-          <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
-            {Setting.getLabel(i18next.t("syncer:Database type"), i18next.t("syncer:Database type - Tooltip"))} :
-          </Col>
-          <Col span={22} >
-            <Select virtual={false} style={{width: "100%"}} value={this.state.syncer.databaseType} onChange={(value => {this.updateSyncerField("databaseType", value);})}>
-              {
-                [
-                  {id: "mysql", name: "MySQL"},
-                  {id: "postgres", name: "PostgreSQL"},
-                  {id: "mssql", name: "SQL Server"},
-                  {id: "oracle", name: "Oracle"},
-                  {id: "sqlite3", name: "Sqlite 3"},
-                ].map((databaseType, index) => <Option key={index} value={databaseType.id}>{databaseType.name}</Option>)
-              }
-            </Select>
-          </Col>
-        </Row>
         <Row style={{marginTop: "20px"}} >
           <Col style={{marginTop: "5px"}} span={(Setting.isMobile()) ? 22 : 2}>
             {Setting.getLabel(i18next.t("syncer:Database"), i18next.t("syncer:Database - Tooltip"))} :

web/src/SyncerListPage.js

@@ -86,8 +86,13 @@ class SyncerListPage extends BaseListPage {
     this.setState({loading: true});
     SyncerBackend.runSyncer("admin", this.state.data[i].name)
       .then((res) => {
-        this.setState({loading: false});
-        Setting.showMessage("success", "Syncer sync users successfully");
+        if (res.status === "ok") {
+          this.setState({loading: false});
+          Setting.showMessage("success", i18next.t("general:Successfully synced"));
+        } else {
+          this.setState({loading: false});
+          Setting.showMessage("error", `${i18next.t("general:Failed to sync")}: ${res.msg}`);
+        }
       }
       )
       .catch(error => {
@@ -151,6 +156,13 @@ class SyncerListPage extends BaseListPage {
           {text: "LDAP", value: "LDAP"},
         ],
       },
+      {
+        title: i18next.t("syncer:Database type"),
+        dataIndex: "databaseType",
+        key: "databaseType",
+        width: "130px",
+        sorter: (a, b) => a.databaseType.localeCompare(b.databaseType),
+      },
       {
         title: i18next.t("provider:Host"),
         dataIndex: "host",
@@ -183,13 +195,6 @@ class SyncerListPage extends BaseListPage {
         sorter: true,
         ...this.getColumnSearchProps("password"),
       },
-      {
-        title: i18next.t("syncer:Database type"),
-        dataIndex: "databaseType",
-        key: "databaseType",
-        width: "120px",
-        sorter: (a, b) => a.databaseType.localeCompare(b.databaseType),
-      },
       {
         title: i18next.t("syncer:Database"),
         dataIndex: "database",
@@ -208,7 +213,7 @@ class SyncerListPage extends BaseListPage {
         title: i18next.t("syncer:Sync interval"),
         dataIndex: "syncInterval",
         key: "syncInterval",
-        width: "130px",
+        width: "140px",
         sorter: true,
         ...this.getColumnSearchProps("syncInterval"),
       },

web/src/SystemInfo.js

@@ -12,10 +12,11 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-import {Card, Col, Divider, Progress, Row, Spin} from "antd";
+import {Card, Col, Divider, Progress, Row, Spin, Tour} from "antd";
 import * as SystemBackend from "./backend/SystemInfo";
 import React from "react";
 import * as Setting from "./Setting";
+import * as TourConfig from "./TourConfig";
 import i18next from "i18next";
 import PrometheusInfoTable from "./table/PrometheusInfoTable";
 
@@ -29,6 +30,7 @@ class SystemInfo extends React.Component {
       prometheusInfo: {apiThroughput: [], apiLatency: [], totalThroughput: 0},
       intervalId: null,
       loading: true,
+      isTourVisible: TourConfig.getTourVisible(),
     };
   }
 
@@ -67,12 +69,48 @@ class SystemInfo extends React.Component {
     });
   }
 
+  componentDidMount() {
+    window.addEventListener("storageTourChanged", this.handleTourChange);
+  }
+
+  handleTourChange = () => {
+    this.setState({isTourVisible: TourConfig.getTourVisible()});
+  };
+
   componentWillUnmount() {
     if (this.state.intervalId !== null) {
       clearInterval(this.state.intervalId);
     }
+    window.removeEventListener("storageTourChanged", this.handleTourChange);
   }
 
+  setIsTourVisible = () => {
+    TourConfig.setIsTourVisible(false);
+    this.setState({isTourVisible: false});
+  };
+
+  handleTourComplete = () => {
+    const nextPathName = TourConfig.getNextUrl();
+    if (nextPathName !== "") {
+      this.props.history.push("/" + nextPathName);
+      TourConfig.setIsTourVisible(true);
+    }
+  };
+
+  getSteps = () => {
+    const nextPathName = TourConfig.getNextUrl();
+    const steps = TourConfig.getSteps();
+    steps.map((item, index) => {
+      item.target = () => document.getElementById(item.id) || null;
+      if (index === steps.length - 1) {
+        item.nextButtonProps = {
+          children: TourConfig.getNextButtonChild(nextPathName),
+        };
+      }
+    });
+    return steps;
+  };
+
   render() {
     const cpuUi = this.state.systemInfo.cpuUsage?.length <= 0 ? i18next.t("system:Failed to get CPU usage") :
       this.state.systemInfo.cpuUsage.map((usage, i) => {
@@ -99,45 +137,58 @@ class SystemInfo extends React.Component {
 
     if (!Setting.isMobile()) {
       return (
-        <Row>
-          <Col span={6}></Col>
-          <Col span={12}>
-            <Row gutter={[10, 10]}>
-              <Col span={12}>
-                <Card title={i18next.t("system:CPU Usage")} bordered={true} style={{textAlign: "center", height: "100%"}}>
-                  {this.state.loading ? <Spin size="large" /> : cpuUi}
-                </Card>
-              </Col>
-              <Col span={12}>
-                <Card title={i18next.t("system:Memory Usage")} bordered={true} style={{textAlign: "center", height: "100%"}}>
-                  {this.state.loading ? <Spin size="large" /> : memUi}
-                </Card>
-              </Col>
-              <Col span={24}>
-                <Card title={i18next.t("system:API Latency")} bordered={true} style={{textAlign: "center", height: "100%"}}>
-                  {this.state.loading ? <Spin size="large" /> : latencyUi}
-                </Card>
-              </Col>
-              <Col span={24}>
-                <Card title={i18next.t("system:API Throughput")} bordered={true} style={{textAlign: "center", height: "100%"}}>
-                  {this.state.loading ? <Spin size="large" /> : throughputUi}
-                </Card>
-              </Col>
-            </Row>
-            <Divider />
-            <Card title={i18next.t("system:About Casdoor")} bordered={true} style={{textAlign: "center"}}>
-              <div>{i18next.t("system:An Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML and CAS")}</div>
-              GitHub: <a target="_blank" rel="noreferrer" href="https://github.com/casdoor/casdoor">Casdoor</a>
-              <br />
-              {i18next.t("system:Version")}: <a target="_blank" rel="noreferrer" href={link}>{versionText}</a>
-              <br />
-              {i18next.t("system:Official website")}: <a target="_blank" rel="noreferrer" href="https://casdoor.org">https://casdoor.org</a>
-              <br />
-              {i18next.t("system:Community")}: <a target="_blank" rel="noreferrer" href="https://casdoor.org/#:~:text=Casdoor%20API-,Community,-GitHub">Get in Touch!</a>
-            </Card>
-          </Col>
-          <Col span={6}></Col>
-        </Row>
+        <>
+          <Row>
+            <Col span={6}></Col>
+            <Col span={12}>
+              <Row gutter={[10, 10]}>
+                <Col span={12}>
+                  <Card id="cpu-card" title={i18next.t("system:CPU Usage")} bordered={true} style={{textAlign: "center", height: "100%"}}>
+                    {this.state.loading ? <Spin size="large" /> : cpuUi}
+                  </Card>
+                </Col>
+                <Col span={12}>
+                  <Card id="memory-card" title={i18next.t("system:Memory Usage")} bordered={true} style={{textAlign: "center", height: "100%"}}>
+                    {this.state.loading ? <Spin size="large" /> : memUi}
+                  </Card>
+                </Col>
+                <Col span={24}>
+                  <Card id="latency-card" title={i18next.t("system:API Latency")} bordered={true} style={{textAlign: "center", height: "100%"}}>
+                    {this.state.loading ? <Spin size="large" /> : latencyUi}
+                  </Card>
+                </Col>
+                <Col span={24}>
+                  <Card id="throughput-card" title={i18next.t("system:API Throughput")} bordered={true} style={{textAlign: "center", height: "100%"}}>
+                    {this.state.loading ? <Spin size="large" /> : throughputUi}
+                  </Card>
+                </Col>
+              </Row>
+              <Divider />
+              <Card id="about-card" title={i18next.t("system:About Casdoor")} bordered={true} style={{textAlign: "center"}}>
+                <div>{i18next.t("system:An Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML and CAS")}</div>
+                GitHub: <a target="_blank" rel="noreferrer" href="https://github.com/casdoor/casdoor">Casdoor</a>
+                <br />
+                {i18next.t("system:Version")}: <a target="_blank" rel="noreferrer" href={link}>{versionText}</a>
+                <br />
+                {i18next.t("system:Official website")}: <a target="_blank" rel="noreferrer" href="https://casdoor.org">https://casdoor.org</a>
+                <br />
+                {i18next.t("system:Community")}: <a target="_blank" rel="noreferrer" href="https://casdoor.org/#:~:text=Casdoor%20API-,Community,-GitHub">Get in Touch!</a>
+              </Card>
+            </Col>
+            <Col span={6}></Col>
+          </Row>
+          <Tour
+            open={Setting.isMobile() ? false : this.state.isTourVisible}
+            onClose={this.setIsTourVisible}
+            steps={this.getSteps()}
+            indicatorsRender={(current, total) => (
+              <span>
+                {current + 1} / {total}
+              </span>
+            )}
+            onFinish={this.handleTourComplete}
+          />
+        </>
       );
     } else {
       return (

web/src/TourConfig.js

@@ -0,0 +1,229 @@
+import React from "react";
+
+export const TourObj = {
+  home: [
+    {
+      title: "Welcome to casdoor",
+      description: "You can learn more about the use of CasDoor at https://casdoor.org/.",
+      cover: (
+        <img
+          alt="casdoor.png"
+          src="https://cdn.casbin.org/img/casdoor-logo_1185x256.png"
+        />
+      ),
+    },
+    {
+      title: "Statistic cards",
+      description: "Here are four statistic cards for user information.",
+      id: "statistic",
+    },
+    {
+      title: "Import users",
+      description: "You can add new users or update existing Casdoor users by uploading a XLSX file of user information.",
+      id: "echarts-chart",
+    },
+  ],
+  webhooks: [
+    {
+      title: "Webhook List",
+      description: "Event systems allow you to build integrations, which subscribe to certain events on Casdoor. When one of those event is triggered, we'll send a POST json payload to the configured URL. The application parsed the json payload and carry out the hooked function. Events consist of signup, login, logout, update users, which are stored in the action field of the record. Event systems can be used to update an external issue from users.",
+    },
+  ],
+  syncers: [
+    {
+      title: "Syncer List",
+      description: "Casdoor stores users in user table. Don't worry about migrating your application user data into Casdoor, when you plan to use Casdoor as an authentication platform. Casdoor provides syncer to quickly help you sync user data to Casdoor.",
+    },
+  ],
+  sysinfo: [
+    {
+      title: "CPU Usage",
+      description: "You can see the CPU usage in real time.",
+      id: "cpu-card",
+    },
+    {
+      title: "Memory Usage",
+      description: "You can see the Memory usage in real time.",
+      id: "memory-card",
+    },
+    {
+      title: "API Latency",
+      description: "You can see the usage statistics of each API latency in real time.",
+      id: "latency-card",
+    },
+    {
+      title: "API Throughput",
+      description: "You can see the usage statistics of each API throughput in real time.",
+      id: "throughput-card",
+    },
+    {
+      title: "About Casdoor",
+      description: "You can get more Casdoor information in this card.",
+      id: "about-card",
+    },
+  ],
+  subscriptions: [
+    {
+      title: "Subscription List",
+      description: "Subscription helps to manage user's selected plan that make easy to control application's features access.",
+    },
+  ],
+  pricings: [
+    {
+      title: "Price List",
+      description: "Casdoor can be used as subscription management system via plan, pricing and subscription.",
+    },
+  ],
+  plans: [
+    {
+      title: "Plan List",
+      description: "Plan  describe list of application's features with own name and price. Plan features depends on Casdoor role with set of permissions.That allow to describe plan's features independ on naming and price. For example: plan may has diffrent prices depends on county or date.",
+    },
+  ],
+  payments: [
+    {
+      title: "Payment List",
+      description: "After the payment is successful, you can see the transaction information of the products in Payment, such as organization, user, purchase time, product name, etc.",
+    },
+  ],
+  products: [
+    {
+      title: "Session List",
+      description: "You can add the product (or service) you want to sell. The following will tell you how to add a product.",
+    },
+  ],
+  sessions: [
+    {
+      title: "Session List",
+      description: "You can get Session ID in this list.",
+    },
+  ],
+  tokens: [
+    {
+      title: "Token List",
+      description: "Casdoor is based on OAuth. Tokens are users' OAuth token.You can get access token in this list.",
+    },
+  ],
+  enforcers: [
+    {
+      title: "Enforcer List",
+      description: "In addition to the API interface for requesting enforcement of permission control, Casdoor also provides other interfaces that help external applications obtain permission policy information, which is also listed here.",
+    },
+  ],
+  adapters: [
+    {
+      title: "Adapter List",
+      description: "Casdoor supports using the UI to connect the adapter and manage the policy rules. In Casbin, the policy storage is implemented as an adapter (aka middleware for Casbin). A Casbin user can use an adapter to load policy rules from a storage, or save policy rules to it.",
+    },
+  ],
+  models: [
+    {
+      title: "Model List",
+      description: "Model defines your permission policy structure, and how requests should match these permission policies and their effects. Then you can user model in Permission.",
+    },
+  ],
+  permissions: [
+    {
+      title: "Permission List",
+      description: "All users associated with a single Casdoor organization are shared between the organization's applications and therefore have access to the applications. Sometimes you may want to restrict users' access to certain applications, or certain resources in a certain application. In this case, you can use Permission implemented by Casbin.",
+    },
+    {
+      title: "Permission Add",
+      description: "In the Casdoor Web UI, you can add a Model for your organization in the Model configuration item, and a Policy for your organization in the Permission configuration item. ",
+      id: "add-button",
+    },
+    {
+      title: "Permission Upload",
+      description: "With Casbin Online Editor, you can get Model and Policy files suitable for your usage scenarios. You can easily import the Model file into Casdoor through the Casdoor Web UI for use by the built-in Casbin. ",
+      id: "upload-button",
+    },
+  ],
+  roles: [
+    {
+      title: "Role List",
+      description: "Each user may have multiple roles. You can see the user's roles on the user's profile.",
+    },
+  ],
+  resources: [
+    {
+      title: "Resource List",
+      description: "You can upload resources in casdoor. Before upload resources, you need to configure a storage provider. Please see Storage Provider.",
+    },
+    {
+      title: "Upload Resource",
+      description: "Users can upload resources such as files and images to the previously configured cloud storage.",
+      id: "upload-button",
+    },
+  ],
+  providers: [
+    {
+      title: "Provider List",
+      description: "We have 6 kinds of providers:OAuth providers、SMS Providers、Email Providers、Storage Providers、Payment Provider、Captcha Provider.",
+    },
+    {
+      title: "Provider Add",
+      description: "You must add the provider to application, then you can use the provider in your application",
+      id: "add-button",
+    },
+  ],
+  organizations: [
+    {
+      title: "Organization List",
+      description: "Organization is the basic unit of Casdoor, which manages users and applications. If a user signed in to an organization, then he can access all applications belonging to the organization without signing in again.",
+    },
+  ],
+  groups: [
+    {
+      title: "Group List",
+      description: "In the groups list pages, you can see all the groups in organizations.",
+    },
+  ],
+  users: [
+    {
+      title: "User List",
+      description: "As an authentication platform, Casdoor is able to manage users.",
+    },
+    {
+      title: "Import users",
+      description: "You can add new users or update existing Casdoor users by uploading a XLSX file of user information.",
+      id: "upload-button",
+    },
+  ],
+  applications: [
+    {
+      title: "Application List",
+      description: "If you want to use Casdoor to provide login service for your web Web APPs, you can add them as Casdoor applications. Users can access all applications in their organizations without login twice.",
+    },
+  ],
+};
+
+export const TourUrlList = ["home", "organizations", "groups", "users", "applications", "providers", "resources", "roles", "permissions", "models", "adapters", "enforcers", "tokens", "sessions", "products", "payments", "plans", "pricings", "subscriptions", "sysinfo", "syncers", "webhooks"];
+
+export function getNextUrl(pathName = window.location.pathname) {
+  return TourUrlList[TourUrlList.indexOf(pathName.replace("/", "")) + 1] || "";
+}
+
+export function setIsTourVisible(visible) {
+  localStorage.setItem("isTourVisible", visible);
+  window.dispatchEvent(new Event("storageTourChanged"));
+}
+
+export function getTourVisible() {
+  return localStorage.getItem("isTourVisible") !== "false";
+}
+
+export function getNextButtonChild(nextPathName) {
+  return nextPathName !== "" ?
+    `Go to "${nextPathName.charAt(0).toUpperCase()}${nextPathName.slice(1)} List"`
+    : "Finish";
+}
+
+export function getSteps() {
+  const path = window.location.pathname.replace("/", "");
+  const res = TourObj[path];
+  if (res === undefined) {
+    return [];
+  } else {
+    return res;
+  }
+}

web/src/UserEditPage.js

@@ -402,7 +402,7 @@ class UserEditPage extends React.Component {
             {Setting.getLabel(i18next.t("general:Password"), i18next.t("general:Password - Tooltip"))} :
           </Col>
           <Col span={22} >
-            <PasswordModal user={this.state.user} organization={this.getUserOrganization()} account={this.props.account} disabled={disabled} />
+            <PasswordModal user={this.state.user} userName={this.state.userName} organization={this.getUserOrganization()} account={this.props.account} disabled={disabled} />
           </Col>
         </Row>
       );

web/src/UserListPage.js

@@ -187,7 +187,7 @@ class UserListPage extends BaseListPage {
 
     return (
       <Upload {...props}>
-        <Button type="primary" size="small">
+        <Button id="upload-button" type="primary" size="small">
           <UploadOutlined /> {i18next.t("user:Upload (.xlsx)")}
         </Button>
       </Upload>
@@ -426,7 +426,7 @@ class UserListPage extends BaseListPage {
           title={() => (
             <div>
               {i18next.t("general:Users")}&nbsp;&nbsp;&nbsp;&nbsp;
-              <Button style={{marginRight: "5px"}} type="primary" size="small" onClick={this.addUser.bind(this)}>{i18next.t("general:Add")}</Button>
+              <Button style={{marginRight: "5px"}} type="primary" size="small" onClick={this.addUser.bind(this)}>{i18next.t("general:Add")} </Button>
               {
                 this.renderUpload()
               }

web/src/WebhookEditPage.js

@@ -159,6 +159,17 @@ class WebhookEditPage extends React.Component {
     });
   }
 
+  getApiPaths() {
+    const objects = ["organization", "group", "user", "application", "provider", "resource", "cert", "role", "permission", "model", "adapter", "enforcer", "session", "record", "token", "product", "payment", "plan", "pricing", "subscription", "syncer", "webhook"];
+    const res = [];
+    objects.forEach(obj => {
+      ["add", "update", "delete"].forEach(action => {
+        res.push(`${action}-${obj}`);
+      });
+    });
+    return res;
+  }
+
   renderWebhook() {
     const preview = Setting.deepCopy(previewTemplate);
     if (this.state.webhook.isUserExtended) {
@@ -263,7 +274,7 @@ class WebhookEditPage extends React.Component {
               }} >
               {
                 (
-                  ["signup", "login", "logout", "add-user", "update-user", "delete-user", "add-organization", "update-organization", "delete-organization", "add-application", "update-application", "delete-application", "add-provider", "update-provider", "delete-provider", "update-subscription"].map((option, index) => {
+                  ["signup", "login", "logout"].concat(this.getApiPaths()).map((option, index) => {
                     return (
                       <Option key={option} value={option}>{option}</Option>
                     );

web/src/auth/SignupPage.js

@@ -179,10 +179,11 @@ class SignupPage extends React.Component {
     const params = new URLSearchParams(window.location.search);
     values.plan = params.get("plan");
     values.pricing = params.get("pricing");
-
     AuthBackend.signup(values)
       .then((res) => {
         if (res.status === "ok") {
+          // the user's id will be returned by `signup()`, if user signup by phone, the `username` in `values` is undefined.
+          values.username = res.data.split("/")[1];
           if (Setting.hasPromptPage(application) && (!values.plan || !values.pricing)) {
             AuthBackend.getAccount("")
               .then((res) => {

web/src/auth/Web3Auth.js

@@ -303,7 +303,7 @@ export function initWeb3Onboard(application, provider) {
     description: "Connect a wallet using Casdoor",
     recommendedInjectedWallets: [
       {name: "MetaMask", url: "https://metamask.io"},
-      {name: "Coinbase", url: "https://wallet.coinbase.com/"},
+      {name: "Coinbase", url: "https://www.coinbase.com/wallet"},
     ],
   };