Revert "feat: fix UI in IE11 (#1878)"

This reverts commit 44cd55e55f.

.github/workflows/build.yml

@@ -110,7 +110,7 @@ jobs:
         with:
           start: yarn start
           wait-on: 'http://localhost:7001'
-          wait-on-timeout: 210
+          wait-on-timeout: 180
           working-directory: ./web
 
       - uses: actions/upload-artifact@v3
@@ -127,7 +127,7 @@ jobs:
   release-and-push:
     name: Release And Push
     runs-on: ubuntu-latest
-    if: github.repository == 'casbin/casdoor' && github.event_name == 'push'
+    if: github.repository == 'casdoor/casdoor' && github.event_name == 'push'
     needs: [ frontend, backend, linter, e2e ]
     steps:
       - name: Checkout
@@ -184,27 +184,27 @@ jobs:
 
       - name: Log in to Docker Hub
         uses: docker/login-action@v1
-        if: github.repository == 'casbin/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
+        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
       - name: Push to Docker Hub
         uses: docker/build-push-action@v3
-        if: github.repository == 'casbin/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
+        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
         with:
           context: .
           target: STANDARD
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: casbin/casdoor:${{steps.get-current-tag.outputs.tag }},casbin/casdoor:latest
 
       - name: Push All In One Version to Docker Hub
         uses: docker/build-push-action@v3
-        if: github.repository == 'casbin/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
+        if: github.repository == 'casdoor/casdoor' && github.event_name == 'push' && steps.should_push.outputs.push=='true'
         with:
           context: .
           target: ALLINONE
-          platforms: linux/amd64
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: casbin/casdoor-all-in-one:${{steps.get-current-tag.outputs.tag }},casbin/casdoor-all-in-one:latest

.github/workflows/migrate.yml

@@ -0,0 +1,61 @@
+name: Migration Test
+
+on:
+  push:
+    paths:
+      - 'object/migrator**'
+  pull_request:
+    paths:
+      - 'object/migrator**'
+
+jobs:
+
+  db-migrator-test:
+    name: db-migrator-test
+    runs-on: ubuntu-latest
+    services:
+      mysql:
+        image: mysql:5.7
+        env:
+          MYSQL_DATABASE: casdoor
+          MYSQL_ROOT_PASSWORD: 123456
+        ports:
+          - 3306:3306
+        options: --health-cmd="mysqladmin ping" --health-interval=10s --health-timeout=5s --health-retries=3
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-go@v2
+        with:
+          go-version: '^1.16.5'
+      - uses: actions/setup-node@v2
+        with:
+          node-version: 16
+      - name: pull casdoor-master-latest
+        run: |
+          sudo apt update
+          sudo apt install git
+          sudo apt install net-tools
+          sudo mkdir tmp
+          cd tmp
+          sudo git clone https://github.com/casdoor/casdoor.git
+          cd ..
+        working-directory: ./
+      - name: run casdoor-master-latest
+        run: |
+          sudo nohup go run main.go &
+          sudo sleep 2m
+        working-directory: ./tmp/casdoor
+      - name: stop casdoor-master-latest
+        run: |
+          sudo kill -9 `sudo netstat -anltp | grep 8000 | awk '{print $7}' | cut -d / -f 1`
+        working-directory: ./
+      - name: run casdoor-current-version
+        run: |
+          sudo nohup go run ./main.go &
+          sudo sleep 2m
+        working-directory: ./
+      - name: test port-8000
+        run: |
+          if [[ `sudo netstat -anltp | grep 8000 | awk '{print $7}'` == "" ]];then echo 'db-migrator-test fail' && exit 1;fi;
+          echo 'db-migrator-test pass'
+        working-directory: ./

.github/workflows/sync.yml

@@ -7,7 +7,7 @@ on:
 jobs:
   synchronize-with-crowdin:
     runs-on: ubuntu-latest
-    if: github.repository == 'casbin/casdoor' && github.event_name == 'push'
+    if: github.repository == 'casdoor/casdoor' && github.event_name == 'push'
     steps:
 
     - name: Checkout

.gitignore

@@ -29,5 +29,4 @@ lastupdate.tmp
 commentsRouter*.go
 
 # ignore build result
-casdoor
-server
+casdoor

Dockerfile

@@ -1,6 +1,7 @@
 FROM node:16.18.0 AS FRONT
 WORKDIR /web
 COPY ./web .
+RUN yarn config set registry https://registry.npmmirror.com
 RUN yarn install --frozen-lockfile --network-timeout 1000000 && yarn run build
 
 
@@ -13,6 +14,9 @@ RUN go test -v -run TestGetVersionInfo ./util/system_test.go ./util/system.go >
 FROM alpine:latest AS STANDARD
 LABEL MAINTAINER="https://casdoor.org/"
 ARG USER=casdoor
+ARG TARGETOS
+ARG TARGETARCH
+ENV BUILDX_ARCH="${TARGETOS:-linux}_${TARGETARCH:-amd64}"
 
 RUN sed -i 's/https/http/' /etc/apk/repositories
 RUN apk add --update sudo
@@ -27,7 +31,7 @@ RUN adduser -D $USER -u 1000 \
 
 USER 1000
 WORKDIR /
-COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/server ./server
+COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/server_${BUILDX_ARCH} ./server
 COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/swagger ./swagger
 COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/conf/app.conf ./conf/app.conf
 COPY --from=BACK --chown=$USER:$USER /go/src/casdoor/version_info.txt ./go/src/casdoor/version_info.txt
@@ -46,17 +50,21 @@ RUN apt update \
 
 FROM db AS ALLINONE
 LABEL MAINTAINER="https://casdoor.org/"
+ARG TARGETOS
+ARG TARGETARCH
+ENV BUILDX_ARCH="${TARGETOS:-linux}_${TARGETARCH:-amd64}"
 
 RUN apt update
 RUN apt install -y ca-certificates && update-ca-certificates
 
 WORKDIR /
-COPY --from=BACK /go/src/casdoor/server ./server
+COPY --from=BACK /go/src/casdoor/server_${BUILDX_ARCH} ./server
 COPY --from=BACK /go/src/casdoor/swagger ./swagger
 COPY --from=BACK /go/src/casdoor/docker-entrypoint.sh /docker-entrypoint.sh
 COPY --from=BACK /go/src/casdoor/conf/app.conf ./conf/app.conf
 COPY --from=BACK /go/src/casdoor/version_info.txt ./go/src/casdoor/version_info.txt
 COPY --from=FRONT /web/build ./web/build
+RUN mkdir tempFiles
 
 ENTRYPOINT ["/bin/bash"]
 CMD ["/docker-entrypoint.sh"]

README.md

@@ -1,5 +1,5 @@
 <h1 align="center" style="border-bottom: none;">📦⚡️ Casdoor</h1>
-<h3 align="center">An open-source UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA and RADIUS</h3>
+<h3 align="center">A UI-first centralized authentication / Single-Sign-On (SSO) platform based on OAuth 2.0 / OIDC.</h3>
 <p align="center">
   <a href="#badge">
     <img alt="semantic-release" src="https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg">
@@ -11,7 +11,7 @@
     <img alt="GitHub Workflow Status (branch)" src="https://github.com/casdoor/casdoor/workflows/Build/badge.svg?style=flat-square">
   </a>
   <a href="https://github.com/casdoor/casdoor/releases/latest">
-    <img alt="GitHub Release" src="https://img.shields.io/github/v/release/casdoor/casdoor.svg">
+    <img alt="GitHub Release" src="https://img.shields.io/github/v/release/casbin/casdoor.svg">
   </a>
   <a href="https://hub.docker.com/repository/docker/casbin/casdoor">
     <img alt="Docker Image Version (latest semver)" src="https://img.shields.io/badge/Docker%20Hub-latest-brightgreen">
@@ -23,22 +23,22 @@
     <img alt="Go Report Card" src="https://goreportcard.com/badge/github.com/casdoor/casdoor?style=flat-square">
   </a>
   <a href="https://github.com/casdoor/casdoor/blob/master/LICENSE">
-    <img src="https://img.shields.io/github/license/casdoor/casdoor?style=flat-square" alt="license">
+    <img src="https://img.shields.io/github/license/casbin/casdoor?style=flat-square" alt="license">
   </a>
   <a href="https://github.com/casdoor/casdoor/issues">
-    <img alt="GitHub issues" src="https://img.shields.io/github/issues/casdoor/casdoor?style=flat-square">
+    <img alt="GitHub issues" src="https://img.shields.io/github/issues/casbin/casdoor?style=flat-square">
   </a>
   <a href="#">
-    <img alt="GitHub stars" src="https://img.shields.io/github/stars/casdoor/casdoor?style=flat-square">
+    <img alt="GitHub stars" src="https://img.shields.io/github/stars/casbin/casdoor?style=flat-square">
   </a>
   <a href="https://github.com/casdoor/casdoor/network">
-    <img alt="GitHub forks" src="https://img.shields.io/github/forks/casdoor/casdoor?style=flat-square">
+    <img alt="GitHub forks" src="https://img.shields.io/github/forks/casbin/casdoor?style=flat-square">
   </a>
   <a href="https://crowdin.com/project/casdoor-site">
     <img alt="Crowdin" src="https://badges.crowdin.net/casdoor-site/localized.svg">
   </a>
-  <a href="https://discord.gg/5rPsrAzK7S">
-    <img alt="Discord" src="https://img.shields.io/discord/1022748306096537660?style=flat-square&logo=discord&label=discord&color=5865F2">
+  <a href="https://gitter.im/casbin/casdoor">
+    <img alt="Gitter" src="https://badges.gitter.im/casbin/casdoor.svg">
   </a>
 </p>
 
@@ -71,7 +71,7 @@ https://casdoor.org/docs/category/integrations
 
 ## How to contact?
 
-- Discord: https://discord.gg/5rPsrAzK7S
+- Gitter: https://gitter.im/casbin/casdoor
 - Forum: https://forum.casbin.com
 - Contact: https://tawk.to/chat/623352fea34c2456412b8c51/1fuc7od6e
 

ai/ai.go

@@ -0,0 +1,141 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package ai
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/sashabaranov/go-openai"
+)
+
+func queryAnswer(authToken string, question string, timeout int) (string, error) {
+	// fmt.Printf("Question: %s\n", question)
+
+	client := getProxyClientFromToken(authToken)
+
+	ctx, cancel := context.WithTimeout(context.Background(), time.Duration(2+timeout*2)*time.Second)
+	defer cancel()
+
+	resp, err := client.CreateChatCompletion(
+		ctx,
+		openai.ChatCompletionRequest{
+			Model: openai.GPT3Dot5Turbo,
+			Messages: []openai.ChatCompletionMessage{
+				{
+					Role:    openai.ChatMessageRoleUser,
+					Content: question,
+				},
+			},
+		},
+	)
+	if err != nil {
+		return "", err
+	}
+
+	res := resp.Choices[0].Message.Content
+	res = strings.Trim(res, "\n")
+	// fmt.Printf("Answer: %s\n\n", res)
+	return res, nil
+}
+
+func QueryAnswerSafe(authToken string, question string) string {
+	var res string
+	var err error
+	for i := 0; i < 10; i++ {
+		res, err = queryAnswer(authToken, question, i)
+		if err != nil {
+			if i > 0 {
+				fmt.Printf("\tFailed (%d): %s\n", i+1, err.Error())
+			}
+		} else {
+			break
+		}
+	}
+	if err != nil {
+		panic(err)
+	}
+
+	return res
+}
+
+func QueryAnswerStream(authToken string, question string, writer io.Writer, builder *strings.Builder) error {
+	client := getProxyClientFromToken(authToken)
+
+	ctx := context.Background()
+	flusher, ok := writer.(http.Flusher)
+	if !ok {
+		return fmt.Errorf("writer does not implement http.Flusher")
+	}
+	// https://platform.openai.com/tokenizer
+	// https://github.com/pkoukk/tiktoken-go#available-encodings
+	promptTokens, err := getTokenSize(openai.GPT3TextDavinci003, question)
+	if err != nil {
+		return err
+	}
+
+	// https://platform.openai.com/docs/models/gpt-3-5
+	maxTokens := 4097 - promptTokens
+
+	respStream, err := client.CreateCompletionStream(
+		ctx,
+		openai.CompletionRequest{
+			Model:     openai.GPT3TextDavinci003,
+			Prompt:    question,
+			MaxTokens: maxTokens,
+			Stream:    true,
+		},
+	)
+	if err != nil {
+		return err
+	}
+	defer respStream.Close()
+
+	isLeadingReturn := true
+	for {
+		completion, streamErr := respStream.Recv()
+		if streamErr != nil {
+			if streamErr == io.EOF {
+				break
+			}
+			return streamErr
+		}
+
+		data := completion.Choices[0].Text
+		if isLeadingReturn && len(data) != 0 {
+			if strings.Count(data, "\n") == len(data) {
+				continue
+			} else {
+				isLeadingReturn = false
+			}
+		}
+
+		fmt.Printf("%s", data)
+
+		// Write the streamed data as Server-Sent Events
+		if _, err = fmt.Fprintf(writer, "data: %s\n\n", data); err != nil {
+			return err
+		}
+		flusher.Flush()
+		// Append the response to the strings.Builder
+		builder.WriteString(data)
+	}
+
+	return nil
+}

ai/ai_test.go

@@ -12,21 +12,31 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package notification
+//go:build !skipCi
+// +build !skipCi
+
+package ai
 
 import (
+	"testing"
+
+	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/proxy"
-	"github.com/casdoor/notify"
-	"github.com/casdoor/notify/service/line"
+	"github.com/sashabaranov/go-openai"
 )
 
-func NewLineProvider(channelSecret string, accessToken string, receiver string) (*notify.Notify, error) {
-	lineSrv, _ := line.NewWithHttpClient(channelSecret, accessToken, proxy.ProxyHttpClient)
+func TestRun(t *testing.T) {
+	object.InitConfig()
+	proxy.InitHttpClient()
 
-	lineSrv.AddReceivers(receiver)
+	text, err := queryAnswer("", "hi", 5)
+	if err != nil {
+		panic(err)
+	}
 
-	notifier := notify.New()
-	notifier.UseServices(lineSrv)
-
-	return notifier, nil
+	println(text)
+}
+
+func TestToken(t *testing.T) {
+	println(getTokenSize(openai.GPT3TextDavinci003, ""))
 }

ai/proxy.go

@@ -12,18 +12,17 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package notification
+package ai
 
 import (
-	"github.com/casdoor/notify"
-	"github.com/casdoor/notify/service/bark"
+	"github.com/casdoor/casdoor/proxy"
+	"github.com/sashabaranov/go-openai"
 )
 
-func NewBarkProvider(deviceKey string) (notify.Notifier, error) {
-	barkSrv := bark.New(deviceKey)
+func getProxyClientFromToken(authToken string) *openai.Client {
+	config := openai.DefaultConfig(authToken)
+	config.HTTPClient = proxy.ProxyHttpClient
 
-	notifier := notify.New()
-	notifier.UseServices(barkSrv)
-
-	return notifier, nil
+	c := openai.NewClientWithConfig(config)
+	return c
 }

ai/util.go

@@ -12,18 +12,17 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-//go:build !skipCi
-// +build !skipCi
+package ai
 
-package object
+import "github.com/pkoukk/tiktoken-go"
 
-import "testing"
-
-func TestDumpToFile(t *testing.T) {
-	InitConfig()
-
-	err := DumpToFile("./init_data_dump.json")
+func getTokenSize(model string, prompt string) (int, error) {
+	tkm, err := tiktoken.EncodingForModel(model)
 	if err != nil {
-		panic(err)
+		return 0, err
 	}
+
+	token := tkm.Encode(prompt, nil, nil)
+	res := len(token)
+	return res, nil
 }

authz/authz.go

@@ -18,21 +18,60 @@ import (
 	"strings"
 
 	"github.com/casbin/casbin/v2"
+	"github.com/casbin/casbin/v2/model"
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
+	xormadapter "github.com/casdoor/xorm-adapter/v3"
 	stringadapter "github.com/qiangmzsx/string-adapter/v2"
 )
 
 var Enforcer *casbin.Enforcer
 
-func InitApi() {
-	e, err := object.GetInitializedEnforcer(util.GetId("built-in", "api-enforcer-built-in"))
+func InitAuthz() {
+	var err error
+
+	tableNamePrefix := conf.GetConfigString("tableNamePrefix")
+	driverName := conf.GetConfigString("driverName")
+	dataSourceName := conf.GetConfigRealDataSourceName(driverName)
+	a, err := xormadapter.NewAdapterWithTableName(driverName, dataSourceName, "casbin_rule", tableNamePrefix, true)
+	if err != nil {
+		panic(err)
+	}
+
+	modelText := `
+[request_definition]
+r = subOwner, subName, method, urlPath, objOwner, objName
+
+[policy_definition]
+p = subOwner, subName, method, urlPath, objOwner, objName
+
+[role_definition]
+g = _, _
+
+[policy_effect]
+e = some(where (p.eft == allow))
+
+[matchers]
+m = (r.subOwner == p.subOwner || p.subOwner == "*") && \
+    (r.subName == p.subName || p.subName == "*" || r.subName != "anonymous" && p.subName == "!anonymous") && \
+    (r.method == p.method || p.method == "*") && \
+    (r.urlPath == p.urlPath || p.urlPath == "*") && \
+    (r.objOwner == p.objOwner || p.objOwner == "*") && \
+    (r.objName == p.objName || p.objName == "*") || \
+    (r.subOwner == r.objOwner && r.subName == r.objName)
+`
+
+	m, err := model.NewModelFromString(modelText)
+	if err != nil {
+		panic(err)
+	}
+
+	Enforcer, err = casbin.NewEnforcer(m, a)
 	if err != nil {
 		panic(err)
 	}
 
-	Enforcer = e.Enforcer
 	Enforcer.ClearPolicy()
 
 	// if len(Enforcer.GetPolicy()) == 0 {
@@ -46,7 +85,6 @@ p, *, *, POST, /api/login, *, *
 p, *, *, GET, /api/get-app-login, *, *
 p, *, *, POST, /api/logout, *, *
 p, *, *, GET, /api/logout, *, *
-p, *, *, POST, /api/callback, *, *
 p, *, *, GET, /api/get-account, *, *
 p, *, *, GET, /api/userinfo, *, *
 p, *, *, GET, /api/user, *, *
@@ -81,22 +119,19 @@ p, *, *, GET, /api/get-saml-login, *, *
 p, *, *, POST, /api/acs, *, *
 p, *, *, GET, /api/saml/metadata, *, *
 p, *, *, *, /cas, *, *
-p, *, *, *, /scim, *, *
 p, *, *, *, /api/webauthn, *, *
 p, *, *, GET, /api/get-release, *, *
 p, *, *, GET, /api/get-default-application, *, *
 p, *, *, GET, /api/get-prometheus-info, *, *
 p, *, *, *, /api/metrics, *, *
+p, *, *, GET, /api/get-subscriptions, *, *
 p, *, *, GET, /api/get-pricing, *, *
 p, *, *, GET, /api/get-plan, *, *
-p, *, *, GET, /api/get-subscription, *, *
-p, *, *, GET, /api/get-provider, *, *
-p, *, *, GET, /api/get-organization-names, *, *
 `
 
 		sa := stringadapter.NewAdapter(ruleText)
 		// load all rules from string adapter to enforcer's memory
-		err = sa.LoadPolicy(Enforcer.GetModel())
+		err := sa.LoadPolicy(Enforcer.GetModel())
 		if err != nil {
 			panic(err)
 		}
@@ -118,25 +153,11 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o
 		}
 	}
 
-	user, err := object.GetUser(util.GetId(subOwner, subName))
-	if err != nil {
-		panic(err)
-	}
-
-	if subOwner == "app" {
+	user := object.GetUser(util.GetId(subOwner, subName))
+	if user != nil && user.IsAdmin && (subOwner == objOwner || (objOwner == "admin")) {
 		return true
 	}
 
-	if user != nil {
-		if user.IsDeleted {
-			return false
-		}
-
-		if user.IsAdmin && (subOwner == objOwner || (objOwner == "admin")) {
-			return true
-		}
-	}
-
 	res, err := Enforcer.Enforce(subOwner, subName, method, urlPath, objOwner, objName)
 	if err != nil {
 		panic(err)
@@ -147,11 +168,11 @@ func IsAllowed(subOwner string, subName string, method string, urlPath string, o
 
 func isAllowedInDemoMode(subOwner string, subName string, method string, urlPath string, objOwner string, objName string) bool {
 	if method == "POST" {
-		if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/callback" || urlPath == "/api/send-verification-code" || urlPath == "/api/send-email" || urlPath == "/api/verify-captcha" {
+		if strings.HasPrefix(urlPath, "/api/login") || urlPath == "/api/logout" || urlPath == "/api/signup" || urlPath == "/api/send-verification-code" || urlPath == "/api/send-email" || urlPath == "/api/verify-captcha" {
 			return true
 		} else if urlPath == "/api/update-user" {
 			// Allow ordinary users to update their own information
-			if (subOwner == objOwner && subName == objName || subOwner == "app") && !(subOwner == "built-in" && subName == "admin") {
+			if subOwner == objOwner && subName == objName && !(subOwner == "built-in" && subName == "admin") {
 				return true
 			}
 			return false

build.sh

@@ -8,4 +8,5 @@ else
     echo "Google is blocked, Go proxy is enabled: GOPROXY=https://goproxy.cn,direct"
     export GOPROXY="https://goproxy.cn,direct"
 fi
-CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o server .
+CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-w -s" -o server_linux_amd64 .
+CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags="-w -s" -o server_linux_arm64 .

conf/app.conf

@@ -8,23 +8,16 @@ dbName = casdoor
 tableNamePrefix =
 showSql = false
 redisEndpoint =
-defaultStorageProvider =
+defaultStorageProvider = 
 isCloudIntranet = false
 authState = "casdoor"
 socks5Proxy = "127.0.0.1:10808"
 verificationCodeTimeout = 10
-initScore = 0
+initScore = 2000
 logPostOnly = true
 origin =
-originFrontend =
 staticBaseUrl = "https://cdn.casbin.org"
 isDemoMode = false
 batchSize = 100
-enableGzip = true
 ldapServerPort = 389
-radiusServerPort = 1812
-radiusSecret = "secret"
 quota = {"organization": -1, "user": -1, "application": -1, "provider": -1}
-logConfig = {"filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}
-initDataFile = "./init_data.json"
-frontendBaseDir = "../casdoor"

conf/conf.go

@@ -15,6 +15,7 @@
 package conf
 
 import (
+	"encoding/json"
 	"fmt"
 	"os"
 	"runtime"
@@ -24,6 +25,15 @@ import (
 	"github.com/beego/beego"
 )
 
+type Quota struct {
+	Organization int `json:"organization"`
+	User         int `json:"user"`
+	Application  int `json:"application"`
+	Provider     int `json:"provider"`
+}
+
+var quota = &Quota{-1, -1, -1, -1}
+
 func init() {
 	// this array contains the beego configuration items that may be modified via env
 	presetConfigItems := []string{"httpport", "appname"}
@@ -35,6 +45,17 @@ func init() {
 			}
 		}
 	}
+	initQuota()
+}
+
+func initQuota() {
+	res := beego.AppConfig.String("quota")
+	if res != "" {
+		err := json.Unmarshal([]byte(res), quota)
+		if err != nil {
+			panic(err)
+		}
+	}
 }
 
 func GetConfigString(key string) string {
@@ -46,21 +67,20 @@ func GetConfigString(key string) string {
 	if res == "" {
 		if key == "staticBaseUrl" {
 			res = "https://cdn.casbin.org"
-		} else if key == "logConfig" {
-			res = fmt.Sprintf("{\"filename\": \"logs/%s.log\", \"maxdays\":99999, \"perm\":\"0770\"}", beego.AppConfig.String("appname"))
 		}
 	}
 
 	return res
 }
 
-func GetConfigBool(key string) bool {
+func GetConfigBool(key string) (bool, error) {
 	value := GetConfigString(key)
 	if value == "true" {
-		return true
-	} else {
-		return false
+		return true, nil
+	} else if value == "false" {
+		return false, nil
 	}
+	return false, fmt.Errorf("value %s cannot be converted into bool", value)
 }
 
 func GetConfigInt64(key string) (int64, error) {
@@ -90,10 +110,10 @@ func GetLanguage(language string) string {
 		return "en"
 	}
 
-	if len(language) != 2 || language == "nu" {
+	if len(language) < 2 {
 		return "en"
 	} else {
-		return language
+		return language[0:2]
 	}
 }
 
@@ -109,6 +129,10 @@ func GetConfigBatchSize() int {
 	return res
 }
 
+func GetConfigQuota() *Quota {
+	return quota
+}
+
 func GetConfigRealDataSourceName(driverName string) string {
 	var dataSourceName string
 	if driverName != "mysql" {

conf/conf_quota.go

@@ -1,48 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package conf
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego"
-)
-
-type Quota struct {
-	Organization int `json:"organization"`
-	User         int `json:"user"`
-	Application  int `json:"application"`
-	Provider     int `json:"provider"`
-}
-
-var quota = &Quota{-1, -1, -1, -1}
-
-func init() {
-	initQuota()
-}
-
-func initQuota() {
-	res := beego.AppConfig.String("quota")
-	if res != "" {
-		err := json.Unmarshal([]byte(res), quota)
-		if err != nil {
-			panic(err)
-		}
-	}
-}
-
-func GetConfigQuota() *Quota {
-	return quota
-}

conf/conf_test.go

@@ -87,7 +87,7 @@ func TestGetConfBool(t *testing.T) {
 	assert.Nil(t, err)
 	for _, scenery := range scenarios {
 		t.Run(scenery.description, func(t *testing.T) {
-			actual := GetConfigBool(scenery.input)
+			actual, err := GetConfigBool(scenery.input)
 			assert.Nil(t, err)
 			assert.Equal(t, scenery.expected, actual)
 		})
@@ -109,19 +109,3 @@ func TestGetConfigQuota(t *testing.T) {
 		assert.Equal(t, scenery.expected, quota)
 	}
 }
-
-func TestGetConfigLogs(t *testing.T) {
-	scenarios := []struct {
-		description string
-		expected    string
-	}{
-		{"Default log config", `{"filename": "logs/casdoor.log", "maxdays":99999, "perm":"0770"}`},
-	}
-
-	err := beego.LoadAppConfig("ini", "app.conf")
-	assert.Nil(t, err)
-	for _, scenery := range scenarios {
-		quota := GetConfigString("logConfig")
-		assert.Equal(t, scenery.expected, quota)
-	}
-}

controllers/account.go

@@ -18,6 +18,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
+	"strconv"
 	"strings"
 
 	"github.com/casdoor/casdoor/form"
@@ -77,23 +78,13 @@ func (c *ApiController) Signup() {
 		return
 	}
 
-	application, err := object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	application := object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
 	if !application.EnableSignUp {
 		c.ResponseError(c.T("account:The application does not allow to sign up new account"))
 		return
 	}
 
-	organization, err := object.GetOrganization(util.GetId("admin", authForm.Organization))
-	if err != nil {
-		c.ResponseError(c.T(err.Error()))
-		return
-	}
-
+	organization := object.GetOrganization(util.GetId("admin", authForm.Organization))
 	msg := object.CheckUserSignup(application, organization, &authForm, c.GetAcceptLanguage())
 	if msg != "" {
 		c.ResponseError(msg)
@@ -118,10 +109,16 @@ func (c *ApiController) Signup() {
 		}
 	}
 
-	id, err := object.GenerateIdForNewUser(application)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
+	id := util.GenerateId()
+	if application.GetSignupItemRule("ID") == "Incremental" {
+		lastUser := object.GetLastUser(authForm.Organization)
+
+		lastIdInt := -1
+		if lastUser != nil {
+			lastIdInt = util.ParseInt(lastUser.Id)
+		}
+
+		id = strconv.Itoa(lastIdInt + 1)
 	}
 
 	username := authForm.Username
@@ -135,22 +132,12 @@ func (c *ApiController) Signup() {
 		return
 	}
 
-	userType := "normal-user"
-	if authForm.Plan != "" && authForm.Pricing != "" {
-		err = object.CheckPricingAndPlan(authForm.Organization, authForm.Pricing, authForm.Plan)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		userType = "paid-user"
-	}
-
 	user := &object.User{
 		Owner:             authForm.Organization,
 		Name:              username,
 		CreatedTime:       util.GetCurrentTime(),
 		Id:                id,
-		Type:              userType,
+		Type:              "normal-user",
 		Password:          authForm.Password,
 		DisplayName:       authForm.Name,
 		Avatar:            organization.DefaultAvatar,
@@ -163,6 +150,7 @@ func (c *ApiController) Signup() {
 		Region:            authForm.Region,
 		Score:             initScore,
 		IsAdmin:           false,
+		IsGlobalAdmin:     false,
 		IsForbidden:       false,
 		IsDeleted:         false,
 		SignupApplication: application.Name,
@@ -185,38 +173,25 @@ func (c *ApiController) Signup() {
 		}
 	}
 
-	affected, err := object.AddUser(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	affected := object.AddUser(user)
 	if !affected {
 		c.ResponseError(c.T("account:Failed to add user"), util.StructToJson(user))
 		return
 	}
 
-	err = object.AddUserToOriginalDatabase(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.AddUserToOriginalDatabase(user)
 
-	if application.HasPromptPage() && user.Type == "normal-user" {
+	if application.HasPromptPage() {
 		// The prompt page needs the user to be signed in
 		c.SetSessionUsername(user.GetId())
 	}
 
-	err = object.DisableVerificationCode(authForm.Email)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.DisableVerificationCode(authForm.Email)
+	object.DisableVerificationCode(checkPhone)
 
-	err = object.DisableVerificationCode(checkPhone)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
+	isSignupFromPricing := authForm.Plan != "" && authForm.Pricing != ""
+	if isSignupFromPricing {
+		object.Subscribe(organization.Name, user.Name, authForm.Plan, authForm.Pricing)
 	}
 
 	record := object.NewRecord(c.Ctx)
@@ -256,11 +231,7 @@ func (c *ApiController) Logout() {
 
 		c.ClearUserSession()
 		owner, username := util.GetOwnerAndNameFromId(user)
-		_, err := object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
 
 		util.LogInfo(c.Ctx, "API: [%s] logged out", user)
 
@@ -272,64 +243,42 @@ func (c *ApiController) Logout() {
 		c.ResponseOk(user, application.HomepageUrl)
 		return
 	} else {
-		// "post_logout_redirect_uri" has been made optional, see: https://github.com/casdoor/casdoor/issues/2151
-		// if redirectUri == "" {
-		// 	c.ResponseError(c.T("general:Missing parameter") + ": post_logout_redirect_uri")
-		// 	return
-		// }
+		if redirectUri == "" {
+			c.ResponseError(c.T("general:Missing parameter") + ": post_logout_redirect_uri")
+			return
+		}
 		if accessToken == "" {
 			c.ResponseError(c.T("general:Missing parameter") + ": id_token_hint")
 			return
 		}
 
-		_, application, token, err := object.ExpireTokenByAccessToken(accessToken)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if token == nil {
+		affected, application, token := object.ExpireTokenByAccessToken(accessToken)
+		if !affected {
 			c.ResponseError(c.T("token:Token not found, invalid accessToken"))
 			return
 		}
+
 		if application == nil {
 			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist")), token.Application)
 			return
 		}
 
-		if user == "" {
-			user = util.GetId(token.Organization, token.User)
-		}
-
-		c.ClearUserSession()
-		// TODO https://github.com/casdoor/casdoor/pull/1494#discussion_r1095675265
-		owner, username := util.GetOwnerAndNameFromId(user)
-
-		_, err = object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		util.LogInfo(c.Ctx, "API: [%s] logged out", user)
-
-		if redirectUri == "" {
-			c.ResponseOk()
-			return
-		} else {
-			if application.IsRedirectUriValid(redirectUri) {
-				redirectUrl := redirectUri
-				if state != "" {
-					if strings.Contains(redirectUri, "?") {
-						redirectUrl = fmt.Sprintf("%s&state=%s", strings.TrimSuffix(redirectUri, "/"), state)
-					} else {
-						redirectUrl = fmt.Sprintf("%s?state=%s", strings.TrimSuffix(redirectUri, "/"), state)
-					}
-				}
-				c.Ctx.Redirect(http.StatusFound, redirectUrl)
-			} else {
-				c.ResponseError(fmt.Sprintf(c.T("token:Redirect URI: %s doesn't exist in the allowed Redirect URI list"), redirectUri))
-				return
+		if application.IsRedirectUriValid(redirectUri) {
+			if user == "" {
+				user = util.GetId(token.Organization, token.User)
 			}
+
+			c.ClearUserSession()
+			// TODO https://github.com/casdoor/casdoor/pull/1494#discussion_r1095675265
+			owner, username := util.GetOwnerAndNameFromId(user)
+
+			object.DeleteSessionId(util.GetSessionId(owner, username, object.CasdoorApplication), c.Ctx.Input.CruSession.SessionID())
+			util.LogInfo(c.Ctx, "API: [%s] logged out", user)
+
+			c.Ctx.Redirect(http.StatusFound, fmt.Sprintf("%s?state=%s", strings.TrimRight(redirectUri, "/"), state))
+		} else {
+			c.ResponseError(fmt.Sprintf(c.T("token:Redirect URI: %s doesn't exist in the allowed Redirect URI list"), redirectUri))
+			return
 		}
 	}
 }
@@ -341,7 +290,6 @@ func (c *ApiController) Logout() {
 // @Success 200 {object} controllers.Response The Response object
 // @router /get-account [get]
 func (c *ApiController) GetAccount() {
-	var err error
 	user, ok := c.RequireSignedInUser()
 	if !ok {
 		return
@@ -349,43 +297,20 @@ func (c *ApiController) GetAccount() {
 
 	managedAccounts := c.Input().Get("managedAccounts")
 	if managedAccounts == "1" {
-		user, err = object.ExtendManagedAccountsWithUser(user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		user = object.ExtendManagedAccountsWithUser(user)
 	}
 
-	err = object.ExtendUserWithRolesAndPermissions(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.ExtendUserWithRolesAndPermissions(user)
 
-	if user != nil {
-		user.Permissions = object.GetMaskedPermissions(user.Permissions)
-		user.Roles = object.GetMaskedRoles(user.Roles)
-		user.MultiFactorAuths = object.GetAllMfaProps(user, true)
-	}
-
-	organization, err := object.GetMaskedOrganization(object.GetOrganizationByUser(user))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	isAdminOrSelf := c.IsAdminOrSelf(user)
-	u, err := object.GetMaskedUser(user, isAdminOrSelf)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	user.Permissions = object.GetMaskedPermissions(user.Permissions)
+	user.Roles = object.GetMaskedRoles(user.Roles)
 
+	organization := object.GetMaskedOrganization(object.GetOrganizationByUser(user))
 	resp := Response{
 		Status: "ok",
 		Sub:    user.Id,
 		Name:   user.Name,
-		Data:   u,
+		Data:   object.GetMaskedUser(user),
 		Data2:  organization,
 	}
 	c.Data["json"] = resp
@@ -466,12 +391,7 @@ func (c *ApiController) GetCaptcha() {
 
 	if captchaProvider != nil {
 		if captchaProvider.Type == "Default" {
-			id, img, err := object.GetCaptcha()
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
+			id, img := object.GetCaptcha()
 			c.ResponseOk(Captcha{Type: captchaProvider.Type, CaptchaId: id, CaptchaImage: img})
 			return
 		} else if captchaProvider.Type != "" {

controllers/adapter.go

@@ -1,145 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetAdapters
-// @Title GetAdapters
-// @Tag Adapter API
-// @Description get adapters
-// @Param   owner     query    string  true        "The owner of adapters"
-// @Success 200 {array} object.Adapter The Response object
-// @router /get-adapters [get]
-func (c *ApiController) GetAdapters() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-
-	if limit == "" || page == "" {
-		adapters, err := object.GetAdapters(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(adapters)
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetAdapterCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		adapters, err := object.GetPaginationAdapters(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(adapters, paginator.Nums())
-	}
-}
-
-// GetAdapter
-// @Title GetAdapter
-// @Tag Adapter API
-// @Description get adapter
-// @Param   id     query    string  true        "The id ( owner/name ) of the adapter"
-// @Success 200 {object} object.Adapter The Response object
-// @router /get-adapter [get]
-func (c *ApiController) GetAdapter() {
-	id := c.Input().Get("id")
-
-	adapter, err := object.GetAdapter(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(adapter)
-}
-
-// UpdateAdapter
-// @Title UpdateAdapter
-// @Tag Adapter API
-// @Description update adapter
-// @Param   id     query    string  true        "The id ( owner/name ) of the adapter"
-// @Param   body    body   object.Adapter  true        "The details of the adapter"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-adapter [post]
-func (c *ApiController) UpdateAdapter() {
-	id := c.Input().Get("id")
-
-	var adapter object.Adapter
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateAdapter(id, &adapter))
-	c.ServeJSON()
-}
-
-// AddAdapter
-// @Title AddAdapter
-// @Tag Adapter API
-// @Description add adapter
-// @Param   body    body   object.Adapter  true        "The details of the adapter"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-adapter [post]
-func (c *ApiController) AddAdapter() {
-	var adapter object.Adapter
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddAdapter(&adapter))
-	c.ServeJSON()
-}
-
-// DeleteAdapter
-// @Title DeleteAdapter
-// @Tag Adapter API
-// @Description delete adapter
-// @Param   body    body   object.Adapter  true        "The details of the adapter"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-adapter [post]
-func (c *ApiController) DeleteAdapter() {
-	var adapter object.Adapter
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &adapter)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteAdapter(&adapter))
-	c.ServeJSON()
-}

controllers/application.go

@@ -40,35 +40,21 @@ func (c *ApiController) GetApplications() {
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	organization := c.Input().Get("organization")
-	var err error
+
 	if limit == "" || page == "" {
 		var applications []*object.Application
 		if organization == "" {
-			applications, err = object.GetApplications(owner)
+			applications = object.GetApplications(owner)
 		} else {
-			applications, err = object.GetOrganizationApplications(owner, organization)
+			applications = object.GetOrganizationApplications(owner, organization)
 		}
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		c.ResponseOk(object.GetMaskedApplications(applications, userId))
+
+		c.Data["json"] = object.GetMaskedApplications(applications, userId)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetApplicationCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		application, err := object.GetPaginationApplications(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		applications := object.GetMaskedApplications(application, userId)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetApplicationCount(owner, field, value)))
+		applications := object.GetMaskedApplications(object.GetPaginationApplications(owner, paginator.Offset(), limit, field, value, sortField, sortOrder), userId)
 		c.ResponseOk(applications, paginator.Nums())
 	}
 }
@@ -84,33 +70,8 @@ func (c *ApiController) GetApplication() {
 	userId := c.GetSessionUsername()
 	id := c.Input().Get("id")
 
-	application, err := object.GetApplication(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if c.Input().Get("withKey") != "" && application != nil && application.Cert != "" {
-		cert, err := object.GetCert(util.GetId(application.Owner, application.Cert))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if cert == nil {
-			cert, err = object.GetCert(util.GetId(application.Organization, application.Cert))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-		}
-
-		if cert != nil {
-			application.CertPublicKey = cert.Certificate
-		}
-	}
-
-	c.ResponseOk(object.GetMaskedApplication(application, userId))
+	c.Data["json"] = object.GetMaskedApplication(object.GetApplication(id), userId)
+	c.ServeJSON()
 }
 
 // GetUserApplication
@@ -123,24 +84,14 @@ func (c *ApiController) GetApplication() {
 func (c *ApiController) GetUserApplication() {
 	userId := c.GetSessionUsername()
 	id := c.Input().Get("id")
-
-	user, err := object.GetUser(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	user := object.GetUser(id)
 	if user == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), id))
 		return
 	}
 
-	application, err := object.GetApplicationByUser(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(object.GetMaskedApplication(application, userId))
+	c.Data["json"] = object.GetMaskedApplication(object.GetApplicationByUser(user), userId)
+	c.ServeJSON()
 }
 
 // GetOrganizationApplications
@@ -167,36 +118,14 @@ func (c *ApiController) GetOrganizationApplications() {
 	}
 
 	if limit == "" || page == "" {
-		applications, err := object.GetOrganizationApplications(owner, organization)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		applications, err = object.GetAllowedApplications(applications, userId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(object.GetMaskedApplications(applications, userId))
+		var applications []*object.Application
+		applications = object.GetOrganizationApplications(owner, organization)
+		c.Data["json"] = object.GetMaskedApplications(applications, userId)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-
-		count, err := object.GetOrganizationApplicationCount(owner, organization, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		application, err := object.GetPaginationOrganizationApplications(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		applications := object.GetMaskedApplications(application, userId)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetOrganizationApplicationCount(owner, organization, field, value)))
+		applications := object.GetMaskedApplications(object.GetPaginationOrganizationApplications(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder), userId)
 		c.ResponseOk(applications, paginator.Nums())
 	}
 }
@@ -238,13 +167,8 @@ func (c *ApiController) AddApplication() {
 		return
 	}
 
-	count, err := object.GetApplicationCount("", "", "")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if err := checkQuotaForApplication(int(count)); err != nil {
+	count := object.GetApplicationCount("", "", "")
+	if err := checkQuotaForApplication(count); err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

controllers/auth.go

@@ -20,7 +20,6 @@ import (
 	"encoding/xml"
 	"fmt"
 	"io/ioutil"
-	"net/http"
 	"net/url"
 	"strconv"
 	"strings"
@@ -34,7 +33,6 @@ import (
 	"github.com/casdoor/casdoor/proxy"
 	"github.com/casdoor/casdoor/util"
 	"github.com/google/uuid"
-	"golang.org/x/oauth2"
 )
 
 var (
@@ -61,7 +59,7 @@ func tokenToResponse(token *object.Token) *Response {
 func (c *ApiController) HandleLoggedIn(application *object.Application, user *object.User, form *form.AuthForm) (resp *Response) {
 	userId := user.GetId()
 
-	allowed, err := object.CheckLoginPermission(userId, application)
+	allowed, err := object.CheckAccessPermission(userId, application)
 	if err != nil {
 		c.ResponseError(err.Error(), nil)
 		return
@@ -71,53 +69,10 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 		return
 	}
 
-	// check user's tag
-	if !user.IsGlobalAdmin() && !user.IsAdmin && len(application.Tags) > 0 {
-		// only users with the tag that is listed in the application tags can login
-		if !util.InSlice(application.Tags, user.Tag) {
-			c.ResponseError(fmt.Sprintf(c.T("auth:User's tag: %s is not listed in the application's tags"), user.Tag))
-			return
-		}
-	}
-
-	// check whether paid-user have active subscription
-	if user.Type == "paid-user" {
-		subscriptions, err := object.GetSubscriptionsByUser(user.Owner, user.Name)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		existActiveSubscription := false
-		for _, subscription := range subscriptions {
-			if subscription.State == object.SubStateActive {
-				existActiveSubscription = true
-				break
-			}
-		}
-		if !existActiveSubscription {
-			// check pending subscription
-			for _, sub := range subscriptions {
-				if sub.State == object.SubStatePending {
-					c.ResponseOk("BuyPlanResult", sub)
-					return
-				}
-			}
-			// paid-user does not have active or pending subscription, find the default pricing of application
-			pricing, err := object.GetApplicationDefaultPricing(application.Organization, application.Name)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-			if pricing == nil {
-				c.ResponseError(fmt.Sprintf(c.T("auth:paid-user %s does not have active or pending subscription and the application: %s does not have default pricing"), user.Name, application.Name))
-				return
-			} else {
-				// let the paid-user select plan
-				c.ResponseOk("SelectPlan", pricing)
-				return
-			}
-
-		}
+	if form.Password != "" && user.IsMfaEnabled() {
+		c.setMfaSessionData(&object.MfaSessionData{UserId: userId})
+		resp = &Response{Status: object.NextMfa, Data: user.GetPreferMfa(true)}
+		return
 	}
 
 	if form.Type == ResponseTypeLogin {
@@ -138,12 +93,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 			c.ResponseError(c.T("auth:Challenge method should be S256"))
 			return
 		}
-		code, err := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce, codeChallenge, c.Ctx.Request.Host, c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(err.Error(), nil)
-			return
-		}
-
+		code := object.GetOAuthCode(userId, clientId, responseType, redirectUri, scope, state, nonce, codeChallenge, c.Ctx.Request.Host, c.GetAcceptLanguage())
 		resp = codeToResponse(code)
 
 		if application.EnableSigninSession || application.HasPromptPage() {
@@ -155,8 +105,7 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 			resp = &Response{Status: "error", Msg: fmt.Sprintf("error: grant_type: %s is not supported in this application", form.Type), Data: ""}
 		} else {
 			scope := c.Input().Get("scope")
-			nonce := c.Input().Get("nonce")
-			token, _ := object.GetTokenByUser(application, user, scope, nonce, c.Ctx.Request.Host)
+			token, _ := object.GetTokenByUser(application, user, scope, c.Ctx.Request.Host)
 			resp = tokenToResponse(token)
 		}
 	} else if form.Type == ResponseTypeSaml { // saml flow
@@ -166,11 +115,6 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 			return
 		}
 		resp = &Response{Status: "ok", Msg: "", Data: res, Data2: map[string]string{"redirectUrl": redirectUrl, "method": method}}
-
-		if application.EnableSigninSession || application.HasPromptPage() {
-			// The prompt page needs the user to be signed in
-			c.SetSessionUsername(userId)
-		}
 	} else if form.Type == ResponseTypeCas {
 		// not oauth but CAS SSO protocol
 		service := c.Input().Get("service")
@@ -183,11 +127,11 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 				resp.Data = st
 			}
 		}
-
 		if application.EnableSigninSession || application.HasPromptPage() {
 			// The prompt page needs the user to be signed in
 			c.SetSessionUsername(userId)
 		}
+
 	} else {
 		resp = wrapErrorResponse(fmt.Errorf("unknown response type: %s", form.Type))
 	}
@@ -198,16 +142,12 @@ func (c *ApiController) HandleLoggedIn(application *object.Application, user *ob
 	}
 
 	if resp.Status == "ok" {
-		_, err = object.AddSession(&object.Session{
+		object.AddSession(&object.Session{
 			Owner:       user.Owner,
 			Name:        user.Name,
 			Application: application.Name,
 			SessionId:   []string{c.Ctx.Input.CruSession.SessionID()},
 		})
-		if err != nil {
-			c.ResponseError(err.Error(), nil)
-			return
-		}
 	}
 
 	return resp
@@ -230,36 +170,8 @@ func (c *ApiController) GetApplicationLogin() {
 	redirectUri := c.Input().Get("redirectUri")
 	scope := c.Input().Get("scope")
 	state := c.Input().Get("state")
-	id := c.Input().Get("id")
-	loginType := c.Input().Get("type")
-
-	var application *object.Application
-	var msg string
-	var err error
-	if loginType == "code" {
-		msg, application, err = object.CheckOAuthLogin(clientId, responseType, redirectUri, scope, state, c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else if loginType == "cas" {
-		application, err = object.GetApplication(id)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if application == nil {
-			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), id))
-			return
-		}
-
-		err = object.CheckCasLogin(application, c.GetAcceptLanguage(), redirectUri)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
 
+	msg, application := object.CheckOAuthLogin(clientId, responseType, redirectUri, scope, state, c.GetAcceptLanguage())
 	application = object.GetMaskedApplication(application, "")
 	if msg != "" {
 		c.ResponseError(msg, application)
@@ -312,7 +224,7 @@ func isProxyProviderType(providerType string) bool {
 // @Param code_challenge_method   query    string  false code_challenge_method
 // @Param code_challenge          query    string  false code_challenge
 // @Param   form   body   controllers.AuthForm  true        "Login information"
-// @Success 200 {object} controllers.Response The Response object
+// @Success 200 {object} Response The Response object
 // @router /login [post]
 func (c *ApiController) Login() {
 	resp := &Response{}
@@ -333,11 +245,10 @@ func (c *ApiController) Login() {
 		}
 
 		var user *object.User
+		var msg string
+
 		if authForm.Password == "" {
-			if user, err = object.GetUserByFields(authForm.Organization, authForm.Username); err != nil {
-				c.ResponseError(err.Error(), nil)
-				return
-			} else if user == nil {
+			if user = object.GetUserByFields(authForm.Organization, authForm.Username); user == nil {
 				c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(authForm.Organization, authForm.Username)))
 				return
 			}
@@ -354,26 +265,16 @@ func (c *ApiController) Login() {
 			}
 
 			// check result through Email or Phone
-			err = object.CheckSigninCode(user, checkDest, authForm.Code, c.GetAcceptLanguage())
-			if err != nil {
-				c.ResponseError(fmt.Sprintf("%s - %s", verificationCodeType, err.Error()))
+			checkResult := object.CheckSigninCode(user, checkDest, authForm.Code, c.GetAcceptLanguage())
+			if len(checkResult) != 0 {
+				c.ResponseError(fmt.Sprintf("%s - %s", verificationCodeType, checkResult))
 				return
 			}
 
 			// disable the verification code
-			err = object.DisableVerificationCode(checkDest)
-			if err != nil {
-				c.ResponseError(err.Error(), nil)
-				return
-			}
+			object.DisableVerificationCode(checkDest)
 		} else {
-			var application *object.Application
-			application, err = object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
-			if err != nil {
-				c.ResponseError(err.Error(), nil)
-				return
-			}
-
+			application := object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
 			if application == nil {
 				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
 				return
@@ -383,12 +284,8 @@ func (c *ApiController) Login() {
 				return
 			}
 			var enableCaptcha bool
-			if enableCaptcha, err = object.CheckToEnableCaptcha(application, authForm.Organization, authForm.Username); err != nil {
-				c.ResponseError(err.Error())
-				return
-			} else if enableCaptcha {
-				var isHuman bool
-				isHuman, err = captcha.VerifyCaptchaByCaptchaType(authForm.CaptchaType, authForm.CaptchaToken, authForm.ClientSecret)
+			if enableCaptcha = object.CheckToEnableCaptcha(application, authForm.Organization, authForm.Username); enableCaptcha {
+				isHuman, err := captcha.VerifyCaptchaByCaptchaType(authForm.CaptchaType, authForm.CaptchaToken, authForm.ClientSecret)
 				if err != nil {
 					c.ResponseError(err.Error())
 					return
@@ -401,46 +298,25 @@ func (c *ApiController) Login() {
 			}
 
 			password := authForm.Password
-			user, err = object.CheckUserPassword(authForm.Organization, authForm.Username, password, c.GetAcceptLanguage(), enableCaptcha)
+			user, msg = object.CheckUserPassword(authForm.Organization, authForm.Username, password, c.GetAcceptLanguage(), enableCaptcha)
 		}
 
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
+		if msg != "" {
+			resp = &Response{Status: "error", Msg: msg}
 		} else {
-			var application *object.Application
-			application, err = object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
+			application := object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
 			if application == nil {
 				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
 				return
 			}
 
-			var organization *object.Organization
-			organization, err = object.GetOrganizationByUser(user)
-			if err != nil {
-				c.ResponseError(err.Error())
-			}
-
-			if object.IsNeedPromptMfa(organization, user) {
-				// The prompt page needs the user to be signed in
-				c.SetSessionUsername(user.GetId())
-				c.ResponseOk(object.RequiredMfa)
-				return
-			}
-
-			if user.IsMfaEnabled() {
-				c.setMfaUserSession(user.GetId())
-				c.ResponseOk(object.NextMfa, user.GetPreferredMfaProps(true))
-				return
-			}
-
 			resp = c.HandleLoggedIn(application, user, &authForm)
 
+			organization := object.GetOrganizationByUser(user)
+			if user != nil && organization.HasRequiredMfa() && !user.IsMfaEnabled() {
+				resp.Msg = object.RequiredMfa
+			}
+
 			record := object.NewRecord(c.Ctx)
 			record.Organization = application.Organization
 			record.User = user.Name
@@ -449,17 +325,9 @@ func (c *ApiController) Login() {
 	} else if authForm.Provider != "" {
 		var application *object.Application
 		if authForm.ClientId != "" {
-			application, err = object.GetApplicationByClientId(authForm.ClientId)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
+			application = object.GetApplicationByClientId(authForm.ClientId)
 		} else {
-			application, err = object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
+			application = object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
 		}
 
 		if application == nil {
@@ -467,41 +335,33 @@ func (c *ApiController) Login() {
 			return
 		}
 
-		var organization *object.Organization
-		organization, err = object.GetOrganization(util.GetId("admin", application.Organization))
-		if err != nil {
-			c.ResponseError(c.T(err.Error()))
-		}
-
-		var provider *object.Provider
-		provider, err = object.GetProvider(util.GetId("admin", authForm.Provider))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		organization := object.GetOrganization(util.GetId("admin", application.Organization))
+		provider := object.GetProvider(util.GetId("admin", authForm.Provider))
 		providerItem := application.GetProviderItem(provider.Name)
 		if !providerItem.IsProviderVisible() {
 			c.ResponseError(fmt.Sprintf(c.T("auth:The provider: %s is not enabled for the application"), provider.Name))
 			return
 		}
+
 		userInfo := &idp.UserInfo{}
 		if provider.Category == "SAML" {
 			// SAML
-			userInfo, err = object.ParseSamlResponse(authForm.SamlResponse, provider, c.Ctx.Request.Host)
+			userInfo.Id, err = object.ParseSamlResponse(authForm.SamlResponse, provider, c.Ctx.Request.Host)
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
 			}
-		} else if provider.Category == "OAuth" || provider.Category == "Web3" {
+		} else if provider.Category == "OAuth" {
 			// OAuth
-			idpInfo := object.FromProviderToIdpInfo(c.Ctx, provider)
-			var idProvider idp.IdProvider
-			idProvider, err = idp.GetIdProvider(idpInfo, authForm.RedirectUri)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
+
+			clientId := provider.ClientId
+			clientSecret := provider.ClientSecret
+			if provider.Type == "WeChat" && strings.Contains(c.Ctx.Request.UserAgent(), "MicroMessenger") {
+				clientId = provider.ClientId2
+				clientSecret = provider.ClientSecret2
 			}
+
+			idProvider := idp.GetIdProvider(provider.Type, provider.SubType, clientId, clientSecret, provider.AppId, authForm.RedirectUri, provider.Domain, provider.CustomAuthUrl, provider.CustomTokenUrl, provider.CustomUserInfoUrl)
 			if idProvider == nil {
 				c.ResponseError(fmt.Sprintf(c.T("storage:The provider type: %s is not supported"), provider.Type))
 				return
@@ -515,8 +375,7 @@ func (c *ApiController) Login() {
 			}
 
 			// https://github.com/golang/oauth2/issues/123#issuecomment-103715338
-			var token *oauth2.Token
-			token, err = idProvider.GetToken(authForm.Code)
+			token, err := idProvider.GetToken(authForm.Code)
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
@@ -537,18 +396,9 @@ func (c *ApiController) Login() {
 		if authForm.Method == "signup" {
 			user := &object.User{}
 			if provider.Category == "SAML" {
-				// The userInfo.Id is the NameID in SAML response, it could be name / email / phone
-				user, err = object.GetUserByFields(application.Organization, userInfo.Id)
-				if err != nil {
-					c.ResponseError(err.Error())
-					return
-				}
-			} else if provider.Category == "OAuth" || provider.Category == "Web3" {
-				user, err = object.GetUserByField(application.Organization, provider.Type, userInfo.Id)
-				if err != nil {
-					c.ResponseError(err.Error())
-					return
-				}
+				user = object.GetUser(util.GetId(application.Organization, userInfo.Id))
+			} else if provider.Category == "OAuth" {
+				user = object.GetUserByField(application.Organization, provider.Type, userInfo.Id)
 			}
 
 			if user != nil && !user.IsDeleted {
@@ -557,37 +407,24 @@ func (c *ApiController) Login() {
 				if user.IsForbidden {
 					c.ResponseError(c.T("check:The user is forbidden to sign in, please contact the administrator"))
 				}
-				// sync info from 3rd-party if possible
-				_, err = object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
-				if err != nil {
-					c.ResponseError(err.Error())
-					return
-				}
+
 				resp = c.HandleLoggedIn(application, user, &authForm)
 
 				record := object.NewRecord(c.Ctx)
 				record.Organization = application.Organization
 				record.User = user.Name
 				util.SafeGoroutine(func() { object.AddRecord(record) })
-			} else if provider.Category == "OAuth" || provider.Category == "Web3" {
+			} else if provider.Category == "OAuth" {
 				// Sign up via OAuth
 				if application.EnableLinkWithEmail {
 					if userInfo.Email != "" {
 						// Find existing user with Email
-						user, err = object.GetUserByField(application.Organization, "email", userInfo.Email)
-						if err != nil {
-							c.ResponseError(err.Error())
-							return
-						}
+						user = object.GetUserByField(application.Organization, "email", userInfo.Email)
 					}
 
 					if user == nil && userInfo.Phone != "" {
 						// Find existing user with phone number
-						user, err = object.GetUserByField(application.Organization, "phone", userInfo.Phone)
-						if err != nil {
-							c.ResponseError(err.Error())
-							return
-						}
+						user = object.GetUserByField(application.Organization, "phone", userInfo.Phone)
 					}
 				}
 
@@ -603,16 +440,9 @@ func (c *ApiController) Login() {
 					}
 
 					// Handle username conflicts
-					var tmpUser *object.User
-					tmpUser, err = object.GetUser(util.GetId(application.Organization, userInfo.Username))
-					if err != nil {
-						c.ResponseError(err.Error())
-						return
-					}
-
+					tmpUser := object.GetUser(util.GetId(application.Organization, userInfo.Username))
 					if tmpUser != nil {
-						var uid uuid.UUID
-						uid, err = uuid.NewRandom()
+						uid, err := uuid.NewRandom()
 						if err != nil {
 							c.ResponseError(err.Error())
 							return
@@ -623,31 +453,18 @@ func (c *ApiController) Login() {
 					}
 
 					properties := map[string]string{}
-					var count int64
-					count, err = object.GetUserCount(application.Organization, "", "", "")
-					if err != nil {
-						c.ResponseError(err.Error())
-						return
-					}
-
-					properties["no"] = strconv.Itoa(int(count + 2))
-					var initScore int
-					initScore, err = organization.GetInitScore()
+					properties["no"] = strconv.Itoa(object.GetUserCount(application.Organization, "", "") + 2)
+					initScore, err := organization.GetInitScore()
 					if err != nil {
 						c.ResponseError(fmt.Errorf(c.T("account:Get init score failed, error: %w"), err).Error())
 						return
 					}
 
-					userId := userInfo.Id
-					if userId == "" {
-						userId = util.GenerateId()
-					}
-
 					user = &object.User{
 						Owner:             application.Organization,
 						Name:              userInfo.Username,
 						CreatedTime:       util.GetCurrentTime(),
-						Id:                userId,
+						Id:                util.GenerateId(),
 						Type:              "normal-user",
 						DisplayName:       userInfo.DisplayName,
 						Avatar:            userInfo.AvatarUrl,
@@ -658,46 +475,23 @@ func (c *ApiController) Login() {
 						Region:            userInfo.CountryCode,
 						Score:             initScore,
 						IsAdmin:           false,
+						IsGlobalAdmin:     false,
 						IsForbidden:       false,
 						IsDeleted:         false,
 						SignupApplication: application.Name,
 						Properties:        properties,
 					}
 
-					var affected bool
-					affected, err = object.AddUser(user)
-					if err != nil {
-						c.ResponseError(err.Error())
-						return
-					}
-
+					affected := object.AddUser(user)
 					if !affected {
 						c.ResponseError(fmt.Sprintf(c.T("auth:Failed to create user, user information is invalid: %s"), util.StructToJson(user)))
 						return
 					}
-
-					if providerItem.SignupGroup != "" {
-						user.Groups = []string{providerItem.SignupGroup}
-						_, err = object.UpdateUser(user.GetId(), user, []string{"groups"}, false)
-						if err != nil {
-							c.ResponseError(err.Error())
-							return
-						}
-					}
 				}
 
 				// sync info from 3rd-party if possible
-				_, err = object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
-				if err != nil {
-					c.ResponseError(err.Error())
-					return
-				}
-
-				_, err = object.LinkUserAccount(user, provider.Type, userInfo.Id)
-				if err != nil {
-					c.ResponseError(err.Error())
-					return
-				}
+				object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
+				object.LinkUserAccount(user, provider.Type, userInfo.Id)
 
 				resp = c.HandleLoggedIn(application, user, &authForm)
 
@@ -712,7 +506,6 @@ func (c *ApiController) Login() {
 				record2.User = user.Name
 				util.SafeGoroutine(func() { object.AddRecord(record2) })
 			} else if provider.Category == "SAML" {
-				// TODO: since we get the user info from SAML response, we can try to create the user
 				resp = &Response{Status: "error", Msg: fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(application.Organization, userInfo.Id))}
 			}
 			// resp = &Response{Status: "ok", Msg: "", Data: res}
@@ -723,94 +516,51 @@ func (c *ApiController) Login() {
 				return
 			}
 
-			var oldUser *object.User
-			oldUser, err = object.GetUserByField(application.Organization, provider.Type, userInfo.Id)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
+			oldUser := object.GetUserByField(application.Organization, provider.Type, userInfo.Id)
 			if oldUser != nil {
 				c.ResponseError(fmt.Sprintf(c.T("auth:The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)"), provider.Type, userInfo.Username, userInfo.DisplayName, oldUser.Name, oldUser.DisplayName))
 				return
 			}
 
-			var user *object.User
-			user, err = object.GetUser(userId)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
+			user := object.GetUser(userId)
 
 			// sync info from 3rd-party if possible
-			_, err = object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			var isLinked bool
-			isLinked, err = object.LinkUserAccount(user, provider.Type, userInfo.Id)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
+			object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
 
+			isLinked := object.LinkUserAccount(user, provider.Type, userInfo.Id)
 			if isLinked {
 				resp = &Response{Status: "ok", Msg: "", Data: isLinked}
 			} else {
 				resp = &Response{Status: "error", Msg: "Failed to link user account", Data: isLinked}
 			}
 		}
-	} else if c.getMfaUserSession() != "" {
-		var user *object.User
-		user, err = object.GetUser(c.getMfaUserSession())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if user == nil {
-			c.ResponseError("expired user session")
-			return
-		}
+	} else if c.getMfaSessionData() != nil {
+		mfaSession := c.getMfaSessionData()
+		user := object.GetUser(mfaSession.UserId)
 
 		if authForm.Passcode != "" {
-			mfaUtil := object.GetMfaUtil(authForm.MfaType, user.GetPreferredMfaProps(false))
-			if mfaUtil == nil {
-				c.ResponseError("Invalid multi-factor authentication type")
-				return
-			}
-
-			err = mfaUtil.Verify(authForm.Passcode)
+			MfaUtil := object.GetMfaUtil(authForm.MfaType, user.GetPreferMfa(false))
+			err = MfaUtil.Verify(authForm.Passcode)
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
 			}
-		} else if authForm.RecoveryCode != "" {
-			err = object.MfaRecover(user, authForm.RecoveryCode)
+		}
+		if authForm.RecoveryCode != "" {
+			err = object.RecoverTfs(user, authForm.RecoveryCode)
 			if err != nil {
 				c.ResponseError(err.Error())
 				return
 			}
-		} else {
-			c.ResponseError("missing passcode or recovery code")
-			return
-		}
-
-		var application *object.Application
-		application, err = object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
 		}
 
+		application := object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
 		if application == nil {
 			c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
 			return
 		}
 
 		resp = c.HandleLoggedIn(application, user, &authForm)
-		c.setMfaUserSession("")
 
 		record := object.NewRecord(c.Ctx)
 		record.Organization = application.Organization
@@ -819,13 +569,7 @@ func (c *ApiController) Login() {
 	} else {
 		if c.GetSessionUsername() != "" {
 			// user already signed in to Casdoor, so let the user click the avatar button to do the quick sign-in
-			var application *object.Application
-			application, err = object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
+			application := object.GetApplication(fmt.Sprintf("admin/%s", authForm.Application))
 			if application == nil {
 				c.ResponseError(fmt.Sprintf(c.T("auth:The application: %s does not exist"), authForm.Application))
 				return
@@ -881,9 +625,7 @@ func (c *ApiController) HandleOfficialAccountEvent() {
 	respBytes, err := ioutil.ReadAll(c.Ctx.Request.Body)
 	if err != nil {
 		c.ResponseError(err.Error())
-		return
 	}
-
 	var data struct {
 		MsgType  string `xml:"MsgType"`
 		Event    string `xml:"Event"`
@@ -892,9 +634,7 @@ func (c *ApiController) HandleOfficialAccountEvent() {
 	err = xml.Unmarshal(respBytes, &data)
 	if err != nil {
 		c.ResponseError(err.Error())
-		return
 	}
-
 	lock.Lock()
 	defer lock.Unlock()
 	if data.EventKey != "" {
@@ -930,28 +670,10 @@ func (c *ApiController) GetWebhookEventType() {
 func (c *ApiController) GetCaptchaStatus() {
 	organization := c.Input().Get("organization")
 	userId := c.Input().Get("user_id")
-	user, err := object.GetUserByFields(organization, userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	user := object.GetUserByFields(organization, userId)
 	var captchaEnabled bool
 	if user != nil && user.SigninWrongTimes >= object.SigninWrongTimesLimit {
 		captchaEnabled = true
 	}
 	c.ResponseOk(captchaEnabled)
 }
-
-// Callback
-// @Title Callback
-// @Tag Callback API
-// @Description Get Login Error Counts
-// @router /api/Callback [post]
-func (c *ApiController) Callback() {
-	code := c.GetString("code")
-	state := c.GetString("state")
-
-	frontendCallbackUrl := fmt.Sprintf("/callback?code=%s&state=%s", code, state)
-	c.Ctx.Redirect(http.StatusFound, frontendCallbackUrl)
-}

controllers/base.go

@@ -55,22 +55,6 @@ func (c *ApiController) IsAdmin() bool {
 	return isGlobalAdmin || user.IsAdmin
 }
 
-func (c *ApiController) IsAdminOrSelf(user2 *object.User) bool {
-	isGlobalAdmin, user := c.isGlobalAdmin()
-	if isGlobalAdmin || (user != nil && user.IsAdmin) {
-		return true
-	}
-
-	if user == nil || user2 == nil {
-		return false
-	}
-
-	if user.Owner == user2.Owner && user.Name == user2.Name {
-		return true
-	}
-	return false
-}
-
 func (c *ApiController) isGlobalAdmin() (bool, *object.User) {
 	username := c.GetSessionUsername()
 	if strings.HasPrefix(username, "app/") {
@@ -83,21 +67,16 @@ func (c *ApiController) isGlobalAdmin() (bool, *object.User) {
 		return false, nil
 	}
 
-	return user.IsGlobalAdmin(), user
+	return user.Owner == "built-in" || user.IsGlobalAdmin, user
 }
 
 func (c *ApiController) getCurrentUser() *object.User {
 	var user *object.User
-	var err error
 	userId := c.GetSessionUsername()
 	if userId == "" {
 		user = nil
 	} else {
-		user, err = object.GetUser(userId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return nil
-		}
+		user = object.GetUser(userId)
 	}
 	return user
 }
@@ -127,12 +106,7 @@ func (c *ApiController) GetSessionApplication() *object.Application {
 	if clientId == nil {
 		return nil
 	}
-	application, err := object.GetApplicationByClientId(clientId.(string))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return nil
-	}
-
+	application := object.GetApplicationByClientId(clientId.(string))
 	return application
 }
 
@@ -194,16 +168,20 @@ func (c *ApiController) SetSessionData(s *SessionData) {
 	c.SetSession("SessionData", util.StructToJson(s))
 }
 
-func (c *ApiController) setMfaUserSession(userId string) {
-	c.SetSession(object.MfaSessionUserId, userId)
+func (c *ApiController) setMfaSessionData(data *object.MfaSessionData) {
+	c.SetSession(object.MfaSessionUserId, data.UserId)
 }
 
-func (c *ApiController) getMfaUserSession() string {
-	userId := c.Ctx.Input.CruSession.Get(object.MfaSessionUserId)
+func (c *ApiController) getMfaSessionData() *object.MfaSessionData {
+	userId := c.GetSession(object.MfaSessionUserId)
 	if userId == nil {
-		return ""
+		return nil
 	}
-	return userId.(string)
+
+	data := &object.MfaSessionData{
+		UserId: userId.(string),
+	}
+	return data
 }
 
 func (c *ApiController) setExpireForSession() {
@@ -214,10 +192,8 @@ func (c *ApiController) setExpireForSession() {
 	})
 }
 
-func wrapActionResponse(affected bool, e ...error) *Response {
-	if len(e) != 0 && e[0] != nil {
-		return &Response{Status: "error", Msg: e[0].Error()}
-	} else if affected {
+func wrapActionResponse(affected bool) *Response {
+	if affected {
 		return &Response{Status: "ok", Msg: "", Data: "Affected"}
 	} else {
 		return &Response{Status: "ok", Msg: "", Data: "Unaffected"}

controllers/cas.go

@@ -35,11 +35,6 @@ const (
 	UnauthorizedService      string = "UNAUTHORIZED_SERVICE"
 )
 
-func queryUnescape(service string) string {
-	s, _ := url.QueryUnescape(service)
-	return s
-}
-
 func (c *RootController) CasValidate() {
 	ticket := c.Input().Get("ticket")
 	service := c.Input().Get("service")
@@ -65,25 +60,24 @@ func (c *RootController) CasServiceValidate() {
 	if !strings.HasPrefix(ticket, "ST") {
 		c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format)
 	}
-	c.CasP3ProxyValidate()
+	c.CasP3ServiceAndProxyValidate()
 }
 
 func (c *RootController) CasProxyValidate() {
-	// https://apereo.github.io/cas/6.6.x/protocol/CAS-Protocol-Specification.html#26-proxyvalidate-cas-20
-	// "/proxyValidate" should accept both service tickets and proxy tickets.
-	c.CasP3ProxyValidate()
-}
-
-func (c *RootController) CasP3ServiceValidate() {
 	ticket := c.Input().Get("ticket")
 	format := c.Input().Get("format")
-	if !strings.HasPrefix(ticket, "ST") {
+	if !strings.HasPrefix(ticket, "PT") {
 		c.sendCasAuthenticationResponseErr(InvalidTicket, fmt.Sprintf("Ticket %s not recognized", ticket), format)
 	}
-	c.CasP3ProxyValidate()
+	c.CasP3ServiceAndProxyValidate()
 }
 
-func (c *RootController) CasP3ProxyValidate() {
+func queryUnescape(service string) string {
+	s, _ := url.QueryUnescape(service)
+	return s
+}
+
+func (c *RootController) CasP3ServiceAndProxyValidate() {
 	ticket := c.Input().Get("ticket")
 	format := c.Input().Get("format")
 	service := c.Input().Get("service")
@@ -121,17 +115,15 @@ func (c *RootController) CasP3ProxyValidate() {
 		pgtiou := serviceResponse.Success.ProxyGrantingTicket
 		// todo: check whether it is https
 		pgtUrlObj, err := url.Parse(pgtUrl)
-		if err != nil {
-			c.sendCasAuthenticationResponseErr(InvalidProxyCallback, err.Error(), format)
-			return
-		}
-
 		if pgtUrlObj.Scheme != "https" {
 			c.sendCasAuthenticationResponseErr(InvalidProxyCallback, "callback is not https", format)
 			return
 		}
-
 		// make a request to pgturl passing pgt and pgtiou
+		if err != nil {
+			c.sendCasAuthenticationResponseErr(InternalError, err.Error(), format)
+			return
+		}
 		param := pgtUrlObj.Query()
 		param.Add("pgtId", pgt)
 		param.Add("pgtIou", pgtiou)
@@ -271,6 +263,7 @@ func (c *RootController) sendCasAuthenticationResponseErr(code, msg, format stri
 			Message: msg,
 		},
 	}
+
 	if format == "json" {
 		c.Data["json"] = serviceResponse
 		c.ServeJSON()

controllers/casbin_adapter.go

@@ -0,0 +1,158 @@
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/beego/beego/utils/pagination"
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
+	xormadapter "github.com/casdoor/xorm-adapter/v3"
+)
+
+func (c *ApiController) GetCasbinAdapters() {
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	organization := c.Input().Get("organization")
+	if limit == "" || page == "" {
+		adapters := object.GetCasbinAdapters(owner, organization)
+		c.ResponseOk(adapters)
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetCasbinAdapterCount(owner, organization, field, value)))
+		adapters := object.GetPaginationCasbinAdapters(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		c.ResponseOk(adapters, paginator.Nums())
+	}
+}
+
+func (c *ApiController) GetCasbinAdapter() {
+	id := c.Input().Get("id")
+	adapter := object.GetCasbinAdapter(id)
+	c.ResponseOk(adapter)
+}
+
+func (c *ApiController) UpdateCasbinAdapter() {
+	id := c.Input().Get("id")
+
+	var casbinAdapter object.CasbinAdapter
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &casbinAdapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.UpdateCasbinAdapter(id, &casbinAdapter))
+	c.ServeJSON()
+}
+
+func (c *ApiController) AddCasbinAdapter() {
+	var casbinAdapter object.CasbinAdapter
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &casbinAdapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.AddCasbinAdapter(&casbinAdapter))
+	c.ServeJSON()
+}
+
+func (c *ApiController) DeleteCasbinAdapter() {
+	var casbinAdapter object.CasbinAdapter
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &casbinAdapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.DeleteCasbinAdapter(&casbinAdapter))
+	c.ServeJSON()
+}
+
+func (c *ApiController) SyncPolicies() {
+	id := c.Input().Get("id")
+	adapter := object.GetCasbinAdapter(id)
+
+	policies, err := object.SyncPolicies(adapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.ResponseOk(policies)
+}
+
+func (c *ApiController) UpdatePolicy() {
+	id := c.Input().Get("id")
+	adapter := object.GetCasbinAdapter(id)
+	var policies []xormadapter.CasbinRule
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policies)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	affected, err := object.UpdatePolicy(util.CasbinToSlice(policies[0]), util.CasbinToSlice(policies[1]), adapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	c.Data["json"] = wrapActionResponse(affected)
+	c.ServeJSON()
+}
+
+func (c *ApiController) AddPolicy() {
+	id := c.Input().Get("id")
+	adapter := object.GetCasbinAdapter(id)
+	var policy xormadapter.CasbinRule
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	affected, err := object.AddPolicy(util.CasbinToSlice(policy), adapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	c.Data["json"] = wrapActionResponse(affected)
+	c.ServeJSON()
+}
+
+func (c *ApiController) RemovePolicy() {
+	id := c.Input().Get("id")
+	adapter := object.GetCasbinAdapter(id)
+	var policy xormadapter.CasbinRule
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	affected, err := object.RemovePolicy(util.CasbinToSlice(policy), adapter)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+	c.Data["json"] = wrapActionResponse(affected)
+	c.ServeJSON()
+}

controllers/casbin_api.go

@@ -1,285 +0,0 @@
-// Copyright 2022 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// Enforce
-// @Title Enforce
-// @Tag Enforce API
-// @Description Call Casbin Enforce API
-// @Param   body    body   object.CasbinRequest  true   "Casbin request"
-// @Param   permissionId    query   string  false   "permission id"
-// @Param   modelId    query   string  false   "model id"
-// @Param   resourceId    query   string  false   "resource id"
-// @Success 200 {object} controllers.Response The Response object
-// @router /enforce [post]
-func (c *ApiController) Enforce() {
-	permissionId := c.Input().Get("permissionId")
-	modelId := c.Input().Get("modelId")
-	resourceId := c.Input().Get("resourceId")
-	enforcerId := c.Input().Get("enforcerId")
-
-	if len(c.Ctx.Input.RequestBody) == 0 {
-		c.ResponseError("The request body should not be empty")
-		return
-	}
-
-	var request object.CasbinRequest
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &request)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if enforcerId != "" {
-		enforcer, err := object.GetInitializedEnforcer(enforcerId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res, err := enforcer.Enforce(request...)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(res)
-		return
-	}
-
-	if permissionId != "" {
-		permission, err := object.GetPermission(permissionId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res := []bool{}
-
-		if permission == nil {
-			res = append(res, false)
-		} else {
-			enforceResult, err := object.Enforce(permission, &request)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			res = append(res, enforceResult)
-		}
-
-		c.ResponseOk(res)
-		return
-	}
-
-	permissions := []*object.Permission{}
-	if modelId != "" {
-		owner, modelName := util.GetOwnerAndNameFromId(modelId)
-		permissions, err = object.GetPermissionsByModel(owner, modelName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else if resourceId != "" {
-		permissions, err = object.GetPermissionsByResource(resourceId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	res := []bool{}
-
-	listPermissionIdMap := object.GroupPermissionsByModelAdapter(permissions)
-	for _, permissionIds := range listPermissionIdMap {
-		firstPermission, err := object.GetPermission(permissionIds[0])
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		enforceResult, err := object.Enforce(firstPermission, &request, permissionIds...)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res = append(res, enforceResult)
-	}
-
-	c.ResponseOk(res)
-}
-
-// BatchEnforce
-// @Title BatchEnforce
-// @Tag Enforce API
-// @Description Call Casbin BatchEnforce API
-// @Param   body    body   object.CasbinRequest  true   "array of casbin requests"
-// @Param   permissionId    query   string  false   "permission id"
-// @Param   modelId    query   string  false   "model id"
-// @Success 200 {object} controllers.Response The Response object
-// @router /batch-enforce [post]
-func (c *ApiController) BatchEnforce() {
-	permissionId := c.Input().Get("permissionId")
-	modelId := c.Input().Get("modelId")
-	enforcerId := c.Input().Get("enforcerId")
-
-	var requests []object.CasbinRequest
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &requests)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if enforcerId != "" {
-		enforcer, err := object.GetInitializedEnforcer(enforcerId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res, err := enforcer.BatchEnforce(requests)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(res)
-		return
-	}
-
-	if permissionId != "" {
-		permission, err := object.GetPermission(permissionId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res := [][]bool{}
-
-		if permission == nil {
-			l := len(requests)
-			resRequest := make([]bool, l)
-			for i := 0; i < l; i++ {
-				resRequest[i] = false
-			}
-
-			res = append(res, resRequest)
-		} else {
-			enforceResult, err := object.BatchEnforce(permission, &requests)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			res = append(res, enforceResult)
-		}
-
-		c.ResponseOk(res)
-		return
-	}
-
-	permissions := []*object.Permission{}
-	if modelId != "" {
-		owner, modelName := util.GetOwnerAndNameFromId(modelId)
-		permissions, err = object.GetPermissionsByModel(owner, modelName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	} else {
-		c.ResponseError(c.T("general:Missing parameter"))
-		return
-	}
-
-	res := [][]bool{}
-
-	listPermissionIdMap := object.GroupPermissionsByModelAdapter(permissions)
-	for _, permissionIds := range listPermissionIdMap {
-		firstPermission, err := object.GetPermission(permissionIds[0])
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		enforceResult, err := object.BatchEnforce(firstPermission, &requests, permissionIds...)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		res = append(res, enforceResult)
-	}
-
-	c.ResponseOk(res)
-}
-
-func (c *ApiController) GetAllObjects() {
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		c.ResponseError(c.T("general:Please login first"))
-		return
-	}
-
-	objects, err := object.GetAllObjects(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(objects)
-}
-
-func (c *ApiController) GetAllActions() {
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		c.ResponseError(c.T("general:Please login first"))
-		return
-	}
-
-	actions, err := object.GetAllActions(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(actions)
-}
-
-func (c *ApiController) GetAllRoles() {
-	userId := c.GetSessionUsername()
-	if userId == "" {
-		c.ResponseError(c.T("general:Please login first"))
-		return
-	}
-
-	roles, err := object.GetAllRoles(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(roles)
-}

controllers/cert.go

@@ -37,71 +37,37 @@ func (c *ApiController) GetCerts() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		maskedCerts, err := object.GetMaskedCerts(object.GetCerts(owner))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(maskedCerts)
+		c.Data["json"] = object.GetMaskedCerts(object.GetCerts(owner))
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetCertCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		certs, err := object.GetMaskedCerts(object.GetPaginationCerts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetCertCount(owner, field, value)))
+		certs := object.GetMaskedCerts(object.GetPaginationCerts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
 		c.ResponseOk(certs, paginator.Nums())
 	}
 }
 
-// GetGlobalCerts
-// @Title GetGlobalCerts
+// GetGlobleCerts
+// @Title GetGlobleCerts
 // @Tag Cert API
 // @Description get globle certs
 // @Success 200 {array} object.Cert The Response object
-// @router /get-global-certs [get]
-func (c *ApiController) GetGlobalCerts() {
+// @router /get-globle-certs [get]
+func (c *ApiController) GetGlobleCerts() {
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		maskedCerts, err := object.GetMaskedCerts(object.GetGlobalCerts())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(maskedCerts)
+		c.Data["json"] = object.GetMaskedCerts(object.GetGlobleCerts())
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetGlobalCertsCount(field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		certs, err := object.GetMaskedCerts(object.GetPaginationGlobalCerts(paginator.Offset(), limit, field, value, sortField, sortOrder))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetGlobalCertsCount(field, value)))
+		certs := object.GetMaskedCerts(object.GetPaginationGlobalCerts(paginator.Offset(), limit, field, value, sortField, sortOrder))
 		c.ResponseOk(certs, paginator.Nums())
 	}
 }
@@ -115,13 +81,9 @@ func (c *ApiController) GetGlobalCerts() {
 // @router /get-cert [get]
 func (c *ApiController) GetCert() {
 	id := c.Input().Get("id")
-	cert, err := object.GetCert(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
 
-	c.ResponseOk(object.GetMaskedCert(cert))
+	c.Data["json"] = object.GetMaskedCert(object.GetCert(id))
+	c.ServeJSON()
 }
 
 // UpdateCert

controllers/chat.go

@@ -0,0 +1,124 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/beego/beego/utils/pagination"
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
+)
+
+// GetChats
+// @Title GetChats
+// @Tag Chat API
+// @Description get chats
+// @Param   owner     query    string  true        "The owner of chats"
+// @Success 200 {array} object.Chat The Response object
+// @router /get-chats [get]
+func (c *ApiController) GetChats() {
+	owner := c.Input().Get("owner")
+	owner = "admin"
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	if limit == "" || page == "" {
+		c.Data["json"] = object.GetMaskedChats(object.GetChats(owner))
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetChatCount(owner, field, value)))
+		chats := object.GetMaskedChats(object.GetPaginationChats(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
+		c.ResponseOk(chats, paginator.Nums())
+	}
+}
+
+// GetChat
+// @Title GetChat
+// @Tag Chat API
+// @Description get chat
+// @Param   id     query    string  true        "The id ( owner/name ) of the chat"
+// @Success 200 {object} object.Chat The Response object
+// @router /get-chat [get]
+func (c *ApiController) GetChat() {
+	id := c.Input().Get("id")
+
+	c.Data["json"] = object.GetMaskedChat(object.GetChat(id))
+	c.ServeJSON()
+}
+
+// UpdateChat
+// @Title UpdateChat
+// @Tag Chat API
+// @Description update chat
+// @Param   id     query    string  true        "The id ( owner/name ) of the chat"
+// @Param   body    body   object.Chat  true        "The details of the chat"
+// @Success 200 {object} controllers.Response The Response object
+// @router /update-chat [post]
+func (c *ApiController) UpdateChat() {
+	id := c.Input().Get("id")
+
+	var chat object.Chat
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &chat)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.UpdateChat(id, &chat))
+	c.ServeJSON()
+}
+
+// AddChat
+// @Title AddChat
+// @Tag Chat API
+// @Description add chat
+// @Param   body    body   object.Chat  true        "The details of the chat"
+// @Success 200 {object} controllers.Response The Response object
+// @router /add-chat [post]
+func (c *ApiController) AddChat() {
+	var chat object.Chat
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &chat)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.AddChat(&chat))
+	c.ServeJSON()
+}
+
+// DeleteChat
+// @Title DeleteChat
+// @Tag Chat API
+// @Description delete chat
+// @Param   body    body   object.Chat  true        "The details of the chat"
+// @Success 200 {object} controllers.Response The Response object
+// @router /delete-chat [post]
+func (c *ApiController) DeleteChat() {
+	var chat object.Chat
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &chat)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.DeleteChat(&chat))
+	c.ServeJSON()
+}

controllers/enforcer.go

@@ -1,4 +1,4 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+// Copyright 2022 The Casdoor Authors. All Rights Reserved.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -17,223 +17,101 @@ package controllers
 import (
 	"encoding/json"
 
-	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
-	xormadapter "github.com/casdoor/xorm-adapter/v3"
 )
 
-// GetEnforcers
-// @Title GetEnforcers
-// @Tag Enforcer API
-// @Description get enforcers
-// @Param   owner     query    string  true        "The owner of enforcers"
-// @Success 200 {array} object.Enforcer
-// @router /get-enforcers [get]
-func (c *ApiController) GetEnforcers() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
+func (c *ApiController) Enforce() {
+	permissionId := c.Input().Get("permissionId")
+	modelId := c.Input().Get("modelId")
+	resourceId := c.Input().Get("resourceId")
 
-	if limit == "" || page == "" {
-		enforcers, err := object.GetEnforcers(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+	var request object.CasbinRequest
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &request)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
 
-		c.ResponseOk(enforcers)
+	if permissionId != "" {
+		c.Data["json"] = object.Enforce(permissionId, &request)
+		c.ServeJSON()
+		return
+	}
+
+	permissions := make([]*object.Permission, 0)
+	res := []bool{}
+
+	if modelId != "" {
+		owner, modelName := util.GetOwnerAndNameFromId(modelId)
+		permissions = object.GetPermissionsByModel(owner, modelName)
 	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetEnforcerCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
+		permissions = object.GetPermissionsByResource(resourceId)
+	}
+
+	for _, permission := range permissions {
+		res = append(res, object.Enforce(permission.GetId(), &request))
+	}
+	c.Data["json"] = res
+	c.ServeJSON()
+}
+
+func (c *ApiController) BatchEnforce() {
+	permissionId := c.Input().Get("permissionId")
+	modelId := c.Input().Get("modelId")
+
+	var requests []object.CasbinRequest
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &requests)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	if permissionId != "" {
+		c.Data["json"] = object.BatchEnforce(permissionId, &requests)
+		c.ServeJSON()
+	} else {
+		owner, modelName := util.GetOwnerAndNameFromId(modelId)
+		permissions := object.GetPermissionsByModel(owner, modelName)
+
+		res := [][]bool{}
+		for _, permission := range permissions {
+			res = append(res, object.BatchEnforce(permission.GetId(), &requests))
 		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		enforcers, err := object.GetPaginationEnforcers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(enforcers, paginator.Nums())
+		c.Data["json"] = res
+		c.ServeJSON()
 	}
 }
 
-// GetEnforcer
-// @Title GetEnforcer
-// @Tag Enforcer API
-// @Description get enforcer
-// @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
-// @Success 200 {object} object
-// @router /get-enforcer [get]
-func (c *ApiController) GetEnforcer() {
-	id := c.Input().Get("id")
-	loadModelCfg := c.Input().Get("loadModelCfg")
-
-	enforcer, err := object.GetEnforcer(id)
-	if err != nil {
-		c.ResponseError(err.Error())
+func (c *ApiController) GetAllObjects() {
+	userId := c.GetSessionUsername()
+	if userId == "" {
+		c.ResponseError(c.T("general:Please login first"))
 		return
 	}
 
-	if loadModelCfg == "true" && enforcer.Model != "" {
-		err := enforcer.LoadModelCfg()
-		if err != nil {
-			return
-		}
-	}
-
-	c.ResponseOk(enforcer)
-}
-
-// UpdateEnforcer
-// @Title UpdateEnforcer
-// @Tag Enforcer API
-// @Description update enforcer
-// @Param   id     query    string  true        "The id ( owner/name )  of enforcer"
-// @Param   enforcer     body    object  true        "The enforcer object"
-// @Success 200 {object} object
-// @router /update-enforcer [post]
-func (c *ApiController) UpdateEnforcer() {
-	id := c.Input().Get("id")
-
-	enforcer := object.Enforcer{}
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &enforcer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateEnforcer(id, &enforcer))
+	c.Data["json"] = object.GetAllObjects(userId)
 	c.ServeJSON()
 }
 
-// AddEnforcer
-// @Title AddEnforcer
-// @Tag Enforcer API
-// @Description add enforcer
-// @Param   enforcer     body    object  true        "The enforcer object"
-// @Success 200 {object} object
-// @router /add-enforcer [post]
-func (c *ApiController) AddEnforcer() {
-	enforcer := object.Enforcer{}
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &enforcer)
-	if err != nil {
-		c.ResponseError(err.Error())
+func (c *ApiController) GetAllActions() {
+	userId := c.GetSessionUsername()
+	if userId == "" {
+		c.ResponseError(c.T("general:Please login first"))
 		return
 	}
 
-	c.Data["json"] = wrapActionResponse(object.AddEnforcer(&enforcer))
+	c.Data["json"] = object.GetAllActions(userId)
 	c.ServeJSON()
 }
 
-// DeleteEnforcer
-// @Title DeleteEnforcer
-// @Tag Enforcer API
-// @Description delete enforcer
-// @Param   body    body    object.Enforce  true      "The enforcer object"
-// @Success 200 {object} object
-// @router /delete-enforcer [post]
-func (c *ApiController) DeleteEnforcer() {
-	var enforcer object.Enforcer
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &enforcer)
-	if err != nil {
-		c.ResponseError(err.Error())
+func (c *ApiController) GetAllRoles() {
+	userId := c.GetSessionUsername()
+	if userId == "" {
+		c.ResponseError(c.T("general:Please login first"))
 		return
 	}
 
-	c.Data["json"] = wrapActionResponse(object.DeleteEnforcer(&enforcer))
-	c.ServeJSON()
-}
-
-func (c *ApiController) GetPolicies() {
-	id := c.Input().Get("id")
-	adapterId := c.Input().Get("adapterId")
-
-	if adapterId != "" {
-		adapter, err := object.GetAdapter(adapterId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		err = adapter.InitAdapter()
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		c.ResponseOk()
-		return
-	}
-
-	policies, err := object.GetPolicies(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(policies)
-}
-
-func (c *ApiController) UpdatePolicy() {
-	id := c.Input().Get("id")
-
-	var policies []xormadapter.CasbinRule
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policies)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.UpdatePolicy(id, policies[0].Ptype, util.CasbinToSlice(policies[0]), util.CasbinToSlice(policies[1]))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Data["json"] = wrapActionResponse(affected)
-	c.ServeJSON()
-}
-
-func (c *ApiController) AddPolicy() {
-	id := c.Input().Get("id")
-
-	var policy xormadapter.CasbinRule
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.AddPolicy(id, policy.Ptype, util.CasbinToSlice(policy))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Data["json"] = wrapActionResponse(affected)
-	c.ServeJSON()
-}
-
-func (c *ApiController) RemovePolicy() {
-	id := c.Input().Get("id")
-
-	var policy xormadapter.CasbinRule
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &policy)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.RemovePolicy(id, policy.Ptype, util.CasbinToSlice(policy))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.Data["json"] = wrapActionResponse(affected)
+	c.Data["json"] = object.GetAllRoles(userId)
 	c.ServeJSON()
 }

controllers/get-dashboard.go

@@ -1,35 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import "github.com/casdoor/casdoor/object"
-
-// GetDashboard
-// @Title GetDashboard
-// @Tag GetDashboard API
-// @Description get information of dashboard
-// @Success 200 {object} controllers.Response The Response object
-// @router /get-dashboard [get]
-func (c *ApiController) GetDashboard() {
-	owner := c.Input().Get("owner")
-
-	data, err := object.GetDashboard(owner)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(data)
-}

controllers/group.go

@@ -1,148 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-
-package controllers
-
-import (
-	"encoding/json"
-
-	"github.com/beego/beego/utils/pagination"
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-// GetGroups
-// @Title GetGroups
-// @Tag Group API
-// @Description get groups
-// @Param   owner     query    string  true        "The owner of groups"
-// @Success 200 {array} object.Group The Response object
-// @router /get-groups [get]
-func (c *ApiController) GetGroups() {
-	owner := c.Input().Get("owner")
-	limit := c.Input().Get("pageSize")
-	page := c.Input().Get("p")
-	field := c.Input().Get("field")
-	value := c.Input().Get("value")
-	sortField := c.Input().Get("sortField")
-	sortOrder := c.Input().Get("sortOrder")
-	withTree := c.Input().Get("withTree")
-
-	if limit == "" || page == "" {
-		groups, err := object.GetGroups(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		} else {
-			if withTree == "true" {
-				c.ResponseOk(object.ConvertToTreeData(groups, owner))
-				return
-			}
-			c.ResponseOk(groups)
-		}
-	} else {
-		limit := util.ParseInt(limit)
-		count, err := object.GetGroupCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		groups, err := object.GetPaginationGroups(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		} else {
-			c.ResponseOk(groups, paginator.Nums())
-		}
-	}
-}
-
-// GetGroup
-// @Title GetGroup
-// @Tag Group API
-// @Description get group
-// @Param   id     query    string  true        "The id ( owner/name ) of the group"
-// @Success 200 {object} object.Group The Response object
-// @router /get-group [get]
-func (c *ApiController) GetGroup() {
-	id := c.Input().Get("id")
-
-	group, err := object.GetGroup(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.ResponseOk(group)
-}
-
-// UpdateGroup
-// @Title UpdateGroup
-// @Tag Group API
-// @Description update group
-// @Param   id     query    string  true        "The id ( owner/name ) of the group"
-// @Param   body    body   object.Group  true        "The details of the group"
-// @Success 200 {object} controllers.Response The Response object
-// @router /update-group [post]
-func (c *ApiController) UpdateGroup() {
-	id := c.Input().Get("id")
-
-	var group object.Group
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &group)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.UpdateGroup(id, &group))
-	c.ServeJSON()
-}
-
-// AddGroup
-// @Title AddGroup
-// @Tag Group API
-// @Description add group
-// @Param   body    body   object.Group  true      "The details of the group"
-// @Success 200 {object} controllers.Response The Response object
-// @router /add-group [post]
-func (c *ApiController) AddGroup() {
-	var group object.Group
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &group)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.AddGroup(&group))
-	c.ServeJSON()
-}
-
-// DeleteGroup
-// @Title DeleteGroup
-// @Tag Group API
-// @Description delete group
-// @Param   body    body   object.Group  true        "The details of the group"
-// @Success 200 {object} controllers.Response The Response object
-// @router /delete-group [post]
-func (c *ApiController) DeleteGroup() {
-	var group object.Group
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &group)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = wrapActionResponse(object.DeleteGroup(&group))
-	c.ServeJSON()
-}

controllers/ldap.go

@@ -38,28 +38,20 @@ type LdapSyncResp struct {
 }
 
 // GetLdapUsers
-// @Title GetLdapser
 // @Tag Account API
-// @Description get ldap users
-// Param	id	string	true	"id"
-// @Success 200 {object} LdapResp The Response object
+// @Title GetLdapser
 // @router /get-ldap-users [get]
 func (c *ApiController) GetLdapUsers() {
 	id := c.Input().Get("id")
 
 	_, ldapId := util.GetOwnerAndNameFromId(id)
-	ldapServer, err := object.GetLdap(ldapId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	ldapServer := object.GetLdap(ldapId)
 
 	conn, err := ldapServer.GetLdapConn()
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	defer conn.Close()
 
 	//groupsMap, err := conn.GetLdapGroups(ldapServer.BaseDn)
 	//if err != nil {
@@ -84,11 +76,7 @@ func (c *ApiController) GetLdapUsers() {
 	for i, user := range users {
 		uuids[i] = user.GetLdapUuid()
 	}
-	existUuids, err := object.GetExistUuids(ldapServer.Owner, uuids)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	existUuids := object.GetExistUuids(ldapServer.Owner, uuids)
 
 	resp := LdapResp{
 		Users:      object.AutoAdjustLdapUser(users),
@@ -98,24 +86,18 @@ func (c *ApiController) GetLdapUsers() {
 }
 
 // GetLdaps
-// @Title GetLdaps
 // @Tag Account API
-// @Description get ldaps
-// @Param	owner	query	string	false	"owner"
-// @Success 200 {array} object.Ldap The Response object
+// @Title GetLdaps
 // @router /get-ldaps [get]
 func (c *ApiController) GetLdaps() {
 	owner := c.Input().Get("owner")
 
-	c.ResponseOk(object.GetMaskedLdaps(object.GetLdaps(owner)))
+	c.ResponseOk(object.GetLdaps(owner))
 }
 
 // GetLdap
-// @Title GetLdap
 // @Tag Account API
-// @Description get ldap
-// @Param	id	query	string	true	"id"
-// @Success 200 {object} object.Ldap The Response object
+// @Title GetLdap
 // @router /get-ldap [get]
 func (c *ApiController) GetLdap() {
 	id := c.Input().Get("id")
@@ -126,20 +108,12 @@ func (c *ApiController) GetLdap() {
 	}
 
 	_, name := util.GetOwnerAndNameFromId(id)
-	ldap, err := object.GetLdap(name)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	c.ResponseOk(object.GetMaskedLdap(ldap))
+	c.ResponseOk(object.GetLdap(name))
 }
 
 // AddLdap
-// @Title AddLdap
 // @Tag Account API
-// @Description add ldap
-// @Param	body	body	object.Ldap		true	"The details of the ldap"
-// @Success 200 {object} controllers.Response The Response object
+// @Title AddLdap
 // @router /add-ldap [post]
 func (c *ApiController) AddLdap() {
 	var ldap object.Ldap
@@ -154,23 +128,17 @@ func (c *ApiController) AddLdap() {
 		return
 	}
 
-	if ok, err := object.CheckLdapExist(&ldap); err != nil {
-		c.ResponseError(err.Error())
-		return
-	} else if ok {
+	if object.CheckLdapExist(&ldap) {
 		c.ResponseError(c.T("ldap:Ldap server exist"))
 		return
 	}
 
-	resp := wrapActionResponse(object.AddLdap(&ldap))
+	affected := object.AddLdap(&ldap)
+	resp := wrapActionResponse(affected)
 	resp.Data2 = ldap
 
 	if ldap.AutoSync != 0 {
-		err = object.GetLdapAutoSynchronizer().StartAutoSync(ldap.Id)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		object.GetLdapAutoSynchronizer().StartAutoSync(ldap.Id)
 	}
 
 	c.Data["json"] = resp
@@ -178,11 +146,8 @@ func (c *ApiController) AddLdap() {
 }
 
 // UpdateLdap
-// @Title UpdateLdap
 // @Tag Account API
-// @Description update ldap
-// @Param	body	body	object.Ldap		true	"The details of the ldap"
-// @Success 200 {object} controllers.Response The Response object
+// @Title UpdateLdap
 // @router /update-ldap [post]
 func (c *ApiController) UpdateLdap() {
 	var ldap object.Ldap
@@ -192,24 +157,11 @@ func (c *ApiController) UpdateLdap() {
 		return
 	}
 
-	prevLdap, err := object.GetLdap(ldap.Id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.UpdateLdap(&ldap)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	prevLdap := object.GetLdap(ldap.Id)
+	affected := object.UpdateLdap(&ldap)
 
 	if ldap.AutoSync != 0 {
-		err := object.GetLdapAutoSynchronizer().StartAutoSync(ldap.Id)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		object.GetLdapAutoSynchronizer().StartAutoSync(ldap.Id)
 	} else if ldap.AutoSync == 0 && prevLdap.AutoSync != 0 {
 		object.GetLdapAutoSynchronizer().StopAutoSync(ldap.Id)
 	}
@@ -219,11 +171,8 @@ func (c *ApiController) UpdateLdap() {
 }
 
 // DeleteLdap
-// @Title DeleteLdap
 // @Tag Account API
-// @Description delete ldap
-// @Param	body	body	object.Ldap		true	"The details of the ldap"
-// @Success 200 {object} controllers.Response The Response object
+// @Title DeleteLdap
 // @router /delete-ldap [post]
 func (c *ApiController) DeleteLdap() {
 	var ldap object.Ldap
@@ -233,11 +182,7 @@ func (c *ApiController) DeleteLdap() {
 		return
 	}
 
-	affected, err := object.DeleteLdap(&ldap)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	affected := object.DeleteLdap(&ldap)
 
 	object.GetLdapAutoSynchronizer().StopAutoSync(ldap.Id)
 
@@ -246,16 +191,12 @@ func (c *ApiController) DeleteLdap() {
 }
 
 // SyncLdapUsers
-// @Title SyncLdapUsers
 // @Tag Account API
-// @Description sync ldap users
-// @Param	id	query	string		true	"id"
-// @Success 200 {object} LdapSyncResp The Response object
+// @Title SyncLdapUsers
 // @router /sync-ldap-users [post]
 func (c *ApiController) SyncLdapUsers() {
-	id := c.Input().Get("id")
-
-	owner, ldapId := util.GetOwnerAndNameFromId(id)
+	owner := c.Input().Get("owner")
+	ldapId := c.Input().Get("ldapId")
 	var users []object.LdapUser
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &users)
 	if err != nil {
@@ -263,11 +204,7 @@ func (c *ApiController) SyncLdapUsers() {
 		return
 	}
 
-	err = object.UpdateLdapSyncTime(ldapId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.UpdateLdapSyncTime(ldapId)
 
 	exist, failed, _ := object.SyncLdapUsers(owner, users, ldapId)
 

controllers/link.go

@@ -45,20 +45,15 @@ func (c *ApiController) Unlink() {
 	// the user will be unlinked from the provider
 	unlinkedUser := form.User
 
-	if user.Id != unlinkedUser.Id && !user.IsGlobalAdmin() {
+	if user.Id != unlinkedUser.Id && !user.IsGlobalAdmin {
 		// if the user is not the same as the one we are unlinking, we need to make sure the user is the global admin.
 		c.ResponseError(c.T("link:You are not the global admin, you can't unlink other users"))
 		return
 	}
 
-	if user.Id == unlinkedUser.Id && !user.IsGlobalAdmin() {
+	if user.Id == unlinkedUser.Id && !user.IsGlobalAdmin {
 		// if the user is unlinking themselves, should check the provider can be unlinked, if not, we should return an error.
-		application, err := object.GetApplicationByUser(user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		application := object.GetApplicationByUser(user)
 		if application == nil {
 			c.ResponseError(c.T("link:You can't unlink yourself, you are not a member of any application"))
 			return
@@ -93,17 +88,8 @@ func (c *ApiController) Unlink() {
 		return
 	}
 
-	_, err = object.ClearUserOAuthProperties(&unlinkedUser, providerType)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	_, err = object.LinkUserAccount(&unlinkedUser, providerType, "")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.ClearUserOAuthProperties(&unlinkedUser, providerType)
 
+	object.LinkUserAccount(&unlinkedUser, providerType, "")
 	c.ResponseOk()
 }

controllers/message.go

@@ -0,0 +1,256 @@
+// Copyright 2023 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+	"fmt"
+	"strings"
+
+	"github.com/beego/beego/utils/pagination"
+	"github.com/casdoor/casdoor/ai"
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
+)
+
+// GetMessages
+// @Title GetMessages
+// @Tag Message API
+// @Description get messages
+// @Param   owner     query    string  true        "The owner of messages"
+// @Success 200 {array} object.Message The Response object
+// @router /get-messages [get]
+func (c *ApiController) GetMessages() {
+	owner := c.Input().Get("owner")
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	chat := c.Input().Get("chat")
+	organization := c.Input().Get("organization")
+	if limit == "" || page == "" {
+		var messages []*object.Message
+		if chat == "" {
+			messages = object.GetMessages(owner)
+		} else {
+			messages = object.GetChatMessages(chat)
+		}
+
+		c.Data["json"] = object.GetMaskedMessages(messages)
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetMessageCount(owner, organization, field, value)))
+		messages := object.GetMaskedMessages(object.GetPaginationMessages(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder))
+		c.ResponseOk(messages, paginator.Nums())
+	}
+}
+
+// GetMessage
+// @Title GetMessage
+// @Tag Message API
+// @Description get message
+// @Param   id     query    string  true        "The id ( owner/name ) of the message"
+// @Success 200 {object} object.Message The Response object
+// @router /get-message [get]
+func (c *ApiController) GetMessage() {
+	id := c.Input().Get("id")
+
+	c.Data["json"] = object.GetMaskedMessage(object.GetMessage(id))
+	c.ServeJSON()
+}
+
+func (c *ApiController) ResponseErrorStream(errorText string) {
+	event := fmt.Sprintf("event: myerror\ndata: %s\n\n", errorText)
+	_, err := c.Ctx.ResponseWriter.Write([]byte(event))
+	if err != nil {
+		panic(err)
+	}
+}
+
+// GetMessageAnswer
+// @Title GetMessageAnswer
+// @Tag Message API
+// @Description get message answer
+// @Param   id     query    string  true        "The id ( owner/name ) of the message"
+// @Success 200 {object} object.Message The Response object
+// @router /get-message-answer [get]
+func (c *ApiController) GetMessageAnswer() {
+	id := c.Input().Get("id")
+
+	c.Ctx.ResponseWriter.Header().Set("Content-Type", "text/event-stream")
+	c.Ctx.ResponseWriter.Header().Set("Cache-Control", "no-cache")
+	c.Ctx.ResponseWriter.Header().Set("Connection", "keep-alive")
+
+	message := object.GetMessage(id)
+	if message == nil {
+		c.ResponseErrorStream(fmt.Sprintf(c.T("chat:The message: %s is not found"), id))
+		return
+	}
+
+	if message.Author != "AI" || message.ReplyTo == "" || message.Text != "" {
+		c.ResponseErrorStream(c.T("chat:The message is invalid"))
+		return
+	}
+
+	chatId := util.GetId("admin", message.Chat)
+	chat := object.GetChat(chatId)
+	if chat == nil || chat.Organization != message.Organization {
+		c.ResponseErrorStream(fmt.Sprintf(c.T("chat:The chat: %s is not found"), chatId))
+		return
+	}
+
+	if chat.Type != "AI" {
+		c.ResponseErrorStream(c.T("chat:The chat type must be \"AI\""))
+		return
+	}
+
+	questionMessage := object.GetMessage(message.ReplyTo)
+	if questionMessage == nil {
+		c.ResponseErrorStream(fmt.Sprintf(c.T("chat:The message: %s is not found"), id))
+		return
+	}
+
+	providerId := util.GetId(chat.Owner, chat.User2)
+	provider := object.GetProvider(providerId)
+	if provider == nil {
+		c.ResponseErrorStream(fmt.Sprintf(c.T("chat:The provider: %s is not found"), providerId))
+		return
+	}
+
+	if provider.Category != "AI" || provider.ClientSecret == "" {
+		c.ResponseErrorStream(fmt.Sprintf(c.T("chat:The provider: %s is invalid"), providerId))
+		return
+	}
+
+	c.Ctx.ResponseWriter.Header().Set("Content-Type", "text/event-stream")
+	c.Ctx.ResponseWriter.Header().Set("Cache-Control", "no-cache")
+	c.Ctx.ResponseWriter.Header().Set("Connection", "keep-alive")
+
+	authToken := provider.ClientSecret
+	question := questionMessage.Text
+	var stringBuilder strings.Builder
+
+	fmt.Printf("Question: [%s]\n", questionMessage.Text)
+	fmt.Printf("Answer: [")
+
+	err := ai.QueryAnswerStream(authToken, question, c.Ctx.ResponseWriter, &stringBuilder)
+	if err != nil {
+		c.ResponseErrorStream(err.Error())
+		return
+	}
+
+	fmt.Printf("]\n")
+
+	event := fmt.Sprintf("event: end\ndata: %s\n\n", "end")
+	_, err = c.Ctx.ResponseWriter.Write([]byte(event))
+	if err != nil {
+		panic(err)
+	}
+
+	answer := stringBuilder.String()
+
+	message.Text = answer
+	object.UpdateMessage(message.GetId(), message)
+}
+
+// UpdateMessage
+// @Title UpdateMessage
+// @Tag Message API
+// @Description update message
+// @Param   id     query    string  true        "The id ( owner/name ) of the message"
+// @Param   body    body   object.Message  true        "The details of the message"
+// @Success 200 {object} controllers.Response The Response object
+// @router /update-message [post]
+func (c *ApiController) UpdateMessage() {
+	id := c.Input().Get("id")
+
+	var message object.Message
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &message)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.UpdateMessage(id, &message))
+	c.ServeJSON()
+}
+
+// AddMessage
+// @Title AddMessage
+// @Tag Message API
+// @Description add message
+// @Param   body    body   object.Message  true        "The details of the message"
+// @Success 200 {object} controllers.Response The Response object
+// @router /add-message [post]
+func (c *ApiController) AddMessage() {
+	var message object.Message
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &message)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	var chat *object.Chat
+	if message.Chat != "" {
+		chatId := util.GetId("admin", message.Chat)
+		chat = object.GetChat(chatId)
+		if chat == nil || chat.Organization != message.Organization {
+			c.ResponseError(fmt.Sprintf(c.T("chat:The chat: %s is not found"), chatId))
+			return
+		}
+	}
+
+	affected := object.AddMessage(&message)
+	if affected {
+		if chat != nil && chat.Type == "AI" {
+			answerMessage := &object.Message{
+				Owner:        message.Owner,
+				Name:         fmt.Sprintf("message_%s", util.GetRandomName()),
+				CreatedTime:  util.GetCurrentTimeEx(message.CreatedTime),
+				Organization: message.Organization,
+				Chat:         message.Chat,
+				ReplyTo:      message.GetId(),
+				Author:       "AI",
+				Text:         "",
+			}
+			object.AddMessage(answerMessage)
+		}
+	}
+
+	c.Data["json"] = wrapActionResponse(affected)
+	c.ServeJSON()
+}
+
+// DeleteMessage
+// @Title DeleteMessage
+// @Tag Message API
+// @Description delete message
+// @Param   body    body   object.Message  true        "The details of the message"
+// @Success 200 {object} controllers.Response The Response object
+// @router /delete-message [post]
+func (c *ApiController) DeleteMessage() {
+	var message object.Message
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &message)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.DeleteMessage(&message))
+	c.ServeJSON()
+}

controllers/mfa.go

@@ -17,6 +17,7 @@ package controllers
 import (
 	"net/http"
 
+	"github.com/beego/beego"
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
@@ -28,12 +29,12 @@ import (
 // @param owner	form	string	true	"owner of user"
 // @param name	form	string	true	"name of user"
 // @param type	form	string	true	"MFA auth type"
-// @Success 200 {object} controllers.Response The Response object
+// @Success 200 {object}   The Response object
 // @router /mfa/setup/initiate [post]
 func (c *ApiController) MfaSetupInitiate() {
 	owner := c.Ctx.Request.Form.Get("owner")
 	name := c.Ctx.Request.Form.Get("name")
-	mfaType := c.Ctx.Request.Form.Get("mfaType")
+	authType := c.Ctx.Request.Form.Get("type")
 	userId := util.GetId(owner, name)
 
 	if len(userId) == 0 {
@@ -41,23 +42,20 @@ func (c *ApiController) MfaSetupInitiate() {
 		return
 	}
 
-	MfaUtil := object.GetMfaUtil(mfaType, nil)
+	MfaUtil := object.GetMfaUtil(authType, nil)
 	if MfaUtil == nil {
 		c.ResponseError("Invalid auth type")
 	}
-
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	user := object.GetUser(userId)
 	if user == nil {
 		c.ResponseError("User doesn't exist")
 		return
 	}
 
-	mfaProps, err := MfaUtil.Initiate(c.Ctx, user.GetId())
+	issuer := beego.AppConfig.String("appname")
+	accountName := user.GetId()
+
+	mfaProps, err := MfaUtil.Initiate(c.Ctx, issuer, accountName)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -76,20 +74,16 @@ func (c *ApiController) MfaSetupInitiate() {
 // @Success 200 {object}  Response object
 // @router /mfa/setup/verify [post]
 func (c *ApiController) MfaSetupVerify() {
-	mfaType := c.Ctx.Request.Form.Get("mfaType")
+	authType := c.Ctx.Request.Form.Get("type")
 	passcode := c.Ctx.Request.Form.Get("passcode")
 
-	if mfaType == "" || passcode == "" {
+	if authType == "" || passcode == "" {
 		c.ResponseError("missing auth type or passcode")
 		return
 	}
-	mfaUtil := object.GetMfaUtil(mfaType, nil)
-	if mfaUtil == nil {
-		c.ResponseError("Invalid multi-factor authentication type")
-		return
-	}
+	MfaUtil := object.GetMfaUtil(authType, nil)
 
-	err := mfaUtil.SetupVerify(c.Ctx, passcode)
+	err := MfaUtil.SetupVerify(c.Ctx, passcode)
 	if err != nil {
 		c.ResponseError(err.Error())
 	} else {
@@ -109,26 +103,16 @@ func (c *ApiController) MfaSetupVerify() {
 func (c *ApiController) MfaSetupEnable() {
 	owner := c.Ctx.Request.Form.Get("owner")
 	name := c.Ctx.Request.Form.Get("name")
-	mfaType := c.Ctx.Request.Form.Get("mfaType")
-
-	user, err := object.GetUser(util.GetId(owner, name))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	authType := c.Ctx.Request.Form.Get("type")
 
+	user := object.GetUser(util.GetId(owner, name))
 	if user == nil {
 		c.ResponseError("User doesn't exist")
 		return
 	}
 
-	mfaUtil := object.GetMfaUtil(mfaType, nil)
-	if mfaUtil == nil {
-		c.ResponseError("Invalid multi-factor authentication type")
-		return
-	}
-
-	err = mfaUtil.Enable(c.Ctx, user)
+	twoFactor := object.GetMfaUtil(authType, nil)
+	err := twoFactor.Enable(c.Ctx, user)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -143,30 +127,32 @@ func (c *ApiController) MfaSetupEnable() {
 // @Description: Delete MFA
 // @param owner	form	string	true	"owner of user"
 // @param name	form	string	true	"name of user"
+// @param id	form	string	true	"id of user's MFA props"
 // @Success 200 {object}  Response object
 // @router /delete-mfa/ [post]
 func (c *ApiController) DeleteMfa() {
+	id := c.Ctx.Request.Form.Get("id")
 	owner := c.Ctx.Request.Form.Get("owner")
 	name := c.Ctx.Request.Form.Get("name")
 	userId := util.GetId(owner, name)
 
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	user := object.GetUser(userId)
 	if user == nil {
 		c.ResponseError("User doesn't exist")
 		return
 	}
 
-	err = object.DisabledMultiFactorAuth(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
+	mfaProps := user.MultiFactorAuths[:0]
+	i := 0
+	for _, mfaProp := range mfaProps {
+		if mfaProp.Id != id {
+			mfaProps[i] = mfaProp
+			i++
+		}
 	}
-
-	c.ResponseOk(object.GetAllMfaProps(user, true))
+	user.MultiFactorAuths = mfaProps
+	object.UpdateUser(userId, user, []string{"multi_factor_auths"}, user.IsAdminUser())
+	c.ResponseOk(user.MultiFactorAuths)
 }
 
 // SetPreferredMfa
@@ -179,25 +165,30 @@ func (c *ApiController) DeleteMfa() {
 // @Success 200 {object}  Response object
 // @router /set-preferred-mfa [post]
 func (c *ApiController) SetPreferredMfa() {
-	mfaType := c.Ctx.Request.Form.Get("mfaType")
+	id := c.Ctx.Request.Form.Get("id")
 	owner := c.Ctx.Request.Form.Get("owner")
 	name := c.Ctx.Request.Form.Get("name")
 	userId := util.GetId(owner, name)
 
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	user := object.GetUser(userId)
 	if user == nil {
 		c.ResponseError("User doesn't exist")
 		return
 	}
 
-	err = object.SetPreferredMultiFactorAuth(user, mfaType)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
+	mfaProps := user.MultiFactorAuths
+	for i, mfaProp := range user.MultiFactorAuths {
+		if mfaProp.Id == id {
+			mfaProps[i].IsPreferred = true
+		} else {
+			mfaProps[i].IsPreferred = false
+		}
 	}
-	c.ResponseOk(object.GetAllMfaProps(user, true))
+
+	object.UpdateUser(userId, user, []string{"multi_factor_auths"}, user.IsAdminUser())
+
+	for i, mfaProp := range mfaProps {
+		mfaProps[i] = object.GetMaskedProps(mfaProp)
+	}
+	c.ResponseOk(mfaProps)
 }

controllers/model.go

@@ -37,30 +37,13 @@ func (c *ApiController) GetModels() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		models, err := object.GetModels(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(models)
+		c.Data["json"] = object.GetModels(owner)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetModelCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		models, err := object.GetPaginationModels(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetModelCount(owner, field, value)))
+		models := object.GetPaginationModels(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(models, paginator.Nums())
 	}
 }
@@ -75,13 +58,8 @@ func (c *ApiController) GetModels() {
 func (c *ApiController) GetModel() {
 	id := c.Input().Get("id")
 
-	model, err := object.GetModel(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(model)
+	c.Data["json"] = object.GetModel(id)
+	c.ServeJSON()
 }
 
 // UpdateModel

controllers/organization.go

@@ -37,50 +37,14 @@ func (c *ApiController) GetOrganizations() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-	organizationName := c.Input().Get("organizationName")
-
-	isGlobalAdmin := c.IsGlobalAdmin()
 	if limit == "" || page == "" {
-		var maskedOrganizations []*object.Organization
-		var err error
-
-		if isGlobalAdmin {
-			maskedOrganizations, err = object.GetMaskedOrganizations(object.GetOrganizations(owner))
-		} else {
-			maskedOrganizations, err = object.GetMaskedOrganizations(object.GetOrganizations(owner, c.getCurrentUser().Owner))
-		}
-
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(maskedOrganizations)
+		c.Data["json"] = object.GetMaskedOrganizations(object.GetOrganizations(owner))
+		c.ServeJSON()
 	} else {
-		if !isGlobalAdmin {
-			maskedOrganizations, err := object.GetMaskedOrganizations(object.GetOrganizations(owner, c.getCurrentUser().Owner))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-			c.ResponseOk(maskedOrganizations)
-		} else {
-			limit := util.ParseInt(limit)
-			count, err := object.GetOrganizationCount(owner, field, value)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			paginator := pagination.SetPaginator(c.Ctx, limit, count)
-			organizations, err := object.GetMaskedOrganizations(object.GetPaginationOrganizations(owner, organizationName, paginator.Offset(), limit, field, value, sortField, sortOrder))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
-			c.ResponseOk(organizations, paginator.Nums())
-		}
+		limit := util.ParseInt(limit)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetOrganizationCount(owner, field, value)))
+		organizations := object.GetMaskedOrganizations(object.GetPaginationOrganizations(owner, paginator.Offset(), limit, field, value, sortField, sortOrder))
+		c.ResponseOk(organizations, paginator.Nums())
 	}
 }
 
@@ -93,13 +57,9 @@ func (c *ApiController) GetOrganizations() {
 // @router /get-organization [get]
 func (c *ApiController) GetOrganization() {
 	id := c.Input().Get("id")
-	maskedOrganization, err := object.GetMaskedOrganization(object.GetOrganization(id))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
 
-	c.ResponseOk(maskedOrganization)
+	c.Data["json"] = object.GetMaskedOrganization(object.GetOrganization(id))
+	c.ServeJSON()
 }
 
 // UpdateOrganization ...
@@ -139,13 +99,8 @@ func (c *ApiController) AddOrganization() {
 		return
 	}
 
-	count, err := object.GetOrganizationCount("", "", "")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if err = checkQuotaForOrganization(int(count)); err != nil {
+	count := object.GetOrganizationCount("", "", "")
+	if err := checkQuotaForOrganization(count); err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
@@ -193,21 +148,3 @@ func (c *ApiController) GetDefaultApplication() {
 	maskedApplication := object.GetMaskedApplication(application, userId)
 	c.ResponseOk(maskedApplication)
 }
-
-// GetOrganizationNames ...
-// @Title GetOrganizationNames
-// @Tag Organization API
-// @Param   owner     query    string    true   "owner"
-// @Description get all organization name and displayName
-// @Success 200 {array} object.Organization The Response object
-// @router /get-organization-names [get]
-func (c *ApiController) GetOrganizationNames() {
-	owner := c.Input().Get("owner")
-	organizationNames, err := object.GetOrganizationsByFields(owner, []string{"name", "display_name"}...)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(organizationNames)
-}

controllers/payment.go

@@ -16,6 +16,7 @@ package controllers
 
 import (
 	"encoding/json"
+	"fmt"
 
 	"github.com/beego/beego/utils/pagination"
 	"github.com/casdoor/casdoor/object"
@@ -37,30 +38,13 @@ func (c *ApiController) GetPayments() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		payments, err := object.GetPayments(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(payments)
+		c.Data["json"] = object.GetPayments(owner)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetPaymentCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		payments, err := object.GetPaginationPayments(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetPaymentCount(owner, field, value)))
+		payments := object.GetPaginationPayments(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(payments, paginator.Nums())
 	}
 }
@@ -76,14 +60,10 @@ func (c *ApiController) GetPayments() {
 // @router /get-user-payments [get]
 func (c *ApiController) GetUserPayments() {
 	owner := c.Input().Get("owner")
+	organization := c.Input().Get("organization")
 	user := c.Input().Get("user")
 
-	payments, err := object.GetUserPayments(owner, user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	payments := object.GetUserPayments(owner, organization, user)
 	c.ResponseOk(payments)
 }
 
@@ -97,13 +77,8 @@ func (c *ApiController) GetUserPayments() {
 func (c *ApiController) GetPayment() {
 	id := c.Input().Get("id")
 
-	payment, err := object.GetPayment(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(payment)
+	c.Data["json"] = object.GetPayment(id)
+	c.ServeJSON()
 }
 
 // UpdatePayment
@@ -175,17 +150,22 @@ func (c *ApiController) DeletePayment() {
 // @router /notify-payment [post]
 func (c *ApiController) NotifyPayment() {
 	owner := c.Ctx.Input.Param(":owner")
+	providerName := c.Ctx.Input.Param(":provider")
+	productName := c.Ctx.Input.Param(":product")
 	paymentName := c.Ctx.Input.Param(":payment")
 
 	body := c.Ctx.Input.RequestBody
 
-	payment, err := object.NotifyPayment(body, owner, paymentName)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
+	ok := object.NotifyPayment(c.Ctx.Request, body, owner, providerName, productName, paymentName)
+	if ok {
+		_, err := c.Ctx.ResponseWriter.Write([]byte("success"))
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
+	} else {
+		panic(fmt.Errorf("NotifyPayment() failed: %v", ok))
 	}
-
-	c.ResponseOk(payment)
 }
 
 // InvoicePayment
@@ -198,12 +178,7 @@ func (c *ApiController) NotifyPayment() {
 func (c *ApiController) InvoicePayment() {
 	id := c.Input().Get("id")
 
-	payment, err := object.GetPayment(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	payment := object.GetPayment(id)
 	invoiceUrl, err := object.InvoicePayment(payment)
 	if err != nil {
 		c.ResponseError(err.Error())

controllers/permission.go

@@ -37,30 +37,13 @@ func (c *ApiController) GetPermissions() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		permissions, err := object.GetPermissions(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(permissions)
+		c.Data["json"] = object.GetPermissions(owner)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetPermissionCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		permissions, err := object.GetPaginationPermissions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetPermissionCount(owner, field, value)))
+		permissions := object.GetPaginationPermissions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(permissions, paginator.Nums())
 	}
 }
@@ -77,13 +60,9 @@ func (c *ApiController) GetPermissionsBySubmitter() {
 		return
 	}
 
-	permissions, err := object.GetPermissionsBySubmitter(user.Owner, user.Name)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	permissions := object.GetPermissionsBySubmitter(user.Owner, user.Name)
 	c.ResponseOk(permissions, len(permissions))
+	return
 }
 
 // GetPermissionsByRole
@@ -95,13 +74,9 @@ func (c *ApiController) GetPermissionsBySubmitter() {
 // @router /get-permissions-by-role [get]
 func (c *ApiController) GetPermissionsByRole() {
 	id := c.Input().Get("id")
-	permissions, err := object.GetPermissionsByRole(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	permissions := object.GetPermissionsByRole(id)
 	c.ResponseOk(permissions, len(permissions))
+	return
 }
 
 // GetPermission
@@ -114,13 +89,8 @@ func (c *ApiController) GetPermissionsByRole() {
 func (c *ApiController) GetPermission() {
 	id := c.Input().Get("id")
 
-	permission, err := object.GetPermission(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(permission)
+	c.Data["json"] = object.GetPermission(id)
+	c.ServeJSON()
 }
 
 // UpdatePermission

controllers/permission_upload.go

@@ -1,54 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-func (c *ApiController) UploadPermissions() {
-	userId := c.GetSessionUsername()
-	owner, user := util.GetOwnerAndNameFromId(userId)
-
-	file, header, err := c.Ctx.Request.FormFile("file")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
-	path := util.GetUploadXlsxPath(fileId)
-	defer os.Remove(path)
-	err = saveFile(path, &file)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.UploadPermissions(owner, path)
-	if err != nil {
-		c.ResponseError(err.Error())
-	}
-
-	if affected {
-		c.ResponseOk()
-	} else {
-		c.ResponseError(c.T("user_upload:Failed to import users"))
-	}
-}

controllers/plan.go

@@ -37,30 +37,13 @@ func (c *ApiController) GetPlans() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		plans, err := object.GetPlans(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(plans)
+		c.Data["json"] = object.GetPlans(owner)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetPlanCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		plan, err := object.GetPaginatedPlans(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetPlanCount(owner, field, value)))
+		plan := object.GetPaginatedPlans(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(plan, paginator.Nums())
 	}
 }
@@ -77,25 +60,20 @@ func (c *ApiController) GetPlan() {
 	id := c.Input().Get("id")
 	includeOption := c.Input().Get("includeOption") == "true"
 
-	plan, err := object.GetPlan(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	plan := object.GetPlan(id)
 
-	if plan != nil && includeOption {
-		options, err := object.GetPermissionsByRole(plan.Role)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+	if includeOption {
+		options := object.GetPermissionsByRole(plan.Role)
 
 		for _, option := range options {
 			plan.Options = append(plan.Options, option.DisplayName)
 		}
-	}
 
-	c.ResponseOk(plan)
+		c.Data["json"] = plan
+	} else {
+		c.Data["json"] = plan
+	}
+	c.ServeJSON()
 }
 
 // UpdatePlan
@@ -108,29 +86,14 @@ func (c *ApiController) GetPlan() {
 // @router /update-plan [post]
 func (c *ApiController) UpdatePlan() {
 	id := c.Input().Get("id")
-	owner := util.GetOwnerFromId(id)
+
 	var plan object.Plan
 	err := json.Unmarshal(c.Ctx.Input.RequestBody, &plan)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
-	if plan.Product != "" {
-		productId := util.GetId(owner, plan.Product)
-		product, err := object.GetProduct(productId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if product != nil {
-			object.UpdateProductForPlan(&plan, product)
-			_, err = object.UpdateProduct(productId, product)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-		}
-	}
+
 	c.Data["json"] = wrapActionResponse(object.UpdatePlan(id, &plan))
 	c.ServeJSON()
 }
@@ -149,14 +112,7 @@ func (c *ApiController) AddPlan() {
 		c.ResponseError(err.Error())
 		return
 	}
-	// Create a related product for plan
-	product := object.CreateProductForPlan(&plan)
-	_, err = object.AddProduct(product)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-	plan.Product = product.Name
+
 	c.Data["json"] = wrapActionResponse(object.AddPlan(&plan))
 	c.ServeJSON()
 }
@@ -175,13 +131,7 @@ func (c *ApiController) DeletePlan() {
 		c.ResponseError(err.Error())
 		return
 	}
-	if plan.Product != "" {
-		_, err = object.DeleteProduct(&object.Product{Owner: plan.Owner, Name: plan.Product})
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	}
+
 	c.Data["json"] = wrapActionResponse(object.DeletePlan(&plan))
 	c.ServeJSON()
 }

controllers/pricing.go

@@ -37,30 +37,13 @@ func (c *ApiController) GetPricings() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		pricings, err := object.GetPricings(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(pricings)
+		c.Data["json"] = object.GetPricings(owner)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetPricingCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		pricing, err := object.GetPaginatedPricings(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetPricingCount(owner, field, value)))
+		pricing := object.GetPaginatedPricings(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(pricing, paginator.Nums())
 	}
 }
@@ -70,18 +53,15 @@ func (c *ApiController) GetPricings() {
 // @Tag Pricing API
 // @Description get pricing
 // @Param   id     query    string  true        "The id ( owner/name ) of the pricing"
-// @Success 200 {object} object.Pricing The Response object
+// @Success 200 {object} object.pricing The Response object
 // @router /get-pricing [get]
 func (c *ApiController) GetPricing() {
 	id := c.Input().Get("id")
 
-	pricing, err := object.GetPricing(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	pricing := object.GetPricing(id)
 
-	c.ResponseOk(pricing)
+	c.Data["json"] = pricing
+	c.ServeJSON()
 }
 
 // UpdatePricing

controllers/product.go

@@ -38,30 +38,13 @@ func (c *ApiController) GetProducts() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		products, err := object.GetProducts(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(products)
+		c.Data["json"] = object.GetProducts(owner)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetProductCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		products, err := object.GetPaginationProducts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetProductCount(owner, field, value)))
+		products := object.GetPaginationProducts(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(products, paginator.Nums())
 	}
 }
@@ -76,19 +59,11 @@ func (c *ApiController) GetProducts() {
 func (c *ApiController) GetProduct() {
 	id := c.Input().Get("id")
 
-	product, err := object.GetProduct(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	product := object.GetProduct(id)
+	object.ExtendProductWithProviders(product)
 
-	err = object.ExtendProductWithProviders(product)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(product)
+	c.Data["json"] = product
+	c.ServeJSON()
 }
 
 // UpdateProduct
@@ -161,39 +136,26 @@ func (c *ApiController) DeleteProduct() {
 // @router /buy-product [post]
 func (c *ApiController) BuyProduct() {
 	id := c.Input().Get("id")
-	host := c.Ctx.Request.Host
 	providerName := c.Input().Get("providerName")
-	paymentEnv := c.Input().Get("paymentEnv")
+	host := c.Ctx.Request.Host
 
-	// buy `pricingName/planName` for `paidUserName`
-	pricingName := c.Input().Get("pricingName")
-	planName := c.Input().Get("planName")
-	paidUserName := c.Input().Get("userName")
-	owner, _ := util.GetOwnerAndNameFromId(id)
-	userId := util.GetId(owner, paidUserName)
-	if paidUserName == "" {
-		userId = c.GetSessionUsername()
-	}
+	userId := c.GetSessionUsername()
 	if userId == "" {
 		c.ResponseError(c.T("general:Please login first"))
 		return
 	}
 
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	user := object.GetUser(userId)
 	if user == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
 		return
 	}
 
-	payment, attachInfo, err := object.BuyProduct(id, user, providerName, pricingName, planName, host, paymentEnv)
+	payUrl, err := object.BuyProduct(id, providerName, user, host)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	c.ResponseOk(payment, attachInfo)
+	c.ResponseOk(payUrl)
 }

controllers/provider.go

@@ -44,29 +44,12 @@ func (c *ApiController) GetProviders() {
 	}
 
 	if limit == "" || page == "" {
-		providers, err := object.GetProviders(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(object.GetMaskedProviders(providers, isMaskEnabled))
+		c.Data["json"] = object.GetMaskedProviders(object.GetProviders(owner), isMaskEnabled)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetProviderCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		paginationProviders, err := object.GetPaginationProviders(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		providers := object.GetMaskedProviders(paginationProviders, isMaskEnabled)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetProviderCount(owner, field, value)))
+		providers := object.GetMaskedProviders(object.GetPaginationProviders(owner, paginator.Offset(), limit, field, value, sortField, sortOrder), isMaskEnabled)
 		c.ResponseOk(providers, paginator.Nums())
 	}
 }
@@ -91,29 +74,12 @@ func (c *ApiController) GetGlobalProviders() {
 	}
 
 	if limit == "" || page == "" {
-		globalProviders, err := object.GetGlobalProviders()
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(object.GetMaskedProviders(globalProviders, isMaskEnabled))
+		c.Data["json"] = object.GetMaskedProviders(object.GetGlobalProviders(), isMaskEnabled)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetGlobalProviderCount(field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		paginationGlobalProviders, err := object.GetPaginationGlobalProviders(paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		providers := object.GetMaskedProviders(paginationGlobalProviders, isMaskEnabled)
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetGlobalProviderCount(field, value)))
+		providers := object.GetMaskedProviders(object.GetPaginationGlobalProviders(paginator.Offset(), limit, field, value, sortField, sortOrder), isMaskEnabled)
 		c.ResponseOk(providers, paginator.Nums())
 	}
 }
@@ -132,13 +98,9 @@ func (c *ApiController) GetProvider() {
 	if !ok {
 		return
 	}
-	provider, err := object.GetProvider(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
 
-	c.ResponseOk(object.GetMaskedProvider(provider, isMaskEnabled))
+	c.Data["json"] = object.GetMaskedProvider(object.GetProvider(id), isMaskEnabled)
+	c.ServeJSON()
 }
 
 // UpdateProvider
@@ -178,13 +140,8 @@ func (c *ApiController) AddProvider() {
 		return
 	}
 
-	count, err := object.GetProviderCount("", "", "")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if err := checkQuotaForProvider(int(count)); err != nil {
+	count := object.GetProviderCount("", "", "")
+	if err := checkQuotaForProvider(count); err != nil {
 		c.ResponseError(err.Error())
 		return
 	}

controllers/record.go

@@ -0,0 +1,95 @@
+// Copyright 2021 The Casdoor Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package controllers
+
+import (
+	"encoding/json"
+
+	"github.com/beego/beego/utils/pagination"
+	"github.com/casdoor/casdoor/object"
+	"github.com/casdoor/casdoor/util"
+)
+
+// GetRecords
+// @Title GetRecords
+// @Tag Record API
+// @Description get all records
+// @Param   pageSize     query    string  true        "The size of each page"
+// @Param   p     query    string  true        "The number of the page"
+// @Success 200 {object} object.Record The Response object
+// @router /get-records [get]
+func (c *ApiController) GetRecords() {
+	organization, ok := c.RequireAdmin()
+	if !ok {
+		return
+	}
+
+	limit := c.Input().Get("pageSize")
+	page := c.Input().Get("p")
+	field := c.Input().Get("field")
+	value := c.Input().Get("value")
+	sortField := c.Input().Get("sortField")
+	sortOrder := c.Input().Get("sortOrder")
+	if limit == "" || page == "" {
+		c.Data["json"] = object.GetRecords()
+		c.ServeJSON()
+	} else {
+		limit := util.ParseInt(limit)
+		filterRecord := &object.Record{Organization: organization}
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetRecordCount(field, value, filterRecord)))
+		records := object.GetPaginationRecords(paginator.Offset(), limit, field, value, sortField, sortOrder, filterRecord)
+		c.ResponseOk(records, paginator.Nums())
+	}
+}
+
+// GetRecordsByFilter
+// @Tag Record API
+// @Title GetRecordsByFilter
+// @Description get records by filter
+// @Param   filter  body string     true  "filter Record message"
+// @Success 200 {object} object.Record The Response object
+// @router /get-records-filter [post]
+func (c *ApiController) GetRecordsByFilter() {
+	body := string(c.Ctx.Input.RequestBody)
+
+	record := &object.Record{}
+	err := util.JsonToStruct(body, record)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = object.GetRecordsByField(record)
+	c.ServeJSON()
+}
+
+// AddRecord
+// @Title AddRecord
+// @Tag Record API
+// @Description add a record
+// @Param   body    body   object.Record  true        "The details of the record"
+// @Success 200 {object} controllers.Response The Response object
+// @router /add-record [post]
+func (c *ApiController) AddRecord() {
+	var record object.Record
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &record)
+	if err != nil {
+		c.ResponseError(err.Error())
+		return
+	}
+
+	c.Data["json"] = wrapActionResponse(object.AddRecord(&record))
+	c.ServeJSON()
+}

controllers/resource.go

@@ -29,19 +29,9 @@ import (
 )
 
 // GetResources
+// @router /get-resources [get]
 // @Tag Resource API
 // @Title GetResources
-// @Description get resources
-// @Param		owner 		query 		string 				true 				"Owner"
-// @Param		user 		query 		string 				true 				"User"
-// @Param 		pageSize 	query 		integer 			false 				"Page Size"
-// @Param 		p 			query 		integer 				false 				"Page Number"
-// @Param 		field 		query 		string 				false 				"Field"
-// @Param 		value 		query 		string 				false 				"Value"
-// @Param 		sortField 	query 		string 				false 				"Sort Field"
-// @Param 		sortOrder 	query 		string 				false 				"Sort Order"
-// @Success		200 		{array} 	object.Resource 	The Response object
-// @router /get-resources [get]
 func (c *ApiController) GetResources() {
 	owner := c.Input().Get("owner")
 	user := c.Input().Get("user")
@@ -52,44 +42,21 @@ func (c *ApiController) GetResources() {
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 
-	if sortField == "Direct" {
-		provider, err := c.GetProviderFromContext("Storage")
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+	userObj, ok := c.RequireSignedInUser()
+	if !ok {
+		return
+	}
+	if userObj.IsAdmin {
+		user = ""
+	}
 
-		prefix := sortOrder
-		resources, err := object.GetDirectResources(owner, user, provider, prefix, c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(resources)
-	} else if limit == "" || page == "" {
-		resources, err := object.GetResources(owner, user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(resources)
+	if limit == "" || page == "" {
+		c.Data["json"] = object.GetResources(owner, user)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetResourceCount(owner, user, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		resources, err := object.GetPaginationResources(owner, user, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetResourceCount(owner, user, field, value)))
+		resources := object.GetPaginationResources(owner, user, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(resources, paginator.Nums())
 	}
 }
@@ -97,29 +64,17 @@ func (c *ApiController) GetResources() {
 // GetResource
 // @Tag Resource API
 // @Title GetResource
-// @Description get resource
-// @Param   	id			query   	string     			true        		"The id ( owner/name ) of resource"
-// @Success 	200			{object}	object.Resource		The Response object
 // @router /get-resource [get]
 func (c *ApiController) GetResource() {
 	id := c.Input().Get("id")
 
-	resource, err := object.GetResource(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(resource)
+	c.Data["json"] = object.GetResource(id)
+	c.ServeJSON()
 }
 
 // UpdateResource
 // @Tag Resource API
 // @Title UpdateResource
-// @Description get resource
-// @Param   	id     		query   	string  			true				"The id ( owner/name ) of resource"
-// @Param		resource	body		object.Resource		true				"The resource object"
-// @Success 	200			{object}	controllers.Response					Success or error
 // @router /update-resource [post]
 func (c *ApiController) UpdateResource() {
 	id := c.Input().Get("id")
@@ -138,8 +93,6 @@ func (c *ApiController) UpdateResource() {
 // AddResource
 // @Tag Resource API
 // @Title AddResource
-// @Param     	resource    body    	object.Resource  	true      			"Resource object"
-// @Success 	200			{object}	controllers.Response					Success or error
 // @router /add-resource [post]
 func (c *ApiController) AddResource() {
 	var resource object.Resource
@@ -156,8 +109,6 @@ func (c *ApiController) AddResource() {
 // DeleteResource
 // @Tag Resource API
 // @Title DeleteResource
-// @Param     	resource    body    	object.Resource  	true      			"Resource object"
-// @Success 	200			{object}	controllers.Response					Success or error
 // @router /delete-resource [post]
 func (c *ApiController) DeleteResource() {
 	var resource object.Resource
@@ -167,16 +118,10 @@ func (c *ApiController) DeleteResource() {
 		return
 	}
 
-	if resource.Provider != "" {
-		c.Input().Set("provider", resource.Provider)
-	}
-	c.Input().Set("fullFilePath", resource.Name)
-	provider, err := c.GetProviderFromContext("Storage")
-	if err != nil {
-		c.ResponseError(err.Error())
+	provider, _, ok := c.GetProviderFromContext("Storage")
+	if !ok {
 		return
 	}
-	_, resource.Name = refineFullFilePath(resource.Name)
 
 	err = object.DeleteFile(provider, resource.Name, c.GetAcceptLanguage())
 	if err != nil {
@@ -191,16 +136,6 @@ func (c *ApiController) DeleteResource() {
 // UploadResource
 // @Tag Resource API
 // @Title UploadResource
-// @Param     owner           query   	string    			true      			"Owner"
-// @Param     user            query   	string    			true      			"User"
-// @Param     application     query   	string    			true     			"Application"
-// @Param     tag             query   	string    			false     			"Tag"
-// @Param     parent          query   	string    			false     			"Parent"
-// @Param     fullFilePath    query   	string    			true     			"Full File Path"
-// @Param     createdTime     query   	string    			false     			"Created Time"
-// @Param     description     query   	string    			false     			"Description"
-// @Param     file            formData 	file      			true      			"Resource file"
-// @Success   200             {object}  object.Resource  	FileUrl, objectKey
 // @router /upload-resource [post]
 func (c *ApiController) UploadResource() {
 	owner := c.Input().Get("owner")
@@ -231,33 +166,28 @@ func (c *ApiController) UploadResource() {
 		return
 	}
 
-	provider, err := c.GetProviderFromContext("Storage")
-	if err != nil {
-		c.ResponseError(err.Error())
+	provider, _, ok := c.GetProviderFromContext("Storage")
+	if !ok {
 		return
 	}
-	_, fullFilePath = refineFullFilePath(fullFilePath)
 
 	fileType := "unknown"
 	contentType := header.Header.Get("Content-Type")
-	fileType, _ = util.GetOwnerAndNameFromIdNoCheck(contentType + "/")
+	fileType, _ = util.GetOwnerAndNameFromId(contentType)
 
 	if fileType != "image" && fileType != "video" {
 		ext := filepath.Ext(filename)
 		mimeType := mime.TypeByExtension(ext)
-		fileType, _ = util.GetOwnerAndNameFromIdNoCheck(mimeType + "/")
+		fileType, _ = util.GetOwnerAndNameFromId(mimeType)
 	}
 
 	fullFilePath = object.GetTruncatedPath(provider, fullFilePath, 175)
-	if tag != "avatar" && tag != "termsOfUse" && !strings.HasPrefix(tag, "idCard") {
+	if tag != "avatar" && tag != "termsOfUse" {
 		ext := filepath.Ext(filepath.Base(fullFilePath))
 		index := len(fullFilePath) - len(ext)
 		for i := 1; ; i++ {
 			_, objectKey := object.GetUploadFileUrl(provider, fullFilePath, true)
-			if count, err := object.GetResourceCount(owner, username, "name", objectKey); err != nil {
-				c.ResponseError(err.Error())
-				return
-			} else if count == 0 {
+			if object.GetResourceCount(owner, username, "name", objectKey) == 0 {
 				break
 			}
 
@@ -272,11 +202,6 @@ func (c *ApiController) UploadResource() {
 		return
 	}
 
-	if username == "Built-in-Untracked" {
-		c.ResponseOk(fileUrl, objectKey)
-		return
-	}
-
 	if createdTime == "" {
 		createdTime = util.GetCurrentTime()
 	}
@@ -298,39 +223,20 @@ func (c *ApiController) UploadResource() {
 		Url:         fileUrl,
 		Description: description,
 	}
-	_, err = object.AddOrUpdateResource(resource)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.AddOrUpdateResource(resource)
 
 	switch tag {
 	case "avatar":
-		user, err := object.GetUserNoCheck(util.GetId(owner, username))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		user := object.GetUserNoCheck(util.GetId(owner, username))
 		if user == nil {
 			c.ResponseError(c.T("resource:User is nil for tag: avatar"))
 			return
 		}
 
 		user.Avatar = fileUrl
-		_, err = object.UpdateUser(user.GetId(), user, []string{"avatar"}, false)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		object.UpdateUser(user.GetId(), user, []string{"avatar"}, false)
 	case "termsOfUse":
-		user, err := object.GetUserNoCheck(util.GetId(owner, username))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		user := object.GetUserNoCheck(util.GetId(owner, username))
 		if user == nil {
 			c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(owner, username)))
 			return
@@ -341,41 +247,10 @@ func (c *ApiController) UploadResource() {
 			return
 		}
 
-		_, applicationId := util.GetOwnerAndNameFromIdNoCheck(strings.TrimSuffix(fullFilePath, ".html"))
-		applicationObj, err := object.GetApplication(applicationId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		_, applicationId := util.GetOwnerAndNameFromIdNoCheck(strings.TrimRight(fullFilePath, ".html"))
+		applicationObj := object.GetApplication(applicationId)
 		applicationObj.TermsOfUse = fileUrl
-		_, err = object.UpdateApplication(applicationId, applicationObj)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-	case "idCardFront", "idCardBack", "idCardWithPerson":
-		user, err := object.GetUserNoCheck(util.GetId(owner, username))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		if user == nil {
-			c.ResponseError(c.T("resource:User is nil for tag: avatar"))
-			return
-		}
-
-		if user.Properties == nil {
-			user.Properties = map[string]string{}
-		}
-		user.Properties[tag] = fileUrl
-		user.Properties["isIdCardVerified"] = "false"
-		_, err = object.UpdateUser(user.GetId(), user, []string{"properties"}, false)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		object.UpdateApplication(applicationId, applicationObj)
 	}
 
 	c.ResponseOk(fileUrl, objectKey)

controllers/role.go

@@ -37,30 +37,13 @@ func (c *ApiController) GetRoles() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		roles, err := object.GetRoles(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(roles)
+		c.Data["json"] = object.GetRoles(owner)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetRoleCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		roles, err := object.GetPaginationRoles(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetRoleCount(owner, field, value)))
+		roles := object.GetPaginationRoles(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(roles, paginator.Nums())
 	}
 }
@@ -75,13 +58,8 @@ func (c *ApiController) GetRoles() {
 func (c *ApiController) GetRole() {
 	id := c.Input().Get("id")
 
-	role, err := object.GetRole(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(role)
+	c.Data["json"] = object.GetRole(id)
+	c.ServeJSON()
 }
 
 // UpdateRole

controllers/role_upload.go

@@ -1,54 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package controllers
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/casdoor/casdoor/object"
-	"github.com/casdoor/casdoor/util"
-)
-
-func (c *ApiController) UploadRoles() {
-	userId := c.GetSessionUsername()
-	owner, user := util.GetOwnerAndNameFromId(userId)
-
-	file, header, err := c.Ctx.Request.FormFile("file")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
-	path := util.GetUploadXlsxPath(fileId)
-	defer os.Remove(path)
-	err = saveFile(path, &file)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	affected, err := object.UploadRoles(owner, path)
-	if err != nil {
-		c.ResponseError(err.Error())
-	}
-
-	if affected {
-		c.ResponseOk()
-	} else {
-		c.ResponseError(c.T("user_upload:Failed to import users"))
-	}
-}

controllers/saml.go

@@ -23,23 +23,12 @@ import (
 func (c *ApiController) GetSamlMeta() {
 	host := c.Ctx.Request.Host
 	paramApp := c.Input().Get("application")
-	application, err := object.GetApplication(paramApp)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	application := object.GetApplication(paramApp)
 	if application == nil {
 		c.ResponseError(fmt.Sprintf(c.T("saml:Application %s not found"), paramApp))
 		return
 	}
-
-	metadata, err := object.GetSamlMeta(application, host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	metadata, _ := object.GetSamlMeta(application, host)
 	c.Data["xml"] = metadata
 	c.ServeXML()
 }

controllers/service.go

@@ -40,10 +40,6 @@ type SmsForm struct {
 	OrgId     string   `json:"organizationId"` // e.g. "admin/built-in"
 }
 
-type NotificationForm struct {
-	Content string `json:"content"`
-}
-
 // SendEmail
 // @Title SendEmail
 // @Tag Service API
@@ -65,17 +61,12 @@ func (c *ApiController) SendEmail() {
 	var provider *object.Provider
 	if emailForm.Provider != "" {
 		// called by frontend's TestEmailWidget, provider name is set by frontend
-		provider, err = object.GetProvider(util.GetId("admin", emailForm.Provider))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		provider = object.GetProvider(util.GetId("admin", emailForm.Provider))
 	} else {
 		// called by Casdoor SDK via Client ID & Client Secret, so the used Email provider will be the application' Email provider or the default Email provider
-		provider, err = c.GetProviderFromContext("Email")
-		if err != nil {
-			c.ResponseError(err.Error())
+		var ok bool
+		provider, _, ok = c.GetProviderFromContext("Email")
+		if !ok {
 			return
 		}
 	}
@@ -131,25 +122,22 @@ func (c *ApiController) SendEmail() {
 // @Success 200 {object}  Response object
 // @router /api/send-sms [post]
 func (c *ApiController) SendSms() {
-	provider, err := c.GetProviderFromContext("SMS")
-	if err != nil {
-		c.ResponseError(err.Error())
+	provider, _, ok := c.GetProviderFromContext("SMS")
+	if !ok {
 		return
 	}
 
 	var smsForm SmsForm
-	err = json.Unmarshal(c.Ctx.Input.RequestBody, &smsForm)
+	err := json.Unmarshal(c.Ctx.Input.RequestBody, &smsForm)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	if provider.Type != "Custom HTTP SMS" {
-		invalidReceivers := getInvalidSmsReceivers(smsForm)
-		if len(invalidReceivers) != 0 {
-			c.ResponseError(fmt.Sprintf(c.T("service:Invalid phone receivers: %s"), strings.Join(invalidReceivers, ", ")))
-			return
-		}
+	invalidReceivers := getInvalidSmsReceivers(smsForm)
+	if len(invalidReceivers) != 0 {
+		c.ResponseError(fmt.Sprintf(c.T("service:Invalid phone receivers: %s"), strings.Join(invalidReceivers, ", ")))
+		return
 	}
 
 	err = object.SendSms(provider, smsForm.Content, smsForm.Receivers...)
@@ -160,33 +148,3 @@ func (c *ApiController) SendSms() {
 
 	c.ResponseOk()
 }
-
-// SendNotification
-// @Title SendNotification
-// @Tag Service API
-// @Description This API is not for Casdoor frontend to call, it is for Casdoor SDKs.
-// @Param   from    body   controllers.NotificationForm    true         "Details of the notification request"
-// @Success 200 {object}  Response object
-// @router /api/send-notification [post]
-func (c *ApiController) SendNotification() {
-	provider, err := c.GetProviderFromContext("Notification")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	var notificationForm NotificationForm
-	err = json.Unmarshal(c.Ctx.Input.RequestBody, &notificationForm)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	err = object.SendNotification(provider, notificationForm.Content)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk()
-}

controllers/session.go

@@ -37,29 +37,13 @@ func (c *ApiController) GetSessions() {
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	owner := c.Input().Get("owner")
-
 	if limit == "" || page == "" {
-		sessions, err := object.GetSessions(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(sessions)
+		c.Data["json"] = object.GetSessions(owner)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetSessionCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		sessions, err := object.GetPaginationSessions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetSessionCount(owner, field, value)))
+		sessions := object.GetPaginationSessions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(sessions, paginator.Nums())
 	}
 }
@@ -74,13 +58,8 @@ func (c *ApiController) GetSessions() {
 func (c *ApiController) GetSingleSession() {
 	id := c.Input().Get("sessionPkId")
 
-	session, err := object.GetSingleSession(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(session)
+	c.Data["json"] = object.GetSingleSession(id)
+	c.ServeJSON()
 }
 
 // UpdateSession
@@ -153,11 +132,8 @@ func (c *ApiController) IsSessionDuplicated() {
 	id := c.Input().Get("sessionPkId")
 	sessionId := c.Input().Get("sessionId")
 
-	isUserSessionDuplicated, err := object.IsSessionDuplicated(id, sessionId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	isUserSessionDuplicated := object.IsSessionDuplicated(id, sessionId)
+	c.Data["json"] = &Response{Status: "ok", Msg: "", Data: isUserSessionDuplicated}
 
-	c.ResponseOk(isUserSessionDuplicated)
+	c.ServeJSON()
 }

controllers/subscription.go

@@ -37,30 +37,13 @@ func (c *ApiController) GetSubscriptions() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		subscriptions, err := object.GetSubscriptions(owner)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(subscriptions)
+		c.Data["json"] = object.GetSubscriptions(owner)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetSubscriptionCount(owner, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		subscription, err := object.GetPaginationSubscriptions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetSubscriptionCount(owner, field, value)))
+		subscription := object.GetPaginationSubscriptions(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(subscription, paginator.Nums())
 	}
 }
@@ -70,18 +53,15 @@ func (c *ApiController) GetSubscriptions() {
 // @Tag Subscription API
 // @Description get subscription
 // @Param   id     query    string  true        "The id ( owner/name ) of the subscription"
-// @Success 200 {object} object.Subscription The Response object
+// @Success 200 {object} object.subscription The Response object
 // @router /get-subscription [get]
 func (c *ApiController) GetSubscription() {
 	id := c.Input().Get("id")
 
-	subscription, err := object.GetSubscription(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	subscription := object.GetSubscription(id)
 
-	c.ResponseOk(subscription)
+	c.Data["json"] = subscription
+	c.ServeJSON()
 }
 
 // UpdateSubscription

controllers/syncer.go

@@ -38,30 +38,13 @@ func (c *ApiController) GetSyncers() {
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	organization := c.Input().Get("organization")
-
 	if limit == "" || page == "" {
-		organizationSyncers, err := object.GetOrganizationSyncers(owner, organization)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(organizationSyncers)
+		c.Data["json"] = object.GetOrganizationSyncers(owner, organization)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetSyncerCount(owner, organization, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		syncers, err := object.GetPaginationSyncers(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetSyncerCount(owner, organization, field, value)))
+		syncers := object.GetPaginationSyncers(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(syncers, paginator.Nums())
 	}
 }
@@ -76,13 +59,8 @@ func (c *ApiController) GetSyncers() {
 func (c *ApiController) GetSyncer() {
 	id := c.Input().Get("id")
 
-	syncer, err := object.GetSyncer(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(syncer)
+	c.Data["json"] = object.GetSyncer(id)
+	c.ServeJSON()
 }
 
 // UpdateSyncer
@@ -154,17 +132,9 @@ func (c *ApiController) DeleteSyncer() {
 // @router /run-syncer [get]
 func (c *ApiController) RunSyncer() {
 	id := c.Input().Get("id")
-	syncer, err := object.GetSyncer(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	syncer := object.GetSyncer(id)
 
-	err = object.RunSyncer(syncer)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.RunSyncer(syncer)
 
 	c.ResponseOk()
 }

controllers/system_info.go

@@ -47,16 +47,16 @@ func (c *ApiController) GetSystemInfo() {
 // @router /get-version-info [get]
 func (c *ApiController) GetVersionInfo() {
 	versionInfo, err := util.GetVersionInfo()
-	if versionInfo.Version != "" {
-		c.ResponseOk(versionInfo)
-		return
+
+	if versionInfo.Version == "" {
+		versionInfo, err = util.GetVersionInfoFromFile()
+
+		if err != nil {
+			c.ResponseError(err.Error())
+			return
+		}
 	}
 
-	versionInfo, err = util.GetVersionInfoFromFile()
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
 	c.ResponseOk(versionInfo)
 }
 

controllers/token.go

@@ -41,28 +41,12 @@ func (c *ApiController) GetTokens() {
 	sortOrder := c.Input().Get("sortOrder")
 	organization := c.Input().Get("organization")
 	if limit == "" || page == "" {
-		token, err := object.GetTokens(owner, organization)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(token)
+		c.Data["json"] = object.GetTokens(owner, organization)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetTokenCount(owner, organization, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		tokens, err := object.GetPaginationTokens(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetTokenCount(owner, organization, field, value)))
+		tokens := object.GetPaginationTokens(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(tokens, paginator.Nums())
 	}
 }
@@ -76,13 +60,9 @@ func (c *ApiController) GetTokens() {
 // @router /get-token [get]
 func (c *ApiController) GetToken() {
 	id := c.Input().Get("id")
-	token, err := object.GetToken(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
 
-	c.ResponseOk(token)
+	c.Data["json"] = object.GetToken(id)
+	c.ServeJSON()
 }
 
 // UpdateToken
@@ -156,11 +136,12 @@ func (c *ApiController) DeleteToken() {
 // @Success 200 {object} object.TokenWrapper The Response object
 // @Success 400 {object} object.TokenError The Response object
 // @Success 401 {object} object.TokenError The Response object
-// @router api/login/oauth/access_token [post]
+// @router /login/oauth/access_token [post]
 func (c *ApiController) GetOAuthToken() {
+	grantType := c.Input().Get("grant_type")
+	refreshToken := c.Input().Get("refresh_token")
 	clientId := c.Input().Get("client_id")
 	clientSecret := c.Input().Get("client_secret")
-	grantType := c.Input().Get("grant_type")
 	code := c.Input().Get("code")
 	verifier := c.Input().Get("code_verifier")
 	scope := c.Input().Get("scope")
@@ -168,61 +149,30 @@ func (c *ApiController) GetOAuthToken() {
 	password := c.Input().Get("password")
 	tag := c.Input().Get("tag")
 	avatar := c.Input().Get("avatar")
-	refreshToken := c.Input().Get("refresh_token")
 
 	if clientId == "" && clientSecret == "" {
 		clientId, clientSecret, _ = c.Ctx.Request.BasicAuth()
 	}
-
-	if len(c.Ctx.Input.RequestBody) != 0 {
-		// If clientId is empty, try to read data from RequestBody
+	if clientId == "" {
+		// If clientID is empty, try to read data from RequestBody
 		var tokenRequest TokenRequest
-		err := json.Unmarshal(c.Ctx.Input.RequestBody, &tokenRequest)
-		if err == nil {
-			if clientId == "" {
-				clientId = tokenRequest.ClientId
-			}
-			if clientSecret == "" {
-				clientSecret = tokenRequest.ClientSecret
-			}
-			if grantType == "" {
-				grantType = tokenRequest.GrantType
-			}
-			if code == "" {
-				code = tokenRequest.Code
-			}
-			if verifier == "" {
-				verifier = tokenRequest.Verifier
-			}
-			if scope == "" {
-				scope = tokenRequest.Scope
-			}
-			if username == "" {
-				username = tokenRequest.Username
-			}
-			if password == "" {
-				password = tokenRequest.Password
-			}
-			if tag == "" {
-				tag = tokenRequest.Tag
-			}
-			if avatar == "" {
-				avatar = tokenRequest.Avatar
-			}
-			if refreshToken == "" {
-				refreshToken = tokenRequest.RefreshToken
-			}
+		if err := json.Unmarshal(c.Ctx.Input.RequestBody, &tokenRequest); err == nil {
+			clientId = tokenRequest.ClientId
+			clientSecret = tokenRequest.ClientSecret
+			grantType = tokenRequest.GrantType
+			refreshToken = tokenRequest.RefreshToken
+			code = tokenRequest.Code
+			verifier = tokenRequest.Verifier
+			scope = tokenRequest.Scope
+			username = tokenRequest.Username
+			password = tokenRequest.Password
+			tag = tokenRequest.Tag
+			avatar = tokenRequest.Avatar
 		}
 	}
-
 	host := c.Ctx.Request.Host
-	token, err := object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, username, password, host, refreshToken, tag, avatar, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
 
-	c.Data["json"] = token
+	c.Data["json"] = object.GetOAuthToken(grantType, clientId, clientSecret, code, verifier, scope, username, password, host, refreshToken, tag, avatar, c.GetAcceptLanguage())
 	c.SetTokenErrorHttpStatus()
 	c.ServeJSON()
 }
@@ -260,13 +210,7 @@ func (c *ApiController) RefreshToken() {
 		}
 	}
 
-	refreshToken2, err := object.RefreshToken(grantType, refreshToken, scope, clientId, clientSecret, host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.Data["json"] = refreshToken2
+	c.Data["json"] = object.RefreshToken(grantType, refreshToken, scope, clientId, clientSecret, host)
 	c.SetTokenErrorHttpStatus()
 	c.ServeJSON()
 }
@@ -301,12 +245,7 @@ func (c *ApiController) IntrospectToken() {
 			return
 		}
 	}
-	application, err := object.GetApplicationByClientId(clientId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	application := object.GetApplicationByClientId(clientId)
 	if application == nil || application.ClientSecret != clientSecret {
 		c.ResponseError(c.T("token:Invalid application or wrong clientSecret"))
 		c.Data["json"] = &object.TokenError{
@@ -315,12 +254,7 @@ func (c *ApiController) IntrospectToken() {
 		c.SetTokenErrorHttpStatus()
 		return
 	}
-	token, err := object.GetTokenByTokenAndApplication(tokenValue, application.Name)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	token := object.GetTokenByTokenAndApplication(tokenValue, application.Name)
 	if token == nil {
 		c.Data["json"] = &object.IntrospectionResponse{Active: false}
 		c.ServeJSON()
@@ -348,7 +282,7 @@ func (c *ApiController) IntrospectToken() {
 		Sub:       jwtToken.Subject,
 		Aud:       jwtToken.Audience,
 		Iss:       jwtToken.Issuer,
-		Jti:       jwtToken.ID,
+		Jti:       jwtToken.Id,
 	}
 	c.ServeJSON()
 }

controllers/types.go

@@ -15,10 +15,10 @@
 package controllers
 
 type TokenRequest struct {
-	ClientId     string `json:"client_id"`
-	ClientSecret string `json:"client_secret"`
 	GrantType    string `json:"grant_type"`
 	Code         string `json:"code"`
+	ClientId     string `json:"client_id"`
+	ClientSecret string `json:"client_secret"`
 	Verifier     string `json:"code_verifier"`
 	Scope        string `json:"scope"`
 	Username     string `json:"username"`

controllers/user.go

@@ -37,36 +37,14 @@ func (c *ApiController) GetGlobalUsers() {
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		maskedUsers, err := object.GetMaskedUsers(object.GetGlobalUsers())
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(maskedUsers)
+		c.Data["json"] = object.GetMaskedUsers(object.GetGlobalUsers())
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetGlobalUserCount(field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		users, err := object.GetPaginationGlobalUsers(paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		users, err = object.GetMaskedUsers(users)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetGlobalUserCount(field, value)))
+		users := object.GetPaginationGlobalUsers(paginator.Offset(), limit, field, value, sortField, sortOrder)
+		users = object.GetMaskedUsers(users)
 		c.ResponseOk(users, paginator.Nums())
 	}
 }
@@ -80,53 +58,20 @@ func (c *ApiController) GetGlobalUsers() {
 // @router /get-users [get]
 func (c *ApiController) GetUsers() {
 	owner := c.Input().Get("owner")
-	groupName := c.Input().Get("groupName")
 	limit := c.Input().Get("pageSize")
 	page := c.Input().Get("p")
 	field := c.Input().Get("field")
 	value := c.Input().Get("value")
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
-
 	if limit == "" || page == "" {
-		if groupName != "" {
-			maskedUsers, err := object.GetMaskedUsers(object.GetGroupUsers(util.GetId(owner, groupName)))
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-			c.ResponseOk(maskedUsers)
-			return
-		}
-
-		maskedUsers, err := object.GetMaskedUsers(object.GetUsers(owner))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(maskedUsers)
+		c.Data["json"] = object.GetMaskedUsers(object.GetUsers(owner))
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetUserCount(owner, field, value, groupName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-		users, err := object.GetPaginationUsers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder, groupName)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		users, err = object.GetMaskedUsers(users)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetUserCount(owner, field, value)))
+		users := object.GetPaginationUsers(owner, paginator.Offset(), limit, field, value, sortField, sortOrder)
+		users = object.GetMaskedUsers(users)
 		c.ResponseOk(users, paginator.Nums())
 	}
 }
@@ -148,88 +93,43 @@ func (c *ApiController) GetUser() {
 	phone := c.Input().Get("phone")
 	userId := c.Input().Get("userId")
 	owner := c.Input().Get("owner")
-	var err error
+
 	var userFromUserId *object.User
 	if userId != "" && owner != "" {
-		userFromUserId, err = object.GetUserByUserId(owner, userId)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		userFromUserId = object.GetUserByUserId(owner, userId)
 		id = util.GetId(userFromUserId.Owner, userFromUserId.Name)
 	}
 
-	var user *object.User
-	if id == "" && owner == "" {
-		switch {
-		case email != "":
-			user, err = object.GetUserByEmailOnly(email)
-		case phone != "":
-			user, err = object.GetUserByPhoneOnly(phone)
-		case userId != "":
-			user, err = object.GetUserByUserIdOnly(userId)
-		}
-	} else {
-		if owner == "" {
-			owner = util.GetOwnerFromId(id)
-		}
+	if owner == "" {
+		owner = util.GetOwnerFromId(id)
+	}
 
-		var organization *object.Organization
-		organization, err = object.GetOrganization(util.GetId("admin", owner))
-		if err != nil {
+	organization := object.GetOrganization(util.GetId("admin", owner))
+	if !organization.IsProfilePublic {
+		requestUserId := c.GetSessionUsername()
+		hasPermission, err := object.CheckUserPermission(requestUserId, id, false, c.GetAcceptLanguage())
+		if !hasPermission {
 			c.ResponseError(err.Error())
 			return
 		}
-		if organization == nil {
-			c.ResponseError(fmt.Sprintf("the organization: %s is not found", owner))
-			return
-		}
-
-		if !organization.IsProfilePublic {
-			requestUserId := c.GetSessionUsername()
-			hasPermission, err := object.CheckUserPermission(requestUserId, id, false, c.GetAcceptLanguage())
-			if !hasPermission {
-				c.ResponseError(err.Error())
-				return
-			}
-		}
-
-		switch {
-		case email != "":
-			user, err = object.GetUserByEmail(owner, email)
-		case phone != "":
-			user, err = object.GetUserByPhone(owner, phone)
-		case userId != "":
-			user = userFromUserId
-		default:
-			user, err = object.GetUser(id)
-		}
 	}
 
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
+	var user *object.User
+	switch {
+	case email != "":
+		user = object.GetUserByEmail(owner, email)
+	case phone != "":
+		user = object.GetUserByPhone(owner, phone)
+	case userId != "":
+		user = userFromUserId
+	default:
+		user = object.GetUser(id)
 	}
 
-	if user != nil {
-		user.MultiFactorAuths = object.GetAllMfaProps(user, true)
-	}
+	object.ExtendUserWithRolesAndPermissions(user)
 
-	err = object.ExtendUserWithRolesAndPermissions(user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	isAdminOrSelf := c.IsAdminOrSelf(user)
-	maskedUser, err := object.GetMaskedUser(user, isAdminOrSelf)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(maskedUser)
+	c.Data["json"] = object.GetMaskedUser(user)
+	c.ServeJSON()
 }
 
 // UpdateUser
@@ -258,12 +158,7 @@ func (c *ApiController) UpdateUser() {
 			return
 		}
 	}
-	oldUser, err := object.GetUser(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	oldUser := object.GetUser(id)
 	if oldUser == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), id))
 		return
@@ -274,13 +169,6 @@ func (c *ApiController) UpdateUser() {
 		return
 	}
 
-	if c.Input().Get("allowEmpty") == "" {
-		if user.DisplayName == "" {
-			c.ResponseError(c.T("user:Display name cannot be empty"))
-			return
-		}
-	}
-
 	if msg := object.CheckUpdateUser(oldUser, &user, c.GetAcceptLanguage()); msg != "" {
 		c.ResponseError(msg)
 		return
@@ -297,18 +185,9 @@ func (c *ApiController) UpdateUser() {
 		columns = strings.Split(columnsStr, ",")
 	}
 
-	affected, err := object.UpdateUser(id, &user, columns, isAdmin)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	affected := object.UpdateUser(id, &user, columns, isAdmin)
 	if affected {
-		err = object.UpdateUserToOriginalDatabase(&user)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		object.UpdateUserToOriginalDatabase(&user)
 	}
 
 	c.Data["json"] = wrapActionResponse(affected)
@@ -330,13 +209,8 @@ func (c *ApiController) AddUser() {
 		return
 	}
 
-	count, err := object.GetUserCount("", "", "", "")
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	if err := checkQuotaForUser(int(count)); err != nil {
+	count := object.GetUserCount("", "", "")
+	if err := checkQuotaForUser(count); err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
@@ -387,12 +261,7 @@ func (c *ApiController) GetEmailAndPhone() {
 	organization := c.Ctx.Request.Form.Get("organization")
 	username := c.Ctx.Request.Form.Get("username")
 
-	user, err := object.GetUserByFields(organization, username)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	user := object.GetUserByFields(organization, username)
 	if user == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(organization, username)))
 		return
@@ -442,12 +311,15 @@ func (c *ApiController) SetPassword() {
 		c.ResponseError(c.T("user:New password cannot contain blank space."))
 		return
 	}
+	if len(newPassword) <= 5 {
+		c.ResponseError(c.T("user:New password must have at least 6 characters"))
+		return
+	}
 
 	userId := util.GetId(userOwner, userName)
 
 	requestUserId := c.GetSessionUsername()
 	if requestUserId == "" && code == "" {
-		c.ResponseError(c.T("general:Please login first"), "Please login first")
 		return
 	} else if code == "" {
 		hasPermission, err := object.CheckUserPermission(requestUserId, userId, true, c.GetAcceptLanguage())
@@ -457,52 +329,24 @@ func (c *ApiController) SetPassword() {
 		}
 	} else {
 		if code != c.GetSession("verifiedCode") {
-			c.ResponseError(c.T("general:Missing parameter"))
+			c.ResponseError("")
 			return
 		}
 		c.SetSession("verifiedCode", "")
 	}
 
-	targetUser, err := object.GetUser(userId)
-	if targetUser == nil {
-		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
-		return
-	}
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	targetUser := object.GetUser(userId)
 
-	isAdmin := c.IsAdmin()
-	if isAdmin {
-		if oldPassword != "" {
-			err = object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-		}
-	} else if code == "" {
-		err = object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
-		if err != nil {
-			c.ResponseError(err.Error())
+	if oldPassword != "" {
+		msg := object.CheckPassword(targetUser, oldPassword, c.GetAcceptLanguage())
+		if msg != "" {
+			c.ResponseError(msg)
 			return
 		}
 	}
 
-	msg := object.CheckPasswordComplexity(targetUser, newPassword)
-	if msg != "" {
-		c.ResponseError(msg)
-		return
-	}
-
 	targetUser.Password = newPassword
-	_, err = object.SetUserField(targetUser, "password", targetUser.Password)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	object.SetUserField(targetUser, "password", targetUser.Password)
 	c.ResponseOk()
 }
 
@@ -518,11 +362,11 @@ func (c *ApiController) CheckUserPassword() {
 		return
 	}
 
-	_, err = object.CheckUserPassword(user.Owner, user.Name, user.Password, c.GetAcceptLanguage())
-	if err != nil {
-		c.ResponseError(err.Error())
-	} else {
+	_, msg := object.CheckUserPassword(user.Owner, user.Name, user.Password, c.GetAcceptLanguage())
+	if msg == "" {
 		c.ResponseOk()
+	} else {
+		c.ResponseError(msg)
 	}
 }
 
@@ -540,13 +384,8 @@ func (c *ApiController) GetSortedUsers() {
 	sorter := c.Input().Get("sorter")
 	limit := util.ParseInt(c.Input().Get("limit"))
 
-	maskedUsers, err := object.GetMaskedUsers(object.GetSortedUsers(owner, sorter, limit))
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(maskedUsers)
+	c.Data["json"] = object.GetMaskedUsers(object.GetSortedUsers(owner, sorter, limit))
+	c.ServeJSON()
 }
 
 // GetUserCount
@@ -561,64 +400,13 @@ func (c *ApiController) GetUserCount() {
 	owner := c.Input().Get("owner")
 	isOnline := c.Input().Get("isOnline")
 
-	var count int64
-	var err error
+	count := 0
 	if isOnline == "" {
-		count, err = object.GetUserCount(owner, "", "", "")
+		count = object.GetUserCount(owner, "", "")
 	} else {
-		count, err = object.GetOnlineUserCount(owner, util.ParseInt(isOnline))
-	}
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
+		count = object.GetOnlineUserCount(owner, util.ParseInt(isOnline))
 	}
 
-	c.ResponseOk(count)
-}
-
-// AddUserKeys
-// @Title AddUserKeys
-// @router /add-user-keys [post]
-// @Tag User API
-func (c *ApiController) AddUserKeys() {
-	var user object.User
-	err := json.Unmarshal(c.Ctx.Input.RequestBody, &user)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	isAdmin := c.IsAdmin()
-	affected, err := object.AddUserKeys(&user, isAdmin)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(affected)
-}
-
-func (c *ApiController) RemoveUserFromGroup() {
-	owner := c.Ctx.Request.Form.Get("owner")
-	name := c.Ctx.Request.Form.Get("name")
-	groupName := c.Ctx.Request.Form.Get("groupName")
-
-	organization, err := object.GetOrganization(util.GetId("admin", owner))
-	if err != nil {
-		return
-	}
-	item := object.GetAccountItemByName("Groups", organization)
-	res, msg := object.CheckAccountItemModifyRule(item, c.IsAdmin(), c.GetAcceptLanguage())
-	if !res {
-		c.ResponseError(msg)
-		return
-	}
-
-	affected, err := object.DeleteGroupForUser(util.GetId(owner, name), groupName)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(affected)
+	c.Data["json"] = count
+	c.ServeJSON()
 }

controllers/user_upload.go

@@ -19,14 +19,13 @@ import (
 	"io"
 	"mime/multipart"
 	"os"
-	"path/filepath"
 
 	"github.com/casdoor/casdoor/object"
 	"github.com/casdoor/casdoor/util"
 )
 
 func saveFile(path string, file *multipart.File) (err error) {
-	f, err := os.Create(filepath.Clean(path))
+	f, err := os.Create(path)
 	if err != nil {
 		return err
 	}
@@ -48,22 +47,17 @@ func (c *ApiController) UploadUsers() {
 		c.ResponseError(err.Error())
 		return
 	}
-
 	fileId := fmt.Sprintf("%s_%s_%s", owner, user, util.RemoveExt(header.Filename))
+
 	path := util.GetUploadXlsxPath(fileId)
-	defer os.Remove(path)
+	util.EnsureFileFolderExists(path)
 	err = saveFile(path, &file)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
 	}
 
-	affected, err := object.UploadUsers(owner, path)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	affected := object.UploadUsers(owner, fileId)
 	if affected {
 		c.ResponseOk()
 	} else {

controllers/util.go

@@ -16,7 +16,6 @@ package controllers
 
 import (
 	"fmt"
-	"strings"
 
 	"github.com/casdoor/casdoor/conf"
 	"github.com/casdoor/casdoor/i18n"
@@ -56,9 +55,6 @@ func (c *ApiController) T(error string) string {
 // GetAcceptLanguage ...
 func (c *ApiController) GetAcceptLanguage() string {
 	language := c.Ctx.Request.Header.Get("Accept-Language")
-	if len(language) > 2 {
-		language = language[0:2]
-	}
 	return conf.GetLanguage(language)
 }
 
@@ -96,19 +92,7 @@ func (c *ApiController) RequireSignedInUser() (*object.User, bool) {
 		return nil, false
 	}
 
-	if strings.HasPrefix(userId, "app/") {
-		tmpUserId := c.Input().Get("userId")
-		if tmpUserId != "" {
-			userId = tmpUserId
-		}
-	}
-
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return nil, false
-	}
-
+	user := object.GetUser(userId)
 	if user == nil {
 		c.ClearUserSession()
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), userId))
@@ -151,68 +135,35 @@ func (c *ApiController) IsMaskedEnabled() (bool, bool) {
 	return true, isMaskEnabled
 }
 
-func refineFullFilePath(fullFilePath string) (string, string) {
-	tokens := strings.Split(fullFilePath, "/")
-	if len(tokens) >= 2 && tokens[0] == "Direct" && tokens[1] != "" {
-		providerName := tokens[1]
-		res := strings.Join(tokens[2:], "/")
-		return providerName, "/" + res
-	} else {
-		return "", fullFilePath
-	}
-}
-
-func (c *ApiController) GetProviderFromContext(category string) (*object.Provider, error) {
+func (c *ApiController) GetProviderFromContext(category string) (*object.Provider, *object.User, bool) {
 	providerName := c.Input().Get("provider")
-	if providerName == "" {
-		field := c.Input().Get("field")
-		value := c.Input().Get("value")
-		if field == "provider" && value != "" {
-			providerName = value
-		} else {
-			fullFilePath := c.Input().Get("fullFilePath")
-			providerName, _ = refineFullFilePath(fullFilePath)
-		}
-	}
-
 	if providerName != "" {
-		provider, err := object.GetProvider(util.GetId("admin", providerName))
-		if err != nil {
-			return nil, err
-		}
-
+		provider := object.GetProvider(util.GetId("admin", providerName))
 		if provider == nil {
-			err = fmt.Errorf(c.T("util:The provider: %s is not found"), providerName)
-			return nil, err
+			c.ResponseError(fmt.Sprintf(c.T("util:The provider: %s is not found"), providerName))
+			return nil, nil, false
 		}
-
-		return provider, nil
+		return provider, nil, true
 	}
 
 	userId, ok := c.RequireSignedIn()
 	if !ok {
-		return nil, fmt.Errorf(c.T("general:Please login first"))
-	}
-
-	application, err := object.GetApplicationByUserId(userId)
-	if err != nil {
-		return nil, err
+		return nil, nil, false
 	}
 
+	application, user := object.GetApplicationByUserId(userId)
 	if application == nil {
-		return nil, fmt.Errorf(c.T("util:No application is found for userId: %s"), userId)
-	}
-
-	provider, err := application.GetProviderByCategory(category)
-	if err != nil {
-		return nil, err
+		c.ResponseError(fmt.Sprintf(c.T("util:No application is found for userId: %s"), userId))
+		return nil, nil, false
 	}
 
+	provider := application.GetProviderByCategory(category)
 	if provider == nil {
-		return nil, fmt.Errorf(c.T("util:No provider for category: %s is found for application: %s"), category, application.Name)
+		c.ResponseError(fmt.Sprintf(c.T("util:No provider for category: %s is found for application: %s"), category, application.Name))
+		return nil, nil, false
 	}
 
-	return provider, nil
+	return provider, user, true
 }
 
 func checkQuotaForApplication(count int) error {

controllers/verification.go

@@ -66,17 +66,8 @@ func (c *ApiController) SendVerificationCode() {
 		}
 	}
 
-	application, err := object.GetApplication(vform.ApplicationId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	organization, err := object.GetOrganization(util.GetId(application.Owner, application.Organization))
-	if err != nil {
-		c.ResponseError(c.T(err.Error()))
-	}
-
+	application := object.GetApplication(vform.ApplicationId)
+	organization := object.GetOrganization(util.GetId(application.Owner, application.Organization))
 	if organization == nil {
 		c.ResponseError(c.T("check:Organization does not exist"))
 		return
@@ -86,20 +77,12 @@ func (c *ApiController) SendVerificationCode() {
 	// checkUser != "", means method is ForgetVerification
 	if vform.CheckUser != "" {
 		owner := application.Organization
-		user, err = object.GetUser(util.GetId(owner, vform.CheckUser))
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		user = object.GetUser(util.GetId(owner, vform.CheckUser))
 	}
 
-	// mfaUserSession != "", means method is MfaAuthVerification
-	if mfaUserSession := c.getMfaUserSession(); mfaUserSession != "" {
-		user, err = object.GetUser(mfaUserSession)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+	// mfaSessionData != nil, means method is MfaSetupVerification
+	if mfaSessionData := c.getMfaSessionData(); mfaSessionData != nil {
+		user = object.GetUser(mfaSessionData.UserId)
 	}
 
 	sendResp := errors.New("invalid dest type")
@@ -116,12 +99,7 @@ func (c *ApiController) SendVerificationCode() {
 				vform.Dest = user.Email
 			}
 
-			user, err = object.GetUserByEmail(organization.Name, vform.Dest)
-			if err != nil {
-				c.ResponseError(err.Error())
-				return
-			}
-
+			user = object.GetUserByEmail(organization.Name, vform.Dest)
 			if user == nil {
 				c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
 				return
@@ -129,24 +107,13 @@ func (c *ApiController) SendVerificationCode() {
 		} else if vform.Method == ResetVerification {
 			user = c.getCurrentUser()
 		} else if vform.Method == MfaAuthVerification {
-			mfaProps := user.GetPreferredMfaProps(false)
+			mfaProps := user.GetPreferMfa(false)
 			if user != nil && util.GetMaskedEmail(mfaProps.Secret) == vform.Dest {
 				vform.Dest = mfaProps.Secret
 			}
-		} else if vform.Method == MfaSetupVerification {
-			c.SetSession(object.MfaDestSession, vform.Dest)
-		}
-
-		provider, err := application.GetEmailProvider()
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if provider == nil {
-			c.ResponseError(fmt.Sprintf("please add an Email provider to the \"Providers\" list for the application: %s", application.Name))
-			return
 		}
 
+		provider := application.GetEmailProvider()
 		sendResp = object.SendVerificationCodeToEmail(organization, user, provider, remoteAddr, vform.Dest)
 	case object.VerifyTypePhone:
 		if vform.Method == LoginVerification || vform.Method == ForgetVerification {
@@ -154,28 +121,18 @@ func (c *ApiController) SendVerificationCode() {
 				vform.Dest = user.Phone
 			}
 
-			if user, err = object.GetUserByPhone(organization.Name, vform.Dest); err != nil {
-				c.ResponseError(err.Error())
-				return
-			} else if user == nil {
+			if user = object.GetUserByPhone(organization.Name, vform.Dest); user == nil {
 				c.ResponseError(c.T("verification:the user does not exist, please sign up first"))
 				return
 			}
 
 			vform.CountryCode = user.GetCountryCode(vform.CountryCode)
-		} else if vform.Method == ResetVerification || vform.Method == MfaSetupVerification {
-			if vform.CountryCode == "" {
-				if user = c.getCurrentUser(); user != nil {
-					vform.CountryCode = user.GetCountryCode(vform.CountryCode)
-				}
-			}
-
-			if vform.Method == MfaSetupVerification {
-				c.SetSession(object.MfaCountryCodeSession, vform.CountryCode)
-				c.SetSession(object.MfaDestSession, vform.Dest)
+		} else if vform.Method == ResetVerification {
+			if user = c.getCurrentUser(); user != nil {
+				vform.CountryCode = user.GetCountryCode(vform.CountryCode)
 			}
 		} else if vform.Method == MfaAuthVerification {
-			mfaProps := user.GetPreferredMfaProps(false)
+			mfaProps := user.GetPreferMfa(false)
 			if user != nil && util.GetMaskedPhone(mfaProps.Secret) == vform.Dest {
 				vform.Dest = mfaProps.Secret
 			}
@@ -183,16 +140,7 @@ func (c *ApiController) SendVerificationCode() {
 			vform.CountryCode = mfaProps.CountryCode
 		}
 
-		provider, err := application.GetSmsProvider()
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-		if provider == nil {
-			c.ResponseError(fmt.Sprintf("please add a SMS provider to the \"Providers\" list for the application: %s", application.Name))
-			return
-		}
-
+		provider := application.GetSmsProvider()
 		if phone, ok := util.GetE164Number(vform.Dest, vform.CountryCode); !ok {
 			c.ResponseError(fmt.Sprintf(c.T("verification:Phone number is invalid in your region %s"), vform.CountryCode))
 			return
@@ -201,6 +149,11 @@ func (c *ApiController) SendVerificationCode() {
 		}
 	}
 
+	if vform.Method == MfaSetupVerification {
+		c.SetSession(object.MfaSmsCountryCodeSession, vform.CountryCode)
+		c.SetSession(object.MfaSmsDestSession, vform.Dest)
+	}
+
 	if sendResp != nil {
 		c.ResponseError(sendResp.Error())
 	} else {
@@ -260,12 +213,7 @@ func (c *ApiController) ResetEmailOrPhone() {
 	}
 
 	checkDest := dest
-	organization, err := object.GetOrganizationByUser(user)
-	if err != nil {
-		c.ResponseError(c.T(err.Error()))
-		return
-	}
-
+	organization := object.GetOrganizationByUser(user)
 	if destType == object.VerifyTypePhone {
 		if object.HasUserByField(user.Owner, "phone", dest) {
 			c.ResponseError(c.T("check:Phone already exists"))
@@ -312,25 +260,16 @@ func (c *ApiController) ResetEmailOrPhone() {
 	switch destType {
 	case object.VerifyTypeEmail:
 		user.Email = dest
-		_, err = object.SetUserField(user, "email", user.Email)
+		object.SetUserField(user, "email", user.Email)
 	case object.VerifyTypePhone:
 		user.Phone = dest
-		_, err = object.SetUserField(user, "phone", user.Phone)
+		object.SetUserField(user, "phone", user.Phone)
 	default:
 		c.ResponseError(c.T("verification:Unknown type"))
 		return
 	}
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	err = object.DisableVerificationCode(checkDest)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
 
+	object.DisableVerificationCode(checkDest)
 	c.ResponseOk()
 }
 
@@ -348,11 +287,7 @@ func (c *ApiController) VerifyCode() {
 
 	var user *object.User
 	if authForm.Name != "" {
-		user, err = object.GetUserByFields(authForm.Organization, authForm.Name)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
+		user = object.GetUserByFields(authForm.Organization, authForm.Name)
 	}
 
 	var checkDest string
@@ -367,10 +302,7 @@ func (c *ApiController) VerifyCode() {
 		}
 	}
 
-	if user, err = object.GetUserByFields(authForm.Organization, authForm.Username); err != nil {
-		c.ResponseError(err.Error())
-		return
-	} else if user == nil {
+	if user = object.GetUserByFields(authForm.Organization, authForm.Username); user == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(authForm.Organization, authForm.Username)))
 		return
 	}
@@ -389,11 +321,7 @@ func (c *ApiController) VerifyCode() {
 		c.ResponseError(result.Msg)
 		return
 	}
-	err = object.DisableVerificationCode(checkDest)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
+	object.DisableVerificationCode(checkDest)
 	c.SetSession("verifiedCode", authForm.Code)
 
 	c.ResponseOk()

controllers/webauthn.go

@@ -33,12 +33,7 @@ import (
 // @Success 200 {object} protocol.CredentialCreation The CredentialCreationOptions object
 // @router /webauthn/signup/begin [get]
 func (c *ApiController) WebAuthnSignupBegin() {
-	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	user := c.getCurrentUser()
 	if user == nil {
 		c.ResponseError(c.T("general:Please login first"))
@@ -66,15 +61,10 @@ func (c *ApiController) WebAuthnSignupBegin() {
 // @Tag User API
 // @Description WebAuthn Registration Flow 2nd stage
 // @Param   body    body   protocol.CredentialCreationResponse  true        "authenticator attestation Response"
-// @Success 200 {object} controllers.Response "The Response object"
+// @Success 200 {object} Response "The Response object"
 // @router /webauthn/signup/finish [post]
 func (c *ApiController) WebAuthnSignupFinish() {
-	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	user := c.getCurrentUser()
 	if user == nil {
 		c.ResponseError(c.T("general:Please login first"))
@@ -94,12 +84,7 @@ func (c *ApiController) WebAuthnSignupFinish() {
 		return
 	}
 	isGlobalAdmin := c.IsGlobalAdmin()
-	_, err = user.AddCredentials(*credential, isGlobalAdmin)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	user.AddCredentials(*credential, isGlobalAdmin)
 	c.ResponseOk()
 }
 
@@ -112,20 +97,10 @@ func (c *ApiController) WebAuthnSignupFinish() {
 // @Success 200 {object} protocol.CredentialAssertion The CredentialAssertion object
 // @router /webauthn/signin/begin [get]
 func (c *ApiController) WebAuthnSigninBegin() {
-	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	userOwner := c.Input().Get("owner")
 	userName := c.Input().Get("name")
-	user, err := object.GetUserByFields(userOwner, userName)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	user := object.GetUserByFields(userOwner, userName)
 	if user == nil {
 		c.ResponseError(fmt.Sprintf(c.T("general:The user: %s doesn't exist"), util.GetId(userOwner, userName)))
 		return
@@ -150,17 +125,11 @@ func (c *ApiController) WebAuthnSigninBegin() {
 // @Tag Login API
 // @Description WebAuthn Login Flow 2nd stage
 // @Param   body    body   protocol.CredentialAssertionResponse  true        "authenticator assertion Response"
-// @Success 200 {object} controllers.Response "The Response object"
+// @Success 200 {object} Response "The Response object"
 // @router /webauthn/signin/finish [post]
 func (c *ApiController) WebAuthnSigninFinish() {
 	responseType := c.Input().Get("responseType")
-	clientId := c.Input().Get("clientId")
-	webauthnObj, err := object.GetWebAuthnObject(c.Ctx.Request.Host)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	webauthnObj := object.GetWebAuthnObject(c.Ctx.Request.Host)
 	sessionObj := c.GetSession("authentication")
 	sessionData, ok := sessionObj.(webauthn.SessionData)
 	if !ok {
@@ -169,13 +138,8 @@ func (c *ApiController) WebAuthnSigninFinish() {
 	}
 	c.Ctx.Request.Body = io.NopCloser(bytes.NewBuffer(c.Ctx.Input.RequestBody))
 	userId := string(sessionData.UserID)
-	user, err := object.GetUser(userId)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	_, err = webauthnObj.FinishLogin(user, sessionData, c.Ctx.Request)
+	user := object.GetUser(userId)
+	_, err := webauthnObj.FinishLogin(user, sessionData, c.Ctx.Request)
 	if err != nil {
 		c.ResponseError(err.Error())
 		return
@@ -183,18 +147,7 @@ func (c *ApiController) WebAuthnSigninFinish() {
 	c.SetSessionUsername(userId)
 	util.LogInfo(c.Ctx, "API: [%s] signed in", userId)
 
-	var application *object.Application
-
-	if clientId != "" && (responseType == ResponseTypeCode) {
-		application, err = object.GetApplicationByClientId(clientId)
-	} else {
-		application, err = object.GetApplicationByUser(user)
-	}
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
+	application := object.GetApplicationByUser(user)
 	var authForm form.AuthForm
 	authForm.Type = responseType
 	resp := c.HandleLoggedIn(application, user, &authForm)

controllers/webhook.go

@@ -26,10 +26,9 @@ import (
 // @Title GetWebhooks
 // @Tag Webhook API
 // @Description get webhooks
-// @Param   owner     query    string  built-in/admin	true        "The owner of webhooks"
+// @Param   owner     query    string  true        "The owner of webhooks"
 // @Success 200 {array} object.Webhook The Response object
 // @router /get-webhooks [get]
-// @Security test_apiKey
 func (c *ApiController) GetWebhooks() {
 	owner := c.Input().Get("owner")
 	limit := c.Input().Get("pageSize")
@@ -39,31 +38,13 @@ func (c *ApiController) GetWebhooks() {
 	sortField := c.Input().Get("sortField")
 	sortOrder := c.Input().Get("sortOrder")
 	organization := c.Input().Get("organization")
-
 	if limit == "" || page == "" {
-		webhooks, err := object.GetWebhooks(owner, organization)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		c.ResponseOk(webhooks)
+		c.Data["json"] = object.GetWebhooks(owner, organization)
+		c.ServeJSON()
 	} else {
 		limit := util.ParseInt(limit)
-		count, err := object.GetWebhookCount(owner, organization, field, value)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
-		paginator := pagination.SetPaginator(c.Ctx, limit, count)
-
-		webhooks, err := object.GetPaginationWebhooks(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
-		if err != nil {
-			c.ResponseError(err.Error())
-			return
-		}
-
+		paginator := pagination.SetPaginator(c.Ctx, limit, int64(object.GetWebhookCount(owner, organization, field, value)))
+		webhooks := object.GetPaginationWebhooks(owner, organization, paginator.Offset(), limit, field, value, sortField, sortOrder)
 		c.ResponseOk(webhooks, paginator.Nums())
 	}
 }
@@ -72,26 +53,21 @@ func (c *ApiController) GetWebhooks() {
 // @Title GetWebhook
 // @Tag Webhook API
 // @Description get webhook
-// @Param   id     query    string  built-in/admin	true        "The id ( owner/name ) of the webhook"
+// @Param   id     query    string  true        "The id ( owner/name ) of the webhook"
 // @Success 200 {object} object.Webhook The Response object
 // @router /get-webhook [get]
 func (c *ApiController) GetWebhook() {
 	id := c.Input().Get("id")
 
-	webhook, err := object.GetWebhook(id)
-	if err != nil {
-		c.ResponseError(err.Error())
-		return
-	}
-
-	c.ResponseOk(webhook)
+	c.Data["json"] = object.GetWebhook(id)
+	c.ServeJSON()
 }
 
 // UpdateWebhook
 // @Title UpdateWebhook
 // @Tag Webhook API
 // @Description update webhook
-// @Param   id     query    string  built-in/admin true        "The id ( owner/name ) of the webhook"
+// @Param   id     query    string  true        "The id ( owner/name ) of the webhook"
 // @Param   body    body   object.Webhook  true        "The details of the webhook"
 // @Success 200 {object} controllers.Response The Response object
 // @router /update-webhook [post]

deployment/deploy.go

@@ -17,7 +17,6 @@ package deployment
 import (
 	"fmt"
 	"os"
-	"path/filepath"
 	"strings"
 
 	"github.com/casdoor/casdoor/object"
@@ -46,7 +45,7 @@ func uploadFolder(storageProvider oss.StorageInterface, folder string) {
 			continue
 		}
 
-		file, err := os.Open(filepath.Clean(path + filename))
+		file, err := os.Open(path + filename)
 		if err != nil {
 			panic(err)
 		}

deployment/deploy_test.go

@@ -25,12 +25,6 @@ import (
 )
 
 func TestDeployStaticFiles(t *testing.T) {
-	object.InitConfig()
-
-	provider, err := object.GetProvider(util.GetId("admin", "provider_storage_aliyun_oss"))
-	if err != nil {
-		panic(err)
-	}
-
+	provider := object.GetProvider(util.GetId("admin", "provider_storage_aliyun_oss"))
 	deployStaticFiles(provider)
 }

email/azure_acs.go

@@ -1,229 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package email
-
-import (
-	"bytes"
-	"crypto/hmac"
-	"crypto/sha256"
-	"encoding/base64"
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/google/uuid"
-)
-
-const (
-	importanceNormal  = "normal"
-	sendEmailEndpoint = "/emails:send"
-	apiVersion        = "2023-03-31"
-)
-
-type Email struct {
-	Recipients    Recipients     `json:"recipients"`
-	SenderAddress string         `json:"senderAddress"`
-	Content       Content        `json:"content"`
-	Headers       []CustomHeader `json:"headers"`
-	Tracking      bool           `json:"disableUserEngagementTracking"`
-	Importance    string         `json:"importance"`
-	ReplyTo       []EmailAddress `json:"replyTo"`
-	Attachments   []Attachment   `json:"attachments"`
-}
-
-type Recipients struct {
-	To  []EmailAddress `json:"to"`
-	CC  []EmailAddress `json:"cc"`
-	BCC []EmailAddress `json:"bcc"`
-}
-
-type EmailAddress struct {
-	DisplayName string `json:"displayName"`
-	Address     string `json:"address"`
-}
-
-type Content struct {
-	Subject   string `json:"subject"`
-	HTML      string `json:"html"`
-	PlainText string `json:"plainText"`
-}
-
-type CustomHeader struct {
-	Name  string `json:"name"`
-	Value string `json:"value"`
-}
-
-type Attachment struct {
-	Content        string `json:"contentBytesBase64"`
-	AttachmentType string `json:"attachmentType"`
-	Name           string `json:"name"`
-}
-
-type ErrorResponse struct {
-	Error CommunicationError `json:"error"`
-}
-
-// CommunicationError contains the error code and message
-type CommunicationError struct {
-	Code    string `json:"code"`
-	Message string `json:"message"`
-}
-
-type AzureACSEmailProvider struct {
-	AccessKey string
-	Endpoint  string
-}
-
-func NewAzureACSEmailProvider(accessKey string, endpoint string) *AzureACSEmailProvider {
-	return &AzureACSEmailProvider{
-		AccessKey: accessKey,
-		Endpoint:  endpoint,
-	}
-}
-
-func newEmail(fromAddress string, toAddress string, subject string, content string) *Email {
-	return &Email{
-		Recipients: Recipients{
-			To: []EmailAddress{
-				{
-					DisplayName: toAddress,
-					Address:     toAddress,
-				},
-			},
-		},
-		SenderAddress: fromAddress,
-		Content: Content{
-			Subject: subject,
-			HTML:    content,
-		},
-		Importance: importanceNormal,
-	}
-}
-
-func (a *AzureACSEmailProvider) sendEmail(e *Email) error {
-	postBody, err := json.Marshal(e)
-	if err != nil {
-		return fmt.Errorf("email JSON marshall failed: %s", err)
-	}
-
-	bodyBuffer := bytes.NewBuffer(postBody)
-
-	endpoint := strings.TrimSuffix(a.Endpoint, "/")
-	url := fmt.Sprintf("%s/emails:send?api-version=2023-03-31", endpoint)
-	req, err := http.NewRequest("POST", url, bodyBuffer)
-	if err != nil {
-		return fmt.Errorf("error creating AzureACS API request: %s", err)
-	}
-
-	// Sign the request using the AzureACS access key and HMAC-SHA256
-	err = signRequestHMAC(a.AccessKey, req)
-	if err != nil {
-		return fmt.Errorf("error signing AzureACS API request: %s", err)
-	}
-
-	req.Header.Set("Content-Type", "application/json")
-
-	// Some important header
-	req.Header.Set("repeatability-request-id", uuid.New().String())
-	req.Header.Set("repeatability-first-sent", time.Now().UTC().Format(http.TimeFormat))
-
-	// Send request
-	client := &http.Client{}
-	resp, err := client.Do(req)
-	if err != nil {
-		return fmt.Errorf("error sending AzureACS API request: %s", err)
-	}
-	defer resp.Body.Close()
-
-	// Response error Handling
-	if resp.StatusCode == http.StatusBadRequest || resp.StatusCode == http.StatusUnauthorized {
-		commError := ErrorResponse{}
-
-		err = json.NewDecoder(resp.Body).Decode(&commError)
-		if err != nil {
-			return err
-		}
-
-		return fmt.Errorf("error sending email: %s", commError.Error.Message)
-	}
-
-	if resp.StatusCode != http.StatusAccepted {
-		return fmt.Errorf("error sending email: status: %d", resp.StatusCode)
-	}
-
-	return nil
-}
-
-func signRequestHMAC(secret string, req *http.Request) error {
-	method := req.Method
-	host := req.URL.Host
-	pathAndQuery := req.URL.Path
-
-	if req.URL.RawQuery != "" {
-		pathAndQuery = pathAndQuery + "?" + req.URL.RawQuery
-	}
-
-	var content []byte
-	var err error
-	if req.Body != nil {
-		content, err = io.ReadAll(req.Body)
-		if err != nil {
-			// return err
-			content = []byte{}
-		}
-	}
-
-	req.Body = io.NopCloser(bytes.NewBuffer(content))
-
-	key, err := base64.StdEncoding.DecodeString(secret)
-	if err != nil {
-		return fmt.Errorf("error decoding secret: %s", err)
-	}
-
-	timestamp := time.Now().UTC().Format(http.TimeFormat)
-	contentHash := GetContentHashBase64(content)
-	stringToSign := fmt.Sprintf("%s\n%s\n%s;%s;%s", strings.ToUpper(method), pathAndQuery, timestamp, host, contentHash)
-	signature := GetHmac(stringToSign, key)
-
-	req.Header.Set("x-ms-content-sha256", contentHash)
-	req.Header.Set("x-ms-date", timestamp)
-
-	req.Header.Set("Authorization", "HMAC-SHA256 SignedHeaders=x-ms-date;host;x-ms-content-sha256&Signature="+signature)
-
-	return nil
-}
-
-func GetContentHashBase64(content []byte) string {
-	hasher := sha256.New()
-	hasher.Write(content)
-
-	return base64.StdEncoding.EncodeToString(hasher.Sum(nil))
-}
-
-func GetHmac(content string, key []byte) string {
-	hmac := hmac.New(sha256.New, key)
-	hmac.Write([]byte(content))
-
-	return base64.StdEncoding.EncodeToString(hmac.Sum(nil))
-}
-
-func (a *AzureACSEmailProvider) Send(fromAddress string, fromName string, toAddress string, subject string, content string) error {
-	e := newEmail(fromAddress, toAddress, subject, content)
-
-	return a.sendEmail(e)
-}

email/provider.go

@@ -1,27 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package email
-
-type EmailProvider interface {
-	Send(fromAddress string, fromName, toAddress string, subject string, content string) error
-}
-
-func GetEmailProvider(typ string, clientId string, clientSecret string, host string, port int, disableSsl bool) EmailProvider {
-	if typ == "Azure ACS" {
-		return NewAzureACSEmailProvider(clientSecret, host)
-	} else {
-		return NewSmtpEmailProvider(clientId, clientSecret, host, port, typ, disableSsl)
-	}
-}

email/smtp.go

@@ -1,49 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package email
-
-import (
-	"crypto/tls"
-
-	"github.com/casdoor/gomail/v2"
-)
-
-type SmtpEmailProvider struct {
-	Dialer *gomail.Dialer
-}
-
-func NewSmtpEmailProvider(userName string, password string, host string, port int, typ string, disableSsl bool) *SmtpEmailProvider {
-	dialer := &gomail.Dialer{}
-	dialer = gomail.NewDialer(host, port, userName, password)
-	if typ == "SUBMAIL" {
-		dialer.TLSConfig = &tls.Config{InsecureSkipVerify: true}
-	}
-
-	dialer.SSL = !disableSsl
-
-	return &SmtpEmailProvider{Dialer: dialer}
-}
-
-func (s *SmtpEmailProvider) Send(fromAddress string, fromName string, toAddress string, subject string, content string) error {
-	message := gomail.NewMessage()
-
-	message.SetAddressHeader("From", fromAddress, fromName)
-	message.SetHeader("To", toAddress)
-	message.SetHeader("Subject", subject)
-	message.SetBody("text/html", content)
-
-	message.SkipUsernameCheck = true
-	return s.Dialer.DialAndSend(message)
-}

form/auth.go

@@ -17,18 +17,17 @@ package form
 type AuthForm struct {
 	Type string `json:"type"`
 
-	Organization   string `json:"organization"`
-	Username       string `json:"username"`
-	Password       string `json:"password"`
-	Name           string `json:"name"`
-	FirstName      string `json:"firstName"`
-	LastName       string `json:"lastName"`
-	Email          string `json:"email"`
-	Phone          string `json:"phone"`
-	Affiliation    string `json:"affiliation"`
-	IdCard         string `json:"idCard"`
-	Region         string `json:"region"`
-	InvitationCode string `json:"invitationCode"`
+	Organization string `json:"organization"`
+	Username     string `json:"username"`
+	Password     string `json:"password"`
+	Name         string `json:"name"`
+	FirstName    string `json:"firstName"`
+	LastName     string `json:"lastName"`
+	Email        string `json:"email"`
+	Phone        string `json:"phone"`
+	Affiliation  string `json:"affiliation"`
+	IdCard       string `json:"idCard"`
+	Region       string `json:"region"`
 
 	Application string `json:"application"`
 	ClientId    string `json:"clientId"`

go.mod

@@ -6,70 +6,61 @@ require (
 	github.com/Masterminds/squirrel v1.5.3
 	github.com/RobotsAndPencils/go-saml v0.0.0-20170520135329-fb13cb52a46b
 	github.com/alexedwards/argon2id v0.0.0-20211130144151-3585854a6387
-	github.com/aws/aws-sdk-go v1.45.5
-	github.com/beego/beego v1.12.12
+	github.com/aliyun/alibaba-cloud-sdk-go v1.62.188 // indirect
+	github.com/aws/aws-sdk-go v1.44.4
+	github.com/beego/beego v1.12.11
 	github.com/beevik/etree v1.1.0
-	github.com/casbin/casbin v1.9.1 // indirect
-	github.com/casbin/casbin/v2 v2.77.2
-	github.com/casdoor/go-sms-sender v0.15.0
+	github.com/casbin/casbin/v2 v2.30.1
+	github.com/casdoor/go-sms-sender v0.6.1
 	github.com/casdoor/gomail/v2 v2.0.1
-	github.com/casdoor/notify v0.45.0
-	github.com/casdoor/oss v1.3.0
-	github.com/casdoor/xorm-adapter/v3 v3.1.0
-	github.com/casvisor/casvisor-go-sdk v1.0.3
+	github.com/casdoor/oss v1.2.0
+	github.com/casdoor/xorm-adapter/v3 v3.0.4
 	github.com/dchest/captcha v0.0.0-20200903113550-03f5f0333e1f
 	github.com/denisenkom/go-mssqldb v0.9.0
-	github.com/elazarl/go-bindata-assetfs v1.0.1 // indirect
-	github.com/elimity-com/scim v0.0.0-20230426070224-941a5eac92f3
+	github.com/dlclark/regexp2 v1.9.0 // indirect
 	github.com/fogleman/gg v1.3.0
 	github.com/forestmgy/ldapserver v1.1.0
 	github.com/go-git/go-git/v5 v5.6.0
-	github.com/go-ldap/ldap/v3 v3.4.6
+	github.com/go-ldap/ldap/v3 v3.3.0
 	github.com/go-mysql-org/go-mysql v1.7.0
 	github.com/go-pay/gopay v1.5.72
 	github.com/go-sql-driver/mysql v1.6.0
-	github.com/go-telegram-bot-api/telegram-bot-api v4.6.4+incompatible
 	github.com/go-webauthn/webauthn v0.6.0
 	github.com/golang-jwt/jwt/v4 v4.5.0
-	github.com/google/uuid v1.3.1
-	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
+	github.com/google/uuid v1.3.0
 	github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect
 	github.com/lestrrat-go/jwx v1.2.21
-	github.com/lib/pq v1.10.9
+	github.com/lib/pq v1.8.0
 	github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3
 	github.com/markbates/goth v1.75.2
-	github.com/mitchellh/mapstructure v1.5.0
 	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d // indirect
 	github.com/nyaruka/phonenumbers v1.1.5
-	github.com/pquerna/otp v1.4.0
-	github.com/prometheus/client_golang v1.11.1
-	github.com/prometheus/client_model v0.3.0
+	github.com/pkoukk/tiktoken-go v0.1.1
+	github.com/prometheus/client_golang v1.7.0
+	github.com/prometheus/client_model v0.2.0
 	github.com/qiangmzsx/string-adapter/v2 v2.1.0
 	github.com/robfig/cron/v3 v3.0.1
-	github.com/russellhaering/gosaml2 v0.9.0
-	github.com/russellhaering/goxmldsig v1.2.0
-	github.com/shiena/ansicolor v0.0.0-20200904210342-c7312218db18 // indirect
+	github.com/russellhaering/gosaml2 v0.6.0
+	github.com/russellhaering/goxmldsig v1.1.1
+	github.com/sashabaranov/go-openai v1.9.1
+	github.com/satori/go.uuid v1.2.0
 	github.com/shirou/gopsutil v3.21.11+incompatible
 	github.com/siddontang/go-log v0.0.0-20190221022429-1e957dd83bed
 	github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e
-	github.com/stretchr/testify v1.8.4
-	github.com/stripe/stripe-go/v74 v74.29.0
+	github.com/stretchr/testify v1.8.2
 	github.com/tealeg/xlsx v1.0.5
 	github.com/thanhpk/randstr v1.0.4
-	github.com/tidwall/pretty v1.2.1 // indirect
 	github.com/tklauser/go-sysconf v0.3.10 // indirect
-	github.com/xorm-io/builder v0.3.13
 	github.com/xorm-io/core v0.7.4
 	github.com/xorm-io/xorm v1.1.6
 	github.com/yusufpapurcu/wmi v1.2.2 // indirect
-	golang.org/x/crypto v0.13.0
-	golang.org/x/net v0.14.0
-	golang.org/x/oauth2 v0.11.0
-	golang.org/x/text v0.13.0 // indirect
-	google.golang.org/api v0.138.0
+	golang.org/x/crypto v0.6.0
+	golang.org/x/net v0.6.0
+	golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0
-	layeh.com/radius v0.0.0-20221205141417-e7fbddd11d68
-	maunium.net/go/mautrix v0.16.0
-	modernc.org/sqlite v1.18.2
+	gopkg.in/yaml.v2 v2.3.0 // indirect
+	modernc.org/sqlite v1.10.1-0.20210314190707-798bbeb9bb84
 )

i18n/generate_test.go

@@ -33,18 +33,6 @@ func TestGenerateI18nFrontend(t *testing.T) {
 	applyToOtherLanguage("frontend", "ru", data)
 	applyToOtherLanguage("frontend", "vi", data)
 	applyToOtherLanguage("frontend", "pt", data)
-	applyToOtherLanguage("frontend", "it", data)
-	applyToOtherLanguage("frontend", "ms", data)
-	applyToOtherLanguage("frontend", "tr", data)
-	applyToOtherLanguage("frontend", "ar", data)
-	applyToOtherLanguage("frontend", "he", data)
-	applyToOtherLanguage("frontend", "nl", data)
-	applyToOtherLanguage("frontend", "pl", data)
-	applyToOtherLanguage("frontend", "fi", data)
-	applyToOtherLanguage("frontend", "sv", data)
-	applyToOtherLanguage("frontend", "uk", data)
-	applyToOtherLanguage("frontend", "kk", data)
-	applyToOtherLanguage("frontend", "fa", data)
 }
 
 func TestGenerateI18nBackend(t *testing.T) {
@@ -61,16 +49,4 @@ func TestGenerateI18nBackend(t *testing.T) {
 	applyToOtherLanguage("backend", "ru", data)
 	applyToOtherLanguage("backend", "vi", data)
 	applyToOtherLanguage("backend", "pt", data)
-	applyToOtherLanguage("backend", "it", data)
-	applyToOtherLanguage("backend", "ms", data)
-	applyToOtherLanguage("backend", "tr", data)
-	applyToOtherLanguage("backend", "ar", data)
-	applyToOtherLanguage("backend", "he", data)
-	applyToOtherLanguage("backend", "nl", data)
-	applyToOtherLanguage("backend", "pl", data)
-	applyToOtherLanguage("backend", "fi", data)
-	applyToOtherLanguage("backend", "sv", data)
-	applyToOtherLanguage("backend", "uk", data)
-	applyToOtherLanguage("backend", "kk", data)
-	applyToOtherLanguage("backend", "fa", data)
 }

i18n/locales/ar/data.json

@@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Failed to add user",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong verification code!": "Wrong verification code!",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}

i18n/locales/de/data.json

@@ -18,12 +18,19 @@
     "The login method: login with password is not enabled for the application": "Die Anmeldeart \"Anmeldung mit Passwort\" ist für die Anwendung nicht aktiviert",
     "The provider: %s is not enabled for the application": "Der Anbieter: %s ist nicht für die Anwendung aktiviert",
     "Unauthorized operation": "Nicht autorisierte Operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unbekannter Authentifizierungstyp (nicht Passwort oder Anbieter), Formular = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
+    "Unknown authentication type (not password or provider), form = %s": "Unbekannter Authentifizierungstyp (nicht Passwort oder Anbieter), Formular = %s"
   },
   "cas": {
     "Service %s and %s do not match": "Service %s und %s stimmen nicht überein"
   },
+  "chat": {
+    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
+    "The chat: %s is not found": "The chat: %s is not found",
+    "The message is invalid": "The message is invalid",
+    "The message: %s is not found": "The message: %s is not found",
+    "The provider: %s is invalid": "The provider: %s is invalid",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
   "check": {
     "Affiliation cannot be blank": "Zugehörigkeit darf nicht leer sein",
     "DisplayName cannot be blank": "Anzeigename kann nicht leer sein",
@@ -61,8 +68,7 @@
     "Missing parameter": "Fehlender Parameter",
     "Please login first": "Bitte zuerst einloggen",
     "The user: %s doesn't exist": "Der Benutzer %s existiert nicht",
-    "don't support captchaProvider: ": "Unterstütze captchaProvider nicht:",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "don't support captchaProvider: ": "Unterstütze captchaProvider nicht:"
   },
   "ldap": {
     "Ldap server exist": "Es gibt einen LDAP-Server"
@@ -113,7 +119,8 @@
   },
   "user": {
     "Display name cannot be empty": "Anzeigename darf nicht leer sein",
-    "New password cannot contain blank space.": "Das neue Passwort darf keine Leerzeichen enthalten."
+    "New password cannot contain blank space.": "Das neue Passwort darf keine Leerzeichen enthalten.",
+    "New password must have at least 6 characters": "Das neue Passwort muss mindestens 6 Zeichen haben"
   },
   "user_upload": {
     "Failed to import users": "Fehler beim Importieren von Benutzern"

i18n/locales/en/data.json

@@ -18,12 +18,19 @@
     "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
     "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
     "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
+    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s"
   },
   "cas": {
     "Service %s and %s do not match": "Service %s and %s do not match"
   },
+  "chat": {
+    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
+    "The chat: %s is not found": "The chat: %s is not found",
+    "The message is invalid": "The message is invalid",
+    "The message: %s is not found": "The message: %s is not found",
+    "The provider: %s is invalid": "The provider: %s is invalid",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
   "check": {
     "Affiliation cannot be blank": "Affiliation cannot be blank",
     "DisplayName cannot be blank": "DisplayName cannot be blank",
@@ -61,8 +68,7 @@
     "Missing parameter": "Missing parameter",
     "Please login first": "Please login first",
     "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "don't support captchaProvider: ": "don't support captchaProvider: "
   },
   "ldap": {
     "Ldap server exist": "Ldap server exist"
@@ -113,7 +119,8 @@
   },
   "user": {
     "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
+    "New password cannot contain blank space.": "New password cannot contain blank space.",
+    "New password must have at least 6 characters": "New password must have at least 6 characters"
   },
   "user_upload": {
     "Failed to import users": "Failed to import users"

i18n/locales/es/data.json

@@ -18,12 +18,19 @@
     "The login method: login with password is not enabled for the application": "El método de inicio de sesión: inicio de sesión con contraseña no está habilitado para la aplicación",
     "The provider: %s is not enabled for the application": "El proveedor: %s no está habilitado para la aplicación",
     "Unauthorized operation": "Operación no autorizada",
-    "Unknown authentication type (not password or provider), form = %s": "Tipo de autenticación desconocido (no es contraseña o proveedor), formulario = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
+    "Unknown authentication type (not password or provider), form = %s": "Tipo de autenticación desconocido (no es contraseña o proveedor), formulario = %s"
   },
   "cas": {
     "Service %s and %s do not match": "Los servicios %s y %s no coinciden"
   },
+  "chat": {
+    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
+    "The chat: %s is not found": "The chat: %s is not found",
+    "The message is invalid": "The message is invalid",
+    "The message: %s is not found": "The message: %s is not found",
+    "The provider: %s is invalid": "The provider: %s is invalid",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
   "check": {
     "Affiliation cannot be blank": "Afiliación no puede estar en blanco",
     "DisplayName cannot be blank": "El nombre de visualización no puede estar en blanco",
@@ -61,8 +68,7 @@
     "Missing parameter": "Parámetro faltante",
     "Please login first": "Por favor, inicia sesión primero",
     "The user: %s doesn't exist": "El usuario: %s no existe",
-    "don't support captchaProvider: ": "No apoyo a captchaProvider",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "don't support captchaProvider: ": "No apoyo a captchaProvider"
   },
   "ldap": {
     "Ldap server exist": "El servidor LDAP existe"
@@ -113,7 +119,8 @@
   },
   "user": {
     "Display name cannot be empty": "El nombre de pantalla no puede estar vacío",
-    "New password cannot contain blank space.": "La nueva contraseña no puede contener espacios en blanco."
+    "New password cannot contain blank space.": "La nueva contraseña no puede contener espacios en blanco.",
+    "New password must have at least 6 characters": "La nueva contraseña debe tener al menos 6 caracteres"
   },
   "user_upload": {
     "Failed to import users": "Error al importar usuarios"

i18n/locales/fa/data.json

@@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Failed to add user",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong verification code!": "Wrong verification code!",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}

i18n/locales/fi/data.json

@@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Failed to add user",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong verification code!": "Wrong verification code!",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}

i18n/locales/fr/data.json

@@ -18,12 +18,19 @@
     "The login method: login with password is not enabled for the application": "La méthode de connexion : connexion avec mot de passe n'est pas activée pour l'application",
     "The provider: %s is not enabled for the application": "Le fournisseur :%s n'est pas activé pour l'application",
     "Unauthorized operation": "Opération non autorisée",
-    "Unknown authentication type (not password or provider), form = %s": "Type d'authentification inconnu (pas de mot de passe ou de fournisseur), formulaire = %s",
-    "User's tag: %s is not listed in the application's tags": "Le tag de l’utilisateur %s n’est pas répertorié dans les tags de l’application"
+    "Unknown authentication type (not password or provider), form = %s": "Type d'authentification inconnu (pas de mot de passe ou de fournisseur), formulaire = %s"
   },
   "cas": {
     "Service %s and %s do not match": "Les services %s et %s ne correspondent pas"
   },
+  "chat": {
+    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
+    "The chat: %s is not found": "The chat: %s is not found",
+    "The message is invalid": "The message is invalid",
+    "The message: %s is not found": "The message: %s is not found",
+    "The provider: %s is invalid": "The provider: %s is invalid",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
   "check": {
     "Affiliation cannot be blank": "Affiliation ne peut pas être vide",
     "DisplayName cannot be blank": "Le nom d'affichage ne peut pas être vide",
@@ -43,7 +50,7 @@
     "Phone number is invalid": "Le numéro de téléphone est invalide",
     "Session outdated, please login again": "Session expirée, veuillez vous connecter à nouveau",
     "The user is forbidden to sign in, please contact the administrator": "L'utilisateur est interdit de se connecter, veuillez contacter l'administrateur",
-    "The user: %s doesn't exist in LDAP server": "L'utilisateur %s n'existe pas sur le serveur LDAP",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
     "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "Le nom d'utilisateur ne peut contenir que des caractères alphanumériques, des traits soulignés ou des tirets, ne peut pas avoir de tirets ou de traits soulignés consécutifs et ne peut pas commencer ou se terminer par un tiret ou un trait souligné.",
     "Username already exists": "Nom d'utilisateur existe déjà",
     "Username cannot be an email address": "Nom d'utilisateur ne peut pas être une adresse e-mail",
@@ -53,7 +60,7 @@
     "Username must have at least 2 characters": "Le nom d'utilisateur doit comporter au moins 2 caractères",
     "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "Vous avez entré le mauvais mot de passe ou code plusieurs fois, veuillez attendre %d minutes et réessayer",
     "Your region is not allow to signup by phone": "Votre région n'est pas autorisée à s'inscrire par téléphone",
-    "password or code is incorrect": "mot de passe ou code invalide",
+    "password or code is incorrect": "password or code is incorrect",
     "password or code is incorrect, you have %d remaining chances": "Le mot de passe ou le code est incorrect, il vous reste %d chances",
     "unsupported password type: %s": "Type de mot de passe non pris en charge : %s"
   },
@@ -61,8 +68,7 @@
     "Missing parameter": "Paramètre manquant",
     "Please login first": "Veuillez d'abord vous connecter",
     "The user: %s doesn't exist": "L'utilisateur : %s n'existe pas",
-    "don't support captchaProvider: ": "ne prend pas en charge captchaProvider: ",
-    "this operation is not allowed in demo mode": "cette opération n’est pas autorisée en mode démo"
+    "don't support captchaProvider: ": "Ne pas prendre en charge la captchaProvider"
   },
   "ldap": {
     "Ldap server exist": "Le serveur LDAP existe"
@@ -113,7 +119,8 @@
   },
   "user": {
     "Display name cannot be empty": "Le nom d'affichage ne peut pas être vide",
-    "New password cannot contain blank space.": "Le nouveau mot de passe ne peut pas contenir d'espace."
+    "New password cannot contain blank space.": "Le nouveau mot de passe ne peut pas contenir d'espace.",
+    "New password must have at least 6 characters": "Le nouveau mot de passe doit comporter au moins 6 caractères"
   },
   "user_upload": {
     "Failed to import users": "Échec de l'importation des utilisateurs"

i18n/locales/he/data.json

@@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Failed to add user",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong verification code!": "Wrong verification code!",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}

i18n/locales/id/data.json

@@ -18,12 +18,19 @@
     "The login method: login with password is not enabled for the application": "Metode login: login dengan kata sandi tidak diaktifkan untuk aplikasi tersebut",
     "The provider: %s is not enabled for the application": "Penyedia: %s tidak diaktifkan untuk aplikasi ini",
     "Unauthorized operation": "Operasi tidak sah",
-    "Unknown authentication type (not password or provider), form = %s": "Jenis otentikasi tidak diketahui (bukan kata sandi atau pemberi), formulir = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
+    "Unknown authentication type (not password or provider), form = %s": "Jenis otentikasi tidak diketahui (bukan kata sandi atau pemberi), formulir = %s"
   },
   "cas": {
     "Service %s and %s do not match": "Layanan %s dan %s tidak cocok"
   },
+  "chat": {
+    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
+    "The chat: %s is not found": "The chat: %s is not found",
+    "The message is invalid": "The message is invalid",
+    "The message: %s is not found": "The message: %s is not found",
+    "The provider: %s is invalid": "The provider: %s is invalid",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
   "check": {
     "Affiliation cannot be blank": "Keterkaitan tidak boleh kosong",
     "DisplayName cannot be blank": "Nama Pengguna tidak boleh kosong",
@@ -61,8 +68,7 @@
     "Missing parameter": "Parameter hilang",
     "Please login first": "Silahkan login terlebih dahulu",
     "The user: %s doesn't exist": "Pengguna: %s tidak ada",
-    "don't support captchaProvider: ": "Jangan mendukung captchaProvider:",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "don't support captchaProvider: ": "Jangan mendukung captchaProvider:"
   },
   "ldap": {
     "Ldap server exist": "Server ldap ada"
@@ -113,7 +119,8 @@
   },
   "user": {
     "Display name cannot be empty": "Nama tampilan tidak boleh kosong",
-    "New password cannot contain blank space.": "Kata sandi baru tidak boleh mengandung spasi kosong."
+    "New password cannot contain blank space.": "Kata sandi baru tidak boleh mengandung spasi kosong.",
+    "New password must have at least 6 characters": "Kata sandi baru harus memiliki setidaknya 6 karakter"
   },
   "user_upload": {
     "Failed to import users": "Gagal mengimpor pengguna"

i18n/locales/it/data.json

@@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Failed to add user",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong verification code!": "Wrong verification code!",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}

i18n/locales/ja/data.json

@@ -18,12 +18,19 @@
     "The login method: login with password is not enabled for the application": "ログイン方法：パスワードでのログインはアプリケーションで有効になっていません",
     "The provider: %s is not enabled for the application": "プロバイダー：%sはアプリケーションでは有効化されていません",
     "Unauthorized operation": "不正操作",
-    "Unknown authentication type (not password or provider), form = %s": "不明な認証タイプ（パスワードまたはプロバイダーではない）フォーム=%s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
+    "Unknown authentication type (not password or provider), form = %s": "不明な認証タイプ（パスワードまたはプロバイダーではない）フォーム=%s"
   },
   "cas": {
     "Service %s and %s do not match": "サービス%sと%sは一致しません"
   },
+  "chat": {
+    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
+    "The chat: %s is not found": "The chat: %s is not found",
+    "The message is invalid": "The message is invalid",
+    "The message: %s is not found": "The message: %s is not found",
+    "The provider: %s is invalid": "The provider: %s is invalid",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
   "check": {
     "Affiliation cannot be blank": "所属は空白にできません",
     "DisplayName cannot be blank": "表示名は空白にできません",
@@ -61,8 +68,7 @@
     "Missing parameter": "不足しているパラメーター",
     "Please login first": "最初にログインしてください",
     "The user: %s doesn't exist": "そのユーザー：%sは存在しません",
-    "don't support captchaProvider: ": "captchaProviderをサポートしないでください",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "don't support captchaProvider: ": "captchaProviderをサポートしないでください"
   },
   "ldap": {
     "Ldap server exist": "LDAPサーバーは存在します"
@@ -113,7 +119,8 @@
   },
   "user": {
     "Display name cannot be empty": "表示名は空にできません",
-    "New password cannot contain blank space.": "新しいパスワードにはスペースを含めることはできません。"
+    "New password cannot contain blank space.": "新しいパスワードにはスペースを含めることはできません。",
+    "New password must have at least 6 characters": "新しいパスワードは少なくとも6文字必要です"
   },
   "user_upload": {
     "Failed to import users": "ユーザーのインポートに失敗しました"

i18n/locales/kk/data.json

@@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Failed to add user",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong verification code!": "Wrong verification code!",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}

i18n/locales/ko/data.json

@@ -18,12 +18,19 @@
     "The login method: login with password is not enabled for the application": "어플리케이션에서는 암호를 사용한 로그인 방법이 활성화되어 있지 않습니다",
     "The provider: %s is not enabled for the application": "제공자 %s은(는) 응용 프로그램에서 활성화되어 있지 않습니다",
     "Unauthorized operation": "무단 조작",
-    "Unknown authentication type (not password or provider), form = %s": "알 수 없는 인증 유형(암호 또는 공급자가 아님), 폼 = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
+    "Unknown authentication type (not password or provider), form = %s": "알 수 없는 인증 유형(암호 또는 공급자가 아님), 폼 = %s"
   },
   "cas": {
     "Service %s and %s do not match": "서비스 %s와 %s는 일치하지 않습니다"
   },
+  "chat": {
+    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
+    "The chat: %s is not found": "The chat: %s is not found",
+    "The message is invalid": "The message is invalid",
+    "The message: %s is not found": "The message: %s is not found",
+    "The provider: %s is invalid": "The provider: %s is invalid",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
   "check": {
     "Affiliation cannot be blank": "소속은 비워 둘 수 없습니다",
     "DisplayName cannot be blank": "DisplayName는 비어 있을 수 없습니다",
@@ -61,8 +68,7 @@
     "Missing parameter": "누락된 매개변수",
     "Please login first": "먼저 로그인 하십시오",
     "The user: %s doesn't exist": "사용자 %s는 존재하지 않습니다",
-    "don't support captchaProvider: ": "CaptchaProvider를 지원하지 마세요",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "don't support captchaProvider: ": "CaptchaProvider를 지원하지 마세요"
   },
   "ldap": {
     "Ldap server exist": "LDAP 서버가 존재합니다"
@@ -113,7 +119,8 @@
   },
   "user": {
     "Display name cannot be empty": "디스플레이 이름은 비어 있을 수 없습니다",
-    "New password cannot contain blank space.": "새 비밀번호에는 공백이 포함될 수 없습니다."
+    "New password cannot contain blank space.": "새 비밀번호에는 공백이 포함될 수 없습니다.",
+    "New password must have at least 6 characters": "새로운 비밀번호는 최소 6자 이상이어야 합니다"
   },
   "user_upload": {
     "Failed to import users": "사용자 가져오기를 실패했습니다"

i18n/locales/ms/data.json

@@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Failed to add user",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong verification code!": "Wrong verification code!",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}

i18n/locales/nl/data.json

@@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Failed to add user",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong verification code!": "Wrong verification code!",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}

i18n/locales/pl/data.json

@@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Failed to add user",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong verification code!": "Wrong verification code!",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}

i18n/locales/pt/data.json

@@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Failed to add user",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong verification code!": "Wrong verification code!",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}

i18n/locales/ru/data.json

@@ -18,12 +18,19 @@
     "The login method: login with password is not enabled for the application": "Метод входа: вход с паролем не включен для приложения",
     "The provider: %s is not enabled for the application": "Провайдер: %s не включен для приложения",
     "Unauthorized operation": "Несанкционированная операция",
-    "Unknown authentication type (not password or provider), form = %s": "Неизвестный тип аутентификации (не пароль и не провайдер), форма = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
+    "Unknown authentication type (not password or provider), form = %s": "Неизвестный тип аутентификации (не пароль и не провайдер), форма = %s"
   },
   "cas": {
     "Service %s and %s do not match": "Сервисы %s и %s не совпадают"
   },
+  "chat": {
+    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
+    "The chat: %s is not found": "The chat: %s is not found",
+    "The message is invalid": "The message is invalid",
+    "The message: %s is not found": "The message: %s is not found",
+    "The provider: %s is invalid": "The provider: %s is invalid",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
   "check": {
     "Affiliation cannot be blank": "Принадлежность не может быть пустым значением",
     "DisplayName cannot be blank": "Имя отображения не может быть пустым",
@@ -61,8 +68,7 @@
     "Missing parameter": "Отсутствующий параметр",
     "Please login first": "Пожалуйста, сначала войдите в систему",
     "The user: %s doesn't exist": "Пользователь %s не существует",
-    "don't support captchaProvider: ": "не поддерживайте captchaProvider:",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "don't support captchaProvider: ": "не поддерживайте captchaProvider:"
   },
   "ldap": {
     "Ldap server exist": "LDAP-сервер существует"
@@ -113,7 +119,8 @@
   },
   "user": {
     "Display name cannot be empty": "Отображаемое имя не может быть пустым",
-    "New password cannot contain blank space.": "Новый пароль не может содержать пробелы."
+    "New password cannot contain blank space.": "Новый пароль не может содержать пробелы.",
+    "New password must have at least 6 characters": "Новый пароль должен содержать не менее 6 символов"
   },
   "user_upload": {
     "Failed to import users": "Не удалось импортировать пользователей"

i18n/locales/sv/data.json

@@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Failed to add user",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong verification code!": "Wrong verification code!",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}

i18n/locales/tr/data.json

@@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Failed to add user",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong verification code!": "Wrong verification code!",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}

i18n/locales/uk/data.json

@@ -1,142 +0,0 @@
-{
-  "account": {
-    "Failed to add user": "Failed to add user",
-    "Get init score failed, error: %w": "Get init score failed, error: %w",
-    "Please sign out first": "Please sign out first",
-    "The application does not allow to sign up new account": "The application does not allow to sign up new account"
-  },
-  "auth": {
-    "Challenge method should be S256": "Challenge method should be S256",
-    "Failed to create user, user information is invalid: %s": "Failed to create user, user information is invalid: %s",
-    "Failed to login in: %s": "Failed to login in: %s",
-    "Invalid token": "Invalid token",
-    "State expected: %s, but got: %s": "State expected: %s, but got: %s",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account via %%s, please use another way to sign up",
-    "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support": "The account for provider: %s and username: %s (%s) does not exist and is not allowed to sign up as new account, please contact your IT support",
-    "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)": "The account for provider: %s and username: %s (%s) is already linked to another account: %s (%s)",
-    "The application: %s does not exist": "The application: %s does not exist",
-    "The login method: login with password is not enabled for the application": "The login method: login with password is not enabled for the application",
-    "The provider: %s is not enabled for the application": "The provider: %s is not enabled for the application",
-    "Unauthorized operation": "Unauthorized operation",
-    "Unknown authentication type (not password or provider), form = %s": "Unknown authentication type (not password or provider), form = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
-  },
-  "cas": {
-    "Service %s and %s do not match": "Service %s and %s do not match"
-  },
-  "check": {
-    "Affiliation cannot be blank": "Affiliation cannot be blank",
-    "DisplayName cannot be blank": "DisplayName cannot be blank",
-    "DisplayName is not valid real name": "DisplayName is not valid real name",
-    "Email already exists": "Email already exists",
-    "Email cannot be empty": "Email cannot be empty",
-    "Email is invalid": "Email is invalid",
-    "Empty username.": "Empty username.",
-    "FirstName cannot be blank": "FirstName cannot be blank",
-    "LDAP user name or password incorrect": "LDAP user name or password incorrect",
-    "LastName cannot be blank": "LastName cannot be blank",
-    "Multiple accounts with same uid, please check your ldap server": "Multiple accounts with same uid, please check your ldap server",
-    "Organization does not exist": "Organization does not exist",
-    "Password must have at least 6 characters": "Password must have at least 6 characters",
-    "Phone already exists": "Phone already exists",
-    "Phone cannot be empty": "Phone cannot be empty",
-    "Phone number is invalid": "Phone number is invalid",
-    "Session outdated, please login again": "Session outdated, please login again",
-    "The user is forbidden to sign in, please contact the administrator": "The user is forbidden to sign in, please contact the administrator",
-    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
-    "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.",
-    "Username already exists": "Username already exists",
-    "Username cannot be an email address": "Username cannot be an email address",
-    "Username cannot contain white spaces": "Username cannot contain white spaces",
-    "Username cannot start with a digit": "Username cannot start with a digit",
-    "Username is too long (maximum is 39 characters).": "Username is too long (maximum is 39 characters).",
-    "Username must have at least 2 characters": "Username must have at least 2 characters",
-    "You have entered the wrong password or code too many times, please wait for %d minutes and try again": "You have entered the wrong password or code too many times, please wait for %d minutes and try again",
-    "Your region is not allow to signup by phone": "Your region is not allow to signup by phone",
-    "password or code is incorrect": "password or code is incorrect",
-    "password or code is incorrect, you have %d remaining chances": "password or code is incorrect, you have %d remaining chances",
-    "unsupported password type: %s": "unsupported password type: %s"
-  },
-  "general": {
-    "Missing parameter": "Missing parameter",
-    "Please login first": "Please login first",
-    "The user: %s doesn't exist": "The user: %s doesn't exist",
-    "don't support captchaProvider: ": "don't support captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
-  },
-  "ldap": {
-    "Ldap server exist": "Ldap server exist"
-  },
-  "link": {
-    "Please link first": "Please link first",
-    "This application has no providers": "This application has no providers",
-    "This application has no providers of type": "This application has no providers of type",
-    "This provider can't be unlinked": "This provider can't be unlinked",
-    "You are not the global admin, you can't unlink other users": "You are not the global admin, you can't unlink other users",
-    "You can't unlink yourself, you are not a member of any application": "You can't unlink yourself, you are not a member of any application"
-  },
-  "organization": {
-    "Only admin can modify the %s.": "Only admin can modify the %s.",
-    "The %s is immutable.": "The %s is immutable.",
-    "Unknown modify rule %s.": "Unknown modify rule %s."
-  },
-  "provider": {
-    "Invalid application id": "Invalid application id",
-    "the provider: %s does not exist": "the provider: %s does not exist"
-  },
-  "resource": {
-    "User is nil for tag: avatar": "User is nil for tag: avatar",
-    "Username or fullFilePath is empty: username = %s, fullFilePath = %s": "Username or fullFilePath is empty: username = %s, fullFilePath = %s"
-  },
-  "saml": {
-    "Application %s not found": "Application %s not found"
-  },
-  "saml_sp": {
-    "provider %s's category is not SAML": "provider %s's category is not SAML"
-  },
-  "service": {
-    "Empty parameters for emailForm: %v": "Empty parameters for emailForm: %v",
-    "Invalid Email receivers: %s": "Invalid Email receivers: %s",
-    "Invalid phone receivers: %s": "Invalid phone receivers: %s"
-  },
-  "storage": {
-    "The objectKey: %s is not allowed": "The objectKey: %s is not allowed",
-    "The provider type: %s is not supported": "The provider type: %s is not supported"
-  },
-  "token": {
-    "Empty clientId or clientSecret": "Empty clientId or clientSecret",
-    "Grant_type: %s is not supported in this application": "Grant_type: %s is not supported in this application",
-    "Invalid application or wrong clientSecret": "Invalid application or wrong clientSecret",
-    "Invalid client_id": "Invalid client_id",
-    "Redirect URI: %s doesn't exist in the allowed Redirect URI list": "Redirect URI: %s doesn't exist in the allowed Redirect URI list",
-    "Token not found, invalid accessToken": "Token not found, invalid accessToken"
-  },
-  "user": {
-    "Display name cannot be empty": "Display name cannot be empty",
-    "New password cannot contain blank space.": "New password cannot contain blank space."
-  },
-  "user_upload": {
-    "Failed to import users": "Failed to import users"
-  },
-  "util": {
-    "No application is found for userId: %s": "No application is found for userId: %s",
-    "No provider for category: %s is found for application: %s": "No provider for category: %s is found for application: %s",
-    "The provider: %s is not found": "The provider: %s is not found"
-  },
-  "verification": {
-    "Code has not been sent yet!": "Code has not been sent yet!",
-    "Invalid captcha provider.": "Invalid captcha provider.",
-    "Phone number is invalid in your region %s": "Phone number is invalid in your region %s",
-    "Turing test failed.": "Turing test failed.",
-    "Unable to get the email modify rule.": "Unable to get the email modify rule.",
-    "Unable to get the phone modify rule.": "Unable to get the phone modify rule.",
-    "Unknown type": "Unknown type",
-    "Wrong verification code!": "Wrong verification code!",
-    "You should verify your code in %d min!": "You should verify your code in %d min!",
-    "the user does not exist, please sign up first": "the user does not exist, please sign up first"
-  },
-  "webauthn": {
-    "Found no credentials for this user": "Found no credentials for this user",
-    "Please call WebAuthnSigninBegin first": "Please call WebAuthnSigninBegin first"
-  }
-}

i18n/locales/vi/data.json

@@ -18,12 +18,19 @@
     "The login method: login with password is not enabled for the application": "Phương thức đăng nhập: đăng nhập bằng mật khẩu không được kích hoạt cho ứng dụng",
     "The provider: %s is not enabled for the application": "Nhà cung cấp: %s không được kích hoạt cho ứng dụng",
     "Unauthorized operation": "Hoạt động không được ủy quyền",
-    "Unknown authentication type (not password or provider), form = %s": "Loại xác thực không xác định (không phải mật khẩu hoặc nhà cung cấp), biểu mẫu = %s",
-    "User's tag: %s is not listed in the application's tags": "User's tag: %s is not listed in the application's tags"
+    "Unknown authentication type (not password or provider), form = %s": "Loại xác thực không xác định (không phải mật khẩu hoặc nhà cung cấp), biểu mẫu = %s"
   },
   "cas": {
     "Service %s and %s do not match": "Dịch sang tiếng Việt: Dịch vụ %s và %s không khớp"
   },
+  "chat": {
+    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
+    "The chat: %s is not found": "The chat: %s is not found",
+    "The message is invalid": "The message is invalid",
+    "The message: %s is not found": "The message: %s is not found",
+    "The provider: %s is invalid": "The provider: %s is invalid",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
   "check": {
     "Affiliation cannot be blank": "Tình trạng liên kết không thể để trống",
     "DisplayName cannot be blank": "Tên hiển thị không thể để trống",
@@ -61,11 +68,10 @@
     "Missing parameter": "Thiếu tham số",
     "Please login first": "Vui lòng đăng nhập trước",
     "The user: %s doesn't exist": "Người dùng: %s không tồn tại",
-    "don't support captchaProvider: ": "không hỗ trợ captchaProvider: ",
-    "this operation is not allowed in demo mode": "this operation is not allowed in demo mode"
+    "don't support captchaProvider: ": "Không hỗ trợ captchaProvider:"
   },
   "ldap": {
-    "Ldap server exist": "Máy chủ LDAP tồn tại"
+    "Ldap server exist": "Máy chủ Ldap tồn tại"
   },
   "link": {
     "Please link first": "Vui lòng kết nối trước tiên",
@@ -113,7 +119,8 @@
   },
   "user": {
     "Display name cannot be empty": "Tên hiển thị không thể trống",
-    "New password cannot contain blank space.": "Mật khẩu mới không thể chứa dấu trắng."
+    "New password cannot contain blank space.": "Mật khẩu mới không thể chứa dấu trắng.",
+    "New password must have at least 6 characters": "Mật khẩu mới phải có ít nhất 6 ký tự"
   },
   "user_upload": {
     "Failed to import users": "Không thể nhập người dùng"

i18n/locales/zh/data.json

@@ -18,12 +18,19 @@
     "The login method: login with password is not enabled for the application": "该应用禁止采用密码登录方式",
     "The provider: %s is not enabled for the application": "该应用的提供商: %s未被启用",
     "Unauthorized operation": "未授权的操作",
-    "Unknown authentication type (not password or provider), form = %s": "未知的认证类型（非密码或第三方提供商）：%s",
-    "User's tag: %s is not listed in the application's tags": "用户的标签: %s不在该应用的标签列表中"
+    "Unknown authentication type (not password or provider), form = %s": "未知的认证类型（非密码或第三方提供商）：%s"
   },
   "cas": {
     "Service %s and %s do not match": "服务%s与%s不匹配"
   },
+  "chat": {
+    "The chat type must be \\\"AI\\\"": "The chat type must be \\\"AI\\\"",
+    "The chat: %s is not found": "The chat: %s is not found",
+    "The message is invalid": "The message is invalid",
+    "The message: %s is not found": "The message: %s is not found",
+    "The provider: %s is invalid": "The provider: %s is invalid",
+    "The provider: %s is not found": "The provider: %s is not found"
+  },
   "check": {
     "Affiliation cannot be blank": "工作单位不可为空",
     "DisplayName cannot be blank": "显示名称不可为空",
@@ -43,7 +50,7 @@
     "Phone number is invalid": "无效手机号",
     "Session outdated, please login again": "会话已过期，请重新登录",
     "The user is forbidden to sign in, please contact the administrator": "该用户被禁止登录，请联系管理员",
-    "The user: %s doesn't exist in LDAP server": "用户: %s 在LDAP服务器中未找到",
+    "The user: %s doesn't exist in LDAP server": "The user: %s doesn't exist in LDAP server",
     "The username may only contain alphanumeric characters, underlines or hyphens, cannot have consecutive hyphens or underlines, and cannot begin or end with a hyphen or underline.": "用户名只能包含字母数字字符、下划线或连字符，不能有连续的连字符或下划线，也不能以连字符或下划线开头或结尾",
     "Username already exists": "用户名已存在",
     "Username cannot be an email address": "用户名不可以是邮箱地址",
@@ -61,8 +68,7 @@
     "Missing parameter": "缺少参数",
     "Please login first": "请先登录",
     "The user: %s doesn't exist": "用户: %s不存在",
-    "don't support captchaProvider: ": "不支持验证码提供商: ",
-    "this operation is not allowed in demo mode": "demo模式下不允许该操作"
+    "don't support captchaProvider: ": "不支持验证码提供商: "
   },
   "ldap": {
     "Ldap server exist": "LDAP服务器已存在"
@@ -77,7 +83,7 @@
   },
   "organization": {
     "Only admin can modify the %s.": "仅允许管理员可以修改%s",
-    "The %s is immutable.": "%s 是不可变的",
+    "The %s is immutable.": "%s是不可变的",
     "Unknown modify rule %s.": "未知的修改规则: %s"
   },
   "provider": {
@@ -113,7 +119,8 @@
   },
   "user": {
     "Display name cannot be empty": "显示名称不可为空",
-    "New password cannot contain blank space.": "新密码不可以包含空格"
+    "New password cannot contain blank space.": "新密码不可以包含空格",
+    "New password must have at least 6 characters": "新密码至少需要6位字符"
   },
   "user_upload": {
     "Failed to import users": "导入用户失败"
@@ -136,7 +143,7 @@
     "the user does not exist, please sign up first": "用户不存在，请先注册"
   },
   "webauthn": {
-    "Found no credentials for this user": "该用户没有 WebAuthn 凭据",
+    "Found no credentials for this user": "该用户没有WebAuthn凭据",
     "Please call WebAuthnSigninBegin first": "请先调用WebAuthnSigninBegin函数"
   }
 }

idp/adfs.go

@@ -19,6 +19,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"net/http"
 	"net/url"
 	"time"
@@ -83,7 +84,6 @@ func (idp *AdfsIdProvider) GetToken(code string) (*oauth2.Token, error) {
 	payload.Set("code", code)
 	payload.Set("grant_type", "authorization_code")
 	payload.Set("client_id", idp.Config.ClientID)
-	payload.Set("client_secret", idp.Config.ClientSecret)
 	payload.Set("redirect_uri", idp.Config.RedirectURL)
 	resp, err := idp.Client.PostForm(idp.Config.Endpoint.TokenURL, payload)
 	if err != nil {
@@ -118,25 +118,11 @@ func (idp *AdfsIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
 	if err != nil {
 		return nil, err
 	}
-	body, err := io.ReadAll(resp.Body)
-	var respKeys struct {
-		Keys []interface{} `json:"keys"`
-	}
-
-	if err := json.Unmarshal(body, &respKeys); err != nil {
-		return nil, err
-	}
-
-	respKey, err := json.Marshal(&(respKeys.Keys[0]))
+	body, err := ioutil.ReadAll(resp.Body)
+	keyset, err := jwk.ParseKey(body)
 	if err != nil {
 		return nil, err
 	}
-
-	keyset, err := jwk.ParseKey(respKey)
-	if err != nil {
-		return nil, err
-	}
-
 	tokenSrc := []byte(token.AccessToken)
 	publicKey, _ := keyset.PublicKey()
 	idToken, _ := jwt.Parse(tokenSrc, jwt.WithVerify(jwa.RS256, publicKey))

idp/casdoor.go

@@ -16,7 +16,6 @@ package idp
 
 import (
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -84,7 +83,7 @@ func (idp *CasdoorIdProvider) GetToken(code string) (*oauth2.Token, error) {
 
 	// check if token is expired
 	if pToken.ExpiresIn <= 0 {
-		return nil, errors.New(pToken.AccessToken)
+		return nil, fmt.Errorf("%s", pToken.AccessToken)
 	}
 	token := &oauth2.Token{
 		AccessToken: pToken.AccessToken,

idp/custom.go

@@ -20,37 +20,32 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	_ "net/url"
+	_ "time"
 
-	"github.com/casdoor/casdoor/util"
-	"github.com/mitchellh/mapstructure"
 	"golang.org/x/oauth2"
 )
 
 type CustomIdProvider struct {
-	Client *http.Client
-	Config *oauth2.Config
-
-	UserInfoURL string
-	TokenURL    string
-	AuthURL     string
-	UserMapping map[string]string
-	Scopes      []string
+	Client      *http.Client
+	Config      *oauth2.Config
+	UserInfoUrl string
 }
 
-func NewCustomIdProvider(idpInfo *ProviderInfo, redirectUrl string) *CustomIdProvider {
+func NewCustomIdProvider(clientId string, clientSecret string, redirectUrl string, authUrl string, tokenUrl string, userInfoUrl string) *CustomIdProvider {
 	idp := &CustomIdProvider{}
+	idp.UserInfoUrl = userInfoUrl
 
-	idp.Config = &oauth2.Config{
-		ClientID:     idpInfo.ClientId,
-		ClientSecret: idpInfo.ClientSecret,
+	config := &oauth2.Config{
+		ClientID:     clientId,
+		ClientSecret: clientSecret,
 		RedirectURL:  redirectUrl,
 		Endpoint: oauth2.Endpoint{
-			AuthURL:  idpInfo.AuthURL,
-			TokenURL: idpInfo.TokenURL,
+			AuthURL:  authUrl,
+			TokenURL: tokenUrl,
 		},
 	}
-	idp.UserInfoURL = idpInfo.UserInfoURL
-	idp.UserMapping = idpInfo.UserMapping
+	idp.Config = config
 
 	return idp
 }
@@ -65,20 +60,22 @@ func (idp *CustomIdProvider) GetToken(code string) (*oauth2.Token, error) {
 }
 
 type CustomUserInfo struct {
-	Id          string `mapstructure:"id"`
-	Username    string `mapstructure:"username"`
-	DisplayName string `mapstructure:"displayName"`
-	Email       string `mapstructure:"email"`
-	AvatarUrl   string `mapstructure:"avatarUrl"`
+	Id          string `json:"sub"`
+	Name        string `json:"preferred_username,omitempty"`
+	DisplayName string `json:"name"`
+	Email       string `json:"email"`
+	AvatarUrl   string `json:"picture"`
+	Status      string `json:"status"`
+	Msg         string `json:"msg"`
 }
 
 func (idp *CustomIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
+	ctUserinfo := &CustomUserInfo{}
 	accessToken := token.AccessToken
-	request, err := http.NewRequest("GET", idp.UserInfoURL, nil)
+	request, err := http.NewRequest("GET", idp.UserInfoUrl, nil)
 	if err != nil {
 		return nil, err
 	}
-
 	// add accessToken to request header
 	request.Header.Add("Authorization", fmt.Sprintf("Bearer %s", accessToken))
 	resp, err := idp.Client.Do(request)
@@ -92,40 +89,21 @@ func (idp *CustomIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error)
 		return nil, err
 	}
 
-	var dataMap map[string]interface{}
-	err = json.Unmarshal(data, &dataMap)
+	err = json.Unmarshal(data, ctUserinfo)
 	if err != nil {
 		return nil, err
 	}
 
-	// map user info
-	for k, v := range idp.UserMapping {
-		_, ok := dataMap[v]
-		if !ok {
-			return nil, fmt.Errorf("cannot find %s in user from castom provider", v)
-		}
-		dataMap[k] = dataMap[v]
-	}
-
-	// try to parse id to string
-	id, err := util.ParseIdToString(dataMap["id"])
-	if err != nil {
-		return nil, err
-	}
-	dataMap["id"] = id
-
-	customUserinfo := &CustomUserInfo{}
-	err = mapstructure.Decode(dataMap, customUserinfo)
-	if err != nil {
-		return nil, err
+	if ctUserinfo.Status != "" {
+		return nil, fmt.Errorf("err: %s", ctUserinfo.Msg)
 	}
 
 	userInfo := &UserInfo{
-		Id:          customUserinfo.Id,
-		Username:    customUserinfo.Username,
-		DisplayName: customUserinfo.DisplayName,
-		Email:       customUserinfo.Email,
-		AvatarUrl:   customUserinfo.AvatarUrl,
+		Id:          ctUserinfo.Id,
+		Username:    ctUserinfo.Name,
+		DisplayName: ctUserinfo.DisplayName,
+		Email:       ctUserinfo.Email,
+		AvatarUrl:   ctUserinfo.AvatarUrl,
 	}
 	return userInfo, nil
 }

idp/facebook.go

@@ -72,13 +72,13 @@ type FacebookCheckToken struct {
 }
 
 // FacebookCheckTokenData
-// Get more detail via: https://developers.facebook.com/docs/facebook-login/guides/advanced/manual-flow#checktoken
+// Get more detail via: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#checktoken
 type FacebookCheckTokenData struct {
 	UserId string `json:"user_id"`
 }
 
 // GetToken use code get access_token (*operation of getting code ought to be done in front)
-// get more detail via: https://developers.facebook.com/docs/facebook-login/guides/advanced/manual-flow#confirm
+// get more detail via: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#confirm
 func (idp *FacebookIdProvider) GetToken(code string) (*oauth2.Token, error) {
 	params := url.Values{}
 	params.Add("client_id", idp.Config.ClientID)

idp/gitee.go

@@ -132,7 +132,7 @@ func (idp *GiteeIdProvider) GetToken(code string) (*oauth2.Token, error) {
     "type": "User",
     "blog": null,
     "weibo": null,
-    "bio": "bio",
+    "bio": "个人博客：https://gitee.com/xxx/xxx/pages",
     "public_repos": 2,
     "public_gists": 0,
     "followers": 0,

idp/google.go

@@ -21,39 +21,15 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	"strings"
-	"time"
 
-	"github.com/casdoor/casdoor/util"
 	"golang.org/x/oauth2"
 )
 
-const GoogleIdTokenKey = "GoogleIdToken"
-
 type GoogleIdProvider struct {
 	Client *http.Client
 	Config *oauth2.Config
 }
 
-// https://developers.google.com/identity/sign-in/web/backend-auth#calling-the-tokeninfo-endpoint
-type GoogleIdToken struct {
-	// These six fields are included in all Google ID Tokens.
-	Iss string `json:"iss"` // The issuer, or signer, of the token. For Google-signed ID tokens, this value is https://accounts.google.com.
-	Sub string `json:"sub"` // The subject: the ID that represents the principal making the request.
-	Azp string `json:"azp"` // Optional. Who the token was issued to. Here is the ClientID
-	Aud string `json:"aud"` // The audience of the token. Here is the ClientID
-	Iat string `json:"iat"` // 	Unix epoch time when the token was issued.
-	Exp string `json:"exp"` // 	Unix epoch time when the token expires.
-	// These seven fields are only included when the user has granted the "profile" and "email" OAuth scopes to the application.
-	Email         string `json:"email"`
-	EmailVerified string `json:"email_verified"`
-	Name          string `json:"name"`
-	Picture       string `json:"picture"`
-	GivenName     string `json:"given_name"`
-	FamilyName    string `json:"family_name"`
-	Locale        string `json:"locale"`
-}
-
 func NewGoogleIdProvider(clientId string, clientSecret string, redirectUrl string) *GoogleIdProvider {
 	idp := &GoogleIdProvider{}
 
@@ -85,25 +61,6 @@ func (idp *GoogleIdProvider) getConfig() *oauth2.Config {
 }
 
 func (idp *GoogleIdProvider) GetToken(code string) (*oauth2.Token, error) {
-	// Obtained the GoogleIdToken through Google OneTap authorization.
-	if strings.HasPrefix(code, GoogleIdTokenKey) {
-		code = strings.TrimPrefix(code, GoogleIdTokenKey+"-")
-		var googleIdToken GoogleIdToken
-		if err := json.Unmarshal([]byte(code), &googleIdToken); err != nil {
-			return nil, err
-		}
-		expiry := int64(util.ParseInt(googleIdToken.Exp))
-		token := &oauth2.Token{
-			AccessToken: fmt.Sprintf("%v-%v", GoogleIdTokenKey, googleIdToken.Sub),
-			TokenType:   "Bearer",
-			Expiry:      time.Unix(expiry, 0),
-		}
-		token = token.WithExtra(map[string]interface{}{
-			GoogleIdTokenKey: googleIdToken,
-		})
-		return token, nil
-	}
-
 	ctx := context.WithValue(context.Background(), oauth2.HTTPClient, idp.Client)
 	return idp.Config.Exchange(ctx, code)
 }
@@ -131,20 +88,6 @@ type GoogleUserInfo struct {
 }
 
 func (idp *GoogleIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
-	if strings.HasPrefix(token.AccessToken, GoogleIdTokenKey) {
-		googleIdToken, ok := token.Extra(GoogleIdTokenKey).(GoogleIdToken)
-		if !ok {
-			return nil, errors.New("invalid googleIdToken")
-		}
-		userInfo := UserInfo{
-			Id:          googleIdToken.Sub,
-			Username:    googleIdToken.Email,
-			DisplayName: googleIdToken.Name,
-			Email:       googleIdToken.Email,
-			AvatarUrl:   googleIdToken.Picture,
-		}
-		return &userInfo, nil
-	}
 	url := fmt.Sprintf("https://www.googleapis.com/oauth2/v2/userinfo?alt=json&access_token=%s", token.AccessToken)
 	resp, err := idp.Client.Get(url)
 	if err != nil {

idp/goth.go

@@ -19,7 +19,6 @@ import (
 	"net/http"
 	"net/url"
 	"reflect"
-	"strings"
 	"time"
 
 	"github.com/casdoor/casdoor/util"
@@ -89,7 +88,7 @@ type GothIdProvider struct {
 	Session  goth.Session
 }
 
-func NewGothIdProvider(providerType string, clientId string, clientSecret string, clientId2 string, clientSecret2 string, redirectUrl string, hostUrl string) (*GothIdProvider, error) {
+func NewGothIdProvider(providerType string, clientId string, clientSecret string, redirectUrl string, hostUrl string) *GothIdProvider {
 	var idp GothIdProvider
 	switch providerType {
 	case "Amazon":
@@ -98,27 +97,8 @@ func NewGothIdProvider(providerType string, clientId string, clientSecret string
 			Session:  &amazon.Session{},
 		}
 	case "Apple":
-		if !strings.Contains(redirectUrl, "/api/callback") {
-			redirectUrl = strings.Replace(redirectUrl, "/callback", "/api/callback", 1)
-		}
-
-		iat := time.Now().Unix()
-		exp := iat + 60*60
-		sp := apple.SecretParams{
-			ClientId:        clientId,
-			TeamId:          clientSecret,
-			KeyId:           clientId2,
-			PKCS8PrivateKey: clientSecret2,
-			Iat:             int(iat),
-			Exp:             int(exp),
-		}
-		secret, err := apple.MakeSecret(sp)
-		if err != nil {
-			return nil, err
-		}
-
 		idp = GothIdProvider{
-			Provider: apple.New(clientId, *secret, redirectUrl, nil),
+			Provider: apple.New(clientId, clientSecret, redirectUrl, nil),
 			Session:  &apple.Session{},
 		}
 	case "AzureAD":
@@ -402,19 +382,17 @@ func NewGothIdProvider(providerType string, clientId string, clientSecret string
 			Session:  &zoom.Session{},
 		}
 	default:
-		return nil, fmt.Errorf("OAuth Goth provider type: %s is not supported", providerType)
+		return nil
 	}
 
-	return &idp, nil
+	return &idp
 }
 
 // SetHttpClient
 // Goth's idp all implement the Client method, but since the goth.Provider interface does not provide to modify idp's client method, reflection is required
 func (idp *GothIdProvider) SetHttpClient(client *http.Client) {
 	idpClient := reflect.ValueOf(idp.Provider).Elem().FieldByName("HTTPClient")
-	if idpClient.IsValid() {
-		idpClient.Set(reflect.ValueOf(client))
-	}
+	idpClient.Set(reflect.ValueOf(client))
 }
 
 func (idp *GothIdProvider) GetToken(code string) (*oauth2.Token, error) {
@@ -490,8 +468,6 @@ func getUser(gothUser goth.User, provider string) *UserInfo {
 	if provider == "steam" {
 		user.Username = user.Id
 		user.Email = ""
-	} else if provider == "apple" {
-		user.Username = util.GetUsernameFromEmail(user.Email)
 	}
 	return &user
 }

idp/metamask.go

@@ -1,70 +0,0 @@
-// Copyright 2023 The Casdoor Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//      http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package idp
-
-import (
-	"encoding/json"
-	"errors"
-	"fmt"
-	"net/http"
-	"time"
-
-	"golang.org/x/oauth2"
-)
-
-type MetaMaskIdProvider struct {
-	Client *http.Client
-}
-
-func NewMetaMaskIdProvider() *MetaMaskIdProvider {
-	idp := &MetaMaskIdProvider{}
-	return idp
-}
-
-func (idp *MetaMaskIdProvider) SetHttpClient(client *http.Client) {
-	idp.Client = client
-}
-
-func (idp *MetaMaskIdProvider) GetToken(code string) (*oauth2.Token, error) {
-	web3AuthToken := Web3AuthToken{}
-	if err := json.Unmarshal([]byte(code), &web3AuthToken); err != nil {
-		return nil, err
-	}
-	token := &oauth2.Token{
-		AccessToken: web3AuthToken.Signature,
-		TokenType:   "Bearer",
-		Expiry:      time.Now().AddDate(0, 1, 0),
-	}
-
-	token = token.WithExtra(map[string]interface{}{
-		Web3AuthTokenKey: web3AuthToken,
-	})
-	return token, nil
-}
-
-func (idp *MetaMaskIdProvider) GetUserInfo(token *oauth2.Token) (*UserInfo, error) {
-	// TODO use "github.com/ethereum/go-ethereum" to check address's eth balance or transaction
-	web3AuthToken, ok := token.Extra(Web3AuthTokenKey).(Web3AuthToken)
-	if !ok {
-		return nil, errors.New("invalid web3AuthToken")
-	}
-	userInfo := &UserInfo{
-		Id:          web3AuthToken.Address,
-		Username:    web3AuthToken.Address,
-		DisplayName: web3AuthToken.Address,
-		AvatarUrl:   fmt.Sprintf("metamask:%v", web3AuthToken.Address),
-	}
-	return userInfo, nil
-}